From f8ed1bde848a16dfda5c6558ffe4326acc37bc95 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 26 Jun 2017 17:31:37 -0400
Subject: [PATCH] Fix kadm5 setkey operation with LDAP KDB

Add mask assignments to kadm5_setv4key_principal() and
kadm5_setkey_principal_4() so that their changes to the principal are
properly written to KDB modules which use the mask flag, such as the
LDAP KDB module.  Reported by Frank Lonigro.

ticket: 8589
target_version: 1.15-next
target_version: 1.14-next
tags: pullup
---
 src/lib/kadm5/srv/svr_principal.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
index aa562569a1..2420f2c2be 100644
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -1732,6 +1732,9 @@ kadm5_setv4key_principal(void *server_handle,
     /* unlock principal on this KDC */
     kdb->fail_auth_count = 0;
 
+    /* key data changed, let the database provider know */
+    kdb->mask = KADM5_KEY_DATA | KADM5_FAIL_AUTH_COUNT;
+
     if ((ret = kdb_put_entry(handle, kdb, &adb)))
         goto done;
 
@@ -1982,6 +1985,9 @@ kadm5_setkey_principal_4(void *server_handle, krb5_principal principal,
     /* Unlock principal on this KDC. */
     kdb->fail_auth_count = 0;
 
+    /* key data changed, let the database provider know */
+    kdb->mask = KADM5_KEY_DATA | KADM5_FAIL_AUTH_COUNT;
+
     ret = kdb_put_entry(handle, kdb, &adb);
     if (ret)
         goto done;
-- 
2.47.2