Fix kadm5 setkey operation with LDAP KDB

Add mask assignments to kadm5_setv4key_principal() and
kadm5_setkey_principal_4() so that their changes to the principal are
properly written to KDB modules which use the mask flag, such as the
LDAP KDB module.  Reported by Frank Lonigro.

ticket: 8589
target_version: 1.15-next
target_version: 1.14-next
tags: pullup

diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
index aa562569a1159b435ef92597cc99c0805245173b..2420f2c2bebb9cbcc85ee822465e92e5e544fad4 100644 (file)
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -1732,6 +1732,9 @@ kadm5_setv4key_principal(void *server_handle,
     /* unlock principal on this KDC */
     kdb->fail_auth_count = 0;
 
+    /* key data changed, let the database provider know */
+    kdb->mask = KADM5_KEY_DATA | KADM5_FAIL_AUTH_COUNT;
+
     if ((ret = kdb_put_entry(handle, kdb, &adb)))
         goto done;
 
@@ -1982,6 +1985,9 @@ kadm5_setkey_principal_4(void *server_handle, krb5_principal principal,
     /* Unlock principal on this KDC. */
     kdb->fail_auth_count = 0;
 
+    /* key data changed, let the database provider know */
+    kdb->mask = KADM5_KEY_DATA | KADM5_FAIL_AUTH_COUNT;
+
     ret = kdb_put_entry(handle, kdb, &adb);
     if (ret)
         goto done;