Forgot to save edits to kadmin/server.c to use the new get-keys authorization.

This commit is contained in:
Nicolas Williams
2011-07-18 23:15:59 -05:00
parent 558a8d05a6
commit f15745c60c

View File

@@ -53,6 +53,7 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
int n_keys; int n_keys;
char **princs; char **princs;
int n_princs; int n_princs;
int keys_ok = 0;
krb5_storage *sp; krb5_storage *sp;
krb5_unparse_name_fixed(contextp->context, contextp->caller, krb5_unparse_name_fixed(contextp->context, contextp->caller,
@@ -77,7 +78,11 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
mask |= KADM5_PRINCIPAL; mask |= KADM5_PRINCIPAL;
krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name)); krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name));
krb5_warnx(contextp->context, "%s: %s %s", client, op, name); krb5_warnx(contextp->context, "%s: %s %s", client, op, name);
ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_GET, princ); ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_GET_KEYS, princ);
if (!ret)
keys_ok = 1;
else
ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_GET, princ);
if(ret){ if(ret){
krb5_free_principal(contextp->context, princ); krb5_free_principal(contextp->context, princ);
goto fail; goto fail;
@@ -87,7 +92,10 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
sp = krb5_storage_emem(); sp = krb5_storage_emem();
krb5_store_int32(sp, ret); krb5_store_int32(sp, ret);
if(ret == 0){ if(ret == 0){
kadm5_store_principal_ent(sp, &ent); if (keys_ok)
kadm5_store_principal_ent_nokeys(sp, &ent);
else
kadm5_store_principal_ent(sp, &ent);
kadm5_free_principal_ent(kadm_handlep, &ent); kadm5_free_principal_ent(kadm_handlep, &ent);
} }
krb5_free_principal(contextp->context, princ); krb5_free_principal(contextp->context, princ);