int n_keys;
char **princs;
int n_princs;
+ int keys_ok = 0;
krb5_storage *sp;
krb5_unparse_name_fixed(contextp->context, contextp->caller,
mask |= KADM5_PRINCIPAL;
krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name));
krb5_warnx(contextp->context, "%s: %s %s", client, op, name);
- ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_GET, princ);
+ ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_GET_KEYS, princ);
+ if (!ret)
+ keys_ok = 1;
+ else
+ ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_GET, princ);
if(ret){
krb5_free_principal(contextp->context, princ);
goto fail;
sp = krb5_storage_emem();
krb5_store_int32(sp, ret);
if(ret == 0){
- kadm5_store_principal_ent(sp, &ent);
+ if (keys_ok)
+ kadm5_store_principal_ent_nokeys(sp, &ent);
+ else
+ kadm5_store_principal_ent(sp, &ent);
kadm5_free_principal_ent(kadm_handlep, &ent);
}
krb5_free_principal(contextp->context, princ);