Return-Path: Delivered-To: apmail-apache-cvs-archive@apache.org Received: (qmail 8708 invoked by uid 500); 5 May 2001 19:09:38 -0000 Mailing-List: contact apache-cvs-help@apache.org; run by ezmlm Precedence: bulk Reply-To: new-httpd@apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list apache-cvs@apache.org Received: (qmail 8693 invoked by uid 500); 5 May 2001 19:09:38 -0000 Delivered-To: apmail-httpd-2.0-cvs@apache.org Date: 5 May 2001 19:09:38 -0000 Message-ID: <20010505190938.8688.qmail@apache.org> From: rse@apache.org To: httpd-2.0-cvs@apache.org Subject: cvs commit: httpd-2.0/modules/ssl mod_ssl.h ssl_engine_config.c ssl_engine_mutex.c rse 01/05/05 12:09:38 Modified: modules/ssl mod_ssl.h ssl_engine_config.c ssl_engine_mutex.c Log: Kick out all old mutex code and base SSLMutex on APR locks. Revision Changes Path 1.11 +9 -78 httpd-2.0/modules/ssl/mod_ssl.h Index: mod_ssl.h =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.h,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- mod_ssl.h 2001/05/05 16:55:28 1.10 +++ mod_ssl.h 2001/05/05 19:09:37 1.11 @@ -227,65 +227,6 @@ #endif /* - * Support for file locking: Try to determine whether we should use fcntl() or - * flock(). Would be better ap_config.h could provide this... :-( - */ -#if defined(USE_FCNTL_SERIALIZED_ACCEPT) -#define SSL_USE_FCNTL 1 -#include -#endif -#if defined(USE_FLOCK_SERIALIZED_ACCEPT) -#define SSL_USE_FLOCK 1 -#include -#endif -#if !defined(SSL_USE_FCNTL) && !defined(SSL_USE_FLOCK) -#define SSL_USE_FLOCK 1 -#if !defined(MPE) -#include -#endif -#ifndef LOCK_UN -#undef SSL_USE_FLOCK -#define SSL_USE_FCNTL 1 -#include -#endif -#endif -#ifdef AIX -#undef SSL_USE_FLOCK -#define SSL_USE_FCNTL 1 -#include -#endif - -/* - * Support for Mutex - */ -#define SSL_MUTEX_LOCK_MODE ( S_IRUSR|S_IWUSR ) -#if defined(USE_SYSVSEM_SERIALIZED_ACCEPT) ||\ - (defined(__FreeBSD__) && defined(__FreeBSD_version) &&\ - __FreeBSD_version >= 300000) ||\ - (defined(LINUX) && defined(__GLIBC__) && defined(__GLIBC_MINOR__) &&\ - LINUX >= 2 && __GLIBC__ >= 2 && __GLIBC_MINOR__ >= 1) ||\ - defined(SOLARIS2) || defined(__hpux) ||\ - (defined (__digital__) && defined (__unix__)) -#define SSL_CAN_USE_SEM -#define SSL_HAVE_IPCSEM -#include -#include -#include -/* - * Some platforms have a `union semun' pre-defined but Single Unix - * Specification (SUSv2) says in semctl(2): `If required, it is of - * type union semun, which the application program must explicitly - * declare'. So we define it always ourself to avoid problems (but under - * a different name to avoid a namespace clash). - */ -union ssl_ipc_semun { - long val; - struct semid_ds *buf; - unsigned short int *array; -}; -#endif - -/* * Support for MM library */ #define SSL_MM_FILE_MODE ( S_IRUSR|S_IWUSR ) @@ -430,8 +371,7 @@ typedef enum { SSL_MUTEXMODE_UNSET = UNSET, SSL_MUTEXMODE_NONE = 0, - SSL_MUTEXMODE_FILE = 1, - SSL_MUTEXMODE_SEM = 2 + SSL_MUTEXMODE_USED = 1 } ssl_mutexmode_t; /* @@ -488,8 +428,7 @@ table_t *tSessionCacheDataTable; ssl_mutexmode_t nMutexMode; char *szMutexFile; - int nMutexFD; - int nMutexSEMID; + apr_lock_t *pMutex; array_header *aRandSeed; ssl_ds_table *tTmpKeys; void *pTmpKeys[SSL_TKPIDX_MAX]; @@ -710,21 +649,13 @@ void ssl_ds_table_kill(ssl_ds_table *); /* Mutex Support */ -void ssl_mutex_init(server_rec *, pool *); -void ssl_mutex_reinit(server_rec *, pool *); -void ssl_mutex_on(server_rec *); -void ssl_mutex_off(server_rec *); -void ssl_mutex_kill(server_rec *s); -void ssl_mutex_file_create(server_rec *, pool *); -void ssl_mutex_file_open(server_rec *, pool *); -void ssl_mutex_file_remove(void *); -BOOL ssl_mutex_file_acquire(void); -BOOL ssl_mutex_file_release(void); -void ssl_mutex_sem_create(server_rec *, pool *); -void ssl_mutex_sem_open(server_rec *, pool *); -void ssl_mutex_sem_remove(void *); -BOOL ssl_mutex_sem_acquire(void); -BOOL ssl_mutex_sem_release(void); +#endif /* XXX */ +int ssl_mutex_init(server_rec *, apr_pool_t *); +int ssl_mutex_reinit(server_rec *, apr_pool_t *); +int ssl_mutex_on(server_rec *); +int ssl_mutex_off(server_rec *); +int ssl_mutex_kill(server_rec *); +#if 0 /* XXX */ /* Logfile Support */ void ssl_log_open(server_rec *, server_rec *, pool *); 1.10 +6 -10 httpd-2.0/modules/ssl/ssl_engine_config.c Index: ssl_engine_config.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_config.c,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- ssl_engine_config.c 2001/05/05 16:55:28 1.9 +++ ssl_engine_config.c 2001/05/05 19:09:37 1.10 @@ -96,8 +96,7 @@ mc->tSessionCacheDataTable = NULL; mc->nMutexMode = SSL_MUTEXMODE_UNSET; mc->szMutexFile = NULL; - mc->nMutexFD = -1; - mc->nMutexSEMID = -1; + mc->pMutex = NULL; mc->aRandSeed = ap_make_array(pPool, 4, sizeof(ssl_randseed_t)); mc->tPrivateKey = ssl_ds_table_make(pPool, sizeof(ssl_asn1_t)); mc->tPublicCert = ssl_ds_table_make(pPool, sizeof(ssl_asn1_t)); @@ -324,21 +323,18 @@ return err; if (ssl_config_global_isfixed()) return NULL; - if (strcEQ(arg, "none")) { + if (strcEQ(arg, "none") || strcEQ(arg, "no")) { mc->nMutexMode = SSL_MUTEXMODE_NONE; } else if (strlen(arg) > 5 && strcEQn(arg, "file:", 5)) { - mc->nMutexMode = SSL_MUTEXMODE_FILE; + mc->nMutexMode = SSL_MUTEXMODE_USED; mc->szMutexFile = ap_psprintf(mc->pPool, "%s.%lu", ap_server_root_relative(cmd->pool, "mutex", arg+5), (unsigned long)getpid()); } - else if (strcEQ(arg, "sem")) { -#ifdef SSL_CAN_USE_SEM - mc->nMutexMode = SSL_MUTEXMODE_SEM; -#else - return "SSLMutex: Semaphores not available on this platform"; -#endif + else if (strcEQ(arg, "sem") || strcEQ(arg, "yes")) { + mc->nMutexMode = SSL_MUTEXMODE_USED; + mc->szMutexFile = NULL; /* APR determines temporary filename */ } else return "SSLMutex: Invalid argument"; 1.5 +28 -286 httpd-2.0/modules/ssl/ssl_engine_mutex.c Index: ssl_engine_mutex.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_mutex.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- ssl_engine_mutex.c 2001/05/05 16:35:17 1.4 +++ ssl_engine_mutex.c 2001/05/05 19:09:37 1.5 @@ -64,322 +64,64 @@ #if 0 /* XXX */ -/* _________________________________________________________________ -** -** Mutex Support (Common) -** _________________________________________________________________ -*/ - -void ssl_mutex_init(server_rec *s, pool *p) +int ssl_mutex_init(server_rec *s, apr_pool_t *p) { SSLModConfigRec *mc = myModConfig(); - if (mc->nMutexMode == SSL_MUTEXMODE_FILE) - ssl_mutex_file_create(s, p); - else if (mc->nMutexMode == SSL_MUTEXMODE_SEM) - ssl_mutex_sem_create(s, p); - return; + if (mc->nMutexMode == SSL_MUTEXMODE_NONE) + return TRUE; + if (apr_lock_create(&mc->pMutex, APR_MUTEX, APR_LOCKALL, + mc->szMutexFile, p) != APR_SUCCESS) + return FALSE; + return TRUE; } -void ssl_mutex_reinit(server_rec *s, pool *p) +int ssl_mutex_reinit(server_rec *s, apr_pool_t *p) { SSLModConfigRec *mc = myModConfig(); - if (mc->nMutexMode == SSL_MUTEXMODE_FILE) - ssl_mutex_file_open(s, p); - else if (mc->nMutexMode == SSL_MUTEXMODE_SEM) - ssl_mutex_sem_open(s, p); - return; + if (mc->nMutexMode == SSL_MUTEXMODE_NONE) + return TRUE; + if (apr_lock_child_init(&mc->pMutex, mc->szMutexFile, p) != APR_SUCCESS) + return FALSE; + return TRUE; } -void ssl_mutex_on(server_rec *s) +int ssl_mutex_on(server_rec *s) { SSLModConfigRec *mc = myModConfig(); - BOOL ok = TRUE; - if (mc->nMutexMode == SSL_MUTEXMODE_FILE) - ok = ssl_mutex_file_acquire(); - else if (mc->nMutexMode == SSL_MUTEXMODE_SEM) - ok = ssl_mutex_sem_acquire(); - if (!ok) + if (mc->nMutexMode == SSL_MUTEXMODE_NONE) + return TRUE; + if (apr_lock_acquire(mc->pMutex) != APR_SUCCESS) { ssl_log(s, SSL_LOG_WARN, "Failed to acquire global mutex lock"); - return; -} - -void ssl_mutex_off(server_rec *s) -{ - SSLModConfigRec *mc = myModConfig(); - BOOL ok = TRUE; - - if (mc->nMutexMode == SSL_MUTEXMODE_FILE) - ok = ssl_mutex_file_release(); - else if (mc->nMutexMode == SSL_MUTEXMODE_SEM) - ok = ssl_mutex_sem_release(); - if (!ok) - ssl_log(s, SSL_LOG_WARN, "Failed to release global mutex lock"); - return; -} - -void ssl_mutex_kill(server_rec *s) -{ - SSLModConfigRec *mc = myModConfig(); - - if (mc->nMutexMode == SSL_MUTEXMODE_FILE) - ssl_mutex_file_remove(s); - else if (mc->nMutexMode == SSL_MUTEXMODE_SEM) - ssl_mutex_sem_remove(s); - return; -} - - -/* _________________________________________________________________ -** -** Mutex Support (Lockfile) -** _________________________________________________________________ -*/ - -void ssl_mutex_file_create(server_rec *s, pool *p) -{ - SSLModConfigRec *mc = myModConfig(); - - /* create the lockfile */ - unlink(mc->szMutexFile); - if ((mc->nMutexFD = ap_popenf(p, mc->szMutexFile, - O_WRONLY|O_CREAT, SSL_MUTEX_LOCK_MODE)) < 0) { - ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO, - "Parent process could not create SSLMutex lockfile %s", - mc->szMutexFile); - ssl_die(); - } - ap_pclosef(p, mc->nMutexFD); - - /* make sure the childs have access to this file */ -#ifndef OS2 - if (geteuid() == 0 /* is superuser */) - chown(mc->szMutexFile, ap_user_id, -1 /* no gid change */); -#endif - - /* open the lockfile for real */ - if ((mc->nMutexFD = ap_popenf(p, mc->szMutexFile, - O_WRONLY, SSL_MUTEX_LOCK_MODE)) < 0) { - ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO, - "Parent could not open SSLMutex lockfile %s", - mc->szMutexFile); - ssl_die(); - } - return; -} - -void ssl_mutex_file_open(server_rec *s, pool *p) -{ - SSLModConfigRec *mc = myModConfig(); - - /* open the lockfile (once per child) to get a unique fd */ - if ((mc->nMutexFD = ap_popenf(p, mc->szMutexFile, - O_WRONLY, SSL_MUTEX_LOCK_MODE)) < 0) { - ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO, - "Child could not open SSLMutex lockfile %s", - mc->szMutexFile); - ssl_die(); + return FALSE; } - return; -} - -void ssl_mutex_file_remove(void *data) -{ - SSLModConfigRec *mc = myModConfig(); - - /* remove the mutex lockfile */ - unlink(mc->szMutexFile); - return; + return TRUE; } - -#ifdef SSL_USE_FCNTL -static struct flock lock_it; -static struct flock unlock_it; -#endif -BOOL ssl_mutex_file_acquire(void) +int ssl_mutex_off(server_rec *s) { - int rc = -1; SSLModConfigRec *mc = myModConfig(); -#ifdef SSL_USE_FCNTL - lock_it.l_whence = SEEK_SET; /* from current point */ - lock_it.l_start = 0; /* -"- */ - lock_it.l_len = 0; /* until end of file */ - lock_it.l_type = F_WRLCK; /* set exclusive/write lock */ - lock_it.l_pid = 0; /* pid not actually interesting */ - - while ( ((rc = fcntl(mc->nMutexFD, F_SETLKW, &lock_it)) < 0) - && (errno == EINTR) ) - ; -#endif -#ifdef SSL_USE_FLOCK - while ( ((rc = flock(mc->nMutexFD, LOCK_EX)) < 0) - && (errno == EINTR) ) - ; -#endif - - if (rc < 0) - return FALSE; - else + if (mc->nMutexMode == SSL_MUTEXMODE_NONE) return TRUE; -} - -BOOL ssl_mutex_file_release(void) -{ - int rc = -1; - SSLModConfigRec *mc = myModConfig(); - -#ifdef SSL_USE_FCNTL - unlock_it.l_whence = SEEK_SET; /* from current point */ - unlock_it.l_start = 0; /* -"- */ - unlock_it.l_len = 0; /* until end of file */ - unlock_it.l_type = F_UNLCK; /* unlock */ - unlock_it.l_pid = 0; /* pid not actually interesting */ - - while ( (rc = fcntl(mc->nMutexFD, F_SETLKW, &unlock_it)) < 0 - && (errno == EINTR) ) - ; -#endif -#ifdef SSL_USE_FLOCK - while ( (rc = flock(mc->nMutexFD, LOCK_UN)) < 0 - && (errno == EINTR) ) - ; -#endif - - if (rc < 0) + if (apr_lock_release(mc->pMutex) != APR_SUCCESS) { + ssl_log(s, SSL_LOG_WARN, "Failed to release global mutex lock"); return FALSE; - else - return TRUE; -} - -/* _________________________________________________________________ -** -** Mutex Support (Process Semaphore) -** _________________________________________________________________ -*/ - -void ssl_mutex_sem_create(server_rec *s, pool *p) -{ -#ifdef SSL_CAN_USE_SEM - int semid; - SSLModConfigRec *mc = myModConfig(); -#ifdef SSL_HAVE_IPCSEM - union ssl_ipc_semun semctlarg; - struct semid_ds semctlbuf; -#endif - -#ifdef SSL_HAVE_IPCSEM - semid = semget(IPC_PRIVATE, 1, IPC_CREAT|IPC_EXCL|S_IRUSR|S_IWUSR); - if (semid == -1 && errno == EEXIST) - semid = semget(IPC_PRIVATE, 1, IPC_EXCL|S_IRUSR|S_IWUSR); - if (semid == -1) { - ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO, - "Parent process could not create private SSLMutex semaphore"); - ssl_die(); - } - semctlarg.val = 0; - if (semctl(semid, 0, SETVAL, semctlarg) < 0) { - ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO, - "Parent process could not initialize SSLMutex semaphore value"); - ssl_die(); - } - semctlbuf.sem_perm.uid = ap_user_id; - semctlbuf.sem_perm.gid = ap_group_id; - semctlbuf.sem_perm.mode = 0660; - semctlarg.buf = &semctlbuf; - if (semctl(semid, 0, IPC_SET, semctlarg) < 0) { - ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO, - "Parent process could not set permissions for SSLMutex semaphore"); - ssl_die(); } -#endif -#ifdef SSL_HAVE_W32SEM - semid = (int)ap_create_mutex("mod_ssl_mutex"); -#endif - mc->nMutexSEMID = semid; -#endif - return; + return TRUE; } -void ssl_mutex_sem_open(server_rec *s, pool *p) +int ssl_mutex_kill(server_rec *s) { -#ifdef SSL_CAN_USE_SEM -#ifdef SSL_HAVE_W32SEM SSLModConfigRec *mc = myModConfig(); - mc->nMutexSEMID = (int)ap_open_mutex("mod_ssl_mutex"); -#endif -#endif - return; -} - -void ssl_mutex_sem_remove(void *data) -{ -#ifdef SSL_CAN_USE_SEM - SSLModConfigRec *mc = myModConfig(); - -#ifdef SSL_HAVE_IPCSEM - semctl(mc->nMutexSEMID, 0, IPC_RMID, 0); -#endif -#ifdef SSL_HAVE_W32SEM - ap_destroy_mutex((mutex *)mc->nMutexSEMID); -#endif -#endif - return; -} - -BOOL ssl_mutex_sem_acquire(void) -{ - int rc = 0; -#ifdef SSL_CAN_USE_SEM - SSLModConfigRec *mc = myModConfig(); - -#ifdef SSL_HAVE_IPCSEM - struct sembuf sb[] = { - { 0, 0, 0 }, /* wait for semaphore */ - { 0, 1, SEM_UNDO } /* increment semaphore */ - }; - - while ( (rc = semop(mc->nMutexSEMID, sb, 2)) < 0 - && (errno == EINTR) ) - ; -#endif -#ifdef SSL_HAVE_W32SEM - rc = ap_acquire_mutex((mutex *)mc->nMutexSEMID); -#endif -#endif - if (rc != 0) - return FALSE; - else + if (mc->nMutexMode == SSL_MUTEXMODE_NONE) return TRUE; -} - -BOOL ssl_mutex_sem_release(void) -{ - int rc = 0; -#ifdef SSL_CAN_USE_SEM - SSLModConfigRec *mc = myModConfig(); - -#ifdef SSL_HAVE_IPCSEM - struct sembuf sb[] = { - { 0, -1, SEM_UNDO } /* decrements semaphore */ - }; - - while ( (rc = semop(mc->nMutexSEMID, sb, 1)) < 0 - && (errno == EINTR) ) - ; -#endif -#ifdef SSL_HAVE_W32SEM - rc = ap_release_mutex((mutex *)mc->nMutexSEMID); -#endif -#endif - if (rc != 0) + if (apr_lock_destroy(mc->pMutex) != APR_SUCCESS) return FALSE; - else - return TRUE; + return TRUE; } #endif /* XXX */