From 17104ea2f22aff7f4e0a9ede347e3c96514ef3f0 Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@twosigma.com>
Date: Mon, 25 Apr 2022 16:53:00 -0500
Subject: [PATCH] hdb: Ignore disabled namespaces

If a virtual host-based service namespace is disabled, then the virtual
services below it cease existing.

This will be useful in a later commit where we'll use virtual host-based
service namespace for providing default attributes for new concrete
host-based service principals created via httpkadmind, whether the
namespace be enabled or disabled.
---
 lib/hdb/common.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/hdb/common.c b/lib/hdb/common.c
index 7752dd6a0..4f2d0cef5 100644
--- a/lib/hdb/common.c
+++ b/lib/hdb/common.c
@@ -1612,6 +1612,10 @@ fetch_it(krb5_context context,
          * of labels.
          */
 	ret = db->hdb_fetch_kvno(context, db, tmpprinc, flags, kvno, ent);
+        if (ret == 0 && nsprinc && ent->flags.invalid) {
+            free_HDB_entry(ent);
+            ret = HDB_ERR_NOENTRY;
+        }
 	if (ret != HDB_ERR_NOENTRY || hdots == 0 || hdots < mindots || !tmp ||
             !do_search)
             break;