krb5 commit: Add rename method to kadm5_hook
Greg Hudson
ghudson at mit.edu
Mon Jul 6 15:22:44 EDT 2015
https://github.com/krb5/krb5/commit/a99e5565e99b83a86002332e39938aa6bed6a26a
commit a99e5565e99b83a86002332e39938aa6bed6a26a
Author: Greg Hudson <ghudson at mit.edu>
Date: Fri Jul 3 20:13:43 2015 -0400
Add rename method to kadm5_hook
Bump the minor version of the kadm5_hook interface to 2 and add a
rename method. Invoke the rename method in kadm5_rename_principal()
like we do for other libkadm5srv operations.
Partly based on a patch from John Hascall.
ticket: 8171
doc/plugindev/kadm5_hook.rst | 5 +++--
src/include/krb5/kadm5_hook_plugin.h | 11 +++++++++++
src/lib/kadm5/server_internal.h | 7 +++++++
src/lib/kadm5/srv/kadm5_hook.c | 10 +++++++++-
src/lib/kadm5/srv/svr_principal.c | 8 ++++++++
src/plugins/kadm5_hook/test/main.c | 8 ++++++++
src/tests/t_kadm5_hook.py | 4 ++++
7 files changed, 50 insertions(+), 3 deletions(-)
diff --git a/doc/plugindev/kadm5_hook.rst b/doc/plugindev/kadm5_hook.rst
index f7c46b4..ece3eac 100644
--- a/doc/plugindev/kadm5_hook.rst
+++ b/doc/plugindev/kadm5_hook.rst
@@ -8,8 +8,9 @@ changes are made to the Kerberos database through :ref:`kadmin(1)`.
For a detailed description of the kadm5_hook interface, see the header
file ``<krb5/kadm5_hook_plugin.h>``.
-The kadm5_hook interface has four primary methods: **chpass**,
-**create**, **modify**, and **remove**. Each of these methods is
+The kadm5_hook interface has five primary methods: **chpass**,
+**create**, **modify**, **remove**, and **rename**. (The **rename**
+method was introduced in release 1.14.) Each of these methods is
called twice when the corresponding administrative action takes place,
once before the action is committed and once afterwards. A module can
prevent the action from taking place by returning an error code during
diff --git a/src/include/krb5/kadm5_hook_plugin.h b/src/include/krb5/kadm5_hook_plugin.h
index c95c17f..f4f3730 100644
--- a/src/include/krb5/kadm5_hook_plugin.h
+++ b/src/include/krb5/kadm5_hook_plugin.h
@@ -46,6 +46,9 @@
* This interface depends on kadm5/admin.h. As such, the interface
* does not provide strong guarantees of ABI stability.
*
+ * The kadm5_hook interface currently has only one supported major version,
+ * which is 1. Major version 1 has a current minor version number of 2.
+ *
* kadm5_hook plugins should:
* kadm5_hook_<modulename>_initvt, matching the signature:
*
@@ -138,6 +141,14 @@ typedef struct kadm5_hook_vtable_1_st {
int stage, krb5_principal);
/* End of minor version 1. */
+
+ /** Indicate a principal is renamed. */
+ kadm5_ret_t (*rename)(krb5_context,
+ kadm5_hook_modinfo *modinfo,
+ int stage, krb5_principal, krb5_principal);
+
+ /* End of minor version 2. */
+
} kadm5_hook_vftable_1;
#endif /*H_KRB5_KADM5_HOOK_PLUGIN*/
diff --git a/src/lib/kadm5/server_internal.h b/src/lib/kadm5/server_internal.h
index 623187d..dc79c78 100644
--- a/src/lib/kadm5/server_internal.h
+++ b/src/lib/kadm5/server_internal.h
@@ -255,6 +255,13 @@ k5_kadm5_hook_remove (krb5_context context,
int stage,
krb5_principal princ);
+/** Call rename kadm5_hook entry point. */
+kadm5_ret_t
+k5_kadm5_hook_rename (krb5_context context,
+ kadm5_hook_handle *handles,
+ int stage,
+ krb5_principal oprinc, krb5_principal nprinc);
+
/** @}*/
#endif /* __KADM5_SERVER_INTERNAL_H__ */
diff --git a/src/lib/kadm5/srv/kadm5_hook.c b/src/lib/kadm5/srv/kadm5_hook.c
index 62f3bff..13f454f 100644
--- a/src/lib/kadm5/srv/kadm5_hook.c
+++ b/src/lib/kadm5/srv/kadm5_hook.c
@@ -64,7 +64,7 @@ k5_kadm5_hook_load(krb5_context context,
handle = k5alloc(sizeof(*handle), &ret);
if (handle == NULL)
goto cleanup;
- ret = (*mod)(context, 1, 1, (krb5_plugin_vtable)&handle->vt);
+ ret = (*mod)(context, 1, 2, (krb5_plugin_vtable)&handle->vt);
if (ret != 0) { /* Failed vtable init is non-fatal. */
free(handle);
handle = NULL;
@@ -169,6 +169,14 @@ k5_kadm5_hook_modify(krb5_context context, kadm5_hook_handle *handles,
}
kadm5_ret_t
+k5_kadm5_hook_rename(krb5_context context, kadm5_hook_handle *handles,
+ int stage, krb5_principal oprinc, krb5_principal nprinc)
+{
+ ITERATE(rename, (context, h->data, stage, oprinc, nprinc));
+ return 0;
+}
+
+kadm5_ret_t
k5_kadm5_hook_remove(krb5_context context, kadm5_hook_handle *handles,
int stage, krb5_principal princ)
{
diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
index 27f8eba..5b95fa3 100644
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -835,9 +835,17 @@ kadm5_rename_principal(void *server_handle,
goto done;
}
+ ret = k5_kadm5_hook_rename(handle->context, handle->hook_handles,
+ KADM5_HOOK_STAGE_PRECOMMIT, source, target);
+ if (ret)
+ goto done;
+
if ((ret = kdb_put_entry(handle, kdb, &adb)))
goto done;
+ (void) k5_kadm5_hook_rename(handle->context, handle->hook_handles,
+ KADM5_HOOK_STAGE_POSTCOMMIT, source, target);
+
ret = kdb_delete_entry(handle, source);
done:
diff --git a/src/plugins/kadm5_hook/test/main.c b/src/plugins/kadm5_hook/test/main.c
index 48b549c..1ac2cb0 100644
--- a/src/plugins/kadm5_hook/test/main.c
+++ b/src/plugins/kadm5_hook/test/main.c
@@ -81,6 +81,13 @@ create(krb5_context context,
return 0;
}
+static kadm5_ret_t
+rename_hook(krb5_context context, kadm5_hook_modinfo *modinfo, int stage,
+ krb5_principal oprinc, krb5_principal nprinc)
+{
+ log_call(context, "rename", stage, oprinc);
+ return 0;
+}
krb5_error_code
kadm5_hook_test_initvt(krb5_context context, int maj_ver, int min_ver,
@@ -97,5 +104,6 @@ kadm5_hook_test_initvt(krb5_context context, int maj_ver, int min_ver,
vt->name = "test";
vt->chpass = chpass;
vt->create = create;
+ vt->rename = rename_hook;
return 0;
}
diff --git a/src/tests/t_kadm5_hook.py b/src/tests/t_kadm5_hook.py
index b0de25c..708e328 100755
--- a/src/tests/t_kadm5_hook.py
+++ b/src/tests/t_kadm5_hook.py
@@ -11,4 +11,8 @@ output = realm.run([kadminl, 'addprinc', '-randkey', 'test'])
if "create: stage precommit" not in output:
fail('kadm5_hook test output not found')
+output = realm.run([kadminl, 'renprinc', 'test', 'test2'])
+if "rename: stage precommit" not in output:
+ fail('kadm5_hook test output not found')
+
success('kadm5_hook')
More information about the cvs-krb5
mailing list