From f126ea6d62c2222a5abb15bab09fdc76d1dab4a4 Mon Sep 17 00:00:00 2001 From: Nicolas Williams Date: Sun, 4 Jun 2023 22:54:28 -0500 Subject: [PATCH] kadm5: Add KRB5_KDB_AUTH_DATA_REQUIRED attribute --- lib/kadm5/admin.h | 1 + lib/kadm5/ent_setup.c | 4 ++++ lib/kadm5/get_s.c | 1 + 3 files changed, 6 insertions(+) diff --git a/lib/kadm5/admin.h b/lib/kadm5/admin.h index 4f8ac22d9..530070c78 100644 --- a/lib/kadm5/admin.h +++ b/lib/kadm5/admin.h @@ -78,6 +78,7 @@ #define KRB5_KDB_VIRTUAL 0x00400000 /* MIT doesn't have this */ #define KRB5_KDB_DISALLOW_CLIENT 0x00800000 /* MIT doesn't have this */ #define KRB5_KDB_NO_AUTH_DATA_REQUIRED 0x01000000 /* 0x00400000 in MIT */ +#define KRB5_KDB_AUTH_DATA_REQUIRED 0x02000000 /* * MIT has: diff --git a/lib/kadm5/ent_setup.c b/lib/kadm5/ent_setup.c index 24a7983b6..03c4fb1d4 100644 --- a/lib/kadm5/ent_setup.c +++ b/lib/kadm5/ent_setup.c @@ -64,6 +64,10 @@ attr_to_flags(unsigned attr, HDBFlags *flags) flags->virtual_keys = !!(attr & KRB5_KDB_VIRTUAL_KEYS); flags->virtual = !!(attr & KRB5_KDB_VIRTUAL); flags->no_auth_data_reqd = !!(attr & KRB5_KDB_NO_AUTH_DATA_REQUIRED); + flags->auth_data_reqd = !!(attr & KRB5_KDB_AUTH_DATA_REQUIRED); + + if (flags->no_auth_data_reqd && flags->auth_data_reqd) + flags->auth_data_reqd = 0; } /* diff --git a/lib/kadm5/get_s.c b/lib/kadm5/get_s.c index 0c87343d2..c231366c5 100644 --- a/lib/kadm5/get_s.c +++ b/lib/kadm5/get_s.c @@ -186,6 +186,7 @@ kadm5_s_get_principal(void *server_handle, out->attributes |= ent.flags.virtual_keys ? KRB5_KDB_VIRTUAL_KEYS : 0; out->attributes |= ent.flags.virtual ? KRB5_KDB_VIRTUAL : 0; out->attributes |= ent.flags.no_auth_data_reqd ? KRB5_KDB_NO_AUTH_DATA_REQUIRED : 0; + out->attributes |= ent.flags.auth_data_reqd ? KRB5_KDB_AUTH_DATA_REQUIRED : 0; } if(mask & KADM5_MAX_LIFE) { if(ent.max_life)