[16505] in Kerberos-V5-bugs
[krbdev.mit.edu #8877] git commit
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Wed Mar 18 14:07:19 2020
From: "Greg Hudson via RT" <rt@KRBDEV-PROD-APP-1.mit.edu>
In-Reply-To:
Message-ID: <rt-4.4.4-104120-1584554816-514.8877-5-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #8877":;
Date: Wed, 18 Mar 2020 14:06:56 -0400
MIME-Version: 1.0
Reply-To: rt@KRBDEV-PROD-APP-1.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8877 >
Allow deletion of require_auth with LDAP KDB
In update_ldap_mod_auth_ind(), if there is no string attribute value
for require_auth, check for krbPrincipalAuthInd attributes that might
need to be removed. (This will only work if the entry is loaded and
then modified, but that is the normal case for an existing entry.)
Move the update_ldap_mod_auth_ind() call inside the tl-data
conditional (which should perhaps be a check for KADM5_TL_DATA in the
mask instead). A modification which did not intend to update tl-data
should not remove the krbPrincipalAuthInd attributes.
Change get_int_from_tl_data() to to zero its output so that it can't
leave a garbage value behind if it returns 0 (as it does if no
KDB_TL_USER_INFO tl-data is present).
Based on a patch by Glenn Machin.
(cherry picked from commit 6d9da7bb216f96cbdd731aa894714bd84213a9d0)
https://github.com/krb5/krb5/commit/03cc033ece30c515a6d7e72c4b37c9b7ca746acd
Author: Greg Hudson <ghudson@mit.edu>
Commit: 03cc033ece30c515a6d7e72c4b37c9b7ca746acd
Branch: krb5-1.17
src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c | 2 +
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c | 31 +++++++++++++-------
src/tests/t_kdb.py | 26 ++++++++++++++++-
3 files changed, 47 insertions(+), 12 deletions(-)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
