34bf7ae162
The Heimdal kadmind sends bogus keys when the client has 'get' but not 'get-keys' permission. For some kadmin commands this is dangerous. For example, ext_keytab could happily write bogus keys to a keytab when real keys are expected, causing eventual breakage. Sending bogus keys is important for the kadmin get command: so it can list the keysets that a principal has. This patch implements a heuristic detection of kadmin get vs. ext_keytab, add_enctype, del_enctype, and check commands. If the client principal lacks 'get-keys' permission, then the server will fail requests that appear to be from those kadmin commands, but will continue to serve bogus keys to kadmin get commands. Thanks to Nico Williams for the idea behind this implementation.
Heimdal is a Kerberos 5 implementation. For information how to install see <http://www.h5l.org/compile.html>. There are briefer man pages for most of the commands. Bug reports and bugs are appreciated, see more under Bug reports in the manual on how we prefer them: <heimdal-bugs@h5l.org>. For more information see the web-page at <http://www.h5l.org/> or the mailing lists: heimdal-announce@sics.se low-volume announcement heimdal-discuss@sics.se high-volume discussion send a mail to heimdal-announce-request@sics.se and heimdal-discuss-request@sics.se respectively to subscribe.