afs_int32
SBOZO_AddSUser(struct rx_call *acall, char *aname)
{
afs_int32 code;
char caller[MAXKTCNAMELEN];
if (!afsconf_SuperUser(bozo_confdir, acall, caller)) {
code = BZACCESS;
goto fail;
}
if (DoLogging)
bozo_Log("%s is executing Add SuperUser '%s'\n", caller, aname);
code = afsconf_AddUser(bozo_confdir, aname);
fail:
osi_auditU(acall, BOS_AddSUserEvent, code, AUD_END);
return code;
}
void
startClient(char *configPath)
{
struct afsconf_dir *dir;
struct rx_identity *testId, *anotherId, *extendedId, *dummy;
struct rx_securityClass *class;
struct rx_connection *conn;
afs_uint32 startTime;
char ubuffer[256];
afs_int32 classIndex;
int code;
struct hostent *he;
afs_uint32 addr;
afs_int32 result;
char *string = NULL;
plan(63);
dir = afsconf_Open(configPath);
ok(dir!=NULL,
"Configuration directory opened sucessfully by client");
/* Add a normal user to the super user file */
ok(afsconf_AddUser(dir, "test") == 0,
"Adding a simple user works");
testId = rx_identity_new(RX_ID_KRB4, "test", "test", strlen("test"));
/* Check that they are a super user */
ok(afsconf_IsSuperIdentity(dir, testId),
"User added with old i/face is identitifed as super user");
/* Check that nobody else is */
ok(!afsconf_IsSuperIdentity(dir,
rx_identity_new(RX_ID_KRB4, "testy",
"testy", strlen("testy"))),
"Additional users are not super users");
ok(afsconf_AddUser(dir, "test") == EEXIST,
"Adding a user that already exists fails");
ok(afsconf_AddIdentity(dir, testId) == EEXIST,
"Adding an identity that already exists fails");
anotherId = rx_identity_new(RX_ID_KRB4, "another",
"another", strlen("another"));
/* Add another normal user, but using the extended interface */
ok(afsconf_AddIdentity(dir, anotherId) == 0,
"Adding a KRB4 identity works");
/* Check that they are a super user */
ok(afsconf_IsSuperIdentity(dir, anotherId),
"User added with new i/face is identitifed as super user");
ok(afsconf_AddIdentity(dir, anotherId) == EEXIST,
"Adding a KRB4 identity that already exists fails");
/* Add an extended user to the super user file */
extendedId = rx_identity_new(RX_ID_GSS, "*****@*****.**",
"\x04\x01\x00\x0B\x06\x09\x2A\x86\x48\x86\xF7\x12\x01\x02\x02\x00\x00\x00\[email protected]", 35);
ok(afsconf_AddIdentity(dir, extendedId) == 0,
"Adding a GSSAPI identity works");
/* Check that they are now special */
ok(afsconf_IsSuperIdentity(dir, extendedId),
"Added GSSAPI identity is a super user");
/* Check that display name isn't used for matches */
ok(!afsconf_IsSuperIdentity(dir,
rx_identity_new(RX_ID_GSS, "*****@*****.**",
"abcdefghijklmnopqrstuvwxyz123456789", 35)),
"Display name is not used for extended matches");
ok(afsconf_AddIdentity(dir, extendedId) == EEXIST,
"Adding GSSAPI identity twice fails");
/* Add a final normal user, so we can check that iteration works */
/* Add a normal user to the super user file */
ok(afsconf_AddUser(dir, "test2") == 0,
"Adding another simple user works");
testOriginalIterator(dir, 0, "test");
testOriginalIterator(dir, 1, "another");
testOriginalIterator(dir, 2, "test2");
ok(afsconf_GetNthUser(dir, 3, ubuffer, sizeof ubuffer) != 0,
"Reading past the end of the superuser list fails");
testNewIterator(dir, 0, testId);
testNewIterator(dir, 1, anotherId);
testNewIterator(dir, 2, extendedId);
testNewIterator(dir, 3, rx_identity_new(RX_ID_KRB4, "test2",
"test2", strlen("test2")));
ok(afsconf_GetNthIdentity(dir, 4, &dummy) != 0,
"Reading past the end of the superuser list fails");
ok(afsconf_DeleteUser(dir, "notthere") != 0,
"Deleting a user that doesn't exist fails");
/* Delete the normal user */
ok(afsconf_DeleteUser(dir, "another") == 0,
"Deleting normal user works");
ok(!afsconf_IsSuperIdentity(dir, anotherId),
"Deleted user is no longer super user");
ok(afsconf_IsSuperIdentity(dir, testId) &&
afsconf_IsSuperIdentity(dir, extendedId),
"Other identities still are");
ok(afsconf_DeleteIdentity(dir, extendedId) == 0,
"Deleting identity works");
ok(!afsconf_IsSuperIdentity(dir, extendedId),
"Deleted identity is no longer special");
/* Now, what happens if we're doing something over the network instead */
code = rx_Init(0);
is_int(code, 0, "Initialised RX");
/* Fake up an rx ticket. Note that this will be for the magic 'superuser' */
code = afsconf_ClientAuth(dir, &class, &classIndex);
is_int(code, 0, "Can successfully create superuser token");
/* Start a connection to our test service with it */
he = gethostbyname("localhost");
if (!he) {
printf("Couldn't look up server hostname");
exit(1);
}
memcpy(&addr, he->h_addr, sizeof(afs_uint32));
conn = rx_NewConnection(addr, htons(TEST_PORT), TEST_SERVICE_ID,
class, classIndex);
/* There's nothing in the list, so this just succeeds because we can */
code = TEST_CanI(conn, &result);
is_int(0, code, "Can run a simple RPC");
code = TEST_WhoAmI(conn, &string);
is_int(0, code, "Can get identity back");
is_string("<LocalAuth>", string, "Forged token is super user");
xdr_free((xdrproc_t)xdr_string, &string);
/* Throw away this connection and security class */
rx_DestroyConnection(conn);
rxs_Release(class);
/* Now fake an rx ticket for a normal user. We have to do more work by hand
* here, sadly */
startTime = time(NULL);
class = afstest_FakeRxkadClass(dir, "rpctest", "", "", startTime,
startTime + 60* 60);
conn = rx_NewConnection(addr, htons(TEST_PORT), TEST_SERVICE_ID, class,
RX_SECIDX_KAD);
code = TEST_CanI(conn, &result);
is_int(EPERM, code,
"Running RPC as non-super user fails as expected");
code = TEST_NewCanI(conn, &result);
is_int(EPERM, code,
"Running new interface RPC as non-super user fails as expected");
code = TEST_WhoAmI(conn, &string);
xdr_free((xdrproc_t)xdr_string, &string);
is_int(EPERM, code,
"Running RPC returning string fails as expected");
code = TEST_NewWhoAmI(conn, &string);
xdr_free((xdrproc_t)xdr_string, &string);
is_int(EPERM, code,
"Running new interface RPC returning string fails as expected");
ok(afsconf_AddUser(dir, "rpctest") == 0,
"Adding %s user works", "rpctest");
code = TEST_CanI(conn, &result);
is_int(0, code, "Running RPC as rpctest works");
code = TEST_NewCanI(conn, &result);
is_int(0, code, "Running new interface RPC as rpctest works");
code = TEST_WhoAmI(conn, &string);
is_int(0, code, "Running RPC returning string as %s works", "rpctest");
is_string("rpctest", string, "Returned user string matches");
xdr_free((xdrproc_t)xdr_string, &string);
code = TEST_NewWhoAmI(conn, &string);
is_int(0, code, "Running new RPC returning string as %s works", "rpctest");
is_string("rpctest", string, "Returned user string for new interface matches");
xdr_free((xdrproc_t)xdr_string, &string);
rx_DestroyConnection(conn);
rxs_Release(class);
/* Now try with an admin principal */
startTime = time(NULL);
class = afstest_FakeRxkadClass(dir, "rpctest", "admin", "", startTime,
startTime + 60* 60);
conn = rx_NewConnection(addr, htons(TEST_PORT), TEST_SERVICE_ID, class,
RX_SECIDX_KAD);
code = TEST_CanI(conn, &result);
is_int(EPERM, code,
"Running RPC as non-super user fails as expected");
code = TEST_NewCanI(conn, &result);
is_int(EPERM, code,
"Running new interface RPC as non-super user fails as expected");
code = TEST_WhoAmI(conn, &string);
xdr_free((xdrproc_t)xdr_string, &string);
is_int(EPERM, code,
"Running RPC returning string fails as expected");
code = TEST_NewWhoAmI(conn, &string);
xdr_free((xdrproc_t)xdr_string, &string);
is_int(EPERM, code,
"Running new interface RPC returning string fails as expected");
ok(afsconf_AddUser(dir, "rpctest.admin") == 0,
"Adding %s user works", "rpctest.admin");
code = TEST_CanI(conn, &result);
is_int(0, code, "Running RPC as %s works", "rpctest/admin");
code = TEST_NewCanI(conn, &result);
is_int(0, code, "Running new interface RPC as %s works", "rpctest/admin");
code = TEST_WhoAmI(conn, &string);
is_int(0, code, "Running RPC returning string as %s works", "rpctest/admin");
is_string("rpctest.admin", string, "Returned user string matches");
xdr_free((xdrproc_t)xdr_string, &string);
code = TEST_NewWhoAmI(conn, &string);
is_int(0, code, "Running new interface RPC returning string as %s works",
"rpctest/admin");
is_string("rpctest.admin", string,
"Returned user string from new interface matches");
xdr_free((xdrproc_t)xdr_string, &string);
rx_DestroyConnection(conn);
rxs_Release(class);
}