oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

hx509: Add hx509.conf support

Browse Source 
Just like krb5.conf, but hx509.conf, with all the same default locations
on Windows, OS X, and elsewhere, and HX509_CONFIG as the environment
variable equivalent of KRB5_CONFIG.
This commit is contained in:
Nicolas Williams
2020-03-02 22:33:07 -06:00
parent 78a21fdd95
commit 679bcb6872
4 changed files with 75 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/base/context.c
View File

@@ -406,7 +406,7 @@ heim_error_code
heim_set_config_files(heim_context context, char **filenames, heim_set_config_files(heim_context context, char **filenames,
heim_config_binding **res) heim_config_binding **res)
{ {
heim_error_code ret; heim_error_code ret = 0;
*res = NULL; *res = NULL;
while (filenames != NULL && *filenames != NULL && **filenames != '\0') { while (filenames != NULL && *filenames != NULL && **filenames != '\0') {
@@ -421,10 +421,14 @@ heim_set_config_files(heim_context context, char **filenames,
} }
#ifdef _WIN32 #ifdef _WIN32
/*
* We always ignored errors from loading from the registry, so we still do.
*/
heim_load_config_from_registry(context, REGPATH_KERBEROS, heim_load_config_from_registry(context, REGPATH_KERBEROS,
REGPATH_HEIMDAL, res); REGPATH_HEIMDAL, res);
#endif #endif
return ret; return 0;
} }
void void

76
lib/hx509/cert.c
View File

@@ -125,6 +125,18 @@ hx509_get_instance(const char *libname)
return 0; return 0;
} }
#define PATH_SEP ":"
static const char *hx509_config_file =
"~/.hx509/config" PATH_SEP
SYSCONFDIR "/hx509.conf" PATH_SEP
#ifdef _WIN32
"%{COMMON_APPDATA}/Heimdal/hx509.conf" PATH_SEP
"%{WINDOWS}/hx509.ini"
#else /* _WIN32 */
"/etc/hx509.conf"
#endif /* _WIN32 */
;
/** /**
* Creates a hx509 context that most functions in the library * Creates a hx509 context that most functions in the library
* uses. The context is only allowed to be used by one thread at each * uses. The context is only allowed to be used by one thread at each
@@ -138,34 +150,68 @@ hx509_get_instance(const char *libname)
*/ */
HX509_LIB_FUNCTION int HX509_LIB_CALL HX509_LIB_FUNCTION int HX509_LIB_CALL
hx509_context_init(hx509_context *context) hx509_context_init(hx509_context *contextp)
{ {
static heim_base_once_t init_context = HEIM_BASE_ONCE_INIT; static heim_base_once_t init_context = HEIM_BASE_ONCE_INIT;
heim_error_code ret;
hx509_context context;
const char *anchors;
char **files = NULL;
*context = calloc(1, sizeof(**context)); *contextp = NULL;
if (*context == NULL) context = calloc(1, sizeof(*context));
if (context == NULL)
return ENOMEM; return ENOMEM;
heim_base_once_f(&init_context, NULL, init_context_once); heim_base_once_f(&init_context, NULL, init_context_once);
_hx509_ks_null_register(*context); if ((context->hcontext = heim_context_init()) == NULL) {
_hx509_ks_mem_register(*context); free(context);
_hx509_ks_file_register(*context); return ENOMEM;
_hx509_ks_pkcs12_register(*context); }
_hx509_ks_pkcs11_register(*context);
_hx509_ks_dir_register(*context);
_hx509_ks_keychain_register(*context);
(*context)->ocsp_time_diff = HX509_DEFAULT_OCSP_TIME_DIFF; if ((ret = heim_get_default_config_files(hx509_config_file,
"HX509_CONFIG",
&files))) {
heim_context_free(&context->hcontext);
free(context);
return ret;
}
initialize_hx_error_table_r(&(*context)->et_list); /* If there's no hx509 config, we continue, as we never needed it before */
initialize_asn1_error_table_r(&(*context)->et_list); if (files)
(void) heim_set_config_files(context->hcontext, files, &context->cf);
heim_free_config_files(files);
_hx509_ks_null_register(context);
_hx509_ks_mem_register(context);
_hx509_ks_file_register(context);
_hx509_ks_pkcs12_register(context);
_hx509_ks_pkcs11_register(context);
_hx509_ks_dir_register(context);
_hx509_ks_keychain_register(context);
context->ocsp_time_diff =
heim_config_get_time_default(context->hcontext, context->cf,
HX509_DEFAULT_OCSP_TIME_DIFF,
"libdefaults", "ocsp_time_dif", NULL);
initialize_hx_error_table_r(&context->et_list);
initialize_asn1_error_table_r(&context->et_list);
#ifdef HX509_DEFAULT_ANCHORS #ifdef HX509_DEFAULT_ANCHORS
(void)hx509_certs_init(*context, HX509_DEFAULT_ANCHORS, 0, anchors = heim_config_get_string_default(context->hcontext, context->cf,
NULL, &(*context)->default_trust_anchors); HX509_DEFAULT_ANCHORS,
"libdefaults", "anchors", NULL);
#else
anchors = heim_config_get_string(context->hcontext, context->cf,
"libdefaults", "anchors", NULL);
#endif #endif
if (anchors)
(void)hx509_certs_init(context, anchors, 0, NULL,
&context->default_trust_anchors);
*contextp = context;
return 0; return 0;
} }

2
lib/hx509/hx_locl.h
View File

@@ -208,6 +208,8 @@ struct hx509_context_data {
struct et_list *et_list; struct et_list *et_list;
char *querystat; char *querystat;
hx509_certs default_trust_anchors; hx509_certs default_trust_anchors;
heim_context hcontext;
heim_config_section *cf;
}; };
/* _hx509_calculate_path flag field */ /* _hx509_calculate_path flag field */

7
lib/krb5/context.c
View File

@@ -728,11 +728,14 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_config_files(krb5_context context, char **filenames) krb5_set_config_files(krb5_context context, char **filenames)
{ {
krb5_error_code ret; krb5_error_code ret;
heim_config_binding *tmp = NULL;
if ((ret = heim_set_config_files(context->hcontext, filenames, if ((ret = heim_set_config_files(context->hcontext, filenames,
&context->cf)) == 0) &tmp)))
ret = init_context_from_config_file(context);
return ret; return ret;
krb5_config_file_free(context, context->cf);
context->cf = tmp;
return init_context_from_config_file(context);
} }
#ifndef HEIMDAL_SMALLER #ifndef HEIMDAL_SMALLER