https://fedorahosted.org/freeipa/ticket/3779


>From 8806c71c1925b697103fb21df4f937a7a05be74c Mon Sep 17 00:00:00 2001
From: Nathaniel McCallum <nathan...@themccallums.org>
Date: Tue, 12 Nov 2013 10:52:51 -0500
Subject: [PATCH] Add support to ipa-kdb for keyless principals

https://fedorahosted.org/freeipa/ticket/3779
---
 daemons/ipa-kdb/ipa_kdb_principals.c | 18 ++++++++++++++++++
 util/ipa_krb5.c                      |  3 +++
 2 files changed, 21 insertions(+)

diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c
index 38059d29f36bca387b7ba95250d44259c1681cda..08b240910c6ddef31dda7bc6ca07efd39ea703c5 100644
--- a/daemons/ipa-kdb/ipa_kdb_principals.c
+++ b/daemons/ipa-kdb/ipa_kdb_principals.c
@@ -1266,8 +1266,26 @@ static krb5_error_code ipadb_get_ldap_mod_key_data(struct ipadb_mods *imods,
 {
     krb5_error_code kerr;
     struct berval *bval = NULL;
+    LDAPMod *mod;
     int ret;
 
+    /* If the key data is empty, remove all keys. */
+    if (n_key_data == 0 || key_data == NULL) {
+        kerr = ipadb_mods_new(imods, &mod);
+        if (kerr != 0)
+            return kerr;
+
+        mod->mod_op = LDAP_MOD_DELETE;
+        mod->mod_bvalues = NULL;
+        mod->mod_type = strdup("krbPrincipalKey");
+        if (mod->mod_type == NULL) {
+            ipadb_mods_free_tip(imods);
+            return ENOMEM;
+        }
+
+        return 0;
+    }
+
     ret = ber_encode_krb5_key_data(key_data, n_key_data, mkvno, &bval);
     if (ret != 0) {
         kerr = ret;
diff --git a/util/ipa_krb5.c b/util/ipa_krb5.c
index 934fd27d80cdd846f4de631b2dd587b0ad0f325c..cc84f9920a7b105c92dddd6cb765b435c0fbdfac 100644
--- a/util/ipa_krb5.c
+++ b/util/ipa_krb5.c
@@ -296,6 +296,9 @@ void ipa_krb5_free_key_data(krb5_key_data *keys, int num_keys)
 {
     int i;
 
+    if (keys == NULL)
+        return;
+
     for (i = 0; i < num_keys; i++) {
         /* try to wipe key from memory,
          * hopefully the compiler will not optimize it away */
-- 
1.8.4.2

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to