s4:kdc: Add flag to indicate the upper sixteen bits of the kvno are specified

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index 107595c64aa56e1c87fb71e6c8a7f3c43de92f64..90be0434c36c354e68ea6af4c66d352de78f86c5 100644 (file)
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -2466,7 +2466,7 @@ static krb5_error_code samba_kdc_fetch_krbtgt(krb5_context context,
                /* w2k8r2 sometimes gives us a kvno of 255 for inter-domain
                   trust tickets. We don't yet know what this means, but we do
                   seem to need to treat it as unspecified */
-               if (flags & SDB_F_KVNO_SPECIFIED) {
+               if (flags & (SDB_F_KVNO_SPECIFIED|SDB_F_RODC_NUMBER_SPECIFIED)) {
                        krbtgt_number = SAMBA_KVNO_GET_KRBTGT(kvno);
                        if (kdc_db_ctx->rodc) {
                                if (krbtgt_number != kdc_db_ctx->my_krbtgt_number) {

diff --git a/source4/kdc/sdb.h b/source4/kdc/sdb.h
index cc04039ac6dbc6d8564edfb8cdcb0e06f5c51c32..820648a069831e348ca74126c5372a0d8641e12b 100644 (file)
--- a/source4/kdc/sdb.h
+++ b/source4/kdc/sdb.h
@@ -134,8 +134,9 @@ struct sdb_entry {
                                 SDB_F_ARMOR_PRINCIPAL| \
                                 SDB_F_USER2USER_PRINCIPAL)
 
-/* This is not supported by HDB */
+/* These are not supported by HDB */
 #define SDB_F_FORCE_CANON      16384   /* force canonicalization */
+#define SDB_F_RODC_NUMBER_SPECIFIED    32768   /* we want a particular RODC number */
 
 void sdb_key_free(struct sdb_key *key);
 void sdb_keys_free(struct sdb_keys *keys);