bed98ff9 |
1 | #include "httpd.h" |
2 | #include "http_config.h" |
7193eb01 |
3 | #include "http_conf_globals.h" |
bed98ff9 |
4 | #include "http_log.h" |
7193eb01 |
5 | #include "http_protocol.h" |
6 | #include "http_request.h" |
7 | #include "http_core.h" |
bed98ff9 |
8 | #include "ap_config.h" |
4e1ae1cd |
9 | #include <krb5.h> |
bed98ff9 |
10 | |
7193eb01 |
11 | #if defined(sun) |
bed98ff9 |
12 | #include <sys/ioccom.h> |
7193eb01 |
13 | #endif /* sun */ |
bed98ff9 |
14 | #include <stropts.h> |
15 | #include <kerberosIV/krb.h> |
16 | #include <kerberosIV/des.h> |
17 | #include <afs/venus.h> |
7193eb01 |
18 | #include <afs/auth.h> |
19 | #include <rx/rxkad.h> |
20 | |
21 | #include <asm/bitops.h> |
22 | #include <sys/shm.h> |
bed98ff9 |
23 | |
7193eb01 |
24 | #define KEYTAB_PATH "/home/drh/keytab.umweb.drhtest" |
25 | #define PRINCIPAL "umweb/drhtest" |
26 | #define AFS "afs" |
4e1ae1cd |
27 | #define IN_TKT_SERVICE "krbtgt/UMICH.EDU" |
28 | |
7193eb01 |
29 | #define K5PATH "FILE:/tmp/waklog.creds.k5" |
30 | #define K4PATH "/tmp/waklog.creds.k4" |
31 | |
313dde40 |
32 | module waklog_module; |
bed98ff9 |
33 | |
34 | struct ClearToken { |
35 | long AuthHandle; |
36 | char HandShakeKey[ 8 ]; |
37 | long ViceId; |
38 | long BeginTimestamp; |
39 | long EndTimestamp; |
40 | }; |
41 | |
313dde40 |
42 | typedef struct { |
4e1ae1cd |
43 | int configured; |
44 | int protect; |
45 | char *keytab; |
7193eb01 |
46 | char *keytab_principal; |
47 | char *afs_instance; |
313dde40 |
48 | } waklog_host_config; |
49 | |
7193eb01 |
50 | typedef struct { |
51 | struct ktc_token token; |
52 | } waklog_child_config; |
53 | waklog_child_config *child = NULL; |
313dde40 |
54 | |
e21f34f0 |
55 | |
313dde40 |
56 | static void * |
57 | waklog_create_dir_config( pool *p, char *path ) |
58 | { |
59 | waklog_host_config *cfg; |
60 | |
61 | cfg = (waklog_host_config *)ap_pcalloc( p, sizeof( waklog_host_config )); |
62 | cfg->configured = 0; |
63 | cfg->protect = 0; |
7193eb01 |
64 | cfg->keytab = 0; |
65 | cfg->keytab_principal = 0; |
66 | cfg->afs_instance = 0; |
313dde40 |
67 | |
68 | return( cfg ); |
69 | } |
70 | |
71 | |
72 | static void * |
73 | waklog_create_server_config( pool *p, server_rec *s ) |
74 | { |
75 | waklog_host_config *cfg; |
76 | |
77 | cfg = (waklog_host_config *)ap_pcalloc( p, sizeof( waklog_host_config )); |
78 | cfg->configured = 0; |
79 | cfg->protect = 0; |
7193eb01 |
80 | cfg->keytab = 0; |
81 | cfg->keytab_principal = 0; |
82 | cfg->afs_instance = 0; |
313dde40 |
83 | |
84 | return( cfg ); |
85 | } |
86 | |
87 | |
313dde40 |
88 | static const char * |
89 | set_waklog_protect( cmd_parms *params, void *mconfig, int flag ) |
90 | { |
91 | waklog_host_config *cfg; |
92 | |
93 | if ( params->path == NULL ) { |
94 | cfg = (waklog_host_config *) ap_get_module_config( |
95 | params->server->module_config, &waklog_module ); |
96 | } else { |
97 | cfg = (waklog_host_config *)mconfig; |
98 | } |
99 | |
100 | cfg->protect = flag; |
101 | cfg->configured = 1; |
102 | return( NULL ); |
103 | } |
104 | |
105 | |
4e1ae1cd |
106 | static const char * |
107 | set_waklog_use_keytab( cmd_parms *params, void *mconfig, char *file ) |
108 | { |
109 | waklog_host_config *cfg; |
110 | |
111 | if ( params->path == NULL ) { |
112 | cfg = (waklog_host_config *) ap_get_module_config( |
113 | params->server->module_config, &waklog_module ); |
114 | } else { |
115 | cfg = (waklog_host_config *)mconfig; |
116 | } |
117 | |
3ed1e28a |
118 | ap_log_error( APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, params->server, |
119 | "mod_waklog: using keytab: %s", file ); |
120 | |
4e1ae1cd |
121 | cfg->keytab = file; |
122 | cfg->configured = 1; |
123 | return( NULL ); |
124 | } |
125 | |
126 | |
b74fad73 |
127 | static void |
313dde40 |
128 | waklog_child_init( server_rec *s, pool *p ) |
b74fad73 |
129 | { |
7193eb01 |
130 | |
131 | if ( child == NULL ) { |
132 | child = (waklog_child_config *) ap_palloc( p, sizeof( waklog_child_config ) ); |
133 | } |
134 | |
135 | memset( &child->token, 0, sizeof( struct ktc_token ) ); |
136 | |
b74fad73 |
137 | setpag(); |
7193eb01 |
138 | |
b74fad73 |
139 | return; |
140 | } |
141 | |
142 | |
313dde40 |
143 | command_rec waklog_cmds[ ] = |
144 | { |
145 | { "WaklogProtected", set_waklog_protect, |
146 | NULL, RSRC_CONF | ACCESS_CONF, FLAG, |
147 | "enable waklog on a location or directory basis" }, |
148 | |
4e1ae1cd |
149 | { "WaklogUseKeytab", set_waklog_use_keytab, |
150 | NULL, RSRC_CONF, TAKE1, |
151 | "Use the supplied keytab file rather than the user's TGT" }, |
152 | |
313dde40 |
153 | { NULL } |
154 | }; |
155 | |
156 | |
bed98ff9 |
157 | static void |
158 | pioctl_cleanup( void *data ) |
159 | { |
160 | request_rec *r = (request_rec *)data; |
bed98ff9 |
161 | |
7193eb01 |
162 | if ( child->token.ticketLen ) { |
163 | memset( &child->token, 0, sizeof( struct ktc_token ) ); |
bed98ff9 |
164 | |
7193eb01 |
165 | ktc_ForgetAllTokens(); |
bed98ff9 |
166 | |
7193eb01 |
167 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
168 | "mod_waklog: ktc_ForgetAllTokens succeeded" ); |
169 | } |
b74fad73 |
170 | return; |
bed98ff9 |
171 | } |
172 | |
173 | |
4e1ae1cd |
174 | static int |
e21f34f0 |
175 | waklog_ktinit( server_rec *s ) |
4e1ae1cd |
176 | { |
177 | krb5_error_code kerror; |
178 | krb5_context kcontext; |
179 | krb5_principal kprinc; |
4e1ae1cd |
180 | krb5_get_init_creds_opt kopts; |
7193eb01 |
181 | krb5_creds v5creds; |
182 | CREDENTIALS v4creds; |
4e1ae1cd |
183 | krb5_ccache kccache; |
184 | krb5_keytab keytab = 0; |
185 | char ktbuf[ MAX_KEYTAB_NAME_LEN + 1 ]; |
7193eb01 |
186 | krb5_timestamp now; |
e21f34f0 |
187 | waklog_host_config *cfg; |
4e1ae1cd |
188 | |
e21f34f0 |
189 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, s, |
7193eb01 |
190 | "mod_waklog: waklog_ktinit called" ); |
4e1ae1cd |
191 | |
e21f34f0 |
192 | if (( kerror = krb5_init_context( &kcontext ))) { |
193 | ap_log_error( APLOG_MARK, APLOG_ERR, s, |
194 | (char *)error_message( kerror )); |
4e1ae1cd |
195 | |
e21f34f0 |
196 | goto cleanup1; |
197 | } |
4e1ae1cd |
198 | |
e21f34f0 |
199 | /* use the path */ |
200 | if (( kerror = krb5_cc_resolve( kcontext, K5PATH, &kccache )) != 0 ) { |
201 | ap_log_error( APLOG_MARK, APLOG_ERR, s, |
202 | (char *)error_message( kerror )); |
4e1ae1cd |
203 | |
e21f34f0 |
204 | goto cleanup2; |
205 | } |
4e1ae1cd |
206 | |
e21f34f0 |
207 | if (( kerror = krb5_parse_name( kcontext, PRINCIPAL, &kprinc ))) { |
208 | ap_log_error( APLOG_MARK, APLOG_ERR, s, |
209 | (char *)error_message( kerror )); |
7193eb01 |
210 | |
e21f34f0 |
211 | goto cleanup3; |
212 | } |
7193eb01 |
213 | |
e21f34f0 |
214 | krb5_get_init_creds_opt_init( &kopts ); |
215 | krb5_get_init_creds_opt_set_tkt_life( &kopts, 10*60*60 ); |
216 | krb5_get_init_creds_opt_set_renew_life( &kopts, 0 ); |
217 | krb5_get_init_creds_opt_set_forwardable( &kopts, 1 ); |
218 | krb5_get_init_creds_opt_set_proxiable( &kopts, 0 ); |
7193eb01 |
219 | |
e21f34f0 |
220 | cfg = (waklog_host_config *) ap_get_module_config( s->module_config, |
221 | &waklog_module ); |
7193eb01 |
222 | |
e21f34f0 |
223 | /* which keytab should we use? */ |
224 | strcpy( ktbuf, cfg->keytab ? cfg->keytab : KEYTAB_PATH ); |
7193eb01 |
225 | |
e21f34f0 |
226 | if ( strlen( ktbuf ) > MAX_KEYTAB_NAME_LEN ) { |
227 | ap_log_error( APLOG_MARK, APLOG_ERR, s, |
228 | "server configuration error" ); |
7193eb01 |
229 | |
e21f34f0 |
230 | goto cleanup4; |
231 | } |
7193eb01 |
232 | |
e21f34f0 |
233 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, s, |
234 | "mod_waklog: waklog_ktinit using: %s", ktbuf ); |
7193eb01 |
235 | |
e21f34f0 |
236 | if (( kerror = krb5_kt_resolve( kcontext, ktbuf, &keytab )) != 0 ) { |
237 | ap_log_error( APLOG_MARK, APLOG_ERR, s, |
238 | (char *)error_message( kerror )); |
7193eb01 |
239 | |
e21f34f0 |
240 | goto cleanup4; |
241 | } |
7193eb01 |
242 | |
e21f34f0 |
243 | /* get the krbtgt */ |
244 | if (( kerror = krb5_get_init_creds_keytab( kcontext, &v5creds, |
245 | kprinc, keytab, 0, IN_TKT_SERVICE, &kopts ))) { |
7193eb01 |
246 | |
e21f34f0 |
247 | ap_log_error( APLOG_MARK, APLOG_ERR, s, |
248 | (char *)error_message( kerror )); |
7193eb01 |
249 | |
e21f34f0 |
250 | goto cleanup5; |
251 | } |
7193eb01 |
252 | |
e21f34f0 |
253 | if (( kerror = krb5_verify_init_creds( kcontext, &v5creds, |
254 | kprinc, keytab, NULL, NULL )) != 0 ) { |
7193eb01 |
255 | |
e21f34f0 |
256 | ap_log_error( APLOG_MARK, APLOG_ERR, s, |
257 | (char *)error_message( kerror )); |
7193eb01 |
258 | |
e21f34f0 |
259 | goto cleanup6; |
260 | } |
7193eb01 |
261 | |
e21f34f0 |
262 | if (( kerror = krb5_cc_initialize( kcontext, kccache, kprinc )) != 0 ) { |
263 | ap_log_error( APLOG_MARK, APLOG_ERR, s, |
264 | (char *)error_message( kerror )); |
7193eb01 |
265 | |
e21f34f0 |
266 | goto cleanup6; |
267 | } |
7193eb01 |
268 | |
e21f34f0 |
269 | if (( kerror = krb5_cc_store_cred( kcontext, kccache, &v5creds )) != 0 ) { |
270 | ap_log_error( APLOG_MARK, APLOG_ERR, s, |
271 | (char *)error_message( kerror )); |
7193eb01 |
272 | |
e21f34f0 |
273 | goto cleanup6; |
274 | } |
7193eb01 |
275 | |
e21f34f0 |
276 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, s, |
277 | "mod_waklog: waklog_ktinit success" ); |
278 | |
279 | cleanup6: if ( v5creds.client == kprinc ) { |
280 | v5creds.client = 0; |
281 | } |
282 | krb5_free_cred_contents( kcontext, &v5creds ); |
283 | cleanup5: (void)krb5_kt_close( kcontext, keytab ); |
284 | cleanup4: krb5_free_principal( kcontext, kprinc ); |
285 | cleanup3: krb5_cc_close( kcontext, kccache ); |
286 | cleanup2: krb5_free_context( kcontext ); |
287 | cleanup1: |
288 | |
289 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, s, |
7193eb01 |
290 | "mod_waklog: waklog_ktinit: exiting" ); |
291 | |
292 | return( 0 ); |
293 | } |
294 | |
295 | |
296 | static void |
297 | waklog_aklog( request_rec *r ) |
298 | { |
299 | int rc; |
300 | char buf[ 1024 ]; |
301 | const char *k4path = NULL; |
302 | const char *k5path = NULL; |
303 | krb5_error_code kerror; |
304 | krb5_context kcontext; |
305 | krb5_creds increds; |
306 | krb5_creds *v5credsp = NULL; |
307 | CREDENTIALS v4creds; |
308 | krb5_ccache kccache; |
309 | struct ktc_principal server = { "afs", "", "umich.edu" }; |
310 | struct ktc_principal client; |
311 | struct ktc_token token; |
312 | |
313 | k5path = ap_table_get( r->subprocess_env, "KRB5CCNAME" ); |
314 | k4path = ap_table_get( r->subprocess_env, "KRBTKFILE" ); |
315 | |
316 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
317 | "mod_waklog: waklog_aklog called: k5path: %s, k4path: %s", k5path, k4path ); |
318 | |
319 | if ( !k5path || !k4path ) { |
320 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
321 | "mod_waklog: waklog_aklog giving up" ); |
4e1ae1cd |
322 | return; |
323 | } |
324 | |
7193eb01 |
325 | /* |
326 | ** Get/build creds from file/tgs, then see if we need to SetToken |
327 | */ |
328 | |
329 | if (( kerror = krb5_init_context( &kcontext ))) { |
330 | /* Authentication Required ( kerberos error ) */ |
4e1ae1cd |
331 | ap_log_error( APLOG_MARK, APLOG_ERR, r->server, |
332 | (char *)error_message( kerror )); |
7193eb01 |
333 | |
4e1ae1cd |
334 | return; |
335 | } |
336 | |
7193eb01 |
337 | memset( (char *)&increds, 0, sizeof(increds)); |
4e1ae1cd |
338 | |
7193eb01 |
339 | /* set server part */ |
340 | if (( kerror = krb5_parse_name( kcontext, AFS, &increds.server ))) { |
4e1ae1cd |
341 | ap_log_error( APLOG_MARK, APLOG_ERR, r->server, |
342 | (char *)error_message( kerror )); |
343 | |
344 | return; |
345 | } |
346 | |
7193eb01 |
347 | if (( kerror = krb5_cc_resolve( kcontext, k5path, &kccache )) != 0 ) { |
348 | ap_log_error( APLOG_MARK, APLOG_ERR, r->server, |
349 | (char *)error_message( kerror )); |
350 | |
351 | return; |
352 | } |
4e1ae1cd |
353 | |
7193eb01 |
354 | /* set client part */ |
355 | krb5_cc_get_principal( kcontext, kccache, &increds.client ); |
4e1ae1cd |
356 | |
7193eb01 |
357 | increds.times.endtime = 0; |
358 | /* Ask for DES since that is what V4 understands */ |
359 | increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC; |
360 | |
361 | /* get the V5 credentials */ |
362 | if (( kerror = krb5_get_credentials( kcontext, 0, kccache, |
363 | &increds, &v5credsp ) ) ) { |
364 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
365 | "mod_waklog: krb5_get_credentials: %s", krb_err_txt[ kerror ] ); |
4e1ae1cd |
366 | return; |
367 | } |
368 | |
7193eb01 |
369 | /* get the V4 credentials */ |
370 | if (( kerror = krb524_convert_creds_kdc( kcontext, v5credsp, &v4creds ) ) ) { |
371 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
372 | "mod_waklog: krb524_convert_creds_kdc: %s", krb_err_txt[ kerror ] ); |
4e1ae1cd |
373 | return; |
374 | } |
375 | |
7193eb01 |
376 | /* assemble the token */ |
377 | token.kvno = v4creds.kvno; |
378 | token.startTime = v4creds.issue_date; |
379 | token.endTime = v5credsp->times.endtime; |
380 | memmove( &token.sessionKey, v4creds.session, 8 ); |
381 | token.ticketLen = v4creds.ticket_st.length ; |
382 | memmove( token.ticket, v4creds.ticket_st.dat, token.ticketLen ); |
383 | |
384 | /* make sure we have to do this */ |
385 | if ( child->token.kvno != token.kvno || |
386 | child->token.ticketLen != token.ticketLen || |
387 | memcmp( &child->token.sessionKey, &token.sessionKey, |
388 | sizeof( token.sessionKey ) ) || |
389 | memcmp( child->token.ticket, token.ticket, token.ticketLen ) ) { |
390 | |
391 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
392 | "mod_waklog: %s.%s@%s", v4creds.service, v4creds.instance, |
393 | v4creds.realm ); |
394 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
395 | "mod_waklog: %d %d %d", v4creds.lifetime, v4creds.kvno, |
396 | v4creds.issue_date ); |
397 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
398 | "mod_waklog: %s %s", v4creds.pname, v4creds.pinst ); |
399 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
400 | "mod_waklog: %d", v4creds.ticket_st.length ); |
401 | |
402 | /* build the name */ |
403 | strcpy( buf, v4creds.pname ); |
404 | if ( v4creds.pinst[ 0 ] ) { |
405 | strcat( buf, "." ); |
406 | strcat( buf, v4creds.pinst ); |
407 | } |
408 | |
409 | /* assemble the client */ |
410 | strncpy( client.name, buf, MAXKTCNAMELEN - 1 ); |
411 | strcpy( client.instance, "" ); |
412 | strncpy( client.cell, v4creds.realm, MAXKTCNAMELEN - 1 ); |
413 | |
414 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
415 | "mod_waklog: server: name=%s, instance=%s, cell=%s", |
416 | server.name, server.instance, server.cell ); |
417 | |
418 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
419 | "mod_waklog: client: name=%s, instance=%s, cell=%s", |
420 | client.name, client.instance, client.cell ); |
421 | |
422 | /* use the path */ |
423 | krb_set_tkt_string( (char *)k4path ); |
424 | |
425 | /* rumor: we have to do this for AIX 4.1.4 with AFS 3.4+ */ |
426 | write( 2, "", 0 ); |
427 | |
428 | if ( ( rc = ktc_SetToken( &server, &token, &client, 0 ) ) ) { |
429 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
430 | "mod_waklog: settoken returned %d", rc ); |
431 | } |
432 | |
433 | /* save this */ |
434 | memmove( &child->token, &token, sizeof( struct ktc_token ) ); |
435 | |
436 | /* we'll need to unlog when this connection is done. */ |
437 | ap_register_cleanup( r->pool, (void *)r, pioctl_cleanup, ap_null_cleanup ); |
438 | } |
439 | |
440 | krb5_free_cred_contents( kcontext, v5credsp ); |
441 | krb5_free_principal( kcontext, increds.client ); |
4e1ae1cd |
442 | krb5_cc_close( kcontext, kccache ); |
443 | krb5_free_context( kcontext ); |
3ed1e28a |
444 | |
7193eb01 |
445 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
446 | "mod_waklog: finished with waklog_aklog" ); |
447 | |
4e1ae1cd |
448 | } |
449 | |
e21f34f0 |
450 | static int |
451 | waklog_child_routine( void *s, child_info *pinfo ) |
452 | { |
e21f34f0 |
453 | if ( !getuid() ) { |
132ef613 |
454 | ap_log_error( APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, s, |
e21f34f0 |
455 | "mod_waklog: waklog_child_routine called as root" ); |
456 | |
457 | /* this was causing the credential file to get owned by root */ |
458 | setgid(ap_group_id); |
459 | setuid(ap_user_id); |
460 | } |
461 | |
462 | while( 1 ) { |
463 | waklog_ktinit( s ); |
132ef613 |
464 | sleep( 300 /* 10*60*60 - 5*60 */ ); |
e21f34f0 |
465 | } |
466 | |
467 | } |
468 | |
469 | |
470 | static void |
471 | waklog_init( server_rec *s, pool *p ) |
472 | { |
473 | extern char *version; |
474 | int pid; |
475 | |
476 | ap_log_error( APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, s, |
477 | "mod_waklog: version %s initialized.", version ); |
478 | |
479 | pid = ap_bspawn_child( p, waklog_child_routine, s, kill_always, |
480 | NULL, NULL, NULL ); |
481 | |
132ef613 |
482 | ap_log_error( APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, s, |
e21f34f0 |
483 | "mod_waklog: ap_bspawn_child: %d.", pid ); |
484 | } |
485 | |
4e1ae1cd |
486 | |
bed98ff9 |
487 | static int |
7193eb01 |
488 | waklog_phase0( request_rec *r ) |
bed98ff9 |
489 | { |
313dde40 |
490 | waklog_host_config *cfg; |
491 | |
7193eb01 |
492 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
493 | "mod_waklog: phase0 called" ); |
494 | |
313dde40 |
495 | /* directory config? */ |
496 | cfg = (waklog_host_config *)ap_get_module_config( |
497 | r->per_dir_config, &waklog_module); |
bed98ff9 |
498 | |
313dde40 |
499 | /* server config? */ |
500 | if ( !cfg->configured ) { |
7193eb01 |
501 | cfg = (waklog_host_config *)ap_get_module_config( |
502 | r->server->module_config, &waklog_module); |
313dde40 |
503 | } |
504 | |
7193eb01 |
505 | if ( !cfg->protect ) { |
4e1ae1cd |
506 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
7193eb01 |
507 | "mod_waklog: phase0 declining" ); |
508 | return( DECLINED ); |
509 | } |
4e1ae1cd |
510 | |
7193eb01 |
511 | /* do this only if we are still unauthenticated */ |
512 | if ( !child->token.ticketLen ) { |
4e1ae1cd |
513 | |
e21f34f0 |
514 | /* set our environment variables */ |
515 | ap_table_set( r->subprocess_env, "KRB5CCNAME", K5PATH ); |
516 | ap_table_set( r->subprocess_env, "KRBTKFILE", K4PATH ); |
3ed1e28a |
517 | |
7193eb01 |
518 | /* stuff the credentials into the kernel */ |
519 | waklog_aklog( r ); |
4e1ae1cd |
520 | } |
7193eb01 |
521 | |
522 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
523 | "mod_waklog: phase0 returning" ); |
524 | return DECLINED; |
525 | } |
4e1ae1cd |
526 | |
1e18ef7d |
527 | |
7193eb01 |
528 | static int |
529 | waklog_phase7( request_rec *r ) |
530 | { |
531 | waklog_host_config *cfg; |
1e18ef7d |
532 | |
7193eb01 |
533 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
534 | "mod_waklog: phase7 called" ); |
1e18ef7d |
535 | |
7193eb01 |
536 | /* directory config? */ |
537 | cfg = (waklog_host_config *)ap_get_module_config( |
538 | r->per_dir_config, &waklog_module); |
1e18ef7d |
539 | |
7193eb01 |
540 | /* server config? */ |
541 | if ( !cfg->configured ) { |
542 | cfg = (waklog_host_config *)ap_get_module_config( |
543 | r->server->module_config, &waklog_module); |
bed98ff9 |
544 | } |
545 | |
7193eb01 |
546 | if ( !cfg->protect ) { |
547 | return( DECLINED ); |
bed98ff9 |
548 | } |
549 | |
7193eb01 |
550 | /* stuff the credentials into the kernel */ |
551 | waklog_aklog( r ); |
bed98ff9 |
552 | |
7193eb01 |
553 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
554 | "mod_waklog: phase7 returning" ); |
bed98ff9 |
555 | |
7193eb01 |
556 | return DECLINED; |
bed98ff9 |
557 | } |
558 | |
7193eb01 |
559 | static void |
560 | waklog_new_connection( conn_rec *c ) { |
561 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, c->server, |
562 | "mod_waklog: new_connection called: conn_rec: 0x%08x pid: %d", c, getpid() ); |
563 | return; |
564 | } |
bed98ff9 |
565 | |
313dde40 |
566 | module MODULE_VAR_EXPORT waklog_module = { |
bed98ff9 |
567 | STANDARD_MODULE_STUFF, |
313dde40 |
568 | waklog_init, /* module initializer */ |
569 | waklog_create_dir_config, /* create per-dir config structures */ |
bed98ff9 |
570 | NULL, /* merge per-dir config structures */ |
313dde40 |
571 | waklog_create_server_config, /* create per-server config structures */ |
bed98ff9 |
572 | NULL, /* merge per-server config structures */ |
313dde40 |
573 | waklog_cmds, /* table of config file commands */ |
bed98ff9 |
574 | NULL, /* [#8] MIME-typed-dispatched handlers */ |
575 | NULL, /* [#1] URI to filename translation */ |
576 | NULL, /* [#4] validate user id from request */ |
577 | NULL, /* [#5] check if the user is ok _here_ */ |
578 | NULL, /* [#3] check access by host address */ |
579 | NULL, /* [#6] determine MIME type */ |
7193eb01 |
580 | waklog_phase7, /* [#7] pre-run fixups */ |
bed98ff9 |
581 | NULL, /* [#9] log a transaction */ |
313dde40 |
582 | NULL, /* [#2] header parser */ |
583 | waklog_child_init, /* child_init */ |
bed98ff9 |
584 | NULL, /* child_exit */ |
7193eb01 |
585 | waklog_phase0 /* [#0] post read-request */ |
bed98ff9 |
586 | #ifdef EAPI |
587 | ,NULL, /* EAPI: add_module */ |
588 | NULL, /* EAPI: remove_module */ |
589 | NULL, /* EAPI: rewrite_command */ |
7193eb01 |
590 | waklog_new_connection /* EAPI: new_connection */ |
bed98ff9 |
591 | #endif |
592 | }; |