From 911d592a85cb5d4e793c83cf702178d14ac21e6d Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Mon, 15 Oct 2018 18:32:31 -0400 Subject: [PATCH] Don't dump policies if principals are specified If kdb5_util dump is asked to filter for specific principals, do not dump the policy database. ticket: 8752 (new) --- src/kadmin/dbutil/dump.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c index c792afd1a6..86e046c429 100644 --- a/src/kadmin/dbutil/dump.c +++ b/src/kadmin/dbutil/dump.c @@ -1453,7 +1453,8 @@ dump_db(int argc, char **argv) goto error; } - if (dump->dump_policy != NULL) { + /* Don't dump policies if specific principal entries were requested. */ + if (dump->dump_policy != NULL && args.nnames == 0) { ret = krb5_db_iter_policy(util_context, "*", dump->dump_policy, &args); if (ret) { com_err(progname, ret, _("performing %s dump"), dump->name); -- 2.47.2