X-Git-Url: https://git.hcoop.net/hcoop/debian/libapache-mod-waklog.git/blobdiff_plain/22782cea622f64e14caff6a6bf8d6e31c2053460..660bf80f3b375e553b9da79f6176914c1b426328:/mod_waklog.c

diff --git a/mod_waklog.c b/mod_waklog.c
index 3525b3c..9d3b267 100644
--- a/mod_waklog.c
+++ b/mod_waklog.c
@@ -54,11 +54,6 @@ module waklog_module;
 #define MK_POOL apr_pool_t
 #define MK_TABLE_GET apr_table_get
 #define MK_TABLE_SET apr_table_set
-#include "unixd.h"
-extern unixd_config_rec unixd_config;
-#define ap_user_id        unixd_config.user_id
-#define ap_group_id       unixd_config.group_id
-#define ap_user_name      unixd_config.user_name
 #define command(name, func, var, type, usage)           \
   AP_INIT_ ## type (name, (void*) func,                 \
         NULL,     \
@@ -67,6 +62,11 @@ module AP_MODULE_DECLARE_DATA waklog_module;
 typedef struct { int dummy; } child_info;
 const char *userdata_key = "waklog_init"; 
 
+/* Apache 2.4 */
+#ifdef APLOG_USE_MODULE
+APLOG_USE_MODULE(waklog);
+#endif
+
 #endif /* APACHE2 */
 /**************************************************************************************************/
 
@@ -79,6 +79,7 @@ const char *userdata_key = "waklog_init";
 #include <afs/auth.h>
 #include <afs/dirpath.h>
 #include <afs/ptuser.h>
+#include <afs/com_err.h>
 #include <rx/rxkad.h>
 
 #define TKT_LIFE  ( 12 * 60 * 60 )
@@ -165,9 +166,15 @@ int renewcount = 0;
 #define getModConfig(P, X) P = (waklog_config *) ap_get_module_config( (X)->module_config, &waklog_module );
 
 
+#ifdef APLOG_USE_MODULE
+static void
+log_error (const char *file, int line, int module_index, int level, int status,
+           const server_rec * s, const char *fmt, ...)
+#else
 static void
 log_error (const char *file, int line, int level, int status,
            const server_rec * s, const char *fmt, ...)
+#endif
 {
   char errstr[4096];
   va_list ap;
@@ -177,7 +184,12 @@ log_error (const char *file, int line, int level, int status,
   va_end (ap);
 
 #ifdef APACHE2
+ #ifdef APLOG_USE_MODULE
+  /* Apache 2.4 */
+  ap_log_error (file, line, module_index, level | APLOG_NOERRNO, status, s, "%s", errstr);
+ #else
   ap_log_error (file, line, level | APLOG_NOERRNO, status, s, "(%d) %s", getpid(), errstr);
+ #endif
 #else
   ap_log_error (file, line, level | APLOG_NOERRNO, s, "(%d) %s", getpid(), errstr);
 #endif
@@ -413,7 +425,7 @@ set_auth ( server_rec *s, request_rec *r, int self, char *principal, char *keyta
     /* create a principal out of our k5user string */
     
     if ( ( kerror = krb5_parse_name (child.kcontext, k5user, &kprinc ) ) ) {
-      log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: krb5_parse_name %s", (char *) error_message(kerror) );
+      log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: krb5_parse_name %s", (char *) afs_error_message(kerror) );
       goto cleanup;
     }
     
@@ -434,14 +446,14 @@ set_auth ( server_rec *s, request_rec *r, int self, char *principal, char *keyta
     
         if ( ( kerror = krb5_kt_resolve(child.kcontext, keytab, &krb5kt ) ) ) {
           log_error( APLOG_MARK, APLOG_ERR, 0, s,
-            "mod_waklog: krb5_kt_resolve %s", error_message(kerror) );
+            "mod_waklog: krb5_kt_resolve %s", afs_error_message(kerror) );
           goto cleanup;
         }
     
         if ((kerror = krb5_get_init_creds_keytab (child.kcontext, &v5creds,
               kprinc, krb5kt, 0, NULL, &kopts ) ) ) {
                 log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: krb5_get_init_creds_keytab %s",
-                  error_message(kerror) );
+                  afs_error_message(kerror) );
                 goto cleanup;
         }
       } else if (k5secret) {
@@ -451,32 +463,32 @@ set_auth ( server_rec *s, request_rec *r, int self, char *principal, char *keyta
         if ((kerror = krb5_get_init_creds_password ( child.kcontext, &v5creds,
               kprinc, k5secret, NULL, NULL, 0, NULL, &kopts ) ) ) {
                 log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: krb5_get_init_creds_password %s",
-                  error_message(kerror) );
+                  afs_error_message(kerror) );
                   /* nuke the password so it doesn't end up in core files */
-                  memset(k5secret, 0, sizeof(k5secret));               
+                  memset(k5secret, 0, strlen(k5secret));
                 goto cleanup;
         }
       
-        memset(k5secret, 0, sizeof(k5secret));      
+        memset(k5secret, 0, strlen(k5secret));
       }
 
       /* initialize the credentials cache and store the stuff we just got */
       if ( ( kerror = krb5_cc_initialize (child.kcontext, child.ccache, kprinc) ) ) {
         log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: init credentials cache %s", 
-                  error_message(kerror));
+                  afs_error_message(kerror));
         goto cleanup;
       }
       
       if ( ( kerror = krb5_cc_store_cred(child.kcontext, child.ccache, &v5creds) ) ) {
         log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: cannot store credentials %s", 
-                  error_message(kerror));
+                  afs_error_message(kerror));
         goto cleanup;
       }
     
       krb5_free_cred_contents(child.kcontext, &v5creds);
  
       if ( kerror ) {
-        log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: store cred %s", error_message(kerror));
+        log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: store cred %s", afs_error_message(kerror));
         goto cleanup;
       }
       
@@ -517,7 +529,7 @@ set_auth ( server_rec *s, request_rec *r, int self, char *principal, char *keyta
       log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "mod_waklog: using AFS principal: %s", buf);
       
       if ((kerror = krb5_parse_name (child.kcontext, buf, &increds.server))) {
-        log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: krb5_parse name %s", error_message(kerror));
+        log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: krb5_parse name %s", afs_error_message(kerror));
         goto cleanup;
       }
 
@@ -526,7 +538,7 @@ set_auth ( server_rec *s, request_rec *r, int self, char *principal, char *keyta
       }
 
       if ((kerror = krb5_cc_get_principal(child.kcontext, clientccache, &increds.client))) {
-        log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: krb5_cc_get_princ %s %p", error_message(kerror), clientccache);
+        log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: krb5_cc_get_princ %s %p", afs_error_message(kerror), clientccache);
         goto cleanup;
       }
       
@@ -534,13 +546,11 @@ set_auth ( server_rec *s, request_rec *r, int self, char *principal, char *keyta
       
       increds.times.endtime = 0;
       
-      increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC;
-      
       if ( ( kerror = krb5_get_credentials (child.kcontext, 0, clientccache, &increds, &v5credsp ) ) ) {
         /* only complain once we've tried both afs@REALM and afs/cell@REALM */
         if (attempt>=1) {
           log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: krb5_get_credentials: %s",
-                    error_message(kerror));
+                    afs_error_message(kerror));
           goto cleanup;
         } else {
           continue;
@@ -563,7 +573,12 @@ set_auth ( server_rec *s, request_rec *r, int self, char *principal, char *keyta
     token.startTime = v5credsp->times.starttime ? v5credsp->times.starttime : v5credsp->times.authtime;
     token.endTime = v5credsp->times.endtime;
     
-    memmove( &token.sessionKey, v5credsp->keyblock.contents, v5credsp->keyblock.length);
+    if (tkt_DeriveDesKey(v5credsp->keyblock.enctype, v5credsp->keyblock.contents,
+                         v5credsp->keyblock.length, &token.sessionKey) != 0) {
+        log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: tkt_DeriveDesKey failure (enctype: %d)",
+                  v5credsp->keyblock.enctype);
+        goto cleanup;
+    }
     token.kvno = RXKAD_TKT_TYPE_KERBEROS_V5;
     token.ticketLen = v5credsp->ticket.length;
     memmove( token.ticket, v5credsp->ticket.data, token.ticketLen);
@@ -698,10 +713,10 @@ set_auth ( server_rec *s, request_rec *r, int self, char *principal, char *keyta
   
   if ((rc = ktc_SetToken(&child.server, &child.token, &child.client, 0))) {
     log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "mod_waklog: settoken returned %s for %s -- trying again", 
-      error_message(rc), k5user);
+      afs_error_message(rc), k5user);
     if ((rc = ktc_SetToken(&child.server, &child.token, &child.client, 0))) {
       log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: settoken2 returned %s for %s", 
-        error_message(rc), k5user);
+        afs_error_message(rc), k5user);
       goto cleanup;
     }
   }
@@ -723,7 +738,7 @@ set_auth ( server_rec *s, request_rec *r, int self, char *principal, char *keyta
   if ( rc ) {
     log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: set_auth ending with %d", rc );
   } else if ( kerror ) {
-    log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: set_auth ending with krb5 error %d, %s", kerror, error_message(kerror));
+    log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: set_auth ending with krb5 error %d, %s", kerror, afs_error_message(kerror));
   } else {
     log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "mod_waklog: set_auth ending ok");
   }
@@ -1319,7 +1334,10 @@ waklog_init_handler (apr_pool_t * p, apr_pool_t * plog,
           struct sharedspace_s bob;
           log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: sizing our cache file %d to %d", fd, sizeof(struct sharedspace_s) );
           memset( &bob, 0, sizeof(struct sharedspace_s));
-          write(fd, &bob, sizeof(struct sharedspace_s));
+          if ( write(fd, &bob, sizeof(struct sharedspace_s)) != sizeof(struct sharedspace_s) ) {
+            log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: failed to write to our cache file %s (%d)", cache_file, errno );
+            exit(errno);
+          }
           log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: done sizing our cache file to %d", sizeof(struct sharedspace_s) );
         }