diff --git a/PyKAdminCommon.c b/PyKAdminCommon.c index 2714887..fa33e8f 100644 --- a/PyKAdminCommon.c +++ b/PyKAdminCommon.c @@ -24,11 +24,12 @@ inline char *PyUnicode_or_PyBytes_asCString(PyObject *in_str) { PyObject *ascii = PyUnicode_AsASCIIString(in_str); if (ascii) { - out_str = PyBytes_AsString(in_str); + out_str = PyBytes_AsString(ascii); Py_XDECREF(ascii); } } else if (PyBytes_CheckExact(in_str)) { + out_str = PyBytes_AsString(in_str); } @@ -36,6 +37,59 @@ inline char *PyUnicode_or_PyBytes_asCString(PyObject *in_str) { } +char *pykadmin_timestamp_as_isodate(time_t timestamp, const char *zero) { + + struct tm *timeinfo; + char *isodate = NULL; + + if (timestamp) { + isodate = malloc(32); + + if (isodate) { + + timeinfo = localtime(×tamp); + strftime(isodate, 32, "%FT%T%z", timeinfo); + } + } else { + isodate = strdup(zero); + } + + return isodate; +} + +char *pykadmin_timestamp_as_deltastr(int seconds, const char *zero) { + + char *deltastr = NULL; + int negative, days, hours, minutes; + + if (seconds != 0) { + + if (seconds < 0) { + seconds *= -1; + negative = 1; + } + + days = seconds / (24 * 3600); + seconds %= 24 * 3600; + hours = seconds / 3600; + seconds %= 3600; + minutes = seconds / 60; + seconds %= 60; + + deltastr = malloc(64); + + if (deltastr) { + snprintf(deltastr, 64, "%s%d %s %02d:%02d:%02d", negative ? "-" : "", days, days == 1 ? "day" : "days", hours, minutes, seconds); + } + + } else { + + deltastr = strdup(zero); + } + + return deltastr; +} + inline PyObject *pykadmin_pydatetime_from_timestamp(time_t timestamp) { diff --git a/PyKAdminCommon.h b/PyKAdminCommon.h index 12ff185..e2e8148 100644 --- a/PyKAdminCommon.h +++ b/PyKAdminCommon.h @@ -20,11 +20,9 @@ # define PyDateTime_DELTA_GET_MICROSECONDS(o) (((PyDateTime_Delta*)o)->microseconds) #endif -#define PyUnicodeBytes_Check(obj) (PyUnicode_CheckExact(obj) || PyBytes_CheckExact(obj)) inline char *PyUnicode_or_PyBytes_asCString(PyObject *in_str); - int pykadmin_policy_exists(void *server_handle, const char *name); inline PyObject *pykadmin_pydatetime_from_timestamp(time_t timestamp); @@ -32,6 +30,12 @@ int pykadmin_timestamp_from_pydatetime(PyObject *datetime); int pykadmin_seconds_from_pydatetime(PyObject *delta); + +char *pykadmin_timestamp_as_isodate(time_t timestamp, const char *zero); +char *pykadmin_timestamp_as_deltastr(int seconds, const char *zero); + + + krb5_error_code pykadmin_kadm_from_kdb(PyKAdminObject *kadmin, krb5_db_entry *kdb, kadm5_principal_ent_rec *entry, long mask); krb5_error_code pykadmin_policy_kadm_from_osa(krb5_context ctx, osa_policy_ent_rec *osa, kadm5_policy_ent_rec *entry, long mask); diff --git a/PyKAdminErrors.c b/PyKAdminErrors.c index f565df9..a7940a7 100644 --- a/PyKAdminErrors.c +++ b/PyKAdminErrors.c @@ -2,8 +2,10 @@ #include "PyKAdminErrors.h" static PyObject *_pykadmin_error_base; -static PyObject *_pykadmin_kadm_errors; -static PyObject *_pykadmin_krb5_errors; +static PyObject *_pykadmin_errors; + +//static PyObject *_pykadmin_kadm_errors; +//static PyObject *_pykadmin_krb5_errors; /* Initialize Error Classes @@ -18,6 +20,7 @@ static PyObject *_pykadmin_krb5_errors; int PyKAdminError_init_kadm(PyObject *module, PyObject *base); int PyKAdminError_init_krb5(PyObject *module, PyObject *base); +int PyKAdminError_init_kdb(PyObject *module, PyObject *base); PyObject *PyKAdminError_init(PyObject *module) { @@ -25,15 +28,18 @@ PyObject *PyKAdminError_init(PyObject *module) { static const char kBASE_ERROR[] = "KAdminError"; static const char kKADM_ERROR[] = "AdminError"; static const char kKRB5_ERROR[] = "KerberosError"; + static const char kKDB_ERROR[] = "DatabaseError"; PyObject *PyKAdminError_kadm = NULL; PyObject *PyKAdminError_krb5 = NULL; + PyObject *PyKAdminError_kdb = NULL; // initialize the global statics + _pykadmin_errors = PyDict_New(); _pykadmin_error_base = NULL; - _pykadmin_kadm_errors = NULL; - _pykadmin_krb5_errors = NULL; + //_pykadmin_kadm_errors = NULL; + //_pykadmin_krb5_errors = NULL; size_t length = sizeof(kMODULE_NAME) + 0x10; @@ -47,7 +53,7 @@ PyObject *PyKAdminError_init(PyObject *module) { if (_pykadmin_error_base) { - Py_INCREF(_pykadmin_error_base); + //Py_INCREF(_pykadmin_error_base); PyModule_AddObject(module, kBASE_ERROR, _pykadmin_error_base); snprintf(cname, length, "%s.%s", kMODULE_NAME, kKADM_ERROR); @@ -56,17 +62,26 @@ PyObject *PyKAdminError_init(PyObject *module) { snprintf(cname, length, "%s.%s", kMODULE_NAME, kKRB5_ERROR); PyKAdminError_krb5 = PyErr_NewException(cname, _pykadmin_error_base, NULL); + snprintf(cname, length, "%s.%s", kMODULE_NAME, kKDB_ERROR); + PyKAdminError_kdb = PyErr_NewException(cname, _pykadmin_error_base, NULL); + if (PyKAdminError_kadm) { - Py_INCREF(PyKAdminError_kadm); + //Py_INCREF(PyKAdminError_kadm); PyModule_AddObject(module, kKADM_ERROR, PyKAdminError_kadm); PyKAdminError_init_kadm(module, PyKAdminError_kadm); } if (PyKAdminError_krb5) { - Py_INCREF(PyKAdminError_krb5); + //Py_INCREF(PyKAdminError_krb5); PyModule_AddObject(module, kKRB5_ERROR, PyKAdminError_krb5); PyKAdminError_init_krb5(module, PyKAdminError_krb5); } + + if (PyKAdminError_kdb) { + //Py_INCREF(PyKAdminError_krb5); + PyModule_AddObject(module, kKDB_ERROR, PyKAdminError_kdb); + PyKAdminError_init_kdb(module, PyKAdminError_kdb); + } } free(cname); @@ -119,16 +134,23 @@ static void _PyKAdminError_raise_exception(PyObject *storage, PyObject *error, c } -void PyKAdminError_raise_krb5_error(krb5_error_code code, char *caller) { - PyObject *error = PyLong_FromLong(code); - _PyKAdminError_raise_exception(_pykadmin_krb5_errors, error, caller); +void PyKAdminError_raise_error(long value, char *caller) { + PyObject *error = PyLong_FromLong((long)value); + _PyKAdminError_raise_exception(_pykadmin_errors, error, caller); } -void PyKAdminError_raise_kadm_error(kadm5_ret_t retval, char *caller) { - PyObject *error = PyLong_FromUnsignedLong(retval); - _PyKAdminError_raise_exception(_pykadmin_kadm_errors, error, caller); +/* + +void PyKAdminError_raise_error(krb5_error_code code, char *caller) { + PyObject *error = PyLong_FromLong((long)code); + _PyKAdminError_raise_exception(_pykadmin_errors, error, caller); } +void PyKAdminError_raise_error(kadm5_ret_t retval, char *caller) { + PyObject *error = PyLong_FromLong((long)retval); + _PyKAdminError_raise_exception(_pykadmin_errors, error, caller); +} +*/ static int PyKAdminErrors_new_exception(PyObject *module, PyObject *base, PyObject *storage, PyObject *error, char *name, char *cname, char *message) { @@ -158,9 +180,29 @@ static int PyKAdminErrors_new_exception(PyObject *module, PyObject *base, PyObje return result; } +static int _pykadminerror_error_insert(PyObject *module, PyObject *base, krb5_error_code code, char *name, char *message) { + + int result = 0; + char *cname = NULL; + size_t length = strlen(kMODULE_NAME) + strlen(name) + 0xF; + PyObject *error = PyLong_FromLong((long)code); + + if (error) { + + cname = malloc(length); + + if (cname) { + snprintf(cname, length, "%s.%s", kMODULE_NAME, name); + result = PyKAdminErrors_new_exception(module, base, _pykadmin_errors, error, name, cname, message); + free(cname); + } + } + return result; +} -static int PyKAdminError_krb5_insert(PyObject *module, PyObject *base, krb5_error_code code, char *name, char *message) { +/* +static int _pykadminerror_error_insert(PyObject *module, PyObject *base, krb5_error_code code, char *name, char *message) { int result = 0; char *cname = NULL; @@ -182,7 +224,7 @@ static int PyKAdminError_krb5_insert(PyObject *module, PyObject *base, krb5_erro } -static int PyKAdminError_kadm_insert(PyObject *module, PyObject *base, kadm5_ret_t retval, char *name, char *message) { +static int _pykadminerror_error_insert(PyObject *module, PyObject *base, kadm5_ret_t retval, char *name, char *message) { int result = 0; char *cname = NULL; @@ -202,262 +244,261 @@ static int PyKAdminError_kadm_insert(PyObject *module, PyObject *base, kadm5_ret return result; } - - +*/ int PyKAdminError_init_krb5(PyObject *module, PyObject *base) { int result = 0; - _pykadmin_krb5_errors = PyDict_New(); - - if (_pykadmin_krb5_errors) { - - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_NONE, "KDCNoneError", "No error"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_NAME_EXP, "KDCClientExpiredError", "Client's entry in database has expired"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_SERVICE_EXP, "KDCServerExpireError", "Server's entry in database has expired"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_BAD_PVNO, "KDCProtocolVersionError", "Requested protocol version not supported"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_C_OLD_MAST_KVNO, "KDCClientOldMasterKeyError", "Client's key is encrypted in an old master key"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_S_OLD_MAST_KVNO, "KDCServerOldMasterKeyError", "Server's key is encrypted in an old master key"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN, "KDCClientNotFoundError", "Client not found in Kerberos database"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN, "KDCServerNotFoundError", "Server not found in Kerberos database"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE, "KDCPrincipalUniqueError", "Principal has multiple entries in Kerberos database"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_NULL_KEY, "KDCNullKeyError", "Client or server has a null key"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_CANNOT_POSTDATE, "KDCCannotPostdateError", "Ticket is ineligible for postdating"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_NEVER_VALID, "KDCNeverValidError", "Requested effective lifetime is negative or too short"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_POLICY, "KDCPolicyError", "KDC policy rejects request"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_BADOPTION, "KDCOptionError", "KDC can't fulfill requested option"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_ETYPE_NOSUPP, "KDCEncryptionSupportError", "KDC has no support for encryption type"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_SUMTYPE_NOSUPP, "KDCChecksumSupportError", "KDC has no support for checksum type"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_PADATA_TYPE_NOSUPP, "KDCPADataSupportError", "KDC has no support for padata type"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_TRTYPE_NOSUPP, "KDCTypeSupportError", "KDC has no support for transited type"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_CLIENT_REVOKED, "KDCClientRevokedError", "Clients credentials have been revoked"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_SERVICE_REVOKED, "KDCServerRevokedError", "Credentials for server have been revoked"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_TGT_REVOKED, "KDCTGTRevokedError", "TGT has been revoked"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_CLIENT_NOTYET, "KDCClientNotYetValidError", "Client not yet valid - try again later"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_SERVICE_NOTYET, "KDCServerNotYetValidError", "Server not yet valid - try again later"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_KEY_EXP, "KDCPasswordExpiredError", "Password has expired"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_PREAUTH_FAILED, "KDCPreauthFailedError", "Preauthentication failed"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_PREAUTH_REQUIRED, "KDCPreauthRequiredError", "Additional pre-authentication required"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_SERVER_NOMATCH, "KDCServerMatchError", "Requested server and ticket don't match"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_MUST_USE_USER2USER, "KDCRequireUser2UserError", "Server principal valid for user2user only"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_PATH_NOT_ACCEPTED, "KDCPathError", "KDC policy rejects transited path"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_SVC_UNAVAILABLE, "KDCServiceUnavailableError", "A service is not available that is required to process the request"); + //_pykadmin_krb5_errors = PyDict_New(); + + if (_pykadmin_errors) { + + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_NONE, "KDCNoneError", "No error"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_NAME_EXP, "KDCClientExpiredError", "Client's entry in database has expired"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_SERVICE_EXP, "KDCServerExpireError", "Server's entry in database has expired"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_BAD_PVNO, "KDCProtocolVersionError", "Requested protocol version not supported"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_C_OLD_MAST_KVNO, "KDCClientOldMasterKeyError", "Client's key is encrypted in an old master key"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_S_OLD_MAST_KVNO, "KDCServerOldMasterKeyError", "Server's key is encrypted in an old master key"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN, "KDCClientNotFoundError", "Client not found in Kerberos database"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN, "KDCServerNotFoundError", "Server not found in Kerberos database"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE, "KDCPrincipalUniqueError", "Principal has multiple entries in Kerberos database"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_NULL_KEY, "KDCNullKeyError", "Client or server has a null key"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_CANNOT_POSTDATE, "KDCCannotPostdateError", "Ticket is ineligible for postdating"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_NEVER_VALID, "KDCNeverValidError", "Requested effective lifetime is negative or too short"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_POLICY, "KDCPolicyError", "KDC policy rejects request"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_BADOPTION, "KDCOptionError", "KDC can't fulfill requested option"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_ETYPE_NOSUPP, "KDCEncryptionSupportError", "KDC has no support for encryption type"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_SUMTYPE_NOSUPP, "KDCChecksumSupportError", "KDC has no support for checksum type"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_PADATA_TYPE_NOSUPP, "KDCPADataSupportError", "KDC has no support for padata type"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_TRTYPE_NOSUPP, "KDCTypeSupportError", "KDC has no support for transited type"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_CLIENT_REVOKED, "KDCClientRevokedError", "Clients credentials have been revoked"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_SERVICE_REVOKED, "KDCServerRevokedError", "Credentials for server have been revoked"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_TGT_REVOKED, "KDCTGTRevokedError", "TGT has been revoked"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_CLIENT_NOTYET, "KDCClientNotYetValidError", "Client not yet valid - try again later"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_SERVICE_NOTYET, "KDCServerNotYetValidError", "Server not yet valid - try again later"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_KEY_EXP, "KDCPasswordExpiredError", "Password has expired"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_PREAUTH_FAILED, "KDCPreauthFailedError", "Preauthentication failed"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_PREAUTH_REQUIRED, "KDCPreauthRequiredError", "Additional pre-authentication required"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_SERVER_NOMATCH, "KDCServerMatchError", "Requested server and ticket don't match"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_MUST_USE_USER2USER, "KDCRequireUser2UserError", "Server principal valid for user2user only"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_PATH_NOT_ACCEPTED, "KDCPathError", "KDC policy rejects transited path"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_SVC_UNAVAILABLE, "KDCServiceUnavailableError", "A service is not available that is required to process the request"); // think AP stands for authentication or application protocol ? not sure - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_BAD_INTEGRITY, "APIntegrityError", "Decrypt integrity check failed"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_TKT_EXPIRED, "APTicketExpiredError", "Ticket expired"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_TKT_NYV, "APTicketNotYetValidError", "Ticket not yet valid"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_REPEAT, "APReplayError", "Request is a replay"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_NOT_US, "APNotUsError", "The ticket isn't for us"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_BADMATCH, "APMismatchError", "Ticket/authenticator don't match"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_SKEW, "APClockSkewError", "Clock skew too great"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_BADADDR, "APAddressAPError", "Incorrect net address"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_BADVERSION, "APVersionError", "Protocol version mismatch"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_MSG_TYPE, "APMessageTypeError", "Invalid message type"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_MODIFIED, "APMessageModifiedError", "Message stream modified"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_BADORDER, "APMessageOrderError", "Message out of order"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_ILL_CR_TKT, "APCrossRealmTicketError", "Illegal cross-realm ticket"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_BADKEYVER, "APKeyVersionError", "Key version is not available"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_NOKEY, "APNoKeyError", "Service key not available"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_MUT_FAIL, "APMutualAuthError", "Mutual authentication failed"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_BADDIRECTION, "APMessageDirectionError", "Incorrect message direction"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_METHOD, "APMethodError", "Alternative authentication method required"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_BADSEQ, "APSequenceError", "Incorrect sequence number in message"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_INAPP_CKSUM, "APChecksumError", "Inappropriate type of checksum in message"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_PATH_NOT_ACCEPTED, "APPathError", "Policy rejects transited path"); - - PyKAdminError_krb5_insert(module, base, KRB5KRB_ERR_RESPONSE_TOO_BIG, "ResponseTooBigError", "Response too big for UDP, retry with TCP"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_ERR_GENERIC, "GenericError", "Generic error (see e-text)"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_ERR_FIELD_TOOLONG, "FieldTooLongError", "Field is too long for this implementation"); - - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_CLIENT_NOT_TRUSTED, "KDCClientNotTrustedError", "Client not trusted"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_KDC_NOT_TRUSTED, "KDCNotTrustedError", "KDC not trusted"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_INVALID_SIG, "KDCInvalidSignatureError", "Invalid signature"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED, "KDCKeyParamsError", "Key parameters not accepted"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_CERTIFICATE_MISMATCH, "KDCCertMismatchError", "Certificate mismatch"); - - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_NO_TGT, "APNoTGTError", "No ticket granting ticket"); - - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_WRONG_REALM, "KDCWrongRealmError", "Realm not local to KDC"); - - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_USER_TO_USER_REQUIRED, "APRequireUser2UserError", "User to user required"); - - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_CANT_VERIFY_CERTIFICATE, "KDCCertVerifyError", "Can't verify certificate"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_INVALID_CERTIFICATE, "KDCCertInvalidError", "Invalid certificate"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_REVOKED_CERTIFICATE, "KDCCertRevokedError", "Revoked certificate"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_REVOCATION_STATUS_UNKNOWN, "KDCRevokeUnknownError", "Revocation status unknown"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_REVOCATION_STATUS_UNAVAILABLE, "KDCRevokeUnavailabeError", "Revocation status unavailable"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_CLIENT_NAME_MISMATCH, "KDCClientNameMismatchError", "Client name mismatch"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_KDC_NAME_MISMATCH, "KDCNameMismatchError", "KDC name mismatch"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_INCONSISTENT_KEY_PURPOSE, "KDCInconsistentKeyPurposeError", "Inconsistent key purpose"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED, "KDCCertDigestError", "Digest in certificate not accepted"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED, "KDCChecksumMissingError", "Checksum must be included"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED, "KDCSignedDataDigestError", "Digest in signed-data not accepted"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED, "KDCPublicKeyEncryptionError", "Public key encryption not supported"); - - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_IAKERB_KDC_NOT_FOUND, "APIAKERBNotFoundError", "The IAKERB proxy could not find a KDC"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_IAKERB_KDC_NO_RESPONSE, "APIAKERBNoResponseError", "The KDC did not respond to the IAKERB proxy"); - - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTION, "KDCUnsupportedFASTOptionError", "An unsupported critical FAST option was requested"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_NO_ACCEPTABLE_KDF, "KDCNoAcceptableKDFError", "No acceptable KDF offered"); - - PyKAdminError_krb5_insert(module, base, KRB5_ERR_RCSID, "RCSIDError", "$Id$"); - - PyKAdminError_krb5_insert(module, base, KRB5_LIBOS_BADLOCKFLAG, "Error", "Invalid flag for file lock mode"); - PyKAdminError_krb5_insert(module, base, KRB5_LIBOS_CANTREADPWD, "Error", "Cannot read password"); - PyKAdminError_krb5_insert(module, base, KRB5_LIBOS_BADPWDMATCH, "Error", "Password mismatch"); - PyKAdminError_krb5_insert(module, base, KRB5_LIBOS_PWDINTR, "Error", "Password read interrupted"); - - PyKAdminError_krb5_insert(module, base, KRB5_PARSE_ILLCHAR, "ParseIllegalCharacterError", "Illegal character in component name"); - PyKAdminError_krb5_insert(module, base, KRB5_PARSE_MALFORMED, "ParseMalformedError", "Malformed representation of principal"); - - PyKAdminError_krb5_insert(module, base, KRB5_CONFIG_CANTOPEN, "ConifgCantOpenError", "Can't open/find Kerberos configuration file"); - PyKAdminError_krb5_insert(module, base, KRB5_CONFIG_BADFORMAT, "ConifgFormatError", "Improper format of Kerberos configuration file"); - PyKAdminError_krb5_insert(module, base, KRB5_CONFIG_NOTENUFSPACE, "ConifgSpaceError", "Insufficient space to return complete information"); - - PyKAdminError_krb5_insert(module, base, KRB5_BADMSGTYPE, "MessageTypeError", "Invalid message type specified for encoding"); - - PyKAdminError_krb5_insert(module, base, KRB5_CC_BADNAME, "CCBadNameError", "Credential cache name malformed"); - PyKAdminError_krb5_insert(module, base, KRB5_CC_UNKNOWN_TYPE, "CCUnknownTypeError", "Unknown credential cache type" ); - PyKAdminError_krb5_insert(module, base, KRB5_CC_NOTFOUND, "CCNotFoundError", "Matching credential not found"); - PyKAdminError_krb5_insert(module, base, KRB5_CC_END, "CCEndError", "End of credential cache reached"); - - PyKAdminError_krb5_insert(module, base, KRB5_NO_TKT_SUPPLIED, "NoTicketError", "Request did not supply a ticket"); - - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_WRONG_PRINC, "APWrongPrincipalError", "Wrong principal in request"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_TKT_INVALID, "APTicketFlagError", "Ticket has invalid flag set"); - - PyKAdminError_krb5_insert(module, base, KRB5_PRINC_NOMATCH, "PrincipalMismatchError", "Requested principal and ticket don't match"); - PyKAdminError_krb5_insert(module, base, KRB5_KDCREP_MODIFIED, "KDCReplyModifiedError", "KDC reply did not match expectations"); - PyKAdminError_krb5_insert(module, base, KRB5_KDCREP_SKEW, "KDCReplyClockSkewError", "Clock skew too great in KDC reply"); - PyKAdminError_krb5_insert(module, base, KRB5_IN_TKT_REALM_MISMATCH, "TicketRealmMismatchError", "Client/server realm mismatch in initial ticket request"); - PyKAdminError_krb5_insert(module, base, KRB5_PROG_ETYPE_NOSUPP, "EncryptionSupportError", "Program lacks support for encryption type"); - PyKAdminError_krb5_insert(module, base, KRB5_PROG_KEYTYPE_NOSUPP, "KeyTypeSupportError", "Program lacks support for key type"); - PyKAdminError_krb5_insert(module, base, KRB5_WRONG_ETYPE, "EncryptionTypeError", "Requested encryption type not used in message"); - PyKAdminError_krb5_insert(module, base, KRB5_PROG_SUMTYPE_NOSUPP, "ProgamChecksumSupportError", "Program lacks support for checksum type"); - PyKAdminError_krb5_insert(module, base, KRB5_REALM_UNKNOWN, "RealmUnknownError", "Cannot find KDC for requested realm"); - PyKAdminError_krb5_insert(module, base, KRB5_SERVICE_UNKNOWN, "ServiceUnknownError", "Kerberos service unknown"); - PyKAdminError_krb5_insert(module, base, KRB5_KDC_UNREACH, "ContactKDCError", "Cannot contact any KDC for requested realm"); - PyKAdminError_krb5_insert(module, base, KRB5_NO_LOCALNAME, "LocalNameError", "No local name found for principal name"); - PyKAdminError_krb5_insert(module, base, KRB5_MUTUAL_FAILED, "MutualAuthError", "Mutual authentication failed"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_BAD_INTEGRITY, "APIntegrityError", "Decrypt integrity check failed"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_TKT_EXPIRED, "APTicketExpiredError", "Ticket expired"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_TKT_NYV, "APTicketNotYetValidError", "Ticket not yet valid"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_REPEAT, "APReplayError", "Request is a replay"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_NOT_US, "APNotUsError", "The ticket isn't for us"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_BADMATCH, "APMismatchError", "Ticket/authenticator don't match"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_SKEW, "APClockSkewError", "Clock skew too great"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_BADADDR, "APAddressAPError", "Incorrect net address"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_BADVERSION, "APVersionError", "Protocol version mismatch"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_MSG_TYPE, "APMessageTypeError", "Invalid message type"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_MODIFIED, "APMessageModifiedError", "Message stream modified"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_BADORDER, "APMessageOrderError", "Message out of order"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_ILL_CR_TKT, "APCrossRealmTicketError", "Illegal cross-realm ticket"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_BADKEYVER, "APKeyVersionError", "Key version is not available"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_NOKEY, "APNoKeyError", "Service key not available"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_MUT_FAIL, "APMutualAuthError", "Mutual authentication failed"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_BADDIRECTION, "APMessageDirectionError", "Incorrect message direction"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_METHOD, "APMethodError", "Alternative authentication method required"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_BADSEQ, "APSequenceError", "Incorrect sequence number in message"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_INAPP_CKSUM, "APChecksumError", "Inappropriate type of checksum in message"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_PATH_NOT_ACCEPTED, "APPathError", "Policy rejects transited path"); + + _pykadminerror_error_insert(module, base, KRB5KRB_ERR_RESPONSE_TOO_BIG, "ResponseTooBigError", "Response too big for UDP, retry with TCP"); + _pykadminerror_error_insert(module, base, KRB5KRB_ERR_GENERIC, "GenericError", "Generic error (see e-text)"); + _pykadminerror_error_insert(module, base, KRB5KRB_ERR_FIELD_TOOLONG, "FieldTooLongError", "Field is too long for this implementation"); + + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_CLIENT_NOT_TRUSTED, "KDCClientNotTrustedError", "Client not trusted"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_KDC_NOT_TRUSTED, "KDCNotTrustedError", "KDC not trusted"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_INVALID_SIG, "KDCInvalidSignatureError", "Invalid signature"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED, "KDCKeyParamsError", "Key parameters not accepted"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_CERTIFICATE_MISMATCH, "KDCCertMismatchError", "Certificate mismatch"); + + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_NO_TGT, "APNoTGTError", "No ticket granting ticket"); + + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_WRONG_REALM, "KDCWrongRealmError", "Realm not local to KDC"); + + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_USER_TO_USER_REQUIRED, "APRequireUser2UserError", "User to user required"); + + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_CANT_VERIFY_CERTIFICATE, "KDCCertVerifyError", "Can't verify certificate"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_INVALID_CERTIFICATE, "KDCCertInvalidError", "Invalid certificate"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_REVOKED_CERTIFICATE, "KDCCertRevokedError", "Revoked certificate"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_REVOCATION_STATUS_UNKNOWN, "KDCRevokeUnknownError", "Revocation status unknown"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_REVOCATION_STATUS_UNAVAILABLE, "KDCRevokeUnavailabeError", "Revocation status unavailable"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_CLIENT_NAME_MISMATCH, "KDCClientNameMismatchError", "Client name mismatch"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_KDC_NAME_MISMATCH, "KDCNameMismatchError", "KDC name mismatch"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_INCONSISTENT_KEY_PURPOSE, "KDCInconsistentKeyPurposeError", "Inconsistent key purpose"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED, "KDCCertDigestError", "Digest in certificate not accepted"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED, "KDCChecksumMissingError", "Checksum must be included"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED, "KDCSignedDataDigestError", "Digest in signed-data not accepted"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED, "KDCPublicKeyEncryptionError", "Public key encryption not supported"); + + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_IAKERB_KDC_NOT_FOUND, "APIAKERBNotFoundError", "The IAKERB proxy could not find a KDC"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_IAKERB_KDC_NO_RESPONSE, "APIAKERBNoResponseError", "The KDC did not respond to the IAKERB proxy"); + + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTION, "KDCUnsupportedFASTOptionError", "An unsupported critical FAST option was requested"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_NO_ACCEPTABLE_KDF, "KDCNoAcceptableKDFError", "No acceptable KDF offered"); + + _pykadminerror_error_insert(module, base, KRB5_ERR_RCSID, "RCSIDError", "$Id$"); + + _pykadminerror_error_insert(module, base, KRB5_LIBOS_BADLOCKFLAG, "Error", "Invalid flag for file lock mode"); + _pykadminerror_error_insert(module, base, KRB5_LIBOS_CANTREADPWD, "Error", "Cannot read password"); + _pykadminerror_error_insert(module, base, KRB5_LIBOS_BADPWDMATCH, "Error", "Password mismatch"); + _pykadminerror_error_insert(module, base, KRB5_LIBOS_PWDINTR, "Error", "Password read interrupted"); + + _pykadminerror_error_insert(module, base, KRB5_PARSE_ILLCHAR, "ParseIllegalCharacterError", "Illegal character in component name"); + _pykadminerror_error_insert(module, base, KRB5_PARSE_MALFORMED, "ParseMalformedError", "Malformed representation of principal"); + + _pykadminerror_error_insert(module, base, KRB5_CONFIG_CANTOPEN, "ConifgCantOpenError", "Can't open/find Kerberos configuration file"); + _pykadminerror_error_insert(module, base, KRB5_CONFIG_BADFORMAT, "ConifgFormatError", "Improper format of Kerberos configuration file"); + _pykadminerror_error_insert(module, base, KRB5_CONFIG_NOTENUFSPACE, "ConifgSpaceError", "Insufficient space to return complete information"); + + _pykadminerror_error_insert(module, base, KRB5_BADMSGTYPE, "MessageTypeError", "Invalid message type specified for encoding"); + + _pykadminerror_error_insert(module, base, KRB5_CC_BADNAME, "CCBadNameError", "Credential cache name malformed"); + _pykadminerror_error_insert(module, base, KRB5_CC_UNKNOWN_TYPE, "CCUnknownTypeError", "Unknown credential cache type" ); + _pykadminerror_error_insert(module, base, KRB5_CC_NOTFOUND, "CCNotFoundError", "Matching credential not found"); + _pykadminerror_error_insert(module, base, KRB5_CC_END, "CCEndError", "End of credential cache reached"); + + _pykadminerror_error_insert(module, base, KRB5_NO_TKT_SUPPLIED, "NoTicketError", "Request did not supply a ticket"); + + _pykadminerror_error_insert(module, base, KRB5KRB_AP_WRONG_PRINC, "APWrongPrincipalError", "Wrong principal in request"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_TKT_INVALID, "APTicketFlagError", "Ticket has invalid flag set"); + + _pykadminerror_error_insert(module, base, KRB5_PRINC_NOMATCH, "PrincipalMismatchError", "Requested principal and ticket don't match"); + _pykadminerror_error_insert(module, base, KRB5_KDCREP_MODIFIED, "KDCReplyModifiedError", "KDC reply did not match expectations"); + _pykadminerror_error_insert(module, base, KRB5_KDCREP_SKEW, "KDCReplyClockSkewError", "Clock skew too great in KDC reply"); + _pykadminerror_error_insert(module, base, KRB5_IN_TKT_REALM_MISMATCH, "TicketRealmMismatchError", "Client/server realm mismatch in initial ticket request"); + _pykadminerror_error_insert(module, base, KRB5_PROG_ETYPE_NOSUPP, "EncryptionSupportError", "Program lacks support for encryption type"); + _pykadminerror_error_insert(module, base, KRB5_PROG_KEYTYPE_NOSUPP, "KeyTypeSupportError", "Program lacks support for key type"); + _pykadminerror_error_insert(module, base, KRB5_WRONG_ETYPE, "EncryptionTypeError", "Requested encryption type not used in message"); + _pykadminerror_error_insert(module, base, KRB5_PROG_SUMTYPE_NOSUPP, "ProgamChecksumSupportError", "Program lacks support for checksum type"); + _pykadminerror_error_insert(module, base, KRB5_REALM_UNKNOWN, "RealmUnknownError", "Cannot find KDC for requested realm"); + _pykadminerror_error_insert(module, base, KRB5_SERVICE_UNKNOWN, "ServiceUnknownError", "Kerberos service unknown"); + _pykadminerror_error_insert(module, base, KRB5_KDC_UNREACH, "ContactKDCError", "Cannot contact any KDC for requested realm"); + _pykadminerror_error_insert(module, base, KRB5_NO_LOCALNAME, "LocalNameError", "No local name found for principal name"); + _pykadminerror_error_insert(module, base, KRB5_MUTUAL_FAILED, "MutualAuthError", "Mutual authentication failed"); // Reply Cache [RC] & RC Input Output [IO] Errors - PyKAdminError_krb5_insert(module, base, KRB5_RC_TYPE_EXISTS, "RCTypeExistsError", "Replay cache type is already registered"); - PyKAdminError_krb5_insert(module, base, KRB5_RC_MALLOC, "RCMallocError", "No more memory to allocate (in replay cache code)"); - PyKAdminError_krb5_insert(module, base, KRB5_RC_TYPE_NOTFOUND, "RCTypeUnknownError", "Replay cache type is unknown"); - PyKAdminError_krb5_insert(module, base, KRB5_RC_UNKNOWN, "RCGenericError", "Generic unknown RC error"); - PyKAdminError_krb5_insert(module, base, KRB5_RC_REPLAY, "RCReplayError", "Message is a replay"); - PyKAdminError_krb5_insert(module, base, KRB5_RC_IO, "RCIOError", "Replay cache I/O operation failed"); - PyKAdminError_krb5_insert(module, base, KRB5_RC_NOIO, "RCNoIOError", "Replay cache type does not support non-volatile storage"); - PyKAdminError_krb5_insert(module, base, KRB5_RC_PARSE, "RCParseError", "Replay cache name parse/format error"); - PyKAdminError_krb5_insert(module, base, KRB5_RC_IO_EOF, "RCIOEOFError", "End-of-file on replay cache I/O"); - PyKAdminError_krb5_insert(module, base, KRB5_RC_IO_MALLOC, "RCIOMallocError", "No more memory to allocate (in replay cache I/O code)"); - PyKAdminError_krb5_insert(module, base, KRB5_RC_IO_PERM, "RCIOPermissionError", "Permission denied in replay cache code"); - PyKAdminError_krb5_insert(module, base, KRB5_RC_IO_IO, "RCIOIOError", "I/O error in replay cache i/o code"); - PyKAdminError_krb5_insert(module, base, KRB5_RC_IO_UNKNOWN, "RCIOGenericError", "Generic unknown RC/IO error"); - PyKAdminError_krb5_insert(module, base, KRB5_RC_IO_SPACE, "RCIOSpaceError", "Insufficient system space to store replay information"); - - PyKAdminError_krb5_insert(module, base, KRB5_TRANS_CANTOPEN, "TranslationCantOpenError", "Can't open/find realm translation file"); - PyKAdminError_krb5_insert(module, base, KRB5_TRANS_BADFORMAT, "TranslationFormatError", "Improper format of realm translation file"); - - PyKAdminError_krb5_insert(module, base, KRB5_LNAME_CANTOPEN, "LNameCantOpenError", "Can't open/find lname translation database"); - PyKAdminError_krb5_insert(module, base, KRB5_LNAME_NOTRANS, "LNameNoTranslationError", "No translation available for requested principal"); - PyKAdminError_krb5_insert(module, base, KRB5_LNAME_BADFORMAT, "LNameFormatError", "Improper format of translation database entry"); - - PyKAdminError_krb5_insert(module, base, KRB5_CRYPTO_INTERNAL, "CryptoInternalError", "Cryptosystem internal error"); - PyKAdminError_krb5_insert(module, base, KRB5_KT_BADNAME, "KTNameError", "Key table name malformed"); - PyKAdminError_krb5_insert(module, base, KRB5_KT_UNKNOWN_TYPE, "KTTypeUnknownError", "Unknown Key table type" ); - PyKAdminError_krb5_insert(module, base, KRB5_KT_NOTFOUND, "KTNotFoundError", "Key table entry not found"); - PyKAdminError_krb5_insert(module, base, KRB5_KT_END, "KTEndError", "End of key table reached"); - PyKAdminError_krb5_insert(module, base, KRB5_KT_NOWRITE, "KTNoWriteError", "Cannot write to specified key table"); - PyKAdminError_krb5_insert(module, base, KRB5_KT_IOERR, "KTIOError", "Error writing to key table"); - - PyKAdminError_krb5_insert(module, base, KRB5_NO_TKT_IN_RLM, "TicketNotInRealmError", "Cannot find ticket for requested realm"); - - PyKAdminError_krb5_insert(module, base, KRB5DES_BAD_KEYPAR, "DESKeyParityError", "DES key has bad parity"); - PyKAdminError_krb5_insert(module, base, KRB5DES_WEAK_KEY, "DESKeyWeakError", "DES key is a weak key"); - - PyKAdminError_krb5_insert(module, base, KRB5_BAD_ENCTYPE, "EncryptionTypeError", "Bad encryption type"); - PyKAdminError_krb5_insert(module, base, KRB5_BAD_KEYSIZE, "KeySizeError", "Key size is incompatible with encryption type"); - PyKAdminError_krb5_insert(module, base, KRB5_BAD_MSIZE, "MessageSizeError", "Message size is incompatible with encryption type"); + _pykadminerror_error_insert(module, base, KRB5_RC_TYPE_EXISTS, "RCTypeExistsError", "Replay cache type is already registered"); + _pykadminerror_error_insert(module, base, KRB5_RC_MALLOC, "RCMallocError", "No more memory to allocate (in replay cache code)"); + _pykadminerror_error_insert(module, base, KRB5_RC_TYPE_NOTFOUND, "RCTypeUnknownError", "Replay cache type is unknown"); + _pykadminerror_error_insert(module, base, KRB5_RC_UNKNOWN, "RCGenericError", "Generic unknown RC error"); + _pykadminerror_error_insert(module, base, KRB5_RC_REPLAY, "RCReplayError", "Message is a replay"); + _pykadminerror_error_insert(module, base, KRB5_RC_IO, "RCIOError", "Replay cache I/O operation failed"); + _pykadminerror_error_insert(module, base, KRB5_RC_NOIO, "RCNoIOError", "Replay cache type does not support non-volatile storage"); + _pykadminerror_error_insert(module, base, KRB5_RC_PARSE, "RCParseError", "Replay cache name parse/format error"); + _pykadminerror_error_insert(module, base, KRB5_RC_IO_EOF, "RCIOEOFError", "End-of-file on replay cache I/O"); + _pykadminerror_error_insert(module, base, KRB5_RC_IO_MALLOC, "RCIOMallocError", "No more memory to allocate (in replay cache I/O code)"); + _pykadminerror_error_insert(module, base, KRB5_RC_IO_PERM, "RCIOPermissionError", "Permission denied in replay cache code"); + _pykadminerror_error_insert(module, base, KRB5_RC_IO_IO, "RCIOIOError", "I/O error in replay cache i/o code"); + _pykadminerror_error_insert(module, base, KRB5_RC_IO_UNKNOWN, "RCIOGenericError", "Generic unknown RC/IO error"); + _pykadminerror_error_insert(module, base, KRB5_RC_IO_SPACE, "RCIOSpaceError", "Insufficient system space to store replay information"); + + _pykadminerror_error_insert(module, base, KRB5_TRANS_CANTOPEN, "TranslationCantOpenError", "Can't open/find realm translation file"); + _pykadminerror_error_insert(module, base, KRB5_TRANS_BADFORMAT, "TranslationFormatError", "Improper format of realm translation file"); + + _pykadminerror_error_insert(module, base, KRB5_LNAME_CANTOPEN, "LNameCantOpenError", "Can't open/find lname translation database"); + _pykadminerror_error_insert(module, base, KRB5_LNAME_NOTRANS, "LNameNoTranslationError", "No translation available for requested principal"); + _pykadminerror_error_insert(module, base, KRB5_LNAME_BADFORMAT, "LNameFormatError", "Improper format of translation database entry"); + + _pykadminerror_error_insert(module, base, KRB5_CRYPTO_INTERNAL, "CryptoInternalError", "Cryptosystem internal error"); + _pykadminerror_error_insert(module, base, KRB5_KT_BADNAME, "KTNameError", "Key table name malformed"); + _pykadminerror_error_insert(module, base, KRB5_KT_UNKNOWN_TYPE, "KTTypeUnknownError", "Unknown Key table type" ); + _pykadminerror_error_insert(module, base, KRB5_KT_NOTFOUND, "KTNotFoundError", "Key table entry not found"); + _pykadminerror_error_insert(module, base, KRB5_KT_END, "KTEndError", "End of key table reached"); + _pykadminerror_error_insert(module, base, KRB5_KT_NOWRITE, "KTNoWriteError", "Cannot write to specified key table"); + _pykadminerror_error_insert(module, base, KRB5_KT_IOERR, "KTIOError", "Error writing to key table"); + + _pykadminerror_error_insert(module, base, KRB5_NO_TKT_IN_RLM, "TicketNotInRealmError", "Cannot find ticket for requested realm"); + + _pykadminerror_error_insert(module, base, KRB5DES_BAD_KEYPAR, "DESKeyParityError", "DES key has bad parity"); + _pykadminerror_error_insert(module, base, KRB5DES_WEAK_KEY, "DESKeyWeakError", "DES key is a weak key"); + + _pykadminerror_error_insert(module, base, KRB5_BAD_ENCTYPE, "EncryptionTypeError", "Bad encryption type"); + _pykadminerror_error_insert(module, base, KRB5_BAD_KEYSIZE, "KeySizeError", "Key size is incompatible with encryption type"); + _pykadminerror_error_insert(module, base, KRB5_BAD_MSIZE, "MessageSizeError", "Message size is incompatible with encryption type"); - PyKAdminError_krb5_insert(module, base, KRB5_CC_TYPE_EXISTS, "CCTypeExistsError", "Credentials cache type is already registered."); - PyKAdminError_krb5_insert(module, base, KRB5_KT_TYPE_EXISTS, "KTTypeExistsError", "Key table type is already registered."); - - PyKAdminError_krb5_insert(module, base, KRB5_CC_IO, "CCIOError", "Credentials cache I/O operation failed XXX"); - PyKAdminError_krb5_insert(module, base, KRB5_FCC_PERM, "CCPermissionsError", "Credentials cache permissions incorrect"); - PyKAdminError_krb5_insert(module, base, KRB5_FCC_NOFILE, "CCNotFoundError", "No credentials cache found"); - PyKAdminError_krb5_insert(module, base, KRB5_FCC_INTERNAL, "CCInternalError", "Internal credentials cache error"); - PyKAdminError_krb5_insert(module, base, KRB5_CC_WRITE, "CCWriteError", "Error writing to credentials cache"); - PyKAdminError_krb5_insert(module, base, KRB5_CC_NOMEM, "CCMemoryError", "No more memory to allocate (in credentials cache code)"); - PyKAdminError_krb5_insert(module, base, KRB5_CC_FORMAT, "CCFormatError", "Bad format in credentials cache"); - PyKAdminError_krb5_insert(module, base, KRB5_CC_NOT_KTYPE, "CCEncryptionTypeError", "No credentials found with supported encryption types"); - - PyKAdminError_krb5_insert(module, base, KRB5_INVALID_FLAGS, "InvalidFlagsError", "Invalid KDC option combination (library internal error)"); - PyKAdminError_krb5_insert(module, base, KRB5_NO_2ND_TKT, "SecondTicketError", "Request missing second ticket"); - PyKAdminError_krb5_insert(module, base, KRB5_NOCREDS_SUPPLIED, "NoCredentialsSuppliedError", "No credentials supplied to library routine"); - PyKAdminError_krb5_insert(module, base, KRB5_SENDAUTH_BADAUTHVERS, "SendAuthVersionError", "Bad sendauth version was sent"); - PyKAdminError_krb5_insert(module, base, KRB5_SENDAUTH_BADAPPLVERS, "SendAuthApplicationVersionError", "Bad application version was sent (via sendauth)"); - PyKAdminError_krb5_insert(module, base, KRB5_SENDAUTH_BADRESPONSE, "SendAuthResponseError", "Bad response (during sendauth exchange)"); - PyKAdminError_krb5_insert(module, base, KRB5_SENDAUTH_REJECTED, "SendAuthRejectedError", "Server rejected authentication (during sendauth exchange)"); - PyKAdminError_krb5_insert(module, base, KRB5_PREAUTH_BAD_TYPE, "PreauthTypeError", "Unsupported preauthentication type"); - PyKAdminError_krb5_insert(module, base, KRB5_PREAUTH_NO_KEY, "PreauthKeyError", "Required preauthentication key not supplied"); - PyKAdminError_krb5_insert(module, base, KRB5_PREAUTH_FAILED, "PreauthGenericError", "Generic preauthentication failure"); + _pykadminerror_error_insert(module, base, KRB5_CC_TYPE_EXISTS, "CCTypeExistsError", "Credentials cache type is already registered."); + _pykadminerror_error_insert(module, base, KRB5_KT_TYPE_EXISTS, "KTTypeExistsError", "Key table type is already registered."); + + _pykadminerror_error_insert(module, base, KRB5_CC_IO, "CCIOError", "Credentials cache I/O operation failed XXX"); + _pykadminerror_error_insert(module, base, KRB5_FCC_PERM, "CCPermissionsError", "Credentials cache permissions incorrect"); + _pykadminerror_error_insert(module, base, KRB5_FCC_NOFILE, "CCNotFoundError", "No credentials cache found"); + _pykadminerror_error_insert(module, base, KRB5_FCC_INTERNAL, "CCInternalError", "Internal credentials cache error"); + _pykadminerror_error_insert(module, base, KRB5_CC_WRITE, "CCWriteError", "Error writing to credentials cache"); + _pykadminerror_error_insert(module, base, KRB5_CC_NOMEM, "CCMemoryError", "No more memory to allocate (in credentials cache code)"); + _pykadminerror_error_insert(module, base, KRB5_CC_FORMAT, "CCFormatError", "Bad format in credentials cache"); + _pykadminerror_error_insert(module, base, KRB5_CC_NOT_KTYPE, "CCEncryptionTypeError", "No credentials found with supported encryption types"); + + _pykadminerror_error_insert(module, base, KRB5_INVALID_FLAGS, "InvalidFlagsError", "Invalid KDC option combination (library internal error)"); + _pykadminerror_error_insert(module, base, KRB5_NO_2ND_TKT, "SecondTicketError", "Request missing second ticket"); + _pykadminerror_error_insert(module, base, KRB5_NOCREDS_SUPPLIED, "NoCredentialsSuppliedError", "No credentials supplied to library routine"); + _pykadminerror_error_insert(module, base, KRB5_SENDAUTH_BADAUTHVERS, "SendAuthVersionError", "Bad sendauth version was sent"); + _pykadminerror_error_insert(module, base, KRB5_SENDAUTH_BADAPPLVERS, "SendAuthApplicationVersionError", "Bad application version was sent (via sendauth)"); + _pykadminerror_error_insert(module, base, KRB5_SENDAUTH_BADRESPONSE, "SendAuthResponseError", "Bad response (during sendauth exchange)"); + _pykadminerror_error_insert(module, base, KRB5_SENDAUTH_REJECTED, "SendAuthRejectedError", "Server rejected authentication (during sendauth exchange)"); + _pykadminerror_error_insert(module, base, KRB5_PREAUTH_BAD_TYPE, "PreauthTypeError", "Unsupported preauthentication type"); + _pykadminerror_error_insert(module, base, KRB5_PREAUTH_NO_KEY, "PreauthKeyError", "Required preauthentication key not supplied"); + _pykadminerror_error_insert(module, base, KRB5_PREAUTH_FAILED, "PreauthGenericError", "Generic preauthentication failure"); - PyKAdminError_krb5_insert(module, base, KRB5_RCACHE_BADVNO, "RCVserionNumberError", "Unsupported replay cache format version number"); - PyKAdminError_krb5_insert(module, base, KRB5_CCACHE_BADVNO, "CCVserionNumberError", "Unsupported credentials cache format version number"); - PyKAdminError_krb5_insert(module, base, KRB5_KEYTAB_BADVNO, "KTVersionNumberError", "Unsupported key table format version number"); + _pykadminerror_error_insert(module, base, KRB5_RCACHE_BADVNO, "RCVserionNumberError", "Unsupported replay cache format version number"); + _pykadminerror_error_insert(module, base, KRB5_CCACHE_BADVNO, "CCVserionNumberError", "Unsupported credentials cache format version number"); + _pykadminerror_error_insert(module, base, KRB5_KEYTAB_BADVNO, "KTVersionNumberError", "Unsupported key table format version number"); - PyKAdminError_krb5_insert(module, base, KRB5_PROG_ATYPE_NOSUPP, "ProgramAddressTypeError", "Program lacks support for address type"); + _pykadminerror_error_insert(module, base, KRB5_PROG_ATYPE_NOSUPP, "ProgramAddressTypeError", "Program lacks support for address type"); - PyKAdminError_krb5_insert(module, base, KRB5_RC_REQUIRED, "RCRequiredError", "Message replay detection requires rcache parameter"); + _pykadminerror_error_insert(module, base, KRB5_RC_REQUIRED, "RCRequiredError", "Message replay detection requires rcache parameter"); - PyKAdminError_krb5_insert(module, base, KRB5_ERR_BAD_HOSTNAME, "HostnameError", "Hostname cannot be canonicalized"); - PyKAdminError_krb5_insert(module, base, KRB5_ERR_HOST_REALM_UNKNOWN, "HostRealmUnknownError", "Cannot determine realm for host"); - PyKAdminError_krb5_insert(module, base, KRB5_SNAME_UNSUPP_NAMETYPE, "ServiceNameUnsupportedError", "Conversion to service principal undefined for name type"); + _pykadminerror_error_insert(module, base, KRB5_ERR_BAD_HOSTNAME, "HostnameError", "Hostname cannot be canonicalized"); + _pykadminerror_error_insert(module, base, KRB5_ERR_HOST_REALM_UNKNOWN, "HostRealmUnknownError", "Cannot determine realm for host"); + _pykadminerror_error_insert(module, base, KRB5_SNAME_UNSUPP_NAMETYPE, "ServiceNameUnsupportedError", "Conversion to service principal undefined for name type"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_V4_REPLY, "APV4ReplyError", "Initial Ticket response appears to be Version 4 error"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_V4_REPLY, "APV4ReplyError", "Initial Ticket response appears to be Version 4 error"); - PyKAdminError_krb5_insert(module, base, KRB5_REALM_CANT_RESOLVE, "RealmResolveError", "Cannot resolve network address for KDC in requested realm"); - PyKAdminError_krb5_insert(module, base, KRB5_TKT_NOT_FORWARDABLE, "TicketNotForwardableError", "Requesting ticket can't get forwardable tickets"); - PyKAdminError_krb5_insert(module, base, KRB5_FWD_BAD_PRINCIPAL, "ForwardPrincipalError", "Bad principal name while trying to forward credentials"); - PyKAdminError_krb5_insert(module, base, KRB5_GET_IN_TKT_LOOP, "GetTGTLoopError", "Looping detected inside krb5_get_in_tkt"); - PyKAdminError_krb5_insert(module, base, KRB5_CONFIG_NODEFREALM, "ConfigNoDefaultRealmError", "Configuration file does not specify default realm"); - PyKAdminError_krb5_insert(module, base, KRB5_SAM_UNSUPPORTED, "SAMUnsupportedError", "Bad SAM flags in obtain_sam_padata"); - PyKAdminError_krb5_insert(module, base, KRB5_SAM_INVALID_ETYPE, "SAMInvalidEncryptionTypeError", "Invalid encryption type in SAM challenge"); - PyKAdminError_krb5_insert(module, base, KRB5_SAM_NO_CHECKSUM, "SAMNoChecksumError", "Missing checksum in SAM challenge"); - PyKAdminError_krb5_insert(module, base, KRB5_SAM_BAD_CHECKSUM, "SAMChecksumError", "Bad checksum in SAM challenge"); - PyKAdminError_krb5_insert(module, base, KRB5_KT_NAME_TOOLONG, "KTNameTooLongError", "Keytab name too long"); - PyKAdminError_krb5_insert(module, base, KRB5_KT_KVNONOTFOUND, "KTKVNOError", "Key version number for principal in key table is incorrect"); - PyKAdminError_krb5_insert(module, base, KRB5_APPL_EXPIRED, "ApplicationExpiredError", "This application has expired"); - PyKAdminError_krb5_insert(module, base, KRB5_LIB_EXPIRED, "LibraryExpiredError", "This Krb5 library has expired"); - PyKAdminError_krb5_insert(module, base, KRB5_CHPW_PWDNULL, "NullPasswordError", "New password cannot be zero length"); - PyKAdminError_krb5_insert(module, base, KRB5_CHPW_FAIL, "PasswordChangeError", "Password change failed"); - PyKAdminError_krb5_insert(module, base, KRB5_KT_FORMAT, "KTFormatError", "Bad format in keytab"); - PyKAdminError_krb5_insert(module, base, KRB5_NOPERM_ETYPE, "EncryptionTypeError", "Encryption type not permitted"); - PyKAdminError_krb5_insert(module, base, KRB5_CONFIG_ETYPE_NOSUPP, "ConfigEncryptionTypeError", "No supported encryption types (config file error?)"); - PyKAdminError_krb5_insert(module, base, KRB5_OBSOLETE_FN, "ObsoleteFunctionError", "Program called an obsolete, deleted function"); + _pykadminerror_error_insert(module, base, KRB5_REALM_CANT_RESOLVE, "RealmResolveError", "Cannot resolve network address for KDC in requested realm"); + _pykadminerror_error_insert(module, base, KRB5_TKT_NOT_FORWARDABLE, "TicketNotForwardableError", "Requesting ticket can't get forwardable tickets"); + _pykadminerror_error_insert(module, base, KRB5_FWD_BAD_PRINCIPAL, "ForwardPrincipalError", "Bad principal name while trying to forward credentials"); + _pykadminerror_error_insert(module, base, KRB5_GET_IN_TKT_LOOP, "GetTGTLoopError", "Looping detected inside krb5_get_in_tkt"); + _pykadminerror_error_insert(module, base, KRB5_CONFIG_NODEFREALM, "ConfigNoDefaultRealmError", "Configuration file does not specify default realm"); + _pykadminerror_error_insert(module, base, KRB5_SAM_UNSUPPORTED, "SAMUnsupportedError", "Bad SAM flags in obtain_sam_padata"); + _pykadminerror_error_insert(module, base, KRB5_SAM_INVALID_ETYPE, "SAMInvalidEncryptionTypeError", "Invalid encryption type in SAM challenge"); + _pykadminerror_error_insert(module, base, KRB5_SAM_NO_CHECKSUM, "SAMNoChecksumError", "Missing checksum in SAM challenge"); + _pykadminerror_error_insert(module, base, KRB5_SAM_BAD_CHECKSUM, "SAMChecksumError", "Bad checksum in SAM challenge"); + _pykadminerror_error_insert(module, base, KRB5_KT_NAME_TOOLONG, "KTNameTooLongError", "Keytab name too long"); + _pykadminerror_error_insert(module, base, KRB5_KT_KVNONOTFOUND, "KTKVNOError", "Key version number for principal in key table is incorrect"); + _pykadminerror_error_insert(module, base, KRB5_APPL_EXPIRED, "ApplicationExpiredError", "This application has expired"); + _pykadminerror_error_insert(module, base, KRB5_LIB_EXPIRED, "LibraryExpiredError", "This Krb5 library has expired"); + _pykadminerror_error_insert(module, base, KRB5_CHPW_PWDNULL, "NullPasswordError", "New password cannot be zero length"); + _pykadminerror_error_insert(module, base, KRB5_CHPW_FAIL, "PasswordChangeError", "Password change failed"); + _pykadminerror_error_insert(module, base, KRB5_KT_FORMAT, "KTFormatError", "Bad format in keytab"); + _pykadminerror_error_insert(module, base, KRB5_NOPERM_ETYPE, "EncryptionTypeError", "Encryption type not permitted"); + _pykadminerror_error_insert(module, base, KRB5_CONFIG_ETYPE_NOSUPP, "ConfigEncryptionTypeError", "No supported encryption types (config file error?)"); + _pykadminerror_error_insert(module, base, KRB5_OBSOLETE_FN, "ObsoleteFunctionError", "Program called an obsolete, deleted function"); - PyKAdminError_krb5_insert(module, base, KRB5_EAI_FAIL, "EAIGenericError", "unknown getaddrinfo failure"); - PyKAdminError_krb5_insert(module, base, KRB5_EAI_NODATA, "EAINoDataError", "no data available for host/domain name"); - PyKAdminError_krb5_insert(module, base, KRB5_EAI_NONAME, "EAINoNameError", "host/domain name not found"); - PyKAdminError_krb5_insert(module, base, KRB5_EAI_SERVICE, "EAIServiceUnknownError", "service name unknown"); - PyKAdminError_krb5_insert(module, base, KRB5_ERR_NUMERIC_REALM, "NumericRealmError", "Cannot determine realm for numeric host address"); - PyKAdminError_krb5_insert(module, base, KRB5_ERR_BAD_S2K_PARAMS, "KeyParamsError", "Invalid key generation parameters from KDC"); - PyKAdminError_krb5_insert(module, base, KRB5_ERR_NO_SERVICE, "ServiceUnavailableError", "service not available"); - - PyKAdminError_krb5_insert(module, base, KRB5_CC_READONLY, "CCReadOnlyError", "Ccache function not supported: read-only ccache type"); - PyKAdminError_krb5_insert(module, base, KRB5_CC_NOSUPP, "CCNotSupportedError", "Ccache function not supported: not implemented"); - - PyKAdminError_krb5_insert(module, base, KRB5_DELTAT_BADFORMAT, "DeltaFormatError", "Invalid format of Kerberos lifetime or clock skew string"); - PyKAdminError_krb5_insert(module, base, KRB5_PLUGIN_NO_HANDLE, "PluginHandleError", "Supplied data not handled by this plugin"); - PyKAdminError_krb5_insert(module, base, KRB5_PLUGIN_OP_NOTSUPP, "PluginSupportError", "Plugin does not support the operation"); - PyKAdminError_krb5_insert(module, base, KRB5_ERR_INVALID_UTF8, "UTF8Error", "Invalid UTF-8 string"); - PyKAdminError_krb5_insert(module, base, KRB5_ERR_FAST_REQUIRED, "FASTRequiredError", "FAST protected pre-authentication required but not supported by KDC"); - PyKAdminError_krb5_insert(module, base, KRB5_LOCAL_ADDR_REQUIRED, "LocalAddressRequiredError", "Auth context must contain local address"); - PyKAdminError_krb5_insert(module, base, KRB5_REMOTE_ADDR_REQUIRED, "RemoteAddressRequiredError", "Auth context must contain remote address"); - PyKAdminError_krb5_insert(module, base, KRB5_TRACE_NOSUPP, "TraceSupportError", "Tracing unsupported"); + _pykadminerror_error_insert(module, base, KRB5_EAI_FAIL, "EAIGenericError", "unknown getaddrinfo failure"); + _pykadminerror_error_insert(module, base, KRB5_EAI_NODATA, "EAINoDataError", "no data available for host/domain name"); + _pykadminerror_error_insert(module, base, KRB5_EAI_NONAME, "EAINoNameError", "host/domain name not found"); + _pykadminerror_error_insert(module, base, KRB5_EAI_SERVICE, "EAIServiceUnknownError", "service name unknown"); + _pykadminerror_error_insert(module, base, KRB5_ERR_NUMERIC_REALM, "NumericRealmError", "Cannot determine realm for numeric host address"); + _pykadminerror_error_insert(module, base, KRB5_ERR_BAD_S2K_PARAMS, "KeyParamsError", "Invalid key generation parameters from KDC"); + _pykadminerror_error_insert(module, base, KRB5_ERR_NO_SERVICE, "ServiceUnavailableError", "service not available"); + + _pykadminerror_error_insert(module, base, KRB5_CC_READONLY, "CCReadOnlyError", "Ccache function not supported: read-only ccache type"); + _pykadminerror_error_insert(module, base, KRB5_CC_NOSUPP, "CCNotSupportedError", "Ccache function not supported: not implemented"); + + _pykadminerror_error_insert(module, base, KRB5_DELTAT_BADFORMAT, "DeltaFormatError", "Invalid format of Kerberos lifetime or clock skew string"); + _pykadminerror_error_insert(module, base, KRB5_PLUGIN_NO_HANDLE, "PluginHandleError", "Supplied data not handled by this plugin"); + _pykadminerror_error_insert(module, base, KRB5_PLUGIN_OP_NOTSUPP, "PluginSupportError", "Plugin does not support the operation"); + _pykadminerror_error_insert(module, base, KRB5_ERR_INVALID_UTF8, "UTF8Error", "Invalid UTF-8 string"); + _pykadminerror_error_insert(module, base, KRB5_ERR_FAST_REQUIRED, "FASTRequiredError", "FAST protected pre-authentication required but not supported by KDC"); + _pykadminerror_error_insert(module, base, KRB5_LOCAL_ADDR_REQUIRED, "LocalAddressRequiredError", "Auth context must contain local address"); + _pykadminerror_error_insert(module, base, KRB5_REMOTE_ADDR_REQUIRED, "RemoteAddressRequiredError", "Auth context must contain remote address"); + _pykadminerror_error_insert(module, base, KRB5_TRACE_NOSUPP, "TraceSupportError", "Tracing unsupported"); result = 1; } @@ -471,71 +512,71 @@ int PyKAdminError_init_krb5(PyObject *module, PyObject *base) { int PyKAdminError_init_kadm(PyObject *module, PyObject *base) { int result = 0; - _pykadmin_kadm_errors = PyDict_New(); + //_pykadmin_kadm_errors = PyDict_New(); - if (_pykadmin_kadm_errors) { + if (_pykadmin_errors) { - PyKAdminError_kadm_insert(module, base, KADM5_FAILURE, "FailureError", "Operation failed for unspecified reason"); - PyKAdminError_kadm_insert(module, base, KADM5_AUTH_GET, "AuthGetError", "Operation requires ``get'' privilege"); - PyKAdminError_kadm_insert(module, base, KADM5_AUTH_ADD, "AuthAddError", "Operation requires ``add'' privilege"); - PyKAdminError_kadm_insert(module, base, KADM5_AUTH_MODIFY, "AuthModifyError", "Operation requires ``modify'' privilege"); - PyKAdminError_kadm_insert(module, base, KADM5_AUTH_DELETE, "AuthDeleteError", "Operation requires ``delete'' privilege"); - PyKAdminError_kadm_insert(module, base, KADM5_AUTH_INSUFFICIENT, "AuthInsufficientError", "Insufficient authorization for operation"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_DB, "DadtabaseError", "Database inconsistency detected"); - PyKAdminError_kadm_insert(module, base, KADM5_DUP, "DuplicateError", "Principal or policy already exists"); - PyKAdminError_kadm_insert(module, base, KADM5_RPC_ERROR, "RPCErrorError", "Communication failure with server"); - PyKAdminError_kadm_insert(module, base, KADM5_NO_SRV, "NoServerError", "No administration server found for realm"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_HIST_KEY, "HistoryKeyError", "Password history principal key version mismatch"); - PyKAdminError_kadm_insert(module, base, KADM5_NOT_INIT, "NotInitializedError", "Connection to server not initialized"); - PyKAdminError_kadm_insert(module, base, KADM5_UNK_PRINC, "UnknownPrincipalError", "Principal does not exist"); - PyKAdminError_kadm_insert(module, base, KADM5_UNK_POLICY, "UnknownPolicyError", "Policy does not exist"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_MASK, "MaskError", "Invalid field mask for operation"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_CLASS, "ClassError", "Invalid number of character classes"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_LENGTH, "LengthError", "Invalid password length"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_POLICY, "PolicyError", "Illegal policy name"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_PRINCIPAL, "PrincipalError", "Illegal principal name"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_AUX_ATTR, "AuxAttrError", "Invalid auxillary attributes"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_HISTORY, "HistoryError", "Invalid password history count"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_MIN_PASS_LIFE, "MinPasswordLifeError", "Password minimum life is greater then password maximum life"); - PyKAdminError_kadm_insert(module, base, KADM5_PASS_Q_TOOSHORT, "PasswordTooShortError", "Password is too short"); - PyKAdminError_kadm_insert(module, base, KADM5_PASS_Q_CLASS, "PasswordClassError", "Password does not contain enough character classes"); - PyKAdminError_kadm_insert(module, base, KADM5_PASS_Q_DICT, "PasswordDictError", "Password is in the password dictionary"); - PyKAdminError_kadm_insert(module, base, KADM5_PASS_REUSE, "PasswordReuseError", "Cannot resuse password"); - PyKAdminError_kadm_insert(module, base, KADM5_PASS_TOOSOON, "PasswordTooSoonError", "Current password's minimum life has not expired"); - PyKAdminError_kadm_insert(module, base, KADM5_POLICY_REF, "PolicyRefError", "Policy is in use"); - PyKAdminError_kadm_insert(module, base, KADM5_INIT, "InitializedError", "Connection to server already initialized"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_PASSWORD, "PasswordError", "Incorrect password"); - PyKAdminError_kadm_insert(module, base, KADM5_PROTECT_PRINCIPAL, "ProtectedPrincipalError", "Cannot change protected principal"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_SERVER_HANDLE, "ServerHandleError", "Programmer error! Bad Admin server handle"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_STRUCT_VERSION, "StructVersionError", "Programmer error! Bad API structure version"); - PyKAdminError_kadm_insert(module, base, KADM5_OLD_STRUCT_VERSION, "OldStructVersionError", "API structure version specified by application is no longer supported (to fix, recompile application against current Admin API header files and libraries)"); - PyKAdminError_kadm_insert(module, base, KADM5_NEW_STRUCT_VERSION, "NewStructVersionError", "API structure version specified by application is unknown to libraries (to fix, obtain current Admin API header files and libraries and recompile application)"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_API_VERSION, "APIVersionError", "Programmer error! Bad API version"); - PyKAdminError_kadm_insert(module, base, KADM5_OLD_LIB_API_VERSION, "OldLibraryAPIVersionError", "API version specified by application is no longer supported by libraries (to fix, update application to adhere to current API version and recompile)"); - PyKAdminError_kadm_insert(module, base, KADM5_OLD_SERVER_API_VERSION, "OldServerAPIVersionError", "API version specified by application is no longer supported by server (to fix, update application to adhere to current API version and recompile)"); - PyKAdminError_kadm_insert(module, base, KADM5_NEW_LIB_API_VERSION, "NewLibraryAPIVersionError", "API version specified by application is unknown to libraries (to fix, obtain current Admin API header files and libraries and recompile application)"); - PyKAdminError_kadm_insert(module, base, KADM5_NEW_SERVER_API_VERSION, "NewServerAPIVersionError", "API version specified by application is unknown to server (to fix, obtain and install newest Admin Server)"); - PyKAdminError_kadm_insert(module, base, KADM5_SECURE_PRINC_MISSING, "SecurePrincipalMissingError", "Database error! Required principal missing"); - PyKAdminError_kadm_insert(module, base, KADM5_NO_RENAME_SALT, "NoRenameSaltError", "The salt type of the specified principal does not support renaming"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_CLIENT_PARAMS, "ClientParamsError", "Illegal configuration parameter for remote KADM5 client"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_SERVER_PARAMS, "ServerParamsError", "Illegal configuration parameter for local KADM5 client."); - PyKAdminError_kadm_insert(module, base, KADM5_AUTH_LIST, "AuthListError", "Operation requires ``list'' privilege"); - PyKAdminError_kadm_insert(module, base, KADM5_AUTH_CHANGEPW, "AuthChangePasswordError", "Operation requires ``change-password'' privilege"); - PyKAdminError_kadm_insert(module, base, KADM5_GSS_ERROR, "GSSAPIErrorError", "GSS-API (or Kerberos) error"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_TL_TYPE, "TLTypeError", "Programmer error! Illegal tagged data list element type"); - PyKAdminError_kadm_insert(module, base, KADM5_MISSING_CONF_PARAMS, "MissingConfParamsError", "Required parameters in kdc.conf missing"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_SERVER_NAME, "ServerNameError", "Bad krb5 admin server hostname"); - PyKAdminError_kadm_insert(module, base, KADM5_AUTH_SETKEY, "AuthSetKeyError", "Operation requires ``set-key'' privilege"); - PyKAdminError_kadm_insert(module, base, KADM5_SETKEY_DUP_ENCTYPES, "SetKeyDuplicateEnctypesError", "Multiple values for single or folded enctype"); - PyKAdminError_kadm_insert(module, base, KADM5_SETV4KEY_INVAL_ENCTYPE, "Setv4KeyInvalEnctypeError", "Invalid enctype for setv4key"); - PyKAdminError_kadm_insert(module, base, KADM5_SETKEY3_ETYPE_MISMATCH, "SetKey3EnctypeMismatchError", "Mismatched enctypes for setkey3"); - PyKAdminError_kadm_insert(module, base, KADM5_MISSING_KRB5_CONF_PARAMS, "MissingKrb5ConfParamsError", "Missing parameters in krb5.conf required for kadmin client"); - PyKAdminError_kadm_insert(module, base, KADM5_XDR_FAILURE, "XDRFailureError", "XDR encoding error"); + _pykadminerror_error_insert(module, base, KADM5_FAILURE, "FailureError", "Operation failed for unspecified reason"); + _pykadminerror_error_insert(module, base, KADM5_AUTH_GET, "AuthGetError", "Operation requires ``get'' privilege"); + _pykadminerror_error_insert(module, base, KADM5_AUTH_ADD, "AuthAddError", "Operation requires ``add'' privilege"); + _pykadminerror_error_insert(module, base, KADM5_AUTH_MODIFY, "AuthModifyError", "Operation requires ``modify'' privilege"); + _pykadminerror_error_insert(module, base, KADM5_AUTH_DELETE, "AuthDeleteError", "Operation requires ``delete'' privilege"); + _pykadminerror_error_insert(module, base, KADM5_AUTH_INSUFFICIENT, "AuthInsufficientError", "Insufficient authorization for operation"); + _pykadminerror_error_insert(module, base, KADM5_BAD_DB, "DadtabaseError", "Database inconsistency detected"); + _pykadminerror_error_insert(module, base, KADM5_DUP, "DuplicateError", "Principal or policy already exists"); + _pykadminerror_error_insert(module, base, KADM5_RPC_ERROR, "RPCErrorError", "Communication failure with server"); + _pykadminerror_error_insert(module, base, KADM5_NO_SRV, "NoServerError", "No administration server found for realm"); + _pykadminerror_error_insert(module, base, KADM5_BAD_HIST_KEY, "HistoryKeyError", "Password history principal key version mismatch"); + _pykadminerror_error_insert(module, base, KADM5_NOT_INIT, "NotInitializedError", "Connection to server not initialized"); + _pykadminerror_error_insert(module, base, KADM5_UNK_PRINC, "UnknownPrincipalError", "Principal does not exist"); + _pykadminerror_error_insert(module, base, KADM5_UNK_POLICY, "UnknownPolicyError", "Policy does not exist"); + _pykadminerror_error_insert(module, base, KADM5_BAD_MASK, "MaskError", "Invalid field mask for operation"); + _pykadminerror_error_insert(module, base, KADM5_BAD_CLASS, "ClassError", "Invalid number of character classes"); + _pykadminerror_error_insert(module, base, KADM5_BAD_LENGTH, "LengthError", "Invalid password length"); + _pykadminerror_error_insert(module, base, KADM5_BAD_POLICY, "PolicyError", "Illegal policy name"); + _pykadminerror_error_insert(module, base, KADM5_BAD_PRINCIPAL, "PrincipalError", "Illegal principal name"); + _pykadminerror_error_insert(module, base, KADM5_BAD_AUX_ATTR, "AuxAttrError", "Invalid auxillary attributes"); + _pykadminerror_error_insert(module, base, KADM5_BAD_HISTORY, "HistoryError", "Invalid password history count"); + _pykadminerror_error_insert(module, base, KADM5_BAD_MIN_PASS_LIFE, "MinPasswordLifeError", "Password minimum life is greater then password maximum life"); + _pykadminerror_error_insert(module, base, KADM5_PASS_Q_TOOSHORT, "PasswordTooShortError", "Password is too short"); + _pykadminerror_error_insert(module, base, KADM5_PASS_Q_CLASS, "PasswordClassError", "Password does not contain enough character classes"); + _pykadminerror_error_insert(module, base, KADM5_PASS_Q_DICT, "PasswordDictError", "Password is in the password dictionary"); + _pykadminerror_error_insert(module, base, KADM5_PASS_REUSE, "PasswordReuseError", "Cannot resuse password"); + _pykadminerror_error_insert(module, base, KADM5_PASS_TOOSOON, "PasswordTooSoonError", "Current password's minimum life has not expired"); + _pykadminerror_error_insert(module, base, KADM5_POLICY_REF, "PolicyRefError", "Policy is in use"); + _pykadminerror_error_insert(module, base, KADM5_INIT, "InitializedError", "Connection to server already initialized"); + _pykadminerror_error_insert(module, base, KADM5_BAD_PASSWORD, "PasswordError", "Incorrect password"); + _pykadminerror_error_insert(module, base, KADM5_PROTECT_PRINCIPAL, "ProtectedPrincipalError", "Cannot change protected principal"); + _pykadminerror_error_insert(module, base, KADM5_BAD_SERVER_HANDLE, "ServerHandleError", "Programmer error! Bad Admin server handle"); + _pykadminerror_error_insert(module, base, KADM5_BAD_STRUCT_VERSION, "StructVersionError", "Programmer error! Bad API structure version"); + _pykadminerror_error_insert(module, base, KADM5_OLD_STRUCT_VERSION, "OldStructVersionError", "API structure version specified by application is no longer supported (to fix, recompile application against current Admin API header files and libraries)"); + _pykadminerror_error_insert(module, base, KADM5_NEW_STRUCT_VERSION, "NewStructVersionError", "API structure version specified by application is unknown to libraries (to fix, obtain current Admin API header files and libraries and recompile application)"); + _pykadminerror_error_insert(module, base, KADM5_BAD_API_VERSION, "APIVersionError", "Programmer error! Bad API version"); + _pykadminerror_error_insert(module, base, KADM5_OLD_LIB_API_VERSION, "OldLibraryAPIVersionError", "API version specified by application is no longer supported by libraries (to fix, update application to adhere to current API version and recompile)"); + _pykadminerror_error_insert(module, base, KADM5_OLD_SERVER_API_VERSION, "OldServerAPIVersionError", "API version specified by application is no longer supported by server (to fix, update application to adhere to current API version and recompile)"); + _pykadminerror_error_insert(module, base, KADM5_NEW_LIB_API_VERSION, "NewLibraryAPIVersionError", "API version specified by application is unknown to libraries (to fix, obtain current Admin API header files and libraries and recompile application)"); + _pykadminerror_error_insert(module, base, KADM5_NEW_SERVER_API_VERSION, "NewServerAPIVersionError", "API version specified by application is unknown to server (to fix, obtain and install newest Admin Server)"); + _pykadminerror_error_insert(module, base, KADM5_SECURE_PRINC_MISSING, "SecurePrincipalMissingError", "Database error! Required principal missing"); + _pykadminerror_error_insert(module, base, KADM5_NO_RENAME_SALT, "NoRenameSaltError", "The salt type of the specified principal does not support renaming"); + _pykadminerror_error_insert(module, base, KADM5_BAD_CLIENT_PARAMS, "ClientParamsError", "Illegal configuration parameter for remote KADM5 client"); + _pykadminerror_error_insert(module, base, KADM5_BAD_SERVER_PARAMS, "ServerParamsError", "Illegal configuration parameter for local KADM5 client."); + _pykadminerror_error_insert(module, base, KADM5_AUTH_LIST, "AuthListError", "Operation requires ``list'' privilege"); + _pykadminerror_error_insert(module, base, KADM5_AUTH_CHANGEPW, "AuthChangePasswordError", "Operation requires ``change-password'' privilege"); + _pykadminerror_error_insert(module, base, KADM5_GSS_ERROR, "GSSAPIErrorError", "GSS-API (or Kerberos) error"); + _pykadminerror_error_insert(module, base, KADM5_BAD_TL_TYPE, "TLTypeError", "Programmer error! Illegal tagged data list element type"); + _pykadminerror_error_insert(module, base, KADM5_MISSING_CONF_PARAMS, "MissingConfParamsError", "Required parameters in kdc.conf missing"); + _pykadminerror_error_insert(module, base, KADM5_BAD_SERVER_NAME, "ServerNameError", "Bad krb5 admin server hostname"); + _pykadminerror_error_insert(module, base, KADM5_AUTH_SETKEY, "AuthSetKeyError", "Operation requires ``set-key'' privilege"); + _pykadminerror_error_insert(module, base, KADM5_SETKEY_DUP_ENCTYPES, "SetKeyDuplicateEnctypesError", "Multiple values for single or folded enctype"); + _pykadminerror_error_insert(module, base, KADM5_SETV4KEY_INVAL_ENCTYPE, "Setv4KeyInvalEnctypeError", "Invalid enctype for setv4key"); + _pykadminerror_error_insert(module, base, KADM5_SETKEY3_ETYPE_MISMATCH, "SetKey3EnctypeMismatchError", "Mismatched enctypes for setkey3"); + _pykadminerror_error_insert(module, base, KADM5_MISSING_KRB5_CONF_PARAMS, "MissingKrb5ConfParamsError", "Missing parameters in krb5.conf required for kadmin client"); + _pykadminerror_error_insert(module, base, KADM5_XDR_FAILURE, "XDRFailureError", "XDR encoding error"); # ifdef KADM5_CANT_RESOLVE - PyKAdminError_kadm_insert(module, base, KADM5_CANT_RESOLVE, "CantResolveError", ""); + _pykadminerror_error_insert(module, base, KADM5_CANT_RESOLVE, "CantResolveError", ""); # endif # ifdef KADM5_PASS_Q_GENERIC - PyKAdminError_kadm_insert(module, base, KADM5_PASS_Q_GENERIC, "PasswordGenericError", "Database synchronization failed"); + _pykadminerror_error_insert(module, base, KADM5_PASS_Q_GENERIC, "PasswordGenericError", "Database synchronization failed"); # endif result = 1; @@ -546,3 +587,65 @@ int PyKAdminError_init_kadm(PyObject *module, PyObject *base) { } +int PyKAdminError_init_kdb(PyObject *module, PyObject *base) { + + int result = 0; + //_pykadmin_kadm_errors = PyDict_New(); + + if (_pykadmin_errors) { + + _pykadminerror_error_insert(module, base, KRB5_KDB_INUSE, "KDBInUseError", "Entry already exists in database"); + _pykadminerror_error_insert(module, base, KRB5_KDB_UK_SERROR, "KDBStoreError", "Database store error"); + _pykadminerror_error_insert(module, base, KRB5_KDB_UK_RERROR, "KDBReadError", "Database read error"); + _pykadminerror_error_insert(module, base, KRB5_KDB_UNAUTH, "KDBInsufficientAccessError", "Insufficient access to perform requested operation"); + _pykadminerror_error_insert(module, base, KRB5_KDB_NOENTRY, "KDBNoEntryError", "No such entry in the database"); + _pykadminerror_error_insert(module, base, KRB5_KDB_ILL_WILDCARD, "KDBWildcardError", "Illegal use of wildcard"); + _pykadminerror_error_insert(module, base, KRB5_KDB_DB_INUSE, "KDBLockedError", "Database is locked or in use--try again later"); + _pykadminerror_error_insert(module, base, KRB5_KDB_DB_CHANGED, "KDBChangedError", "Database was modified during read"); + _pykadminerror_error_insert(module, base, KRB5_KDB_TRUNCATED_RECORD, "KDBTruncatedError", "Database record is incomplete or corrupted"); + _pykadminerror_error_insert(module, base, KRB5_KDB_RECURSIVELOCK, "KDBRecursiveLockError", "Attempt to lock database twice"); + _pykadminerror_error_insert(module, base, KRB5_KDB_NOTLOCKED, "KDBNotLockedError", "Attempt to unlock database when not locked"); + _pykadminerror_error_insert(module, base, KRB5_KDB_BADLOCKMODE, "KDBLockModeError", "Invalid kdb lock mode"); + _pykadminerror_error_insert(module, base, KRB5_KDB_DBNOTINITED, "KDBNotInitializedError", "Database has not been initialized"); + _pykadminerror_error_insert(module, base, KRB5_KDB_DBINITED, "KDBInitializedError", "Database has already been initialized"); + _pykadminerror_error_insert(module, base, KRB5_KDB_ILLDIRECTION, "KDBDirectionError", "Bad direction for converting keys"); + _pykadminerror_error_insert(module, base, KRB5_KDB_NOMASTERKEY, "KDBNoMKeyError", "Cannot find master key record in database"); + _pykadminerror_error_insert(module, base, KRB5_KDB_BADMASTERKEY, "KDBBadMKeyError", "Master key does not match database"); + _pykadminerror_error_insert(module, base, KRB5_KDB_INVALIDKEYSIZE, "KDBKeySizeError", "Key size in database is invalid"); + _pykadminerror_error_insert(module, base, KRB5_KDB_CANTREAD_STORED, "KDBCantReadError", "Cannot find/read stored master key"); + _pykadminerror_error_insert(module, base, KRB5_KDB_BADSTORED_MKEY, "KDBCorruptedMKeyError", "Stored master key is corrupted"); + _pykadminerror_error_insert(module, base, KRB5_KDB_NOACTMASTERKEY, "KDBNoActiveMKeyError", "Cannot find active master key"); + _pykadminerror_error_insert(module, base, KRB5_KDB_KVNONOMATCH, "KDBMKeyMismatchError", "KVNO of new master key does not match expected value"); + _pykadminerror_error_insert(module, base, KRB5_KDB_STORED_MKEY_NOTCURRENT, "KDBMKeyNotCurrentError", "Stored master key is not current"); + _pykadminerror_error_insert(module, base, KRB5_KDB_CANTLOCK_DB, "KDBCantLockError", "Insufficient access to lock database"); + _pykadminerror_error_insert(module, base, KRB5_KDB_DB_CORRUPT, "KDBFormatError", "Database format error"); + _pykadminerror_error_insert(module, base, KRB5_KDB_BAD_VERSION, "KDBVersionError", "Unsupported version in database entry"); + _pykadminerror_error_insert(module, base, KRB5_KDB_BAD_SALTTYPE, "KDBSaltSupportError", "Unsupported salt type"); + _pykadminerror_error_insert(module, base, KRB5_KDB_BAD_ENCTYPE, "KDBEncryptionSupportError", "Unsupported encryption type"); + _pykadminerror_error_insert(module, base, KRB5_KDB_BAD_CREATEFLAGS, "KDBCreateFlagsError", "Bad database creation flags"); + _pykadminerror_error_insert(module, base, KRB5_KDB_NO_PERMITTED_KEY, "KDBNoPermittedKeyError", "No matching key in entry having a permitted enctype"); + _pykadminerror_error_insert(module, base, KRB5_KDB_NO_MATCHING_KEY, "KDBNoMatchingKeyError", "No matching key in entry"); + _pykadminerror_error_insert(module, base, KRB5_KDB_DBTYPE_NOTFOUND, "KDBTypeNotFoundError", "Unable to find requested database type"); + _pykadminerror_error_insert(module, base, KRB5_KDB_DBTYPE_NOSUP, "KDBTypeSupportError", "Database type not supported"); + _pykadminerror_error_insert(module, base, KRB5_KDB_DBTYPE_INIT, "KDBTypeInitializeError", "Database library failed to initialize"); + _pykadminerror_error_insert(module, base, KRB5_KDB_SERVER_INTERNAL_ERR, "KDBServerError", "Server error"); + _pykadminerror_error_insert(module, base, KRB5_KDB_ACCESS_ERROR, "KDBAccessError", "Unable to access Kerberos database"); + _pykadminerror_error_insert(module, base, KRB5_KDB_INTERNAL_ERROR, "KDBInternalError", "Kerberos database internal error"); + _pykadminerror_error_insert(module, base, KRB5_KDB_CONSTRAINT_VIOLATION, "KDBConstraintViolationError", "Kerberos database constraints violated"); + + _pykadminerror_error_insert(module, base, KRB5_LOG_CONV, "LOGUpdateConversionError", "Update log conversion error"); + _pykadminerror_error_insert(module, base, KRB5_LOG_UNSTABLE, "LOGUnstableError", "Update log is unstable"); + _pykadminerror_error_insert(module, base, KRB5_LOG_CORRUPT, "LOGCorruptError", "Update log is corrupt"); + _pykadminerror_error_insert(module, base, KRB5_LOG_ERROR, "LOGGenericError", "Generic update log error"); + + _pykadminerror_error_insert(module, base, KRB5_KDB_DBTYPE_MISMATCH, "KDBTypeMismatchError", "Database module does not match KDC version"); + _pykadminerror_error_insert(module, base, KRB5_KDB_POLICY_REF, "KDBPolicyError", "Policy is in use"); + _pykadminerror_error_insert(module, base, KRB5_KDB_STRINGS_TOOLONG, "KDBStringsTooLongError", "Too much string mapping data"); + + + result = 1; + } + + + return result; +} diff --git a/PyKAdminErrors.h b/PyKAdminErrors.h index 9c7af96..ffaeb6d 100644 --- a/PyKAdminErrors.h +++ b/PyKAdminErrors.h @@ -12,14 +12,16 @@ #include "pykadmin.h" +#define PyKAdmin_RETURN_ERROR(value, caller) { PyKAdminError_raise_error((long)value, caller); return NULL; } -#define PyKAdmin_RETURN_KADM5_ERROR(retval, caller) { PyKAdminError_raise_kadm_error(retval, caller); return NULL; } -#define PyKAdmin_RETURN_KRB5_ERROR(code, caller) { PyKAdminError_raise_krb5_error(code, caller); return NULL; } +//#define PyKAdmin_RETURN_KADM5_ERROR(retval, caller) { PyKAdminError_raise_kadm_error(retval, caller); return NULL; } +//#define PyKAdmin_RETURN_KRB5_ERROR(code, caller) { PyKAdminError_raise_krb5_error(code, caller); return NULL; } PyObject *PyKAdminError_init(PyObject *module); -void PyKAdminError_raise_kadm_error(kadm5_ret_t retval, char *caller); -void PyKAdminError_raise_krb5_error(krb5_error_code code, char *caller); +//void PyKAdminError_raise_kadm_error(kadm5_ret_t retval, char *caller); +//void PyKAdminError_raise_krb5_error(krb5_error_code code, char *caller); +void PyKAdminError_raise_error(long code, char *caller); #endif diff --git a/PyKAdminIterator.c b/PyKAdminIterator.c index 8837684..23efd6e 100644 --- a/PyKAdminIterator.c +++ b/PyKAdminIterator.c @@ -8,28 +8,13 @@ static void PyKAdminIterator_dealloc(PyKAdminIterator *self) { kadm5_free_name_list(self->kadmin->server_handle, self->names, self->count); - Py_XDECREF(self->kadmin); + Py_DECREF(self->kadmin); Py_TYPE(self)->tp_free((PyObject *)self); - //self->ob_type->tp_free((PyObject*)self); } static int PyKAdminIterator_init(PyKAdminIterator *self, PyObject *args, PyObject *kwds) { - - self->count = 0x0; - self->index = 0x0; - - if (self->kadmin->server_handle) { - - if (self->mode & iterate_principals) { - kadm5_get_principals(self->kadmin->server_handle, self->match, &self->names, &self->count); - } else if (self->mode & iterate_policies) { - kadm5_get_policies(self->kadmin->server_handle, self->match, &self->names, &self->count); - } - } - - return 0; } @@ -41,7 +26,7 @@ static PyObject *PyKAdminIterator_next(PyKAdminIterator *self) { if (self->index < self->count) { name = self->names[self->index]; - next = Py_BuildValue("s", name); + next = PyUnicode_FromString(name); self->index++; } @@ -93,25 +78,46 @@ PyTypeObject PyKAdminIterator_Type = { }; +PyKAdminIterator *PyKAdminIterator_principal_iterator(PyKAdminObject *kadmin, char *match) { -PyKAdminIterator *PyKAdminIterator_create(PyKAdminObject *kadmin, PyKadminIteratorModes mode, char *match) { - + kadm5_ret_t retval = KADM5_OK; PyKAdminIterator *iter = PyObject_New(PyKAdminIterator, &PyKAdminIterator_Type); if (iter) { - Py_XINCREF(kadmin); - iter->kadmin = kadmin; - iter->mode = mode; - iter->match = match; + + iter->count = 0x0; + iter->index = 0x0; + + iter->kadmin = kadmin; + Py_INCREF(kadmin); + + retval = kadm5_get_principals(kadmin->server_handle, match, &iter->names, &iter->count); + if (retval != KADM5_OK) { PyKAdmin_RETURN_ERROR(retval, "kadm5_get_principals"); } } - PyKAdminIterator_init(iter, NULL, NULL); Py_XINCREF(iter); - return iter; } -void PyKAdminIterator_destroy(PyKAdminIterator *self) { - PyKAdminIterator_dealloc(self); + +PyKAdminIterator *PyKAdminIterator_policy_iterator(PyKAdminObject *kadmin, char *match) { + + kadm5_ret_t retval = KADM5_OK; + PyKAdminIterator *iter = PyObject_New(PyKAdminIterator, &PyKAdminIterator_Type); + + if (iter) { + + iter->count = 0x0; + iter->index = 0x0; + + iter->kadmin = kadmin; + Py_INCREF(kadmin); + + retval = kadm5_get_policies(kadmin->server_handle, match, &iter->names, &iter->count); + if (retval != KADM5_OK) { PyKAdmin_RETURN_ERROR(retval, "kadm5_get_policies"); } + } + + Py_XINCREF(iter); + return iter; } diff --git a/PyKAdminIterator.h b/PyKAdminIterator.h index 845769d..4eff5fa 100644 --- a/PyKAdminIterator.h +++ b/PyKAdminIterator.h @@ -9,21 +9,12 @@ #include #include -typedef enum { - iterate_principals = 0x1, - iterate_policies = 0x2 -// iterate_unpack = 0x4 -} PyKadminIteratorModes; - typedef struct { PyObject_HEAD - //Py_ssize_t count; Py_ssize_t index; - PyKadminIteratorModes mode; int count; - char *match; char **names; PyKAdminObject *kadmin; @@ -32,7 +23,9 @@ typedef struct { PyTypeObject PyKAdminIterator_Type; -PyKAdminIterator *PyKAdminIterator_create(PyKAdminObject *kadmin, PyKadminIteratorModes mode, char *filter); -void PyKAdminIterator_destroy(PyKAdminIterator *self); +PyKAdminIterator *PyKAdminIterator_principal_iterator(PyKAdminObject *kadmin, char *match); +PyKAdminIterator *PyKAdminIterator_policy_iterator(PyKAdminObject *kadmin, char *match); + +//PyKAdminIterator *PyKAdminIterator_create(PyKAdminObject *kadmin, PyKadminIteratorModes mode, char *filter); #endif \ No newline at end of file diff --git a/PyKAdminObject.c b/PyKAdminObject.c index ec76d40..b31fe94 100644 --- a/PyKAdminObject.c +++ b/PyKAdminObject.c @@ -30,39 +30,30 @@ static void PyKAdminObject_dealloc(PyKAdminObject *self) { free(self->realm); } - //self->ob_type->tp_free((PyObject*)self); Py_TYPE(self)->tp_free((PyObject *)self); } } static PyObject *PyKAdminObject_new(PyTypeObject *type, PyObject *args, PyObject *kwds) { - PyKAdminObject *self; - kadm5_ret_t retval = 0; + PyKAdminObject *self = NULL; + kadm5_ret_t retval = KADM5_OK; + krb5_error_code code = 0; self = (PyKAdminObject *)type->tp_alloc(type, 0); if (self) { - retval = kadm5_init_krb5_context(&self->context); - // retval = krb5_init_context(&self->context); - if (retval) { - Py_DECREF(self); - PyKAdminError_raise_kadm_error(retval, "kadm5_init_with_password"); - return NULL; - } + retval = kadm5_init_krb5_context(&self->context); + if (retval != KADM5_OK) { PyKAdmin_RETURN_ERROR(retval, "kadm5_init_krb5_context"); } self->server_handle = NULL; - // attempt to load the default realm for this connection - //krb5_get_default_realm(self->context, &self->realm); - //if (!self->realm) { - // // todo : fail - //} + // attempt to load the default realm + code = krb5_get_default_realm(self->context, &self->realm); + if (code) { PyKAdmin_RETURN_ERROR(code, "krb5_get_default_realm"); } self->_storage = PyDict_New(); - - } return (PyObject *)self; @@ -76,8 +67,8 @@ static int PyKAdminObject_init(PyKAdminObject *self, PyObject *args, PyObject *k static PyObject *PyKAdminObject_delete_principal(PyKAdminObject *self, PyObject *args, PyObject *kwds) { - kadm5_ret_t retval; - krb5_error_code errno; + kadm5_ret_t retval = KADM5_OK; + krb5_error_code code = 0; krb5_principal princ = NULL; char *client_name = NULL; @@ -87,11 +78,11 @@ static PyObject *PyKAdminObject_delete_principal(PyKAdminObject *self, PyObject if (self->server_handle) { - retval = krb5_parse_name(self->context, client_name, &princ); - if (retval != 0x0) { PyKAdminError_raise_kadm_error(retval, "krb5_parse_name"); return NULL; } + code = krb5_parse_name(self->context, client_name, &princ); + if (code) { PyKAdmin_RETURN_ERROR(retval, "krb5_parse_name"); } retval = kadm5_delete_principal(self->server_handle, princ); - if (retval != 0x0) { PyKAdminError_raise_kadm_error(retval, "kadm5_delete_principal"); return NULL; } + if (retval != KADM5_OK) { PyKAdmin_RETURN_ERROR(retval, "kadm5_delete_principal"); } } @@ -104,11 +95,8 @@ static PyObject *PyKAdminObject_delete_principal(PyKAdminObject *self, PyObject static PyObject *PyKAdminObject_create_principal(PyKAdminObject *self, PyObject *args, PyObject *kwds) { - //PyObject *result = NULL; - - kadm5_ret_t retval; - krb5_error_code errno; - + kadm5_ret_t retval = KADM5_OK; + krb5_error_code code = 0; char *princ_name = NULL; char *princ_pass = NULL; @@ -116,23 +104,20 @@ static PyObject *PyKAdminObject_create_principal(PyKAdminObject *self, PyObject memset(&entry, 0, sizeof(entry)); entry.attributes = 0; + + // todo set default attributes. if (!PyArg_ParseTuple(args, "s|z", &princ_name, &princ_pass)) return NULL; if (self->server_handle) { - if ( (errno = krb5_parse_name(self->context, princ_name, &entry.principal) ) ) { + code = krb5_parse_name(self->context, princ_name, &entry.principal); + if (code) { PyKAdmin_RETURN_ERROR(retval, "krb5_parse_name"); } - printf("Error: krb5_unparse_name [%d]\n", errno); - return NULL; - - } else { + retval = kadm5_create_principal(self->server_handle, &entry, KADM5_PRINCIPAL, princ_pass); + if (retval != KADM5_OK) { PyKAdmin_RETURN_ERROR(retval, "kadm5_create_principal"); } - retval = kadm5_create_principal(self->server_handle, &entry, KADM5_PRINCIPAL, princ_pass); - - if (retval != 0x0) { PyKAdminError_raise_kadm_error(retval, "kadm5_create_principal"); return NULL; } - } } kadm5_free_principal_ent(self->server_handle, &entry); @@ -146,14 +131,10 @@ static PyKAdminPrincipalObject *PyKAdminObject_get_principal(PyKAdminObject *sel PyKAdminPrincipalObject *principal = NULL; char *client_name = NULL; - if (!PyArg_ParseTuple(args, "s", &client_name)) { + if (!PyArg_ParseTuple(args, "s", &client_name)) return NULL; - } - if (self) { - principal = PyKAdminPrincipalObject_principal_with_name(self, client_name); - - } + principal = PyKAdminPrincipalObject_principal_with_name(self, client_name); return principal; } @@ -166,10 +147,8 @@ static PyKAdminPolicyObject *PyKAdminObject_get_policy(PyKAdminObject *self, PyO if (!PyArg_ParseTuple(args, "s", &policy_name)) return NULL; - if (self->server_handle) { - policy = PyKAdminPolicyObject_policy_with_name(self, policy_name); - } - + policy = PyKAdminPolicyObject_policy_with_name(self, policy_name); + return policy; } @@ -177,30 +156,28 @@ static PyKAdminPolicyObject *PyKAdminObject_get_policy(PyKAdminObject *self, PyO static PyKAdminIterator *PyKAdminObject_principal_iter(PyKAdminObject *self, PyObject *args, PyObject *kwds) { char *match = NULL; - PyObject *unpack = Py_False; - PyKadminIteratorModes mode = iterate_principals; - static char *kwlist[] = {"match", "unpack", NULL}; + static char *kwlist[] = {"match", NULL}; - if (!PyArg_ParseTupleAndKeywords(args, kwds, "|zO", kwlist, &match, &unpack)) + if (!PyArg_ParseTupleAndKeywords(args, kwds, "|z", kwlist, &match)) return NULL; - return PyKAdminIterator_create(self, mode, match); + return PyKAdminIterator_principal_iterator(self, match); + //PyKAdminIterator_create(self, iterate_principals, match); } static PyKAdminIterator *PyKAdminObject_policy_iter(PyKAdminObject *self, PyObject *args, PyObject *kwds) { char *match = NULL; - PyObject *unpack = Py_False; - PyKadminIteratorModes mode = iterate_policies; - static char *kwlist[] = {"match", "unpack", NULL}; + static char *kwlist[] = {"match", NULL}; - if (!PyArg_ParseTupleAndKeywords(args, kwds, "|zO", kwlist, &match, &unpack)) + if (!PyArg_ParseTupleAndKeywords(args, kwds, "|z", kwlist, &match)) return NULL; - return PyKAdminIterator_create(self, mode, match); + return PyKAdminIterator_policy_iterator(self, match); + //return PyKAdminIterator_create(self, iterate_policies, match); } @@ -210,28 +187,24 @@ static int kdb_iter_princs(void *data, krb5_db_entry *kdb) { PyKAdminObject *self = (PyKAdminObject *)data; + PyKAdminPrincipalObject *principal = NULL; PyObject *result = NULL; - //PyObject *args = NULL; - PyKAdminPrincipalObject *principal = PyKAdminPrincipalObject_principal_with_db_entry(self, kdb); + if (!self->each_principal.error) { - if (principal) { + principal = PyKAdminPrincipalObject_principal_with_db_entry(self, kdb); - if (self->each_principal.callback) { + if (principal) { - //args = PyTuple_Pack(2, principal, self->each_principal.data); - - //result = PyObject_Call(self->each_principal.callback, args, NULL); - result = PyObject_CallFunctionObjArgs(self->each_principal.callback, principal, self->each_principal.data, NULL); - - //Py_DECREF(args); + if (self->each_principal.callback) { - if (!result) { - // use self to hold exception - } + result = PyObject_CallFunctionObjArgs(self->each_principal.callback, principal, self->each_principal.data, NULL); + if (!result) { self->each_principal.error = PyExc_RuntimeError; } + } + + Py_DECREF(principal); } - PyKAdminPrincipalObject_destroy(principal); } return 0; @@ -243,43 +216,39 @@ static int kdb_iter_princs(void *data, krb5_db_entry *kdb) { static PyObject *PyKAdminObject_each_principal(PyKAdminObject *self, PyObject *args, PyObject *kwds) { char *match = NULL; - krb5_error_code retval = 0; - kadm5_ret_t lock = 0; + krb5_error_code code = 0; + kadm5_ret_t lock = KADM5_OK; - - static char *kwlist[] = {"", "data", "match", NULL}; + static char *kwlist[] = {"callback", "data", "match", NULL}; - if (!PyArg_ParseTupleAndKeywords(args, kwds, "O|Oz", kwlist, /*&PyFunction_Type,*/ &self->each_principal.callback, &self->each_principal.data, &match)) + if (!PyArg_ParseTupleAndKeywords(args, kwds, "O!|Oz", kwlist, &PyFunction_Type, &self->each_principal.callback, &self->each_principal.data, &match)) return NULL; if (!self->each_principal.data) self->each_principal.data = Py_None; + self->each_principal.error = NULL; - - Py_XINCREF(self->each_principal.callback); - Py_XINCREF(self->each_principal.data); + Py_INCREF(self->each_principal.callback); + Py_INCREF(self->each_principal.data); - - lock = kadm5_lock(self->server_handle); - if (!lock || (lock == KRB5_PLUGIN_OP_NOTSUPP)) { + if ((lock == KADM5_OK) || (lock == KRB5_PLUGIN_OP_NOTSUPP)) { krb5_clear_error_message(self->context); - retval = krb5_db_iterate(self->context, match, kdb_iter_princs, (void *)self); + code = krb5_db_iterate(self->context, match, kdb_iter_princs, (void *)self); - if (lock != KRB5_PLUGIN_OP_NOTSUPP) { + if (lock != KRB5_PLUGIN_OP_NOTSUPP) lock = kadm5_unlock(self->server_handle); - } } - Py_XDECREF(self->each_principal.callback); - Py_XDECREF(self->each_principal.data); + Py_DECREF(self->each_principal.callback); + Py_DECREF(self->each_principal.data); - if (retval) { - // TODO raise proper exception + if (code || self->each_principal.error) { + PyErr_SetString(PyExc_RuntimeError, "Fatal Iteration Exception"); return NULL; } @@ -292,32 +261,33 @@ static PyObject *PyKAdminObject_each_principal(PyKAdminObject *self, PyObject *a static void kdb_iter_pols(void *data, osa_policy_ent_rec *entry) { PyKAdminObject *self = (PyKAdminObject *)data; - + PyKAdminPolicyObject *policy = NULL; PyObject *result = NULL; - PyKAdminPolicyObject *policy = PyKAdminPolicyObject_policy_with_osa_entry(self, entry); + if (!self->each_policy.error) { - if (policy) { + policy = PyKAdminPolicyObject_policy_with_osa_entry(self, entry); - if (self->each_policy.callback) { - - result = PyObject_CallFunctionObjArgs(self->each_policy.callback, policy, self->each_policy.data, NULL); - - if (!result) { - // use self to hold exception - } + if (policy) { + if (self->each_policy.callback) { + + result = PyObject_CallFunctionObjArgs(self->each_policy.callback, policy, self->each_policy.data, NULL); + if (!result) { self->each_policy.error = PyExc_RuntimeError; } + + } + + Py_DECREF(policy); } - PyKAdminPolicyObject_destroy(policy); - } + } } static PyObject *PyKAdminObject_each_policy(PyKAdminObject *self, PyObject *args, PyObject *kwds) { char *match = NULL; - krb5_error_code retval = 0; - kadm5_ret_t lock = 0; + krb5_error_code code = 0; + kadm5_ret_t lock = KADM5_OK; static char *kwlist[] = {"", "data", "match", NULL}; @@ -327,27 +297,26 @@ static PyObject *PyKAdminObject_each_policy(PyKAdminObject *self, PyObject *args if (!self->each_policy.data) self->each_policy.data = Py_None; - Py_XINCREF(self->each_policy.callback); - Py_XINCREF(self->each_policy.data); + Py_INCREF(self->each_policy.callback); + Py_INCREF(self->each_policy.data); lock = kadm5_lock(self->server_handle); - if (!lock || (lock == KRB5_PLUGIN_OP_NOTSUPP)) { + if ((lock == KADM5_OK) || (lock == KRB5_PLUGIN_OP_NOTSUPP)) { krb5_clear_error_message(self->context); - retval = krb5_db_iter_policy(self->context, match, kdb_iter_pols, (void *)self); + code = krb5_db_iter_policy(self->context, match, kdb_iter_pols, (void *)self); - if (lock != KRB5_PLUGIN_OP_NOTSUPP) { + if (lock != KRB5_PLUGIN_OP_NOTSUPP) lock = kadm5_unlock(self->server_handle); - } } - Py_XDECREF(self->each_policy.callback); - Py_XDECREF(self->each_policy.data); + Py_DECREF(self->each_policy.callback); + Py_DECREF(self->each_policy.data); - if (retval) { - // TODO raise proper exception + if (code || self->each_policy.error) { + PyErr_SetString(PyExc_RuntimeError, "Fatal Iteration Exception"); return NULL; } @@ -356,7 +325,6 @@ static PyObject *PyKAdminObject_each_policy(PyKAdminObject *self, PyObject *args } #endif - static PyMethodDef PyKAdminObject_methods[] = { {"ank", (PyCFunction)PyKAdminObject_create_principal, METH_VARARGS, ""}, @@ -370,8 +338,6 @@ static PyMethodDef PyKAdminObject_methods[] = { {"getprinc", (PyCFunction)PyKAdminObject_get_principal, METH_VARARGS, ""}, {"get_principal", (PyCFunction)PyKAdminObject_get_principal, METH_VARARGS, ""}, - - {"getpol", (PyCFunction)PyKAdminObject_get_policy, METH_VARARGS, ""}, {"get_policy", (PyCFunction)PyKAdminObject_get_policy, METH_VARARGS, ""}, diff --git a/PyKAdminObject.h b/PyKAdminObject.h index 2c724d5..828f731 100644 --- a/PyKAdminObject.h +++ b/PyKAdminObject.h @@ -12,6 +12,7 @@ typedef struct { PyObject *callback; PyObject *data; + PyObject *error; } each_iteration_t; typedef struct { diff --git a/PyKAdminPolicyObject.c b/PyKAdminPolicyObject.c index 68387c4..0bf3ee8 100644 --- a/PyKAdminPolicyObject.c +++ b/PyKAdminPolicyObject.c @@ -120,7 +120,7 @@ PyTypeObject PyKAdminPolicyObject_Type = { sizeof(PyKAdminPolicyObject), /*tp_basicsize*/ 0, /*tp_itemsize*/ (destructor)PyKAdminPolicyObject_dealloc, /*tp_dealloc*/ - 0, /*tp_print*/ + KAdminPolicyObject_print, /*tp_print*/ 0, /*tp_getattr*/ 0, /*tp_setattr*/ 0, /*tp_compare*/ diff --git a/PyKAdminPrincipalObject.c b/PyKAdminPrincipalObject.c index ecc787b..22a5655 100644 --- a/PyKAdminPrincipalObject.c +++ b/PyKAdminPrincipalObject.c @@ -12,6 +12,8 @@ #define TIME_NONE ((time_t) -1) +static char kNEVER[] = "never"; + static const unsigned int kFLAG_MAX = ( KRB5_KDB_DISALLOW_POSTDATED | KRB5_KDB_DISALLOW_FORWARDABLE @@ -60,41 +62,77 @@ static int PyKAdminPrincipal_init(PyKAdminPrincipalObject *self, PyObject *args, return 0; } + +static PyObject *PyKAdminPrincipal_str(PyKAdminPrincipalObject *self) { + return NULL; +} + + static int PyKAdminPrincipal_print(PyKAdminPrincipalObject *self, FILE *file, int flags){ - static const char *kPRINT_FORMAT = "%s: %s\n%s: %s\n%s: %s\n%s: %s\n%s: %s\n%s: %s\n%s: %s\n%s: %s\n%s: %s\n%s: %s\n%s: %s"; + static char kNEVER_DATE[] = "[never]"; + static char kNONE_DATE[] = "[none]"; + + static const char *kPRINT_FORMAT = "%s: %s\n%s: %s\n%s: %s\n%s: %s\n%s: %s\n%s: %s\n%s: %s\n%s: %s\n%s: %s\n%s: %d\n%s: %s\n%s: %s"; krb5_error_code errno; char *client_name = NULL; + char *expire = NULL; + char *pwchange = NULL; + char *pwexpire = NULL; + char *maxlife = NULL; + char *maxrlife = NULL; + char *moddate = NULL; + char *success = NULL; + char *failure = NULL; if (self && self->kadmin) { errno = krb5_unparse_name(self->kadmin->context, self->entry.principal, &client_name); + expire = pykadmin_timestamp_as_isodate(self->entry.princ_expire_time, kNEVER_DATE); + pwchange = pykadmin_timestamp_as_isodate(self->entry.last_pwd_change, kNEVER_DATE); + pwexpire = pykadmin_timestamp_as_isodate(self->entry.pw_expiration, kNEVER_DATE); + moddate = pykadmin_timestamp_as_isodate(self->entry.mod_date, kNEVER_DATE); + success = pykadmin_timestamp_as_isodate(self->entry.last_success, kNEVER_DATE); + failure = pykadmin_timestamp_as_isodate(self->entry.last_failed, kNEVER_DATE); + + maxlife = pykadmin_timestamp_as_deltastr(self->entry.max_life, kNONE_DATE); + maxrlife = pykadmin_timestamp_as_deltastr(self->entry.max_renewable_life, kNONE_DATE); + fprintf(file, kPRINT_FORMAT, "Principal", client_name, - "Expiration date", NULL, - "Last password change", NULL, - "Password expiration date", NULL, - "Maximum ticket life", NULL, - "Maximum renewable life", NULL, - "Last modified", NULL, - "Last successful authentication", NULL, - "Last failed authentication", NULL, - "Failed password attempts", NULL, - "Number of keys", NULL + "Expiration date", expire, + "Last password change", pwchange, + "Password expiration date", pwexpire, + "Maximum ticket life", maxlife, + "Maximum renewable life", maxrlife, + "Last modified", moddate, + "Last successful authentication", success, + "Last failed authentication", failure, + "Failed password attempts", self->entry.fail_auth_count, + "Number of keys", "(TODO)", + "Policy", self->entry.policy ? self->entry.policy : kNONE_DATE ); } - if (client_name) - free(client_name); + if (client_name) { free(client_name); } + if (expire) { free(expire); } + if (pwchange) { free(pwchange); } + if (pwexpire) { free(pwexpire); } + if (maxlife) { free(maxlife); } + if (maxrlife) { free(maxrlife); } + if (moddate) { free(moddate); } + if (success) { free(success); } + if (failure) { free(failure); } + + return 0; } - static PyObject *PyKAdminPrincipal_set_attributes(PyKAdminPrincipalObject *self, PyObject *args, PyObject *kwds) { //kadm5_ret_t retval = KADM5_OK; @@ -109,7 +147,7 @@ static PyObject *PyKAdminPrincipal_set_attributes(PyKAdminPrincipalObject *self, self->mask |= KADM5_ATTRIBUTES; //retval = kadm5_modify_principal(self->kadmin->server_handle, &self->entry, KADM5_ATTRIBUTES); - //if (retval != KADM5_OK) { PyKAdminError_raise_kadm_error(retval, "kadm5_modify_principal"); return NULL; } + //if (retval != KADM5_OK) { PyKAdminError_raise_error(retval, "kadm5_modify_principal"); return NULL; } } Py_RETURN_TRUE; @@ -140,7 +178,7 @@ static PyObject *PyKAdminPrincipal_commit(PyKAdminPrincipalObject *self) { if (self && self->mask) { retval = kadm5_modify_principal(self->kadmin->server_handle, &self->entry, self->mask); - if (retval != KADM5_OK) { PyKAdminError_raise_kadm_error(retval, "kadm5_modify_principal"); } + if (retval != KADM5_OK) { PyKAdminError_raise_error(retval, "kadm5_modify_principal"); } self->mask = 0; } @@ -162,11 +200,11 @@ static PyObject *PyKAdminPrincipal_reload(PyKAdminPrincipalObject *self) { if (ret) {} retval = kadm5_free_principal_ent(self->kadmin->server_handle, &self->entry); - if (retval != KADM5_OK) { PyKAdminError_raise_kadm_error(retval, "kadm5_free_principal_ent"); } + if (retval != KADM5_OK) { PyKAdminError_raise_error(retval, "kadm5_free_principal_ent"); } if (retval == KADM5_OK) { retval = kadm5_get_principal(self->kadmin->server_handle, temp, &self->entry, KADM5_PRINCIPAL_NORMAL_MASK); - if (retval != KADM5_OK) { PyKAdminError_raise_kadm_error(retval, "kadm5_get_principal"); } + if (retval != KADM5_OK) { PyKAdminError_raise_error(retval, "kadm5_get_principal"); } } krb5_free_principal(self->kadmin->context, temp); @@ -192,7 +230,7 @@ static PyObject *PyKAdminPrincipal_change_password(PyKAdminPrincipalObject *self return NULL; retval = kadm5_chpass_principal(self->kadmin->server_handle, self->entry.principal, password); - if (retval != KADM5_OK) { PyKAdminError_raise_kadm_error(retval, "kadm5_chpass_principal"); return NULL; } + if (retval != KADM5_OK) { PyKAdminError_raise_error(retval, "kadm5_chpass_principal"); return NULL; } Py_RETURN_TRUE; } @@ -202,7 +240,7 @@ static PyObject *PyKAdminPrincipal_randomize_key(PyKAdminPrincipalObject *self) kadm5_ret_t retval = KADM5_OK; retval = kadm5_randkey_principal(self->kadmin->server_handle, self->entry.principal, NULL, NULL); - if (retval != KADM5_OK) { PyKAdminError_raise_kadm_error(retval, "kadm5_randkey_principal"); return NULL; } + if (retval != KADM5_OK) { PyKAdminError_raise_error(retval, "kadm5_randkey_principal"); return NULL; } Py_RETURN_TRUE; } @@ -228,17 +266,13 @@ PyObject *PyKAdminPrincipal_RichCompare(PyObject *o1, PyObject *o2, int opid) { case Py_LE: case Py_GT: case Py_GE: - default: - result = Py_NotImplemented; - goto done; + default: + PyErr_SetString(PyExc_TypeError, "kadmin.Principal does not support operation"); } - -done: Py_XINCREF(result); return result; - } /* @@ -379,7 +413,6 @@ static PyObject *PyKAdminPrincipal_get_kvno(PyKAdminPrincipalObject *self, void * SETTERS */ -static char kNEVER[] = "never"; static krb5_deltat _decode_timedelta_input(PyObject *timedelta) { @@ -470,7 +503,7 @@ int PyKAdminPrincipal_set_pwexpire(PyKAdminPrincipalObject *self, PyObject *valu return 1; } - self->entry.princ_expire_time = timestamp; + self->entry.pw_expiration = timestamp; self->mask |= KADM5_PW_EXPIRATION; return 0; @@ -527,6 +560,7 @@ int PyKAdminPrincipal_set_kvno(PyKAdminPrincipalObject *self, PyObject *value, v int PyKAdminPrincipal_set_policy(PyKAdminPrincipalObject *self, PyObject *value, void *closure) { + int result = 1; char *policy_string = NULL; if (self) { @@ -556,16 +590,99 @@ int PyKAdminPrincipal_set_policy(PyKAdminPrincipalObject *self, PyObject *value, // set policy flag and remove policy clear flag if set. self->mask |= KADM5_POLICY; self->mask &= ~KADM5_POLICY_CLR; + result = 0; } } + } + } + if (result) + PyErr_SetString(PyExc_ValueError, "Invalid input"); + + return result; + +} + +/* + Set each of the requested attributes using their internal setter routine. + Fails at first error and should raise the error of the setter which failed. + + If all setters finish the commit function will automatically be called and flush changes to the database. + + returns Py_True on success NULL otherwise + +*/ +static PyObject *PyKAdminPrincipal_modify(PyKAdminPrincipalObject *self, PyObject *args, PyObject *kwds) { + + // TODO: principal.modify(expire=a, pwexpire=b, maxlife=c, maxrenewlife=d, policy=f, kvno=g, attributes=e, commit=False) + /* + equivilent to + + principal.expire = a + principal.pwexpire = b + principal.maxlife = c + principal.maxrenewlife = d + principal.policy = e + principal.kvno = f + principal.attributes = g + + principal.commit() + */ + + PyObject *expire = NULL; + PyObject *pwexpire = NULL; + PyObject *maxlife = NULL; + PyObject *maxrenewlife = NULL; + PyObject *attributes = NULL; + PyObject *policy = NULL; + PyObject *kvno = NULL; + + int result = 0; + + static char *kwlist[] = {"expire", "pwexpire", "maxlife", "maxrenewlife", "policy", "kvno", "attributes", NULL}; + + if (!PyArg_ParseTupleAndKeywords(args, kwds, "|OOOOOOO", kwlist, &expire, &pwexpire, &maxlife, &maxrenewlife, &policy, &kvno, &attributes)) + return NULL; + + if (!result && expire) + result |= PyKAdminPrincipal_set_expire(self, expire, NULL); + + if (!result && pwexpire) + result |= PyKAdminPrincipal_set_pwexpire(self, pwexpire, NULL); + + if (!result && maxlife) + result |= PyKAdminPrincipal_set_maxlife(self, maxlife, NULL); + + if (!result && maxrenewlife) + result |= PyKAdminPrincipal_set_maxrenewlife(self, maxrenewlife, NULL); + + if (!result && attributes) { + + PyObject *tuple = PyTuple_Pack(1, attributes); + PyObject *success = NULL; + if (tuple) { + success = PyKAdminPrincipal_set_attributes(self, tuple, NULL); + + result |= (success != Py_True); + Py_DECREF(tuple); } } + + if (!result && policy) + result |= PyKAdminPrincipal_set_policy(self, policy, NULL); + + if (!result && kvno) + result |= PyKAdminPrincipal_set_kvno(self, kvno, NULL); - return 0; + if (!result) { + return PyKAdminPrincipal_commit(self); + } else { + return NULL; + } } + /* * Documentation Strings */ @@ -593,6 +710,8 @@ static char kDOCSTRING_KVNO[] = "getter: int\n\tsetter: [int]\n\tcurr static char kDOCSTRING_FAILURES[] = "failed authentication count."; static char kDOCSTRING_MKVNO[] = "master key version number."; +static char kDOCSTRING_MODIFY[] = "principal.modify(expire=a, pwexpire=b, maxlife=c, maxrenewlife=d, attributes=e, policy=f, kvno=g)\n\tshorthand for calling setters and commit"; + static PyMethodDef PyKAdminPrincipal_methods[] = { {"cpw", (PyCFunction)PyKAdminPrincipal_change_password, METH_VARARGS, kDOCSTRING_CPW}, @@ -600,8 +719,7 @@ static PyMethodDef PyKAdminPrincipal_methods[] = { {"randkey", (PyCFunction)PyKAdminPrincipal_randomize_key, METH_NOARGS, kDOCSTRING_RANDKEY}, {"randomize_key", (PyCFunction)PyKAdminPrincipal_randomize_key, METH_NOARGS, kDOCSTRING_RANDKEY}, - // TODO: principal.modify(expire=a, pwexpire=b, maxlife=c, maxrenewlife=d, attributes=e, policy=f, kvno=g) - //{"modify" (PyCFunction)NULL, METH_KEYWORDS, "doc string"} + {"modify", (PyCFunction)PyKAdminPrincipal_modify, METH_KEYWORDS, kDOCSTRING_MODIFY}, {"commit", (PyCFunction)PyKAdminPrincipal_commit, METH_NOARGS, kDOCSTRING_COMMIT}, {"reload", (PyCFunction)PyKAdminPrincipal_reload, METH_NOARGS, kDOCSTRING_RELOAD}, @@ -754,6 +872,7 @@ PyKAdminPrincipalObject *PyKAdminPrincipalObject_principal_with_db_entry(PyKAdmi return principal; } + void PyKAdminPrincipalObject_destroy(PyKAdminPrincipalObject *self) { PyKAdminPrincipal_dealloc(self); } diff --git a/PyKAdminPrincipalObject.h b/PyKAdminPrincipalObject.h index c77dba3..9aceab6 100644 --- a/PyKAdminPrincipalObject.h +++ b/PyKAdminPrincipalObject.h @@ -30,6 +30,7 @@ PyKAdminPrincipalObject *PyKAdminPrincipalObject_principal_with_name(PyKAdminObj PyKAdminPrincipalObject *PyKAdminPrincipalObject_principal_with_db_entry(PyKAdminObject *kadmin, krb5_db_entry *kdb); PyKAdminPrincipalObject *PyKAdminPrincipalObject_principal_with_kadm_entry(PyKAdminObject *kadmin, kadm5_principal_ent_rec *entry); + void PyKAdminPrincipalObject_destroy(PyKAdminPrincipalObject *self); diff --git a/kadmin.c b/kadmin.c index 75d1dfb..5d5f4ef 100644 --- a/kadmin.c +++ b/kadmin.c @@ -7,7 +7,6 @@ #include "PyKAdminPrincipalObject.h" #include "PyKAdminPolicyObject.h" - #ifdef KADMIN_LOCAL static PyKAdminObject *_kadmin_local(PyObject *self, PyObject *args); #endif @@ -16,6 +15,9 @@ static PyKAdminObject *_kadmin_init_with_ccache(PyObject *self, PyObject *args); static PyKAdminObject *_kadmin_init_with_keytab(PyObject *self, PyObject *args); static PyKAdminObject *_kadmin_init_with_password(PyObject *self, PyObject *args); +static PyObject *_kadmin_get_option(PyObject *self, PyObject *args, PyObject *kwds); +static PyObject *_kadmin_set_option(PyObject *self, PyObject *args, PyObject *kwds); + static char module_docstring[] = ""; char *service_name = KADM5_ADMIN_SERVICE; @@ -25,7 +27,7 @@ krb5_ui_4 api_version = KADM5_API_VERSION_2; static struct PyMethodDef module_methods[] = { #ifdef KADMIN_LOCAL - {"local", (PyCFunction)_kadmin_local, METH_NOARGS, "local()"}, + {"local", (PyCFunction)_kadmin_local, METH_VARARGS, "local()"}, #endif {"init_with_ccache", (PyCFunction)_kadmin_init_with_ccache, METH_VARARGS, "init_with_ccache(principal, ccache)"}, @@ -34,10 +36,9 @@ static struct PyMethodDef module_methods[] = { /* todo: these should permit the user to set/get the service, struct, api version, default realm, ... - - {"get_option", (PyCFunction)_get_option, METH_VARARGS, "_get_option(option)"}, - {"set_option", (PyCFunction)_set_option, METH_VARARGS, "_set_option(option, value)"}, */ + {"get_option", (PyCFunction)_kadmin_get_option, METH_VARARGS, "get_option(option)"}, + {"set_option", (PyCFunction)_kadmin_set_option, METH_VARARGS, "set_option(option, value)"}, {NULL, NULL, 0, NULL} }; @@ -72,7 +73,7 @@ void PyKAdminConstant_init(PyObject *module) { # define PyKADMIN_INIT_FUNC PyObject *PyInit_kadmin(void) # endif -#define PyModule_INIT_RETURN return NULL +#define PyModule_RETURN_ERROR return NULL static int pykadmin_traverse(PyObject *module, visitproc visit, void *arg) { Py_VISIT(GETSTATE(module)->error); @@ -97,55 +98,63 @@ static struct PyModuleDef moduledef = { }; #else - + # ifdef KADMIN_LOCAL # define PyKADMIN_INIT_FUNC void initkadmin_local(void) # else # define PyKADMIN_INIT_FUNC void initkadmin(void) # endif -#define PyModule_INIT_RETURN return - -#endif +#define PyModule_RETURN_ERROR return +static struct module_state _state; - -/* -PyMODINIT_FUNC -#ifdef KADMIN_LOCAL - initkadmin_local(void) -#else - initkadmin(void) #endif -*/ + PyKADMIN_INIT_FUNC { + // initialize the module's class object types + if (PyType_Ready(&PyKAdminObject_Type) < 0) - PyModule_INIT_RETURN; + PyModule_RETURN_ERROR; if (PyType_Ready(&PyKAdminPrincipalObject_Type) < 0) - PyModule_INIT_RETURN; + PyModule_RETURN_ERROR; if (PyType_Ready(&PyKAdminPolicyObject_Type) < 0) - PyModule_INIT_RETURN; + PyModule_RETURN_ERROR; + + if (PyType_Ready(&PyKAdminIterator_Type) < 0) + PyModule_RETURN_ERROR; - #ifdef PYTHON3 + // initialize the module + +# ifdef PYTHON3 PyObject *module = PyModule_Create(&moduledef); - #else +# else PyObject *module = Py_InitModule3(kMODULE_NAME, module_methods, module_docstring); - #endif +# endif + if (!module) PyModule_RETURN_ERROR; - if (!module) { - PyModule_INIT_RETURN; - } + // increment the ref for each type object Py_INCREF(&PyKAdminObject_Type); Py_INCREF(&PyKAdminPrincipalObject_Type); Py_INCREF(&PyKAdminPolicyObject_Type); - - PyKAdminError_init(module); + + // initialize the errors + + struct module_state *st = GETSTATE(module); + + st->error = PyKAdminError_init(module); + if (st->error == NULL) { + Py_DECREF(module); + PyModule_RETURN_ERROR; + } + + // initialize constant PyKAdminConstant_init(module); #ifdef PYTHON3 @@ -155,6 +164,82 @@ PyKADMIN_INIT_FUNC { } +static PyObject *_kadmin_get_option(PyObject *self, PyObject *args, PyObject *kwds) { + + // todo + return NULL; +} + +static PyObject *_kadmin_set_option(PyObject *self, PyObject *args, PyObject *kwds) { + + // todo + return NULL; +} + +char **_kadmin_dict_to_db_args(PyObject *dict) { + + PyObject *key = NULL; + PyObject *value = NULL; + + char *str_key = NULL; + char *str_value = NULL; + char *argument = NULL; + char **db_args = NULL; + + Py_ssize_t index = 0; + Py_ssize_t position = 0; + + Py_ssize_t length = PyDict_Size(dict) + 1; + + if (dict) { + + db_args = calloc(length, sizeof(intptr_t)); + + if (db_args && PyDict_CheckExact(dict)) { + + while (PyDict_Next(dict, &position, &key, &value)) { + + if (PyUnicodeBytes_Check(key) && PyUnicodeBytes_Check(value)) { + + str_key = PyUnicode_or_PyBytes_asCString(key); + str_value = PyUnicode_or_PyBytes_asCString(value); + + if (str_key && str_value) { + + length = strlen(str_key) + strlen(str_value) + 2; + argument = calloc(length, sizeof(char)); + + if (argument) { + snprintf(argument, length, "%s=%s", str_key, str_value); + db_args[index++] = argument; + } + } + } + } + + db_args[index] = NULL; + } + } + + + return db_args; + +} + +void _kadmin_free_db_args(char **db_args) { + + Py_ssize_t index = 0; + + if (db_args) { + + while(db_args[index] != NULL) { + free(db_args[index++]); + } + + free(db_args); + } + +} #ifdef KADMIN_LOCAL static PyKAdminObject *_kadmin_local(PyObject *self, PyObject *args) { @@ -162,11 +247,17 @@ static PyKAdminObject *_kadmin_local(PyObject *self, PyObject *args) { static const char *kROOT_ADMIN = "root/admin"; PyKAdminObject *kadmin = PyKAdminObject_create(); - kadm5_ret_t retval = 0; + PyObject *db_args_dict = NULL; + kadm5_ret_t retval = KADM5_OK; int result = 0; char **db_args = NULL; char *client_name = NULL; + if (!PyArg_ParseTuple(args, "|O!", &PyDict_Type, &db_args_dict)) + return NULL; + + db_args = _kadmin_dict_to_db_args(db_args_dict); + kadm5_config_params *params = calloc(0x1, sizeof(kadm5_config_params)); result = asprintf(&client_name, "%s@%s", kROOT_ADMIN, kadmin->realm); @@ -186,7 +277,10 @@ static PyKAdminObject *_kadmin_local(PyObject *self, PyObject *args) { db_args, &kadmin->server_handle); - if (retval) { PyKAdminError_raise_kadm_error(retval, "kadm5_init_with_password"); return NULL; } + if (db_args) + _kadmin_free_db_args(db_args); + + if (retval != KADM5_OK) { PyKAdmin_RETURN_ERROR(retval, "kadm5_init_with_password.local"); } return kadmin; @@ -197,7 +291,9 @@ static PyKAdminObject *_kadmin_local(PyObject *self, PyObject *args) { static PyKAdminObject *_kadmin_init_with_ccache(PyObject *self, PyObject *args) { PyKAdminObject *kadmin = PyKAdminObject_create(); - kadm5_ret_t retval; + PyObject *db_args_dict = NULL; + kadm5_ret_t retval = KADM5_OK; + krb5_error_code code = 0; krb5_principal princ = NULL; char *ccache_name = NULL; @@ -211,23 +307,25 @@ static PyKAdminObject *_kadmin_init_with_ccache(PyObject *self, PyObject *args) memset(&cc, 0, sizeof(krb5_ccache)); // TODO : unpack database args as an optional third parameter (will be a dict or array) - if (!PyArg_ParseTuple(args, "|zz", &client_name, &ccache_name)) + if (!PyArg_ParseTuple(args, "|zzO!", &client_name, &ccache_name, &PyDict_Type, &db_args_dict)) return NULL; - if (ccache_name == NULL) { - retval = krb5_cc_default(kadmin->context, &cc); - if (retval) { PyKAdminError_raise_kadm_error(retval, "krb5_cc_default"); return NULL; } + db_args = _kadmin_dict_to_db_args(db_args_dict); + + if (!ccache_name) { + code = krb5_cc_default(kadmin->context, &cc); + if (code) { PyKAdmin_RETURN_ERROR(code, "krb5_cc_default"); } } else { - retval = krb5_cc_resolve(kadmin->context, ccache_name, &cc); - if (retval) { PyKAdminError_raise_kadm_error(retval, "krb5_cc_resolve"); return NULL; } + code = krb5_cc_resolve(kadmin->context, ccache_name, &cc); + if (code) { PyKAdmin_RETURN_ERROR(code, "krb5_cc_resolve"); } } - if (client_name == NULL) { - retval = krb5_cc_get_principal(kadmin->context, cc, &princ); - if (retval) { PyKAdminError_raise_kadm_error(retval, "krb5_cc_get_principal"); return NULL; } + if (!client_name) { + code = krb5_cc_get_principal(kadmin->context, cc, &princ); + if (code) { PyKAdmin_RETURN_ERROR(code, "krb5_cc_get_principal"); } - retval = krb5_unparse_name(kadmin->context, princ, &client_name); - if (retval) { PyKAdminError_raise_kadm_error(retval, "krb5_unparse_name"); return NULL; } + code = krb5_unparse_name(kadmin->context, princ, &client_name); + if (code) { PyKAdmin_RETURN_ERROR(code, "krb5_unparse_name"); } krb5_free_principal(kadmin->context, princ); } @@ -243,7 +341,10 @@ static PyKAdminObject *_kadmin_init_with_ccache(PyObject *self, PyObject *args) db_args, &kadmin->server_handle); - if (retval) { PyKAdminError_raise_kadm_error(retval, "kadm5_init_with_creds"); return NULL; } + if (db_args) + _kadmin_free_db_args(db_args); + + if (retval != KADM5_OK) { PyKAdmin_RETURN_ERROR(retval, "kadm5_init_with_creds"); } Py_XINCREF(kadmin); return kadmin; @@ -254,7 +355,9 @@ static PyKAdminObject *_kadmin_init_with_ccache(PyObject *self, PyObject *args) static PyKAdminObject *_kadmin_init_with_keytab(PyObject *self, PyObject *args) { PyKAdminObject *kadmin = PyKAdminObject_create(); - kadm5_ret_t retval = 0x0; + PyObject *db_args_dict = NULL; + kadm5_ret_t retval = KADM5_OK; + krb5_error_code code = 0; krb5_principal princ = NULL; char *client_name = NULL; @@ -263,21 +366,22 @@ static PyKAdminObject *_kadmin_init_with_keytab(PyObject *self, PyObject *args) kadm5_config_params *params = calloc(0x1, sizeof(kadm5_config_params)); - if (!PyArg_ParseTuple(args, "|zz", &client_name, &keytab_name)) + if (!PyArg_ParseTuple(args, "|zzO!", &client_name, &keytab_name, &PyDict_Type, &db_args_dict)) return NULL; + db_args = _kadmin_dict_to_db_args(db_args_dict); + if (keytab_name == NULL) { - keytab_name = "/etc/krb5.keytab"; } if (client_name == NULL) { - retval = krb5_sname_to_principal(kadmin->context, NULL, "host", KRB5_NT_SRV_HST, &princ); - if (retval) { PyKAdminError_raise_kadm_error(retval, "krb5_sname_to_principal"); return NULL; } + code = krb5_sname_to_principal(kadmin->context, NULL, "host", KRB5_NT_SRV_HST, &princ); + if (code) { PyKAdmin_RETURN_ERROR(code, "krb5_sname_to_principal"); } - retval = krb5_unparse_name(kadmin->context, princ, &client_name); - if (retval) { PyKAdminError_raise_kadm_error(retval, "krb5_unparse_name"); return NULL; } + code = krb5_unparse_name(kadmin->context, princ, &client_name); + if (code) { PyKAdmin_RETURN_ERROR(code, "krb5_unparse_name"); } krb5_free_principal(kadmin->context, princ); } @@ -294,18 +398,11 @@ static PyKAdminObject *_kadmin_init_with_keytab(PyObject *self, PyObject *args) db_args, &kadmin->server_handle); - if (retval) { PyKAdminError_raise_kadm_error(retval, "kadm5_init_with_skey"); return NULL; } - - - // kadmin->context = kadmin->server_handle->context; + if (db_args) + _kadmin_free_db_args(db_args); - //retval = krb5_db_setup_lib_handle(kadmin->context); + if (retval != KADM5_OK) { PyKAdmin_RETURN_ERROR(retval, "kadm5_init_with_skey"); } - // if (retval) { - // printf("retval [%d] %s\n", retval, krb5_get_error_message(kadmin->context, retval)); - // - //} - //if (retval) { PyKAdminError_raise_kadm_error(retval, "kadm5_init_with_skey"); return NULL; } Py_XINCREF(kadmin); @@ -316,7 +413,8 @@ static PyKAdminObject *_kadmin_init_with_keytab(PyObject *self, PyObject *args) static PyKAdminObject *_kadmin_init_with_password(PyObject *self, PyObject *args) { PyKAdminObject *kadmin = PyKAdminObject_create(); - kadm5_ret_t retval; + PyObject *db_args_dict = NULL; + kadm5_ret_t retval = KADM5_OK; char *client_name = NULL; char *password = NULL; @@ -324,9 +422,11 @@ static PyKAdminObject *_kadmin_init_with_password(PyObject *self, PyObject *args kadm5_config_params *params = calloc(0x1, sizeof(kadm5_config_params)); - if (!PyArg_ParseTuple(args, "zz", &client_name, &password)) + if (!PyArg_ParseTuple(args, "zz|O!", &client_name, &password, &PyDict_Type, &db_args_dict)) return NULL; + db_args = _kadmin_dict_to_db_args(db_args_dict); + retval = kadm5_init_with_password( kadmin->context, client_name, @@ -337,8 +437,11 @@ static PyKAdminObject *_kadmin_init_with_password(PyObject *self, PyObject *args api_version, db_args, &kadmin->server_handle); - - if (retval) { PyKAdminError_raise_kadm_error(retval, "kadm5_init_with_password"); return NULL; } + + if (db_args) + _kadmin_free_db_args(db_args); + + if (retval != KADM5_OK) { PyKAdmin_RETURN_ERROR(retval, "kadm5_init_with_password"); } Py_XINCREF(kadmin); return kadmin; diff --git a/pykadmin.h b/pykadmin.h index e067da2..6d51cf5 100644 --- a/pykadmin.h +++ b/pykadmin.h @@ -21,8 +21,7 @@ struct module_state { # define PyUnifiedLongInt_FromLong(from) PyLong_FromLong((long) from) # define PyUnifiedLongInt_AsUnsignedLong(ob) PyLong_AsUnsignedLong((PyObject *)ob) #else - static struct module_state _state; -# define GETSTATE(m) (&_state) +# define GETSTATE(m) (&_state) # define PyUnifiedLongInt_FromLong(from) PyInt_FromLong((long) from) # define PyUnifiedLongInt_AsUnsignedLong(ob) PyInt_AsUnsignedLongMask((PyObject *)ob) #endif @@ -31,5 +30,6 @@ struct module_state { # define Py_TYPE(ob) (((PyObject*)(ob))->ob_type) #endif +#define PyUnicodeBytes_Check(obj) (PyUnicode_CheckExact(obj) || PyBytes_CheckExact(obj)) #endif \ No newline at end of file diff --git a/test/rebuild.sh b/test/rebuild.sh new file mode 100755 index 0000000..03d288f --- /dev/null +++ b/test/rebuild.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +cd ..; +bash build.sh test; +cd test; diff --git a/test/unittests.py b/test/unittests.py index 39ed27f..733b0f2 100644 --- a/test/unittests.py +++ b/test/unittests.py @@ -31,9 +31,25 @@ def create_test_prinicipal(): if not os.path.isfile(TEST_KEYTAB): - #kadmin_local = subprocess.Popen(['kadmin.local'], shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + command = ''' +spawn kadmin.local -p root@EXAMPLE.COM - pass +expect "kadmin.local:" {{ send "ank {0}\r" }} +expect "Enter password for principal" {{ send "{1}\r" }} +expect "Re-enter password for principal" {{ send "{1}\r" }} + +expect "kadmin.local:" {{ send "cpw {0}\r" }} +expect "Enter password for principal" {{ send "{1}\r" }} +expect "Re-enter password for principal" {{ send "{1}\r" }} + +expect "kadmin.local:" {{ send "ktadd -kt {2} -norandkey {0}\r"}} +expect "kadmin.local:" {{ exit 1 }} +'''.format(TEST_PRINCIPAL, TEST_PASSWORD, TEST_KEYTAB) + + expect = subprocess.Popen(['expect'], shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + + expect.communicate(command.encode()) + expect.wait() def create_ccache():