From: Simon Wilkinson <sxw@your-file-system.com>
Date: Mon, 6 Sep 2010 08:37:23 +0000 (+0100)
Subject: aklog: Fix weak_crypto tests
X-Git-Tag: upstream/1.8.0_pre1^2~4838
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=696e1c015eeef259451c101813b9e930e402cb49;p=packages%2Fo%2Fopenafs.git

aklog: Fix weak_crypto tests

The tests for the various ways of enabling weak cryptography fail
with current Heimdal master, because it defines krb5_allow_weak_crypto
but does not prototype it.

Fix this by testing for the Heimdal version (which MIT does not provide)
first, and only if that's not available, try to use allow_weak_crypto.

Change-Id: I559d5fd40c196fefc947dd0f7b10ed78fbd2c7e6
Reviewed-on: http://gerrit.openafs.org/2739
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
---

diff --git a/src/aklog/aklog.c b/src/aklog/aklog.c
index df81a7531..2f8253cec 100644
--- a/src/aklog/aklog.c
+++ b/src/aklog/aklog.c
@@ -1501,12 +1501,12 @@ main(int argc, char *argv[])
      * krb5_allow_weak_crypto is MIT Kerberos 1.8.  krb5_enctype_enable is
      * Heimdal.
      */
-#if defined(HAVE_KRB5_ALLOW_WEAK_CRYPTO)
-    krb5_allow_weak_crypto(context, 1);
-#elif defined(HAVE_KRB5_ENCTYPE_ENABLE)
+#if defined(HAVE_KRB5_ENCTYPE_ENABLE)
     i = krb5_enctype_valid(context, ETYPE_DES_CBC_CRC);
     if (i)
         krb5_enctype_enable(context, ETYPE_DES_CBC_CRC);
+#elif defined(HAVE_KRB5_ALLOW_WEAK_CRYPTO)
+    krb5_allow_weak_crypto(context, 1);
 #endif
 
     /* Initialize list of cells to which we have authenticated */
diff --git a/src/aklog/klog.c b/src/aklog/klog.c
index 02cdeaa9f..b6defa4fc 100644
--- a/src/aklog/klog.c
+++ b/src/aklog/klog.c
@@ -445,12 +445,12 @@ CommandProc(struct cmd_syndesc *as, void *arock)
      * krb5_allow_weak_crypto is MIT Kerberos 1.8.  krb5_enctype_enable is
      * Heimdal.
      */
-#if defined(HAVE_KRB5_ALLOW_WEAK_CRYPTO)
-    krb5_allow_weak_crypto(k5context, 1);
-#elif defined(HAVE_KRB5_ENCTYPE_ENABLE)
+#if defined(HAVE_KRB5_ENCTYPE_ENABLE)
     i = krb5_enctype_valid(k5context, ETYPE_DES_CBC_CRC);
     if (i)
         krb5_enctype_enable(k5context, ETYPE_DES_CBC_CRC);
+#elif defined(HAVE_KRB5_ALLOW_WEAK_CRYPTO)
+    krb5_allow_weak_crypto(k5context, 1);
 #endif
 
     /* Parse remaining arguments. */