Merge bec33810e95ac9ae4d05c74a7fd8cedb61224ca2 into 18cae5003a7160792a2e96000a9d6bd07cdf7ee2

2025-08-13 13:26:01 +03:00 · 2025-08-06 09:20:17 +02:00 · 2025-08-06 09:20:17 +02:00 · 022b0ad42f
commit 022b0ad42f
parent 18cae5003a bec33810e9
4 changed files with 56 additions and 58 deletions
--- a/apache2/apache2_config.c
+++ b/apache2/apache2_config.c
@ -1242,35 +1242,6 @@ static const char *cmd_audit_log(cmd_parms *cmd, void *_dcfg, const char *p1)
    directory_config *dcfg = _dcfg;

    dcfg->auditlog_name = (char *)p1;
-
-    if (dcfg->auditlog_name[0] == '|') {
-        const char *pipe_name = dcfg->auditlog_name + 1;
-        piped_log *pipe_log;
-
-        pipe_log = ap_open_piped_log(cmd->pool, pipe_name);
-        if (pipe_log == NULL) {
-            return apr_psprintf(cmd->pool, "ModSecurity: Failed to open the audit log pipe: %s",
-                    pipe_name);
-        }
-        dcfg->auditlog_fd = ap_piped_log_write_fd(pipe_log);
-    }
-    else {
-        const char *file_name = ap_server_root_relative(cmd->pool, dcfg->auditlog_name);
-        apr_status_t rc;
-        
-        if (dcfg->auditlog_fileperms == NOT_SET) {
-            dcfg->auditlog_fileperms = CREATEMODE;
-        }
-        rc = apr_file_open(&dcfg->auditlog_fd, file_name,
-                APR_WRITE | APR_APPEND | APR_CREATE | APR_BINARY,
-                dcfg->auditlog_fileperms, cmd->pool);
-
-        if (rc != APR_SUCCESS) {
-            return apr_psprintf(cmd->pool, "ModSecurity: Failed to open the audit log file: %s",
-                    file_name);
-        }
-    }
-
    return NULL;
 }

@ -1286,35 +1257,6 @@ static const char *cmd_audit_log2(cmd_parms *cmd, void *_dcfg, const char *p1)
    }

    dcfg->auditlog2_name = (char *)p1;
-
-    if (dcfg->auditlog2_name[0] == '|') {
-        const char *pipe_name = ap_server_root_relative(cmd->pool, dcfg->auditlog2_name + 1);
-        piped_log *pipe_log;
-
-        pipe_log = ap_open_piped_log(cmd->pool, pipe_name);
-        if (pipe_log == NULL) {
-            return apr_psprintf(cmd->pool, "ModSecurity: Failed to open the secondary audit log pipe: %s",
-                    pipe_name);
-        }
-        dcfg->auditlog2_fd = ap_piped_log_write_fd(pipe_log);
-    }
-    else {
-        const char *file_name = ap_server_root_relative(cmd->pool, dcfg->auditlog2_name);
-        apr_status_t rc;
-
-        if (dcfg->auditlog_fileperms == NOT_SET) {
-            dcfg->auditlog_fileperms = CREATEMODE;
-        }
-        rc = apr_file_open(&dcfg->auditlog2_fd, file_name,
-                APR_WRITE | APR_APPEND | APR_CREATE | APR_BINARY,
-                dcfg->auditlog_fileperms, cmd->pool);
-
-        if (rc != APR_SUCCESS) {
-            return apr_psprintf(cmd->pool, "ModSecurity: Failed to open the secondary audit log file: %s",
-                    file_name);
-        }
-    }
-
    return NULL;
 }

--- a/apache2/mod_security2.c
+++ b/apache2/mod_security2.c
@ -1694,6 +1694,7 @@ static void register_hooks(apr_pool_t *mp) {

    /* Logging */
    ap_hook_error_log(hook_error_log, NULL, NULL, APR_HOOK_MIDDLE);
+    ap_hook_open_logs(modsec_open_logs, NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_log_transaction(hook_log_transaction, NULL, transaction_afterme_list, APR_HOOK_MIDDLE);

    /* Filter hooks */
--- a/apache2/msc_logging.c
+++ b/apache2/msc_logging.c
@ -2314,3 +2314,55 @@ void sec_audit_logger(modsec_rec *msr) {
    }
    #endif
 }
+
+static int open_audit_log(char *auditlog_name, unsigned char primary, apr_file_t **auditlog_fd,
+                          apr_fileperms_t *auditlog_fileperms, apr_pool_t *p) {
+    if (auditlog_name == NOT_SET_P) {
+        return OK;
+    }
+    if (auditlog_name[0] == '|') {
+        const char *pipe_name = auditlog_name + 1;
+        piped_log *pipe_log;
+
+        pipe_log = ap_open_piped_log(p, pipe_name);
+        if (pipe_log == NULL) {
+            ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
+                         "ModSecurity: Failed to open the %saudit log pipe: %s",
+                         primary ? "" : "secondary ", pipe_name);
+            return primary ? DONE : OK;
+        }
+        *auditlog_fd = ap_piped_log_write_fd(pipe_log);
+    }
+    else {
+        const char *file_name = ap_server_root_relative(p, auditlog_name);
+        apr_status_t rc;
+
+        if (*auditlog_fileperms == NOT_SET) {
+            *auditlog_fileperms = CREATEMODE;
+        }
+        rc = apr_file_open(auditlog_fd, file_name,
+                APR_WRITE | APR_APPEND | APR_CREATE | APR_BINARY,
+                *auditlog_fileperms, p);
+
+        if (rc != APR_SUCCESS) {
+            ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
+                         "ModSecurity: Failed to open the %saudit log file: %s",
+                         primary ? "" : "secondary ", file_name);
+            return primary ? DONE : OK;
+        }
+    }
+
+    return OK;
+}
+
+int modsec_open_logs(apr_pool_t *pconf, apr_pool_t *p, apr_pool_t *ptemp, server_rec *s_main) {
+    directory_config *dcfg = ap_get_module_config(s_main->lookup_defaults, &security2_module);
+
+    int primary_log_rc = open_audit_log(dcfg->auditlog_name, 1,
+                                        &dcfg->auditlog_fd, &dcfg->auditlog_fileperms, p);
+    if (primary_log_rc != OK) {
+        return primary_log_rc;
+    }
+    return open_audit_log(dcfg->auditlog2_name, 0,
+                          &dcfg->auditlog2_fd, &dcfg->auditlog_fileperms, p);
+}
--- a/apache2/msc_logging.h
+++ b/apache2/msc_logging.h
@ -43,6 +43,7 @@
 #define AUDITLOG_PART_ENDMARKER             'Z'

 #include "modsecurity.h"
+#include "httpd.h"
 #include "apr_pools.h"

 int DSOLOCAL is_valid_parts_specification(char *p);
@ -51,4 +52,6 @@ char DSOLOCAL *construct_log_vcombinedus_limited(modsec_rec *msr, int _limit, in

 void DSOLOCAL sec_audit_logger(modsec_rec *msr);

+int modsec_open_logs(apr_pool_t *pconf, apr_pool_t *p, apr_pool_t *ptemp, server_rec *s_main);
+
 #endif