oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Make kadmin ext work when lacking get-keys priv

Browse Source 
When we added the get-keys privilege we lost the ability to setup
keytabs with the kadmin ext command.  The fix is to note that we got
bogus key data and randkey (as we used to).
This commit is contained in:
Nicolas Williams
2014-03-25 21:45:10 -05:00
parent 1fad1f8984
commit b80b21c8a8
3 changed files with 26 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/kadm5/marshall.c
View File

@@ -57,7 +57,6 @@ kadm5_ret_t
kadm5_store_fake_key_data(krb5_storage *sp,
krb5_key_data *key)
{
char buf[4] = {0};
krb5_data c;
krb5_store_int32(sp, key->key_data_ver);
@@ -72,9 +71,8 @@ kadm5_store_fake_key_data(krb5_storage *sp,
* did want keys will either fail or they'll, say, create bogus
* keytab entries that will subsequently fail to be useful.
*/
c.length = sizeof (buf);
c.data = buf;
memset(buf, 0xdeadcee5, sizeof (buf)); /* bad bad hexspeak for deadkeys */
c.length = sizeof (KADM5_BOGUS_KEY_DATA) - 1;
c.data = KADM5_BOGUS_KEY_DATA;
krb5_store_data(sp, c);
/* This is the salt -- no need to send garbage */