diff options
Diffstat (limited to 'source4/heimdal/lib/hdb')
-rw-r--r-- | source4/heimdal/lib/hdb/hdb-keytab.c | 19 | ||||
-rw-r--r-- | source4/heimdal/lib/hdb/hdb.h | 12 | ||||
-rw-r--r-- | source4/heimdal/lib/hdb/keytab.c | 16 |
3 files changed, 39 insertions, 8 deletions
diff --git a/source4/heimdal/lib/hdb/hdb-keytab.c b/source4/heimdal/lib/hdb/hdb-keytab.c index 1b74eab252..393981e47d 100644 --- a/source4/heimdal/lib/hdb/hdb-keytab.c +++ b/source4/heimdal/lib/hdb/hdb-keytab.c @@ -117,13 +117,18 @@ hkt_open(krb5_context context, HDB * db, int flags, mode_t mode) } static krb5_error_code -hkt_fetch(krb5_context context, HDB * db, krb5_const_principal principal, - unsigned flags, hdb_entry_ex * entry) +hkt_fetch_kvno(krb5_context context, HDB * db, krb5_const_principal principal, + unsigned flags, unsigned kvno, hdb_entry_ex * entry) { hdb_keytab k = (hdb_keytab)db->hdb_db; krb5_error_code ret; krb5_keytab_entry ktentry; + if (!(flags & HDB_F_KVNO_SPECIFIED)) { + /* Preserve previous behaviour if no kvno specified */ + kvno = 0; + } + memset(&ktentry, 0, sizeof(ktentry)); entry->entry.flags.server = 1; @@ -143,7 +148,7 @@ hkt_fetch(krb5_context context, HDB * db, krb5_const_principal principal, * enctypes should work. */ - ret = krb5_kt_get_entry(context, k->keytab, principal, 0, 0, &ktentry); + ret = krb5_kt_get_entry(context, k->keytab, principal, kvno, 0, &ktentry); if (ret) { ret = HDB_ERR_NOENTRY; goto out; @@ -166,6 +171,13 @@ hkt_fetch(krb5_context context, HDB * db, krb5_const_principal principal, } static krb5_error_code +hkt_fetch(krb5_context context, HDB * db, krb5_const_principal principal, + unsigned flags, hdb_entry_ex * entry) +{ + return hkt_fetch_kvno(context, db, principal, flags & ~HDB_F_KVNO_SPECIFIED, 0, entry); +} + +static krb5_error_code hkt_store(krb5_context context, HDB * db, unsigned flags, hdb_entry_ex * entry) { @@ -210,6 +222,7 @@ hdb_keytab_create(krb5_context context, HDB ** db, const char *arg) (*db)->hdb_open = hkt_open; (*db)->hdb_close = hkt_close; (*db)->hdb_fetch = hkt_fetch; + (*db)->hdb_fetch_kvno = hkt_fetch_kvno; (*db)->hdb_store = hkt_store; (*db)->hdb_remove = NULL; (*db)->hdb_firstkey = hkt_firstkey; diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h index ca67d2ddd8..bcd190caa3 100644 --- a/source4/heimdal/lib/hdb/hdb.h +++ b/source4/heimdal/lib/hdb/hdb.h @@ -123,9 +123,19 @@ typedef struct HDB{ * should be fetch: client, server, krbtgt. */ krb5_error_code (*hdb_fetch)(krb5_context, struct HDB*, - krb5_const_principal, unsigned, unsigned, + krb5_const_principal, unsigned, hdb_entry_ex*); /** + * Fetch an entry from the backend + * + * Fetch an entry from the backend, flags are what type of entry + * should be fetch: client, server, krbtgt. + * knvo (if specified and flags HDB_F_KVNO_SPECIFIED set) is the kvno to get + */ + krb5_error_code (*hdb_fetch_kvno)(krb5_context, struct HDB*, + krb5_const_principal, unsigned, unsigned, + hdb_entry_ex*); + /** * Store an entry to database */ krb5_error_code (*hdb_store)(krb5_context, struct HDB*, diff --git a/source4/heimdal/lib/hdb/keytab.c b/source4/heimdal/lib/hdb/keytab.c index efaed7f420..b8cc0d47ee 100644 --- a/source4/heimdal/lib/hdb/keytab.c +++ b/source4/heimdal/lib/hdb/keytab.c @@ -210,10 +210,18 @@ hdb_get_entry(krb5_context context, (*db->hdb_destroy)(context, db); goto out2; } - ret = (*db->hdb_fetch)(context, db, principal, - HDB_F_DECRYPT| - HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT, - 0, &ent); + + if (*db->hdb_fetch_kvno) { + ret = (*db->hdb_fetch_kvno)(context, db, principal, + HDB_F_DECRYPT|HDB_F_KVNO_SPECIFIED| + HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT, + kvno, &ent); + } else { + ret = (*db->hdb_fetch)(context, db, principal, + HDB_F_DECRYPT| + HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT, + &ent); + } if(ret == HDB_ERR_NOENTRY) { ret = KRB5_KT_NOTFOUND; |