Apparently we forgot to check OID consistency between the schema and
the extensions, and we got duplicates.

Technically the schema was done later but it is easier to change the
extensions OIDs then to change the schema of current beta2/rc1
installations.

The only side effect is that older ipa-getkeytab and ipa-join binaries
will fail. So the admin/client tools must be upgraded as well at the
same time as well all the masters (as otherwise some will show/accept
the new OID while others won't).

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York
>From 95f949a748420211d7515d84473dbce6922efe38 Mon Sep 17 00:00:00 2001
From: Simo Sorce <sso...@redhat.com>
Date: Wed, 16 Feb 2011 11:16:30 -0500
Subject: [PATCH] Fix duplicate OIDs

Fixes: https://fedorahosted.org/freeipa/ticket/976
---
 .../ipa-enrollment/ipa_enrollment.c                |    2 +-
 .../ipa-pwd-extop/ipa_pwd_extop.c                  |    4 ++--
 ipa-client/ipa-getkeytab.c                         |    4 ++--
 ipa-client/ipa-join.c                              |    2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c b/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c
index 34fba02c4a663b6b57afe808e8bf3a85dbeb70e8..499f91266109321ddc7bd5b4574ccc73e6bfea65 100644
--- a/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c
+++ b/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c
@@ -53,7 +53,7 @@
 #define IPA_PLUGIN_NAME "ipa-enrollment"
 
 /* OID of the extended operation handled by this plug-in */
-#define JOIN_OID    "2.16.840.1.113730.3.8.3.53"
+#define JOIN_OID    "2.16.840.1.113730.3.8.10.3"
 
 Slapi_PluginDesc pdesc = {
     IPA_PLUGIN_NAME,
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
index 7a4591f8a18f62426deda92a13fdeedfc92a07e4..0871f294fb5ef4595a6e1d572b1a8f0a6dce5f7e 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
@@ -64,8 +64,8 @@
 #define EXOP_PASSWD_OID	"1.3.6.1.4.1.4203.1.11.1"
 
 /* OID to retrieve keytabs */
-#define KEYTAB_SET_OID "2.16.840.1.113730.3.8.3.1"
-#define KEYTAB_RET_OID "2.16.840.1.113730.3.8.3.2"
+#define KEYTAB_SET_OID "2.16.840.1.113730.3.8.10.1"
+#define KEYTAB_RET_OID "2.16.840.1.113730.3.8.10.2"
 
 
 
diff --git a/ipa-client/ipa-getkeytab.c b/ipa-client/ipa-getkeytab.c
index f8da317865897ed8b1ba6c7b9caf7bf95c24a14e..01b8d7bc5c6485061460afc48e035b07938fd0e0 100644
--- a/ipa-client/ipa-getkeytab.c
+++ b/ipa-client/ipa-getkeytab.c
@@ -50,8 +50,8 @@
 #define KRB5_KDB_SALTTYPE_SPECIAL       4
 #define KRB5_KDB_SALTTYPE_AFS3          5
 
-#define KEYTAB_SET_OID "2.16.840.1.113730.3.8.3.1"
-#define KEYTAB_RET_OID "2.16.840.1.113730.3.8.3.2"
+#define KEYTAB_SET_OID "2.16.840.1.113730.3.8.10.1"
+#define KEYTAB_RET_OID "2.16.840.1.113730.3.8.10.2"
 
 struct krb_key_salt {
     krb5_enctype enctype;
diff --git a/ipa-client/ipa-join.c b/ipa-client/ipa-join.c
index 86b1bd122064ebe4832225cfa2bc65f80a69da00..c3818f21ee3374051c9e3e4b03c4601916b3f3b0 100644
--- a/ipa-client/ipa-join.c
+++ b/ipa-client/ipa-join.c
@@ -42,7 +42,7 @@
 #define NAME "ipa-join"
 #define VERSION "1.0"
 
-#define JOIN_OID "2.16.840.1.113730.3.8.3.53"
+#define JOIN_OID "2.16.840.1.113730.3.8.10.3"
 
 #define CAFILE "/etc/ipa/ca.crt"
 
-- 
1.7.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to