httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject cvs commit: httpd-2.0 CHANGES STATUS
Date Tue, 16 Sep 2003 01:00:07 GMT
trawick     2003/09/15 18:00:07

  Modified:    modules/mappers Tag: APACHE_2_0_BRANCH mod_rewrite.c
               modules/ssl Tag: APACHE_2_0_BRANCH mod_ssl.h
                        ssl_engine_config.c ssl_engine_mutex.c
               os/unix  Tag: APACHE_2_0_BRANCH unixd.c unixd.h
               .        Tag: APACHE_2_0_BRANCH CHANGES STATUS
  Log:
  merge this fix from 2.1-dev:
  
  *) Unix: Handle permissions settings for flock-based mutexes in
       unixd_set_global|proc_mutex_perms().  Allow the functions to be
       called for any type of mutex.  PR 20312
  
  Reviewed by:	Justin, Greg
  
  Revision  Changes    Path
  No                   revision
  No                   revision
  1.135.2.16 +3 -2      httpd-2.0/modules/mappers/mod_rewrite.c
  
  Index: mod_rewrite.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/mappers/mod_rewrite.c,v
  retrieving revision 1.135.2.15
  retrieving revision 1.135.2.16
  diff -u -r1.135.2.15 -r1.135.2.16
  --- mod_rewrite.c	31 Jul 2003 23:43:37 -0000	1.135.2.15
  +++ mod_rewrite.c	16 Sep 2003 01:00:05 -0000	1.135.2.16
  @@ -118,6 +118,7 @@
   
   #if !defined(OS2) && !defined(WIN32) && !defined(BEOS)  && !defined(NETWARE)
   #include "unixd.h"
  +#define MOD_REWRITE_SET_MUTEX_PERMS /* XXX Apache should define something */
   #endif
   
   /*
  @@ -1017,7 +1018,7 @@
           return HTTP_INTERNAL_SERVER_ERROR;
       }
   
  -#if APR_USE_SYSVSEM_SERIALIZE
  +#ifdef MOD_REWRITE_SET_MUTEX_PERMS
       rv = unixd_set_global_mutex_perms(rewrite_log_lock);
       if (rv != APR_SUCCESS) {
           ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
  @@ -3599,7 +3600,7 @@
           return rc;
       }
   
  -#if APR_USE_SYSVSEM_SERIALIZE
  +#ifdef MOD_REWRITE_SET_MUTEX_PERMS
       rc = unixd_set_global_mutex_perms(rewrite_mapr_lock_acquire);
       if (rc != APR_SUCCESS) {
           ap_log_error(APLOG_MARK, APLOG_CRIT, rc, s,
  
  
  
  No                   revision
  No                   revision
  1.122.2.6 +0 -1      httpd-2.0/modules/ssl/mod_ssl.h
  
  Index: mod_ssl.h
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.h,v
  retrieving revision 1.122.2.5
  retrieving revision 1.122.2.6
  diff -u -r1.122.2.5 -r1.122.2.6
  --- mod_ssl.h	16 May 2003 18:12:18 -0000	1.122.2.5
  +++ mod_ssl.h	16 Sep 2003 01:00:06 -0000	1.122.2.6
  @@ -437,7 +437,6 @@
       ssl_mutexmode_t nMutexMode;
       apr_lockmech_e  nMutexMech;
       const char     *szMutexFile;
  -    BOOL            ChownMutexFile;
       apr_global_mutex_t   *pMutex;
       apr_array_header_t   *aRandSeed;
       apr_hash_t     *tVHostKeys;
  
  
  
  1.70.2.4  +0 -3      httpd-2.0/modules/ssl/ssl_engine_config.c
  
  Index: ssl_engine_config.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_config.c,v
  retrieving revision 1.70.2.3
  retrieving revision 1.70.2.4
  diff -u -r1.70.2.3 -r1.70.2.4
  --- ssl_engine_config.c	30 Mar 2003 23:17:22 -0000	1.70.2.3
  +++ ssl_engine_config.c	16 Sep 2003 01:00:06 -0000	1.70.2.4
  @@ -101,7 +101,6 @@
       mc->nMutexMode             = SSL_MUTEXMODE_UNSET;
       mc->nMutexMech             = APR_LOCK_DEFAULT;
       mc->szMutexFile            = NULL;
  -    mc->ChownMutexFile         = FALSE;
       mc->pMutex                 = NULL;
       mc->aRandSeed              = apr_array_make(pool, 4,
                                                   sizeof(ssl_randseed_t));
  @@ -402,7 +401,6 @@
           mc->nMutexMech = APR_LOCK_FLOCK;
           mc->szMutexFile = apr_psprintf(mc->pPool, "%s.%lu",
                                          file, (unsigned long)getpid());
  -        mc->ChownMutexFile = TRUE;
       }
   #endif
   #if APR_HAS_FCNTL_SERIALIZE
  @@ -449,7 +447,6 @@
           mc->nMutexMode  = SSL_MUTEXMODE_USED;
   #if APR_HAS_FLOCK_SERIALIZE
           mc->nMutexMech  = APR_LOCK_FLOCK;
  -        mc->ChownMutexFile = TRUE;
   #endif
   #if APR_HAS_FCNTL_SERIALIZE
           mc->nMutexMech  = APR_LOCK_FCNTL;
  
  
  
  1.17.2.7  +8 -18     httpd-2.0/modules/ssl/ssl_engine_mutex.c
  
  Index: ssl_engine_mutex.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_mutex.c,v
  retrieving revision 1.17.2.6
  retrieving revision 1.17.2.7
  diff -u -r1.17.2.6 -r1.17.2.7
  --- ssl_engine_mutex.c	31 Mar 2003 14:37:49 -0000	1.17.2.6
  +++ ssl_engine_mutex.c	16 Sep 2003 01:00:06 -0000	1.17.2.7
  @@ -63,6 +63,7 @@
   #include "mod_ssl.h"
   #if !defined(OS2) && !defined(WIN32) && !defined(BEOS) && !defined(NETWARE)
   #include "unixd.h"
  +#define MOD_SSL_SET_MUTEX_PERMS /* XXX Apache should define something */
   #endif
   
   int ssl_mutex_init(server_rec *s, apr_pool_t *p)
  @@ -84,25 +85,14 @@
                            "Cannot create SSLMutex");
           return FALSE;
       }
  -#if !defined(OS2) && !defined(WIN32) && !defined(BEOS) && !defined(NETWARE)
  -    if (mc->szMutexFile && mc->ChownMutexFile == TRUE)
  -        chown(mc->szMutexFile, unixd_config.user_id, -1);
  -#endif
   
  -#if APR_HAS_SYSVSEM_SERIALIZE
  -#if APR_USE_SYSVSEM_SERIALIZE
  -    if (mc->nMutexMech == APR_LOCK_DEFAULT || 
  -        mc->nMutexMech == APR_LOCK_SYSVSEM) {
  -#else
  -    if (mc->nMutexMech == APR_LOCK_SYSVSEM) {
  -#endif
  -        rv = unixd_set_global_mutex_perms(mc->pMutex);
  -        if (rv != APR_SUCCESS) {
  -            ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
  -                         "Could not set permissions on ssl_mutex; check User "
  -                         "and Group directives");
  -            return FALSE;
  -        }
  +#ifdef MOD_SSL_SET_MUTEX_PERMS
  +    rv = unixd_set_global_mutex_perms(mc->pMutex);
  +    if (rv != APR_SUCCESS) {
  +        ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
  +                     "Could not set permissions on ssl_mutex; check User "
  +                     "and Group directives");
  +        return FALSE;
       }
   #endif
       return TRUE;
  
  
  
  No                   revision
  No                   revision
  1.55.2.3  +56 -21    httpd-2.0/os/unix/unixd.c
  
  Index: unixd.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/os/unix/unixd.c,v
  retrieving revision 1.55.2.2
  retrieving revision 1.55.2.3
  diff -u -r1.55.2.2 -r1.55.2.3
  --- unixd.c	15 May 2003 20:28:18 -0000	1.55.2.2
  +++ unixd.c	16 Sep 2003 01:00:06 -0000	1.55.2.3
  @@ -417,35 +417,70 @@
                                                 attr, ugid, p);
   }
   
  +/* XXX move to APR and externalize (but implement differently :) ) */
  +static apr_lockmech_e proc_mutex_mech(apr_proc_mutex_t *pmutex)
  +{
  +    const char *mechname = apr_proc_mutex_name(pmutex);
  +
  +    if (!strcmp(mechname, "sysvsem")) {
  +        return APR_LOCK_SYSVSEM;
  +    }
  +    else if (!strcmp(mechname, "flock")) {
  +        return APR_LOCK_FLOCK;
  +    }
  +    return APR_LOCK_DEFAULT;
  +}
  +
   AP_DECLARE(apr_status_t) unixd_set_proc_mutex_perms(apr_proc_mutex_t *pmutex)
   {
  -/* MPM shouldn't call us unless we're actually using a SysV sem;
  - * this is just to avoid compile issues on systems without that
  - * feature
  - */
  +    if (!geteuid()) {
  +        apr_lockmech_e mech = proc_mutex_mech(pmutex);
  +
  +        switch(mech) {
   #if APR_HAS_SYSVSEM_SERIALIZE
  -    apr_os_proc_mutex_t ospmutex;
  +        case APR_LOCK_SYSVSEM:
  +        {
  +            apr_os_proc_mutex_t ospmutex;
   #if !APR_HAVE_UNION_SEMUN
  -    union semun {
  -        long val;
  -        struct semid_ds *buf;
  -        ushort *array;
  -    };
  +            union semun {
  +                long val;
  +                struct semid_ds *buf;
  +                ushort *array;
  +            };
   #endif
  -    union semun ick;
  -    struct semid_ds buf;
  +            union semun ick;
  +            struct semid_ds buf;
  +        
  +            apr_os_proc_mutex_get(&ospmutex, pmutex);
  +            buf.sem_perm.uid = unixd_config.user_id;
  +            buf.sem_perm.gid = unixd_config.group_id;
  +            buf.sem_perm.mode = 0600;
  +            ick.buf = &buf;
  +            if (semctl(ospmutex.crossproc, 0, IPC_SET, ick) < 0) {
  +                return errno;
  +            }
  +        }
  +        break;
  +#endif
  +#if APR_HAS_FLOCK_SERIALIZE
  +        case APR_LOCK_FLOCK:
  +        {
  +            const char *lockfile = apr_proc_mutex_lockfile(pmutex);
   
  -    if (!geteuid()) {
  -        apr_os_proc_mutex_get(&ospmutex, pmutex);
  -        buf.sem_perm.uid = unixd_config.user_id;
  -        buf.sem_perm.gid = unixd_config.group_id;
  -        buf.sem_perm.mode = 0600;
  -        ick.buf = &buf;
  -        if (semctl(ospmutex.crossproc, 0, IPC_SET, ick) < 0) {
  -            return errno;
  +            if (lockfile) {
  +                if (chown(lockfile, unixd_config.user_id,
  +                          -1 /* no gid change */) < 0) {
  +                    return errno;
  +                }
  +            }
           }
  -    }
  +        break;
   #endif
  +        default:
  +            /* do nothing */
  +            break;
  +        }
  +    }
       return APR_SUCCESS;
   }
   
  
  
  
  1.36.2.2  +10 -0     httpd-2.0/os/unix/unixd.h
  
  Index: unixd.h
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/os/unix/unixd.h,v
  retrieving revision 1.36.2.1
  retrieving revision 1.36.2.2
  diff -u -r1.36.2.1 -r1.36.2.2
  --- unixd.h	3 Feb 2003 17:31:59 -0000	1.36.2.1
  +++ unixd.h	16 Sep 2003 01:00:06 -0000	1.36.2.2
  @@ -120,6 +120,16 @@
   AP_DECLARE(void) unixd_set_rlimit(cmd_parms *cmd, struct rlimit **plimit,
                              const char *arg, const char * arg2, int type);
   #endif
  +
  +/**
  + * One of the functions to set mutex permissions should be called in
  + * the parent process on platforms that switch identity when the 
  + * server is started as root.
  + * If the child init logic is performed before switching identity
  + * (e.g., MPM setup for an accept mutex), it should only be called
  + * for SysV semaphores.  Otherwise, it is safe to call it for all
  + * mutex types.
  + */
   AP_DECLARE(apr_status_t) unixd_set_proc_mutex_perms(apr_proc_mutex_t *pmutex);
   AP_DECLARE(apr_status_t) unixd_set_global_mutex_perms(apr_global_mutex_t *gmutex);
   AP_DECLARE(apr_status_t) unixd_accept(void **accepted, ap_listen_rec *lr, apr_pool_t *ptrans);
  
  
  
  No                   revision
  No                   revision
  1.988.2.152 +4 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.988.2.151
  retrieving revision 1.988.2.152
  diff -u -r1.988.2.151 -r1.988.2.152
  --- CHANGES	15 Sep 2003 15:40:05 -0000	1.988.2.151
  +++ CHANGES	16 Sep 2003 01:00:06 -0000	1.988.2.152
  @@ -1,5 +1,9 @@
   Changes with Apache 2.0.48
   
  +  *) Unix: Handle permissions settings for flock-based mutexes in 
  +     unixd_set_global|proc_mutex_perms().  Allow the functions to be
  +     called for any type of mutex.  PR 20312  [Jeff Trawick]
  +
     *) ab: Work over non-loopback on Unix again. PR 21495. [Jeff Trawick]
   
     *) Fix a misleading message from the some of the threaded MPMs when 
  
  
  
  1.751.2.469 +1 -20     httpd-2.0/STATUS
  
  Index: STATUS
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/STATUS,v
  retrieving revision 1.751.2.468
  retrieving revision 1.751.2.469
  diff -u -r1.751.2.468 -r1.751.2.469
  --- STATUS	15 Sep 2003 23:19:15 -0000	1.751.2.468
  +++ STATUS	16 Sep 2003 01:00:07 -0000	1.751.2.469
  @@ -198,25 +198,6 @@
                    shows breakage on Solaris which can't -lcrypto -lssl without
                    the extra pkgconfig/openssl.pc Libs: * foo }
   
  -    * Unix: Handle permissions settings for flock-based mutexes in 
  -      unixd_set_global|proc_mutex_perms().  Allow the functions to
  -      be called for any type of mutex.  PR 20312
  -        modules/mappers/mod_rewrite.c 1.153
  -        modules/ssl/mod_ssl.h 1.136
  -        modules/ssl/ssl_engine_config.c 1.81
  -        modules/ssl/ssl_engine_mutex.c 1.26
  -        os/unix/unixd.c 1.58
  -        os/unix/unixd.h 1.38
  -        +1: trawick, jerenkrantz, gregames
  -         0: jim (it seems to me that the locking mech itself
  -                 should have the required flags to determine whether
  -                 uid/gid and chown is required, rather than placing
  -                 that knowledge in unixd.c (kind of what is done for
  -                 the SSL stuff already with ChownMutexFile). Thus
  -                 unixd would simply check those out and do what is
  -                 required rather than having internal APR knowledge
  -                 it shouldn't).
  -
       * Backport wildcard ExpiresByType from 2.0.46
         +1: ken, stoddard
   
  
  
  

Mime
View raw message