Commit b149b152 authored by Jeff Trawick's avatar Jeff Trawick
Browse files

Unix: Handle permissions settings for flock-based mutexes in 

unixd_set_global|proc_mutex_perms().  Allow the functions to be
called for any type of mutex.

This resolves a fatal problem with mod_rewrite on systems where
APR uses flock-based mutex.

It simplifies mod_ssl as well, which had special logic to perform
the chown().  It fixed an init error with mod_ssl on systems where
flock is used when the user had no SSLMutex directive.

The Unix MPMs continue to call unixd_set_global|proc_mutex_perms()
only for SysV sems.  There is no permission problem with flock-based
accept mutexes since the child init logic for the MPMs is done
prior to switching identity.

PR:              20312


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100189 13f79535-47bb-0310-9956-ffa450edef68
parent 5e3df0e9

mod_ssl.h

+0 −1
Original line number Diff line number Diff line
@@ -394,7 +394,6 @@ typedef struct { 
    ssl_mutexmode_t nMutexMode;

    apr_lockmech_e  nMutexMech;

    const char     *szMutexFile;

    BOOL           ChownMutexFile;

    apr_global_mutex_t   *pMutex;

    apr_array_header_t   *aRandSeed;

    apr_hash_t     *tVHostKeys;

ssl_engine_config.c

+0 −3
Original line number Diff line number Diff line
@@ -101,7 +101,6 @@ SSLModConfigRec *ssl_config_global_create(server_rec *s) 
    mc->nMutexMode             = SSL_MUTEXMODE_UNSET;

    mc->nMutexMech             = APR_LOCK_DEFAULT;

    mc->szMutexFile            = NULL;

    mc->ChownMutexFile         = FALSE;

    mc->pMutex                 = NULL;

    mc->aRandSeed              = apr_array_make(pool, 4,

                                                sizeof(ssl_randseed_t));
@@ -401,7 +400,6 @@ const char *ssl_cmd_SSLMutex(cmd_parms *cmd, 
     */

    mc->nMutexMode  = SSL_MUTEXMODE_USED;

    mc->szMutexFile = NULL;

    mc->ChownMutexFile = FALSE;



    /* NOTE: previously, 'yes' implied 'sem' */

    if (!strcasecmp(meth, "default") || !strcasecmp(meth, "yes")) {
@@ -415,7 +413,6 @@ const char *ssl_cmd_SSLMutex(cmd_parms *cmd, 
#if APR_HAS_FLOCK_SERIALIZE

    else if ((!strcasecmp(meth, "flock") || !strcasecmp(meth, "file")) && file) {

        mc->nMutexMech = APR_LOCK_FLOCK;

        mc->ChownMutexFile = TRUE;

    }

#endif

#if APR_HAS_POSIXSEM_SERIALIZE

ssl_engine_mutex.c

+8 −18
Original line number Diff line number Diff line
@@ -63,6 +63,7 @@ 
#include "mod_ssl.h"

#if !defined(OS2) && !defined(WIN32) && !defined(BEOS) && !defined(NETWARE)

#include "unixd.h"

#define MOD_SSL_SET_MUTEX_PERMS /* XXX Apache should define something */

#endif



int ssl_mutex_init(server_rec *s, apr_pool_t *p)
@@ -88,18 +89,8 @@ int ssl_mutex_init(server_rec *s, apr_pool_t *p) 
                         "Cannot create SSLMutex");

        return FALSE;

    }

#if !defined(OS2) && !defined(WIN32) && !defined(BEOS) && !defined(NETWARE)

    if (mc->szMutexFile && mc->ChownMutexFile == TRUE)

        chown(mc->szMutexFile, unixd_config.user_id, -1);

#endif



#if APR_HAS_SYSVSEM_SERIALIZE

#if APR_USE_SYSVSEM_SERIALIZE

    if (mc->nMutexMech == APR_LOCK_DEFAULT || 

        mc->nMutexMech == APR_LOCK_SYSVSEM) {

#else

    if (mc->nMutexMech == APR_LOCK_SYSVSEM) {

#endif

#ifdef MOD_SSL_SET_MUTEX_PERMS

    rv = unixd_set_global_mutex_perms(mc->pMutex);

    if (rv != APR_SUCCESS) {

        ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
@@ -107,7 +98,6 @@ int ssl_mutex_init(server_rec *s, apr_pool_t *p) 
                     "and Group directives");

        return FALSE;

    }

    }

#endif

    return TRUE;

}