bed98ff9 |
1 | #include "httpd.h" |
2 | #include "http_config.h" |
3 | #include "http_protocol.h" |
4 | #include "http_log.h" |
5 | #include "ap_config.h" |
6 | |
7 | #include <sys/ioccom.h> |
8 | #include <stropts.h> |
9 | #include <kerberosIV/krb.h> |
10 | #include <kerberosIV/des.h> |
11 | #include <afs/venus.h> |
12 | |
13 | #define SRVTAB "/usr/local/etc/srvtab.itdwww" |
14 | |
15 | struct ClearToken { |
16 | long AuthHandle; |
17 | char HandShakeKey[ 8 ]; |
18 | long ViceId; |
19 | long BeginTimestamp; |
20 | long EndTimestamp; |
21 | }; |
22 | |
23 | |
24 | static void |
25 | pioctl_cleanup( void *data ) |
26 | { |
27 | request_rec *r = (request_rec *)data; |
28 | struct ViceIoctl vi; |
29 | |
30 | vi.in = NULL; |
31 | vi.in_size = 0; |
32 | vi.out = NULL; |
33 | vi.out_size = 0; |
34 | |
35 | if ( pioctl( 0, VIOCUNPAG, &vi, 0 ) < 0 ) { |
36 | ap_log_error( APLOG_MARK, APLOG_ERR, r->server, |
37 | "unlog pioctl failed\n" ); |
38 | } |
39 | |
40 | ap_log_error( APLOG_MARK, APLOG_ERR, r->server, |
41 | "unlog pioctl succeeded\n" ); |
42 | } |
43 | |
44 | |
45 | static int |
46 | get_afs_tokens( request_rec *r ) |
47 | { |
48 | CREDENTIALS cr; |
49 | struct ViceIoctl vi; |
50 | struct ClearToken ct; |
51 | int i, rc; |
52 | char buf[ 1024 ], *s; |
53 | char *urealm = "UMICH.EDU"; |
54 | char *lrealm = "umich.edu"; |
55 | |
56 | setpag(); |
57 | |
58 | if (( rc = get_ad_tkt( "afs", "", urealm, 255 )) != KSUCCESS ) { |
59 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r->server, |
60 | "get_ad_tkt: %s\n", krb_err_txt[ rc ] ); |
61 | |
62 | /* user doesn't have tickets: use server's srvtab */ |
63 | |
64 | return OK; |
65 | } |
66 | |
67 | if (( rc = krb_get_cred( "afs", "", urealm, &cr )) != KSUCCESS ) { |
68 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
69 | "krb_get_cred: %s\n", krb_err_txt[ rc ] ); |
70 | return OK; |
71 | } |
72 | |
73 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server, "%s.%s@%s\n", cr.service, cr.instance, cr.realm ); |
74 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server, "%d %d %d\n", cr.lifetime, cr.kvno, cr.issue_date ); |
75 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server, "%s %s\n", cr.pname, cr.pinst ); |
76 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server, "%d\n", cr.ticket_st.length ); |
77 | |
78 | s = buf; |
79 | memmove( s, &cr.ticket_st.length, sizeof( int )); |
80 | s += sizeof( int ); |
81 | memmove( s, cr.ticket_st.dat, cr.ticket_st.length ); |
82 | s += cr.ticket_st.length; |
83 | |
84 | ct.AuthHandle = cr.kvno; |
85 | memmove( ct.HandShakeKey, cr.session, sizeof( cr.session )); |
86 | ct.ViceId = 0; |
87 | ct.BeginTimestamp = cr.issue_date; |
88 | ct.EndTimestamp = krb_life_to_time( cr.issue_date, cr.lifetime ); |
89 | |
90 | i = sizeof( struct ClearToken ); |
91 | memmove( s, &i, sizeof( int )); |
92 | s += sizeof( int ); |
93 | memmove( s, &ct, sizeof( struct ClearToken )); |
94 | s += sizeof( struct ClearToken ); |
95 | |
96 | i = 0; |
97 | memmove( s, &i, sizeof( int )); |
98 | s += sizeof( int ); |
99 | |
100 | strcpy( s, lrealm ); |
101 | s += strlen( lrealm ) + 1; |
102 | |
103 | vi.in = buf; |
104 | vi.in_size = s - buf; |
105 | vi.out = buf; |
106 | vi.out_size = sizeof( buf ); |
107 | |
108 | if ( pioctl( 0, VIOCSETTOK, &vi, 0 ) < 0 ) { |
109 | ap_log_error( APLOG_MARK, APLOG_ERR, r->server, |
110 | "pioctl failed\n" ); |
111 | } |
112 | |
113 | /* we'll need to unlog when this connection is done. */ |
114 | ap_register_cleanup( r->pool, (void *)r, pioctl_cleanup, ap_null_cleanup ); |
115 | |
116 | ap_log_error( APLOG_MARK, APLOG_ERR, r->server, "done with token stuff\n" ); |
117 | |
118 | return OK; |
119 | } |
120 | |
121 | |
122 | module MODULE_VAR_EXPORT afs_module = { |
123 | STANDARD_MODULE_STUFF, |
124 | NULL, /* module initializer */ |
125 | NULL, /* create per-dir config structures */ |
126 | NULL, /* merge per-dir config structures */ |
127 | NULL, /* create per-server config structures */ |
128 | NULL, /* merge per-server config structures */ |
129 | NULL, /* table of config file commands */ |
130 | NULL, /* [#8] MIME-typed-dispatched handlers */ |
131 | NULL, /* [#1] URI to filename translation */ |
132 | NULL, /* [#4] validate user id from request */ |
133 | NULL, /* [#5] check if the user is ok _here_ */ |
134 | NULL, /* [#3] check access by host address */ |
135 | NULL, /* [#6] determine MIME type */ |
136 | NULL, /* [#7] pre-run fixups */ |
137 | NULL, /* [#9] log a transaction */ |
138 | get_afs_tokens, /* [#2] header parser */ |
139 | NULL, /* child_init */ |
140 | NULL, /* child_exit */ |
141 | NULL /* [#0] post read-request */ |
142 | #ifdef EAPI |
143 | ,NULL, /* EAPI: add_module */ |
144 | NULL, /* EAPI: remove_module */ |
145 | NULL, /* EAPI: rewrite_command */ |
146 | NULL /* EAPI: new_connection */ |
147 | #endif |
148 | }; |