4c34168b01 ("base: Fix use of
HEIM_USE_PATH_TOKENS") relocated the expansion of path tokens
within heim_config_parse_file_multi() so it is only performed
for non-plist files. However, parse_plist_config() does not
understand tokens and will treat them as path components. As
a result, plist paths such as
%{USERCONFIG}/Library/Preferences/com.apple.Kerberos.plist
will not be expanded. If parse_plist_config() fails with ENOENT,
then the plist configuration will be skipped and krb5_init_context()
will succeed. However, if the current working directory is invalid,
then parse_plist_config() would return ENOMEM which is a fatal
error and krb5_init_context() would fail.
For example, on macOS, if the cwd is in /afs and the user's
tokens have expired:
user@MacBookAir user % ~/src/heimdal/kuser/heimtools klist
shell-init: error retrieving current directory:
getcwd: cannot access parent directories: Permission denied
chdir: error retrieving current directory:
getcwd: cannot access parent directories: Permission denied
heimtools: krb5_init_context failed: 12
With this change %{USERCONFIG} is expanded and parse_plist_config()
is called with an absolute path. Even though the specified file
is inaccessible, the krb5_init_context() call succeeds.
c3bd400fa2