[hcoop/zz_old/modwaklog.git] / mod_waklog.c

#include "httpd.h"
#include "http_config.h"
#include "http_protocol.h"
#include "http_log.h"
#include "ap_config.h"

#include <sys/ioccom.h>
#include <stropts.h>
#include <kerberosIV/krb.h>
#include <kerberosIV/des.h>
#include <afs/venus.h>

module waklog_module;

struct ClearToken {
    long AuthHandle;
    char HandShakeKey[ 8 ];
    long ViceId;
    long BeginTimestamp;
    long EndTimestamp;
};

typedef struct {
    int	configured;
    int	protect;
} waklog_host_config;


    static void *
waklog_create_dir_config( pool *p, char *path )
{
    waklog_host_config *cfg;

    cfg = (waklog_host_config *)ap_pcalloc( p, sizeof( waklog_host_config ));
    cfg->configured = 0;
    cfg->protect = 0;

    return( cfg );
}


    static void *
waklog_create_server_config( pool *p, server_rec *s )
{
    waklog_host_config *cfg;

    cfg = (waklog_host_config *)ap_pcalloc( p, sizeof( waklog_host_config ));
    cfg->configured = 0;
    cfg->protect = 0;

    return( cfg );
}


    static void
waklog_init( server_rec *s, pool *p )
{
    extern char *version;

    ap_log_error( APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, s,
	    "mod_waklog: version %s initialized.", version );
    return;
}


    static const char *
set_waklog_protect( cmd_parms *params, void *mconfig, int flag )
{
    waklog_host_config          *cfg;

    if ( params->path == NULL ) {
        cfg = (waklog_host_config *) ap_get_module_config(
                params->server->module_config, &waklog_module );
    } else {
        cfg = (waklog_host_config *)mconfig;
    }

    cfg->protect = flag;
    cfg->configured = 1;
    return( NULL );
}


    static void
waklog_child_init( server_rec *s, pool *p )
{
    setpag();
    return;
}


command_rec waklog_cmds[ ] =
{
    { "WaklogProtected", set_waklog_protect,
    NULL, RSRC_CONF | ACCESS_CONF, FLAG,
    "enable waklog on a location or directory basis" },

    { NULL }
};


    static void
pioctl_cleanup( void *data )
{
    request_rec		*r = (request_rec *)data;
    struct ViceIoctl	vi;

    vi.in = NULL;
    vi.in_size = 0;
    vi.out = NULL;
    vi.out_size = 0;

    if ( pioctl( 0, VIOCUNPAG, &vi, 0 ) < 0 ) {
	ap_log_error( APLOG_MARK, APLOG_ERR, r->server,
		"mod_waklog: unlog pioctl failed" );
    }

    ap_log_error( APLOG_MARK, APLOG_DEBUG, r->server,
	    "mod_waklog: unlog pioctl succeeded" );
    return;
}


    static int
waklog_get_tokens( request_rec *r )
{
    CREDENTIALS		cr;
    struct ViceIoctl	vi;
    struct ClearToken	ct;
    int			i, rc;
    char		buf[ 1024 ], *s;
    char		*urealm = "UMICH.EDU";
    char		*lrealm = "umich.edu";
    waklog_host_config  *cfg;

    /* directory config? */
    cfg = (waklog_host_config *)ap_get_module_config(
            r->per_dir_config, &waklog_module);

    /* server config? */
    if ( !cfg->configured ) {
        cfg = (waklog_host_config *)ap_get_module_config(
                r->server->module_config, &waklog_module);
    }

    if ( !cfg->protect ) {
        return( DECLINED );
    }

    if (( rc = krb_get_cred( "afs", "", urealm, &cr )) != KSUCCESS ) {
	ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server,
		"mod_waklog: krb_get_cred: %s", krb_err_txt[ rc ] );

	if (( rc = get_ad_tkt( "afs", "", urealm, 255 )) != KSUCCESS ) {
	    ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
		    "mod_waklog: get_ad_tkt: %s", krb_err_txt[ rc ] );

	    /* user doesn't have tickets: use server's srvtab */

	    return OK;
	}

	if (( rc = krb_get_cred( "afs", "", urealm, &cr )) != KSUCCESS ) {
	    ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server,
		    "mod_waklog: krb_get_cred: %s", krb_err_txt[ rc ] );
	    return OK;
	}
    }

    ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
	    "mod_waklog: %s.%s@%s", cr.service, cr.instance, cr.realm );
    ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
	    "mod_waklog: %d %d %d", cr.lifetime, cr.kvno, cr.issue_date );
    ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
	    "mod_waklog: %s %s", cr.pname, cr.pinst );
    ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
	    "mod_waklog: %d", cr.ticket_st.length );

    s = buf;
    memmove( s, &cr.ticket_st.length, sizeof( int ));
    s += sizeof( int );
    memmove( s, cr.ticket_st.dat, cr.ticket_st.length );
    s += cr.ticket_st.length;

    ct.AuthHandle = cr.kvno;
    memmove( ct.HandShakeKey, cr.session, sizeof( cr.session ));
    ct.ViceId = 0;
    ct.BeginTimestamp = cr.issue_date;
    ct.EndTimestamp = krb_life_to_time( cr.issue_date, cr.lifetime );

    i = sizeof( struct ClearToken );
    memmove( s, &i, sizeof( int ));
    s += sizeof( int );
    memmove( s, &ct, sizeof( struct ClearToken ));
    s += sizeof( struct ClearToken );

    i = 0;
    memmove( s, &i, sizeof( int ));
    s += sizeof( int );

    strcpy( s, lrealm );
    s += strlen( lrealm ) + 1;

    vi.in = buf;
    vi.in_size = s - buf;
    vi.out = buf;
    vi.out_size = sizeof( buf );

    if ( pioctl( 0, VIOCSETTOK, &vi, 0 ) < 0 ) {
	ap_log_error( APLOG_MARK, APLOG_ERR, r->server,
		"mod_waklog: pioctl failed" );
    }

    /* we'll need to unlog when this connection is done. */
    ap_register_cleanup( r->pool, (void *)r, pioctl_cleanup, ap_null_cleanup );

    ap_log_error( APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, r->server,
	    "mod_waklog: finished with get_token" );

    return OK;
}


module MODULE_VAR_EXPORT waklog_module = {
    STANDARD_MODULE_STUFF, 
    waklog_init,              /* module initializer                  */
    waklog_create_dir_config, /* create per-dir    config structures */
    NULL,                  /* merge  per-dir    config structures */
    waklog_create_server_config, /* create per-server config structures */
    NULL,                  /* merge  per-server config structures */
    waklog_cmds,           /* table of config file commands       */
    NULL,                  /* [#8] MIME-typed-dispatched handlers */
    NULL,                  /* [#1] URI to filename translation    */
    NULL,                  /* [#4] validate user id from request  */
    NULL,                  /* [#5] check if the user is ok _here_ */
    NULL,                  /* [#3] check access by host address   */
    NULL,                  /* [#6] determine MIME type            */
    waklog_get_tokens,     /* [#7] pre-run fixups                 */
    NULL,                  /* [#9] log a transaction              */
    NULL,                  /* [#2] header parser                  */
    waklog_child_init,     /* child_init                          */
    NULL,                  /* child_exit                          */
    NULL                   /* [#0] post read-request              */
#ifdef EAPI
   ,NULL,                  /* EAPI: add_module                    */
    NULL,                  /* EAPI: remove_module                 */
    NULL,                  /* EAPI: rewrite_command               */
    NULL                   /* EAPI: new_connection                */
#endif
};
Commit	Line	Data
bed98ff9	1	#include "httpd.h"
	2	#include "http_config.h"
	3	#include "http_protocol.h"
	4	#include "http_log.h"
	5	#include "ap_config.h"
	6
	7	#include <sys/ioccom.h>
	8	#include <stropts.h>
	9	#include <kerberosIV/krb.h>
	10	#include <kerberosIV/des.h>
	11	#include <afs/venus.h>
	12
313dde40	13	module waklog_module;
bed98ff9	14
	15	struct ClearToken {
	16	long AuthHandle;
	17	char HandShakeKey[ 8 ];
	18	long ViceId;
	19	long BeginTimestamp;
	20	long EndTimestamp;
	21	};
	22
313dde40	23	typedef struct {
	24	int configured;
	25	int protect;
	26	} waklog_host_config;
	27
	28
	29	static void *
	30	waklog_create_dir_config( pool p, char path )
	31	{
	32	waklog_host_config *cfg;
	33
	34	cfg = (waklog_host_config *)ap_pcalloc( p, sizeof( waklog_host_config ));
	35	cfg->configured = 0;
	36	cfg->protect = 0;
	37
	38	return( cfg );
	39	}
	40
	41
	42	static void *
	43	waklog_create_server_config( pool p, server_rec s )
	44	{
	45	waklog_host_config *cfg;
	46
	47	cfg = (waklog_host_config *)ap_pcalloc( p, sizeof( waklog_host_config ));
	48	cfg->configured = 0;
	49	cfg->protect = 0;
	50
	51	return( cfg );
	52	}
	53
	54
b429ae96	55	static void
313dde40	56	waklog_init( server_rec s, pool p )
b429ae96	57	{
	58	extern char *version;
	59
	60	ap_log_error( APLOG_MARK, APLOG_INFO\|APLOG_NOERRNO, s,
313dde40	61	"mod_waklog: version %s initialized.", version );
b429ae96	62	return;
	63	}
	64
bed98ff9	65
313dde40	66	static const char *
	67	set_waklog_protect( cmd_parms params, void mconfig, int flag )
	68	{
	69	waklog_host_config *cfg;
	70
	71	if ( params->path == NULL ) {
	72	cfg = (waklog_host_config *) ap_get_module_config(
	73	params->server->module_config, &waklog_module );
	74	} else {
	75	cfg = (waklog_host_config *)mconfig;
	76	}
	77
	78	cfg->protect = flag;
	79	cfg->configured = 1;
	80	return( NULL );
	81	}
	82
	83
b74fad73	84	static void
313dde40	85	waklog_child_init( server_rec s, pool p )
b74fad73	86	{
b74fad73	87	setpag();
b74fad73	88	return;
	89	}
	90
	91
313dde40	92	command_rec waklog_cmds[ ] =
	93	{
	94	{ "WaklogProtected", set_waklog_protect,
	95	NULL, RSRC_CONF \| ACCESS_CONF, FLAG,
	96	"enable waklog on a location or directory basis" },
	97
	98	{ NULL }
	99	};
	100
	101
bed98ff9	102	static void
	103	pioctl_cleanup( void *data )
	104	{
	105	request_rec r = (request_rec )data;
	106	struct ViceIoctl vi;
	107
	108	vi.in = NULL;
	109	vi.in_size = 0;
	110	vi.out = NULL;
	111	vi.out_size = 0;
	112
	113	if ( pioctl( 0, VIOCUNPAG, &vi, 0 ) < 0 ) {
	114	ap_log_error( APLOG_MARK, APLOG_ERR, r->server,
313dde40	115	"mod_waklog: unlog pioctl failed" );
bed98ff9	116	}
bed98ff9	117
1e18ef7d	118	ap_log_error( APLOG_MARK, APLOG_DEBUG, r->server,
313dde40	119	"mod_waklog: unlog pioctl succeeded" );
b74fad73	120	return;
bed98ff9	121	}
	122
	123
	124	static int
313dde40	125	waklog_get_tokens( request_rec *r )
bed98ff9	126	{
	127	CREDENTIALS cr;
	128	struct ViceIoctl vi;
	129	struct ClearToken ct;
	130	int i, rc;
	131	char buf[ 1024 ], *s;
	132	char *urealm = "UMICH.EDU";
	133	char *lrealm = "umich.edu";
313dde40	134	waklog_host_config *cfg;
	135
	136	/* directory config? */
	137	cfg = (waklog_host_config *)ap_get_module_config(
	138	r->per_dir_config, &waklog_module);
bed98ff9	139
313dde40	140	/* server config? */
	141	if ( !cfg->configured ) {
	142	cfg = (waklog_host_config *)ap_get_module_config(
	143	r->server->module_config, &waklog_module);
	144	}
	145
	146	if ( !cfg->protect ) {
	147	return( DECLINED );
	148	}
bed98ff9	149
bed98ff9	150	if (( rc = krb_get_cred( "afs", "", urealm, &cr )) != KSUCCESS ) {
bed98ff9	151	ap_log_error( APLOG_MARK, APLOG_NOERRNO\|APLOG_ERR, r->server,
313dde40	152	"mod_waklog: krb_get_cred: %s", krb_err_txt[ rc ] );
1e18ef7d	153
	154	if (( rc = get_ad_tkt( "afs", "", urealm, 255 )) != KSUCCESS ) {
	155	ap_log_error( APLOG_MARK, APLOG_NOERRNO\|APLOG_DEBUG, r->server,
	156	"mod_waklog: get_ad_tkt: %s", krb_err_txt[ rc ] );
	157
	158	/* user doesn't have tickets: use server's srvtab */
	159
	160	return OK;
	161	}
	162
	163	if (( rc = krb_get_cred( "afs", "", urealm, &cr )) != KSUCCESS ) {
	164	ap_log_error( APLOG_MARK, APLOG_NOERRNO\|APLOG_ERR, r->server,
	165	"mod_waklog: krb_get_cred: %s", krb_err_txt[ rc ] );
	166	return OK;
	167	}
bed98ff9	168	}
bed98ff9	169
b429ae96	170	ap_log_error( APLOG_MARK, APLOG_NOERRNO\|APLOG_DEBUG, r->server,
313dde40	171	"mod_waklog: %s.%s@%s", cr.service, cr.instance, cr.realm );
b429ae96	172	ap_log_error( APLOG_MARK, APLOG_NOERRNO\|APLOG_DEBUG, r->server,
313dde40	173	"mod_waklog: %d %d %d", cr.lifetime, cr.kvno, cr.issue_date );
b429ae96	174	ap_log_error( APLOG_MARK, APLOG_NOERRNO\|APLOG_DEBUG, r->server,
313dde40	175	"mod_waklog: %s %s", cr.pname, cr.pinst );
b429ae96	176	ap_log_error( APLOG_MARK, APLOG_NOERRNO\|APLOG_DEBUG, r->server,
313dde40	177	"mod_waklog: %d", cr.ticket_st.length );
bed98ff9	178
	179	s = buf;
	180	memmove( s, &cr.ticket_st.length, sizeof( int ));
	181	s += sizeof( int );
	182	memmove( s, cr.ticket_st.dat, cr.ticket_st.length );
	183	s += cr.ticket_st.length;
	184
	185	ct.AuthHandle = cr.kvno;
	186	memmove( ct.HandShakeKey, cr.session, sizeof( cr.session ));
	187	ct.ViceId = 0;
	188	ct.BeginTimestamp = cr.issue_date;
	189	ct.EndTimestamp = krb_life_to_time( cr.issue_date, cr.lifetime );
	190
	191	i = sizeof( struct ClearToken );
	192	memmove( s, &i, sizeof( int ));
	193	s += sizeof( int );
	194	memmove( s, &ct, sizeof( struct ClearToken ));
	195	s += sizeof( struct ClearToken );
	196
	197	i = 0;
	198	memmove( s, &i, sizeof( int ));
	199	s += sizeof( int );
	200
	201	strcpy( s, lrealm );
	202	s += strlen( lrealm ) + 1;
	203
	204	vi.in = buf;
	205	vi.in_size = s - buf;
	206	vi.out = buf;
	207	vi.out_size = sizeof( buf );
	208
	209	if ( pioctl( 0, VIOCSETTOK, &vi, 0 ) < 0 ) {
	210	ap_log_error( APLOG_MARK, APLOG_ERR, r->server,
313dde40	211	"mod_waklog: pioctl failed" );
bed98ff9	212	}
	213
	214	/* we'll need to unlog when this connection is done. */
	215	ap_register_cleanup( r->pool, (void *)r, pioctl_cleanup, ap_null_cleanup );
	216
1e18ef7d	217	ap_log_error( APLOG_MARK, APLOG_DEBUG\|APLOG_NOERRNO, r->server,
1e18ef7d	218	"mod_waklog: finished with get_token" );
bed98ff9	219
	220	return OK;
	221	}
	222
	223
313dde40	224	module MODULE_VAR_EXPORT waklog_module = {
bed98ff9	225	STANDARD_MODULE_STUFF,
313dde40	226	waklog_init, /* module initializer */
313dde40	227	waklog_create_dir_config, /* create per-dir config structures */
bed98ff9	228	NULL, /* merge per-dir config structures */
313dde40	229	waklog_create_server_config, /* create per-server config structures */
bed98ff9	230	NULL, /* merge per-server config structures */
313dde40	231	waklog_cmds, /* table of config file commands */
bed98ff9	232	NULL, /* [#8] MIME-typed-dispatched handlers */
	233	NULL, /* [#1] URI to filename translation */
	234	NULL, /* [#4] validate user id from request */
	235	NULL, /* [#5] check if the user is ok _here_ */
	236	NULL, /* [#3] check access by host address */
	237	NULL, /* [#6] determine MIME type */
313dde40	238	waklog_get_tokens, /* [#7] pre-run fixups */
bed98ff9	239	NULL, /* [#9] log a transaction */
313dde40	240	NULL, /* [#2] header parser */
313dde40	241	waklog_child_init, /* child_init */
bed98ff9	242	NULL, /* child_exit */
	243	NULL /* [#0] post read-request */
	244	#ifdef EAPI
	245	,NULL, /* EAPI: add_module */
	246	NULL, /* EAPI: remove_module */
	247	NULL, /* EAPI: rewrite_command */
	248	NULL /* EAPI: new_connection */
	249	#endif
	250	};