How to extend kadmin

Mon Oct 26 17:31:11 EDT 2009

> This doesn't achieve much.  You could not, for example, change the
> arguments/results of any RPCs this way.

We can because the api_version is included in the relevant data  
structures. I prefer to avoid proliferation of RPCs for simply varying  
the data structures: look how horrible [MS-SAMR] looks because of this.

static bool_t
_xdr_kadm5_policy_ent_rec(XDR *xdrs, kadm5_policy_ent_rec *objp, int  
vers)
{
...
         if (vers == KADM5_API_VERSION_3) {
                 if (!xdr_krb5_kvno(xdrs, &objp->pw_max_fail))
                         return (FALSE);
                 if (!xdr_krb5_deltat(xdrs, &objp->pw_failcnt_interval))
                         return (FALSE);
                 if (!xdr_krb5_deltat(xdrs, &objp->pw_lockout_duration))
                         return (FALSE);
         } else if (xdrs->x_op == XDR_DECODE) {
                 objp->pw_max_fail = 0;
                 objp->pw_failcnt_interval = 0;
                 objp->pw_lockout_duration = 0;
         }
}

bool_t
xdr_gpol_ret(XDR *xdrs, gpol_ret *objp)
{
         if (!xdr_ui_4(xdrs, &objp->api_version)) {
                 return (FALSE);
         }
         if (!xdr_kadm5_ret_t(xdrs, &objp->code)) {
                 return (FALSE);
         }
         if(objp->code == KADM5_OK) {
             if (!_xdr_kadm5_policy_ent_rec(xdrs, &objp->rec,
                                            objp->api_version))
                 return (FALSE);
         }

         return (TRUE);
}

-- Luke