# Rules for building the krb5-sync plugin.
module_LTLIBRARIES = plugin/krb5_sync.la
-plugin_krb5_sync_la_SOURCES = plugin/ad.c plugin/api.c plugin/config.c \
- plugin/error.c plugin/internal.h plugin/heimdal.c plugin/instance.c \
- plugin/logging.c plugin/mit.c plugin/queue.c plugin/vector.c
+plugin_krb5_sync_la_SOURCES = plugin/ad.c plugin/config.c plugin/error.c \
+ plugin/internal.h plugin/general.c plugin/heimdal.c \
+ plugin/instance.c plugin/logging.c plugin/mit.c plugin/queue.c \
+ plugin/vector.c
plugin_krb5_sync_la_CPPFLAGS = $(KADM5SRV_CPPFLAGS) $(LDAP_CPPFLAGS) \
$(AM_CPPFLAGS)
plugin_krb5_sync_la_LDFLAGS = -module -avoid-version $(KADM5SRV_LDFLAGS) \
bool allowed = false;
bool conflict = true;
+ /* Do nothing if we don't have required configuration. */
if (config->ad_realm == NULL)
return 0;
+
+ /* If there was no password, this is probably a key randomization. */
if (password == NULL)
return 0;
+
+ /* Check if this principal should be synchronized. */
code = principal_allowed(config, ctx, principal, true, &allowed);
if (code != 0)
return code;
if (!allowed)
return 0;
- code = sync_queue_conflict(config, ctx, principal, "enable", &conflict);
+
+ /* Check if there was a queue conflict or if we always queue. */
+ code = sync_queue_conflict(config, ctx, principal, "password", &conflict);
if (code != 0)
return code;
if (conflict)
goto queue;
if (config->ad_queue_only)
goto queue;
+
+ /* Do the password change, and queue if it fails. */
code = sync_ad_chpass(config, ctx, principal, password);
if (code != 0) {
message = krb5_get_error_message(ctx, code);
bool allowed = false;
bool conflict = true;
+ /* Do nothing if we don't have the required configuration. */
if (config->ad_admin_server == NULL
|| config->ad_keytab == NULL
|| config->ad_ldap_base == NULL
|| config->ad_principal == NULL
|| config->ad_realm == NULL)
return 0;
+
+ /* Check if this principal should be synchronized. */
code = principal_allowed(config, ctx, principal, true, &allowed);
if (code != 0)
return code;
if (!allowed)
return 0;
+
+ /* Check if there was a queue conflict or if we always queue. */
code = sync_queue_conflict(config, ctx, principal, "enable", &conflict);
if (code != 0)
return code;
goto queue;
if (config->ad_queue_only)
goto queue;
+
+ /* Synchronize the status. */
code = sync_ad_status(config, ctx, principal, enabled);
if (code != 0) {
message = krb5_get_error_message(ctx, code);