Use rxgk in afsconf_BuildServerSecurityObjects 41/12941/7
authorAndrew Deason <adeason@sinenomine.net>
Sun, 4 Mar 2018 23:33:47 +0000 (17:33 -0600)
committerBenjamin Kaduk <kaduk@mit.edu>
Sun, 24 Mar 2019 09:50:03 +0000 (05:50 -0400)
In afsconf_BuildServerSecurityObjects, create a server security object
for rxgk. Currently, this will only accept printed rxgk tokens, not
tokens negotiated via GSSNegotiate. Future commits will add
functionality to handle user-negotiated tokens, fileserver-specific
creds, etc.

Change-Id: Ie2bbef0d591641e80bb85240316c4ee5f9f8ff05
Reviewed-on: https://gerrit.openafs.org/12941
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

src/auth/authcon.c
tests/auth/authcon-t.c

index aa29f79..bff0f79 100644 (file)
 #include "ktc.h"
 #include "auth.h"
 
+#ifdef AFS_RXGK_ENV
+# include <rx/rxgk.h>
+#endif
+
 /* return a null security object if nothing else can be done */
 static afs_int32
 QuickAuth(struct rx_securityClass **astr, afs_int32 *aindex)
@@ -300,15 +304,11 @@ afsconf_BuildServerSecurityObjects(void *rock,
 {
     struct afsconf_dir *dir = rock;
 
-    if (dir->securityFlags & AFSCONF_SECOPTS_ALWAYSENCRYPT)
-       *numClasses = 4;
-    else
-       *numClasses = 3;
+    *numClasses = RX_SECIDX_GK+1;
 
     *classes = calloc(*numClasses, sizeof(**classes));
 
     (*classes)[RX_SECIDX_NULL] = rxnull_NewServerSecurityObject();
-    (*classes)[RX_SECIDX_VAB] = NULL;
     (*classes)[RX_SECIDX_KAD] =
        rxkad_NewKrb5ServerSecurityObject(0, dir, afsconf_GetKey,
                                          _afsconf_GetRxkadKrb5Key, NULL);
@@ -317,6 +317,10 @@ afsconf_BuildServerSecurityObjects(void *rock,
        (*classes)[RX_SECIDX_KAE] =
            rxkad_NewKrb5ServerSecurityObject(rxkad_crypt, dir, afsconf_GetKey,
                                              _afsconf_GetRxkadKrb5Key, NULL);
+#ifdef AFS_RXGK_ENV
+    (*classes)[RX_SECIDX_GK] =
+        rxgk_NewServerSecurityObject(rock, afsconf_GetRXGKKey);
+#endif
 }
 
 /*!
index e029774..5bcd74c 100644 (file)
@@ -53,7 +53,7 @@ main(int argc, char **argv)
 
     afstest_SkipTestsIfBadHostname();
 
-    plan(9);
+    plan(8);
     dirname = afstest_BuildTestConfig();
 
     dir = afsconf_Open(dirname);
@@ -68,15 +68,10 @@ main(int argc, char **argv)
     /* Server Security objects */
 
     afsconf_BuildServerSecurityObjects(dir, &classes, &numClasses);
-    is_int(3, numClasses, "3 security classes are returned, as expected");
+    is_int(5, numClasses, "5 security classes are returned, as expected");
     ok(classes[1] == NULL, "The rxvab class is undefined, as requested");
     free(classes);
 
-    afsconf_SetSecurityFlags(dir, AFSCONF_SECOPTS_ALWAYSENCRYPT);
-
-    afsconf_BuildServerSecurityObjects(dir, &classes, &numClasses);
-    is_int(4, numClasses, "When encryption is enabled, 4 classes are returned");
-
     /* Up to date checks */
 
     ok(afsconf_UpToDate(dir), "Newly opened directory is up to date");