| 1 | #include "httpd.h" |
| 2 | #include "http_config.h" |
| 3 | #include "http_protocol.h" |
| 4 | #include "http_log.h" |
| 5 | #include "ap_config.h" |
| 6 | |
| 7 | #include <sys/ioccom.h> |
| 8 | #include <stropts.h> |
| 9 | #include <kerberosIV/krb.h> |
| 10 | #include <kerberosIV/des.h> |
| 11 | #include <afs/venus.h> |
| 12 | |
| 13 | #define SRVTAB "/usr/local/etc/srvtab.itdwww" |
| 14 | |
| 15 | struct ClearToken { |
| 16 | long AuthHandle; |
| 17 | char HandShakeKey[ 8 ]; |
| 18 | long ViceId; |
| 19 | long BeginTimestamp; |
| 20 | long EndTimestamp; |
| 21 | }; |
| 22 | |
| 23 | static void |
| 24 | afs_init( server_rec *s, pool *p ) |
| 25 | { |
| 26 | extern char *version; |
| 27 | |
| 28 | ap_log_error( APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, s, |
| 29 | "mod_afs: version %s initialized.", version ); |
| 30 | return; |
| 31 | } |
| 32 | |
| 33 | |
| 34 | static void |
| 35 | afs_child_init( server_rec *s, pool *p ) |
| 36 | { |
| 37 | setpag(); |
| 38 | ap_log_error( APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, s, |
| 39 | "mod_afs: setpag called in child init" ); |
| 40 | return; |
| 41 | } |
| 42 | |
| 43 | |
| 44 | static void |
| 45 | pioctl_cleanup( void *data ) |
| 46 | { |
| 47 | request_rec *r = (request_rec *)data; |
| 48 | struct ViceIoctl vi; |
| 49 | |
| 50 | vi.in = NULL; |
| 51 | vi.in_size = 0; |
| 52 | vi.out = NULL; |
| 53 | vi.out_size = 0; |
| 54 | |
| 55 | if ( pioctl( 0, VIOCUNPAG, &vi, 0 ) < 0 ) { |
| 56 | ap_log_error( APLOG_MARK, APLOG_ERR, r->server, |
| 57 | "mod_afs: unlog pioctl failed" ); |
| 58 | } |
| 59 | |
| 60 | ap_log_error( APLOG_MARK, APLOG_ERR, r->server, |
| 61 | "mod_afs: unlog pioctl succeeded" ); |
| 62 | return; |
| 63 | } |
| 64 | |
| 65 | |
| 66 | static int |
| 67 | get_afs_tokens( request_rec *r ) |
| 68 | { |
| 69 | CREDENTIALS cr; |
| 70 | struct ViceIoctl vi; |
| 71 | struct ClearToken ct; |
| 72 | int i, rc; |
| 73 | char buf[ 1024 ], *s; |
| 74 | char *urealm = "UMICH.EDU"; |
| 75 | char *lrealm = "umich.edu"; |
| 76 | |
| 77 | /* |
| 78 | /* setpag(); |
| 79 | /* ap_log_error( APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, s, |
| 80 | /* "mod_afs: setpag called in get_afs_tokens" ); |
| 81 | */ |
| 82 | |
| 83 | if (( rc = get_ad_tkt( "afs", "", urealm, 255 )) != KSUCCESS ) { |
| 84 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r->server, |
| 85 | "mod_afs: get_ad_tkt: %s", krb_err_txt[ rc ] ); |
| 86 | |
| 87 | /* user doesn't have tickets: use server's srvtab */ |
| 88 | |
| 89 | return OK; |
| 90 | } |
| 91 | |
| 92 | if (( rc = krb_get_cred( "afs", "", urealm, &cr )) != KSUCCESS ) { |
| 93 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, |
| 94 | "mod_afs: krb_get_cred: %s", krb_err_txt[ rc ] ); |
| 95 | return OK; |
| 96 | } |
| 97 | |
| 98 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server, |
| 99 | "mod_afs: %s.%s@%s", cr.service, cr.instance, cr.realm ); |
| 100 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server, |
| 101 | "mod_afs: %d %d %d", cr.lifetime, cr.kvno, cr.issue_date ); |
| 102 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server, |
| 103 | "mod_afs: %s %s", cr.pname, cr.pinst ); |
| 104 | ap_log_error( APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r->server, |
| 105 | "mod_afs: %d", cr.ticket_st.length ); |
| 106 | |
| 107 | s = buf; |
| 108 | memmove( s, &cr.ticket_st.length, sizeof( int )); |
| 109 | s += sizeof( int ); |
| 110 | memmove( s, cr.ticket_st.dat, cr.ticket_st.length ); |
| 111 | s += cr.ticket_st.length; |
| 112 | |
| 113 | ct.AuthHandle = cr.kvno; |
| 114 | memmove( ct.HandShakeKey, cr.session, sizeof( cr.session )); |
| 115 | ct.ViceId = 0; |
| 116 | ct.BeginTimestamp = cr.issue_date; |
| 117 | ct.EndTimestamp = krb_life_to_time( cr.issue_date, cr.lifetime ); |
| 118 | |
| 119 | i = sizeof( struct ClearToken ); |
| 120 | memmove( s, &i, sizeof( int )); |
| 121 | s += sizeof( int ); |
| 122 | memmove( s, &ct, sizeof( struct ClearToken )); |
| 123 | s += sizeof( struct ClearToken ); |
| 124 | |
| 125 | i = 0; |
| 126 | memmove( s, &i, sizeof( int )); |
| 127 | s += sizeof( int ); |
| 128 | |
| 129 | strcpy( s, lrealm ); |
| 130 | s += strlen( lrealm ) + 1; |
| 131 | |
| 132 | vi.in = buf; |
| 133 | vi.in_size = s - buf; |
| 134 | vi.out = buf; |
| 135 | vi.out_size = sizeof( buf ); |
| 136 | |
| 137 | if ( pioctl( 0, VIOCSETTOK, &vi, 0 ) < 0 ) { |
| 138 | ap_log_error( APLOG_MARK, APLOG_ERR, r->server, |
| 139 | "mod_afs: pioctl failed" ); |
| 140 | } |
| 141 | |
| 142 | /* we'll need to unlog when this connection is done. */ |
| 143 | ap_register_cleanup( r->pool, (void *)r, pioctl_cleanup, ap_null_cleanup ); |
| 144 | |
| 145 | ap_log_error( APLOG_MARK, APLOG_ERR, r->server, |
| 146 | "mod_afs: done with token stuff" ); |
| 147 | |
| 148 | return OK; |
| 149 | } |
| 150 | |
| 151 | |
| 152 | module MODULE_VAR_EXPORT afs_module = { |
| 153 | STANDARD_MODULE_STUFF, |
| 154 | afs_init, /* module initializer */ |
| 155 | NULL, /* create per-dir config structures */ |
| 156 | NULL, /* merge per-dir config structures */ |
| 157 | NULL, /* create per-server config structures */ |
| 158 | NULL, /* merge per-server config structures */ |
| 159 | NULL, /* table of config file commands */ |
| 160 | NULL, /* [#8] MIME-typed-dispatched handlers */ |
| 161 | NULL, /* [#1] URI to filename translation */ |
| 162 | NULL, /* [#4] validate user id from request */ |
| 163 | NULL, /* [#5] check if the user is ok _here_ */ |
| 164 | NULL, /* [#3] check access by host address */ |
| 165 | NULL, /* [#6] determine MIME type */ |
| 166 | NULL, /* [#7] pre-run fixups */ |
| 167 | NULL, /* [#9] log a transaction */ |
| 168 | get_afs_tokens, /* [#2] header parser */ |
| 169 | afs_child_init, /* child_init */ |
| 170 | NULL, /* child_exit */ |
| 171 | NULL /* [#0] post read-request */ |
| 172 | #ifdef EAPI |
| 173 | ,NULL, /* EAPI: add_module */ |
| 174 | NULL, /* EAPI: remove_module */ |
| 175 | NULL, /* EAPI: rewrite_command */ |
| 176 | NULL /* EAPI: new_connection */ |
| 177 | #endif |
| 178 | }; |