From 14d30b74ee2aee3a203e5aee3f42bc6db096ef33 Mon Sep 17 00:00:00 2001 From: Simon Wilkinson Date: Tue, 1 Mar 2011 14:01:46 +0000 Subject: [PATCH] ptuser/hpr: Don't check for a KeyFile ptuser and viced's hpr were checking for a KeyFile before calling ClientAuthSecure. If a KeyFile doesn't exist, then they would display a warning message, and use an rxnull connection. However, ClientAuthSecure will return a rxnull connection if it can't find a KeyFile. So, simplify all of this to just use ClientAuthSecure, which knows better than we do what keys are usable and which aren't. Change-Id: I14b6170ec49e0ca85bc371d3bdfa04aecf39f150 Reviewed-on: http://gerrit.openafs.org/4100 Reviewed-by: Andrew Deason Tested-by: BuildBot Reviewed-by: Derrick Brashear --- src/ptserver/ptuser.c | 15 +++++---------- src/viced/host.c | 20 ++++++++++---------- 2 files changed, 15 insertions(+), 20 deletions(-) diff --git a/src/ptserver/ptuser.c b/src/ptserver/ptuser.c index 5364407ec..0ac9049bb 100644 --- a/src/ptserver/ptuser.c +++ b/src/ptserver/ptuser.c @@ -294,16 +294,11 @@ pr_Initialize(IN afs_int32 secLevel, IN const char *confDir, IN char *cell) * to force use of the KeyFile. secLevel == 0 implies -noauth was * specified. */ if (secLevel == 2) { - code = afsconf_GetLatestKey(tdir, 0, 0); - if (code) { - afs_com_err(whoami, code, "(getting key from local KeyFile)\n"); - } else { - /* If secLevel is two assume we're on a file server and use - * ClientAuthSecure if possible. */ - code = afsconf_ClientAuthSecure(tdir, &sc, &scIndex); - if (code) - afs_com_err(whoami, code, "(calling client secure)\n"); - } + /* If secLevel is two assume we're on a file server and use + * ClientAuthSecure if possible. */ + code = afsconf_ClientAuthSecure(tdir, &sc, &scIndex); + if (code) + afs_com_err(whoami, code, "(calling client secure)\n"); } else if (secLevel > 0) { secFlags = 0; if (secLevel > 1) diff --git a/src/viced/host.c b/src/viced/host.c index 8dd9865c0..fae7a9c74 100644 --- a/src/viced/host.c +++ b/src/viced/host.c @@ -305,17 +305,17 @@ hpr_Initialize(struct ubik_client **uclient) /* Most callers use secLevel==1, however, the fileserver uses secLevel==2 * to force use of the KeyFile. secLevel == 0 implies -noauth was * specified. */ - if ((afsconf_GetLatestKey(tdir, 0, 0) == 0)) { - code = afsconf_ClientAuthSecure(tdir, &sc, &scIndex); - if (code) - ViceLog(0, ("hpr_Initialize: clientauthsecure returns %d %s (so trying noauth)", code, afs_error_message(code))); - if (code) - scIndex = RX_SECIDX_NULL; - } - if ((scIndex == RX_SECIDX_NULL) && (sc == NULL)) - sc = rxnull_NewClientSecurityObject(); + code = afsconf_ClientAuthSecure(tdir, &sc, &scIndex); + if (code) { + ViceLog(0, ("hpr_Initialize: clientauthsecure returns %d %s " + "(so trying noauth)", code, afs_error_message(code))); + scIndex = RX_SECIDX_NULL; + sc = rxnull_NewClientSecurityObject(); + } + if (scIndex == RX_SECIDX_NULL) - ViceLog(0, ("hpr_Initialize: Could not get afs tokens, running unauthenticated. [%d]", code)); + ViceLog(0, ("hpr_Initialize: Could not get afs tokens, " + "running unauthenticated. [%d]", code)); memset(serverconns, 0, sizeof(serverconns)); /* terminate list!!! */ for (i = 0; i < info.numServers; i++) { -- 2.39.5