bed98ff9 |
1 | #include "httpd.h" |
2 | #include "http_config.h" |
7193eb01 |
3 | #include "http_conf_globals.h" |
bed98ff9 |
4 | #include "http_log.h" |
7193eb01 |
5 | #include "http_protocol.h" |
6 | #include "http_request.h" |
7 | #include "http_core.h" |
bed98ff9 |
8 | #include "ap_config.h" |
4e1ae1cd |
9 | #include <krb5.h> |
bed98ff9 |
10 | |
7193eb01 |
11 | #if defined(sun) |
bed98ff9 |
12 | #include <sys/ioccom.h> |
7193eb01 |
13 | #endif /* sun */ |
bed98ff9 |
14 | #include <stropts.h> |
15 | #include <kerberosIV/krb.h> |
16 | #include <kerberosIV/des.h> |
17 | #include <afs/venus.h> |
7193eb01 |
18 | #include <afs/auth.h> |
19 | #include <rx/rxkad.h> |
20 | |
21 | #include <asm/bitops.h> |
22 | #include <sys/shm.h> |
bed98ff9 |
23 | |
7193eb01 |
24 | #define KEYTAB_PATH "/home/drh/keytab.umweb.drhtest" |
25 | #define PRINCIPAL "umweb/drhtest" |
26 | #define AFS "afs" |
4e1ae1cd |
27 | #define IN_TKT_SERVICE "krbtgt/UMICH.EDU" |
28 | |
7193eb01 |
29 | #define K5PATH "FILE:/tmp/waklog.creds.k5" |
30 | #define K4PATH "/tmp/waklog.creds.k4" |
31 | |
313dde40 |
32 | module waklog_module; |
bed98ff9 |
33 | |
34 | struct ClearToken { |
35 | long AuthHandle; |
36 | char HandShakeKey[ 8 ]; |
37 | long ViceId; |
38 | long BeginTimestamp; |
39 | long EndTimestamp; |
40 | }; |
41 | |
313dde40 |
42 | typedef struct { |
4e1ae1cd |
43 | int configured; |
44 | int protect; |
45 | char *keytab; |
7193eb01 |
46 | char *keytab_principal; |
47 | char *afs_instance; |
313dde40 |
48 | } waklog_host_config; |
49 | |
7193eb01 |
50 | typedef struct { |
51 | struct ktc_token token; |
52 | } waklog_child_config; |
53 | waklog_child_config *child = NULL; |
313dde40 |
54 | |
e21f34f0 |
55 | |
313dde40 |
56 | static void * |
57 | waklog_create_dir_config( pool *p, char *path ) |
58 | { |
59 | waklog_host_config *cfg; |
60 | |
61 | cfg = (waklog_host_config *)ap_pcalloc( p, sizeof( waklog_host_config )); |
62 | cfg->configured = 0; |
63 | cfg->protect = 0; |
7193eb01 |
64 | cfg->keytab = 0; |
65 | cfg->keytab_principal = 0; |
66 | cfg->afs_instance = 0; |
313dde40 |
67 | |
68 | return( cfg ); |
69 | } |
70 | |
71 | |
72 | static void * |
73 | waklog_create_server_config( pool *p, server_rec *s ) |
74 | { |
75 | waklog_host_config *cfg; |
76 | |
77 | cfg = (waklog_host_config *)ap_pcalloc( p, sizeof( waklog_host_config )); |
78 | cfg->configured = 0; |
79 | cfg->protect = 0; |
7193eb01 |
80 | cfg->keytab = 0; |
81 | cfg->keytab_principal = 0; |
82 | cfg->afs_instance = 0; |
313dde40 |
83 | |
84 | return( cfg ); |
85 | } |
86 | |
87 | |
313dde40 |
88 | static const char * |
89 | set_waklog_protect( cmd_parms *params, void *mconfig, int flag ) |
90 | { |
91 | waklog_host_config *cfg; |
92 | |
93 | if ( params->path == NULL ) { |
94 | cfg = (waklog_host_config *) ap_get_module_config( |
95 | params->server->module_config, &waklog_module ); |
96 | } else { |
97 | cfg = (waklog_host_config *)mconfig; |
98 | } |
99 | |
100 | cfg->protect = flag; |
101 | cfg->configured = 1; |
102 | return( NULL ); |
103 | } |
104 | |
105 | |
4e1ae1cd |
106 | static const char * |
107 | set_waklog_use_keytab( cmd_parms *params, void *mconfig, char *file ) |
108 | { |
109 | waklog_host_config *cfg; |
110 | |
111 | if ( params->path == NULL ) { |
112 | cfg = (waklog_host_config *) ap_get_module_config( |
113 | params->server->module_config, &waklog_module ); |
114 | } else { |
115 | cfg = (waklog_host_config *)mconfig; |
116 | } |
117 | |
3ed1e28a |
118 | ap_log_error( APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, params->server, |
119 | "mod_waklog: using keytab: %s", file ); |
120 | |
4e1ae1cd |
121 | cfg->keytab = file; |
122 | cfg->configured = 1; |
123 | return( NULL ); |
124 | } |
125 | |
126 | |
b74fad73 |
127 | static void |
313dde40 |
128 | waklog_child_init( server_rec *s, pool *p ) |
b74fad73 |
129 | { |
7193eb01 |
130 | |
131 | if ( child == NULL ) { |
132 | child = (waklog_child_config *) ap_palloc( p, sizeof( waklog_child_config ) ); |
133 | } |
134 | |
135 | memset( &child->token, 0, sizeof( struct ktc_token ) ); |
136 | |
b74fad73 |
137 | setpag(); |
7193eb01 |
138 | |
b74fad73 |
139 | return; |
140 | } |
141 | |
142 | |
313dde40 |
143 | command_rec waklog_cmds[ ] = |
144 | { |
145 | { "WaklogProtected", set_waklog_protect, |
146 | NULL, RSRC_CONF | ACCESS_CONF, FLAG, |
147 | "enable waklog on a location or directory basis" }, |
148 | |
4e1ae1cd |
149 | { "WaklogUseKeytab", set_waklog_use_keytab, |
150 | NULL, RSRC_CONF, TAKE1, |
151 | "Use the supplied keytab file rather than the user's TGT" }, |
152 | |
313dde40 |
153 | { NULL } |
154 | }; |
155 | |
156 | |
bed98ff9 |
157 | static void |
e2df6441 |
158 | token_cleanup( void *data ) |
bed98ff9 |
159 | { |
160 | request_rec *r = (request_rec *)data; |
bed98ff9 |
161 | |
7193eb01 |
162 | if ( child->token.ticketLen ) { |
163 | memset( &child->token, 0, sizeof( struct ktc_token ) ); |
bed98ff9 |
164 | |
7193eb01 |
165 | ktc_ForgetAllTokens(); |
bed98ff9 |
166 | |
7193eb01 |
167 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
168 | "mod_waklog: ktc_ForgetAllTokens succeeded" ); |
169 | } |
b74fad73 |
170 | return; |
bed98ff9 |
171 | } |
172 | |
173 | |
4e1ae1cd |
174 | static int |
e2df6441 |
175 | waklog_kinit( server_rec *s ) |
4e1ae1cd |
176 | { |
177 | krb5_error_code kerror; |
e2df6441 |
178 | krb5_context kcontext = NULL; |
179 | krb5_principal kprinc = NULL; |
4e1ae1cd |
180 | krb5_get_init_creds_opt kopts; |
7193eb01 |
181 | krb5_creds v5creds; |
182 | CREDENTIALS v4creds; |
e2df6441 |
183 | krb5_ccache kccache = NULL; |
184 | krb5_keytab keytab = NULL; |
4e1ae1cd |
185 | char ktbuf[ MAX_KEYTAB_NAME_LEN + 1 ]; |
e21f34f0 |
186 | waklog_host_config *cfg; |
4e1ae1cd |
187 | |
e21f34f0 |
188 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, s, |
e2df6441 |
189 | "mod_waklog: waklog_kinit called" ); |
4e1ae1cd |
190 | |
e21f34f0 |
191 | if (( kerror = krb5_init_context( &kcontext ))) { |
192 | ap_log_error( APLOG_MARK, APLOG_ERR, s, |
193 | (char *)error_message( kerror )); |
4e1ae1cd |
194 | |
e2df6441 |
195 | goto cleanup; |
e21f34f0 |
196 | } |
4e1ae1cd |
197 | |
e21f34f0 |
198 | /* use the path */ |
199 | if (( kerror = krb5_cc_resolve( kcontext, K5PATH, &kccache )) != 0 ) { |
200 | ap_log_error( APLOG_MARK, APLOG_ERR, s, |
201 | (char *)error_message( kerror )); |
4e1ae1cd |
202 | |
e2df6441 |
203 | goto cleanup; |
e21f34f0 |
204 | } |
4e1ae1cd |
205 | |
e21f34f0 |
206 | if (( kerror = krb5_parse_name( kcontext, PRINCIPAL, &kprinc ))) { |
207 | ap_log_error( APLOG_MARK, APLOG_ERR, s, |
208 | (char *)error_message( kerror )); |
7193eb01 |
209 | |
e2df6441 |
210 | goto cleanup; |
e21f34f0 |
211 | } |
7193eb01 |
212 | |
e21f34f0 |
213 | krb5_get_init_creds_opt_init( &kopts ); |
214 | krb5_get_init_creds_opt_set_tkt_life( &kopts, 10*60*60 ); |
215 | krb5_get_init_creds_opt_set_renew_life( &kopts, 0 ); |
216 | krb5_get_init_creds_opt_set_forwardable( &kopts, 1 ); |
217 | krb5_get_init_creds_opt_set_proxiable( &kopts, 0 ); |
7193eb01 |
218 | |
e21f34f0 |
219 | cfg = (waklog_host_config *) ap_get_module_config( s->module_config, |
220 | &waklog_module ); |
7193eb01 |
221 | |
e21f34f0 |
222 | /* which keytab should we use? */ |
223 | strcpy( ktbuf, cfg->keytab ? cfg->keytab : KEYTAB_PATH ); |
7193eb01 |
224 | |
e21f34f0 |
225 | if ( strlen( ktbuf ) > MAX_KEYTAB_NAME_LEN ) { |
226 | ap_log_error( APLOG_MARK, APLOG_ERR, s, |
227 | "server configuration error" ); |
7193eb01 |
228 | |
e2df6441 |
229 | goto cleanup; |
e21f34f0 |
230 | } |
7193eb01 |
231 | |
e21f34f0 |
232 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, s, |
e2df6441 |
233 | "mod_waklog: waklog_kinit using: %s", ktbuf ); |
7193eb01 |
234 | |
e21f34f0 |
235 | if (( kerror = krb5_kt_resolve( kcontext, ktbuf, &keytab )) != 0 ) { |
236 | ap_log_error( APLOG_MARK, APLOG_ERR, s, |
237 | (char *)error_message( kerror )); |
7193eb01 |
238 | |
e2df6441 |
239 | goto cleanup; |
e21f34f0 |
240 | } |
7193eb01 |
241 | |
e21f34f0 |
242 | /* get the krbtgt */ |
243 | if (( kerror = krb5_get_init_creds_keytab( kcontext, &v5creds, |
244 | kprinc, keytab, 0, IN_TKT_SERVICE, &kopts ))) { |
7193eb01 |
245 | |
e21f34f0 |
246 | ap_log_error( APLOG_MARK, APLOG_ERR, s, |
247 | (char *)error_message( kerror )); |
7193eb01 |
248 | |
e2df6441 |
249 | goto cleanup; |
e21f34f0 |
250 | } |
7193eb01 |
251 | |
e21f34f0 |
252 | if (( kerror = krb5_verify_init_creds( kcontext, &v5creds, |
253 | kprinc, keytab, NULL, NULL )) != 0 ) { |
7193eb01 |
254 | |
e21f34f0 |
255 | ap_log_error( APLOG_MARK, APLOG_ERR, s, |
256 | (char *)error_message( kerror )); |
7193eb01 |
257 | |
e2df6441 |
258 | goto cleanup; |
e21f34f0 |
259 | } |
7193eb01 |
260 | |
e21f34f0 |
261 | if (( kerror = krb5_cc_initialize( kcontext, kccache, kprinc )) != 0 ) { |
262 | ap_log_error( APLOG_MARK, APLOG_ERR, s, |
263 | (char *)error_message( kerror )); |
7193eb01 |
264 | |
e2df6441 |
265 | goto cleanup; |
e21f34f0 |
266 | } |
7193eb01 |
267 | |
e2df6441 |
268 | kerror = krb5_cc_store_cred( kcontext, kccache, &v5creds ); |
269 | krb5_free_cred_contents( kcontext, &v5creds ); |
270 | if ( kerror != 0 ) { |
e21f34f0 |
271 | ap_log_error( APLOG_MARK, APLOG_ERR, s, |
272 | (char *)error_message( kerror )); |
7193eb01 |
273 | |
e2df6441 |
274 | goto cleanup; |
e21f34f0 |
275 | } |
7193eb01 |
276 | |
e21f34f0 |
277 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, s, |
e2df6441 |
278 | "mod_waklog: waklog_kinit success" ); |
279 | |
280 | cleanup: |
281 | if ( keytab ) |
282 | (void)krb5_kt_close( kcontext, keytab ); |
283 | if ( kprinc ) |
284 | krb5_free_principal( kcontext, kprinc ); |
285 | if ( kccache ) |
286 | krb5_cc_close( kcontext, kccache ); |
287 | if ( kcontext ) |
288 | krb5_free_context( kcontext ); |
e21f34f0 |
289 | |
290 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, s, |
e2df6441 |
291 | "mod_waklog: waklog_kinit: exiting" ); |
7193eb01 |
292 | |
293 | return( 0 ); |
294 | } |
295 | |
296 | |
297 | static void |
298 | waklog_aklog( request_rec *r ) |
299 | { |
300 | int rc; |
301 | char buf[ 1024 ]; |
302 | const char *k4path = NULL; |
303 | const char *k5path = NULL; |
304 | krb5_error_code kerror; |
e2df6441 |
305 | krb5_context kcontext = NULL; |
7193eb01 |
306 | krb5_creds increds; |
307 | krb5_creds *v5credsp = NULL; |
308 | CREDENTIALS v4creds; |
e2df6441 |
309 | krb5_ccache kccache = NULL; |
7193eb01 |
310 | struct ktc_principal server = { "afs", "", "umich.edu" }; |
311 | struct ktc_principal client; |
312 | struct ktc_token token; |
313 | |
314 | k5path = ap_table_get( r->subprocess_env, "KRB5CCNAME" ); |
315 | k4path = ap_table_get( r->subprocess_env, "KRBTKFILE" ); |
316 | |
317 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
318 | "mod_waklog: waklog_aklog called: k5path: %s, k4path: %s", k5path, k4path ); |
319 | |
320 | if ( !k5path || !k4path ) { |
321 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
322 | "mod_waklog: waklog_aklog giving up" ); |
e2df6441 |
323 | goto cleanup; |
4e1ae1cd |
324 | } |
325 | |
7193eb01 |
326 | /* |
327 | ** Get/build creds from file/tgs, then see if we need to SetToken |
328 | */ |
329 | |
330 | if (( kerror = krb5_init_context( &kcontext ))) { |
331 | /* Authentication Required ( kerberos error ) */ |
4e1ae1cd |
332 | ap_log_error( APLOG_MARK, APLOG_ERR, r->server, |
333 | (char *)error_message( kerror )); |
7193eb01 |
334 | |
e2df6441 |
335 | goto cleanup; |
4e1ae1cd |
336 | } |
337 | |
7193eb01 |
338 | memset( (char *)&increds, 0, sizeof(increds)); |
4e1ae1cd |
339 | |
7193eb01 |
340 | /* set server part */ |
341 | if (( kerror = krb5_parse_name( kcontext, AFS, &increds.server ))) { |
4e1ae1cd |
342 | ap_log_error( APLOG_MARK, APLOG_ERR, r->server, |
343 | (char *)error_message( kerror )); |
344 | |
e2df6441 |
345 | goto cleanup; |
4e1ae1cd |
346 | } |
347 | |
7193eb01 |
348 | if (( kerror = krb5_cc_resolve( kcontext, k5path, &kccache )) != 0 ) { |
349 | ap_log_error( APLOG_MARK, APLOG_ERR, r->server, |
350 | (char *)error_message( kerror )); |
351 | |
e2df6441 |
352 | goto cleanup; |
7193eb01 |
353 | } |
4e1ae1cd |
354 | |
7193eb01 |
355 | /* set client part */ |
356 | krb5_cc_get_principal( kcontext, kccache, &increds.client ); |
4e1ae1cd |
357 | |
7193eb01 |
358 | increds.times.endtime = 0; |
359 | /* Ask for DES since that is what V4 understands */ |
360 | increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC; |
361 | |
362 | /* get the V5 credentials */ |
363 | if (( kerror = krb5_get_credentials( kcontext, 0, kccache, |
364 | &increds, &v5credsp ) ) ) { |
365 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
366 | "mod_waklog: krb5_get_credentials: %s", krb_err_txt[ kerror ] ); |
e2df6441 |
367 | goto cleanup; |
4e1ae1cd |
368 | } |
369 | |
7193eb01 |
370 | /* get the V4 credentials */ |
371 | if (( kerror = krb524_convert_creds_kdc( kcontext, v5credsp, &v4creds ) ) ) { |
372 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
373 | "mod_waklog: krb524_convert_creds_kdc: %s", krb_err_txt[ kerror ] ); |
e2df6441 |
374 | goto cleanup; |
4e1ae1cd |
375 | } |
376 | |
7193eb01 |
377 | /* assemble the token */ |
378 | token.kvno = v4creds.kvno; |
379 | token.startTime = v4creds.issue_date; |
380 | token.endTime = v5credsp->times.endtime; |
381 | memmove( &token.sessionKey, v4creds.session, 8 ); |
382 | token.ticketLen = v4creds.ticket_st.length ; |
383 | memmove( token.ticket, v4creds.ticket_st.dat, token.ticketLen ); |
384 | |
385 | /* make sure we have to do this */ |
386 | if ( child->token.kvno != token.kvno || |
387 | child->token.ticketLen != token.ticketLen || |
388 | memcmp( &child->token.sessionKey, &token.sessionKey, |
389 | sizeof( token.sessionKey ) ) || |
390 | memcmp( child->token.ticket, token.ticket, token.ticketLen ) ) { |
391 | |
392 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
393 | "mod_waklog: %s.%s@%s", v4creds.service, v4creds.instance, |
394 | v4creds.realm ); |
395 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
396 | "mod_waklog: %d %d %d", v4creds.lifetime, v4creds.kvno, |
397 | v4creds.issue_date ); |
398 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
399 | "mod_waklog: %s %s", v4creds.pname, v4creds.pinst ); |
400 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
401 | "mod_waklog: %d", v4creds.ticket_st.length ); |
402 | |
403 | /* build the name */ |
404 | strcpy( buf, v4creds.pname ); |
405 | if ( v4creds.pinst[ 0 ] ) { |
406 | strcat( buf, "." ); |
407 | strcat( buf, v4creds.pinst ); |
408 | } |
409 | |
410 | /* assemble the client */ |
411 | strncpy( client.name, buf, MAXKTCNAMELEN - 1 ); |
412 | strcpy( client.instance, "" ); |
413 | strncpy( client.cell, v4creds.realm, MAXKTCNAMELEN - 1 ); |
414 | |
415 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
416 | "mod_waklog: server: name=%s, instance=%s, cell=%s", |
417 | server.name, server.instance, server.cell ); |
418 | |
419 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
420 | "mod_waklog: client: name=%s, instance=%s, cell=%s", |
421 | client.name, client.instance, client.cell ); |
422 | |
423 | /* use the path */ |
424 | krb_set_tkt_string( (char *)k4path ); |
425 | |
426 | /* rumor: we have to do this for AIX 4.1.4 with AFS 3.4+ */ |
427 | write( 2, "", 0 ); |
428 | |
429 | if ( ( rc = ktc_SetToken( &server, &token, &client, 0 ) ) ) { |
430 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
431 | "mod_waklog: settoken returned %d", rc ); |
432 | } |
433 | |
434 | /* save this */ |
435 | memmove( &child->token, &token, sizeof( struct ktc_token ) ); |
436 | |
437 | /* we'll need to unlog when this connection is done. */ |
e2df6441 |
438 | ap_register_cleanup( r->pool, (void *)r, token_cleanup, ap_null_cleanup ); |
7193eb01 |
439 | } |
440 | |
e2df6441 |
441 | cleanup: |
442 | if ( v5credsp ) |
443 | krb5_free_cred_contents( kcontext, v5credsp ); |
444 | if ( increds.client ) |
445 | krb5_free_principal( kcontext, increds.client ); |
446 | if ( increds.server ) |
447 | krb5_free_principal( kcontext, increds.server ); |
448 | if ( kccache ) |
449 | krb5_cc_close( kcontext, kccache ); |
450 | if ( kcontext ) |
451 | krb5_free_context( kcontext ); |
3ed1e28a |
452 | |
7193eb01 |
453 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
454 | "mod_waklog: finished with waklog_aklog" ); |
455 | |
e2df6441 |
456 | return; |
457 | |
4e1ae1cd |
458 | } |
459 | |
e21f34f0 |
460 | static int |
461 | waklog_child_routine( void *s, child_info *pinfo ) |
462 | { |
e21f34f0 |
463 | if ( !getuid() ) { |
132ef613 |
464 | ap_log_error( APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, s, |
e21f34f0 |
465 | "mod_waklog: waklog_child_routine called as root" ); |
466 | |
467 | /* this was causing the credential file to get owned by root */ |
468 | setgid(ap_group_id); |
469 | setuid(ap_user_id); |
470 | } |
471 | |
472 | while( 1 ) { |
e2df6441 |
473 | waklog_kinit( s ); |
132ef613 |
474 | sleep( 300 /* 10*60*60 - 5*60 */ ); |
e21f34f0 |
475 | } |
476 | |
477 | } |
478 | |
479 | |
480 | static void |
481 | waklog_init( server_rec *s, pool *p ) |
482 | { |
483 | extern char *version; |
484 | int pid; |
485 | |
486 | ap_log_error( APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, s, |
487 | "mod_waklog: version %s initialized.", version ); |
488 | |
489 | pid = ap_bspawn_child( p, waklog_child_routine, s, kill_always, |
490 | NULL, NULL, NULL ); |
491 | |
132ef613 |
492 | ap_log_error( APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, s, |
e21f34f0 |
493 | "mod_waklog: ap_bspawn_child: %d.", pid ); |
494 | } |
495 | |
4e1ae1cd |
496 | |
bed98ff9 |
497 | static int |
7193eb01 |
498 | waklog_phase0( request_rec *r ) |
bed98ff9 |
499 | { |
313dde40 |
500 | waklog_host_config *cfg; |
501 | |
7193eb01 |
502 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
503 | "mod_waklog: phase0 called" ); |
504 | |
313dde40 |
505 | /* directory config? */ |
506 | cfg = (waklog_host_config *)ap_get_module_config( |
507 | r->per_dir_config, &waklog_module); |
bed98ff9 |
508 | |
313dde40 |
509 | /* server config? */ |
510 | if ( !cfg->configured ) { |
7193eb01 |
511 | cfg = (waklog_host_config *)ap_get_module_config( |
512 | r->server->module_config, &waklog_module); |
313dde40 |
513 | } |
514 | |
7193eb01 |
515 | if ( !cfg->protect ) { |
4e1ae1cd |
516 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
7193eb01 |
517 | "mod_waklog: phase0 declining" ); |
518 | return( DECLINED ); |
519 | } |
4e1ae1cd |
520 | |
7193eb01 |
521 | /* do this only if we are still unauthenticated */ |
522 | if ( !child->token.ticketLen ) { |
4e1ae1cd |
523 | |
e21f34f0 |
524 | /* set our environment variables */ |
525 | ap_table_set( r->subprocess_env, "KRB5CCNAME", K5PATH ); |
526 | ap_table_set( r->subprocess_env, "KRBTKFILE", K4PATH ); |
3ed1e28a |
527 | |
7193eb01 |
528 | /* stuff the credentials into the kernel */ |
529 | waklog_aklog( r ); |
4e1ae1cd |
530 | } |
7193eb01 |
531 | |
532 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
533 | "mod_waklog: phase0 returning" ); |
534 | return DECLINED; |
535 | } |
4e1ae1cd |
536 | |
1e18ef7d |
537 | |
7193eb01 |
538 | static int |
539 | waklog_phase7( request_rec *r ) |
540 | { |
541 | waklog_host_config *cfg; |
1e18ef7d |
542 | |
7193eb01 |
543 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
544 | "mod_waklog: phase7 called" ); |
1e18ef7d |
545 | |
7193eb01 |
546 | /* directory config? */ |
547 | cfg = (waklog_host_config *)ap_get_module_config( |
548 | r->per_dir_config, &waklog_module); |
1e18ef7d |
549 | |
7193eb01 |
550 | /* server config? */ |
551 | if ( !cfg->configured ) { |
552 | cfg = (waklog_host_config *)ap_get_module_config( |
553 | r->server->module_config, &waklog_module); |
bed98ff9 |
554 | } |
555 | |
7193eb01 |
556 | if ( !cfg->protect ) { |
557 | return( DECLINED ); |
bed98ff9 |
558 | } |
559 | |
7193eb01 |
560 | /* stuff the credentials into the kernel */ |
561 | waklog_aklog( r ); |
bed98ff9 |
562 | |
7193eb01 |
563 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
564 | "mod_waklog: phase7 returning" ); |
bed98ff9 |
565 | |
7193eb01 |
566 | return DECLINED; |
bed98ff9 |
567 | } |
568 | |
7193eb01 |
569 | static void |
570 | waklog_new_connection( conn_rec *c ) { |
571 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, c->server, |
572 | "mod_waklog: new_connection called: conn_rec: 0x%08x pid: %d", c, getpid() ); |
573 | return; |
574 | } |
bed98ff9 |
575 | |
313dde40 |
576 | module MODULE_VAR_EXPORT waklog_module = { |
bed98ff9 |
577 | STANDARD_MODULE_STUFF, |
313dde40 |
578 | waklog_init, /* module initializer */ |
579 | waklog_create_dir_config, /* create per-dir config structures */ |
bed98ff9 |
580 | NULL, /* merge per-dir config structures */ |
313dde40 |
581 | waklog_create_server_config, /* create per-server config structures */ |
bed98ff9 |
582 | NULL, /* merge per-server config structures */ |
313dde40 |
583 | waklog_cmds, /* table of config file commands */ |
bed98ff9 |
584 | NULL, /* [#8] MIME-typed-dispatched handlers */ |
585 | NULL, /* [#1] URI to filename translation */ |
586 | NULL, /* [#4] validate user id from request */ |
587 | NULL, /* [#5] check if the user is ok _here_ */ |
588 | NULL, /* [#3] check access by host address */ |
589 | NULL, /* [#6] determine MIME type */ |
7193eb01 |
590 | waklog_phase7, /* [#7] pre-run fixups */ |
bed98ff9 |
591 | NULL, /* [#9] log a transaction */ |
313dde40 |
592 | NULL, /* [#2] header parser */ |
593 | waklog_child_init, /* child_init */ |
bed98ff9 |
594 | NULL, /* child_exit */ |
7193eb01 |
595 | waklog_phase0 /* [#0] post read-request */ |
bed98ff9 |
596 | #ifdef EAPI |
597 | ,NULL, /* EAPI: add_module */ |
598 | NULL, /* EAPI: remove_module */ |
599 | NULL, /* EAPI: rewrite_command */ |
7193eb01 |
600 | waklog_new_connection /* EAPI: new_connection */ |
bed98ff9 |
601 | #endif |
602 | }; |