HCoop / hcoop / debian / libapache-mod-waklog.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
fewer #includes
[hcoop/debian/libapache-mod-waklog.git] / mod_waklog.c
CommitLineData
bed98ff9 1#include "httpd.h"
2#include "http_config.h"
7193eb01 3#include "http_conf_globals.h"
bed98ff9 4#include "http_log.h"
7193eb01 5#include "http_protocol.h"
6#include "http_request.h"
7#include "http_core.h"
bed98ff9 8#include "ap_config.h"
4e1ae1cd 9#include <krb5.h>
bed98ff9 10
7193eb01 11#if defined(sun)
bed98ff9 12#include <sys/ioccom.h>
7193eb01 13#endif /* sun */
bed98ff9 14#include <stropts.h>
8258901d 15#if 0
bed98ff9 16#include <kerberosIV/krb.h>
17#include <kerberosIV/des.h>
8258901d 18#endif /* 0 */
bed98ff9 19#include <afs/venus.h>
7193eb01 20#include <afs/auth.h>
21#include <rx/rxkad.h>
22
8258901d 23#if 0
7193eb01 24#include <asm/bitops.h>
25#include <sys/shm.h>
8258901d 26#endif /* 0 */
bed98ff9 27
58bbdc54 28#define KEYTAB "/home/drh/keytab.umweb.drhtest"
29#define KEYTAB_PRINCIPAL "umweb/drhtest"
4e1ae1cd 30
58bbdc54 31#define TKT_LIFE 10*60*60
32#define SLEEP_TIME 5*60 /* should be TKT_LIFE */
33
34#define AFS_CELL "umich.edu" /* NB: lower case */
35
36#define K5PATH "FILE:/tmp/waklog.creds.k5"
37#define K4PATH "/tmp/waklog.creds.k4"
7193eb01 38
313dde40 39module waklog_module;
bed98ff9 40
41struct ClearToken {
42 long AuthHandle;
43 char HandShakeKey[ 8 ];
44 long ViceId;
45 long BeginTimestamp;
46 long EndTimestamp;
47};
48
313dde40 49typedef struct {
4e1ae1cd 50 int configured;
51 int protect;
52 char *keytab;
7193eb01 53 char *keytab_principal;
403921ef 54 char *afs_cell;
313dde40 55} waklog_host_config;
56
7193eb01 57typedef struct {
58 struct ktc_token token;
59} waklog_child_config;
58bbdc54 60waklog_child_config child;
61
e21f34f0 62
313dde40 63 static void *
64waklog_create_dir_config( pool *p, char *path )
65{
66 waklog_host_config *cfg;
67
68 cfg = (waklog_host_config *)ap_pcalloc( p, sizeof( waklog_host_config ));
69 cfg->configured = 0;
70 cfg->protect = 0;
58bbdc54 71 cfg->keytab = KEYTAB;
72 cfg->keytab_principal = KEYTAB_PRINCIPAL;
73 cfg->afs_cell = AFS_CELL;
313dde40 74
75 return( cfg );
76}
77
78
79 static void *
80waklog_create_server_config( pool *p, server_rec *s )
81{
82 waklog_host_config *cfg;
83
84 cfg = (waklog_host_config *)ap_pcalloc( p, sizeof( waklog_host_config ));
85 cfg->configured = 0;
86 cfg->protect = 0;
58bbdc54 87 cfg->keytab = KEYTAB;
88 cfg->keytab_principal = KEYTAB_PRINCIPAL;
89 cfg->afs_cell = AFS_CELL;
313dde40 90
91 return( cfg );
92}
93
94
313dde40 95 static const char *
96set_waklog_protect( cmd_parms *params, void *mconfig, int flag )
97{
98 waklog_host_config *cfg;
99
100 if ( params->path == NULL ) {
101 cfg = (waklog_host_config *) ap_get_module_config(
102 params->server->module_config, &waklog_module );
103 } else {
104 cfg = (waklog_host_config *)mconfig;
105 }
106
107 cfg->protect = flag;
108 cfg->configured = 1;
109 return( NULL );
110}
111
112
4e1ae1cd 113 static const char *
114set_waklog_use_keytab( cmd_parms *params, void *mconfig, char *file )
115{
116 waklog_host_config *cfg;
117
118 if ( params->path == NULL ) {
119 cfg = (waklog_host_config *) ap_get_module_config(
120 params->server->module_config, &waklog_module );
121 } else {
122 cfg = (waklog_host_config *)mconfig;
123 }
124
3ed1e28a 125 ap_log_error( APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, params->server,
126 "mod_waklog: using keytab: %s", file );
127
4e1ae1cd 128 cfg->keytab = file;
129 cfg->configured = 1;
130 return( NULL );
131}
132
133
58bbdc54 134 static const char *
135set_waklog_use_keytab_principal( cmd_parms *params, void *mconfig, char *file )
b74fad73 136{
58bbdc54 137 waklog_host_config *cfg;
7193eb01 138
58bbdc54 139 if ( params->path == NULL ) {
140 cfg = (waklog_host_config *) ap_get_module_config(
141 params->server->module_config, &waklog_module );
142 } else {
143 cfg = (waklog_host_config *)mconfig;
7193eb01 144 }
145
58bbdc54 146 ap_log_error( APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, params->server,
147 "mod_waklog: using keytab_principal: %s", file );
148
149 cfg->keytab_principal = file;
150 cfg->configured = 1;
151 return( NULL );
152}
153
154
155 static const char *
156set_waklog_use_afs_cell( cmd_parms *params, void *mconfig, char *file )
157{
158 waklog_host_config *cfg;
159
160 if ( params->path == NULL ) {
161 cfg = (waklog_host_config *) ap_get_module_config(
162 params->server->module_config, &waklog_module );
163 } else {
164 cfg = (waklog_host_config *)mconfig;
165 }
166
167 ap_log_error( APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, params->server,
168 "mod_waklog: using afs_cell: %s", file );
169
170 cfg->afs_cell = file;
171 cfg->configured = 1;
172 return( NULL );
173}
174
175
176 static void
177waklog_child_init( server_rec *s, pool *p )
178{
179
180 memset( &child.token, 0, sizeof( struct ktc_token ) );
7193eb01 181
b74fad73 182 setpag();
7193eb01 183
b74fad73 184 return;
185}
186
187
313dde40 188command_rec waklog_cmds[ ] =
189{
190 { "WaklogProtected", set_waklog_protect,
191 NULL, RSRC_CONF | ACCESS_CONF, FLAG,
192 "enable waklog on a location or directory basis" },
193
58bbdc54 194 { "WaklogUseKeytabPath", set_waklog_use_keytab,
195 NULL, RSRC_CONF, TAKE1,
196 "Use the supplied keytab rather than the default" },
197
198 { "WaklogUseKeytabPrincipal", set_waklog_use_keytab_principal,
199 NULL, RSRC_CONF, TAKE1,
200 "Use the supplied keytab principal rather than the default" },
201
202 { "WaklogUseAFSCell", set_waklog_use_afs_cell,
4e1ae1cd 203 NULL, RSRC_CONF, TAKE1,
58bbdc54 204 "Use the supplied AFS cell rather than the default" },
4e1ae1cd 205
313dde40 206 { NULL }
207};
208
209
bed98ff9 210 static void
e2df6441 211token_cleanup( void *data )
bed98ff9 212{
213 request_rec *r = (request_rec *)data;
bed98ff9 214
58bbdc54 215 if ( child.token.ticketLen ) {
216 memset( &child.token, 0, sizeof( struct ktc_token ) );
bed98ff9 217
7193eb01 218 ktc_ForgetAllTokens();
bed98ff9 219
7193eb01 220 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server,
58bbdc54 221 "mod_waklog: ktc_ForgetAllTokens succeeded: pid: %d", getpid() );
7193eb01 222 }
b74fad73 223 return;
bed98ff9 224}
225
226
4e1ae1cd 227 static int
e2df6441 228waklog_kinit( server_rec *s )
4e1ae1cd 229{
230 krb5_error_code kerror;
e2df6441 231 krb5_context kcontext = NULL;
232 krb5_principal kprinc = NULL;
4e1ae1cd 233 krb5_get_init_creds_opt kopts;
7193eb01 234 krb5_creds v5creds;
e2df6441 235 krb5_ccache kccache = NULL;
236 krb5_keytab keytab = NULL;
4e1ae1cd 237 char ktbuf[ MAX_KEYTAB_NAME_LEN + 1 ];
e21f34f0 238 waklog_host_config *cfg;
4e1ae1cd 239
e21f34f0 240 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, s,
e2df6441 241 "mod_waklog: waklog_kinit called" );
4e1ae1cd 242
58bbdc54 243 cfg = (waklog_host_config *) ap_get_module_config( s->module_config,
244 &waklog_module );
245
e21f34f0 246 if (( kerror = krb5_init_context( &kcontext ))) {
247 ap_log_error( APLOG_MARK, APLOG_ERR, s,
248 (char *)error_message( kerror ));
4e1ae1cd 249
e2df6441 250 goto cleanup;
e21f34f0 251 }
4e1ae1cd 252
e21f34f0 253 /* use the path */
254 if (( kerror = krb5_cc_resolve( kcontext, K5PATH, &kccache )) != 0 ) {
255 ap_log_error( APLOG_MARK, APLOG_ERR, s,
256 (char *)error_message( kerror ));
4e1ae1cd 257
e2df6441 258 goto cleanup;
e21f34f0 259 }
4e1ae1cd 260
58bbdc54 261 if (( kerror = krb5_parse_name( kcontext, cfg->keytab_principal, &kprinc ))) {
e21f34f0 262 ap_log_error( APLOG_MARK, APLOG_ERR, s,
263 (char *)error_message( kerror ));
7193eb01 264
e2df6441 265 goto cleanup;
e21f34f0 266 }
7193eb01 267
e21f34f0 268 krb5_get_init_creds_opt_init( &kopts );
58bbdc54 269 krb5_get_init_creds_opt_set_tkt_life( &kopts, TKT_LIFE );
e21f34f0 270 krb5_get_init_creds_opt_set_renew_life( &kopts, 0 );
271 krb5_get_init_creds_opt_set_forwardable( &kopts, 1 );
272 krb5_get_init_creds_opt_set_proxiable( &kopts, 0 );
7193eb01 273
58bbdc54 274 /* keytab from config */
275 strncpy( ktbuf, cfg->keytab, sizeof( ktbuf ) - 1 );
7193eb01 276
e21f34f0 277 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, s,
e2df6441 278 "mod_waklog: waklog_kinit using: %s", ktbuf );
7193eb01 279
e21f34f0 280 if (( kerror = krb5_kt_resolve( kcontext, ktbuf, &keytab )) != 0 ) {
281 ap_log_error( APLOG_MARK, APLOG_ERR, s,
282 (char *)error_message( kerror ));
7193eb01 283
e2df6441 284 goto cleanup;
e21f34f0 285 }
7193eb01 286
e21f34f0 287 /* get the krbtgt */
288 if (( kerror = krb5_get_init_creds_keytab( kcontext, &v5creds,
403921ef 289 kprinc, keytab, 0, NULL, &kopts ))) {
7193eb01 290
e21f34f0 291 ap_log_error( APLOG_MARK, APLOG_ERR, s,
292 (char *)error_message( kerror ));
7193eb01 293
e2df6441 294 goto cleanup;
e21f34f0 295 }
7193eb01 296
e21f34f0 297 if (( kerror = krb5_verify_init_creds( kcontext, &v5creds,
298 kprinc, keytab, NULL, NULL )) != 0 ) {
7193eb01 299
e21f34f0 300 ap_log_error( APLOG_MARK, APLOG_ERR, s,
301 (char *)error_message( kerror ));
7193eb01 302
e2df6441 303 goto cleanup;
e21f34f0 304 }
7193eb01 305
e21f34f0 306 if (( kerror = krb5_cc_initialize( kcontext, kccache, kprinc )) != 0 ) {
307 ap_log_error( APLOG_MARK, APLOG_ERR, s,
308 (char *)error_message( kerror ));
7193eb01 309
e2df6441 310 goto cleanup;
e21f34f0 311 }
7193eb01 312
e2df6441 313 kerror = krb5_cc_store_cred( kcontext, kccache, &v5creds );
314 krb5_free_cred_contents( kcontext, &v5creds );
315 if ( kerror != 0 ) {
e21f34f0 316 ap_log_error( APLOG_MARK, APLOG_ERR, s,
317 (char *)error_message( kerror ));
7193eb01 318
e2df6441 319 goto cleanup;
e21f34f0 320 }
7193eb01 321
e21f34f0 322 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, s,
e2df6441 323 "mod_waklog: waklog_kinit success" );
324
325cleanup:
326 if ( keytab )
327 (void)krb5_kt_close( kcontext, keytab );
328 if ( kprinc )
329 krb5_free_principal( kcontext, kprinc );
330 if ( kccache )
331 krb5_cc_close( kcontext, kccache );
332 if ( kcontext )
333 krb5_free_context( kcontext );
e21f34f0 334
335 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, s,
e2df6441 336 "mod_waklog: waklog_kinit: exiting" );
7193eb01 337
338 return( 0 );
339}
340
341
342 static void
343waklog_aklog( request_rec *r )
344{
345 int rc;
58bbdc54 346 char buf[ 2048 ];
7193eb01 347 const char *k4path = NULL;
348 const char *k5path = NULL;
349 krb5_error_code kerror;
e2df6441 350 krb5_context kcontext = NULL;
7193eb01 351 krb5_creds increds;
352 krb5_creds *v5credsp = NULL;
e2df6441 353 krb5_ccache kccache = NULL;
403921ef 354 struct ktc_principal server = { "afs", "", "" };
7193eb01 355 struct ktc_principal client;
356 struct ktc_token token;
403921ef 357 waklog_host_config *cfg;
58bbdc54 358 int buflen;
7193eb01 359
360 k5path = ap_table_get( r->subprocess_env, "KRB5CCNAME" );
361 k4path = ap_table_get( r->subprocess_env, "KRBTKFILE" );
362
363 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server,
364 "mod_waklog: waklog_aklog called: k5path: %s, k4path: %s", k5path, k4path );
365
366 if ( !k5path || !k4path ) {
367 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server,
368 "mod_waklog: waklog_aklog giving up" );
e2df6441 369 goto cleanup;
4e1ae1cd 370 }
371
7193eb01 372 /*
373 ** Get/build creds from file/tgs, then see if we need to SetToken
374 */
375
376 if (( kerror = krb5_init_context( &kcontext ))) {
377 /* Authentication Required ( kerberos error ) */
4e1ae1cd 378 ap_log_error( APLOG_MARK, APLOG_ERR, r->server,
379 (char *)error_message( kerror ));
7193eb01 380
e2df6441 381 goto cleanup;
4e1ae1cd 382 }
383
7193eb01 384 memset( (char *)&increds, 0, sizeof(increds));
4e1ae1cd 385
403921ef 386 cfg = (waklog_host_config *) ap_get_module_config(
387 r->server->module_config, &waklog_module );
388
389 /* afs/<cell> or afs */
390 strncpy( buf, "afs", sizeof( buf ) - 1 );
58bbdc54 391 if ( strcmp( cfg->afs_cell, AFS_CELL ) ) {
403921ef 392 strncat( buf, "/" , sizeof( buf ) - strlen( buf ) - 1 );
393 strncat( buf, cfg->afs_cell, sizeof( buf ) - strlen( buf ) - 1 );
394 }
395
7193eb01 396 /* set server part */
403921ef 397 if (( kerror = krb5_parse_name( kcontext, buf, &increds.server ))) {
4e1ae1cd 398 ap_log_error( APLOG_MARK, APLOG_ERR, r->server,
399 (char *)error_message( kerror ));
400
e2df6441 401 goto cleanup;
4e1ae1cd 402 }
403
7193eb01 404 if (( kerror = krb5_cc_resolve( kcontext, k5path, &kccache )) != 0 ) {
405 ap_log_error( APLOG_MARK, APLOG_ERR, r->server,
406 (char *)error_message( kerror ));
407
e2df6441 408 goto cleanup;
7193eb01 409 }
4e1ae1cd 410
7193eb01 411 /* set client part */
412 krb5_cc_get_principal( kcontext, kccache, &increds.client );
4e1ae1cd 413
7193eb01 414 increds.times.endtime = 0;
415 /* Ask for DES since that is what V4 understands */
416 increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC;
417
418 /* get the V5 credentials */
419 if (( kerror = krb5_get_credentials( kcontext, 0, kccache,
420 &increds, &v5credsp ) ) ) {
403921ef 421 ap_log_error( APLOG_MARK, APLOG_ERR, r->server,
422 "mod_waklog: krb5_get_credentials: %s", error_message( kerror ));
e2df6441 423 goto cleanup;
4e1ae1cd 424 }
425
58bbdc54 426 /* don't overflor */
427 if ( v5credsp->ticket.length >= 344 ) { /* from krb524d.c */
403921ef 428 ap_log_error( APLOG_MARK, APLOG_ERR, r->server,
58bbdc54 429 "mod_waklog: ticket size (%d) to big to fake", v5credsp->ticket.length );
e2df6441 430 goto cleanup;
4e1ae1cd 431 }
432
7193eb01 433 /* assemble the token */
58bbdc54 434 memset( &token, 0, sizeof( struct ktc_token ) );
435
436 token.startTime = v5credsp->times.starttime ? v5credsp->times.starttime : v5credsp->times.authtime;
7193eb01 437 token.endTime = v5credsp->times.endtime;
58bbdc54 438 memmove( &token.sessionKey, v5credsp->keyblock.contents, v5credsp->keyblock.length );
439 token.kvno = RXKAD_TKT_TYPE_KERBEROS_V5;
440 token.ticketLen = v5credsp->ticket.length;
441 memmove( token.ticket, v5credsp->ticket.data, token.ticketLen );
7193eb01 442
58bbdc54 443 /* make sure we have to do this */
444 if ( child.token.kvno != token.kvno ||
445 child.token.ticketLen != token.ticketLen ||
446 (memcmp( &child.token.sessionKey, &token.sessionKey,
447 sizeof( token.sessionKey ) )) ||
448 (memcmp( child.token.ticket, token.ticket, token.ticketLen )) ) {
449
8258901d 450 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server,
451 "mod_waklog: client: %s", buf );
7193eb01 452
453 /* build the name */
58bbdc54 454 memmove( buf, v5credsp->client->data[0].data, v5credsp->client->data[0].length );
455 buf[ v5credsp->client->data[0].length ] = '\0';
456 if ( v5credsp->client->length > 1 ) {
8258901d 457 strncat( buf, ".", sizeof( buf ) - strlen( buf ) - 1 );
58bbdc54 458 buflen = strlen( buf );
459 memmove( buf + buflen, v5credsp->client->data[1].data, v5credsp->client->data[1].length );
460 buf[ buflen + v5credsp->client->data[1].length ] = '\0';
7193eb01 461 }
462
463 /* assemble the client */
403921ef 464 strncpy( client.name, buf, sizeof( client.name ) - 1 );
465 strncpy( client.instance, "", sizeof( client.instance) - 1 );
58bbdc54 466 memmove( buf, v5credsp->client->realm.data, v5credsp->client->realm.length );
467 buf[ v5credsp->client->realm.length ] = '\0';
468 strncpy( client.cell, buf, sizeof( client.cell ) - 1 );
403921ef 469
58bbdc54 470 /* assemble the server's cell */
403921ef 471 strncpy( server.cell, cfg->afs_cell , sizeof( server.cell ) - 1 );
7193eb01 472
473 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server,
474 "mod_waklog: server: name=%s, instance=%s, cell=%s",
475 server.name, server.instance, server.cell );
476
477 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server,
478 "mod_waklog: client: name=%s, instance=%s, cell=%s",
479 client.name, client.instance, client.cell );
480
481 /* use the path */
482 krb_set_tkt_string( (char *)k4path );
483
484 /* rumor: we have to do this for AIX 4.1.4 with AFS 3.4+ */
485 write( 2, "", 0 );
486
487 if ( ( rc = ktc_SetToken( &server, &token, &client, 0 ) ) ) {
58bbdc54 488 ap_log_error( APLOG_MARK, APLOG_ERR, r->server,
7193eb01 489 "mod_waklog: settoken returned %d", rc );
58bbdc54 490 goto cleanup;
7193eb01 491 }
492
493 /* save this */
58bbdc54 494 memmove( &child.token, &token, sizeof( struct ktc_token ) );
7193eb01 495
496 /* we'll need to unlog when this connection is done. */
e2df6441 497 ap_register_cleanup( r->pool, (void *)r, token_cleanup, ap_null_cleanup );
7193eb01 498 }
499
e2df6441 500cleanup:
501 if ( v5credsp )
502 krb5_free_cred_contents( kcontext, v5credsp );
503 if ( increds.client )
504 krb5_free_principal( kcontext, increds.client );
505 if ( increds.server )
506 krb5_free_principal( kcontext, increds.server );
507 if ( kccache )
508 krb5_cc_close( kcontext, kccache );
509 if ( kcontext )
510 krb5_free_context( kcontext );
3ed1e28a 511
7193eb01 512 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server,
513 "mod_waklog: finished with waklog_aklog" );
514
e2df6441 515 return;
516
4e1ae1cd 517}
518
e21f34f0 519 static int
520waklog_child_routine( void *s, child_info *pinfo )
521{
e21f34f0 522 if ( !getuid() ) {
132ef613 523 ap_log_error( APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, s,
e21f34f0 524 "mod_waklog: waklog_child_routine called as root" );
525
526 /* this was causing the credential file to get owned by root */
527 setgid(ap_group_id);
528 setuid(ap_user_id);
529 }
530
531 while( 1 ) {
e2df6441 532 waklog_kinit( s );
58bbdc54 533 sleep( SLEEP_TIME );
e21f34f0 534 }
535
536}
537
538
539 static void
540waklog_init( server_rec *s, pool *p )
541{
542 extern char *version;
543 int pid;
544
545 ap_log_error( APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, s,
546 "mod_waklog: version %s initialized.", version );
547
548 pid = ap_bspawn_child( p, waklog_child_routine, s, kill_always,
549 NULL, NULL, NULL );
550
132ef613 551 ap_log_error( APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, s,
e21f34f0 552 "mod_waklog: ap_bspawn_child: %d.", pid );
553}
554
4e1ae1cd 555
bed98ff9 556 static int
7193eb01 557waklog_phase0( request_rec *r )
bed98ff9 558{
313dde40 559 waklog_host_config *cfg;
560
7193eb01 561 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server,
562 "mod_waklog: phase0 called" );
563
313dde40 564 /* directory config? */
565 cfg = (waklog_host_config *)ap_get_module_config(
566 r->per_dir_config, &waklog_module);
bed98ff9 567
313dde40 568 /* server config? */
569 if ( !cfg->configured ) {
7193eb01 570 cfg = (waklog_host_config *)ap_get_module_config(
571 r->server->module_config, &waklog_module);
313dde40 572 }
573
7193eb01 574 if ( !cfg->protect ) {
4e1ae1cd 575 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server,
7193eb01 576 "mod_waklog: phase0 declining" );
577 return( DECLINED );
578 }
4e1ae1cd 579
7193eb01 580 /* do this only if we are still unauthenticated */
58bbdc54 581 if ( !child.token.ticketLen ) {
4e1ae1cd 582
e21f34f0 583 /* set our environment variables */
584 ap_table_set( r->subprocess_env, "KRB5CCNAME", K5PATH );
585 ap_table_set( r->subprocess_env, "KRBTKFILE", K4PATH );
3ed1e28a 586
7193eb01 587 /* stuff the credentials into the kernel */
588 waklog_aklog( r );
4e1ae1cd 589 }
7193eb01 590
591 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server,
592 "mod_waklog: phase0 returning" );
593 return DECLINED;
594}
4e1ae1cd 595
1e18ef7d 596
7193eb01 597 static int
598waklog_phase7( request_rec *r )
599{
600 waklog_host_config *cfg;
1e18ef7d 601
7193eb01 602 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server,
603 "mod_waklog: phase7 called" );
1e18ef7d 604
7193eb01 605 /* directory config? */
606 cfg = (waklog_host_config *)ap_get_module_config(
607 r->per_dir_config, &waklog_module);
1e18ef7d 608
7193eb01 609 /* server config? */
610 if ( !cfg->configured ) {
611 cfg = (waklog_host_config *)ap_get_module_config(
612 r->server->module_config, &waklog_module);
bed98ff9 613 }
614
7193eb01 615 if ( !cfg->protect ) {
616 return( DECLINED );
bed98ff9 617 }
618
7193eb01 619 /* stuff the credentials into the kernel */
620 waklog_aklog( r );
bed98ff9 621
7193eb01 622 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server,
623 "mod_waklog: phase7 returning" );
bed98ff9 624
7193eb01 625 return DECLINED;
bed98ff9 626}
627
7193eb01 628 static void
629waklog_new_connection( conn_rec *c ) {
630 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, c->server,
58bbdc54 631 "mod_waklog: new_connection called: pid: %d", getpid() );
7193eb01 632 return;
633}
bed98ff9 634
313dde40 635module MODULE_VAR_EXPORT waklog_module = {
bed98ff9 636 STANDARD_MODULE_STUFF,
313dde40 637 waklog_init, /* module initializer */
638 waklog_create_dir_config, /* create per-dir config structures */
bed98ff9 639 NULL, /* merge per-dir config structures */
313dde40 640 waklog_create_server_config, /* create per-server config structures */
bed98ff9 641 NULL, /* merge per-server config structures */
313dde40 642 waklog_cmds, /* table of config file commands */
bed98ff9 643 NULL, /* [#8] MIME-typed-dispatched handlers */
644 NULL, /* [#1] URI to filename translation */
645 NULL, /* [#4] validate user id from request */
646 NULL, /* [#5] check if the user is ok _here_ */
647 NULL, /* [#3] check access by host address */
648 NULL, /* [#6] determine MIME type */
7193eb01 649 waklog_phase7, /* [#7] pre-run fixups */
bed98ff9 650 NULL, /* [#9] log a transaction */
313dde40 651 NULL, /* [#2] header parser */
652 waklog_child_init, /* child_init */
bed98ff9 653 NULL, /* child_exit */
7193eb01 654 waklog_phase0 /* [#0] post read-request */
bed98ff9 655#ifdef EAPI
656 ,NULL, /* EAPI: add_module */
657 NULL, /* EAPI: remove_module */
658 NULL, /* EAPI: rewrite_command */
7193eb01 659 waklog_new_connection /* EAPI: new_connection */
bed98ff9 660#endif
661};
libapache-mod-waklog packaging