#ifdef sun
#include <synch.h>
+#include <stropts.h>
+#include <sys/ioccom.h>
#elif linux
#define use_pthreads
#include <features.h>
/********************* APACHE1 ******************************************************************************/
#ifndef APACHE2
#include "ap_config.h"
-#if defined(sun)
-#include <sys/ioccom.h>
-#endif /* sun */
#include <http_conf_globals.h>
#define MK_POOL pool
#define MK_TABLE_GET ap_table_get
/********************* APACHE2 ******************************************************************************/
#else
+#include "http_connection.h"
#include <apr_strings.h>
#include <apr_base64.h>
+#include <apr_time.h>
#define ap_pcalloc apr_pcalloc
#define ap_pdupstr apr_pdupstr
#define ap_pstrdup apr_pstrdup
#define MK_POOL apr_pool_t
#define MK_TABLE_GET apr_table_get
#define MK_TABLE_SET apr_table_set
-#include "unixd.h"
-extern unixd_config_rec unixd_config;
-#define ap_user_id unixd_config.user_id
-#define ap_group_id unixd_config.group_id
-#define ap_user_name unixd_config.user_name
#define command(name, func, var, type, usage) \
AP_INIT_ ## type (name, (void*) func, \
NULL, \
typedef struct { int dummy; } child_info;
const char *userdata_key = "waklog_init";
+/* Apache 2.4 */
+#ifdef APLOG_USE_MODULE
+APLOG_USE_MODULE(waklog);
+#endif
+
#endif /* APACHE2 */
/**************************************************************************************************/
#include <krb5.h>
-#include <stropts.h>
+#include <kopenafs.h>
#include <afs/param.h>
#include <afs/auth.h>
#include <afs/dirpath.h>
#include <afs/ptuser.h>
+#include <afs/com_err.h>
#include <rx/rxkad.h>
#define TKT_LIFE ( 12 * 60 * 60 )
#define getModConfig(P, X) P = (waklog_config *) ap_get_module_config( (X)->module_config, &waklog_module );
-#include <krb5.h>
-
-#if defined(sun)
-#include <sys/ioccom.h>
-#endif /* sun */
-#include <stropts.h>
-#include <afs/venus.h>
-#include <afs/auth.h>
-#include <afs/dirpath.h>
-#include <afs/ptuser.h>
-#include <rx/rxkad.h>
-
+#ifdef APLOG_USE_MODULE
+static void
+log_error (const char *file, int line, int module_index, int level, int status,
+ const server_rec * s, const char *fmt, ...)
+#else
static void
log_error (const char *file, int line, int level, int status,
const server_rec * s, const char *fmt, ...)
+#endif
{
char errstr[4096];
va_list ap;
va_end (ap);
#ifdef APACHE2
+ #ifdef APLOG_USE_MODULE
+ /* Apache 2.4 */
+ ap_log_error (file, line, module_index, level | APLOG_NOERRNO, status, s, "%s", errstr);
+ #else
ap_log_error (file, line, level | APLOG_NOERRNO, status, s, "(%d) %s", getpid(), errstr);
+ #endif
#else
ap_log_error (file, line, level | APLOG_NOERRNO, s, "(%d) %s", getpid(), errstr);
#endif
#ifdef APACHE2
if ( ! ( r && r->connection && r->user )) {
log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: self authentication selected, but no data available");
- log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: r->user=%s", (r->user==NULL ? "null" : r->user==NULL));
+ log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: r->user=%s", (r->user==NULL ? "null" : r->user));
return -1;
}
}
#endif
- log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "mod_waklog: set_auth: k5user=%s", k5user ? k5user : "NULL");
+ log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "mod_waklog: set_auth: k5user=%s", k5user);
mytime = time(0);
/* see if we should just go ahead and ignore this call, since we already should be set to these
}
/* if 'usecached' isn't set, we've got to get our tokens from somewhere... */
- if (( ! usecached ) && ( k5user )) {
+ if ( ! usecached ) {
/* clear out the creds structure */
memset((void *) &v5creds, 0, sizeof(v5creds));
/* create a principal out of our k5user string */
if ( ( kerror = krb5_parse_name (child.kcontext, k5user, &kprinc ) ) ) {
- log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: krb5_parse_name %s", (char *) error_message(kerror) );
+ log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: krb5_parse_name %s", (char *) afs_error_message(kerror) );
goto cleanup;
}
if ( ( kerror = krb5_kt_resolve(child.kcontext, keytab, &krb5kt ) ) ) {
log_error( APLOG_MARK, APLOG_ERR, 0, s,
- "mod_waklog: krb5_kt_resolve %s", error_message(kerror) );
+ "mod_waklog: krb5_kt_resolve %s", afs_error_message(kerror) );
goto cleanup;
}
if ((kerror = krb5_get_init_creds_keytab (child.kcontext, &v5creds,
kprinc, krb5kt, 0, NULL, &kopts ) ) ) {
log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: krb5_get_init_creds_keytab %s",
- error_message(kerror) );
+ afs_error_message(kerror) );
goto cleanup;
}
} else if (k5secret) {
if ((kerror = krb5_get_init_creds_password ( child.kcontext, &v5creds,
kprinc, k5secret, NULL, NULL, 0, NULL, &kopts ) ) ) {
log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: krb5_get_init_creds_password %s",
- error_message(kerror) );
+ afs_error_message(kerror) );
/* nuke the password so it doesn't end up in core files */
- memset(k5secret, 0, sizeof(k5secret));
+ memset(k5secret, 0, strlen(k5secret));
goto cleanup;
}
- memset(k5secret, 0, sizeof(k5secret));
+ memset(k5secret, 0, strlen(k5secret));
}
/* initialize the credentials cache and store the stuff we just got */
if ( ( kerror = krb5_cc_initialize (child.kcontext, child.ccache, kprinc) ) ) {
log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: init credentials cache %s",
- error_message(kerror));
+ afs_error_message(kerror));
goto cleanup;
}
if ( ( kerror = krb5_cc_store_cred(child.kcontext, child.ccache, &v5creds) ) ) {
log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: cannot store credentials %s",
- error_message(kerror));
+ afs_error_message(kerror));
goto cleanup;
}
krb5_free_cred_contents(child.kcontext, &v5creds);
if ( kerror ) {
- log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: store cred %s", error_message(kerror));
+ log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: store cred %s", afs_error_message(kerror));
goto cleanup;
}
log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "mod_waklog: using AFS principal: %s", buf);
if ((kerror = krb5_parse_name (child.kcontext, buf, &increds.server))) {
- log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: krb5_parse name %s", error_message(kerror));
+ log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: krb5_parse name %s", afs_error_message(kerror));
goto cleanup;
}
}
if ((kerror = krb5_cc_get_principal(child.kcontext, clientccache, &increds.client))) {
- log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: krb5_cc_get_princ %s %p", error_message(kerror), clientccache);
+ log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: krb5_cc_get_princ %s %p", afs_error_message(kerror), clientccache);
goto cleanup;
}
log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "mod_waklog: retrieved data from ccache for %s", k5user);
increds.times.endtime = 0;
-
- /* Since we're fetching a key for AFS, we have to use single DES
- and explicitely enable weak crypto using the secret API
- call */
- increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC;
- krb5_allow_weak_crypto (child.kcontext, 1);
if ( ( kerror = krb5_get_credentials (child.kcontext, 0, clientccache, &increds, &v5credsp ) ) ) {
/* only complain once we've tried both afs@REALM and afs/cell@REALM */
if (attempt>=1) {
log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: krb5_get_credentials: %s",
- error_message(kerror));
+ afs_error_message(kerror));
goto cleanup;
} else {
continue;
token.startTime = v5credsp->times.starttime ? v5credsp->times.starttime : v5credsp->times.authtime;
token.endTime = v5credsp->times.endtime;
- memmove( &token.sessionKey, v5credsp->keyblock.contents, v5credsp->keyblock.length);
+ if (tkt_DeriveDesKey(v5credsp->keyblock.enctype, v5credsp->keyblock.contents,
+ v5credsp->keyblock.length, &token.sessionKey) != 0) {
+ log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: tkt_DeriveDesKey failure (enctype: %d)",
+ v5credsp->keyblock.enctype);
+ goto cleanup;
+ }
token.kvno = RXKAD_TKT_TYPE_KERBEROS_V5;
token.ticketLen = v5credsp->ticket.length;
memmove( token.ticket, v5credsp->ticket.data, token.ticketLen);
if ((rc = ktc_SetToken(&child.server, &child.token, &child.client, 0))) {
log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "mod_waklog: settoken returned %s for %s -- trying again",
- error_message(rc), k5user);
+ afs_error_message(rc), k5user);
if ((rc = ktc_SetToken(&child.server, &child.token, &child.client, 0))) {
log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: settoken2 returned %s for %s",
- error_message(rc), k5user);
+ afs_error_message(rc), k5user);
goto cleanup;
}
}
if ( rc ) {
log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: set_auth ending with %d", rc );
} else if ( kerror ) {
- log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: set_auth ending with krb5 error %d, %s", kerror, error_message(kerror));
+ log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: set_auth ending with krb5 error %d, %s", kerror, afs_error_message(kerror));
} else {
log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "mod_waklog: set_auth ending ok");
}
}
if ( pag_for_children ) {
- setpag ();
+ k_setpag ();
}
getModConfig (cfg, s);
return 0;
}
+/* This function doesn't return anything but is passed to ap_bspawn_child on
+ * Apache 1 which expects it to return a pid as an int. For want of better
+ * understanding, err on the side of not changing Apache 1 code while fixing
+ * the compile warning on Apache 2. */
+#ifdef APACHE2
+static void
+#else
static int
+#endif
waklog_child_routine (void *data, child_info * pinfo)
{
int i;
apr_pool_t * ptemp, server_rec * s)
{
int rv;
- extern char *version;
apr_proc_t *proc;
waklog_config *cfg;
void *data;
else
{
log_error (APLOG_MARK, APLOG_INFO, 0, s,
- "mod_waklog: version %s initialized for cell %s", version, cfg->afs_cell);
+ "mod_waklog: version %s initialized for cell %s", VERSION, cfg->afs_cell);
if ( sharedspace ) {
log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: shared memory already allocated." );
struct sharedspace_s bob;
log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: sizing our cache file %d to %d", fd, sizeof(struct sharedspace_s) );
memset( &bob, 0, sizeof(struct sharedspace_s));
- write(fd, &bob, sizeof(struct sharedspace_s));
+ if ( write(fd, &bob, sizeof(struct sharedspace_s)) != sizeof(struct sharedspace_s) ) {
+ log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: failed to write to our cache file %s (%d)", cache_file, errno );
+ exit(errno);
+ }
log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: done sizing our cache file to %d", sizeof(struct sharedspace_s) );
}
#define locktype rwlock_t
#endif
- if ( sharedlock = ( locktype * ) mmap ( NULL, sizeof(locktype), PROT_READ|PROT_WRITE, MAP_SHARED|MAP_ANON, -1, 0 ) ) {
+ if ( ( sharedlock = ( locktype * ) mmap ( NULL, sizeof(locktype), PROT_READ|PROT_WRITE, MAP_SHARED|MAP_ANON, -1, 0 ) ) != NULL ) {
#ifndef use_pthreads
rwlock_init(sharedlock, USYNC_PROCESS, NULL );
#else
/* wait here until our child process has gone and done it's renewing thing. */
while( sharedspace->renewcount == oldrenewcount ) {
log_error( APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: waiting for tokens..." );
- sleep(2);
+ apr_sleep(150000);
}
}
static void
waklog_init (server_rec * s, MK_POOL * p)
{
- extern char *version;
int pid;
waklog_config *cfg;
int fd = -1;
#endif
log_error (APLOG_MARK, APLOG_DEBUG, 0, s,
- "mod_waklog: version %s initialized.", version);
+ "mod_waklog: version %s initialized.", VERSION);
if ( sharedspace ) {
log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: shared memory already allocated." );