From 4b8ed77a460b35d5ed820e40c23cef804d035728 Mon Sep 17 00:00:00 2001 From: Stefan Fritsch Date: Fri, 14 Jun 2013 21:43:30 +0000 Subject: [PATCH] Move initialization of the secret to the pre_config hook. Use ap_retained_data_*() because we don't have access to process->pool there. This makes the code shorter and a lot more clear, but cannot directly be backported to 2.2 which doesn't have ap_retained_data_*(). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1493257 13f79535-47bb-0310-9956-ffa450edef68 --- modules/aaa/mod_auth_digest.c | 73 ++++++++++------------------------- 1 file changed, 20 insertions(+), 53 deletions(-) diff --git a/modules/aaa/mod_auth_digest.c b/modules/aaa/mod_auth_digest.c index 81d1231ab0..3b48cbbdf5 100644 --- a/modules/aaa/mod_auth_digest.c +++ b/modules/aaa/mod_auth_digest.c @@ -107,7 +107,7 @@ typedef struct digest_config_struct { #define NONCE_LEN (int )(NONCE_TIME_LEN + NONCE_HASH_LEN) #define SECRET_LEN 20 -#define POOL_USERDATA_ID "mod_auth_digest" +#define RETAINED_DATA_ID "mod_auth_digest" /* client list definitions */ @@ -222,45 +222,6 @@ static apr_status_t cleanup_tables(void *not_used) return APR_SUCCESS; } -/* - * @param pool pool for userdata - * @param s server rec for logging, may be NULL - */ -static apr_status_t initialize_secret(apr_pool_t *pool, server_rec *s) -{ - apr_status_t status; - void *userdata; - - apr_pool_userdata_get(&userdata, POOL_USERDATA_ID, pool); - if (userdata != NULL) { - secret = userdata; - return APR_SUCCESS; - } - - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01757) - "generating secret for digest authentication"); - - secret = apr_palloc(pool, SECRET_LEN); - -#if APR_HAS_RANDOM - status = apr_generate_random_bytes(secret, SECRET_LEN); -#else -#error APR random number support is missing -#endif - - if (status != APR_SUCCESS) { - ap_log_error(APLOG_MARK, APLOG_CRIT, status, s, APLOGNO(01758) - "error generating secret"); - secret = NULL; - return status; - } - - apr_pool_userdata_set(secret, POOL_USERDATA_ID, apr_pool_cleanup_null, - pool); - - return status; -} - static void log_error_and_cleanup(char *msg, apr_status_t sts, server_rec *s) { ap_log_error(APLOG_MARK, APLOG_ERR, sts, s, APLOGNO(01760) @@ -366,6 +327,7 @@ static int initialize_tables(server_rec *s, apr_pool_t *ctx) static int pre_init(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp) { apr_status_t rv; + void *retained; rv = ap_mutex_register(pconf, client_mutex_type, NULL, APR_LOCK_DEFAULT, 0); if (rv != APR_SUCCESS) @@ -373,6 +335,24 @@ static int pre_init(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp) rv = ap_mutex_register(pconf, opaque_mutex_type, NULL, APR_LOCK_DEFAULT, 0); if (rv != APR_SUCCESS) return !OK; + + retained = ap_retained_data_get(RETAINED_DATA_ID); + if (retained == NULL) { + retained = ap_retained_data_create(RETAINED_DATA_ID, SECRET_LEN); + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL, APLOGNO(01757) + "generating secret for digest authentication"); +#if APR_HAS_RANDOM + rv = apr_generate_random_bytes(retained, SECRET_LEN); +#else +#error APR random number support is missing +#endif + if (rv != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_CRIT, rv, NULL, APLOGNO(01758) + "error generating secret"); + return !OK; + } + } + secret = retained; return OK; } @@ -385,14 +365,6 @@ static int initialize_module(apr_pool_t *p, apr_pool_t *plog, if (ap_state_query(AP_SQ_MAIN_STATE) == AP_SQ_MS_CREATE_PRE_CONFIG) return OK; - /* - * If we haven't initialized the secret yet, we need to do it now in case - * the module is used in .htaccess. - */ - if (secret == NULL - && initialize_secret(s->process->pool, s) != APR_SUCCESS) - return !OK; - #if APR_HAS_SHARED_MEMORY /* Note: this stuff is currently fixed for the lifetime of the server, * i.e. even across restarts. This means that A) any shmem-size @@ -475,11 +447,6 @@ static const char *set_realm(cmd_parms *cmd, void *config, const char *realm) digest_config_rec *conf = (digest_config_rec *) config; int i; - /* pass NULL because cmd->server may not have a valid log config yet */ - if (secret == NULL - && initialize_secret(cmd->server->process->pool, NULL) != APR_SUCCESS) - return "Could not get random numbers for secret"; - #ifdef AP_DEBUG /* check that we got random numbers */ for (i = 0; i < SECRET_LEN; i++) { -- 2.49.0