mirror of
https://github.com/apache/httpd.git
synced 2025-08-20 16:09:55 +00:00
Replace AcceptMutex, LockFile, RewriteLock, SSLMutex, SSLStaplingMutex,
and WatchdogMutexPath with a single Mutex directive. Add APIs to simplify setup and user customization of APR proc and global mutexes. (See util_mutex.h.) Build-time setting DEFAULT_LOCKFILE is no longer respected; set DEFAULT_REL_RUNTIMEDIR instead. Some existing modules, such as mod_ldap and mod_auth_digest gain configurability for their mutexes. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@883540 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Jeff Trawick
@ -54,7 +54,6 @@ static const command_rec ssl_config_cmds[] = {
|
||||
/*
|
||||
* Global (main-server) context configuration directives
|
||||
*/
|
||||
SSL_CMD_SRV(Mutex, TAKE1, AP_ALL_AVAILABLE_MUTEXES_STRING)
|
||||
SSL_CMD_SRV(PassPhraseDialog, TAKE1,
|
||||
"SSL dialog mechanism for the pass phrase query "
|
||||
"('builtin', '|/path/to/pipe_program', "
|
||||
@ -201,7 +200,6 @@ static const command_rec ssl_config_cmds[] = {
|
||||
/*
|
||||
* OCSP Stapling options
|
||||
*/
|
||||
SSL_CMD_SRV(StaplingMutex, TAKE1, AP_ALL_AVAILABLE_MUTEXES_STRING)
|
||||
SSL_CMD_SRV(StaplingCache, TAKE1,
|
||||
"SSL Stapling Response Cache storage "
|
||||
"(`dbm:/path/to/file')")
|
||||
@ -313,6 +311,12 @@ static int ssl_hook_pre_config(apr_pool_t *pconf,
|
||||
/* Register to handle mod_status status page generation */
|
||||
ssl_scache_status_register(pconf);
|
||||
|
||||
/* Register mutex type names so they can be configured with Mutex */
|
||||
ap_mutex_register(pconf, ssl_cache_mutex_type, NULL, APR_LOCK_DEFAULT, 0);
|
||||
#ifdef HAVE_OCSP_STAPLING
|
||||
ap_mutex_register(pconf, ssl_stapling_mutex_type, NULL, APR_LOCK_DEFAULT, 0);
|
||||
#endif
|
||||
|
||||
return OK;
|
||||
}
|
||||
|
||||
|
||||
@ -61,9 +61,6 @@ SSLModConfigRec *ssl_config_global_create(server_rec *s)
|
||||
*/
|
||||
mc->sesscache_mode = SSL_SESS_CACHE_OFF;
|
||||
mc->sesscache = NULL;
|
||||
mc->nMutexMode = SSL_MUTEXMODE_UNSET;
|
||||
mc->nMutexMech = APR_LOCK_DEFAULT;
|
||||
mc->szMutexFile = NULL;
|
||||
mc->pMutex = NULL;
|
||||
mc->aRandSeed = apr_array_make(pool, 4,
|
||||
sizeof(ssl_randseed_t));
|
||||
@ -74,11 +71,8 @@ SSLModConfigRec *ssl_config_global_create(server_rec *s)
|
||||
mc->szCryptoDevice = NULL;
|
||||
#endif
|
||||
#ifdef HAVE_OCSP_STAPLING
|
||||
mc->stapling_cache = NULL;
|
||||
mc->stapling_mutex_mode = SSL_MUTEXMODE_UNSET;
|
||||
mc->stapling_mutex_mech = APR_LOCK_DEFAULT;
|
||||
mc->stapling_mutex_file = NULL;
|
||||
mc->stapling_mutex = NULL;
|
||||
mc->stapling_cache = NULL;
|
||||
mc->stapling_mutex = NULL;
|
||||
#endif
|
||||
|
||||
memset(mc->pTmpKeys, 0, sizeof(mc->pTmpKeys));
|
||||
@ -383,41 +377,6 @@ void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv)
|
||||
* Configuration functions for particular directives
|
||||
*/
|
||||
|
||||
const char *ssl_cmd_SSLMutex(cmd_parms *cmd,
|
||||
void *dcfg,
|
||||
const char *arg_)
|
||||
{
|
||||
apr_status_t rv;
|
||||
const char *err;
|
||||
SSLModConfigRec *mc = myModConfig(cmd->server);
|
||||
|
||||
if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
|
||||
return err;
|
||||
}
|
||||
|
||||
if (ssl_config_global_isfixed(mc)) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
rv = ap_parse_mutex(arg_, cmd->server->process->pool,
|
||||
&mc->nMutexMech, &mc->szMutexFile);
|
||||
|
||||
if (rv == APR_ENOLOCK) {
|
||||
mc->nMutexMode = SSL_MUTEXMODE_NONE;
|
||||
return NULL;
|
||||
} else if (rv == APR_ENOTIMPL) {
|
||||
return apr_pstrcat(cmd->pool, "Invalid SSLMutex argument ", arg_,
|
||||
" (" AP_ALL_AVAILABLE_MUTEXES_STRING ")", NULL);
|
||||
} else if (rv == APR_BADARG) {
|
||||
return apr_pstrcat(cmd->pool, "Invalid SSLMutex filepath ",
|
||||
arg_, NULL);
|
||||
}
|
||||
|
||||
mc->nMutexMode = SSL_MUTEXMODE_USED;
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *cmd,
|
||||
void *dcfg,
|
||||
const char *arg)
|
||||
@ -1546,44 +1505,6 @@ const char *ssl_cmd_SSLStaplingCache(cmd_parms *cmd,
|
||||
return NULL;
|
||||
}
|
||||
|
||||
const char *ssl_cmd_SSLStaplingMutex(cmd_parms *cmd,
|
||||
void *dcfg,
|
||||
const char *arg_)
|
||||
{
|
||||
apr_status_t rv;
|
||||
const char *err;
|
||||
SSLModConfigRec *mc = myModConfig(cmd->server);
|
||||
|
||||
if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
|
||||
return err;
|
||||
}
|
||||
|
||||
if (ssl_config_global_isfixed(mc)) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
rv = ap_parse_mutex(arg_, cmd->server->process->pool,
|
||||
&mc->stapling_mutex_mech, &mc->stapling_mutex_file);
|
||||
|
||||
if (rv == APR_ENOLOCK) {
|
||||
mc->stapling_mutex_mode = SSL_MUTEXMODE_NONE;
|
||||
return NULL;
|
||||
}
|
||||
else if (rv == APR_ENOTIMPL) {
|
||||
return apr_pstrcat(cmd->pool, "Invalid SSLStaplingMutex argument ",
|
||||
arg_,
|
||||
" (" AP_ALL_AVAILABLE_MUTEXES_STRING ")", NULL);
|
||||
}
|
||||
else if (rv == APR_BADARG) {
|
||||
return apr_pstrcat(cmd->pool, "Invalid SSLStaplingMutex filepath ",
|
||||
arg_, NULL);
|
||||
}
|
||||
|
||||
mc->stapling_mutex_mode = SSL_MUTEXMODE_USED;
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
const char *ssl_cmd_SSLUseStapling(cmd_parms *cmd, void *dcfg, int flag)
|
||||
{
|
||||
SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
|
||||
|
||||
@ -30,10 +30,6 @@
|
||||
|
||||
#include "ssl_private.h"
|
||||
|
||||
#ifdef AP_NEED_SET_MUTEX_PERMS
|
||||
#include "unixd.h"
|
||||
#endif
|
||||
|
||||
int ssl_mutex_init(server_rec *s, apr_pool_t *p)
|
||||
{
|
||||
SSLModConfigRec *mc = myModConfig(s);
|
||||
@ -50,35 +46,13 @@ int ssl_mutex_init(server_rec *s, apr_pool_t *p)
|
||||
if (mc->pMutex) {
|
||||
return TRUE;
|
||||
}
|
||||
else if (mc->nMutexMode == SSL_MUTEXMODE_NONE) {
|
||||
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
|
||||
"An SSLMutex is required for the '%s' session cache",
|
||||
mc->sesscache->name);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if ((rv = apr_global_mutex_create(&mc->pMutex, mc->szMutexFile,
|
||||
mc->nMutexMech, s->process->pool))
|
||||
if ((rv = ap_global_mutex_create(&mc->pMutex, ssl_cache_mutex_type, NULL,
|
||||
s, s->process->pool, 0))
|
||||
!= APR_SUCCESS) {
|
||||
if (mc->szMutexFile)
|
||||
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
|
||||
"Cannot create SSLMutex with file `%s'",
|
||||
mc->szMutexFile);
|
||||
else
|
||||
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
|
||||
"Cannot create SSLMutex");
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
#ifdef AP_NEED_SET_MUTEX_PERMS
|
||||
rv = ap_unixd_set_global_mutex_perms(mc->pMutex);
|
||||
if (rv != APR_SUCCESS) {
|
||||
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
|
||||
"Could not set permissions on ssl_mutex; check User "
|
||||
"and Group directives");
|
||||
return FALSE;
|
||||
}
|
||||
#endif
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
@ -86,21 +60,24 @@ int ssl_mutex_reinit(server_rec *s, apr_pool_t *p)
|
||||
{
|
||||
SSLModConfigRec *mc = myModConfig(s);
|
||||
apr_status_t rv;
|
||||
const char *lockfile;
|
||||
|
||||
if (mc->nMutexMode == SSL_MUTEXMODE_NONE || !mc->sesscache
|
||||
if (mc->pMutex == NULL || !mc->sesscache
|
||||
|| (mc->sesscache->flags & AP_SOCACHE_FLAG_NOTMPSAFE) == 0) {
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
lockfile = apr_global_mutex_lockfile(mc->pMutex);
|
||||
if ((rv = apr_global_mutex_child_init(&mc->pMutex,
|
||||
mc->szMutexFile, p)) != APR_SUCCESS) {
|
||||
if (mc->szMutexFile)
|
||||
lockfile,
|
||||
p)) != APR_SUCCESS) {
|
||||
if (lockfile)
|
||||
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
|
||||
"Cannot reinit SSLMutex with file `%s'",
|
||||
mc->szMutexFile);
|
||||
"Cannot reinit %s mutex with file `%s'",
|
||||
ssl_cache_mutex_type, lockfile);
|
||||
else
|
||||
ap_log_error(APLOG_MARK, APLOG_WARNING, rv, s,
|
||||
"Cannot reinit SSLMutex");
|
||||
"Cannot reinit %s mutex", ssl_cache_mutex_type);
|
||||
return FALSE;
|
||||
}
|
||||
return TRUE;
|
||||
|
||||
@ -39,6 +39,7 @@
|
||||
#include "util_script.h"
|
||||
#include "util_filter.h"
|
||||
#include "util_ebcdic.h"
|
||||
#include "util_mutex.h"
|
||||
#include "apr.h"
|
||||
#include "apr_strings.h"
|
||||
#define APR_WANT_STRFUNC
|
||||
@ -266,15 +267,6 @@ typedef enum {
|
||||
#define SSL_PCM_ISNONZERO 8
|
||||
typedef unsigned int ssl_pathcheck_t;
|
||||
|
||||
/**
|
||||
* Define the SSL mutex modes
|
||||
*/
|
||||
typedef enum {
|
||||
SSL_MUTEXMODE_UNSET = UNSET,
|
||||
SSL_MUTEXMODE_NONE = 0,
|
||||
SSL_MUTEXMODE_USED = 1
|
||||
} ssl_mutexmode_t;
|
||||
|
||||
/**
|
||||
* Define the SSL enabled state
|
||||
*/
|
||||
@ -403,9 +395,6 @@ typedef struct {
|
||||
const ap_socache_provider_t *sesscache;
|
||||
ap_socache_instance_t *sesscache_context;
|
||||
|
||||
ssl_mutexmode_t nMutexMode;
|
||||
apr_lockmech_e nMutexMech;
|
||||
const char *szMutexFile;
|
||||
apr_global_mutex_t *pMutex;
|
||||
apr_array_header_t *aRandSeed;
|
||||
apr_hash_t *tVHostKeys;
|
||||
@ -419,9 +408,6 @@ typedef struct {
|
||||
#ifdef HAVE_OCSP_STAPLING
|
||||
const ap_socache_provider_t *stapling_cache;
|
||||
ap_socache_instance_t *stapling_cache_context;
|
||||
ssl_mutexmode_t stapling_mutex_mode;
|
||||
apr_lockmech_e stapling_mutex_mech;
|
||||
const char *stapling_mutex_file;
|
||||
apr_global_mutex_t *stapling_mutex;
|
||||
#endif
|
||||
|
||||
@ -566,7 +552,6 @@ void *ssl_config_server_create(apr_pool_t *, server_rec *);
|
||||
void *ssl_config_server_merge(apr_pool_t *, void *, void *);
|
||||
void *ssl_config_perdir_create(apr_pool_t *, char *);
|
||||
void *ssl_config_perdir_merge(apr_pool_t *, void *, void *);
|
||||
const char *ssl_cmd_SSLMutex(cmd_parms *, void *, const char *);
|
||||
const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *, void *, const char *);
|
||||
const char *ssl_cmd_SSLCryptoDevice(cmd_parms *, void *, const char *);
|
||||
const char *ssl_cmd_SSLRandomSeed(cmd_parms *, void *, const char *, const char *, const char *);
|
||||
@ -666,7 +651,6 @@ int ssl_engine_disable(conn_rec *c);
|
||||
|
||||
/** OCSP Stapling Support */
|
||||
#ifdef HAVE_OCSP_STAPLING
|
||||
const char *ssl_cmd_SSLStaplingMutex(cmd_parms *, void *, const char *);
|
||||
const char *ssl_cmd_SSLStaplingCache(cmd_parms *, void *, const char *);
|
||||
const char *ssl_cmd_SSLUseStapling(cmd_parms *, void *, int);
|
||||
const char *ssl_cmd_SSLStaplingResponseTimeSkew(cmd_parms *, void *, const char *);
|
||||
@ -741,6 +725,10 @@ int ssl_mutex_off(server_rec *);
|
||||
int ssl_stapling_mutex_init(server_rec *, apr_pool_t *);
|
||||
int ssl_stapling_mutex_reinit(server_rec *, apr_pool_t *);
|
||||
|
||||
/* mutex type names for Mutex directive */
|
||||
#define ssl_cache_mutex_type "ssl-cache"
|
||||
#define ssl_stapling_mutex_type "ssl-stapling"
|
||||
|
||||
/** Logfile Support */
|
||||
void ssl_die(void);
|
||||
void ssl_log_ssl_error(const char *, int, int, server_rec *);
|
||||
|
||||
@ -32,10 +32,6 @@
|
||||
#include "ap_mpm.h"
|
||||
#include "apr_thread_mutex.h"
|
||||
|
||||
#ifdef AP_NEED_SET_MUTEX_PERMS
|
||||
#include "unixd.h"
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_OCSP_STAPLING
|
||||
|
||||
/**
|
||||
@ -480,36 +476,13 @@ int ssl_stapling_mutex_init(server_rec *s, apr_pool_t *p)
|
||||
if (mc->stapling_mutex || sc->server->stapling_enabled != TRUE) {
|
||||
return TRUE;
|
||||
}
|
||||
if (mc->stapling_mutex_mode == SSL_MUTEXMODE_NONE
|
||||
|| mc->stapling_mutex_mode == SSL_MUTEXMODE_UNSET) {
|
||||
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
|
||||
"An SSLStaplingMutex is required for OCSP Stapling");
|
||||
|
||||
if ((rv = ap_global_mutex_create(&mc->stapling_mutex,
|
||||
ssl_stapling_mutex_type, NULL, s,
|
||||
s->process->pool, 0)) != APR_SUCCESS) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if ((rv = apr_global_mutex_create(&mc->stapling_mutex,
|
||||
mc->stapling_mutex_file,
|
||||
mc->stapling_mutex_mech, s->process->pool))
|
||||
!= APR_SUCCESS) {
|
||||
if (mc->stapling_mutex_file)
|
||||
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
|
||||
"Cannot create SSLStaplingMutex with file `%s'",
|
||||
mc->stapling_mutex_file);
|
||||
else
|
||||
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
|
||||
"Cannot create SSLStaplingMutex");
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
#ifdef AP_NEED_SET_MUTEX_PERMS
|
||||
rv = ap_unixd_set_global_mutex_perms(mc->stapling_mutex);
|
||||
if (rv != APR_SUCCESS) {
|
||||
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
|
||||
"Could not set permissions on ssl_mutex; check User "
|
||||
"and Group directives");
|
||||
return FALSE;
|
||||
}
|
||||
#endif
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
@ -517,21 +490,23 @@ int ssl_stapling_mutex_reinit(server_rec *s, apr_pool_t *p)
|
||||
{
|
||||
SSLModConfigRec *mc = myModConfig(s);
|
||||
apr_status_t rv;
|
||||
const char *lockfile;
|
||||
|
||||
if (mc->stapling_mutex == NULL) {
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
lockfile = apr_global_mutex_lockfile(mc->stapling_mutex);
|
||||
if ((rv = apr_global_mutex_child_init(&mc->stapling_mutex,
|
||||
mc->stapling_mutex_file, p)) != APR_SUCCESS) {
|
||||
if (mc->stapling_mutex_file) {
|
||||
lockfile, p)) != APR_SUCCESS) {
|
||||
if (lockfile) {
|
||||
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
|
||||
"Cannot reinit SSLMutex with file `%s'",
|
||||
mc->szMutexFile);
|
||||
"Cannot reinit %s mutex with file `%s'",
|
||||
ssl_stapling_mutex_type, lockfile);
|
||||
}
|
||||
else {
|
||||
ap_log_error(APLOG_MARK, APLOG_WARNING, rv, s,
|
||||
"Cannot reinit SSLMutex");
|
||||
"Cannot reinit %s mutex", ssl_stapling_mutex_type);
|
||||
}
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user