HCoop / hcoop / zz_old / modwaklog.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
fourth set of UMBC merges; still all inert changes
[hcoop/zz_old/modwaklog.git] / mod_waklog.c
CommitLineData
87822447 1#define _LARGEFILE64_SOURCE
ff47641b 2#define _GNU_SOURCE
87822447 3
bed98ff9 4#include "httpd.h"
5#include "http_config.h"
bed98ff9 6#include "http_log.h"
7193eb01 7#include "http_protocol.h"
8#include "http_request.h"
9#include "http_core.h"
87822447 10
ff47641b 11#ifdef sun
12#include <synch.h>
13#elif linux
14#define use_pthreads
15#include <features.h>
16#include <sys/types.h>
17#include <sys/mman.h>
18#include <pthread.h>
19#else
20#error "make sure you include the right stuff here"
21#endif
22
23#ifndef MAXNAMELEN
24#define MAXNAMELEN 1024
25#endif
26
87822447 27#ifdef STANDARD20_MODULE_STUFF
28#include <apr_strings.h>
29#include <apr_base64.h>
30#include <apr_compat.h>
31#include <apu_compat.h>
32
33module AP_MODULE_DECLARE_DATA waklog_module;
34
35#define MK_POOL apr_pool_t
36#define MK_TABLE_GET apr_table_get
d06251b1 37#define MK_TABLE_SET apr_table_set
87822447 38#include "unixd.h"
39extern unixd_config_rec unixd_config;
40#define ap_user_id unixd_config.user_id
41#define ap_group_id unixd_config.group_id
42#define ap_user_name unixd_config.user_name
43#define command(name, func, var, type, usage) \
44 AP_INIT_ ## type (name, (void*) func, \
c69d952f 45 (void*)APR_OFFSETOF(waklog_commands, var), \
87822447 46 OR_AUTHCFG | RSRC_CONF, usage)
47typedef struct {
48 int dummy;
49} child_info;
50
51const char *userdata_key = "waklog_init";
52#else
bed98ff9 53#include "ap_config.h"
87822447 54
55module waklog_module;
56#define MK_POOL pool
57#define MK_TABLE_GET ap_table_get
58#define command(name, func, var, type, usage) \
59 { name, func, \
c69d952f 60 (void*)XtOffsetOf(waklog_commands, var), \
87822447 61 OR_AUTHCFG | RSRC_CONF, type, usage }
62#endif /* STANDARD20_MODULE_STUFF */
63
c69d952f 64#define getModConfig(P, X) P = (waklog_config *) ap_get_module_config( (X)->module_config, &waklog_module );
87822447 65
4e1ae1cd 66#include <krb5.h>
bed98ff9 67
7193eb01 68#if defined(sun)
bed98ff9 69#include <sys/ioccom.h>
7193eb01 70#endif /* sun */
bed98ff9 71#include <stropts.h>
bed98ff9 72#include <afs/venus.h>
7193eb01 73#include <afs/auth.h>
d06251b1 74#include <afs/dirpath.h>
75#include <afs/ptuser.h>
7193eb01 76#include <rx/rxkad.h>
77
87822447 78#define KEYTAB "/etc/keytab.wwwserver"
ad1d1967 79#define PRINCIPAL "someplacewwwserver"
87822447 80#define AFS_CELL "someplace.edu"
4e1ae1cd 81
58bbdc54 82#define TKT_LIFE 10*60*60
b52ccbb1 83#define SLEEP_TIME TKT_LIFE - 5*60
87822447 84/* If there's an error, retry more aggressively */
85#define ERR_SLEEP_TIME 5*60
58bbdc54 86
58bbdc54 87
88#define K5PATH "FILE:/tmp/waklog.creds.k5"
7193eb01 89
d06251b1 90typedef struct
91{
87822447 92 int forked;
4e1ae1cd 93 int configured;
94 int protect;
95 char *keytab;
ad1d1967 96 char *principal;
403921ef 97 char *afs_cell;
87822447 98 MK_POOL *p;
d06251b1 99}
c69d952f 100waklog_config;
313dde40 101
7193eb01 102typedef struct {
103 struct ktc_token token;
104} waklog_child_config;
58bbdc54 105waklog_child_config child;
106
87822447 107static void
108log_error(const char *file, int line, int level, int status,
109 const server_rec *s, const char *fmt, ...)
4d47a8d9 110{
87822447 111 char errstr[1024];
112 va_list ap;
4d47a8d9 113
87822447 114 va_start(ap, fmt);
115 vsnprintf(errstr, sizeof(errstr), fmt, ap);
116 va_end(ap);
4d47a8d9 117
87822447 118#ifdef STANDARD20_MODULE_STUFF
119 ap_log_error(file, line, level | APLOG_NOERRNO, status, s, "%s", errstr);
120#else
121 ap_log_error(file, line, level | APLOG_NOERRNO, s, "%s", errstr);
122#endif
4d47a8d9 123
87822447 124}
4d47a8d9 125
313dde40 126 static void *
87822447 127waklog_create_server_config( MK_POOL *p, server_rec *s )
313dde40 128{
c69d952f 129 waklog_config *cfg;
313dde40 130
c69d952f 131 cfg = (waklog_config *)ap_pcalloc( p, sizeof( waklog_config ));
87822447 132 cfg->p = p;
133 cfg->forked = 0;
313dde40 134 cfg->configured = 0;
135 cfg->protect = 0;
58bbdc54 136 cfg->keytab = KEYTAB;
ad1d1967 137 cfg->principal = PRINCIPAL;
58bbdc54 138 cfg->afs_cell = AFS_CELL;
313dde40 139
87822447 140 log_error( APLOG_MARK, APLOG_DEBUG, 0, s, "mod_waklog: server config created." );
141
313dde40 142 return( cfg );
143}
144
145
313dde40 146 static const char *
147set_waklog_protect( cmd_parms *params, void *mconfig, int flag )
148{
c69d952f 149 waklog_config *cfg;
313dde40 150
87822447 151 getModConfig(cfg, params->server );
313dde40 152
153 cfg->protect = flag;
154 cfg->configured = 1;
87822447 155 log_error( APLOG_MARK, APLOG_DEBUG, 0, params->server, "mod_waklog: waklog_protect set" );
313dde40 156 return( NULL );
157}
158
159
4e1ae1cd 160 static const char *
161ffd84 161set_waklog_keytab( cmd_parms *params, void *mconfig, char *file )
4e1ae1cd 162{
c69d952f 163 waklog_config *cfg;
4e1ae1cd 164
87822447 165 getModConfig(cfg, params->server );
4e1ae1cd 166
87822447 167 log_error( APLOG_MARK, APLOG_INFO, 0, params->server,
168 "mod_waklog: will use keytab: %s", file );
3ed1e28a 169
b52ccbb1 170 cfg->keytab = ap_pstrdup ( params->pool, file );
4e1ae1cd 171 cfg->configured = 1;
172 return( NULL );
173}
174
175
58bbdc54 176 static const char *
ad1d1967 177set_waklog_use_principal( cmd_parms *params, void *mconfig, char *file )
b74fad73 178{
c69d952f 179 waklog_config *cfg;
7193eb01 180
87822447 181 getModConfig(cfg, params->server );
7193eb01 182
87822447 183 log_error( APLOG_MARK, APLOG_INFO, 0, params->server,
ad1d1967 184 "mod_waklog: will use principal: %s", file );
58bbdc54 185
ad1d1967 186 cfg->principal = ap_pstrdup ( params->pool, file );
58bbdc54 187 cfg->configured = 1;
188 return( NULL );
189}
190
191
192 static const char *
193set_waklog_use_afs_cell( cmd_parms *params, void *mconfig, char *file )
194{
c69d952f 195 waklog_config *cfg;
58bbdc54 196
87822447 197 getModConfig(cfg, params->server );
58bbdc54 198
87822447 199 log_error( APLOG_MARK, APLOG_INFO, 0, params->server,
200 "mod_waklog: will use afs_cell: %s", file );
58bbdc54 201
b52ccbb1 202 cfg->afs_cell = ap_pstrdup( params->pool, file );
58bbdc54 203 cfg->configured = 1;
204 return( NULL );
205}
206
207
208 static void
87822447 209#ifdef STANDARD20_MODULE_STUFF
210waklog_child_init(MK_POOL *p, server_rec *s)
211#else
212waklog_child_init(server_rec *s, MK_POOL *p)
213#endif
58bbdc54 214{
215
87822447 216 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
217 "mod_waklog: child_init called" );
218
58bbdc54 219 memset( &child.token, 0, sizeof( struct ktc_token ) );
7193eb01 220
b74fad73 221 setpag();
7193eb01 222
87822447 223 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
224 "mod_waklog: child_init returned" );
225
b74fad73 226 return;
227}
228
87822447 229typedef struct {
230 int wak_protect;
231 char *wak_keytab;
232 char *wak_ktprinc;
233 char *wak_afscell;
c69d952f 234} waklog_commands;
b74fad73 235
313dde40 236command_rec waklog_cmds[ ] =
237{
87822447 238 command("WaklogProtected", set_waklog_protect, wak_protect, FLAG, "enable waklog on a location or directory basis"),
313dde40 239
87822447 240 command("WaklogKeytab", set_waklog_keytab, wak_keytab, TAKE1, "Use the supplied keytab rather than the default"),
58bbdc54 241
ad1d1967 242 command("WaklogUseKeytabPrincipal", set_waklog_use_principal, wak_ktprinc, TAKE1, "Use the supplied keytab principal rather than the default"),
58bbdc54 243
87822447 244 command("WaklogUseAFSCell", set_waklog_use_afs_cell, wak_afscell, TAKE1, "Use the supplied AFS cell rather than the default"),
4e1ae1cd 245
313dde40 246 { NULL }
247};
248
249
87822447 250 static int
e2df6441 251token_cleanup( void *data )
bed98ff9 252{
253 request_rec *r = (request_rec *)data;
bed98ff9 254
58bbdc54 255 if ( child.token.ticketLen ) {
256 memset( &child.token, 0, sizeof( struct ktc_token ) );
bed98ff9 257
7193eb01 258 ktc_ForgetAllTokens();
bed98ff9 259
87822447 260 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
261 "mod_waklog: ktc_ForgetAllTokens succeeded: pid: %d", getpid() );
7193eb01 262 }
87822447 263 return 0;
bed98ff9 264}
265
266
4e1ae1cd 267 static int
e2df6441 268waklog_kinit( server_rec *s )
4e1ae1cd 269{
87822447 270 krb5_error_code kerror = 0;
e2df6441 271 krb5_context kcontext = NULL;
272 krb5_principal kprinc = NULL;
4e1ae1cd 273 krb5_get_init_creds_opt kopts;
7193eb01 274 krb5_creds v5creds;
e2df6441 275 krb5_ccache kccache = NULL;
276 krb5_keytab keytab = NULL;
4e1ae1cd 277 char ktbuf[ MAX_KEYTAB_NAME_LEN + 1 ];
b52ccbb1 278 int i;
c69d952f 279 waklog_config *cfg;
4e1ae1cd 280
87822447 281 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
282 "mod_waklog: waklog_kinit called: pid: %d", getpid() );
4e1ae1cd 283
87822447 284 getModConfig(cfg, s);
58bbdc54 285
e21f34f0 286 if (( kerror = krb5_init_context( &kcontext ))) {
87822447 287 log_error( APLOG_MARK, APLOG_ERR, 0, s,
288 "mod_waklog: %s", (char *)error_message( kerror ));
4e1ae1cd 289
e2df6441 290 goto cleanup;
e21f34f0 291 }
4e1ae1cd 292
e21f34f0 293 /* use the path */
294 if (( kerror = krb5_cc_resolve( kcontext, K5PATH, &kccache )) != 0 ) {
87822447 295 log_error( APLOG_MARK, APLOG_ERR, 0, s,
296 "mod_waklog: %s", (char *)error_message( kerror ));
4e1ae1cd 297
e2df6441 298 goto cleanup;
e21f34f0 299 }
4e1ae1cd 300
87822447 301 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
ad1d1967 302 "mod_waklog: principal: %s", cfg->principal );
b52ccbb1 303
ad1d1967 304 if (( kerror = krb5_parse_name( kcontext, cfg->principal, &kprinc ))) {
87822447 305 log_error( APLOG_MARK, APLOG_ERR, 0, s,
306 "mod_waklog: %s", (char *)error_message( kerror ));
7193eb01 307
e2df6441 308 goto cleanup;
e21f34f0 309 }
7193eb01 310
e21f34f0 311 krb5_get_init_creds_opt_init( &kopts );
58bbdc54 312 krb5_get_init_creds_opt_set_tkt_life( &kopts, TKT_LIFE );
e21f34f0 313 krb5_get_init_creds_opt_set_renew_life( &kopts, 0 );
314 krb5_get_init_creds_opt_set_forwardable( &kopts, 1 );
315 krb5_get_init_creds_opt_set_proxiable( &kopts, 0 );
7193eb01 316
58bbdc54 317 /* keytab from config */
318 strncpy( ktbuf, cfg->keytab, sizeof( ktbuf ) - 1 );
7193eb01 319
87822447 320 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
321 "mod_waklog: waklog_kinit using: %s", ktbuf );
7193eb01 322
e21f34f0 323 if (( kerror = krb5_kt_resolve( kcontext, ktbuf, &keytab )) != 0 ) {
87822447 324 log_error( APLOG_MARK, APLOG_ERR, 0, s,
325 "mod_waklog:krb5_kt_resolve %s", (char *)error_message( kerror ));
7193eb01 326
e2df6441 327 goto cleanup;
e21f34f0 328 }
7193eb01 329
b52ccbb1 330 memset( (char *)&v5creds, 0, sizeof(v5creds));
331
e21f34f0 332 /* get the krbtgt */
333 if (( kerror = krb5_get_init_creds_keytab( kcontext, &v5creds,
403921ef 334 kprinc, keytab, 0, NULL, &kopts ))) {
7193eb01 335
87822447 336 log_error( APLOG_MARK, APLOG_ERR, 0, s,
337 "mod_waklog:krb5_get_init_creds_keytab %s", (char *)error_message( kerror ));
7193eb01 338
e2df6441 339 goto cleanup;
e21f34f0 340 }
7193eb01 341
e21f34f0 342 if (( kerror = krb5_cc_initialize( kcontext, kccache, kprinc )) != 0 ) {
87822447 343 log_error( APLOG_MARK, APLOG_ERR, 0, s,
344 "mod_waklog:krb5_cc_initialize %s", (char *)error_message( kerror ));
7193eb01 345
e2df6441 346 goto cleanup;
e21f34f0 347 }
7193eb01 348
e2df6441 349 kerror = krb5_cc_store_cred( kcontext, kccache, &v5creds );
350 krb5_free_cred_contents( kcontext, &v5creds );
351 if ( kerror != 0 ) {
87822447 352 log_error( APLOG_MARK, APLOG_ERR, 0, s,
353 "mod_waklog: %s", (char *)error_message( kerror ));
7193eb01 354
e2df6441 355 goto cleanup;
e21f34f0 356 }
7193eb01 357
87822447 358 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
359 "mod_waklog: waklog_kinit success" );
e2df6441 360
361cleanup:
362 if ( keytab )
363 (void)krb5_kt_close( kcontext, keytab );
364 if ( kprinc )
365 krb5_free_principal( kcontext, kprinc );
366 if ( kccache )
367 krb5_cc_close( kcontext, kccache );
368 if ( kcontext )
369 krb5_free_context( kcontext );
e21f34f0 370
87822447 371 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
372 "mod_waklog: waklog_kinit: exiting" );
7193eb01 373
87822447 374 return( kerror );
7193eb01 375}
376
377
378 static void
379waklog_aklog( request_rec *r )
380{
381 int rc;
bd173fe7 382 char buf[ MAXKTCTICKETLEN ];
7193eb01 383 const char *k5path = NULL;
384 krb5_error_code kerror;
e2df6441 385 krb5_context kcontext = NULL;
7193eb01 386 krb5_creds increds;
387 krb5_creds *v5credsp = NULL;
e2df6441 388 krb5_ccache kccache = NULL;
403921ef 389 struct ktc_principal server = { "afs", "", "" };
7193eb01 390 struct ktc_principal client;
391 struct ktc_token token;
c69d952f 392 waklog_config *cfg;
58bbdc54 393 int buflen;
7193eb01 394
87822447 395 k5path = MK_TABLE_GET( r->subprocess_env, "KRB5CCNAME" );
7193eb01 396
87822447 397 log_error( APLOG_MARK, APLOG_INFO, 0, r->server,
398 "mod_waklog: waklog_aklog called: k5path: %s", k5path );
7193eb01 399
161ffd84 400 if ( k5path == NULL ) {
87822447 401 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
402 "mod_waklog: waklog_aklog giving up" );
e2df6441 403 goto cleanup;
4e1ae1cd 404 }
405
7193eb01 406 /*
407 ** Get/build creds from file/tgs, then see if we need to SetToken
408 */
409
410 if (( kerror = krb5_init_context( &kcontext ))) {
411 /* Authentication Required ( kerberos error ) */
87822447 412 log_error( APLOG_MARK, APLOG_ERR, 0, r->server,
413 (char *)error_message( kerror ));
414
e2df6441 415 goto cleanup;
4e1ae1cd 416 }
417
7193eb01 418 memset( (char *)&increds, 0, sizeof(increds));
4e1ae1cd 419
87822447 420 getModConfig(cfg, r->server );
403921ef 421
422 /* afs/<cell> or afs */
423 strncpy( buf, "afs", sizeof( buf ) - 1 );
58bbdc54 424 if ( strcmp( cfg->afs_cell, AFS_CELL ) ) {
403921ef 425 strncat( buf, "/" , sizeof( buf ) - strlen( buf ) - 1 );
426 strncat( buf, cfg->afs_cell, sizeof( buf ) - strlen( buf ) - 1 );
427 }
428
7193eb01 429 /* set server part */
403921ef 430 if (( kerror = krb5_parse_name( kcontext, buf, &increds.server ))) {
87822447 431 log_error( APLOG_MARK, APLOG_ERR, 0, r->server,
432 (char *)error_message( kerror ));
4e1ae1cd 433
e2df6441 434 goto cleanup;
4e1ae1cd 435 }
436
7193eb01 437 if (( kerror = krb5_cc_resolve( kcontext, k5path, &kccache )) != 0 ) {
87822447 438 log_error( APLOG_MARK, APLOG_ERR, 0, r->server,
439 (char *)error_message( kerror ));
7193eb01 440
e2df6441 441 goto cleanup;
7193eb01 442 }
4e1ae1cd 443
7193eb01 444 /* set client part */
445 krb5_cc_get_principal( kcontext, kccache, &increds.client );
4e1ae1cd 446
7193eb01 447 increds.times.endtime = 0;
448 /* Ask for DES since that is what V4 understands */
449 increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC;
450
451 /* get the V5 credentials */
452 if (( kerror = krb5_get_credentials( kcontext, 0, kccache,
453 &increds, &v5credsp ) ) ) {
87822447 454 log_error( APLOG_MARK, APLOG_ERR, 0, r->server,
455 "mod_waklog: krb5_get_credentials: %s", error_message( kerror ));
e2df6441 456 goto cleanup;
4e1ae1cd 457 }
458
c4ad0387 459 /* don't overflow */
460 if ( v5credsp->ticket.length >= MAXKTCTICKETLEN ) { /* from krb524d.c */
87822447 461 log_error( APLOG_MARK, APLOG_ERR, 0, r->server,
462 "mod_waklog: ticket size (%d) too big to fake", v5credsp->ticket.length );
e2df6441 463 goto cleanup;
4e1ae1cd 464 }
465
7193eb01 466 /* assemble the token */
58bbdc54 467 memset( &token, 0, sizeof( struct ktc_token ) );
468
469 token.startTime = v5credsp->times.starttime ? v5credsp->times.starttime : v5credsp->times.authtime;
7193eb01 470 token.endTime = v5credsp->times.endtime;
58bbdc54 471 memmove( &token.sessionKey, v5credsp->keyblock.contents, v5credsp->keyblock.length );
472 token.kvno = RXKAD_TKT_TYPE_KERBEROS_V5;
473 token.ticketLen = v5credsp->ticket.length;
474 memmove( token.ticket, v5credsp->ticket.data, token.ticketLen );
7193eb01 475
58bbdc54 476 /* make sure we have to do this */
477 if ( child.token.kvno != token.kvno ||
478 child.token.ticketLen != token.ticketLen ||
479 (memcmp( &child.token.sessionKey, &token.sessionKey,
480 sizeof( token.sessionKey ) )) ||
481 (memcmp( child.token.ticket, token.ticket, token.ticketLen )) ) {
482
87822447 483 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
484 "mod_waklog: client: %s", buf );
7193eb01 485
486 /* build the name */
bd173fe7 487 memmove( buf, v5credsp->client->data[0].data,
488 min( v5credsp->client->data[0].length, MAXKTCNAMELEN - 1 ) );
58bbdc54 489 buf[ v5credsp->client->data[0].length ] = '\0';
490 if ( v5credsp->client->length > 1 ) {
8258901d 491 strncat( buf, ".", sizeof( buf ) - strlen( buf ) - 1 );
58bbdc54 492 buflen = strlen( buf );
bd173fe7 493 memmove( buf + buflen, v5credsp->client->data[1].data,
494 min( v5credsp->client->data[1].length, MAXKTCNAMELEN - strlen( buf ) - 1 ) );
58bbdc54 495 buf[ buflen + v5credsp->client->data[1].length ] = '\0';
7193eb01 496 }
497
498 /* assemble the client */
403921ef 499 strncpy( client.name, buf, sizeof( client.name ) - 1 );
500 strncpy( client.instance, "", sizeof( client.instance) - 1 );
bd173fe7 501 memmove( buf, v5credsp->client->realm.data,
502 min( v5credsp->client->realm.length, MAXKTCNAMELEN - 1 ) );
58bbdc54 503 buf[ v5credsp->client->realm.length ] = '\0';
504 strncpy( client.cell, buf, sizeof( client.cell ) - 1 );
403921ef 505
58bbdc54 506 /* assemble the server's cell */
403921ef 507 strncpy( server.cell, cfg->afs_cell , sizeof( server.cell ) - 1 );
7193eb01 508
87822447 509 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
510 "mod_waklog: server: name=%s, instance=%s, cell=%s",
511 server.name, server.instance, server.cell );
512
513 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
514 "mod_waklog: client: name=%s, instance=%s, cell=%s",
515 client.name, client.instance, client.cell );
7193eb01 516
517 /* use the path */
7193eb01 518
519 /* rumor: we have to do this for AIX 4.1.4 with AFS 3.4+ */
520 write( 2, "", 0 );
521
522 if ( ( rc = ktc_SetToken( &server, &token, &client, 0 ) ) ) {
87822447 523 log_error( APLOG_MARK, APLOG_ERR, 0, r->server,
524 "mod_waklog: settoken returned %d", rc );
58bbdc54 525 goto cleanup;
7193eb01 526 }
527
528 /* save this */
58bbdc54 529 memmove( &child.token, &token, sizeof( struct ktc_token ) );
7193eb01 530
531 /* we'll need to unlog when this connection is done. */
e2df6441 532 ap_register_cleanup( r->pool, (void *)r, token_cleanup, ap_null_cleanup );
7193eb01 533 }
534
e2df6441 535cleanup:
536 if ( v5credsp )
537 krb5_free_cred_contents( kcontext, v5credsp );
538 if ( increds.client )
539 krb5_free_principal( kcontext, increds.client );
540 if ( increds.server )
541 krb5_free_principal( kcontext, increds.server );
542 if ( kccache )
543 krb5_cc_close( kcontext, kccache );
544 if ( kcontext )
545 krb5_free_context( kcontext );
3ed1e28a 546
87822447 547 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
548 "mod_waklog: finished with waklog_aklog" );
7193eb01 549
e2df6441 550 return;
551
4e1ae1cd 552}
553
e21f34f0 554 static int
555waklog_child_routine( void *s, child_info *pinfo )
556{
e21f34f0 557 if ( !getuid() ) {
87822447 558 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
559 "mod_waklog: waklog_child_routine called as root" );
e21f34f0 560
561 /* this was causing the credential file to get owned by root */
ea3e8708 562#ifdef STANDARD20_MODULE_STUFF
e21f34f0 563 setgid(ap_group_id);
564 setuid(ap_user_id);
ea3e8708 565#endif
e21f34f0 566 }
567
568 while( 1 ) {
e2df6441 569 waklog_kinit( s );
87822447 570 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
571 "mod_waklog: child_routine sleeping" );
58bbdc54 572 sleep( SLEEP_TIME );
87822447 573 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
574 "mod_waklog: slept, calling waklog_kinit" );
e21f34f0 575 }
576
577}
578
87822447 579#ifdef STANDARD20_MODULE_STUFF
580static int
581waklog_init_handler(apr_pool_t *p, apr_pool_t *plog,
582 apr_pool_t *ptemp, server_rec *s)
583{
584 int rv;
585 extern char *version;
586 apr_proc_t *proc;
c69d952f 587 waklog_config *cfg;
87822447 588 void *data;
589
590 getModConfig(cfg, s);
591
592 /* initialize_module() will be called twice, and if it's a DSO
593 * then all static data from the first call will be lost. Only
594 * set up our static data on the second call.
595 * see http://issues.apache.org/bugzilla/show_bug.cgi?id=37519 */
596 apr_pool_userdata_get(&data, userdata_key, s->process->pool);
597
598 if (!data) {
599 apr_pool_userdata_set((const void *)1, userdata_key,
600 apr_pool_cleanup_null, s->process->pool);
601 } else {
602 log_error( APLOG_MARK, APLOG_INFO, 0, s,
603 "mod_waklog: version %s initialized.", version );
604
605 proc = (apr_proc_t *)ap_pcalloc( s->process->pool, sizeof(apr_proc_t));
606
607 rv = apr_proc_fork(proc, s->process->pool);
608
609 if (rv == APR_INCHILD) {
610 waklog_child_routine(s, NULL);
611 } else {
612 apr_pool_note_subprocess(s->process->pool, proc, APR_KILL_ALWAYS);
613 }
614 /* parent and child */
615 cfg->forked = proc->pid;
616 }
617 return 0;
618}
619#else
e21f34f0 620 static void
87822447 621waklog_init( server_rec *s, MK_POOL *p )
e21f34f0 622{
623 extern char *version;
624 int pid;
625
87822447 626 log_error( APLOG_MARK, APLOG_INFO, 0, s,
627 "mod_waklog: version %s initialized.", version );
e21f34f0 628
629 pid = ap_bspawn_child( p, waklog_child_routine, s, kill_always,
630 NULL, NULL, NULL );
631
87822447 632 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
633 "mod_waklog: ap_bspawn_child: %d.", pid );
e21f34f0 634}
87822447 635#endif
4e1ae1cd 636
bed98ff9 637 static int
7193eb01 638waklog_phase0( request_rec *r )
bed98ff9 639{
c69d952f 640 waklog_config *cfg;
313dde40 641
87822447 642 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
643 "mod_waklog: phase0 called" );
7193eb01 644
87822447 645 getModConfig(cfg, r->server );
313dde40 646
87822447 647 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
648 "mod_waklog: phase0, checking cfg->protect" );
7193eb01 649 if ( !cfg->protect ) {
87822447 650 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
651 "mod_waklog: phase0 declining" );
7193eb01 652 return( DECLINED );
653 }
4e1ae1cd 654
87822447 655 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
656 "mod_waklog: phase0, NOT setting environment variable" );
657 /* set our environment variable */
658 apr_table_set( r->subprocess_env, "KRB5CCNAME", K5PATH );
b52ccbb1 659
87822447 660 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
661 "mod_waklog: phase0, checking child.token.ticketLen" );
7193eb01 662 /* do this only if we are still unauthenticated */
58bbdc54 663 if ( !child.token.ticketLen ) {
87822447 664
665 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
666 "mod_waklog: phase0, calling waklog_aklog" );
7193eb01 667 /* stuff the credentials into the kernel */
668 waklog_aklog( r );
4e1ae1cd 669 }
7193eb01 670
87822447 671 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
672 "mod_waklog: phase0 returning" );
7193eb01 673 return DECLINED;
674}
4e1ae1cd 675
1e18ef7d 676
7193eb01 677 static int
678waklog_phase7( request_rec *r )
679{
c69d952f 680 waklog_config *cfg;
1e18ef7d 681
87822447 682 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
683 "mod_waklog: phase7 called" );
1e18ef7d 684
87822447 685 getModConfig(cfg, r->server );
bed98ff9 686
7193eb01 687 if ( !cfg->protect ) {
688 return( DECLINED );
bed98ff9 689 }
690
7193eb01 691 /* stuff the credentials into the kernel */
87822447 692
693 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
694 "mod_waklog: phase7, calling waklog_aklog" );
7193eb01 695 waklog_aklog( r );
bed98ff9 696
87822447 697 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
698 "mod_waklog: phase7 returning" );
bed98ff9 699
7193eb01 700 return DECLINED;
bed98ff9 701}
702
ff47641b 703
87822447 704static
705#ifdef STANDARD20_MODULE_STUFF
ff47641b 706 int
87822447 707#else
ff47641b 708 void
87822447 709#endif
ff47641b 710waklog_new_connection (conn_rec * c
87822447 711#ifdef STANDARD20_MODULE_STUFF
712 , void *dummy
713#endif
ff47641b 714 )
715{
716
c69d952f 717 waklog_commands *cfg;
ff47641b 718
719 log_error (APLOG_MARK, APLOG_DEBUG, 0, c->base_server,
720 "mod_waklog: new_connection called: pid: %d", getpid ());
721 /*
722 getModConfig(cfg, c->base_server);
723
724 if ( cfg->default_principal ) {
725 log_error(APLOG_MARK, APLOG_DEBUG, 0, c->base_server, "mod_waklog: new conn setting default user %s",
726 cfg->default_principal);
727 set_auth( c->base_server, NULL, 0, cfg->default_principal, cfg->default_keytab, 0);
728 }
729 */
730
87822447 731 return
732#ifdef STANDARD20_MODULE_STUFF
733 0
734#endif
735 ;
7193eb01 736}
bed98ff9 737
c4ad0387 738
1196adfe 739/*
740** Here's a quick explaination for phase0 and phase2:
741** Apache does a stat() on the path between phase0 and
742** phase2, and must by ACLed rl to succeed. So, at
743** phase0 we acquire credentials for umweb:servers from
744** a keytab, and at phase2 we must ensure we remove them.
745**
746** Failure to "unlog" would be a security risk.
747*/
ff47641b 748static int
749waklog_phase2 (request_rec * r)
c4ad0387 750{
161ffd84 751
ff47641b 752 log_error (APLOG_MARK, APLOG_DEBUG, 0, r->server,
753 "mod_waklog: phase2 called");
1196adfe 754
ff47641b 755 if (child.token.ticketLen)
756 {
757 memset (&child.token, 0, sizeof (struct ktc_token));
c4ad0387 758
ff47641b 759 ktc_ForgetAllTokens ();
c4ad0387 760
ff47641b 761 log_error (APLOG_MARK, APLOG_DEBUG, 0, r->server,
762 "mod_waklog: ktc_ForgetAllTokens succeeded: pid: %d",
763 getpid ());
c4ad0387 764 }
1196adfe 765
ff47641b 766 log_error (APLOG_MARK, APLOG_DEBUG, 0, r->server,
767 "mod_waklog: phase2 returning");
1196adfe 768
c4ad0387 769 return DECLINED;
770}
771
87822447 772#ifndef STANDARD20_MODULE_STUFF
313dde40 773module MODULE_VAR_EXPORT waklog_module = {
bed98ff9 774 STANDARD_MODULE_STUFF,
003832b1 775 waklog_init, /* module initializer */
b52ccbb1 776#if 0
4d47a8d9 777 waklog_create_dir_config, /* create per-dir config structures */
b52ccbb1 778#else /* 0 */
779 NULL, /* create per-dir config structures */
780#endif /* 0 */
bed98ff9 781 NULL, /* merge per-dir config structures */
313dde40 782 waklog_create_server_config, /* create per-server config structures */
bed98ff9 783 NULL, /* merge per-server config structures */
313dde40 784 waklog_cmds, /* table of config file commands */
bed98ff9 785 NULL, /* [#8] MIME-typed-dispatched handlers */
786 NULL, /* [#1] URI to filename translation */
787 NULL, /* [#4] validate user id from request */
788 NULL, /* [#5] check if the user is ok _here_ */
789 NULL, /* [#3] check access by host address */
790 NULL, /* [#6] determine MIME type */
7193eb01 791 waklog_phase7, /* [#7] pre-run fixups */
bed98ff9 792 NULL, /* [#9] log a transaction */
c4ad0387 793 waklog_phase2, /* [#2] header parser */
313dde40 794 waklog_child_init, /* child_init */
bed98ff9 795 NULL, /* child_exit */
7193eb01 796 waklog_phase0 /* [#0] post read-request */
bed98ff9 797#ifdef EAPI
798 ,NULL, /* EAPI: add_module */
799 NULL, /* EAPI: remove_module */
800 NULL, /* EAPI: rewrite_command */
7193eb01 801 waklog_new_connection /* EAPI: new_connection */
bed98ff9 802#endif
803};
87822447 804#else
805static void
ff47641b 806waklog_register_hooks (apr_pool_t * p)
87822447 807{
ff47641b 808 ap_hook_header_parser (waklog_phase2, NULL, NULL, APR_HOOK_FIRST);
809 ap_hook_fixups (waklog_phase7, NULL, NULL, APR_HOOK_FIRST);
810 ap_hook_child_init (waklog_child_init, NULL, NULL, APR_HOOK_FIRST);
811 ap_hook_post_read_request (waklog_phase0, NULL, NULL, APR_HOOK_FIRST);
812 ap_hook_pre_connection (waklog_new_connection, NULL, NULL, APR_HOOK_FIRST);
813 ap_hook_post_config (waklog_init_handler, NULL, NULL, APR_HOOK_MIDDLE);
87822447 814}
815
816
817module AP_MODULE_DECLARE_DATA waklog_module =
818{
819 STANDARD20_MODULE_STUFF,
820 NULL, /* create per-dir conf structures */
821 NULL, /* merge per-dir conf structures */
822 waklog_create_server_config, /* create per-server conf structures */
823 NULL, /* merge per-server conf structures */
824 waklog_cmds, /* table of configuration directives */
825 waklog_register_hooks /* register hooks */
826};
827#endif
161ffd84 828
Unnamed repository; edit this file 'description' to name the repository.