From 703849934244f67bfbae1bb83169a5f32a4eab9d Mon Sep 17 00:00:00 2001 From: Andrew Deason Date: Tue, 26 Mar 2013 13:27:33 -0500 Subject: [PATCH] aklog: Only try to use krb5-weak.conf if it exists The logic we use for using krb5-weak.conf to allow 'weak crypto' requires us to know where the default krb5.conf is. The default krb5.conf local can vary significantly depending on the platform, and we don't have a good way of figuring out what it is, so we guess. We may guess wrong. To limit the cases where we guess wrong, only try to do this workaround if the krb5-weak.conf file actually exists. Reviewed-on: http://gerrit.openafs.org/9667 Reviewed-by: Derrick Brashear Reviewed-by: Jeffrey Altman Tested-by: BuildBot (cherry picked from commit 95240a5a5030a1053ce9966b54037eda2d37140b) Change-Id: I02313b2cc37da05adc0529e685abf6a8546bb3de Reviewed-on: http://gerrit.openafs.org/9687 Tested-by: BuildBot Reviewed-by: Michael Meffie Reviewed-by: Andrew Deason Reviewed-by: Benjamin Kaduk Reviewed-by: Stephan Wiesand --- src/aklog/aklog.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/src/aklog/aklog.c b/src/aklog/aklog.c index bc61fbc6f..c5bc9df5d 100644 --- a/src/aklog/aklog.c +++ b/src/aklog/aklog.c @@ -1525,10 +1525,17 @@ main(int argc, char *argv[]) char *defaultpath = "~/Library/Preferences/edu.mit.Kerberos:/Library/Preferences/edu.mit.Kerberos"; #endif filepath = getenv("KRB5_CONFIG"); - afs_asprintf(&newpath, "%s:%s/krb5-weak.conf", - filepath ? filepath : defaultpath, - AFSDIR_CLIENT_ETC_DIRPATH); - setenv("KRB5_CONFIG", newpath, 1); + + /* only fiddle with KRB5_CONFIG if krb5-weak.conf actually exists */ + afs_asprintf(&newpath, "%s/krb5-weak.conf", AFSDIR_CLIENT_ETC_DIRPATH); + if (access(newpath, R_OK) == 0) { + free(newpath); + newpath = NULL; + afs_asprintf(&newpath, "%s:%s/krb5-weak.conf", + filepath ? filepath : defaultpath, + AFSDIR_CLIENT_ETC_DIRPATH); + setenv("KRB5_CONFIG", newpath, 1); + } #endif krb5_init_context(&context); -- 2.39.5