| 1 | #include "httpd.h" |
| 2 | #include "http_config.h" |
| 3 | #include "http_protocol.h" |
| 4 | #include "http_log.h" |
| 5 | #include "ap_config.h" |
| 6 | |
| 7 | #include <sys/ioccom.h> |
| 8 | #include <stropts.h> |
| 9 | #include <kerberosIV/krb.h> |
| 10 | #include <kerberosIV/des.h> |
| 11 | #include <afs/venus.h> |
| 12 | |
| 13 | module waklog_module; |
| 14 | |
| 15 | struct ClearToken { |
| 16 | long AuthHandle; |
| 17 | char HandShakeKey[ 8 ]; |
| 18 | long ViceId; |
| 19 | long BeginTimestamp; |
| 20 | long EndTimestamp; |
| 21 | }; |
| 22 | |
| 23 | typedef struct { |
| 24 | int configured; |
| 25 | int protect; |
| 26 | } waklog_host_config; |
| 27 | |
| 28 | |
| 29 | static void * |
| 30 | waklog_create_dir_config( pool *p, char *path ) |
| 31 | { |
| 32 | waklog_host_config *cfg; |
| 33 | |
| 34 | cfg = (waklog_host_config *)ap_pcalloc( p, sizeof( waklog_host_config )); |
| 35 | cfg->configured = 0; |
| 36 | cfg->protect = 0; |
| 37 | |
| 38 | return( cfg ); |
| 39 | } |
| 40 | |
| 41 | |
| 42 | static void * |
| 43 | waklog_create_server_config( pool *p, server_rec *s ) |
| 44 | { |
| 45 | waklog_host_config *cfg; |
| 46 | |
| 47 | cfg = (waklog_host_config *)ap_pcalloc( p, sizeof( waklog_host_config )); |
| 48 | cfg->configured = 0; |
| 49 | cfg->protect = 0; |
| 50 | |
| 51 | return( cfg ); |
| 52 | } |
| 53 | |
| 54 | |
| 55 | static void |
| 56 | waklog_init( server_rec *s, pool *p ) |
| 57 | { |
| 58 | extern char *version; |
| 59 | |
| 60 | ap_log_error( APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, s, |
| 61 | "mod_waklog: version %s initialized.", version ); |
| 62 | return; |
| 63 | } |
| 64 | |
| 65 | |
| 66 | static const char * |
| 67 | set_waklog_protect( cmd_parms *params, void *mconfig, int flag ) |
| 68 | { |
| 69 | waklog_host_config *cfg; |
| 70 | |
| 71 | if ( params->path == NULL ) { |
| 72 | cfg = (waklog_host_config *) ap_get_module_config( |
| 73 | params->server->module_config, &waklog_module ); |
| 74 | } else { |
| 75 | cfg = (waklog_host_config *)mconfig; |
| 76 | } |
| 77 | |
| 78 | cfg->protect = flag; |
| 79 | cfg->configured = 1; |
| 80 | return( NULL ); |
| 81 | } |
| 82 | |
| 83 | |
| 84 | static void |
| 85 | waklog_child_init( server_rec *s, pool *p ) |
| 86 | { |
| 87 | setpag(); |
| 88 | return; |
| 89 | } |
| 90 | |
| 91 | |
| 92 | command_rec waklog_cmds[ ] = |
| 93 | { |
| 94 | { "WaklogProtected", set_waklog_protect, |
| 95 | NULL, RSRC_CONF | ACCESS_CONF, FLAG, |
| 96 | "enable waklog on a location or directory basis" }, |
| 97 | |
| 98 | { NULL } |
| 99 | }; |
| 100 | |
| 101 | |
| 102 | static void |
| 103 | pioctl_cleanup( void *data ) |
| 104 | { |
| 105 | request_rec *r = (request_rec *)data; |
| 106 | struct ViceIoctl vi; |
| 107 | |
| 108 | vi.in = NULL; |
| 109 | vi.in_size = 0; |
| 110 | vi.out = NULL; |
| 111 | vi.out_size = 0; |
| 112 | |
| 113 | if ( pioctl( 0, VIOCUNPAG, &vi, 0 ) < 0 ) { |
| 114 | ap_log_error( APLOG_MARK, APLOG_ERR, r->server, |
| 115 | "mod_waklog: unlog pioctl failed" ); |
| 116 | } |
| 117 | |
| 118 | ap_log_error( APLOG_MARK, APLOG_DEBUG, r->server, |
| 119 | "mod_waklog: unlog pioctl succeeded" ); |
| 120 | return; |
| 121 | } |
| 122 | |
| 123 | |
| 124 | static int |
| 125 | waklog_get_tokens( request_rec *r ) |
| 126 | { |
| 127 | CREDENTIALS cr; |
| 128 | struct ViceIoctl vi; |
| 129 | struct ClearToken ct; |
| 130 | int i, rc; |
| 131 | char buf[ 1024 ], *s; |
| 132 | char *urealm = "UMICH.EDU"; |
| 133 | char *lrealm = "umich.edu"; |
| 134 | waklog_host_config *cfg; |
| 135 | |
| 136 | /* directory config? */ |
| 137 | cfg = (waklog_host_config *)ap_get_module_config( |
| 138 | r->per_dir_config, &waklog_module); |
| 139 | |
| 140 | /* server config? */ |
| 141 | if ( !cfg->configured ) { |
| 142 | cfg = (waklog_host_config *)ap_get_module_config( |
| 143 | r->server->module_config, &waklog_module); |
| 144 | } |
| 145 | |
| 146 | if ( !cfg->protect ) { |
| 147 | return( DECLINED ); |
| 148 | } |
| 149 | |
| 150 | if (( rc = krb_get_cred( "afs", "", urealm, &cr )) != KSUCCESS ) { |
| 151 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
| 152 | "mod_waklog: krb_get_cred: %s", krb_err_txt[ rc ] ); |
| 153 | |
| 154 | if (( rc = get_ad_tkt( "afs", "", urealm, 255 )) != KSUCCESS ) { |
| 155 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server, |
| 156 | "mod_waklog: get_ad_tkt: %s", krb_err_txt[ rc ] ); |
| 157 | |
| 158 | /* user doesn't have tickets: use server's srvtab */ |
| 159 | |
| 160 | return OK; |
| 161 | } |
| 162 | |
| 163 | if (( rc = krb_get_cred( "afs", "", urealm, &cr )) != KSUCCESS ) { |
| 164 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
| 165 | "mod_waklog: krb_get_cred: %s", krb_err_txt[ rc ] ); |
| 166 | return OK; |
| 167 | } |
| 168 | } |
| 169 | |
| 170 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server, |
| 171 | "mod_waklog: %s.%s@%s", cr.service, cr.instance, cr.realm ); |
| 172 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server, |
| 173 | "mod_waklog: %d %d %d", cr.lifetime, cr.kvno, cr.issue_date ); |
| 174 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server, |
| 175 | "mod_waklog: %s %s", cr.pname, cr.pinst ); |
| 176 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server, |
| 177 | "mod_waklog: %d", cr.ticket_st.length ); |
| 178 | |
| 179 | s = buf; |
| 180 | memmove( s, &cr.ticket_st.length, sizeof( int )); |
| 181 | s += sizeof( int ); |
| 182 | memmove( s, cr.ticket_st.dat, cr.ticket_st.length ); |
| 183 | s += cr.ticket_st.length; |
| 184 | |
| 185 | ct.AuthHandle = cr.kvno; |
| 186 | memmove( ct.HandShakeKey, cr.session, sizeof( cr.session )); |
| 187 | ct.ViceId = 0; |
| 188 | ct.BeginTimestamp = cr.issue_date; |
| 189 | ct.EndTimestamp = krb_life_to_time( cr.issue_date, cr.lifetime ); |
| 190 | |
| 191 | i = sizeof( struct ClearToken ); |
| 192 | memmove( s, &i, sizeof( int )); |
| 193 | s += sizeof( int ); |
| 194 | memmove( s, &ct, sizeof( struct ClearToken )); |
| 195 | s += sizeof( struct ClearToken ); |
| 196 | |
| 197 | i = 0; |
| 198 | memmove( s, &i, sizeof( int )); |
| 199 | s += sizeof( int ); |
| 200 | |
| 201 | strcpy( s, lrealm ); |
| 202 | s += strlen( lrealm ) + 1; |
| 203 | |
| 204 | vi.in = buf; |
| 205 | vi.in_size = s - buf; |
| 206 | vi.out = buf; |
| 207 | vi.out_size = sizeof( buf ); |
| 208 | |
| 209 | if ( pioctl( 0, VIOCSETTOK, &vi, 0 ) < 0 ) { |
| 210 | ap_log_error( APLOG_MARK, APLOG_ERR, r->server, |
| 211 | "mod_waklog: pioctl failed" ); |
| 212 | } |
| 213 | |
| 214 | /* we'll need to unlog when this connection is done. */ |
| 215 | ap_register_cleanup( r->pool, (void *)r, pioctl_cleanup, ap_null_cleanup ); |
| 216 | |
| 217 | ap_log_error( APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, r->server, |
| 218 | "mod_waklog: finished with get_token" ); |
| 219 | |
| 220 | return OK; |
| 221 | } |
| 222 | |
| 223 | |
| 224 | module MODULE_VAR_EXPORT waklog_module = { |
| 225 | STANDARD_MODULE_STUFF, |
| 226 | waklog_init, /* module initializer */ |
| 227 | waklog_create_dir_config, /* create per-dir config structures */ |
| 228 | NULL, /* merge per-dir config structures */ |
| 229 | waklog_create_server_config, /* create per-server config structures */ |
| 230 | NULL, /* merge per-server config structures */ |
| 231 | waklog_cmds, /* table of config file commands */ |
| 232 | NULL, /* [#8] MIME-typed-dispatched handlers */ |
| 233 | NULL, /* [#1] URI to filename translation */ |
| 234 | NULL, /* [#4] validate user id from request */ |
| 235 | NULL, /* [#5] check if the user is ok _here_ */ |
| 236 | NULL, /* [#3] check access by host address */ |
| 237 | NULL, /* [#6] determine MIME type */ |
| 238 | waklog_get_tokens, /* [#7] pre-run fixups */ |
| 239 | NULL, /* [#9] log a transaction */ |
| 240 | NULL, /* [#2] header parser */ |
| 241 | waklog_child_init, /* child_init */ |
| 242 | NULL, /* child_exit */ |
| 243 | NULL /* [#0] post read-request */ |
| 244 | #ifdef EAPI |
| 245 | ,NULL, /* EAPI: add_module */ |
| 246 | NULL, /* EAPI: remove_module */ |
| 247 | NULL, /* EAPI: rewrite_command */ |
| 248 | NULL /* EAPI: new_connection */ |
| 249 | #endif |
| 250 | }; |