Because SSL's child init is run *after* we change uid/gid. So we need to ensure that file-based

jimjag · jimjag · commit c10e168edeb0 · 2003-03-29T02:18:43.000Z
locks have the correct perms so that the child process can access them git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@99104 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/modules/ssl/mod_ssl.h b/modules/ssl/mod_ssl.h
@@ -406,6 +406,7 @@ typedef struct {
     ssl_mutexmode_t nMutexMode;
     apr_lockmech_e  nMutexMech;
     const char     *szMutexFile;
+    BOOL           ChownMutexFile;
     apr_global_mutex_t   *pMutex;
     apr_array_header_t   *aRandSeed;
     apr_hash_t     *tVHostKeys;
diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
@@ -101,6 +101,7 @@ SSLModConfigRec *ssl_config_global_create(server_rec *s)
     mc->nMutexMode             = SSL_MUTEXMODE_UNSET;
     mc->nMutexMech             = APR_LOCK_DEFAULT;
     mc->szMutexFile            = NULL;
+    mc->ChownMutexFile         = FALSE;
     mc->pMutex                 = NULL;
     mc->aRandSeed              = apr_array_make(pool, 4,
                                                 sizeof(ssl_randseed_t));
@@ -400,6 +401,7 @@ const char *ssl_cmd_SSLMutex(cmd_parms *cmd,
      */
     mc->nMutexMode  = SSL_MUTEXMODE_USED;
     mc->szMutexFile = NULL;
+    mc->ChownMutexFile = FALSE;
 
     /* NOTE: previously, 'yes' implied 'sem' */
     if (!strcasecmp(meth, "default") || !strcasecmp(meth, "yes")) {
@@ -413,6 +415,7 @@ const char *ssl_cmd_SSLMutex(cmd_parms *cmd,
 #if APR_HAS_FLOCK_SERIALIZE
     else if ((!strcasecmp(meth, "flock") || !strcasecmp(meth, "file")) && file) {
         mc->nMutexMech = APR_LOCK_FLOCK;
+        mc->ChownMutexFile = TRUE;
     }
 #endif
 #if APR_HAS_POSIXSEM_SERIALIZE
diff --git a/modules/ssl/ssl_engine_mutex.c b/modules/ssl/ssl_engine_mutex.c
@@ -88,6 +88,8 @@ int ssl_mutex_init(server_rec *s, apr_pool_t *p)
                          "Cannot create SSLMutex");
         return FALSE;
     }
+    if (mc->szMutexFile && mc->ChownMutexFile == TRUE)
+        chown(mc->szMutexFile, unixd_config.user_id, -1);
 
 #if APR_USE_SYSVSEM_SERIALIZE
     rv = unixd_set_global_mutex_perms(mc->pMutex);

Original file line number	Diff line number	Diff line change
`@@ -88,6 +88,8 @@ int ssl_mutex_init(server_rec s, apr_pool_t p)`
`88`	`88`	`"Cannot create SSLMutex");`
`89`	`89`	`return FALSE;`
`90`	`90`	`}`
	`91`	`+ if (mc->szMutexFile && mc->ChownMutexFile == TRUE)`
	`92`	`+ chown(mc->szMutexFile, unixd_config.user_id, -1);`
`91`	`93`
`92`	`94`	`#if APR_USE_SYSVSEM_SERIALIZE`
`93`	`95`	`rv = unixd_set_global_mutex_perms(mc->pMutex);`