oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: adjust flags passed to hdb_fetch_kvno()

Browse Source 
The KDC's _kdc_db_fetch() cals the database's hdb_fetch_kvno() to obtain
one or more decrypted versioned key sets.  The KDC either requires one
specific key set if a non-zero key version number is provided or all key sets.
The key version zero indicates that the latest key version should be used.

Prior to this change the KDC called hdb_fetch_kvno() with the
HDB_F_KVNO_SPECIFIED flag when the kvno is zero breaking cross-realm
with Active Directory.

As of this change, HDB_F_KVNO_SPECIFIED is set for a non-zero kvno and
HDB_F_ALL_KVNOS is set otherwise.

Change-Id: I32f4d8da9b601d7bbec7d80cc34d0ff94f6670be
This commit is contained in:
Jeffrey Altman
2015-03-10 15:03:08 -04:00
parent fca6363307
commit 83011252d7
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
kdc/misc.c
View File

@@ -53,9 +53,11 @@ _kdc_db_fetch(krb5_context context,
*h = NULL;
if (kvno_ptr) {
kvno = *kvno_ptr;
if (kvno_ptr != NULL) {
if (*kvno_ptr != 0)
flags |= HDB_F_KVNO_SPECIFIED;
else
flags |= HDB_F_ALL_KVNOS;
}
ent = calloc(1, sizeof (*ent));