diff options
author | Greg Hudson <ghudson@mit.edu> | 2013-01-08 15:20:45 -0500 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2013-01-09 15:35:43 -0500 |
commit | 0780e46fc13dbafa177525164997cd204cc50b51 (patch) | |
tree | eacb2400a78bfab43bbc95cb8ab3055498da881b /src/tests/kdbtest.c | |
parent | 090f561c631db7e4970b71cbe1426d636c39c77a (diff) | |
download | krb5-0780e46fc13dbafa177525164997cd204cc50b51.tar.gz krb5-0780e46fc13dbafa177525164997cd204cc50b51.tar.xz krb5-0780e46fc13dbafa177525164997cd204cc50b51.zip |
Allow principals to refer to nonexistent policies
Stop using and maintaining the policy_refcnt field, and do not try to
prevent deletion of a policy which is still referenced by principals.
Instead, allow principals to refer to policy names which do not exist
as policy objects; treat those principals as having no associated
policy.
In the kadmin client, warn if addprinc or modprinc tries to reference
a policy which doesn't exist, since the server will no longer error
out in this case.
ticket: 7385
Diffstat (limited to 'src/tests/kdbtest.c')
-rw-r--r-- | src/tests/kdbtest.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/src/tests/kdbtest.c b/src/tests/kdbtest.c index b569b56235..93de07be87 100644 --- a/src/tests/kdbtest.c +++ b/src/tests/kdbtest.c @@ -167,7 +167,7 @@ static osa_policy_ent_rec sample_policy = { 6, /* pw_min_length */ 2, /* pw_min_classes */ 3, /* pw_history_num */ - 1, /* policy_refcnt */ + 0, /* policy_refcnt */ 2, /* pw_max_fail */ 60, /* pw_failcnt_interval */ 120, /* pw_lockout_duration */ @@ -377,7 +377,6 @@ main() CHECK(krb5_dbe_update_tl_data(ctx, ent, &tl_no_policy)); ent->mask = KADM5_POLICY_CLR | KADM5_KEY_DATA; CHECK(krb5_db_put_principal(ctx, ent)); - /* Deleting polname should work now that the reference is gone. */ CHECK(krb5_db_delete_policy(ctx, polname)); /* Put the modified entry again (with KDB_TL_USER_INFO tl-data for LDAP) as |