From a99e5565e99b83a86002332e39938aa6bed6a26a Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Fri, 3 Jul 2015 20:13:43 -0400 Subject: Add rename method to kadm5_hook Bump the minor version of the kadm5_hook interface to 2 and add a rename method. Invoke the rename method in kadm5_rename_principal() like we do for other libkadm5srv operations. Partly based on a patch from John Hascall. ticket: 8171 --- doc/plugindev/kadm5_hook.rst | 5 +++-- src/include/krb5/kadm5_hook_plugin.h | 11 +++++++++++ src/lib/kadm5/server_internal.h | 7 +++++++ src/lib/kadm5/srv/kadm5_hook.c | 10 +++++++++- src/lib/kadm5/srv/svr_principal.c | 8 ++++++++ src/plugins/kadm5_hook/test/main.c | 8 ++++++++ src/tests/t_kadm5_hook.py | 4 ++++ 7 files changed, 50 insertions(+), 3 deletions(-) diff --git a/doc/plugindev/kadm5_hook.rst b/doc/plugindev/kadm5_hook.rst index f7c46b4..ece3eac 100644 --- a/doc/plugindev/kadm5_hook.rst +++ b/doc/plugindev/kadm5_hook.rst @@ -8,8 +8,9 @@ changes are made to the Kerberos database through :ref:`kadmin(1)`. For a detailed description of the kadm5_hook interface, see the header file ````. -The kadm5_hook interface has four primary methods: **chpass**, -**create**, **modify**, and **remove**. Each of these methods is +The kadm5_hook interface has five primary methods: **chpass**, +**create**, **modify**, **remove**, and **rename**. (The **rename** +method was introduced in release 1.14.) Each of these methods is called twice when the corresponding administrative action takes place, once before the action is committed and once afterwards. A module can prevent the action from taking place by returning an error code during diff --git a/src/include/krb5/kadm5_hook_plugin.h b/src/include/krb5/kadm5_hook_plugin.h index c95c17f..f4f3730 100644 --- a/src/include/krb5/kadm5_hook_plugin.h +++ b/src/include/krb5/kadm5_hook_plugin.h @@ -46,6 +46,9 @@ * This interface depends on kadm5/admin.h. As such, the interface * does not provide strong guarantees of ABI stability. * + * The kadm5_hook interface currently has only one supported major version, + * which is 1. Major version 1 has a current minor version number of 2. + * * kadm5_hook plugins should: * kadm5_hook__initvt, matching the signature: * @@ -138,6 +141,14 @@ typedef struct kadm5_hook_vtable_1_st { int stage, krb5_principal); /* End of minor version 1. */ + + /** Indicate a principal is renamed. */ + kadm5_ret_t (*rename)(krb5_context, + kadm5_hook_modinfo *modinfo, + int stage, krb5_principal, krb5_principal); + + /* End of minor version 2. */ + } kadm5_hook_vftable_1; #endif /*H_KRB5_KADM5_HOOK_PLUGIN*/ diff --git a/src/lib/kadm5/server_internal.h b/src/lib/kadm5/server_internal.h index 623187d..dc79c78 100644 --- a/src/lib/kadm5/server_internal.h +++ b/src/lib/kadm5/server_internal.h @@ -255,6 +255,13 @@ k5_kadm5_hook_remove (krb5_context context, int stage, krb5_principal princ); +/** Call rename kadm5_hook entry point. */ +kadm5_ret_t +k5_kadm5_hook_rename (krb5_context context, + kadm5_hook_handle *handles, + int stage, + krb5_principal oprinc, krb5_principal nprinc); + /** @}*/ #endif /* __KADM5_SERVER_INTERNAL_H__ */ diff --git a/src/lib/kadm5/srv/kadm5_hook.c b/src/lib/kadm5/srv/kadm5_hook.c index 62f3bff..13f454f 100644 --- a/src/lib/kadm5/srv/kadm5_hook.c +++ b/src/lib/kadm5/srv/kadm5_hook.c @@ -64,7 +64,7 @@ k5_kadm5_hook_load(krb5_context context, handle = k5alloc(sizeof(*handle), &ret); if (handle == NULL) goto cleanup; - ret = (*mod)(context, 1, 1, (krb5_plugin_vtable)&handle->vt); + ret = (*mod)(context, 1, 2, (krb5_plugin_vtable)&handle->vt); if (ret != 0) { /* Failed vtable init is non-fatal. */ free(handle); handle = NULL; @@ -169,6 +169,14 @@ k5_kadm5_hook_modify(krb5_context context, kadm5_hook_handle *handles, } kadm5_ret_t +k5_kadm5_hook_rename(krb5_context context, kadm5_hook_handle *handles, + int stage, krb5_principal oprinc, krb5_principal nprinc) +{ + ITERATE(rename, (context, h->data, stage, oprinc, nprinc)); + return 0; +} + +kadm5_ret_t k5_kadm5_hook_remove(krb5_context context, kadm5_hook_handle *handles, int stage, krb5_principal princ) { diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c index 27f8eba..5b95fa3 100644 --- a/src/lib/kadm5/srv/svr_principal.c +++ b/src/lib/kadm5/srv/svr_principal.c @@ -835,9 +835,17 @@ kadm5_rename_principal(void *server_handle, goto done; } + ret = k5_kadm5_hook_rename(handle->context, handle->hook_handles, + KADM5_HOOK_STAGE_PRECOMMIT, source, target); + if (ret) + goto done; + if ((ret = kdb_put_entry(handle, kdb, &adb))) goto done; + (void) k5_kadm5_hook_rename(handle->context, handle->hook_handles, + KADM5_HOOK_STAGE_POSTCOMMIT, source, target); + ret = kdb_delete_entry(handle, source); done: diff --git a/src/plugins/kadm5_hook/test/main.c b/src/plugins/kadm5_hook/test/main.c index 48b549c..1ac2cb0 100644 --- a/src/plugins/kadm5_hook/test/main.c +++ b/src/plugins/kadm5_hook/test/main.c @@ -81,6 +81,13 @@ create(krb5_context context, return 0; } +static kadm5_ret_t +rename_hook(krb5_context context, kadm5_hook_modinfo *modinfo, int stage, + krb5_principal oprinc, krb5_principal nprinc) +{ + log_call(context, "rename", stage, oprinc); + return 0; +} krb5_error_code kadm5_hook_test_initvt(krb5_context context, int maj_ver, int min_ver, @@ -97,5 +104,6 @@ kadm5_hook_test_initvt(krb5_context context, int maj_ver, int min_ver, vt->name = "test"; vt->chpass = chpass; vt->create = create; + vt->rename = rename_hook; return 0; } diff --git a/src/tests/t_kadm5_hook.py b/src/tests/t_kadm5_hook.py index b0de25c..708e328 100755 --- a/src/tests/t_kadm5_hook.py +++ b/src/tests/t_kadm5_hook.py @@ -11,4 +11,8 @@ output = realm.run([kadminl, 'addprinc', '-randkey', 'test']) if "create: stage precommit" not in output: fail('kadm5_hook test output not found') +output = realm.run([kadminl, 'renprinc', 'test', 'test2']) +if "rename: stage precommit" not in output: + fail('kadm5_hook test output not found') + success('kadm5_hook') -- cgit v1.1