* init_os_ctx.c: Added support for KLL's __KLAllowHomeDirectoryAccess() function...

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15398 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/os/ChangeLog b/src/lib/krb5/os/ChangeLog
index a17633ad7faf7777751d0790a2e99823eed1372d..be62ff39e040499d3e712e98c22992c89ddecd0b 100644 (file)
--- a/src/lib/krb5/os/ChangeLog
+++ b/src/lib/krb5/os/ChangeLog
@@ -1,3 +1,8 @@
+2003-05-06  Alexandra Ellwood  <lxs@mit.edu>
+        * init_os_ctx.c: Added support for KLL's __KLAllowHomeDirectoryAccess()
+        function so that krb4, krb5 and gssapi will not access the user's homedir
+        if the application forbids it.
+
 2003-04-28  Sam Hartman  <hartmans@mit.edu>
 
        * changepw.c (krb5_change_set_password): Locate server in realm of

diff --git a/src/lib/krb5/os/init_os_ctx.c b/src/lib/krb5/os/init_os_ctx.c
index 7f2c2d5933a3da97ba588e40322012c3097440a8..8a09f015177c682e64b9c6b1de48475c1a461bac 100644 (file)
--- a/src/lib/krb5/os/init_os_ctx.c
+++ b/src/lib/krb5/os/init_os_ctx.c
@@ -234,8 +234,14 @@ os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure)
     unsigned int ent_len;
     const char *s, *t;
 
+#ifdef USE_LOGIN_LIBRARY
+    /* If __KLAllowHomeDirectoryAccess() == FALSE, we are probably
+        trying to authenticate to a fileserver for the user's homedir. */
+    if (secure || !__KLAllowHomeDirectoryAccess ()) {
+#else
     if (secure) {
-        filepath = DEFAULT_SECURE_PROFILE_PATH;
+#endif
+            filepath = DEFAULT_SECURE_PROFILE_PATH;
     } else { 
         filepath = getenv("KRB5_CONFIG");
         if (!filepath) filepath = DEFAULT_PROFILE_PATH;