static PyObject *PyKAdminPrincipal_reload(PyKAdminPrincipalObject *self) { krb5_error_code ret = 0; kadm5_ret_t retval = KADM5_OK; krb5_principal temp = NULL; if (self) { // we need to free prior to fetching otherwise we leak memory since principal and policy are pointers, alternitively we could manually free those ret = krb5_copy_principal(self->kadmin->context, self->entry.principal, &temp); if (ret) {} retval = kadm5_free_principal_ent(self->kadmin->server_handle, &self->entry); if (retval != KADM5_OK) { PyKAdminError_raise_error(retval, "kadm5_free_principal_ent"); } if (retval == KADM5_OK) { retval = kadm5_get_principal(self->kadmin->server_handle, temp, &self->entry, KADM5_PRINCIPAL_NORMAL_MASK); if (retval != KADM5_OK) { PyKAdminError_raise_error(retval, "kadm5_get_principal"); } } krb5_free_principal(self->kadmin->context, temp); if (retval != KADM5_OK) { return NULL; } } Py_RETURN_TRUE; }
static PyKAdminObject *_kadmin_local(PyObject *self, PyObject *args) { static const char *kROOT_ADMIN = "root/admin"; PyKAdminObject *kadmin = NULL; PyObject *py_db_args = NULL; char **db_args = NULL; char *client_name = NULL; kadm5_config_params *params = NULL; kadm5_ret_t retval = KADM5_OK; int result = 0; if (!PyArg_ParseTuple(args, "|O", &py_db_args)) return NULL; kadmin = PyKAdminObject_create(); params = calloc(0x1, sizeof(kadm5_config_params)); db_args = pykadmin_parse_db_args(py_db_args); result = asprintf(&client_name, "%s@%s", kROOT_ADMIN, kadmin->realm); if (result == -1) { client_name = (char *)kROOT_ADMIN; } retval = kadm5_init_with_password( kadmin->context, client_name, NULL, service_name, params, struct_version, api_version, db_args, &kadmin->server_handle); if (retval != KADM5_OK) { Py_XDECREF(kadmin); kadmin = NULL; PyKAdminError_raise_error(retval, "kadm5_init_with_password.local"); } if (client_name) free(client_name); if (params) free(params); pykadmin_free_db_args(db_args); return kadmin; }
static PyObject *PyKAdminPrincipal_randomize_key(PyKAdminPrincipalObject *self) { kadm5_ret_t retval = KADM5_OK; retval = kadm5_randkey_principal(self->kadmin->server_handle, self->entry.principal, NULL, NULL); if (retval != KADM5_OK) { PyKAdminError_raise_error(retval, "kadm5_randkey_principal"); return NULL; } Py_RETURN_TRUE; }
static PyObject *PyKAdminPrincipal_change_password(PyKAdminPrincipalObject *self, PyObject *args, PyObject *kwds) { kadm5_ret_t retval = KADM5_OK; char *password = NULL; if (!PyArg_ParseTuple(args, "s", &password)) return NULL; retval = kadm5_chpass_principal(self->kadmin->server_handle, self->entry.principal, password); if (retval != KADM5_OK) { PyKAdminError_raise_error(retval, "kadm5_chpass_principal"); return NULL; } Py_RETURN_TRUE; }
static PyObject *PyKAdminPrincipal_commit(PyKAdminPrincipalObject *self) { kadm5_ret_t retval = KADM5_OK; if (self && self->mask) { retval = kadm5_modify_principal(self->kadmin->server_handle, &self->entry, self->mask); if (retval != KADM5_OK) { PyKAdminError_raise_error(retval, "kadm5_modify_principal"); } self->mask = 0; } Py_RETURN_TRUE; }
static PyKAdminObject *_kadmin_init_with_password(PyObject *self, PyObject *args) { PyKAdminObject *kadmin = NULL; PyObject *py_db_args = NULL; kadm5_ret_t retval = KADM5_OK; char *client_name = NULL; char *password = NULL; char **db_args = NULL; kadm5_config_params *params = NULL; if (!PyArg_ParseTuple(args, "zz|O", &client_name, &password, &py_db_args)) return NULL; kadmin = PyKAdminObject_create(); params = calloc(0x1, sizeof(kadm5_config_params)); db_args = pykadmin_parse_db_args(py_db_args); retval = kadm5_init_with_password( kadmin->context, client_name, password, service_name, params, struct_version, api_version, db_args, &kadmin->server_handle); if (retval != KADM5_OK) { Py_XDECREF(kadmin); kadmin = NULL; PyKAdminError_raise_error(retval, "kadm5_init_with_password"); } if (params) free(params); pykadmin_free_db_args(db_args); return kadmin; }
PyKAdminIterator *PyKAdminIterator_principal_iterator(PyKAdminObject *kadmin, char *match) { kadm5_ret_t retval = KADM5_OK; PyKAdminIterator *iter = PyObject_New(PyKAdminIterator, &PyKAdminIterator_Type); if (iter) { iter->count = 0x0; iter->index = 0x0; iter->kadmin = kadmin; Py_INCREF(kadmin); retval = kadm5_get_principals(kadmin->server_handle, match, &iter->names, &iter->count); if (retval != KADM5_OK) { PyKAdminError_raise_error(retval, "kadm5_get_principals"); } } return iter; }
static PyKAdminObject *_kadmin_init_with_keytab(PyObject *self, PyObject *args) { PyKAdminObject *kadmin = NULL; PyObject *py_db_args = NULL; kadm5_ret_t retval = KADM5_OK; krb5_error_code code = 0; krb5_principal princ = NULL; char *client_name = NULL; char *keytab_name = NULL; char **db_args = NULL; kadm5_config_params *params = NULL; if (!PyArg_ParseTuple(args, "|zzO", &client_name, &keytab_name, &py_db_args)) return NULL; kadmin = PyKAdminObject_create(); params = calloc(0x1, sizeof(kadm5_config_params)); db_args = pykadmin_parse_db_args(py_db_args); if (keytab_name == NULL) { keytab_name = "/etc/krb5.keytab"; } if (client_name == NULL) { code = krb5_sname_to_principal(kadmin->context, NULL, "host", KRB5_NT_SRV_HST, &princ); if (code) { PyKAdminError_raise_error(code, "krb5_sname_to_principal"); goto cleanup; } code = krb5_unparse_name(kadmin->context, princ, &client_name); if (code) { PyKAdminError_raise_error(code, "krb5_unparse_name"); goto cleanup; } } retval = kadm5_init_with_skey( kadmin->context, client_name, keytab_name, service_name, params, struct_version, api_version, db_args, &kadmin->server_handle); if (retval != KADM5_OK) { Py_XDECREF(kadmin); kadmin = NULL; PyKAdminError_raise_error(retval, "kadm5_init_with_skey"); } cleanup: if (princ) krb5_free_principal(kadmin->context, princ); if (params) free(params); pykadmin_free_db_args(db_args); return kadmin; }
static PyKAdminObject *_kadmin_init_with_ccache(PyObject *self, PyObject *args) { PyKAdminObject *kadmin = NULL; PyObject *py_db_args = NULL; kadm5_ret_t retval = KADM5_OK; krb5_error_code code = 0; krb5_principal princ = NULL; char *ccache_name = NULL; char *client_name = NULL; char *_resolved_client = NULL; char **db_args = NULL; kadm5_config_params *params = NULL; krb5_ccache cc; memset(&cc, 0, sizeof(krb5_ccache)); // TODO : unpack database args as an optional third parameter (will be a dict or array) if (!PyArg_ParseTuple(args, "|zzO", &client_name, &ccache_name, &py_db_args)) return NULL; kadmin = PyKAdminObject_create(); params = calloc(0x1, sizeof(kadm5_config_params)); db_args = pykadmin_parse_db_args(py_db_args); if (!ccache_name) { code = krb5_cc_default(kadmin->context, &cc); if (code) { PyKAdminError_raise_error(code, "krb5_cc_default"); goto cleanup; } } else { code = krb5_cc_resolve(kadmin->context, ccache_name, &cc); if (code) { PyKAdminError_raise_error(code, "krb5_cc_resolve"); goto cleanup; } } _resolved_client = client_name; if (!_resolved_client) { code = krb5_cc_get_principal(kadmin->context, cc, &princ); if (code) { PyKAdminError_raise_error(code, "krb5_cc_get_principal"); goto cleanup; } code = krb5_unparse_name(kadmin->context, princ, &_resolved_client); if (code) { PyKAdminError_raise_error(code, "krb5_unparse_name"); goto cleanup; } } retval = kadm5_init_with_creds( kadmin->context, _resolved_client, cc, service_name, params, struct_version, api_version, db_args, &kadmin->server_handle); cleanup: // we only clean up _resolved_client if we calculated it, otherwise it is // an internal pointer of a python object and freeing it will be illegal. if ((client_name == NULL) && _resolved_client) free(_resolved_client); krb5_free_principal(kadmin->context, princ); krb5_cc_close(kadmin->context, cc); if (retval != KADM5_OK) { Py_XDECREF(kadmin); kadmin = NULL; PyKAdminError_raise_error(retval, "kadm5_init_with_creds"); } if (params) free(params); pykadmin_free_db_args(db_args); return kadmin; }