* alt_prof.c (krb5_read_realm_params): If secure flag is set in

		context, do not allow for environment variables to specify
		configuration files.

Note: It is still possible to bypass the secure flag by directly calling
krb5_aprof_init which only krb5kdc does.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6929 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/kadm/ChangeLog b/src/lib/kadm/ChangeLog
index 5299d6a907cf014b84239411811d95120d22583d..a9c54843b033b3551839b942706357ad736d5c4d 100644 (file)
--- a/src/lib/kadm/ChangeLog
+++ b/src/lib/kadm/ChangeLog
@@ -1,3 +1,9 @@
+Thu Oct  5 12:06:35 1995  Ezra Peisach  <epeisach@kangaroo.mit.edu>
+
+       * alt_prof.c (krb5_read_realm_params): If secure flag is set in
+               context, do not allow for environment variables to specify
+               configuration files.
+
 Tue Sep 26 02:31:38 1995  Mark Eichin  <eichin@cygnus.com>
 
        * adm_conn.c (kadm_get_creds): zero out creds->server after

diff --git a/src/lib/kadm/alt_prof.c b/src/lib/kadm/alt_prof.c
index 2460f176e1f7c0ebb7696d82e9491078d4dfa2ff..316572e3dbba725b8bb33ee13226d0fb0d60791e 100644 (file)
--- a/src/lib/kadm/alt_prof.c
+++ b/src/lib/kadm/alt_prof.c
@@ -267,6 +267,9 @@ krb5_read_realm_params(kcontext, realm, kdcprofile, kdcenv, rparamp)
 
     filename = (kdcprofile) ? kdcprofile : DEFAULT_KDC_PROFILE;
     envname = (kdcenv) ? kdcenv : KDC_PROFILE_ENV;
+
+    if (kcontext->profile_secure == TRUE) envname = 0;
+
     rparams = (krb5_realm_params *) NULL;
     if (realm)
        lrealm = strdup(realm);