[core] allow earlier plugin init for SSL/TLS

If lighttpd is started privileged, then SSL/TLS modules need to be initialized prior to chroot (optional) and prior to dropping privileges in order to be able to read sensitive files such as private certificates (thx m4t)
5 years ago · 8af9e71ccc
parent fb87ae8604
commit 8af9e71ccc
4 changed files with 11 additions and 6 deletions
--- a/src/mod_openssl.c
+++ b/src/mod_openssl.c
@ -1690,7 +1690,7 @@ int mod_openssl_plugin_init (plugin *p)
    p->name         = buffer_init_string("openssl");
    p->init         = mod_openssl_init;
    p->cleanup      = mod_openssl_free;
-    p->set_defaults = mod_openssl_set_defaults;
+    p->priv_defaults= mod_openssl_set_defaults;

    p->handle_connection_accept  = mod_openssl_handle_con_accept;
    p->handle_connection_shut_wr = mod_openssl_handle_con_shut_wr;
--- a/src/plugin.c
+++ b/src/plugin.c
@ -497,6 +497,10 @@ handler_t plugins_call_init(server *srv) {
 		} else {
 			p->data = NULL;
 		}
+
+		if (p->priv_defaults && HANDLER_ERROR==p->priv_defaults(srv, p->data)) {
+			return HANDLER_ERROR;
+		}
 	}

 	return HANDLER_GO_ON;
--- a/src/plugin.h
+++ b/src/plugin.h
@ -32,6 +32,7 @@ typedef struct {
 	buffer *name; /* name of the plugin */

 	void *(* init)                       ();
+	handler_t (* priv_defaults)          (server *srv, void *p_d);
 	handler_t (* set_defaults)           (server *srv, void *p_d);
 	handler_t (* cleanup)                (server *srv, void *p_d);
 	                                                                                   /* is called ... */
--- a/src/server.c
+++ b/src/server.c
@ -990,6 +990,11 @@ static int server_main (server * const srv, int argc, char **argv) {
 		return -1;
 	}

+	if (HANDLER_GO_ON != plugins_call_init(srv)) {
+		log_error_write(srv, __FILE__, __LINE__, "s", "Initialization of plugins failed. Going down.");
+		return -1;
+	}
+
 	/* open pid file BEFORE chroot */
 	if (-1 == pid_fd && !buffer_string_is_empty(srv->srvconf.pid_file)) {
 		if (-1 == (pid_fd = fdevent_open_cloexec(srv->srvconf.pid_file->ptr, O_WRONLY | O_CREAT | O_EXCL | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH))) {
@ -1199,11 +1204,6 @@ static int server_main (server * const srv, int argc, char **argv) {
 		srv->max_conns = srv->max_fds/3;
 	}

-	if (HANDLER_GO_ON != plugins_call_init(srv)) {
-		log_error_write(srv, __FILE__, __LINE__, "s", "Initialization of plugins failed. Going down.");
-		return -1;
-	}
-
 #ifdef HAVE_FORK
 	/* network is up, let's daemonize ourself */
 	if (0 == srv->srvconf.dont_daemonize && 0 == graceful_restart) {