Add duplicate check to kadm5_create_policy()

For symmetry with kadm5_create_principal_3(), check for an existing
policy in kadm5_create_policy() and return KADM5_DUP if one is found.

ticket: 9003 (new)

diff --git a/src/lib/kadm5/srv/svr_policy.c b/src/lib/kadm5/srv/svr_policy.c
index d7940efe10ef4c55da22f98d19bb318ff29ff11b..9569e2479ef8307d1286405c1c4e56e2bf729b66 100644 (file)
--- a/src/lib/kadm5/srv/svr_policy.c
+++ b/src/lib/kadm5/srv/svr_policy.c
@@ -59,7 +59,7 @@ kadm5_ret_t
 kadm5_create_policy(void *server_handle, kadm5_policy_ent_t entry, long mask)
 {
     kadm5_server_handle_t handle = server_handle;
-    osa_policy_ent_rec  pent;
+    osa_policy_ent_rec  pent, *check_pol;
     int                 ret;
     char                *p;
 
@@ -80,6 +80,14 @@ kadm5_create_policy(void *server_handle, kadm5_policy_ent_t entry, long mask)
             return ret;
     }
 
+    ret = krb5_db_get_policy(handle->context, entry->policy, &check_pol);
+    if (!ret) {
+        krb5_db_free_policy(handle->context, check_pol);
+        return KADM5_DUP;
+    } else if (ret != KRB5_KDB_NOENTRY) {
+        return ret;
+    }
+
     memset(&pent, 0, sizeof(pent));
     pent.name = entry->policy;
     p = entry->policy;