diff options
| author | Greg Hudson <ghudson@mit.edu> | 2013-01-08 15:20:45 -0500 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2013-01-09 15:35:43 -0500 |
| commit | 0780e46fc13dbafa177525164997cd204cc50b51 (patch) | |
| tree | eacb2400a78bfab43bbc95cb8ab3055498da881b /src/lib/kadm5/srv/svr_policy.c | |
| parent | 090f561c631db7e4970b71cbe1426d636c39c77a (diff) | |
| download | krb5-0780e46fc13dbafa177525164997cd204cc50b51.tar.gz krb5-0780e46fc13dbafa177525164997cd204cc50b51.tar.xz krb5-0780e46fc13dbafa177525164997cd204cc50b51.zip | |
Allow principals to refer to nonexistent policies
Stop using and maintaining the policy_refcnt field, and do not try to
prevent deletion of a policy which is still referenced by principals.
Instead, allow principals to refer to policy names which do not exist
as policy objects; treat those principals as having no associated
policy.
In the kadmin client, warn if addprinc or modprinc tries to reference
a policy which doesn't exist, since the server will no longer error
out in this case.
ticket: 7385
Diffstat (limited to 'src/lib/kadm5/srv/svr_policy.c')
| -rw-r--r-- | src/lib/kadm5/srv/svr_policy.c | 11 |
1 files changed, 0 insertions, 11 deletions
diff --git a/src/lib/kadm5/srv/svr_policy.c b/src/lib/kadm5/srv/svr_policy.c index 0d79f86dce..69d2fea78d 100644 --- a/src/lib/kadm5/srv/svr_policy.c +++ b/src/lib/kadm5/srv/svr_policy.c @@ -158,10 +158,6 @@ kadm5_create_policy_internal(void *server_handle, else pent.pw_history_num = entry->pw_history_num; } - if (!(mask & KADM5_REF_COUNT)) - pent.policy_refcnt = 0; - else - pent.policy_refcnt = entry->policy_refcnt; if (handle->api_version >= KADM5_API_VERSION_4) { if (!(mask & KADM5_POLICY_ATTRIBUTES)) @@ -230,10 +226,6 @@ kadm5_delete_policy(void *server_handle, kadm5_policy_t name) else if (ret) return ret; - if(entry->policy_refcnt != 0) { - krb5_db_free_policy(handle->context, entry); - return KADM5_POLICY_REF; - } krb5_db_free_policy(handle->context, entry); ret = krb5_db_delete_policy(handle->context, name); if (ret == KRB5_KDB_POLICY_REF) @@ -368,8 +360,6 @@ kadm5_modify_policy_internal(void *server_handle, } p->pw_history_num = entry->pw_history_num; } - if ((mask & KADM5_REF_COUNT)) - p->policy_refcnt = entry->policy_refcnt; if (handle->api_version >= KADM5_API_VERSION_3) { if ((mask & KADM5_PW_MAX_FAILURE)) p->pw_max_fail = entry->pw_max_fail; @@ -448,7 +438,6 @@ kadm5_get_policy(void *server_handle, kadm5_policy_t name, entry->pw_min_length = t->pw_min_length; entry->pw_min_classes = t->pw_min_classes; entry->pw_history_num = t->pw_history_num; - entry->policy_refcnt = t->policy_refcnt; if (handle->api_version >= KADM5_API_VERSION_3) { entry->pw_max_fail = t->pw_max_fail; entry->pw_failcnt_interval = t->pw_failcnt_interval; |