aklog: Fix weak_crypto tests
authorSimon Wilkinson <sxw@your-file-system.com>
Mon, 6 Sep 2010 08:37:23 +0000 (09:37 +0100)
committerDerrick Brashear <shadow@dementia.org>
Mon, 13 Sep 2010 22:17:42 +0000 (15:17 -0700)
The tests for the various ways of enabling weak cryptography fail
with current Heimdal master, because it defines krb5_allow_weak_crypto
but does not prototype it.

Fix this by testing for the Heimdal version (which MIT does not provide)
first, and only if that's not available, try to use allow_weak_crypto.

Change-Id: I559d5fd40c196fefc947dd0f7b10ed78fbd2c7e6
Reviewed-on: http://gerrit.openafs.org/2739
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>

src/aklog/aklog.c
src/aklog/klog.c

index df81a75..2f8253c 100644 (file)
@@ -1501,12 +1501,12 @@ main(int argc, char *argv[])
      * krb5_allow_weak_crypto is MIT Kerberos 1.8.  krb5_enctype_enable is
      * Heimdal.
      */
-#if defined(HAVE_KRB5_ALLOW_WEAK_CRYPTO)
-    krb5_allow_weak_crypto(context, 1);
-#elif defined(HAVE_KRB5_ENCTYPE_ENABLE)
+#if defined(HAVE_KRB5_ENCTYPE_ENABLE)
     i = krb5_enctype_valid(context, ETYPE_DES_CBC_CRC);
     if (i)
         krb5_enctype_enable(context, ETYPE_DES_CBC_CRC);
+#elif defined(HAVE_KRB5_ALLOW_WEAK_CRYPTO)
+    krb5_allow_weak_crypto(context, 1);
 #endif
 
     /* Initialize list of cells to which we have authenticated */
index 02cdeaa..b6defa4 100644 (file)
@@ -445,12 +445,12 @@ CommandProc(struct cmd_syndesc *as, void *arock)
      * krb5_allow_weak_crypto is MIT Kerberos 1.8.  krb5_enctype_enable is
      * Heimdal.
      */
-#if defined(HAVE_KRB5_ALLOW_WEAK_CRYPTO)
-    krb5_allow_weak_crypto(k5context, 1);
-#elif defined(HAVE_KRB5_ENCTYPE_ENABLE)
+#if defined(HAVE_KRB5_ENCTYPE_ENABLE)
     i = krb5_enctype_valid(k5context, ETYPE_DES_CBC_CRC);
     if (i)
         krb5_enctype_enable(k5context, ETYPE_DES_CBC_CRC);
+#elif defined(HAVE_KRB5_ALLOW_WEAK_CRYPTO)
+    krb5_allow_weak_crypto(k5context, 1);
 #endif
 
     /* Parse remaining arguments. */