--- support/suexec.c.orig	Sat Feb 22 12:44:30 2003
+++ support/suexec.c	Mon Jun 02 10:55:31 2003
@@ -145,6 +145,10 @@
     "DOCUMENT_PATH_INFO=",
     "DOCUMENT_ROOT=",
     "DOCUMENT_URI=",
+    "FPEXE=",
+    "FPFD=",
+    "FPUID=",
+    "FPGID=",
     "FILEPATH_INFO=",
     "GATEWAY_INTERFACE=",
     "HTTPS=",
@@ -277,6 +281,7 @@
     char *prog;             /* name of this program      */
     char *cmd;              /* command to be executed    */
     char cwd[AP_MAXPATH];   /* current working directory */
+    char fpcwd[AP_MAXPATH]; /* current working directory - FrontPage */
     char dwd[AP_MAXPATH];   /* docroot working directory */
     struct passwd *pw;      /* password entry holder     */
     struct group *gr;       /* group entry holder        */
@@ -350,6 +355,14 @@
     target_gname = argv[2];
     cmd = argv[3];
 
+    if ( !strcmp(cmd, "fpexe") ) {
+      if (getcwd(fpcwd, AP_MAXPATH) == NULL) {
+	  log_err("cannot get current working directory for frontpage\n");
+	  exit(111);
+      }
+    }     
+	
+    
     /*
      * Check to see if the user running this program
      * is the user allowed to do so as defined in
@@ -357,12 +370,12 @@
      */
 #ifdef _OSD_POSIX
     /* User name comparisons are case insensitive on BS2000/OSD */
-    if (strcasecmp(AP_HTTPD_USER, pw->pw_name)) {
+    if (strcasecmp(AP_HTTPD_USER, pw->pw_name) && !is_resvprog(cmd, fpcwd)) { 
         log_err("user mismatch (%s instead of %s)\n", pw->pw_name, AP_HTTPD_USER);
         exit(103);
     }
 #else  /*_OSD_POSIX*/
-    if (strcmp(AP_HTTPD_USER, pw->pw_name)) {
+    if (strcasecmp(AP_HTTPD_USER, pw->pw_name) && !is_resvprog(cmd, fpcwd)) { 
         log_err("user mismatch (%s instead of %s)\n", pw->pw_name, AP_HTTPD_USER);
         exit(103);
     }
@@ -573,7 +586,7 @@
     /*
      * Error out if the file is setuid or setgid.
      */
-    if ((prg_info.st_mode & S_ISUID) || (prg_info.st_mode & S_ISGID)) {
+    if (((prg_info.st_mode & S_ISUID) && !is_resvprog(cmd, cwd)) || (prg_info.st_mode & S_ISGID)) {
         log_err("file is either setuid or setgid: (%s/%s)\n", cwd, cmd);
         exit(119);
     }
@@ -582,17 +595,18 @@
      * Error out if the target name/group is different from
      * the name/group of the cwd or the program.
      */
-    if ((uid != dir_info.st_uid) ||
+     if ( ( (uid != dir_info.st_uid) ||
         (gid != dir_info.st_gid) ||
         (uid != prg_info.st_uid) ||
-        (gid != prg_info.st_gid)) {
+        (gid != prg_info.st_gid) ) &&
+	!is_resvprog(cmd, cwd) ) {
         log_err("target uid/gid (%ld/%ld) mismatch "
                 "with directory (%ld/%ld) or program (%ld/%ld)\n",
                 uid, gid,
                 dir_info.st_uid, dir_info.st_gid,
                 prg_info.st_uid, prg_info.st_gid);
         exit(120);
-    }
+    } 
     /*
      * Error out if the program is not executable for the user.
      * Otherwise, she won't find any error in the logs except for
@@ -653,3 +667,16 @@
     log_err("(%d)%s: exec failed (%s)\n", errno, strerror(errno), cmd);
     exit(255);
 }
+
+/* Here we go */
+
+int is_resvprog(const char *cmd, const char *cwd)
+{
+  if ( (!strcmp(cmd, "fpexe") && !strcmp(cwd, "/usr/local/frontpage/version5.0/apache-fp/_vti_bin")) ) { 
+    log_err("Restricted program accessed: %s/%s\n", cwd, cmd);
+    return 1;
+  }
+  else {
+    return 0;
+  }
+}