From 9b5e304ccedc8f0f7ce2342e4d9c621417dd1c1e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 28 Sep 2010 13:07:53 +1000 Subject: heimdal Add support for extracting a particular KVNO from the database This should allow master key rollover. (but the real reason is to allow multiple krbtgt accounts, as used by Active Directory to implement RODC support) Andrew Bartlett --- source4/heimdal/lib/hdb/hdb.h | 3 ++- source4/heimdal/lib/hdb/keytab.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'source4/heimdal/lib/hdb') diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h index 469a330812..ca67d2ddd8 100644 --- a/source4/heimdal/lib/hdb/hdb.h +++ b/source4/heimdal/lib/hdb/hdb.h @@ -54,6 +54,7 @@ enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK }; #define HDB_F_GET_ANY 28 /* fetch any of client,server,krbtgt */ #define HDB_F_CANON 32 /* want canonicalition */ #define HDB_F_ADMIN_DATA 64 /* want data that kdc don't use */ +#define HDB_F_KVNO_SPECIFIED 128 /* we want a particular KVNO */ /* hdb_capability_flags */ #define HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL 1 @@ -122,7 +123,7 @@ typedef struct HDB{ * should be fetch: client, server, krbtgt. */ krb5_error_code (*hdb_fetch)(krb5_context, struct HDB*, - krb5_const_principal, unsigned, + krb5_const_principal, unsigned, unsigned, hdb_entry_ex*); /** * Store an entry to database diff --git a/source4/heimdal/lib/hdb/keytab.c b/source4/heimdal/lib/hdb/keytab.c index 925ff67c58..524cea6f45 100644 --- a/source4/heimdal/lib/hdb/keytab.c +++ b/source4/heimdal/lib/hdb/keytab.c @@ -213,7 +213,7 @@ hdb_get_entry(krb5_context context, ret = (*db->hdb_fetch)(context, db, principal, HDB_F_DECRYPT| HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT, - &ent); + 0, &ent); if(ret == HDB_ERR_NOENTRY) { ret = KRB5_KT_NOTFOUND; -- cgit