Parse "ktadd -norandkey" in remote kadmin client

The remote kadmin client would not parse the "-norandkey" option to
the ktadd subcommand, terminating option parsing and possibly causing
options to be interpreted as principal names.

(cherry picked from commit 13e9694b17945d43d0cfc203b2645204f2d87086)

ticket: 8131 (new)
version_fixed: 1.12.3
status: resolved

diff --git a/src/kadmin/cli/keytab.c b/src/kadmin/cli/keytab.c
index 6d7288feb9f21e0b232119de9a5e5be6f34f9fe7..580787998cf2b037cd4dd13e1adc07407ffbe273 100644 (file)
--- a/src/kadmin/cli/keytab.c
+++ b/src/kadmin/cli/keytab.c
@@ -52,9 +52,7 @@ static char *etype_string(krb5_enctype enctype);
 
 static int quiet;
 
-#ifdef KADMIN_LOCAL
 static int norandkey;
-#endif
 
 static void
 add_usage()
@@ -135,9 +133,7 @@ kadmin_keytab_add(int argc, char **argv)
 
     argc--; argv++;
     quiet = 0;
-#ifdef KADMIN_LOCAL
     norandkey = 0;
-#endif
     while (argc) {
         if (strncmp(*argv, "-k", 2) == 0) {
             argc--; argv++;
@@ -148,9 +144,13 @@ kadmin_keytab_add(int argc, char **argv)
             keytab_str = *argv;
         } else if (strcmp(*argv, "-q") == 0) {
             quiet++;
-#ifdef KADMIN_LOCAL
         } else if (strcmp(*argv, "-norandkey") == 0) {
+#ifdef KADMIN_LOCAL
             norandkey++;
+#else
+            fprintf(stderr,
+                    _("-norandkey option only valid for kadmin.local\n"));
+            return;
 #endif
         } else if (strcmp(*argv, "-e") == 0) {
             argc--;
@@ -176,13 +176,11 @@ kadmin_keytab_add(int argc, char **argv)
         return;
     }
 
-#ifdef KADMIN_LOCAL
     if (norandkey && ks_tuple) {
         fprintf(stderr,
                 _("cannot specify keysaltlist when not changing key\n"));
         return;
     }
-#endif
 
     if (process_keytab(context, &keytab_str, &keytab))
         return;