s4:kdc: let samba_kdc_trust_message2entry() return all keys with SDB_F_ADMIN_DATA

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index 122507345b449a90500c9fa6013150ecb38ac0b8..0af584dc38c4b467cf715dd6e168e0f7bd4388d7 100644 (file)
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -2086,6 +2086,7 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context,
        struct trustAuthInOutBlob password_blob;
        struct samba_kdc_entry *p;
        bool use_previous = false;
+       bool include_previous = false;
        uint32_t current_kvno;
        uint32_t previous_kvno;
        struct samba_kdc_trust_keys current_keys = {};
@@ -2314,6 +2315,15 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context,
                } else {
                        use_previous = false;
                }
+
+               if (flags & SDB_F_ADMIN_DATA) {
+                       /*
+                        * let admin tool
+                        * get to all keys
+                        */
+                       use_previous = false;
+                       include_previous = true;
+               }
        } else if (kvno == current_kvno) {
                /*
                 * Exact match ...
@@ -2361,6 +2371,13 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context,
                current_keys.skeys = &entry->keys;
                current_keys.available_enctypes = &available_enctypes;
                current_keys.returned_kvno = &returned_kvno;
+
+               if (include_previous) {
+                       /*
+                        * return the old keys in addition.
+                        */
+                       previous_keys.skeys = &entry->old_keys;
+               }
        }
 
        if (current_keys.skeys != NULL) {