Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
kadmind: don't send bogus keys to ext_keytab et al
The Heimdal kadmind sends bogus keys when the client has 'get' but not 'get-keys' permission. For some kadmin commands this is dangerous. For example, ext_keytab could happily write bogus keys to a keytab when real keys are expected, causing eventual breakage. Sending bogus keys is important for the kadmin get command: so it can list the keysets that a principal has. This patch implements a heuristic detection of kadmin get vs. ext_keytab, add_enctype, del_enctype, and check commands. If the client principal lacks 'get-keys' permission, then the server will fail requests that appear to be from those kadmin commands, but will continue to serve bogus keys to kadmin get commands. Thanks to Nico Williams for the idea behind this implementation.
- Loading branch information