From 89a074b784295204aa8d7dd585bf3533ac7971a7 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 30 Jun 2009 12:11:14 +1000 Subject: s4:heimdal Allow KRB5_NT_ENTERPRISE names in all DB lookups The previous code only allowed an KRB5_NT_ENTERPRISE name (an e-mail list user principal name) in an AS-REQ. Evidence from the wild (Win2k8 reportadely) indicates that this is instead valid for all types of requests. While this is now handled in heimdal/kdc/misc.c, a flag is now defined in Heimdal's hdb so that we can take over this handling in future (once we start using a system Heimdal, and if we find out there is more to be done here). Andrew Bartlett --- source4/heimdal/lib/hdb/hdb.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'source4/heimdal/lib/hdb') diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h index ce219153b3..a5e6514e6c 100644 --- a/source4/heimdal/lib/hdb/hdb.h +++ b/source4/heimdal/lib/hdb/hdb.h @@ -54,6 +54,8 @@ enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK }; #define HDB_F_GET_ANY 28 /* fetch any of client,server,krbtgt */ #define HDB_F_CANON 32 /* want canonicalition */ +#define HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL 1 + /* key usage for master key */ #define HDB_KU_MKEY 0x484442 @@ -80,7 +82,7 @@ typedef struct HDB{ int hdb_master_key_set; hdb_master_key hdb_master_key; int hdb_openp; - + int hdb_capability_flags; /** * Open (or create) the a Kerberos database. * @@ -184,7 +186,7 @@ typedef struct HDB{ krb5_error_code (*hdb_destroy)(krb5_context, struct HDB*); }HDB; -#define HDB_INTERFACE_VERSION 4 +#define HDB_INTERFACE_VERSION 5 struct hdb_so_method { int version; -- cgit