Added certificate revoke information from configuration file.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17054 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
@@ -502,7 +502,7 @@ configure(krb5_context context, int argc, char **argv)
|
||||
NULL);
|
||||
if (config->enable_pkinit) {
|
||||
const char *user_id, *anchors;
|
||||
char **chain;
|
||||
char **chain, **revoke;
|
||||
|
||||
user_id = krb5_config_get_string(context, NULL,
|
||||
"kdc",
|
||||
@@ -523,7 +523,12 @@ configure(krb5_context context, int argc, char **argv)
|
||||
"pki-chain",
|
||||
NULL);
|
||||
|
||||
_kdc_pk_initialize(context, config, user_id, anchors, chain);
|
||||
revoke = krb5_config_get_strings(context, NULL,
|
||||
"kdc",
|
||||
"pki-revoke",
|
||||
NULL);
|
||||
|
||||
_kdc_pk_initialize(context, config, user_id, anchors, chain, revoke);
|
||||
|
||||
krb5_config_free_strings(chain);
|
||||
|
||||
|
||||
21
kdc/pkinit.c
21
kdc/pkinit.c
@@ -52,6 +52,7 @@ struct krb5_pk_identity {
|
||||
hx509_certs certs;
|
||||
hx509_certs anchors;
|
||||
hx509_certs certpool;
|
||||
hx509_revoke_ctx revoke;
|
||||
};
|
||||
|
||||
enum pkinit_type {
|
||||
@@ -1238,7 +1239,8 @@ _kdc_pk_initialize(krb5_context context,
|
||||
krb5_kdc_configuration *config,
|
||||
const char *user_id,
|
||||
const char *anchors,
|
||||
char **pool)
|
||||
char **pool,
|
||||
char **revoke)
|
||||
{
|
||||
const char *file;
|
||||
krb5_error_code ret;
|
||||
@@ -1256,14 +1258,15 @@ _kdc_pk_initialize(krb5_context context,
|
||||
principal_mappings.len = 0;
|
||||
principal_mappings.val = NULL;
|
||||
|
||||
ret = _krb5_pk_load_openssl_id(context,
|
||||
&kdc_identity,
|
||||
user_id,
|
||||
anchors,
|
||||
pool,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL);
|
||||
ret = _krb5_pk_load_id(context,
|
||||
&kdc_identity,
|
||||
user_id,
|
||||
anchors,
|
||||
pool,
|
||||
revoke,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL);
|
||||
if (ret) {
|
||||
krb5_warn(context, ret, "PKINIT: failed to load");
|
||||
config->enable_pkinit = 0;
|
||||
|
||||
@@ -71,6 +71,7 @@ int fcache_version;
|
||||
char *pk_user_id = NULL;
|
||||
char *pk_x509_anchors = NULL;
|
||||
char **pk_x509_pool = NULL;
|
||||
char **pk_x509_revoke = NULL;
|
||||
|
||||
|
||||
static char *krb4_cc_name;
|
||||
@@ -466,6 +467,7 @@ get_new_tickets(krb5_context context,
|
||||
pk_user_id,
|
||||
pk_x509_anchors,
|
||||
pk_x509_pool,
|
||||
pk_x509_revoke,
|
||||
0,
|
||||
NULL,
|
||||
NULL,
|
||||
@@ -808,6 +810,12 @@ main (int argc, char **argv)
|
||||
"pkinit-pool",
|
||||
NULL);
|
||||
|
||||
pk_x509_revoke = krb5_config_get_strings(context, NULL,
|
||||
"appdefaults",
|
||||
"pkinit-revoke",
|
||||
NULL);
|
||||
|
||||
|
||||
if (pk_x509_anchors == NULL)
|
||||
krb5_appdefault_string(context, "kinit",
|
||||
krb5_principal_get_realm(context, principal),
|
||||
|
||||
Reference in New Issue
Block a user