static PyObject *PyKAdminPrincipal_reload(PyKAdminPrincipalObject *self) {
krb5_error_code ret = 0;
kadm5_ret_t retval = KADM5_OK;
krb5_principal temp = NULL;
if (self) {
// we need to free prior to fetching otherwise we leak memory since principal and policy are pointers, alternitively we could manually free those
ret = krb5_copy_principal(self->kadmin->context, self->entry.principal, &temp);
if (ret) {}
retval = kadm5_free_principal_ent(self->kadmin->server_handle, &self->entry);
if (retval != KADM5_OK) { PyKAdminError_raise_error(retval, "kadm5_free_principal_ent"); }
if (retval == KADM5_OK) {
retval = kadm5_get_principal(self->kadmin->server_handle, temp, &self->entry, KADM5_PRINCIPAL_NORMAL_MASK);
if (retval != KADM5_OK) { PyKAdminError_raise_error(retval, "kadm5_get_principal"); }
}
krb5_free_principal(self->kadmin->context, temp);
if (retval != KADM5_OK) { return NULL; }
}
Py_RETURN_TRUE;
}
static PyKAdminObject *_kadmin_local(PyObject *self, PyObject *args) {
static const char *kROOT_ADMIN = "root/admin";
PyKAdminObject *kadmin = NULL;
PyObject *py_db_args = NULL;
char **db_args = NULL;
char *client_name = NULL;
kadm5_config_params *params = NULL;
kadm5_ret_t retval = KADM5_OK;
int result = 0;
if (!PyArg_ParseTuple(args, "|O", &py_db_args))
return NULL;
kadmin = PyKAdminObject_create();
params = calloc(0x1, sizeof(kadm5_config_params));
db_args = pykadmin_parse_db_args(py_db_args);
result = asprintf(&client_name, "%s@%s", kROOT_ADMIN, kadmin->realm);
if (result == -1) {
client_name = (char *)kROOT_ADMIN;
}
retval = kadm5_init_with_password(
kadmin->context,
client_name,
NULL,
service_name,
params,
struct_version,
api_version,
db_args,
&kadmin->server_handle);
if (retval != KADM5_OK) {
Py_XDECREF(kadmin);
kadmin = NULL;
PyKAdminError_raise_error(retval, "kadm5_init_with_password.local");
}
if (client_name)
free(client_name);
if (params)
free(params);
pykadmin_free_db_args(db_args);
return kadmin;
}
static PyObject *PyKAdminPrincipal_randomize_key(PyKAdminPrincipalObject *self) {
kadm5_ret_t retval = KADM5_OK;
retval = kadm5_randkey_principal(self->kadmin->server_handle, self->entry.principal, NULL, NULL);
if (retval != KADM5_OK) { PyKAdminError_raise_error(retval, "kadm5_randkey_principal"); return NULL; }
Py_RETURN_TRUE;
}
static PyObject *PyKAdminPrincipal_change_password(PyKAdminPrincipalObject *self, PyObject *args, PyObject *kwds) {
kadm5_ret_t retval = KADM5_OK;
char *password = NULL;
if (!PyArg_ParseTuple(args, "s", &password))
return NULL;
retval = kadm5_chpass_principal(self->kadmin->server_handle, self->entry.principal, password);
if (retval != KADM5_OK) { PyKAdminError_raise_error(retval, "kadm5_chpass_principal"); return NULL; }
Py_RETURN_TRUE;
}
static PyObject *PyKAdminPrincipal_commit(PyKAdminPrincipalObject *self) {
kadm5_ret_t retval = KADM5_OK;
if (self && self->mask) {
retval = kadm5_modify_principal(self->kadmin->server_handle, &self->entry, self->mask);
if (retval != KADM5_OK) { PyKAdminError_raise_error(retval, "kadm5_modify_principal"); }
self->mask = 0;
}
Py_RETURN_TRUE;
}
static PyKAdminObject *_kadmin_init_with_password(PyObject *self, PyObject *args) {
PyKAdminObject *kadmin = NULL;
PyObject *py_db_args = NULL;
kadm5_ret_t retval = KADM5_OK;
char *client_name = NULL;
char *password = NULL;
char **db_args = NULL;
kadm5_config_params *params = NULL;
if (!PyArg_ParseTuple(args, "zz|O", &client_name, &password, &py_db_args))
return NULL;
kadmin = PyKAdminObject_create();
params = calloc(0x1, sizeof(kadm5_config_params));
db_args = pykadmin_parse_db_args(py_db_args);
retval = kadm5_init_with_password(
kadmin->context,
client_name,
password,
service_name,
params,
struct_version,
api_version,
db_args,
&kadmin->server_handle);
if (retval != KADM5_OK) {
Py_XDECREF(kadmin);
kadmin = NULL;
PyKAdminError_raise_error(retval, "kadm5_init_with_password");
}
if (params)
free(params);
pykadmin_free_db_args(db_args);
return kadmin;
}
PyKAdminIterator *PyKAdminIterator_principal_iterator(PyKAdminObject *kadmin, char *match) {
kadm5_ret_t retval = KADM5_OK;
PyKAdminIterator *iter = PyObject_New(PyKAdminIterator, &PyKAdminIterator_Type);
if (iter) {
iter->count = 0x0;
iter->index = 0x0;
iter->kadmin = kadmin;
Py_INCREF(kadmin);
retval = kadm5_get_principals(kadmin->server_handle, match, &iter->names, &iter->count);
if (retval != KADM5_OK) {
PyKAdminError_raise_error(retval, "kadm5_get_principals");
}
}
return iter;
}
static PyKAdminObject *_kadmin_init_with_keytab(PyObject *self, PyObject *args) {
PyKAdminObject *kadmin = NULL;
PyObject *py_db_args = NULL;
kadm5_ret_t retval = KADM5_OK;
krb5_error_code code = 0;
krb5_principal princ = NULL;
char *client_name = NULL;
char *keytab_name = NULL;
char **db_args = NULL;
kadm5_config_params *params = NULL;
if (!PyArg_ParseTuple(args, "|zzO", &client_name, &keytab_name, &py_db_args))
return NULL;
kadmin = PyKAdminObject_create();
params = calloc(0x1, sizeof(kadm5_config_params));
db_args = pykadmin_parse_db_args(py_db_args);
if (keytab_name == NULL) {
keytab_name = "/etc/krb5.keytab";
}
if (client_name == NULL) {
code = krb5_sname_to_principal(kadmin->context, NULL, "host", KRB5_NT_SRV_HST, &princ);
if (code) {
PyKAdminError_raise_error(code, "krb5_sname_to_principal");
goto cleanup;
}
code = krb5_unparse_name(kadmin->context, princ, &client_name);
if (code) {
PyKAdminError_raise_error(code, "krb5_unparse_name");
goto cleanup;
}
}
retval = kadm5_init_with_skey(
kadmin->context,
client_name,
keytab_name,
service_name,
params,
struct_version,
api_version,
db_args,
&kadmin->server_handle);
if (retval != KADM5_OK) {
Py_XDECREF(kadmin);
kadmin = NULL;
PyKAdminError_raise_error(retval, "kadm5_init_with_skey");
}
cleanup:
if (princ)
krb5_free_principal(kadmin->context, princ);
if (params)
free(params);
pykadmin_free_db_args(db_args);
return kadmin;
}
static PyKAdminObject *_kadmin_init_with_ccache(PyObject *self, PyObject *args) {
PyKAdminObject *kadmin = NULL;
PyObject *py_db_args = NULL;
kadm5_ret_t retval = KADM5_OK;
krb5_error_code code = 0;
krb5_principal princ = NULL;
char *ccache_name = NULL;
char *client_name = NULL;
char *_resolved_client = NULL;
char **db_args = NULL;
kadm5_config_params *params = NULL;
krb5_ccache cc;
memset(&cc, 0, sizeof(krb5_ccache));
// TODO : unpack database args as an optional third parameter (will be a dict or array)
if (!PyArg_ParseTuple(args, "|zzO", &client_name, &ccache_name, &py_db_args))
return NULL;
kadmin = PyKAdminObject_create();
params = calloc(0x1, sizeof(kadm5_config_params));
db_args = pykadmin_parse_db_args(py_db_args);
if (!ccache_name) {
code = krb5_cc_default(kadmin->context, &cc);
if (code) {
PyKAdminError_raise_error(code, "krb5_cc_default");
goto cleanup;
}
} else {
code = krb5_cc_resolve(kadmin->context, ccache_name, &cc);
if (code) {
PyKAdminError_raise_error(code, "krb5_cc_resolve");
goto cleanup;
}
}
_resolved_client = client_name;
if (!_resolved_client) {
code = krb5_cc_get_principal(kadmin->context, cc, &princ);
if (code) {
PyKAdminError_raise_error(code, "krb5_cc_get_principal");
goto cleanup;
}
code = krb5_unparse_name(kadmin->context, princ, &_resolved_client);
if (code) {
PyKAdminError_raise_error(code, "krb5_unparse_name");
goto cleanup;
}
}
retval = kadm5_init_with_creds(
kadmin->context,
_resolved_client,
cc,
service_name,
params,
struct_version,
api_version,
db_args,
&kadmin->server_handle);
cleanup:
// we only clean up _resolved_client if we calculated it, otherwise it is
// an internal pointer of a python object and freeing it will be illegal.
if ((client_name == NULL) && _resolved_client)
free(_resolved_client);
krb5_free_principal(kadmin->context, princ);
krb5_cc_close(kadmin->context, cc);
if (retval != KADM5_OK) {
Py_XDECREF(kadmin);
kadmin = NULL;
PyKAdminError_raise_error(retval, "kadm5_init_with_creds");
}
if (params)
free(params);
pykadmin_free_db_args(db_args);
return kadmin;
}
