X-Git-Url: https://git.hcoop.net/hcoop/debian/libapache-mod-waklog.git/blobdiff_plain/3cb7bdb7c0ee5ae67ff85cc1d98134353d037553..6c19351b63207837b6b06aec973ac025a48f9945:/mod_waklog.c diff --git a/mod_waklog.c b/mod_waklog.c index 023028b..0de994d 100644 --- a/mod_waklog.c +++ b/mod_waklog.c @@ -10,6 +10,8 @@ #ifdef sun #include +#include +#include #elif linux #define use_pthreads #include @@ -31,9 +33,6 @@ /********************* APACHE1 ******************************************************************************/ #ifndef APACHE2 #include "ap_config.h" -#if defined(sun) -#include -#endif /* sun */ #include #define MK_POOL pool #define MK_TABLE_GET ap_table_get @@ -46,6 +45,7 @@ module waklog_module; /********************* APACHE2 ******************************************************************************/ #else +#include "http_connection.h" #include #include #define ap_pcalloc apr_pcalloc @@ -54,11 +54,6 @@ module waklog_module; #define MK_POOL apr_pool_t #define MK_TABLE_GET apr_table_get #define MK_TABLE_SET apr_table_set -#include "unixd.h" -extern unixd_config_rec unixd_config; -#define ap_user_id unixd_config.user_id -#define ap_group_id unixd_config.group_id -#define ap_user_name unixd_config.user_name #define command(name, func, var, type, usage) \ AP_INIT_ ## type (name, (void*) func, \ NULL, \ @@ -67,11 +62,16 @@ module AP_MODULE_DECLARE_DATA waklog_module; typedef struct { int dummy; } child_info; const char *userdata_key = "waklog_init"; +/* Apache 2.4 */ +#ifdef APLOG_USE_MODULE +APLOG_USE_MODULE(waklog); +#endif + #endif /* APACHE2 */ /**************************************************************************************************/ #include -#include +#include #include @@ -79,6 +79,7 @@ const char *userdata_key = "waklog_init"; #include #include #include +#include #include #define TKT_LIFE ( 12 * 60 * 60 ) @@ -164,22 +165,16 @@ int renewcount = 0; #define getModConfig(P, X) P = (waklog_config *) ap_get_module_config( (X)->module_config, &waklog_module ); -#include - -#if defined(sun) -#include -#endif /* sun */ -#include -#include -#include -#include -#include -#include - +#ifdef APLOG_USE_MODULE +static void +log_error (const char *file, int line, int module_index, int level, int status, + const server_rec * s, const char *fmt, ...) +#else static void log_error (const char *file, int line, int level, int status, const server_rec * s, const char *fmt, ...) +#endif { char errstr[4096]; va_list ap; @@ -189,7 +184,12 @@ log_error (const char *file, int line, int level, int status, va_end (ap); #ifdef APACHE2 + #ifdef APLOG_USE_MODULE + /* Apache 2.4 */ + ap_log_error (file, line, module_index, level | APLOG_NOERRNO, status, s, "%s", errstr); + #else ap_log_error (file, line, level | APLOG_NOERRNO, status, s, "(%d) %s", getpid(), errstr); + #endif #else ap_log_error (file, line, level | APLOG_NOERRNO, s, "(%d) %s", getpid(), errstr); #endif @@ -311,7 +311,7 @@ set_auth ( server_rec *s, request_rec *r, int self, char *principal, char *keyta #ifdef APACHE2 if ( ! ( r && r->connection && r->user )) { log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: self authentication selected, but no data available"); - log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: r->user=%s", (r->user==NULL ? "null" : r->user==NULL)); + log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: r->user=%s", (r->user==NULL ? "null" : r->user)); return -1; } @@ -346,7 +346,7 @@ set_auth ( server_rec *s, request_rec *r, int self, char *principal, char *keyta } #endif - log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "mod_waklog: set_auth: k5user=%s", k5user ? k5user : "NULL"); + log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "mod_waklog: set_auth: k5user=%s", k5user); mytime = time(0); /* see if we should just go ahead and ignore this call, since we already should be set to these @@ -417,7 +417,7 @@ set_auth ( server_rec *s, request_rec *r, int self, char *principal, char *keyta } /* if 'usecached' isn't set, we've got to get our tokens from somewhere... */ - if (( ! usecached ) && ( k5user )) { + if ( ! usecached ) { /* clear out the creds structure */ memset((void *) &v5creds, 0, sizeof(v5creds)); @@ -425,7 +425,7 @@ set_auth ( server_rec *s, request_rec *r, int self, char *principal, char *keyta /* create a principal out of our k5user string */ if ( ( kerror = krb5_parse_name (child.kcontext, k5user, &kprinc ) ) ) { - log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: krb5_parse_name %s", (char *) error_message(kerror) ); + log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: krb5_parse_name %s", (char *) afs_error_message(kerror) ); goto cleanup; } @@ -446,14 +446,14 @@ set_auth ( server_rec *s, request_rec *r, int self, char *principal, char *keyta if ( ( kerror = krb5_kt_resolve(child.kcontext, keytab, &krb5kt ) ) ) { log_error( APLOG_MARK, APLOG_ERR, 0, s, - "mod_waklog: krb5_kt_resolve %s", error_message(kerror) ); + "mod_waklog: krb5_kt_resolve %s", afs_error_message(kerror) ); goto cleanup; } if ((kerror = krb5_get_init_creds_keytab (child.kcontext, &v5creds, kprinc, krb5kt, 0, NULL, &kopts ) ) ) { log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: krb5_get_init_creds_keytab %s", - error_message(kerror) ); + afs_error_message(kerror) ); goto cleanup; } } else if (k5secret) { @@ -463,32 +463,32 @@ set_auth ( server_rec *s, request_rec *r, int self, char *principal, char *keyta if ((kerror = krb5_get_init_creds_password ( child.kcontext, &v5creds, kprinc, k5secret, NULL, NULL, 0, NULL, &kopts ) ) ) { log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: krb5_get_init_creds_password %s", - error_message(kerror) ); + afs_error_message(kerror) ); /* nuke the password so it doesn't end up in core files */ - memset(k5secret, 0, sizeof(k5secret)); + memset(k5secret, 0, strlen(k5secret)); goto cleanup; } - memset(k5secret, 0, sizeof(k5secret)); + memset(k5secret, 0, strlen(k5secret)); } /* initialize the credentials cache and store the stuff we just got */ if ( ( kerror = krb5_cc_initialize (child.kcontext, child.ccache, kprinc) ) ) { log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: init credentials cache %s", - error_message(kerror)); + afs_error_message(kerror)); goto cleanup; } if ( ( kerror = krb5_cc_store_cred(child.kcontext, child.ccache, &v5creds) ) ) { log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: cannot store credentials %s", - error_message(kerror)); + afs_error_message(kerror)); goto cleanup; } krb5_free_cred_contents(child.kcontext, &v5creds); if ( kerror ) { - log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: store cred %s", error_message(kerror)); + log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: store cred %s", afs_error_message(kerror)); goto cleanup; } @@ -529,7 +529,7 @@ set_auth ( server_rec *s, request_rec *r, int self, char *principal, char *keyta log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "mod_waklog: using AFS principal: %s", buf); if ((kerror = krb5_parse_name (child.kcontext, buf, &increds.server))) { - log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: krb5_parse name %s", error_message(kerror)); + log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: krb5_parse name %s", afs_error_message(kerror)); goto cleanup; } @@ -538,7 +538,7 @@ set_auth ( server_rec *s, request_rec *r, int self, char *principal, char *keyta } if ((kerror = krb5_cc_get_principal(child.kcontext, clientccache, &increds.client))) { - log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: krb5_cc_get_princ %s %p", error_message(kerror), clientccache); + log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: krb5_cc_get_princ %s %p", afs_error_message(kerror), clientccache); goto cleanup; } @@ -546,13 +546,11 @@ set_auth ( server_rec *s, request_rec *r, int self, char *principal, char *keyta increds.times.endtime = 0; - increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC; - if ( ( kerror = krb5_get_credentials (child.kcontext, 0, clientccache, &increds, &v5credsp ) ) ) { /* only complain once we've tried both afs@REALM and afs/cell@REALM */ if (attempt>=1) { log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: krb5_get_credentials: %s", - error_message(kerror)); + afs_error_message(kerror)); goto cleanup; } else { continue; @@ -575,7 +573,12 @@ set_auth ( server_rec *s, request_rec *r, int self, char *principal, char *keyta token.startTime = v5credsp->times.starttime ? v5credsp->times.starttime : v5credsp->times.authtime; token.endTime = v5credsp->times.endtime; - memmove( &token.sessionKey, v5credsp->keyblock.contents, v5credsp->keyblock.length); + if (tkt_DeriveDesKey(v5credsp->keyblock.enctype, v5credsp->keyblock.contents, + v5credsp->keyblock.length, &token.sessionKey) != 0) { + log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: tkt_DeriveDesKey failure (enctype: %d)", + v5credsp->keyblock.enctype); + goto cleanup; + } token.kvno = RXKAD_TKT_TYPE_KERBEROS_V5; token.ticketLen = v5credsp->ticket.length; memmove( token.ticket, v5credsp->ticket.data, token.ticketLen); @@ -710,10 +713,10 @@ set_auth ( server_rec *s, request_rec *r, int self, char *principal, char *keyta if ((rc = ktc_SetToken(&child.server, &child.token, &child.client, 0))) { log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "mod_waklog: settoken returned %s for %s -- trying again", - error_message(rc), k5user); + afs_error_message(rc), k5user); if ((rc = ktc_SetToken(&child.server, &child.token, &child.client, 0))) { log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: settoken2 returned %s for %s", - error_message(rc), k5user); + afs_error_message(rc), k5user); goto cleanup; } } @@ -735,7 +738,7 @@ set_auth ( server_rec *s, request_rec *r, int self, char *principal, char *keyta if ( rc ) { log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: set_auth ending with %d", rc ); } else if ( kerror ) { - log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: set_auth ending with krb5 error %d, %s", kerror, error_message(kerror)); + log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: set_auth ending with krb5 error %d, %s", kerror, afs_error_message(kerror)); } else { log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "mod_waklog: set_auth ending ok"); } @@ -1112,7 +1115,7 @@ waklog_child_init (server_rec * s, MK_POOL * p) } if ( pag_for_children ) { - setpag (); + k_setpag (); } getModConfig (cfg, s); @@ -1182,7 +1185,15 @@ token_cleanup (void *data) return 0; } +/* This function doesn't return anything but is passed to ap_bspawn_child on + * Apache 1 which expects it to return a pid as an int. For want of better + * understanding, err on the side of not changing Apache 1 code while fixing + * the compile warning on Apache 2. */ +#ifdef APACHE2 +static void +#else static int +#endif waklog_child_routine (void *data, child_info * pinfo) { int i; @@ -1259,7 +1270,6 @@ waklog_init_handler (apr_pool_t * p, apr_pool_t * plog, apr_pool_t * ptemp, server_rec * s) { int rv; - extern char *version; apr_proc_t *proc; waklog_config *cfg; void *data; @@ -1296,7 +1306,7 @@ waklog_init_handler (apr_pool_t * p, apr_pool_t * plog, else { log_error (APLOG_MARK, APLOG_INFO, 0, s, - "mod_waklog: version %s initialized for cell %s", version, cfg->afs_cell); + "mod_waklog: version %s initialized for cell %s", VERSION, cfg->afs_cell); if ( sharedspace ) { log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: shared memory already allocated." ); @@ -1323,7 +1333,10 @@ waklog_init_handler (apr_pool_t * p, apr_pool_t * plog, struct sharedspace_s bob; log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: sizing our cache file %d to %d", fd, sizeof(struct sharedspace_s) ); memset( &bob, 0, sizeof(struct sharedspace_s)); - write(fd, &bob, sizeof(struct sharedspace_s)); + if ( write(fd, &bob, sizeof(struct sharedspace_s)) != sizeof(struct sharedspace_s) ) { + log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: failed to write to our cache file %s (%d)", cache_file, errno ); + exit(errno); + } log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: done sizing our cache file to %d", sizeof(struct sharedspace_s) ); } @@ -1350,7 +1363,7 @@ waklog_init_handler (apr_pool_t * p, apr_pool_t * plog, #define locktype rwlock_t #endif - if ( sharedlock = ( locktype * ) mmap ( NULL, sizeof(locktype), PROT_READ|PROT_WRITE, MAP_SHARED|MAP_ANON, -1, 0 ) ) { + if ( ( sharedlock = ( locktype * ) mmap ( NULL, sizeof(locktype), PROT_READ|PROT_WRITE, MAP_SHARED|MAP_ANON, -1, 0 ) ) != NULL ) { #ifndef use_pthreads rwlock_init(sharedlock, USYNC_PROCESS, NULL ); #else @@ -1404,7 +1417,6 @@ waklog_init_handler (apr_pool_t * p, apr_pool_t * plog, static void waklog_init (server_rec * s, MK_POOL * p) { - extern char *version; int pid; waklog_config *cfg; int fd = -1; @@ -1416,7 +1428,7 @@ waklog_init (server_rec * s, MK_POOL * p) #endif log_error (APLOG_MARK, APLOG_DEBUG, 0, s, - "mod_waklog: version %s initialized.", version); + "mod_waklog: version %s initialized.", VERSION); if ( sharedspace ) { log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_waklog: shared memory already allocated." );