From 5717da34b92cfb9385d9275df5b48c70254ce78f Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Thu, 29 Sep 2011 05:22:27 +1000
Subject: s4-kdc: treat a kvno of 255 as unspecified

windows sometimes sends us a kvno of 255 for inter-domain trusts. We
don't yet know why it does this, but it seems that we need to treat
this as an unspecified kvno

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
---
 source4/kdc/db-glue.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'source4/kdc/db-glue.c')

diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index 6634d0c180..2ed32192f8 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -1382,7 +1382,10 @@ krb5_error_code samba_kdc_fetch(krb5_context context,
 	krb5_error_code ret = HDB_ERR_NOENTRY;
 	TALLOC_CTX *mem_ctx;
 	unsigned int krbtgt_number;
-	if (flags & HDB_F_KVNO_SPECIFIED) {
+	/* w2k8r2 sometimes gives us a kvno of 255 for inter-domain
+	   trust tickets. We don't yet know what this means, but we do
+	   seem to need to treat it as unspecified */
+	if ((flags & HDB_F_KVNO_SPECIFIED) && kvno != 255) {
 		krbtgt_number = SAMBA_KVNO_GET_KRBTGT(kvno);
 		if (kdc_db_ctx->rodc) {
 			if (krbtgt_number != kdc_db_ctx->my_krbtgt_number) {
-- 
cgit