IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

ipa-kdb: set krblastpwdchange only when keys have been effectively changed

Browse Source
This commit is contained in:
Simo Sorce 2012-02-13 22:43:15 -05:00 committed by Rob Crittenden
parent c3c59ce15c
commit 0c6e047128
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
daemons/ipa-kdb/ipa_kdb_principals.c
View File

@ -1422,7 +1422,8 @@ static krb5_error_code ipadb_entry_to_mods(krb5_context kcontext,
/* KADM5_LAST_PWD_CHANGE */ /* KADM5_LAST_PWD_CHANGE */
/* apparently, at least some versions of kadmin fail to set this flag /* apparently, at least some versions of kadmin fail to set this flag
* when they do include a pwd change timestamp in TL_DATA. * when they do include a pwd change timestamp in TL_DATA.
* So for now always check for it regardless. */ * So for now check if KADM5_KEY_DATA has been set, which kadm5
* always does on password changes */
#if KADM5_ACTUALLY_SETS_LAST_PWD_CHANGE #if KADM5_ACTUALLY_SETS_LAST_PWD_CHANGE
if (entry->mask & KMASK_LAST_PWD_CHANGE) { if (entry->mask & KMASK_LAST_PWD_CHANGE) {
if (!entry->n_tl_data) { if (!entry->n_tl_data) {
@ -1431,7 +1432,8 @@ static krb5_error_code ipadb_entry_to_mods(krb5_context kcontext,
} }
#else #else
if (entry->n_tl_data) { if (entry->n_tl_data &&
entry->mask & KMASK_KEY_DATA) {
#endif #endif
kerr = ipadb_get_tl_data(entry, kerr = ipadb_get_tl_data(entry,
KRB5_TL_LAST_PWD_CHANGE, KRB5_TL_LAST_PWD_CHANGE,