diff options
| -rw-r--r-- | daemons/ipa-kdb/ipa_kdb_principals.c | 18 | ||||
| -rw-r--r-- | util/ipa_krb5.c | 3 |
2 files changed, 21 insertions, 0 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c index 8a8d67bb1..f0be76ea7 100644 --- a/daemons/ipa-kdb/ipa_kdb_principals.c +++ b/daemons/ipa-kdb/ipa_kdb_principals.c @@ -1385,8 +1385,26 @@ static krb5_error_code ipadb_get_ldap_mod_key_data(struct ipadb_mods *imods, { krb5_error_code kerr; struct berval *bval = NULL; + LDAPMod *mod; int ret; + /* If the key data is empty, remove all keys. */ + if (n_key_data == 0 || key_data == NULL) { + kerr = ipadb_mods_new(imods, &mod); + if (kerr != 0) + return kerr; + + mod->mod_op = LDAP_MOD_DELETE; + mod->mod_bvalues = NULL; + mod->mod_type = strdup("krbPrincipalKey"); + if (mod->mod_type == NULL) { + ipadb_mods_free_tip(imods); + return ENOMEM; + } + + return 0; + } + ret = ber_encode_krb5_key_data(key_data, n_key_data, mkvno, &bval); if (ret != 0) { kerr = ret; diff --git a/util/ipa_krb5.c b/util/ipa_krb5.c index 934fd27d8..cc84f9920 100644 --- a/util/ipa_krb5.c +++ b/util/ipa_krb5.c @@ -296,6 +296,9 @@ void ipa_krb5_free_key_data(krb5_key_data *keys, int num_keys) { int i; + if (keys == NULL) + return; + for (i = 0; i < num_keys; i++) { /* try to wipe key from memory, * hopefully the compiler will not optimize it away */ |