krb5 commit: Set missing mask flags for kdb5_util operations

Wed Jan 8 19:08:17 EST 2025

https://github.com/krb5/krb5/commit/4ed7da378940198cf4415f86d4eb013de6ac6455
commit 4ed7da378940198cf4415f86d4eb013de6ac6455
Author: Julien Rische <jrische at redhat.com>
Date:   Thu Aug 1 10:56:07 2024 +0200

    Set missing mask flags for kdb5_util operations
    
    Set KADM5_TL_DATA for the use_mkey and update_princ_encryption
    commands.  (Commit c877f13c8985d820583b0d7ac1bb4c5dc36e677e did this
    for the add_new_mkey and purge_mkeys commands.)  Set appropriate flags
    for the add_random_key command.
    
    [ghudson at mit.edu: combined two commits; pruned out proposed mask flag
    additions for values represented within key data or tl-data (like
    KADM5_MKVNO), as those flags are currently only used in the kadm5
    protocol, not to communicate with the KDB module]
    
    ticket: 9158 (new)

 src/kadmin/dbutil/kdb5_mkey.c | 4 +++-
 src/kadmin/dbutil/kdb5_util.c | 3 +++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/kadmin/dbutil/kdb5_mkey.c b/src/kadmin/dbutil/kdb5_mkey.c
index 0088c8eaf..3e213123f 100644
--- a/src/kadmin/dbutil/kdb5_mkey.c
+++ b/src/kadmin/dbutil/kdb5_mkey.c
@@ -510,6 +510,8 @@ kdb5_use_mkey(int argc, char *argv[])
         goto cleanup_return;
     }
 
+    master_entry->mask |= KADM5_TL_DATA;
+
     if ((retval = krb5_db_put_principal(util_context, master_entry))) {
         com_err(progname, retval,
                 _("while adding master key entry to the database"));
@@ -780,7 +782,7 @@ update_princ_encryption_1(void *cb, krb5_db_entry *ent)
         goto fail;
     }
 
-    ent->mask |= KADM5_KEY_DATA;
+    ent->mask |= KADM5_KEY_DATA | KADM5_TL_DATA;
 
     if ((retval = krb5_db_put_principal(util_context, ent))) {
         com_err(progname, retval, _("while updating principal '%s' key data "
diff --git a/src/kadmin/dbutil/kdb5_util.c b/src/kadmin/dbutil/kdb5_util.c
index fd3cc1f96..88218dba7 100644
--- a/src/kadmin/dbutil/kdb5_util.c
+++ b/src/kadmin/dbutil/kdb5_util.c
@@ -600,6 +600,9 @@ add_random_key(int argc, char **argv)
         exit_status++;
         return;
     }
+
+    dbent->mask |= KADM5_ATTRIBUTES | KADM5_KEY_DATA | KADM5_TL_DATA;
+
     ret = krb5_db_put_principal(util_context, dbent);
     krb5_db_free_principal(util_context, dbent);
     if (ret) {
