HCoop / hcoop / zz_old / modwaklog.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Less logging
[hcoop/zz_old/modwaklog.git] / mod_waklog.c
1 #include "httpd.h"
2 #include "http_config.h"
3 #include "http_conf_globals.h"
4 #include "http_log.h"
5 #include "http_protocol.h"
6 #include "http_request.h"
7 #include "http_core.h"
8 #include "ap_config.h"
9 #include <krb5.h>
10
11 #if defined(sun)
12 #include <sys/ioccom.h>
13 #endif /* sun */
14 #include <stropts.h>
15 #include <afs/venus.h>
16 #include <afs/auth.h>
17 #include <rx/rxkad.h>
18
19 #define KEYTAB "/home/drh/keytab.itdwww"
20 #define KEYTAB_PRINCIPAL "itdwww"
21
22 #define TKT_LIFE 10*60*60
23 #define SLEEP_TIME TKT_LIFE - 5*60
24
25 #define AFS_CELL "umich.edu" /* NB: lower case */
26
27 #define K5PATH "FILE:/tmp/waklog.creds.k5"
28 #define K4PATH "/tmp/waklog.creds.k4"
29
30 module waklog_module;
31
32 typedef struct {
33 int configured;
34 int protect;
35 char *keytab;
36 char *keytab_principal;
37 char *afs_cell;
38 } waklog_host_config;
39
40 typedef struct {
41 struct ktc_token token;
42 } waklog_child_config;
43 waklog_child_config child;
44
45 #if 0
46 static void *
47 waklog_create_dir_config( pool *p, char *path )
48 {
49 waklog_host_config *cfg;
50
51 cfg = (waklog_host_config *)ap_pcalloc( p, sizeof( waklog_host_config ));
52 cfg->configured = 0;
53 cfg->protect = 0;
54 cfg->keytab = KEYTAB;
55 cfg->keytab_principal = KEYTAB_PRINCIPAL;
56 cfg->afs_cell = AFS_CELL;
57
58 return( cfg );
59 }
60 #endif /* 0 */
61
62
63 static void *
64 waklog_create_server_config( pool *p, server_rec *s )
65 {
66 waklog_host_config *cfg;
67
68 cfg = (waklog_host_config *)ap_pcalloc( p, sizeof( waklog_host_config ));
69 cfg->configured = 0;
70 cfg->protect = 0;
71 cfg->keytab = KEYTAB;
72 cfg->keytab_principal = KEYTAB_PRINCIPAL;
73 cfg->afs_cell = AFS_CELL;
74
75 #if 0
76 ap_set_module_config( s->module_config, &waklog_module, cfg);
77 #endif /* 0 */
78
79 return( cfg );
80 }
81
82
83 static const char *
84 set_waklog_protect( cmd_parms *params, void *mconfig, int flag )
85 {
86 waklog_host_config *cfg;
87
88 #if 0
89 if ( params->path == NULL ) {
90 #endif /* 0 */
91 cfg = (waklog_host_config *) ap_get_module_config(
92 params->server->module_config, &waklog_module );
93 #if 0
94 } else {
95 cfg = (waklog_host_config *)mconfig;
96 }
97 #endif /* 0 */
98
99 cfg->protect = flag;
100 cfg->configured = 1;
101 return( NULL );
102 }
103
104
105 static const char *
106 set_waklog_use_keytab( cmd_parms *params, void *mconfig, char *file )
107 {
108 waklog_host_config *cfg;
109
110 #if 0
111 if ( params->path == NULL ) {
112 #endif /* 0 */
113 cfg = (waklog_host_config *) ap_get_module_config(
114 params->server->module_config, &waklog_module );
115 #if 0
116 } else {
117 cfg = (waklog_host_config *)mconfig;
118 }
119 #endif /* 0 */
120
121 ap_log_error( APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, params->server,
122 "mod_waklog: will use keytab: %s", file );
123
124 cfg->keytab = ap_pstrdup ( params->pool, file );
125 cfg->configured = 1;
126 return( NULL );
127 }
128
129
130 static const char *
131 set_waklog_use_keytab_principal( cmd_parms *params, void *mconfig, char *file )
132 {
133 waklog_host_config *cfg;
134
135 #if 0
136 if ( params->path == NULL ) {
137 #endif /* 0 */
138 cfg = (waklog_host_config *) ap_get_module_config(
139 params->server->module_config, &waklog_module );
140 #if 0
141 } else {
142 cfg = (waklog_host_config *)mconfig;
143 }
144 #endif /* 0 */
145
146 ap_log_error( APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, params->server,
147 "mod_waklog: will use keytab_principal: %s", file );
148
149 cfg->keytab_principal = ap_pstrdup ( params->pool, file );
150 cfg->configured = 1;
151 return( NULL );
152 }
153
154
155 static const char *
156 set_waklog_use_afs_cell( cmd_parms *params, void *mconfig, char *file )
157 {
158 waklog_host_config *cfg;
159
160 #if 0
161 if ( params->path == NULL ) {
162 #endif /* 0 */
163 cfg = (waklog_host_config *) ap_get_module_config(
164 params->server->module_config, &waklog_module );
165 #if 0
166 } else {
167 cfg = (waklog_host_config *)mconfig;
168 }
169 #endif /* 0 */
170
171 ap_log_error( APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, params->server,
172 "mod_waklog: will use afs_cell: %s", file );
173
174 cfg->afs_cell = ap_pstrdup( params->pool, file );
175 cfg->configured = 1;
176 return( NULL );
177 }
178
179
180 static void
181 waklog_child_init( server_rec *s, pool *p )
182 {
183
184 memset( &child.token, 0, sizeof( struct ktc_token ) );
185
186 setpag();
187
188 return;
189 }
190
191
192 command_rec waklog_cmds[ ] =
193 {
194 { "WaklogProtected", set_waklog_protect,
195 NULL, RSRC_CONF | ACCESS_CONF, FLAG,
196 "enable waklog on a location or directory basis" },
197
198 { "WaklogUseKeytabPath", set_waklog_use_keytab,
199 NULL, RSRC_CONF | ACCESS_CONF, TAKE1,
200 "Use the supplied keytab rather than the default" },
201
202 { "WaklogUseKeytabPrincipal", set_waklog_use_keytab_principal,
203 NULL, RSRC_CONF | ACCESS_CONF, TAKE1,
204 "Use the supplied keytab principal rather than the default" },
205
206 { "WaklogUseAFSCell", set_waklog_use_afs_cell,
207 NULL, RSRC_CONF | ACCESS_CONF, TAKE1,
208 "Use the supplied AFS cell rather than the default" },
209
210 { NULL }
211 };
212
213
214 static void
215 token_cleanup( void *data )
216 {
217 request_rec *r = (request_rec *)data;
218
219 if ( child.token.ticketLen ) {
220 memset( &child.token, 0, sizeof( struct ktc_token ) );
221
222 ktc_ForgetAllTokens();
223
224 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
225 "mod_waklog: ktc_ForgetAllTokens succeeded: pid: %d", getpid() );
226 }
227 return;
228 }
229
230
231 static int
232 waklog_kinit( server_rec *s )
233 {
234 krb5_error_code kerror;
235 krb5_context kcontext = NULL;
236 krb5_principal kprinc = NULL;
237 krb5_get_init_creds_opt kopts;
238 krb5_creds v5creds;
239 krb5_ccache kccache = NULL;
240 krb5_keytab keytab = NULL;
241 char ktbuf[ MAX_KEYTAB_NAME_LEN + 1 ];
242 waklog_host_config *cfg;
243 int i;
244
245 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, s,
246 "mod_waklog: waklog_kinit called: pid: %d", getpid() );
247
248 cfg = (waklog_host_config *) ap_get_module_config( s->module_config,
249 &waklog_module );
250
251 if (( kerror = krb5_init_context( &kcontext ))) {
252 ap_log_error( APLOG_MARK, APLOG_ERR, s,
253 (char *)error_message( kerror ));
254
255 goto cleanup;
256 }
257
258 /* use the path */
259 if (( kerror = krb5_cc_resolve( kcontext, K5PATH, &kccache )) != 0 ) {
260 ap_log_error( APLOG_MARK, APLOG_ERR, s,
261 (char *)error_message( kerror ));
262
263 goto cleanup;
264 }
265
266 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, s,
267 "mod_waklog: keytab_principal: %s", cfg->keytab_principal );
268
269 if (( kerror = krb5_parse_name( kcontext, cfg->keytab_principal, &kprinc ))) {
270 ap_log_error( APLOG_MARK, APLOG_ERR, s,
271 (char *)error_message( kerror ));
272
273 goto cleanup;
274 }
275
276 #if 0
277 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, s,
278 "mod_waklog: kprinc->realm: %.*s", kprinc->realm.length, kprinc->realm.data );
279
280 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, s,
281 "mod_waklog: kprinc->length: %d", kprinc->length );
282 for ( i = 0; i < kprinc->length; i++ ) {
283 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, s,
284 "mod_waklog: kprinc->data[%d].data: %.*s", i, kprinc->data[i].length, kprinc->data[i].data );
285 }
286 #endif /* 0 */
287
288 krb5_get_init_creds_opt_init( &kopts );
289 krb5_get_init_creds_opt_set_tkt_life( &kopts, TKT_LIFE );
290 krb5_get_init_creds_opt_set_renew_life( &kopts, 0 );
291 krb5_get_init_creds_opt_set_forwardable( &kopts, 1 );
292 krb5_get_init_creds_opt_set_proxiable( &kopts, 0 );
293
294 /* keytab from config */
295 strncpy( ktbuf, cfg->keytab, sizeof( ktbuf ) - 1 );
296
297 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, s,
298 "mod_waklog: waklog_kinit using: %s", ktbuf );
299
300 if (( kerror = krb5_kt_resolve( kcontext, ktbuf, &keytab )) != 0 ) {
301 ap_log_error( APLOG_MARK, APLOG_ERR, s,
302 (char *)error_message( kerror ));
303
304 goto cleanup;
305 }
306
307 memset( (char *)&v5creds, 0, sizeof(v5creds));
308
309 /* get the krbtgt */
310 if (( kerror = krb5_get_init_creds_keytab( kcontext, &v5creds,
311 kprinc, keytab, 0, NULL, &kopts ))) {
312
313 ap_log_error( APLOG_MARK, APLOG_ERR, s,
314 (char *)error_message( kerror ));
315
316 goto cleanup;
317 }
318
319 #if 0
320 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, s,
321 "mod_waklog: v5creds.client->realm: %.*s", v5creds.client->realm.length, v5creds.client->realm.data );
322
323 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, s,
324 "mod_waklog: v5creds.client->length: %d", v5creds.client->length );
325 for ( i = 0; i < v5creds.client->length; i++ ) {
326 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, s,
327 "mod_waklog: v5creds.client->data[%d].data: %.*s",
328 i, v5creds.client->data[i].length, v5creds.client->data[i].data );
329 }
330
331 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, s,
332 "mod_waklog: v5creds.server->realm: %.*s", v5creds.server->realm.length, v5creds.server->realm.data );
333
334 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, s,
335 "mod_waklog: v5creds.server->length: %d", v5creds.server->length );
336 for ( i = 0; i < v5creds.server->length; i++ ) {
337 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, s,
338 "mod_waklog: v5creds.server->data[%d].data: %.*s",
339 i, v5creds.server->data[i].length, v5creds.server->data[i].data );
340 }
341
342 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, s,
343 "mod_waklog: waklog_kinit #4" );
344
345 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, s,
346 "mod_waklog: waklog_kinit kprinc==v5creds.server: %s",
347 krb5_principal_compare( kcontext, kprinc, v5creds.server ) ? "true" : "false" );
348 #endif /* 0 */
349
350 #if 0
351 #error the proof of the pudding is in the eating
352 if (( kerror = krb5_verify_init_creds( kcontext, &v5creds,
353 v5creds.server, keytab, NULL, &vopts )) != 0 ) {
354
355 ap_log_error( APLOG_MARK, APLOG_ERR, s,
356 (char *)error_message( kerror ));
357
358 goto cleanup;
359 }
360 #endif /* 0 */
361
362 if (( kerror = krb5_cc_initialize( kcontext, kccache, kprinc )) != 0 ) {
363 ap_log_error( APLOG_MARK, APLOG_ERR, s,
364 (char *)error_message( kerror ));
365
366 goto cleanup;
367 }
368
369 kerror = krb5_cc_store_cred( kcontext, kccache, &v5creds );
370 krb5_free_cred_contents( kcontext, &v5creds );
371 if ( kerror != 0 ) {
372 ap_log_error( APLOG_MARK, APLOG_ERR, s,
373 (char *)error_message( kerror ));
374
375 goto cleanup;
376 }
377
378 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, s,
379 "mod_waklog: waklog_kinit success" );
380
381 cleanup:
382 if ( keytab )
383 (void)krb5_kt_close( kcontext, keytab );
384 if ( kprinc )
385 krb5_free_principal( kcontext, kprinc );
386 if ( kccache )
387 krb5_cc_close( kcontext, kccache );
388 if ( kcontext )
389 krb5_free_context( kcontext );
390
391 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, s,
392 "mod_waklog: waklog_kinit: exiting" );
393
394 return( 0 );
395 }
396
397
398 static void
399 waklog_aklog( request_rec *r )
400 {
401 int rc;
402 char buf[ MAXKTCTICKETLEN ];
403 const char *k4path = NULL;
404 const char *k5path = NULL;
405 krb5_error_code kerror;
406 krb5_context kcontext = NULL;
407 krb5_creds increds;
408 krb5_creds *v5credsp = NULL;
409 krb5_ccache kccache = NULL;
410 struct ktc_principal server = { "afs", "", "" };
411 struct ktc_principal client;
412 struct ktc_token token;
413 waklog_host_config *cfg;
414 int buflen;
415
416 k5path = ap_table_get( r->subprocess_env, "KRB5CCNAME" );
417 k4path = ap_table_get( r->subprocess_env, "KRBTKFILE" );
418
419 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
420 "mod_waklog: waklog_aklog called: k5path: %s, k4path: %s", k5path, k4path );
421
422 if ( !k5path || !k4path || !*k5path || !*k4path ) {
423 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
424 "mod_waklog: waklog_aklog giving up" );
425 goto cleanup;
426 }
427
428 /*
429 ** Get/build creds from file/tgs, then see if we need to SetToken
430 */
431
432 if (( kerror = krb5_init_context( &kcontext ))) {
433 /* Authentication Required ( kerberos error ) */
434 ap_log_error( APLOG_MARK, APLOG_ERR, r->server,
435 (char *)error_message( kerror ));
436
437 goto cleanup;
438 }
439
440 memset( (char *)&increds, 0, sizeof(increds));
441
442 cfg = (waklog_host_config *) ap_get_module_config(
443 r->server->module_config, &waklog_module );
444
445 /* afs/<cell> or afs */
446 strncpy( buf, "afs", sizeof( buf ) - 1 );
447 if ( strcmp( cfg->afs_cell, AFS_CELL ) ) {
448 strncat( buf, "/" , sizeof( buf ) - strlen( buf ) - 1 );
449 strncat( buf, cfg->afs_cell, sizeof( buf ) - strlen( buf ) - 1 );
450 }
451
452 /* set server part */
453 if (( kerror = krb5_parse_name( kcontext, buf, &increds.server ))) {
454 ap_log_error( APLOG_MARK, APLOG_ERR, r->server,
455 (char *)error_message( kerror ));
456
457 goto cleanup;
458 }
459
460 if (( kerror = krb5_cc_resolve( kcontext, k5path, &kccache )) != 0 ) {
461 ap_log_error( APLOG_MARK, APLOG_ERR, r->server,
462 (char *)error_message( kerror ));
463
464 goto cleanup;
465 }
466
467 /* set client part */
468 krb5_cc_get_principal( kcontext, kccache, &increds.client );
469
470 increds.times.endtime = 0;
471 /* Ask for DES since that is what V4 understands */
472 increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC;
473
474 /* get the V5 credentials */
475 if (( kerror = krb5_get_credentials( kcontext, 0, kccache,
476 &increds, &v5credsp ) ) ) {
477 ap_log_error( APLOG_MARK, APLOG_ERR, r->server,
478 "mod_waklog: krb5_get_credentials: %s", error_message( kerror ));
479 goto cleanup;
480 }
481
482 /* don't overflow */
483 if ( v5credsp->ticket.length >= MAXKTCTICKETLEN ) { /* from krb524d.c */
484 ap_log_error( APLOG_MARK, APLOG_ERR, r->server,
485 "mod_waklog: ticket size (%d) too big to fake", v5credsp->ticket.length );
486 goto cleanup;
487 }
488
489 /* assemble the token */
490 memset( &token, 0, sizeof( struct ktc_token ) );
491
492 token.startTime = v5credsp->times.starttime ? v5credsp->times.starttime : v5credsp->times.authtime;
493 token.endTime = v5credsp->times.endtime;
494 memmove( &token.sessionKey, v5credsp->keyblock.contents, v5credsp->keyblock.length );
495 token.kvno = RXKAD_TKT_TYPE_KERBEROS_V5;
496 token.ticketLen = v5credsp->ticket.length;
497 memmove( token.ticket, v5credsp->ticket.data, token.ticketLen );
498
499 /* make sure we have to do this */
500 if ( child.token.kvno != token.kvno ||
501 child.token.ticketLen != token.ticketLen ||
502 (memcmp( &child.token.sessionKey, &token.sessionKey,
503 sizeof( token.sessionKey ) )) ||
504 (memcmp( child.token.ticket, token.ticket, token.ticketLen )) ) {
505
506 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
507 "mod_waklog: client: %s", buf );
508
509 /* build the name */
510 memmove( buf, v5credsp->client->data[0].data,
511 min( v5credsp->client->data[0].length, MAXKTCNAMELEN - 1 ) );
512 buf[ v5credsp->client->data[0].length ] = '\0';
513 if ( v5credsp->client->length > 1 ) {
514 strncat( buf, ".", sizeof( buf ) - strlen( buf ) - 1 );
515 buflen = strlen( buf );
516 memmove( buf + buflen, v5credsp->client->data[1].data,
517 min( v5credsp->client->data[1].length, MAXKTCNAMELEN - strlen( buf ) - 1 ) );
518 buf[ buflen + v5credsp->client->data[1].length ] = '\0';
519 }
520
521 /* assemble the client */
522 strncpy( client.name, buf, sizeof( client.name ) - 1 );
523 strncpy( client.instance, "", sizeof( client.instance) - 1 );
524 memmove( buf, v5credsp->client->realm.data,
525 min( v5credsp->client->realm.length, MAXKTCNAMELEN - 1 ) );
526 buf[ v5credsp->client->realm.length ] = '\0';
527 strncpy( client.cell, buf, sizeof( client.cell ) - 1 );
528
529 /* assemble the server's cell */
530 strncpy( server.cell, cfg->afs_cell , sizeof( server.cell ) - 1 );
531
532 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
533 "mod_waklog: server: name=%s, instance=%s, cell=%s",
534 server.name, server.instance, server.cell );
535
536 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
537 "mod_waklog: client: name=%s, instance=%s, cell=%s",
538 client.name, client.instance, client.cell );
539
540 /* use the path */
541 krb_set_tkt_string( (char *)k4path );
542
543 /* rumor: we have to do this for AIX 4.1.4 with AFS 3.4+ */
544 write( 2, "", 0 );
545
546 if ( ( rc = ktc_SetToken( &server, &token, &client, 0 ) ) ) {
547 ap_log_error( APLOG_MARK, APLOG_ERR, r->server,
548 "mod_waklog: settoken returned %d", rc );
549 goto cleanup;
550 }
551
552 /* save this */
553 memmove( &child.token, &token, sizeof( struct ktc_token ) );
554
555 /* we'll need to unlog when this connection is done. */
556 ap_register_cleanup( r->pool, (void *)r, token_cleanup, ap_null_cleanup );
557 }
558
559 cleanup:
560 if ( v5credsp )
561 krb5_free_cred_contents( kcontext, v5credsp );
562 if ( increds.client )
563 krb5_free_principal( kcontext, increds.client );
564 if ( increds.server )
565 krb5_free_principal( kcontext, increds.server );
566 if ( kccache )
567 krb5_cc_close( kcontext, kccache );
568 if ( kcontext )
569 krb5_free_context( kcontext );
570
571 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
572 "mod_waklog: finished with waklog_aklog" );
573
574 return;
575
576 }
577
578 static int
579 waklog_child_routine( void *s, child_info *pinfo )
580 {
581 if ( !getuid() ) {
582 ap_log_error( APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, s,
583 "mod_waklog: waklog_child_routine called as root" );
584
585 /* this was causing the credential file to get owned by root */
586 setgid(ap_group_id);
587 setuid(ap_user_id);
588 }
589
590 while( 1 ) {
591 waklog_kinit( s );
592 sleep( SLEEP_TIME );
593 }
594
595 }
596
597
598 static void
599 waklog_init( server_rec *s, pool *p )
600 {
601 extern char *version;
602 int pid;
603
604 ap_log_error( APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, s,
605 "mod_waklog: version %s initialized.", version );
606
607 pid = ap_bspawn_child( p, waklog_child_routine, s, kill_always,
608 NULL, NULL, NULL );
609
610 ap_log_error( APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, s,
611 "mod_waklog: ap_bspawn_child: %d.", pid );
612 }
613
614
615 static int
616 waklog_phase0( request_rec *r )
617 {
618 waklog_host_config *cfg;
619
620 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
621 "mod_waklog: phase0 called" );
622
623 #if 0
624 /* directory config? */
625 cfg = (waklog_host_config *)ap_get_module_config(
626 r->per_dir_config, &waklog_module);
627
628
629 /* server config? */
630 if ( !cfg->configured ) {
631 #endif /* 0 */
632 cfg = (waklog_host_config *)ap_get_module_config(
633 r->server->module_config, &waklog_module);
634 #if 0
635 }
636 #endif /* 0 */
637
638 if ( !cfg->protect ) {
639 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
640 "mod_waklog: phase0 declining" );
641 return( DECLINED );
642 }
643
644 /* set our environment variables */
645 ap_table_set( r->subprocess_env, "KRB5CCNAME", K5PATH );
646 ap_table_set( r->subprocess_env, "KRBTKFILE", K4PATH );
647
648 /* do this only if we are still unauthenticated */
649 if ( !child.token.ticketLen ) {
650
651 /* stuff the credentials into the kernel */
652 waklog_aklog( r );
653 }
654
655 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
656 "mod_waklog: phase0 returning" );
657 return DECLINED;
658 }
659
660
661 static int
662 waklog_phase7( request_rec *r )
663 {
664 waklog_host_config *cfg;
665
666 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
667 "mod_waklog: phase7 called" );
668
669 #if 0
670 /* directory config? */
671 cfg = (waklog_host_config *)ap_get_module_config(
672 r->per_dir_config, &waklog_module);
673
674 /* server config? */
675 if ( !cfg->configured ) {
676 #endif /* 0 */
677 cfg = (waklog_host_config *)ap_get_module_config(
678 r->server->module_config, &waklog_module);
679 #if 0
680 }
681 #endif /* 0 */
682
683 if ( !cfg->protect ) {
684 return( DECLINED );
685 }
686
687 /* stuff the credentials into the kernel */
688 waklog_aklog( r );
689
690 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
691 "mod_waklog: phase7 returning" );
692
693 return DECLINED;
694 }
695
696 static void
697 waklog_new_connection( conn_rec *c ) {
698 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, c->server,
699 "mod_waklog: new_connection called: pid: %d", getpid() );
700 return;
701 }
702
703
704 /*
705 ** Here's a quick explaination for phase0 and phase2:
706 ** Apache does a stat() on the path between phase0 and
707 ** phase2, and must by ACLed rl to succeed. So, at
708 ** phase0 we acquire credentials for umweb:servers from
709 ** a keytab, and at phase2 we must ensure we remove them.
710 **
711 ** Failure to "unlog" would be a security risk.
712 */
713 static int
714 waklog_phase2( request_rec *r )
715 {
716 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
717 "mod_waklog: phase2 called" );
718
719 if ( child.token.ticketLen ) {
720 memset( &child.token, 0, sizeof( struct ktc_token ) );
721
722 ktc_ForgetAllTokens();
723
724 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
725 "mod_waklog: ktc_ForgetAllTokens succeeded: pid: %d", getpid() );
726 }
727
728 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
729 "mod_waklog: phase2 returning" );
730
731 return DECLINED;
732 }
733
734 #if 0
735 static int waklog_phase1( request_rec *r )
736 {
737 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server, "mod_waklog: phase1 returning" );
738 return DECLINED;
739 }
740 static int waklog_phase3( request_rec *r )
741 {
742 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server, "mod_waklog: phase3 returning" );
743 return DECLINED;
744 }
745 static int waklog_phase4( request_rec *r )
746 {
747 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server, "mod_waklog: phase4 returning" );
748 return DECLINED;
749 }
750 static int waklog_phase5( request_rec *r )
751 {
752 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server, "mod_waklog: phase5 returning" );
753 return DECLINED;
754 }
755 static int waklog_phase6( request_rec *r )
756 {
757 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server, "mod_waklog: phase6 returning" );
758 return DECLINED;
759 }
760 static void waklog_phase8( request_rec *r )
761 {
762 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server, "mod_waklog: phase8 returning" );
763 return;
764 }
765 static int waklog_phase9( request_rec *r )
766 {
767 ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server, "mod_waklog: phase9 returning" );
768 return DECLINED;
769 }
770 #endif /* 0 */
771
772 module MODULE_VAR_EXPORT waklog_module = {
773 STANDARD_MODULE_STUFF,
774 waklog_init, /* module initializer */
775 #if 0
776 waklog_create_dir_config, /* create per-dir config structures */
777 #else /* 0 */
778 NULL, /* create per-dir config structures */
779 #endif /* 0 */
780 NULL, /* merge per-dir config structures */
781 waklog_create_server_config, /* create per-server config structures */
782 NULL, /* merge per-server config structures */
783 waklog_cmds, /* table of config file commands */
784 NULL, /* [#8] MIME-typed-dispatched handlers */
785 NULL, /* [#1] URI to filename translation */
786 NULL, /* [#4] validate user id from request */
787 NULL, /* [#5] check if the user is ok _here_ */
788 NULL, /* [#3] check access by host address */
789 NULL, /* [#6] determine MIME type */
790 waklog_phase7, /* [#7] pre-run fixups */
791 NULL, /* [#9] log a transaction */
792 waklog_phase2, /* [#2] header parser */
793 waklog_child_init, /* child_init */
794 NULL, /* child_exit */
795 waklog_phase0 /* [#0] post read-request */
796 #ifdef EAPI
797 ,NULL, /* EAPI: add_module */
798 NULL, /* EAPI: remove_module */
799 NULL, /* EAPI: rewrite_command */
800 waklog_new_connection /* EAPI: new_connection */
801 #endif
802 };
Unnamed repository; edit this file 'description' to name the repository.