oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

krb5: fix a couple of missing options in verify_krb5_conf

Browse Source
This commit is contained in:
Luke Howard
2018-12-31 18:18:08 +11:00
parent 014f16883c
commit 58b77bb485
1 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
lib/krb5/verify_krb5_conf.c
View File

@@ -216,6 +216,20 @@ check_host(krb5_context context, const char *path, char *data)
return 0;
}
static int
check_directory(krb5_context context, const char *path, char *data)
{
DIR *d = opendir(data);
if (d == NULL) {
krb5_warn(context, errno, "%s: could not open directory `%s'",
path, data);
return 1;
}
closedir(d);
return 0;
}
static int
mit_entry(krb5_context context, const char *path, char *data)
{
@@ -399,7 +413,7 @@ struct entry libdefaults_entries[] = {
{ "default_keytab_modify_name", krb5_config_string, NULL, 0 },
{ "default_realm", krb5_config_string, NULL, 0 },
{ "default_tgs_etypes", krb5_config_string, NULL, 0 },
{ "dns_canonize_hostname", krb5_config_string, check_boolean, 0 },
{ "dns_canonicalize_hostname", krb5_config_string, check_boolean, 0 },
{ "dns_proxy", krb5_config_string, NULL, 0 },
{ "dns_lookup_kdc", krb5_config_string, check_boolean, 0 },
{ "dns_lookup_realm", krb5_config_string, check_boolean, 0 },
@@ -429,6 +443,7 @@ struct entry libdefaults_entries[] = {
{ "name_canon_rules", krb5_config_string, NULL, 0 },
{ "no-addresses", krb5_config_string, check_boolean, 0 },
{ "pkinit_dh_min_bits", krb5_config_string, NULL, 0 },
{ "plugin_dir", krb5_config_string, check_directory, 0 },
{ "proxiable", krb5_config_string, check_boolean, 0 },
{ "renew_lifetime", krb5_config_string, check_time, 0 },
{ "scan_interfaces", krb5_config_string, check_boolean, 0 },
@@ -572,6 +587,7 @@ struct entry kdc_entries[] = {
{ "logging", krb5_config_string, check_log, 0 },
{ "max-kdc-datagram-reply-length", krb5_config_string, check_bytes, 0 },
{ "max-request", krb5_config_string, check_bytes, 0 },
{ "num-kdc-processes", krb5_config_string, check_numeric, 0 },
{ "pkinit_allow_proxy_certificate", krb5_config_string, check_boolean, 0 },
{ "pkinit_anchors", krb5_config_string, NULL, 0 },
{ "pkinit_dh_min_bits", krb5_config_string, check_numeric, 0 },
@@ -587,6 +603,7 @@ struct entry kdc_entries[] = {
{ "preauth-use-strongest-session-key", krb5_config_string, check_boolean, 0 },
{ "require_initial_kca_tickets", krb5_config_string, check_boolean, 0 },
{ "require-preauth", krb5_config_string, check_boolean, 0 },
{ "strict-nametypes", krb5_config_string, check_boolean, 0 },
{ "svc-use-strongest-session-key", krb5_config_string, check_boolean, 0 },
{ "tgt-use-strongest-session-key", krb5_config_string, check_boolean, 0 },
{ "transited-policy", krb5_config_string, NULL, 0 },
@@ -600,6 +617,7 @@ struct entry kadmin_entries[] = {
{ "allow_self_change_password", krb5_config_string, check_boolean, 0 },
{ "default_keys", krb5_config_string, NULL, 0 },
{ "password_lifetime", krb5_config_string, check_time, 0 },
{ "plugin_dir", krb5_config_string, check_directory, 0 },
{ "require-preauth", krb5_config_string, check_boolean, 0 },
{ "save-password", krb5_config_string, check_boolean, 0 },
{ "use_v4_salt", krb5_config_string, NULL, 0 },