From: Jeff Trawick Date: Sat, 7 Jun 2003 19:50:01 +0000 (+0000) Subject: Unix: Handle permissions settings for flock-based mutexes in X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4f1d91103317586cfd1ec8a5dd25156745b30ba0;p=thirdparty%2Fapache%2Fhttpd.git Unix: Handle permissions settings for flock-based mutexes in unixd_set_global|proc_mutex_perms(). Allow the functions to be called for any type of mutex. This resolves a fatal problem with mod_rewrite on systems where APR uses flock-based mutex. It simplifies mod_ssl as well, which had special logic to perform the chown(). It fixed an init error with mod_ssl on systems where flock is used when the user had no SSLMutex directive. The Unix MPMs continue to call unixd_set_global|proc_mutex_perms() only for SysV sems. There is no permission problem with flock-based accept mutexes since the child init logic for the MPMs is done prior to switching identity. PR: 20312 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100189 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/mod_ssl.h b/mod_ssl.h index 971a012dc12..dc3b3a8450f 100644 --- a/mod_ssl.h +++ b/mod_ssl.h @@ -394,7 +394,6 @@ typedef struct { ssl_mutexmode_t nMutexMode; apr_lockmech_e nMutexMech; const char *szMutexFile; - BOOL ChownMutexFile; apr_global_mutex_t *pMutex; apr_array_header_t *aRandSeed; apr_hash_t *tVHostKeys; diff --git a/ssl_engine_config.c b/ssl_engine_config.c index b3307293337..97697bee47f 100644 --- a/ssl_engine_config.c +++ b/ssl_engine_config.c @@ -101,7 +101,6 @@ SSLModConfigRec *ssl_config_global_create(server_rec *s) mc->nMutexMode = SSL_MUTEXMODE_UNSET; mc->nMutexMech = APR_LOCK_DEFAULT; mc->szMutexFile = NULL; - mc->ChownMutexFile = FALSE; mc->pMutex = NULL; mc->aRandSeed = apr_array_make(pool, 4, sizeof(ssl_randseed_t)); @@ -401,7 +400,6 @@ const char *ssl_cmd_SSLMutex(cmd_parms *cmd, */ mc->nMutexMode = SSL_MUTEXMODE_USED; mc->szMutexFile = NULL; - mc->ChownMutexFile = FALSE; /* NOTE: previously, 'yes' implied 'sem' */ if (!strcasecmp(meth, "default") || !strcasecmp(meth, "yes")) { @@ -415,7 +413,6 @@ const char *ssl_cmd_SSLMutex(cmd_parms *cmd, #if APR_HAS_FLOCK_SERIALIZE else if ((!strcasecmp(meth, "flock") || !strcasecmp(meth, "file")) && file) { mc->nMutexMech = APR_LOCK_FLOCK; - mc->ChownMutexFile = TRUE; } #endif #if APR_HAS_POSIXSEM_SERIALIZE diff --git a/ssl_engine_mutex.c b/ssl_engine_mutex.c index ad029b02d7f..dbb95bb262d 100644 --- a/ssl_engine_mutex.c +++ b/ssl_engine_mutex.c @@ -63,6 +63,7 @@ #include "mod_ssl.h" #if !defined(OS2) && !defined(WIN32) && !defined(BEOS) && !defined(NETWARE) #include "unixd.h" +#define MOD_SSL_SET_MUTEX_PERMS /* XXX Apache should define something */ #endif int ssl_mutex_init(server_rec *s, apr_pool_t *p) @@ -88,25 +89,14 @@ int ssl_mutex_init(server_rec *s, apr_pool_t *p) "Cannot create SSLMutex"); return FALSE; } -#if !defined(OS2) && !defined(WIN32) && !defined(BEOS) && !defined(NETWARE) - if (mc->szMutexFile && mc->ChownMutexFile == TRUE) - chown(mc->szMutexFile, unixd_config.user_id, -1); -#endif -#if APR_HAS_SYSVSEM_SERIALIZE -#if APR_USE_SYSVSEM_SERIALIZE - if (mc->nMutexMech == APR_LOCK_DEFAULT || - mc->nMutexMech == APR_LOCK_SYSVSEM) { -#else - if (mc->nMutexMech == APR_LOCK_SYSVSEM) { -#endif - rv = unixd_set_global_mutex_perms(mc->pMutex); - if (rv != APR_SUCCESS) { - ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, - "Could not set permissions on ssl_mutex; check User " - "and Group directives"); - return FALSE; - } +#ifdef MOD_SSL_SET_MUTEX_PERMS + rv = unixd_set_global_mutex_perms(mc->pMutex); + if (rv != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, + "Could not set permissions on ssl_mutex; check User " + "and Group directives"); + return FALSE; } #endif return TRUE;