sdb: Do not create kmod information if we return early

In case of a wrong realm in a cross forest trust we return early with
just the realm corrected. We need to parse a kdb entry but do not have
all information available. So skip creating the kmod.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

1 files changed, 13 insertions, 6 deletions

diff --git a/source4/kdc/sdb_to_kdb.c b/source4/kdc/sdb_to_kdb.c
index d842052117e..ff50c0cab87 100644
--- a/source4/kdc/sdb_to_kdb.c
+++ b/source4/kdc/sdb_to_kdb.c
@@ -272,12 +272,19 @@ static int sdb_entry_ex_to_krb5_db_entry(krb5_context context,
 	/* fail_auth_count */
 	/* n_tl_data */
 
-	ret = sdb_event_to_kmod(context,
-				s->modified_by ? s->modified_by : &s->created_by,
-				k);
-	if (ret) {
-		free_krb5_db_entry(context, k);
-		return ret;
+	/*
+	 * If we leave early when looking up the realm, we do not have all
+	 * information about a principal. We need to construct a db entry
+	 * with minimal information, so skip this part.
+	 */
+	if (s->created_by.time != 0) {
+		ret = sdb_event_to_kmod(context,
+					s->modified_by ? s->modified_by : &s->created_by,
+					k);
+		if (ret) {
+			free_krb5_db_entry(context, k);
+			return ret;
+		}
 	}
 
 	/* FIXME: TODO HDB Extensions */