kadm5_hook rename

John Hascall john at iastate.edu
Sun May 3 11:41:29 EDT 2015 

Well, as long as I'm complaining about omissions in the kadm5_hook
interface,
here's another one
*(looks like my dream of getting rid of a local mod is nowjust swapping a
local mod for a slightly less obnoxious local mod)*.

    ret = k5_kadm5_hook_chpass(handle->context, handle->hook_handles,
                               *handle->current_caller*,
                               KADM5_HOOK_STAGE_PRECOMMIT,
                               principal, keepold,
                               new_n_ks_tuple, new_ks_tuple, NULL);

Because we do bi-directional password sync (MIT KDC <--> WinAD KDC),
we need a way to prevent an endless loop of the same password change going
around and around forever.  I'm open to better suggestions, but what we've
used thus far is to look at which principal (handle->current_caller) is
making the
update and if it is the ADsyncer, then the MIT side doesn't send the update
back.

John


On Sat, May 2, 2015 at 10:44 PM, John Hascall <john at iastate.edu> wrote:

> I wasn't exactly sure how you intended the major/minor version numbering
> business to work, but here's a set of patches (based off of 1.13.1) which
> add a rename function to a version 2 of kadm5_hook_vftable:
>
> kadm5_ret_t (*rename)(krb5_context ctx,
>                       kadm5_hook_modinfo *modinfo,
>                       int stage,
>                       krb5_principal source,    /* old name */
>                       krb5_principal target);   /* new name */
>
> Are we the only place which makes much use of rename?
>
> John
> ------------------------->8--------- snippy snip
> ---------8<-------------------
> begin 440 kadm5_hook_rename_patches.tgz
> M'XL(`"J6154``^U:ZW/:1A#/U_)7;"<S'5["DD#@X#IC-W433_S(.$Z_:@0Z
> M0$7H-)(@(1G_[]T]22"$>"1V2*:]WR0\Q-W>/NY^>[M)X]GWAZJVU(YAX+M`
> M_EU\UG1#U_1VJZ-VZ'FGTS:>&0?0[=DTC*P`X%G`>;1MW,<18^XA%#HL&D=A
> MT%<<K^].;::, at YZAC"U[8I at CSL>F[TZ'CM<8/6X-55/5=JNU*?Y&$V.=QK_=
> MIGVBM=L='/\T)F['_SS^BJ(`[H"C9`<<T0XX*M@!#1XXPU]T53,455<T#72M
> MJ[6[K69C<89!4=NJ6JK5:GM)3(21/-#T;E/KMHY7A!DH[.P,E+9:;T,-7SMP
> M=E8"J-)?4."5%480C1C,(JOG,O"YXT4L`"L$R_<#[@>.%3$8\``FUC_FC`5=
> M,9.0/(#34]"ZB20.&2UG`R'4U$JU]2GZUBEZ1L=+SXD<RW4^,Z'IA$4C;H?`
> M!QG%ZQ!&W/<=;UBD.HY+M`ZGON\ZS(:)XY$F#8!;/W*X9[D+P1-K#CT&+AM$
> M,/6<Q>IV0[A2:ZGU%M2TEE8W7L3>1!Q5X<*S22F4C$NB[!#%@M:`ZE$)'@K]
> M<E*"4BV:^\QF`S0 at F/:CE7&)+TQTTY=2#;TH%JK".43L4T0SR&#'9E[D#.;T
> MF3P2;PYAN,N'0WH\86%H#5DHE!%B^MQ#J?T1GMNJ9TW8259^QN-6*F["[:G+
> M&O$@].69;P76A!X[WH!#P*)IX(7 at L8_N'"S7Y7WTOIU,`S&&-!I,<1Q;2.GC
> M2-0*7KG,\G#XU(?>7%@Q0,>7*SC>ZU-\%@LG^L=NPE7-",I5"E*E3*?$1,/(
> M.?6L(U,EJ]7D4V7%7+$X+6VEZEH8RD'`&)Q9J85+U\VX8^.:I.`^:Q8N>>G9
> M#CDH1%NM^`3Z5AA^Y($-3HC;CZ*&T?&&M.UR/D>V'3(:AEK3<1WBB1H$?`+/
> M,^O'@Y at WG;#`(@_FI8P9\[DKEL.=A_(&P#XY840KC]D<I0<L463,_&A-"XPT
> MJ4SS;SY<7=%\, at .G0KB<&J`K^20^/=LBV!^1L)P_DQF%V.+JK?/08;$#MTLG
> M-9!!O+[C6VX]_M[C7.R4Q',[E_',<6A&4]_=8RUTFQE:;A2/A^I>,U<.<1R.
> MXFU&QS at UA@+6#QB=SL:F8(B?'QF,IXB"$+O0W$2>,_&4N9PHS0K'/U<$T at .\
> M&H)K],=@G at W`)J]/Q,B?W^O[;3&;N6S+%@O8A,\>N\6^[KSG#O5^9 at 2,LN,6
> M,^CG'VG&-K.*KR1Z;$SAE42GV?"<H3<&*."-^?;N#\-\>_[GM6&^N;U]:[Z[
> M^O#Z\@;G_^A+]T^$7/U'7E5"%J"_37&;QLOE8\N_7?6?IG8*ZC^](^N_`V"M
> M_J,=<+2V`[+E7TMIJJ"K72S:6IVUBFVM_"L6N%+]'7>-XZ[6*JS^=,.@\H_>
> MM.:B9-E&,IM&K')-3)454<:(BS3>YA/&S)`+7D*C8!Z7EC'U9#@4OV#J71)1
> M,GN%4&$7L6;FXY79INP=OX<;I^Q.A3E3N?B89UOP4A<@;9(+SAZHW,M0*)@)
> M?;Z_N/O[XLZ\O+F_N+LYOS+?F"9('OTO(.9_U^FEW!_,, at W`1O\IUMC!_[IF
> MZ'G^-YH=3?+_`9#R/^Z`E*J#V5%V!WQ]YV^SK#SK:UU5*V3]IE[O0$V\$N4_
> M3[()_![.0Y</&Z.71%3K;:>8.N.FDY*CUT7K"F;12?9"O'J+%+_FJ7EQW[6M
> MR,*?'RAOB.9DBQ05K]G<E%#Y*8P-T4\JA\YGQ@?EA-LK=?@-4TCE9#D#";><
> MSCH578G*:B(;\HA#GXKXJ7\2&T=`,;B,J,`JY44S1Q-_XDP4-\&2CESEMW at 1
> MY>6,EJ]M%Z/O*6;%"A+UZRFH%?BR>(ZYY"_+<9F=-FNIZT4UBL<]98`^C2O+
> M%8.IB96X)+O$BGO)3R=Q:[/]@NX)]*:U1"P>:(OL3-?%V?H;TO+&*F='^BW5
> MOL02+S&YGM]?E&.]T.T+94;*2]IW]51^*C"1D,8Q[F."BE\?J)#*V at YYVZF$
> M_0;;B^\;FVU/;,3C^*.93J((1?D_G`7+"#[!%6!7_:<WFVOUGZ[K,O\?`,7Y
> M/[<#'GL%R(G+WP(Z7;59>`LXUO7Z"ZC1F[::7T4RM+G'DL1`7)]RH,BZ!42?
> M9JPEK28/,DRWN>A:(--0>G]__OK"?'=W\>KV^OKR'OF93X,^DB!NJ2%;Y-<D
> M*5:6HC/JUTJ+Q%E.E+=[IC^-3%%Z)EK7Z2E>&BR[5ZE4BOT0BR_3/_%4OJL'
> M"EQP^_Y^LP]B=9?&Q>W5G'WQ-%&/"X.Z,F$<`FO\_\2]/\+._M_Z__\P.H:L
> M_PZ!`O[?UOO[:O;?VO?3NTV]VVK+OI_L^TE(2$A(2$A(2$A(2$A(2$A(2$A(
> ?2$A(2$A(2$A(2$A(2$A(2$A(2.R/?P'3]3Z0`%```$A(
> `
> end
>
> On Sat, May 2, 2015 at 9:57 AM, John Hascall <john at iastate.edu> wrote:
>
>>
>> Is there a reason why the kadm5_hook interface does not seem to have any
>> support for a principal "rename" operation?
>>
>> John
>>
>
>

More information about the Kerberos mailing list