diff options
author | Stefan Metzmacher <metze@samba.org> | 2011-03-04 16:12:29 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2011-03-04 21:19:05 +0100 |
commit | 0c78640e674914d3ee7e8233813ee91a44f16440 (patch) | |
tree | e9cd57cab2f7ef624af5286484958d5851163c3a | |
parent | a511d37d83be3bf47440527ad2b54fd124ba97a5 (diff) | |
download | samba-0c78640e674914d3ee7e8233813ee91a44f16440.tar.gz samba-0c78640e674914d3ee7e8233813ee91a44f16440.tar.bz2 samba-0c78640e674914d3ee7e8233813ee91a44f16440.zip |
s4:kdc: fix calculation of the rodc kvno
Bit shifting is non-trivial in C:-)
This
int32_t a = 0x12340000;
uint32_t b = (a >> 16);
results in 0x00001234, but this
int32_t a = 0xEDCB0000;
uint32_t b = (a >> 16);
results in 0xFFFFEDCB, while we expected 0x0000EDCB.
metze
-rw-r--r-- | source4/kdc/db-glue.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c index ed64685a4f..7a3b1f4f69 100644 --- a/source4/kdc/db-glue.c +++ b/source4/kdc/db-glue.c @@ -36,6 +36,13 @@ #include "kdc/samba_kdc.h" #include "kdc/kdc-policy.h" +#define SAMBA_KVNO_GET_KRBTGT(kvno) \ + ((uint16_t)(((uint32_t)kvno) >> 16)) + +#define SAMBA_KVNO_AND_KRBTGT(kvno, krbtgt) \ + ((krb5_kvno)((((uint32_t)kvno) & 0xFFFF) | \ + ((((uint32_t)krbtgt) << 16) & 0xFFFF0000))) + enum samba_kdc_ent_type { SAMBA_KDC_ENT_TYPE_CLIENT, SAMBA_KDC_ENT_TYPE_SERVER, SAMBA_KDC_ENT_TYPE_KRBTGT, SAMBA_KDC_ENT_TYPE_TRUST, SAMBA_KDC_ENT_TYPE_ANY }; @@ -206,6 +213,7 @@ static krb5_error_code samba_kdc_message2entry_keys(krb5_context context, uint16_t i; uint16_t allocated_keys = 0; int rodc_krbtgt_number = 0; + int kvno = 0; uint32_t supported_enctypes = ldb_msg_find_attr_as_uint(msg, "msDS-SupportedEncryptionTypes", @@ -245,14 +253,14 @@ static krb5_error_code samba_kdc_message2entry_keys(krb5_context context, } } - entry_ex->entry.keys.val = NULL; entry_ex->entry.keys.len = 0; - entry_ex->entry.kvno = ldb_msg_find_attr_as_int(msg, "msDS-KeyVersionNumber", 0); + kvno = ldb_msg_find_attr_as_int(msg, "msDS-KeyVersionNumber", 0); if (is_rodc) { - entry_ex->entry.kvno |= (rodc_krbtgt_number << 16); + kvno = SAMBA_KVNO_AND_KRBTGT(kvno, rodc_krbtgt_number); } + entry_ex->entry.kvno = kvno; /* Get keys from the db */ @@ -1334,7 +1342,7 @@ krb5_error_code samba_kdc_fetch(krb5_context context, TALLOC_CTX *mem_ctx; unsigned int krbtgt_number; if (flags & HDB_F_KVNO_SPECIFIED) { - krbtgt_number = kvno >> 16; + krbtgt_number = SAMBA_KVNO_GET_KRBTGT(kvno); if (kdc_db_ctx->rodc) { if (krbtgt_number != kdc_db_ctx->my_krbtgt_number) { return HDB_ERR_NOT_FOUND_HERE; |