Re: kadmin del_enctypes bumps kvno

[Buck Huppmann <buckh@pobox.com>]

> i inserted a kludge into _kadm5_setup_entry() that decrements the
> ent->kvno after the call to _kadm5_set_keys2() if !(princ_mask &
> KADM5_KVNO), but i don't think it's the right thing to do, so i'm
> hoping for a fix . . .

seeing as there's nothing seemingly forthcoming, i figure maybe my
complaint didn't make sense, so here's my ugly workaround, which
maybe speaks to the problem more lucidly

--buck

--- src/lib/kadm5/ent_setup.c.orig	Fri May 25 03:50:24 2001
+++ src/lib/kadm5/ent_setup.c	Fri Jan  9 16:58:31 2004
@@ -130,7 +130,30 @@
     }
     if(mask & KADM5_KEY_DATA
        && princ_mask & KADM5_KEY_DATA) {
+	krb5_kvno previous = ent->kvno;
 	_kadm5_set_keys2(context, ent, princ->n_key_data, princ->key_data);
+	/* this is for cases like del_enctype, when you're just adding
+	 * and removing from the key set but not changing any of the
+	 * holdovers--you don't want to bump the kvno in that case
+	 * (at least not without logging it, which isn't the case as of
+	 * 2004-01-09), but _kadm5_set_keys2 does that automatically, so
+	 * we undo that */
+	if (!(princ_mask & KADM5_KVNO)) {
+		/* make sure previous value was sensible. i don't think
+		 * this is necessary XXX */
+		if (previous < 1)
+		{
+			char *name;
+			if (krb5_unparse_name(context->context, princ, &name)) {
+				name = "<unparseable>";
+			}
+			krb5_abort(context->context, "trying to decrement ",
+				   "kvno below 1 for principal %s", name);
+			/* not reached */
+			free(name);
+		}
+		ent->kvno = previous;
+	}
     }
     if(mask & KADM5_TL_DATA) {
 	/* XXX */