Unix: Handle permissions settings for flock-based mutexes in

unixd_set_global|proc_mutex_perms().  Allow the functions to be
called for any type of mutex.

This resolves a fatal problem with mod_rewrite on systems where
APR uses flock-based mutex.

It simplifies mod_ssl as well, which had special logic to perform
the chown().  It fixed an init error with mod_ssl on systems where
flock is used when the user had no SSLMutex directive.

The Unix MPMs continue to call unixd_set_global|proc_mutex_perms()
only for SysV sems.  There is no permission problem with flock-based
accept mutexes since the child init logic for the MPMs is done
prior to switching identity.

PR:              20312

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100189 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/mod_ssl.h b/mod_ssl.h
index 971a012dc129a9eea734405dd1b86a6a4338e9b2..dc3b3a8450fac31331b663c9825278914981b38a 100644 (file)
--- a/mod_ssl.h
+++ b/mod_ssl.h
@@ -394,7 +394,6 @@ typedef struct {
     ssl_mutexmode_t nMutexMode;
     apr_lockmech_e  nMutexMech;
     const char     *szMutexFile;
-    BOOL           ChownMutexFile;
     apr_global_mutex_t   *pMutex;
     apr_array_header_t   *aRandSeed;
     apr_hash_t     *tVHostKeys;

diff --git a/ssl_engine_config.c b/ssl_engine_config.c
index b3307293337f386fa5fc6225a817ed6f905cf245..97697bee47f66aebdfe18ce3f3baccd777043e83 100644 (file)
--- a/ssl_engine_config.c
+++ b/ssl_engine_config.c
@@ -101,7 +101,6 @@ SSLModConfigRec *ssl_config_global_create(server_rec *s)
     mc->nMutexMode             = SSL_MUTEXMODE_UNSET;
     mc->nMutexMech             = APR_LOCK_DEFAULT;
     mc->szMutexFile            = NULL;
-    mc->ChownMutexFile         = FALSE;
     mc->pMutex                 = NULL;
     mc->aRandSeed              = apr_array_make(pool, 4,
                                                 sizeof(ssl_randseed_t));
@@ -401,7 +400,6 @@ const char *ssl_cmd_SSLMutex(cmd_parms *cmd,
      */
     mc->nMutexMode  = SSL_MUTEXMODE_USED;
     mc->szMutexFile = NULL;
-    mc->ChownMutexFile = FALSE;
 
     /* NOTE: previously, 'yes' implied 'sem' */
     if (!strcasecmp(meth, "default") || !strcasecmp(meth, "yes")) {
@@ -415,7 +413,6 @@ const char *ssl_cmd_SSLMutex(cmd_parms *cmd,
 #if APR_HAS_FLOCK_SERIALIZE
     else if ((!strcasecmp(meth, "flock") || !strcasecmp(meth, "file")) && file) {
         mc->nMutexMech = APR_LOCK_FLOCK;
-        mc->ChownMutexFile = TRUE;
     }
 #endif
 #if APR_HAS_POSIXSEM_SERIALIZE

diff --git a/ssl_engine_mutex.c b/ssl_engine_mutex.c
index ad029b02d7f10c63a744d04a28b7a8f23b181a91..dbb95bb262d43e165ef27d4b336e9b3935ffca5a 100644 (file)
--- a/ssl_engine_mutex.c
+++ b/ssl_engine_mutex.c
@@ -63,6 +63,7 @@
 #include "mod_ssl.h"
 #if !defined(OS2) && !defined(WIN32) && !defined(BEOS) && !defined(NETWARE)
 #include "unixd.h"
+#define MOD_SSL_SET_MUTEX_PERMS /* XXX Apache should define something */
 #endif
 
 int ssl_mutex_init(server_rec *s, apr_pool_t *p)
@@ -88,25 +89,14 @@ int ssl_mutex_init(server_rec *s, apr_pool_t *p)
                          "Cannot create SSLMutex");
         return FALSE;
     }
-#if !defined(OS2) && !defined(WIN32) && !defined(BEOS) && !defined(NETWARE)
-    if (mc->szMutexFile && mc->ChownMutexFile == TRUE)
-        chown(mc->szMutexFile, unixd_config.user_id, -1);
-#endif
 
-#if APR_HAS_SYSVSEM_SERIALIZE
-#if APR_USE_SYSVSEM_SERIALIZE
-    if (mc->nMutexMech == APR_LOCK_DEFAULT || 
-        mc->nMutexMech == APR_LOCK_SYSVSEM) {
-#else
-    if (mc->nMutexMech == APR_LOCK_SYSVSEM) {
-#endif
-        rv = unixd_set_global_mutex_perms(mc->pMutex);
-        if (rv != APR_SUCCESS) {
-            ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
-                         "Could not set permissions on ssl_mutex; check User "
-                         "and Group directives");
-            return FALSE;
-        }
+#ifdef MOD_SSL_SET_MUTEX_PERMS
+    rv = unixd_set_global_mutex_perms(mc->pMutex);
+    if (rv != APR_SUCCESS) {
+        ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+                     "Could not set permissions on ssl_mutex; check User "
+                     "and Group directives");
+        return FALSE;
     }
 #endif
     return TRUE;