summaryrefslogtreecommitdiffstats
path: root/daemons/ipa-kdb/ipa_kdb_principals.c
diff options
context:
space:
mode:
Diffstat (limited to 'daemons/ipa-kdb/ipa_kdb_principals.c')
-rw-r--r--daemons/ipa-kdb/ipa_kdb_principals.c12
1 files changed, 8 insertions, 4 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c
index bd84f5b3b..97b240650 100644
--- a/daemons/ipa-kdb/ipa_kdb_principals.c
+++ b/daemons/ipa-kdb/ipa_kdb_principals.c
@@ -572,7 +572,6 @@ static krb5_error_code ipadb_fetch_principals(struct ipadb_context *ipactx,
krb5_error_code kerr;
char *src_filter = NULL;
char *esc_search_expr = NULL;
- LDAPMessage *res = NULL;
int ret;
if (!ipactx->lcontext) {
@@ -603,9 +602,6 @@ static krb5_error_code ipadb_fetch_principals(struct ipadb_context *ipactx,
result);
done:
- if (kerr) {
- ldap_msgfree(res);
- }
free(src_filter);
free(esc_search_expr);
return kerr;
@@ -1517,6 +1513,10 @@ static krb5_error_code ipadb_add_principal(krb5_context kcontext,
goto done;
}
+ if (!ipactx->override_restrictions) {
+ return KRB5_KDB_CONSTRAINT_VIOLATION;
+ }
+
kerr = krb5_unparse_name(kcontext, entry->princ, &principal);
if (kerr != 0) {
goto done;
@@ -1711,6 +1711,10 @@ krb5_error_code ipadb_delete_principal(krb5_context kcontext,
return KRB5_KDB_DBNOTINITED;
}
+ if (!ipactx->override_restrictions) {
+ return KRB5_KDB_CONSTRAINT_VIOLATION;
+ }
+
kerr = krb5_unparse_name(kcontext, search_for, &principal);
if (kerr != 0) {
goto done;
generated by cgit (git 2.34.1) at 2024-06-14 21:59:19 +0000