oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

make pkinit non optional

Browse Source
This commit is contained in:
Love Hornquist Astrand
2009-11-22 00:27:45 -08:00
parent 010e7a9f5f
commit 72fbb8714f
1 changed files with 32 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
kdc/default_config.c
View File

@@ -1,9 +1,10 @@
/* /*
* Copyright (c) 1997-2007 Kungliga Tekniska Högskolan * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
*
* All rights reserved. * All rights reserved.
* *
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
* are met: * are met:
@@ -215,7 +216,6 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
"kdc", "kdc_warn_pwexpire", NULL); "kdc", "kdc_warn_pwexpire", NULL);
#ifdef PKINIT
c->enable_pkinit = c->enable_pkinit =
krb5_config_get_bool_default(context, krb5_config_get_bool_default(context,
NULL, NULL,
@@ -223,73 +223,43 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
"kdc", "kdc",
"enable-pkinit", "enable-pkinit",
NULL); NULL);
if (c->enable_pkinit) {
const char *user_id, *anchors, *file;
char **pool_list, **revoke_list;
user_id =
c->pkinit_kdc_identity =
krb5_config_get_string(context, NULL, krb5_config_get_string(context, NULL,
"kdc", "pkinit_identity", NULL); "kdc", "pkinit_identity", NULL);
if (user_id == NULL) c->pkinit_kdc_anchors =
krb5_errx(context, 1, "pkinit enabled but no identity"); krb5_config_get_string(context, NULL,
anchors = krb5_config_get_string(context, NULL,
"kdc", "pkinit_anchors", NULL); "kdc", "pkinit_anchors", NULL);
if (anchors == NULL) c->pkinit_kdc_cert_pool =
krb5_errx(context, 1, "pkinit enabled but no X509 anchors");
pool_list =
krb5_config_get_strings(context, NULL, krb5_config_get_strings(context, NULL,
"kdc", "pkinit_pool", NULL); "kdc", "pkinit_pool", NULL);
c->pkinit_kdc_revoke =
revoke_list =
krb5_config_get_strings(context, NULL, krb5_config_get_strings(context, NULL,
"kdc", "pkinit_revoke", NULL); "kdc", "pkinit_revoke", NULL);
c->pkinit_kdc_ocsp_file =
file = krb5_config_get_string(context, NULL, krb5_config_get_string(context, NULL,
"kdc", "pkinit_kdc_ocsp", NULL); "kdc", "pkinit_kdc_ocsp", NULL);
if (file) { c->pkinit_kdc_friendly_name =
c->pkinit_kdc_ocsp_file = strdup(file); krb5_config_get_string(context, NULL,
if (c->pkinit_kdc_ocsp_file == NULL)
krb5_errx(context, 1, "out of memory");
}
file = krb5_config_get_string(context, NULL,
"kdc", "pkinit_kdc_friendly_name", NULL); "kdc", "pkinit_kdc_friendly_name", NULL);
if (file) {
c->pkinit_kdc_friendly_name = strdup(file);
if (c->pkinit_kdc_friendly_name == NULL)
krb5_errx(context, 1, "out of memory");
}
_kdc_pk_initialize(context, c, user_id, anchors,
pool_list, revoke_list);
krb5_config_free_strings(pool_list);
krb5_config_free_strings(revoke_list);
c->pkinit_princ_in_cert = c->pkinit_princ_in_cert =
krb5_config_get_bool_default(context, NULL, krb5_config_get_bool_default(context, NULL,
c->pkinit_princ_in_cert, c->pkinit_princ_in_cert,
"kdc", "kdc",
"pkinit_principal_in_certificate", "pkinit_principal_in_certificate",
NULL); NULL);
c->pkinit_require_binding = c->pkinit_require_binding =
krb5_config_get_bool_default(context, NULL, krb5_config_get_bool_default(context, NULL,
c->pkinit_require_binding, c->pkinit_require_binding,
"kdc", "kdc",
"pkinit_win2k_require_binding", "pkinit_win2k_require_binding",
NULL); NULL);
}
c->pkinit_dh_min_bits = c->pkinit_dh_min_bits =
krb5_config_get_int_default(context, NULL, krb5_config_get_int_default(context, NULL,
0, 0,
"kdc", "pkinit_dh_min_bits", NULL); "kdc", "pkinit_dh_min_bits", NULL);
#endif
*config = c; *config = c;