2 files changed, 19 insertions, 4 deletions

diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c
index 53b1abee94..3956ce2b15 100644
--- a/source4/kdc/hdb-samba4.c
+++ b/source4/kdc/hdb-samba4.c
@@ -82,18 +82,33 @@ static krb5_error_code hdb_samba4_remove(krb5_context context, HDB *db, krb5_con
 	return HDB_ERR_DB_INUSE;
 }
 
+static krb5_error_code hdb_samba4_fetch_kvno(krb5_context context, HDB *db,
+					     krb5_const_principal principal,
+					     unsigned flags,
+					     unsigned kvno,
+					     hdb_entry_ex *entry_ex)
+{
+	struct samba_kdc_db_context *kdc_db_ctx;
+
+	kdc_db_ctx = talloc_get_type_abort(db->hdb_db,
+					   struct samba_kdc_db_context);
+
+	return samba_kdc_fetch(context, kdc_db_ctx, principal, flags, kvno, entry_ex);
+}
+
 static krb5_error_code hdb_samba4_fetch(krb5_context context, HDB *db,
 					krb5_const_principal principal,
 					unsigned flags,
-					unsigned kvno,
 					hdb_entry_ex *entry_ex)
 {
 	struct samba_kdc_db_context *kdc_db_ctx;
 
+	flags &= ~HDB_F_KVNO_SPECIFIED;
+
 	kdc_db_ctx = talloc_get_type_abort(db->hdb_db,
 					   struct samba_kdc_db_context);
 
-	return samba_kdc_fetch(context, kdc_db_ctx, principal, flags, kvno, entry_ex);
+	return samba_kdc_fetch(context, kdc_db_ctx, principal, flags, 0, entry_ex);
 }
 
 static krb5_error_code hdb_samba4_firstkey(krb5_context context, HDB *db, unsigned flags,
@@ -186,6 +201,7 @@ NTSTATUS hdb_samba4_create_kdc(struct samba_kdc_base_context *base_ctx,
 	(*db)->hdb_open = hdb_samba4_open;
 	(*db)->hdb_close = hdb_samba4_close;
 	(*db)->hdb_fetch = hdb_samba4_fetch;
+	(*db)->hdb_fetch_kvno = hdb_samba4_fetch_kvno;
 	(*db)->hdb_store = hdb_samba4_store;
 	(*db)->hdb_remove = hdb_samba4_remove;
 	(*db)->hdb_firstkey = hdb_samba4_firstkey;
diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c
index 4dd2113dff..3242258e23 100644
--- a/source4/kdc/kdc.c
+++ b/source4/kdc/kdc.c
@@ -632,9 +632,8 @@ static NTSTATUS kdc_check_generic_kerberos(struct irpc_message *msg,
 					    kdc->config->db[0],
 					    principal,
 					    HDB_F_GET_KRBTGT | HDB_F_DECRYPT,
-					    0,
 					    &ent);
-
+	
 	if (ret != 0) {
 		hdb_free_entry(kdc->smb_krb5_context->krb5_context, &ent);
 		krb5_free_principal(kdc->smb_krb5_context->krb5_context, principal);