HCoop / hcoop / zz_old / modwaklog.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
second set of UMBC merges; still all inert changes
[hcoop/zz_old/modwaklog.git] / mod_waklog.c
CommitLineData
87822447 1#define _LARGEFILE64_SOURCE
ff47641b 2#define _GNU_SOURCE
87822447 3
bed98ff9 4#include "httpd.h"
5#include "http_config.h"
bed98ff9 6#include "http_log.h"
7193eb01 7#include "http_protocol.h"
8#include "http_request.h"
9#include "http_core.h"
87822447 10
ff47641b 11#ifdef sun
12#include <synch.h>
13#elif linux
14#define use_pthreads
15#include <features.h>
16#include <sys/types.h>
17#include <sys/mman.h>
18#include <pthread.h>
19#else
20#error "make sure you include the right stuff here"
21#endif
22
23#ifndef MAXNAMELEN
24#define MAXNAMELEN 1024
25#endif
26
87822447 27#ifdef STANDARD20_MODULE_STUFF
28#include <apr_strings.h>
29#include <apr_base64.h>
30#include <apr_compat.h>
31#include <apu_compat.h>
32
33module AP_MODULE_DECLARE_DATA waklog_module;
34
ff47641b 35#include <http_conf_globals.h>
87822447 36#define MK_POOL apr_pool_t
37#define MK_TABLE_GET apr_table_get
d06251b1 38#define MK_TABLE_SET apr_table_set
87822447 39#include "unixd.h"
40extern unixd_config_rec unixd_config;
41#define ap_user_id unixd_config.user_id
42#define ap_group_id unixd_config.group_id
43#define ap_user_name unixd_config.user_name
44#define command(name, func, var, type, usage) \
45 AP_INIT_ ## type (name, (void*) func, \
46 (void*)APR_OFFSETOF(waklog_config, var), \
47 OR_AUTHCFG | RSRC_CONF, usage)
48typedef struct {
49 int dummy;
50} child_info;
51
52const char *userdata_key = "waklog_init";
53#else
bed98ff9 54#include "ap_config.h"
87822447 55
56module waklog_module;
57#define MK_POOL pool
58#define MK_TABLE_GET ap_table_get
59#define command(name, func, var, type, usage) \
60 { name, func, \
61 (void*)XtOffsetOf(waklog_config, var), \
62 OR_AUTHCFG | RSRC_CONF, type, usage }
63#endif /* STANDARD20_MODULE_STUFF */
64
65#define getModConfig(P, X) P = (waklog_host_config *) ap_get_module_config( (X)->module_config, &waklog_module );
66
4e1ae1cd 67#include <krb5.h>
bed98ff9 68
7193eb01 69#if defined(sun)
bed98ff9 70#include <sys/ioccom.h>
7193eb01 71#endif /* sun */
bed98ff9 72#include <stropts.h>
bed98ff9 73#include <afs/venus.h>
7193eb01 74#include <afs/auth.h>
d06251b1 75#include <afs/dirpath.h>
76#include <afs/ptuser.h>
7193eb01 77#include <rx/rxkad.h>
78
87822447 79#define KEYTAB "/etc/keytab.wwwserver"
80#define KEYTAB_PRINCIPAL "someplacewwwserver"
81#define AFS_CELL "someplace.edu"
4e1ae1cd 82
58bbdc54 83#define TKT_LIFE 10*60*60
b52ccbb1 84#define SLEEP_TIME TKT_LIFE - 5*60
87822447 85/* If there's an error, retry more aggressively */
86#define ERR_SLEEP_TIME 5*60
58bbdc54 87
58bbdc54 88
89#define K5PATH "FILE:/tmp/waklog.creds.k5"
7193eb01 90
d06251b1 91typedef struct
92{
87822447 93 int forked;
4e1ae1cd 94 int configured;
95 int protect;
96 char *keytab;
7193eb01 97 char *keytab_principal;
403921ef 98 char *afs_cell;
87822447 99 MK_POOL *p;
d06251b1 100}
101waklog_host_config;
313dde40 102
7193eb01 103typedef struct {
104 struct ktc_token token;
105} waklog_child_config;
58bbdc54 106waklog_child_config child;
107
87822447 108static void
109log_error(const char *file, int line, int level, int status,
110 const server_rec *s, const char *fmt, ...)
4d47a8d9 111{
87822447 112 char errstr[1024];
113 va_list ap;
4d47a8d9 114
87822447 115 va_start(ap, fmt);
116 vsnprintf(errstr, sizeof(errstr), fmt, ap);
117 va_end(ap);
4d47a8d9 118
87822447 119#ifdef STANDARD20_MODULE_STUFF
120 ap_log_error(file, line, level | APLOG_NOERRNO, status, s, "%s", errstr);
121#else
122 ap_log_error(file, line, level | APLOG_NOERRNO, s, "%s", errstr);
123#endif
4d47a8d9 124
87822447 125}
4d47a8d9 126
313dde40 127 static void *
87822447 128waklog_create_server_config( MK_POOL *p, server_rec *s )
313dde40 129{
130 waklog_host_config *cfg;
131
132 cfg = (waklog_host_config *)ap_pcalloc( p, sizeof( waklog_host_config ));
87822447 133 cfg->p = p;
134 cfg->forked = 0;
313dde40 135 cfg->configured = 0;
136 cfg->protect = 0;
58bbdc54 137 cfg->keytab = KEYTAB;
138 cfg->keytab_principal = KEYTAB_PRINCIPAL;
139 cfg->afs_cell = AFS_CELL;
313dde40 140
87822447 141 log_error( APLOG_MARK, APLOG_DEBUG, 0, s, "mod_waklog: server config created." );
142
313dde40 143 return( cfg );
144}
145
146
313dde40 147 static const char *
148set_waklog_protect( cmd_parms *params, void *mconfig, int flag )
149{
150 waklog_host_config *cfg;
151
87822447 152 getModConfig(cfg, params->server );
313dde40 153
154 cfg->protect = flag;
155 cfg->configured = 1;
87822447 156 log_error( APLOG_MARK, APLOG_DEBUG, 0, params->server, "mod_waklog: waklog_protect set" );
313dde40 157 return( NULL );
158}
159
160
4e1ae1cd 161 static const char *
161ffd84 162set_waklog_keytab( cmd_parms *params, void *mconfig, char *file )
4e1ae1cd 163{
164 waklog_host_config *cfg;
165
87822447 166 getModConfig(cfg, params->server );
4e1ae1cd 167
87822447 168 log_error( APLOG_MARK, APLOG_INFO, 0, params->server,
169 "mod_waklog: will use keytab: %s", file );
3ed1e28a 170
b52ccbb1 171 cfg->keytab = ap_pstrdup ( params->pool, file );
4e1ae1cd 172 cfg->configured = 1;
173 return( NULL );
174}
175
176
58bbdc54 177 static const char *
178set_waklog_use_keytab_principal( cmd_parms *params, void *mconfig, char *file )
b74fad73 179{
58bbdc54 180 waklog_host_config *cfg;
7193eb01 181
87822447 182 getModConfig(cfg, params->server );
7193eb01 183
87822447 184 log_error( APLOG_MARK, APLOG_INFO, 0, params->server,
185 "mod_waklog: will use keytab_principal: %s", file );
58bbdc54 186
b52ccbb1 187 cfg->keytab_principal = ap_pstrdup ( params->pool, file );
58bbdc54 188 cfg->configured = 1;
189 return( NULL );
190}
191
192
193 static const char *
194set_waklog_use_afs_cell( cmd_parms *params, void *mconfig, char *file )
195{
196 waklog_host_config *cfg;
197
87822447 198 getModConfig(cfg, params->server );
58bbdc54 199
87822447 200 log_error( APLOG_MARK, APLOG_INFO, 0, params->server,
201 "mod_waklog: will use afs_cell: %s", file );
58bbdc54 202
b52ccbb1 203 cfg->afs_cell = ap_pstrdup( params->pool, file );
58bbdc54 204 cfg->configured = 1;
205 return( NULL );
206}
207
208
209 static void
87822447 210#ifdef STANDARD20_MODULE_STUFF
211waklog_child_init(MK_POOL *p, server_rec *s)
212#else
213waklog_child_init(server_rec *s, MK_POOL *p)
214#endif
58bbdc54 215{
216
87822447 217 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
218 "mod_waklog: child_init called" );
219
58bbdc54 220 memset( &child.token, 0, sizeof( struct ktc_token ) );
7193eb01 221
b74fad73 222 setpag();
7193eb01 223
87822447 224 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
225 "mod_waklog: child_init returned" );
226
b74fad73 227 return;
228}
229
87822447 230typedef struct {
231 int wak_protect;
232 char *wak_keytab;
233 char *wak_ktprinc;
234 char *wak_afscell;
235} waklog_config;
b74fad73 236
313dde40 237command_rec waklog_cmds[ ] =
238{
87822447 239 command("WaklogProtected", set_waklog_protect, wak_protect, FLAG, "enable waklog on a location or directory basis"),
313dde40 240
87822447 241 command("WaklogKeytab", set_waklog_keytab, wak_keytab, TAKE1, "Use the supplied keytab rather than the default"),
58bbdc54 242
87822447 243 command("WaklogUseKeytabPrincipal", set_waklog_use_keytab_principal, wak_ktprinc, TAKE1, "Use the supplied keytab principal rather than the default"),
58bbdc54 244
87822447 245 command("WaklogUseAFSCell", set_waklog_use_afs_cell, wak_afscell, TAKE1, "Use the supplied AFS cell rather than the default"),
4e1ae1cd 246
313dde40 247 { NULL }
248};
249
250
87822447 251 static int
e2df6441 252token_cleanup( void *data )
bed98ff9 253{
254 request_rec *r = (request_rec *)data;
bed98ff9 255
58bbdc54 256 if ( child.token.ticketLen ) {
257 memset( &child.token, 0, sizeof( struct ktc_token ) );
bed98ff9 258
7193eb01 259 ktc_ForgetAllTokens();
bed98ff9 260
87822447 261 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
262 "mod_waklog: ktc_ForgetAllTokens succeeded: pid: %d", getpid() );
7193eb01 263 }
87822447 264 return 0;
bed98ff9 265}
266
267
4e1ae1cd 268 static int
e2df6441 269waklog_kinit( server_rec *s )
4e1ae1cd 270{
87822447 271 krb5_error_code kerror = 0;
e2df6441 272 krb5_context kcontext = NULL;
273 krb5_principal kprinc = NULL;
4e1ae1cd 274 krb5_get_init_creds_opt kopts;
7193eb01 275 krb5_creds v5creds;
e2df6441 276 krb5_ccache kccache = NULL;
277 krb5_keytab keytab = NULL;
4e1ae1cd 278 char ktbuf[ MAX_KEYTAB_NAME_LEN + 1 ];
b52ccbb1 279 int i;
87822447 280 waklog_host_config *cfg;
4e1ae1cd 281
87822447 282 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
283 "mod_waklog: waklog_kinit called: pid: %d", getpid() );
4e1ae1cd 284
87822447 285 getModConfig(cfg, s);
58bbdc54 286
e21f34f0 287 if (( kerror = krb5_init_context( &kcontext ))) {
87822447 288 log_error( APLOG_MARK, APLOG_ERR, 0, s,
289 "mod_waklog: %s", (char *)error_message( kerror ));
4e1ae1cd 290
e2df6441 291 goto cleanup;
e21f34f0 292 }
4e1ae1cd 293
e21f34f0 294 /* use the path */
295 if (( kerror = krb5_cc_resolve( kcontext, K5PATH, &kccache )) != 0 ) {
87822447 296 log_error( APLOG_MARK, APLOG_ERR, 0, s,
297 "mod_waklog: %s", (char *)error_message( kerror ));
4e1ae1cd 298
e2df6441 299 goto cleanup;
e21f34f0 300 }
4e1ae1cd 301
87822447 302 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
303 "mod_waklog: keytab_principal: %s", cfg->keytab_principal );
b52ccbb1 304
305 if (( kerror = krb5_parse_name( kcontext, cfg->keytab_principal, &kprinc ))) {
87822447 306 log_error( APLOG_MARK, APLOG_ERR, 0, s,
307 "mod_waklog: %s", (char *)error_message( kerror ));
7193eb01 308
e2df6441 309 goto cleanup;
e21f34f0 310 }
7193eb01 311
e21f34f0 312 krb5_get_init_creds_opt_init( &kopts );
58bbdc54 313 krb5_get_init_creds_opt_set_tkt_life( &kopts, TKT_LIFE );
e21f34f0 314 krb5_get_init_creds_opt_set_renew_life( &kopts, 0 );
315 krb5_get_init_creds_opt_set_forwardable( &kopts, 1 );
316 krb5_get_init_creds_opt_set_proxiable( &kopts, 0 );
7193eb01 317
58bbdc54 318 /* keytab from config */
319 strncpy( ktbuf, cfg->keytab, sizeof( ktbuf ) - 1 );
7193eb01 320
87822447 321 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
322 "mod_waklog: waklog_kinit using: %s", ktbuf );
7193eb01 323
e21f34f0 324 if (( kerror = krb5_kt_resolve( kcontext, ktbuf, &keytab )) != 0 ) {
87822447 325 log_error( APLOG_MARK, APLOG_ERR, 0, s,
326 "mod_waklog:krb5_kt_resolve %s", (char *)error_message( kerror ));
7193eb01 327
e2df6441 328 goto cleanup;
e21f34f0 329 }
7193eb01 330
b52ccbb1 331 memset( (char *)&v5creds, 0, sizeof(v5creds));
332
e21f34f0 333 /* get the krbtgt */
334 if (( kerror = krb5_get_init_creds_keytab( kcontext, &v5creds,
403921ef 335 kprinc, keytab, 0, NULL, &kopts ))) {
7193eb01 336
87822447 337 log_error( APLOG_MARK, APLOG_ERR, 0, s,
338 "mod_waklog:krb5_get_init_creds_keytab %s", (char *)error_message( kerror ));
7193eb01 339
e2df6441 340 goto cleanup;
e21f34f0 341 }
7193eb01 342
e21f34f0 343 if (( kerror = krb5_cc_initialize( kcontext, kccache, kprinc )) != 0 ) {
87822447 344 log_error( APLOG_MARK, APLOG_ERR, 0, s,
345 "mod_waklog:krb5_cc_initialize %s", (char *)error_message( kerror ));
7193eb01 346
e2df6441 347 goto cleanup;
e21f34f0 348 }
7193eb01 349
e2df6441 350 kerror = krb5_cc_store_cred( kcontext, kccache, &v5creds );
351 krb5_free_cred_contents( kcontext, &v5creds );
352 if ( kerror != 0 ) {
87822447 353 log_error( APLOG_MARK, APLOG_ERR, 0, s,
354 "mod_waklog: %s", (char *)error_message( kerror ));
7193eb01 355
e2df6441 356 goto cleanup;
e21f34f0 357 }
7193eb01 358
87822447 359 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
360 "mod_waklog: waklog_kinit success" );
e2df6441 361
362cleanup:
363 if ( keytab )
364 (void)krb5_kt_close( kcontext, keytab );
365 if ( kprinc )
366 krb5_free_principal( kcontext, kprinc );
367 if ( kccache )
368 krb5_cc_close( kcontext, kccache );
369 if ( kcontext )
370 krb5_free_context( kcontext );
e21f34f0 371
87822447 372 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
373 "mod_waklog: waklog_kinit: exiting" );
7193eb01 374
87822447 375 return( kerror );
7193eb01 376}
377
378
379 static void
380waklog_aklog( request_rec *r )
381{
382 int rc;
bd173fe7 383 char buf[ MAXKTCTICKETLEN ];
7193eb01 384 const char *k5path = NULL;
385 krb5_error_code kerror;
e2df6441 386 krb5_context kcontext = NULL;
7193eb01 387 krb5_creds increds;
388 krb5_creds *v5credsp = NULL;
e2df6441 389 krb5_ccache kccache = NULL;
403921ef 390 struct ktc_principal server = { "afs", "", "" };
7193eb01 391 struct ktc_principal client;
392 struct ktc_token token;
403921ef 393 waklog_host_config *cfg;
58bbdc54 394 int buflen;
7193eb01 395
87822447 396 k5path = MK_TABLE_GET( r->subprocess_env, "KRB5CCNAME" );
7193eb01 397
87822447 398 log_error( APLOG_MARK, APLOG_INFO, 0, r->server,
399 "mod_waklog: waklog_aklog called: k5path: %s", k5path );
7193eb01 400
161ffd84 401 if ( k5path == NULL ) {
87822447 402 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
403 "mod_waklog: waklog_aklog giving up" );
e2df6441 404 goto cleanup;
4e1ae1cd 405 }
406
7193eb01 407 /*
408 ** Get/build creds from file/tgs, then see if we need to SetToken
409 */
410
411 if (( kerror = krb5_init_context( &kcontext ))) {
412 /* Authentication Required ( kerberos error ) */
87822447 413 log_error( APLOG_MARK, APLOG_ERR, 0, r->server,
414 (char *)error_message( kerror ));
415
e2df6441 416 goto cleanup;
4e1ae1cd 417 }
418
7193eb01 419 memset( (char *)&increds, 0, sizeof(increds));
4e1ae1cd 420
87822447 421 getModConfig(cfg, r->server );
403921ef 422
423 /* afs/<cell> or afs */
424 strncpy( buf, "afs", sizeof( buf ) - 1 );
58bbdc54 425 if ( strcmp( cfg->afs_cell, AFS_CELL ) ) {
403921ef 426 strncat( buf, "/" , sizeof( buf ) - strlen( buf ) - 1 );
427 strncat( buf, cfg->afs_cell, sizeof( buf ) - strlen( buf ) - 1 );
428 }
429
7193eb01 430 /* set server part */
403921ef 431 if (( kerror = krb5_parse_name( kcontext, buf, &increds.server ))) {
87822447 432 log_error( APLOG_MARK, APLOG_ERR, 0, r->server,
433 (char *)error_message( kerror ));
4e1ae1cd 434
e2df6441 435 goto cleanup;
4e1ae1cd 436 }
437
7193eb01 438 if (( kerror = krb5_cc_resolve( kcontext, k5path, &kccache )) != 0 ) {
87822447 439 log_error( APLOG_MARK, APLOG_ERR, 0, r->server,
440 (char *)error_message( kerror ));
7193eb01 441
e2df6441 442 goto cleanup;
7193eb01 443 }
4e1ae1cd 444
7193eb01 445 /* set client part */
446 krb5_cc_get_principal( kcontext, kccache, &increds.client );
4e1ae1cd 447
7193eb01 448 increds.times.endtime = 0;
449 /* Ask for DES since that is what V4 understands */
450 increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC;
451
452 /* get the V5 credentials */
453 if (( kerror = krb5_get_credentials( kcontext, 0, kccache,
454 &increds, &v5credsp ) ) ) {
87822447 455 log_error( APLOG_MARK, APLOG_ERR, 0, r->server,
456 "mod_waklog: krb5_get_credentials: %s", error_message( kerror ));
e2df6441 457 goto cleanup;
4e1ae1cd 458 }
459
c4ad0387 460 /* don't overflow */
461 if ( v5credsp->ticket.length >= MAXKTCTICKETLEN ) { /* from krb524d.c */
87822447 462 log_error( APLOG_MARK, APLOG_ERR, 0, r->server,
463 "mod_waklog: ticket size (%d) too big to fake", v5credsp->ticket.length );
e2df6441 464 goto cleanup;
4e1ae1cd 465 }
466
7193eb01 467 /* assemble the token */
58bbdc54 468 memset( &token, 0, sizeof( struct ktc_token ) );
469
470 token.startTime = v5credsp->times.starttime ? v5credsp->times.starttime : v5credsp->times.authtime;
7193eb01 471 token.endTime = v5credsp->times.endtime;
58bbdc54 472 memmove( &token.sessionKey, v5credsp->keyblock.contents, v5credsp->keyblock.length );
473 token.kvno = RXKAD_TKT_TYPE_KERBEROS_V5;
474 token.ticketLen = v5credsp->ticket.length;
475 memmove( token.ticket, v5credsp->ticket.data, token.ticketLen );
7193eb01 476
58bbdc54 477 /* make sure we have to do this */
478 if ( child.token.kvno != token.kvno ||
479 child.token.ticketLen != token.ticketLen ||
480 (memcmp( &child.token.sessionKey, &token.sessionKey,
481 sizeof( token.sessionKey ) )) ||
482 (memcmp( child.token.ticket, token.ticket, token.ticketLen )) ) {
483
87822447 484 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
485 "mod_waklog: client: %s", buf );
7193eb01 486
487 /* build the name */
bd173fe7 488 memmove( buf, v5credsp->client->data[0].data,
489 min( v5credsp->client->data[0].length, MAXKTCNAMELEN - 1 ) );
58bbdc54 490 buf[ v5credsp->client->data[0].length ] = '\0';
491 if ( v5credsp->client->length > 1 ) {
8258901d 492 strncat( buf, ".", sizeof( buf ) - strlen( buf ) - 1 );
58bbdc54 493 buflen = strlen( buf );
bd173fe7 494 memmove( buf + buflen, v5credsp->client->data[1].data,
495 min( v5credsp->client->data[1].length, MAXKTCNAMELEN - strlen( buf ) - 1 ) );
58bbdc54 496 buf[ buflen + v5credsp->client->data[1].length ] = '\0';
7193eb01 497 }
498
499 /* assemble the client */
403921ef 500 strncpy( client.name, buf, sizeof( client.name ) - 1 );
501 strncpy( client.instance, "", sizeof( client.instance) - 1 );
bd173fe7 502 memmove( buf, v5credsp->client->realm.data,
503 min( v5credsp->client->realm.length, MAXKTCNAMELEN - 1 ) );
58bbdc54 504 buf[ v5credsp->client->realm.length ] = '\0';
505 strncpy( client.cell, buf, sizeof( client.cell ) - 1 );
403921ef 506
58bbdc54 507 /* assemble the server's cell */
403921ef 508 strncpy( server.cell, cfg->afs_cell , sizeof( server.cell ) - 1 );
7193eb01 509
87822447 510 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
511 "mod_waklog: server: name=%s, instance=%s, cell=%s",
512 server.name, server.instance, server.cell );
513
514 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
515 "mod_waklog: client: name=%s, instance=%s, cell=%s",
516 client.name, client.instance, client.cell );
7193eb01 517
518 /* use the path */
7193eb01 519
520 /* rumor: we have to do this for AIX 4.1.4 with AFS 3.4+ */
521 write( 2, "", 0 );
522
523 if ( ( rc = ktc_SetToken( &server, &token, &client, 0 ) ) ) {
87822447 524 log_error( APLOG_MARK, APLOG_ERR, 0, r->server,
525 "mod_waklog: settoken returned %d", rc );
58bbdc54 526 goto cleanup;
7193eb01 527 }
528
529 /* save this */
58bbdc54 530 memmove( &child.token, &token, sizeof( struct ktc_token ) );
7193eb01 531
532 /* we'll need to unlog when this connection is done. */
e2df6441 533 ap_register_cleanup( r->pool, (void *)r, token_cleanup, ap_null_cleanup );
7193eb01 534 }
535
e2df6441 536cleanup:
537 if ( v5credsp )
538 krb5_free_cred_contents( kcontext, v5credsp );
539 if ( increds.client )
540 krb5_free_principal( kcontext, increds.client );
541 if ( increds.server )
542 krb5_free_principal( kcontext, increds.server );
543 if ( kccache )
544 krb5_cc_close( kcontext, kccache );
545 if ( kcontext )
546 krb5_free_context( kcontext );
3ed1e28a 547
87822447 548 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
549 "mod_waklog: finished with waklog_aklog" );
7193eb01 550
e2df6441 551 return;
552
4e1ae1cd 553}
554
e21f34f0 555 static int
556waklog_child_routine( void *s, child_info *pinfo )
557{
e21f34f0 558 if ( !getuid() ) {
87822447 559 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
560 "mod_waklog: waklog_child_routine called as root" );
e21f34f0 561
562 /* this was causing the credential file to get owned by root */
ea3e8708 563#ifdef STANDARD20_MODULE_STUFF
e21f34f0 564 setgid(ap_group_id);
565 setuid(ap_user_id);
ea3e8708 566#endif
e21f34f0 567 }
568
569 while( 1 ) {
e2df6441 570 waklog_kinit( s );
87822447 571 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
572 "mod_waklog: child_routine sleeping" );
58bbdc54 573 sleep( SLEEP_TIME );
87822447 574 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
575 "mod_waklog: slept, calling waklog_kinit" );
e21f34f0 576 }
577
578}
579
87822447 580#ifdef STANDARD20_MODULE_STUFF
581static int
582waklog_init_handler(apr_pool_t *p, apr_pool_t *plog,
583 apr_pool_t *ptemp, server_rec *s)
584{
585 int rv;
586 extern char *version;
587 apr_proc_t *proc;
588 waklog_host_config *cfg;
589 void *data;
590
591 getModConfig(cfg, s);
592
593 /* initialize_module() will be called twice, and if it's a DSO
594 * then all static data from the first call will be lost. Only
595 * set up our static data on the second call.
596 * see http://issues.apache.org/bugzilla/show_bug.cgi?id=37519 */
597 apr_pool_userdata_get(&data, userdata_key, s->process->pool);
598
599 if (!data) {
600 apr_pool_userdata_set((const void *)1, userdata_key,
601 apr_pool_cleanup_null, s->process->pool);
602 } else {
603 log_error( APLOG_MARK, APLOG_INFO, 0, s,
604 "mod_waklog: version %s initialized.", version );
605
606 proc = (apr_proc_t *)ap_pcalloc( s->process->pool, sizeof(apr_proc_t));
607
608 rv = apr_proc_fork(proc, s->process->pool);
609
610 if (rv == APR_INCHILD) {
611 waklog_child_routine(s, NULL);
612 } else {
613 apr_pool_note_subprocess(s->process->pool, proc, APR_KILL_ALWAYS);
614 }
615 /* parent and child */
616 cfg->forked = proc->pid;
617 }
618 return 0;
619}
620#else
e21f34f0 621 static void
87822447 622waklog_init( server_rec *s, MK_POOL *p )
e21f34f0 623{
624 extern char *version;
625 int pid;
626
87822447 627 log_error( APLOG_MARK, APLOG_INFO, 0, s,
628 "mod_waklog: version %s initialized.", version );
e21f34f0 629
630 pid = ap_bspawn_child( p, waklog_child_routine, s, kill_always,
631 NULL, NULL, NULL );
632
87822447 633 log_error( APLOG_MARK, APLOG_DEBUG, 0, s,
634 "mod_waklog: ap_bspawn_child: %d.", pid );
e21f34f0 635}
87822447 636#endif
4e1ae1cd 637
bed98ff9 638 static int
7193eb01 639waklog_phase0( request_rec *r )
bed98ff9 640{
313dde40 641 waklog_host_config *cfg;
642
87822447 643 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
644 "mod_waklog: phase0 called" );
7193eb01 645
87822447 646 getModConfig(cfg, r->server );
313dde40 647
87822447 648 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
649 "mod_waklog: phase0, checking cfg->protect" );
7193eb01 650 if ( !cfg->protect ) {
87822447 651 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
652 "mod_waklog: phase0 declining" );
7193eb01 653 return( DECLINED );
654 }
4e1ae1cd 655
87822447 656 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
657 "mod_waklog: phase0, NOT setting environment variable" );
658 /* set our environment variable */
659 apr_table_set( r->subprocess_env, "KRB5CCNAME", K5PATH );
b52ccbb1 660
87822447 661 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
662 "mod_waklog: phase0, checking child.token.ticketLen" );
7193eb01 663 /* do this only if we are still unauthenticated */
58bbdc54 664 if ( !child.token.ticketLen ) {
87822447 665
666 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
667 "mod_waklog: phase0, calling waklog_aklog" );
7193eb01 668 /* stuff the credentials into the kernel */
669 waklog_aklog( r );
4e1ae1cd 670 }
7193eb01 671
87822447 672 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
673 "mod_waklog: phase0 returning" );
7193eb01 674 return DECLINED;
675}
4e1ae1cd 676
1e18ef7d 677
7193eb01 678 static int
679waklog_phase7( request_rec *r )
680{
681 waklog_host_config *cfg;
1e18ef7d 682
87822447 683 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
684 "mod_waklog: phase7 called" );
1e18ef7d 685
87822447 686 getModConfig(cfg, r->server );
bed98ff9 687
7193eb01 688 if ( !cfg->protect ) {
689 return( DECLINED );
bed98ff9 690 }
691
7193eb01 692 /* stuff the credentials into the kernel */
87822447 693
694 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
695 "mod_waklog: phase7, calling waklog_aklog" );
7193eb01 696 waklog_aklog( r );
bed98ff9 697
87822447 698 log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server,
699 "mod_waklog: phase7 returning" );
bed98ff9 700
7193eb01 701 return DECLINED;
bed98ff9 702}
703
ff47641b 704
87822447 705static
706#ifdef STANDARD20_MODULE_STUFF
ff47641b 707 int
87822447 708#else
ff47641b 709 void
87822447 710#endif
ff47641b 711waklog_new_connection (conn_rec * c
87822447 712#ifdef STANDARD20_MODULE_STUFF
713 , void *dummy
714#endif
ff47641b 715 )
716{
717
718 waklog_config *cfg;
719
720 log_error (APLOG_MARK, APLOG_DEBUG, 0, c->base_server,
721 "mod_waklog: new_connection called: pid: %d", getpid ());
722 /*
723 getModConfig(cfg, c->base_server);
724
725 if ( cfg->default_principal ) {
726 log_error(APLOG_MARK, APLOG_DEBUG, 0, c->base_server, "mod_waklog: new conn setting default user %s",
727 cfg->default_principal);
728 set_auth( c->base_server, NULL, 0, cfg->default_principal, cfg->default_keytab, 0);
729 }
730 */
731
87822447 732 return
733#ifdef STANDARD20_MODULE_STUFF
734 0
735#endif
736 ;
7193eb01 737}
bed98ff9 738
c4ad0387 739
1196adfe 740/*
741** Here's a quick explaination for phase0 and phase2:
742** Apache does a stat() on the path between phase0 and
743** phase2, and must by ACLed rl to succeed. So, at
744** phase0 we acquire credentials for umweb:servers from
745** a keytab, and at phase2 we must ensure we remove them.
746**
747** Failure to "unlog" would be a security risk.
748*/
ff47641b 749static int
750waklog_phase2 (request_rec * r)
c4ad0387 751{
161ffd84 752
ff47641b 753 log_error (APLOG_MARK, APLOG_DEBUG, 0, r->server,
754 "mod_waklog: phase2 called");
1196adfe 755
ff47641b 756 if (child.token.ticketLen)
757 {
758 memset (&child.token, 0, sizeof (struct ktc_token));
c4ad0387 759
ff47641b 760 ktc_ForgetAllTokens ();
c4ad0387 761
ff47641b 762 log_error (APLOG_MARK, APLOG_DEBUG, 0, r->server,
763 "mod_waklog: ktc_ForgetAllTokens succeeded: pid: %d",
764 getpid ());
c4ad0387 765 }
1196adfe 766
ff47641b 767 log_error (APLOG_MARK, APLOG_DEBUG, 0, r->server,
768 "mod_waklog: phase2 returning");
1196adfe 769
c4ad0387 770 return DECLINED;
771}
772
87822447 773#ifndef STANDARD20_MODULE_STUFF
313dde40 774module MODULE_VAR_EXPORT waklog_module = {
bed98ff9 775 STANDARD_MODULE_STUFF,
003832b1 776 waklog_init, /* module initializer */
b52ccbb1 777#if 0
4d47a8d9 778 waklog_create_dir_config, /* create per-dir config structures */
b52ccbb1 779#else /* 0 */
780 NULL, /* create per-dir config structures */
781#endif /* 0 */
bed98ff9 782 NULL, /* merge per-dir config structures */
313dde40 783 waklog_create_server_config, /* create per-server config structures */
bed98ff9 784 NULL, /* merge per-server config structures */
313dde40 785 waklog_cmds, /* table of config file commands */
bed98ff9 786 NULL, /* [#8] MIME-typed-dispatched handlers */
787 NULL, /* [#1] URI to filename translation */
788 NULL, /* [#4] validate user id from request */
789 NULL, /* [#5] check if the user is ok _here_ */
790 NULL, /* [#3] check access by host address */
791 NULL, /* [#6] determine MIME type */
7193eb01 792 waklog_phase7, /* [#7] pre-run fixups */
bed98ff9 793 NULL, /* [#9] log a transaction */
c4ad0387 794 waklog_phase2, /* [#2] header parser */
313dde40 795 waklog_child_init, /* child_init */
bed98ff9 796 NULL, /* child_exit */
7193eb01 797 waklog_phase0 /* [#0] post read-request */
bed98ff9 798#ifdef EAPI
799 ,NULL, /* EAPI: add_module */
800 NULL, /* EAPI: remove_module */
801 NULL, /* EAPI: rewrite_command */
7193eb01 802 waklog_new_connection /* EAPI: new_connection */
bed98ff9 803#endif
804};
87822447 805#else
806static void
ff47641b 807waklog_register_hooks (apr_pool_t * p)
87822447 808{
ff47641b 809 ap_hook_header_parser (waklog_phase2, NULL, NULL, APR_HOOK_FIRST);
810 ap_hook_fixups (waklog_phase7, NULL, NULL, APR_HOOK_FIRST);
811 ap_hook_child_init (waklog_child_init, NULL, NULL, APR_HOOK_FIRST);
812 ap_hook_post_read_request (waklog_phase0, NULL, NULL, APR_HOOK_FIRST);
813 ap_hook_pre_connection (waklog_new_connection, NULL, NULL, APR_HOOK_FIRST);
814 ap_hook_post_config (waklog_init_handler, NULL, NULL, APR_HOOK_MIDDLE);
87822447 815}
816
817
818module AP_MODULE_DECLARE_DATA waklog_module =
819{
820 STANDARD20_MODULE_STUFF,
821 NULL, /* create per-dir conf structures */
822 NULL, /* merge per-dir conf structures */
823 waklog_create_server_config, /* create per-server conf structures */
824 NULL, /* merge per-server conf structures */
825 waklog_cmds, /* table of configuration directives */
826 waklog_register_hooks /* register hooks */
827};
828#endif
161ffd84 829
Unnamed repository; edit this file 'description' to name the repository.