oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

validate that default@ have KRB5_KDB_DISALLOW_ALL_TIX

Browse Source
This commit is contained in:
Love Hornquist Astrand
2013-09-27 08:39:06 -07:00
parent 1b39c562d5
commit 7a8a78e417
1 changed files with 30 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
kadmin/check.c
View File

@@ -51,7 +51,7 @@ get_check_entry(const char *name, kadm5_principal_ent_rec *ent)
} }
memset(ent, 0, sizeof(*ent)); memset(ent, 0, sizeof(*ent));
ret = kadm5_get_principal(kadm_handle, principal, ent, 0); ret = kadm5_get_principal(kadm_handle, principal, ent, KADM5_ATTRIBUTES);
krb5_free_principal(context, principal); krb5_free_principal(context, principal);
if(ret) if(ret)
return 1; return 1;
@@ -184,6 +184,35 @@ check(void *opt, int argc, char **argv)
kadm5_free_principal_ent(kadm_handle, &ent); kadm5_free_principal_ent(kadm_handle, &ent);
/*
* Check default@REALM
*
* Check that disallow-all-tix is set on the default principal
* (or that the entry doesn't exists)
*/
if (asprintf(&p, "default@%s", realm) == -1) {
krb5_warn(context, errno, "asprintf");
goto fail;
}
ret = get_check_entry(p, &ent);
if (ret == 0) {
if ((ent.attributes & KRB5_KDB_DISALLOW_ALL_TIX) == 0) {
printf("default template entry is not disabled\n");
ret = EINVAL;
}
kadm5_free_principal_ent(kadm_handle, &ent);
} else {
ret = 0;
}
free(p);
if (ret)
goto fail;
/* /*
* Check for duplicate afs keys * Check for duplicate afs keys
*/ */