oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

hdb: Do not apply new service key delay to clients

Browse Source 
The new [hdb] new_service_key_delay parameter should not apply to
principal entries when used as clients.  Otherwise new passwords would
not take effect immediately, and that would be very confusing.
This commit is contained in:
Nicolas Williams
2020-09-09 21:48:29 -05:00
parent 18459de867
commit ff13573ce5
6 changed files with 15 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/kadm5/get_s.c
View File

@@ -123,7 +123,8 @@ kadm5_s_get_principal(void *server_handle,
kadm5_server_context *context = server_handle;
kadm5_ret_t ret;
hdb_entry_ex ent;
unsigned int flags = HDB_F_GET_ANY | HDB_F_ADMIN_DATA;
unsigned int flags = HDB_F_GET_ANY | HDB_F_ADMIN_DATA |
HDB_F_DELAY_NEW_KEYS;
if ((mask & KADM5_KEY_DATA) || (mask & KADM5_KVNO))
flags |= HDB_F_ALL_KVNOS | HDB_F_DECRYPT;
@@ -148,9 +149,8 @@ kadm5_s_get_principal(void *server_handle,
* For now we won't attempt to recover the log.
*/
ret = hdb_fetch_kvno(context->context, context->db, princ,
HDB_F_DECRYPT|HDB_F_ALL_KVNOS|
HDB_F_GET_ANY|HDB_F_ADMIN_DATA, 0, 0, 0, &ent);
ret = hdb_fetch_kvno(context->context, context->db, princ, flags,
0 /*timestamp*/, 0/*etype*/, 0/*kvno*/, &ent);
if (!context->keep_open)
context->db->hdb_close(context->context, context->db);