Inconsistent dump in MIT Format with old principals

[moberrauch]

Describe the bug
When exporting an old database with principals created before commit dede654 in MIT format those principals fail to be imported into the MIT DB.
After a lot of debugging, I found that those entries all carry an old historic key with a kvno of 0 (the principals kvnos are higher now). Looking at the dump file, the affected entries have a higher number of keys indicated than are actually present as all the keys with kvno 0 are missing, resulting in an inconsistent and unparseable entry line.

In the end, this can be traced back to the following line of code of the dump generation:

heimdal/lib/hdb/print.c

Line 513 in 1b62220

for (i = 0; hist_keys && i < ent->kvno; i++) {

There the counter variable i is constrained to be smaller than ent->kvno, which directly implies that ent->kvno - i 5 lines blow can never be 0 and thus those key entries never "fail" the if-statement to avoid being skipped; actually, the loop is aborted before that.

I think changing the inequality operator in the aforementioned line from < to <= should resolve the issue.
I can also open a merge/pull request if needed.

Expected behaviour
DB dumps in MIT Format should be in a consistent state and importable to MIT KRB5.

System:

• OS: Debian 12
• Version: 7.7.0

[abartlet]

Yes, Open a Pull Request, that will trigger a CI run and makes it easier to just accept the change. Even better if you can include a tests of course.