From: Jim Jagielski <jim@apache.org>
Date: Sat, 29 Mar 2003 02:18:43 +0000 (+0000)
Subject: Because SSL's child init is run *after* we change uid/gid. So we need to ensure that... 
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=99e43e176cf5fba4031e0af3b62b38d08b751bfb;p=thirdparty%2Fapache%2Fhttpd.git

Because SSL's child init is run *after* we change uid/gid. So we need to ensure that file-based
locks have the correct perms so that the child process
can access them


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99104 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/mod_ssl.h b/mod_ssl.h
index 0e87525f5f1..7c5e944bb68 100644
--- a/mod_ssl.h
+++ b/mod_ssl.h
@@ -406,6 +406,7 @@ typedef struct {
     ssl_mutexmode_t nMutexMode;
     apr_lockmech_e  nMutexMech;
     const char     *szMutexFile;
+    BOOL           ChownMutexFile;
     apr_global_mutex_t   *pMutex;
     apr_array_header_t   *aRandSeed;
     apr_hash_t     *tVHostKeys;
diff --git a/ssl_engine_config.c b/ssl_engine_config.c
index 6b4e87eed2c..af2f54aa4b8 100644
--- a/ssl_engine_config.c
+++ b/ssl_engine_config.c
@@ -101,6 +101,7 @@ SSLModConfigRec *ssl_config_global_create(server_rec *s)
     mc->nMutexMode             = SSL_MUTEXMODE_UNSET;
     mc->nMutexMech             = APR_LOCK_DEFAULT;
     mc->szMutexFile            = NULL;
+    mc->ChownMutexFile         = FALSE;
     mc->pMutex                 = NULL;
     mc->aRandSeed              = apr_array_make(pool, 4,
                                                 sizeof(ssl_randseed_t));
@@ -400,6 +401,7 @@ const char *ssl_cmd_SSLMutex(cmd_parms *cmd,
      */
     mc->nMutexMode  = SSL_MUTEXMODE_USED;
     mc->szMutexFile = NULL;
+    mc->ChownMutexFile = FALSE;
 
     /* NOTE: previously, 'yes' implied 'sem' */
     if (!strcasecmp(meth, "default") || !strcasecmp(meth, "yes")) {
@@ -413,6 +415,7 @@ const char *ssl_cmd_SSLMutex(cmd_parms *cmd,
 #if APR_HAS_FLOCK_SERIALIZE
     else if ((!strcasecmp(meth, "flock") || !strcasecmp(meth, "file")) && file) {
         mc->nMutexMech = APR_LOCK_FLOCK;
+        mc->ChownMutexFile = TRUE;
     }
 #endif
 #if APR_HAS_POSIXSEM_SERIALIZE
diff --git a/ssl_engine_mutex.c b/ssl_engine_mutex.c
index e51849eddfc..2e3efca15d8 100644
--- a/ssl_engine_mutex.c
+++ b/ssl_engine_mutex.c
@@ -88,6 +88,8 @@ int ssl_mutex_init(server_rec *s, apr_pool_t *p)
                          "Cannot create SSLMutex");
         return FALSE;
     }
+    if (mc->szMutexFile && mc->ChownMutexFile == TRUE)
+        chown(mc->szMutexFile, unixd_config.user_id, -1);
 
 #if APR_USE_SYSVSEM_SERIALIZE
     rv = unixd_set_global_mutex_perms(mc->pMutex);