diff --git a/changehat/tomcat_apparmor/tomcat_5_5/Makefile b/changehat/tomcat_apparmor/tomcat_5_5/Makefile
index ed73e2e16..da08166c5 100644
--- a/changehat/tomcat_apparmor/tomcat_5_5/Makefile
+++ b/changehat/tomcat_apparmor/tomcat_5_5/Makefile
@@ -27,11 +27,11 @@ common/Make.rules: $(COMMONDIR)/Make.rules
endif
LIB = lib
-CATALINA_HOME = /usr/share/tomcat5
+CATALINA_HOME = /usr/share/tomcat55
+
-# By default build 1.4 bytecode
all:
- ant -Dtarget=1.4 jar jni_so
+ ant -Dcatalina_home=${CATALINA_HOME} -Dtarget=1.5 jar jni_so
clean:
ant clean
diff --git a/changehat/tomcat_apparmor/tomcat_5_5/build.xml b/changehat/tomcat_apparmor/tomcat_5_5/build.xml
index c65da220b..171444624 100644
--- a/changehat/tomcat_apparmor/tomcat_5_5/build.xml
+++ b/changehat/tomcat_apparmor/tomcat_5_5/build.xml
@@ -18,10 +18,10 @@
-
+
-
+
@@ -54,6 +54,7 @@
+
diff --git a/changehat/tomcat_apparmor/tomcat_5_5/src/com/novell/apparmor/catalina/valves/ChangeHatValve.java b/changehat/tomcat_apparmor/tomcat_5_5/src/com/novell/apparmor/catalina/valves/ChangeHatValve.java
index ba6e222a6..a65fa2f13 100644
--- a/changehat/tomcat_apparmor/tomcat_5_5/src/com/novell/apparmor/catalina/valves/ChangeHatValve.java
+++ b/changehat/tomcat_apparmor/tomcat_5_5/src/com/novell/apparmor/catalina/valves/ChangeHatValve.java
@@ -1,11 +1,11 @@
-/* ------------------------------------------------------------------
- *
- * Copyright (C) 2002-2005 Novell/SUSE
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of version 2 of the GNU General Public
- * License published by the Free Software Foundation.
- *
+/* ------------------------------------------------------------------
+ *
+ * Copyright (C) 2002-2007 Novell/SUSE
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License published by the Free Software Foundation.
+ *
* ------------------------------------------------------------------ */
package com.novell.apparmor.catalina.valves;
@@ -13,10 +13,7 @@ package com.novell.apparmor.catalina.valves;
import com.novell.apparmor.JNIChangeHat;
import java.io.IOException;
import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import org.apache.catalina.HttpRequest;
import org.apache.catalina.Container;
-import org.apache.catalina.HttpResponse;
import org.apache.catalina.valves.ValveBase;
import java.security.SecureRandom;
@@ -28,9 +25,9 @@ public final class ChangeHatValve extends ValveBase {
private static String DEFAULT_HAT = "DEFAULT";
private static int SERVLET_PATH_MEDIATION = 0;
private static int URI_MEDIATION = 1;
-
+
private int mediationType = ChangeHatValve.SERVLET_PATH_MEDIATION;
-
+
/*
*
* Property setter called during the parsing of the server.xml.
@@ -53,18 +50,18 @@ public final class ChangeHatValve extends ValveBase {
this.mediationType = ChangeHatValve.SERVLET_PATH_MEDIATION;
}
}
-
+
/*
*
* Return an int value representing the currently configured
* mediationType for this instance.
*
*/
- int getMediationType() {
+ public int getMediationType() {
return this.mediationType;
}
-
-
+
+
/*
*
* Return an instance of SecureRandom creating one if necessary
@@ -76,7 +73,7 @@ public final class ChangeHatValve extends ValveBase {
}
return ChangeHatValve.randomNumberGenerator;
}
-
+
/*
*
* Call to return a random cookie from the SecureRandom PRNG
@@ -85,13 +82,15 @@ public final class ChangeHatValve extends ValveBase {
int getCookie() {
SecureRandom rnd = getRndGen();
if ( rnd == null ) {
- this.getContainer().getLogger().log( "[APPARMOR] can't initialize SecureRandom for cookie generation for change_hat() call.", container.getLogger().ERROR);
+ this.getContainer().getLogger().error(
+ "[APPARMOR] can't initialize SecureRandom for cookie" +
+ " generation for change_hat() call.");
return 0;
}
return rnd.nextInt();
}
-
-
+
+
/*
*
* Call out to AppArmor change_hat(2) to change the security
@@ -110,87 +109,71 @@ public final class ChangeHatValve extends ValveBase {
* @exception ServletException if a servlet error has occurred
*
*/
- public void invoke( org.apache.catalina.Request request,
- org.apache.catalina.Response response,
- org.apache.catalina.ValveContext context )
+ public void invoke( org.apache.catalina.connector.Request request,
+ org.apache.catalina.connector.Response response )
throws IOException, ServletException {
-
+
Container container = this.getContainer();
int cookie, result;
boolean inSubHat = false;
- container.getLogger().log(this.getClass().toString() +
- "[APPARMOR] Request received [" + request.getInfo()
- + "]", container.getLogger().DEBUG);
-
- if ( !( request instanceof HttpRequest)
- || !(response instanceof HttpResponse) ) {
- container.getLogger().log(this.getClass().toString()
- + "[APPARMOR] Non HttpRequest received. Not changing context. "
- + "[" + request.getInfo() + "]", container.getLogger().ERROR);
- context.invokeNext(request, response);
- return;
- }
-
- HttpRequest httpRequest = (HttpRequest) request;
- HttpServletRequest servletRequest = (HttpServletRequest)
- httpRequest.getRequest();
-
+ container.getLogger().debug(this.getClass().toString() +
+ "[APPARMOR] Request received [" + request.getInfo()
+ + "]");
+
String hatname = ChangeHatValve.DEFAULT_HAT;;
if ( getMediationType() == ChangeHatValve.SERVLET_PATH_MEDIATION ) {
- hatname = servletRequest.getServletPath();
+ hatname = request.getServletPath();
} else if ( getMediationType() == ChangeHatValve.URI_MEDIATION ) {
- hatname = servletRequest.getRequestURI();
+ hatname = request.getRequestURI();
}
-
+
/*
* Select the AppArmor container for this request:
- *
- * 1. try hat name from either URI or ServletPath
+ *
+ * 1. try hat name from either URI or ServletPath
* (based on configuration)
- *
- * 2. try hat name of the defined DEFAULT_HAT
- *
+ *
+ * 2. try hat name of the defined DEFAULT_HAT
+ *
* 3. run in the current AppArmor context
*/
-
+
cookie = getCookie();
if ( hatname == null || "".equals(hatname) ) {
hatname = ChangeHatValve.DEFAULT_HAT;
- }
- container.getLogger().log("[APPARMOR] ChangeHat to [" + hatname
- + "] cookie [" + cookie + "]", container.getLogger().DEBUG);
-
+ }
+ container.getLogger().debug("[APPARMOR] ChangeHat to [" + hatname
+ + "] cookie [" + cookie + "]");
+
result = changehat_wrapper.changehat_in(hatname, cookie);
-
+
if ( result == JNIChangeHat.EPERM ) {
- container.getLogger().log("[APPARMOR] change_hat valve " +
+ container.getLogger().error("[APPARMOR] change_hat valve " +
"configured but Tomcat process is not confined by an " +
- "AppArmor profile.", container.getLogger().ERROR);
- context.invokeNext(request, response);
+ "AppArmor profile.");
+ getNext().invoke(request, response);
} else {
if ( result == JNIChangeHat.EACCES ) {
- changehat_wrapper.changehat_out(cookie);
- result = changehat_wrapper.changehat_in(ChangeHatValve.DEFAULT_HAT,
- cookie);
- if ( result != 0 ) {
- changehat_wrapper.changehat_out(cookie);
- container.getLogger().log("[APPARMOR] ChangeHat to [" + hatname
- + "] failed. Running in parent context.",
- container.getLogger().ERROR);
- } else {
- inSubHat = true;
- }
- } else if ( result != 0 ) {
- changehat_wrapper.changehat_out(cookie);
- container.getLogger().log("[APPARMOR] ChangeHat to [" + hatname
- + "] failed. Running in parent context.",
- container.getLogger().ERROR);
- } else {
- inSubHat = true;
- }
- context.invokeNext(request, response);
- if ( inSubHat ) changehat_wrapper.changehat_out(cookie);
+ changehat_wrapper.changehat_out(cookie);
+ result = changehat_wrapper.changehat_in(ChangeHatValve.DEFAULT_HAT,
+ cookie);
+ if ( result != 0 ) {
+ changehat_wrapper.changehat_out(cookie);
+ container.getLogger().error("[APPARMOR] ChangeHat to [" + hatname
+ + "] failed. Running in parent context.");
+ } else {
+ inSubHat = true;
+ }
+ } else if ( result != 0 ) {
+ changehat_wrapper.changehat_out(cookie);
+ container.getLogger().error("[APPARMOR] ChangeHat to [" + hatname
+ + "] failed. Running in parent context.");
+ } else {
+ inSubHat = true;
+ }
+ getNext().invoke(request, response);
+ if ( inSubHat ) changehat_wrapper.changehat_out(cookie);
}
}
}
diff --git a/changehat/tomcat_apparmor/tomcat_5_5/src/jni_src/Makefile b/changehat/tomcat_apparmor/tomcat_5_5/src/jni_src/Makefile
index c7cb97ea8..34e593923 100644
--- a/changehat/tomcat_apparmor/tomcat_5_5/src/jni_src/Makefile
+++ b/changehat/tomcat_apparmor/tomcat_5_5/src/jni_src/Makefile
@@ -1,15 +1,15 @@
-INCLUDE=/usr/lib/jvm/java/include
-TOP=../..
-CLASSPATH=${TOP}/build
-CFLAGS=-g -O2 -Wall -Wstrict-prototypes -Wl,-soname,$@.${SO_VERS} -pipe -fpic -D_REENTRANT
-INCLUDES=-I$(INCLUDE) -I$(INCLUDE)/linux
-CLASSFILE=${CLASSPATH}/com/novell/apparmor/${JAVA_CLASSNAME}.class
-DESTDIR=${TOP}/dist
-SO_VERS = 1
-LIB = lib/
-LIBDIR = /usr/${LIB}
-JAVA_CLASSNAME=JNIChangeHat
-TARGET=lib${JAVA_CLASSNAME}
+TOP = ../..
+CLASSPATH = ${TOP}/build
+LIB = lib/
+LIBDIR = /usr/${LIB}
+INCLUDE = ${LIBDIR}/jvm/java/include
+CFLAGS = -g -O2 -Wall -Wstrict-prototypes -Wl,-soname,$@.${SO_VERS} -pipe -fpic -D_REENTRANT
+INCLUDES = -I$(INCLUDE) -I$(INCLUDE)/linux
+CLASSFILE = ${CLASSPATH}/com/novell/apparmor/${JAVA_CLASSNAME}.class
+DESTDIR = ${TOP}/dist
+SO_VERS = 1
+JAVA_CLASSNAME = JNIChangeHat
+TARGET = lib${JAVA_CLASSNAME}
all: ${TARGET}.so
diff --git a/changehat/tomcat_apparmor/tomcat_5_5/tomcat_apparmor.spec.in b/changehat/tomcat_apparmor/tomcat_5_5/tomcat_apparmor.spec.in
index 94dc8c477..4aeca36e0 100644
--- a/changehat/tomcat_apparmor/tomcat_5_5/tomcat_apparmor.spec.in
+++ b/changehat/tomcat_apparmor/tomcat_5_5/tomcat_apparmor.spec.in
@@ -23,7 +23,7 @@
%endif
%if %{distro} == "suse"
-%define CATALINA_HOME /usr/share/tomcat5
+%define CATALINA_HOME /usr/share/tomcat55
%endif
%define APPARMOR_DOC_DIR /usr/share/doc/packages/apparmor-docs/
%define JNI_SO libJNIChangeHat.so
@@ -39,9 +39,8 @@ Source0: %{name}-%{version}-@@repo_version@@.tar.gz
License: LGPL
BuildRoot: %{?_tmppath:}%{!?_tmppath:/var/tmp}/%{name}-%{version}-build
Url: http://developer.novell.com/wiki/index.php/Novell_AppArmor
-Prereq: tomcat5, servletapi5, libapparmor
-BuildRequires: tomcat5, servletapi5 ant, java, libapparmor, java2-devel-packages, apparmor-docs
-Provides: tomcat_apparmor
+Prereq: tomcat55, servletapi5, libapparmor
+BuildRequires: tomcat55, servletapi5, ant, java, libapparmor, java2-devel-packages, apparmor-docs
%description
tomcat_apparmor - is a plugin for Apache Tomcat version 5.x that provides
@@ -57,7 +56,7 @@ URL processing or per servlet.
%build
[ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT}
-ant -Ddist=${RPM_BUILD_DIR}/%{name}-%{version} -Dtarget=1.4 jar jni_so
+ant -Dinstall_lib=%{_lib} -Dcatalina_home=%{CATALINA_HOME} -Ddist=${RPM_BUILD_DIR}/%{name}-%{version} -Dtarget=1.4 jar jni_so
%install
ant -Ddist=${RPM_BUILD_DIR}/%{name}-%{version} -Dversion=%{version} -Drelease=%{release} -Dcatalina_home=%{CATALINA_HOME} -Dinstall_root=${RPM_BUILD_ROOT} -Dinstall_lib=%{_lib} install_jar install_jni