Final version of sigchild fixes.

diff --git a/mod_authnz_external/CHANGES b/mod_authnz_external/CHANGES
index eb30cc21f09c4fcd6ee1476c22802c2358614744..a882d8bd1684e7235a21edd7f31df59b61ca773a 100644 (file)
--- a/mod_authnz_external/CHANGES
+++ b/mod_authnz_external/CHANGES
@@ -1,13 +1,22 @@
-v3.2.4   (Jan Wolter - May 15, 2009)
+v3.2.4   (Jan Wolter - May 20, 2009)
 -----------------------------------------------
  * Dropped the radius code from the distribution, because of possible problems
-   with it's license.
+   with it's license.  Thanks to Hai Zaar for pointing out this problem.
  * Modified AuthExternal directive to be able to take more than one
    authenticator name.  If more than one is defined, then each authenticator
    is run in turn, until one succeeds or all have failed.  Probably a similar
    change should be made to GroupExternal, but it hasn't been done yet because
-   it's a more complex change and nobody has asked for it.
- * Clean-up of handling of return codes from apr_proc_wait().
+   it's a more complex change and nobody has asked for it.  Thanks to Andreas
+   Ntaflos for suggesting this change.
+ * Inserted code to restore SIGCHLD to default before running the
+   authenticator.  Sometime other modules (like php built with the
+   --enable-sigchild option) leave SIGCHLD messed up, which would cause
+   problems with getting the return code back from authenticators.  We
+   restore SIGCHLD to whatever state it was in originally after the
+   authenticator terminates.  Thanks to Stefan Mehlhorn for reporting this
+   problem and providing the help needed to diagnose it.
+ * Clean-up of handling of return codes from apr_proc_wait() to be more
+   formally correct.
 
 v3.2.3   (Jan Wolter - Feb 26, 2009)
 -----------------------------------------------

diff --git a/mod_authnz_external/mod_authnz_external.c b/mod_authnz_external/mod_authnz_external.c
index 9ed273840c661ee1ba4cf80284e1b68df3601873..99d46f7a869678a9dc55d720ef03b10c60cda3a4 100644 (file)
--- a/mod_authnz_external/mod_authnz_external.c
+++ b/mod_authnz_external/mod_authnz_external.c
@@ -66,6 +66,7 @@
 #include "ap_config.h"
 #include "ap_provider.h"
 #include "mod_auth.h"
+#include "apr_signal.h"
 
 #define APR_WANT_STRFUNC
 #include "apr_want.h"
@@ -438,6 +439,7 @@ static int exec_external(const char *extpath, const char *extmethod,
     const char *t;
     int i, status= -4;
     apr_exit_why_e why= APR_PROC_EXIT;
+    apr_sigfunc_t *sigchld;
 
     /* Set various flags based on the execution method */
 
@@ -533,6 +535,10 @@ static int exec_external(const char *extpath, const char *extmethod,
        return -3;
     }
 
+    /* Sometimes other modules wil mess up sigchild.  Need to fix it for
+     * the wait call to work correctly.  */
+    sigchld= apr_signal(SIGCHLD,SIG_DFL);
+
     /* Start the child process */
     rc= apr_proc_create(&proc, child_arg[0],
        (const char * const *)child_arg,
@@ -566,16 +572,21 @@ static int exec_external(const char *extpath, const char *extmethod,
        apr_file_close(proc.in);
     }
 
-    if (!APR_STATUS_IS_CHILD_DONE(apr_proc_wait(&proc,&status,&why,APR_WAIT)))
+    /* Wait for the child process to terminate, and get status */
+    rc= apr_proc_wait(&proc,&status,&why,APR_WAIT);
+
+    /* Restore sigchild to whatever it was before we reset it */
+    apr_signal(SIGCHLD,sigchld);
+
+    if (!APR_STATUS_IS_CHILD_DONE(rc))
     {
-       /* Should never happen */
        ap_log_rerror(APLOG_MARK, APLOG_ERR, rc, r,
-               "Error waiting for external authenticator");
+               "Could not get status from child process");
        return -5;
     }
     if (!APR_PROC_CHECK_EXIT(why))
     {
-       ap_log_rerror(APLOG_MARK, APLOG_ERR, rc, r,
+       ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                "External authenticator died on signal %d",status);
        return -2;
     }