int kadm_init(struct rekey_session *sess) { void *kadm_handle=NULL; kadm5_config_params kadm_param; int rc; rc = krealm_init(sess); if (rc) return rc; kadm_param.mask = KADM5_CONFIG_REALM; kadm_param.realm = sess->realm; #ifdef HAVE_KADM5_INIT_WITH_SKEY_CTX rc = kadm5_init_with_skey_ctx(sess->kctx, "rekey/admin", NULL, KADM5_ADMIN_SERVICE, &kadm_param, KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, &kadm_handle); #else rc = kadm5_init_with_skey(sess->kctx, "rekey/admin", NULL, KADM5_ADMIN_SERVICE, &kadm_param, KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL, &kadm_handle); #endif if (rc) { prtmsg("Unable to initialize kadm5 library: %s", krb5_get_err_text(sess->kctx, rc)); return rc; } sess->kadm_handle = kadm_handle; return 0; }
static PyKAdminObject *_kadmin_init_with_keytab(PyObject *self, PyObject *args) { PyKAdminObject *kadmin = PyKAdminObject_create(); PyObject *db_args_dict = NULL; kadm5_ret_t retval = KADM5_OK; krb5_error_code code = 0; krb5_principal princ = NULL; char *client_name = NULL; char *keytab_name = NULL; char **db_args = NULL; kadm5_config_params *params = calloc(0x1, sizeof(kadm5_config_params)); if (!PyArg_ParseTuple(args, "|zzO!", &client_name, &keytab_name, &PyDict_Type, &db_args_dict)) return NULL; db_args = _kadmin_dict_to_db_args(db_args_dict); if (keytab_name == NULL) { keytab_name = "/etc/krb5.keytab"; } if (client_name == NULL) { code = krb5_sname_to_principal(kadmin->context, NULL, "host", KRB5_NT_SRV_HST, &princ); if (code) { PyKAdmin_RETURN_ERROR(code, "krb5_sname_to_principal"); } code = krb5_unparse_name(kadmin->context, princ, &client_name); if (code) { PyKAdmin_RETURN_ERROR(code, "krb5_unparse_name"); } krb5_free_principal(kadmin->context, princ); } retval = kadm5_init_with_skey( kadmin->context, client_name, keytab_name, service_name, params, struct_version, api_version, db_args, &kadmin->server_handle); if (db_args) _kadmin_free_db_args(db_args); if (retval != KADM5_OK) { PyKAdmin_RETURN_ERROR(retval, "kadm5_init_with_skey"); } Py_XINCREF(kadmin); return kadmin; }
/* Modify Kerberos principal */ long modify_kerberos(char *username, int activate) { void *kadm_server_handle = NULL; krb5_context context = NULL; kadm5_ret_t status; krb5_principal princ; kadm5_principal_ent_rec dprinc; kadm5_policy_ent_rec defpol; kadm5_config_params realm_params; char admin_princ[256]; long mask = 0; #ifdef KERBEROS_TEST_REALM char ubuf[256]; sprintf(admin_princ, "moira/%s@%s", hostname, KERBEROS_TEST_REALM); sprintf(ubuf, "%s@%s", username, KERBEROS_TEST_REALM); username = ubuf; realm_params.realm = KERBEROS_TEST_REALM; realm_params.mask = KADM5_CONFIG_REALM; #else strcpy(admin_princ, MOIRA_SVR_PRINCIPAL); realm_params.mask = 0; #endif status = krb5_init_context(&context); if (status) return status; memset(&princ, 0, sizeof(princ)); memset(&dprinc, 0, sizeof(dprinc)); status = krb5_parse_name(context, username, &princ); if (status) return status; status = kadm5_init_with_skey(admin_princ, NULL, KADM5_ADMIN_SERVICE, &realm_params, KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL, &kadm_server_handle); if (status) goto cleanup; status = kadm5_get_principal(kadm_server_handle, princ, &dprinc, KADM5_PRINCIPAL_NORMAL_MASK); if (status) goto cleanup; mask |= KADM5_ATTRIBUTES; if (activate == 2) { /* Force password change */ dprinc.attributes |= KRB5_KDB_REQUIRES_PWCHANGE; dprinc.attributes &= ~KRB5_KDB_DISALLOW_ALL_TIX; } else if (activate == 1) { /* Enable principal */ dprinc.attributes &= ~KRB5_KDB_DISALLOW_ALL_TIX; dprinc.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; } else { /* Disable principal */ dprinc.attributes |= KRB5_KDB_DISALLOW_ALL_TIX; dprinc.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; } status = kadm5_modify_principal(kadm_server_handle, &dprinc, mask); cleanup: krb5_free_principal(context, princ); kadm5_free_principal_ent(kadm_server_handle, &dprinc); if (kadm_server_handle) kadm5_destroy(kadm_server_handle); return status; }
static PyKAdminObject *_kadmin_init_with_keytab(PyObject *self, PyObject *args) { PyKAdminObject *kadmin = NULL; PyObject *py_db_args = NULL; kadm5_ret_t retval = KADM5_OK; krb5_error_code code = 0; krb5_principal princ = NULL; char *client_name = NULL; char *keytab_name = NULL; char **db_args = NULL; kadm5_config_params *params = NULL; if (!PyArg_ParseTuple(args, "|zzO", &client_name, &keytab_name, &py_db_args)) return NULL; kadmin = PyKAdminObject_create(); params = calloc(0x1, sizeof(kadm5_config_params)); db_args = pykadmin_parse_db_args(py_db_args); if (keytab_name == NULL) { keytab_name = "/etc/krb5.keytab"; } if (client_name == NULL) { code = krb5_sname_to_principal(kadmin->context, NULL, "host", KRB5_NT_SRV_HST, &princ); if (code) { PyKAdminError_raise_error(code, "krb5_sname_to_principal"); goto cleanup; } code = krb5_unparse_name(kadmin->context, princ, &client_name); if (code) { PyKAdminError_raise_error(code, "krb5_unparse_name"); goto cleanup; } } retval = kadm5_init_with_skey( kadmin->context, client_name, keytab_name, service_name, params, struct_version, api_version, db_args, &kadmin->server_handle); if (retval != KADM5_OK) { Py_XDECREF(kadmin); kadmin = NULL; PyKAdminError_raise_error(retval, "kadm5_init_with_skey"); } cleanup: if (princ) krb5_free_principal(kadmin->context, princ); if (params) free(params); pykadmin_free_db_args(db_args); return kadmin; }