s4:kdc/db-glue: allow invalid kvno numbers in samba_kdc_trust_message2entry()

We should fallback to the current password if the trusted KDC used a wrong kvno.

After commit 6f8b868a29fe47a3b589616fde97099829933ce0, we always have the
previous password filled. With the trust creation we typically don't
have a TRUST_AUTH_TYPE_VERSION in the current nor in the previous array.
This means current_kvno is 0. And now previous_kvno is 255.

A FreeIPA/MIT KDC uses kvno=1 in the referral ticket, which triggered
the 'Request for unknown kvno 1 - current kvno is 0' case.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

0 files changed, 0 insertions, 0 deletions