[30001] in CVS-changelog-for-Kerberos-V5

home help back first fref pref prev next nref lref last post

krb5 commit [krb5-1.15]: Fix kadm5 setkey operation with LDAP KDB

daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Jul 17 23:01:53 2017

Date: Mon, 17 Jul 2017 22:59:39 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201707180259.v6I2xdB9032509@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu

https://github.com/krb5/krb5/commit/902d335537b67061ba4c61193592fe556a8fe295
commit 902d335537b67061ba4c61193592fe556a8fe295
Author: Greg Hudson <ghudson@mit.edu>
Date:   Mon Jun 26 17:31:37 2017 -0400

    Fix kadm5 setkey operation with LDAP KDB
    
    Add mask assignments to kadm5_setv4key_principal() and
    kadm5_setkey_principal_4() so that their changes to the principal are
    properly written to KDB modules which use the mask flag, such as the
    LDAP KDB module.  Reported by Frank Lonigro.
    
    (cherry picked from commit f8ed1bde848a16dfda5c6558ffe4326acc37bc95)
    
    ticket: 8589
    version_fixed: 1.15.2

 src/lib/kadm5/srv/svr_principal.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
index 0640b47..8f4da0e 100644
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -1788,6 +1788,9 @@ kadm5_setv4key_principal(void *server_handle,
     /* unlock principal on this KDC */
     kdb->fail_auth_count = 0;
 
+    /* key data changed, let the database provider know */
+    kdb->mask = KADM5_KEY_DATA | KADM5_FAIL_AUTH_COUNT;
+
     if ((ret = kdb_put_entry(handle, kdb, &adb)))
         goto done;
 
@@ -2038,6 +2041,9 @@ kadm5_setkey_principal_4(void *server_handle, krb5_principal principal,
     /* Unlock principal on this KDC. */
     kdb->fail_auth_count = 0;
 
+    /* key data changed, let the database provider know */
+    kdb->mask = KADM5_KEY_DATA | KADM5_FAIL_AUTH_COUNT;
+
     ret = kdb_put_entry(handle, kdb, &adb);
     if (ret)
         goto done;
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
home help back first fref pref prev next nref lref last post