From: Ben Kaduk <kaduk@mit.edu>
Date: Wed, 4 Dec 2013 18:03:46 +0000 (-0500)
Subject: Add rxgk support to userok
X-Git-Tag: openafs-devel-1_9_0~320
X-Git-Url: https://git.openafs.org/?p=openafs.git;a=commitdiff_plain;h=4091b9271b1bfbf27f9d6871aa884df81220861a

Add rxgk support to userok

Change-Id: I5da2a89532453b6bec61fc87218a61455e39f6f0
Reviewed-on: https://gerrit.openafs.org/10576
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
---

diff --git a/Makefile.in b/Makefile.in
index 41ca655..12903ae 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -228,7 +228,7 @@ rxgk: cmd comerr hcrypto rfc3961 rx rxgk_depinstall
 rxkad: cmd comerr hcrypto rfc3961 rx rxkad_depinstall
 	+${COMPILE_PART1} rxkad ${COMPILE_PART2}
 
-auth: cmd comerr hcrypto lwp rx rxkad audit sys auth_depinstall
+auth: cmd comerr hcrypto lwp rx rxkad audit sys auth_depinstall rxgk
 	+${COMPILE_PART1} auth ${COMPILE_PART2}
 
 ubik: cmd comerr auth ubik_depinstall sys
diff --git a/src/auth/Makefile.in b/src/auth/Makefile.in
index d172019..eacf426 100644
--- a/src/auth/Makefile.in
+++ b/src/auth/Makefile.in
@@ -23,7 +23,8 @@ LT_deps= $(top_builddir)/src/opr/liboafs_opr.la \
 	 $(top_builddir)/src/rxkad/liboafs_rxkad.la \
 	 $(top_builddir)/src/audit/liboafs_audit.la \
 	 $(top_builddir)/src/util/liboafs_util.la \
-	 $(top_builddir)/src/sys/liboafs_sys.la
+	 $(top_builddir)/src/sys/liboafs_sys.la \
+	 @RXGK_LIBS@
 
 LT_libs= $(LDFLAGS_roken) $(LIB_roken)
 
diff --git a/src/auth/userok.c b/src/auth/userok.c
index 8a7d4a4..52afca3 100644
--- a/src/auth/userok.c
+++ b/src/auth/userok.c
@@ -20,6 +20,9 @@
 #include <rx/xdr.h>
 #include <rx/rx.h>
 #include <rx/rx_identity.h>
+#ifdef AFS_RXGK_ENV
+# include <rx/rxgk.h>
+#endif
 #include <afs/afsutil.h>
 #include <afs/fileutil.h>
 
@@ -723,6 +726,32 @@ rxkadSuperUser(struct afsconf_dir *adir, struct rx_call *acall,
     return kerberosSuperUser(adir, tname, tinst, tcell, identity);
 }
 
+#ifdef AFS_RXGK_ENV
+static int
+rxgkSuperUser(struct afsconf_dir *adir, struct rx_call *acall,
+	      struct rx_identity **identity_out)
+{
+    struct rx_identity *identity = NULL;
+    int is_super = 0;
+
+    if (rxgk_GetServerInfo(rx_ConnectionOf(acall), NULL /*level*/, NULL /*expiry*/,
+                           &identity) != 0)
+        return 0;
+
+    if (afsconf_IsSuperIdentity(adir, identity)) {
+        is_super = 1;
+        if (identity_out != NULL) {
+            *identity_out = identity;
+            identity = NULL;
+        }
+    }
+    if (identity != NULL) {
+        rx_identity_free(&identity);
+    }
+    return is_super;
+}
+#endif /* AFS_RXGK_ENV */
+
 /*!
  * Check whether the user authenticated on a given RX call is a super
  * user or not. If they are, return a pointer to the identity of that
@@ -773,6 +802,12 @@ afsconf_SuperIdentity(struct afsconf_dir *adir, struct rx_call *acall,
 	flag = rxkadSuperUser(adir, acall, identity);
 	UNLOCK_GLOBAL_MUTEX;
 	return flag;
+#ifdef AFS_RXGK_ENV
+    } else if (code == RX_SECIDX_GK) {
+	flag = rxgkSuperUser(adir, acall, identity);
+	UNLOCK_GLOBAL_MUTEX;
+	return flag;
+#endif
     } else {			/* some other auth type */
 	UNLOCK_GLOBAL_MUTEX;
 	return 0;		/* mysterious, just say no */