Add rxgk support to userok

Change-Id: I5da2a89532453b6bec61fc87218a61455e39f6f0 Reviewed-on: https://gerrit.openafs.org/10576 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
2025-01-18 06:50:12 +00:00 · 2013-12-04 13:03:46 -05:00 · 2013-12-04 13:03:46 -05:00 · 4091b9271b
commit 4091b9271b
parent 69e083d4aa
3 changed files with 38 additions and 2 deletions
--- a/Makefile.in
+++ b/Makefile.in
@ -228,7 +228,7 @@ rxgk: cmd comerr hcrypto rfc3961 rx rxgk_depinstall
 rxkad: cmd comerr hcrypto rfc3961 rx rxkad_depinstall
 	+${COMPILE_PART1} rxkad ${COMPILE_PART2}

-auth: cmd comerr hcrypto lwp rx rxkad audit sys auth_depinstall
+auth: cmd comerr hcrypto lwp rx rxkad audit sys auth_depinstall rxgk
 	+${COMPILE_PART1} auth ${COMPILE_PART2}

 ubik: cmd comerr auth ubik_depinstall sys
--- a/src/auth/Makefile.in
+++ b/src/auth/Makefile.in
@ -23,7 +23,8 @@ LT_deps= $(top_builddir)/src/opr/liboafs_opr.la \
 	 $(top_builddir)/src/rxkad/liboafs_rxkad.la \
 	 $(top_builddir)/src/audit/liboafs_audit.la \
 	 $(top_builddir)/src/util/liboafs_util.la \
-	 $(top_builddir)/src/sys/liboafs_sys.la
+	 $(top_builddir)/src/sys/liboafs_sys.la \
+	 @RXGK_LIBS@

 LT_libs= $(LDFLAGS_roken) $(LIB_roken)

--- a/src/auth/userok.c
+++ b/src/auth/userok.c
@ -20,6 +20,9 @@
 #include <rx/xdr.h>
 #include <rx/rx.h>
 #include <rx/rx_identity.h>
+#ifdef AFS_RXGK_ENV
+# include <rx/rxgk.h>
+#endif
 #include <afs/afsutil.h>
 #include <afs/fileutil.h>

@ -723,6 +726,32 @@ rxkadSuperUser(struct afsconf_dir *adir, struct rx_call *acall,
    return kerberosSuperUser(adir, tname, tinst, tcell, identity);
 }

+#ifdef AFS_RXGK_ENV
+static int
+rxgkSuperUser(struct afsconf_dir *adir, struct rx_call *acall,
+	      struct rx_identity **identity_out)
+{
+    struct rx_identity *identity = NULL;
+    int is_super = 0;
+
+    if (rxgk_GetServerInfo(rx_ConnectionOf(acall), NULL /*level*/, NULL /*expiry*/,
+                           &identity) != 0)
+        return 0;
+
+    if (afsconf_IsSuperIdentity(adir, identity)) {
+        is_super = 1;
+        if (identity_out != NULL) {
+            *identity_out = identity;
+            identity = NULL;
+        }
+    }
+    if (identity != NULL) {
+        rx_identity_free(&identity);
+    }
+    return is_super;
+}
+#endif /* AFS_RXGK_ENV */
+
 /*!
 * Check whether the user authenticated on a given RX call is a super
 * user or not. If they are, return a pointer to the identity of that
@ -773,6 +802,12 @@ afsconf_SuperIdentity(struct afsconf_dir *adir, struct rx_call *acall,
 	flag = rxkadSuperUser(adir, acall, identity);
 	UNLOCK_GLOBAL_MUTEX;
 	return flag;
+#ifdef AFS_RXGK_ENV
+    } else if (code == RX_SECIDX_GK) {
+	flag = rxgkSuperUser(adir, acall, identity);
+	UNLOCK_GLOBAL_MUTEX;
+	return flag;
+#endif
    } else {			/* some other auth type */
 	UNLOCK_GLOBAL_MUTEX;
 	return 0;		/* mysterious, just say no */