summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2011-03-04 16:12:29 +0100
committerStefan Metzmacher <metze@samba.org>2011-03-04 21:19:05 +0100
commit0c78640e674914d3ee7e8233813ee91a44f16440 (patch)
treee9cd57cab2f7ef624af5286484958d5851163c3a
parenta511d37d83be3bf47440527ad2b54fd124ba97a5 (diff)
downloadsamba-0c78640e674914d3ee7e8233813ee91a44f16440.tar.gz
samba-0c78640e674914d3ee7e8233813ee91a44f16440.tar.bz2
samba-0c78640e674914d3ee7e8233813ee91a44f16440.zip
s4:kdc: fix calculation of the rodc kvno
Bit shifting is non-trivial in C:-) This int32_t a = 0x12340000; uint32_t b = (a >> 16); results in 0x00001234, but this int32_t a = 0xEDCB0000; uint32_t b = (a >> 16); results in 0xFFFFEDCB, while we expected 0x0000EDCB. metze
-rw-r--r--source4/kdc/db-glue.c16
1 files changed, 12 insertions, 4 deletions
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index ed64685a4f..7a3b1f4f69 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -36,6 +36,13 @@
#include "kdc/samba_kdc.h"
#include "kdc/kdc-policy.h"
+#define SAMBA_KVNO_GET_KRBTGT(kvno) \
+ ((uint16_t)(((uint32_t)kvno) >> 16))
+
+#define SAMBA_KVNO_AND_KRBTGT(kvno, krbtgt) \
+ ((krb5_kvno)((((uint32_t)kvno) & 0xFFFF) | \
+ ((((uint32_t)krbtgt) << 16) & 0xFFFF0000)))
+
enum samba_kdc_ent_type
{ SAMBA_KDC_ENT_TYPE_CLIENT, SAMBA_KDC_ENT_TYPE_SERVER,
SAMBA_KDC_ENT_TYPE_KRBTGT, SAMBA_KDC_ENT_TYPE_TRUST, SAMBA_KDC_ENT_TYPE_ANY };
@@ -206,6 +213,7 @@ static krb5_error_code samba_kdc_message2entry_keys(krb5_context context,
uint16_t i;
uint16_t allocated_keys = 0;
int rodc_krbtgt_number = 0;
+ int kvno = 0;
uint32_t supported_enctypes
= ldb_msg_find_attr_as_uint(msg,
"msDS-SupportedEncryptionTypes",
@@ -245,14 +253,14 @@ static krb5_error_code samba_kdc_message2entry_keys(krb5_context context,
}
}
-
entry_ex->entry.keys.val = NULL;
entry_ex->entry.keys.len = 0;
- entry_ex->entry.kvno = ldb_msg_find_attr_as_int(msg, "msDS-KeyVersionNumber", 0);
+ kvno = ldb_msg_find_attr_as_int(msg, "msDS-KeyVersionNumber", 0);
if (is_rodc) {
- entry_ex->entry.kvno |= (rodc_krbtgt_number << 16);
+ kvno = SAMBA_KVNO_AND_KRBTGT(kvno, rodc_krbtgt_number);
}
+ entry_ex->entry.kvno = kvno;
/* Get keys from the db */
@@ -1334,7 +1342,7 @@ krb5_error_code samba_kdc_fetch(krb5_context context,
TALLOC_CTX *mem_ctx;
unsigned int krbtgt_number;
if (flags & HDB_F_KVNO_SPECIFIED) {
- krbtgt_number = kvno >> 16;
+ krbtgt_number = SAMBA_KVNO_GET_KRBTGT(kvno);
if (kdc_db_ctx->rodc) {
if (krbtgt_number != kdc_db_ctx->my_krbtgt_number) {
return HDB_ERR_NOT_FOUND_HERE;