Forgot to save edits to kadmin/server.c to use the new get-keys authorization.
This commit is contained in:
@@ -53,6 +53,7 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
|
|||||||
int n_keys;
|
int n_keys;
|
||||||
char **princs;
|
char **princs;
|
||||||
int n_princs;
|
int n_princs;
|
||||||
|
int keys_ok = 0;
|
||||||
krb5_storage *sp;
|
krb5_storage *sp;
|
||||||
|
|
||||||
krb5_unparse_name_fixed(contextp->context, contextp->caller,
|
krb5_unparse_name_fixed(contextp->context, contextp->caller,
|
||||||
@@ -77,7 +78,11 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
|
|||||||
mask |= KADM5_PRINCIPAL;
|
mask |= KADM5_PRINCIPAL;
|
||||||
krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name));
|
krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name));
|
||||||
krb5_warnx(contextp->context, "%s: %s %s", client, op, name);
|
krb5_warnx(contextp->context, "%s: %s %s", client, op, name);
|
||||||
ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_GET, princ);
|
ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_GET_KEYS, princ);
|
||||||
|
if (!ret)
|
||||||
|
keys_ok = 1;
|
||||||
|
else
|
||||||
|
ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_GET, princ);
|
||||||
if(ret){
|
if(ret){
|
||||||
krb5_free_principal(contextp->context, princ);
|
krb5_free_principal(contextp->context, princ);
|
||||||
goto fail;
|
goto fail;
|
||||||
@@ -87,7 +92,10 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
|
|||||||
sp = krb5_storage_emem();
|
sp = krb5_storage_emem();
|
||||||
krb5_store_int32(sp, ret);
|
krb5_store_int32(sp, ret);
|
||||||
if(ret == 0){
|
if(ret == 0){
|
||||||
kadm5_store_principal_ent(sp, &ent);
|
if (keys_ok)
|
||||||
|
kadm5_store_principal_ent_nokeys(sp, &ent);
|
||||||
|
else
|
||||||
|
kadm5_store_principal_ent(sp, &ent);
|
||||||
kadm5_free_principal_ent(kadm_handlep, &ent);
|
kadm5_free_principal_ent(kadm_handlep, &ent);
|
||||||
}
|
}
|
||||||
krb5_free_principal(contextp->context, princ);
|
krb5_free_principal(contextp->context, princ);
|
||||||
|
Reference in New Issue
Block a user