tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From na...@apache.org
Subject cvs commit: jakarta-tomcat-connectors/jk/native2/server/isapi jk_service_iis.c
Date Fri, 14 Jun 2002 23:12:05 GMT
nacho       2002/06/14 16:12:05

  Modified:    jk/native2/server/isapi jk_service_iis.c
  Log:
  * Pass the groups of the logged in user as roles.. In IIS the authentication can be tied
to the OS Auth when using NTLM,  Basic or Cert.
  
  Revision  Changes    Path
  1.18      +66 -6     jakarta-tomcat-connectors/jk/native2/server/isapi/jk_service_iis.c
  
  Index: jk_service_iis.c
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native2/server/isapi/jk_service_iis.c,v
  retrieving revision 1.17
  retrieving revision 1.18
  diff -u -r1.17 -r1.18
  --- jk_service_iis.c	5 Jun 2002 21:41:28 -0000	1.17
  +++ jk_service_iis.c	14 Jun 2002 23:12:05 -0000	1.18
  @@ -2,7 +2,7 @@
    *                                                                           *
    *                 The Apache Software License,  Version 1.1                 *
    *                                                                           *
  - *          Copyright (c) 1999-2001 The Apache Software Foundation.          *
  + *          Copyright (c) 1999-2002 The Apache Software Foundation.          *
    *                           All rights reserved.                            *
    *                                                                           *
    * ========================================================================= *
  @@ -79,7 +79,6 @@
   
   #include "jk_iis.h"
   
  -
   static int JK_METHOD jk2_service_iis_head(jk_env_t *env, jk_ws_service_t *s ){
       static char crlf[3] = { (char)13, (char)10, '\0' };
       const char *reason;
  @@ -274,6 +273,62 @@
       return JK_TRUE;
   }
   
  +#define MAX_NAME 256
  +
  +char * jk2_service_iis_get_roles(jk_env_t *env, jk_ws_service_t *s)
  +{
  +    LPEXTENSION_CONTROL_BLOCK  lpEcb=(LPEXTENSION_CONTROL_BLOCK)s->ws_private;
  +    HANDLE h;
  +    DWORD len=0;
  +    PTOKEN_GROUPS g=NULL;
  +    unsigned i;
  +    char *roles=NULL;
  +    if ( lpEcb->ServerSupportFunction(lpEcb->ConnID,
  +                                      HSE_REQ_GET_IMPERSONATION_TOKEN,
  +                                      (LPVOID)&h, NULL,NULL) != FALSE ){
  +        // First get the length of the user's groups array and gets the memory 
  +        if ( !GetTokenInformation(h, TokenGroups, NULL, len , &len ) ) {
  +            if ( ERROR_INSUFFICIENT_BUFFER == GetLastError() ){
  +                g = (PTOKEN_GROUPS)s->pool->calloc(env,s->pool,len);
  +            }
  +        }
  +        if ( g != NULL ){
  +            if ( GetTokenInformation(h, TokenGroups, g, len, &len)) {
  +                roles=s->pool->calloc(env,s->pool,(g->GroupCount)*MAX_NAME);
  +                for (i=0; i < g->GroupCount ; i++){
  +                    char name[MAX_NAME],domain[MAX_NAME];
  +                    DWORD nLen = MAX_NAME, dLen = MAX_NAME;
  +                    SID_NAME_USE eUse;
  +                    // Get  the user name and the domain from the SID.
  +                    env->l->jkLog(env, env->l, JK_LOG_DEBUG, 
  +                           "jk2_service_iis_get_roles requesting name for member:%d attributes:%#lx
SID:%#lx \n",
  +                            i,g->Groups[i].Attributes, g->Groups[i].Sid );
  +                    if ( ! LookupAccountSid(NULL,g->Groups[i].Sid,name,&nLen,domain,&dLen,&eUse)
){
  +                        env->l->jkLog(env, env->l, JK_LOG_INFO, 
  +                               "jk2_service_iis_get_roles problems requesting name for
member:%d attributes:%#lx SID:%#lx \n",
  +                                i,g->Groups[i].Attributes, g->Groups[i].Sid );
  +                            
  +                    } else {
  +                        strcpy(roles+strlen(roles),name);
  +                        roles[strlen(roles)]=',';
  +                        roles[strlen(roles)+1]='\0';
  +                        env->l->jkLog(env, env->l, JK_LOG_DEBUG, 
  +                               "jk2_service_iis_get_roles member:%d attributes:%#lx SID:%#lx
name:%s\n",
  +                                i,g->Groups[i].Attributes, g->Groups[i].Sid,name
);
  +                    }
  +                }
  +                roles[strlen(roles)-1]='\0';
  +                env->l->jkLog(env, env->l, JK_LOG_INFO, 
  +                       "jk_ws_service_t::jk2_service_iis_get_roles roles:%s \n",
  +                        roles );
  +            }
  +            return roles;
  +        } else {
  +            return NULL;
  +        }
  +    }
  +    return NULL;
  +}
   
   static int JK_METHOD jk2_service_iis_initService( struct jk_env *env, jk_ws_service_t *s,
                    struct jk_worker *w, void *serverObj )
  @@ -340,6 +395,14 @@
       /*
        * Add SSL IIS environment
        */
  +
  +    if ( strlen(s->remote_user) > 0 ){
  +        char *groups=jk2_service_iis_get_roles(env, s);
  +        if( groups != NULL){
  +            s->attributes->put( env, s->attributes,"ROLES",groups,NULL);
  +        }
  +    }
  +
       if (s->is_ssl) {         
           char *ssl_env_names[9] = {
               "CERT_ISSUER", 
  @@ -373,10 +436,7 @@
               }
           }
           if (num_of_vars) {
  -            unsigned j;
  -
  -            jk2_map_default_create(env, &s->attributes, s->pool );
  -            j = 0;
  +            unsigned j=0;
               for(i = 0 ; i < 9 ; i++) {                
                   if (ssl_env_values[i]) {
                       s->attributes->put( env, s->attributes, 
  
  
  

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message