1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
/* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/* _ _
* _ __ ___ ___ __| | ___ ___| | mod_ssl
* | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
* | | | | | | (_) | (_| | \__ \__ \ |
* |_| |_| |_|\___/ \__,_|___|___/___/_|
* |_____|
* ssl_engine_mutex.c
* Semaphore for Mutual Exclusion
*/
/* ``Real programmers confuse
Christmas and Halloween
because DEC 25 = OCT 31.''
-- Unknown */
#include "ssl_private.h"
#ifdef AP_NEED_SET_MUTEX_PERMS
#include "unixd.h"
#endif
int ssl_mutex_init(server_rec *s, apr_pool_t *p)
{
SSLModConfigRec *mc = myModConfig(s);
apr_status_t rv;
/* A mutex is only needed if a session cache is configured, and
* the provider used is not internally multi-process/thread
* safe. */
if (!mc->sesscache
|| (mc->sesscache->flags & MODSSL_SESSCACHE_FLAG_NOTMPSAFE) == 0) {
return TRUE;
}
if (mc->pMutex) {
return TRUE;
}
else if (mc->nMutexMode == SSL_MUTEXMODE_NONE) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"An SSLMutex is required for the '%s' session cache",
mc->sesscache->name);
return FALSE;
}
if ((rv = apr_global_mutex_create(&mc->pMutex, mc->szMutexFile,
mc->nMutexMech, s->process->pool))
!= APR_SUCCESS) {
if (mc->szMutexFile)
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
"Cannot create SSLMutex with file `%s'",
mc->szMutexFile);
else
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
"Cannot create SSLMutex");
return FALSE;
}
#ifdef AP_NEED_SET_MUTEX_PERMS
rv = unixd_set_global_mutex_perms(mc->pMutex);
if (rv != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
"Could not set permissions on ssl_mutex; check User "
"and Group directives");
return FALSE;
}
#endif
return TRUE;
}
int ssl_mutex_reinit(server_rec *s, apr_pool_t *p)
{
SSLModConfigRec *mc = myModConfig(s);
apr_status_t rv;
if (mc->nMutexMode == SSL_MUTEXMODE_NONE || !mc->sesscache
|| (mc->sesscache->flags & MODSSL_SESSCACHE_FLAG_NOTMPSAFE) == 0) {
return TRUE;
}
if ((rv = apr_global_mutex_child_init(&mc->pMutex,
mc->szMutexFile, p)) != APR_SUCCESS) {
if (mc->szMutexFile)
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
"Cannot reinit SSLMutex with file `%s'",
mc->szMutexFile);
else
ap_log_error(APLOG_MARK, APLOG_WARNING, rv, s,
"Cannot reinit SSLMutex");
return FALSE;
}
return TRUE;
}
int ssl_mutex_on(server_rec *s)
{
SSLModConfigRec *mc = myModConfig(s);
apr_status_t rv;
if ((rv = apr_global_mutex_lock(mc->pMutex)) != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_WARNING, rv, s,
"Failed to acquire SSL session cache lock");
return FALSE;
}
return TRUE;
}
int ssl_mutex_off(server_rec *s)
{
SSLModConfigRec *mc = myModConfig(s);
apr_status_t rv;
if ((rv = apr_global_mutex_unlock(mc->pMutex)) != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_WARNING, rv, s,
"Failed to release SSL session cache lock");
return FALSE;
}
return TRUE;
}
|
