oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(_kdc_pk_check_client): reorganize and make log when a SAN matches.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17348 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-04-29 14:30:01 +00:00
parent a4e67a6533
commit 36b923f56a
1 changed files with 11 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
kdc/pkinit.c
View File

@@ -1120,14 +1120,6 @@ _kdc_pk_check_client(krb5_context context,
hx509_name name; hx509_name name;
int i; int i;
if (config->enable_pkinit_princ_in_cert) {
ret = pk_principal_from_X509(context, config,
client_params->cert,
client_princ);
if (ret == 0)
return 0;
}
ret = hx509_cert_get_base_subject(kdc_identity->hx509ctx, ret = hx509_cert_get_base_subject(kdc_identity->hx509ctx,
client_params->cert, client_params->cert,
&name); &name);
@@ -1143,6 +1135,17 @@ _kdc_pk_check_client(krb5_context context,
"Trying to authorize subject DN %s", "Trying to authorize subject DN %s",
*subject_name); *subject_name);
if (config->enable_pkinit_princ_in_cert) {
ret = pk_principal_from_X509(context, config,
client_params->cert,
client_princ);
if (ret == 0) {
kdc_log(context, config, 5,
"Found matching PK-INIT SAN in certificate");
return 0;
}
}
for (i = 0; i < principal_mappings.len; i++) { for (i = 0; i < principal_mappings.len; i++) {
krb5_boolean b; krb5_boolean b;