Forgot to save edits to kadmin/server.c to use the new get-keys authorization.

diff --git a/kadmin/server.c b/kadmin/server.c
index bc8dd3d6194b25cfa68bc5f24d7f80cf5495a48f..0eed5fc2ada521af34d41c60ca99b94778f64d66 100644 (file)
--- a/kadmin/server.c
+++ b/kadmin/server.c
@@ -53,6 +53,7 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
     int n_keys;
     char **princs;
     int n_princs;
+    int keys_ok = 0;
     krb5_storage *sp;
 
     krb5_unparse_name_fixed(contextp->context, contextp->caller,
@@ -77,7 +78,11 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
        mask |= KADM5_PRINCIPAL;
        krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name));
        krb5_warnx(contextp->context, "%s: %s %s", client, op, name);
-       ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_GET, princ);
+       ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_GET_KEYS, princ);
+       if (!ret)
+           keys_ok = 1;
+       else
+           ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_GET, princ);
        if(ret){
            krb5_free_principal(contextp->context, princ);
            goto fail;
@@ -87,7 +92,10 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
        sp = krb5_storage_emem();
        krb5_store_int32(sp, ret);
        if(ret == 0){
-           kadm5_store_principal_ent(sp, &ent);
+           if (keys_ok)
+               kadm5_store_principal_ent_nokeys(sp, &ent);
+           else
+               kadm5_store_principal_ent(sp, &ent);
            kadm5_free_principal_ent(kadm_handlep, &ent);
        }
        krb5_free_principal(contextp->context, princ);