}
/*!
+ * Set the security flags to be used for a particular configuration
+ */
+void
+afsconf_SetSecurityFlags(struct afsconf_dir *dir,
+ afsconf_secflags flags)
+{
+ dir->securityFlags = flags;
+}
+
+/*!
* Build a set of security classes suitable for a server accepting
* incoming connections
*/
#if !defined(UKERNEL)
void
-afsconf_BuildServerSecurityObjects(struct afsconf_dir *dir,
- afs_uint32 flags,
+afsconf_BuildServerSecurityObjects(void *rock,
struct rx_securityClass ***classes,
afs_int32 *numClasses)
{
- if (flags & AFSCONF_SEC_OBJS_RXKAD_CRYPT)
+ struct afsconf_dir *dir = rock;
+
+ if (dir->securityFlags & AFSCONF_SECOPTS_ALWAYSENCRYPT)
*numClasses = 4;
else
*numClasses = 3;
(*classes)[1] = NULL;
(*classes)[2] = rxkad_NewServerSecurityObject(0, dir,
afsconf_GetKey, NULL);
- if (flags & AFSCONF_SEC_OBJS_RXKAD_CRYPT)
+
+ if (dir->securityFlags & AFSCONF_SECOPTS_ALWAYSENCRYPT)
(*classes)[3] = rxkad_NewServerSecurityObject(rxkad_crypt, dir,
afsconf_GetKey, NULL);
}
struct afsconf_cellalias aliasInfo;
};
+/*!
+ * A set of bit flags to control the selection of a security object
+ */
+#define AFSCONF_SECOPTS_NOAUTH 0x1
+#define AFSCONF_SECOPTS_LOCALAUTH 0x2
+#define AFSCONF_SECOPTS_ALWAYSENCRYPT 0x4
+#define AFSCONF_SECOPTS_FALLBACK_NULL 0x8
+typedef afs_uint32 afsconf_secflags;
+
struct afsconf_dir {
char *name; /* pointer to dir prefix */
char *cellName; /* cell name, if any, we're in */
struct opr_queue keyList; /* list of keys */
afs_int32 timeRead; /* time stamp of file last read */
struct afsconf_aliasentry *alias_entries; /* cell aliases */
+ afsconf_secflags securityFlags;
};
extern afs_int32 afsconf_FindService(const char *aname);
struct rx_securityClass **astr,
afs_int32 * aindex);
-/*!
- * A set of bit flags to control the selection of a security object
- */
-#define AFSCONF_SECOPTS_NOAUTH 0x1
-#define AFSCONF_SECOPTS_LOCALAUTH 0x2
-#define AFSCONF_SECOPTS_ALWAYSENCRYPT 0x4
-#define AFSCONF_SECOPTS_FALLBACK_NULL 0x8
-typedef afs_uint32 afsconf_secflags;
extern afs_int32 afsconf_ClientAuthToken(struct afsconf_cell *info,
afsconf_secflags flags,
afs_int32 *scIndex,
time_t *expires);
-/* Flags for this function */
-#define AFSCONF_SEC_OBJS_RXKAD_CRYPT 1
-extern void afsconf_BuildServerSecurityObjects(struct afsconf_dir *,
- afs_uint32,
+extern void afsconf_SetSecurityFlags(struct afsconf_dir *dir,
+ afsconf_secflags flags);
+
+extern void afsconf_BuildServerSecurityObjects(void *,
struct rx_securityClass ***,
afs_int32 *);
rx_SetRxStatUserOk(bozo_rxstat_userok);
afsconf_SetNoAuthFlag(tdir, noAuth);
- afsconf_BuildServerSecurityObjects(tdir, 0, &securityClasses, &numClasses);
+ afsconf_BuildServerSecurityObjects(tdir, &securityClasses, &numClasses);
/* Disable jumbograms */
rx_SetNoJumbo();
ERROR(code);
}
- afsconf_BuildServerSecurityObjects(BU_conf, 0,
- &securityClasses, &numClasses);
+ afsconf_BuildServerSecurityObjects(BU_conf, &securityClasses, &numClasses);
/* Disable jumbograms */
rx_SetNoJumbo();
pr_SIdToName @150
afsconf_GetExtendedCellInfo @151
afsconf_UpToDate @152
+ afsconf_SetSecurityFlags @153
pt_hook_write();
#endif
- afsconf_BuildServerSecurityObjects(prdir, 0, &securityClasses,
- &numClasses);
+ afsconf_BuildServerSecurityObjects(prdir, &securityClasses, &numClasses);
/* Disable jumbograms */
rx_SetNoJumbo();
afsconf_SetCellInfo;
afsconf_SetNoAuthFlag;
afsconf_SuperUser;
+ afsconf_SetSecurityFlags;
ka_AuthServerConn;
ka_Authenticate;
ka_CellConfig;
if (rx_InitHost(host, htons(AFSCONF_UPDATEPORT)) < 0)
Quit("rx_init");
- afsconf_BuildServerSecurityObjects(cdir, 0, &securityClasses, &numClasses);
+ afsconf_BuildServerSecurityObjects(cdir, &securityClasses, &numClasses);
if (securityClasses[2] == NULL)
Quit("rxkad_NewServerSecurityObject");
}
rx_GetIFInfo();
rx_SetRxDeadTime(30);
- afsconf_BuildServerSecurityObjects(confDir, AFSCONF_SEC_OBJS_RXKAD_CRYPT,
- &securityClasses, &numClasses);
+ afsconf_SetSecurityFlags(confDir, AFSCONF_SECOPTS_ALWAYSENCRYPT);
+ afsconf_BuildServerSecurityObjects(confDir, &securityClasses, &numClasses);
tservice = rx_NewServiceHost(rx_bindhost, /* port */ 0, /* service id */
1, /*service name */
memset(wr_HostAddress, 0, sizeof(wr_HostAddress));
initialize_dstats();
- afsconf_BuildServerSecurityObjects(tdir, 0, &securityClasses, &numClasses);
+ afsconf_BuildServerSecurityObjects(tdir, &securityClasses, &numClasses);
tservice =
rx_NewServiceHost(host, 0, USER_SERVICE_ID, "Vldb server",
VS_EXIT(1);
}
afsconf_GetKey(tdir, 999, &tkey);
- afsconf_BuildServerSecurityObjects(tdir, 0, &securityClasses, &numClasses);
+ afsconf_BuildServerSecurityObjects(tdir, &securityClasses, &numClasses);
if (securityClasses[0] == NULL)
Abort("rxnull_NewServerSecurityObject");
service =
util/queues
auth/keys
auth/superuser
+auth/authcon
+/authcon-t
/keys-t
/superuser-t
/test.h
include @TOP_OBJDIR@/src/config/Makefile.config
include @TOP_OBJDIR@/src/config/Makefile.pthread
-TESTS = superuser-t keys-t
+TESTS = authcon-t superuser-t keys-t
MODULE_CFLAGS=-I$(srcdir)/..
MODULE_LIBS = ../tap/libtap.a \
$(abs_top_builddir)/lib/libafsauthent.a \
+ $(abs_top_builddir)/lib/librxgk.a \
$(abs_top_builddir)/lib/libafsrpc.a \
$(abs_top_builddir)/lib/libafshcrypto.a \
$(LIB_rfc3961) $(LIB_roken) -lafsutil\
$(XLIBS)
+authcon-t: authcon-t.o common.o
+ $(AFS_LDRULE) authcon-t.o common.o \
+ $(MODULE_LIBS)
+
superuser-t: superuser-t.o common.o test.cs.o test.ss.o test.xdr.o
$(AFS_LDRULE) superuser-t.o common.o \
test.cs.o test.ss.o test.xdr.o \
clean:
rm -f *.o *.cs.c *.ss.c *.xdr.c test.h \
- writekeyfile superuser-t keys-t
+ writekeyfile $(TESTS)
--- /dev/null
+/*
+ * Copyright (c) 2010 Your File System Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*!
+ * Test those bits of the authcon interface that we can test without involving
+ * the cache manager.
+ */
+
+#include <afsconfig.h>
+#include <afs/param.h>
+
+#include <roken.h>
+
+#include <rx/rx.h>
+#include <rx/rxkad.h>
+#include <afs/cellconfig.h>
+
+#include <tap/basic.h>
+#include "common.h"
+
+int
+main(int argc, char **argv)
+{
+ struct afsconf_dir *dir;
+ char *dirname;
+ struct rx_securityClass **classes;
+ int numClasses;
+
+ plan(3);
+ dirname = buildTestConfig();
+
+ dir = afsconf_Open(dirname);
+ if (dir == NULL) {
+ fprintf(stderr, "Unable to configure directory.\n");
+ exit(1);
+ }
+
+ /* Server Security objects */
+
+ afsconf_BuildServerSecurityObjects(dir, &classes, &numClasses);
+ is_int(3, numClasses, "3 security classes are returned, as expected");
+ ok(classes[1] == NULL, "The rxvab class is undefined, as requested");
+ free(classes);
+
+ afsconf_SetSecurityFlags(dir, AFSCONF_SECOPTS_ALWAYSENCRYPT);
+
+ afsconf_BuildServerSecurityObjects(dir, &classes, &numClasses);
+ is_int(4, numClasses, "When encryption is enabled, 4 classes are returned");
+
+ return 0;
+}
exit(1);
}
- afsconf_BuildServerSecurityObjects(globalDir, 0, &classes, &numClasses);
+ afsconf_BuildServerSecurityObjects(globalDir, &classes, &numClasses);
service = rx_NewService(0, TEST_SERVICE_ID, "test", classes, numClasses,
TEST_ExecuteRequest);
if (service == NULL) {