From 71ec989edb844bf4ae49271d309c8f3d4ce5bac1 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Sat, 8 Dec 2007 23:39:30 +0000
Subject: [PATCH] Adapt to hx509 changes, use hdb_db_dir().

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22243 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 kdc/pkinit.c | 32 ++++++++++++++++++++++----------
 1 file changed, 22 insertions(+), 10 deletions(-)

diff --git a/kdc/pkinit.c b/kdc/pkinit.c
index 42a2aa6ab..b158e5030 100644
--- a/kdc/pkinit.c
+++ b/kdc/pkinit.c
@@ -1248,6 +1248,7 @@ out:
 static int
 match_rfc_san(krb5_context context, 
 	      krb5_kdc_configuration *config,
+	      hx509_context hx509ctx,
 	      hx509_cert client_cert, 
 	      krb5_const_principal match)
 {
@@ -1256,7 +1257,8 @@ match_rfc_san(krb5_context context,
 
     memset(&list, 0 , sizeof(list));
 
-    ret = hx509_cert_find_subjectAltName_otherName(client_cert,
+    ret = hx509_cert_find_subjectAltName_otherName(hx509ctx,
+						   client_cert,
 						   oid_id_pkinit_san(),
 						   &list);
     if (ret)
@@ -1304,6 +1306,7 @@ out:
 static int
 match_ms_upn_san(krb5_context context, 
 		 krb5_kdc_configuration *config,
+		 hx509_context hx509ctx,
 		 hx509_cert client_cert, 
 		 krb5_const_principal match)
 {
@@ -1315,7 +1318,8 @@ match_ms_upn_san(krb5_context context,
 
     memset(&list, 0 , sizeof(list));
 
-    ret = hx509_cert_find_subjectAltName_otherName(client_cert,
+    ret = hx509_cert_find_subjectAltName_otherName(hx509ctx,
+						   client_cert,
 						   oid_id_pkinit_ms_san(),
 						   &list);
     if (ret)
@@ -1376,7 +1380,7 @@ _kdc_pk_check_client(krb5_context context,
     hx509_name name;
     int i;
 
-    ret = hx509_cert_get_base_subject(kdc_identity->hx509ctx, 
+    ret = hx509_cert_get_base_subject(kdc_identity->hx509ctx,
 				      client_params->cert,
 				      &name);
     if (ret)
@@ -1393,6 +1397,7 @@ _kdc_pk_check_client(krb5_context context,
 
     if (config->pkinit_princ_in_cert) {
 	ret = match_rfc_san(context, config,
+			    kdc_identity->hx509ctx,
 			    client_params->cert,
 			    client->entry.principal);
 	if (ret == 0) {
@@ -1401,6 +1406,7 @@ _kdc_pk_check_client(krb5_context context,
 	    return 0;
 	}
 	ret = match_ms_upn_san(context, config,
+			       kdc_identity->hx509ctx,
 			       client_params->cert,
 			       client->entry.principal);
 	if (ret == 0) {
@@ -1580,7 +1586,8 @@ _kdc_pk_initialize(krb5_context context,
 		   char **pool,
 		   char **revoke_list)
 {
-    const char *file; 
+    const char *file;
+    char *fn = NULL;
     krb5_error_code ret;
 
     file = krb5_config_get_string(context, NULL,
@@ -1646,14 +1653,19 @@ _kdc_pk_initialize(krb5_context context,
 				       NULL);
     _krb5_pk_allow_proxy_certificate(kdc_identity, ret);
 
-    file = krb5_config_get_string_default(context, 
-					  NULL,
-					  HDB_DB_DIR "/pki-mapping",
-					  "kdc",
-					  "pkinit_mappings_file",
-					  NULL);
+    file = krb5_config_get_string(context, 
+				  NULL,
+				  "kdc",
+				  "pkinit_mappings_file",
+				  NULL);
+    if (file == NULL) {
+	asprintf(&fn, "%s/pki-mapping", hdb_db_dir(context));
+	file = fn;
+    }
 
     load_mappings(context, file);
+    if (fn)
+	free(fn);
 
     return 0;
 }
-- 
2.11.4.GIT