Add rename method to kadm5_hook

Bump the minor version of the kadm5_hook interface to 2 and add a
rename method.  Invoke the rename method in kadm5_rename_principal()
like we do for other libkadm5srv operations.

Partly based on a patch from John Hascall.

ticket: 8171

7 files changed, 50 insertions, 3 deletions

diff --git a/doc/plugindev/kadm5_hook.rst b/doc/plugindev/kadm5_hook.rst
index f7c46b4..ece3eac 100644
--- a/doc/plugindev/kadm5_hook.rst
+++ b/doc/plugindev/kadm5_hook.rst
@@ -8,8 +8,9 @@ changes are made to the Kerberos database through :ref:`kadmin(1)`.
 For a detailed description of the kadm5_hook interface, see the header
 file ``<krb5/kadm5_hook_plugin.h>``.
 
-The kadm5_hook interface has four primary methods: **chpass**,
-**create**, **modify**, and **remove**.  Each of these methods is
+The kadm5_hook interface has five primary methods: **chpass**,
+**create**, **modify**, **remove**, and **rename**.  (The **rename**
+method was introduced in release 1.14.)  Each of these methods is
 called twice when the corresponding administrative action takes place,
 once before the action is committed and once afterwards.  A module can
 prevent the action from taking place by returning an error code during
diff --git a/src/include/krb5/kadm5_hook_plugin.h b/src/include/krb5/kadm5_hook_plugin.h
index c95c17f..f4f3730 100644
--- a/src/include/krb5/kadm5_hook_plugin.h
+++ b/src/include/krb5/kadm5_hook_plugin.h
@@ -46,6 +46,9 @@
  * This interface depends on kadm5/admin.h. As such, the interface
  * does not provide strong guarantees of ABI stability.
  *
+ * The kadm5_hook interface currently has only one supported major version,
+ * which is 1.  Major version 1 has a current minor version number of 2.
+ *
  * kadm5_hook plugins should:
  * kadm5_hook_<modulename>_initvt, matching the signature:
  *
@@ -138,6 +141,14 @@ typedef struct kadm5_hook_vtable_1_st {
                           int stage, krb5_principal);
 
     /* End of minor version 1. */
+
+    /** Indicate a principal is renamed. */
+    kadm5_ret_t (*rename)(krb5_context,
+                          kadm5_hook_modinfo *modinfo,
+                          int stage, krb5_principal, krb5_principal);
+
+    /* End of minor version 2. */
+
 } kadm5_hook_vftable_1;
 
 #endif /*H_KRB5_KADM5_HOOK_PLUGIN*/
diff --git a/src/lib/kadm5/server_internal.h b/src/lib/kadm5/server_internal.h
index 623187d..dc79c78 100644
--- a/src/lib/kadm5/server_internal.h
+++ b/src/lib/kadm5/server_internal.h
@@ -255,6 +255,13 @@ k5_kadm5_hook_remove (krb5_context context,
                       int stage,
                       krb5_principal princ);
 
+/** Call rename kadm5_hook entry point. */
+kadm5_ret_t
+k5_kadm5_hook_rename (krb5_context context,
+                      kadm5_hook_handle *handles,
+                      int stage,
+                      krb5_principal oprinc, krb5_principal nprinc);
+
 /** @}*/
 
 #endif /* __KADM5_SERVER_INTERNAL_H__ */
diff --git a/src/lib/kadm5/srv/kadm5_hook.c b/src/lib/kadm5/srv/kadm5_hook.c
index 62f3bff..13f454f 100644
--- a/src/lib/kadm5/srv/kadm5_hook.c
+++ b/src/lib/kadm5/srv/kadm5_hook.c
@@ -64,7 +64,7 @@ k5_kadm5_hook_load(krb5_context context,
         handle = k5alloc(sizeof(*handle), &ret);
         if (handle == NULL)
             goto cleanup;
-        ret = (*mod)(context, 1, 1, (krb5_plugin_vtable)&handle->vt);
+        ret = (*mod)(context, 1, 2, (krb5_plugin_vtable)&handle->vt);
         if (ret != 0) {         /* Failed vtable init is non-fatal. */
             free(handle);
             handle = NULL;
@@ -169,6 +169,14 @@ k5_kadm5_hook_modify(krb5_context context, kadm5_hook_handle *handles,
 }
 
 kadm5_ret_t
+k5_kadm5_hook_rename(krb5_context context, kadm5_hook_handle *handles,
+                     int stage, krb5_principal oprinc, krb5_principal nprinc)
+{
+    ITERATE(rename, (context, h->data, stage, oprinc, nprinc));
+    return 0;
+}
+
+kadm5_ret_t
 k5_kadm5_hook_remove(krb5_context context, kadm5_hook_handle *handles,
                      int stage, krb5_principal princ)
 {
diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
index 27f8eba..5b95fa3 100644
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -835,9 +835,17 @@ kadm5_rename_principal(void *server_handle,
         goto done;
     }
 
+    ret = k5_kadm5_hook_rename(handle->context, handle->hook_handles,
+                               KADM5_HOOK_STAGE_PRECOMMIT, source, target);
+    if (ret)
+        goto done;
+
     if ((ret = kdb_put_entry(handle, kdb, &adb)))
         goto done;
 
+    (void) k5_kadm5_hook_rename(handle->context, handle->hook_handles,
+                                KADM5_HOOK_STAGE_POSTCOMMIT, source, target);
+
     ret = kdb_delete_entry(handle, source);
 
 done:
diff --git a/src/plugins/kadm5_hook/test/main.c b/src/plugins/kadm5_hook/test/main.c
index 48b549c..1ac2cb0 100644
--- a/src/plugins/kadm5_hook/test/main.c
+++ b/src/plugins/kadm5_hook/test/main.c
@@ -81,6 +81,13 @@ create(krb5_context context,
     return 0;
 }
 
+static kadm5_ret_t
+rename_hook(krb5_context context, kadm5_hook_modinfo *modinfo, int stage,
+            krb5_principal oprinc, krb5_principal nprinc)
+{
+    log_call(context, "rename", stage, oprinc);
+    return 0;
+}
 
 krb5_error_code
 kadm5_hook_test_initvt(krb5_context context, int maj_ver, int min_ver,
@@ -97,5 +104,6 @@ kadm5_hook_test_initvt(krb5_context context, int maj_ver, int min_ver,
     vt->name = "test";
     vt->chpass = chpass;
     vt->create = create;
+    vt->rename = rename_hook;
     return 0;
 }
diff --git a/src/tests/t_kadm5_hook.py b/src/tests/t_kadm5_hook.py
index b0de25c..708e328 100755
--- a/src/tests/t_kadm5_hook.py
+++ b/src/tests/t_kadm5_hook.py
@@ -11,4 +11,8 @@ output = realm.run([kadminl, 'addprinc', '-randkey', 'test'])
 if "create: stage precommit" not in output:
     fail('kadm5_hook test output not found')
 
+output = realm.run([kadminl, 'renprinc', 'test', 'test2'])
+if "rename: stage precommit" not in output:
+    fail('kadm5_hook test output not found')
+
 success('kadm5_hook')