r21390: move fetching the key version number into the function

which contrusts the keys...

later we need to get the key version number from the
"replPropertyMetaData" attribute entry to the (I assume)
the "unicodePwd" attribute.

msDs-KeyVersionNumber is a constructed attribute,
and is "1" when no "supplementalCredentials" is present.

we need to make some tests with a password change function
which don't give a cleartext to the server...

metze
(This used to be commit 9e4324221764c1413be34d5b14915a86740acc04)

1 files changed, 2 insertions, 2 deletions

diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c
index 4b28613686..bad3e08829 100644
--- a/source4/kdc/hdb-ldb.c
+++ b/source4/kdc/hdb-ldb.c
@@ -214,6 +214,8 @@ static krb5_error_code LDB_message2entry_keys(krb5_context context,
 	entry_ex->entry.keys.val = NULL;
 	entry_ex->entry.keys.len = 0;
 
+	entry_ex->entry.kvno = ldb_msg_find_attr_as_int(msg, "msDS-KeyVersionNumber", 0);
+
 	/* Get krb5Key from the db */
 
 	krb5keys = ldb_msg_find_element(msg, "krb5Key");
@@ -399,8 +401,6 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
 		krb5_princ_set_realm(context, entry_ex->entry.principal, &strdup_realm);
 	}
 
-	entry_ex->entry.kvno = ldb_msg_find_attr_as_int(msg, "msDS-KeyVersionNumber", 0);
-
 	entry_ex->entry.flags = uf2HDBFlags(context, userAccountControl, ent_type);
 
 	if (ent_type == HDB_LDB_ENT_TYPE_KRBTGT) {