HCoop / hcoop / debian / libapache-mod-waklog.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
fourth set of UMBC merges; still all inert changes
[hcoop/debian/libapache-mod-waklog.git] / mod_waklog.c
1 #define _LARGEFILE64_SOURCE
2 #define _GNU_SOURCE
3
4 #include "httpd.h"
5 #include "http_config.h"
6 #include "http_log.h"
7 #include "http_protocol.h"
8 #include "http_request.h"
9 #include "http_core.h"
10
11 #ifdef sun
12 #include <synch.h>
13 #elif linux
14 #define use_pthreads
15 #include <features.h>
16 #include <sys/types.h>
17 #include <sys/mman.h>
18 #include <pthread.h>
19 #else
20 #error "make sure you include the right stuff here"
21 #endif
22
23 #ifndef MAXNAMELEN
24 #define MAXNAMELEN 1024
25 #endif
26
27 #ifdef STANDARD20_MODULE_STUFF
28 #include <apr_strings.h>
29 #include <apr_base64.h>
30 #include <apr_compat.h>
31 #include <apu_compat.h>
32
33 module AP_MODULE_DECLARE_DATA waklog_module;
34
35 #define MK_POOL apr_pool_t
36 #define MK_TABLE_GET apr_table_get
37 #define MK_TABLE_SET apr_table_set
38 #include "unixd.h"
39 extern unixd_config_rec unixd_config;
40 #define ap_user_id unixd_config.user_id
41 #define ap_group_id unixd_config.group_id
42 #define ap_user_name unixd_config.user_name
43 #define command(name, func, var, type, usage) \
44 AP_INIT_ ## type (name, (void*) func, \
45 (void*)APR_OFFSETOF(waklog_commands, var), \
46 OR_AUTHCFG | RSRC_CONF, usage)
47 typedef struct {
48 int dummy;
49 } child_info;
50
51 const char *userdata_key = "waklog_init";
52 #else
53 #include "ap_config.h"
54
55 module waklog_module;
56 #define MK_POOL pool
57 #define MK_TABLE_GET ap_table_get
58 #define command(name, func, var, type, usage) \
59 { name, func, \
60 (void*)XtOffsetOf(waklog_commands, var), \
61 OR_AUTHCFG | RSRC_CONF, type, usage }
62 #endif /* STANDARD20_MODULE_STUFF */
63
64 #define getModConfig(P, X) P = (waklog_config *) ap_get_module_config( (X)->module_config, &waklog_module );
65
66 #include <krb5.h>
67
68 #if defined(sun)
69 #include <sys/ioccom.h>
70 #endif /* sun */
71 #include <stropts.h>
72 #include <afs/venus.h>
73 #include <afs/auth.h>
74 #include <afs/dirpath.h>
75 #include <afs/ptuser.h>
76 #include <rx/rxkad.h>
77
78 #define KEYTAB "/etc/keytab.wwwserver"
79 #define PRINCIPAL "someplacewwwserver"
80 #define AFS_CELL "someplace.edu"
81
82 #define TKT_LIFE 10*60*60
83 #define SLEEP_TIME TKT_LIFE - 5*60
84 /* If there's an error, retry more aggressively */
85 #define ERR_SLEEP_TIME 5*60
86
87
88 #define K5PATH "FILE:/tmp/waklog.creds.k5"
89
90 typedef struct
91 {
92 int forked;
93 int configured;
94 int protect;
95 char *keytab;
96 char *principal;
97 char *afs_cell;
98 MK_POOL *p;
99 }
100 waklog_config;
101
102 typedef struct {
103 struct ktc_token token;
104 } waklog_child_config;
105 waklog_child_config child;
106
107 static void
108 log_error(const char *file, int line, int level, int status,
109 const server_rec *s, const char *fmt, ...)
110 {
111 char errstr[1024];
112 va_list ap;
113
114 va_start(ap, fmt);
115 vsnprintf(errstr, sizeof(errstr), fmt, ap);
116 va_end(ap);
117
118 #ifdef STANDARD20_MODULE_STUFF
119 ap_log_error(file, line, level | APLOG_NOERRNO, status, s, "%s", errstr);
120 #else
121 ap_log_error(file, line, level | APLOG_NOERRNO, s, "%s", errstr);
122 #endif
123
124 }
125
126 static void *
127 waklog_create_server_config( MK_POOL *p, server_rec *s )
128 {
129 waklog_config *cfg;
130
131 cfg = (waklog_config *)ap_pcalloc( p, sizeof( waklog_config ));
132 cfg->p = p;
133 cfg->forked = 0;
134 cfg->configured = 0;
135 cfg->protect = 0;
136 cfg->keytab = KEYTAB;
137 cfg->principal = PRINCIPAL;
138 cfg->afs_cell = AFS_CELL;
139
140 log_error( APLOG_MARK, APLOG_DEBUG, 0, s, "mod_waklog: server config created." );
141
142 return( cfg );
143 }
144
145
146 static const char *
147 set_waklog_protect( cmd_parms *params, void *mconfig, int flag )
148 {
149 waklog_config *cfg;
150
151 getModConfig(cfg, params->server );
152
153 cfg->protect = flag;
154 cfg->configured = 1;
155 log_error( APLOG_MARK, APLOG_DEBUG, 0, params->server, "mod_waklog: waklog_protect set" );
156 return( NULL );
157 }
158
159
160 static const char *
161 set_waklog_keytab( cmd_parms *params, void *mconfig, char *file )
162 {
163 waklog_config *cfg;
164
165 getModConfig(cfg, params->server );
166
167 log_error( APLOG_MARK, APLOG_INFO, 0, params->server,
168 "mod_waklog: will use keytab: %s", file );
169
170 cfg->keytab = ap_pstrdup ( params->pool, file );
171 cfg->configured = 1;
172 return( NULL );
173 }
174
175
176 static const char *
177 set_waklog_use_principal( cmd_parms *params, void *mconfig, char *file )
178 {
179 waklog_config *cfg;
180
181 getModConfig(cfg, params->server );
182
183 log_error( APLOG_MARK, APLOG_INFO, 0, params->server,
184 "mod_waklog: will use principal: %s", file );
185
186 cfg->principal = ap_pstrdup ( params->pool, file );
187 cfg->configured = 1;
188 return( NULL );
189 }
190
191
192 static const char *
193 set_waklog_use_afs_cell( cmd_parms *params, void *mconfig, char *file )
194 {
195 waklog_config *cfg;
196
197 getModConfig(cfg, params->server );
198
199 log_error( APLOG_MARK, APLOG_INFO, 0, params->server,
200 "mod_waklog: will use afs_cell: %s", file );
201
202 cfg->afs_cell = ap_pstrdup( params->pool, file );
203 cfg->configured = 1;
204 return( NULL );
205 }
206
207
208 static void
209 #ifdef STANDARD20_MODULE_STUFF
210 waklog_child_init(MK_POOL *p, server_rec *s)
211 #else
212 waklog_child_init(server_rec *s, MK_POOL *p)
213 #endif
214 {
215
216 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
217 "mod_waklog: child_init called" );
218
219 memset( &child.token, 0, sizeof( struct ktc_token ) );
220
221 setpag();
222
223 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
224 "mod_waklog: child_init returned" );
225
226 return;
227 }
228
229 typedef struct {
230 int wak_protect;
231 char *wak_keytab;
232 char *wak_ktprinc;
233 char *wak_afscell;
234 } waklog_commands;
235
236 command_rec waklog_cmds[ ] =
237 {
238 command("WaklogProtected", set_waklog_protect, wak_protect, FLAG, "enable waklog on a location or directory basis"),
239
240 command("WaklogKeytab", set_waklog_keytab, wak_keytab, TAKE1, "Use the supplied keytab rather than the default"),
241
242 command("WaklogUseKeytabPrincipal", set_waklog_use_principal, wak_ktprinc, TAKE1, "Use the supplied keytab principal rather than the default"),
243
244 command("WaklogUseAFSCell", set_waklog_use_afs_cell, wak_afscell, TAKE1, "Use the supplied AFS cell rather than the default"),
245
246 { NULL }
247 };
248
249
250 static int
251 token_cleanup( void *data )
252 {
253 request_rec *r = (request_rec *)data;
254
255 if ( child.token.ticketLen ) {
256 memset( &child.token, 0, sizeof( struct ktc_token ) );
257
258 ktc_ForgetAllTokens();
259
260 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
261 "mod_waklog: ktc_ForgetAllTokens succeeded: pid: %d", getpid() );
262 }
263 return 0;
264 }
265
266
267 static int
268 waklog_kinit( server_rec *s )
269 {
270 krb5_error_code kerror = 0;
271 krb5_context kcontext = NULL;
272 krb5_principal kprinc = NULL;
273 krb5_get_init_creds_opt kopts;
274 krb5_creds v5creds;
275 krb5_ccache kccache = NULL;
276 krb5_keytab keytab = NULL;
277 char ktbuf[ MAX_KEYTAB_NAME_LEN + 1 ];
278 int i;
279 waklog_config *cfg;
280
281 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
282 "mod_waklog: waklog_kinit called: pid: %d", getpid() );
283
284 getModConfig(cfg, s);
285
286 if (( kerror = krb5_init_context( &kcontext ))) {
287 log_error( APLOG_MARK, APLOG_ERR, 0, s,
288 "mod_waklog: %s", (char *)error_message( kerror ));
289
290 goto cleanup;
291 }
292
293 /* use the path */
294 if (( kerror = krb5_cc_resolve( kcontext, K5PATH, &kccache )) != 0 ) {
295 log_error( APLOG_MARK, APLOG_ERR, 0, s,
296 "mod_waklog: %s", (char *)error_message( kerror ));
297
298 goto cleanup;
299 }
300
301 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
302 "mod_waklog: principal: %s", cfg->principal );
303
304 if (( kerror = krb5_parse_name( kcontext, cfg->principal, &kprinc ))) {
305 log_error( APLOG_MARK, APLOG_ERR, 0, s,
306 "mod_waklog: %s", (char *)error_message( kerror ));
307
308 goto cleanup;
309 }
310
311 krb5_get_init_creds_opt_init( &kopts );
312 krb5_get_init_creds_opt_set_tkt_life( &kopts, TKT_LIFE );
313 krb5_get_init_creds_opt_set_renew_life( &kopts, 0 );
314 krb5_get_init_creds_opt_set_forwardable( &kopts, 1 );
315 krb5_get_init_creds_opt_set_proxiable( &kopts, 0 );
316
317 /* keytab from config */
318 strncpy( ktbuf, cfg->keytab, sizeof( ktbuf ) - 1 );
319
320 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
321 "mod_waklog: waklog_kinit using: %s", ktbuf );
322
323 if (( kerror = krb5_kt_resolve( kcontext, ktbuf, &keytab )) != 0 ) {
324 log_error( APLOG_MARK, APLOG_ERR, 0, s,
325 "mod_waklog:krb5_kt_resolve %s", (char *)error_message( kerror ));
326
327 goto cleanup;
328 }
329
330 memset( (char *)&v5creds, 0, sizeof(v5creds));
331
332 /* get the krbtgt */
333 if (( kerror = krb5_get_init_creds_keytab( kcontext, &v5creds,
334 kprinc, keytab, 0, NULL, &kopts ))) {
335
336 log_error( APLOG_MARK, APLOG_ERR, 0, s,
337 "mod_waklog:krb5_get_init_creds_keytab %s", (char *)error_message( kerror ));
338
339 goto cleanup;
340 }
341
342 if (( kerror = krb5_cc_initialize( kcontext, kccache, kprinc )) != 0 ) {
343 log_error( APLOG_MARK, APLOG_ERR, 0, s,
344 "mod_waklog:krb5_cc_initialize %s", (char *)error_message( kerror ));
345
346 goto cleanup;
347 }
348
349 kerror = krb5_cc_store_cred( kcontext, kccache, &v5creds );
350 krb5_free_cred_contents( kcontext, &v5creds );
351 if ( kerror != 0 ) {
352 log_error( APLOG_MARK, APLOG_ERR, 0, s,
353 "mod_waklog: %s", (char *)error_message( kerror ));
354
355 goto cleanup;
356 }
357
358 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
359 "mod_waklog: waklog_kinit success" );
360
361 cleanup:
362 if ( keytab )
363 (void)krb5_kt_close( kcontext, keytab );
364 if ( kprinc )
365 krb5_free_principal( kcontext, kprinc );
366 if ( kccache )
367 krb5_cc_close( kcontext, kccache );
368 if ( kcontext )
369 krb5_free_context( kcontext );
370
371 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
372 "mod_waklog: waklog_kinit: exiting" );
373
374 return( kerror );
375 }
376
377
378 static void
379 waklog_aklog( request_rec *r )
380 {
381 int rc;
382 char buf[ MAXKTCTICKETLEN ];
383 const char *k5path = NULL;
384 krb5_error_code kerror;
385 krb5_context kcontext = NULL;
386 krb5_creds increds;
387 krb5_creds *v5credsp = NULL;
388 krb5_ccache kccache = NULL;
389 struct ktc_principal server = { "afs", "", "" };
390 struct ktc_principal client;
391 struct ktc_token token;
392 waklog_config *cfg;
393 int buflen;
394
395 k5path = MK_TABLE_GET( r->subprocess_env, "KRB5CCNAME" );
396
397 log_error( APLOG_MARK, APLOG_INFO, 0, r->server,
398 "mod_waklog: waklog_aklog called: k5path: %s", k5path );
399
400 if ( k5path == NULL ) {
401 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
402 "mod_waklog: waklog_aklog giving up" );
403 goto cleanup;
404 }
405
406 /*
407 ** Get/build creds from file/tgs, then see if we need to SetToken
408 */
409
410 if (( kerror = krb5_init_context( &kcontext ))) {
411 /* Authentication Required ( kerberos error ) */
412 log_error( APLOG_MARK, APLOG_ERR, 0, r->server,
413 (char *)error_message( kerror ));
414
415 goto cleanup;
416 }
417
418 memset( (char *)&increds, 0, sizeof(increds));
419
420 getModConfig(cfg, r->server );
421
422 /* afs/<cell> or afs */
423 strncpy( buf, "afs", sizeof( buf ) - 1 );
424 if ( strcmp( cfg->afs_cell, AFS_CELL ) ) {
425 strncat( buf, "/" , sizeof( buf ) - strlen( buf ) - 1 );
426 strncat( buf, cfg->afs_cell, sizeof( buf ) - strlen( buf ) - 1 );
427 }
428
429 /* set server part */
430 if (( kerror = krb5_parse_name( kcontext, buf, &increds.server ))) {
431 log_error( APLOG_MARK, APLOG_ERR, 0, r->server,
432 (char *)error_message( kerror ));
433
434 goto cleanup;
435 }
436
437 if (( kerror = krb5_cc_resolve( kcontext, k5path, &kccache )) != 0 ) {
438 log_error( APLOG_MARK, APLOG_ERR, 0, r->server,
439 (char *)error_message( kerror ));
440
441 goto cleanup;
442 }
443
444 /* set client part */
445 krb5_cc_get_principal( kcontext, kccache, &increds.client );
446
447 increds.times.endtime = 0;
448 /* Ask for DES since that is what V4 understands */
449 increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC;
450
451 /* get the V5 credentials */
452 if (( kerror = krb5_get_credentials( kcontext, 0, kccache,
453 &increds, &v5credsp ) ) ) {
454 log_error( APLOG_MARK, APLOG_ERR, 0, r->server,
455 "mod_waklog: krb5_get_credentials: %s", error_message( kerror ));
456 goto cleanup;
457 }
458
459 /* don't overflow */
460 if ( v5credsp->ticket.length >= MAXKTCTICKETLEN ) { /* from krb524d.c */
461 log_error( APLOG_MARK, APLOG_ERR, 0, r->server,
462 "mod_waklog: ticket size (%d) too big to fake", v5credsp->ticket.length );
463 goto cleanup;
464 }
465
466 /* assemble the token */
467 memset( &token, 0, sizeof( struct ktc_token ) );
468
469 token.startTime = v5credsp->times.starttime ? v5credsp->times.starttime : v5credsp->times.authtime;
470 token.endTime = v5credsp->times.endtime;
471 memmove( &token.sessionKey, v5credsp->keyblock.contents, v5credsp->keyblock.length );
472 token.kvno = RXKAD_TKT_TYPE_KERBEROS_V5;
473 token.ticketLen = v5credsp->ticket.length;
474 memmove( token.ticket, v5credsp->ticket.data, token.ticketLen );
475
476 /* make sure we have to do this */
477 if ( child.token.kvno != token.kvno ||
478 child.token.ticketLen != token.ticketLen ||
479 (memcmp( &child.token.sessionKey, &token.sessionKey,
480 sizeof( token.sessionKey ) )) ||
481 (memcmp( child.token.ticket, token.ticket, token.ticketLen )) ) {
482
483 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
484 "mod_waklog: client: %s", buf );
485
486 /* build the name */
487 memmove( buf, v5credsp->client->data[0].data,
488 min( v5credsp->client->data[0].length, MAXKTCNAMELEN - 1 ) );
489 buf[ v5credsp->client->data[0].length ] = '\0';
490 if ( v5credsp->client->length > 1 ) {
491 strncat( buf, ".", sizeof( buf ) - strlen( buf ) - 1 );
492 buflen = strlen( buf );
493 memmove( buf + buflen, v5credsp->client->data[1].data,
494 min( v5credsp->client->data[1].length, MAXKTCNAMELEN - strlen( buf ) - 1 ) );
495 buf[ buflen + v5credsp->client->data[1].length ] = '\0';
496 }
497
498 /* assemble the client */
499 strncpy( client.name, buf, sizeof( client.name ) - 1 );
500 strncpy( client.instance, "", sizeof( client.instance) - 1 );
501 memmove( buf, v5credsp->client->realm.data,
502 min( v5credsp->client->realm.length, MAXKTCNAMELEN - 1 ) );
503 buf[ v5credsp->client->realm.length ] = '\0';
504 strncpy( client.cell, buf, sizeof( client.cell ) - 1 );
505
506 /* assemble the server's cell */
507 strncpy( server.cell, cfg->afs_cell , sizeof( server.cell ) - 1 );
508
509 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
510 "mod_waklog: server: name=%s, instance=%s, cell=%s",
511 server.name, server.instance, server.cell );
512
513 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
514 "mod_waklog: client: name=%s, instance=%s, cell=%s",
515 client.name, client.instance, client.cell );
516
517 /* use the path */
518
519 /* rumor: we have to do this for AIX 4.1.4 with AFS 3.4+ */
520 write( 2, "", 0 );
521
522 if ( ( rc = ktc_SetToken( &server, &token, &client, 0 ) ) ) {
523 log_error( APLOG_MARK, APLOG_ERR, 0, r->server,
524 "mod_waklog: settoken returned %d", rc );
525 goto cleanup;
526 }
527
528 /* save this */
529 memmove( &child.token, &token, sizeof( struct ktc_token ) );
530
531 /* we'll need to unlog when this connection is done. */
532 ap_register_cleanup( r->pool, (void *)r, token_cleanup, ap_null_cleanup );
533 }
534
535 cleanup:
536 if ( v5credsp )
537 krb5_free_cred_contents( kcontext, v5credsp );
538 if ( increds.client )
539 krb5_free_principal( kcontext, increds.client );
540 if ( increds.server )
541 krb5_free_principal( kcontext, increds.server );
542 if ( kccache )
543 krb5_cc_close( kcontext, kccache );
544 if ( kcontext )
545 krb5_free_context( kcontext );
546
547 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
548 "mod_waklog: finished with waklog_aklog" );
549
550 return;
551
552 }
553
554 static int
555 waklog_child_routine( void *s, child_info *pinfo )
556 {
557 if ( !getuid() ) {
558 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
559 "mod_waklog: waklog_child_routine called as root" );
560
561 /* this was causing the credential file to get owned by root */
562 #ifdef STANDARD20_MODULE_STUFF
563 setgid(ap_group_id);
564 setuid(ap_user_id);
565 #endif
566 }
567
568 while( 1 ) {
569 waklog_kinit( s );
570 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
571 "mod_waklog: child_routine sleeping" );
572 sleep( SLEEP_TIME );
573 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
574 "mod_waklog: slept, calling waklog_kinit" );
575 }
576
577 }
578
579 #ifdef STANDARD20_MODULE_STUFF
580 static int
581 waklog_init_handler(apr_pool_t *p, apr_pool_t *plog,
582 apr_pool_t *ptemp, server_rec *s)
583 {
584 int rv;
585 extern char *version;
586 apr_proc_t *proc;
587 waklog_config *cfg;
588 void *data;
589
590 getModConfig(cfg, s);
591
592 /* initialize_module() will be called twice, and if it's a DSO
593 * then all static data from the first call will be lost. Only
594 * set up our static data on the second call.
595 * see http://issues.apache.org/bugzilla/show_bug.cgi?id=37519 */
596 apr_pool_userdata_get(&data, userdata_key, s->process->pool);
597
598 if (!data) {
599 apr_pool_userdata_set((const void *)1, userdata_key,
600 apr_pool_cleanup_null, s->process->pool);
601 } else {
602 log_error( APLOG_MARK, APLOG_INFO, 0, s,
603 "mod_waklog: version %s initialized.", version );
604
605 proc = (apr_proc_t *)ap_pcalloc( s->process->pool, sizeof(apr_proc_t));
606
607 rv = apr_proc_fork(proc, s->process->pool);
608
609 if (rv == APR_INCHILD) {
610 waklog_child_routine(s, NULL);
611 } else {
612 apr_pool_note_subprocess(s->process->pool, proc, APR_KILL_ALWAYS);
613 }
614 /* parent and child */
615 cfg->forked = proc->pid;
616 }
617 return 0;
618 }
619 #else
620 static void
621 waklog_init( server_rec *s, MK_POOL *p )
622 {
623 extern char *version;
624 int pid;
625
626 log_error( APLOG_MARK, APLOG_INFO, 0, s,
627 "mod_waklog: version %s initialized.", version );
628
629 pid = ap_bspawn_child( p, waklog_child_routine, s, kill_always,
630 NULL, NULL, NULL );
631
632 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
633 "mod_waklog: ap_bspawn_child: %d.", pid );
634 }
635 #endif
636
637 static int
638 waklog_phase0( request_rec *r )
639 {
640 waklog_config *cfg;
641
642 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
643 "mod_waklog: phase0 called" );
644
645 getModConfig(cfg, r->server );
646
647 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
648 "mod_waklog: phase0, checking cfg->protect" );
649 if ( !cfg->protect ) {
650 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
651 "mod_waklog: phase0 declining" );
652 return( DECLINED );
653 }
654
655 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
656 "mod_waklog: phase0, NOT setting environment variable" );
657 /* set our environment variable */
658 apr_table_set( r->subprocess_env, "KRB5CCNAME", K5PATH );
659
660 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
661 "mod_waklog: phase0, checking child.token.ticketLen" );
662 /* do this only if we are still unauthenticated */
663 if ( !child.token.ticketLen ) {
664
665 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
666 "mod_waklog: phase0, calling waklog_aklog" );
667 /* stuff the credentials into the kernel */
668 waklog_aklog( r );
669 }
670
671 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
672 "mod_waklog: phase0 returning" );
673 return DECLINED;
674 }
675
676
677 static int
678 waklog_phase7( request_rec *r )
679 {
680 waklog_config *cfg;
681
682 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
683 "mod_waklog: phase7 called" );
684
685 getModConfig(cfg, r->server );
686
687 if ( !cfg->protect ) {
688 return( DECLINED );
689 }
690
691 /* stuff the credentials into the kernel */
692
693 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
694 "mod_waklog: phase7, calling waklog_aklog" );
695 waklog_aklog( r );
696
697 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
698 "mod_waklog: phase7 returning" );
699
700 return DECLINED;
701 }
702
703
704 static
705 #ifdef STANDARD20_MODULE_STUFF
706 int
707 #else
708 void
709 #endif
710 waklog_new_connection (conn_rec * c
711 #ifdef STANDARD20_MODULE_STUFF
712 , void *dummy
713 #endif
714 )
715 {
716
717 waklog_commands *cfg;
718
719 log_error (APLOG_MARK, APLOG_DEBUG, 0, c->base_server,
720 "mod_waklog: new_connection called: pid: %d", getpid ());
721 /*
722 getModConfig(cfg, c->base_server);
723
724 if ( cfg->default_principal ) {
725 log_error(APLOG_MARK, APLOG_DEBUG, 0, c->base_server, "mod_waklog: new conn setting default user %s",
726 cfg->default_principal);
727 set_auth( c->base_server, NULL, 0, cfg->default_principal, cfg->default_keytab, 0);
728 }
729 */
730
731 return
732 #ifdef STANDARD20_MODULE_STUFF
733 0
734 #endif
735 ;
736 }
737
738
739 /*
740 ** Here's a quick explaination for phase0 and phase2:
741 ** Apache does a stat() on the path between phase0 and
742 ** phase2, and must by ACLed rl to succeed. So, at
743 ** phase0 we acquire credentials for umweb:servers from
744 ** a keytab, and at phase2 we must ensure we remove them.
745 **
746 ** Failure to "unlog" would be a security risk.
747 */
748 static int
749 waklog_phase2 (request_rec * r)
750 {
751
752 log_error (APLOG_MARK, APLOG_DEBUG, 0, r->server,
753 "mod_waklog: phase2 called");
754
755 if (child.token.ticketLen)
756 {
757 memset (&child.token, 0, sizeof (struct ktc_token));
758
759 ktc_ForgetAllTokens ();
760
761 log_error (APLOG_MARK, APLOG_DEBUG, 0, r->server,
762 "mod_waklog: ktc_ForgetAllTokens succeeded: pid: %d",
763 getpid ());
764 }
765
766 log_error (APLOG_MARK, APLOG_DEBUG, 0, r->server,
767 "mod_waklog: phase2 returning");
768
769 return DECLINED;
770 }
771
772 #ifndef STANDARD20_MODULE_STUFF
773 module MODULE_VAR_EXPORT waklog_module = {
774 STANDARD_MODULE_STUFF,
775 waklog_init, /* module initializer */
776 #if 0
777 waklog_create_dir_config, /* create per-dir config structures */
778 #else /* 0 */
779 NULL, /* create per-dir config structures */
780 #endif /* 0 */
781 NULL, /* merge per-dir config structures */
782 waklog_create_server_config, /* create per-server config structures */
783 NULL, /* merge per-server config structures */
784 waklog_cmds, /* table of config file commands */
785 NULL, /* [#8] MIME-typed-dispatched handlers */
786 NULL, /* [#1] URI to filename translation */
787 NULL, /* [#4] validate user id from request */
788 NULL, /* [#5] check if the user is ok _here_ */
789 NULL, /* [#3] check access by host address */
790 NULL, /* [#6] determine MIME type */
791 waklog_phase7, /* [#7] pre-run fixups */
792 NULL, /* [#9] log a transaction */
793 waklog_phase2, /* [#2] header parser */
794 waklog_child_init, /* child_init */
795 NULL, /* child_exit */
796 waklog_phase0 /* [#0] post read-request */
797 #ifdef EAPI
798 ,NULL, /* EAPI: add_module */
799 NULL, /* EAPI: remove_module */
800 NULL, /* EAPI: rewrite_command */
801 waklog_new_connection /* EAPI: new_connection */
802 #endif
803 };
804 #else
805 static void
806 waklog_register_hooks (apr_pool_t * p)
807 {
808 ap_hook_header_parser (waklog_phase2, NULL, NULL, APR_HOOK_FIRST);
809 ap_hook_fixups (waklog_phase7, NULL, NULL, APR_HOOK_FIRST);
810 ap_hook_child_init (waklog_child_init, NULL, NULL, APR_HOOK_FIRST);
811 ap_hook_post_read_request (waklog_phase0, NULL, NULL, APR_HOOK_FIRST);
812 ap_hook_pre_connection (waklog_new_connection, NULL, NULL, APR_HOOK_FIRST);
813 ap_hook_post_config (waklog_init_handler, NULL, NULL, APR_HOOK_MIDDLE);
814 }
815
816
817 module AP_MODULE_DECLARE_DATA waklog_module =
818 {
819 STANDARD20_MODULE_STUFF,
820 NULL, /* create per-dir conf structures */
821 NULL, /* merge per-dir conf structures */
822 waklog_create_server_config, /* create per-server conf structures */
823 NULL, /* merge per-server conf structures */
824 waklog_cmds, /* table of configuration directives */
825 waklog_register_hooks /* register hooks */
826 };
827 #endif
828
libapache-mod-waklog packaging