From 9eafe7e6a8e18f63cc59b3395ae8f0d55a6c95f8 Mon Sep 17 00:00:00 2001 From: Simon Wilkinson Date: Fri, 25 Feb 2011 01:30:02 +0000 Subject: [PATCH] auth: Rework PickClientSecObj When called in localauth mode, this function was using afsconf_GetLatestKey to check that the machine has a key file. However, the ClientAuth and ClientAuthSecure functions then go on to do exactly the same thing. Instead, pick up on ClientAuth returning a rxnull security layer, and trigger the NOTFOUND error based on that, rather than on the absence of an old-style key file. Change-Id: Ifb2d3a98bca5d1d67e303dcfeab1bb6f1efdc570 Reviewed-on: http://gerrit.openafs.org/4053 Tested-by: BuildBot Reviewed-by: Derrick Brashear --- src/auth/authcon.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/src/auth/authcon.c b/src/auth/authcon.c index 171eb4d..a6cfff6 100644 --- a/src/auth/authcon.c +++ b/src/auth/authcon.c @@ -317,10 +317,6 @@ afsconf_PickClientSecObj(struct afsconf_dir *dir, afsconf_secflags flags, return AFSCONF_NOCELLDB; if (flags & AFSCONF_SECOPTS_LOCALAUTH) { - code = afsconf_GetLatestKey(dir, 0, 0); - if (code) - goto out; - if (flags & AFSCONF_SECOPTS_ALWAYSENCRYPT) code = afsconf_ClientAuthSecure(dir, sc, scIndex); else @@ -329,6 +325,17 @@ afsconf_PickClientSecObj(struct afsconf_dir *dir, afsconf_secflags flags, if (code) goto out; + /* The afsconf_ClientAuth functions will fall back to giving + * a rxnull object, which we don't want if localauth has been + * explicitly requested. Check for this, and bail out if we + * get one. Note that this leaks a security object at present + */ + if (scIndex == RX_SECIDX_NULL) { + sc = NULL; + code = AFSCONF_NOTFOUND; + goto out; + } + if (expires) *expires = NEVERDATE; } else { -- 1.9.4