/** * Initialise the modsecurity engine. This function must be invoked * after configuration processing is complete as Apache needs to know the * username it is running as. */ int modsecurity_init(msc_engine *msce, apr_pool_t *mp) { apr_status_t rc; /* auditlog互斥锁 */ rc = apr_global_mutex_create(&msce->auditlog_lock, NULL, APR_LOCK_DEFAULT, mp); if (rc != APR_SUCCESS) { return -1; } #ifdef __SET_MUTEX_PERMS #if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 2 rc = ap_unixd_set_global_mutex_perms(msce->auditlog_lock); #else rc = unixd_set_global_mutex_perms(msce->auditlog_lock); #endif if (rc != APR_SUCCESS) { return -1; } #endif /* SET_MUTEX_PERMS */ /* geo互斥锁 */ rc = apr_global_mutex_create(&msce->geo_lock, NULL, APR_LOCK_DEFAULT, mp); if (rc != APR_SUCCESS) { return -1; } #ifdef __SET_MUTEX_PERMS #if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 2 rc = ap_unixd_set_global_mutex_perms(msce->geo_lock); #else rc = unixd_set_global_mutex_perms(msce->geo_lock); #endif if (rc != APR_SUCCESS) { return -1; } #endif /* SET_MUTEX_PERMS */ #ifdef DEBUG_FILELOG const char *file_name = ap_server_root_relative(mp, "logs/audit_log"); rc = apr_file_open(&auditlog_fd, file_name, APR_WRITE | APR_APPEND | APR_CREATE | APR_BINARY, CREATEMODE, mp); if (rc != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, "Create or open audit failed."); return -1; } #endif return 1; }
/* * initialized the shared memory block in the parent process */ int oidc_cache_shm_post_config(server_rec *s) { oidc_cfg *cfg = (oidc_cfg *) ap_get_module_config(s->module_config, &auth_openidc_module); if (cfg->cache_cfg != NULL) return APR_SUCCESS; oidc_cache_cfg_shm_t *context = oidc_cache_shm_cfg_create(s->process->pool); cfg->cache_cfg = context; /* create the shared memory segment */ apr_status_t rv = apr_shm_create(&context->shm, sizeof(oidc_cache_shm_entry_t) * cfg->cache_shm_size_max, NULL, s->process->pool); if (rv != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, "oidc_cache_shm_post_config: apr_shm_create failed to create shared memory segment"); return HTTP_INTERNAL_SERVER_ERROR; } /* initialize the whole segment to '/0' */ int i; oidc_cache_shm_entry_t *table = apr_shm_baseaddr_get(context->shm); for (i = 0; i < cfg->cache_shm_size_max; i++) { table[i].key[0] = '\0'; table[i].access = 0; } const char *dir; apr_temp_dir_get(&dir, s->process->pool); /* construct the mutex filename */ context->mutex_filename = apr_psprintf(s->process->pool, "%s/httpd_mutex.%ld.%pp", dir, (long int) getpid(), s); /* create the mutex lock */ rv = apr_global_mutex_create(&context->mutex, (const char *) context->mutex_filename, APR_LOCK_DEFAULT, s->process->pool); if (rv != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, "oidc_cache_shm_post_config: apr_global_mutex_create failed to create mutex on file %s", context->mutex_filename); return HTTP_INTERNAL_SERVER_ERROR; } /* need this on Linux */ #ifdef AP_NEED_SET_MUTEX_PERMS #if MODULE_MAGIC_NUMBER_MAJOR >= 20081201 rv = ap_unixd_set_global_mutex_perms(context->mutex); #else rv = unixd_set_global_mutex_perms(context->mutex); #endif if (rv != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, "oidc_cache_shm_post_config: unixd_set_global_mutex_perms failed; could not set permissions "); return HTTP_INTERNAL_SERVER_ERROR; } #endif return OK; }
/** * Initialise the modsecurity engine. This function must be invoked * after configuration processing is complete as Apache needs to know the * username it is running as. */ int modsecurity_init(msc_engine *msce, apr_pool_t *mp) { apr_status_t rc; /* Serial audit log mutext */ rc = apr_global_mutex_create(&msce->auditlog_lock, NULL, APR_LOCK_DEFAULT, mp); if (rc != APR_SUCCESS) { //ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, "mod_security: Could not create modsec_auditlog_lock"); //return HTTP_INTERNAL_SERVER_ERROR; return -1; } #if !defined(MSC_TEST) #ifdef __SET_MUTEX_PERMS #if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 2 rc = ap_unixd_set_global_mutex_perms(msce->auditlog_lock); #else rc = unixd_set_global_mutex_perms(msce->auditlog_lock); #endif if (rc != APR_SUCCESS) { // ap_log_error(APLOG_MARK, APLOG_ERR, rc, s, "mod_security: Could not set permissions on modsec_auditlog_lock; check User and Group directives"); // return HTTP_INTERNAL_SERVER_ERROR; return -1; } #endif /* SET_MUTEX_PERMS */ rc = apr_global_mutex_create(&msce->geo_lock, NULL, APR_LOCK_DEFAULT, mp); if (rc != APR_SUCCESS) { return -1; } #ifdef __SET_MUTEX_PERMS #if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 2 rc = ap_unixd_set_global_mutex_perms(msce->geo_lock); #else rc = unixd_set_global_mutex_perms(msce->geo_lock); #endif if (rc != APR_SUCCESS) { return -1; } #endif /* SET_MUTEX_PERMS */ #endif return 1; }