c3bd400fa2
4c34168b01 ("base: Fix use of
HEIM_USE_PATH_TOKENS") relocated the expansion of path tokens
within heim_config_parse_file_multi() so it is only performed
for non-plist files. However, parse_plist_config() does not
understand tokens and will treat them as path components. As
a result, plist paths such as
%{USERCONFIG}/Library/Preferences/com.apple.Kerberos.plist
will not be expanded. If parse_plist_config() fails with ENOENT,
then the plist configuration will be skipped and krb5_init_context()
will succeed. However, if the current working directory is invalid,
then parse_plist_config() would return ENOMEM which is a fatal
error and krb5_init_context() would fail.
For example, on macOS, if the cwd is in /afs and the user's
tokens have expired:
user@MacBookAir user % ~/src/heimdal/kuser/heimtools klist
shell-init: error retrieving current directory:
getcwd: cannot access parent directories: Permission denied
chdir: error retrieving current directory:
getcwd: cannot access parent directories: Permission denied
heimtools: krb5_init_context failed: 12
With this change %{USERCONFIG} is expanded and parse_plist_config()
is called with an absolute path. Even though the specified file
is inaccessible, the krb5_init_context() call succeeds.
Heimdal
Heimdal is an implementation of:
- ASN.1/DER,
- PKIX, and
- Kerberos.
For information how to install see here.
There are man pages for most of the commands.
Bug reports and bugs are appreciated. Use GitHub issues.
For more information see the project homepage https://heimdal.software/heimdal/ or the mailing lists:
heimdal-announce@heimdal.software low-volume announcement heimdal-discuss@heimdal.software high-volume discussion
send mail to heimdal-announce-subscribe@heimdal.software and heimdal-discuss-subscribe@heimdal.software respectively to subscribe.
Build Status