HCoop / hcoop / debian / libapache-mod-waklog.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
first round of UMBC merges; all these changes are inert no-ops
[hcoop/debian/libapache-mod-waklog.git] / mod_waklog.c
1 #define _LARGEFILE64_SOURCE
2 #define _GNU_SOURCE
3
4 #include "httpd.h"
5 #include "http_config.h"
6 #include "http_log.h"
7 #include "http_protocol.h"
8 #include "http_request.h"
9 #include "http_core.h"
10
11 #ifdef sun
12 #include <synch.h>
13 #elif linux
14 #define use_pthreads
15 #include <features.h>
16 #include <sys/types.h>
17 #include <sys/mman.h>
18 #include <pthread.h>
19 #else
20 #error "make sure you include the right stuff here"
21 #endif
22
23 #ifndef MAXNAMELEN
24 #define MAXNAMELEN 1024
25 #endif
26
27 #ifdef STANDARD20_MODULE_STUFF
28 #include <apr_strings.h>
29 #include <apr_base64.h>
30 #include <apr_compat.h>
31 #include <apu_compat.h>
32
33 module AP_MODULE_DECLARE_DATA waklog_module;
34
35 #include <http_conf_globals.h>
36 #define MK_POOL apr_pool_t
37 #define MK_TABLE_GET apr_table_get
38 #define MK_TABLE_SET ap_table_set
39 #include "unixd.h"
40 extern unixd_config_rec unixd_config;
41 #define ap_user_id unixd_config.user_id
42 #define ap_group_id unixd_config.group_id
43 #define ap_user_name unixd_config.user_name
44 #define command(name, func, var, type, usage) \
45 AP_INIT_ ## type (name, (void*) func, \
46 (void*)APR_OFFSETOF(waklog_config, var), \
47 OR_AUTHCFG | RSRC_CONF, usage)
48 typedef struct {
49 int dummy;
50 } child_info;
51
52 const char *userdata_key = "waklog_init";
53 #else
54 #include "ap_config.h"
55
56 module waklog_module;
57 #define MK_POOL pool
58 #define MK_TABLE_GET ap_table_get
59 #define command(name, func, var, type, usage) \
60 { name, func, \
61 (void*)XtOffsetOf(waklog_config, var), \
62 OR_AUTHCFG | RSRC_CONF, type, usage }
63 #endif /* STANDARD20_MODULE_STUFF */
64
65 #define getModConfig(P, X) P = (waklog_host_config *) ap_get_module_config( (X)->module_config, &waklog_module );
66
67 #include <krb5.h>
68
69 #if defined(sun)
70 #include <sys/ioccom.h>
71 #endif /* sun */
72 #include <stropts.h>
73 #include <afs/venus.h>
74 #include <afs/auth.h>
75 #include <rx/rxkad.h>
76
77 #define KEYTAB "/etc/keytab.wwwserver"
78 #define KEYTAB_PRINCIPAL "someplacewwwserver"
79 #define AFS_CELL "someplace.edu"
80
81 #define TKT_LIFE 10*60*60
82 #define SLEEP_TIME TKT_LIFE - 5*60
83 /* If there's an error, retry more aggressively */
84 #define ERR_SLEEP_TIME 5*60
85
86
87 #define K5PATH "FILE:/tmp/waklog.creds.k5"
88
89 typedef struct {
90 int forked;
91 int configured;
92 int protect;
93 char *keytab;
94 char *keytab_principal;
95 char *afs_cell;
96 MK_POOL *p;
97 } waklog_host_config;
98
99 typedef struct {
100 struct ktc_token token;
101 } waklog_child_config;
102 waklog_child_config child;
103
104 static void
105 log_error(const char *file, int line, int level, int status,
106 const server_rec *s, const char *fmt, ...)
107 {
108 char errstr[1024];
109 va_list ap;
110
111 va_start(ap, fmt);
112 vsnprintf(errstr, sizeof(errstr), fmt, ap);
113 va_end(ap);
114
115 #ifdef STANDARD20_MODULE_STUFF
116 ap_log_error(file, line, level | APLOG_NOERRNO, status, s, "%s", errstr);
117 #else
118 ap_log_error(file, line, level | APLOG_NOERRNO, s, "%s", errstr);
119 #endif
120
121 }
122
123 static void *
124 waklog_create_server_config( MK_POOL *p, server_rec *s )
125 {
126 waklog_host_config *cfg;
127
128 cfg = (waklog_host_config *)ap_pcalloc( p, sizeof( waklog_host_config ));
129 cfg->p = p;
130 cfg->forked = 0;
131 cfg->configured = 0;
132 cfg->protect = 0;
133 cfg->keytab = KEYTAB;
134 cfg->keytab_principal = KEYTAB_PRINCIPAL;
135 cfg->afs_cell = AFS_CELL;
136
137 log_error( APLOG_MARK, APLOG_DEBUG, 0, s, "mod_waklog: server config created." );
138
139 return( cfg );
140 }
141
142
143 static const char *
144 set_waklog_protect( cmd_parms *params, void *mconfig, int flag )
145 {
146 waklog_host_config *cfg;
147
148 getModConfig(cfg, params->server );
149
150 cfg->protect = flag;
151 cfg->configured = 1;
152 log_error( APLOG_MARK, APLOG_DEBUG, 0, params->server, "mod_waklog: waklog_protect set" );
153 return( NULL );
154 }
155
156
157 static const char *
158 set_waklog_keytab( cmd_parms *params, void *mconfig, char *file )
159 {
160 waklog_host_config *cfg;
161
162 getModConfig(cfg, params->server );
163
164 log_error( APLOG_MARK, APLOG_INFO, 0, params->server,
165 "mod_waklog: will use keytab: %s", file );
166
167 cfg->keytab = ap_pstrdup ( params->pool, file );
168 cfg->configured = 1;
169 return( NULL );
170 }
171
172
173 static const char *
174 set_waklog_use_keytab_principal( cmd_parms *params, void *mconfig, char *file )
175 {
176 waklog_host_config *cfg;
177
178 getModConfig(cfg, params->server );
179
180 log_error( APLOG_MARK, APLOG_INFO, 0, params->server,
181 "mod_waklog: will use keytab_principal: %s", file );
182
183 cfg->keytab_principal = ap_pstrdup ( params->pool, file );
184 cfg->configured = 1;
185 return( NULL );
186 }
187
188
189 static const char *
190 set_waklog_use_afs_cell( cmd_parms *params, void *mconfig, char *file )
191 {
192 waklog_host_config *cfg;
193
194 getModConfig(cfg, params->server );
195
196 log_error( APLOG_MARK, APLOG_INFO, 0, params->server,
197 "mod_waklog: will use afs_cell: %s", file );
198
199 cfg->afs_cell = ap_pstrdup( params->pool, file );
200 cfg->configured = 1;
201 return( NULL );
202 }
203
204
205 static void
206 #ifdef STANDARD20_MODULE_STUFF
207 waklog_child_init(MK_POOL *p, server_rec *s)
208 #else
209 waklog_child_init(server_rec *s, MK_POOL *p)
210 #endif
211 {
212
213 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
214 "mod_waklog: child_init called" );
215
216 memset( &child.token, 0, sizeof( struct ktc_token ) );
217
218 setpag();
219
220 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
221 "mod_waklog: child_init returned" );
222
223 return;
224 }
225
226 typedef struct {
227 int wak_protect;
228 char *wak_keytab;
229 char *wak_ktprinc;
230 char *wak_afscell;
231 } waklog_config;
232
233 command_rec waklog_cmds[ ] =
234 {
235 command("WaklogProtected", set_waklog_protect, wak_protect, FLAG, "enable waklog on a location or directory basis"),
236
237 command("WaklogKeytab", set_waklog_keytab, wak_keytab, TAKE1, "Use the supplied keytab rather than the default"),
238
239 command("WaklogUseKeytabPrincipal", set_waklog_use_keytab_principal, wak_ktprinc, TAKE1, "Use the supplied keytab principal rather than the default"),
240
241 command("WaklogUseAFSCell", set_waklog_use_afs_cell, wak_afscell, TAKE1, "Use the supplied AFS cell rather than the default"),
242
243 { NULL }
244 };
245
246
247 static int
248 token_cleanup( void *data )
249 {
250 request_rec *r = (request_rec *)data;
251
252 if ( child.token.ticketLen ) {
253 memset( &child.token, 0, sizeof( struct ktc_token ) );
254
255 ktc_ForgetAllTokens();
256
257 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
258 "mod_waklog: ktc_ForgetAllTokens succeeded: pid: %d", getpid() );
259 }
260 return 0;
261 }
262
263
264 static int
265 waklog_kinit( server_rec *s )
266 {
267 krb5_error_code kerror = 0;
268 krb5_context kcontext = NULL;
269 krb5_principal kprinc = NULL;
270 krb5_get_init_creds_opt kopts;
271 krb5_creds v5creds;
272 krb5_ccache kccache = NULL;
273 krb5_keytab keytab = NULL;
274 char ktbuf[ MAX_KEYTAB_NAME_LEN + 1 ];
275 int i;
276 waklog_host_config *cfg;
277
278 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
279 "mod_waklog: waklog_kinit called: pid: %d", getpid() );
280
281 getModConfig(cfg, s);
282
283 if (( kerror = krb5_init_context( &kcontext ))) {
284 log_error( APLOG_MARK, APLOG_ERR, 0, s,
285 "mod_waklog: %s", (char *)error_message( kerror ));
286
287 goto cleanup;
288 }
289
290 /* use the path */
291 if (( kerror = krb5_cc_resolve( kcontext, K5PATH, &kccache )) != 0 ) {
292 log_error( APLOG_MARK, APLOG_ERR, 0, s,
293 "mod_waklog: %s", (char *)error_message( kerror ));
294
295 goto cleanup;
296 }
297
298 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
299 "mod_waklog: keytab_principal: %s", cfg->keytab_principal );
300
301 if (( kerror = krb5_parse_name( kcontext, cfg->keytab_principal, &kprinc ))) {
302 log_error( APLOG_MARK, APLOG_ERR, 0, s,
303 "mod_waklog: %s", (char *)error_message( kerror ));
304
305 goto cleanup;
306 }
307
308 krb5_get_init_creds_opt_init( &kopts );
309 krb5_get_init_creds_opt_set_tkt_life( &kopts, TKT_LIFE );
310 krb5_get_init_creds_opt_set_renew_life( &kopts, 0 );
311 krb5_get_init_creds_opt_set_forwardable( &kopts, 1 );
312 krb5_get_init_creds_opt_set_proxiable( &kopts, 0 );
313
314 /* keytab from config */
315 strncpy( ktbuf, cfg->keytab, sizeof( ktbuf ) - 1 );
316
317 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
318 "mod_waklog: waklog_kinit using: %s", ktbuf );
319
320 if (( kerror = krb5_kt_resolve( kcontext, ktbuf, &keytab )) != 0 ) {
321 log_error( APLOG_MARK, APLOG_ERR, 0, s,
322 "mod_waklog:krb5_kt_resolve %s", (char *)error_message( kerror ));
323
324 goto cleanup;
325 }
326
327 memset( (char *)&v5creds, 0, sizeof(v5creds));
328
329 /* get the krbtgt */
330 if (( kerror = krb5_get_init_creds_keytab( kcontext, &v5creds,
331 kprinc, keytab, 0, NULL, &kopts ))) {
332
333 log_error( APLOG_MARK, APLOG_ERR, 0, s,
334 "mod_waklog:krb5_get_init_creds_keytab %s", (char *)error_message( kerror ));
335
336 goto cleanup;
337 }
338
339 if (( kerror = krb5_cc_initialize( kcontext, kccache, kprinc )) != 0 ) {
340 log_error( APLOG_MARK, APLOG_ERR, 0, s,
341 "mod_waklog:krb5_cc_initialize %s", (char *)error_message( kerror ));
342
343 goto cleanup;
344 }
345
346 kerror = krb5_cc_store_cred( kcontext, kccache, &v5creds );
347 krb5_free_cred_contents( kcontext, &v5creds );
348 if ( kerror != 0 ) {
349 log_error( APLOG_MARK, APLOG_ERR, 0, s,
350 "mod_waklog: %s", (char *)error_message( kerror ));
351
352 goto cleanup;
353 }
354
355 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
356 "mod_waklog: waklog_kinit success" );
357
358 cleanup:
359 if ( keytab )
360 (void)krb5_kt_close( kcontext, keytab );
361 if ( kprinc )
362 krb5_free_principal( kcontext, kprinc );
363 if ( kccache )
364 krb5_cc_close( kcontext, kccache );
365 if ( kcontext )
366 krb5_free_context( kcontext );
367
368 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
369 "mod_waklog: waklog_kinit: exiting" );
370
371 return( kerror );
372 }
373
374
375 static void
376 waklog_aklog( request_rec *r )
377 {
378 int rc;
379 char buf[ MAXKTCTICKETLEN ];
380 const char *k5path = NULL;
381 krb5_error_code kerror;
382 krb5_context kcontext = NULL;
383 krb5_creds increds;
384 krb5_creds *v5credsp = NULL;
385 krb5_ccache kccache = NULL;
386 struct ktc_principal server = { "afs", "", "" };
387 struct ktc_principal client;
388 struct ktc_token token;
389 waklog_host_config *cfg;
390 int buflen;
391
392 k5path = MK_TABLE_GET( r->subprocess_env, "KRB5CCNAME" );
393
394 log_error( APLOG_MARK, APLOG_INFO, 0, r->server,
395 "mod_waklog: waklog_aklog called: k5path: %s", k5path );
396
397 if ( k5path == NULL ) {
398 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
399 "mod_waklog: waklog_aklog giving up" );
400 goto cleanup;
401 }
402
403 /*
404 ** Get/build creds from file/tgs, then see if we need to SetToken
405 */
406
407 if (( kerror = krb5_init_context( &kcontext ))) {
408 /* Authentication Required ( kerberos error ) */
409 log_error( APLOG_MARK, APLOG_ERR, 0, r->server,
410 (char *)error_message( kerror ));
411
412 goto cleanup;
413 }
414
415 memset( (char *)&increds, 0, sizeof(increds));
416
417 getModConfig(cfg, r->server );
418
419 /* afs/<cell> or afs */
420 strncpy( buf, "afs", sizeof( buf ) - 1 );
421 if ( strcmp( cfg->afs_cell, AFS_CELL ) ) {
422 strncat( buf, "/" , sizeof( buf ) - strlen( buf ) - 1 );
423 strncat( buf, cfg->afs_cell, sizeof( buf ) - strlen( buf ) - 1 );
424 }
425
426 /* set server part */
427 if (( kerror = krb5_parse_name( kcontext, buf, &increds.server ))) {
428 log_error( APLOG_MARK, APLOG_ERR, 0, r->server,
429 (char *)error_message( kerror ));
430
431 goto cleanup;
432 }
433
434 if (( kerror = krb5_cc_resolve( kcontext, k5path, &kccache )) != 0 ) {
435 log_error( APLOG_MARK, APLOG_ERR, 0, r->server,
436 (char *)error_message( kerror ));
437
438 goto cleanup;
439 }
440
441 /* set client part */
442 krb5_cc_get_principal( kcontext, kccache, &increds.client );
443
444 increds.times.endtime = 0;
445 /* Ask for DES since that is what V4 understands */
446 increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC;
447
448 /* get the V5 credentials */
449 if (( kerror = krb5_get_credentials( kcontext, 0, kccache,
450 &increds, &v5credsp ) ) ) {
451 log_error( APLOG_MARK, APLOG_ERR, 0, r->server,
452 "mod_waklog: krb5_get_credentials: %s", error_message( kerror ));
453 goto cleanup;
454 }
455
456 /* don't overflow */
457 if ( v5credsp->ticket.length >= MAXKTCTICKETLEN ) { /* from krb524d.c */
458 log_error( APLOG_MARK, APLOG_ERR, 0, r->server,
459 "mod_waklog: ticket size (%d) too big to fake", v5credsp->ticket.length );
460 goto cleanup;
461 }
462
463 /* assemble the token */
464 memset( &token, 0, sizeof( struct ktc_token ) );
465
466 token.startTime = v5credsp->times.starttime ? v5credsp->times.starttime : v5credsp->times.authtime;
467 token.endTime = v5credsp->times.endtime;
468 memmove( &token.sessionKey, v5credsp->keyblock.contents, v5credsp->keyblock.length );
469 token.kvno = RXKAD_TKT_TYPE_KERBEROS_V5;
470 token.ticketLen = v5credsp->ticket.length;
471 memmove( token.ticket, v5credsp->ticket.data, token.ticketLen );
472
473 /* make sure we have to do this */
474 if ( child.token.kvno != token.kvno ||
475 child.token.ticketLen != token.ticketLen ||
476 (memcmp( &child.token.sessionKey, &token.sessionKey,
477 sizeof( token.sessionKey ) )) ||
478 (memcmp( child.token.ticket, token.ticket, token.ticketLen )) ) {
479
480 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
481 "mod_waklog: client: %s", buf );
482
483 /* build the name */
484 memmove( buf, v5credsp->client->data[0].data,
485 min( v5credsp->client->data[0].length, MAXKTCNAMELEN - 1 ) );
486 buf[ v5credsp->client->data[0].length ] = '\0';
487 if ( v5credsp->client->length > 1 ) {
488 strncat( buf, ".", sizeof( buf ) - strlen( buf ) - 1 );
489 buflen = strlen( buf );
490 memmove( buf + buflen, v5credsp->client->data[1].data,
491 min( v5credsp->client->data[1].length, MAXKTCNAMELEN - strlen( buf ) - 1 ) );
492 buf[ buflen + v5credsp->client->data[1].length ] = '\0';
493 }
494
495 /* assemble the client */
496 strncpy( client.name, buf, sizeof( client.name ) - 1 );
497 strncpy( client.instance, "", sizeof( client.instance) - 1 );
498 memmove( buf, v5credsp->client->realm.data,
499 min( v5credsp->client->realm.length, MAXKTCNAMELEN - 1 ) );
500 buf[ v5credsp->client->realm.length ] = '\0';
501 strncpy( client.cell, buf, sizeof( client.cell ) - 1 );
502
503 /* assemble the server's cell */
504 strncpy( server.cell, cfg->afs_cell , sizeof( server.cell ) - 1 );
505
506 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
507 "mod_waklog: server: name=%s, instance=%s, cell=%s",
508 server.name, server.instance, server.cell );
509
510 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
511 "mod_waklog: client: name=%s, instance=%s, cell=%s",
512 client.name, client.instance, client.cell );
513
514 /* use the path */
515
516 /* rumor: we have to do this for AIX 4.1.4 with AFS 3.4+ */
517 write( 2, "", 0 );
518
519 if ( ( rc = ktc_SetToken( &server, &token, &client, 0 ) ) ) {
520 log_error( APLOG_MARK, APLOG_ERR, 0, r->server,
521 "mod_waklog: settoken returned %d", rc );
522 goto cleanup;
523 }
524
525 /* save this */
526 memmove( &child.token, &token, sizeof( struct ktc_token ) );
527
528 /* we'll need to unlog when this connection is done. */
529 ap_register_cleanup( r->pool, (void *)r, token_cleanup, ap_null_cleanup );
530 }
531
532 cleanup:
533 if ( v5credsp )
534 krb5_free_cred_contents( kcontext, v5credsp );
535 if ( increds.client )
536 krb5_free_principal( kcontext, increds.client );
537 if ( increds.server )
538 krb5_free_principal( kcontext, increds.server );
539 if ( kccache )
540 krb5_cc_close( kcontext, kccache );
541 if ( kcontext )
542 krb5_free_context( kcontext );
543
544 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
545 "mod_waklog: finished with waklog_aklog" );
546
547 return;
548
549 }
550
551 static int
552 waklog_child_routine( void *s, child_info *pinfo )
553 {
554 if ( !getuid() ) {
555 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
556 "mod_waklog: waklog_child_routine called as root" );
557
558 /* this was causing the credential file to get owned by root */
559 #ifdef STANDARD20_MODULE_STUFF
560 setgid(ap_group_id);
561 setuid(ap_user_id);
562 #endif
563 }
564
565 while( 1 ) {
566 waklog_kinit( s );
567 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
568 "mod_waklog: child_routine sleeping" );
569 sleep( SLEEP_TIME );
570 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
571 "mod_waklog: slept, calling waklog_kinit" );
572 }
573
574 }
575
576 #ifdef STANDARD20_MODULE_STUFF
577 static int
578 waklog_init_handler(apr_pool_t *p, apr_pool_t *plog,
579 apr_pool_t *ptemp, server_rec *s)
580 {
581 int rv;
582 extern char *version;
583 apr_proc_t *proc;
584 waklog_host_config *cfg;
585 void *data;
586
587 getModConfig(cfg, s);
588
589 /* initialize_module() will be called twice, and if it's a DSO
590 * then all static data from the first call will be lost. Only
591 * set up our static data on the second call.
592 * see http://issues.apache.org/bugzilla/show_bug.cgi?id=37519 */
593 apr_pool_userdata_get(&data, userdata_key, s->process->pool);
594
595 if (!data) {
596 apr_pool_userdata_set((const void *)1, userdata_key,
597 apr_pool_cleanup_null, s->process->pool);
598 } else {
599 log_error( APLOG_MARK, APLOG_INFO, 0, s,
600 "mod_waklog: version %s initialized.", version );
601
602 proc = (apr_proc_t *)ap_pcalloc( s->process->pool, sizeof(apr_proc_t));
603
604 rv = apr_proc_fork(proc, s->process->pool);
605
606 if (rv == APR_INCHILD) {
607 waklog_child_routine(s, NULL);
608 } else {
609 apr_pool_note_subprocess(s->process->pool, proc, APR_KILL_ALWAYS);
610 }
611 /* parent and child */
612 cfg->forked = proc->pid;
613 }
614 return 0;
615 }
616 #else
617 static void
618 waklog_init( server_rec *s, MK_POOL *p )
619 {
620 extern char *version;
621 int pid;
622
623 log_error( APLOG_MARK, APLOG_INFO, 0, s,
624 "mod_waklog: version %s initialized.", version );
625
626 pid = ap_bspawn_child( p, waklog_child_routine, s, kill_always,
627 NULL, NULL, NULL );
628
629 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
630 "mod_waklog: ap_bspawn_child: %d.", pid );
631 }
632 #endif
633
634 static int
635 waklog_phase0( request_rec *r )
636 {
637 waklog_host_config *cfg;
638
639 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
640 "mod_waklog: phase0 called" );
641
642 getModConfig(cfg, r->server );
643
644 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
645 "mod_waklog: phase0, checking cfg->protect" );
646 if ( !cfg->protect ) {
647 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
648 "mod_waklog: phase0 declining" );
649 return( DECLINED );
650 }
651
652 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
653 "mod_waklog: phase0, NOT setting environment variable" );
654 /* set our environment variable */
655 apr_table_set( r->subprocess_env, "KRB5CCNAME", K5PATH );
656
657 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
658 "mod_waklog: phase0, checking child.token.ticketLen" );
659 /* do this only if we are still unauthenticated */
660 if ( !child.token.ticketLen ) {
661
662 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
663 "mod_waklog: phase0, calling waklog_aklog" );
664 /* stuff the credentials into the kernel */
665 waklog_aklog( r );
666 }
667
668 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
669 "mod_waklog: phase0 returning" );
670 return DECLINED;
671 }
672
673
674 static int
675 waklog_phase7( request_rec *r )
676 {
677 waklog_host_config *cfg;
678
679 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
680 "mod_waklog: phase7 called" );
681
682 getModConfig(cfg, r->server );
683
684 if ( !cfg->protect ) {
685 return( DECLINED );
686 }
687
688 /* stuff the credentials into the kernel */
689
690 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
691 "mod_waklog: phase7, calling waklog_aklog" );
692 waklog_aklog( r );
693
694 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
695 "mod_waklog: phase7 returning" );
696
697 return DECLINED;
698 }
699
700
701 static
702 #ifdef STANDARD20_MODULE_STUFF
703 int
704 #else
705 void
706 #endif
707 waklog_new_connection (conn_rec * c
708 #ifdef STANDARD20_MODULE_STUFF
709 , void *dummy
710 #endif
711 )
712 {
713
714 waklog_config *cfg;
715
716 log_error (APLOG_MARK, APLOG_DEBUG, 0, c->base_server,
717 "mod_waklog: new_connection called: pid: %d", getpid ());
718 /*
719 getModConfig(cfg, c->base_server);
720
721 if ( cfg->default_principal ) {
722 log_error(APLOG_MARK, APLOG_DEBUG, 0, c->base_server, "mod_waklog: new conn setting default user %s",
723 cfg->default_principal);
724 set_auth( c->base_server, NULL, 0, cfg->default_principal, cfg->default_keytab, 0);
725 }
726 */
727
728 return
729 #ifdef STANDARD20_MODULE_STUFF
730 0
731 #endif
732 ;
733 }
734
735
736 /*
737 ** Here's a quick explaination for phase0 and phase2:
738 ** Apache does a stat() on the path between phase0 and
739 ** phase2, and must by ACLed rl to succeed. So, at
740 ** phase0 we acquire credentials for umweb:servers from
741 ** a keytab, and at phase2 we must ensure we remove them.
742 **
743 ** Failure to "unlog" would be a security risk.
744 */
745 static int
746 waklog_phase2 (request_rec * r)
747 {
748
749 log_error (APLOG_MARK, APLOG_DEBUG, 0, r->server,
750 "mod_waklog: phase2 called");
751
752 if (child.token.ticketLen)
753 {
754 memset (&child.token, 0, sizeof (struct ktc_token));
755
756 ktc_ForgetAllTokens ();
757
758 log_error (APLOG_MARK, APLOG_DEBUG, 0, r->server,
759 "mod_waklog: ktc_ForgetAllTokens succeeded: pid: %d",
760 getpid ());
761 }
762
763 log_error (APLOG_MARK, APLOG_DEBUG, 0, r->server,
764 "mod_waklog: phase2 returning");
765
766 return DECLINED;
767 }
768
769 #ifndef STANDARD20_MODULE_STUFF
770 module MODULE_VAR_EXPORT waklog_module = {
771 STANDARD_MODULE_STUFF,
772 waklog_init, /* module initializer */
773 #if 0
774 waklog_create_dir_config, /* create per-dir config structures */
775 #else /* 0 */
776 NULL, /* create per-dir config structures */
777 #endif /* 0 */
778 NULL, /* merge per-dir config structures */
779 waklog_create_server_config, /* create per-server config structures */
780 NULL, /* merge per-server config structures */
781 waklog_cmds, /* table of config file commands */
782 NULL, /* [#8] MIME-typed-dispatched handlers */
783 NULL, /* [#1] URI to filename translation */
784 NULL, /* [#4] validate user id from request */
785 NULL, /* [#5] check if the user is ok _here_ */
786 NULL, /* [#3] check access by host address */
787 NULL, /* [#6] determine MIME type */
788 waklog_phase7, /* [#7] pre-run fixups */
789 NULL, /* [#9] log a transaction */
790 waklog_phase2, /* [#2] header parser */
791 waklog_child_init, /* child_init */
792 NULL, /* child_exit */
793 waklog_phase0 /* [#0] post read-request */
794 #ifdef EAPI
795 ,NULL, /* EAPI: add_module */
796 NULL, /* EAPI: remove_module */
797 NULL, /* EAPI: rewrite_command */
798 waklog_new_connection /* EAPI: new_connection */
799 #endif
800 };
801 #else
802 static void
803 waklog_register_hooks (apr_pool_t * p)
804 {
805 ap_hook_header_parser (waklog_phase2, NULL, NULL, APR_HOOK_FIRST);
806 ap_hook_fixups (waklog_phase7, NULL, NULL, APR_HOOK_FIRST);
807 ap_hook_child_init (waklog_child_init, NULL, NULL, APR_HOOK_FIRST);
808 ap_hook_post_read_request (waklog_phase0, NULL, NULL, APR_HOOK_FIRST);
809 ap_hook_pre_connection (waklog_new_connection, NULL, NULL, APR_HOOK_FIRST);
810 ap_hook_post_config (waklog_init_handler, NULL, NULL, APR_HOOK_MIDDLE);
811 }
812
813
814 module AP_MODULE_DECLARE_DATA waklog_module =
815 {
816 STANDARD20_MODULE_STUFF,
817 NULL, /* create per-dir conf structures */
818 NULL, /* merge per-dir conf structures */
819 waklog_create_server_config, /* create per-server conf structures */
820 NULL, /* merge per-server conf structures */
821 waklog_cmds, /* table of configuration directives */
822 waklog_register_hooks /* register hooks */
823 };
824 #endif
825
libapache-mod-waklog packaging