krb5 commit: Add duplicate check to kadm5_create_policy()
Greg Hudson
ghudson at mit.edu
Mon May 10 16:34:24 EDT 2021
https://github.com/krb5/krb5/commit/311f433cba0dba5cd88a837c0369295bc43d305e
commit 311f433cba0dba5cd88a837c0369295bc43d305e
Author: Greg Hudson <ghudson at mit.edu>
Date: Fri Apr 16 02:25:21 2021 -0400
Add duplicate check to kadm5_create_policy()
For symmetry with kadm5_create_principal_3(), check for an existing
policy in kadm5_create_policy() and return KADM5_DUP if one is found.
ticket: 9003 (new)
src/lib/kadm5/srv/svr_policy.c | 10 +++++++++-
1 files changed, 9 insertions(+), 1 deletions(-)
diff --git a/src/lib/kadm5/srv/svr_policy.c b/src/lib/kadm5/srv/svr_policy.c
index d7940ef..9569e24 100644
--- a/src/lib/kadm5/srv/svr_policy.c
+++ b/src/lib/kadm5/srv/svr_policy.c
@@ -59,7 +59,7 @@ kadm5_ret_t
kadm5_create_policy(void *server_handle, kadm5_policy_ent_t entry, long mask)
{
kadm5_server_handle_t handle = server_handle;
- osa_policy_ent_rec pent;
+ osa_policy_ent_rec pent, *check_pol;
int ret;
char *p;
@@ -80,6 +80,14 @@ kadm5_create_policy(void *server_handle, kadm5_policy_ent_t entry, long mask)
return ret;
}
+ ret = krb5_db_get_policy(handle->context, entry->policy, &check_pol);
+ if (!ret) {
+ krb5_db_free_policy(handle->context, check_pol);
+ return KADM5_DUP;
+ } else if (ret != KRB5_KDB_NOENTRY) {
+ return ret;
+ }
+
memset(&pent, 0, sizeof(pent));
pent.name = entry->policy;
p = entry->policy;
More information about the cvs-krb5
mailing list