From 5d07a3434abc1a79d6341d90e4d29d561c4c02a6 Mon Sep 17 00:00:00 2001
From: Lee McDermott <github@leemcdermott.co.uk>
Date: Wed, 4 Apr 2012 14:52:57 +0100
Subject: [PATCH] Source tickets from memcached instead of cookie

---
 src/Makefile          |  2 +-
 src/mod_auth_pubtkt.c | 45 ++++++++++++++++++++++++++++++++++++++++---
 src/mod_auth_pubtkt.h |  5 ++++-
 3 files changed, 47 insertions(+), 5 deletions(-)

diff --git a/src/Makefile b/src/Makefile
index 3d74f60..74ebed2 100755
--- a/src/Makefile
+++ b/src/Makefile
@@ -6,7 +6,7 @@ MOD = mod_auth_pubtkt
 all: $(TARGET)
 
 $(TARGET): mod_auth_pubtkt.c ap_compat.h
-	$(APXS) -c -Wc,"-Wall -ansi $(CFLAGS)" -Wl,"$(LDFLAGS)" -l crypto $(MOD).c
+	$(APXS) -c -Wc,"-Wall -ansi $(CFLAGS)" -Wl,"$(LDFLAGS)" -l crypto -lmemcached $(MOD).c
 
 install: $(TARGET)
 	$(APXS) -i $(TARGET)
diff --git a/src/mod_auth_pubtkt.c b/src/mod_auth_pubtkt.c
index a42a2be..4950855 100755
--- a/src/mod_auth_pubtkt.c
+++ b/src/mod_auth_pubtkt.c
@@ -8,6 +8,7 @@
 	
 	See the LICENSE file included in the distribution for the license terms.
 */
+
 #include "mod_auth_pubtkt.h"
 
 /* ----------------------------------------------------------------------- */
@@ -17,6 +18,9 @@ auth_pubtkt_cache	*cache = NULL;
 apr_thread_mutex_t	*cache_lock;
 #endif
 
+memcached_st *memc = NULL;
+static struct memcached_server_st *servers = NULL;
+
 /* ----------------------------------------------------------------------- */
 /* Initializers */
 #ifdef APACHE13
@@ -33,6 +37,8 @@ void auth_pubtkt_child_init(server_rec *s, pool *p) {
 	OpenSSL_add_all_algorithms();
 	
 	cache_init(p, s);
+
+	memcached_init();
 }
 
 #else
@@ -51,6 +57,8 @@ static void auth_pubtkt_child_init(apr_pool_t *p, server_rec *s) {
 	OpenSSL_add_all_algorithms();
 	
 	cache_init(p, s);
+
+	memcached_init();
 }
 #endif
 
@@ -117,6 +125,17 @@ static void *merge_auth_pubtkt_serv_config(apr_pool_t *p, void* parent_dirv, voi
 /* ----------------------------------------------------------------------- */
 /* Caching */
 
+static void memcached_init() {
+	memcached_return rc;
+
+	memc = memcached_create(NULL);
+
+	servers = memcached_servers_parse("localhost");
+	rc = memcached_server_push(memc, servers);
+
+	/* todo - need to figure out at which point to free the memcached instance */
+}
+
 static void cache_init(apr_pool_t *p, server_rec* s) {
 	int i;
 	
@@ -438,7 +457,7 @@ static char *get_cookie_ticket(request_rec *r) {
 	apr_table_do(cookie_match, (void*)cr, r->headers_in, "Cookie", NULL);
 	
 	/* Give up if cookie not found or too short */
-	if (!cr->cookie || strlen(cr->cookie) < MIN_AUTH_COOKIE_SIZE)
+	if (!cr->cookie || strlen(cr->cookie) != MIN_AUTH_COOKIE_SIZE)
 		return NULL;
 	
 	return cr->cookie;
@@ -757,6 +776,8 @@ void dump_config(request_rec *r) {
 /* Main ticket authentication */
 static int auth_pubtkt_check(request_rec *r) {
 	char *ticket;
+	char *sessionid;
+
 	auth_pubtkt *parsed;
 	auth_pubtkt_dir_conf *conf = ap_get_module_config(r->per_dir_config,
 									&auth_pubtkt_module);
@@ -793,8 +814,26 @@ static int auth_pubtkt_check(request_rec *r) {
 		return redirect(r, conf->login_url);
 	}
 
-	/* Check for ticket cookie */
-	ticket = get_cookie_ticket(r);
+	/* get session id here from ticket */
+	sessionid = get_cookie_ticket(r);
+
+
+	fprintf(stderr, "Found session ID in cookie: %s\n", sessionid);
+
+	uint32_t flags;
+	size_t val1_len;
+	memcached_return rc;
+
+	ticket = memcached_get(memc, sessionid, MIN_AUTH_COOKIE_SIZE, &val1_len, &flags, &rc);
+
+	if (rc != MEMCACHED_SUCCESS) {
+		ap_log_rerror(APLOG_MARK, APLOG_INFO, APR_SUCCESS, r, 
+			"TKT: could not obtain ticket from memcached");
+		return redirect(r, conf->login_url);
+	}
+
+	fprintf(stderr, "Ticket obtained from memcached: %s\n", ticket);
+
 	if (ticket == NULL) {
 		ap_log_rerror(APLOG_MARK, APLOG_INFO, APR_SUCCESS, r, 
 			"TKT: no ticket found - redirecting to login URL");
diff --git a/src/mod_auth_pubtkt.h b/src/mod_auth_pubtkt.h
index a1209ca..c32704c 100644
--- a/src/mod_auth_pubtkt.h
+++ b/src/mod_auth_pubtkt.h
@@ -15,6 +15,8 @@
 #include <openssl/err.h>
 #include <openssl/pem.h>
 
+#include <libmemcached/memcached.h>
+
 #include "httpd.h"
 #include "http_config.h"
 #include "http_log.h"
@@ -45,7 +47,7 @@
 #define REMOTE_USER_ENV "REMOTE_USER"
 #define REMOTE_USER_DATA_ENV "REMOTE_USER_DATA"
 #define REMOTE_USER_TOKENS_ENV "REMOTE_USER_TOKENS"
-#define MIN_AUTH_COOKIE_SIZE 64	/* the Base64-encoded signature alone is >= 64 bytes */
+#define MIN_AUTH_COOKIE_SIZE 32	/* the Base64-encoded signature alone is >= 64 bytes */
 #define CACHE_SIZE 200			/* number of entries in ticket cache */
 #define MAX_TICKET_SIZE 1024	/* maximum length of raw ticket */
 
@@ -122,6 +124,7 @@ static void* merge_auth_pubtkt_config(apr_pool_t *p, void* parent_dirv, void* su
 static void *create_auth_pubtkt_serv_config(apr_pool_t *p, server_rec* s);
 static void *merge_auth_pubtkt_serv_config(apr_pool_t *p, void* parent_dirv, void* subdirv);
 
+static void memcached_init();
 static void cache_init(apr_pool_t *p, server_rec* s);
 static int cache_get(const char* ticket, auth_pubtkt *tkt);
 static void cache_put(const char *ticket, auth_pubtkt *tkt);