[1949] in Moira Commits
/svn/moira r4088 - trunk/moira/incremental/kerberos
daemon@ATHENA.MIT.EDU (Garry Zacheiss)
Mon Dec 3 11:45:04 2012
Date: Mon, 3 Dec 2012 11:44:57 -0500
From: Garry Zacheiss <zacheiss@MIT.EDU>
Message-Id: <201212031644.qB3Giv84017426@drugstore.mit.edu>
To: moira-commits@MIT.EDU
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Author: zacheiss
Date: 2012-12-03 11:44:57 -0500 (Mon, 03 Dec 2012)
New Revision: 4088
Modified:
trunk/moira/incremental/kerberos/kerberos.c
Log:
Look up and apply existing principal attributes rather than blindly overwriting them.
Modified: trunk/moira/incremental/kerberos/kerberos.c
===================================================================
--- trunk/moira/incremental/kerberos/kerberos.c 2012-11-15 16:54:49 UTC (rev 4087)
+++ trunk/moira/incremental/kerberos/kerberos.c 2012-12-03 16:44:57 UTC (rev 4088)
@@ -126,7 +126,8 @@
void *kadm_server_handle = NULL;
krb5_context context = NULL;
kadm5_ret_t status;
- kadm5_principal_ent_rec princ;
+ krb5_principal princ;
+ kadm5_principal_ent_rec dprinc;
kadm5_policy_ent_rec defpol;
kadm5_config_params realm_params;
char admin_princ[256];
@@ -149,8 +150,9 @@
return status;
memset(&princ, 0, sizeof(princ));
+ memset(&dprinc, 0, sizeof(dprinc));
- status = krb5_parse_name(context, username, &(princ.principal));
+ status = krb5_parse_name(context, username, &princ);
if (status)
return status;
@@ -161,22 +163,27 @@
if (status)
goto cleanup;
+ status = kadm5_get_principal(kadm_server_handle, princ, &dprinc, KADM5_PRINCIPAL_NORMAL_MASK);
+ if (status)
+ goto cleanup;
+
mask |= KADM5_ATTRIBUTES;
if (activate)
{
/* Enable principal */
- princ.attributes &= ~KRB5_KDB_DISALLOW_ALL_TIX;
+ dprinc.attributes &= ~KRB5_KDB_DISALLOW_ALL_TIX;
}
else
{
/* Disable principal */
- princ.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
+ dprinc.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
}
- status = kadm5_modify_principal(kadm_server_handle, &princ, mask);
+ status = kadm5_modify_principal(kadm_server_handle, &dprinc, mask);
cleanup:
- krb5_free_principal(context, princ.principal);
+ krb5_free_principal(context, princ);
+ kadm5_free_principal_ent(kadm_server_handle, &dprinc);
if (kadm_server_handle)
kadm5_destroy(kadm_server_handle);
