From 83011252d7be71d60aa23df8648c516a6148203e Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Tue, 10 Mar 2015 15:03:08 -0400 Subject: [PATCH] kdc: adjust flags passed to hdb_fetch_kvno() The KDC's _kdc_db_fetch() cals the database's hdb_fetch_kvno() to obtain one or more decrypted versioned key sets. The KDC either requires one specific key set if a non-zero key version number is provided or all key sets. The key version zero indicates that the latest key version should be used. Prior to this change the KDC called hdb_fetch_kvno() with the HDB_F_KVNO_SPECIFIED flag when the kvno is zero breaking cross-realm with Active Directory. As of this change, HDB_F_KVNO_SPECIFIED is set for a non-zero kvno and HDB_F_ALL_KVNOS is set otherwise. Change-Id: I32f4d8da9b601d7bbec7d80cc34d0ff94f6670be --- kdc/misc.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/kdc/misc.c b/kdc/misc.c index c3e33fcca..0b119714a 100644 --- a/kdc/misc.c +++ b/kdc/misc.c @@ -53,9 +53,11 @@ _kdc_db_fetch(krb5_context context, *h = NULL; - if (kvno_ptr) { - kvno = *kvno_ptr; + if (kvno_ptr != NULL) { + if (*kvno_ptr != 0) flags |= HDB_F_KVNO_SPECIFIED; + else + flags |= HDB_F_ALL_KVNOS; } ent = calloc(1, sizeof (*ent));