]> git.ipfire.org Git - thirdparty/krb5.git/commitdiff
projects / thirdparty / krb5.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 994f5f5)
Set pw_expiration during LDAP load
authorGreg Hudson <ghudson@mit.edu>
Thu, 4 Jun 2020 17:19:53 +0000 (13:19 -0400)
committerGreg Hudson <ghudson@mit.edu>
Tue, 3 Nov 2020 16:31:04 +0000 (11:31 -0500)
When loading a principal entry in process_k5beta7_princ(), set the
KADM5_PW_EXPIRATION mask bit so that the password expiration time is
set on the principal entry.  Add a regression test.

Reported (with fix) by Glenn Machin.

(cherry picked from commit 778d3fd9de50ab0c87cf0031e1dd24a8ec4bd552)

ticket: 8882
version_fixed: 1.17.2

src/kadmin/dbutil/dump.c patch | blob | blame | history
src/tests/t_kdb.py patch | blob | blame | history

diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c
index c9574c6e129dd9ea98312a965662a02fb54975d9..48b990e1a467710842ce0a21b13dbd49ab00fab4 100644 (file)
--- a/src/kadmin/dbutil/dump.c
+++ b/src/kadmin/dbutil/dump.c
@@ -799,7 +799,7 @@ process_k5beta7_princ(krb5_context context, const char *fname, FILE *filep,
     dbentry->fail_auth_count = u5;
     dbentry->mask = KADM5_LOAD | KADM5_PRINCIPAL | KADM5_ATTRIBUTES |
         KADM5_MAX_LIFE | KADM5_MAX_RLIFE |
-        KADM5_PRINC_EXPIRE_TIME | KADM5_LAST_SUCCESS |
+        KADM5_PRINC_EXPIRE_TIME | KADM5_PW_EXPIRATION | KADM5_LAST_SUCCESS |
         KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT;
 
     /* Read tagged data. */
diff --git a/src/tests/t_kdb.py b/src/tests/t_kdb.py
index 7879dfc4678a61be05a200eedb0f464e355f816b..df9677d80ff8e308b7993ed75b1daf4ea4df7e53 100755 (executable)
--- a/src/tests/t_kdb.py
+++ b/src/tests/t_kdb.py
@@ -522,13 +522,19 @@ realm.run([kadminl, 'getprinc', 'pwuser'],
 
 realm.stop()
 
-# Briefly test dump and load.
+# Test dump and load.  Include a regression test for #8882
+# (pw_expiration not set during load operation).
 mark('LDAP dump and load')
+realm.run([kadminl, 'modprinc', '-pwexpire', 'now', 'pwuser'])
 dumpfile = os.path.join(realm.testdir, 'dump')
 realm.run([kdb5_util, 'dump', dumpfile])
 realm.run([kdb5_util, 'load', dumpfile], expected_code=1,
           expected_msg='KDB module requires -update argument')
+realm.run([kadminl, 'delprinc', 'pwuser'])
 realm.run([kdb5_util, 'load', '-update', dumpfile])
+out = realm.run([kadminl, 'getprinc', 'pwuser'])
+if 'Password expiration date: [never]' in out:
+    fail('pw_expiration not preserved across dump and load')
 
 # Destroy the realm.
 kldaputil(['destroy', '-f'])
Mirror of https://github.com/krb5/krb5.git