From c877f13c8985d820583b0d7ac1bb4c5dc36e677e Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 9 Dec 2015 18:09:18 -0500 Subject: [PATCH] Set TL_DATA mask flag for master key operations When kdb5_util adds or removes master keys, it modifies tl-data but doesn't set the KADM5_TL_DATA mask flag, causing KDB modules that rely on this signaling (such as the LDAP module) not to store the tl-data changes. Fix this issue by setting the mask bit in add_new_mkey() and kdb5_purge_mkeys(). [ghudson@mit.edu: edit commit message] ticket: 8327 (new) target_version: 1.14-next tags: pullup --- src/kadmin/dbutil/kdb5_mkey.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/kadmin/dbutil/kdb5_mkey.c b/src/kadmin/dbutil/kdb5_mkey.c index 2f90cb0ada..0449732702 100644 --- a/src/kadmin/dbutil/kdb5_mkey.c +++ b/src/kadmin/dbutil/kdb5_mkey.c @@ -178,7 +178,7 @@ add_new_mkey(krb5_context context, krb5_db_entry *master_entry, mkey_aux_data_head))) { goto clean_n_exit; } - master_entry->mask |= KADM5_KEY_DATA; + master_entry->mask |= KADM5_KEY_DATA | KADM5_TL_DATA; clean_n_exit: krb5_dbe_free_mkey_aux_list(context, mkey_aux_data_head); @@ -1366,7 +1366,7 @@ kdb5_purge_mkeys(int argc, char *argv[]) goto cleanup_return; } - master_entry->mask |= KADM5_KEY_DATA; + master_entry->mask |= KADM5_KEY_DATA | KADM5_TL_DATA; if ((retval = krb5_db_put_principal(util_context, master_entry))) { (void) krb5_db_fini(util_context); -- 2.47.2