Set TL_DATA mask flag for master key operations

When kdb5_util adds or removes master keys, it modifies tl-data but
doesn't set the KADM5_TL_DATA mask flag, causing KDB modules that rely
on this signaling (such as the LDAP module) not to store the tl-data
changes.  Fix this issue by setting the mask bit in add_new_mkey() and
kdb5_purge_mkeys().

[ghudson@mit.edu: edit commit message]

ticket: 8327 (new)
target_version: 1.14-next
tags: pullup

diff --git a/src/kadmin/dbutil/kdb5_mkey.c b/src/kadmin/dbutil/kdb5_mkey.c
index 2f90cb0ada68d255fd69f8ae0cc0092a9ba8cb78..04497327027132d182becbbf7fac1b1518f6cff1 100644 (file)
--- a/src/kadmin/dbutil/kdb5_mkey.c
+++ b/src/kadmin/dbutil/kdb5_mkey.c
@@ -178,7 +178,7 @@ add_new_mkey(krb5_context context, krb5_db_entry *master_entry,
                                            mkey_aux_data_head))) {
         goto clean_n_exit;
     }
-    master_entry->mask |= KADM5_KEY_DATA;
+    master_entry->mask |= KADM5_KEY_DATA | KADM5_TL_DATA;
 
 clean_n_exit:
     krb5_dbe_free_mkey_aux_list(context, mkey_aux_data_head);
@@ -1366,7 +1366,7 @@ kdb5_purge_mkeys(int argc, char *argv[])
         goto cleanup_return;
     }
 
-    master_entry->mask |= KADM5_KEY_DATA;
+    master_entry->mask |= KADM5_KEY_DATA | KADM5_TL_DATA;
 
     if ((retval = krb5_db_put_principal(util_context, master_entry))) {
         (void) krb5_db_fini(util_context);