^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.ConditionalAceTests.test_pac_claim_cmp__1_zero_and_one_uint_2_0_1___zero_and_one_uint_\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.ConditionalAceTests.test_pac_claim_cmp__1_zero_int_1_0___zero_int_\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.ConditionalAceTests.test_pac_claim_cmp__1_zero_uint_2_0___zero_uint_\(ad_dc\)
-^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.ConditionalAceTests.test_rbcd_client_and_device_from_rodc\(ad_dc\)
-^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.ConditionalAceTests.test_rbcd_client_from_rodc\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.ConditionalAceTests.test_tgs_with_claims_valid_both_from_rodc\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.ConditionalAceTests.test_tgs_with_claims_valid_client_from_rodc\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.ConditionalAceTests.test_tgs_with_service_asserted_identity_both_from_rodc\(ad_dc\)
if (pac_kdc_signature_rodc_id != header_ticket_rodc_id) {
struct sdb_entry signing_krbtgt_sdb;
- /*
- * If we didn't sign the ticket, then return an
- * error.
- */
- if (pac_kdc_signature_rodc_id != 0) {
- return KRB5KRB_AP_ERR_MODIFIED;
- }
-
/*
* Fetch our key from the database. To support
* key rollover, we're going to need to try
ret = samba_kdc_fetch(context,
krbtgt_skdc_entry->kdc_db_ctx,
krbtgt->principal,
- SDB_F_GET_KRBTGT | SDB_F_CANON,
- 0,
+ SDB_F_GET_KRBTGT | SDB_F_RODC_NUMBER_SPECIFIED | SDB_F_CANON,
+ ((uint32_t)pac_kdc_signature_rodc_id) << 16,
&signing_krbtgt_sdb);
if (ret != 0) {
return ret;