Author: mturk
Date: Tue Nov 8 09:51:58 2011
New Revision: 1199169
URL: http://svn.apache.org/viewvc?rev=1199169&view=rev
Log:
BZ47678: Part 1. Make sure shared objects have proper security token
Modified:
tomcat/jk/trunk/native/common/jk_shm.c
tomcat/jk/trunk/native/common/jk_util.c
tomcat/jk/trunk/native/common/jk_util.h
tomcat/jk/trunk/native/iis/jk_isapi_plugin.c
Modified: tomcat/jk/trunk/native/common/jk_shm.c
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/native/common/jk_shm.c?rev=1199169&r1=1199168&r2=1199169&view=diff
==============================================================================
--- tomcat/jk/trunk/native/common/jk_shm.c (original)
+++ tomcat/jk/trunk/native/common/jk_shm.c Tue Nov 8 09:51:58 2011
@@ -165,7 +165,7 @@ int jk_shm_open(const char *fname, size_
#if defined (WIN32)
if (fname) {
jk_shm_map = CreateFileMapping(INVALID_HANDLE_VALUE,
- NULL,
+ jk_get_sa_with_null_dacl(),
PAGE_READWRITE,
0,
(DWORD)(sizeof(jk_shm_header_t) + sz),
@@ -185,7 +185,7 @@ int jk_shm_open(const char *fname, size_
jk_shm_hlock = OpenMutex(MUTEX_ALL_ACCESS, FALSE, lkname);
}
else {
- jk_shm_hlock = CreateMutex(NULL, FALSE, lkname);
+ jk_shm_hlock = CreateMutex(jk_get_sa_with_null_dacl(), FALSE,
lkname);
}
if (jk_shm_hlock == NULL || jk_shm_hlock == INVALID_HANDLE_VALUE) {
CloseHandle(jk_shm_map);
Modified: tomcat/jk/trunk/native/common/jk_util.c
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/native/common/jk_util.c?rev=1199169&r1=1199168&r2=1199169&view=diff
==============================================================================
--- tomcat/jk/trunk/native/common/jk_util.c (original)
+++ tomcat/jk/trunk/native/common/jk_util.c Tue Nov 8 09:51:58 2011
@@ -2255,3 +2255,62 @@ void jk_ebcdic2ascii(char *src, char *ds
}
#endif
+
+#if defined (WIN32) || defined(NETWARE)
+
+static PSECURITY_ATTRIBUTES pNullSA;
+static SECURITY_ATTRIBUTES stEmptySA;
+/* To share the objects with other processes, we need a 0 ACL
+ * Code from MS KB Q106387
+ */
+PSECURITY_ATTRIBUTES jk_get_sa_with_null_dacl()
+{
+ DWORD rc = 0;
+ PSECURITY_DESCRIPTOR pSD;
+
+ if (pNullSA != NULL) {
+ return pNullSA;
+ }
+ else {
+ stEmptySA.nLength = (DWORD)sizeof(SECURITY_ATTRIBUTES);
+ stEmptySA.lpSecurityDescriptor = 0;
+ }
+
+ if (!(pNullSA = LocalAlloc(LPTR, sizeof(SECURITY_ATTRIBUTES)))) {
+ rc = GetLastError();
+ goto cleanup;
+ }
+ pNullSA->nLength = (DWORD)sizeof(SECURITY_ATTRIBUTES);
+ pSD = LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
+ if (pSD == 0) {
+ rc = GetLastError();
+ goto cleanup;
+ }
+ pNullSA->lpSecurityDescriptor = pSD;
+ if (!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION)) {
+ rc = GetLastError();
+ goto cleanup;
+ }
+ if (!SetSecurityDescriptorDacl(pSD, TRUE, (PACL)0, FALSE)) {
+ rc = GetLastError();
+ goto cleanup;
+ }
+ pNullSA->lpSecurityDescriptor = pSD;
+ pNullSA->bInheritHandle = FALSE;
+
+ SetLastError(0);
+ return pNullSA;
+
+cleanup:
+ if (pSD)
+ LocalFree(pSD);
+ if (pNullSA)
+ LocalFree(pNullSA);
+
+ pNullSA = &stEmptySA;
+ pNullSA->bInheritHandle = FALSE;
+
+ SetLastError(rc);
+ return pNullSA;
+}
+#endif
Modified: tomcat/jk/trunk/native/common/jk_util.h
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/native/common/jk_util.h?rev=1199169&r1=1199168&r2=1199169&view=diff
==============================================================================
--- tomcat/jk/trunk/native/common/jk_util.h (original)
+++ tomcat/jk/trunk/native/common/jk_util.h Tue Nov 8 09:51:58 2011
@@ -33,6 +33,11 @@
#define JK_SLEEP_DEF (100)
+#ifdef __cplusplus
+extern "C"
+{
+#endif /* __cplusplus */
+
const char *jk_get_bool(int v);
int jk_get_bool_code(const char *v, int def);
@@ -257,11 +262,9 @@ void jk_ebcdic2ascii(char *src, char *ds
int jk_stat(const char *f, struct stat * statbuf);
-#ifdef __cplusplus
-extern "C"
-{
-#endif /* __cplusplus */
-
+#if defined (WIN32) || defined(NETWARE)
+PSECURITY_ATTRIBUTES jk_get_sa_with_null_dacl(void);
+#endif
#ifdef __cplusplus
}
Modified: tomcat/jk/trunk/native/iis/jk_isapi_plugin.c
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/native/iis/jk_isapi_plugin.c?rev=1199169&r1=1199168&r2=1199169&view=diff
==============================================================================
--- tomcat/jk/trunk/native/iis/jk_isapi_plugin.c (original)
+++ tomcat/jk/trunk/native/iis/jk_isapi_plugin.c Tue Nov 8 09:51:58 2011
@@ -2133,8 +2133,8 @@ DWORD WINAPI HttpFilterProc(PHTTP_FILTER
}
}
EnterCriticalSection(&init_cs);
- if (!is_mapread && init_jk(serverName))
- is_mapread = JK_TRUE;
+ if (!is_mapread)
+ is_mapread = init_jk(serverName);
LeaveCriticalSection(&init_cs);
}
/* If we can't read the map we become dormant */
@@ -2211,8 +2211,8 @@ DWORD WINAPI HttpExtensionProc(LPEXTENSI
}
}
EnterCriticalSection(&init_cs);
- if (!is_mapread && init_jk(serverName))
- is_mapread = JK_TRUE;
+ if (!is_mapread)
+ is_mapread = init_jk(serverName);
LeaveCriticalSection(&init_cs);
}
if (!is_mapread)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
