summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-09-28 13:07:53 +1000
committerAndrew Bartlett <abartlet@samba.org>2010-09-29 04:23:07 +1000
commit9b5e304ccedc8f0f7ce2342e4d9c621417dd1c1e (patch)
tree3e11b02e04b6791939a8dda1606bf1ab7b7de38f /source4/heimdal/lib
parent3021af2777ffd28f595835630510e367e7286c1c (diff)
downloadsamba-9b5e304ccedc8f0f7ce2342e4d9c621417dd1c1e.tar.gz
samba-9b5e304ccedc8f0f7ce2342e4d9c621417dd1c1e.tar.bz2
samba-9b5e304ccedc8f0f7ce2342e4d9c621417dd1c1e.zip
heimdal Add support for extracting a particular KVNO from the database
This should allow master key rollover. (but the real reason is to allow multiple krbtgt accounts, as used by Active Directory to implement RODC support) Andrew Bartlett
Diffstat (limited to 'source4/heimdal/lib')
-rw-r--r--source4/heimdal/lib/hdb/hdb.h3
-rw-r--r--source4/heimdal/lib/hdb/keytab.c2
2 files changed, 3 insertions, 2 deletions
diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h
index 469a330812..ca67d2ddd8 100644
--- a/source4/heimdal/lib/hdb/hdb.h
+++ b/source4/heimdal/lib/hdb/hdb.h
@@ -54,6 +54,7 @@ enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK };
#define HDB_F_GET_ANY 28 /* fetch any of client,server,krbtgt */
#define HDB_F_CANON 32 /* want canonicalition */
#define HDB_F_ADMIN_DATA 64 /* want data that kdc don't use */
+#define HDB_F_KVNO_SPECIFIED 128 /* we want a particular KVNO */
/* hdb_capability_flags */
#define HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL 1
@@ -122,7 +123,7 @@ typedef struct HDB{
* should be fetch: client, server, krbtgt.
*/
krb5_error_code (*hdb_fetch)(krb5_context, struct HDB*,
- krb5_const_principal, unsigned,
+ krb5_const_principal, unsigned, unsigned,
hdb_entry_ex*);
/**
* Store an entry to database
diff --git a/source4/heimdal/lib/hdb/keytab.c b/source4/heimdal/lib/hdb/keytab.c
index 925ff67c58..524cea6f45 100644
--- a/source4/heimdal/lib/hdb/keytab.c
+++ b/source4/heimdal/lib/hdb/keytab.c
@@ -213,7 +213,7 @@ hdb_get_entry(krb5_context context,
ret = (*db->hdb_fetch)(context, db, principal,
HDB_F_DECRYPT|
HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT,
- &ent);
+ 0, &ent);
if(ret == HDB_ERR_NOENTRY) {
ret = KRB5_KT_NOTFOUND;