auth: Rework PickClientSecObj
authorSimon Wilkinson <sxw@your-file-system.com>
Fri, 25 Feb 2011 01:30:02 +0000 (01:30 +0000)
committerDerrick Brashear <shadow@dementia.org>
Sat, 26 Feb 2011 12:01:11 +0000 (04:01 -0800)
When called in localauth mode, this function was using
afsconf_GetLatestKey to check that the machine has a key file. However,
the ClientAuth and ClientAuthSecure functions then go on to do exactly
the same thing.

Instead, pick up on ClientAuth returning a rxnull security layer, and
trigger the NOTFOUND error based on that, rather than on the absence of
an old-style key file.

Change-Id: Ifb2d3a98bca5d1d67e303dcfeab1bb6f1efdc570
Reviewed-on: http://gerrit.openafs.org/4053
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>

src/auth/authcon.c

index 171eb4d..a6cfff6 100644 (file)
@@ -317,10 +317,6 @@ afsconf_PickClientSecObj(struct afsconf_dir *dir, afsconf_secflags flags,
            return AFSCONF_NOCELLDB;
 
        if (flags & AFSCONF_SECOPTS_LOCALAUTH) {
-           code = afsconf_GetLatestKey(dir, 0, 0);
-           if (code)
-               goto out;
-
            if (flags & AFSCONF_SECOPTS_ALWAYSENCRYPT)
                code = afsconf_ClientAuthSecure(dir, sc, scIndex);
            else
@@ -329,6 +325,17 @@ afsconf_PickClientSecObj(struct afsconf_dir *dir, afsconf_secflags flags,
            if (code)
                goto out;
 
+           /* The afsconf_ClientAuth functions will fall back to giving
+            * a rxnull object, which we don't want if localauth has been
+            * explicitly requested. Check for this, and bail out if we
+            * get one. Note that this leaks a security object at present
+            */
+           if (scIndex == RX_SECIDX_NULL) {
+               sc = NULL;
+               code = AFSCONF_NOTFOUND;
+               goto out;
+           }
+
            if (expires)
                *expires = NEVERDATE;
        } else {