r21390: move fetching the key version number into the function

which contrusts the keys...

later we need to get the key version number from the
"replPropertyMetaData" attribute entry to the (I assume)
the "unicodePwd" attribute.

msDs-KeyVersionNumber is a constructed attribute,
and is "1" when no "supplementalCredentials" is present.

we need to make some tests with a password change function
which don't give a cleartext to the server...

metze
(This used to be commit 9e4324221764c1413be34d5b14915a86740acc04)

diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c
index 4b28613686c3562c85e8814a2a5c0ef0ee6d4659..bad3e08829f2d31807ca8d8b9a62d8154f157a61 100644 (file)
--- a/source4/kdc/hdb-ldb.c
+++ b/source4/kdc/hdb-ldb.c
@@ -214,6 +214,8 @@ static krb5_error_code LDB_message2entry_keys(krb5_context context,
        entry_ex->entry.keys.val = NULL;
        entry_ex->entry.keys.len = 0;
 
+       entry_ex->entry.kvno = ldb_msg_find_attr_as_int(msg, "msDS-KeyVersionNumber", 0);
+
        /* Get krb5Key from the db */
 
        krb5keys = ldb_msg_find_element(msg, "krb5Key");
@@ -399,8 +401,6 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
                krb5_princ_set_realm(context, entry_ex->entry.principal, &strdup_realm);
        }
 
-       entry_ex->entry.kvno = ldb_msg_find_attr_as_int(msg, "msDS-KeyVersionNumber", 0);
-
        entry_ex->entry.flags = uf2HDBFlags(context, userAccountControl, ent_type);
 
        if (ent_type == HDB_LDB_ENT_TYPE_KRBTGT) {