Instead of the current event stack, which uses a sorted linked
list, use a red/black tree to maintain the timer stack. This
dramatically improves event insertion times, at the expense of
some additional implementation complexity.
This change also adds reference counting to the rxevent
structure. We've always had a race between an event being
fired, and that event being simultaneously cancelled by
the user thread. Reference counting avoids that race resulting
in the structure appearing twice in the free list.
Change-Id: Icbef6e04e01f3eef5b888bc3cb77b7a3d1be26ae
Reviewed-on: http://gerrit.openafs.org/5841
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Make the code which adds a new (static) DES key to a cell's
configuration generally available, as this will also be useful in
constructing other tests
Change-Id: I5d284016628e9d25a198607ffd6f8f1a63ddf652
Reviewed-on: http://gerrit.openafs.org/4807
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Move code for faking up an OpenAFS configuration directory into its
own "common" directory, as it's going to be of use to more tests than
just those in auth.
Change-Id: I9c80dd66763e222deca98bc7744ff317111c6ed8
Reviewed-on: http://gerrit.openafs.org/4806
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
We need to give a NULL pointer for string OUT arguments, so XDR knows
to allocate a new string. Also free the string each time so it gets
set back to NULL.
Change-Id: I1eb0c63dc4019b855a2cbecd9e35393f2fbb0fd7
Reviewed-on: http://gerrit.openafs.org/4708
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
A reference to the rxgk library crept into auth Makefile ahead of
time. Remove it so that tests can continue to work in trees without
rxgk.
Change-Id: Ic1392aebf657d458a55f2dcf685d0616f0573622
Reviewed-on: http://gerrit.openafs.org/4446
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Rework the afsconf_UpToDate check so that it uses the modifcation of
the CellServDB, and not the KeyFile to determine whether the
configuration information has been changed under us or not. afsconf
defines the CellServDB as being the single sentinel for a config
directory being changed, and our tools are careful to always touch
the CellServDB when updating anything else there.
Also, rework the _afsconf_Check() code so that it uses afsconf_UpToDate,
rather than including this logic twice.
Change-Id: I8ef5f67afbb5982bb25e12407ea5dc5dc1512840
Reviewed-on: http://gerrit.openafs.org/4203
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
The auth/keys test tries to find a file that's distributed as part
of the test suite. However, it currently only looks in the CWD to
find it. Modify the test so that if it's run from the test harness,
it will use the harnesses SOURCE environment variable to locate the
KeyFile
Change-Id: I93e16a01eae79b38ab01c81a57d2a47c28479b27
Reviewed-on: http://gerrit.openafs.org/4213
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Fix the authcon test so that it avoids pthread errors by
initialising rx before calling into any of the rxkad routines.
Change-Id: I175203fd91660e27a8b468e6f1c6189f32b22259
Reviewed-on: http://gerrit.openafs.org/4212
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
BuildServerSecurityObjects takes a set of flags, which makes it
hard to use it as a callback function. Rework this so that the
security flags are part of the afsconf directory structure, and
so BuildServerSecurityObjects only takes a rock, and its return
parameters.
Update all of the callers for this new function, and add tests
for it to the test suite.
Change-Id: I48219ed199d128c6aec3765ca425bda9e464b937
Reviewed-on: http://gerrit.openafs.org/4201
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Add support for a GetAllKeys function that can be used to list all
of the keys in a configuration directory.
Change-Id: I0711fde6afc2941a5f03f2e26ea89ae73750c1a9
Reviewed-on: http://gerrit.openafs.org/4103
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
The new key handling code was creating empty keyfiles that were 0
bytes in length. The correct format for an empty keyfile is a file
containing a single 0 word (the number of keys in the file). Update
the code to write this form of empty KeyFile.
Change-Id: I93bf23f6044a70a74f52b94c4656cbd4bc4fc35b
Reviewed-on: http://gerrit.openafs.org/4051
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Existing callers in the code use
afsconf_GetLatestKey(dir, NULL, NULL) to check for the existence of
a key file. We need to permit NULL values for the return pointers
to this function.
Also update the tests to check for this behaviour.
Change-Id: I94e74138ddeed8d167c1e6f12e297411c638e1b9
Reviewed-on: http://gerrit.openafs.org/4050
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Pull the common code for creating a configuration directory out of
the keys and superuser tests into a single file. This both cleans up
the existing tests, and makes it easier to add new ones.
Change-Id: I08058117e08da3a3baf750b3b14ef6780f942206
Reviewed-on: http://gerrit.openafs.org/4049
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Extend the KeyFile API so that we can support arbitrary numbers of
different key types, each with their own key version numbers and
sub types. Completely rewrite the KeyFile implementation with this
in mind, but implement all of the "old" API in terms of the new one.
Given that the existing KeyFile is modified by third party programs,
we retain that as the storage location for all afsconf_rxkad keys.
Only keys with a type of 1, or above are stored in the new extended
keyfile.
Change-Id: I903a1de938544541a1bfecedb2a039ba24bdfdbc
Reviewed-on: http://gerrit.openafs.org/3772
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Fix the superuser tests so that they can be run on Linux. This
requires explicitly including sys/wait.h so we can use waitpid,
and changing some initialisation ordering so that we initialise
the RX library before we try and fake an rxkad token.
Change-Id: I8439ff6211a50c749ea22819e2d836409a64d2ad
Reviewed-on: http://gerrit.openafs.org/3776
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Add tests to make sure that we serialise updated KeyFiles to and
from disk correctly, and that the restriction on 8 keys in a KeyFile
is enforced by AddKey
Change-Id: Iac5bf7157534879824da92ea58f1515672d59298
Reviewed-on: http://gerrit.openafs.org/3610
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Add tests for all of the public functions that afsconf exports
to manipulate KeyFiles. Include a sample Keyfile to start with, to
ensure that we can continue to read KeyFiles produced by current
versions of the code.
These tests are here to catch regressions with a forthcoming rewrite
of KeyFile handling.
Change-Id: I02aaff82aa7e1b7a73981c7cf26a81164e0dd932
Reviewed-on: http://gerrit.openafs.org/3598
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Add tests for the functions afsconf_SuperUser() and
afsconf_SuperIdentity(). These had been missing tests because testing
them requires starting a client and a server, so amend the superuser-t
tests so that they can start up a simple server.
Fix a number of problems that the tests expose, with setting (and
freeing) identities in corner cases.
Change-Id: I29f5f9eda7f532c98183d588e488d704f8efad88
Reviewed-on: http://gerrit.openafs.org/3593
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Extend the userok interface provided by the auth library to permit the
addition, deletion and inspection of identities within the UserList.
A number of additional functions are added, as direct replacements for
their Kerberos v4 only counterparts - these are:
*) afsconf_DeleteIdentity
*) afsconf_GetNthIdentity
*) afsconf_AddIdentity
*) afsconf_SuperIdentity
In addition, a new function is added to allow the status of any given
identity to be queried
*) afsconf_IsSuperIdentity
New form identities are stored within the same UserList file as
Kerberos v4 identities. We take advantage of the fact that the current
code skips any entry with a leading whitespace. Identities are stored as
a single line, with a leading space, followed by the integer
representation of their type (0 for Kerberos 4, 1 for GSSAPI), followed
by the base64 encoded representation of their exported name, followed by
the display name of the identity. Each field is whitespace separated.
For example:
1 BAEACwYJKoZIhvcSAQICAAAAEHN4d0BJTkYuRUQuQUMuVUs= sxw@INF.ED.AC.UK
is the representation of the GSSAPI identity "sxw@INF.ED.AC.UK"
An addition to the test suite is also provided which will test all of
the existing, and new super user manipulation functions.
Change-Id: I50648bb1ecc3037a90d623c87a60193be4f122ff
Reviewed-on: http://gerrit.openafs.org/3355
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
