From: Günther Deschner <gd@samba.org>
Date: Mon, 30 Jun 2008 08:32:15 +0000 (+0200)
Subject: kerberos: allow to keep entries with old kvno's while creating keytab.
X-Git-Tag: samba-3.3.0pre1~715
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6194244bd9fcc1fb736f3d91433f107270cac1c9;p=thirdparty%2Fsamba.git

kerberos: allow to keep entries with old kvno's while creating keytab.

Guenther
---

diff --git a/source/include/includes.h b/source/include/includes.h
index e9addf6ee00..aa99dc0b63b 100644
--- a/source/include/includes.h
+++ b/source/include/includes.h
@@ -1231,7 +1231,8 @@ int smb_krb5_kt_add_entry_ext(krb5_context context,
 			      const char *princ_s,
 			      krb5_enctype *enctypes,
 			      krb5_data password,
-			      bool no_salt);
+			      bool no_salt,
+			      bool keep_old_entries);
 
 #endif /* HAVE_KRB5 */
 
diff --git a/source/libads/kerberos_keytab.c b/source/libads/kerberos_keytab.c
index 04804fc27ce..b905cb4a0f5 100644
--- a/source/libads/kerberos_keytab.c
+++ b/source/libads/kerberos_keytab.c
@@ -38,7 +38,8 @@ int smb_krb5_kt_add_entry_ext(krb5_context context,
 			      const char *princ_s,
 			      krb5_enctype *enctypes,
 			      krb5_data password,
-			      bool no_salt)
+			      bool no_salt,
+			      bool keep_old_entries)
 {
 	krb5_error_code ret = 0;
 	krb5_kt_cursor cursor;
@@ -96,7 +97,7 @@ int smb_krb5_kt_add_entry_ext(krb5_context context,
 				if (kt_entry.vno == kvno - 1) {
 					DEBUG(5,("smb_krb5_kt_add_entry_ext: Saving previous (kvno %d) entry for principal: %s.\n",
 						kvno - 1, princ_s));
-				} else {
+				} else if (!keep_old_entries) {
 					DEBUG(5,("smb_krb5_kt_add_entry_ext: Found old entry for principal: %s (kvno %d) - trying to remove it.\n",
 						princ_s, kt_entry.vno));
 					ret = krb5_kt_end_seq_get(context, keytab, &cursor);
@@ -224,6 +225,7 @@ int smb_krb5_kt_add_entry(krb5_context context,
 					 princ_s,
 					 enctypes,
 					 password,
+					 false,
 					 false);
 }
 
diff --git a/source/libnet/libnet_keytab.c b/source/libnet/libnet_keytab.c
index faa491471e3..02c2b6f7615 100644
--- a/source/libnet/libnet_keytab.c
+++ b/source/libnet/libnet_keytab.c
@@ -126,6 +126,7 @@ krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx)
 						entry->principal,
 						enctypes,
 						password,
+						true,
 						true);
 		if (ret) {
 			DEBUG(1,("libnet_keytab_add: "