kadmin's ktremove can remove wrong entries when removing kvno 0
authorGreg Hudson <ghudson@mit.edu>
Tue, 1 Feb 2011 01:11:51 +0000 (01:11 +0000)
committerGreg Hudson <ghudson@mit.edu>
Tue, 1 Feb 2011 01:11:51 +0000 (01:11 +0000)
commit3bb5bee81fa978212fb7913e42409d0c5b668c85
tree3beae4fc79588a02e6df16c4b9d27568f1e3a10c
parentb68bd3b61fbc2a5bad7436112de18da17ff89d6f
kadmin's ktremove can remove wrong entries when removing kvno 0

Because of 8-bit wraparound, keytabs can contain entries with kvno 0.
Because 0 is a distinguished kvno value for krb5_kt_get_entry(),
kadmin's remove_principal() winds up substituting the specified kvno
with the highest-numbered kvno of the specified principal in the
keytab.  Make sure not to perform this substitution when in
specified-kvno mode.

(This fix leaves behind a very minor bug where "ktrem principal 0"
returns silently, instead of producing an error message like it
normally would, if principal exists in the keytab but not at kvno 0.)

ticket: 6854

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24611 dc483132-0cff-0310-8789-dd5450dbe970
src/kadmin/cli/keytab.c