oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

replace the krb5.conf configuration option that describes the mapping

Browse Source 
between principals and subject names with a file, default
/var/heimdal/pki-mapping. XXX this should be pushed into HDB
XXX should add issuer too


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13727 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2004-04-17 09:01:35 +00:00
parent 4121fc049e
commit 2553080b05
1 changed files with 45 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
kdc/pkinit.c
View File

@@ -1047,8 +1047,11 @@ add_principal_mapping(const char *principal_name, const char * subject)
krb5_error_code krb5_error_code
pk_initialize(const char *user_id, const char *x509_anchors) pk_initialize(const char *user_id, const char *x509_anchors)
{ {
const krb5_config_binding *binding; const char *mapping_file;
krb5_error_code ret; krb5_error_code ret;
char buf[1024];
unsigned long lineno = 0;
FILE *f;
principal_mappings.len = 0; principal_mappings.len = 0;
principal_mappings.val = NULL; principal_mappings.val = NULL;
@@ -1065,22 +1068,49 @@ pk_initialize(const char *user_id, const char *x509_anchors)
return ret; return ret;
} }
binding = krb5_config_get_list(context, mapping_file = krb5_config_get_string_default(context,
NULL, NULL,
"kdc", HDB_DB_DIR "/pki-mapping",
"pki-allowed-principals", "kdc",
NULL); "pki-mappings-file",
while (binding) { NULL);
if (binding->type != krb5_config_string) f = fopen(mapping_file, "r");
continue; if (f == NULL) {
ret = add_principal_mapping(binding->name, binding->u.string); krb5_warn(context, ret, "PKINIT: failed to load mappings file %s",
if (ret) mapping_file);
krb5_err(context, 1, ret, "adding cert %s to principal %s failed", return 0;
binding->u.string, binding->name);
binding = binding->next;
} }
return ret; while (fgets(buf, sizeof(buf), f) != NULL) {
char *subject_name, *p;
buf[strcspn(buf, "\n")] = '\0';
lineno++;
p = buf + strspn(buf, " \t");
if (*p == '#' || *p == '\0')
continue;
subject_name = strchr(p, ':');
if (subject_name == NULL) {
krb5_warnx(context, "line %lu missing \":\" :%s\n",
lineno, buf);
continue;
}
*subject_name++ = '\0';
ret = add_principal_mapping(p, subject_name);
if (ret) {
krb5_warn(context, ret, "failed to add line %lu \":\" :%s\n",
lineno, buf);
continue;
}
}
fclose(f);
return 0;
} }
#endif /* PKINIT */ #endif /* PKINIT */