Fixed booboos from kadm5 key history patch set

Also: add support for ignoring null enctype / zero-length keys,
    which *can* be found in MIT DB entries created in pre-historic
    times.

    Also: make the mitdb HDB backend more elegant (e.g., use the ASN.1
    compiler's generated sequence/array utility functions.

    Also: add a utility function needed for kadm5 kvno change
    improvements and make kadmin's mod --kvno work correctly and
    naturally.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>

lib/kadm5/ent_setup.c

@@ -178,26 +178,13 @@ _kadm5_setup_entry(kadm5_server_context *context,
 	}
     }
     if(mask & KADM5_KVNO
-       && princ_mask & KADM5_KVNO) {
-	/*
-	 * For some reason kadmin's ank changes the kvno after calling
-	 * randkey.  Now that we have key history, what are we to do
-	 * when we update kvno but not keys?!
-	 *
-	 * For now just clear the key history if the kvno changes.
-	 * Eventually we may want to search the key history for matching
-	 * keys and use those to replace the current key set (putting
-	 * the old current keyset in the history keysets list?!).
-	 */
-	if (ent->entry.kvno != princ->kvno &&
-	    (mask & princ_mask & KADM5_KEY_DATA)) {
-	    hdb_clear_extension(context->context, &ent->entry,
-				choice_HDB_extension_data_hist_keys);
-	    princ->kvno = ent->entry.kvno;
-	} else {
-	    /* _kadm5_set_keys2() expects this to have been done here */
-	    ent->entry.kvno = princ->kvno;
-	}
+       && (princ_mask & KADM5_KVNO)) {
+	krb5_error_code ret;
+
+	ret = hdb_change_kvno(context->context, princ->kvno, &ent->entry);
+	if (ret && ret != HDB_ERR_KVNO_NOT_FOUND)
+	    return ret;
+	ent->entry.kvno = princ->kvno; /* force it */
     }
     if(mask & KADM5_MAX_RLIFE) {
 	if(princ_mask & KADM5_MAX_RLIFE) {