BuildServerSecurityObjects takes a set of flags, which makes it
hard to use it as a callback function. Rework this so that the
security flags are part of the afsconf directory structure, and
so BuildServerSecurityObjects only takes a rock, and its return
parameters.
Update all of the callers for this new function, and add tests
for it to the test suite.
Change-Id: I48219ed199d128c6aec3765ca425bda9e464b937
Reviewed-on: http://gerrit.openafs.org/4201
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Add tests for all of the public functions that afsconf exports
to manipulate KeyFiles. Include a sample Keyfile to start with, to
ensure that we can continue to read KeyFiles produced by current
versions of the code.
These tests are here to catch regressions with a forthcoming rewrite
of KeyFile handling.
Change-Id: I02aaff82aa7e1b7a73981c7cf26a81164e0dd932
Reviewed-on: http://gerrit.openafs.org/3598
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Add tests for the functions afsconf_SuperUser() and
afsconf_SuperIdentity(). These had been missing tests because testing
them requires starting a client and a server, so amend the superuser-t
tests so that they can start up a simple server.
Fix a number of problems that the tests expose, with setting (and
freeing) identities in corner cases.
Change-Id: I29f5f9eda7f532c98183d588e488d704f8efad88
Reviewed-on: http://gerrit.openafs.org/3593
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Extend the userok interface provided by the auth library to permit the
addition, deletion and inspection of identities within the UserList.
A number of additional functions are added, as direct replacements for
their Kerberos v4 only counterparts - these are:
*) afsconf_DeleteIdentity
*) afsconf_GetNthIdentity
*) afsconf_AddIdentity
*) afsconf_SuperIdentity
In addition, a new function is added to allow the status of any given
identity to be queried
*) afsconf_IsSuperIdentity
New form identities are stored within the same UserList file as
Kerberos v4 identities. We take advantage of the fact that the current
code skips any entry with a leading whitespace. Identities are stored as
a single line, with a leading space, followed by the integer
representation of their type (0 for Kerberos 4, 1 for GSSAPI), followed
by the base64 encoded representation of their exported name, followed by
the display name of the identity. Each field is whitespace separated.
For example:
1 BAEACwYJKoZIhvcSAQICAAAAEHN4d0BJTkYuRUQuQUMuVUs= sxw@INF.ED.AC.UK
is the representation of the GSSAPI identity "sxw@INF.ED.AC.UK"
An addition to the test suite is also provided which will test all of
the existing, and new super user manipulation functions.
Change-Id: I50648bb1ecc3037a90d623c87a60193be4f122ff
Reviewed-on: http://gerrit.openafs.org/3355
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
