auth: Return SuperUser identity for localauth

The caller expects identity to be populated when we return 1. So for localauth, give it an identity. Don't set uname, and in fact, move the uname declaration so that it is clear that it's not used for most of this function. Change-Id: I4dcd466b25f578362290ed2fc65b5bd6e23a91e4 Reviewed-on: http://gerrit.openafs.org/3475 Reviewed-by: Simon Wilkinson <sxw@inf.ed.ac.uk> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@dementia.org>
2025-01-19 15:30:14 +00:00 · 2010-12-07 13:31:36 -06:00 · 2010-12-07 13:31:36 -06:00 · 4dd9bc32a3
commit 4dd9bc32a3
parent c1b71c4e7b
1 changed files with 9 additions and 7 deletions
--- a/src/auth/userok.c
+++ b/src/auth/userok.c
@ -48,6 +48,11 @@
 #include "keys.h"
 #include "afs/audit.h"

+/* The display names for localauth and noauth identities; they aren't used
+ * inside tickets or anything, but just serve as something to display in logs,
+ * etc. */
+#define AFS_LOCALAUTH_NAME "<LocalAuth>"
+#define AFS_LOCALAUTH_LEN  (sizeof(AFS_LOCALAUTH_NAME)-1)
 #define AFS_NOAUTH_NAME "<NoAuth>"
 #define AFS_NOAUTH_LEN  (sizeof(AFS_NOAUTH_NAME)-1)

@ -605,10 +610,6 @@ kerberosSuperUser(struct afsconf_dir *adir, char *tname, char *tinst,
 {
    char tcell_l[MAXKTCREALMLEN] = "";
    char *tmp;
-
-    /* keep track of which one actually authorized request */
-    char uname[MAXKTCNAMELEN + MAXKTCNAMELEN + MAXKTCREALMLEN + 3];
-
    static char lcell[MAXCELLCHARS] = "";
    static char lrealms[AFS_NUM_LREALMS][AFS_REALM_SZ];
    static int  num_lrealms = -1;
@ -659,6 +660,7 @@ kerberosSuperUser(struct afsconf_dir *adir, char *tname, char *tinst,
    /* If yes, then make sure that the name is not present in
     * an exclusion list */
    if (lrealm_match) {
+	char uname[MAXKTCNAMELEN + MAXKTCNAMELEN + MAXKTCREALMLEN + 3];
 	if (tinst && tinst[0])
 	    snprintf(uname,sizeof(uname),"%s.%s@%s",tname,tinst,tcell);
 	else
@ -668,15 +670,15 @@ kerberosSuperUser(struct afsconf_dir *adir, char *tname, char *tinst,
 	    lrealm_match = 0;
    }

-    /* start with no uname and no authorization */
-    strcpy(uname, "");
+    /* start with no authorization */
    flag = 0;

    /* localauth special case */
    if ((tinst == NULL || strlen(tinst) == 0) &&
 	(tcell == NULL || strlen(tcell) == 0)
 	&& !strcmp(tname, AUTH_SUPERUSER)) {
-	strcpy(uname, "<LocalAuth>");
+	*identity = rx_identity_new(RX_ID_KRB4, AFS_LOCALAUTH_NAME,
+	                            AFS_LOCALAUTH_NAME, AFS_LOCALAUTH_LEN);
 	flag = 1;

 	/* cell of connection matches local cell or one of the realms */