svn rev #24611: trunk/src/kadmin/cli/
ghudson@MIT.EDU
ghudson at MIT.EDU
Mon Jan 31 20:11:51 EST 2011
http://src.mit.edu/fisheye/changelog/krb5/?cs=24611
Commit By: ghudson
Log Message:
ticket: 6854
subject: kadmin's ktremove can remove wrong entries when removing kvno 0
Because of 8-bit wraparound, keytabs can contain entries with kvno 0.
Because 0 is a distinguished kvno value for krb5_kt_get_entry(),
kadmin's remove_principal() winds up substituting the specified kvno
with the highest-numbered kvno of the specified principal in the
keytab. Make sure not to perform this substitution when in
specified-kvno mode.
(This fix leaves behind a very minor bug where "ktrem principal 0"
returns silently, instead of producing an error message like it
normally would, if principal exists in the keytab but not at kvno 0.)
Changed Files:
U trunk/src/kadmin/cli/keytab.c
Modified: trunk/src/kadmin/cli/keytab.c
===================================================================
--- trunk/src/kadmin/cli/keytab.c 2011-01-31 22:44:26 UTC (rev 24610)
+++ trunk/src/kadmin/cli/keytab.c 2011-02-01 01:11:51 UTC (rev 24611)
@@ -398,7 +398,8 @@
}
/* set kvno to spec'ed value for SPEC, highest kvno otherwise */
- kvno = entry.vno;
+ if (mode != SPEC)
+ kvno = entry.vno;
krb5_kt_free_entry(context, &entry);
code = krb5_kt_start_seq_get(context, keytab, &cursor);
More information about the cvs-krb5
mailing list