From f15745c60c6f70e11c122d85a853a3dc838a6d18 Mon Sep 17 00:00:00 2001 From: Nicolas Williams Date: Mon, 18 Jul 2011 23:15:59 -0500 Subject: [PATCH] Forgot to save edits to kadmin/server.c to use the new get-keys authorization. --- kadmin/server.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/kadmin/server.c b/kadmin/server.c index bc8dd3d61..0eed5fc2a 100644 --- a/kadmin/server.c +++ b/kadmin/server.c @@ -53,6 +53,7 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial, int n_keys; char **princs; int n_princs; + int keys_ok = 0; krb5_storage *sp; krb5_unparse_name_fixed(contextp->context, contextp->caller, @@ -77,7 +78,11 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial, mask |= KADM5_PRINCIPAL; krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name)); krb5_warnx(contextp->context, "%s: %s %s", client, op, name); - ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_GET, princ); + ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_GET_KEYS, princ); + if (!ret) + keys_ok = 1; + else + ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_GET, princ); if(ret){ krb5_free_principal(contextp->context, princ); goto fail; @@ -87,7 +92,10 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial, sp = krb5_storage_emem(); krb5_store_int32(sp, ret); if(ret == 0){ - kadm5_store_principal_ent(sp, &ent); + if (keys_ok) + kadm5_store_principal_ent_nokeys(sp, &ent); + else + kadm5_store_principal_ent(sp, &ent); kadm5_free_principal_ent(kadm_handlep, &ent); } krb5_free_principal(contextp->context, princ);