* init_os_ctx.c: Added support for KLL's __KLAllowHomeDirectoryAccess() function so that krb4, krb5 and gssapi will not access the user's homedir if the application forbids it

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15398 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 12 insertions, 1 deletions

diff --git a/src/lib/krb5/os/ChangeLog b/src/lib/krb5/os/ChangeLog
index a17633ad7..be62ff39e 100644
--- a/src/lib/krb5/os/ChangeLog
+++ b/src/lib/krb5/os/ChangeLog
@@ -1,3 +1,8 @@
+2003-05-06  Alexandra Ellwood  <lxs@mit.edu>
+        * init_os_ctx.c: Added support for KLL's __KLAllowHomeDirectoryAccess()
+        function so that krb4, krb5 and gssapi will not access the user's homedir
+        if the application forbids it.
+
 2003-04-28  Sam Hartman  <hartmans@mit.edu>
 
 	* changepw.c (krb5_change_set_password): Locate server in realm of
diff --git a/src/lib/krb5/os/init_os_ctx.c b/src/lib/krb5/os/init_os_ctx.c
index 7f2c2d593..8a09f0151 100644
--- a/src/lib/krb5/os/init_os_ctx.c
+++ b/src/lib/krb5/os/init_os_ctx.c
@@ -234,8 +234,14 @@ os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure)
     unsigned int ent_len;
     const char *s, *t;
 
+#ifdef USE_LOGIN_LIBRARY
+    /* If __KLAllowHomeDirectoryAccess() == FALSE, we are probably
+        trying to authenticate to a fileserver for the user's homedir. */
+    if (secure || !__KLAllowHomeDirectoryAccess ()) {
+#else
     if (secure) {
-        filepath = DEFAULT_SECURE_PROFILE_PATH;
+#endif
+            filepath = DEFAULT_SECURE_PROFILE_PATH;
     } else { 
         filepath = getenv("KRB5_CONFIG");
         if (!filepath) filepath = DEFAULT_PROFILE_PATH;