Extend the KeyFile API so that we can support arbitrary numbers of
different key types, each with their own key version numbers and
sub types. Completely rewrite the KeyFile implementation with this
in mind, but implement all of the "old" API in terms of the new one.
Given that the existing KeyFile is modified by third party programs,
we retain that as the storage location for all afsconf_rxkad keys.
Only keys with a type of 1, or above are stored in the new extended
keyfile.
Change-Id: I903a1de938544541a1bfecedb2a039ba24bdfdbc
Reviewed-on: http://gerrit.openafs.org/3772
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Fix the superuser tests so that they can be run on Linux. This
requires explicitly including sys/wait.h so we can use waitpid,
and changing some initialisation ordering so that we initialise
the RX library before we try and fake an rxkad token.
Change-Id: I8439ff6211a50c749ea22819e2d836409a64d2ad
Reviewed-on: http://gerrit.openafs.org/3776
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Add tests to make sure that we serialise updated KeyFiles to and
from disk correctly, and that the restriction on 8 keys in a KeyFile
is enforced by AddKey
Change-Id: Iac5bf7157534879824da92ea58f1515672d59298
Reviewed-on: http://gerrit.openafs.org/3610
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Add tests for all of the public functions that afsconf exports
to manipulate KeyFiles. Include a sample Keyfile to start with, to
ensure that we can continue to read KeyFiles produced by current
versions of the code.
These tests are here to catch regressions with a forthcoming rewrite
of KeyFile handling.
Change-Id: I02aaff82aa7e1b7a73981c7cf26a81164e0dd932
Reviewed-on: http://gerrit.openafs.org/3598
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Add tests for the functions afsconf_SuperUser() and
afsconf_SuperIdentity(). These had been missing tests because testing
them requires starting a client and a server, so amend the superuser-t
tests so that they can start up a simple server.
Fix a number of problems that the tests expose, with setting (and
freeing) identities in corner cases.
Change-Id: I29f5f9eda7f532c98183d588e488d704f8efad88
Reviewed-on: http://gerrit.openafs.org/3593
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Extend the userok interface provided by the auth library to permit the
addition, deletion and inspection of identities within the UserList.
A number of additional functions are added, as direct replacements for
their Kerberos v4 only counterparts - these are:
*) afsconf_DeleteIdentity
*) afsconf_GetNthIdentity
*) afsconf_AddIdentity
*) afsconf_SuperIdentity
In addition, a new function is added to allow the status of any given
identity to be queried
*) afsconf_IsSuperIdentity
New form identities are stored within the same UserList file as
Kerberos v4 identities. We take advantage of the fact that the current
code skips any entry with a leading whitespace. Identities are stored as
a single line, with a leading space, followed by the integer
representation of their type (0 for Kerberos 4, 1 for GSSAPI), followed
by the base64 encoded representation of their exported name, followed by
the display name of the identity. Each field is whitespace separated.
For example:
1 BAEACwYJKoZIhvcSAQICAAAAEHN4d0BJTkYuRUQuQUMuVUs= sxw@INF.ED.AC.UK
is the representation of the GSSAPI identity "sxw@INF.ED.AC.UK"
An addition to the test suite is also provided which will test all of
the existing, and new super user manipulation functions.
Change-Id: I50648bb1ecc3037a90d623c87a60193be4f122ff
Reviewed-on: http://gerrit.openafs.org/3355
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
