When called in localauth mode, this function was using
afsconf_GetLatestKey to check that the machine has a key file. However,
the ClientAuth and ClientAuthSecure functions then go on to do exactly
the same thing.
Instead, pick up on ClientAuth returning a rxnull security layer, and
trigger the NOTFOUND error based on that, rather than on the absence of
an old-style key file.
Change-Id: Ifb2d3a98bca5d1d67e303dcfeab1bb6f1efdc570
Reviewed-on: http://gerrit.openafs.org/4053
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
return AFSCONF_NOCELLDB;
if (flags & AFSCONF_SECOPTS_LOCALAUTH) {
- code = afsconf_GetLatestKey(dir, 0, 0);
- if (code)
- goto out;
-
if (flags & AFSCONF_SECOPTS_ALWAYSENCRYPT)
code = afsconf_ClientAuthSecure(dir, sc, scIndex);
else
if (code)
goto out;
+ /* The afsconf_ClientAuth functions will fall back to giving
+ * a rxnull object, which we don't want if localauth has been
+ * explicitly requested. Check for this, and bail out if we
+ * get one. Note that this leaks a security object at present
+ */
+ if (scIndex == RX_SECIDX_NULL) {
+ sc = NULL;
+ code = AFSCONF_NOTFOUND;
+ goto out;
+ }
+
if (expires)
*expires = NEVERDATE;
} else {