diff options
author | Andrew Bartlett <abartlet@samba.org> | 2010-09-28 13:07:53 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2010-09-29 04:23:07 +1000 |
commit | 9b5e304ccedc8f0f7ce2342e4d9c621417dd1c1e (patch) | |
tree | 3e11b02e04b6791939a8dda1606bf1ab7b7de38f /source4/heimdal/lib | |
parent | 3021af2777ffd28f595835630510e367e7286c1c (diff) | |
download | samba-9b5e304ccedc8f0f7ce2342e4d9c621417dd1c1e.tar.gz samba-9b5e304ccedc8f0f7ce2342e4d9c621417dd1c1e.tar.bz2 samba-9b5e304ccedc8f0f7ce2342e4d9c621417dd1c1e.zip |
heimdal Add support for extracting a particular KVNO from the database
This should allow master key rollover.
(but the real reason is to allow multiple krbtgt accounts, as used by
Active Directory to implement RODC support)
Andrew Bartlett
Diffstat (limited to 'source4/heimdal/lib')
-rw-r--r-- | source4/heimdal/lib/hdb/hdb.h | 3 | ||||
-rw-r--r-- | source4/heimdal/lib/hdb/keytab.c | 2 |
2 files changed, 3 insertions, 2 deletions
diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h index 469a330812..ca67d2ddd8 100644 --- a/source4/heimdal/lib/hdb/hdb.h +++ b/source4/heimdal/lib/hdb/hdb.h @@ -54,6 +54,7 @@ enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK }; #define HDB_F_GET_ANY 28 /* fetch any of client,server,krbtgt */ #define HDB_F_CANON 32 /* want canonicalition */ #define HDB_F_ADMIN_DATA 64 /* want data that kdc don't use */ +#define HDB_F_KVNO_SPECIFIED 128 /* we want a particular KVNO */ /* hdb_capability_flags */ #define HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL 1 @@ -122,7 +123,7 @@ typedef struct HDB{ * should be fetch: client, server, krbtgt. */ krb5_error_code (*hdb_fetch)(krb5_context, struct HDB*, - krb5_const_principal, unsigned, + krb5_const_principal, unsigned, unsigned, hdb_entry_ex*); /** * Store an entry to database diff --git a/source4/heimdal/lib/hdb/keytab.c b/source4/heimdal/lib/hdb/keytab.c index 925ff67c58..524cea6f45 100644 --- a/source4/heimdal/lib/hdb/keytab.c +++ b/source4/heimdal/lib/hdb/keytab.c @@ -213,7 +213,7 @@ hdb_get_entry(krb5_context context, ret = (*db->hdb_fetch)(context, db, principal, HDB_F_DECRYPT| HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT, - &ent); + 0, &ent); if(ret == HDB_ERR_NOENTRY) { ret = KRB5_KT_NOTFOUND; |