diff options
| author | Nathaniel McCallum <nathaniel@themccallums.org> | 2013-11-12 10:52:51 -0500 |
|---|---|---|
| committer | Petr Viktorin <pviktori@redhat.com> | 2014-02-19 10:15:36 +0100 |
| commit | b769d1c18678b5eede7505dec7938f6836070044 (patch) | |
| tree | e4aa5b0c10baedf40a0fa5edcd15ae027e7ce30c /daemons | |
| parent | f67268db6855738350481491119b9be29ba1f22d (diff) | |
| download | freeipa-b769d1c18678b5eede7505dec7938f6836070044.tar.gz freeipa-b769d1c18678b5eede7505dec7938f6836070044.tar.xz freeipa-b769d1c18678b5eede7505dec7938f6836070044.zip | |
Add support to ipa-kdb for keyless principals
https://fedorahosted.org/freeipa/ticket/3779
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'daemons')
| -rw-r--r-- | daemons/ipa-kdb/ipa_kdb_principals.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c index 8a8d67bb1..f0be76ea7 100644 --- a/daemons/ipa-kdb/ipa_kdb_principals.c +++ b/daemons/ipa-kdb/ipa_kdb_principals.c @@ -1385,8 +1385,26 @@ static krb5_error_code ipadb_get_ldap_mod_key_data(struct ipadb_mods *imods, { krb5_error_code kerr; struct berval *bval = NULL; + LDAPMod *mod; int ret; + /* If the key data is empty, remove all keys. */ + if (n_key_data == 0 || key_data == NULL) { + kerr = ipadb_mods_new(imods, &mod); + if (kerr != 0) + return kerr; + + mod->mod_op = LDAP_MOD_DELETE; + mod->mod_bvalues = NULL; + mod->mod_type = strdup("krbPrincipalKey"); + if (mod->mod_type == NULL) { + ipadb_mods_free_tip(imods); + return ENOMEM; + } + + return 0; + } + ret = ber_encode_krb5_key_data(key_data, n_key_data, mkvno, &bval); if (ret != 0) { kerr = ret; |