auth: Return SuperUser identity for localauth

The caller expects identity to be populated when we return 1. So for
localauth, give it an identity. Don't set uname, and in fact, move the
uname declaration so that it is clear that it's not used for most of
this function.

Change-Id: I4dcd466b25f578362290ed2fc65b5bd6e23a91e4
Reviewed-on: http://gerrit.openafs.org/3475
Reviewed-by: Simon Wilkinson <sxw@inf.ed.ac.uk>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>

diff --git a/src/auth/userok.c b/src/auth/userok.c
index 52dd467..98dbca1 100644 (file)
--- a/src/auth/userok.c
+++ b/src/auth/userok.c
@@ -48,6 +48,11 @@
 #include "keys.h"
 #include "afs/audit.h"
 
+/* The display names for localauth and noauth identities; they aren't used
+ * inside tickets or anything, but just serve as something to display in logs,
+ * etc. */
+#define AFS_LOCALAUTH_NAME "<LocalAuth>"
+#define AFS_LOCALAUTH_LEN  (sizeof(AFS_LOCALAUTH_NAME)-1)
 #define AFS_NOAUTH_NAME "<NoAuth>"
 #define AFS_NOAUTH_LEN  (sizeof(AFS_NOAUTH_NAME)-1)
 
@@ -605,10 +610,6 @@ kerberosSuperUser(struct afsconf_dir *adir, char *tname, char *tinst,
 {
     char tcell_l[MAXKTCREALMLEN] = "";
     char *tmp;
-
-    /* keep track of which one actually authorized request */
-    char uname[MAXKTCNAMELEN + MAXKTCNAMELEN + MAXKTCREALMLEN + 3];
-
     static char lcell[MAXCELLCHARS] = "";
     static char lrealms[AFS_NUM_LREALMS][AFS_REALM_SZ];
     static int  num_lrealms = -1;
@@ -659,6 +660,7 @@ kerberosSuperUser(struct afsconf_dir *adir, char *tname, char *tinst,
     /* If yes, then make sure that the name is not present in
      * an exclusion list */
     if (lrealm_match) {
+       char uname[MAXKTCNAMELEN + MAXKTCNAMELEN + MAXKTCREALMLEN + 3];
        if (tinst && tinst[0])
            snprintf(uname,sizeof(uname),"%s.%s@%s",tname,tinst,tcell);
        else
@@ -668,15 +670,15 @@ kerberosSuperUser(struct afsconf_dir *adir, char *tname, char *tinst,
            lrealm_match = 0;
     }
 
-    /* start with no uname and no authorization */
-    strcpy(uname, "");
+    /* start with no authorization */
     flag = 0;
 
     /* localauth special case */
     if ((tinst == NULL || strlen(tinst) == 0) &&
        (tcell == NULL || strlen(tcell) == 0)
        && !strcmp(tname, AUTH_SUPERUSER)) {
-       strcpy(uname, "<LocalAuth>");
+       *identity = rx_identity_new(RX_ID_KRB4, AFS_LOCALAUTH_NAME,
+                                   AFS_LOCALAUTH_NAME, AFS_LOCALAUTH_LEN);
        flag = 1;
 
        /* cell of connection matches local cell or one of the realms */