From 311f433cba0dba5cd88a837c0369295bc43d305e Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Fri, 16 Apr 2021 02:25:21 -0400 Subject: [PATCH] Add duplicate check to kadm5_create_policy() For symmetry with kadm5_create_principal_3(), check for an existing policy in kadm5_create_policy() and return KADM5_DUP if one is found. ticket: 9003 (new) --- src/lib/kadm5/srv/svr_policy.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/lib/kadm5/srv/svr_policy.c b/src/lib/kadm5/srv/svr_policy.c index d7940efe10..9569e2479e 100644 --- a/src/lib/kadm5/srv/svr_policy.c +++ b/src/lib/kadm5/srv/svr_policy.c @@ -59,7 +59,7 @@ kadm5_ret_t kadm5_create_policy(void *server_handle, kadm5_policy_ent_t entry, long mask) { kadm5_server_handle_t handle = server_handle; - osa_policy_ent_rec pent; + osa_policy_ent_rec pent, *check_pol; int ret; char *p; @@ -80,6 +80,14 @@ kadm5_create_policy(void *server_handle, kadm5_policy_ent_t entry, long mask) return ret; } + ret = krb5_db_get_policy(handle->context, entry->policy, &check_pol); + if (!ret) { + krb5_db_free_policy(handle->context, check_pol); + return KADM5_DUP; + } else if (ret != KRB5_KDB_NOENTRY) { + return ret; + } + memset(&pent, 0, sizeof(pent)); pent.name = entry->policy; p = entry->policy; -- 2.47.2