Make kadmin ext work when lacking get-keys priv

When we added the get-keys privilege we lost the ability to setup
keytabs with the kadmin ext command.  The fix is to note that we got
bogus key data and randkey (as we used to).

lib/kadm5/admin.h

@@ -201,8 +201,12 @@ typedef struct _kadm5_policy_ent_t {
 #define KADM5_PRIV_LIST		(1 << 4)
 #define KADM5_PRIV_CPW		(1 << 5)
 #define KADM5_PRIV_GET_KEYS	(1 << 6)
+
+/* Note: KADM5_PRIV_GET_KEYS not included */
 #define KADM5_PRIV_ALL		(KADM5_PRIV_GET | KADM5_PRIV_ADD | KADM5_PRIV_MODIFY | KADM5_PRIV_DELETE | KADM5_PRIV_LIST | KADM5_PRIV_CPW)
 
+#define KADM5_BOGUS_KEY_DATA    "\xe5\xe5\xe5\xe5"
+
 typedef struct _kadm5_config_params {
     uint32_t mask;
 

lib/kadm5/marshall.c

@@ -57,7 +57,6 @@ kadm5_ret_t
 kadm5_store_fake_key_data(krb5_storage *sp,
 		          krb5_key_data *key)
 {
-    char buf[4] = {0};
     krb5_data c;
 
     krb5_store_int32(sp, key->key_data_ver);
@@ -72,9 +71,8 @@ kadm5_store_fake_key_data(krb5_storage *sp,
      * did want keys will either fail or they'll, say, create bogus
      * keytab entries that will subsequently fail to be useful.
      */
-    c.length = sizeof (buf);
-    c.data = buf;
-    memset(buf, 0xdeadcee5, sizeof (buf)); /* bad bad hexspeak for deadkeys */
+    c.length = sizeof (KADM5_BOGUS_KEY_DATA) - 1;
+    c.data = KADM5_BOGUS_KEY_DATA;
     krb5_store_data(sp, c);
 
     /* This is the salt -- no need to send garbage */