From: Simo Sorce <simo@redhat.com>
Date: Wed, 9 Dec 2015 23:09:18 +0000 (-0500)
Subject: Set TL_DATA mask flag for master key operations
X-Git-Tag: krb5-1.15-beta1~319
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c877f13c8985d820583b0d7ac1bb4c5dc36e677e;p=thirdparty%2Fkrb5.git

Set TL_DATA mask flag for master key operations

When kdb5_util adds or removes master keys, it modifies tl-data but
doesn't set the KADM5_TL_DATA mask flag, causing KDB modules that rely
on this signaling (such as the LDAP module) not to store the tl-data
changes.  Fix this issue by setting the mask bit in add_new_mkey() and
kdb5_purge_mkeys().

[ghudson@mit.edu: edit commit message]

ticket: 8327 (new)
target_version: 1.14-next
tags: pullup
---

diff --git a/src/kadmin/dbutil/kdb5_mkey.c b/src/kadmin/dbutil/kdb5_mkey.c
index 2f90cb0ada..0449732702 100644
--- a/src/kadmin/dbutil/kdb5_mkey.c
+++ b/src/kadmin/dbutil/kdb5_mkey.c
@@ -178,7 +178,7 @@ add_new_mkey(krb5_context context, krb5_db_entry *master_entry,
                                            mkey_aux_data_head))) {
         goto clean_n_exit;
     }
-    master_entry->mask |= KADM5_KEY_DATA;
+    master_entry->mask |= KADM5_KEY_DATA | KADM5_TL_DATA;
 
 clean_n_exit:
     krb5_dbe_free_mkey_aux_list(context, mkey_aux_data_head);
@@ -1366,7 +1366,7 @@ kdb5_purge_mkeys(int argc, char *argv[])
         goto cleanup_return;
     }
 
-    master_entry->mask |= KADM5_KEY_DATA;
+    master_entry->mask |= KADM5_KEY_DATA | KADM5_TL_DATA;
 
     if ((retval = krb5_db_put_principal(util_context, master_entry))) {
         (void) krb5_db_fini(util_context);