Make randkey update principal mkvno

In kadm5_randkey_principal_3, after updating the principal's keys,
update its mkvno tl-data to indicate the master key version we
encrypted the new keys with.

ticket: 7994
target_version: 1.13
tags: pullup

diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
index bc66d5c74e1b14cdc72a759fac159554ffad8b04..5d358bd4cb443d5fbba88251b5496cb17183cc41 100644 (file)
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -1597,6 +1597,7 @@ kadm5_randkey_principal_3(void *server_handle,
     krb5_boolean                have_pol = FALSE;
     kadm5_server_handle_t       handle = server_handle;
     krb5_keyblock               *act_mkey;
+    krb5_kvno                   act_kvno;
     int                         new_n_ks_tuple = 0;
     krb5_key_salt_tuple         *new_ks_tuple = NULL;
 
@@ -1626,7 +1627,7 @@ kadm5_randkey_principal_3(void *server_handle,
         new_n_ks_tuple = 1;
     }
 
-    ret = kdb_get_active_mkey(handle, NULL, &act_mkey);
+    ret = kdb_get_active_mkey(handle, &act_kvno, &act_mkey);
     if (ret)
         goto done;
 
@@ -1635,6 +1636,10 @@ kadm5_randkey_principal_3(void *server_handle,
     if (ret)
         goto done;
 
+    ret = krb5_dbe_update_mkvno(handle->context, kdb, act_kvno);
+    if (ret)
+        goto done;
+
     kdb->attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
 
     ret = krb5_timeofday(handle->context, &now);