[core] allow earlier plugin init for SSL/TLS

If lighttpd is started privileged, then SSL/TLS modules need to be
initialized prior to chroot (optional) and prior to dropping privileges
in order to be able to read sensitive files such as private certificates

(thx m4t)
personal/stbuehler/mod-csrf
Glenn Strauss 6 years ago
parent fb87ae8604
commit 8af9e71ccc
  1. 2
      src/mod_openssl.c
  2. 4
      src/plugin.c
  3. 1
      src/plugin.h
  4. 10
      src/server.c

@ -1690,7 +1690,7 @@ int mod_openssl_plugin_init (plugin *p)
p->name = buffer_init_string("openssl");
p->init = mod_openssl_init;
p->cleanup = mod_openssl_free;
p->set_defaults = mod_openssl_set_defaults;
p->priv_defaults= mod_openssl_set_defaults;
p->handle_connection_accept = mod_openssl_handle_con_accept;
p->handle_connection_shut_wr = mod_openssl_handle_con_shut_wr;

@ -497,6 +497,10 @@ handler_t plugins_call_init(server *srv) {
} else {
p->data = NULL;
}
if (p->priv_defaults && HANDLER_ERROR==p->priv_defaults(srv, p->data)) {
return HANDLER_ERROR;
}
}
return HANDLER_GO_ON;

@ -32,6 +32,7 @@ typedef struct {
buffer *name; /* name of the plugin */
void *(* init) ();
handler_t (* priv_defaults) (server *srv, void *p_d);
handler_t (* set_defaults) (server *srv, void *p_d);
handler_t (* cleanup) (server *srv, void *p_d);
/* is called ... */

@ -990,6 +990,11 @@ static int server_main (server * const srv, int argc, char **argv) {
return -1;
}
if (HANDLER_GO_ON != plugins_call_init(srv)) {
log_error_write(srv, __FILE__, __LINE__, "s", "Initialization of plugins failed. Going down.");
return -1;
}
/* open pid file BEFORE chroot */
if (-1 == pid_fd && !buffer_string_is_empty(srv->srvconf.pid_file)) {
if (-1 == (pid_fd = fdevent_open_cloexec(srv->srvconf.pid_file->ptr, O_WRONLY | O_CREAT | O_EXCL | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH))) {
@ -1199,11 +1204,6 @@ static int server_main (server * const srv, int argc, char **argv) {
srv->max_conns = srv->max_fds/3;
}
if (HANDLER_GO_ON != plugins_call_init(srv)) {
log_error_write(srv, __FILE__, __LINE__, "s", "Initialization of plugins failed. Going down.");
return -1;
}
#ifdef HAVE_FORK
/* network is up, let's daemonize ourself */
if (0 == srv->srvconf.dont_daemonize && 0 == graceful_restart) {

Loading…
Cancel
Save