oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

make pkinit non optional

Browse Source
This commit is contained in:
Love Hornquist Astrand
2009-11-22 00:27:45 -08:00
parent 010e7a9f5f
commit 72fbb8714f
1 changed files with 32 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
kdc/default_config.c
View File

@@ -1,9 +1,10 @@
/* /*
* Copyright (c) 1997-2007 Kungliga Tekniska Högskolan * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
*
* All rights reserved. * All rights reserved.
* *
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
* are met: * are met:
@@ -215,7 +216,6 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
"kdc", "kdc_warn_pwexpire", NULL); "kdc", "kdc_warn_pwexpire", NULL);
#ifdef PKINIT
c->enable_pkinit = c->enable_pkinit =
krb5_config_get_bool_default(context, krb5_config_get_bool_default(context,
NULL, NULL,
@@ -223,73 +223,43 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
"kdc", "kdc",
"enable-pkinit", "enable-pkinit",
NULL); NULL);
if (c->enable_pkinit) {
const char *user_id, *anchors, *file;
char **pool_list, **revoke_list;
user_id =
krb5_config_get_string(context, NULL,
"kdc", "pkinit_identity", NULL);
if (user_id == NULL)
krb5_errx(context, 1, "pkinit enabled but no identity");
anchors = krb5_config_get_string(context, NULL,
"kdc", "pkinit_anchors", NULL);
if (anchors == NULL)
krb5_errx(context, 1, "pkinit enabled but no X509 anchors");
pool_list =
krb5_config_get_strings(context, NULL,
"kdc", "pkinit_pool", NULL);
revoke_list =
krb5_config_get_strings(context, NULL,
"kdc", "pkinit_revoke", NULL);
file = krb5_config_get_string(context, NULL,
"kdc", "pkinit_kdc_ocsp", NULL);
if (file) {
c->pkinit_kdc_ocsp_file = strdup(file);
if (c->pkinit_kdc_ocsp_file == NULL)
krb5_errx(context, 1, "out of memory");
}
file = krb5_config_get_string(context, NULL,
"kdc", "pkinit_kdc_friendly_name", NULL);
if (file) {
c->pkinit_kdc_friendly_name = strdup(file);
if (c->pkinit_kdc_friendly_name == NULL)
krb5_errx(context, 1, "out of memory");
}
_kdc_pk_initialize(context, c, user_id, anchors, c->pkinit_kdc_identity =
pool_list, revoke_list); krb5_config_get_string(context, NULL,
"kdc", "pkinit_identity", NULL);
krb5_config_free_strings(pool_list); c->pkinit_kdc_anchors =
krb5_config_free_strings(revoke_list); krb5_config_get_string(context, NULL,
"kdc", "pkinit_anchors", NULL);
c->pkinit_princ_in_cert = c->pkinit_kdc_cert_pool =
krb5_config_get_bool_default(context, NULL, krb5_config_get_strings(context, NULL,
c->pkinit_princ_in_cert, "kdc", "pkinit_pool", NULL);
"kdc", c->pkinit_kdc_revoke =
"pkinit_principal_in_certificate", krb5_config_get_strings(context, NULL,
NULL); "kdc", "pkinit_revoke", NULL);
c->pkinit_kdc_ocsp_file =
c->pkinit_require_binding = krb5_config_get_string(context, NULL,
krb5_config_get_bool_default(context, NULL, "kdc", "pkinit_kdc_ocsp", NULL);
c->pkinit_require_binding, c->pkinit_kdc_friendly_name =
"kdc", krb5_config_get_string(context, NULL,
"pkinit_win2k_require_binding", "kdc", "pkinit_kdc_friendly_name", NULL);
NULL); c->pkinit_princ_in_cert =
} krb5_config_get_bool_default(context, NULL,
c->pkinit_princ_in_cert,
"kdc",
"pkinit_principal_in_certificate",
NULL);
c->pkinit_require_binding =
krb5_config_get_bool_default(context, NULL,
c->pkinit_require_binding,
"kdc",
"pkinit_win2k_require_binding",
NULL);
c->pkinit_dh_min_bits = c->pkinit_dh_min_bits =
krb5_config_get_int_default(context, NULL, krb5_config_get_int_default(context, NULL,
0, 0,
"kdc", "pkinit_dh_min_bits", NULL); "kdc", "pkinit_dh_min_bits", NULL);
#endif
*config = c; *config = c;