#define SSL_SESSION_CACHE_TIMEOUT 300
#endif
-/*
- * Support for file locking: Try to determine whether we should use fcntl() or
- * flock(). Would be better ap_config.h could provide this... :-(
- */
-#if defined(USE_FCNTL_SERIALIZED_ACCEPT)
-#define SSL_USE_FCNTL 1
-#include <fcntl.h>
-#endif
-#if defined(USE_FLOCK_SERIALIZED_ACCEPT)
-#define SSL_USE_FLOCK 1
-#include <sys/file.h>
-#endif
-#if !defined(SSL_USE_FCNTL) && !defined(SSL_USE_FLOCK)
-#define SSL_USE_FLOCK 1
-#if !defined(MPE)
-#include <sys/file.h>
-#endif
-#ifndef LOCK_UN
-#undef SSL_USE_FLOCK
-#define SSL_USE_FCNTL 1
-#include <fcntl.h>
-#endif
-#endif
-#ifdef AIX
-#undef SSL_USE_FLOCK
-#define SSL_USE_FCNTL 1
-#include <fcntl.h>
-#endif
-
-/*
- * Support for Mutex
- */
-#define SSL_MUTEX_LOCK_MODE ( S_IRUSR|S_IWUSR )
-#if defined(USE_SYSVSEM_SERIALIZED_ACCEPT) ||\
- (defined(__FreeBSD__) && defined(__FreeBSD_version) &&\
- __FreeBSD_version >= 300000) ||\
- (defined(LINUX) && defined(__GLIBC__) && defined(__GLIBC_MINOR__) &&\
- LINUX >= 2 && __GLIBC__ >= 2 && __GLIBC_MINOR__ >= 1) ||\
- defined(SOLARIS2) || defined(__hpux) ||\
- (defined (__digital__) && defined (__unix__))
-#define SSL_CAN_USE_SEM
-#define SSL_HAVE_IPCSEM
-#include <sys/types.h>
-#include <sys/ipc.h>
-#include <sys/sem.h>
-/*
- * Some platforms have a `union semun' pre-defined but Single Unix
- * Specification (SUSv2) says in semctl(2): `If required, it is of
- * type union semun, which the application program must explicitly
- * declare'. So we define it always ourself to avoid problems (but under
- * a different name to avoid a namespace clash).
- */
-union ssl_ipc_semun {
- long val;
- struct semid_ds *buf;
- unsigned short int *array;
-};
-#endif
-
/*
* Support for MM library
*/
typedef enum {
SSL_MUTEXMODE_UNSET = UNSET,
SSL_MUTEXMODE_NONE = 0,
- SSL_MUTEXMODE_FILE = 1,
- SSL_MUTEXMODE_SEM = 2
+ SSL_MUTEXMODE_USED = 1
} ssl_mutexmode_t;
/*
table_t *tSessionCacheDataTable;
ssl_mutexmode_t nMutexMode;
char *szMutexFile;
- int nMutexFD;
- int nMutexSEMID;
+ apr_lock_t *pMutex;
array_header *aRandSeed;
ssl_ds_table *tTmpKeys;
void *pTmpKeys[SSL_TKPIDX_MAX];
void ssl_ds_table_kill(ssl_ds_table *);
/* Mutex Support */
-void ssl_mutex_init(server_rec *, pool *);
-void ssl_mutex_reinit(server_rec *, pool *);
-void ssl_mutex_on(server_rec *);
-void ssl_mutex_off(server_rec *);
-void ssl_mutex_kill(server_rec *s);
-void ssl_mutex_file_create(server_rec *, pool *);
-void ssl_mutex_file_open(server_rec *, pool *);
-void ssl_mutex_file_remove(void *);
-BOOL ssl_mutex_file_acquire(void);
-BOOL ssl_mutex_file_release(void);
-void ssl_mutex_sem_create(server_rec *, pool *);
-void ssl_mutex_sem_open(server_rec *, pool *);
-void ssl_mutex_sem_remove(void *);
-BOOL ssl_mutex_sem_acquire(void);
-BOOL ssl_mutex_sem_release(void);
+#endif /* XXX */
+int ssl_mutex_init(server_rec *, apr_pool_t *);
+int ssl_mutex_reinit(server_rec *, apr_pool_t *);
+int ssl_mutex_on(server_rec *);
+int ssl_mutex_off(server_rec *);
+int ssl_mutex_kill(server_rec *);
+#if 0 /* XXX */
/* Logfile Support */
void ssl_log_open(server_rec *, server_rec *, pool *);
#if 0 /* XXX */
-/* _________________________________________________________________
-**
-** Mutex Support (Common)
-** _________________________________________________________________
-*/
-
-void ssl_mutex_init(server_rec *s, pool *p)
+int ssl_mutex_init(server_rec *s, apr_pool_t *p)
{
SSLModConfigRec *mc = myModConfig();
- if (mc->nMutexMode == SSL_MUTEXMODE_FILE)
- ssl_mutex_file_create(s, p);
- else if (mc->nMutexMode == SSL_MUTEXMODE_SEM)
- ssl_mutex_sem_create(s, p);
- return;
+ if (mc->nMutexMode == SSL_MUTEXMODE_NONE)
+ return TRUE;
+ if (apr_lock_create(&mc->pMutex, APR_MUTEX, APR_LOCKALL,
+ mc->szMutexFile, p) != APR_SUCCESS)
+ return FALSE;
+ return TRUE;
}
-void ssl_mutex_reinit(server_rec *s, pool *p)
+int ssl_mutex_reinit(server_rec *s, apr_pool_t *p)
{
SSLModConfigRec *mc = myModConfig();
- if (mc->nMutexMode == SSL_MUTEXMODE_FILE)
- ssl_mutex_file_open(s, p);
- else if (mc->nMutexMode == SSL_MUTEXMODE_SEM)
- ssl_mutex_sem_open(s, p);
- return;
+ if (mc->nMutexMode == SSL_MUTEXMODE_NONE)
+ return TRUE;
+ if (apr_lock_child_init(&mc->pMutex, mc->szMutexFile, p) != APR_SUCCESS)
+ return FALSE;
+ return TRUE;
}
-void ssl_mutex_on(server_rec *s)
+int ssl_mutex_on(server_rec *s)
{
SSLModConfigRec *mc = myModConfig();
- BOOL ok = TRUE;
- if (mc->nMutexMode == SSL_MUTEXMODE_FILE)
- ok = ssl_mutex_file_acquire();
- else if (mc->nMutexMode == SSL_MUTEXMODE_SEM)
- ok = ssl_mutex_sem_acquire();
- if (!ok)
+ if (mc->nMutexMode == SSL_MUTEXMODE_NONE)
+ return TRUE;
+ if (apr_lock_acquire(mc->pMutex) != APR_SUCCESS) {
ssl_log(s, SSL_LOG_WARN, "Failed to acquire global mutex lock");
- return;
-}
-
-void ssl_mutex_off(server_rec *s)
-{
- SSLModConfigRec *mc = myModConfig();
- BOOL ok = TRUE;
-
- if (mc->nMutexMode == SSL_MUTEXMODE_FILE)
- ok = ssl_mutex_file_release();
- else if (mc->nMutexMode == SSL_MUTEXMODE_SEM)
- ok = ssl_mutex_sem_release();
- if (!ok)
- ssl_log(s, SSL_LOG_WARN, "Failed to release global mutex lock");
- return;
-}
-
-void ssl_mutex_kill(server_rec *s)
-{
- SSLModConfigRec *mc = myModConfig();
-
- if (mc->nMutexMode == SSL_MUTEXMODE_FILE)
- ssl_mutex_file_remove(s);
- else if (mc->nMutexMode == SSL_MUTEXMODE_SEM)
- ssl_mutex_sem_remove(s);
- return;
-}
-
-
-/* _________________________________________________________________
-**
-** Mutex Support (Lockfile)
-** _________________________________________________________________
-*/
-
-void ssl_mutex_file_create(server_rec *s, pool *p)
-{
- SSLModConfigRec *mc = myModConfig();
-
- /* create the lockfile */
- unlink(mc->szMutexFile);
- if ((mc->nMutexFD = ap_popenf(p, mc->szMutexFile,
- O_WRONLY|O_CREAT, SSL_MUTEX_LOCK_MODE)) < 0) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Parent process could not create SSLMutex lockfile %s",
- mc->szMutexFile);
- ssl_die();
- }
- ap_pclosef(p, mc->nMutexFD);
-
- /* make sure the childs have access to this file */
-#ifndef OS2
- if (geteuid() == 0 /* is superuser */)
- chown(mc->szMutexFile, ap_user_id, -1 /* no gid change */);
-#endif
-
- /* open the lockfile for real */
- if ((mc->nMutexFD = ap_popenf(p, mc->szMutexFile,
- O_WRONLY, SSL_MUTEX_LOCK_MODE)) < 0) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Parent could not open SSLMutex lockfile %s",
- mc->szMutexFile);
- ssl_die();
- }
- return;
-}
-
-void ssl_mutex_file_open(server_rec *s, pool *p)
-{
- SSLModConfigRec *mc = myModConfig();
-
- /* open the lockfile (once per child) to get a unique fd */
- if ((mc->nMutexFD = ap_popenf(p, mc->szMutexFile,
- O_WRONLY, SSL_MUTEX_LOCK_MODE)) < 0) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Child could not open SSLMutex lockfile %s",
- mc->szMutexFile);
- ssl_die();
+ return FALSE;
}
- return;
-}
-
-void ssl_mutex_file_remove(void *data)
-{
- SSLModConfigRec *mc = myModConfig();
-
- /* remove the mutex lockfile */
- unlink(mc->szMutexFile);
- return;
+ return TRUE;
}
-#ifdef SSL_USE_FCNTL
-static struct flock lock_it;
-static struct flock unlock_it;
-#endif
-
-BOOL ssl_mutex_file_acquire(void)
+int ssl_mutex_off(server_rec *s)
{
- int rc = -1;
SSLModConfigRec *mc = myModConfig();
-#ifdef SSL_USE_FCNTL
- lock_it.l_whence = SEEK_SET; /* from current point */
- lock_it.l_start = 0; /* -"- */
- lock_it.l_len = 0; /* until end of file */
- lock_it.l_type = F_WRLCK; /* set exclusive/write lock */
- lock_it.l_pid = 0; /* pid not actually interesting */
-
- while ( ((rc = fcntl(mc->nMutexFD, F_SETLKW, &lock_it)) < 0)
- && (errno == EINTR) )
- ;
-#endif
-#ifdef SSL_USE_FLOCK
- while ( ((rc = flock(mc->nMutexFD, LOCK_EX)) < 0)
- && (errno == EINTR) )
- ;
-#endif
-
- if (rc < 0)
- return FALSE;
- else
+ if (mc->nMutexMode == SSL_MUTEXMODE_NONE)
return TRUE;
-}
-
-BOOL ssl_mutex_file_release(void)
-{
- int rc = -1;
- SSLModConfigRec *mc = myModConfig();
-
-#ifdef SSL_USE_FCNTL
- unlock_it.l_whence = SEEK_SET; /* from current point */
- unlock_it.l_start = 0; /* -"- */
- unlock_it.l_len = 0; /* until end of file */
- unlock_it.l_type = F_UNLCK; /* unlock */
- unlock_it.l_pid = 0; /* pid not actually interesting */
-
- while ( (rc = fcntl(mc->nMutexFD, F_SETLKW, &unlock_it)) < 0
- && (errno == EINTR) )
- ;
-#endif
-#ifdef SSL_USE_FLOCK
- while ( (rc = flock(mc->nMutexFD, LOCK_UN)) < 0
- && (errno == EINTR) )
- ;
-#endif
-
- if (rc < 0)
+ if (apr_lock_release(mc->pMutex) != APR_SUCCESS) {
+ ssl_log(s, SSL_LOG_WARN, "Failed to release global mutex lock");
return FALSE;
- else
- return TRUE;
-}
-
-/* _________________________________________________________________
-**
-** Mutex Support (Process Semaphore)
-** _________________________________________________________________
-*/
-
-void ssl_mutex_sem_create(server_rec *s, pool *p)
-{
-#ifdef SSL_CAN_USE_SEM
- int semid;
- SSLModConfigRec *mc = myModConfig();
-#ifdef SSL_HAVE_IPCSEM
- union ssl_ipc_semun semctlarg;
- struct semid_ds semctlbuf;
-#endif
-
-#ifdef SSL_HAVE_IPCSEM
- semid = semget(IPC_PRIVATE, 1, IPC_CREAT|IPC_EXCL|S_IRUSR|S_IWUSR);
- if (semid == -1 && errno == EEXIST)
- semid = semget(IPC_PRIVATE, 1, IPC_EXCL|S_IRUSR|S_IWUSR);
- if (semid == -1) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Parent process could not create private SSLMutex semaphore");
- ssl_die();
- }
- semctlarg.val = 0;
- if (semctl(semid, 0, SETVAL, semctlarg) < 0) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Parent process could not initialize SSLMutex semaphore value");
- ssl_die();
}
- semctlbuf.sem_perm.uid = ap_user_id;
- semctlbuf.sem_perm.gid = ap_group_id;
- semctlbuf.sem_perm.mode = 0660;
- semctlarg.buf = &semctlbuf;
- if (semctl(semid, 0, IPC_SET, semctlarg) < 0) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Parent process could not set permissions for SSLMutex semaphore");
- ssl_die();
- }
-#endif
-#ifdef SSL_HAVE_W32SEM
- semid = (int)ap_create_mutex("mod_ssl_mutex");
-#endif
- mc->nMutexSEMID = semid;
-#endif
- return;
-}
-
-void ssl_mutex_sem_open(server_rec *s, pool *p)
-{
-#ifdef SSL_CAN_USE_SEM
-#ifdef SSL_HAVE_W32SEM
- SSLModConfigRec *mc = myModConfig();
-
- mc->nMutexSEMID = (int)ap_open_mutex("mod_ssl_mutex");
-#endif
-#endif
- return;
-}
-
-void ssl_mutex_sem_remove(void *data)
-{
-#ifdef SSL_CAN_USE_SEM
- SSLModConfigRec *mc = myModConfig();
-
-#ifdef SSL_HAVE_IPCSEM
- semctl(mc->nMutexSEMID, 0, IPC_RMID, 0);
-#endif
-#ifdef SSL_HAVE_W32SEM
- ap_destroy_mutex((mutex *)mc->nMutexSEMID);
-#endif
-#endif
- return;
+ return TRUE;
}
-BOOL ssl_mutex_sem_acquire(void)
+int ssl_mutex_kill(server_rec *s)
{
- int rc = 0;
-#ifdef SSL_CAN_USE_SEM
SSLModConfigRec *mc = myModConfig();
-#ifdef SSL_HAVE_IPCSEM
- struct sembuf sb[] = {
- { 0, 0, 0 }, /* wait for semaphore */
- { 0, 1, SEM_UNDO } /* increment semaphore */
- };
-
- while ( (rc = semop(mc->nMutexSEMID, sb, 2)) < 0
- && (errno == EINTR) )
- ;
-#endif
-#ifdef SSL_HAVE_W32SEM
- rc = ap_acquire_mutex((mutex *)mc->nMutexSEMID);
-#endif
-#endif
- if (rc != 0)
- return FALSE;
- else
+ if (mc->nMutexMode == SSL_MUTEXMODE_NONE)
return TRUE;
-}
-
-BOOL ssl_mutex_sem_release(void)
-{
- int rc = 0;
-#ifdef SSL_CAN_USE_SEM
- SSLModConfigRec *mc = myModConfig();
-
-#ifdef SSL_HAVE_IPCSEM
- struct sembuf sb[] = {
- { 0, -1, SEM_UNDO } /* decrements semaphore */
- };
-
- while ( (rc = semop(mc->nMutexSEMID, sb, 1)) < 0
- && (errno == EINTR) )
- ;
-#endif
-#ifdef SSL_HAVE_W32SEM
- rc = ap_release_mutex((mutex *)mc->nMutexSEMID);
-#endif
-#endif
- if (rc != 0)
+ if (apr_lock_destroy(mc->pMutex) != APR_SUCCESS)
return FALSE;
- else
- return TRUE;
+ return TRUE;
}
#endif /* XXX */
projects / apache / commitdiff