Add kadmin support for principals without keys

Add kadmin support for "addprinc -nokey", which creates a principal with no keys, and "purgekeys -all", which deletes all keys from a principal. The KDC was modified by #7630 to support principals without keys. ticket: 7679 (new)
author: Greg Hudson <ghudson@mit.edu> 2013-07-09 10:58:49 -0400
committer: Greg Hudson <ghudson@mit.edu> 2013-07-15 12:31:38 -0400
commit: 57d0b4b300e43722ae9f080fbf132edeb3834323 (patch)
tree: e7d31391c1f241f1685abbb945c85f3c215659ff /src/lib/kadm5
parent: d9457b501cbab535e5968dbdf195ca334b9fa555 (diff)
download: krb5-57d0b4b300e43722ae9f080fbf132edeb3834323.tar.gz
krb5-57d0b4b300e43722ae9f080fbf132edeb3834323.tar.xz
krb5-57d0b4b300e43722ae9f080fbf132edeb3834323.zip
2 files changed, 9 insertions, 3 deletions
diff --git a/src/lib/kadm5/admin.h b/src/lib/kadm5/admin.h
index 189ca45cf..8f377f804 100644
--- a/src/lib/kadm5/admin.h
+++ b/src/lib/kadm5/admin.h
@@ -110,6 +110,7 @@ typedef long            kadm5_ret_t;
 #define KADM5_RANDKEY_USED      0x100000
 #endif
 #define KADM5_LOAD              0x200000
+#define KADM5_NOKEY             0x400000
 
 /* all but KEY_DATA, TL_DATA, LOAD */
 #define KADM5_PRINCIPAL_NORMAL_MASK 0x41ffff
diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
index 2bb871166..d6035b0e3 100644
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -385,8 +385,10 @@ kadm5_create_principal_3(void *server_handle,
     if(!(mask & KADM5_PRINCIPAL) || (mask & KADM5_MOD_NAME) ||
        (mask & KADM5_MOD_TIME) || (mask & KADM5_LAST_PWD_CHANGE) ||
        (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) ||
-       (mask & KADM5_KEY_DATA) || (mask & KADM5_LAST_SUCCESS) ||
-       (mask & KADM5_LAST_FAILED) || (mask & KADM5_FAIL_AUTH_COUNT))
+       (mask & KADM5_LAST_SUCCESS) || (mask & KADM5_LAST_FAILED) ||
+       (mask & KADM5_FAIL_AUTH_COUNT))
+        return KADM5_BAD_MASK;
+    if ((mask & KADM5_KEY_DATA) && entry->n_key_data != 0)
         return KADM5_BAD_MASK;
     if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR))
         return KADM5_BAD_MASK;
@@ -515,7 +517,10 @@ kadm5_create_principal_3(void *server_handle,
     if (ret)
         goto cleanup;
 
-    if (password) {
+    if (mask & KADM5_KEY_DATA) {
+        /* The client requested no keys for this principal. */
+        assert(entry->n_key_data == 0);
+    } else if (password) {
         ret = krb5_dbe_cpw(handle->context, act_mkey, new_ks_tuple,
                            new_n_ks_tuple, password,
                            (mask & KADM5_KVNO)?entry->kvno:1,
author	Greg Hudson <ghudson@mit.edu>	2013-07-09 10:58:49 -0400
committer	Greg Hudson <ghudson@mit.edu>	2013-07-15 12:31:38 -0400
commit	57d0b4b300e43722ae9f080fbf132edeb3834323 (patch)
tree	e7d31391c1f241f1685abbb945c85f3c215659ff /src/lib/kadm5
parent	d9457b501cbab535e5968dbdf195ca334b9fa555 (diff)
download	krb5-57d0b4b300e43722ae9f080fbf132edeb3834323.tar.gz krb5-57d0b4b300e43722ae9f080fbf132edeb3834323.tar.xz krb5-57d0b4b300e43722ae9f080fbf132edeb3834323.zip