From d5970c0851ff91b1c2aee5860c0f6adbd37b5aea Mon Sep 17 00:00:00 2001
From: Russ Allbery <rra@stanford.edu>
Date: Tue, 2 Feb 2010 14:28:10 -0800
Subject: [PATCH] Report mkvno as unknown

When the principal is retrieved from the database via libkadm5srv, the
keys are always decrypted, so the reported mkvno is always 0.  Rather
than returning 0 and implying that the key in the database is not
encrypted, report the mkvno as unknown for right now.

A better fix is required to either not decrypt the keys when retrieving
get information or to get the mkvno before keys are decrypted.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
---
 kadmin/get.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kadmin/get.c b/kadmin/get.c
index be65d8dbf..ecd5409a7 100644
--- a/kadmin/get.c
+++ b/kadmin/get.c
@@ -209,7 +209,8 @@ format_field(kadm5_principal_ent_t princ, unsigned int field,
 	snprintf(buf, buf_len, "%d", princ->kvno);
 	break;
     case KADM5_MKVNO:
-	snprintf(buf, buf_len, "%d", princ->mkvno);
+	/* XXX libkadm5srv decrypts the keys, so mkvno is always 0. */
+	strlcpy(buf, "unknown", buf_len);
 	break;
     case KADM5_LAST_SUCCESS:
 	time_t2str(princ->last_success, buf, buf_len, !condensed);
-- 
2.11.4.GIT