From b819f1fe2b9219d65a4d481b7f756e0c68d72d0b Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 12 Jan 2010 17:55:59 +1100
Subject: [PATCH] Push PKINIT configuration into default_config.c

The interaction with Samba4 is subtle - it calls
krb5_kdc_get_config(), but not configure() - but must have PKINIT set
up.

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
---
 kdc/config.c         | 32 +-------------------------------
 kdc/default_config.c | 38 +++++++++++++++++++++++++++++++++++++-
 2 files changed, 38 insertions(+), 32 deletions(-)

diff --git a/kdc/config.c b/kdc/config.c
index 65a0f84de..40d858bf0 100644
--- a/kdc/config.c
+++ b/kdc/config.c
@@ -333,37 +333,7 @@ configure(krb5_context context, int argc, char **argv)
 
     krb5_kdc_windc_init(context);
 
-#ifdef PKINIT
-#ifdef __APPLE__
-    config->enable_pkinit = 1;
-
-    if (config->pkinit_kdc_identity == NULL) {
-	if (config->pkinit_kdc_friendly_name == NULL)
-	    config->pkinit_kdc_friendly_name = 
-		strdup("O=System Identity,CN=com.apple.kerberos.kdc");
-	config->pkinit_kdc_identity = strdup("KEYCHAIN:");
-    }
-    if (config->pkinit_kdc_anchors == NULL)
-	config->pkinit_kdc_anchors = strdup("KEYCHAIN:");
-
-#endif /* __APPLE__ */
-
-    if (config->enable_pkinit) {
-	if (config->pkinit_kdc_identity == NULL)
-	    krb5_errx(context, 1, "pkinit enabled but no identity");
- 
-	if (config->pkinit_kdc_anchors == NULL)
-	    krb5_errx(context, 1, "pkinit enabled but no X509 anchors");
-
-	krb5_kdc_pk_initialize(context, config,
-			       config->pkinit_kdc_identity,
-			       config->pkinit_kdc_anchors,
-			       config->pkinit_kdc_cert_pool,
-			       config->pkinit_kdc_revoke);
+    krb5_kdc_pkinit_config(context, config);
 
-    }
-
-#endif /* PKINIT */
-    
     return config;
 }
diff --git a/kdc/default_config.c b/kdc/default_config.c
index e376cbbdd..b30dc6559 100644
--- a/kdc/default_config.c
+++ b/kdc/default_config.c
@@ -258,8 +258,44 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
 				    0,
 				    "kdc", "pkinit_dh_min_bits", NULL);
 
-
     *config = c;
 
     return 0;
 }
+
+krb5_error_code
+krb5_kdc_pkinit_config(krb5_context context, krb5_kdc_configuration *config)
+{
+#ifdef PKINIT
+#ifdef __APPLE__
+    config->enable_pkinit = 1;
+
+    if (config->pkinit_kdc_identity == NULL) {
+	if (config->pkinit_kdc_friendly_name == NULL)
+	    config->pkinit_kdc_friendly_name = 
+		strdup("O=System Identity,CN=com.apple.kerberos.kdc");
+	config->pkinit_kdc_identity = strdup("KEYCHAIN:");
+    }
+    if (config->pkinit_kdc_anchors == NULL)
+	config->pkinit_kdc_anchors = strdup("KEYCHAIN:");
+
+#endif /* __APPLE__ */
+
+    if (config->enable_pkinit) {
+	if (config->pkinit_kdc_identity == NULL)
+	    krb5_errx(context, 1, "pkinit enabled but no identity");
+ 
+	if (config->pkinit_kdc_anchors == NULL)
+	    krb5_errx(context, 1, "pkinit enabled but no X509 anchors");
+
+	krb5_kdc_pk_initialize(context, config,
+			       config->pkinit_kdc_identity,
+			       config->pkinit_kdc_anchors,
+			       config->pkinit_kdc_cert_pool,
+			       config->pkinit_kdc_revoke);
+
+    }
+
+    return 0
+#endif /* PKINIT */
+}   
-- 
2.11.4.GIT