AP_DECLARE_HOOK(int,monitor,(apr_pool_t *p))
+/* register modules that undertake to manage system security */
+extern int sys_privileges;
+AP_DECLARE_HOOK(int, drop_privileges, (apr_pool_t * pchild, server_rec * s))
+
#ifdef __cplusplus
}
#endif
#include <sys/prctl.h>
#endif
-#include "simple_api.h"
-
#ifndef DEFAULT_USER
#define DEFAULT_USER "#-1"
#endif
unixd_config.chroot_dir = NULL; /* none */
+ ++sys_privileges;
return OK;
}
ap_hook_pre_config(unixd_pre_config,
NULL, NULL, APR_HOOK_FIRST);
- ap_hook_simple_drop_privileges(unixd_drop_privileges,
- NULL, NULL, APR_HOOK_FIRST);
+ ap_hook_drop_privileges(unixd_drop_privileges,
+ NULL, NULL, APR_HOOK_FIRST);
}
static const command_rec unixd_cmds[] = {
return DONE;
}
+/* Insist that at least one module will undertake to provide system
+ * security by dropping startup privileges.
+ */
+AP_DECLARE(int) sys_privileges = 0;
+static int core_pre_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp)
+{
+ if (!sys_privileges) {
+ ap_log_error(APLOG_MARK, APLOG_CRIT, 0, NULL,
+ "Server MUST relinquish startup privileges before "
+ "accepting connections. Please ensure mod_unixd "
+ "or other system security module is loaded.");
+ return !OK;
+ }
+ return OK;
+}
+
static void register_hooks(apr_pool_t *p)
{
/* create_connection and install_transport_filters are
ap_hook_pre_connection(core_pre_connection, NULL, NULL,
APR_HOOK_REALLY_LAST);
+ ap_hook_pre_config(core_pre_config,NULL,NULL,APR_HOOK_LAST);
ap_hook_post_config(core_post_config,NULL,NULL,APR_HOOK_REALLY_FIRST);
ap_hook_translate_name(ap_core_translate,NULL,NULL,APR_HOOK_REALLY_LAST);
ap_hook_map_to_storage(core_map_to_storage,NULL,NULL,APR_HOOK_REALLY_LAST);
/*stuff to do before we switch id's, so we have permissions. */
ap_reopen_scoreboard(pchild, NULL, 0);
- if (unixd_setup_child()) {
+ if (ap_run_drop_privileges(pchild, ap_server_conf)) {
clean_child_exit(APEXIT_CHILDFATAL);
}
clean_child_exit(APEXIT_CHILDFATAL);
}
- if (unixd_setup_child()) {
+ if (ap_run_drop_privileges(pchild, ap_server_conf)) {
clean_child_exit(APEXIT_CHILDFATAL);
}
#include "simple_types.h"
#include "simple_run.h"
#include "http_core.h"
-#include "simple_api.h"
/* Thie file contains the absolute minimal MPM API, to interface with httpd. */
server_rec *ap_server_conf = NULL;
-APR_HOOK_STRUCT(APR_HOOK_LINK(simple_drop_privileges)
- )
-
-AP_IMPLEMENT_HOOK_RUN_ALL(int, simple_drop_privileges,
- (apr_pool_t * pchild, server_rec * s),
- (pchild, s), OK, DECLINED)
-
int ap_mpm_run(apr_pool_t * pconf, apr_pool_t * plog, server_rec * s)
{
simple_core_t *sc = simple_core_get();
+++ /dev/null
-/* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "apr.h"
-#include "apr_pools.h"
-#include "apr_poll.h"
-#include "apr_hash.h"
-#include "apr_ring.h"
-#include "apr_thread_pool.h"
-#include "apr_buckets.h"
-#include "httpd.h"
-
-#ifndef APACHE_MPM_SIMPLE_API_H
-#define APACHE_MPM_SIMPLE_API_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/* Called after child as forked, before child_init, to be used by modules that
- * wish to chroot or change the processes running UserID before we begin serving requests.
- */
- AP_DECLARE_HOOK(int, simple_drop_privileges,
- (apr_pool_t * pchild, server_rec * s))
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* APACHE_MPM_SIMPLE_API_H */
#include "scoreboard.h"
#include "ap_listen.h"
-#include "simple_api.h"
#include "mpm.h"
/**
static int simple_setup_privs(simple_core_t * sc)
{
- int rv = ap_run_simple_drop_privileges(sc->pool, ap_server_conf);
+ int rv = ap_run_drop_privileges(sc->pool, ap_server_conf);
if (rv) {
ap_log_error(APLOG_MARK, APLOG_CRIT, rv, NULL,
- "simple_setup_privs: ap_run_simple_drop_privileges failed");
+ "simple_setup_privs: ap_run_drop_privileges failed");
return rv;
}
rv = simple_setup_privs(sc);
if (rv) {
- ap_log_error(APLOG_MARK, APLOG_CRIT, rv, NULL,
- "simple_child_loop: simple_drop_privs failed");
+ /* simple_setup_privs already logged error */
return !OK;
}
clean_child_exit(APEXIT_CHILDFATAL);
}
- if (unixd_setup_child()) {
+ if (ap_run_drop_privileges(pchild, ap_server_conf)) {
clean_child_exit(APEXIT_CHILDFATAL);
}
APR_HOOK_STRUCT(
APR_HOOK_LINK(fatal_exception)
APR_HOOK_LINK(monitor)
+ APR_HOOK_LINK(drop_privileges)
)
AP_IMPLEMENT_HOOK_RUN_ALL(int, fatal_exception,
(ap_exception_info_t *ei), (ei), OK, DECLINED)
#else
APR_HOOK_STRUCT(
APR_HOOK_LINK(monitor)
+ APR_HOOK_LINK(drop_privileges)
)
#endif
AP_IMPLEMENT_HOOK_RUN_ALL(int, monitor,
(apr_pool_t *p), (p), OK, DECLINED)
+AP_IMPLEMENT_HOOK_RUN_ALL(int, drop_privileges,
+ (apr_pool_t * pchild, server_rec * s),
+ (pchild, s), OK, DECLINED)
#ifdef AP_MPM_WANT_RECLAIM_CHILD_PROCESSES
}
#endif /* AP_MPM_HAS_USER_CALLBACKS */
-