From: Jim Jagielski Date: Sun, 23 Feb 2003 17:12:43 +0000 (+0000) Subject: Right now SSLMutex is bogus. It just uses APR_LOCK_DEFAULT no X-Git-Tag: pre_ajp_proxy~2089 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=694eb48baea2effb9782b3a28df609e3b6777cec;p=apache Right now SSLMutex is bogus. It just uses APR_LOCK_DEFAULT no matter what. We now allow for the full range of APR mutex locking mechanims to be used, while maintaining backwards compatibility. PR: 8122 Obtained from: Submitted by: Reviewed by: William Rowe git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@98771 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 7bba34c25e..acb40a7eb6 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,11 @@ Changes with Apache 2.1.0-dev [Remove entries to the current 2.0 section below, when backported] + *) Allow SSLMutex to select/use the full range of APR locking + mechanisms available to it. Also, fix the bug that SSLMutex uses + APR_LOCK_DEFAULT no matter what. PR 8122 [Jim Jagielski, + martin.t.kutschker@blackbox.net (Martin Kutschker)] + *) Return 413 if chunk-ext-header is too long rather than reading from the truncated line. PR 15857. [Justin Erenkrantz] diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c index 1b2e207b05..9195ee65fc 100644 --- a/modules/ssl/mod_ssl.c +++ b/modules/ssl/mod_ssl.c @@ -79,13 +79,36 @@ #define AP_END_CMD { NULL } +const char ssl_valid_ssl_mutex_string[] = + "Valid SSLMutex mechanisms are: `none', `default'" +#if APR_HAS_FLOCK_SERIALIZE + ", `flock:/path/to/file'" +#endif +#if APR_HAS_FCNTL_SERIALIZE + ", `fcntl:/path/to/file'" +#endif +#if APR_HAS_SYSVSEM_SERIALIZE && !defined(PERCHILD_MPM) + ", `sysvsem'" +#endif +#if APR_HAS_POSIXSEM_SERIALIZE + ", `posixsem'" +#endif +#if APR_HAS_PROC_PTHREAD_SERIALIZE + ", `pthread'" +#endif +#if APR_HAS_FLOCK_SERIALIZE || APR_HAS_FCNTL_SERIALIZE + ", `file:/path/to/file'" +#endif +#if (APR_HAS_SYSVSEM_SERIALIZE && !defined(PERCHILD_MPM)) || APR_HAS_POSIXSEM_SERIALIZE + ", `sem'" +#endif + " "; + static const command_rec ssl_config_cmds[] = { /* * Global (main-server) context configuration directives */ - SSL_CMD_SRV(Mutex, TAKE1, - "SSL lock for handling internal mutual exclusions " - "(`none', `file:/path/to/file')") + SSL_CMD_SRV(Mutex, TAKE1, ssl_valid_ssl_mutex_string) SSL_CMD_SRV(PassPhraseDialog, TAKE1, "SSL dialog mechanism for the pass phrase query " "(`builtin', `|/path/to/pipe_program`, " diff --git a/modules/ssl/mod_ssl.h b/modules/ssl/mod_ssl.h index 8eb1314075..bd451a9064 100644 --- a/modules/ssl/mod_ssl.h +++ b/modules/ssl/mod_ssl.h @@ -420,6 +420,7 @@ typedef struct { apr_rmm_t *pSessionCacheDataRMM; apr_table_t *tSessionCacheDataTable; ssl_mutexmode_t nMutexMode; + apr_lockmech_e nMutexMech; const char *szMutexFile; apr_global_mutex_t *pMutex; apr_array_header_t *aRandSeed; @@ -529,6 +530,9 @@ typedef struct { /* API glue structures */ extern module AP_MODULE_DECLARE_DATA ssl_module; +/* "global" stuff */ +extern const char ssl_valid_ssl_mutex_string[]; + /* configuration handling */ SSLModConfigRec *ssl_config_global_create(server_rec *); void ssl_config_global_fix(SSLModConfigRec *); diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c index 41ea45c46a..f3020edbe5 100644 --- a/modules/ssl/ssl_engine_config.c +++ b/modules/ssl/ssl_engine_config.c @@ -99,6 +99,7 @@ SSLModConfigRec *ssl_config_global_create(server_rec *s) mc->pSessionCacheDataRMM = NULL; mc->tSessionCacheDataTable = NULL; mc->nMutexMode = SSL_MUTEXMODE_UNSET; + mc->nMutexMech = APR_LOCK_DEFAULT; mc->szMutexFile = NULL; mc->pMutex = NULL; mc->aRandSeed = apr_array_make(pool, 4, @@ -383,6 +384,60 @@ const char *ssl_cmd_SSLMutex(cmd_parms *cmd, if (strcEQ(arg, "none") || strcEQ(arg, "no")) { mc->nMutexMode = SSL_MUTEXMODE_NONE; } + /* NOTE: previously, 'yes' implied 'sem' */ + else if (strcEQ(arg, "default") || strcEQ(arg, "yes")) { + mc->nMutexMode = SSL_MUTEXMODE_USED; + mc->nMutexMech = APR_LOCK_DEFAULT; + mc->szMutexFile = NULL; /* APR determines temporary filename */ + } +#if APR_HAS_FLOCK_SERIALIZE + else if (strlen(arg) > 6 && strcEQn(arg, "flock:", 6)) { + const char *file = ap_server_root_relative(cmd->pool, arg+6); + if (!file) { + return apr_pstrcat(cmd->pool, "Invalid SSLMutex flock: path ", + arg+6, NULL); + } + mc->nMutexMode = SSL_MUTEXMODE_USED; + mc->nMutexMech = APR_LOCK_FLOCK; + mc->szMutexFile = apr_psprintf(mc->pPool, "%s.%lu", + file, (unsigned long)getpid()); + } +#endif +#if APR_HAS_FCNTL_SERIALIZE + else if (strlen(arg) > 6 && strcEQn(arg, "fcntl:", 6)) { + const char *file = ap_server_root_relative(cmd->pool, arg+6); + if (!file) { + return apr_pstrcat(cmd->pool, "Invalid SSLMutex fcntl: path ", + arg+6, NULL); + } + mc->nMutexMode = SSL_MUTEXMODE_USED; + mc->nMutexMech = APR_LOCK_FCNTL; + mc->szMutexFile = apr_psprintf(mc->pPool, "%s.%lu", + file, (unsigned long)getpid()); + } +#endif +#if APR_HAS_SYSVSEM_SERIALIZE && !defined(PERCHILD_MPM) + else if (strcEQ(arg, "sysvsem")) { + mc->nMutexMode = SSL_MUTEXMODE_USED; + mc->nMutexMech = APR_LOCK_SYSVSEM; + mc->szMutexFile = NULL; /* APR determines temporary filename */ + } +#endif +#if APR_HAS_POSIXSEM_SERIALIZE + else if (strcEQ(arg, "posixsem")) { + mc->nMutexMode = SSL_MUTEXMODE_USED; + mc->nMutexMech = APR_LOCK_POSIXSEM; + mc->szMutexFile = NULL; /* APR determines temporary filename */ + } +#endif +#if APR_HAS_PROC_PTHREAD_SERIALIZE + else if (strcEQ(arg, "pthread")) { + mc->nMutexMode = SSL_MUTEXMODE_USED; + mc->nMutexMech = APR_LOCK_PROC_PTHREAD; + mc->szMutexFile = NULL; /* APR determines temporary filename */ + } +#endif +#if APR_HAS_FLOCK_SERIALIZE || APR_HAS_FCNTL_SERIALIZE else if (strlen(arg) > 5 && strcEQn(arg, "file:", 5)) { const char *file = ap_server_root_relative(cmd->pool, arg+5); if (!file) { @@ -390,17 +445,32 @@ const char *ssl_cmd_SSLMutex(cmd_parms *cmd, arg+5, NULL); } mc->nMutexMode = SSL_MUTEXMODE_USED; +#if APR_HAS_FLOCK_SERIALIZE + mc->nMutexMech = APR_LOCK_FLOCK; +#endif +#if APR_HAS_FCNTL_SERIALIZE + mc->nMutexMech = APR_LOCK_FCNTL; +#endif mc->szMutexFile = apr_psprintf(mc->pPool, "%s.%lu", file, (unsigned long)getpid()); } - else if (strcEQ(arg, "sem") || strcEQ(arg, "yes")) { +#endif +#if (APR_HAS_SYSVSEM_SERIALIZE && !defined(PERCHILD_MPM)) || APR_HAS_POSIXSEM_SERIALIZE + else if (strcEQ(arg, "sem")) { mc->nMutexMode = SSL_MUTEXMODE_USED; +#if APR_HAS_SYSVSEM_SERIALIZE && !defined(PERCHILD_MPM) + mc->nMutexMech = APR_LOCK_SYSVSEM; +#endif +#if APR_HAS_POSIXSEM_SERIALIZE + mc->nMutexMech = APR_LOCK_POSIXSEM; +#endif mc->szMutexFile = NULL; /* APR determines temporary filename */ } +#endif else { return apr_pstrcat(cmd->pool, "Invalid SSLMutex argument ", - arg, NULL); + arg, " (", ssl_valid_ssl_mutex_string, ")", NULL); } return NULL; diff --git a/modules/ssl/ssl_engine_mutex.c b/modules/ssl/ssl_engine_mutex.c index b407c98474..520f12beec 100644 --- a/modules/ssl/ssl_engine_mutex.c +++ b/modules/ssl/ssl_engine_mutex.c @@ -75,9 +75,13 @@ int ssl_mutex_init(server_rec *s, apr_pool_t *p) if ((rv = apr_global_mutex_create(&mc->pMutex, mc->szMutexFile, APR_LOCK_DEFAULT, p)) != APR_SUCCESS) { - ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, - "Cannot create SSLMutex file `%s'", - mc->szMutexFile); + if (mc->szMutexFile) + ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, + "Cannot create SSLMutex with file `%s'", + mc->szMutexFile); + else + ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, + "Cannot create SSLMutex"); return FALSE; } @@ -96,13 +100,22 @@ int ssl_mutex_init(server_rec *s, apr_pool_t *p) int ssl_mutex_reinit(server_rec *s, apr_pool_t *p) { SSLModConfigRec *mc = myModConfig(s); + apr_status_t rv; if (mc->nMutexMode == SSL_MUTEXMODE_NONE) return TRUE; - if (apr_global_mutex_child_init(&mc->pMutex, - mc->szMutexFile, p) != APR_SUCCESS) + if ((rv = apr_global_mutex_child_init(&mc->pMutex, + mc->szMutexFile, p)) != APR_SUCCESS) { + if (mc->szMutexFile) + ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, + "Cannot reinit SSLMutex with file `%s'", + mc->szMutexFile); + else + ap_log_error(APLOG_MARK, APLOG_WARNING, rv, s, + "Cannot reinit SSLMutex"); return FALSE; + } return TRUE; }