From: Greg Hudson <ghudson@mit.edu>
Date: Fri, 16 Apr 2021 06:25:21 +0000 (-0400)
Subject: Add duplicate check to kadm5_create_policy()
X-Git-Tag: krb5-1.20-beta1~96
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=311f433cba0dba5cd88a837c0369295bc43d305e;p=thirdparty%2Fkrb5.git

Add duplicate check to kadm5_create_policy()

For symmetry with kadm5_create_principal_3(), check for an existing
policy in kadm5_create_policy() and return KADM5_DUP if one is found.

ticket: 9003 (new)
---

diff --git a/src/lib/kadm5/srv/svr_policy.c b/src/lib/kadm5/srv/svr_policy.c
index d7940efe10..9569e2479e 100644
--- a/src/lib/kadm5/srv/svr_policy.c
+++ b/src/lib/kadm5/srv/svr_policy.c
@@ -59,7 +59,7 @@ kadm5_ret_t
 kadm5_create_policy(void *server_handle, kadm5_policy_ent_t entry, long mask)
 {
     kadm5_server_handle_t handle = server_handle;
-    osa_policy_ent_rec  pent;
+    osa_policy_ent_rec  pent, *check_pol;
     int                 ret;
     char                *p;
 
@@ -80,6 +80,14 @@ kadm5_create_policy(void *server_handle, kadm5_policy_ent_t entry, long mask)
             return ret;
     }
 
+    ret = krb5_db_get_policy(handle->context, entry->policy, &check_pol);
+    if (!ret) {
+        krb5_db_free_policy(handle->context, check_pol);
+        return KADM5_DUP;
+    } else if (ret != KRB5_KDB_NOENTRY) {
+        return ret;
+    }
+
     memset(&pent, 0, sizeof(pent));
     pent.name = entry->policy;
     p = entry->policy;