From: Greg Hudson Date: Mon, 18 Aug 2014 19:09:41 +0000 (-0400) Subject: Make randkey update principal mkvno X-Git-Tag: krb5-1.13-beta1~24 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=af27b167ebde8de25ceabfe0c8be8e054854430a;p=thirdparty%2Fkrb5.git Make randkey update principal mkvno In kadm5_randkey_principal_3, after updating the principal's keys, update its mkvno tl-data to indicate the master key version we encrypted the new keys with. (cherry picked from commit 05a3b205c5d7ee491a64e24581cb4def3814c05b) ticket: 7994 --- diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c index bc66d5c74e..5d358bd4cb 100644 --- a/src/lib/kadm5/srv/svr_principal.c +++ b/src/lib/kadm5/srv/svr_principal.c @@ -1597,6 +1597,7 @@ kadm5_randkey_principal_3(void *server_handle, krb5_boolean have_pol = FALSE; kadm5_server_handle_t handle = server_handle; krb5_keyblock *act_mkey; + krb5_kvno act_kvno; int new_n_ks_tuple = 0; krb5_key_salt_tuple *new_ks_tuple = NULL; @@ -1626,7 +1627,7 @@ kadm5_randkey_principal_3(void *server_handle, new_n_ks_tuple = 1; } - ret = kdb_get_active_mkey(handle, NULL, &act_mkey); + ret = kdb_get_active_mkey(handle, &act_kvno, &act_mkey); if (ret) goto done; @@ -1635,6 +1636,10 @@ kadm5_randkey_principal_3(void *server_handle, if (ret) goto done; + ret = krb5_dbe_update_mkvno(handle->context, kdb, act_kvno); + if (ret) + goto done; + kdb->attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; ret = krb5_timeofday(handle->context, &now);