Fixes for updates of KADM5_KVNO but not KEY_DATA and vice-versa.

It turns out that updates of kvno but not key data and vice-versa are both, allowed and actually done (e.g, in kadmin's ank). Doing the right thing in these cases turns out to be a bit tricky, but this commit ought to do it.
2011-07-21 17:39:53 -05:00
parent dae01950a2
commit e23a1efdc9
7 changed files with 125 additions and 24 deletions
--- a/lib/kadm5/create_s.c
+++ b/lib/kadm5/create_s.c
@@ -111,6 +111,12 @@ kadm5_s_create_principal_with_key(void *server_handle,
    hdb_entry_ex ent;
    kadm5_server_context *context = server_handle;

+    if ((mask & KADM5_KVNO) == 0) {
+	/* create_principal() through _kadm5_setup_entry(), will need this */
+	princ->kvno = 1;
+	mask |= KADM5_KVNO;
+    }
+
    ret = create_principal(context, princ, mask, &ent,
 			   KADM5_PRINCIPAL | KADM5_KEY_DATA,
 			   KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME
@@ -121,9 +127,6 @@ kadm5_s_create_principal_with_key(void *server_handle,
    if(ret)
 	goto out;

-    if ((mask & KADM5_KVNO) == 0)
-	ent.entry.kvno = 1;
-
    ret = hdb_seal_keys(context->context, context->db, &ent.entry);
    if (ret)
 	goto out;
@@ -153,6 +156,12 @@ kadm5_s_create_principal(void *server_handle,
    hdb_entry_ex ent;
    kadm5_server_context *context = server_handle;

+    if ((mask & KADM5_KVNO) == 0) {
+	/* create_principal() through _kadm5_setup_entry(), will need this */
+	princ->kvno = 1;
+	mask |= KADM5_KVNO;
+    }
+
    ret = create_principal(context, princ, mask, &ent,
 			   KADM5_PRINCIPAL,
 			   KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME
@@ -163,9 +172,6 @@ kadm5_s_create_principal(void *server_handle,
    if(ret)
 	goto out;

-    if ((mask & KADM5_KVNO) == 0)
-	ent.entry.kvno = 1;
-
    ent.entry.keys.len = 0;
    ent.entry.keys.val = NULL;