From 14195658a4e6e2390eeb28bf72cb11bce2e08f6d Mon Sep 17 00:00:00 2001 From: Nicolas Williams Date: Thu, 12 Mar 2015 21:44:59 -0400 Subject: [PATCH] kadmin: del_enctype check for bogus keys If kadmind returned bogus keys it means that the user lacks the get-keys permission. Generate a warning and exit. Change-Id: Ib76dd86b65bd84a00f3e27c245b9cfc0173fff56 --- kadmin/del_enctype.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/kadmin/del_enctype.c b/kadmin/del_enctype.c index ea15d856a..c32ce14c1 100644 --- a/kadmin/del_enctype.c +++ b/kadmin/del_enctype.c @@ -82,6 +82,11 @@ del_enctype(void *opt, int argc, char **argv) goto out2; } + if (kadm5_all_keys_are_bogus(princ.n_key_data, princ.key_data)) { + krb5_warnx(context, "user lacks get-keys privilege"); + goto out; + } + new_key_data = malloc(princ.n_key_data * sizeof(*new_key_data)); if (new_key_data == NULL && princ.n_key_data != 0) { krb5_warnx (context, "out of memory");