Move the token faking code out of superuser-t.c into its own file in
tests/common, so it can be used by other tests.
Change-Id: I7b420250ef974b4b80a8dde692d2666657bb82ca
Reviewed-on: http://gerrit.openafs.org/7259
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
When the hcrypto/des header was removed from our installed headers, it
wasn't added back in to the superuser test. Add it now, so that the test
can build.
Change-Id: I38023ee94abe801f6f2313b492e4f80855001c41
Reviewed-on: http://gerrit.openafs.org/7243
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Make the code which adds a new (static) DES key to a cell's
configuration generally available, as this will also be useful in
constructing other tests
Change-Id: I5d284016628e9d25a198607ffd6f8f1a63ddf652
Reviewed-on: http://gerrit.openafs.org/4807
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Move code for faking up an OpenAFS configuration directory into its
own "common" directory, as it's going to be of use to more tests than
just those in auth.
Change-Id: I9c80dd66763e222deca98bc7744ff317111c6ed8
Reviewed-on: http://gerrit.openafs.org/4806
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
We need to give a NULL pointer for string OUT arguments, so XDR knows
to allocate a new string. Also free the string each time so it gets
set back to NULL.
Change-Id: I1eb0c63dc4019b855a2cbecd9e35393f2fbb0fd7
Reviewed-on: http://gerrit.openafs.org/4708
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
BuildServerSecurityObjects takes a set of flags, which makes it
hard to use it as a callback function. Rework this so that the
security flags are part of the afsconf directory structure, and
so BuildServerSecurityObjects only takes a rock, and its return
parameters.
Update all of the callers for this new function, and add tests
for it to the test suite.
Change-Id: I48219ed199d128c6aec3765ca425bda9e464b937
Reviewed-on: http://gerrit.openafs.org/4201
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Pull the common code for creating a configuration directory out of
the keys and superuser tests into a single file. This both cleans up
the existing tests, and makes it easier to add new ones.
Change-Id: I08058117e08da3a3baf750b3b14ef6780f942206
Reviewed-on: http://gerrit.openafs.org/4049
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Fix the superuser tests so that they can be run on Linux. This
requires explicitly including sys/wait.h so we can use waitpid,
and changing some initialisation ordering so that we initialise
the RX library before we try and fake an rxkad token.
Change-Id: I8439ff6211a50c749ea22819e2d836409a64d2ad
Reviewed-on: http://gerrit.openafs.org/3776
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Add tests for the functions afsconf_SuperUser() and
afsconf_SuperIdentity(). These had been missing tests because testing
them requires starting a client and a server, so amend the superuser-t
tests so that they can start up a simple server.
Fix a number of problems that the tests expose, with setting (and
freeing) identities in corner cases.
Change-Id: I29f5f9eda7f532c98183d588e488d704f8efad88
Reviewed-on: http://gerrit.openafs.org/3593
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Extend the userok interface provided by the auth library to permit the
addition, deletion and inspection of identities within the UserList.
A number of additional functions are added, as direct replacements for
their Kerberos v4 only counterparts - these are:
*) afsconf_DeleteIdentity
*) afsconf_GetNthIdentity
*) afsconf_AddIdentity
*) afsconf_SuperIdentity
In addition, a new function is added to allow the status of any given
identity to be queried
*) afsconf_IsSuperIdentity
New form identities are stored within the same UserList file as
Kerberos v4 identities. We take advantage of the fact that the current
code skips any entry with a leading whitespace. Identities are stored as
a single line, with a leading space, followed by the integer
representation of their type (0 for Kerberos 4, 1 for GSSAPI), followed
by the base64 encoded representation of their exported name, followed by
the display name of the identity. Each field is whitespace separated.
For example:
1 BAEACwYJKoZIhvcSAQICAAAAEHN4d0BJTkYuRUQuQUMuVUs= sxw@INF.ED.AC.UK
is the representation of the GSSAPI identity "sxw@INF.ED.AC.UK"
An addition to the test suite is also provided which will test all of
the existing, and new super user manipulation functions.
Change-Id: I50648bb1ecc3037a90d623c87a60193be4f122ff
Reviewed-on: http://gerrit.openafs.org/3355
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
