[389-commits] mod_revocator crlhelper.cpp, 1.1, 1.2 crlmanager.cpp, 1.4, 1.5 mod_rev.c, 1.5, 1.6 reverror.h, 1.3, 1.4
rcritten
rcritten at fedoraproject.org
Wed Nov 3 19:39:30 UTC 2010
Author: rcritten
Update of /cvs/dirsec/mod_revocator
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv22666
Modified Files:
crlhelper.cpp crlmanager.cpp mod_rev.c reverror.h
Log Message:
Because we are now running the revocator code within each child we can't
kill the parent process. The crlhelper runs as the root, use that to
send the kill signal to the parent instead.
Index: crlhelper.cpp
===================================================================
RCS file: /cvs/dirsec/mod_revocator/crlhelper.cpp,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- crlhelper.cpp 13 Apr 2010 14:11:12 -0000 1.1
+++ crlhelper.cpp 3 Nov 2010 19:39:27 -0000 1.2
@@ -18,6 +18,7 @@
#include <sys/types.h>
#include <sys/ipc.h>
#include <sys/sem.h>
+#include <signal.h>
#include <nss.h>
#include <nspr.h>
#include <secitem.h>
@@ -107,6 +108,7 @@
PRPollDesc pd;
PRIntervalTime timeout = PR_INTERVAL_NO_TIMEOUT;
int semid;
+ pid_t parent_pid;
union semun semarg;
char buf[4096];
char url[4096];
@@ -124,18 +126,19 @@
while (fd < fdlimit)
close(fd++);
- if (argc < 3 || argc > 4) {
- fprintf(stderr, "Usage: crlhelper <semid> <directory> <prefix>\n");
+ if (argc < 4 || argc > 5) {
+ fprintf(stderr, "Usage: crlhelper <semid> <parentpid> <directory> <prefix>\n");
exit(1);
}
semid = strtol(argv[1], NULL, 10);
+ parent_pid = strtol(argv[2], NULL, 10);
/* Initialize NSPR */
PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 256);
/* Initialize NSS and open the certificate database read-only. */
- rv = NSS_Initialize(argv[2], argc == 4 ? argv[3] : NULL, argc == 4 ? argv[3] : NULL, "secmod.db", NSS_INIT_READONLY);
+ rv = NSS_Initialize(argv[3], argc == 5 ? argv[4] : NULL, argc == 5 ? argv[4] : NULL, "secmod.db", NSS_INIT_READONLY);
if (rv != SECSuccess) {
fprintf(stderr, "Unable to initialize NSS database: %d\n", rv);
@@ -187,6 +190,10 @@
continue;
}
#endif
+ if (!(strcmp(url, "kill"))) {
+ kill(parent_pid, SIGTERM);
+ continue;
+ }
/*
* TODO:
Index: crlmanager.cpp
===================================================================
RCS file: /cvs/dirsec/mod_revocator/crlmanager.cpp,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- crlmanager.cpp 13 Apr 2010 14:11:11 -0000 1.4
+++ crlmanager.cpp 3 Nov 2010 19:39:27 -0000 1.5
@@ -66,13 +66,19 @@
sb.sem_op = -1;
sb.sem_flg = SEM_UNDO;
if (semop(crlm->semid, &sb, 1) == -1) {
- perror("semop reserve resource");
+ mystatus.setDetailedError(REV_ERROR_SEMAPHORE_ERROR,
+ "Unable to reserve semaphore resource");
+ return mystatus;
+ /* perror("semop reserve resource"); */
}
void* data = get_crl(crlm->infd, crlm->outfd, inurl, timeout, lastfetchtime, &len, mystatus);
/* unlock the pipe */
sb.sem_op = 1;
if (semop(crlm->semid, &sb, 1) == -1) {
- perror("semop free resource id");
+ mystatus.setDetailedError(REV_ERROR_SEMAPHORE_ERROR,
+ "Unable to free semaphore resource");
+ return mystatus;
+ /* perror("semop free resource id"); */
}
/* We have a special case. If we have an HTTP request and the server
Index: mod_rev.c
===================================================================
RCS file: /cvs/dirsec/mod_revocator/mod_rev.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- mod_rev.c 13 Apr 2010 14:11:11 -0000 1.5
+++ mod_rev.c 3 Nov 2010 19:39:27 -0000 1.6
@@ -110,6 +110,8 @@
RevocationGetError RevGetError = NULL;
+int infd, outfd; /* file descriptors for our semaphore-controlled pipe */
+
PRInt32 RevErrorToString(char* buffer, const PRInt32 maxlen, PRInt32 reverror)
{
return 0;
@@ -207,9 +209,11 @@
*/
if (critical && revocatorInitialized)
{
+ char buffer[1024];
ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
- "Critical CRL update failure. Shutting down server. %d", parent_pid);
- kill(parent_pid, 15);
+ "Critical CRL update failure. Shutting down server pid %d", parent_pid);
+ PR_snprintf(buffer, sizeof(buffer), "%lld %s", 0, "kill");
+ write(outfd, buffer, strlen(buffer));
}
}
return PR_TRUE;
@@ -296,13 +300,15 @@
PRTime age = now - nextupdate;
if (age>maxage)
{
+ char buffer[1024];
/* this CRL is outdated, log it */
ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
- "CRL %s %s is outdated. Shutting down server. %d",
+ "CRL %s %s is outdated. Shutting down server pid %d",
url, subject, parent_pid);
/* we have to shut down the web server */
- kill(parent_pid, 15);
+ PR_snprintf(buffer, sizeof(buffer), "%lld %s", 0, "kill");
+ write(outfd, buffer, strlen(buffer));
}
}
@@ -346,11 +352,12 @@
semctl(sc->semid,0,IPC_SET,&status);
}
- if (sc->nInitCount == 1) {
+ if (sc->nInitCount == 2) {
const char * child_argv[5];
apr_status_t rv;
struct sembuf sb;
char sembuf[32];
+ char pidbuf[32];
if (sc->crlhelper == NULL) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
@@ -376,11 +383,15 @@
}
PR_snprintf(sembuf, 32, "%d", sc->semid);
+ PR_snprintf(pidbuf, 32, "%d", parent_pid);
child_argv[0] = sc->crlhelper;
child_argv[1] = sembuf;
- child_argv[2] = sc->database;
- child_argv[3] = sc->dbprefix;
- child_argv[4] = NULL;
+ child_argv[2] = pidbuf;
+ child_argv[3] = sc->database;
+ child_argv[4] = sc->dbprefix;
+ child_argv[5] = NULL;
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
+ "Parent PID is %d", parent_pid);
rv = apr_procattr_create(&sc->procattr, s->process->pool);
@@ -428,7 +439,6 @@
void* critical = (void *)sc->crlcritical;
Rev_SetFailureCallbackEntryPoint setfcb = NULL;
Rev_SetDownloadCallbackEntryPoint setncb = NULL;
- int infd, outfd;
/* Do nothing until Apache is ready to run */
if (sc->nInitCount < 2) return APR_SUCCESS;
Index: reverror.h
===================================================================
RCS file: /cvs/dirsec/mod_revocator/reverror.h,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- reverror.h 5 Jun 2007 14:38:58 -0000 1.3
+++ reverror.h 3 Nov 2010 19:39:27 -0000 1.4
@@ -54,6 +54,7 @@
const PRInt32 REV_ERROR_MISSING_CRL_DATA = 1014;
const PRInt32 REV_ERROR_BAD_ISSUER_TRUST = 1015;
const PRInt32 REV_ERROR_NOUPDATE_AVAILABLE = 1016;
+const PRInt32 REV_ERROR_SEMAPHORE_ERROR = 1017;
#endif
More information about the 389-commits
mailing list