mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 10:07:12 +00:00
Code Issues Releases Wiki Activity

Changes to work with tomcat5.5: changed apis to the logging framework

Browse Source 
and request pipeline.
This commit is contained in:
Dominic Reynolds 2007-05-21 20:39:41 +00:00
parent 74b2bfae95
commit c7fbd14641
5 changed files with 85 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
changehat/tomcat_apparmor/tomcat_5_5/Makefile
View File

@ -27,11 +27,11 @@ common/Make.rules: $(COMMONDIR)/Make.rules
endif endif
LIB = lib LIB = lib
CATALINA_HOME = /usr/share/tomcat5 CATALINA_HOME = /usr/share/tomcat55
# By default build 1.4 bytecode
all: all:
ant -Dtarget=1.4 jar jni_so ant -Dcatalina_home=${CATALINA_HOME} -Dtarget=1.5 jar jni_so
clean: clean:
ant clean ant clean

5
changehat/tomcat_apparmor/tomcat_5_5/build.xml
View File

@ -18,10 +18,10 @@
<include name="**/*.jar"/> <include name="**/*.jar"/>
</fileset> </fileset>
<fileset id="tomcat.jars" dir="/usr/share/tomcat5/server/lib"> <fileset id="tomcat.jars" dir="${catalina_home}/server/lib">
<include name="**/*.jar"/> <include name="**/*.jar"/>
</fileset> </fileset>
<fileset id="servlet.jars" dir="/usr/share/tomcat5/common/lib"> <fileset id="servlet.jars" dir="${catalina_home}/common/lib">
<include name="**/*.jar"/> <include name="**/*.jar"/>
</fileset> </fileset>
@ -54,6 +54,7 @@
<target name="jni_so" depends="compile" description="Build JNI library"> <target name="jni_so" depends="compile" description="Build JNI library">
<mkdir dir="${dist}"/> <mkdir dir="${dist}"/>
<exec dir="${jni_src}" executable="/usr/bin/make"> <exec dir="${jni_src}" executable="/usr/bin/make">
<arg value="LIB=${install_lib}"/>
<arg value="DESTDIR=${dist}"/> <arg value="DESTDIR=${dist}"/>
<arg value="VERSION=${version}"/> <arg value="VERSION=${version}"/>
<arg value="RELEASE=${release}"/> <arg value="RELEASE=${release}"/>

143
changehat/tomcat_apparmor/tomcat_5_5/src/com/novell/apparmor/catalina/valves/ChangeHatValve.java
View File

@ -1,11 +1,11 @@
/* ------------------------------------------------------------------ /* ------------------------------------------------------------------
* *
* Copyright (C) 2002-2005 Novell/SUSE * Copyright (C) 2002-2007 Novell/SUSE
* *
* This program is free software; you can redistribute it and/or * This program is free software; you can redistribute it and/or
* modify it under the terms of version 2 of the GNU General Public * modify it under the terms of version 2 of the GNU General Public
* License published by the Free Software Foundation. * License published by the Free Software Foundation.
* *
* ------------------------------------------------------------------ */ * ------------------------------------------------------------------ */
package com.novell.apparmor.catalina.valves; package com.novell.apparmor.catalina.valves;
@ -13,10 +13,7 @@ package com.novell.apparmor.catalina.valves;
import com.novell.apparmor.JNIChangeHat; import com.novell.apparmor.JNIChangeHat;
import java.io.IOException; import java.io.IOException;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import org.apache.catalina.HttpRequest;
import org.apache.catalina.Container; import org.apache.catalina.Container;
import org.apache.catalina.HttpResponse;
import org.apache.catalina.valves.ValveBase; import org.apache.catalina.valves.ValveBase;
import java.security.SecureRandom; import java.security.SecureRandom;
@ -28,9 +25,9 @@ public final class ChangeHatValve extends ValveBase {
private static String DEFAULT_HAT = "DEFAULT"; private static String DEFAULT_HAT = "DEFAULT";
private static int SERVLET_PATH_MEDIATION = 0; private static int SERVLET_PATH_MEDIATION = 0;
private static int URI_MEDIATION = 1; private static int URI_MEDIATION = 1;
private int mediationType = ChangeHatValve.SERVLET_PATH_MEDIATION; private int mediationType = ChangeHatValve.SERVLET_PATH_MEDIATION;
/* /*
* *
* Property setter called during the parsing of the server.xml. * Property setter called during the parsing of the server.xml.
@ -53,18 +50,18 @@ public final class ChangeHatValve extends ValveBase {
this.mediationType = ChangeHatValve.SERVLET_PATH_MEDIATION; this.mediationType = ChangeHatValve.SERVLET_PATH_MEDIATION;
} }
} }
/* /*
* *
* Return an int value representing the currently configured * Return an int value representing the currently configured
* <code>mediationType</code> for this instance. * <code>mediationType</code> for this instance.
* *
*/ */
int getMediationType() { public int getMediationType() {
return this.mediationType; return this.mediationType;
} }
/* /*
* *
* Return an instance of <code>SecureRandom</code> creating one if necessary * Return an instance of <code>SecureRandom</code> creating one if necessary
@ -76,7 +73,7 @@ public final class ChangeHatValve extends ValveBase {
} }
return ChangeHatValve.randomNumberGenerator; return ChangeHatValve.randomNumberGenerator;
} }
/* /*
* *
* Call to return a random cookie from the <code>SecureRandom</code> PRNG * Call to return a random cookie from the <code>SecureRandom</code> PRNG
@ -85,13 +82,15 @@ public final class ChangeHatValve extends ValveBase {
int getCookie() { int getCookie() {
SecureRandom rnd = getRndGen(); SecureRandom rnd = getRndGen();
if ( rnd == null ) { if ( rnd == null ) {
this.getContainer().getLogger().log( "[APPARMOR] can't initialize SecureRandom for cookie generation for change_hat() call.", container.getLogger().ERROR); this.getContainer().getLogger().error(
"[APPARMOR] can't initialize SecureRandom for cookie" +
" generation for change_hat() call.");
return 0; return 0;
} }
return rnd.nextInt(); return rnd.nextInt();
} }
/* /*
* *
* Call out to AppArmor change_hat(2) to change the security * Call out to AppArmor change_hat(2) to change the security
@ -110,87 +109,71 @@ public final class ChangeHatValve extends ValveBase {
* @exception ServletException if a servlet error has occurred * @exception ServletException if a servlet error has occurred
* *
*/ */
public void invoke( org.apache.catalina.Request request, public void invoke( org.apache.catalina.connector.Request request,
org.apache.catalina.Response response, org.apache.catalina.connector.Response response )
org.apache.catalina.ValveContext context )
throws IOException, ServletException { throws IOException, ServletException {
Container container = this.getContainer(); Container container = this.getContainer();
int cookie, result; int cookie, result;
boolean inSubHat = false; boolean inSubHat = false;
container.getLogger().log(this.getClass().toString() + container.getLogger().debug(this.getClass().toString() +
"[APPARMOR] Request received [" + request.getInfo() "[APPARMOR] Request received [" + request.getInfo()
+ "]", container.getLogger().DEBUG); + "]");
if ( !( request instanceof HttpRequest)
|| !(response instanceof HttpResponse) ) {
container.getLogger().log(this.getClass().toString()
+ "[APPARMOR] Non HttpRequest received. Not changing context. "
+ "[" + request.getInfo() + "]", container.getLogger().ERROR);
context.invokeNext(request, response);
return;
}
HttpRequest httpRequest = (HttpRequest) request;
HttpServletRequest servletRequest = (HttpServletRequest)
httpRequest.getRequest();
String hatname = ChangeHatValve.DEFAULT_HAT;; String hatname = ChangeHatValve.DEFAULT_HAT;;
if ( getMediationType() == ChangeHatValve.SERVLET_PATH_MEDIATION ) { if ( getMediationType() == ChangeHatValve.SERVLET_PATH_MEDIATION ) {
hatname = servletRequest.getServletPath(); hatname = request.getServletPath();
} else if ( getMediationType() == ChangeHatValve.URI_MEDIATION ) { } else if ( getMediationType() == ChangeHatValve.URI_MEDIATION ) {
hatname = servletRequest.getRequestURI(); hatname = request.getRequestURI();
} }
/* /*
* Select the AppArmor container for this request: * Select the AppArmor container for this request:
* *
* 1. try hat name from either URI or ServletPath * 1. try hat name from either URI or ServletPath
* (based on configuration) * (based on configuration)
* *
* 2. try hat name of the defined DEFAULT_HAT * 2. try hat name of the defined DEFAULT_HAT
* *
* 3. run in the current AppArmor context * 3. run in the current AppArmor context
*/ */
cookie = getCookie(); cookie = getCookie();
if ( hatname == null || "".equals(hatname) ) { if ( hatname == null || "".equals(hatname) ) {
hatname = ChangeHatValve.DEFAULT_HAT; hatname = ChangeHatValve.DEFAULT_HAT;
} }
container.getLogger().log("[APPARMOR] ChangeHat to [" + hatname container.getLogger().debug("[APPARMOR] ChangeHat to [" + hatname
+ "] cookie [" + cookie + "]", container.getLogger().DEBUG); + "] cookie [" + cookie + "]");
result = changehat_wrapper.changehat_in(hatname, cookie); result = changehat_wrapper.changehat_in(hatname, cookie);
if ( result == JNIChangeHat.EPERM ) { if ( result == JNIChangeHat.EPERM ) {
container.getLogger().log("[APPARMOR] change_hat valve " + container.getLogger().error("[APPARMOR] change_hat valve " +
"configured but Tomcat process is not confined by an " + "configured but Tomcat process is not confined by an " +
"AppArmor profile.", container.getLogger().ERROR); "AppArmor profile.");
context.invokeNext(request, response); getNext().invoke(request, response);
} else { } else {
if ( result == JNIChangeHat.EACCES ) { if ( result == JNIChangeHat.EACCES ) {
changehat_wrapper.changehat_out(cookie); changehat_wrapper.changehat_out(cookie);
result = changehat_wrapper.changehat_in(ChangeHatValve.DEFAULT_HAT, result = changehat_wrapper.changehat_in(ChangeHatValve.DEFAULT_HAT,
cookie); cookie);
if ( result != 0 ) { if ( result != 0 ) {
changehat_wrapper.changehat_out(cookie); changehat_wrapper.changehat_out(cookie);
container.getLogger().log("[APPARMOR] ChangeHat to [" + hatname container.getLogger().error("[APPARMOR] ChangeHat to [" + hatname
+ "] failed. Running in parent context.", + "] failed. Running in parent context.");
container.getLogger().ERROR); } else {
} else { inSubHat = true;
inSubHat = true; }
} } else if ( result != 0 ) {
} else if ( result != 0 ) { changehat_wrapper.changehat_out(cookie);
changehat_wrapper.changehat_out(cookie); container.getLogger().error("[APPARMOR] ChangeHat to [" + hatname
container.getLogger().log("[APPARMOR] ChangeHat to [" + hatname + "] failed. Running in parent context.");
+ "] failed. Running in parent context.", } else {
container.getLogger().ERROR); inSubHat = true;
} else { }
inSubHat = true; getNext().invoke(request, response);
} if ( inSubHat ) changehat_wrapper.changehat_out(cookie);
context.invokeNext(request, response);
if ( inSubHat ) changehat_wrapper.changehat_out(cookie);
} }
} }
} }

24
changehat/tomcat_apparmor/tomcat_5_5/src/jni_src/Makefile
View File

@ -1,15 +1,15 @@
INCLUDE=/usr/lib/jvm/java/include TOP = ../..
TOP=../.. CLASSPATH = ${TOP}/build
CLASSPATH=${TOP}/build LIB = lib/
CFLAGS=-g -O2 -Wall -Wstrict-prototypes -Wl,-soname,$@.${SO_VERS} -pipe -fpic -D_REENTRANT LIBDIR = /usr/${LIB}
INCLUDES=-I$(INCLUDE) -I$(INCLUDE)/linux INCLUDE = ${LIBDIR}/jvm/java/include
CLASSFILE=${CLASSPATH}/com/novell/apparmor/${JAVA_CLASSNAME}.class CFLAGS = -g -O2 -Wall -Wstrict-prototypes -Wl,-soname,$@.${SO_VERS} -pipe -fpic -D_REENTRANT
DESTDIR=${TOP}/dist INCLUDES = -I$(INCLUDE) -I$(INCLUDE)/linux
SO_VERS = 1 CLASSFILE = ${CLASSPATH}/com/novell/apparmor/${JAVA_CLASSNAME}.class
LIB = lib/ DESTDIR = ${TOP}/dist
LIBDIR = /usr/${LIB} SO_VERS = 1
JAVA_CLASSNAME=JNIChangeHat JAVA_CLASSNAME = JNIChangeHat
TARGET=lib${JAVA_CLASSNAME} TARGET = lib${JAVA_CLASSNAME}
all: ${TARGET}.so all: ${TARGET}.so

9
changehat/tomcat_apparmor/tomcat_5_5/tomcat_apparmor.spec.in
View File

@ -23,7 +23,7 @@
%endif %endif
%if %{distro} == "suse" %if %{distro} == "suse"
%define CATALINA_HOME /usr/share/tomcat5 %define CATALINA_HOME /usr/share/tomcat55
%endif %endif
%define APPARMOR_DOC_DIR /usr/share/doc/packages/apparmor-docs/ %define APPARMOR_DOC_DIR /usr/share/doc/packages/apparmor-docs/
%define JNI_SO libJNIChangeHat.so %define JNI_SO libJNIChangeHat.so
@ -39,9 +39,8 @@ Source0: %{name}-%{version}-@@repo_version@@.tar.gz
License: LGPL License: LGPL
BuildRoot: %{?_tmppath:}%{!?_tmppath:/var/tmp}/%{name}-%{version}-build BuildRoot: %{?_tmppath:}%{!?_tmppath:/var/tmp}/%{name}-%{version}-build
Url: http://developer.novell.com/wiki/index.php/Novell_AppArmor Url: http://developer.novell.com/wiki/index.php/Novell_AppArmor
Prereq: tomcat5, servletapi5, libapparmor Prereq: tomcat55, servletapi5, libapparmor
BuildRequires: tomcat5, servletapi5 ant, java, libapparmor, java2-devel-packages, apparmor-docs BuildRequires: tomcat55, servletapi5, ant, java, libapparmor, java2-devel-packages, apparmor-docs
Provides: tomcat_apparmor
%description %description
tomcat_apparmor - is a plugin for Apache Tomcat version 5.x that provides tomcat_apparmor - is a plugin for Apache Tomcat version 5.x that provides
@ -57,7 +56,7 @@ URL processing or per servlet.
%build %build
[ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT} [ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT}
ant -Ddist=${RPM_BUILD_DIR}/%{name}-%{version} -Dtarget=1.4 jar jni_so ant -Dinstall_lib=%{_lib} -Dcatalina_home=%{CATALINA_HOME} -Ddist=${RPM_BUILD_DIR}/%{name}-%{version} -Dtarget=1.4 jar jni_so
%install %install
ant -Ddist=${RPM_BUILD_DIR}/%{name}-%{version} -Dversion=%{version} -Drelease=%{release} -Dcatalina_home=%{CATALINA_HOME} -Dinstall_root=${RPM_BUILD_ROOT} -Dinstall_lib=%{_lib} install_jar install_jni ant -Ddist=${RPM_BUILD_DIR}/%{name}-%{version} -Dversion=%{version} -Drelease=%{release} -Dcatalina_home=%{CATALINA_HOME} -Dinstall_root=${RPM_BUILD_ROOT} -Dinstall_lib=%{_lib} install_jar install_jni