diff options
| author | Greg Hudson <ghudson@mit.edu> | 2012-04-26 04:34:20 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2012-04-26 04:34:20 +0000 |
| commit | 79495d8694275ebde98d48d018161208c72368c2 (patch) | |
| tree | ff6bf70c9573dad97364de0165c661f3bbf91582 /src/lib | |
| parent | 60e01dc17967479f31a3669d2a5ef306d1b48750 (diff) | |
Allow clearpolicy restriction for kadmin addprinc
Although the kadmin client never generates a KADM5_POLICY_CLR mask bit
with addprinc, the bit will be set if a kadm5.acl line imposes the
-clearpolicy restriction. Relax the sanity checking in
kadm5_create_principal_3 to allow KADM5_POLICY_CLR as long as
KADM5_POLICY is not also set.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25827 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/kadm5/srv/svr_principal.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c index 00541dff1..a0b110def 100644 --- a/src/lib/kadm5/srv/svr_principal.c +++ b/src/lib/kadm5/srv/svr_principal.c @@ -236,10 +236,11 @@ kadm5_create_principal_3(void *server_handle, */ if(!(mask & KADM5_PRINCIPAL) || (mask & KADM5_MOD_NAME) || (mask & KADM5_MOD_TIME) || (mask & KADM5_LAST_PWD_CHANGE) || - (mask & KADM5_MKVNO) || (mask & KADM5_POLICY_CLR) || - (mask & KADM5_AUX_ATTRIBUTES) || (mask & KADM5_KEY_DATA) || - (mask & KADM5_LAST_SUCCESS) || (mask & KADM5_LAST_FAILED) || - (mask & KADM5_FAIL_AUTH_COUNT)) + (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) || + (mask & KADM5_KEY_DATA) || (mask & KADM5_LAST_SUCCESS) || + (mask & KADM5_LAST_FAILED) || (mask & KADM5_FAIL_AUTH_COUNT)) + return KADM5_BAD_MASK; + if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR)) return KADM5_BAD_MASK; if((mask & ~ALL_PRINC_MASK)) return KADM5_BAD_MASK; |