nacho 2002/06/14 16:12:05
Modified: jk/native2/server/isapi jk_service_iis.c
Log:
* Pass the groups of the logged in user as roles.. In IIS the authentication can be
tied to the OS Auth when using NTLM, Basic or Cert.
Revision Changes Path
1.18 +66 -6
jakarta-tomcat-connectors/jk/native2/server/isapi/jk_service_iis.c
Index: jk_service_iis.c
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/jk/native2/server/isapi/jk_service_iis.c,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- jk_service_iis.c 5 Jun 2002 21:41:28 -0000 1.17
+++ jk_service_iis.c 14 Jun 2002 23:12:05 -0000 1.18
@@ -2,7 +2,7 @@
* *
* The Apache Software License, Version 1.1 *
* *
- * Copyright (c) 1999-2001 The Apache Software Foundation. *
+ * Copyright (c) 1999-2002 The Apache Software Foundation. *
* All rights reserved. *
* *
* ========================================================================= *
@@ -79,7 +79,6 @@
#include "jk_iis.h"
-
static int JK_METHOD jk2_service_iis_head(jk_env_t *env, jk_ws_service_t *s ){
static char crlf[3] = { (char)13, (char)10, '\0' };
const char *reason;
@@ -274,6 +273,62 @@
return JK_TRUE;
}
+#define MAX_NAME 256
+
+char * jk2_service_iis_get_roles(jk_env_t *env, jk_ws_service_t *s)
+{
+ LPEXTENSION_CONTROL_BLOCK lpEcb=(LPEXTENSION_CONTROL_BLOCK)s->ws_private;
+ HANDLE h;
+ DWORD len=0;
+ PTOKEN_GROUPS g=NULL;
+ unsigned i;
+ char *roles=NULL;
+ if ( lpEcb->ServerSupportFunction(lpEcb->ConnID,
+ HSE_REQ_GET_IMPERSONATION_TOKEN,
+ (LPVOID)&h, NULL,NULL) != FALSE ){
+ // First get the length of the user's groups array and gets the memory
+ if ( !GetTokenInformation(h, TokenGroups, NULL, len , &len ) ) {
+ if ( ERROR_INSUFFICIENT_BUFFER == GetLastError() ){
+ g = (PTOKEN_GROUPS)s->pool->calloc(env,s->pool,len);
+ }
+ }
+ if ( g != NULL ){
+ if ( GetTokenInformation(h, TokenGroups, g, len, &len)) {
+ roles=s->pool->calloc(env,s->pool,(g->GroupCount)*MAX_NAME);
+ for (i=0; i < g->GroupCount ; i++){
+ char name[MAX_NAME],domain[MAX_NAME];
+ DWORD nLen = MAX_NAME, dLen = MAX_NAME;
+ SID_NAME_USE eUse;
+ // Get the user name and the domain from the SID.
+ env->l->jkLog(env, env->l, JK_LOG_DEBUG,
+ "jk2_service_iis_get_roles requesting name for member:%d
attributes:%#lx SID:%#lx \n",
+ i,g->Groups[i].Attributes, g->Groups[i].Sid );
+ if ( !
LookupAccountSid(NULL,g->Groups[i].Sid,name,&nLen,domain,&dLen,&eUse) ){
+ env->l->jkLog(env, env->l, JK_LOG_INFO,
+ "jk2_service_iis_get_roles problems requesting name
for member:%d attributes:%#lx SID:%#lx \n",
+ i,g->Groups[i].Attributes, g->Groups[i].Sid );
+
+ } else {
+ strcpy(roles+strlen(roles),name);
+ roles[strlen(roles)]=',';
+ roles[strlen(roles)+1]='\0';
+ env->l->jkLog(env, env->l, JK_LOG_DEBUG,
+ "jk2_service_iis_get_roles member:%d attributes:%#lx
SID:%#lx name:%s\n",
+ i,g->Groups[i].Attributes, g->Groups[i].Sid,name );
+ }
+ }
+ roles[strlen(roles)-1]='\0';
+ env->l->jkLog(env, env->l, JK_LOG_INFO,
+ "jk_ws_service_t::jk2_service_iis_get_roles roles:%s \n",
+ roles );
+ }
+ return roles;
+ } else {
+ return NULL;
+ }
+ }
+ return NULL;
+}
static int JK_METHOD jk2_service_iis_initService( struct jk_env *env,
jk_ws_service_t *s,
struct jk_worker *w, void *serverObj )
@@ -340,6 +395,14 @@
/*
* Add SSL IIS environment
*/
+
+ if ( strlen(s->remote_user) > 0 ){
+ char *groups=jk2_service_iis_get_roles(env, s);
+ if( groups != NULL){
+ s->attributes->put( env, s->attributes,"ROLES",groups,NULL);
+ }
+ }
+
if (s->is_ssl) {
char *ssl_env_names[9] = {
"CERT_ISSUER",
@@ -373,10 +436,7 @@
}
}
if (num_of_vars) {
- unsigned j;
-
- jk2_map_default_create(env, &s->attributes, s->pool );
- j = 0;
+ unsigned j=0;
for(i = 0 ; i < 9 ; i++) {
if (ssl_env_values[i]) {
s->attributes->put( env, s->attributes,
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
