oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

rename ca_dir to pkinit/x509_anchors since its more like that language

Browse Source 
in RFC3280


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13494 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2004-03-09 21:06:10 +00:00
parent 3036c59b11
commit 9197bbb0c8
3 changed files with 21 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
kdc/config.c
View File

@@ -432,7 +432,7 @@ configure(int argc, char **argv)
"enable-pkinit", "enable-pkinit",
NULL); NULL);
if (enable_pkinit) { if (enable_pkinit) {
const char *key_file, *certificate_file, *ca_dir; const char *key_file, *certificate_file, *x509_anchors;
key_file = krb5_config_get_string(context, NULL, key_file = krb5_config_get_string(context, NULL,
"kdc", "kdc",
@@ -448,14 +448,14 @@ configure(int argc, char **argv)
if (certificate_file == NULL) if (certificate_file == NULL)
krb5_errx(context, 1, "pkinit enabled but no certificate"); krb5_errx(context, 1, "pkinit enabled but no certificate");
ca_dir = krb5_config_get_string(context, NULL, x509_anchors = krb5_config_get_string(context, NULL,
"kdc", "kdc",
"pki-ca-dir", "pki-anchors",
NULL); NULL);
if (ca_dir == NULL) if (x509_anchors == NULL)
krb5_errx(context, 1, "pkinit enabled but no CA directory"); krb5_errx(context, 1, "pkinit enabled but no X509 anchors");
pk_initialize(certificate_file, key_file, ca_dir); pk_initialize(certificate_file, key_file, x509_anchors);
} }
#endif #endif

10
kuser/kinit.c
View File

@@ -68,7 +68,7 @@ int convert_524 = 0;
int fcache_version; int fcache_version;
char *pk_cert_file = NULL; char *pk_cert_file = NULL;
char *pk_key_file = NULL; char *pk_key_file = NULL;
char *pk_ca_dir = NULL; char *pk_x509_anchors = NULL;
int pk_use_dh = -1; int pk_use_dh = -1;
static char *krb4_cc_name; static char *krb4_cc_name;
@@ -153,7 +153,7 @@ static struct getargs args[] = {
{ "private-key", 'K', arg_string, &pk_key_file, { "private-key", 'K', arg_string, &pk_key_file,
"principal's private key", "filename" }, "principal's private key", "filename" },
{ "ca-dir", 'D', arg_string, &pk_ca_dir, { "x509-anchors", 'D', arg_string, &pk_x509_anchors,
"directory with CA certificates", "directory" }, "directory with CA certificates", "directory" },
{ "pkinit-use-dh", 0, arg_flag, &pk_use_dh, { "pkinit-use-dh", 0, arg_flag, &pk_use_dh,
@@ -468,7 +468,7 @@ get_new_tickets(krb5_context context,
ret = krb5_get_init_creds_opt_set_pkinit(context, opt, ret = krb5_get_init_creds_opt_set_pkinit(context, opt,
pk_cert_file, pk_cert_file,
pk_key_file, pk_key_file,
pk_ca_dir, pk_x509_anchors,
flags, flags,
NULL); NULL);
if (ret) if (ret)
@@ -793,10 +793,10 @@ main (int argc, char **argv)
krb5_principal_get_realm(context, principal), krb5_principal_get_realm(context, principal),
"afslog", TRUE, &do_afslog); "afslog", TRUE, &do_afslog);
if (pk_ca_dir == NULL) if (pk_x509_anchors == NULL)
krb5_appdefault_string(context, "kinit", krb5_appdefault_string(context, "kinit",
krb5_principal_get_realm(context, principal), krb5_principal_get_realm(context, principal),
"pkinit-ca-dir", NULL, &pk_ca_dir); "pkinit-anchors", NULL, &pk_x509_anchors);
#ifdef PKINIT #ifdef PKINIT
if(pk_use_dh == -1) if(pk_use_dh == -1)

16
lib/krb5/pkinit.c
View File

@@ -1611,7 +1611,7 @@ _krb5_pk_load_openssl_id(krb5_context context,
struct krb5_pk_identity **ret_id, struct krb5_pk_identity **ret_id,
const char *cert_file, const char *cert_file,
const char *key_file, const char *key_file,
const char *ca_dir, const char *x509_anchors,
char *password) char *password)
{ {
struct krb5_pk_identity *id = NULL; struct krb5_pk_identity *id = NULL;
@@ -1637,7 +1637,7 @@ _krb5_pk_load_openssl_id(krb5_context context,
krb5_set_error_string(context, "key file missing"); krb5_set_error_string(context, "key file missing");
return HEIM_PKINIT_NO_PRIVATE_KEY; return HEIM_PKINIT_NO_PRIVATE_KEY;
} }
if (ca_dir == NULL) { if (x509_anchors == NULL) {
krb5_set_error_string(context, "No root ca directory given\n"); krb5_set_error_string(context, "No root ca directory given\n");
return HEIM_PKINIT_NO_VALID_CA; return HEIM_PKINIT_NO_VALID_CA;
} }
@@ -1697,16 +1697,16 @@ _krb5_pk_load_openssl_id(krb5_context context,
goto out; goto out;
} }
/* read ca certificates */ /* read ca certificates */
dir = opendir(ca_dir); dir = opendir(x509_anchors);
if (dir == NULL) { if (dir == NULL) {
ret = errno; ret = errno;
krb5_set_error_string(context, "open directory %s: %s", krb5_set_error_string(context, "open directory %s: %s",
ca_dir, strerror(ret)); x509_anchors, strerror(ret));
goto out; goto out;
} }
asprintf(&dirname, "%s%s", ca_dir, asprintf(&dirname, "%s%s", x509_anchors,
ca_dir[strlen(ca_dir) - 1] == '/' ? "" : "/"); x509_anchors[strlen(x509_anchors) - 1] == '/' ? "" : "/");
trusted_certs = sk_X509_new_null(); trusted_certs = sk_X509_new_null();
while ((file = readdir(dir)) != NULL) { while ((file = readdir(dir)) != NULL) {
@@ -1809,7 +1809,7 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context,
krb5_get_init_creds_opt *opt, krb5_get_init_creds_opt *opt,
const char *cert_file, const char *cert_file,
const char *key_file, const char *key_file,
const char *ca_dir, const char *x509_anchors,
int flags, int flags,
char *password) char *password)
{ {
@@ -1832,7 +1832,7 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context,
&opt->private->pk_init_ctx->id, &opt->private->pk_init_ctx->id,
cert_file, cert_file,
key_file, key_file,
ca_dir, x509_anchors,
password); password);
if (ret) { if (ret) {
free(opt->private->pk_init_ctx); free(opt->private->pk_init_ctx);