kdc: fix AD -> Heimdal x-realm trusts again

The HDB_F_ALL_KVNOS flag is not getting set in _kdc_db_fetch() if kvno_ptr == NULL. Fix the conditional to ensure that one of HDB_F_ALL_KVNOS or HDB_F_KVNO_SPECIFIED is set in the flags field. Prior to this change cross-realm TGS_REQ failed with KRB5_GENERIC_ERROR and e-text "encryption key has bad length". With this change, the cross-realm TGS_REQ succeeds. Change-Id: I4216137a192032544dfbdada12b5c377603ca4b6
heimdal · Jun 23, 2016 · f32fd2d · f32fd2d
1 parent 9f6baf0
commit f32fd2d
Showing 1 changed file with 5 additions and 7 deletions.
diff --git a/kdc/misc.c b/kdc/misc.c
@@ -53,13 +53,11 @@ _kdc_db_fetch(krb5_context context,
 
     *h = NULL;
 
-    if (kvno_ptr != NULL) {
-	if (*kvno_ptr != 0) {
-	    kvno = *kvno_ptr;
-	    flags |= HDB_F_KVNO_SPECIFIED;
-	} else {
-	    flags |= HDB_F_ALL_KVNOS;
-	}
+    if (kvno_ptr != NULL && *kvno_ptr != 0) {
+	kvno = *kvno_ptr;
+	flags |= HDB_F_KVNO_SPECIFIED;
+    } else {
+	flags |= HDB_F_ALL_KVNOS;
     }
 
     ent = calloc(1, sizeof (*ent));