aklog: Only try to use krb5-weak.conf if it exists

The logic we use for using krb5-weak.conf to allow 'weak crypto'
requires us to know where the default krb5.conf is. The default
krb5.conf local can vary significantly depending on the platform, and
we don't have a good way of figuring out what it is, so we guess. We
may guess wrong.

To limit the cases where we guess wrong, only try to do this
workaround if the krb5-weak.conf file actually exists.

Change-Id: Id3905268b5cc22dafb4dd539b9f3d323a656fee2
Reviewed-on: http://gerrit.openafs.org/9667
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

diff --git a/src/aklog/aklog.c b/src/aklog/aklog.c
index b39f752..9e5b811 100644 (file)
--- a/src/aklog/aklog.c
+++ b/src/aklog/aklog.c
@@ -1468,10 +1468,17 @@ main(int argc, char *argv[])
        char *defaultpath = "~/Library/Preferences/edu.mit.Kerberos:/Library/Preferences/edu.mit.Kerberos";
 #endif
        filepath = getenv("KRB5_CONFIG");
-       asprintf(&newpath, "%s:%s/krb5-weak.conf",
-                filepath ? filepath : defaultpath,
-                AFSDIR_CLIENT_ETC_DIRPATH);
-       setenv("KRB5_CONFIG", newpath, 1);
+
+       /* only fiddle with KRB5_CONFIG if krb5-weak.conf actually exists */
+       asprintf(&newpath, "%s/krb5-weak.conf", AFSDIR_CLIENT_ETC_DIRPATH);
+       if (access(newpath, R_OK) == 0) {
+           free(newpath);
+           newpath = NULL;
+           asprintf(&newpath, "%s:%s/krb5-weak.conf",
+                    filepath ? filepath : defaultpath,
+                    AFSDIR_CLIENT_ETC_DIRPATH);
+           setenv("KRB5_CONFIG", newpath, 1);
+       }
 #endif
        krb5_init_context(&context);