s4-kdc: treat a kvno of 255 as unspecified
authorAndrew Tridgell <tridge@samba.org>
Wed, 28 Sep 2011 19:22:27 +0000 (05:22 +1000)
committerAndrew Tridgell <tridge@samba.org>
Tue, 4 Oct 2011 04:08:57 +0000 (15:08 +1100)
windows sometimes sends us a kvno of 255 for inter-domain trusts. We
don't yet know why it does this, but it seems that we need to treat
this as an unspecified kvno

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

source4/kdc/db-glue.c

index 6634d0c..2ed3219 100644 (file)
@@ -1382,7 +1382,10 @@ krb5_error_code samba_kdc_fetch(krb5_context context,
        krb5_error_code ret = HDB_ERR_NOENTRY;
        TALLOC_CTX *mem_ctx;
        unsigned int krbtgt_number;
-       if (flags & HDB_F_KVNO_SPECIFIED) {
+       /* w2k8r2 sometimes gives us a kvno of 255 for inter-domain
+          trust tickets. We don't yet know what this means, but we do
+          seem to need to treat it as unspecified */
+       if ((flags & HDB_F_KVNO_SPECIFIED) && kvno != 255) {
                krbtgt_number = SAMBA_KVNO_GET_KRBTGT(kvno);
                if (kdc_db_ctx->rodc) {
                        if (krbtgt_number != kdc_db_ctx->my_krbtgt_number) {