Implement the locked flag.

author: Russ Allbery <rra@stanford.edu> 2007-09-18 23:34:05 +0000
committer: Russ Allbery <rra@stanford.edu> 2007-09-18 23:34:05 +0000
commit: dca2ad830232e2e8f9c577658f38779b66c8383a (patch)
tree: 6ffdcfe7e34bb6daf9eadd2e7975540fe0bde5ce /perl/Wallet/Object/Keytab.pm
parent: 63064e0eed47e6932ad6917ef793e6ccde23160c (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/perl/Wallet/Object/Keytab.pm b/perl/Wallet/Object/Keytab.pm
index 38e0938..e4a41cd 100644
--- a/perl/Wallet/Object/Keytab.pm
+++ b/perl/Wallet/Object/Keytab.pm
@@ -187,6 +187,11 @@ sub create {
 # Override destroy to delete the principal out of Kerberos as well.
 sub destroy {
     my ($self, $user, $host, $time) = @_;
+    my $id = $self->{type} . ':' . $self->{name};
+    if ($self->flag_check ('locked')) {
+        $self->error ("cannot destroy $id: object is locked");
+        return;
+    }
     return undef if not $self->_kadmin_delprinc ($self->{name});
     return $self->SUPER::destroy ($user, $host, $time);
 }
@@ -196,6 +201,11 @@ sub destroy {
 sub get {
     my ($self, $user, $host, $time) = @_;
     $time ||= time;
+    my $id = $self->{type} . ':' . $self->{name};
+    if ($self->flag_check ('locked')) {
+        $self->error ("cannot get $id: object is locked");
+        return;
+    }
     unless (defined ($Wallet::Config::KEYTAB_TMP)) {
         $self->error ('KEYTAB_TMP configuration variable not set');
         return undef;
author	Russ Allbery <rra@stanford.edu>	2007-09-18 23:34:05 +0000
committer	Russ Allbery <rra@stanford.edu>	2007-09-18 23:34:05 +0000
commit	dca2ad830232e2e8f9c577658f38779b66c8383a (patch)
tree	6ffdcfe7e34bb6daf9eadd2e7975540fe0bde5ce /perl/Wallet/Object/Keytab.pm
parent	63064e0eed47e6932ad6917ef793e6ccde23160c (diff)