From 9b5e304ccedc8f0f7ce2342e4d9c621417dd1c1e Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 28 Sep 2010 13:07:53 +1000
Subject: heimdal Add support for extracting a particular KVNO from the
 database

This should allow master key rollover.

(but the real reason is to allow multiple krbtgt accounts, as used by
Active Directory to implement RODC support)

Andrew Bartlett
---
 source4/heimdal/kdc/misc.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'source4/heimdal/kdc/misc.c')

diff --git a/source4/heimdal/kdc/misc.c b/source4/heimdal/kdc/misc.c
index 39f91dcf10..3080748463 100644
--- a/source4/heimdal/kdc/misc.c
+++ b/source4/heimdal/kdc/misc.c
@@ -40,12 +40,19 @@ _kdc_db_fetch(krb5_context context,
 	      krb5_kdc_configuration *config,
 	      krb5_const_principal principal,
 	      unsigned flags,
+	      krb5int32 *kvno_ptr,
 	      HDB **db,
 	      hdb_entry_ex **h)
 {
     hdb_entry_ex *ent;
     krb5_error_code ret;
     int i;
+    unsigned kvno;
+
+    if (kvno_ptr) {
+	    kvno = *kvno_ptr;
+	    flags |= HDB_F_KVNO_SPECIFIED;
+    }
 
     ent = calloc (1, sizeof (*ent));
     if (ent == NULL) {
@@ -88,6 +95,7 @@ _kdc_db_fetch(krb5_context context,
 				       config->db[i],
 				       principal,
 				       flags | HDB_F_DECRYPT,
+				       kvno,
 				       ent);
 	krb5_free_principal(context, enterprise_principal);
 
-- 
cgit