For symmetry with the libkadm5srv functions to create and modify
principals, check for undefined mask bits when creating or modifying
policies.
ticket: 9002 (new)
(KADM5_POLICY | KADM5_PW_MAX_LIFE | KADM5_PW_MIN_LIFE | \
KADM5_PW_MIN_LENGTH | KADM5_PW_MIN_CLASSES | KADM5_PW_HISTORY_NUM | \
KADM5_REF_COUNT | KADM5_PW_MAX_FAILURE | KADM5_PW_FAILURE_COUNT_INTERVAL | \
- KADM5_PW_LOCKOUT_DURATION )
+ KADM5_PW_LOCKOUT_DURATION | KADM5_POLICY_ATTRIBUTES | \
+ KADM5_POLICY_MAX_LIFE | KADM5_POLICY_MAX_RLIFE | \
+ KADM5_POLICY_ALLOWED_KEYSALTS | KADM5_POLICY_TL_DATA)
#define SERVER_CHECK_HANDLE(handle) \
{ \
return EINVAL;
if(strlen(entry->policy) == 0)
return KADM5_BAD_POLICY;
- if (!(mask & KADM5_POLICY))
+ if (!(mask & KADM5_POLICY) || (mask & ~ALL_POLICY_MASK))
return KADM5_BAD_MASK;
if ((mask & KADM5_POLICY_ALLOWED_KEYSALTS) &&
entry->allowed_keysalts != NULL) {
return EINVAL;
if(strlen(entry->policy) == 0)
return KADM5_BAD_POLICY;
- if((mask & KADM5_POLICY))
+ if ((mask & KADM5_POLICY) || (mask & ~ALL_POLICY_MASK))
return KADM5_BAD_MASK;
if ((mask & KADM5_POLICY_ALLOWED_KEYSALTS) &&
entry->allowed_keysalts != NULL) {
projects / thirdparty / krb5.git / commitdiff
