finished waklog rename, added WaklogProtected directive
[hcoop/zz_old/modwaklog.git] / mod_waklog.c
1 #include "httpd.h"
2 #include "http_config.h"
3 #include "http_protocol.h"
4 #include "http_log.h"
5 #include "ap_config.h"
6
7 #include <sys/ioccom.h>
8 #include <stropts.h>
9 #include <kerberosIV/krb.h>
10 #include <kerberosIV/des.h>
11 #include <afs/venus.h>
12
13 module waklog_module;
14
15 struct ClearToken {
16 long AuthHandle;
17 char HandShakeKey[ 8 ];
18 long ViceId;
19 long BeginTimestamp;
20 long EndTimestamp;
21 };
22
23 typedef struct {
24 int configured;
25 int protect;
26 } waklog_host_config;
27
28
29 static void *
30 waklog_create_dir_config( pool *p, char *path )
31 {
32 waklog_host_config *cfg;
33
34 cfg = (waklog_host_config *)ap_pcalloc( p, sizeof( waklog_host_config ));
35 cfg->configured = 0;
36 cfg->protect = 0;
37
38 return( cfg );
39 }
40
41
42 static void *
43 waklog_create_server_config( pool *p, server_rec *s )
44 {
45 waklog_host_config *cfg;
46
47 cfg = (waklog_host_config *)ap_pcalloc( p, sizeof( waklog_host_config ));
48 cfg->configured = 0;
49 cfg->protect = 0;
50
51 return( cfg );
52 }
53
54
55 static void
56 waklog_init( server_rec *s, pool *p )
57 {
58 extern char *version;
59
60 ap_log_error( APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, s,
61 "mod_waklog: version %s initialized.", version );
62 return;
63 }
64
65
66 static const char *
67 set_waklog_protect( cmd_parms *params, void *mconfig, int flag )
68 {
69 waklog_host_config *cfg;
70
71 if ( params->path == NULL ) {
72 cfg = (waklog_host_config *) ap_get_module_config(
73 params->server->module_config, &waklog_module );
74 } else {
75 cfg = (waklog_host_config *)mconfig;
76 }
77
78 cfg->protect = flag;
79 cfg->configured = 1;
80 return( NULL );
81 }
82
83
84 static void
85 waklog_child_init( server_rec *s, pool *p )
86 {
87 setpag();
88 return;
89 }
90
91
92 command_rec waklog_cmds[ ] =
93 {
94 { "WaklogProtected", set_waklog_protect,
95 NULL, RSRC_CONF | ACCESS_CONF, FLAG,
96 "enable waklog on a location or directory basis" },
97
98 { NULL }
99 };
100
101
102 static void
103 pioctl_cleanup( void *data )
104 {
105 request_rec *r = (request_rec *)data;
106 struct ViceIoctl vi;
107
108 vi.in = NULL;
109 vi.in_size = 0;
110 vi.out = NULL;
111 vi.out_size = 0;
112
113 if ( pioctl( 0, VIOCUNPAG, &vi, 0 ) < 0 ) {
114 ap_log_error( APLOG_MARK, APLOG_ERR, r->server,
115 "mod_waklog: unlog pioctl failed" );
116 }
117
118 ap_log_error( APLOG_MARK, APLOG_ERR, r->server,
119 "mod_waklog: unlog pioctl succeeded" );
120 return;
121 }
122
123
124 static int
125 waklog_get_tokens( request_rec *r )
126 {
127 CREDENTIALS cr;
128 struct ViceIoctl vi;
129 struct ClearToken ct;
130 int i, rc;
131 char buf[ 1024 ], *s;
132 char *urealm = "UMICH.EDU";
133 char *lrealm = "umich.edu";
134 waklog_host_config *cfg;
135
136 /* directory config? */
137 cfg = (waklog_host_config *)ap_get_module_config(
138 r->per_dir_config, &waklog_module);
139
140 /* server config? */
141 if ( !cfg->configured ) {
142 cfg = (waklog_host_config *)ap_get_module_config(
143 r->server->module_config, &waklog_module);
144 }
145
146 if ( !cfg->protect ) {
147 return( DECLINED );
148 }
149
150 if (( rc = get_ad_tkt( "afs", "", urealm, 255 )) != KSUCCESS ) {
151 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r->server,
152 "mod_waklog: get_ad_tkt: %s", krb_err_txt[ rc ] );
153
154 /* user doesn't have tickets: use server's srvtab */
155
156 return OK;
157 }
158
159 if (( rc = krb_get_cred( "afs", "", urealm, &cr )) != KSUCCESS ) {
160 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server,
161 "mod_waklog: krb_get_cred: %s", krb_err_txt[ rc ] );
162 return OK;
163 }
164
165 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
166 "mod_waklog: %s.%s@%s", cr.service, cr.instance, cr.realm );
167 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
168 "mod_waklog: %d %d %d", cr.lifetime, cr.kvno, cr.issue_date );
169 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
170 "mod_waklog: %s %s", cr.pname, cr.pinst );
171 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
172 "mod_waklog: %d", cr.ticket_st.length );
173
174 s = buf;
175 memmove( s, &cr.ticket_st.length, sizeof( int ));
176 s += sizeof( int );
177 memmove( s, cr.ticket_st.dat, cr.ticket_st.length );
178 s += cr.ticket_st.length;
179
180 ct.AuthHandle = cr.kvno;
181 memmove( ct.HandShakeKey, cr.session, sizeof( cr.session ));
182 ct.ViceId = 0;
183 ct.BeginTimestamp = cr.issue_date;
184 ct.EndTimestamp = krb_life_to_time( cr.issue_date, cr.lifetime );
185
186 i = sizeof( struct ClearToken );
187 memmove( s, &i, sizeof( int ));
188 s += sizeof( int );
189 memmove( s, &ct, sizeof( struct ClearToken ));
190 s += sizeof( struct ClearToken );
191
192 i = 0;
193 memmove( s, &i, sizeof( int ));
194 s += sizeof( int );
195
196 strcpy( s, lrealm );
197 s += strlen( lrealm ) + 1;
198
199 vi.in = buf;
200 vi.in_size = s - buf;
201 vi.out = buf;
202 vi.out_size = sizeof( buf );
203
204 if ( pioctl( 0, VIOCSETTOK, &vi, 0 ) < 0 ) {
205 ap_log_error( APLOG_MARK, APLOG_ERR, r->server,
206 "mod_waklog: pioctl failed" );
207 }
208
209 /* we'll need to unlog when this connection is done. */
210 ap_register_cleanup( r->pool, (void *)r, pioctl_cleanup, ap_null_cleanup );
211
212 ap_log_error( APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, r->server,
213 "mod_waklog: done with token stuff" );
214
215 return OK;
216 }
217
218
219 module MODULE_VAR_EXPORT waklog_module = {
220 STANDARD_MODULE_STUFF,
221 waklog_init, /* module initializer */
222 waklog_create_dir_config, /* create per-dir config structures */
223 NULL, /* merge per-dir config structures */
224 waklog_create_server_config, /* create per-server config structures */
225 NULL, /* merge per-server config structures */
226 waklog_cmds, /* table of config file commands */
227 NULL, /* [#8] MIME-typed-dispatched handlers */
228 NULL, /* [#1] URI to filename translation */
229 NULL, /* [#4] validate user id from request */
230 NULL, /* [#5] check if the user is ok _here_ */
231 NULL, /* [#3] check access by host address */
232 NULL, /* [#6] determine MIME type */
233 waklog_get_tokens, /* [#7] pre-run fixups */
234 NULL, /* [#9] log a transaction */
235 NULL, /* [#2] header parser */
236 waklog_child_init, /* child_init */
237 NULL, /* child_exit */
238 NULL /* [#0] post read-request */
239 #ifdef EAPI
240 ,NULL, /* EAPI: add_module */
241 NULL, /* EAPI: remove_module */
242 NULL, /* EAPI: rewrite_command */
243 NULL /* EAPI: new_connection */
244 #endif
245 };