X-Git-Url: http://git.hcoop.net/hcoop/debian/libapache-mod-waklog.git/blobdiff_plain/1196adfef052133e32ddc3e9f624de4f74235926..c69d952fd58649264229f49035560feb65ad0932:/mod_waklog.c diff --git a/mod_waklog.c b/mod_waklog.c index a3830f4..de3609c 100644 --- a/mod_waklog.c +++ b/mod_waklog.c @@ -1,11 +1,68 @@ +#define _LARGEFILE64_SOURCE +#define _GNU_SOURCE + #include "httpd.h" #include "http_config.h" -#include "http_conf_globals.h" #include "http_log.h" #include "http_protocol.h" #include "http_request.h" #include "http_core.h" + +#ifdef sun +#include +#elif linux +#define use_pthreads +#include +#include +#include +#include +#else +#error "make sure you include the right stuff here" +#endif + +#ifndef MAXNAMELEN +#define MAXNAMELEN 1024 +#endif + +#ifdef STANDARD20_MODULE_STUFF +#include +#include +#include +#include + +module AP_MODULE_DECLARE_DATA waklog_module; + +#define MK_POOL apr_pool_t +#define MK_TABLE_GET apr_table_get +#define MK_TABLE_SET apr_table_set +#include "unixd.h" +extern unixd_config_rec unixd_config; +#define ap_user_id unixd_config.user_id +#define ap_group_id unixd_config.group_id +#define ap_user_name unixd_config.user_name +#define command(name, func, var, type, usage) \ + AP_INIT_ ## type (name, (void*) func, \ + (void*)APR_OFFSETOF(waklog_commands, var), \ + OR_AUTHCFG | RSRC_CONF, usage) +typedef struct { + int dummy; +} child_info; + +const char *userdata_key = "waklog_init"; +#else #include "ap_config.h" + +module waklog_module; +#define MK_POOL pool +#define MK_TABLE_GET ap_table_get +#define command(name, func, var, type, usage) \ + { name, func, \ + (void*)XtOffsetOf(waklog_commands, var), \ + OR_AUTHCFG | RSRC_CONF, type, usage } +#endif /* STANDARD20_MODULE_STUFF */ + +#define getModConfig(P, X) P = (waklog_config *) ap_get_module_config( (X)->module_config, &waklog_module ); + #include #if defined(sun) @@ -14,68 +71,74 @@ #include #include #include +#include +#include #include -#define KEYTAB "/home/drh/keytab.itdwww" -#define KEYTAB_PRINCIPAL "itdwww" +#define KEYTAB "/etc/keytab.wwwserver" +#define PRINCIPAL "someplacewwwserver" +#define AFS_CELL "someplace.edu" #define TKT_LIFE 10*60*60 #define SLEEP_TIME TKT_LIFE - 5*60 +/* If there's an error, retry more aggressively */ +#define ERR_SLEEP_TIME 5*60 -#define AFS_CELL "umich.edu" /* NB: lower case */ #define K5PATH "FILE:/tmp/waklog.creds.k5" -#define K4PATH "/tmp/waklog.creds.k4" -module waklog_module; - -typedef struct { +typedef struct +{ + int forked; int configured; int protect; char *keytab; - char *keytab_principal; + char *principal; char *afs_cell; -} waklog_host_config; + MK_POOL *p; +} +waklog_config; typedef struct { struct ktc_token token; } waklog_child_config; waklog_child_config child; -#if 0 - static void * -waklog_create_dir_config( pool *p, char *path ) +static void +log_error(const char *file, int line, int level, int status, + const server_rec *s, const char *fmt, ...) { - waklog_host_config *cfg; + char errstr[1024]; + va_list ap; - cfg = (waklog_host_config *)ap_pcalloc( p, sizeof( waklog_host_config )); - cfg->configured = 0; - cfg->protect = 0; - cfg->keytab = KEYTAB; - cfg->keytab_principal = KEYTAB_PRINCIPAL; - cfg->afs_cell = AFS_CELL; + va_start(ap, fmt); + vsnprintf(errstr, sizeof(errstr), fmt, ap); + va_end(ap); - return( cfg ); -} -#endif /* 0 */ +#ifdef STANDARD20_MODULE_STUFF + ap_log_error(file, line, level | APLOG_NOERRNO, status, s, "%s", errstr); +#else + ap_log_error(file, line, level | APLOG_NOERRNO, s, "%s", errstr); +#endif +} static void * -waklog_create_server_config( pool *p, server_rec *s ) +waklog_create_server_config( MK_POOL *p, server_rec *s ) { - waklog_host_config *cfg; + waklog_config *cfg; - cfg = (waklog_host_config *)ap_pcalloc( p, sizeof( waklog_host_config )); + cfg = (waklog_config *)ap_pcalloc( p, sizeof( waklog_config )); + cfg->p = p; + cfg->forked = 0; cfg->configured = 0; cfg->protect = 0; cfg->keytab = KEYTAB; - cfg->keytab_principal = KEYTAB_PRINCIPAL; + cfg->principal = PRINCIPAL; cfg->afs_cell = AFS_CELL; -#if 0 - ap_set_module_config( s->module_config, &waklog_module, cfg); -#endif /* 0 */ - + log_error( APLOG_MARK, APLOG_DEBUG, 0, s, "mod_waklog: server config created." ); + return( cfg ); } @@ -83,43 +146,26 @@ waklog_create_server_config( pool *p, server_rec *s ) static const char * set_waklog_protect( cmd_parms *params, void *mconfig, int flag ) { - waklog_host_config *cfg; + waklog_config *cfg; -#if 0 - if ( params->path == NULL ) { -#endif /* 0 */ - cfg = (waklog_host_config *) ap_get_module_config( - params->server->module_config, &waklog_module ); -#if 0 - } else { - cfg = (waklog_host_config *)mconfig; - } -#endif /* 0 */ + getModConfig(cfg, params->server ); cfg->protect = flag; cfg->configured = 1; + log_error( APLOG_MARK, APLOG_DEBUG, 0, params->server, "mod_waklog: waklog_protect set" ); return( NULL ); } static const char * -set_waklog_use_keytab( cmd_parms *params, void *mconfig, char *file ) +set_waklog_keytab( cmd_parms *params, void *mconfig, char *file ) { - waklog_host_config *cfg; + waklog_config *cfg; -#if 0 - if ( params->path == NULL ) { -#endif /* 0 */ - cfg = (waklog_host_config *) ap_get_module_config( - params->server->module_config, &waklog_module ); -#if 0 - } else { - cfg = (waklog_host_config *)mconfig; - } -#endif /* 0 */ + getModConfig(cfg, params->server ); - ap_log_error( APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, params->server, - "mod_waklog: will use keytab: %s", file ); + log_error( APLOG_MARK, APLOG_INFO, 0, params->server, + "mod_waklog: will use keytab: %s", file ); cfg->keytab = ap_pstrdup ( params->pool, file ); cfg->configured = 1; @@ -128,25 +174,16 @@ set_waklog_use_keytab( cmd_parms *params, void *mconfig, char *file ) static const char * -set_waklog_use_keytab_principal( cmd_parms *params, void *mconfig, char *file ) +set_waklog_use_principal( cmd_parms *params, void *mconfig, char *file ) { - waklog_host_config *cfg; + waklog_config *cfg; -#if 0 - if ( params->path == NULL ) { -#endif /* 0 */ - cfg = (waklog_host_config *) ap_get_module_config( - params->server->module_config, &waklog_module ); -#if 0 - } else { - cfg = (waklog_host_config *)mconfig; - } -#endif /* 0 */ + getModConfig(cfg, params->server ); - ap_log_error( APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, params->server, - "mod_waklog: will use keytab_principal: %s", file ); + log_error( APLOG_MARK, APLOG_INFO, 0, params->server, + "mod_waklog: will use principal: %s", file ); - cfg->keytab_principal = ap_pstrdup ( params->pool, file ); + cfg->principal = ap_pstrdup ( params->pool, file ); cfg->configured = 1; return( NULL ); } @@ -155,21 +192,12 @@ set_waklog_use_keytab_principal( cmd_parms *params, void *mconfig, char *file ) static const char * set_waklog_use_afs_cell( cmd_parms *params, void *mconfig, char *file ) { - waklog_host_config *cfg; + waklog_config *cfg; -#if 0 - if ( params->path == NULL ) { -#endif /* 0 */ - cfg = (waklog_host_config *) ap_get_module_config( - params->server->module_config, &waklog_module ); -#if 0 - } else { - cfg = (waklog_host_config *)mconfig; - } -#endif /* 0 */ + getModConfig(cfg, params->server ); - ap_log_error( APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, params->server, - "mod_waklog: will use afs_cell: %s", file ); + log_error( APLOG_MARK, APLOG_INFO, 0, params->server, + "mod_waklog: will use afs_cell: %s", file ); cfg->afs_cell = ap_pstrdup( params->pool, file ); cfg->configured = 1; @@ -178,40 +206,48 @@ set_waklog_use_afs_cell( cmd_parms *params, void *mconfig, char *file ) static void -waklog_child_init( server_rec *s, pool *p ) +#ifdef STANDARD20_MODULE_STUFF +waklog_child_init(MK_POOL *p, server_rec *s) +#else +waklog_child_init(server_rec *s, MK_POOL *p) +#endif { + log_error( APLOG_MARK, APLOG_DEBUG, 0, s, + "mod_waklog: child_init called" ); + memset( &child.token, 0, sizeof( struct ktc_token ) ); setpag(); + log_error( APLOG_MARK, APLOG_DEBUG, 0, s, + "mod_waklog: child_init returned" ); + return; } +typedef struct { + int wak_protect; + char *wak_keytab; + char *wak_ktprinc; + char *wak_afscell; +} waklog_commands; command_rec waklog_cmds[ ] = { - { "WaklogProtected", set_waklog_protect, - NULL, RSRC_CONF | ACCESS_CONF, FLAG, - "enable waklog on a location or directory basis" }, + command("WaklogProtected", set_waklog_protect, wak_protect, FLAG, "enable waklog on a location or directory basis"), - { "WaklogUseKeytabPath", set_waklog_use_keytab, - NULL, RSRC_CONF | ACCESS_CONF, TAKE1, - "Use the supplied keytab rather than the default" }, + command("WaklogKeytab", set_waklog_keytab, wak_keytab, TAKE1, "Use the supplied keytab rather than the default"), - { "WaklogUseKeytabPrincipal", set_waklog_use_keytab_principal, - NULL, RSRC_CONF | ACCESS_CONF, TAKE1, - "Use the supplied keytab principal rather than the default" }, + command("WaklogUseKeytabPrincipal", set_waklog_use_principal, wak_ktprinc, TAKE1, "Use the supplied keytab principal rather than the default"), - { "WaklogUseAFSCell", set_waklog_use_afs_cell, - NULL, RSRC_CONF | ACCESS_CONF, TAKE1, - "Use the supplied AFS cell rather than the default" }, + command("WaklogUseAFSCell", set_waklog_use_afs_cell, wak_afscell, TAKE1, "Use the supplied AFS cell rather than the default"), { NULL } }; - static void + static int token_cleanup( void *data ) { request_rec *r = (request_rec *)data; @@ -221,17 +257,17 @@ token_cleanup( void *data ) ktc_ForgetAllTokens(); - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, - "mod_waklog: ktc_ForgetAllTokens succeeded: pid: %d", getpid() ); + log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server, + "mod_waklog: ktc_ForgetAllTokens succeeded: pid: %d", getpid() ); } - return; + return 0; } static int waklog_kinit( server_rec *s ) { - krb5_error_code kerror; + krb5_error_code kerror = 0; krb5_context kcontext = NULL; krb5_principal kprinc = NULL; krb5_get_init_creds_opt kopts; @@ -239,52 +275,39 @@ waklog_kinit( server_rec *s ) krb5_ccache kccache = NULL; krb5_keytab keytab = NULL; char ktbuf[ MAX_KEYTAB_NAME_LEN + 1 ]; - waklog_host_config *cfg; int i; + waklog_config *cfg; - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, s, - "mod_waklog: waklog_kinit called: pid: %d", getpid() ); + log_error( APLOG_MARK, APLOG_DEBUG, 0, s, + "mod_waklog: waklog_kinit called: pid: %d", getpid() ); - cfg = (waklog_host_config *) ap_get_module_config( s->module_config, - &waklog_module ); + getModConfig(cfg, s); if (( kerror = krb5_init_context( &kcontext ))) { - ap_log_error( APLOG_MARK, APLOG_ERR, s, - (char *)error_message( kerror )); + log_error( APLOG_MARK, APLOG_ERR, 0, s, + "mod_waklog: %s", (char *)error_message( kerror )); goto cleanup; } /* use the path */ if (( kerror = krb5_cc_resolve( kcontext, K5PATH, &kccache )) != 0 ) { - ap_log_error( APLOG_MARK, APLOG_ERR, s, - (char *)error_message( kerror )); + log_error( APLOG_MARK, APLOG_ERR, 0, s, + "mod_waklog: %s", (char *)error_message( kerror )); goto cleanup; } - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, s, - "mod_waklog: keytab_principal: %s", cfg->keytab_principal ); + log_error( APLOG_MARK, APLOG_DEBUG, 0, s, + "mod_waklog: principal: %s", cfg->principal ); - if (( kerror = krb5_parse_name( kcontext, cfg->keytab_principal, &kprinc ))) { - ap_log_error( APLOG_MARK, APLOG_ERR, s, - (char *)error_message( kerror )); + if (( kerror = krb5_parse_name( kcontext, cfg->principal, &kprinc ))) { + log_error( APLOG_MARK, APLOG_ERR, 0, s, + "mod_waklog: %s", (char *)error_message( kerror )); goto cleanup; } -#if 0 - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, s, - "mod_waklog: kprinc->realm: %.*s", kprinc->realm.length, kprinc->realm.data ); - - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, s, - "mod_waklog: kprinc->length: %d", kprinc->length ); - for ( i = 0; i < kprinc->length; i++ ) { - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, s, - "mod_waklog: kprinc->data[%d].data: %.*s", i, kprinc->data[i].length, kprinc->data[i].data ); - } -#endif /* 0 */ - krb5_get_init_creds_opt_init( &kopts ); krb5_get_init_creds_opt_set_tkt_life( &kopts, TKT_LIFE ); krb5_get_init_creds_opt_set_renew_life( &kopts, 0 ); @@ -294,12 +317,12 @@ waklog_kinit( server_rec *s ) /* keytab from config */ strncpy( ktbuf, cfg->keytab, sizeof( ktbuf ) - 1 ); - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, s, - "mod_waklog: waklog_kinit using: %s", ktbuf ); + log_error( APLOG_MARK, APLOG_DEBUG, 0, s, + "mod_waklog: waklog_kinit using: %s", ktbuf ); if (( kerror = krb5_kt_resolve( kcontext, ktbuf, &keytab )) != 0 ) { - ap_log_error( APLOG_MARK, APLOG_ERR, s, - (char *)error_message( kerror )); + log_error( APLOG_MARK, APLOG_ERR, 0, s, + "mod_waklog:krb5_kt_resolve %s", (char *)error_message( kerror )); goto cleanup; } @@ -310,58 +333,15 @@ waklog_kinit( server_rec *s ) if (( kerror = krb5_get_init_creds_keytab( kcontext, &v5creds, kprinc, keytab, 0, NULL, &kopts ))) { - ap_log_error( APLOG_MARK, APLOG_ERR, s, - (char *)error_message( kerror )); - - goto cleanup; - } - -#if 0 - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, s, - "mod_waklog: v5creds.client->realm: %.*s", v5creds.client->realm.length, v5creds.client->realm.data ); - - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, s, - "mod_waklog: v5creds.client->length: %d", v5creds.client->length ); - for ( i = 0; i < v5creds.client->length; i++ ) { - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, s, - "mod_waklog: v5creds.client->data[%d].data: %.*s", - i, v5creds.client->data[i].length, v5creds.client->data[i].data ); - } - - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, s, - "mod_waklog: v5creds.server->realm: %.*s", v5creds.server->realm.length, v5creds.server->realm.data ); - - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, s, - "mod_waklog: v5creds.server->length: %d", v5creds.server->length ); - for ( i = 0; i < v5creds.server->length; i++ ) { - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, s, - "mod_waklog: v5creds.server->data[%d].data: %.*s", - i, v5creds.server->data[i].length, v5creds.server->data[i].data ); - } - - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, s, - "mod_waklog: waklog_kinit #4" ); - - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, s, - "mod_waklog: waklog_kinit kprinc==v5creds.server: %s", - krb5_principal_compare( kcontext, kprinc, v5creds.server ) ? "true" : "false" ); -#endif /* 0 */ - -#if 0 -#error the proof of the pudding is in the eating - if (( kerror = krb5_verify_init_creds( kcontext, &v5creds, - v5creds.server, keytab, NULL, &vopts )) != 0 ) { - - ap_log_error( APLOG_MARK, APLOG_ERR, s, - (char *)error_message( kerror )); + log_error( APLOG_MARK, APLOG_ERR, 0, s, + "mod_waklog:krb5_get_init_creds_keytab %s", (char *)error_message( kerror )); goto cleanup; } -#endif /* 0 */ if (( kerror = krb5_cc_initialize( kcontext, kccache, kprinc )) != 0 ) { - ap_log_error( APLOG_MARK, APLOG_ERR, s, - (char *)error_message( kerror )); + log_error( APLOG_MARK, APLOG_ERR, 0, s, + "mod_waklog:krb5_cc_initialize %s", (char *)error_message( kerror )); goto cleanup; } @@ -369,14 +349,14 @@ waklog_kinit( server_rec *s ) kerror = krb5_cc_store_cred( kcontext, kccache, &v5creds ); krb5_free_cred_contents( kcontext, &v5creds ); if ( kerror != 0 ) { - ap_log_error( APLOG_MARK, APLOG_ERR, s, - (char *)error_message( kerror )); + log_error( APLOG_MARK, APLOG_ERR, 0, s, + "mod_waklog: %s", (char *)error_message( kerror )); goto cleanup; } - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, s, - "mod_waklog: waklog_kinit success" ); + log_error( APLOG_MARK, APLOG_DEBUG, 0, s, + "mod_waklog: waklog_kinit success" ); cleanup: if ( keytab ) @@ -388,10 +368,10 @@ cleanup: if ( kcontext ) krb5_free_context( kcontext ); - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, s, - "mod_waklog: waklog_kinit: exiting" ); + log_error( APLOG_MARK, APLOG_DEBUG, 0, s, + "mod_waklog: waklog_kinit: exiting" ); - return( 0 ); + return( kerror ); } @@ -400,7 +380,6 @@ waklog_aklog( request_rec *r ) { int rc; char buf[ MAXKTCTICKETLEN ]; - const char *k4path = NULL; const char *k5path = NULL; krb5_error_code kerror; krb5_context kcontext = NULL; @@ -410,18 +389,17 @@ waklog_aklog( request_rec *r ) struct ktc_principal server = { "afs", "", "" }; struct ktc_principal client; struct ktc_token token; - waklog_host_config *cfg; + waklog_config *cfg; int buflen; - k5path = ap_table_get( r->subprocess_env, "KRB5CCNAME" ); - k4path = ap_table_get( r->subprocess_env, "KRBTKFILE" ); + k5path = MK_TABLE_GET( r->subprocess_env, "KRB5CCNAME" ); - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, - "mod_waklog: waklog_aklog called: k5path: %s, k4path: %s", k5path, k4path ); + log_error( APLOG_MARK, APLOG_INFO, 0, r->server, + "mod_waklog: waklog_aklog called: k5path: %s", k5path ); - if ( !k5path || !k4path || !*k5path || !*k4path ) { - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, - "mod_waklog: waklog_aklog giving up" ); + if ( k5path == NULL ) { + log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server, + "mod_waklog: waklog_aklog giving up" ); goto cleanup; } @@ -431,16 +409,15 @@ waklog_aklog( request_rec *r ) if (( kerror = krb5_init_context( &kcontext ))) { /* Authentication Required ( kerberos error ) */ - ap_log_error( APLOG_MARK, APLOG_ERR, r->server, - (char *)error_message( kerror )); - + log_error( APLOG_MARK, APLOG_ERR, 0, r->server, + (char *)error_message( kerror )); + goto cleanup; } memset( (char *)&increds, 0, sizeof(increds)); - cfg = (waklog_host_config *) ap_get_module_config( - r->server->module_config, &waklog_module ); + getModConfig(cfg, r->server ); /* afs/ or afs */ strncpy( buf, "afs", sizeof( buf ) - 1 ); @@ -451,15 +428,15 @@ waklog_aklog( request_rec *r ) /* set server part */ if (( kerror = krb5_parse_name( kcontext, buf, &increds.server ))) { - ap_log_error( APLOG_MARK, APLOG_ERR, r->server, - (char *)error_message( kerror )); + log_error( APLOG_MARK, APLOG_ERR, 0, r->server, + (char *)error_message( kerror )); goto cleanup; } if (( kerror = krb5_cc_resolve( kcontext, k5path, &kccache )) != 0 ) { - ap_log_error( APLOG_MARK, APLOG_ERR, r->server, - (char *)error_message( kerror )); + log_error( APLOG_MARK, APLOG_ERR, 0, r->server, + (char *)error_message( kerror )); goto cleanup; } @@ -474,15 +451,15 @@ waklog_aklog( request_rec *r ) /* get the V5 credentials */ if (( kerror = krb5_get_credentials( kcontext, 0, kccache, &increds, &v5credsp ) ) ) { - ap_log_error( APLOG_MARK, APLOG_ERR, r->server, - "mod_waklog: krb5_get_credentials: %s", error_message( kerror )); + log_error( APLOG_MARK, APLOG_ERR, 0, r->server, + "mod_waklog: krb5_get_credentials: %s", error_message( kerror )); goto cleanup; } /* don't overflow */ if ( v5credsp->ticket.length >= MAXKTCTICKETLEN ) { /* from krb524d.c */ - ap_log_error( APLOG_MARK, APLOG_ERR, r->server, - "mod_waklog: ticket size (%d) too big to fake", v5credsp->ticket.length ); + log_error( APLOG_MARK, APLOG_ERR, 0, r->server, + "mod_waklog: ticket size (%d) too big to fake", v5credsp->ticket.length ); goto cleanup; } @@ -503,8 +480,8 @@ waklog_aklog( request_rec *r ) sizeof( token.sessionKey ) )) || (memcmp( child.token.ticket, token.ticket, token.ticketLen )) ) { - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, - "mod_waklog: client: %s", buf ); + log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server, + "mod_waklog: client: %s", buf ); /* build the name */ memmove( buf, v5credsp->client->data[0].data, @@ -529,23 +506,22 @@ waklog_aklog( request_rec *r ) /* assemble the server's cell */ strncpy( server.cell, cfg->afs_cell , sizeof( server.cell ) - 1 ); - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, - "mod_waklog: server: name=%s, instance=%s, cell=%s", - server.name, server.instance, server.cell ); - - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, - "mod_waklog: client: name=%s, instance=%s, cell=%s", - client.name, client.instance, client.cell ); + log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server, + "mod_waklog: server: name=%s, instance=%s, cell=%s", + server.name, server.instance, server.cell ); + + log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server, + "mod_waklog: client: name=%s, instance=%s, cell=%s", + client.name, client.instance, client.cell ); /* use the path */ - krb_set_tkt_string( (char *)k4path ); /* rumor: we have to do this for AIX 4.1.4 with AFS 3.4+ */ write( 2, "", 0 ); if ( ( rc = ktc_SetToken( &server, &token, &client, 0 ) ) ) { - ap_log_error( APLOG_MARK, APLOG_ERR, r->server, - "mod_waklog: settoken returned %d", rc ); + log_error( APLOG_MARK, APLOG_ERR, 0, r->server, + "mod_waklog: settoken returned %d", rc ); goto cleanup; } @@ -568,8 +544,8 @@ cleanup: if ( kcontext ) krb5_free_context( kcontext ); - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, - "mod_waklog: finished with waklog_aklog" ); + log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server, + "mod_waklog: finished with waklog_aklog" ); return; @@ -579,81 +555,121 @@ cleanup: waklog_child_routine( void *s, child_info *pinfo ) { if ( !getuid() ) { - ap_log_error( APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, s, - "mod_waklog: waklog_child_routine called as root" ); + log_error( APLOG_MARK, APLOG_DEBUG, 0, s, + "mod_waklog: waklog_child_routine called as root" ); /* this was causing the credential file to get owned by root */ +#ifdef STANDARD20_MODULE_STUFF setgid(ap_group_id); setuid(ap_user_id); +#endif } while( 1 ) { waklog_kinit( s ); + log_error( APLOG_MARK, APLOG_DEBUG, 0, s, + "mod_waklog: child_routine sleeping" ); sleep( SLEEP_TIME ); + log_error( APLOG_MARK, APLOG_DEBUG, 0, s, + "mod_waklog: slept, calling waklog_kinit" ); } } +#ifdef STANDARD20_MODULE_STUFF +static int +waklog_init_handler(apr_pool_t *p, apr_pool_t *plog, + apr_pool_t *ptemp, server_rec *s) +{ + int rv; + extern char *version; + apr_proc_t *proc; + waklog_config *cfg; + void *data; + + getModConfig(cfg, s); + + /* initialize_module() will be called twice, and if it's a DSO + * then all static data from the first call will be lost. Only + * set up our static data on the second call. + * see http://issues.apache.org/bugzilla/show_bug.cgi?id=37519 */ + apr_pool_userdata_get(&data, userdata_key, s->process->pool); + if (!data) { + apr_pool_userdata_set((const void *)1, userdata_key, + apr_pool_cleanup_null, s->process->pool); + } else { + log_error( APLOG_MARK, APLOG_INFO, 0, s, + "mod_waklog: version %s initialized.", version ); + + proc = (apr_proc_t *)ap_pcalloc( s->process->pool, sizeof(apr_proc_t)); + + rv = apr_proc_fork(proc, s->process->pool); + + if (rv == APR_INCHILD) { + waklog_child_routine(s, NULL); + } else { + apr_pool_note_subprocess(s->process->pool, proc, APR_KILL_ALWAYS); + } + /* parent and child */ + cfg->forked = proc->pid; + } + return 0; +} +#else static void -waklog_init( server_rec *s, pool *p ) +waklog_init( server_rec *s, MK_POOL *p ) { extern char *version; int pid; - ap_log_error( APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, s, - "mod_waklog: version %s initialized.", version ); + log_error( APLOG_MARK, APLOG_INFO, 0, s, + "mod_waklog: version %s initialized.", version ); pid = ap_bspawn_child( p, waklog_child_routine, s, kill_always, NULL, NULL, NULL ); - ap_log_error( APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, s, - "mod_waklog: ap_bspawn_child: %d.", pid ); + log_error( APLOG_MARK, APLOG_DEBUG, 0, s, + "mod_waklog: ap_bspawn_child: %d.", pid ); } - +#endif static int waklog_phase0( request_rec *r ) { - waklog_host_config *cfg; + waklog_config *cfg; - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, - "mod_waklog: phase0 called" ); + log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server, + "mod_waklog: phase0 called" ); -#if 0 - /* directory config? */ - cfg = (waklog_host_config *)ap_get_module_config( - r->per_dir_config, &waklog_module); - - - /* server config? */ - if ( !cfg->configured ) { -#endif /* 0 */ - cfg = (waklog_host_config *)ap_get_module_config( - r->server->module_config, &waklog_module); -#if 0 - } -#endif /* 0 */ + getModConfig(cfg, r->server ); + log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server, + "mod_waklog: phase0, checking cfg->protect" ); if ( !cfg->protect ) { - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, - "mod_waklog: phase0 declining" ); + log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server, + "mod_waklog: phase0 declining" ); return( DECLINED ); } - /* set our environment variables */ - ap_table_set( r->subprocess_env, "KRB5CCNAME", K5PATH ); - ap_table_set( r->subprocess_env, "KRBTKFILE", K4PATH ); + log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server, + "mod_waklog: phase0, NOT setting environment variable" ); + /* set our environment variable */ + apr_table_set( r->subprocess_env, "KRB5CCNAME", K5PATH ); + log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server, + "mod_waklog: phase0, checking child.token.ticketLen" ); /* do this only if we are still unauthenticated */ if ( !child.token.ticketLen ) { - + + log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server, + "mod_waklog: phase0, calling waklog_aklog" ); /* stuff the credentials into the kernel */ waklog_aklog( r ); } - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, - "mod_waklog: phase0 returning" ); + log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server, + "mod_waklog: phase0 returning" ); return DECLINED; } @@ -661,43 +677,62 @@ waklog_phase0( request_rec *r ) static int waklog_phase7( request_rec *r ) { - waklog_host_config *cfg; + waklog_config *cfg; - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, - "mod_waklog: phase7 called" ); + log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server, + "mod_waklog: phase7 called" ); -#if 0 - /* directory config? */ - cfg = (waklog_host_config *)ap_get_module_config( - r->per_dir_config, &waklog_module); - - /* server config? */ - if ( !cfg->configured ) { -#endif /* 0 */ - cfg = (waklog_host_config *)ap_get_module_config( - r->server->module_config, &waklog_module); -#if 0 - } -#endif /* 0 */ + getModConfig(cfg, r->server ); if ( !cfg->protect ) { return( DECLINED ); } /* stuff the credentials into the kernel */ + + log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server, + "mod_waklog: phase7, calling waklog_aklog" ); waklog_aklog( r ); - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, - "mod_waklog: phase7 returning" ); + log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server, + "mod_waklog: phase7 returning" ); return DECLINED; } - static void -waklog_new_connection( conn_rec *c ) { - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, c->server, - "mod_waklog: new_connection called: pid: %d", getpid() ); - return; + +static +#ifdef STANDARD20_MODULE_STUFF + int +#else + void +#endif +waklog_new_connection (conn_rec * c +#ifdef STANDARD20_MODULE_STUFF + , void *dummy +#endif + ) +{ + + waklog_commands *cfg; + + log_error (APLOG_MARK, APLOG_DEBUG, 0, c->base_server, + "mod_waklog: new_connection called: pid: %d", getpid ()); + /* + getModConfig(cfg, c->base_server); + + if ( cfg->default_principal ) { + log_error(APLOG_MARK, APLOG_DEBUG, 0, c->base_server, "mod_waklog: new conn setting default user %s", + cfg->default_principal); + set_auth( c->base_server, NULL, 0, cfg->default_principal, cfg->default_keytab, 0); + } + */ + + return +#ifdef STANDARD20_MODULE_STUFF + 0 +#endif + ; } @@ -710,65 +745,31 @@ waklog_new_connection( conn_rec *c ) { ** ** Failure to "unlog" would be a security risk. */ - static int -waklog_phase2( request_rec *r ) +static int +waklog_phase2 (request_rec * r) { - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, - "mod_waklog: phase2 called" ); - if ( child.token.ticketLen ) { - memset( &child.token, 0, sizeof( struct ktc_token ) ); + log_error (APLOG_MARK, APLOG_DEBUG, 0, r->server, + "mod_waklog: phase2 called"); - ktc_ForgetAllTokens(); + if (child.token.ticketLen) + { + memset (&child.token, 0, sizeof (struct ktc_token)); + + ktc_ForgetAllTokens (); - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, - "mod_waklog: ktc_ForgetAllTokens succeeded: pid: %d", getpid() ); + log_error (APLOG_MARK, APLOG_DEBUG, 0, r->server, + "mod_waklog: ktc_ForgetAllTokens succeeded: pid: %d", + getpid ()); } - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, - "mod_waklog: phase2 returning" ); + log_error (APLOG_MARK, APLOG_DEBUG, 0, r->server, + "mod_waklog: phase2 returning"); return DECLINED; } -#if 0 -static int waklog_phase1( request_rec *r ) -{ - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, "mod_waklog: phase1 returning" ); - return DECLINED; -} -static int waklog_phase3( request_rec *r ) -{ - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, "mod_waklog: phase3 returning" ); - return DECLINED; -} -static int waklog_phase4( request_rec *r ) -{ - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, "mod_waklog: phase4 returning" ); - return DECLINED; -} -static int waklog_phase5( request_rec *r ) -{ - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, "mod_waklog: phase5 returning" ); - return DECLINED; -} -static int waklog_phase6( request_rec *r ) -{ - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, "mod_waklog: phase6 returning" ); - return DECLINED; -} -static void waklog_phase8( request_rec *r ) -{ - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, "mod_waklog: phase8 returning" ); - return; -} -static int waklog_phase9( request_rec *r ) -{ - ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, "mod_waklog: phase9 returning" ); - return DECLINED; -} -#endif /* 0 */ - +#ifndef STANDARD20_MODULE_STUFF module MODULE_VAR_EXPORT waklog_module = { STANDARD_MODULE_STUFF, waklog_init, /* module initializer */ @@ -800,3 +801,28 @@ module MODULE_VAR_EXPORT waklog_module = { waklog_new_connection /* EAPI: new_connection */ #endif }; +#else +static void +waklog_register_hooks (apr_pool_t * p) +{ + ap_hook_header_parser (waklog_phase2, NULL, NULL, APR_HOOK_FIRST); + ap_hook_fixups (waklog_phase7, NULL, NULL, APR_HOOK_FIRST); + ap_hook_child_init (waklog_child_init, NULL, NULL, APR_HOOK_FIRST); + ap_hook_post_read_request (waklog_phase0, NULL, NULL, APR_HOOK_FIRST); + ap_hook_pre_connection (waklog_new_connection, NULL, NULL, APR_HOOK_FIRST); + ap_hook_post_config (waklog_init_handler, NULL, NULL, APR_HOOK_MIDDLE); +} + + +module AP_MODULE_DECLARE_DATA waklog_module = +{ + STANDARD20_MODULE_STUFF, + NULL, /* create per-dir conf structures */ + NULL, /* merge per-dir conf structures */ + waklog_create_server_config, /* create per-server conf structures */ + NULL, /* merge per-server conf structures */ + waklog_cmds, /* table of configuration directives */ + waklog_register_hooks /* register hooks */ +}; +#endif +