#ifdef sun
#include <synch.h>
+#include <stropts.h>
+#include <sys/ioccom.h>
#elif linux
#define use_pthreads
#include <features.h>
/********************* APACHE1 ******************************************************************************/
#ifndef APACHE2
#include "ap_config.h"
-#if defined(sun)
-#include <sys/ioccom.h>
-#endif /* sun */
#include <http_conf_globals.h>
#define MK_POOL pool
#define MK_TABLE_GET ap_table_get
/**************************************************************************************************/
#include <krb5.h>
-#include <stropts.h>
+#include <kopenafs.h>
+
+#include <afs/param.h>
+
#include <afs/venus.h>
#include <afs/auth.h>
#include <afs/dirpath.h>
#define TKT_LIFE ( 12 * 60 * 60 )
#define SLEEP_TIME ( TKT_LIFE - 5*60 )
-#define WAKLOG_ON 1
-#define WAKLOG_OFF 2
-#define WAKLOG_UNSET 0
+#define WAKLOG_UNSET -1
#ifdef WAKLOG_DEBUG
#undef APLOG_DEBUG
#define getModConfig(P, X) P = (waklog_config *) ap_get_module_config( (X)->module_config, &waklog_module );
-#include <krb5.h>
-
-#if defined(sun)
-#include <sys/ioccom.h>
-#endif /* sun */
-#include <stropts.h>
-#include <afs/venus.h>
-#include <afs/auth.h>
-#include <afs/dirpath.h>
-#include <afs/ptuser.h>
-#include <rx/rxkad.h>
-
static void
log_error (const char *file, int line, int level, int status,
#ifdef APACHE2
if ( ! ( r && r->connection && r->user )) {
log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: self authentication selected, but no data available");
- log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: r->user=%s", (r->user==NULL ? "null" : r->user==NULL));
+ log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: r->user=%s", (r->user==NULL ? "null" : r->user));
return -1;
}
}
#endif
- log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "mod_waklog: set_auth: k5user=%s", k5user ? k5user : "NULL");
+ log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "mod_waklog: set_auth: k5user=%s", k5user);
mytime = time(0);
/* see if we should just go ahead and ignore this call, since we already should be set to these
}
/* if 'usecached' isn't set, we've got to get our tokens from somewhere... */
- if (( ! usecached ) && ( k5user )) {
+ if ( ! usecached ) {
/* clear out the creds structure */
memset((void *) &v5creds, 0, sizeof(v5creds));
strncat(buf, "/", sizeof(buf) - strlen(buf) - 1);
strncat(buf, cfg->afs_cell, sizeof(buf) - strlen(buf) - 1);
}
- if (cfg->afs_cell_realm != WAKLOG_UNSET) {
+ if (cfg->afs_cell_realm != NULL) {
strncat(buf, "@", sizeof(buf) - strlen(buf) - 1);
strncat(buf, cfg->afs_cell_realm, sizeof(buf) - strlen(buf) - 1);
}
}
+int get_cfg_usertokens(waklog_config *cfg)
+{
+ if (cfg->usertokens==WAKLOG_UNSET)
+ return 0; /* default */
+ return cfg->usertokens;
+}
+
+int get_cfg_protect(waklog_config *cfg)
+{
+ if (cfg->protect==WAKLOG_UNSET)
+ return 0; /* default */
+ return cfg->protect;
+}
+
+int get_cfg_disable_token_cache(waklog_config *cfg)
+{
+ if (cfg->disable_token_cache==WAKLOG_UNSET)
+ return 0; /* default */
+ return cfg->disable_token_cache;
+}
+
static void *
waklog_create_server_config (MK_POOL * p, server_rec * s)
cfg->protect = WAKLOG_UNSET;
cfg->usertokens = WAKLOG_UNSET;
cfg->disable_token_cache = WAKLOG_UNSET;
- cfg->keytab = WAKLOG_UNSET;
- cfg->principal = WAKLOG_UNSET;
- cfg->default_principal = WAKLOG_UNSET;
- cfg->default_keytab = WAKLOG_UNSET;
- cfg->afs_cell = WAKLOG_UNSET;
- cfg->afs_cell_realm = WAKLOG_UNSET;
+ cfg->keytab = NULL;
+ cfg->principal = NULL;
+ cfg->default_principal = NULL;
+ cfg->default_keytab = NULL;
+ cfg->afs_cell = NULL;
+ cfg->afs_cell_realm = NULL;
cfg->forked = 0;
cfg->configured = 0;
cfg->protect = WAKLOG_UNSET;
cfg->usertokens = WAKLOG_UNSET;
cfg->disable_token_cache = WAKLOG_UNSET;
- cfg->keytab = WAKLOG_UNSET;
- cfg->principal = WAKLOG_UNSET;
- cfg->default_principal = WAKLOG_UNSET;
- cfg->default_keytab = WAKLOG_UNSET;
- cfg->afs_cell = WAKLOG_UNSET;
- cfg->afs_cell_realm = WAKLOG_UNSET;
+ cfg->keytab = NULL;
+ cfg->principal = NULL;
+ cfg->default_principal = NULL;
+ cfg->default_keytab = NULL;
+ cfg->afs_cell = NULL;
+ cfg->afs_cell_realm = NULL;
cfg->forked = 0;
cfg->configured = 0;
merged->protect = child->protect != WAKLOG_UNSET ? child->protect : parent->protect;
- merged->path = child->path != WAKLOG_UNSET ? child->path : parent->path;
+ merged->path = child->path != NULL ? child->path : parent->path;
merged->usertokens = child->usertokens != WAKLOG_UNSET ? child->usertokens : parent->usertokens;
merged->disable_token_cache = child->disable_token_cache != WAKLOG_UNSET ? child->disable_token_cache : parent->disable_token_cache;
- merged->principal = child->principal != WAKLOG_UNSET ? child->principal : parent->principal;
+ merged->principal = child->principal != NULL ? child->principal : parent->principal;
- merged->keytab = child->keytab != WAKLOG_UNSET ? child->keytab : parent->keytab;
+ merged->keytab = child->keytab != NULL ? child->keytab : parent->keytab;
- merged->default_keytab = child->default_keytab != WAKLOG_UNSET ? child->default_keytab : parent->default_keytab;
+ merged->default_keytab = child->default_keytab != NULL ? child->default_keytab : parent->default_keytab;
- merged->default_principal = child->default_principal != WAKLOG_UNSET ? child->default_principal : parent->default_principal;
+ merged->default_principal = child->default_principal != NULL ? child->default_principal : parent->default_principal;
- merged->afs_cell = child->afs_cell != WAKLOG_UNSET ? child->afs_cell : parent->afs_cell;
+ merged->afs_cell = child->afs_cell != NULL ? child->afs_cell : parent->afs_cell;
- merged->afs_cell_realm = child->afs_cell_realm != WAKLOG_UNSET ? child->afs_cell_realm : parent->afs_cell_realm;
+ merged->afs_cell_realm = child->afs_cell_realm != NULL ? child->afs_cell_realm : parent->afs_cell_realm;
return (void *) merged;
merged->disable_token_cache = nconf->disable_token_cache == WAKLOG_UNSET ? pconf->disable_token_cache : nconf->disable_token_cache;
- merged->keytab = nconf->keytab == WAKLOG_UNSET ? ap_pstrdup(p, pconf->keytab) :
- ( nconf->keytab == WAKLOG_UNSET ? WAKLOG_UNSET : ap_pstrdup(p, pconf->keytab) );
+ merged->keytab = nconf->keytab == NULL ? ap_pstrdup(p, pconf->keytab) :
+ ( nconf->keytab == NULL ? NULL : ap_pstrdup(p, nconf->keytab) );
- merged->principal = nconf->principal == WAKLOG_UNSET ? ap_pstrdup(p, pconf->principal) :
- ( nconf->principal == WAKLOG_UNSET ? WAKLOG_UNSET : ap_pstrdup(p, pconf->principal) );
+ merged->principal = nconf->principal == NULL ? ap_pstrdup(p, pconf->principal) :
+ ( nconf->principal == NULL ? NULL : ap_pstrdup(p, nconf->principal) );
- merged->afs_cell = nconf->afs_cell == WAKLOG_UNSET ? ap_pstrdup(p, pconf->afs_cell) :
- ( nconf->afs_cell == WAKLOG_UNSET ? WAKLOG_UNSET : ap_pstrdup(p, pconf->afs_cell) );
+ merged->afs_cell = nconf->afs_cell == NULL ? ap_pstrdup(p, pconf->afs_cell) :
+ ( nconf->afs_cell == NULL ? NULL : ap_pstrdup(p, nconf->afs_cell) );
- merged->afs_cell_realm = nconf->afs_cell_realm == WAKLOG_UNSET ? ap_pstrdup(p, pconf->afs_cell_realm) :
- ( nconf->afs_cell_realm == WAKLOG_UNSET ? WAKLOG_UNSET : ap_pstrdup(p, pconf->afs_cell_realm) );
+ merged->afs_cell_realm = nconf->afs_cell_realm == NULL ? ap_pstrdup(p, pconf->afs_cell_realm) :
+ ( nconf->afs_cell_realm == NULL ? NULL : ap_pstrdup(p, nconf->afs_cell_realm) );
- merged->default_keytab = nconf->default_keytab == WAKLOG_UNSET ? ap_pstrdup(p, pconf->default_keytab) :
- ( nconf->default_keytab == WAKLOG_UNSET ? WAKLOG_UNSET : ap_pstrdup(p, pconf->default_keytab) );
+ merged->default_keytab = nconf->default_keytab == NULL ? ap_pstrdup(p, pconf->default_keytab) :
+ ( nconf->default_keytab == NULL ? NULL : ap_pstrdup(p, nconf->default_keytab) );
- merged->default_principal = nconf->default_principal == WAKLOG_UNSET ? ap_pstrdup(p, pconf->default_principal) :
- ( nconf->default_principal == WAKLOG_UNSET ? WAKLOG_UNSET : ap_pstrdup(p, pconf->default_principal) );
+ merged->default_principal = nconf->default_principal == NULL ? ap_pstrdup(p, pconf->default_principal) :
+ ( nconf->default_principal == NULL ? NULL : ap_pstrdup(p, nconf->default_principal) );
return (void *) merged;
log_error (APLOG_MARK, APLOG_INFO, 0, params->server,
"mod_waklog: will use afs_cell: %s", file);
- waklog_srvconfig->cell_in_principal = 0;
+ // Prefer afs/cell@REALM over afs@REALM, just like the OpenAFS tools
+ waklog_srvconfig->cell_in_principal = 1;
+
waklog_srvconfig->afs_cell = ap_pstrdup (params->pool, file);
waklog_srvconfig->configured = 1;
}
if ( pag_for_children ) {
- setpag ();
+ k_setpag ();
}
getModConfig (cfg, s);
- if ( cfg->default_principal != WAKLOG_UNSET ) {
+ if ( cfg->default_principal != NULL ) {
log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "mod_waklog: child_init setting default user %s, %s", cfg->default_principal, cfg->default_keytab);
set_auth( s, NULL, 0, cfg->default_principal, cfg->default_keytab, 0);
}
/* mmap the region */
if ( ( sharedspace = (struct sharedspace_s *) mmap ( NULL, sizeof(struct sharedspace_s), PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0 ) ) != MAP_FAILED ) {
+ int err = 0;
log_error( APLOG_MARK, APLOG_DEBUG, 0, s, "mod_waklog: shared mmap region ok %d", sharedspace );
- close(fd);
+ err = unlink(cache_file);
+ if (err) {
+ log_error( APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: unable to delete %s due to %d", cache_file, errno);
+ } else {
+ log_error( APLOG_MARK, APLOG_DEBUG, 0, s, "mod_waklog: shared cache unlinked (will be deleted when Apache quits)");
+ }
} else {
log_error( APLOG_MARK, APLOG_DEBUG, 0, s, "mod_waklog: mmap failed %d", errno );
exit(errno);
#define locktype rwlock_t
#endif
- if ( sharedlock = ( locktype * ) mmap ( NULL, sizeof(locktype), PROT_READ|PROT_WRITE, MAP_SHARED|MAP_ANON, -1, 0 ) ) {
+ if ( ( sharedlock = ( locktype * ) mmap ( NULL, sizeof(locktype), PROT_READ|PROT_WRITE, MAP_SHARED|MAP_ANON, -1, 0 ) ) != NULL ) {
#ifndef use_pthreads
rwlock_init(sharedlock, USYNC_PROCESS, NULL );
#else
cfg = retrieve_config(r);
- if ( cfg->protect && cfg->principal ) {
+ if ( get_cfg_protect(cfg) && cfg->principal ) {
log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "mod_waklog: phase0 using user %s", cfg->principal);
set_auth(r->server, r, 0, cfg->principal, cfg->keytab, 0);
} else if ( cfg->default_principal ) {
cfg = retrieve_config(r);
- if ( cfg->protect && cfg->principal ) {
+ if ( get_cfg_protect(cfg) && cfg->principal ) {
log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "mod_waklog: phase1 using user %s", cfg->principal);
set_auth(r->server, r, 0, cfg->principal, cfg->keytab, 0);
} else if ( cfg->default_principal ) {
cfg = retrieve_config(r);
- if ( cfg->protect && cfg->principal ) {
+ if ( get_cfg_protect(cfg) && cfg->principal ) {
log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "mod_waklog: phase3 using user %s", cfg->principal);
set_auth(r->server, r, 0, cfg->principal, cfg->keytab, 0);
} else if ( cfg->default_principal ) {
cfg = retrieve_config(r);
- if ( cfg->protect && cfg->principal ) {
+ if ( get_cfg_protect(cfg) && cfg->principal ) {
log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "mod_waklog: phase6 using user %s", cfg->principal);
set_auth(r->server, r, 0, cfg->principal, cfg->keytab, 0);
} else if ( cfg->default_principal ) {
cfg = retrieve_config (r);
- if ( cfg->protect && cfg->usertokens ) {
+ if ( get_cfg_protect(cfg) && get_cfg_usertokens(cfg) ) {
log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "mod_waklog: phase7 using usertokens");
rc = set_auth( r->server, r, 1, NULL, NULL, 0);
- } else if ( cfg->protect && cfg->principal ) {
+ } else if ( get_cfg_protect(cfg) && cfg->principal ) {
log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "mod_waklog: phase7 using user %s", cfg->principal);
rc = set_auth( r->server, r, 0, cfg->principal, cfg->keytab, 0);
} else if ( cfg->default_principal ) {