Mladen Turk
Fri, 18 Jul 2008 22:14:16 -0700
Hi, Think this is valuable function that is usable beyond the httpd. It sets the uid/gid permissions to the proc_mutex usually before doing fork. I'll have the win32 implementation as well and I plan to do the same thing for shared memory. Comments? Regards -- ^(TM)
Index: locks/unix/proc_mutex.c
===================================================================
--- locks/unix/proc_mutex.c (revision 677948)
+++ locks/unix/proc_mutex.c (working copy)
@@ -915,6 +915,40 @@
return NULL;
}
+APR_DECLARE(apr_status_t) apr_proc_mutex_set_perms(apr_proc_mutex_t *mutex,
+ apr_fileperms_t perms,
+ apr_uid_t *uid,
+ apr_gid_t *gid)
+{
+
+ if (!geteuid()) {
+#if APR_HAS_SYSVSEM_SERIALIZE
+ if (mutex->meth == &mutex_sysv_methods) {
+ union semun ick;
+ struct semid_ds buf;
+ buf.sem_perm.uid = *uid;
+ buf.sem_perm.gid = *gid;
+ buf.sem_perm.mode = apr_unix_perms2mode(perms);
+ ick.buf = &buf;
+ if (semctl(mutex->interproc->filedes, 0, IPC_SET, ick) < 0) {
+ return errno;
+ }
+ }
+#endif
+#if APR_HAS_FLOCK_SERIALIZE
+ if (mutex->meth == &mutex_flock_methods) {
+ if (mutex->fname) {
+ if (chown(mutex->fname, *uid,
+ -1 /* no gid change */) < 0) {
+ return errno;
+ }
+ }
+ }
+#endif
+ }
+ return APR_SUCCESS;
+}
+
APR_POOL_IMPLEMENT_ACCESSOR(proc_mutex)
/* Implement OS-specific accessors defined in apr_portable.h */
Index: include/apr_proc_mutex.h
===================================================================
--- include/apr_proc_mutex.h (revision 677948)
+++ include/apr_proc_mutex.h (working copy)
@@ -25,6 +25,8 @@
#include "apr.h"
#include "apr_pools.h"
#include "apr_errno.h"
+#include "apr_user.h"
+#include "apr_file_info.h"
#ifdef __cplusplus
extern "C" {
@@ -152,6 +154,18 @@
APR_DECLARE(const char *) apr_proc_mutex_defname(void);
/**
+ * Set mutex perimissions.
+ * @param mutex the mutex to set.
+ * @param perms Access permissions for the mutex. Mimics Unix access rights.
+ * @param uid Effective UID of owner to set.
+ * @param gid Effective DID of owner to set.
+ */
+APR_DECLARE(apr_status_t) apr_proc_mutex_set_perms(apr_proc_mutex_t *mutex,
+ apr_fileperms_t perms,
+ apr_uid_t *uid,
+ apr_gid_t *gid);
+
+/**
* Get the pool used by this proc_mutex.
* @return apr_pool_t the pool
*/
Index: include/arch/unix/apr_arch_proc_mutex.h
===================================================================
--- include/arch/unix/apr_arch_proc_mutex.h (revision 677948)
+++ include/arch/unix/apr_arch_proc_mutex.h (working copy)
@@ -26,6 +26,7 @@
#include "apr_portable.h"
#include "apr_file_io.h"
#include "apr_arch_file_io.h"
+#include "apr_user.h"
/* System headers required by Locks library */
#if APR_HAVE_SYS_TYPES_H