Push PKINIT configuration into default_config.c
The interaction with Samba4 is subtle - it calls krb5_kdc_get_config(), but not configure() - but must have PKINIT set up. Andrew Bartlett Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
This commit is contained in:
Andrew Bartlett
committed by
Love Hornquist Astrand
Love Hornquist Astrand
parent
64a326d33b
commit
b819f1fe2b
32
kdc/config.c
32
kdc/config.c
@@ -333,37 +333,7 @@ configure(krb5_context context, int argc, char **argv)
|
||||
|
||||
krb5_kdc_windc_init(context);
|
||||
|
||||
#ifdef PKINIT
|
||||
#ifdef __APPLE__
|
||||
config->enable_pkinit = 1;
|
||||
krb5_kdc_pkinit_config(context, config);
|
||||
|
||||
if (config->pkinit_kdc_identity == NULL) {
|
||||
if (config->pkinit_kdc_friendly_name == NULL)
|
||||
config->pkinit_kdc_friendly_name =
|
||||
strdup("O=System Identity,CN=com.apple.kerberos.kdc");
|
||||
config->pkinit_kdc_identity = strdup("KEYCHAIN:");
|
||||
}
|
||||
if (config->pkinit_kdc_anchors == NULL)
|
||||
config->pkinit_kdc_anchors = strdup("KEYCHAIN:");
|
||||
|
||||
#endif /* __APPLE__ */
|
||||
|
||||
if (config->enable_pkinit) {
|
||||
if (config->pkinit_kdc_identity == NULL)
|
||||
krb5_errx(context, 1, "pkinit enabled but no identity");
|
||||
|
||||
if (config->pkinit_kdc_anchors == NULL)
|
||||
krb5_errx(context, 1, "pkinit enabled but no X509 anchors");
|
||||
|
||||
krb5_kdc_pk_initialize(context, config,
|
||||
config->pkinit_kdc_identity,
|
||||
config->pkinit_kdc_anchors,
|
||||
config->pkinit_kdc_cert_pool,
|
||||
config->pkinit_kdc_revoke);
|
||||
|
||||
}
|
||||
|
||||
#endif /* PKINIT */
|
||||
|
||||
return config;
|
||||
}
|
||||
|
||||
@@ -258,8 +258,44 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
|
||||
0,
|
||||
"kdc", "pkinit_dh_min_bits", NULL);
|
||||
|
||||
|
||||
*config = c;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code
|
||||
krb5_kdc_pkinit_config(krb5_context context, krb5_kdc_configuration *config)
|
||||
{
|
||||
#ifdef PKINIT
|
||||
#ifdef __APPLE__
|
||||
config->enable_pkinit = 1;
|
||||
|
||||
if (config->pkinit_kdc_identity == NULL) {
|
||||
if (config->pkinit_kdc_friendly_name == NULL)
|
||||
config->pkinit_kdc_friendly_name =
|
||||
strdup("O=System Identity,CN=com.apple.kerberos.kdc");
|
||||
config->pkinit_kdc_identity = strdup("KEYCHAIN:");
|
||||
}
|
||||
if (config->pkinit_kdc_anchors == NULL)
|
||||
config->pkinit_kdc_anchors = strdup("KEYCHAIN:");
|
||||
|
||||
#endif /* __APPLE__ */
|
||||
|
||||
if (config->enable_pkinit) {
|
||||
if (config->pkinit_kdc_identity == NULL)
|
||||
krb5_errx(context, 1, "pkinit enabled but no identity");
|
||||
|
||||
if (config->pkinit_kdc_anchors == NULL)
|
||||
krb5_errx(context, 1, "pkinit enabled but no X509 anchors");
|
||||
|
||||
krb5_kdc_pk_initialize(context, config,
|
||||
config->pkinit_kdc_identity,
|
||||
config->pkinit_kdc_anchors,
|
||||
config->pkinit_kdc_cert_pool,
|
||||
config->pkinit_kdc_revoke);
|
||||
|
||||
}
|
||||
|
||||
return 0
|
||||
#endif /* PKINIT */
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user