diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2007-01-24 02:48:40 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:44:18 -0500 |
| commit | d5bbd817fe83aed1ee48ed4f478f3887c059f7b9 (patch) | |
| tree | f4373e5c069d1b6f1cbc489d3e5addc8dd8e6a19 /source4/auth | |
| parent | 14503a65ec81ae15a05633b0aea6e62e35b021f3 (diff) | |
| download | samba-d5bbd817fe83aed1ee48ed4f478f3887c059f7b9.tar.gz samba-d5bbd817fe83aed1ee48ed4f478f3887c059f7b9.tar.bz2 samba-d5bbd817fe83aed1ee48ed4f478f3887c059f7b9.zip | |
r20988: Call out to Heimdal's krb5.conf processing to configure many aspects
of KDC behaviour. This should allow PKINIT to be turned on and
managed with reasonable sanity.
This also means that the krb5.conf in the same directory as the
smb.conf will always have priority in Samba4, which I think will be
useful.
Andrew Bartlett
(This used to be commit a50bbde81b010bc5d06e3fc3417ade44627eb771)
Diffstat (limited to 'source4/auth')
| -rw-r--r-- | source4/auth/kerberos/krb5_init_context.c | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c index 93284d2bfc..664f998bc9 100644 --- a/source4/auth/kerberos/krb5_init_context.c +++ b/source4/auth/kerberos/krb5_init_context.c @@ -370,6 +370,8 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx, krb5_error_code ret; TALLOC_CTX *tmp_ctx; struct event_context *ev; + char **config_files; + const char *config_file; initialize_krb5_error_table(); @@ -377,7 +379,6 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx, *smb_krb5_context = talloc(tmp_ctx, struct smb_krb5_context); if (!*smb_krb5_context || !tmp_ctx) { - talloc_free(*smb_krb5_context); talloc_free(tmp_ctx); return ENOMEM; } @@ -386,11 +387,37 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx, if (ret) { DEBUG(1,("krb5_init_context failed (%s)\n", error_message(ret))); + talloc_free(tmp_ctx); return ret; } talloc_set_destructor(*smb_krb5_context, smb_krb5_context_destroy_1); + config_file = config_path(tmp_ctx, "krb5.conf"); + if (!config_file) { + talloc_free(tmp_ctx); + return ENOMEM; + } + + /* Use our local krb5.conf file by default */ + ret = krb5_prepend_config_files_default(config_file, &config_files); + if (ret) { + DEBUG(1,("krb5_prepend_config_files_default failed (%s)\n", + smb_get_krb5_error_message((*smb_krb5_context)->krb5_context, ret, tmp_ctx))); + talloc_free(tmp_ctx); + return ret; + } + + ret = krb5_set_config_files((*smb_krb5_context)->krb5_context, + config_files); + krb5_free_config_files(config_files); + if (ret) { + DEBUG(1,("krb5_set_config_files failed (%s)\n", + smb_get_krb5_error_message((*smb_krb5_context)->krb5_context, ret, tmp_ctx))); + talloc_free(tmp_ctx); + return ret; + } + if (lp_realm() && *lp_realm()) { char *upper_realm = strupper_talloc(tmp_ctx, lp_realm()); if (!upper_realm) { |