git.openafs.org Git - openafs.git/commit

author	Andrew Deason <adeason@sinenomine.net>
	Wed, 27 Feb 2019 02:47:00 +0000 (20:47 -0600)
committer	Benjamin Kaduk <kaduk@mit.edu>
	Sat, 15 Jun 2019 04:17:45 +0000 (00:17 -0400)
commit	30a6ab30f2451b9788328336dd937a4263f5f5c7
tree	e6e6220efc2b7b4868042bf29f5c6d78987d2806	tree \| snapshot
parent	316b862af6b6731f57a21f81b0948f3718b4c9f3	commit \| diff

ptserver: Check for superuser in WhoIsThisWithName

In WhoIsThisWithName, if we don't understand the rx security class
being used (such as rxgk), we'll set the calling id to the anonymous
user and return an error. But for SYSADMINID specifically, we don't
really need to know any security-class-specific details; we just need
to know that the caller is the superuser.

So add a fallback case to check for that; if we don't understand the
calling rx security class, just check if the calling user is
RX_ID_SUPERUSER, and use SYSADMINID if so.

This allows the ptserver to handle rxgk localauth requests (and
theoretically, localauth requests for any future security classes),
and theoretically any localauth requests for future security classes.

Based on a commit from mvitale@sinenomine.net.

Change-Id: Ia9bc91fb5a0d9ebf16b32659c9068aa5a9da8401
Reviewed-on: https://gerrit.openafs.org/13508
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>