Because SSL's child init is run *after* we change uid/gid. So we need to ensure that...

locks have the correct perms so that the child process
can access them

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99104 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/mod_ssl.h b/mod_ssl.h
index 0e87525f5f19a445e81303f894f3ffdf24ed136d..7c5e944bb68ae70f23988959bf355bef11dae8ac 100644 (file)
--- a/mod_ssl.h
+++ b/mod_ssl.h
@@ -406,6 +406,7 @@ typedef struct {
     ssl_mutexmode_t nMutexMode;
     apr_lockmech_e  nMutexMech;
     const char     *szMutexFile;
+    BOOL           ChownMutexFile;
     apr_global_mutex_t   *pMutex;
     apr_array_header_t   *aRandSeed;
     apr_hash_t     *tVHostKeys;

diff --git a/ssl_engine_config.c b/ssl_engine_config.c
index 6b4e87eed2c03325a58d52ecf5a79cd6273343d5..af2f54aa4b83a9655ec3addb5715200d06ece3c2 100644 (file)
--- a/ssl_engine_config.c
+++ b/ssl_engine_config.c
@@ -101,6 +101,7 @@ SSLModConfigRec *ssl_config_global_create(server_rec *s)
     mc->nMutexMode             = SSL_MUTEXMODE_UNSET;
     mc->nMutexMech             = APR_LOCK_DEFAULT;
     mc->szMutexFile            = NULL;
+    mc->ChownMutexFile         = FALSE;
     mc->pMutex                 = NULL;
     mc->aRandSeed              = apr_array_make(pool, 4,
                                                 sizeof(ssl_randseed_t));
@@ -400,6 +401,7 @@ const char *ssl_cmd_SSLMutex(cmd_parms *cmd,
      */
     mc->nMutexMode  = SSL_MUTEXMODE_USED;
     mc->szMutexFile = NULL;
+    mc->ChownMutexFile = FALSE;
 
     /* NOTE: previously, 'yes' implied 'sem' */
     if (!strcasecmp(meth, "default") || !strcasecmp(meth, "yes")) {
@@ -413,6 +415,7 @@ const char *ssl_cmd_SSLMutex(cmd_parms *cmd,
 #if APR_HAS_FLOCK_SERIALIZE
     else if ((!strcasecmp(meth, "flock") || !strcasecmp(meth, "file")) && file) {
         mc->nMutexMech = APR_LOCK_FLOCK;
+        mc->ChownMutexFile = TRUE;
     }
 #endif
 #if APR_HAS_POSIXSEM_SERIALIZE

diff --git a/ssl_engine_mutex.c b/ssl_engine_mutex.c
index e51849eddfc19440273fb5e17fd1f8ad76ea02c3..2e3efca15d837d2f0ad823a517a8f7e84b34912d 100644 (file)
--- a/ssl_engine_mutex.c
+++ b/ssl_engine_mutex.c
@@ -88,6 +88,8 @@ int ssl_mutex_init(server_rec *s, apr_pool_t *p)
                          "Cannot create SSLMutex");
         return FALSE;
     }
+    if (mc->szMutexFile && mc->ChownMutexFile == TRUE)
+        chown(mc->szMutexFile, unixd_config.user_id, -1);
 
 #if APR_USE_SYSVSEM_SERIALIZE
     rv = unixd_set_global_mutex_perms(mc->pMutex);