Commit c14d9867 authored by Nick Kew's avatar Nick Kew
Browse files

Move security check to post_config, ćos pre-config hooks don´t 

run in expected order.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@710108 13f79535-47bb-0310-9956-ffa450edef68
parent 22fa299f

server/core.c

+16 −22
Original line number Diff line number Diff line
@@ -3683,6 +3683,15 @@ static int default_handler(request_rec *r) 
APR_OPTIONAL_FN_TYPE(ap_logio_add_bytes_out) *logio_add_bytes_out;

APR_OPTIONAL_FN_TYPE(authz_some_auth_required) *authz_ap_some_auth_required;



/* Insist that at least one module will undertake to provide system

 * security by dropping startup privileges.

 */

static int sys_privileges = 0;

AP_DECLARE(int) sys_privileges_handlers(int inc)

{

    sys_privileges += inc;

    return sys_privileges;

}

static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)

{

    logio_add_bytes_out = APR_RETRIEVE_OPTIONAL_FN(ap_logio_add_bytes_out);
@@ -3695,6 +3704,13 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte 
    set_banner(pconf);

    ap_setup_make_content_type(pconf);

    ap_setup_auth_internal(ptemp);

    if (!sys_privileges) {

        ap_log_error(APLOG_MARK, APLOG_CRIT, 0, NULL,

                     "Server MUST relinquish startup privileges before "

                     "accepting connections.  Please ensure mod_unixd "

                     "or other system security module is loaded.");

        return !OK;

    }

    return OK;

}
@@ -3884,27 +3900,6 @@ static int core_pre_connection(conn_rec *c, void *csd) 
    return DONE;

}



/* Insist that at least one module will undertake to provide system

 * security by dropping startup privileges.

 */

static int sys_privileges = 0;

AP_DECLARE(int) sys_privileges_handlers(int inc)

{

    sys_privileges += inc;

    return sys_privileges;

}

static int core_pre_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp)

{

    if (!sys_privileges) {

        ap_log_error(APLOG_MARK, APLOG_CRIT, 0, NULL,

                     "Server MUST relinquish startup privileges before "

                     "accepting connections.  Please ensure mod_unixd "

                     "or other system security module is loaded.");

        return !OK;

    }

    return OK;

}



static void register_hooks(apr_pool_t *p)

{

    /* create_connection and install_transport_filters are
@@ -3917,7 +3912,6 @@ static void register_hooks(apr_pool_t *p) 
    ap_hook_pre_connection(core_pre_connection, NULL, NULL,

                           APR_HOOK_REALLY_LAST);



    ap_hook_pre_config(core_pre_config,NULL,NULL,APR_HOOK_LAST);

    ap_hook_post_config(core_post_config,NULL,NULL,APR_HOOK_REALLY_FIRST);

    ap_hook_translate_name(ap_core_translate,NULL,NULL,APR_HOOK_REALLY_LAST);

    ap_hook_map_to_storage(core_map_to_storage,NULL,NULL,APR_HOOK_REALLY_LAST);