You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
57 lines
2.3 KiB
57 lines
2.3 KiB
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
|
|
index 3e560d9..10b5982 100644
|
|
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
|
|
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
|
|
@@ -406,14 +406,14 @@ krb5_encode_krbsecretkey(krb5_key_data *key_data_in, int n_key_data,
|
|
int num_versions = 1;
|
|
int i, j, last;
|
|
krb5_error_code err = 0;
|
|
- krb5_key_data *key_data;
|
|
+ krb5_key_data *key_data = NULL;
|
|
|
|
- if (n_key_data <= 0)
|
|
+ if (n_key_data < 0)
|
|
return NULL;
|
|
|
|
/* Make a shallow copy of the key data so we can alter it. */
|
|
key_data = k5calloc(n_key_data, sizeof(*key_data), &err);
|
|
- if (key_data_in == NULL)
|
|
+ if (key_data == NULL)
|
|
goto cleanup;
|
|
memcpy(key_data, key_data_in, n_key_data * sizeof(*key_data));
|
|
|
|
@@ -467,9 +467,8 @@ krb5_encode_krbsecretkey(krb5_key_data *key_data_in, int n_key_data,
|
|
free(key_data);
|
|
if (err != 0) {
|
|
if (ret != NULL) {
|
|
- for (i = 0; i <= num_versions; i++)
|
|
- if (ret[i] != NULL)
|
|
- free (ret[i]);
|
|
+ for (i = 0; ret[i] != NULL; i++)
|
|
+ free (ret[i]);
|
|
free (ret);
|
|
ret = NULL;
|
|
}
|
|
@@ -1036,9 +1035,19 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry,
|
|
bersecretkey = krb5_encode_krbsecretkey (entry->key_data,
|
|
entry->n_key_data, mkvno);
|
|
|
|
- if ((st=krb5_add_ber_mem_ldap_mod(&mods, "krbprincipalkey",
|
|
- LDAP_MOD_REPLACE | LDAP_MOD_BVALUES, bersecretkey)) != 0)
|
|
+ if (bersecretkey == NULL) {
|
|
+ st = ENOMEM;
|
|
goto cleanup;
|
|
+ }
|
|
+ /* An empty list of bervals is only accepted for modify operations,
|
|
+ * not add operations. */
|
|
+ if (bersecretkey[0] != NULL || !create_standalone_prinicipal) {
|
|
+ st = krb5_add_ber_mem_ldap_mod(&mods, "krbprincipalkey",
|
|
+ LDAP_MOD_REPLACE | LDAP_MOD_BVALUES,
|
|
+ bersecretkey);
|
|
+ if (st != 0)
|
|
+ goto cleanup;
|
|
+ }
|
|
|
|
if (!(entry->mask & KADM5_PRINCIPAL)) {
|
|
memset(strval, 0, sizeof(strval));
|