Changed decrypt key history logic and added HDB_F_ALL_KVNOS.

lib/kadm5/get_s.c

@@ -130,7 +130,8 @@ kadm5_s_get_principal(void *server_handle,
     if(ret)
 	return ret;
     ret = context->db->hdb_fetch_kvno(context->context, context->db, princ,
-				      HDB_F_DECRYPT|HDB_F_GET_ANY|HDB_F_ADMIN_DATA, 0, &ent);
+				      HDB_F_DECRYPT|HDB_F_ALL_KVNOS|
+				      HDB_F_GET_ANY|HDB_F_ADMIN_DATA, 0, &ent);
     context->db->hdb_close(context->context, context->db);
     if(ret)
 	return _kadm5_error_code(ret);

lib/kadm5/log.c

@@ -585,7 +585,8 @@ kadm5_log_replay_modify (kadm5_server_context *context,
     memset(&ent, 0, sizeof(ent));
     ret = context->db->hdb_fetch_kvno(context->context, context->db,
 				      log_ent.entry.principal,
-				      HDB_F_DECRYPT|HDB_F_GET_ANY|HDB_F_ADMIN_DATA, 0, &ent);
+				      HDB_F_DECRYPT|HDB_F_ALL_KVNOS|
+				      HDB_F_GET_ANY|HDB_F_ADMIN_DATA, 0, &ent);
     if (ret)
 	goto out;
     if (mask & KADM5_PRINC_EXPIRE_TIME) {
@@ -698,6 +699,8 @@ kadm5_log_replay_modify (kadm5_server_context *context,
 	size_t num;
 	size_t i;
 
+	/* XXX Take care of key history!! */
+
 	for (i = 0; i < ent.entry.keys.len; ++i)
 	    free_Key(&ent.entry.keys.val[i]);
 	free (ent.entry.keys.val);