On Thu, Jul 19, 2012 at 11:38 AM, Steinar H. Gunderson <sgunder...@bigfoot.com> wrote: > On Thu, Jul 19, 2012 at 11:27:04AM -0400, Jeff Trawick wrote: >> What changes are needed to httpd trunk so that you can build mpm-itk >> with apxs and enable it via LoadModule, such that mpm-itk is fully >> functional? As I'm sure you're aware, prefork, worker, and event are >> all untied from core enough to support that in httpd >= 2.4. > > We'd need: > > 1. A hook right after merging the perdir config. > 2. Fixes to get Apache to drop the connection if it detects > (during .htaccess lookup) that it would need to change the uid. > > Both patches are simple, although for #2 to be truly generic (ie. be usable > by mod_privileges as well) we'd need some sort of signalling mechanism saying > “we have switched uids and cannot switch back”, which then both > mod_privileges (in secure mode) and mpm-itk could set. > > I've attached the current versions of both patches from my current Apache 2.4 > patch set; you can see the “ap_running_under_mpm_itk” variable which would > probably need to be replaced by ap_mpm_query() or similar.
I suspect that an ap_hook_stat() to be called from directory walk would allow itk to keep its odd processing private, and might be useful to other modules as well. For ap_parse_htaccess(), I suspect that some mechanism for plugging into the whole htaccess-is-a-file mess could enable interesting features beyond mpm-itk, but perhaps the minimum is the appropriate solution: Use a hook in place of a direct call to ap_pcfg_openfile(). The post-perdir-config hook looks reasonable to me. -- While the usefulness of a new hook or that by other existing modules (mod_privileges perhaps) to solve a current problem is interesting, it should be sufficient to determine that a new hook can be put to good use by some theoretical module. > > /* Steinar */ > -- > Homepage: http://www.sesse.net/ > -- Born in Roswell... married an alien... http://emptyhammock.com/