s4:heimdal: import lorikeet-heimdal-201010022046 (commit 1bea031b9404b14114b0272ecbe56e60c567af5c)

author: Andrew Bartlett <abartlet@samba.org> 2010-10-02 16:32:56 +1000
committer: Andrew Bartlett <abartlet@samba.org> 2010-10-03 01:15:04 +0000
commit: 21460dfc14acdeef69b6cd910da80f261316be63 (patch)
tree: fcc7b9c9b03331ae6a1117a9688fc957868e942b /source4/heimdal/kdc
parent: a2c4f54dfb47fa73c12ba305d52574aeb6baedd9 (diff)
download: samba-21460dfc14acdeef69b6cd910da80f261316be63.tar.gz
samba-21460dfc14acdeef69b6cd910da80f261316be63.tar.bz2
samba-21460dfc14acdeef69b6cd910da80f261316be63.zip
4 files changed, 28 insertions, 18 deletions
diff --git a/source4/heimdal/kdc/digest.c b/source4/heimdal/kdc/digest.c
index 1a383fa205..70b45c2af6 100644
--- a/source4/heimdal/kdc/digest.c
+++ b/source4/heimdal/kdc/digest.c
@@ -177,7 +177,7 @@ get_password_entry(krb5_context context,
 	return ret;
 
     ret = _kdc_db_fetch(context, config, clientprincipal,
-			HDB_F_GET_CLIENT, &db, &user);
+			HDB_F_GET_CLIENT, NULL, &db, &user);
     krb5_free_principal(context, clientprincipal);
     if (ret)
 	return ret;
@@ -292,7 +292,7 @@ _kdc_do_digest(krb5_context context,
 	krb5_clear_error_message(context);
 
 	ret = _kdc_db_fetch(context, config, principal,
-			    HDB_F_GET_SERVER, NULL, &server);
+			    HDB_F_GET_SERVER, NULL, NULL, &server);
 	if (ret)
 	    goto out;
 
@@ -314,7 +314,7 @@ _kdc_do_digest(krb5_context context,
 	}
 
 	ret = _kdc_db_fetch(context, config, principal,
-			    HDB_F_GET_CLIENT, NULL, &client);
+			    HDB_F_GET_CLIENT, NULL, NULL, &client);
 	krb5_free_principal(context, principal);
 	if (ret)
 	    goto out;
@@ -874,7 +874,7 @@ _kdc_do_digest(krb5_context context,
 		goto failed;
 	
 	    ret = _kdc_db_fetch(context, config, clientprincipal,
-				HDB_F_GET_CLIENT, NULL, &user);
+				HDB_F_GET_CLIENT, NULL, NULL, &user);
 	    krb5_free_principal(context, clientprincipal);
 	    if (ret) {
 		krb5_set_error_message(context, ret,
@@ -1158,7 +1158,7 @@ _kdc_do_digest(krb5_context context,
 	    goto failed;
 
 	ret = _kdc_db_fetch(context, config, clientprincipal,
-			    HDB_F_GET_CLIENT, NULL, &user);
+			    HDB_F_GET_CLIENT, NULL, NULL, &user);
 	krb5_free_principal(context, clientprincipal);
 	if (ret) {
 	    krb5_set_error_message(context, ret, "NTLM user %s not in database",
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index 9fb0998a2a..40e597befb 100644
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -988,7 +988,7 @@ _kdc_as_rep(krb5_context context,
      */
 
     ret = _kdc_db_fetch(context, config, client_princ,
-			HDB_F_GET_CLIENT | flags, 0,
+			HDB_F_GET_CLIENT | flags, NULL,
 			&clientdb, &client);
     if(ret){
 	const char *msg = krb5_get_error_message(context, ret);
@@ -1000,7 +1000,7 @@ _kdc_as_rep(krb5_context context,
 
     ret = _kdc_db_fetch(context, config, server_princ,
 			HDB_F_GET_SERVER|HDB_F_GET_KRBTGT,
-			0, NULL, &server);
+			NULL, NULL, &server);
     if(ret){
 	const char *msg = krb5_get_error_message(context, ret);
 	kdc_log(context, config, 0, "UNKNOWN -- %s: %s", server_name, msg);
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
index 23f9674bef..71d99e2bee 100644
--- a/source4/heimdal/kdc/krb5tgs.c
+++ b/source4/heimdal/kdc/krb5tgs.c
@@ -351,7 +351,7 @@ check_PAC(krb5_context context,
 		    *signedpath = 1;
 		    ret = _krb5_pac_sign(context, pac, tkt->authtime,
 					 client_principal,
-					 server_key, krbtgt_key, rspac);
+					 server_key, krbtgt_sign_key, rspac);
 		}
 		krb5_pac_free(context, pac);
 		
@@ -1563,7 +1563,7 @@ tgs_build_reply(krb5_context context,
 
 server_lookup:
     ret = _kdc_db_fetch(context, config, sp, HDB_F_GET_SERVER | HDB_F_CANON,
-			0, NULL, &server);
+			NULL, NULL, &server);
 
     if(ret){
 	const char *new_rlm, *msg;
@@ -1624,7 +1624,7 @@ server_lookup:
     }
 
     ret = _kdc_db_fetch(context, config, cp, HDB_F_GET_CLIENT | HDB_F_CANON,
-			0, &clientdb, &client);
+			NULL, &clientdb, &client);
     if(ret) {
 	const char *krbtgt_realm, *msg;
 
@@ -1845,7 +1845,7 @@ server_lookup:
 		krb5_pac p = NULL;
 		krb5_data_free(&rspac);
 		ret = _kdc_db_fetch(context, config, client_principal, HDB_F_GET_CLIENT | HDB_F_CANON,
-				    0, &s4u2self_impersonated_clientdb, &s4u2self_impersonated_client);
+				    NULL, &s4u2self_impersonated_clientdb, &s4u2self_impersonated_client);
 		if (ret) {
 		    const char *msg;
 
diff --git a/source4/heimdal/kdc/misc.c b/source4/heimdal/kdc/misc.c
index 3080748463..9feb99cdbc 100644
--- a/source4/heimdal/kdc/misc.c
+++ b/source4/heimdal/kdc/misc.c
@@ -47,7 +47,7 @@ _kdc_db_fetch(krb5_context context,
     hdb_entry_ex *ent;
     krb5_error_code ret;
     int i;
-    unsigned kvno;
+    unsigned kvno = 0;
 
     if (kvno_ptr) {
 	    kvno = *kvno_ptr;
@@ -91,12 +91,22 @@ _kdc_db_fetch(krb5_context context,
 	    continue;
 	}
 
-	ret = config->db[i]->hdb_fetch(context,
-				       config->db[i],
-				       principal,
-				       flags | HDB_F_DECRYPT,
-				       kvno,
-				       ent);
+	if (config->db[i]->hdb_fetch_kvno) {
+		ret = config->db[i]->hdb_fetch_kvno(context,
+						    config->db[i],
+						    principal,
+						    flags | HDB_F_DECRYPT,
+						    kvno,
+						    ent);
+	} else {
+		flags &= ~HDB_F_KVNO_SPECIFIED;
+		ret = config->db[i]->hdb_fetch(context,
+					       config->db[i],
+					       principal,
+					       flags | HDB_F_DECRYPT,
+					       ent);
+	}
+
 	krb5_free_principal(context, enterprise_principal);
 
 	config->db[i]->hdb_close(context, config->db[i]);
author	Andrew Bartlett <abartlet@samba.org>	2010-10-02 16:32:56 +1000
committer	Andrew Bartlett <abartlet@samba.org>	2010-10-03 01:15:04 +0000
commit	21460dfc14acdeef69b6cd910da80f261316be63 (patch)
tree	fcc7b9c9b03331ae6a1117a9688fc957868e942b /source4/heimdal/kdc
parent	a2c4f54dfb47fa73c12ba305d52574aeb6baedd9 (diff)
download	samba-21460dfc14acdeef69b6cd910da80f261316be63.tar.gz samba-21460dfc14acdeef69b6cd910da80f261316be63.tar.bz2 samba-21460dfc14acdeef69b6cd910da80f261316be63.zip