oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kadmin: del_enctype check for bogus keys

Browse Source 
If kadmind returned bogus keys it means that the user lacks the
get-keys permission.   Generate a warning and exit.

Change-Id: Ib76dd86b65bd84a00f3e27c245b9cfc0173fff56
This commit is contained in:
Nicolas Williams
2015-03-12 21:44:59 -04:00
committed by Jeffrey Altman
parent 7ab1e01d75
commit 14195658a4
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
kadmin/del_enctype.c
View File

@@ -82,6 +82,11 @@ del_enctype(void *opt, int argc, char **argv)
goto out2; goto out2;
} }
if (kadm5_all_keys_are_bogus(princ.n_key_data, princ.key_data)) {
krb5_warnx(context, "user lacks get-keys privilege");
goto out;
}
new_key_data = malloc(princ.n_key_data * sizeof(*new_key_data)); new_key_data = malloc(princ.n_key_data * sizeof(*new_key_data));
if (new_key_data == NULL && princ.n_key_data != 0) { if (new_key_data == NULL && princ.n_key_data != 0) {
krb5_warnx (context, "out of memory"); krb5_warnx (context, "out of memory");