Create a new drop_privileges hook for the Simple MPM.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@709062 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/server/mpm/simple/simple_api.c b/server/mpm/simple/simple_api.c
index 3c302ae18b22c90d47987eba2db81afa1ab0c30a..190f1533c3358acaf951d4c4319ed5fc2d44185e 100644 (file)
--- a/server/mpm/simple/simple_api.c
+++ b/server/mpm/simple/simple_api.c
@@ -25,6 +25,7 @@
 #include "simple_types.h"
 #include "simple_run.h"
 #include "http_core.h"
+#include "simple_api.h"
 
 /* Thie file contains the absolute minimal MPM API, to interface with httpd. */
 
@@ -32,6 +33,13 @@ ap_generation_t volatile ap_my_generation = 0;
 server_rec *ap_server_conf = NULL;
 
 
+APR_HOOK_STRUCT(
+  APR_HOOK_LINK(simple_drop_privileges)
+)
+
+AP_IMPLEMENT_HOOK_RUN_ALL(int, simple_drop_privileges,
+                          (apr_pool_t *pchild, server_rec *s),
+                          (pchild, s), OK, DECLINED)
 
 int
 ap_mpm_run(apr_pool_t *pconf,

diff --git a/server/mpm/simple/simple_api.h b/server/mpm/simple/simple_api.h
new file mode 100644 (file)
index 0000000..9127dd2
--- /dev/null
+++ b/server/mpm/simple/simple_api.h
@@ -0,0 +1,43 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "apr.h"
+#include "apr_pools.h"
+#include "apr_poll.h"
+#include "apr_hash.h"
+#include "apr_ring.h"
+#include "apr_thread_pool.h"
+#include "apr_buckets.h"
+#include "httpd.h"
+
+#ifndef APACHE_MPM_SIMPLE_API_H
+#define APACHE_MPM_SIMPLE_API_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Called after child as forked, before child_init, to be used by modules that 
+ * wish to chroot or change the processes running UserID before we begin serving requests.
+ */
+AP_DECLARE_HOOK(int,simple_drop_privileges,(apr_pool_t *pchild, server_rec *s))
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* APACHE_MPM_SIMPLE_API_H */
+

diff --git a/server/mpm/simple/simple_run.c b/server/mpm/simple/simple_run.c
index 9e53e1efd0a66c3c3f54a1cca9e4f07286368355..be5344233546b5a417755f06acde77c07958182b 100644 (file)
--- a/server/mpm/simple/simple_run.c
+++ b/server/mpm/simple/simple_run.c
@@ -27,7 +27,7 @@
 #include "scoreboard.h"
 
 #include "ap_listen.h"
-
+#include "simple_api.h"
 #include "mpm.h"
 
 /**
@@ -269,7 +269,14 @@ simple_setup_privs(simple_core_t *sc)
   /* TODO: none of the above.  Just a child_init hook, which can be
    * instantianted in a module
    */
-  ap_run_child_init(sc->pool, ap_server_conf);
+  int rv = ap_run_simple_drop_privileges(sc->pool, ap_server_conf);
+
+  if (rv) {
+    ap_log_error(APLOG_MARK, APLOG_CRIT, rv, NULL,
+                 "simple_setup_privs: ap_run_simple_drop_privileges failed");
+    return rv;
+  }
+
   return 0;
 }
 
@@ -299,6 +306,8 @@ simple_child_loop(simple_core_t *sc)
     return !OK;
   }
 
+  ap_run_child_init(sc->pool, ap_server_conf);
+
   return simple_run_loop(sc);
 }