bed98ff9 |
1 | #include "httpd.h" |
2 | #include "http_config.h" |
3 | #include "http_protocol.h" |
4 | #include "http_log.h" |
5 | #include "ap_config.h" |
6 | |
7 | #include <sys/ioccom.h> |
8 | #include <stropts.h> |
9 | #include <kerberosIV/krb.h> |
10 | #include <kerberosIV/des.h> |
11 | #include <afs/venus.h> |
12 | |
13 | #define SRVTAB "/usr/local/etc/srvtab.itdwww" |
14 | |
15 | struct ClearToken { |
16 | long AuthHandle; |
17 | char HandShakeKey[ 8 ]; |
18 | long ViceId; |
19 | long BeginTimestamp; |
20 | long EndTimestamp; |
21 | }; |
22 | |
b429ae96 |
23 | static void |
24 | afs_init( server_rec *s, pool *p ) |
25 | { |
26 | extern char *version; |
27 | |
28 | ap_log_error( APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, s, |
29 | "mod_afs: version %s initialized.", version ); |
30 | return; |
31 | } |
32 | |
bed98ff9 |
33 | |
34 | static void |
35 | pioctl_cleanup( void *data ) |
36 | { |
37 | request_rec *r = (request_rec *)data; |
38 | struct ViceIoctl vi; |
39 | |
40 | vi.in = NULL; |
41 | vi.in_size = 0; |
42 | vi.out = NULL; |
43 | vi.out_size = 0; |
44 | |
45 | if ( pioctl( 0, VIOCUNPAG, &vi, 0 ) < 0 ) { |
46 | ap_log_error( APLOG_MARK, APLOG_ERR, r->server, |
47 | "unlog pioctl failed\n" ); |
48 | } |
49 | |
50 | ap_log_error( APLOG_MARK, APLOG_ERR, r->server, |
51 | "unlog pioctl succeeded\n" ); |
52 | } |
53 | |
54 | |
55 | static int |
56 | get_afs_tokens( request_rec *r ) |
57 | { |
58 | CREDENTIALS cr; |
59 | struct ViceIoctl vi; |
60 | struct ClearToken ct; |
61 | int i, rc; |
62 | char buf[ 1024 ], *s; |
63 | char *urealm = "UMICH.EDU"; |
64 | char *lrealm = "umich.edu"; |
65 | |
66 | setpag(); |
67 | |
68 | if (( rc = get_ad_tkt( "afs", "", urealm, 255 )) != KSUCCESS ) { |
69 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r->server, |
70 | "get_ad_tkt: %s\n", krb_err_txt[ rc ] ); |
71 | |
72 | /* user doesn't have tickets: use server's srvtab */ |
73 | |
74 | return OK; |
75 | } |
76 | |
77 | if (( rc = krb_get_cred( "afs", "", urealm, &cr )) != KSUCCESS ) { |
78 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
79 | "krb_get_cred: %s\n", krb_err_txt[ rc ] ); |
80 | return OK; |
81 | } |
82 | |
b429ae96 |
83 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server, |
84 | "%s.%s@%s\n", cr.service, cr.instance, cr.realm ); |
85 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server, |
86 | "%d %d %d\n", cr.lifetime, cr.kvno, cr.issue_date ); |
87 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server, |
88 | "%s %s\n", cr.pname, cr.pinst ); |
89 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server, |
90 | "%d\n", cr.ticket_st.length ); |
bed98ff9 |
91 | |
92 | s = buf; |
93 | memmove( s, &cr.ticket_st.length, sizeof( int )); |
94 | s += sizeof( int ); |
95 | memmove( s, cr.ticket_st.dat, cr.ticket_st.length ); |
96 | s += cr.ticket_st.length; |
97 | |
98 | ct.AuthHandle = cr.kvno; |
99 | memmove( ct.HandShakeKey, cr.session, sizeof( cr.session )); |
100 | ct.ViceId = 0; |
101 | ct.BeginTimestamp = cr.issue_date; |
102 | ct.EndTimestamp = krb_life_to_time( cr.issue_date, cr.lifetime ); |
103 | |
104 | i = sizeof( struct ClearToken ); |
105 | memmove( s, &i, sizeof( int )); |
106 | s += sizeof( int ); |
107 | memmove( s, &ct, sizeof( struct ClearToken )); |
108 | s += sizeof( struct ClearToken ); |
109 | |
110 | i = 0; |
111 | memmove( s, &i, sizeof( int )); |
112 | s += sizeof( int ); |
113 | |
114 | strcpy( s, lrealm ); |
115 | s += strlen( lrealm ) + 1; |
116 | |
117 | vi.in = buf; |
118 | vi.in_size = s - buf; |
119 | vi.out = buf; |
120 | vi.out_size = sizeof( buf ); |
121 | |
122 | if ( pioctl( 0, VIOCSETTOK, &vi, 0 ) < 0 ) { |
123 | ap_log_error( APLOG_MARK, APLOG_ERR, r->server, |
124 | "pioctl failed\n" ); |
125 | } |
126 | |
127 | /* we'll need to unlog when this connection is done. */ |
128 | ap_register_cleanup( r->pool, (void *)r, pioctl_cleanup, ap_null_cleanup ); |
129 | |
130 | ap_log_error( APLOG_MARK, APLOG_ERR, r->server, "done with token stuff\n" ); |
131 | |
132 | return OK; |
133 | } |
134 | |
135 | |
136 | module MODULE_VAR_EXPORT afs_module = { |
137 | STANDARD_MODULE_STUFF, |
b429ae96 |
138 | afs_init, /* module initializer */ |
bed98ff9 |
139 | NULL, /* create per-dir config structures */ |
140 | NULL, /* merge per-dir config structures */ |
141 | NULL, /* create per-server config structures */ |
142 | NULL, /* merge per-server config structures */ |
143 | NULL, /* table of config file commands */ |
144 | NULL, /* [#8] MIME-typed-dispatched handlers */ |
145 | NULL, /* [#1] URI to filename translation */ |
146 | NULL, /* [#4] validate user id from request */ |
147 | NULL, /* [#5] check if the user is ok _here_ */ |
148 | NULL, /* [#3] check access by host address */ |
149 | NULL, /* [#6] determine MIME type */ |
150 | NULL, /* [#7] pre-run fixups */ |
151 | NULL, /* [#9] log a transaction */ |
152 | get_afs_tokens, /* [#2] header parser */ |
153 | NULL, /* child_init */ |
154 | NULL, /* child_exit */ |
155 | NULL /* [#0] post read-request */ |
156 | #ifdef EAPI |
157 | ,NULL, /* EAPI: add_module */ |
158 | NULL, /* EAPI: remove_module */ |
159 | NULL, /* EAPI: rewrite_command */ |
160 | NULL /* EAPI: new_connection */ |
161 | #endif |
162 | }; |