From 6a61e11758e55184b3438c1bc7cbb8b9cd650bc7 Mon Sep 17 00:00:00 2001
From: Nick Kew <niq@apache.org>
Date: Mon, 3 Nov 2008 17:24:56 +0000
Subject: [PATCH] =?utf8?q?Move=20security=20check=20to=20post=5Fconfig,=20?=
 =?utf8?q?=C4=87os=20pre-config=20hooks=20don=C2=B4t=20run=20in=20expected?=
 =?utf8?q?=20order.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@710108 13f79535-47bb-0310-9956-ffa450edef68
---
 server/core.c | 38 ++++++++++++++++----------------------
 1 file changed, 16 insertions(+), 22 deletions(-)

diff --git a/server/core.c b/server/core.c
index 3ab3a71d47a..4199cfc65c3 100644
--- a/server/core.c
+++ b/server/core.c
@@ -3683,6 +3683,15 @@ static int default_handler(request_rec *r)
 APR_OPTIONAL_FN_TYPE(ap_logio_add_bytes_out) *logio_add_bytes_out;
 APR_OPTIONAL_FN_TYPE(authz_some_auth_required) *authz_ap_some_auth_required;
 
+/* Insist that at least one module will undertake to provide system
+ * security by dropping startup privileges.
+ */
+static int sys_privileges = 0;
+AP_DECLARE(int) sys_privileges_handlers(int inc)
+{
+    sys_privileges += inc;
+    return sys_privileges;
+}
 static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
 {
     logio_add_bytes_out = APR_RETRIEVE_OPTIONAL_FN(ap_logio_add_bytes_out);
@@ -3695,6 +3704,13 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte
     set_banner(pconf);
     ap_setup_make_content_type(pconf);
     ap_setup_auth_internal(ptemp);
+    if (!sys_privileges) {
+        ap_log_error(APLOG_MARK, APLOG_CRIT, 0, NULL,
+                     "Server MUST relinquish startup privileges before "
+                     "accepting connections.  Please ensure mod_unixd "
+                     "or other system security module is loaded.");
+        return !OK;
+    }
     return OK;
 }
 
@@ -3884,27 +3900,6 @@ static int core_pre_connection(conn_rec *c, void *csd)
     return DONE;
 }
 
-/* Insist that at least one module will undertake to provide system
- * security by dropping startup privileges.
- */
-static int sys_privileges = 0;
-AP_DECLARE(int) sys_privileges_handlers(int inc)
-{
-    sys_privileges += inc;
-    return sys_privileges;
-}
-static int core_pre_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp)
-{
-    if (!sys_privileges) {
-        ap_log_error(APLOG_MARK, APLOG_CRIT, 0, NULL,
-                     "Server MUST relinquish startup privileges before "
-                     "accepting connections.  Please ensure mod_unixd "
-                     "or other system security module is loaded.");
-        return !OK;
-    }
-    return OK;
-}
-
 static void register_hooks(apr_pool_t *p)
 {
     /* create_connection and install_transport_filters are
@@ -3917,7 +3912,6 @@ static void register_hooks(apr_pool_t *p)
     ap_hook_pre_connection(core_pre_connection, NULL, NULL,
                            APR_HOOK_REALLY_LAST);
 
-    ap_hook_pre_config(core_pre_config,NULL,NULL,APR_HOOK_LAST);
     ap_hook_post_config(core_post_config,NULL,NULL,APR_HOOK_REALLY_FIRST);
     ap_hook_translate_name(ap_core_translate,NULL,NULL,APR_HOOK_REALLY_LAST);
     ap_hook_map_to_storage(core_map_to_storage,NULL,NULL,APR_HOOK_REALLY_LAST);
-- 
2.47.2