From dev-return-21362-apmail-apr-dev-archive=apr.apache.org@apr.apache.org Sat Jan 31 17:48:51 2009 Return-Path: Delivered-To: apmail-apr-dev-archive@www.apache.org Received: (qmail 45132 invoked from network); 31 Jan 2009 17:48:51 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 31 Jan 2009 17:48:51 -0000 Received: (qmail 22475 invoked by uid 500); 31 Jan 2009 17:48:50 -0000 Delivered-To: apmail-apr-dev-archive@apr.apache.org Received: (qmail 22420 invoked by uid 500); 31 Jan 2009 17:48:50 -0000 Mailing-List: contact dev-help@apr.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Id: Delivered-To: mailing list dev@apr.apache.org Received: (qmail 22411 invoked by uid 99); 31 Jan 2009 17:48:50 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 31 Jan 2009 09:48:50 -0800 X-ASF-Spam-Status: No, hits=0.2 required=10.0 tests=RCVD_IN_DNSWL_LOW,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [213.191.128.81] (HELO mxout2.iskon.hr) (213.191.128.81) by apache.org (qpsmtpd/0.29) with SMTP; Sat, 31 Jan 2009 17:48:41 +0000 Received: (qmail 27120 invoked from network); 31 Jan 2009 18:48:18 +0100 X-Remote-IP: 213.191.142.123 Received: from unknown (HELO mx.iskon.hr) (213.191.142.123) by mxout2.iskon.hr with SMTP; 31 Jan 2009 18:48:18 +0100 Received: (qmail 14319 invoked from network); 31 Jan 2009 18:48:17 +0100 X-AVScan: ClamAV X-Remote-IP: 89.164.18.30 Received: from 18-30.dsl.iskon.hr (HELO mturk.csb) (89.164.18.30) by mx.iskon.hr with SMTP; 31 Jan 2009 18:48:17 +0100 Message-ID: <49848EDA.4010406@apache.org> Date: Sat, 31 Jan 2009 18:48:10 +0100 From: Mladen Turk User-Agent: Thunderbird 2.0.0.17 (X11/20080915) MIME-Version: 1.0 To: APR Developer List Subject: Re: APR-izing httpd's unixd_set_proc_mutex_perms References: <488177E4.1090802@apache.org> <49848387.6040705@apache.org> In-Reply-To: <49848387.6040705@apache.org> Content-Type: multipart/mixed; boundary="------------040501070402070201020408" X-Virus-Checked: Checked by ClamAV on apache.org This is a multi-part message in MIME format. --------------040501070402070201020408 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Wrong patch tree ;) Here is the modified one with some of the Joe's proposals > Long time since initial proposal, but here it is. > Since there was no objections I'll commit this into trunk. > > >> Hi, >> >> Think this is valuable function that is usable >> beyond the httpd. It sets the uid/gid permissions >> to the proc_mutex usually before doing fork. >> I'll have the win32 implementation as well and >> I plan to do the same thing for shared memory. >> Regards -- ^(TM) --------------040501070402070201020408 Content-Type: text/x-patch; name="set_perms.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="set_perms.patch" Index: locks/win32/proc_mutex.c =================================================================== --- locks/win32/proc_mutex.c (revision 739545) +++ locks/win32/proc_mutex.c (working copy) @@ -199,6 +199,14 @@ return "win32mutex"; } +APR_DECLARE(apr_status_t) apr_proc_mutex_perms_set(apr_proc_mutex_t *mutex, + apr_fileperms_t perms, + apr_uid_t uid, + apr_gid_t gid) +{ + return APR_ENOTIMPL; +} + APR_POOL_IMPLEMENT_ACCESSOR(proc_mutex) /* Implement OS-specific accessors defined in apr_portable.h */ Index: locks/os2/proc_mutex.c =================================================================== --- locks/os2/proc_mutex.c (revision 739545) +++ locks/os2/proc_mutex.c (working copy) @@ -199,8 +199,14 @@ return APR_FROM_OS_ERROR(rc); } +APR_DECLARE(apr_status_t) apr_proc_mutex_perms_set(apr_proc_mutex_t *mutex, + apr_fileperms_t perms, + apr_uid_t uid, + apr_gid_t gid) +{ + return APR_ENOTIMPL; +} - APR_POOL_IMPLEMENT_ACCESSOR(proc_mutex) Index: locks/unix/global_mutex.c =================================================================== --- locks/unix/global_mutex.c (revision 739545) +++ locks/unix/global_mutex.c (working copy) @@ -175,4 +175,15 @@ return apr_pool_cleanup_run(mutex->pool, mutex, global_mutex_cleanup); } +APR_DECLARE(apr_status_t) apr_global_mutex_perms_set(apr_global_mutex_t *mutex, + apr_fileperms_t perms, + apr_uid_t uid, + apr_gid_t gid) +{ + apr_status_t rv; + + rv = apr_proc_mutex_set_perms(mutex->proc_mutex, perms, uid, gid); + return rv; +} + APR_POOL_IMPLEMENT_ACCESSOR(global_mutex) Index: locks/unix/proc_mutex.c =================================================================== --- locks/unix/proc_mutex.c (revision 739545) +++ locks/unix/proc_mutex.c (working copy) @@ -34,6 +34,17 @@ } #endif +#if APR_HAS_POSIXSEM_SERIALIZE || APR_HAS_PROC_PTHREAD_SERIALIZE +static apr_status_t proc_mutex_no_perms_set(apr_proc_mutex_t *mutex, + apr_fileperms_t perms, + apr_uid_t uid, + apr_gid_t gid) +{ + return APR_ENOTIMPL; +} +#endif + + #if APR_HAS_POSIXSEM_SERIALIZE #ifndef SEM_FAILED @@ -155,6 +166,7 @@ proc_mutex_posix_release, proc_mutex_posix_cleanup, proc_mutex_no_child_init, + proc_mutex_no_perms_set, "posixsem" }; @@ -263,6 +275,24 @@ return APR_SUCCESS; } +static apr_status_t proc_mutex_sysv_perms_set(apr_proc_mutex_t *mutex, + apr_fileperms_t perms, + apr_uid_t uid, + apr_gid_t gid) +{ + + union semun ick; + struct semid_ds buf; + buf.sem_perm.uid = uid; + buf.sem_perm.gid = gid; + buf.sem_perm.mode = apr_unix_perms2mode(perms); + ick.buf = &buf; + if (semctl(mutex->interproc->filedes, 0, IPC_SET, ick) < 0) { + return errno; + } + return APR_SUCCESS; +} + static const apr_proc_mutex_unix_lock_methods_t mutex_sysv_methods = { #if APR_PROCESS_LOCK_IS_GLOBAL || !APR_HAS_THREADS || defined(SYSVSEM_IS_GLOBAL) @@ -276,6 +306,7 @@ proc_mutex_sysv_release, proc_mutex_sysv_cleanup, proc_mutex_no_child_init, + proc_mutex_sysv_perms_set, "sysvsem" }; @@ -471,6 +502,7 @@ proc_mutex_proc_pthread_release, proc_mutex_proc_pthread_cleanup, proc_mutex_no_child_init, + proc_mutex_no_perms_set, "pthread" }; @@ -592,6 +624,21 @@ return APR_SUCCESS; } +static apr_status_t proc_mutex_fcntl_perms_set(apr_proc_mutex_t *mutex, + apr_fileperms_t perms, + apr_uid_t uid, + apr_gid_t gid) +{ + + if (mutex->fname) { + if (fchown(mutex->interproc->filedes, uid, + -1 /* no gid change */ ) < 0) { + return errno; + } + } + return APR_SUCCESS; +} + static const apr_proc_mutex_unix_lock_methods_t mutex_fcntl_methods = { #if APR_PROCESS_LOCK_IS_GLOBAL || !APR_HAS_THREADS || defined(FCNTL_IS_GLOBAL) @@ -605,6 +652,7 @@ proc_mutex_fcntl_release, proc_mutex_fcntl_cleanup, proc_mutex_no_child_init, + proc_mutex_fcntl_perms_set, "fcntl" }; @@ -730,6 +778,21 @@ return APR_SUCCESS; } +static apr_status_t proc_mutex_flock_perms_set(apr_proc_mutex_t *mutex, + apr_fileperms_t perms, + apr_uid_t uid, + apr_gid_t gid) +{ + + if (mutex->fname) { + if (fchown(mutex->interproc->filedes, uid, + -1 /* no gid change */ ) < 0) { + return errno; + } + } + return APR_SUCCESS; +} + static const apr_proc_mutex_unix_lock_methods_t mutex_flock_methods = { #if APR_PROCESS_LOCK_IS_GLOBAL || !APR_HAS_THREADS || defined(FLOCK_IS_GLOBAL) @@ -743,6 +806,7 @@ proc_mutex_flock_release, proc_mutex_flock_cleanup, proc_mutex_flock_child_init, + proc_mutex_flock_perms_set, "flock" }; @@ -915,6 +979,14 @@ return NULL; } +APR_DECLARE(apr_status_t) apr_proc_mutex_perms_set(apr_proc_mutex_t *mutex, + apr_fileperms_t perms, + apr_uid_t uid, + apr_gid_t gid) +{ + return mutex->meth->perms_set(mutex, perms, uid, gid); +} + APR_POOL_IMPLEMENT_ACCESSOR(proc_mutex) /* Implement OS-specific accessors defined in apr_portable.h */ Index: locks/netware/proc_mutex.c =================================================================== --- locks/netware/proc_mutex.c (revision 739545) +++ locks/netware/proc_mutex.c (working copy) @@ -97,6 +97,14 @@ return "netwarethread"; } +APR_DECLARE(apr_status_t) apr_proc_mutex_perms_set(apr_proc_mutex_t *mutex, + apr_fileperms_t perms, + apr_uid_t uid, + apr_gid_t gid) +{ + return APR_ENOTIMPL; +} + APR_POOL_IMPLEMENT_ACCESSOR(proc_mutex) /* Implement OS-specific accessors defined in apr_portable.h */ Index: locks/beos/proc_mutex.c =================================================================== --- locks/beos/proc_mutex.c (revision 739545) +++ locks/beos/proc_mutex.c (working copy) @@ -140,6 +140,14 @@ return "beossem"; } +APR_DECLARE(apr_status_t) apr_proc_mutex_perms_set(apr_proc_mutex_t *mutex, + apr_fileperms_t perms, + apr_uid_t uid, + apr_gid_t gid) +{ + return APR_ENOTIMPL; +} + APR_POOL_IMPLEMENT_ACCESSOR(proc_mutex) /* Implement OS-specific accessors defined in apr_portable.h */ Index: include/apr_global_mutex.h =================================================================== --- include/apr_global_mutex.h (revision 739545) +++ include/apr_global_mutex.h (working copy) @@ -121,6 +121,18 @@ APR_DECLARE(apr_status_t) apr_global_mutex_destroy(apr_global_mutex_t *mutex); /** + * Set mutex permissions. + * @param mutex the mutex to set. + * @param perms Access permissions for the mutex. Mimics Unix access rights. + * @param uid Effective UID of owner to set. + * @param gid Effective GID of owner to set. + */ +APR_DECLARE(apr_status_t) apr_global_mutex_perms_set(apr_global_mutex_t *mutex, + apr_fileperms_t perms, + apr_uid_t uid, + apr_gid_t gid); + +/** * Get the pool used by this global_mutex. * @return apr_pool_t the pool */ Index: include/apr_proc_mutex.h =================================================================== --- include/apr_proc_mutex.h (revision 739545) +++ include/apr_proc_mutex.h (working copy) @@ -25,6 +25,8 @@ #include "apr.h" #include "apr_pools.h" #include "apr_errno.h" +#include "apr_user.h" +#include "apr_file_info.h" #ifdef __cplusplus extern "C" { @@ -152,6 +154,18 @@ APR_DECLARE(const char *) apr_proc_mutex_defname(void); /** + * Set mutex permissions. + * @param mutex the mutex to set. + * @param perms Access permissions for the mutex. Mimics Unix access rights. + * @param uid Effective UID of owner to set. + * @param gid Effective GID of owner to set. + */ +APR_DECLARE(apr_status_t) apr_proc_mutex_perms_set(apr_proc_mutex_t *mutex, + apr_fileperms_t perms, + apr_uid_t uid, + apr_gid_t gid); + +/** * Get the pool used by this proc_mutex. * @return apr_pool_t the pool */ Index: include/arch/unix/apr_arch_proc_mutex.h =================================================================== --- include/arch/unix/apr_arch_proc_mutex.h (revision 739545) +++ include/arch/unix/apr_arch_proc_mutex.h (working copy) @@ -75,6 +75,7 @@ apr_status_t (*release)(apr_proc_mutex_t *); apr_status_t (*cleanup)(void *); apr_status_t (*child_init)(apr_proc_mutex_t **, apr_pool_t *, const char *); + apr_status_t (*perms_set)(apr_proc_mutex_t *, apr_fileperms_t, apr_uid_t, apr_gid_t); const char *name; }; typedef struct apr_proc_mutex_unix_lock_methods_t apr_proc_mutex_unix_lock_methods_t; Index: include/arch/unix/apr_arch_shm.h =================================================================== --- include/arch/unix/apr_arch_shm.h (revision 739545) +++ include/arch/unix/apr_arch_shm.h (working copy) @@ -67,6 +67,7 @@ const char *filename; /* NULL if anonymous */ #if APR_USE_SHMEM_SHMGET || APR_USE_SHMEM_SHMGET_ANON int shmid; /* shmem ID returned from shmget() */ + key_t shmkey; /* shmem key IPC_ANON or returned from ftok() */ #endif }; Index: include/apr_shm.h =================================================================== --- include/apr_shm.h (revision 739545) +++ include/apr_shm.h (working copy) @@ -25,6 +25,8 @@ #include "apr.h" #include "apr_pools.h" #include "apr_errno.h" +#include "apr_user.h" +#include "apr_file_info.h" #ifdef __cplusplus extern "C" { @@ -133,6 +135,18 @@ APR_DECLARE(apr_size_t) apr_shm_size_get(const apr_shm_t *m); /** + * Set shared memory permissions. + * @param m the shared memory structure to set. + * @param perms Access permissions for the mutex. Mimics Unix access rights. + * @param uid Effective UID of owner to set. + * @param gid Effective GID of owner to set. + */ +APR_DECLARE(apr_status_t) apr_shm_perms_set(apr_shm_t *m, + apr_fileperms_t perms, + apr_uid_t uid, + apr_gid_t gid); + +/** * Get the pool used by this shared memory segment. */ APR_POOL_DECLARE_ACCESSOR(shm); Index: shmem/win32/shm.c =================================================================== --- shmem/win32/shm.c (revision 739545) +++ shmem/win32/shm.c (working copy) @@ -281,6 +281,14 @@ return m->length; } +APR_DECLARE(apr_status_t) apr_shm_perms_set(apr_shm_t *m, + apr_fileperms_t perms, + apr_uid_t *uid, + apr_gid_t *gid) +{ + return APR_ENOTIMPL; +} + APR_POOL_IMPLEMENT_ACCESSOR(shm) APR_DECLARE(apr_status_t) apr_os_shm_get(apr_os_shm_t *osshm, Index: shmem/os2/shm.c =================================================================== --- shmem/os2/shm.c (revision 739545) +++ shmem/os2/shm.c (working copy) @@ -113,6 +113,14 @@ return size; } +APR_DECLARE(apr_status_t) apr_shm_perms_set(apr_shm_t *m, + apr_fileperms_t perms, + apr_uid_t *uid, + apr_gid_t *gid) +{ + return APR_ENOTIMPL; +} + APR_POOL_IMPLEMENT_ACCESSOR(shm) APR_DECLARE(apr_status_t) apr_os_shm_get(apr_os_shm_t *osshm, Index: shmem/unix/shm.c =================================================================== --- shmem/unix/shm.c (revision 739545) +++ shmem/unix/shm.c (working copy) @@ -105,7 +105,6 @@ #endif #if APR_USE_SHMEM_SHMGET apr_size_t nbytes; - key_t shmkey; #endif #if APR_USE_SHMEM_MMAP_ZERO || APR_USE_SHMEM_SHMGET || \ APR_USE_SHMEM_MMAP_TMP || APR_USE_SHMEM_MMAP_SHM @@ -180,8 +179,8 @@ new_m->reqsize = reqsize; new_m->realsize = reqsize; new_m->filename = NULL; - - if ((new_m->shmid = shmget(IPC_PRIVATE, new_m->realsize, + new_m->shmkey = IPC_PRIVATE; + if ((new_m->shmid = shmget(new_m->shmkey, new_m->realsize, SHM_R | SHM_W | IPC_CREAT)) < 0) { return errno; } @@ -318,12 +317,12 @@ /* ftok() (on solaris at least) requires that the file actually * exist before calling ftok(). */ - shmkey = ftok(filename, 1); - if (shmkey == (key_t)-1) { + new_m->shmkey = ftok(filename, 1); + if (new_m->shmkey == (key_t)-1) { return errno; } - if ((new_m->shmid = shmget(shmkey, new_m->realsize, + if ((new_m->shmid = shmget(new_m->shmkey, new_m->realsize, SHM_R | SHM_W | IPC_CREAT | IPC_EXCL)) < 0) { return errno; } @@ -526,7 +525,6 @@ apr_status_t status; apr_file_t *file; /* file where metadata is stored */ apr_size_t nbytes; - key_t shmkey; new_m = apr_palloc(pool, sizeof(apr_shm_t)); @@ -549,11 +547,11 @@ new_m->filename = apr_pstrdup(pool, filename); new_m->pool = pool; - shmkey = ftok(filename, 1); - if (shmkey == (key_t)-1) { + new_m->shmkey = ftok(filename, 1); + if (new_m->shmkey == (key_t)-1) { return errno; } - if ((new_m->shmid = shmget(shmkey, 0, SHM_R | SHM_W)) == -1) { + if ((new_m->shmid = shmget(new_m->shmkey, 0, SHM_R | SHM_W)) == -1) { return errno; } if ((new_m->base = shmat(new_m->shmid, NULL, 0)) == (void *)-1) { @@ -590,6 +588,30 @@ return m->reqsize; } +APR_DECLARE(apr_status_t) apr_shm_perms_set(apr_shm_t *m, + apr_fileperms_t perms, + apr_uid_t uid, + apr_gid_t gid) +{ +#if APR_USE_SHMEM_SHMGET || APR_USE_SHMEM_SHMGET_ANON + struct shmid_ds shmbuf; + int shmid; + + if ((shmid = shmget(m->shmkey, 0, SHM_R | SHM_W)) == -1) { + return errno; + } + shmbuf.shm_perm.uid = uid; + shmbuf.shm_perm.gid = gid; + shmbuf.shm_perm.mode = apr_unix_perms2mode(perms); + if (shmctl(shmid, IPC_SET, &shmbuf) == -1) { + return errno; + } + return APR_SUCCESS; +#else + return APR_ENOTIMPL; +#endif +} + APR_POOL_IMPLEMENT_ACCESSOR(shm) APR_DECLARE(apr_status_t) apr_os_shm_get(apr_os_shm_t *osshm, Index: shmem/beos/shm.c =================================================================== --- shmem/beos/shm.c (revision 739545) +++ shmem/beos/shm.c (working copy) @@ -149,6 +149,14 @@ return m->reqsize; } +APR_DECLARE(apr_status_t) apr_shm_perms_set(apr_shm_t *m, + apr_fileperms_t perms, + apr_uid_t *uid, + apr_gid_t *gid) +{ + return APR_ENOTIMPL; +} + APR_POOL_IMPLEMENT_ACCESSOR(shm) APR_DECLARE(apr_status_t) apr_os_shm_get(apr_os_shm_t *osshm, --------------040501070402070201020408--