s4:heimdal Allow KRB5_NT_ENTERPRISE names in all DB lookups

The previous code only allowed an KRB5_NT_ENTERPRISE name (an e-mail
list user principal name) in an AS-REQ.  Evidence from the wild
(Win2k8 reportadely) indicates that this is instead valid for all
types of requests.

While this is now handled in heimdal/kdc/misc.c, a flag is now defined
in Heimdal's hdb so that we can take over this handling in future (once we start
using a system Heimdal, and if we find out there is more to be done
here).

Andrew Bartlett

1 files changed, 4 insertions, 2 deletions

diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h
index ce219153b3..a5e6514e6c 100644
--- a/source4/heimdal/lib/hdb/hdb.h
+++ b/source4/heimdal/lib/hdb/hdb.h
@@ -54,6 +54,8 @@ enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK };
 #define HDB_F_GET_ANY		28	/* fetch any of client,server,krbtgt */
 #define HDB_F_CANON		32	/* want canonicalition */
 
+#define HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL 1
+
 /* key usage for master key */
 #define HDB_KU_MKEY	0x484442
 
@@ -80,7 +82,7 @@ typedef struct HDB{
     int hdb_master_key_set;
     hdb_master_key hdb_master_key;
     int hdb_openp;
-
+    int hdb_capability_flags;
     /**
      * Open (or create) the a Kerberos database.
      *
@@ -184,7 +186,7 @@ typedef struct HDB{
     krb5_error_code (*hdb_destroy)(krb5_context, struct HDB*);
 }HDB;
 
-#define HDB_INTERFACE_VERSION	4
+#define HDB_INTERFACE_VERSION	5
 
 struct hdb_so_method {
     int version;