From 08177689638ebe42db86fc4492bf212f217c2159 Mon Sep 17 00:00:00 2001 From: Paul Querna Date: Thu, 30 Oct 2008 00:54:02 +0000 Subject: [PATCH] Create a new drop_privileges hook for the Simple MPM. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@709062 13f79535-47bb-0310-9956-ffa450edef68 --- server/mpm/simple/simple_api.c | 8 +++++++ server/mpm/simple/simple_api.h | 43 ++++++++++++++++++++++++++++++++++ server/mpm/simple/simple_run.c | 13 ++++++++-- 3 files changed, 62 insertions(+), 2 deletions(-) create mode 100644 server/mpm/simple/simple_api.h diff --git a/server/mpm/simple/simple_api.c b/server/mpm/simple/simple_api.c index 3c302ae18b..190f1533c3 100644 --- a/server/mpm/simple/simple_api.c +++ b/server/mpm/simple/simple_api.c @@ -25,6 +25,7 @@ #include "simple_types.h" #include "simple_run.h" #include "http_core.h" +#include "simple_api.h" /* Thie file contains the absolute minimal MPM API, to interface with httpd. */ @@ -32,6 +33,13 @@ ap_generation_t volatile ap_my_generation = 0; server_rec *ap_server_conf = NULL; +APR_HOOK_STRUCT( + APR_HOOK_LINK(simple_drop_privileges) +) + +AP_IMPLEMENT_HOOK_RUN_ALL(int, simple_drop_privileges, + (apr_pool_t *pchild, server_rec *s), + (pchild, s), OK, DECLINED) int ap_mpm_run(apr_pool_t *pconf, diff --git a/server/mpm/simple/simple_api.h b/server/mpm/simple/simple_api.h new file mode 100644 index 0000000000..9127dd27aa --- /dev/null +++ b/server/mpm/simple/simple_api.h @@ -0,0 +1,43 @@ +/* Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "apr.h" +#include "apr_pools.h" +#include "apr_poll.h" +#include "apr_hash.h" +#include "apr_ring.h" +#include "apr_thread_pool.h" +#include "apr_buckets.h" +#include "httpd.h" + +#ifndef APACHE_MPM_SIMPLE_API_H +#define APACHE_MPM_SIMPLE_API_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* Called after child as forked, before child_init, to be used by modules that + * wish to chroot or change the processes running UserID before we begin serving requests. + */ +AP_DECLARE_HOOK(int,simple_drop_privileges,(apr_pool_t *pchild, server_rec *s)) + +#ifdef __cplusplus +} +#endif + +#endif /* APACHE_MPM_SIMPLE_API_H */ + diff --git a/server/mpm/simple/simple_run.c b/server/mpm/simple/simple_run.c index 9e53e1efd0..be53442335 100644 --- a/server/mpm/simple/simple_run.c +++ b/server/mpm/simple/simple_run.c @@ -27,7 +27,7 @@ #include "scoreboard.h" #include "ap_listen.h" - +#include "simple_api.h" #include "mpm.h" /** @@ -269,7 +269,14 @@ simple_setup_privs(simple_core_t *sc) /* TODO: none of the above. Just a child_init hook, which can be * instantianted in a module */ - ap_run_child_init(sc->pool, ap_server_conf); + int rv = ap_run_simple_drop_privileges(sc->pool, ap_server_conf); + + if (rv) { + ap_log_error(APLOG_MARK, APLOG_CRIT, rv, NULL, + "simple_setup_privs: ap_run_simple_drop_privileges failed"); + return rv; + } + return 0; } @@ -299,6 +306,8 @@ simple_child_loop(simple_core_t *sc) return !OK; } + ap_run_child_init(sc->pool, ap_server_conf); + return simple_run_loop(sc); } -- 2.40.0