Forgot to save edits to kadmin/server.c to use the new get-keys authorization.

kadmin/server.c

@@ -53,6 +53,7 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
     int n_keys;
     char **princs;
     int n_princs;
+    int keys_ok = 0;
     krb5_storage *sp;
 
     krb5_unparse_name_fixed(contextp->context, contextp->caller,
@@ -77,7 +78,11 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
 	mask |= KADM5_PRINCIPAL;
 	krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name));
 	krb5_warnx(contextp->context, "%s: %s %s", client, op, name);
-	ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_GET, princ);
+	ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_GET_KEYS, princ);
+	if (!ret)
+	    keys_ok = 1;
+	else
+	    ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_GET, princ);
 	if(ret){
 	    krb5_free_principal(contextp->context, princ);
 	    goto fail;
@@ -87,7 +92,10 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
 	sp = krb5_storage_emem();
 	krb5_store_int32(sp, ret);
 	if(ret == 0){
-	    kadm5_store_principal_ent(sp, &ent);
+	    if (keys_ok)
+		kadm5_store_principal_ent_nokeys(sp, &ent);
+	    else
+		kadm5_store_principal_ent(sp, &ent);
 	    kadm5_free_principal_ent(kadm_handlep, &ent);
 	}
 	krb5_free_principal(contextp->context, princ);