Use the trust password version as kvno for trusts in Kerberos.
[kai/samba.git] / source4 / kdc / hdb-samba4.c
index d7317f17d4f3f49ecd641482ca3140eaf431e9c0..818c4a12fda753c297bf00d268020a99e343df9d 100644 (file)
@@ -717,6 +717,7 @@ static krb5_error_code LDB_trust_message2entry(krb5_context context, HDB *db,
 
        enum ndr_err_code ndr_err;
        int i, ret, trust_direction_flags;
 
        enum ndr_err_code ndr_err;
        int i, ret, trust_direction_flags;
+       uint32_t kvno;
 
        private = talloc(mem_ctx, struct hdb_ldb_private);
        if (!private) {
 
        private = talloc(mem_ctx, struct hdb_ldb_private);
        if (!private) {
@@ -764,6 +765,12 @@ static krb5_error_code LDB_trust_message2entry(krb5_context context, HDB *db,
                goto out;
        }
 
                goto out;
        }
 
+       for (i=0; i < password_blob.count; i++) {
+               if (password_blob.current->array[i].AuthType == TRUST_AUTH_TYPE_VERSION) {
+                       entry_ex->entry.kvno = password_blob.current->array[i].AuthInfo.version.version;
+               }
+       }
+
        for (i=0; i < password_blob.count; i++) {
                if (password_blob.current->array[i].AuthType == TRUST_AUTH_TYPE_CLEAR) {
                        password_utf16 = data_blob_const(password_blob.current->array[i].AuthInfo.clear.password,
        for (i=0; i < password_blob.count; i++) {
                if (password_blob.current->array[i].AuthType == TRUST_AUTH_TYPE_CLEAR) {
                        password_utf16 = data_blob_const(password_blob.current->array[i].AuthInfo.clear.password,