[Freeipa-devel] [PATCH 0025] Add support to ipa-kdb for keyless principals

Tue Feb 18 20:02:54 UTC 2014

On Tue, 12 Nov 2013, Nathaniel McCallum wrote:
>https://fedorahosted.org/freeipa/ticket/3779
>
>

>>From 8806c71c1925b697103fb21df4f937a7a05be74c Mon Sep 17 00:00:00 2001
>From: Nathaniel McCallum <nathaniel at themccallums.org>
>Date: Tue, 12 Nov 2013 10:52:51 -0500
>Subject: [PATCH] Add support to ipa-kdb for keyless principals
>
>https://fedorahosted.org/freeipa/ticket/3779
>---
> daemons/ipa-kdb/ipa_kdb_principals.c | 18 ++++++++++++++++++
> util/ipa_krb5.c                      |  3 +++
> 2 files changed, 21 insertions(+)
>
>diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c
>index 38059d29f36bca387b7ba95250d44259c1681cda..08b240910c6ddef31dda7bc6ca07efd39ea703c5 100644
>--- a/daemons/ipa-kdb/ipa_kdb_principals.c
>+++ b/daemons/ipa-kdb/ipa_kdb_principals.c
>@@ -1266,8 +1266,26 @@ static krb5_error_code ipadb_get_ldap_mod_key_data(struct ipadb_mods *imods,
> {
>     krb5_error_code kerr;
>     struct berval *bval = NULL;
>+    LDAPMod *mod;
>     int ret;
> 
>+    /* If the key data is empty, remove all keys. */
>+    if (n_key_data == 0 || key_data == NULL) {
>+        kerr = ipadb_mods_new(imods, &mod);
>+        if (kerr != 0)
>+            return kerr;
>+
>+        mod->mod_op = LDAP_MOD_DELETE;
>+        mod->mod_bvalues = NULL;
>+        mod->mod_type = strdup("krbPrincipalKey");
>+        if (mod->mod_type == NULL) {
>+            ipadb_mods_free_tip(imods);
>+            return ENOMEM;
>+        }
>+
>+        return 0;
>+    }
>+
>     ret = ber_encode_krb5_key_data(key_data, n_key_data, mkvno, &bval);
>     if (ret != 0) {
>         kerr = ret;
>diff --git a/util/ipa_krb5.c b/util/ipa_krb5.c
>index 934fd27d80cdd846f4de631b2dd587b0ad0f325c..cc84f9920a7b105c92dddd6cb765b435c0fbdfac 100644
>--- a/util/ipa_krb5.c
>+++ b/util/ipa_krb5.c
>@@ -296,6 +296,9 @@ void ipa_krb5_free_key_data(krb5_key_data *keys, int num_keys)
> {
>     int i;
> 
>+    if (keys == NULL)
>+        return;
>+
>     for (i = 0; i < num_keys; i++) {
>         /* try to wipe key from memory,
>          * hopefully the compiler will not optimize it away */
>-- 
>1.8.4.2
>
ACK

-- 
/ Alexander Bokovoy