kadmin selective prune of historic key for principal

2018-09-12 13:57:35 +02:00
parent af0d8ef677
commit f3f06fcba9
21 changed files with 376 additions and 29 deletions
--- a/kadmin/server.c
+++ b/kadmin/server.c
@@ -43,7 +43,7 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
 		 krb5_data *in, krb5_data *out)
 {
    kadm5_ret_t ret;
-    int32_t cmd, mask, tmp;
+    int32_t cmd, mask, kvno, tmp;
    kadm5_server_context *contextp = kadm_handlep;
    char client[128], name[128], name2[128];
    const char *op = "";
@@ -249,6 +249,36 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
 	krb5_store_int32(sp, ret);
 	break;
    }
+    case kadm_prune:{
+        op = "PRUNE";
+        ret = krb5_ret_principal(sp, &princ);
+        if (ret)
+            goto fail;
+        ret = krb5_ret_int32(sp, &kvno);
+        if (ret == HEIM_ERR_EOF) {
+            kvno = 0;
+        } else if (ret) {
+            krb5_free_principal(contextp->context, princ);
+            goto fail;
+        }
+        krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name));
+        krb5_warnx(contextp->context, "%s: %s %s", client, op, name);
+        ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_CPW, princ);
+        if (ret) {
+            krb5_free_principal(contextp->context, princ);
+            goto fail;
+        }
+        ret = kadm5_prune_principal(kadm_handlep, princ, kvno);
+        krb5_free_principal(contextp->context, princ);
+        krb5_storage_free(sp);
+        sp = krb5_storage_emem();
+        if (sp == NULL) {
+            ret = ENOMEM;
+            goto fail;
+        }
+        krb5_store_int32(sp, ret);
+        break;
+    }
    case kadm_rename:{
 	op = "RENAME";
 	ret = krb5_ret_principal(sp, &princ);