You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by tr...@apache.org on 2003/09/16 03:00:07 UTC
cvs commit: httpd-2.0 CHANGES STATUS
trawick 2003/09/15 18:00:07
Modified: modules/mappers Tag: APACHE_2_0_BRANCH mod_rewrite.c
modules/ssl Tag: APACHE_2_0_BRANCH mod_ssl.h
ssl_engine_config.c ssl_engine_mutex.c
os/unix Tag: APACHE_2_0_BRANCH unixd.c unixd.h
. Tag: APACHE_2_0_BRANCH CHANGES STATUS
Log:
merge this fix from 2.1-dev:
*) Unix: Handle permissions settings for flock-based mutexes in
unixd_set_global|proc_mutex_perms(). Allow the functions to be
called for any type of mutex. PR 20312
Reviewed by: Justin, Greg
Revision Changes Path
No revision
No revision
1.135.2.16 +3 -2 httpd-2.0/modules/mappers/mod_rewrite.c
Index: mod_rewrite.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/mappers/mod_rewrite.c,v
retrieving revision 1.135.2.15
retrieving revision 1.135.2.16
diff -u -r1.135.2.15 -r1.135.2.16
--- mod_rewrite.c 31 Jul 2003 23:43:37 -0000 1.135.2.15
+++ mod_rewrite.c 16 Sep 2003 01:00:05 -0000 1.135.2.16
@@ -118,6 +118,7 @@
#if !defined(OS2) && !defined(WIN32) && !defined(BEOS) && !defined(NETWARE)
#include "unixd.h"
+#define MOD_REWRITE_SET_MUTEX_PERMS /* XXX Apache should define something */
#endif
/*
@@ -1017,7 +1018,7 @@
return HTTP_INTERNAL_SERVER_ERROR;
}
-#if APR_USE_SYSVSEM_SERIALIZE
+#ifdef MOD_REWRITE_SET_MUTEX_PERMS
rv = unixd_set_global_mutex_perms(rewrite_log_lock);
if (rv != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
@@ -3599,7 +3600,7 @@
return rc;
}
-#if APR_USE_SYSVSEM_SERIALIZE
+#ifdef MOD_REWRITE_SET_MUTEX_PERMS
rc = unixd_set_global_mutex_perms(rewrite_mapr_lock_acquire);
if (rc != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_CRIT, rc, s,
No revision
No revision
1.122.2.6 +0 -1 httpd-2.0/modules/ssl/mod_ssl.h
Index: mod_ssl.h
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.h,v
retrieving revision 1.122.2.5
retrieving revision 1.122.2.6
diff -u -r1.122.2.5 -r1.122.2.6
--- mod_ssl.h 16 May 2003 18:12:18 -0000 1.122.2.5
+++ mod_ssl.h 16 Sep 2003 01:00:06 -0000 1.122.2.6
@@ -437,7 +437,6 @@
ssl_mutexmode_t nMutexMode;
apr_lockmech_e nMutexMech;
const char *szMutexFile;
- BOOL ChownMutexFile;
apr_global_mutex_t *pMutex;
apr_array_header_t *aRandSeed;
apr_hash_t *tVHostKeys;
1.70.2.4 +0 -3 httpd-2.0/modules/ssl/ssl_engine_config.c
Index: ssl_engine_config.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_config.c,v
retrieving revision 1.70.2.3
retrieving revision 1.70.2.4
diff -u -r1.70.2.3 -r1.70.2.4
--- ssl_engine_config.c 30 Mar 2003 23:17:22 -0000 1.70.2.3
+++ ssl_engine_config.c 16 Sep 2003 01:00:06 -0000 1.70.2.4
@@ -101,7 +101,6 @@
mc->nMutexMode = SSL_MUTEXMODE_UNSET;
mc->nMutexMech = APR_LOCK_DEFAULT;
mc->szMutexFile = NULL;
- mc->ChownMutexFile = FALSE;
mc->pMutex = NULL;
mc->aRandSeed = apr_array_make(pool, 4,
sizeof(ssl_randseed_t));
@@ -402,7 +401,6 @@
mc->nMutexMech = APR_LOCK_FLOCK;
mc->szMutexFile = apr_psprintf(mc->pPool, "%s.%lu",
file, (unsigned long)getpid());
- mc->ChownMutexFile = TRUE;
}
#endif
#if APR_HAS_FCNTL_SERIALIZE
@@ -449,7 +447,6 @@
mc->nMutexMode = SSL_MUTEXMODE_USED;
#if APR_HAS_FLOCK_SERIALIZE
mc->nMutexMech = APR_LOCK_FLOCK;
- mc->ChownMutexFile = TRUE;
#endif
#if APR_HAS_FCNTL_SERIALIZE
mc->nMutexMech = APR_LOCK_FCNTL;
1.17.2.7 +8 -18 httpd-2.0/modules/ssl/ssl_engine_mutex.c
Index: ssl_engine_mutex.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_mutex.c,v
retrieving revision 1.17.2.6
retrieving revision 1.17.2.7
diff -u -r1.17.2.6 -r1.17.2.7
--- ssl_engine_mutex.c 31 Mar 2003 14:37:49 -0000 1.17.2.6
+++ ssl_engine_mutex.c 16 Sep 2003 01:00:06 -0000 1.17.2.7
@@ -63,6 +63,7 @@
#include "mod_ssl.h"
#if !defined(OS2) && !defined(WIN32) && !defined(BEOS) && !defined(NETWARE)
#include "unixd.h"
+#define MOD_SSL_SET_MUTEX_PERMS /* XXX Apache should define something */
#endif
int ssl_mutex_init(server_rec *s, apr_pool_t *p)
@@ -84,25 +85,14 @@
"Cannot create SSLMutex");
return FALSE;
}
-#if !defined(OS2) && !defined(WIN32) && !defined(BEOS) && !defined(NETWARE)
- if (mc->szMutexFile && mc->ChownMutexFile == TRUE)
- chown(mc->szMutexFile, unixd_config.user_id, -1);
-#endif
-#if APR_HAS_SYSVSEM_SERIALIZE
-#if APR_USE_SYSVSEM_SERIALIZE
- if (mc->nMutexMech == APR_LOCK_DEFAULT ||
- mc->nMutexMech == APR_LOCK_SYSVSEM) {
-#else
- if (mc->nMutexMech == APR_LOCK_SYSVSEM) {
-#endif
- rv = unixd_set_global_mutex_perms(mc->pMutex);
- if (rv != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
- "Could not set permissions on ssl_mutex; check User "
- "and Group directives");
- return FALSE;
- }
+#ifdef MOD_SSL_SET_MUTEX_PERMS
+ rv = unixd_set_global_mutex_perms(mc->pMutex);
+ if (rv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "Could not set permissions on ssl_mutex; check User "
+ "and Group directives");
+ return FALSE;
}
#endif
return TRUE;
No revision
No revision
1.55.2.3 +56 -21 httpd-2.0/os/unix/unixd.c
Index: unixd.c
===================================================================
RCS file: /home/cvs/httpd-2.0/os/unix/unixd.c,v
retrieving revision 1.55.2.2
retrieving revision 1.55.2.3
diff -u -r1.55.2.2 -r1.55.2.3
--- unixd.c 15 May 2003 20:28:18 -0000 1.55.2.2
+++ unixd.c 16 Sep 2003 01:00:06 -0000 1.55.2.3
@@ -417,35 +417,70 @@
attr, ugid, p);
}
+/* XXX move to APR and externalize (but implement differently :) ) */
+static apr_lockmech_e proc_mutex_mech(apr_proc_mutex_t *pmutex)
+{
+ const char *mechname = apr_proc_mutex_name(pmutex);
+
+ if (!strcmp(mechname, "sysvsem")) {
+ return APR_LOCK_SYSVSEM;
+ }
+ else if (!strcmp(mechname, "flock")) {
+ return APR_LOCK_FLOCK;
+ }
+ return APR_LOCK_DEFAULT;
+}
+
AP_DECLARE(apr_status_t) unixd_set_proc_mutex_perms(apr_proc_mutex_t *pmutex)
{
-/* MPM shouldn't call us unless we're actually using a SysV sem;
- * this is just to avoid compile issues on systems without that
- * feature
- */
+ if (!geteuid()) {
+ apr_lockmech_e mech = proc_mutex_mech(pmutex);
+
+ switch(mech) {
#if APR_HAS_SYSVSEM_SERIALIZE
- apr_os_proc_mutex_t ospmutex;
+ case APR_LOCK_SYSVSEM:
+ {
+ apr_os_proc_mutex_t ospmutex;
#if !APR_HAVE_UNION_SEMUN
- union semun {
- long val;
- struct semid_ds *buf;
- ushort *array;
- };
+ union semun {
+ long val;
+ struct semid_ds *buf;
+ ushort *array;
+ };
#endif
- union semun ick;
- struct semid_ds buf;
+ union semun ick;
+ struct semid_ds buf;
+
+ apr_os_proc_mutex_get(&ospmutex, pmutex);
+ buf.sem_perm.uid = unixd_config.user_id;
+ buf.sem_perm.gid = unixd_config.group_id;
+ buf.sem_perm.mode = 0600;
+ ick.buf = &buf;
+ if (semctl(ospmutex.crossproc, 0, IPC_SET, ick) < 0) {
+ return errno;
+ }
+ }
+ break;
+#endif
+#if APR_HAS_FLOCK_SERIALIZE
+ case APR_LOCK_FLOCK:
+ {
+ const char *lockfile = apr_proc_mutex_lockfile(pmutex);
- if (!geteuid()) {
- apr_os_proc_mutex_get(&ospmutex, pmutex);
- buf.sem_perm.uid = unixd_config.user_id;
- buf.sem_perm.gid = unixd_config.group_id;
- buf.sem_perm.mode = 0600;
- ick.buf = &buf;
- if (semctl(ospmutex.crossproc, 0, IPC_SET, ick) < 0) {
- return errno;
+ if (lockfile) {
+ if (chown(lockfile, unixd_config.user_id,
+ -1 /* no gid change */) < 0) {
+ return errno;
+ }
+ }
}
- }
+ break;
#endif
+ default:
+ /* do nothing */
+ break;
+ }
+ }
return APR_SUCCESS;
}
1.36.2.2 +10 -0 httpd-2.0/os/unix/unixd.h
Index: unixd.h
===================================================================
RCS file: /home/cvs/httpd-2.0/os/unix/unixd.h,v
retrieving revision 1.36.2.1
retrieving revision 1.36.2.2
diff -u -r1.36.2.1 -r1.36.2.2
--- unixd.h 3 Feb 2003 17:31:59 -0000 1.36.2.1
+++ unixd.h 16 Sep 2003 01:00:06 -0000 1.36.2.2
@@ -120,6 +120,16 @@
AP_DECLARE(void) unixd_set_rlimit(cmd_parms *cmd, struct rlimit **plimit,
const char *arg, const char * arg2, int type);
#endif
+
+/**
+ * One of the functions to set mutex permissions should be called in
+ * the parent process on platforms that switch identity when the
+ * server is started as root.
+ * If the child init logic is performed before switching identity
+ * (e.g., MPM setup for an accept mutex), it should only be called
+ * for SysV semaphores. Otherwise, it is safe to call it for all
+ * mutex types.
+ */
AP_DECLARE(apr_status_t) unixd_set_proc_mutex_perms(apr_proc_mutex_t *pmutex);
AP_DECLARE(apr_status_t) unixd_set_global_mutex_perms(apr_global_mutex_t *gmutex);
AP_DECLARE(apr_status_t) unixd_accept(void **accepted, ap_listen_rec *lr, apr_pool_t *ptrans);
No revision
No revision
1.988.2.152 +4 -0 httpd-2.0/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/httpd-2.0/CHANGES,v
retrieving revision 1.988.2.151
retrieving revision 1.988.2.152
diff -u -r1.988.2.151 -r1.988.2.152
--- CHANGES 15 Sep 2003 15:40:05 -0000 1.988.2.151
+++ CHANGES 16 Sep 2003 01:00:06 -0000 1.988.2.152
@@ -1,5 +1,9 @@
Changes with Apache 2.0.48
+ *) Unix: Handle permissions settings for flock-based mutexes in
+ unixd_set_global|proc_mutex_perms(). Allow the functions to be
+ called for any type of mutex. PR 20312 [Jeff Trawick]
+
*) ab: Work over non-loopback on Unix again. PR 21495. [Jeff Trawick]
*) Fix a misleading message from the some of the threaded MPMs when
1.751.2.469 +1 -20 httpd-2.0/STATUS
Index: STATUS
===================================================================
RCS file: /home/cvs/httpd-2.0/STATUS,v
retrieving revision 1.751.2.468
retrieving revision 1.751.2.469
diff -u -r1.751.2.468 -r1.751.2.469
--- STATUS 15 Sep 2003 23:19:15 -0000 1.751.2.468
+++ STATUS 16 Sep 2003 01:00:07 -0000 1.751.2.469
@@ -198,25 +198,6 @@
shows breakage on Solaris which can't -lcrypto -lssl without
the extra pkgconfig/openssl.pc Libs: * foo }
- * Unix: Handle permissions settings for flock-based mutexes in
- unixd_set_global|proc_mutex_perms(). Allow the functions to
- be called for any type of mutex. PR 20312
- modules/mappers/mod_rewrite.c 1.153
- modules/ssl/mod_ssl.h 1.136
- modules/ssl/ssl_engine_config.c 1.81
- modules/ssl/ssl_engine_mutex.c 1.26
- os/unix/unixd.c 1.58
- os/unix/unixd.h 1.38
- +1: trawick, jerenkrantz, gregames
- 0: jim (it seems to me that the locking mech itself
- should have the required flags to determine whether
- uid/gid and chown is required, rather than placing
- that knowledge in unixd.c (kind of what is done for
- the SSL stuff already with ChownMutexFile). Thus
- unixd would simply check those out and do what is
- required rather than having internal APR knowledge
- it shouldn't).
-
* Backport wildcard ExpiresByType from 2.0.46
+1: ken, stoddard