svn rev #25827: trunk/src/lib/kadm5/srv/
ghudson@MIT.EDU
ghudson at MIT.EDU
Thu Apr 26 00:34:21 EDT 2012
http://src.mit.edu/fisheye/changelog/krb5/?cs=25827
Commit By: ghudson
Log Message:
Allow clearpolicy restriction for kadmin addprinc
Although the kadmin client never generates a KADM5_POLICY_CLR mask bit
with addprinc, the bit will be set if a kadm5.acl line imposes the
-clearpolicy restriction. Relax the sanity checking in
kadm5_create_principal_3 to allow KADM5_POLICY_CLR as long as
KADM5_POLICY is not also set.
Changed Files:
U trunk/src/lib/kadm5/srv/svr_principal.c
Modified: trunk/src/lib/kadm5/srv/svr_principal.c
===================================================================
--- trunk/src/lib/kadm5/srv/svr_principal.c 2012-04-26 04:34:15 UTC (rev 25826)
+++ trunk/src/lib/kadm5/srv/svr_principal.c 2012-04-26 04:34:20 UTC (rev 25827)
@@ -236,11 +236,12 @@
*/
if(!(mask & KADM5_PRINCIPAL) || (mask & KADM5_MOD_NAME) ||
(mask & KADM5_MOD_TIME) || (mask & KADM5_LAST_PWD_CHANGE) ||
- (mask & KADM5_MKVNO) || (mask & KADM5_POLICY_CLR) ||
- (mask & KADM5_AUX_ATTRIBUTES) || (mask & KADM5_KEY_DATA) ||
- (mask & KADM5_LAST_SUCCESS) || (mask & KADM5_LAST_FAILED) ||
- (mask & KADM5_FAIL_AUTH_COUNT))
+ (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) ||
+ (mask & KADM5_KEY_DATA) || (mask & KADM5_LAST_SUCCESS) ||
+ (mask & KADM5_LAST_FAILED) || (mask & KADM5_FAIL_AUTH_COUNT))
return KADM5_BAD_MASK;
+ if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR))
+ return KADM5_BAD_MASK;
if((mask & ~ALL_PRINC_MASK))
return KADM5_BAD_MASK;
if (entry == NULL)
More information about the cvs-krb5
mailing list