From f5f1729930733a2193e9b1663c0b98dbe72d6cb2 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Mon, 26 Jun 2017 17:31:37 -0400 Subject: Fix kadm5 setkey operation with LDAP KDB Add mask assignments to kadm5_setv4key_principal() and kadm5_setkey_principal_4() so that their changes to the principal are properly written to KDB modules which use the mask flag, such as the LDAP KDB module. Reported by Frank Lonigro. (cherry picked from commit f8ed1bde848a16dfda5c6558ffe4326acc37bc95) ticket: 8589 version_fixed: 1.14.6 --- src/lib/kadm5/srv/svr_principal.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c index 87b8c23..51a7c99 100644 --- a/src/lib/kadm5/srv/svr_principal.c +++ b/src/lib/kadm5/srv/svr_principal.c @@ -1892,6 +1892,9 @@ kadm5_setv4key_principal(void *server_handle, /* unlock principal on this KDC */ kdb->fail_auth_count = 0; + /* key data changed, let the database provider know */ + kdb->mask = KADM5_KEY_DATA | KADM5_FAIL_AUTH_COUNT; + if ((ret = kdb_put_entry(handle, kdb, &adb))) goto done; @@ -2156,6 +2159,9 @@ kadm5_setkey_principal_3(void *server_handle, /* unlock principal on this KDC */ kdb->fail_auth_count = 0; + /* key data changed, let the database provider know */ + kdb->mask = KADM5_KEY_DATA | KADM5_FAIL_AUTH_COUNT; + if ((ret = kdb_put_entry(handle, kdb, &adb))) goto done; -- cgit v1.1