summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2007-01-24 02:48:40 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 14:44:18 -0500
commitd5bbd817fe83aed1ee48ed4f478f3887c059f7b9 (patch)
treef4373e5c069d1b6f1cbc489d3e5addc8dd8e6a19 /source4/auth
parent14503a65ec81ae15a05633b0aea6e62e35b021f3 (diff)
downloadsamba-d5bbd817fe83aed1ee48ed4f478f3887c059f7b9.tar.gz
samba-d5bbd817fe83aed1ee48ed4f478f3887c059f7b9.tar.bz2
samba-d5bbd817fe83aed1ee48ed4f478f3887c059f7b9.zip
r20988: Call out to Heimdal's krb5.conf processing to configure many aspects
of KDC behaviour. This should allow PKINIT to be turned on and managed with reasonable sanity. This also means that the krb5.conf in the same directory as the smb.conf will always have priority in Samba4, which I think will be useful. Andrew Bartlett (This used to be commit a50bbde81b010bc5d06e3fc3417ade44627eb771)
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/kerberos/krb5_init_context.c29
1 files changed, 28 insertions, 1 deletions
diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c
index 93284d2bfc..664f998bc9 100644
--- a/source4/auth/kerberos/krb5_init_context.c
+++ b/source4/auth/kerberos/krb5_init_context.c
@@ -370,6 +370,8 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
krb5_error_code ret;
TALLOC_CTX *tmp_ctx;
struct event_context *ev;
+ char **config_files;
+ const char *config_file;
initialize_krb5_error_table();
@@ -377,7 +379,6 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
*smb_krb5_context = talloc(tmp_ctx, struct smb_krb5_context);
if (!*smb_krb5_context || !tmp_ctx) {
- talloc_free(*smb_krb5_context);
talloc_free(tmp_ctx);
return ENOMEM;
}
@@ -386,11 +387,37 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
if (ret) {
DEBUG(1,("krb5_init_context failed (%s)\n",
error_message(ret)));
+ talloc_free(tmp_ctx);
return ret;
}
talloc_set_destructor(*smb_krb5_context, smb_krb5_context_destroy_1);
+ config_file = config_path(tmp_ctx, "krb5.conf");
+ if (!config_file) {
+ talloc_free(tmp_ctx);
+ return ENOMEM;
+ }
+
+ /* Use our local krb5.conf file by default */
+ ret = krb5_prepend_config_files_default(config_file, &config_files);
+ if (ret) {
+ DEBUG(1,("krb5_prepend_config_files_default failed (%s)\n",
+ smb_get_krb5_error_message((*smb_krb5_context)->krb5_context, ret, tmp_ctx)));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ ret = krb5_set_config_files((*smb_krb5_context)->krb5_context,
+ config_files);
+ krb5_free_config_files(config_files);
+ if (ret) {
+ DEBUG(1,("krb5_set_config_files failed (%s)\n",
+ smb_get_krb5_error_message((*smb_krb5_context)->krb5_context, ret, tmp_ctx)));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
if (lp_realm() && *lp_realm()) {
char *upper_realm = strupper_talloc(tmp_ctx, lp_realm());
if (!upper_realm) {