From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Tue, 17 Oct 2023 07:18:28 +0000 (+1300)
Subject: s4:kdc: Add flag to indicate the upper sixteen bits of the kvno are specified
X-Git-Tag: talloc-2.4.2~1206
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d209cdf4f0c8ab948f59ef4cbe824a6fa9bef4ad;p=thirdparty%2Fsamba.git

s4:kdc: Add flag to indicate the upper sixteen bits of the kvno are specified

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index 107595c64aa..90be0434c36 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -2466,7 +2466,7 @@ static krb5_error_code samba_kdc_fetch_krbtgt(krb5_context context,
 		/* w2k8r2 sometimes gives us a kvno of 255 for inter-domain
 		   trust tickets. We don't yet know what this means, but we do
 		   seem to need to treat it as unspecified */
-		if (flags & SDB_F_KVNO_SPECIFIED) {
+		if (flags & (SDB_F_KVNO_SPECIFIED|SDB_F_RODC_NUMBER_SPECIFIED)) {
 			krbtgt_number = SAMBA_KVNO_GET_KRBTGT(kvno);
 			if (kdc_db_ctx->rodc) {
 				if (krbtgt_number != kdc_db_ctx->my_krbtgt_number) {
diff --git a/source4/kdc/sdb.h b/source4/kdc/sdb.h
index cc04039ac6d..820648a0698 100644
--- a/source4/kdc/sdb.h
+++ b/source4/kdc/sdb.h
@@ -134,8 +134,9 @@ struct sdb_entry {
 				 SDB_F_ARMOR_PRINCIPAL| \
 				 SDB_F_USER2USER_PRINCIPAL)
 
-/* This is not supported by HDB */
+/* These are not supported by HDB */
 #define SDB_F_FORCE_CANON	16384	/* force canonicalization */
+#define SDB_F_RODC_NUMBER_SPECIFIED	32768	/* we want a particular RODC number */
 
 void sdb_key_free(struct sdb_key *key);
 void sdb_keys_free(struct sdb_keys *keys);