From: Simon Wilkinson Date: Fri, 25 Feb 2011 01:30:02 +0000 (+0000) Subject: auth: Rework PickClientSecObj X-Git-Tag: upstream/1.8.0_pre1^2~4140 X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=9eafe7e6a8e18f63cc59b3395ae8f0d55a6c95f8;p=packages%2Fo%2Fopenafs.git auth: Rework PickClientSecObj When called in localauth mode, this function was using afsconf_GetLatestKey to check that the machine has a key file. However, the ClientAuth and ClientAuthSecure functions then go on to do exactly the same thing. Instead, pick up on ClientAuth returning a rxnull security layer, and trigger the NOTFOUND error based on that, rather than on the absence of an old-style key file. Change-Id: Ifb2d3a98bca5d1d67e303dcfeab1bb6f1efdc570 Reviewed-on: http://gerrit.openafs.org/4053 Tested-by: BuildBot Reviewed-by: Derrick Brashear --- diff --git a/src/auth/authcon.c b/src/auth/authcon.c index 171eb4d82..a6cfff6e0 100644 --- a/src/auth/authcon.c +++ b/src/auth/authcon.c @@ -317,10 +317,6 @@ afsconf_PickClientSecObj(struct afsconf_dir *dir, afsconf_secflags flags, return AFSCONF_NOCELLDB; if (flags & AFSCONF_SECOPTS_LOCALAUTH) { - code = afsconf_GetLatestKey(dir, 0, 0); - if (code) - goto out; - if (flags & AFSCONF_SECOPTS_ALWAYSENCRYPT) code = afsconf_ClientAuthSecure(dir, sc, scIndex); else @@ -329,6 +325,17 @@ afsconf_PickClientSecObj(struct afsconf_dir *dir, afsconf_secflags flags, if (code) goto out; + /* The afsconf_ClientAuth functions will fall back to giving + * a rxnull object, which we don't want if localauth has been + * explicitly requested. Check for this, and bail out if we + * get one. Note that this leaks a security object at present + */ + if (scIndex == RX_SECIDX_NULL) { + sc = NULL; + code = AFSCONF_NOTFOUND; + goto out; + } + if (expires) *expires = NEVERDATE; } else {