s4:kdc: Add SDB_F_ARMOR_PRINCIPAL flag

This corresponds with the HDB_F_ARMOR_PRINCIPAL flag in Heimdal, and
indicates a lookup of an armor ticket client principal, rather than the
principal of the main TGT. This helps us to determine whether an
authentication policy will apply to a principal acting as a client, and
hence whether we have to look up the policy in the database.

NOTE: THIS COMMIT WON’T COMPILE/WORK ON ITS OWN!

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

source4/kdc/sdb.h

@@ -119,6 +119,7 @@ struct sdb_entry {
 #define SDB_F_KVNO_SPECIFIED	128	/* we want a particular KVNO */
 #define SDB_F_FOR_AS_REQ	4096	/* fetch is for a AS REQ */
 #define SDB_F_FOR_TGS_REQ	8192	/* fetch is for a TGS REQ */
+#define SDB_F_ARMOR_PRINCIPAL 262144	/* fetch is for the client of an armor ticket */
 
 #define SDB_F_HDB_MASK		(SDB_F_DECRYPT | \
 				 SDB_F_GET_CLIENT| \
@@ -128,7 +129,8 @@ struct sdb_entry {
 				 SDB_F_ADMIN_DATA | \
 				 SDB_F_KVNO_SPECIFIED | \
 				 SDB_F_FOR_AS_REQ | \
-				 SDB_F_FOR_TGS_REQ)
+				 SDB_F_FOR_TGS_REQ | \
+				 SDB_F_ARMOR_PRINCIPAL)
 
 /* This is not supported by HDB */
 #define SDB_F_FORCE_CANON	16384	/* force canonicalization */