Don't load PKINIT if it was disabled in the build

Commit e362c356eafb49a9d90a4f20c6668682d4f50222 added trace logging
for errors loading plugin modules.  For a build with PKINIT disabled,
this change has the unfortunate side effect of adding many "unable to
load plugin" messages to the trace log.  Conditionalize
auto-registering PKINIT on it being enabled in the build.

[ghudson@mit.edu: added similar conditional to kdc_preauth.c; edited
commit message]

diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index 3752be6a46fea94d9c6fd62049835a9f5c02dabe..99a7a137ab3d192d8d74d80232e520837693e02e 100644 (file)
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -126,9 +126,11 @@ get_plugin_vtables(krb5_context context,
     *vtables_out = NULL;
     *n_tables_out = *n_systems_out = 0;
 
-    /* Auto-register encrypted challenge and (if possible) pkinit. */
+    /* Auto-register built-in modules. */
+#ifndef DISABLE_PKINIT
     k5_plugin_register_dyn(context, PLUGIN_INTERFACE_KDCPREAUTH, "pkinit",
                            "preauth");
+#endif
     k5_plugin_register_dyn(context, PLUGIN_INTERFACE_KDCPREAUTH, "otp",
                            "preauth");
     k5_plugin_register_dyn(context, PLUGIN_INTERFACE_KDCPREAUTH, "spake",

diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c
index b5ef6c61650a385a97f4fb2630882832f720c579..e199f50f99b1889f87986d95c1c15a346303a057 100644 (file)
--- a/src/lib/krb5/krb/preauth2.c
+++ b/src/lib/krb5/krb/preauth2.c
@@ -130,8 +130,10 @@ k5_init_preauth_context(krb5_context context)
         return;
 
     /* Auto-register built-in modules. */
+#ifndef DISABLE_PKINIT
     k5_plugin_register_dyn(context, PLUGIN_INTERFACE_CLPREAUTH, "pkinit",
                            "preauth");
+#endif /* not DISABLE_PKINIT */
     k5_plugin_register_dyn(context, PLUGIN_INTERFACE_CLPREAUTH, "spake",
                            "preauth");
     k5_plugin_register(context, PLUGIN_INTERFACE_CLPREAUTH,