From: Nick Kew <niq@apache.org>
Date: Mon, 3 Nov 2008 17:24:56 +0000 (+0000)
Subject: Move security check to post_config, ćos pre-config hooks don´t
X-Git-Tag: 2.3.0~159
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6a61e11758e55184b3438c1bc7cbb8b9cd650bc7;p=thirdparty%2Fapache%2Fhttpd.git

Move security check to post_config, ćos pre-config hooks don´t
run in expected order.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@710108 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/server/core.c b/server/core.c
index 3ab3a71d47a..4199cfc65c3 100644
--- a/server/core.c
+++ b/server/core.c
@@ -3683,6 +3683,15 @@ static int default_handler(request_rec *r)
 APR_OPTIONAL_FN_TYPE(ap_logio_add_bytes_out) *logio_add_bytes_out;
 APR_OPTIONAL_FN_TYPE(authz_some_auth_required) *authz_ap_some_auth_required;
 
+/* Insist that at least one module will undertake to provide system
+ * security by dropping startup privileges.
+ */
+static int sys_privileges = 0;
+AP_DECLARE(int) sys_privileges_handlers(int inc)
+{
+    sys_privileges += inc;
+    return sys_privileges;
+}
 static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
 {
     logio_add_bytes_out = APR_RETRIEVE_OPTIONAL_FN(ap_logio_add_bytes_out);
@@ -3695,6 +3704,13 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte
     set_banner(pconf);
     ap_setup_make_content_type(pconf);
     ap_setup_auth_internal(ptemp);
+    if (!sys_privileges) {
+        ap_log_error(APLOG_MARK, APLOG_CRIT, 0, NULL,
+                     "Server MUST relinquish startup privileges before "
+                     "accepting connections.  Please ensure mod_unixd "
+                     "or other system security module is loaded.");
+        return !OK;
+    }
     return OK;
 }
 
@@ -3884,27 +3900,6 @@ static int core_pre_connection(conn_rec *c, void *csd)
     return DONE;
 }
 
-/* Insist that at least one module will undertake to provide system
- * security by dropping startup privileges.
- */
-static int sys_privileges = 0;
-AP_DECLARE(int) sys_privileges_handlers(int inc)
-{
-    sys_privileges += inc;
-    return sys_privileges;
-}
-static int core_pre_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp)
-{
-    if (!sys_privileges) {
-        ap_log_error(APLOG_MARK, APLOG_CRIT, 0, NULL,
-                     "Server MUST relinquish startup privileges before "
-                     "accepting connections.  Please ensure mod_unixd "
-                     "or other system security module is loaded.");
-        return !OK;
-    }
-    return OK;
-}
-
 static void register_hooks(apr_pool_t *p)
 {
     /* create_connection and install_transport_filters are
@@ -3917,7 +3912,6 @@ static void register_hooks(apr_pool_t *p)
     ap_hook_pre_connection(core_pre_connection, NULL, NULL,
                            APR_HOOK_REALLY_LAST);
 
-    ap_hook_pre_config(core_pre_config,NULL,NULL,APR_HOOK_LAST);
     ap_hook_post_config(core_post_config,NULL,NULL,APR_HOOK_REALLY_FIRST);
     ap_hook_translate_name(ap_core_translate,NULL,NULL,APR_HOOK_REALLY_LAST);
     ap_hook_map_to_storage(core_map_to_storage,NULL,NULL,APR_HOOK_REALLY_LAST);