sdb: Do not create kmod information if we return early

In case of a wrong realm in a cross forest trust we return early with
just the realm corrected. We need to parse a kdb entry but do not have
all information available. So skip creating the kmod.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

diff --git a/source4/kdc/sdb_to_kdb.c b/source4/kdc/sdb_to_kdb.c
index d842052117eaa2cdb44dc9964749801aa38b3014..ff50c0cab87884b8c31ad6c73215db5692af3f0b 100644 (file)
--- a/source4/kdc/sdb_to_kdb.c
+++ b/source4/kdc/sdb_to_kdb.c
@@ -272,12 +272,19 @@ static int sdb_entry_ex_to_krb5_db_entry(krb5_context context,
        /* fail_auth_count */
        /* n_tl_data */
 
-       ret = sdb_event_to_kmod(context,
-                               s->modified_by ? s->modified_by : &s->created_by,
-                               k);
-       if (ret) {
-               free_krb5_db_entry(context, k);
-               return ret;
+       /*
+        * If we leave early when looking up the realm, we do not have all
+        * information about a principal. We need to construct a db entry
+        * with minimal information, so skip this part.
+        */
+       if (s->created_by.time != 0) {
+               ret = sdb_event_to_kmod(context,
+                                       s->modified_by ? s->modified_by : &s->created_by,
+                                       k);
+               if (ret) {
+                       free_krb5_db_entry(context, k);
+                       return ret;
+               }
        }
 
        /* FIXME: TODO HDB Extensions */