From: Simon Wilkinson <sxw@your-file-system.com>
Date: Wed, 3 Feb 2010 16:00:47 +0000 (+0000)
Subject: Unix CM: Reorganise security object code
X-Git-Tag: openafs-devel-1_5_72~25
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=04adcfc78b038303d273f64ba756e9ecda478436;p=packages%2Fo%2Fopenafs.git

Unix CM: Reorganise security object code

Reorganise the code which creates a client security object for the
Unix CM into its own function.

Change-Id: Ic92ca4022b000c5cd48bbe6318bf83379626e890
Reviewed-on: http://gerrit.openafs.org/1239
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
---

diff --git a/src/afs/afs_conn.c b/src/afs/afs_conn.c
index 0660cb139..315511773 100644
--- a/src/afs/afs_conn.c
+++ b/src/afs/afs_conn.c
@@ -51,6 +51,43 @@ afs_int32 cryptall = 0;		/* encrypt all communications */
 
 unsigned int VNOSERVERS = 0;
 
+/**
+ * Pick a security object to use for a connection to a given server,
+ * by a given user
+ *
+ * @param[in] conn
+ *	The AFS connection for which the security object is required
+ * @param[out] secLevel
+ *	The security level of the returned object
+ *
+ * @return
+ *	An rx security object. This function is guaranteed to return
+ *	an object, although that object may be rxnull (with a secLevel
+ *	of 0)
+ */
+static struct rx_securityClass *
+afs_pickSecurityObject(struct afs_conn *conn, int *secLevel) {
+    struct rx_securityClass *secObj;
+
+    /* Do we have tokens ? */
+    if (conn->user->vid != UNDEFVID) {
+	*secLevel = 2;
+	/* kerberos tickets on channel 2 */
+	secObj = rxkad_NewClientSecurityObject(
+		    cryptall ? rxkad_crypt : rxkad_clear,
+                    (struct ktc_encryptionKey *)conn->user->ct.HandShakeKey,
+		    conn->user->ct.AuthHandle,
+		    conn->user->stLen, conn->user->stp);
+     }
+     if (secObj == NULL) {
+	*secLevel = 0;
+	secObj = rxnull_NewClientSecurityObject();
+     }
+
+     return secObj;
+}
+
+
 /**
  * Try setting up a connection to the server containing the specified fid.
  * Gets the volume, checks if it's up and does the connection by server address.
@@ -246,24 +283,9 @@ afs_ConnBySA(struct srvAddr *sap, unsigned short aport, afs_int32 acell,
 	else
 	    service = 1;
 	isec = 0;
-	if (tu->vid != UNDEFVID) {
-	    int level;
 
-	    if (cryptall) {
-		level = rxkad_crypt;
-	    } else {
-		level = rxkad_clear;
-	    }
-	    isec = 2;
-	    /* kerberos tickets on channel 2 */
-	    csec = rxkad_NewClientSecurityObject(level,
-                                                 (struct ktc_encryptionKey *)tu->ct.HandShakeKey,
-						 /* kvno */
-						 tu->ct.AuthHandle, tu->stLen,
-						 tu->stp);
-	}
-	if (isec == 0)
-	    csec = rxnull_NewClientSecurityObject();
+	csec = afs_pickSecurityObject(tc, &isec);
+
 	AFS_GUNLOCK();
 	tc->id = rx_NewConnection(sap->sa_ip, aport, service, csec, isec);
 	AFS_GLOCK();