kadm5: Add KRB5_KDB_AUTH_DATA_REQUIRED attribute

2023-06-04 22:54:28 -05:00
parent 3c4548025c
commit f126ea6d62
3 changed files with 6 additions and 0 deletions
--- a/lib/kadm5/admin.h
+++ b/lib/kadm5/admin.h
@@ -78,6 +78,7 @@
 #define KRB5_KDB_VIRTUAL                0x00400000 /* MIT doesn't have this */
 #define KRB5_KDB_DISALLOW_CLIENT        0x00800000 /* MIT doesn't have this */
 #define KRB5_KDB_NO_AUTH_DATA_REQUIRED	0x01000000 /* 0x00400000 in MIT */
+#define KRB5_KDB_AUTH_DATA_REQUIRED	0x02000000

 /*
 * MIT has:
--- a/lib/kadm5/ent_setup.c
+++ b/lib/kadm5/ent_setup.c
@@ -64,6 +64,10 @@ attr_to_flags(unsigned attr, HDBFlags *flags)
    flags->virtual_keys =      !!(attr & KRB5_KDB_VIRTUAL_KEYS);
    flags->virtual =           !!(attr & KRB5_KDB_VIRTUAL);
    flags->no_auth_data_reqd = !!(attr & KRB5_KDB_NO_AUTH_DATA_REQUIRED);
+    flags->auth_data_reqd =    !!(attr & KRB5_KDB_AUTH_DATA_REQUIRED);
+
+    if (flags->no_auth_data_reqd && flags->auth_data_reqd)
+        flags->auth_data_reqd = 0;
 }

 /*
--- a/lib/kadm5/get_s.c
+++ b/lib/kadm5/get_s.c
@@ -186,6 +186,7 @@ kadm5_s_get_principal(void *server_handle,
 	out->attributes |= ent.flags.virtual_keys ? KRB5_KDB_VIRTUAL_KEYS : 0;
 	out->attributes |= ent.flags.virtual ? KRB5_KDB_VIRTUAL : 0;
 	out->attributes |= ent.flags.no_auth_data_reqd ? KRB5_KDB_NO_AUTH_DATA_REQUIRED : 0;
+	out->attributes |= ent.flags.auth_data_reqd ? KRB5_KDB_AUTH_DATA_REQUIRED : 0;
    }
    if(mask & KADM5_MAX_LIFE) {
 	if(ent.max_life)