[hcoop/zz_old/modwaklog.git] / mod_afs.c

#include "httpd.h"
#include "http_config.h"
#include "http_protocol.h"
#include "http_log.h"
#include "ap_config.h"

#include <sys/ioccom.h>
#include <stropts.h>
#include <kerberosIV/krb.h>
#include <kerberosIV/des.h>
#include <afs/venus.h>

#define SRVTAB "/usr/local/etc/srvtab.itdwww"

struct ClearToken {
    long AuthHandle;
    char HandShakeKey[ 8 ];
    long ViceId;
    long BeginTimestamp;
    long EndTimestamp;
};

    static void
afs_init( server_rec *s, pool *p )
{
    extern char *version;

    ap_log_error( APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, s,
	    "mod_afs: version %s initialized.", version );
    return;
}


    static void
afs_child_init( server_rec *s, pool *p )
{
    setpag();
    ap_log_error( APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, s,
	    "mod_afs: setpag called in child init" );
    return;
}


    static void
pioctl_cleanup( void *data )
{
    request_rec		*r = (request_rec *)data;
    struct ViceIoctl	vi;

    vi.in = NULL;
    vi.in_size = 0;
    vi.out = NULL;
    vi.out_size = 0;

    if ( pioctl( 0, VIOCUNPAG, &vi, 0 ) < 0 ) {
	ap_log_error( APLOG_MARK, APLOG_ERR, r->server,
		"mod_afs: unlog pioctl failed" );
    }

    ap_log_error( APLOG_MARK, APLOG_ERR, r->server,
	    "mod_afs: unlog pioctl succeeded" );
    return;
}


    static int
get_afs_tokens( request_rec *r )
{
    CREDENTIALS		cr;
    struct ViceIoctl	vi;
    struct ClearToken	ct;
    int			i, rc;
    char		buf[ 1024 ], *s;
    char		*urealm = "UMICH.EDU";
    char		*lrealm = "umich.edu";

    /*
    /* setpag();
    /* ap_log_error( APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, s,
    /*	    "mod_afs: setpag called in get_afs_tokens" );
    */

    if (( rc = get_ad_tkt( "afs", "", urealm, 255 )) != KSUCCESS ) {
	ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r->server,
		"mod_afs: get_ad_tkt: %s", krb_err_txt[ rc ] );

	/* user doesn't have tickets: use server's srvtab */

	return OK;
    }

    if (( rc = krb_get_cred( "afs", "", urealm, &cr )) != KSUCCESS ) {
	ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server,
		"mod_afs: krb_get_cred: %s", krb_err_txt[ rc ] );
	return OK;
    }

    ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
	    "mod_afs: %s.%s@%s", cr.service, cr.instance, cr.realm );
    ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
	    "mod_afs: %d %d %d", cr.lifetime, cr.kvno, cr.issue_date );
    ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
	    "mod_afs: %s %s", cr.pname, cr.pinst );
    ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server,
	    "mod_afs: %d", cr.ticket_st.length );

    s = buf;
    memmove( s, &cr.ticket_st.length, sizeof( int ));
    s += sizeof( int );
    memmove( s, cr.ticket_st.dat, cr.ticket_st.length );
    s += cr.ticket_st.length;

    ct.AuthHandle = cr.kvno;
    memmove( ct.HandShakeKey, cr.session, sizeof( cr.session ));
    ct.ViceId = 0;
    ct.BeginTimestamp = cr.issue_date;
    ct.EndTimestamp = krb_life_to_time( cr.issue_date, cr.lifetime );

    i = sizeof( struct ClearToken );
    memmove( s, &i, sizeof( int ));
    s += sizeof( int );
    memmove( s, &ct, sizeof( struct ClearToken ));
    s += sizeof( struct ClearToken );

    i = 0;
    memmove( s, &i, sizeof( int ));
    s += sizeof( int );

    strcpy( s, lrealm );
    s += strlen( lrealm ) + 1;

    vi.in = buf;
    vi.in_size = s - buf;
    vi.out = buf;
    vi.out_size = sizeof( buf );

    if ( pioctl( 0, VIOCSETTOK, &vi, 0 ) < 0 ) {
	ap_log_error( APLOG_MARK, APLOG_ERR, r->server,
		"mod_afs: pioctl failed" );
    }

    /* we'll need to unlog when this connection is done. */
    ap_register_cleanup( r->pool, (void *)r, pioctl_cleanup, ap_null_cleanup );

ap_log_error( APLOG_MARK, APLOG_ERR, r->server,
	"mod_afs: done with token stuff" );

    return OK;
}


module MODULE_VAR_EXPORT afs_module = {
    STANDARD_MODULE_STUFF, 
    afs_init,              /* module initializer                  */
    NULL,                  /* create per-dir    config structures */
    NULL,                  /* merge  per-dir    config structures */
    NULL,                  /* create per-server config structures */
    NULL,                  /* merge  per-server config structures */
    NULL,                  /* table of config file commands       */
    NULL,                  /* [#8] MIME-typed-dispatched handlers */
    NULL,                  /* [#1] URI to filename translation    */
    NULL,                  /* [#4] validate user id from request  */
    NULL,                  /* [#5] check if the user is ok _here_ */
    NULL,                  /* [#3] check access by host address   */
    NULL,                  /* [#6] determine MIME type            */
    NULL,                  /* [#7] pre-run fixups                 */
    NULL,                  /* [#9] log a transaction              */
    get_afs_tokens,        /* [#2] header parser                  */
    afs_child_init,        /* child_init                          */
    NULL,                  /* child_exit                          */
    NULL                   /* [#0] post read-request              */
#ifdef EAPI
   ,NULL,                  /* EAPI: add_module                    */
    NULL,                  /* EAPI: remove_module                 */
    NULL,                  /* EAPI: rewrite_command               */
    NULL                   /* EAPI: new_connection                */
#endif
};
Commit	Line	Data
bed98ff9	1	#include "httpd.h"
	2	#include "http_config.h"
	3	#include "http_protocol.h"
	4	#include "http_log.h"
	5	#include "ap_config.h"
	6
	7	#include <sys/ioccom.h>
	8	#include <stropts.h>
	9	#include <kerberosIV/krb.h>
	10	#include <kerberosIV/des.h>
	11	#include <afs/venus.h>
	12
	13	#define SRVTAB "/usr/local/etc/srvtab.itdwww"
	14
	15	struct ClearToken {
	16	long AuthHandle;
	17	char HandShakeKey[ 8 ];
	18	long ViceId;
	19	long BeginTimestamp;
	20	long EndTimestamp;
	21	};
	22
b429ae96	23	static void
	24	afs_init( server_rec s, pool p )
	25	{
	26	extern char *version;
	27
	28	ap_log_error( APLOG_MARK, APLOG_INFO\|APLOG_NOERRNO, s,
	29	"mod_afs: version %s initialized.", version );
	30	return;
	31	}
	32
bed98ff9	33
b74fad73	34	static void
	35	afs_child_init( server_rec s, pool p )
	36	{
	37	setpag();
	38	ap_log_error( APLOG_MARK, APLOG_INFO\|APLOG_NOERRNO, s,
	39	"mod_afs: setpag called in child init" );
	40	return;
	41	}
	42
	43
bed98ff9	44	static void
	45	pioctl_cleanup( void *data )
	46	{
	47	request_rec r = (request_rec )data;
	48	struct ViceIoctl vi;
	49
	50	vi.in = NULL;
	51	vi.in_size = 0;
	52	vi.out = NULL;
	53	vi.out_size = 0;
	54
	55	if ( pioctl( 0, VIOCUNPAG, &vi, 0 ) < 0 ) {
	56	ap_log_error( APLOG_MARK, APLOG_ERR, r->server,
b74fad73	57	"mod_afs: unlog pioctl failed" );
bed98ff9	58	}
	59
	60	ap_log_error( APLOG_MARK, APLOG_ERR, r->server,
b74fad73	61	"mod_afs: unlog pioctl succeeded" );
b74fad73	62	return;
bed98ff9	63	}
	64
	65
	66	static int
	67	get_afs_tokens( request_rec *r )
	68	{
	69	CREDENTIALS cr;
	70	struct ViceIoctl vi;
	71	struct ClearToken ct;
	72	int i, rc;
	73	char buf[ 1024 ], *s;
	74	char *urealm = "UMICH.EDU";
	75	char *lrealm = "umich.edu";
	76
b74fad73	77	/*
	78	/* setpag();
	79	/* ap_log_error( APLOG_MARK, APLOG_INFO\|APLOG_NOERRNO, s,
	80	/* "mod_afs: setpag called in get_afs_tokens" );
	81	*/
bed98ff9	82
	83	if (( rc = get_ad_tkt( "afs", "", urealm, 255 )) != KSUCCESS ) {
	84	ap_log_error( APLOG_MARK, APLOG_NOERRNO\|APLOG_INFO, r->server,
b74fad73	85	"mod_afs: get_ad_tkt: %s", krb_err_txt[ rc ] );
bed98ff9	86
	87	/* user doesn't have tickets: use server's srvtab */
	88
	89	return OK;
	90	}
	91
	92	if (( rc = krb_get_cred( "afs", "", urealm, &cr )) != KSUCCESS ) {
	93	ap_log_error( APLOG_MARK, APLOG_NOERRNO\|APLOG_ERR, r->server,
b74fad73	94	"mod_afs: krb_get_cred: %s", krb_err_txt[ rc ] );
bed98ff9	95	return OK;
	96	}
	97
b429ae96	98	ap_log_error( APLOG_MARK, APLOG_NOERRNO\|APLOG_DEBUG, r->server,
b74fad73	99	"mod_afs: %s.%s@%s", cr.service, cr.instance, cr.realm );
b429ae96	100	ap_log_error( APLOG_MARK, APLOG_NOERRNO\|APLOG_DEBUG, r->server,
b74fad73	101	"mod_afs: %d %d %d", cr.lifetime, cr.kvno, cr.issue_date );
b429ae96	102	ap_log_error( APLOG_MARK, APLOG_NOERRNO\|APLOG_DEBUG, r->server,
b74fad73	103	"mod_afs: %s %s", cr.pname, cr.pinst );
b429ae96	104	ap_log_error( APLOG_MARK, APLOG_NOERRNO\|APLOG_DEBUG, r->server,
b74fad73	105	"mod_afs: %d", cr.ticket_st.length );
bed98ff9	106
	107	s = buf;
	108	memmove( s, &cr.ticket_st.length, sizeof( int ));
	109	s += sizeof( int );
	110	memmove( s, cr.ticket_st.dat, cr.ticket_st.length );
	111	s += cr.ticket_st.length;
	112
	113	ct.AuthHandle = cr.kvno;
	114	memmove( ct.HandShakeKey, cr.session, sizeof( cr.session ));
	115	ct.ViceId = 0;
	116	ct.BeginTimestamp = cr.issue_date;
	117	ct.EndTimestamp = krb_life_to_time( cr.issue_date, cr.lifetime );
	118
	119	i = sizeof( struct ClearToken );
	120	memmove( s, &i, sizeof( int ));
	121	s += sizeof( int );
	122	memmove( s, &ct, sizeof( struct ClearToken ));
	123	s += sizeof( struct ClearToken );
	124
	125	i = 0;
	126	memmove( s, &i, sizeof( int ));
	127	s += sizeof( int );
	128
	129	strcpy( s, lrealm );
	130	s += strlen( lrealm ) + 1;
	131
	132	vi.in = buf;
	133	vi.in_size = s - buf;
	134	vi.out = buf;
	135	vi.out_size = sizeof( buf );
	136
	137	if ( pioctl( 0, VIOCSETTOK, &vi, 0 ) < 0 ) {
	138	ap_log_error( APLOG_MARK, APLOG_ERR, r->server,
b74fad73	139	"mod_afs: pioctl failed" );
bed98ff9	140	}
	141
	142	/* we'll need to unlog when this connection is done. */
	143	ap_register_cleanup( r->pool, (void *)r, pioctl_cleanup, ap_null_cleanup );
	144
b74fad73	145	ap_log_error( APLOG_MARK, APLOG_ERR, r->server,
b74fad73	146	"mod_afs: done with token stuff" );
bed98ff9	147
	148	return OK;
	149	}
	150
	151
	152	module MODULE_VAR_EXPORT afs_module = {
	153	STANDARD_MODULE_STUFF,
b429ae96	154	afs_init, /* module initializer */
bed98ff9	155	NULL, /* create per-dir config structures */
	156	NULL, /* merge per-dir config structures */
	157	NULL, /* create per-server config structures */
	158	NULL, /* merge per-server config structures */
	159	NULL, /* table of config file commands */
	160	NULL, /* [#8] MIME-typed-dispatched handlers */
	161	NULL, /* [#1] URI to filename translation */
	162	NULL, /* [#4] validate user id from request */
	163	NULL, /* [#5] check if the user is ok _here_ */
	164	NULL, /* [#3] check access by host address */
	165	NULL, /* [#6] determine MIME type */
	166	NULL, /* [#7] pre-run fixups */
	167	NULL, /* [#9] log a transaction */
	168	get_afs_tokens, /* [#2] header parser */
b74fad73	169	afs_child_init, /* child_init */
bed98ff9	170	NULL, /* child_exit */
	171	NULL /* [#0] post read-request */
	172	#ifdef EAPI
	173	,NULL, /* EAPI: add_module */
	174	NULL, /* EAPI: remove_module */
	175	NULL, /* EAPI: rewrite_command */
	176	NULL /* EAPI: new_connection */
	177	#endif
	178	};