diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2008-03-19 10:17:42 +1100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2008-03-19 10:17:42 +1100 |
| commit | 9e6b0c28712ee77ce878809c8576826a3ba08d95 (patch) | |
| tree | 1a325e474fbc22b1a1cadaf53a3af2c36e8d5ad2 /source4/heimdal/kdc/pkinit.c | |
| parent | 3530099cf226d591b687715b63b144d243e52083 (diff) | |
| download | samba-9e6b0c28712ee77ce878809c8576826a3ba08d95.tar.gz samba-9e6b0c28712ee77ce878809c8576826a3ba08d95.tar.bz2 samba-9e6b0c28712ee77ce878809c8576826a3ba08d95.zip | |
Merge lorikeet-heimdal -r 787 into Samba4 tree.
Andrew Bartlett
(This used to be commit d88b530522d3cef67c24422bd5182fb875d87ee2)
Diffstat (limited to 'source4/heimdal/kdc/pkinit.c')
| -rwxr-xr-x | source4/heimdal/kdc/pkinit.c | 34 |
1 files changed, 23 insertions, 11 deletions
diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c index ead961022d..bf248af588 100755 --- a/source4/heimdal/kdc/pkinit.c +++ b/source4/heimdal/kdc/pkinit.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: pkinit.c 21290 2007-06-25 14:13:23Z lha $"); +RCSID("$Id: pkinit.c 22243 2007-12-08 23:39:30Z lha $"); #ifdef PKINIT @@ -1248,6 +1248,7 @@ out: static int match_rfc_san(krb5_context context, krb5_kdc_configuration *config, + hx509_context hx509ctx, hx509_cert client_cert, krb5_const_principal match) { @@ -1256,7 +1257,8 @@ match_rfc_san(krb5_context context, memset(&list, 0 , sizeof(list)); - ret = hx509_cert_find_subjectAltName_otherName(client_cert, + ret = hx509_cert_find_subjectAltName_otherName(hx509ctx, + client_cert, oid_id_pkinit_san(), &list); if (ret) @@ -1304,6 +1306,7 @@ out: static int match_ms_upn_san(krb5_context context, krb5_kdc_configuration *config, + hx509_context hx509ctx, hx509_cert client_cert, krb5_const_principal match) { @@ -1315,7 +1318,8 @@ match_ms_upn_san(krb5_context context, memset(&list, 0 , sizeof(list)); - ret = hx509_cert_find_subjectAltName_otherName(client_cert, + ret = hx509_cert_find_subjectAltName_otherName(hx509ctx, + client_cert, oid_id_pkinit_ms_san(), &list); if (ret) @@ -1376,7 +1380,7 @@ _kdc_pk_check_client(krb5_context context, hx509_name name; int i; - ret = hx509_cert_get_base_subject(kdc_identity->hx509ctx, + ret = hx509_cert_get_base_subject(kdc_identity->hx509ctx, client_params->cert, &name); if (ret) @@ -1393,6 +1397,7 @@ _kdc_pk_check_client(krb5_context context, if (config->pkinit_princ_in_cert) { ret = match_rfc_san(context, config, + kdc_identity->hx509ctx, client_params->cert, client->entry.principal); if (ret == 0) { @@ -1401,6 +1406,7 @@ _kdc_pk_check_client(krb5_context context, return 0; } ret = match_ms_upn_san(context, config, + kdc_identity->hx509ctx, client_params->cert, client->entry.principal); if (ret == 0) { @@ -1580,7 +1586,8 @@ _kdc_pk_initialize(krb5_context context, char **pool, char **revoke_list) { - const char *file; + const char *file; + char *fn = NULL; krb5_error_code ret; file = krb5_config_get_string(context, NULL, @@ -1646,14 +1653,19 @@ _kdc_pk_initialize(krb5_context context, NULL); _krb5_pk_allow_proxy_certificate(kdc_identity, ret); - file = krb5_config_get_string_default(context, - NULL, - HDB_DB_DIR "/pki-mapping", - "kdc", - "pkinit_mappings_file", - NULL); + file = krb5_config_get_string(context, + NULL, + "kdc", + "pkinit_mappings_file", + NULL); + if (file == NULL) { + asprintf(&fn, "%s/pki-mapping", hdb_db_dir(context)); + file = fn; + } load_mappings(context, file); + if (fn) + free(fn); return 0; } |