svn commit: lorikeet r325 - in trunk/heimdal/kdc: .
abartlet at samba.org
abartlet at samba.org
Thu Jun 2 12:46:37 GMT 2005
Author: abartlet
Date: 2005-06-02 12:46:36 +0000 (Thu, 02 Jun 2005)
New Revision: 325
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=325
Log:
Better split default values into default_config.c
Andrew Bartlett
Modified:
trunk/heimdal/kdc/config.c
trunk/heimdal/kdc/default_config.c
Changeset:
Modified: trunk/heimdal/kdc/config.c
===================================================================
--- trunk/heimdal/kdc/config.c 2005-06-02 09:59:40 UTC (rev 324)
+++ trunk/heimdal/kdc/config.c 2005-06-02 12:46:36 UTC (rev 325)
@@ -325,9 +325,12 @@
max_request = parse_bytes(p, NULL);
}
- if(require_preauth == -1)
- require_preauth = krb5_config_get_bool(context, NULL, "kdc",
- "require-preauth", NULL);
+ if(require_preauth == -1) {
+ config->require_preauth = krb5_config_get_bool(context, NULL, "kdc",
+ "require-preauth", NULL);
+ } else {
+ config->require_preauth = require_preauth;
+ }
if(port_str == NULL){
p = krb5_config_get_string(context, NULL, "kdc", "ports", NULL);
@@ -356,7 +359,8 @@
if(enable_v4 == -1) {
config->enable_v4 = krb5_config_get_bool_default(context, NULL,
- FALSE, "kdc",
+ config->enable_v4,
+ "kdc",
"enable-kerberos4",
NULL);
} else {
@@ -366,7 +370,8 @@
if(enable_v4_cross_realm == -1) {
config->enable_v4_cross_realm =
krb5_config_get_bool_default(context, NULL,
- FALSE, "kdc",
+ config->enable_v4_cross_realm,
+ "kdc",
"enable-kerberos4-cross-realm",
NULL);
} else {
@@ -375,40 +380,47 @@
if(enable_524 == -1) {
config->enable_524 = krb5_config_get_bool_default(context, NULL,
- enable_v4,
+ config->enable_v4,
"kdc", "enable-524",
NULL);
} else {
config->enable_524 = enable_524;
}
+
if(enable_http == -1)
enable_http = krb5_config_get_bool(context, NULL, "kdc",
- "enable-http", NULL);
+ "enable-http", NULL);
config->check_ticket_addresses =
- krb5_config_get_bool_default(context, NULL, TRUE, "kdc",
+ krb5_config_get_bool_default(context, NULL,
+ config->check_ticket_addresses,
+ "kdc",
"check-ticket-addresses", NULL);
config->allow_null_ticket_addresses =
- krb5_config_get_bool_default(context, NULL, TRUE, "kdc",
+ krb5_config_get_bool_default(context, NULL,
+ config->allow_null_ticket_addresses,
+ "kdc",
"allow-null-ticket-addresses", NULL);
config->allow_anonymous =
krb5_config_get_bool(context, NULL, "kdc",
"allow-anonymous", NULL);
+
trpolicy_str =
- krb5_config_get_string_default(context, NULL, "always-check", "kdc",
+ krb5_config_get_string_default(context, NULL, "DEFAULT", "kdc",
"transited-policy", NULL);
- if(strcasecmp(trpolicy_str, "always-check") == 0)
+ if(strcasecmp(trpolicy_str, "always-check") == 0) {
config->trpolicy = TRPOLICY_ALWAYS_CHECK;
- else if(strcasecmp(trpolicy_str, "allow-per-principal") == 0)
+ } else if(strcasecmp(trpolicy_str, "allow-per-principal") == 0) {
config->trpolicy = TRPOLICY_ALLOW_PER_PRINCIPAL;
- else if(strcasecmp(trpolicy_str, "always-honour-request") == 0)
+ } else if(strcasecmp(trpolicy_str, "always-honour-request") == 0) {
config->trpolicy = TRPOLICY_ALWAYS_HONOUR_REQUEST;
- else {
+ } else if(strcasecmp(trpolicy_str, "DEFAULT") == 0) {
+ /* default */
+ } else {
kdc_log(context, config,
- 0, "unknown transited-policy: %s, reverting to always-check",
+ 0, "unknown transited-policy: %s, reverting to default (always-check)",
trpolicy_str);
- config->trpolicy = TRPOLICY_ALWAYS_CHECK;
}
if (krb5_config_get_string(context, NULL, "kdc",
@@ -433,10 +445,12 @@
}
if (enable_kaserver == -1) {
- config->enable_kaserver = krb5_config_get_bool_default(context, NULL, FALSE,
- "kdc",
- "enable-kaserver",
- NULL);
+ config->enable_kaserver = krb5_config_get_bool_default(context,
+ NULL,
+ config->enable_kaserver,
+ "kdc",
+ "enable-kaserver",
+ NULL);
} else {
config->enable_kaserver = enable_kaserver;
}
@@ -458,20 +472,19 @@
if(max_request == 0)
max_request = 64 * 1024;
- if(require_preauth == -1) {
- config->require_preauth = 1;
- } else {
+
+ if(require_preauth != -1) {
config->require_preauth = require_preauth;
}
if (port_str == NULL)
port_str = "+";
#ifdef PKINIT
- enable_pkinit = krb5_config_get_bool_default(context, NULL, FALSE,
+ config->enable_pkinit = krb5_config_get_bool_default(context, NULL, config->enable_pkinit,
"kdc",
"enable-pkinit",
NULL);
- if (enable_pkinit) {
+ if (config->enable_pkinit) {
const char *user_id, *x509_anchors;
user_id = krb5_config_get_string(context, NULL,
@@ -490,9 +503,9 @@
pk_initialize(user_id, x509_anchors);
- enable_pkinit_princ_in_cert =
+ config->enable_pkinit_princ_in_cert =
krb5_config_get_bool_default(context,
- NULL, TRUE,
+ NULL, config->enable_pkinit_princ_in_cert,
"kdc",
"pkinit-principal-in-certificate",
NULL);
@@ -511,7 +524,7 @@
}
if(disable_des == -1)
disable_des = krb5_config_get_bool_default(context, NULL,
- 0,
+ FALSE,
"kdc",
"disable-des", NULL);
if(disable_des) {
@@ -525,9 +538,9 @@
kdc_log(context, config,
0, "DES was disabled, turned off Kerberos V4, 524 "
"and kaserver");
- enable_v4 = 0;
- enable_524 = 0;
- enable_kaserver = 0;
+ config->enable_v4 = 0;
+ config->enable_524 = 0;
+ config->enable_kaserver = 0;
}
return config;
}
Modified: trunk/heimdal/kdc/default_config.c
===================================================================
--- trunk/heimdal/kdc/default_config.c 2005-06-02 09:59:40 UTC (rev 324)
+++ trunk/heimdal/kdc/default_config.c 2005-06-02 12:46:36 UTC (rev 325)
@@ -41,16 +41,20 @@
return NULL;
}
- memset(config, '\0', sizeof(*config));
+ config->require_preauth = TRUE;
- config->require_preauth = -1; /* 1 == require preauth for all principals */
+ config->check_ticket_addresses = TRUE;
+ config->allow_null_ticket_addresses = TRUE;
- config->enable_v4 = -1;
- config->enable_kaserver = -1;
-
- config->enable_524 = -1;
- config->enable_v4_cross_realm = -1;
+ config->enable_v4 = FALSE;
+ config->enable_kaserver = FALSE;
+ config->enable_v4_cross_realm = FALSE;
+ config->enable_pkinit = FALSE;
+ config->enable_pkinit_princ_in_cert = TRUE;
+
+ config->trpolicy = TRPOLICY_ALWAYS_CHECK;
+
return config;
}
More information about the samba-cvs
mailing list