oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Adapt to hx509 changes, use hdb_db_dir().

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22243 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2007-12-08 23:39:30 +00:00
parent 8f2eb467df
commit 71ec989edb
1 changed files with 22 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
kdc/pkinit.c
View File

@@ -1248,6 +1248,7 @@ out:
static int static int
match_rfc_san(krb5_context context, match_rfc_san(krb5_context context,
krb5_kdc_configuration *config, krb5_kdc_configuration *config,
hx509_context hx509ctx,
hx509_cert client_cert, hx509_cert client_cert,
krb5_const_principal match) krb5_const_principal match)
{ {
@@ -1256,7 +1257,8 @@ match_rfc_san(krb5_context context,
memset(&list, 0 , sizeof(list)); memset(&list, 0 , sizeof(list));
ret = hx509_cert_find_subjectAltName_otherName(client_cert, ret = hx509_cert_find_subjectAltName_otherName(hx509ctx,
client_cert,
oid_id_pkinit_san(), oid_id_pkinit_san(),
&list); &list);
if (ret) if (ret)
@@ -1304,6 +1306,7 @@ out:
static int static int
match_ms_upn_san(krb5_context context, match_ms_upn_san(krb5_context context,
krb5_kdc_configuration *config, krb5_kdc_configuration *config,
hx509_context hx509ctx,
hx509_cert client_cert, hx509_cert client_cert,
krb5_const_principal match) krb5_const_principal match)
{ {
@@ -1315,7 +1318,8 @@ match_ms_upn_san(krb5_context context,
memset(&list, 0 , sizeof(list)); memset(&list, 0 , sizeof(list));
ret = hx509_cert_find_subjectAltName_otherName(client_cert, ret = hx509_cert_find_subjectAltName_otherName(hx509ctx,
client_cert,
oid_id_pkinit_ms_san(), oid_id_pkinit_ms_san(),
&list); &list);
if (ret) if (ret)
@@ -1376,7 +1380,7 @@ _kdc_pk_check_client(krb5_context context,
hx509_name name; hx509_name name;
int i; int i;
ret = hx509_cert_get_base_subject(kdc_identity->hx509ctx, ret = hx509_cert_get_base_subject(kdc_identity->hx509ctx,
client_params->cert, client_params->cert,
&name); &name);
if (ret) if (ret)
@@ -1393,6 +1397,7 @@ _kdc_pk_check_client(krb5_context context,
if (config->pkinit_princ_in_cert) { if (config->pkinit_princ_in_cert) {
ret = match_rfc_san(context, config, ret = match_rfc_san(context, config,
kdc_identity->hx509ctx,
client_params->cert, client_params->cert,
client->entry.principal); client->entry.principal);
if (ret == 0) { if (ret == 0) {
@@ -1401,6 +1406,7 @@ _kdc_pk_check_client(krb5_context context,
return 0; return 0;
} }
ret = match_ms_upn_san(context, config, ret = match_ms_upn_san(context, config,
kdc_identity->hx509ctx,
client_params->cert, client_params->cert,
client->entry.principal); client->entry.principal);
if (ret == 0) { if (ret == 0) {
@@ -1580,7 +1586,8 @@ _kdc_pk_initialize(krb5_context context,
char **pool, char **pool,
char **revoke_list) char **revoke_list)
{ {
const char *file; const char *file;
char *fn = NULL;
krb5_error_code ret; krb5_error_code ret;
file = krb5_config_get_string(context, NULL, file = krb5_config_get_string(context, NULL,
@@ -1646,14 +1653,19 @@ _kdc_pk_initialize(krb5_context context,
NULL); NULL);
_krb5_pk_allow_proxy_certificate(kdc_identity, ret); _krb5_pk_allow_proxy_certificate(kdc_identity, ret);
file = krb5_config_get_string_default(context, file = krb5_config_get_string(context,
NULL, NULL,
HDB_DB_DIR "/pki-mapping", "kdc",
"kdc", "pkinit_mappings_file",
"pkinit_mappings_file", NULL);
NULL); if (file == NULL) {
asprintf(&fn, "%s/pki-mapping", hdb_db_dir(context));
file = fn;
}
load_mappings(context, file); load_mappings(context, file);
if (fn)
free(fn);
return 0; return 0;
} }