#include <afs/ktc.h>
#include <afs/token.h>
+#define KERBEROS_APPLE_DEPRECATED(x)
#include <krb5.h>
-#if defined(HAVE_ET_COM_ERR_H)
-#include <et/com_err.h>
+#ifdef HAVE_COM_ERR_H
+# include <com_err.h>
+#elif HAVE_ET_COM_ERR_H
+# include <et/com_err.h>
+#elif HAVE_KRB5_COM_ERR_H
+# include <krb5/com_err.h>
#else
-#include <com_err.h>
+# error No com_err.h? We need some kind of com_err.h
#endif
#ifndef HAVE_KERBEROSV_HEIM_ERR_H
}
afs_dprintf("We've deduced that we need to authenticate"
" to realm %s.\n", realm_of_cell);
+ status = get_credv5(context, AFSKEY, cell->name,
+ realm_of_cell, v5cred);
}
- status = get_credv5(context, AFSKEY, cell->name,
- realm_of_cell, v5cred);
}
/* If the realm and cell name match, then try without an
char k4inst[INST_SZ];
char k4realm[REALM_SZ];
#endif
+ void *inkey = get_cred_keydata(v5cred);
+ size_t inkey_sz = get_cred_keylen(v5cred);
afs_dprintf("Using Kerberos V5 ticket natively\n");
token.kvno = RXKAD_TKT_TYPE_KERBEROS_V5;
token.startTime = v5cred->times.starttime;;
token.endTime = v5cred->times.endtime;
- memcpy(&token.sessionKey, get_cred_keydata(v5cred),
- get_cred_keylen(v5cred));
+ if (tkt_DeriveDesKey(get_creds_enctype(v5cred), inkey, inkey_sz,
+ &token.sessionKey) != 0) {
+ return RXKADBADKEY;
+ }
token.ticketLen = v5cred->ticket.length;
memcpy(token.ticket, v5cred->ticket.data, token.ticketLen);
if (origpath) {
memset(path, 0, sizeof(path));
memset(pathtocheck, 0, sizeof(pathtocheck));
- strcpy(path, origpath);
+ strlcpy(path, origpath, sizeof(path));
last_comp = path;
symlinkcount = 0;
return(NULL);
memset(tmpbuf, 0, sizeof(tmpbuf));
if (elast_comp)
- strcpy(tmpbuf, elast_comp);
+ strlcpy(tmpbuf, elast_comp, sizeof(tmpbuf));
if (linkbuf[0] == DIR) {
/*
* If this is a symbolic link to an absolute path,
{
char *filepath = NULL, *newpath = NULL;
#ifndef AFS_DARWIN_ENV
- char *defaultpath = "/etc/krb5.conf";
+ char *defaultpath = "/etc/krb5.conf:/etc/krb5/krb5.conf";
#else
char *defaultpath = "~/Library/Preferences/edu.mit.Kerberos:/Library/Preferences/edu.mit.Kerberos";
#endif
filepath = getenv("KRB5_CONFIG");
- asprintf(&newpath, "%s:%s/krb5-weak.conf",
- filepath ? filepath : defaultpath,
- AFSDIR_CLIENT_ETC_DIRPATH);
- setenv("KRB5_CONFIG", newpath, 1);
+
+ /* only fiddle with KRB5_CONFIG if krb5-weak.conf actually exists */
+ asprintf(&newpath, "%s/krb5-weak.conf", AFSDIR_CLIENT_ETC_DIRPATH);
+ if (access(newpath, R_OK) == 0) {
+ free(newpath);
+ newpath = NULL;
+ asprintf(&newpath, "%s:%s/krb5-weak.conf",
+ filepath ? filepath : defaultpath,
+ AFSDIR_CLIENT_ETC_DIRPATH);
+ setenv("KRB5_CONFIG", newpath, 1);
+ }
#endif
krb5_init_context(&context);
krb5_keytab_entry new[1];
int best = -1;
memset(new, 0, sizeof *new);
- if ((code == krb5_kt_start_seq_get(context, kt, cursor))) {
+ if ((code = krb5_kt_start_seq_get(context, kt, cursor))) {
afs_com_err(progname, code, "while starting keytab scan");
goto cleanup;
}
increds.client = client_principal;
increds.times.endtime = 0;
- /* Ask for DES since that is what V4 understands */
- get_creds_enctype((&increds)) = ENCTYPE_DES_CBC_CRC;
+ if (do524)
+ /* Ask for DES since that is what V4 understands */
+ get_creds_enctype((&increds)) = ENCTYPE_DES_CBC_CRC;
if (keytab) {
int allowed_enctypes[] = {