mod_afs.c

   1 #include "httpd.h"
   2 #include "http_config.h"
   3 #include "http_protocol.h"
   4 #include "http_log.h"
   5 #include "ap_config.h"
   6
   7 #include <sys/ioccom.h>
   8 #include <stropts.h>
   9 #include <kerberosIV/krb.h>
  10 #include <kerberosIV/des.h>
  11 #include <afs/venus.h>
  12
  13 #define SRVTAB "/usr/local/etc/srvtab.itdwww"
  14
  15 struct ClearToken {
  16     long AuthHandle;
  17     char HandShakeKey[ 8 ];
  18     long ViceId;
  19     long BeginTimestamp;
  20     long EndTimestamp;
  21 };
  22
  23     static void
  24 afs_init( server_rec *s, pool *p )
  25 {
  26     extern char *version;
  27
  28     ap_log_error( APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, s,
  29             "mod_afs: version %s initialized.", version );
  30     return;
  31 }
  32
  33
  34     static void
  35 pioctl_cleanup( void *data )
  36 {
  37     request_rec         *r = (request_rec *)data;
  38     struct ViceIoctl    vi;
  39
  40     vi.in = NULL;
  41     vi.in_size = 0;
  42     vi.out = NULL;
  43     vi.out_size = 0;
  44
  45     if ( pioctl( 0, VIOCUNPAG, &vi, 0 ) < 0 ) {
  46         ap_log_error( APLOG_MARK, APLOG_ERR, r->server,
  47                 "unlog pioctl failed\n" );
  48     }
  49
  50     ap_log_error( APLOG_MARK, APLOG_ERR, r->server,
  51             "unlog pioctl succeeded\n" );
  52 }
  53
  54
  55     static int
  56 get_afs_tokens( request_rec *r )
  57 {
  58     CREDENTIALS         cr;
  59     struct ViceIoctl    vi;
  60     struct ClearToken   ct;
  61     int                 i, rc;
  62     char                buf[ 1024 ], *s;
  63     char                *urealm = "UMICH.EDU";
  64     char                *lrealm = "umich.edu";
  65
  66     setpag();
  67
  68     if (( rc = get_ad_tkt( "afs", "", urealm, 255 )) != KSUCCESS ) {
  69         ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r->server,
  70                 "get_ad_tkt: %s\n", krb_err_txt[ rc ] );
  71
  72         /* user doesn't have tickets: use server's srvtab */
  73
  74         return OK;
  75     }
  76
  77     if (( rc = krb_get_cred( "afs", "", urealm, &cr )) != KSUCCESS ) {
  78         ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server,
  79                 "krb_get_cred: %s\n", krb_err_txt[ rc ] );
  80         return OK;
  81     }
  82
  83     ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
  84             "%s.%s@%s\n", cr.service, cr.instance, cr.realm );
  85     ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
  86             "%d %d %d\n", cr.lifetime, cr.kvno, cr.issue_date );
  87     ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
  88             "%s %s\n", cr.pname, cr.pinst );
  89     ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
  90             "%d\n", cr.ticket_st.length );
  91
  92     s = buf;
  93     memmove( s, &cr.ticket_st.length, sizeof( int ));
  94     s += sizeof( int );
  95     memmove( s, cr.ticket_st.dat, cr.ticket_st.length );
  96     s += cr.ticket_st.length;
  97
  98     ct.AuthHandle = cr.kvno;
  99     memmove( ct.HandShakeKey, cr.session, sizeof( cr.session ));
 100     ct.ViceId = 0;
 101     ct.BeginTimestamp = cr.issue_date;
 102     ct.EndTimestamp = krb_life_to_time( cr.issue_date, cr.lifetime );
 103
 104     i = sizeof( struct ClearToken );
 105     memmove( s, &i, sizeof( int ));
 106     s += sizeof( int );
 107     memmove( s, &ct, sizeof( struct ClearToken ));
 108     s += sizeof( struct ClearToken );
 109
 110     i = 0;
 111     memmove( s, &i, sizeof( int ));
 112     s += sizeof( int );
 113
 114     strcpy( s, lrealm );
 115     s += strlen( lrealm ) + 1;
 116
 117     vi.in = buf;
 118     vi.in_size = s - buf;
 119     vi.out = buf;
 120     vi.out_size = sizeof( buf );
 121
 122     if ( pioctl( 0, VIOCSETTOK, &vi, 0 ) < 0 ) {
 123         ap_log_error( APLOG_MARK, APLOG_ERR, r->server,
 124                 "pioctl failed\n" );
 125     }
 126
 127     /* we'll need to unlog when this connection is done. */
 128     ap_register_cleanup( r->pool, (void *)r, pioctl_cleanup, ap_null_cleanup );
 129
 130 ap_log_error( APLOG_MARK, APLOG_ERR, r->server, "done with token stuff\n" );
 131
 132     return OK;
 133 }
 134
 135
 136 module MODULE_VAR_EXPORT afs_module = {
 137     STANDARD_MODULE_STUFF,
 138     afs_init,              /* module initializer                  */
 139     NULL,                  /* create per-dir    config structures */
 140     NULL,                  /* merge  per-dir    config structures */
 141     NULL,                  /* create per-server config structures */
 142     NULL,                  /* merge  per-server config structures */
 143     NULL,                  /* table of config file commands       */
 144     NULL,                  /* [#8] MIME-typed-dispatched handlers */
 145     NULL,                  /* [#1] URI to filename translation    */
 146     NULL,                  /* [#4] validate user id from request  */
 147     NULL,                  /* [#5] check if the user is ok _here_ */
 148     NULL,                  /* [#3] check access by host address   */
 149     NULL,                  /* [#6] determine MIME type            */
 150     NULL,                  /* [#7] pre-run fixups                 */
 151     NULL,                  /* [#9] log a transaction              */
 152     get_afs_tokens,        /* [#2] header parser                  */
 153     NULL,                  /* child_init                          */
 154     NULL,                  /* child_exit                          */
 155     NULL                   /* [#0] post read-request              */
 156 #ifdef EAPI
 157    ,NULL,                  /* EAPI: add_module                    */
 158     NULL,                  /* EAPI: remove_module                 */
 159     NULL,                  /* EAPI: rewrite_command               */
 160     NULL                   /* EAPI: new_connection                */
 161 #endif
 162 };