* keytab.c (krb5_ktkdb_get_entry): For consistency, check for
authorTom Yu <tlyu@mit.edu>
Thu, 15 Aug 2002 20:49:08 +0000 (20:49 +0000)
committerTom Yu <tlyu@mit.edu>
Thu, 15 Aug 2002 20:49:08 +0000 (20:49 +0000)
DISALLOW_ALL_TIX and DISALLOW_SVR when looking up keys.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14727 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/kdb/ChangeLog
src/lib/kdb/keytab.c

index 24f7e51de275f5af5e95dbf25edae29b42159dbe..a790596ad1e9118ab6c64b5ca6e2c13e0f7ef38c 100644 (file)
@@ -1,3 +1,8 @@
+2002-08-15  Tom Yu  <tlyu@mit.edu>
+
+       * keytab.c (krb5_ktkdb_get_entry): For consistency, check for
+       DISALLOW_ALL_TIX and DISALLOW_SVR when looking up keys.
+
 2002-08-09  Sam Hartman  <hartmans@mit.edu>
 
        * kdb_xdr.c (krb5_dbe_search_enctype): Initialize ret to 0; thanks
index f8077324b9cc411c5b2aabd585abc87793ddba3e..9c9b3b3bd834e321bb5beccf2509a477e87bf506 100644 (file)
@@ -116,6 +116,12 @@ krb5_ktkdb_get_entry(context, id, principal, kvno, enctype, entry)
        return KRB5_KT_NOTFOUND;
     }
 
+    if (db_entry.attributes & KRB5_KDB_DISALLOW_SVR
+       || db_entry.attributes & KRB5_KDB_DISALLOW_ALL_TIX) {
+       kerror = KRB5_KT_NOTFOUND;
+       goto error;
+    }
+
     /* match key */
     kerror = krb5_db_get_mkey(context, &master_key);
     if (kerror)