Commit b67d8591 authored by Jim Jagielski's avatar Jim Jagielski
Browse files

Right now SSLMutex is bogus. It just uses APR_LOCK_DEFAULT no 

matter what. We now allow for the full range of APR mutex
locking mechanims to be used, while maintaining backwards
compatibility.

PR: 8122
Obtained from:
Submitted by:
Reviewed by:	William Rowe


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98771 13f79535-47bb-0310-9956-ffa450edef68
parent 3a6e3e0e

mod_ssl.c

+26 −3
Original line number Diff line number Diff line
@@ -79,13 +79,36 @@ 


#define AP_END_CMD { NULL }



const char ssl_valid_ssl_mutex_string[] =

    "Valid SSLMutex mechanisms are: `none', `default'"

#if APR_HAS_FLOCK_SERIALIZE

    ", `flock:/path/to/file'"

#endif

#if APR_HAS_FCNTL_SERIALIZE

    ", `fcntl:/path/to/file'"

#endif

#if APR_HAS_SYSVSEM_SERIALIZE && !defined(PERCHILD_MPM)

    ", `sysvsem'"

#endif

#if APR_HAS_POSIXSEM_SERIALIZE

    ", `posixsem'"

#endif

#if APR_HAS_PROC_PTHREAD_SERIALIZE

    ", `pthread'"

#endif

#if APR_HAS_FLOCK_SERIALIZE || APR_HAS_FCNTL_SERIALIZE

    ", `file:/path/to/file'"

#endif

#if (APR_HAS_SYSVSEM_SERIALIZE && !defined(PERCHILD_MPM)) || APR_HAS_POSIXSEM_SERIALIZE

    ", `sem'"

#endif

    " ";



static const command_rec ssl_config_cmds[] = {

    /*

     * Global (main-server) context configuration directives

     */

    SSL_CMD_SRV(Mutex, TAKE1,

                "SSL lock for handling internal mutual exclusions "

                "(`none', `file:/path/to/file')")

    SSL_CMD_SRV(Mutex, TAKE1, ssl_valid_ssl_mutex_string)

    SSL_CMD_SRV(PassPhraseDialog, TAKE1,

                "SSL dialog mechanism for the pass phrase query "

                "(`builtin', `|/path/to/pipe_program`, "

mod_ssl.h

+4 −0
Original line number Diff line number Diff line
@@ -420,6 +420,7 @@ typedef struct { 
    apr_rmm_t      *pSessionCacheDataRMM;

    apr_table_t    *tSessionCacheDataTable;

    ssl_mutexmode_t nMutexMode;

    apr_lockmech_e  nMutexMech;

    const char     *szMutexFile;

    apr_global_mutex_t   *pMutex;

    apr_array_header_t   *aRandSeed;
@@ -529,6 +530,9 @@ typedef struct { 
/*  API glue structures  */

extern module AP_MODULE_DECLARE_DATA ssl_module;



/* "global" stuff */

extern const char ssl_valid_ssl_mutex_string[];



/*  configuration handling   */

SSLModConfigRec *ssl_config_global_create(server_rec *);

void         ssl_config_global_fix(SSLModConfigRec *);

ssl_engine_config.c

+72 −2
Original line number Diff line number Diff line
@@ -99,6 +99,7 @@ SSLModConfigRec *ssl_config_global_create(server_rec *s) 
    mc->pSessionCacheDataRMM   = NULL;

    mc->tSessionCacheDataTable = NULL;

    mc->nMutexMode             = SSL_MUTEXMODE_UNSET;

    mc->nMutexMech             = APR_LOCK_DEFAULT;

    mc->szMutexFile            = NULL;

    mc->pMutex                 = NULL;

    mc->aRandSeed              = apr_array_make(pool, 4,
@@ -383,6 +384,60 @@ const char *ssl_cmd_SSLMutex(cmd_parms *cmd, 
    if (strcEQ(arg, "none") || strcEQ(arg, "no")) {

        mc->nMutexMode  = SSL_MUTEXMODE_NONE;

    }

    /* NOTE: previously, 'yes' implied 'sem' */

    else if (strcEQ(arg, "default") || strcEQ(arg, "yes")) {

        mc->nMutexMode  = SSL_MUTEXMODE_USED;

        mc->nMutexMech = APR_LOCK_DEFAULT;

        mc->szMutexFile = NULL; /* APR determines temporary filename */

    }

#if APR_HAS_FLOCK_SERIALIZE

    else if (strlen(arg) > 6 && strcEQn(arg, "flock:", 6)) {

        const char *file = ap_server_root_relative(cmd->pool, arg+6);

        if (!file) {

            return apr_pstrcat(cmd->pool, "Invalid SSLMutex flock: path ", 

                               arg+6, NULL);

        }

        mc->nMutexMode  = SSL_MUTEXMODE_USED;

        mc->nMutexMech = APR_LOCK_FLOCK;

        mc->szMutexFile = apr_psprintf(mc->pPool, "%s.%lu",

                                       file, (unsigned long)getpid());

    }

#endif

#if APR_HAS_FCNTL_SERIALIZE

    else if (strlen(arg) > 6 && strcEQn(arg, "fcntl:", 6)) {

        const char *file = ap_server_root_relative(cmd->pool, arg+6);

        if (!file) {

            return apr_pstrcat(cmd->pool, "Invalid SSLMutex fcntl: path ", 

                               arg+6, NULL);

        }

        mc->nMutexMode  = SSL_MUTEXMODE_USED;

        mc->nMutexMech = APR_LOCK_FCNTL;

        mc->szMutexFile = apr_psprintf(mc->pPool, "%s.%lu",

                                       file, (unsigned long)getpid());

    }

#endif

#if APR_HAS_SYSVSEM_SERIALIZE && !defined(PERCHILD_MPM)

    else if (strcEQ(arg, "sysvsem")) {

        mc->nMutexMode  = SSL_MUTEXMODE_USED;

        mc->nMutexMech = APR_LOCK_SYSVSEM;

        mc->szMutexFile = NULL; /* APR determines temporary filename */

    }

#endif

#if APR_HAS_POSIXSEM_SERIALIZE

    else if (strcEQ(arg, "posixsem")) {

        mc->nMutexMode  = SSL_MUTEXMODE_USED;

        mc->nMutexMech = APR_LOCK_POSIXSEM;

        mc->szMutexFile = NULL; /* APR determines temporary filename */

    }

#endif

#if APR_HAS_PROC_PTHREAD_SERIALIZE

    else if (strcEQ(arg, "pthread")) {

        mc->nMutexMode  = SSL_MUTEXMODE_USED;

        mc->nMutexMech = APR_LOCK_PROC_PTHREAD;

        mc->szMutexFile = NULL; /* APR determines temporary filename */

    }

#endif

#if APR_HAS_FLOCK_SERIALIZE || APR_HAS_FCNTL_SERIALIZE

    else if (strlen(arg) > 5 && strcEQn(arg, "file:", 5)) {

        const char *file = ap_server_root_relative(cmd->pool, arg+5);

        if (!file) {
@@ -390,17 +445,32 @@ const char *ssl_cmd_SSLMutex(cmd_parms *cmd, 
                               arg+5, NULL);

        }

        mc->nMutexMode  = SSL_MUTEXMODE_USED;

#if APR_HAS_FLOCK_SERIALIZE

        mc->nMutexMech  = APR_LOCK_FLOCK;

#endif

#if APR_HAS_FCNTL_SERIALIZE

        mc->nMutexMech  = APR_LOCK_FCNTL;

#endif

        mc->szMutexFile =

            apr_psprintf(mc->pPool, "%s.%lu",

                         file, (unsigned long)getpid());

    }

    else if (strcEQ(arg, "sem") || strcEQ(arg, "yes")) {

#endif

#if (APR_HAS_SYSVSEM_SERIALIZE && !defined(PERCHILD_MPM)) || APR_HAS_POSIXSEM_SERIALIZE

    else if (strcEQ(arg, "sem")) {

        mc->nMutexMode  = SSL_MUTEXMODE_USED;

#if APR_HAS_SYSVSEM_SERIALIZE && !defined(PERCHILD_MPM)

        mc->nMutexMech  = APR_LOCK_SYSVSEM;

#endif

#if APR_HAS_POSIXSEM_SERIALIZE

        mc->nMutexMech  = APR_LOCK_POSIXSEM;

#endif

        mc->szMutexFile = NULL; /* APR determines temporary filename */

    }

#endif

    else {

        return apr_pstrcat(cmd->pool, "Invalid SSLMutex argument ", 

                           arg, NULL);

                           arg, " (", ssl_valid_ssl_mutex_string, ")", NULL);

    }



    return NULL;

ssl_engine_mutex.c

+18 −5
Original line number Diff line number Diff line
@@ -75,9 +75,13 @@ int ssl_mutex_init(server_rec *s, apr_pool_t *p) 


    if ((rv = apr_global_mutex_create(&mc->pMutex, mc->szMutexFile,

                                APR_LOCK_DEFAULT, p)) != APR_SUCCESS) {

        if (mc->szMutexFile)

            ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,

                     "Cannot create SSLMutex file `%s'",

                         "Cannot create SSLMutex with file `%s'",

                         mc->szMutexFile);

        else

            ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,

                         "Cannot create SSLMutex");

        return FALSE;

    }
@@ -96,13 +100,22 @@ int ssl_mutex_init(server_rec *s, apr_pool_t *p) 
int ssl_mutex_reinit(server_rec *s, apr_pool_t *p)

{

    SSLModConfigRec *mc = myModConfig(s);

    apr_status_t rv;



    if (mc->nMutexMode == SSL_MUTEXMODE_NONE)

        return TRUE;



    if (apr_global_mutex_child_init(&mc->pMutex,

                                    mc->szMutexFile, p) != APR_SUCCESS)

    if ((rv = apr_global_mutex_child_init(&mc->pMutex,

                                    mc->szMutexFile, p)) != APR_SUCCESS) {

        if (mc->szMutexFile)

            ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,

                         "Cannot reinit SSLMutex with file `%s'",

                         mc->szMutexFile);

        else

            ap_log_error(APLOG_MARK, APLOG_WARNING, rv, s,

                         "Cannot reinit SSLMutex");

        return FALSE;

    }

    return TRUE;

}