add a config option to specify the chroot directory

ok reyk@

diff --git a/usr.sbin/httpd/httpd.c b/usr.sbin/httpd/httpd.c
index 235e661..4064abe 100644 (file)
--- a/usr.sbin/httpd/httpd.c
+++ b/usr.sbin/httpd/httpd.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: httpd.c,v 1.15 2014/08/04 15:49:28 reyk Exp $ */
+/*     $OpenBSD: httpd.c,v 1.16 2014/08/05 09:24:21 jsg Exp $  */
 
 /*
  * Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org>
@@ -150,6 +150,7 @@ int
 main(int argc, char *argv[])
 {
        int                      c;
+       unsigned int             proc;
        int                      debug = 0, verbose = 0;
        u_int32_t                opts = 0;
        struct httpd            *env;
@@ -225,6 +226,9 @@ main(int argc, char *argv[])
        ps->ps_instances[PROC_SERVER] = env->sc_prefork_server;
        ps->ps_ninstances = env->sc_prefork_server;
 
+       for (proc = 0; proc < nitems(procs); proc++)
+               procs[proc].p_chroot = env->sc_chroot;
+
        proc_init(ps, procs, nitems(procs));
 
        setproctitle("parent");

diff --git a/usr.sbin/httpd/httpd.conf.5 b/usr.sbin/httpd/httpd.conf.5
index f25136e..fa805ed 100644 (file)
--- a/usr.sbin/httpd/httpd.conf.5
+++ b/usr.sbin/httpd/httpd.conf.5
@@ -1,4 +1,4 @@
-.\"    $OpenBSD: httpd.conf.5,v 1.21 2014/08/04 17:38:12 reyk Exp $
+.\"    $OpenBSD: httpd.conf.5,v 1.22 2014/08/05 09:24:21 jsg Exp $
 .\"
 .\" Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: August 4 2014 $
+.Dd $Mdocdate: August 5 2014 $
 .Dt HTTPD.CONF 5
 .Os
 .Sh NAME
@@ -102,6 +102,13 @@ This increases the performance and prevents delays when connecting
 to a server.
 .Xr httpd 8
 runs 3 server processes by default.
+.It Ic chroot Ar directory
+Set the
+.Xr chroot 2
+directory.
+If not specified, it defaults to
+.Pa /var/www ,
+the home directory of the www user.
 .El
 .Sh SERVERS
 The configured web servers.

diff --git a/usr.sbin/httpd/httpd.h b/usr.sbin/httpd/httpd.h
index b5cff07..d3a6ca8 100644 (file)
--- a/usr.sbin/httpd/httpd.h
+++ b/usr.sbin/httpd/httpd.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: httpd.h,v 1.42 2014/08/04 18:12:15 reyk Exp $ */
+/*     $OpenBSD: httpd.h,v 1.43 2014/08/05 09:24:21 jsg Exp $  */
 
 /*
  * Copyright (c) 2006 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -397,6 +397,7 @@ struct httpd {
        u_int16_t                sc_prefork_server;
        u_int16_t                sc_id;
        int                      sc_paused;
+       char                    *sc_chroot;
 
        struct serverlist       *sc_servers;
        struct mediatypes       *sc_mediatypes;

diff --git a/usr.sbin/httpd/parse.y b/usr.sbin/httpd/parse.y
index 649bd97..8562f81 100644 (file)
--- a/usr.sbin/httpd/parse.y
+++ b/usr.sbin/httpd/parse.y
@@ -1,4 +1,4 @@
-/*     $OpenBSD: parse.y,v 1.23 2014/08/04 17:38:12 reyk Exp $ */
+/*     $OpenBSD: parse.y,v 1.24 2014/08/05 09:24:21 jsg Exp $  */
 
 /*
  * Copyright (c) 2007 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -124,7 +124,7 @@ typedef struct {
 
 %}
 
-%token AUTO COMMON COMBINED CONNECTION DIRECTORY FCGI FILE INDEX LISTEN
+%token AUTO CHROOT COMMON COMBINED CONNECTION DIRECTORY FCGI FILE INDEX LISTEN
 %token LOCATION LOG NO ON PORT PREFORK ROOT SERVER SOCKET SSL STYLE SYSLOG
 %token TYPES
 %token ERROR INCLUDE
@@ -182,6 +182,9 @@ main                : PREFORK NUMBER        {
                        }
                        conf->sc_prefork_server = $2;
                }
+               | CHROOT STRING         {
+                       conf->sc_chroot = $2;
+               }
                ;
 
 server         : SERVER STRING         {
@@ -612,6 +615,7 @@ lookup(char *s)
        /* this has to be sorted always */
        static const struct keywords keywords[] = {
                { "auto",               AUTO },
+               { "chroot",             CHROOT },
                { "combined",           COMBINED },
                { "common",             COMMON },
                { "connection",         CONNECTION },