From 372bf24af20a6f676825cf19f0e937c82adba762 Mon Sep 17 00:00:00 2001 From: Russell Jancewicz Date: Mon, 21 Jul 2014 15:19:43 -0400 Subject: [PATCH 1/8] print function for principal, principal.modify MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit dates are converted to iso8601 strings for printing the principal. principals can now call “modify” to set multiple attributes and auto commit the changes to the database all at once. mod_name now properly includes the realm of the authenticated (default realm used properly). --- PyKAdminCommon.c | 53 +++++++++++++++ PyKAdminCommon.h | 7 +- PyKAdminObject.c | 21 +++++- PyKAdminPrincipalObject.c | 137 +++++++++++++++++++++++++++++++------- kadmin.c | 1 - 5 files changed, 190 insertions(+), 29 deletions(-) diff --git a/PyKAdminCommon.c b/PyKAdminCommon.c index 2714887..eccb3b8 100644 --- a/PyKAdminCommon.c +++ b/PyKAdminCommon.c @@ -36,6 +36,59 @@ inline char *PyUnicode_or_PyBytes_asCString(PyObject *in_str) { } +char *pykadmin_timestamp_as_isodate(time_t timestamp, const char *zero) { + + struct tm *timeinfo; + char *isodate = NULL; + + if (timestamp) { + isodate = malloc(32); + + if (isodate) { + + timeinfo = localtime(×tamp); + strftime(isodate, 32, "%FT%T%z", timeinfo); + } + } else { + isodate = strdup(zero); + } + + return isodate; +} + +char *pykadmin_timestamp_as_deltastr(int seconds, const char *zero) { + + char *deltastr = NULL; + int negative, days, hours, minutes; + + if (seconds != 0) { + + if (seconds < 0) { + seconds *= -1; + negative = 1; + } + + days = seconds / (24 * 3600); + seconds %= 24 * 3600; + hours = seconds / 3600; + seconds %= 3600; + minutes = seconds / 60; + seconds %= 60; + + deltastr = malloc(64); + + if (deltastr) { + snprintf(deltastr, 64, "%s%d %s %02d:%02d:%02d", negative ? "-" : "", days, days == 1 ? "day" : "days", hours, minutes, seconds); + } + + } else { + + deltastr = strdup(zero); + } + + return deltastr; +} + inline PyObject *pykadmin_pydatetime_from_timestamp(time_t timestamp) { diff --git a/PyKAdminCommon.h b/PyKAdminCommon.h index 12ff185..50a0846 100644 --- a/PyKAdminCommon.h +++ b/PyKAdminCommon.h @@ -24,7 +24,6 @@ inline char *PyUnicode_or_PyBytes_asCString(PyObject *in_str); - int pykadmin_policy_exists(void *server_handle, const char *name); inline PyObject *pykadmin_pydatetime_from_timestamp(time_t timestamp); @@ -32,6 +31,12 @@ int pykadmin_timestamp_from_pydatetime(PyObject *datetime); int pykadmin_seconds_from_pydatetime(PyObject *delta); + +char *pykadmin_timestamp_as_isodate(time_t timestamp, const char *zero); +char *pykadmin_timestamp_as_deltastr(int seconds, const char *zero); + + + krb5_error_code pykadmin_kadm_from_kdb(PyKAdminObject *kadmin, krb5_db_entry *kdb, kadm5_principal_ent_rec *entry, long mask); krb5_error_code pykadmin_policy_kadm_from_osa(krb5_context ctx, osa_policy_ent_rec *osa, kadm5_policy_ent_rec *entry, long mask); diff --git a/PyKAdminObject.c b/PyKAdminObject.c index ec76d40..4e11e7c 100644 --- a/PyKAdminObject.c +++ b/PyKAdminObject.c @@ -55,10 +55,10 @@ static PyObject *PyKAdminObject_new(PyTypeObject *type, PyObject *args, PyObject self->server_handle = NULL; // attempt to load the default realm for this connection - //krb5_get_default_realm(self->context, &self->realm); - //if (!self->realm) { + krb5_get_default_realm(self->context, &self->realm); + if (!self->realm) { // // todo : fail - //} + } self->_storage = PyDict_New(); @@ -356,6 +356,18 @@ static PyObject *PyKAdminObject_each_policy(PyKAdminObject *self, PyObject *args } #endif +// TODO +static PyObject *PyKAdminObject_modprinc(PyKAdminObject *self, PyObject *args, PyObject *kwds) { + + PyObject *principal = NULL; + + if (!PyArg_ParseTuple(args, "O", &principal)) + return NULL; + + return NULL; + +} + static PyMethodDef PyKAdminObject_methods[] = { @@ -383,6 +395,9 @@ static PyMethodDef PyKAdminObject_methods[] = { {"lock", (PyCFunction)NULL, METH_NOARGS, ""}, {"unlock", (PyCFunction)NULL, METH_NOARGS, ""}, + {"modprinc", (PyCFunction)PyKAdminObject_modprinc, (METH_VARARGS | METH_KEYWORDS), ""}, + {"modify_principal", (PyCFunction)PyKAdminObject_modprinc, (METH_VARARGS | METH_KEYWORDS), ""}, + # ifdef KADMIN_LOCAL /* due to the nature of how the kadm5clnt library interfaces with the kerberos database over the rpc layer diff --git a/PyKAdminPrincipalObject.c b/PyKAdminPrincipalObject.c index ecc787b..ab598a9 100644 --- a/PyKAdminPrincipalObject.c +++ b/PyKAdminPrincipalObject.c @@ -12,6 +12,8 @@ #define TIME_NONE ((time_t) -1) +static char kNEVER[] = "never"; + static const unsigned int kFLAG_MAX = ( KRB5_KDB_DISALLOW_POSTDATED | KRB5_KDB_DISALLOW_FORWARDABLE @@ -60,41 +62,73 @@ static int PyKAdminPrincipal_init(PyKAdminPrincipalObject *self, PyObject *args, return 0; } + + static int PyKAdminPrincipal_print(PyKAdminPrincipalObject *self, FILE *file, int flags){ - static const char *kPRINT_FORMAT = "%s: %s\n%s: %s\n%s: %s\n%s: %s\n%s: %s\n%s: %s\n%s: %s\n%s: %s\n%s: %s\n%s: %s\n%s: %s"; + static char kNEVER_DATE[] = "[never]"; + static char kNONE_DATE[] = "[none]"; + + static const char *kPRINT_FORMAT = "%s: %s\n%s: %s\n%s: %s\n%s: %s\n%s: %s\n%s: %s\n%s: %s\n%s: %s\n%s: %s\n%s: %d\n%s: %s\n%s: %s"; krb5_error_code errno; char *client_name = NULL; + char *expire = NULL; + char *pwchange = NULL; + char *pwexpire = NULL; + char *maxlife = NULL; + char *maxrlife = NULL; + char *moddate = NULL; + char *success = NULL; + char *failure = NULL; if (self && self->kadmin) { errno = krb5_unparse_name(self->kadmin->context, self->entry.principal, &client_name); + expire = pykadmin_timestamp_as_isodate(self->entry.princ_expire_time, kNEVER_DATE); + pwchange = pykadmin_timestamp_as_isodate(self->entry.last_pwd_change, kNEVER_DATE); + pwexpire = pykadmin_timestamp_as_isodate(self->entry.pw_expiration, kNEVER_DATE); + moddate = pykadmin_timestamp_as_isodate(self->entry.mod_date, kNEVER_DATE); + success = pykadmin_timestamp_as_isodate(self->entry.last_success, kNEVER_DATE); + failure = pykadmin_timestamp_as_isodate(self->entry.last_failed, kNEVER_DATE); + + maxlife = pykadmin_timestamp_as_deltastr(self->entry.max_life, kNONE_DATE); + maxrlife = pykadmin_timestamp_as_deltastr(self->entry.max_renewable_life, kNONE_DATE); + fprintf(file, kPRINT_FORMAT, "Principal", client_name, - "Expiration date", NULL, - "Last password change", NULL, - "Password expiration date", NULL, - "Maximum ticket life", NULL, - "Maximum renewable life", NULL, - "Last modified", NULL, - "Last successful authentication", NULL, - "Last failed authentication", NULL, - "Failed password attempts", NULL, - "Number of keys", NULL + "Expiration date", expire, + "Last password change", pwchange, + "Password expiration date", pwexpire, + "Maximum ticket life", maxlife, + "Maximum renewable life", maxrlife, + "Last modified", moddate, + "Last successful authentication", success, + "Last failed authentication", failure, + "Failed password attempts", self->entry.fail_auth_count, + "Number of keys", "(TODO)", + "Policy", self->entry.policy ? self->entry.policy : kNONE_DATE ); } - if (client_name) - free(client_name); + if (client_name) { free(client_name); } + if (expire) { free(expire); } + if (pwchange) { free(pwchange); } + if (pwexpire) { free(pwexpire); } + if (maxlife) { free(maxlife); } + if (maxrlife) { free(maxrlife); } + if (moddate) { free(moddate); } + if (success) { free(success); } + if (failure) { free(failure); } + + return 0; } - static PyObject *PyKAdminPrincipal_set_attributes(PyKAdminPrincipalObject *self, PyObject *args, PyObject *kwds) { //kadm5_ret_t retval = KADM5_OK; @@ -228,17 +262,13 @@ PyObject *PyKAdminPrincipal_RichCompare(PyObject *o1, PyObject *o2, int opid) { case Py_LE: case Py_GT: case Py_GE: - default: - result = Py_NotImplemented; - goto done; + default: + PyErr_SetString(PyExc_TypeError, "kadmin.Principal does not support operation"); } - -done: Py_XINCREF(result); return result; - } /* @@ -379,7 +409,6 @@ static PyObject *PyKAdminPrincipal_get_kvno(PyKAdminPrincipalObject *self, void * SETTERS */ -static char kNEVER[] = "never"; static krb5_deltat _decode_timedelta_input(PyObject *timedelta) { @@ -470,7 +499,7 @@ int PyKAdminPrincipal_set_pwexpire(PyKAdminPrincipalObject *self, PyObject *valu return 1; } - self->entry.princ_expire_time = timestamp; + self->entry.pw_expiration = timestamp; self->mask |= KADM5_PW_EXPIRATION; return 0; @@ -566,6 +595,65 @@ int PyKAdminPrincipal_set_policy(PyKAdminPrincipalObject *self, PyObject *value, } + +static PyObject *PyKAdminPrincipal_modify(PyKAdminPrincipalObject *self, PyObject *args, PyObject *kwds) { + + // TODO: principal.modify(expire=a, pwexpire=b, maxlife=c, maxrenewlife=d, attributes=e, policy=f, kvno=g) + + PyObject *expire = NULL; + PyObject *pwexpire = NULL; + PyObject *maxlife = NULL; + PyObject *maxrenewlife = NULL; + PyObject *attributes = NULL; + PyObject *policy = NULL; + PyObject *kvno = NULL; + + int result = 0; + + static char *kwlist[] = {"expire", "pwexpire", "maxlife", "maxrenewlife", "policy", "kvno", "attributes"}; + + if (!PyArg_ParseTupleAndKeywords(args, kwds, "|OOOOOOO", kwlist, &expire, &pwexpire, &maxlife, &maxrenewlife, &policy, &kvno, &attributes)) + return NULL; + + if (!result && expire) + result |= PyKAdminPrincipal_set_expire(self, expire, NULL); + + if (!result && pwexpire) + result |= PyKAdminPrincipal_set_pwexpire(self, pwexpire, NULL); + + if (!result && maxlife) + result |= PyKAdminPrincipal_set_maxlife(self, maxlife, NULL); + + if (!result && maxrenewlife) + result |= PyKAdminPrincipal_set_maxrenewlife(self, maxrenewlife, NULL); + + if (!result && attributes) { + + PyObject *tuple = PyTuple_Pack(1, attributes); + PyObject *success = NULL; + if (tuple) { + success = PyKAdminPrincipal_set_attributes(self, tuple, NULL); + + result |= (success != Py_True); + Py_DECREF(tuple); + } + } + + if (!result && policy) + result |= PyKAdminPrincipal_set_policy(self, policy, NULL); + + if (!result && kvno) + result |= PyKAdminPrincipal_set_kvno(self, kvno, NULL); + + + if (!result) { + return PyKAdminPrincipal_commit(self); + } else { + return NULL; + } +} + + /* * Documentation Strings */ @@ -593,6 +681,8 @@ static char kDOCSTRING_KVNO[] = "getter: int\n\tsetter: [int]\n\tcurr static char kDOCSTRING_FAILURES[] = "failed authentication count."; static char kDOCSTRING_MKVNO[] = "master key version number."; +static char kDOCSTRING_MODIFY[] = "principal.modify(expire=a, pwexpire=b, maxlife=c, maxrenewlife=d, attributes=e, policy=f, kvno=g)\n\tshorthand for calling setters and commit"; + static PyMethodDef PyKAdminPrincipal_methods[] = { {"cpw", (PyCFunction)PyKAdminPrincipal_change_password, METH_VARARGS, kDOCSTRING_CPW}, @@ -600,8 +690,7 @@ static PyMethodDef PyKAdminPrincipal_methods[] = { {"randkey", (PyCFunction)PyKAdminPrincipal_randomize_key, METH_NOARGS, kDOCSTRING_RANDKEY}, {"randomize_key", (PyCFunction)PyKAdminPrincipal_randomize_key, METH_NOARGS, kDOCSTRING_RANDKEY}, - // TODO: principal.modify(expire=a, pwexpire=b, maxlife=c, maxrenewlife=d, attributes=e, policy=f, kvno=g) - //{"modify" (PyCFunction)NULL, METH_KEYWORDS, "doc string"} + {"modify", (PyCFunction)PyKAdminPrincipal_modify, METH_KEYWORDS, kDOCSTRING_MODIFY}, {"commit", (PyCFunction)PyKAdminPrincipal_commit, METH_NOARGS, kDOCSTRING_COMMIT}, {"reload", (PyCFunction)PyKAdminPrincipal_reload, METH_NOARGS, kDOCSTRING_RELOAD}, diff --git a/kadmin.c b/kadmin.c index 75d1dfb..abcaa25 100644 --- a/kadmin.c +++ b/kadmin.c @@ -7,7 +7,6 @@ #include "PyKAdminPrincipalObject.h" #include "PyKAdminPolicyObject.h" - #ifdef KADMIN_LOCAL static PyKAdminObject *_kadmin_local(PyObject *self, PyObject *args); #endif From eac5f21de340ab0837f9386be6eef1a78567b680 Mon Sep 17 00:00:00 2001 From: Russell Jancewicz Date: Mon, 21 Jul 2014 16:04:09 -0400 Subject: [PATCH 2/8] principal.modify changes --- PyKAdminObject.c | 18 ------------------ PyKAdminPrincipalObject.c | 40 +++++++++++++++++++++++++++++++++++---- PyKAdminPrincipalObject.h | 2 ++ 3 files changed, 38 insertions(+), 22 deletions(-) diff --git a/PyKAdminObject.c b/PyKAdminObject.c index 4e11e7c..d9e7a35 100644 --- a/PyKAdminObject.c +++ b/PyKAdminObject.c @@ -356,19 +356,6 @@ static PyObject *PyKAdminObject_each_policy(PyKAdminObject *self, PyObject *args } #endif -// TODO -static PyObject *PyKAdminObject_modprinc(PyKAdminObject *self, PyObject *args, PyObject *kwds) { - - PyObject *principal = NULL; - - if (!PyArg_ParseTuple(args, "O", &principal)) - return NULL; - - return NULL; - -} - - static PyMethodDef PyKAdminObject_methods[] = { {"ank", (PyCFunction)PyKAdminObject_create_principal, METH_VARARGS, ""}, @@ -382,8 +369,6 @@ static PyMethodDef PyKAdminObject_methods[] = { {"getprinc", (PyCFunction)PyKAdminObject_get_principal, METH_VARARGS, ""}, {"get_principal", (PyCFunction)PyKAdminObject_get_principal, METH_VARARGS, ""}, - - {"getpol", (PyCFunction)PyKAdminObject_get_policy, METH_VARARGS, ""}, {"get_policy", (PyCFunction)PyKAdminObject_get_policy, METH_VARARGS, ""}, @@ -395,9 +380,6 @@ static PyMethodDef PyKAdminObject_methods[] = { {"lock", (PyCFunction)NULL, METH_NOARGS, ""}, {"unlock", (PyCFunction)NULL, METH_NOARGS, ""}, - {"modprinc", (PyCFunction)PyKAdminObject_modprinc, (METH_VARARGS | METH_KEYWORDS), ""}, - {"modify_principal", (PyCFunction)PyKAdminObject_modprinc, (METH_VARARGS | METH_KEYWORDS), ""}, - # ifdef KADMIN_LOCAL /* due to the nature of how the kadm5clnt library interfaces with the kerberos database over the rpc layer diff --git a/PyKAdminPrincipalObject.c b/PyKAdminPrincipalObject.c index ab598a9..9696497 100644 --- a/PyKAdminPrincipalObject.c +++ b/PyKAdminPrincipalObject.c @@ -556,6 +556,7 @@ int PyKAdminPrincipal_set_kvno(PyKAdminPrincipalObject *self, PyObject *value, v int PyKAdminPrincipal_set_policy(PyKAdminPrincipalObject *self, PyObject *value, void *closure) { + int result = 1; char *policy_string = NULL; if (self) { @@ -585,20 +586,44 @@ int PyKAdminPrincipal_set_policy(PyKAdminPrincipalObject *self, PyObject *value, // set policy flag and remove policy clear flag if set. self->mask |= KADM5_POLICY; self->mask &= ~KADM5_POLICY_CLR; + result = 0; } } - } } - return 0; + if (result) + PyErr_SetString(PyExc_ValueError, "Invalid input"); + + return result; } +/* + Set each of the requested attributes using their internal setter routine. + Fails at first error and should raise the error of the setter which failed. + + If all setters finish the commit function will automatically be called and flush changes to the database. + + returns Py_True on success NULL otherwise +*/ static PyObject *PyKAdminPrincipal_modify(PyKAdminPrincipalObject *self, PyObject *args, PyObject *kwds) { - // TODO: principal.modify(expire=a, pwexpire=b, maxlife=c, maxrenewlife=d, attributes=e, policy=f, kvno=g) + // TODO: principal.modify(expire=a, pwexpire=b, maxlife=c, maxrenewlife=d, policy=f, kvno=g, attributes=e, commit=False) + /* + equivilent to + + principal.expire = a + principal.pwexpire = b + principal.maxlife = c + principal.maxrenewlife = d + principal.policy = e + principal.kvno = f + principal.attributes = g + + principal.commit() + */ PyObject *expire = NULL; PyObject *pwexpire = NULL; @@ -610,7 +635,7 @@ static PyObject *PyKAdminPrincipal_modify(PyKAdminPrincipalObject *self, PyObjec int result = 0; - static char *kwlist[] = {"expire", "pwexpire", "maxlife", "maxrenewlife", "policy", "kvno", "attributes"}; + static char *kwlist[] = {"expire", "pwexpire", "maxlife", "maxrenewlife", "policy", "kvno", "attributes", NULL}; if (!PyArg_ParseTupleAndKeywords(args, kwds, "|OOOOOOO", kwlist, &expire, &pwexpire, &maxlife, &maxrenewlife, &policy, &kvno, &attributes)) return NULL; @@ -843,6 +868,13 @@ PyKAdminPrincipalObject *PyKAdminPrincipalObject_principal_with_db_entry(PyKAdmi return principal; } +PyObject *PyKAdminPrincipalObject_modify_principal(PyKAdminPrincipalObject *princ, PyObject *args, PyObject *kwds) { + + return PyKAdminPrincipal_modify(princ, args, kwds); + +} + + void PyKAdminPrincipalObject_destroy(PyKAdminPrincipalObject *self) { PyKAdminPrincipal_dealloc(self); } diff --git a/PyKAdminPrincipalObject.h b/PyKAdminPrincipalObject.h index c77dba3..88812c8 100644 --- a/PyKAdminPrincipalObject.h +++ b/PyKAdminPrincipalObject.h @@ -30,6 +30,8 @@ PyKAdminPrincipalObject *PyKAdminPrincipalObject_principal_with_name(PyKAdminObj PyKAdminPrincipalObject *PyKAdminPrincipalObject_principal_with_db_entry(PyKAdminObject *kadmin, krb5_db_entry *kdb); PyKAdminPrincipalObject *PyKAdminPrincipalObject_principal_with_kadm_entry(PyKAdminObject *kadmin, kadm5_principal_ent_rec *entry); +PyObject *PyKAdminPrincipalObject_modify_principal(PyKAdminPrincipalObject *princ, PyObject *args, PyObject *kwds) + void PyKAdminPrincipalObject_destroy(PyKAdminPrincipalObject *self); From 06fdb98fd65e2b657ad76e6d3321de24f7a40068 Mon Sep 17 00:00:00 2001 From: Russell Jancewicz Date: Mon, 21 Jul 2014 20:13:13 -0400 Subject: [PATCH 3/8] init now accepts db_args as a dict --- PyKAdminCommon.c | 3 +- PyKAdminCommon.h | 1 - PyKAdminObject.c | 175 ++++++++++++++++---------------------- PyKAdminObject.h | 1 + PyKAdminPrincipalObject.c | 6 -- PyKAdminPrincipalObject.h | 1 - kadmin.c | 167 +++++++++++++++++++++++++++--------- pykadmin.h | 5 +- test/rebuild.sh | 5 ++ 9 files changed, 211 insertions(+), 153 deletions(-) create mode 100755 test/rebuild.sh diff --git a/PyKAdminCommon.c b/PyKAdminCommon.c index eccb3b8..fa33e8f 100644 --- a/PyKAdminCommon.c +++ b/PyKAdminCommon.c @@ -24,11 +24,12 @@ inline char *PyUnicode_or_PyBytes_asCString(PyObject *in_str) { PyObject *ascii = PyUnicode_AsASCIIString(in_str); if (ascii) { - out_str = PyBytes_AsString(in_str); + out_str = PyBytes_AsString(ascii); Py_XDECREF(ascii); } } else if (PyBytes_CheckExact(in_str)) { + out_str = PyBytes_AsString(in_str); } diff --git a/PyKAdminCommon.h b/PyKAdminCommon.h index 50a0846..e2e8148 100644 --- a/PyKAdminCommon.h +++ b/PyKAdminCommon.h @@ -20,7 +20,6 @@ # define PyDateTime_DELTA_GET_MICROSECONDS(o) (((PyDateTime_Delta*)o)->microseconds) #endif -#define PyUnicodeBytes_Check(obj) (PyUnicode_CheckExact(obj) || PyBytes_CheckExact(obj)) inline char *PyUnicode_or_PyBytes_asCString(PyObject *in_str); diff --git a/PyKAdminObject.c b/PyKAdminObject.c index d9e7a35..a26ebad 100644 --- a/PyKAdminObject.c +++ b/PyKAdminObject.c @@ -30,39 +30,30 @@ static void PyKAdminObject_dealloc(PyKAdminObject *self) { free(self->realm); } - //self->ob_type->tp_free((PyObject*)self); Py_TYPE(self)->tp_free((PyObject *)self); } } static PyObject *PyKAdminObject_new(PyTypeObject *type, PyObject *args, PyObject *kwds) { - PyKAdminObject *self; - kadm5_ret_t retval = 0; + PyKAdminObject *self = NULL; + kadm5_ret_t retval = KADM5_OK; + krb5_error_code code = 0; self = (PyKAdminObject *)type->tp_alloc(type, 0); if (self) { - retval = kadm5_init_krb5_context(&self->context); - // retval = krb5_init_context(&self->context); - if (retval) { - Py_DECREF(self); - PyKAdminError_raise_kadm_error(retval, "kadm5_init_with_password"); - return NULL; - } + retval = kadm5_init_krb5_context(&self->context); + if (retval != KADM5_OK) { PyKAdmin_RETURN_KADM5_ERROR(retval, "kadm5_init_krb5_context"); } self->server_handle = NULL; - // attempt to load the default realm for this connection - krb5_get_default_realm(self->context, &self->realm); - if (!self->realm) { - // // todo : fail - } + // attempt to load the default realm + code = krb5_get_default_realm(self->context, &self->realm); + if (code) { PyKAdmin_RETURN_KRB5_ERROR(code, "krb5_get_default_realm"); } self->_storage = PyDict_New(); - - } return (PyObject *)self; @@ -76,8 +67,8 @@ static int PyKAdminObject_init(PyKAdminObject *self, PyObject *args, PyObject *k static PyObject *PyKAdminObject_delete_principal(PyKAdminObject *self, PyObject *args, PyObject *kwds) { - kadm5_ret_t retval; - krb5_error_code errno; + kadm5_ret_t retval = KADM5_OK; + krb5_error_code code = 0; krb5_principal princ = NULL; char *client_name = NULL; @@ -87,11 +78,11 @@ static PyObject *PyKAdminObject_delete_principal(PyKAdminObject *self, PyObject if (self->server_handle) { - retval = krb5_parse_name(self->context, client_name, &princ); - if (retval != 0x0) { PyKAdminError_raise_kadm_error(retval, "krb5_parse_name"); return NULL; } + code = krb5_parse_name(self->context, client_name, &princ); + if (code) { PyKAdmin_RETURN_KRB5_ERROR(retval, "krb5_parse_name"); } retval = kadm5_delete_principal(self->server_handle, princ); - if (retval != 0x0) { PyKAdminError_raise_kadm_error(retval, "kadm5_delete_principal"); return NULL; } + if (retval != KADM5_OK) { PyKAdmin_RETURN_KADM5_ERROR(retval, "kadm5_delete_principal"); } } @@ -104,11 +95,8 @@ static PyObject *PyKAdminObject_delete_principal(PyKAdminObject *self, PyObject static PyObject *PyKAdminObject_create_principal(PyKAdminObject *self, PyObject *args, PyObject *kwds) { - //PyObject *result = NULL; - - kadm5_ret_t retval; - krb5_error_code errno; - + kadm5_ret_t retval = KADM5_OK; + krb5_error_code code = 0; char *princ_name = NULL; char *princ_pass = NULL; @@ -116,23 +104,20 @@ static PyObject *PyKAdminObject_create_principal(PyKAdminObject *self, PyObject memset(&entry, 0, sizeof(entry)); entry.attributes = 0; + + // todo set default attributes. if (!PyArg_ParseTuple(args, "s|z", &princ_name, &princ_pass)) return NULL; if (self->server_handle) { - if ( (errno = krb5_parse_name(self->context, princ_name, &entry.principal) ) ) { + code = krb5_parse_name(self->context, princ_name, &entry.principal); + if (code) { PyKAdmin_RETURN_KRB5_ERROR(retval, "krb5_parse_name"); } - printf("Error: krb5_unparse_name [%d]\n", errno); - return NULL; - - } else { + retval = kadm5_create_principal(self->server_handle, &entry, KADM5_PRINCIPAL, princ_pass); + if (retval != KADM5_OK) { PyKAdmin_RETURN_KADM5_ERROR(retval, "kadm5_create_principal"); } - retval = kadm5_create_principal(self->server_handle, &entry, KADM5_PRINCIPAL, princ_pass); - - if (retval != 0x0) { PyKAdminError_raise_kadm_error(retval, "kadm5_create_principal"); return NULL; } - } } kadm5_free_principal_ent(self->server_handle, &entry); @@ -146,14 +131,10 @@ static PyKAdminPrincipalObject *PyKAdminObject_get_principal(PyKAdminObject *sel PyKAdminPrincipalObject *principal = NULL; char *client_name = NULL; - if (!PyArg_ParseTuple(args, "s", &client_name)) { + if (!PyArg_ParseTuple(args, "s", &client_name)) return NULL; - } - if (self) { - principal = PyKAdminPrincipalObject_principal_with_name(self, client_name); - - } + principal = PyKAdminPrincipalObject_principal_with_name(self, client_name); return principal; } @@ -166,10 +147,8 @@ static PyKAdminPolicyObject *PyKAdminObject_get_policy(PyKAdminObject *self, PyO if (!PyArg_ParseTuple(args, "s", &policy_name)) return NULL; - if (self->server_handle) { - policy = PyKAdminPolicyObject_policy_with_name(self, policy_name); - } - + policy = PyKAdminPolicyObject_policy_with_name(self, policy_name); + return policy; } @@ -210,28 +189,24 @@ static int kdb_iter_princs(void *data, krb5_db_entry *kdb) { PyKAdminObject *self = (PyKAdminObject *)data; + PyKAdminPrincipalObject *principal = NULL; PyObject *result = NULL; - //PyObject *args = NULL; - PyKAdminPrincipalObject *principal = PyKAdminPrincipalObject_principal_with_db_entry(self, kdb); + if (!self->each_principal.error) { - if (principal) { + principal = PyKAdminPrincipalObject_principal_with_db_entry(self, kdb); - if (self->each_principal.callback) { + if (principal) { - //args = PyTuple_Pack(2, principal, self->each_principal.data); - - //result = PyObject_Call(self->each_principal.callback, args, NULL); - result = PyObject_CallFunctionObjArgs(self->each_principal.callback, principal, self->each_principal.data, NULL); - - //Py_DECREF(args); + if (self->each_principal.callback) { - if (!result) { - // use self to hold exception - } + result = PyObject_CallFunctionObjArgs(self->each_principal.callback, principal, self->each_principal.data, NULL); + if (!result) { self->each_principal.error = PyExc_RuntimeError; } + } + + Py_DECREF(principal); } - PyKAdminPrincipalObject_destroy(principal); } return 0; @@ -243,43 +218,39 @@ static int kdb_iter_princs(void *data, krb5_db_entry *kdb) { static PyObject *PyKAdminObject_each_principal(PyKAdminObject *self, PyObject *args, PyObject *kwds) { char *match = NULL; - krb5_error_code retval = 0; - kadm5_ret_t lock = 0; - + krb5_error_code code = 0; + kadm5_ret_t lock = KADM5_OK; - static char *kwlist[] = {"", "data", "match", NULL}; + static char *kwlist[] = {"callback", "data", "match", NULL}; - if (!PyArg_ParseTupleAndKeywords(args, kwds, "O|Oz", kwlist, /*&PyFunction_Type,*/ &self->each_principal.callback, &self->each_principal.data, &match)) + if (!PyArg_ParseTupleAndKeywords(args, kwds, "O!|Oz", kwlist, &PyFunction_Type, &self->each_principal.callback, &self->each_principal.data, &match)) return NULL; if (!self->each_principal.data) self->each_principal.data = Py_None; + self->each_principal.error = NULL; - - Py_XINCREF(self->each_principal.callback); - Py_XINCREF(self->each_principal.data); + Py_INCREF(self->each_principal.callback); + Py_INCREF(self->each_principal.data); - - lock = kadm5_lock(self->server_handle); - if (!lock || (lock == KRB5_PLUGIN_OP_NOTSUPP)) { + if ((lock == KADM5_OK) || (lock == KRB5_PLUGIN_OP_NOTSUPP)) { krb5_clear_error_message(self->context); - retval = krb5_db_iterate(self->context, match, kdb_iter_princs, (void *)self); + code = krb5_db_iterate(self->context, match, kdb_iter_princs, (void *)self); - if (lock != KRB5_PLUGIN_OP_NOTSUPP) { + if (lock != KRB5_PLUGIN_OP_NOTSUPP) lock = kadm5_unlock(self->server_handle); - } } - Py_XDECREF(self->each_principal.callback); - Py_XDECREF(self->each_principal.data); + Py_DECREF(self->each_principal.callback); + Py_DECREF(self->each_principal.data); - if (retval) { - // TODO raise proper exception + if (code || self->each_principal.error) { + PyErr_SetString(PyExc_RuntimeError, "Fatal Iteration Exception"); return NULL; } @@ -292,32 +263,33 @@ static PyObject *PyKAdminObject_each_principal(PyKAdminObject *self, PyObject *a static void kdb_iter_pols(void *data, osa_policy_ent_rec *entry) { PyKAdminObject *self = (PyKAdminObject *)data; - + PyKAdminPolicyObject *policy = NULL; PyObject *result = NULL; - PyKAdminPolicyObject *policy = PyKAdminPolicyObject_policy_with_osa_entry(self, entry); + if (!self->each_policy.error) { - if (policy) { + policy = PyKAdminPolicyObject_policy_with_osa_entry(self, entry); - if (self->each_policy.callback) { - - result = PyObject_CallFunctionObjArgs(self->each_policy.callback, policy, self->each_policy.data, NULL); - - if (!result) { - // use self to hold exception - } + if (policy) { + if (self->each_policy.callback) { + + result = PyObject_CallFunctionObjArgs(self->each_policy.callback, policy, self->each_policy.data, NULL); + if (!result) { self->each_policy.error = PyExc_RuntimeError; } + + } + + Py_DECREF(policy); } - PyKAdminPolicyObject_destroy(policy); - } + } } static PyObject *PyKAdminObject_each_policy(PyKAdminObject *self, PyObject *args, PyObject *kwds) { char *match = NULL; - krb5_error_code retval = 0; - kadm5_ret_t lock = 0; + krb5_error_code code = 0; + kadm5_ret_t lock = KADM5_OK; static char *kwlist[] = {"", "data", "match", NULL}; @@ -327,27 +299,26 @@ static PyObject *PyKAdminObject_each_policy(PyKAdminObject *self, PyObject *args if (!self->each_policy.data) self->each_policy.data = Py_None; - Py_XINCREF(self->each_policy.callback); - Py_XINCREF(self->each_policy.data); + Py_INCREF(self->each_policy.callback); + Py_INCREF(self->each_policy.data); lock = kadm5_lock(self->server_handle); - if (!lock || (lock == KRB5_PLUGIN_OP_NOTSUPP)) { + if ((lock == KADM5_OK) || (lock == KRB5_PLUGIN_OP_NOTSUPP)) { krb5_clear_error_message(self->context); - retval = krb5_db_iter_policy(self->context, match, kdb_iter_pols, (void *)self); + code = krb5_db_iter_policy(self->context, match, kdb_iter_pols, (void *)self); - if (lock != KRB5_PLUGIN_OP_NOTSUPP) { + if (lock != KRB5_PLUGIN_OP_NOTSUPP) lock = kadm5_unlock(self->server_handle); - } } - Py_XDECREF(self->each_policy.callback); - Py_XDECREF(self->each_policy.data); + Py_DECREF(self->each_policy.callback); + Py_DECREF(self->each_policy.data); - if (retval) { - // TODO raise proper exception + if (code || self->each_policy.error) { + PyErr_SetString(PyExc_RuntimeError, "Fatal Iteration Exception"); return NULL; } diff --git a/PyKAdminObject.h b/PyKAdminObject.h index 2c724d5..828f731 100644 --- a/PyKAdminObject.h +++ b/PyKAdminObject.h @@ -12,6 +12,7 @@ typedef struct { PyObject *callback; PyObject *data; + PyObject *error; } each_iteration_t; typedef struct { diff --git a/PyKAdminPrincipalObject.c b/PyKAdminPrincipalObject.c index 9696497..df92aee 100644 --- a/PyKAdminPrincipalObject.c +++ b/PyKAdminPrincipalObject.c @@ -868,12 +868,6 @@ PyKAdminPrincipalObject *PyKAdminPrincipalObject_principal_with_db_entry(PyKAdmi return principal; } -PyObject *PyKAdminPrincipalObject_modify_principal(PyKAdminPrincipalObject *princ, PyObject *args, PyObject *kwds) { - - return PyKAdminPrincipal_modify(princ, args, kwds); - -} - void PyKAdminPrincipalObject_destroy(PyKAdminPrincipalObject *self) { PyKAdminPrincipal_dealloc(self); diff --git a/PyKAdminPrincipalObject.h b/PyKAdminPrincipalObject.h index 88812c8..9aceab6 100644 --- a/PyKAdminPrincipalObject.h +++ b/PyKAdminPrincipalObject.h @@ -30,7 +30,6 @@ PyKAdminPrincipalObject *PyKAdminPrincipalObject_principal_with_name(PyKAdminObj PyKAdminPrincipalObject *PyKAdminPrincipalObject_principal_with_db_entry(PyKAdminObject *kadmin, krb5_db_entry *kdb); PyKAdminPrincipalObject *PyKAdminPrincipalObject_principal_with_kadm_entry(PyKAdminObject *kadmin, kadm5_principal_ent_rec *entry); -PyObject *PyKAdminPrincipalObject_modify_principal(PyKAdminPrincipalObject *princ, PyObject *args, PyObject *kwds) void PyKAdminPrincipalObject_destroy(PyKAdminPrincipalObject *self); diff --git a/kadmin.c b/kadmin.c index abcaa25..feb0d84 100644 --- a/kadmin.c +++ b/kadmin.c @@ -15,6 +15,9 @@ static PyKAdminObject *_kadmin_init_with_ccache(PyObject *self, PyObject *args); static PyKAdminObject *_kadmin_init_with_keytab(PyObject *self, PyObject *args); static PyKAdminObject *_kadmin_init_with_password(PyObject *self, PyObject *args); +static PyObject *_kadmin_get_option(PyObject *self, PyObject *args, PyObject *kwds); +static PyObject *_kadmin_set_option(PyObject *self, PyObject *args, PyObject *kwds); + static char module_docstring[] = ""; char *service_name = KADM5_ADMIN_SERVICE; @@ -24,7 +27,7 @@ krb5_ui_4 api_version = KADM5_API_VERSION_2; static struct PyMethodDef module_methods[] = { #ifdef KADMIN_LOCAL - {"local", (PyCFunction)_kadmin_local, METH_NOARGS, "local()"}, + {"local", (PyCFunction)_kadmin_local, METH_VARARGS, "local()"}, #endif {"init_with_ccache", (PyCFunction)_kadmin_init_with_ccache, METH_VARARGS, "init_with_ccache(principal, ccache)"}, @@ -60,6 +63,11 @@ void PyKAdminConstant_init(PyObject *module) { PyModule_AddIntConstant(module, "OK_AS_DELEGATE", KRB5_KDB_OK_AS_DELEGATE); PyModule_AddIntConstant(module, "OK_TO_AUTH_AS_DELEGATE", KRB5_KDB_OK_TO_AUTH_AS_DELEGATE); PyModule_AddIntConstant(module, "NO_AUTH_DATA_REQUIRED", KRB5_KDB_NO_AUTH_DATA_REQUIRED); + + + + PyModule_AddIntConstant(module, "NO_AUTH_DATA_REQUIRED", KRB5_KDB_NO_AUTH_DATA_REQUIRED); + } @@ -71,7 +79,7 @@ void PyKAdminConstant_init(PyObject *module) { # define PyKADMIN_INIT_FUNC PyObject *PyInit_kadmin(void) # endif -#define PyModule_INIT_RETURN return NULL +#define PyModule_RETURN_ERROR return NULL static int pykadmin_traverse(PyObject *module, visitproc visit, void *arg) { Py_VISIT(GETSTATE(module)->error); @@ -103,48 +111,44 @@ static struct PyModuleDef moduledef = { # define PyKADMIN_INIT_FUNC void initkadmin(void) # endif -#define PyModule_INIT_RETURN return +#define PyModule_RETURN_ERROR return #endif - -/* -PyMODINIT_FUNC -#ifdef KADMIN_LOCAL - initkadmin_local(void) -#else - initkadmin(void) -#endif -*/ - PyKADMIN_INIT_FUNC { + // initialize the module's class object types + if (PyType_Ready(&PyKAdminObject_Type) < 0) - PyModule_INIT_RETURN; + PyModule_RETURN_ERROR; if (PyType_Ready(&PyKAdminPrincipalObject_Type) < 0) - PyModule_INIT_RETURN; + PyModule_RETURN_ERROR; if (PyType_Ready(&PyKAdminPolicyObject_Type) < 0) - PyModule_INIT_RETURN; + PyModule_RETURN_ERROR; + + // initialize the module - #ifdef PYTHON3 +# ifdef PYTHON3 PyObject *module = PyModule_Create(&moduledef); - #else +# else PyObject *module = Py_InitModule3(kMODULE_NAME, module_methods, module_docstring); - #endif +# endif + if (!module) PyModule_RETURN_ERROR; - if (!module) { - PyModule_INIT_RETURN; - } + // increment the ref for each type object Py_INCREF(&PyKAdminObject_Type); Py_INCREF(&PyKAdminPrincipalObject_Type); Py_INCREF(&PyKAdminPolicyObject_Type); - + + // initialize the errors PyKAdminError_init(module); + + // initialize constant PyKAdminConstant_init(module); #ifdef PYTHON3 @@ -154,6 +158,72 @@ PyKADMIN_INIT_FUNC { } +static PyObject *_kadmin_get_option(PyObject *self, PyObject *args, PyObject *kwds) { + + // todo + return NULL; +} + + +char **_kadmin_dict_to_db_args(PyObject *dict) { + + PyObject *key = NULL; + PyObject *value = NULL; + + char *str_key = NULL; + char *str_value = NULL; + char *argument = NULL; + char **db_args = NULL; + + Py_ssize_t index = 0; + Py_ssize_t position = 0; + + Py_ssize_t length = PyDict_Size(dict) + 1; + + db_args = calloc(length, sizeof(intptr_t)); + + if (db_args && PyDict_CheckExact(dict)) { + + while (PyDict_Next(dict, &position, &key, &value)) { + + if (PyUnicodeBytes_Check(key) && PyUnicodeBytes_Check(value)) { + str_key = PyUnicode_or_PyBytes_asCString(key); + str_value = PyUnicode_or_PyBytes_asCString(value); + + if (str_key && str_value) { + + length = strlen(str_key) + strlen(str_value) + 2; + argument = calloc(length, sizeof(char)); + + if (argument) { + snprintf(argument, length, "%s=%s", str_key, str_value); + db_args[index++] = argument; + } + } + } + } + } + + db_args[index] = NULL; + + return db_args; + +} + +void _kadmin_free_db_args(char **db_args) { + + Py_ssize_t index = 0; + + if (db_args) { + + while(db_args[index] != NULL) { + free(db_args[index++]); + } + + free(db_args); + } + +} #ifdef KADMIN_LOCAL static PyKAdminObject *_kadmin_local(PyObject *self, PyObject *args) { @@ -161,11 +231,17 @@ static PyKAdminObject *_kadmin_local(PyObject *self, PyObject *args) { static const char *kROOT_ADMIN = "root/admin"; PyKAdminObject *kadmin = PyKAdminObject_create(); + PyObject *db_args_dict = NULL; kadm5_ret_t retval = 0; int result = 0; char **db_args = NULL; char *client_name = NULL; + if (!PyArg_ParseTuple(args, "|O!", &PyDict_Type, &db_args_dict)) + return NULL; + + db_args = _kadmin_dict_to_db_args(db_args_dict); + kadm5_config_params *params = calloc(0x1, sizeof(kadm5_config_params)); result = asprintf(&client_name, "%s@%s", kROOT_ADMIN, kadmin->realm); @@ -185,7 +261,10 @@ static PyKAdminObject *_kadmin_local(PyObject *self, PyObject *args) { db_args, &kadmin->server_handle); - if (retval) { PyKAdminError_raise_kadm_error(retval, "kadm5_init_with_password"); return NULL; } + if (db_args) + _kadmin_free_db_args(db_args); + + if (retval != KADM5_OK) { PyKAdmin_RETURN_KADM5_ERROR(retval, "kadm5_init_with_password.local"); } return kadmin; @@ -196,6 +275,7 @@ static PyKAdminObject *_kadmin_local(PyObject *self, PyObject *args) { static PyKAdminObject *_kadmin_init_with_ccache(PyObject *self, PyObject *args) { PyKAdminObject *kadmin = PyKAdminObject_create(); + PyObject *db_args_dict = NULL; kadm5_ret_t retval; krb5_principal princ = NULL; @@ -210,9 +290,11 @@ static PyKAdminObject *_kadmin_init_with_ccache(PyObject *self, PyObject *args) memset(&cc, 0, sizeof(krb5_ccache)); // TODO : unpack database args as an optional third parameter (will be a dict or array) - if (!PyArg_ParseTuple(args, "|zz", &client_name, &ccache_name)) + if (!PyArg_ParseTuple(args, "|zzO!", &client_name, &ccache_name, &PyDict_Type, &db_args_dict)) return NULL; + db_args = _kadmin_dict_to_db_args(db_args_dict); + if (ccache_name == NULL) { retval = krb5_cc_default(kadmin->context, &cc); if (retval) { PyKAdminError_raise_kadm_error(retval, "krb5_cc_default"); return NULL; } @@ -242,7 +324,10 @@ static PyKAdminObject *_kadmin_init_with_ccache(PyObject *self, PyObject *args) db_args, &kadmin->server_handle); - if (retval) { PyKAdminError_raise_kadm_error(retval, "kadm5_init_with_creds"); return NULL; } + if (db_args) + _kadmin_free_db_args(db_args); + + if (retval != KADM5_OK) { PyKAdmin_RETURN_KADM5_ERROR(retval, "kadm5_init_with_creds"); } Py_XINCREF(kadmin); return kadmin; @@ -253,6 +338,7 @@ static PyKAdminObject *_kadmin_init_with_ccache(PyObject *self, PyObject *args) static PyKAdminObject *_kadmin_init_with_keytab(PyObject *self, PyObject *args) { PyKAdminObject *kadmin = PyKAdminObject_create(); + PyObject *db_args_dict = NULL; kadm5_ret_t retval = 0x0; krb5_principal princ = NULL; @@ -262,9 +348,11 @@ static PyKAdminObject *_kadmin_init_with_keytab(PyObject *self, PyObject *args) kadm5_config_params *params = calloc(0x1, sizeof(kadm5_config_params)); - if (!PyArg_ParseTuple(args, "|zz", &client_name, &keytab_name)) + if (!PyArg_ParseTuple(args, "|zzO!", &client_name, &keytab_name, &PyDict_Type, &db_args_dict)) return NULL; + db_args = _kadmin_dict_to_db_args(db_args_dict); + if (keytab_name == NULL) { keytab_name = "/etc/krb5.keytab"; @@ -293,18 +381,11 @@ static PyKAdminObject *_kadmin_init_with_keytab(PyObject *self, PyObject *args) db_args, &kadmin->server_handle); - if (retval) { PyKAdminError_raise_kadm_error(retval, "kadm5_init_with_skey"); return NULL; } - + if (db_args) + _kadmin_free_db_args(db_args); - // kadmin->context = kadmin->server_handle->context; + if (retval != KADM5_OK) { PyKAdmin_RETURN_KADM5_ERROR(retval, "kadm5_init_with_skey"); } - //retval = krb5_db_setup_lib_handle(kadmin->context); - - // if (retval) { - // printf("retval [%d] %s\n", retval, krb5_get_error_message(kadmin->context, retval)); - // - //} - //if (retval) { PyKAdminError_raise_kadm_error(retval, "kadm5_init_with_skey"); return NULL; } Py_XINCREF(kadmin); @@ -315,6 +396,7 @@ static PyKAdminObject *_kadmin_init_with_keytab(PyObject *self, PyObject *args) static PyKAdminObject *_kadmin_init_with_password(PyObject *self, PyObject *args) { PyKAdminObject *kadmin = PyKAdminObject_create(); + PyObject *db_args_dict = NULL; kadm5_ret_t retval; char *client_name = NULL; @@ -323,9 +405,11 @@ static PyKAdminObject *_kadmin_init_with_password(PyObject *self, PyObject *args kadm5_config_params *params = calloc(0x1, sizeof(kadm5_config_params)); - if (!PyArg_ParseTuple(args, "zz", &client_name, &password)) + if (!PyArg_ParseTuple(args, "zzO!", &client_name, &password, &PyDict_Type, &db_args_dict)) return NULL; + db_args = _kadmin_dict_to_db_args(db_args_dict); + retval = kadm5_init_with_password( kadmin->context, client_name, @@ -336,8 +420,11 @@ static PyKAdminObject *_kadmin_init_with_password(PyObject *self, PyObject *args api_version, db_args, &kadmin->server_handle); - - if (retval) { PyKAdminError_raise_kadm_error(retval, "kadm5_init_with_password"); return NULL; } + + if (db_args) + _kadmin_free_db_args(db_args); + + if (retval != KADM5_OK) { PyKAdmin_RETURN_KADM5_ERROR(retval, "kadm5_init_with_password"); } Py_XINCREF(kadmin); return kadmin; diff --git a/pykadmin.h b/pykadmin.h index e067da2..6973b84 100644 --- a/pykadmin.h +++ b/pykadmin.h @@ -21,8 +21,8 @@ struct module_state { # define PyUnifiedLongInt_FromLong(from) PyLong_FromLong((long) from) # define PyUnifiedLongInt_AsUnsignedLong(ob) PyLong_AsUnsignedLong((PyObject *)ob) #else - static struct module_state _state; -# define GETSTATE(m) (&_state) + static struct module_state _state; +# define GETSTATE(m) (&_state) # define PyUnifiedLongInt_FromLong(from) PyInt_FromLong((long) from) # define PyUnifiedLongInt_AsUnsignedLong(ob) PyInt_AsUnsignedLongMask((PyObject *)ob) #endif @@ -31,5 +31,6 @@ struct module_state { # define Py_TYPE(ob) (((PyObject*)(ob))->ob_type) #endif +#define PyUnicodeBytes_Check(obj) (PyUnicode_CheckExact(obj) || PyBytes_CheckExact(obj)) #endif \ No newline at end of file diff --git a/test/rebuild.sh b/test/rebuild.sh new file mode 100755 index 0000000..03d288f --- /dev/null +++ b/test/rebuild.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +cd ..; +bash build.sh test; +cd test; From 5710c0331c7947472111681af9bbd79f7c20e8fb Mon Sep 17 00:00:00 2001 From: Russell Jancewicz Date: Mon, 21 Jul 2014 20:46:05 -0400 Subject: [PATCH 4/8] kadmin.c error handling cleanup --- kadmin.c | 65 +++++++++++++++++++++++++++++------------------------- pykadmin.h | 3 +-- 2 files changed, 36 insertions(+), 32 deletions(-) diff --git a/kadmin.c b/kadmin.c index feb0d84..2f366db 100644 --- a/kadmin.c +++ b/kadmin.c @@ -36,10 +36,9 @@ static struct PyMethodDef module_methods[] = { /* todo: these should permit the user to set/get the service, struct, api version, default realm, ... - - {"get_option", (PyCFunction)_get_option, METH_VARARGS, "_get_option(option)"}, - {"set_option", (PyCFunction)_set_option, METH_VARARGS, "_set_option(option, value)"}, */ + {"get_option", (PyCFunction)_kadmin_get_option, METH_VARARGS, "get_option(option)"}, + {"set_option", (PyCFunction)_kadmin_set_option, METH_VARARGS, "set_option(option, value)"}, {NULL, NULL, 0, NULL} }; @@ -63,11 +62,6 @@ void PyKAdminConstant_init(PyObject *module) { PyModule_AddIntConstant(module, "OK_AS_DELEGATE", KRB5_KDB_OK_AS_DELEGATE); PyModule_AddIntConstant(module, "OK_TO_AUTH_AS_DELEGATE", KRB5_KDB_OK_TO_AUTH_AS_DELEGATE); PyModule_AddIntConstant(module, "NO_AUTH_DATA_REQUIRED", KRB5_KDB_NO_AUTH_DATA_REQUIRED); - - - - PyModule_AddIntConstant(module, "NO_AUTH_DATA_REQUIRED", KRB5_KDB_NO_AUTH_DATA_REQUIRED); - } @@ -104,7 +98,7 @@ static struct PyModuleDef moduledef = { }; #else - + # ifdef KADMIN_LOCAL # define PyKADMIN_INIT_FUNC void initkadmin_local(void) # else @@ -113,6 +107,8 @@ static struct PyModuleDef moduledef = { #define PyModule_RETURN_ERROR return +static struct module_state _state; + #endif @@ -146,7 +142,14 @@ PyKADMIN_INIT_FUNC { Py_INCREF(&PyKAdminPolicyObject_Type); // initialize the errors - PyKAdminError_init(module); + + struct module_state *st = GETSTATE(module); + + st->error = PyKAdminError_init(module); + if (st->error == NULL) { + Py_DECREF(module); + PyModule_RETURN_ERROR; + } // initialize constant PyKAdminConstant_init(module); @@ -187,7 +190,8 @@ char **_kadmin_dict_to_db_args(PyObject *dict) { while (PyDict_Next(dict, &position, &key, &value)) { if (PyUnicodeBytes_Check(key) && PyUnicodeBytes_Check(value)) { - str_key = PyUnicode_or_PyBytes_asCString(key); + + str_key = PyUnicode_or_PyBytes_asCString(key); str_value = PyUnicode_or_PyBytes_asCString(value); if (str_key && str_value) { @@ -232,7 +236,7 @@ static PyKAdminObject *_kadmin_local(PyObject *self, PyObject *args) { PyKAdminObject *kadmin = PyKAdminObject_create(); PyObject *db_args_dict = NULL; - kadm5_ret_t retval = 0; + kadm5_ret_t retval = KADM5_OK; int result = 0; char **db_args = NULL; char *client_name = NULL; @@ -276,7 +280,8 @@ static PyKAdminObject *_kadmin_init_with_ccache(PyObject *self, PyObject *args) PyKAdminObject *kadmin = PyKAdminObject_create(); PyObject *db_args_dict = NULL; - kadm5_ret_t retval; + kadm5_ret_t retval = KADM5_OK; + krb5_error_code code = 0; krb5_principal princ = NULL; char *ccache_name = NULL; @@ -295,20 +300,20 @@ static PyKAdminObject *_kadmin_init_with_ccache(PyObject *self, PyObject *args) db_args = _kadmin_dict_to_db_args(db_args_dict); - if (ccache_name == NULL) { - retval = krb5_cc_default(kadmin->context, &cc); - if (retval) { PyKAdminError_raise_kadm_error(retval, "krb5_cc_default"); return NULL; } + if (!ccache_name) { + code = krb5_cc_default(kadmin->context, &cc); + if (code) { PyKAdmin_RETURN_KRB5_ERROR(code, "krb5_cc_default"); } } else { - retval = krb5_cc_resolve(kadmin->context, ccache_name, &cc); - if (retval) { PyKAdminError_raise_kadm_error(retval, "krb5_cc_resolve"); return NULL; } + code = krb5_cc_resolve(kadmin->context, ccache_name, &cc); + if (code) { PyKAdmin_RETURN_KRB5_ERROR(code, "krb5_cc_resolve"); } } - if (client_name == NULL) { - retval = krb5_cc_get_principal(kadmin->context, cc, &princ); - if (retval) { PyKAdminError_raise_kadm_error(retval, "krb5_cc_get_principal"); return NULL; } + if (!client_name) { + code = krb5_cc_get_principal(kadmin->context, cc, &princ); + if (code) { PyKAdmin_RETURN_KRB5_ERROR(code, "krb5_cc_get_principal"); } - retval = krb5_unparse_name(kadmin->context, princ, &client_name); - if (retval) { PyKAdminError_raise_kadm_error(retval, "krb5_unparse_name"); return NULL; } + code = krb5_unparse_name(kadmin->context, princ, &client_name); + if (code) { PyKAdmin_RETURN_KRB5_ERROR(code, "krb5_unparse_name"); } krb5_free_principal(kadmin->context, princ); } @@ -339,7 +344,8 @@ static PyKAdminObject *_kadmin_init_with_keytab(PyObject *self, PyObject *args) PyKAdminObject *kadmin = PyKAdminObject_create(); PyObject *db_args_dict = NULL; - kadm5_ret_t retval = 0x0; + kadm5_ret_t retval = KADM5_OK; + krb5_error_code code = 0; krb5_principal princ = NULL; char *client_name = NULL; @@ -354,17 +360,16 @@ static PyKAdminObject *_kadmin_init_with_keytab(PyObject *self, PyObject *args) db_args = _kadmin_dict_to_db_args(db_args_dict); if (keytab_name == NULL) { - keytab_name = "/etc/krb5.keytab"; } if (client_name == NULL) { - retval = krb5_sname_to_principal(kadmin->context, NULL, "host", KRB5_NT_SRV_HST, &princ); - if (retval) { PyKAdminError_raise_kadm_error(retval, "krb5_sname_to_principal"); return NULL; } + code = krb5_sname_to_principal(kadmin->context, NULL, "host", KRB5_NT_SRV_HST, &princ); + if (code) { PyKAdmin_RETURN_KRB5_ERROR(code, "krb5_sname_to_principal"); } - retval = krb5_unparse_name(kadmin->context, princ, &client_name); - if (retval) { PyKAdminError_raise_kadm_error(retval, "krb5_unparse_name"); return NULL; } + code = krb5_unparse_name(kadmin->context, princ, &client_name); + if (code) { PyKAdmin_RETURN_KRB5_ERROR(code, "krb5_unparse_name"); } krb5_free_principal(kadmin->context, princ); } @@ -397,7 +402,7 @@ static PyKAdminObject *_kadmin_init_with_password(PyObject *self, PyObject *args PyKAdminObject *kadmin = PyKAdminObject_create(); PyObject *db_args_dict = NULL; - kadm5_ret_t retval; + kadm5_ret_t retval = KADM5_OK; char *client_name = NULL; char *password = NULL; diff --git a/pykadmin.h b/pykadmin.h index 6973b84..6d51cf5 100644 --- a/pykadmin.h +++ b/pykadmin.h @@ -21,8 +21,7 @@ struct module_state { # define PyUnifiedLongInt_FromLong(from) PyLong_FromLong((long) from) # define PyUnifiedLongInt_AsUnsignedLong(ob) PyLong_AsUnsignedLong((PyObject *)ob) #else - static struct module_state _state; -# define GETSTATE(m) (&_state) +# define GETSTATE(m) (&_state) # define PyUnifiedLongInt_FromLong(from) PyInt_FromLong((long) from) # define PyUnifiedLongInt_AsUnsignedLong(ob) PyInt_AsUnsignedLongMask((PyObject *)ob) #endif From 2e68de9b3257e997e190dbacc78d2761d3a2e266 Mon Sep 17 00:00:00 2001 From: Russell Jancewicz Date: Mon, 21 Jul 2014 22:00:22 -0400 Subject: [PATCH 5/8] added kdb errors, unified kdb, kadm, krb5 errors --- PyKAdminErrors.c | 731 ++++++++++++++++++++++---------------- PyKAdminErrors.h | 2 + PyKAdminObject.c | 12 +- PyKAdminPolicyObject.c | 2 +- PyKAdminPrincipalObject.c | 16 +- kadmin.c | 25 +- 6 files changed, 451 insertions(+), 337 deletions(-) diff --git a/PyKAdminErrors.c b/PyKAdminErrors.c index f565df9..a7940a7 100644 --- a/PyKAdminErrors.c +++ b/PyKAdminErrors.c @@ -2,8 +2,10 @@ #include "PyKAdminErrors.h" static PyObject *_pykadmin_error_base; -static PyObject *_pykadmin_kadm_errors; -static PyObject *_pykadmin_krb5_errors; +static PyObject *_pykadmin_errors; + +//static PyObject *_pykadmin_kadm_errors; +//static PyObject *_pykadmin_krb5_errors; /* Initialize Error Classes @@ -18,6 +20,7 @@ static PyObject *_pykadmin_krb5_errors; int PyKAdminError_init_kadm(PyObject *module, PyObject *base); int PyKAdminError_init_krb5(PyObject *module, PyObject *base); +int PyKAdminError_init_kdb(PyObject *module, PyObject *base); PyObject *PyKAdminError_init(PyObject *module) { @@ -25,15 +28,18 @@ PyObject *PyKAdminError_init(PyObject *module) { static const char kBASE_ERROR[] = "KAdminError"; static const char kKADM_ERROR[] = "AdminError"; static const char kKRB5_ERROR[] = "KerberosError"; + static const char kKDB_ERROR[] = "DatabaseError"; PyObject *PyKAdminError_kadm = NULL; PyObject *PyKAdminError_krb5 = NULL; + PyObject *PyKAdminError_kdb = NULL; // initialize the global statics + _pykadmin_errors = PyDict_New(); _pykadmin_error_base = NULL; - _pykadmin_kadm_errors = NULL; - _pykadmin_krb5_errors = NULL; + //_pykadmin_kadm_errors = NULL; + //_pykadmin_krb5_errors = NULL; size_t length = sizeof(kMODULE_NAME) + 0x10; @@ -47,7 +53,7 @@ PyObject *PyKAdminError_init(PyObject *module) { if (_pykadmin_error_base) { - Py_INCREF(_pykadmin_error_base); + //Py_INCREF(_pykadmin_error_base); PyModule_AddObject(module, kBASE_ERROR, _pykadmin_error_base); snprintf(cname, length, "%s.%s", kMODULE_NAME, kKADM_ERROR); @@ -56,17 +62,26 @@ PyObject *PyKAdminError_init(PyObject *module) { snprintf(cname, length, "%s.%s", kMODULE_NAME, kKRB5_ERROR); PyKAdminError_krb5 = PyErr_NewException(cname, _pykadmin_error_base, NULL); + snprintf(cname, length, "%s.%s", kMODULE_NAME, kKDB_ERROR); + PyKAdminError_kdb = PyErr_NewException(cname, _pykadmin_error_base, NULL); + if (PyKAdminError_kadm) { - Py_INCREF(PyKAdminError_kadm); + //Py_INCREF(PyKAdminError_kadm); PyModule_AddObject(module, kKADM_ERROR, PyKAdminError_kadm); PyKAdminError_init_kadm(module, PyKAdminError_kadm); } if (PyKAdminError_krb5) { - Py_INCREF(PyKAdminError_krb5); + //Py_INCREF(PyKAdminError_krb5); PyModule_AddObject(module, kKRB5_ERROR, PyKAdminError_krb5); PyKAdminError_init_krb5(module, PyKAdminError_krb5); } + + if (PyKAdminError_kdb) { + //Py_INCREF(PyKAdminError_krb5); + PyModule_AddObject(module, kKDB_ERROR, PyKAdminError_kdb); + PyKAdminError_init_kdb(module, PyKAdminError_kdb); + } } free(cname); @@ -119,16 +134,23 @@ static void _PyKAdminError_raise_exception(PyObject *storage, PyObject *error, c } -void PyKAdminError_raise_krb5_error(krb5_error_code code, char *caller) { - PyObject *error = PyLong_FromLong(code); - _PyKAdminError_raise_exception(_pykadmin_krb5_errors, error, caller); +void PyKAdminError_raise_error(long value, char *caller) { + PyObject *error = PyLong_FromLong((long)value); + _PyKAdminError_raise_exception(_pykadmin_errors, error, caller); } -void PyKAdminError_raise_kadm_error(kadm5_ret_t retval, char *caller) { - PyObject *error = PyLong_FromUnsignedLong(retval); - _PyKAdminError_raise_exception(_pykadmin_kadm_errors, error, caller); +/* + +void PyKAdminError_raise_error(krb5_error_code code, char *caller) { + PyObject *error = PyLong_FromLong((long)code); + _PyKAdminError_raise_exception(_pykadmin_errors, error, caller); } +void PyKAdminError_raise_error(kadm5_ret_t retval, char *caller) { + PyObject *error = PyLong_FromLong((long)retval); + _PyKAdminError_raise_exception(_pykadmin_errors, error, caller); +} +*/ static int PyKAdminErrors_new_exception(PyObject *module, PyObject *base, PyObject *storage, PyObject *error, char *name, char *cname, char *message) { @@ -158,9 +180,29 @@ static int PyKAdminErrors_new_exception(PyObject *module, PyObject *base, PyObje return result; } +static int _pykadminerror_error_insert(PyObject *module, PyObject *base, krb5_error_code code, char *name, char *message) { + + int result = 0; + char *cname = NULL; + size_t length = strlen(kMODULE_NAME) + strlen(name) + 0xF; + PyObject *error = PyLong_FromLong((long)code); + + if (error) { + + cname = malloc(length); + + if (cname) { + snprintf(cname, length, "%s.%s", kMODULE_NAME, name); + result = PyKAdminErrors_new_exception(module, base, _pykadmin_errors, error, name, cname, message); + free(cname); + } + } + return result; +} -static int PyKAdminError_krb5_insert(PyObject *module, PyObject *base, krb5_error_code code, char *name, char *message) { +/* +static int _pykadminerror_error_insert(PyObject *module, PyObject *base, krb5_error_code code, char *name, char *message) { int result = 0; char *cname = NULL; @@ -182,7 +224,7 @@ static int PyKAdminError_krb5_insert(PyObject *module, PyObject *base, krb5_erro } -static int PyKAdminError_kadm_insert(PyObject *module, PyObject *base, kadm5_ret_t retval, char *name, char *message) { +static int _pykadminerror_error_insert(PyObject *module, PyObject *base, kadm5_ret_t retval, char *name, char *message) { int result = 0; char *cname = NULL; @@ -202,262 +244,261 @@ static int PyKAdminError_kadm_insert(PyObject *module, PyObject *base, kadm5_ret return result; } - - +*/ int PyKAdminError_init_krb5(PyObject *module, PyObject *base) { int result = 0; - _pykadmin_krb5_errors = PyDict_New(); - - if (_pykadmin_krb5_errors) { - - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_NONE, "KDCNoneError", "No error"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_NAME_EXP, "KDCClientExpiredError", "Client's entry in database has expired"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_SERVICE_EXP, "KDCServerExpireError", "Server's entry in database has expired"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_BAD_PVNO, "KDCProtocolVersionError", "Requested protocol version not supported"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_C_OLD_MAST_KVNO, "KDCClientOldMasterKeyError", "Client's key is encrypted in an old master key"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_S_OLD_MAST_KVNO, "KDCServerOldMasterKeyError", "Server's key is encrypted in an old master key"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN, "KDCClientNotFoundError", "Client not found in Kerberos database"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN, "KDCServerNotFoundError", "Server not found in Kerberos database"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE, "KDCPrincipalUniqueError", "Principal has multiple entries in Kerberos database"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_NULL_KEY, "KDCNullKeyError", "Client or server has a null key"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_CANNOT_POSTDATE, "KDCCannotPostdateError", "Ticket is ineligible for postdating"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_NEVER_VALID, "KDCNeverValidError", "Requested effective lifetime is negative or too short"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_POLICY, "KDCPolicyError", "KDC policy rejects request"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_BADOPTION, "KDCOptionError", "KDC can't fulfill requested option"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_ETYPE_NOSUPP, "KDCEncryptionSupportError", "KDC has no support for encryption type"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_SUMTYPE_NOSUPP, "KDCChecksumSupportError", "KDC has no support for checksum type"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_PADATA_TYPE_NOSUPP, "KDCPADataSupportError", "KDC has no support for padata type"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_TRTYPE_NOSUPP, "KDCTypeSupportError", "KDC has no support for transited type"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_CLIENT_REVOKED, "KDCClientRevokedError", "Clients credentials have been revoked"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_SERVICE_REVOKED, "KDCServerRevokedError", "Credentials for server have been revoked"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_TGT_REVOKED, "KDCTGTRevokedError", "TGT has been revoked"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_CLIENT_NOTYET, "KDCClientNotYetValidError", "Client not yet valid - try again later"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_SERVICE_NOTYET, "KDCServerNotYetValidError", "Server not yet valid - try again later"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_KEY_EXP, "KDCPasswordExpiredError", "Password has expired"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_PREAUTH_FAILED, "KDCPreauthFailedError", "Preauthentication failed"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_PREAUTH_REQUIRED, "KDCPreauthRequiredError", "Additional pre-authentication required"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_SERVER_NOMATCH, "KDCServerMatchError", "Requested server and ticket don't match"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_MUST_USE_USER2USER, "KDCRequireUser2UserError", "Server principal valid for user2user only"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_PATH_NOT_ACCEPTED, "KDCPathError", "KDC policy rejects transited path"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_SVC_UNAVAILABLE, "KDCServiceUnavailableError", "A service is not available that is required to process the request"); + //_pykadmin_krb5_errors = PyDict_New(); + + if (_pykadmin_errors) { + + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_NONE, "KDCNoneError", "No error"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_NAME_EXP, "KDCClientExpiredError", "Client's entry in database has expired"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_SERVICE_EXP, "KDCServerExpireError", "Server's entry in database has expired"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_BAD_PVNO, "KDCProtocolVersionError", "Requested protocol version not supported"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_C_OLD_MAST_KVNO, "KDCClientOldMasterKeyError", "Client's key is encrypted in an old master key"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_S_OLD_MAST_KVNO, "KDCServerOldMasterKeyError", "Server's key is encrypted in an old master key"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN, "KDCClientNotFoundError", "Client not found in Kerberos database"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN, "KDCServerNotFoundError", "Server not found in Kerberos database"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE, "KDCPrincipalUniqueError", "Principal has multiple entries in Kerberos database"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_NULL_KEY, "KDCNullKeyError", "Client or server has a null key"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_CANNOT_POSTDATE, "KDCCannotPostdateError", "Ticket is ineligible for postdating"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_NEVER_VALID, "KDCNeverValidError", "Requested effective lifetime is negative or too short"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_POLICY, "KDCPolicyError", "KDC policy rejects request"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_BADOPTION, "KDCOptionError", "KDC can't fulfill requested option"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_ETYPE_NOSUPP, "KDCEncryptionSupportError", "KDC has no support for encryption type"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_SUMTYPE_NOSUPP, "KDCChecksumSupportError", "KDC has no support for checksum type"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_PADATA_TYPE_NOSUPP, "KDCPADataSupportError", "KDC has no support for padata type"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_TRTYPE_NOSUPP, "KDCTypeSupportError", "KDC has no support for transited type"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_CLIENT_REVOKED, "KDCClientRevokedError", "Clients credentials have been revoked"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_SERVICE_REVOKED, "KDCServerRevokedError", "Credentials for server have been revoked"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_TGT_REVOKED, "KDCTGTRevokedError", "TGT has been revoked"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_CLIENT_NOTYET, "KDCClientNotYetValidError", "Client not yet valid - try again later"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_SERVICE_NOTYET, "KDCServerNotYetValidError", "Server not yet valid - try again later"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_KEY_EXP, "KDCPasswordExpiredError", "Password has expired"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_PREAUTH_FAILED, "KDCPreauthFailedError", "Preauthentication failed"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_PREAUTH_REQUIRED, "KDCPreauthRequiredError", "Additional pre-authentication required"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_SERVER_NOMATCH, "KDCServerMatchError", "Requested server and ticket don't match"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_MUST_USE_USER2USER, "KDCRequireUser2UserError", "Server principal valid for user2user only"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_PATH_NOT_ACCEPTED, "KDCPathError", "KDC policy rejects transited path"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_SVC_UNAVAILABLE, "KDCServiceUnavailableError", "A service is not available that is required to process the request"); // think AP stands for authentication or application protocol ? not sure - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_BAD_INTEGRITY, "APIntegrityError", "Decrypt integrity check failed"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_TKT_EXPIRED, "APTicketExpiredError", "Ticket expired"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_TKT_NYV, "APTicketNotYetValidError", "Ticket not yet valid"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_REPEAT, "APReplayError", "Request is a replay"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_NOT_US, "APNotUsError", "The ticket isn't for us"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_BADMATCH, "APMismatchError", "Ticket/authenticator don't match"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_SKEW, "APClockSkewError", "Clock skew too great"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_BADADDR, "APAddressAPError", "Incorrect net address"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_BADVERSION, "APVersionError", "Protocol version mismatch"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_MSG_TYPE, "APMessageTypeError", "Invalid message type"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_MODIFIED, "APMessageModifiedError", "Message stream modified"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_BADORDER, "APMessageOrderError", "Message out of order"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_ILL_CR_TKT, "APCrossRealmTicketError", "Illegal cross-realm ticket"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_BADKEYVER, "APKeyVersionError", "Key version is not available"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_NOKEY, "APNoKeyError", "Service key not available"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_MUT_FAIL, "APMutualAuthError", "Mutual authentication failed"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_BADDIRECTION, "APMessageDirectionError", "Incorrect message direction"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_METHOD, "APMethodError", "Alternative authentication method required"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_BADSEQ, "APSequenceError", "Incorrect sequence number in message"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_INAPP_CKSUM, "APChecksumError", "Inappropriate type of checksum in message"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_PATH_NOT_ACCEPTED, "APPathError", "Policy rejects transited path"); - - PyKAdminError_krb5_insert(module, base, KRB5KRB_ERR_RESPONSE_TOO_BIG, "ResponseTooBigError", "Response too big for UDP, retry with TCP"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_ERR_GENERIC, "GenericError", "Generic error (see e-text)"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_ERR_FIELD_TOOLONG, "FieldTooLongError", "Field is too long for this implementation"); - - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_CLIENT_NOT_TRUSTED, "KDCClientNotTrustedError", "Client not trusted"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_KDC_NOT_TRUSTED, "KDCNotTrustedError", "KDC not trusted"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_INVALID_SIG, "KDCInvalidSignatureError", "Invalid signature"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED, "KDCKeyParamsError", "Key parameters not accepted"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_CERTIFICATE_MISMATCH, "KDCCertMismatchError", "Certificate mismatch"); - - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_NO_TGT, "APNoTGTError", "No ticket granting ticket"); - - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_WRONG_REALM, "KDCWrongRealmError", "Realm not local to KDC"); - - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_USER_TO_USER_REQUIRED, "APRequireUser2UserError", "User to user required"); - - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_CANT_VERIFY_CERTIFICATE, "KDCCertVerifyError", "Can't verify certificate"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_INVALID_CERTIFICATE, "KDCCertInvalidError", "Invalid certificate"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_REVOKED_CERTIFICATE, "KDCCertRevokedError", "Revoked certificate"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_REVOCATION_STATUS_UNKNOWN, "KDCRevokeUnknownError", "Revocation status unknown"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_REVOCATION_STATUS_UNAVAILABLE, "KDCRevokeUnavailabeError", "Revocation status unavailable"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_CLIENT_NAME_MISMATCH, "KDCClientNameMismatchError", "Client name mismatch"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_KDC_NAME_MISMATCH, "KDCNameMismatchError", "KDC name mismatch"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_INCONSISTENT_KEY_PURPOSE, "KDCInconsistentKeyPurposeError", "Inconsistent key purpose"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED, "KDCCertDigestError", "Digest in certificate not accepted"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED, "KDCChecksumMissingError", "Checksum must be included"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED, "KDCSignedDataDigestError", "Digest in signed-data not accepted"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED, "KDCPublicKeyEncryptionError", "Public key encryption not supported"); - - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_IAKERB_KDC_NOT_FOUND, "APIAKERBNotFoundError", "The IAKERB proxy could not find a KDC"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_IAKERB_KDC_NO_RESPONSE, "APIAKERBNoResponseError", "The KDC did not respond to the IAKERB proxy"); - - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTION, "KDCUnsupportedFASTOptionError", "An unsupported critical FAST option was requested"); - PyKAdminError_krb5_insert(module, base, KRB5KDC_ERR_NO_ACCEPTABLE_KDF, "KDCNoAcceptableKDFError", "No acceptable KDF offered"); - - PyKAdminError_krb5_insert(module, base, KRB5_ERR_RCSID, "RCSIDError", "$Id$"); - - PyKAdminError_krb5_insert(module, base, KRB5_LIBOS_BADLOCKFLAG, "Error", "Invalid flag for file lock mode"); - PyKAdminError_krb5_insert(module, base, KRB5_LIBOS_CANTREADPWD, "Error", "Cannot read password"); - PyKAdminError_krb5_insert(module, base, KRB5_LIBOS_BADPWDMATCH, "Error", "Password mismatch"); - PyKAdminError_krb5_insert(module, base, KRB5_LIBOS_PWDINTR, "Error", "Password read interrupted"); - - PyKAdminError_krb5_insert(module, base, KRB5_PARSE_ILLCHAR, "ParseIllegalCharacterError", "Illegal character in component name"); - PyKAdminError_krb5_insert(module, base, KRB5_PARSE_MALFORMED, "ParseMalformedError", "Malformed representation of principal"); - - PyKAdminError_krb5_insert(module, base, KRB5_CONFIG_CANTOPEN, "ConifgCantOpenError", "Can't open/find Kerberos configuration file"); - PyKAdminError_krb5_insert(module, base, KRB5_CONFIG_BADFORMAT, "ConifgFormatError", "Improper format of Kerberos configuration file"); - PyKAdminError_krb5_insert(module, base, KRB5_CONFIG_NOTENUFSPACE, "ConifgSpaceError", "Insufficient space to return complete information"); - - PyKAdminError_krb5_insert(module, base, KRB5_BADMSGTYPE, "MessageTypeError", "Invalid message type specified for encoding"); - - PyKAdminError_krb5_insert(module, base, KRB5_CC_BADNAME, "CCBadNameError", "Credential cache name malformed"); - PyKAdminError_krb5_insert(module, base, KRB5_CC_UNKNOWN_TYPE, "CCUnknownTypeError", "Unknown credential cache type" ); - PyKAdminError_krb5_insert(module, base, KRB5_CC_NOTFOUND, "CCNotFoundError", "Matching credential not found"); - PyKAdminError_krb5_insert(module, base, KRB5_CC_END, "CCEndError", "End of credential cache reached"); - - PyKAdminError_krb5_insert(module, base, KRB5_NO_TKT_SUPPLIED, "NoTicketError", "Request did not supply a ticket"); - - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_WRONG_PRINC, "APWrongPrincipalError", "Wrong principal in request"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_TKT_INVALID, "APTicketFlagError", "Ticket has invalid flag set"); - - PyKAdminError_krb5_insert(module, base, KRB5_PRINC_NOMATCH, "PrincipalMismatchError", "Requested principal and ticket don't match"); - PyKAdminError_krb5_insert(module, base, KRB5_KDCREP_MODIFIED, "KDCReplyModifiedError", "KDC reply did not match expectations"); - PyKAdminError_krb5_insert(module, base, KRB5_KDCREP_SKEW, "KDCReplyClockSkewError", "Clock skew too great in KDC reply"); - PyKAdminError_krb5_insert(module, base, KRB5_IN_TKT_REALM_MISMATCH, "TicketRealmMismatchError", "Client/server realm mismatch in initial ticket request"); - PyKAdminError_krb5_insert(module, base, KRB5_PROG_ETYPE_NOSUPP, "EncryptionSupportError", "Program lacks support for encryption type"); - PyKAdminError_krb5_insert(module, base, KRB5_PROG_KEYTYPE_NOSUPP, "KeyTypeSupportError", "Program lacks support for key type"); - PyKAdminError_krb5_insert(module, base, KRB5_WRONG_ETYPE, "EncryptionTypeError", "Requested encryption type not used in message"); - PyKAdminError_krb5_insert(module, base, KRB5_PROG_SUMTYPE_NOSUPP, "ProgamChecksumSupportError", "Program lacks support for checksum type"); - PyKAdminError_krb5_insert(module, base, KRB5_REALM_UNKNOWN, "RealmUnknownError", "Cannot find KDC for requested realm"); - PyKAdminError_krb5_insert(module, base, KRB5_SERVICE_UNKNOWN, "ServiceUnknownError", "Kerberos service unknown"); - PyKAdminError_krb5_insert(module, base, KRB5_KDC_UNREACH, "ContactKDCError", "Cannot contact any KDC for requested realm"); - PyKAdminError_krb5_insert(module, base, KRB5_NO_LOCALNAME, "LocalNameError", "No local name found for principal name"); - PyKAdminError_krb5_insert(module, base, KRB5_MUTUAL_FAILED, "MutualAuthError", "Mutual authentication failed"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_BAD_INTEGRITY, "APIntegrityError", "Decrypt integrity check failed"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_TKT_EXPIRED, "APTicketExpiredError", "Ticket expired"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_TKT_NYV, "APTicketNotYetValidError", "Ticket not yet valid"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_REPEAT, "APReplayError", "Request is a replay"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_NOT_US, "APNotUsError", "The ticket isn't for us"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_BADMATCH, "APMismatchError", "Ticket/authenticator don't match"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_SKEW, "APClockSkewError", "Clock skew too great"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_BADADDR, "APAddressAPError", "Incorrect net address"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_BADVERSION, "APVersionError", "Protocol version mismatch"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_MSG_TYPE, "APMessageTypeError", "Invalid message type"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_MODIFIED, "APMessageModifiedError", "Message stream modified"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_BADORDER, "APMessageOrderError", "Message out of order"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_ILL_CR_TKT, "APCrossRealmTicketError", "Illegal cross-realm ticket"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_BADKEYVER, "APKeyVersionError", "Key version is not available"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_NOKEY, "APNoKeyError", "Service key not available"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_MUT_FAIL, "APMutualAuthError", "Mutual authentication failed"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_BADDIRECTION, "APMessageDirectionError", "Incorrect message direction"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_METHOD, "APMethodError", "Alternative authentication method required"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_BADSEQ, "APSequenceError", "Incorrect sequence number in message"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_INAPP_CKSUM, "APChecksumError", "Inappropriate type of checksum in message"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_PATH_NOT_ACCEPTED, "APPathError", "Policy rejects transited path"); + + _pykadminerror_error_insert(module, base, KRB5KRB_ERR_RESPONSE_TOO_BIG, "ResponseTooBigError", "Response too big for UDP, retry with TCP"); + _pykadminerror_error_insert(module, base, KRB5KRB_ERR_GENERIC, "GenericError", "Generic error (see e-text)"); + _pykadminerror_error_insert(module, base, KRB5KRB_ERR_FIELD_TOOLONG, "FieldTooLongError", "Field is too long for this implementation"); + + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_CLIENT_NOT_TRUSTED, "KDCClientNotTrustedError", "Client not trusted"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_KDC_NOT_TRUSTED, "KDCNotTrustedError", "KDC not trusted"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_INVALID_SIG, "KDCInvalidSignatureError", "Invalid signature"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED, "KDCKeyParamsError", "Key parameters not accepted"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_CERTIFICATE_MISMATCH, "KDCCertMismatchError", "Certificate mismatch"); + + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_NO_TGT, "APNoTGTError", "No ticket granting ticket"); + + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_WRONG_REALM, "KDCWrongRealmError", "Realm not local to KDC"); + + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_USER_TO_USER_REQUIRED, "APRequireUser2UserError", "User to user required"); + + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_CANT_VERIFY_CERTIFICATE, "KDCCertVerifyError", "Can't verify certificate"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_INVALID_CERTIFICATE, "KDCCertInvalidError", "Invalid certificate"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_REVOKED_CERTIFICATE, "KDCCertRevokedError", "Revoked certificate"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_REVOCATION_STATUS_UNKNOWN, "KDCRevokeUnknownError", "Revocation status unknown"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_REVOCATION_STATUS_UNAVAILABLE, "KDCRevokeUnavailabeError", "Revocation status unavailable"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_CLIENT_NAME_MISMATCH, "KDCClientNameMismatchError", "Client name mismatch"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_KDC_NAME_MISMATCH, "KDCNameMismatchError", "KDC name mismatch"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_INCONSISTENT_KEY_PURPOSE, "KDCInconsistentKeyPurposeError", "Inconsistent key purpose"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED, "KDCCertDigestError", "Digest in certificate not accepted"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED, "KDCChecksumMissingError", "Checksum must be included"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED, "KDCSignedDataDigestError", "Digest in signed-data not accepted"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED, "KDCPublicKeyEncryptionError", "Public key encryption not supported"); + + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_IAKERB_KDC_NOT_FOUND, "APIAKERBNotFoundError", "The IAKERB proxy could not find a KDC"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_IAKERB_KDC_NO_RESPONSE, "APIAKERBNoResponseError", "The KDC did not respond to the IAKERB proxy"); + + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTION, "KDCUnsupportedFASTOptionError", "An unsupported critical FAST option was requested"); + _pykadminerror_error_insert(module, base, KRB5KDC_ERR_NO_ACCEPTABLE_KDF, "KDCNoAcceptableKDFError", "No acceptable KDF offered"); + + _pykadminerror_error_insert(module, base, KRB5_ERR_RCSID, "RCSIDError", "$Id$"); + + _pykadminerror_error_insert(module, base, KRB5_LIBOS_BADLOCKFLAG, "Error", "Invalid flag for file lock mode"); + _pykadminerror_error_insert(module, base, KRB5_LIBOS_CANTREADPWD, "Error", "Cannot read password"); + _pykadminerror_error_insert(module, base, KRB5_LIBOS_BADPWDMATCH, "Error", "Password mismatch"); + _pykadminerror_error_insert(module, base, KRB5_LIBOS_PWDINTR, "Error", "Password read interrupted"); + + _pykadminerror_error_insert(module, base, KRB5_PARSE_ILLCHAR, "ParseIllegalCharacterError", "Illegal character in component name"); + _pykadminerror_error_insert(module, base, KRB5_PARSE_MALFORMED, "ParseMalformedError", "Malformed representation of principal"); + + _pykadminerror_error_insert(module, base, KRB5_CONFIG_CANTOPEN, "ConifgCantOpenError", "Can't open/find Kerberos configuration file"); + _pykadminerror_error_insert(module, base, KRB5_CONFIG_BADFORMAT, "ConifgFormatError", "Improper format of Kerberos configuration file"); + _pykadminerror_error_insert(module, base, KRB5_CONFIG_NOTENUFSPACE, "ConifgSpaceError", "Insufficient space to return complete information"); + + _pykadminerror_error_insert(module, base, KRB5_BADMSGTYPE, "MessageTypeError", "Invalid message type specified for encoding"); + + _pykadminerror_error_insert(module, base, KRB5_CC_BADNAME, "CCBadNameError", "Credential cache name malformed"); + _pykadminerror_error_insert(module, base, KRB5_CC_UNKNOWN_TYPE, "CCUnknownTypeError", "Unknown credential cache type" ); + _pykadminerror_error_insert(module, base, KRB5_CC_NOTFOUND, "CCNotFoundError", "Matching credential not found"); + _pykadminerror_error_insert(module, base, KRB5_CC_END, "CCEndError", "End of credential cache reached"); + + _pykadminerror_error_insert(module, base, KRB5_NO_TKT_SUPPLIED, "NoTicketError", "Request did not supply a ticket"); + + _pykadminerror_error_insert(module, base, KRB5KRB_AP_WRONG_PRINC, "APWrongPrincipalError", "Wrong principal in request"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_TKT_INVALID, "APTicketFlagError", "Ticket has invalid flag set"); + + _pykadminerror_error_insert(module, base, KRB5_PRINC_NOMATCH, "PrincipalMismatchError", "Requested principal and ticket don't match"); + _pykadminerror_error_insert(module, base, KRB5_KDCREP_MODIFIED, "KDCReplyModifiedError", "KDC reply did not match expectations"); + _pykadminerror_error_insert(module, base, KRB5_KDCREP_SKEW, "KDCReplyClockSkewError", "Clock skew too great in KDC reply"); + _pykadminerror_error_insert(module, base, KRB5_IN_TKT_REALM_MISMATCH, "TicketRealmMismatchError", "Client/server realm mismatch in initial ticket request"); + _pykadminerror_error_insert(module, base, KRB5_PROG_ETYPE_NOSUPP, "EncryptionSupportError", "Program lacks support for encryption type"); + _pykadminerror_error_insert(module, base, KRB5_PROG_KEYTYPE_NOSUPP, "KeyTypeSupportError", "Program lacks support for key type"); + _pykadminerror_error_insert(module, base, KRB5_WRONG_ETYPE, "EncryptionTypeError", "Requested encryption type not used in message"); + _pykadminerror_error_insert(module, base, KRB5_PROG_SUMTYPE_NOSUPP, "ProgamChecksumSupportError", "Program lacks support for checksum type"); + _pykadminerror_error_insert(module, base, KRB5_REALM_UNKNOWN, "RealmUnknownError", "Cannot find KDC for requested realm"); + _pykadminerror_error_insert(module, base, KRB5_SERVICE_UNKNOWN, "ServiceUnknownError", "Kerberos service unknown"); + _pykadminerror_error_insert(module, base, KRB5_KDC_UNREACH, "ContactKDCError", "Cannot contact any KDC for requested realm"); + _pykadminerror_error_insert(module, base, KRB5_NO_LOCALNAME, "LocalNameError", "No local name found for principal name"); + _pykadminerror_error_insert(module, base, KRB5_MUTUAL_FAILED, "MutualAuthError", "Mutual authentication failed"); // Reply Cache [RC] & RC Input Output [IO] Errors - PyKAdminError_krb5_insert(module, base, KRB5_RC_TYPE_EXISTS, "RCTypeExistsError", "Replay cache type is already registered"); - PyKAdminError_krb5_insert(module, base, KRB5_RC_MALLOC, "RCMallocError", "No more memory to allocate (in replay cache code)"); - PyKAdminError_krb5_insert(module, base, KRB5_RC_TYPE_NOTFOUND, "RCTypeUnknownError", "Replay cache type is unknown"); - PyKAdminError_krb5_insert(module, base, KRB5_RC_UNKNOWN, "RCGenericError", "Generic unknown RC error"); - PyKAdminError_krb5_insert(module, base, KRB5_RC_REPLAY, "RCReplayError", "Message is a replay"); - PyKAdminError_krb5_insert(module, base, KRB5_RC_IO, "RCIOError", "Replay cache I/O operation failed"); - PyKAdminError_krb5_insert(module, base, KRB5_RC_NOIO, "RCNoIOError", "Replay cache type does not support non-volatile storage"); - PyKAdminError_krb5_insert(module, base, KRB5_RC_PARSE, "RCParseError", "Replay cache name parse/format error"); - PyKAdminError_krb5_insert(module, base, KRB5_RC_IO_EOF, "RCIOEOFError", "End-of-file on replay cache I/O"); - PyKAdminError_krb5_insert(module, base, KRB5_RC_IO_MALLOC, "RCIOMallocError", "No more memory to allocate (in replay cache I/O code)"); - PyKAdminError_krb5_insert(module, base, KRB5_RC_IO_PERM, "RCIOPermissionError", "Permission denied in replay cache code"); - PyKAdminError_krb5_insert(module, base, KRB5_RC_IO_IO, "RCIOIOError", "I/O error in replay cache i/o code"); - PyKAdminError_krb5_insert(module, base, KRB5_RC_IO_UNKNOWN, "RCIOGenericError", "Generic unknown RC/IO error"); - PyKAdminError_krb5_insert(module, base, KRB5_RC_IO_SPACE, "RCIOSpaceError", "Insufficient system space to store replay information"); - - PyKAdminError_krb5_insert(module, base, KRB5_TRANS_CANTOPEN, "TranslationCantOpenError", "Can't open/find realm translation file"); - PyKAdminError_krb5_insert(module, base, KRB5_TRANS_BADFORMAT, "TranslationFormatError", "Improper format of realm translation file"); - - PyKAdminError_krb5_insert(module, base, KRB5_LNAME_CANTOPEN, "LNameCantOpenError", "Can't open/find lname translation database"); - PyKAdminError_krb5_insert(module, base, KRB5_LNAME_NOTRANS, "LNameNoTranslationError", "No translation available for requested principal"); - PyKAdminError_krb5_insert(module, base, KRB5_LNAME_BADFORMAT, "LNameFormatError", "Improper format of translation database entry"); - - PyKAdminError_krb5_insert(module, base, KRB5_CRYPTO_INTERNAL, "CryptoInternalError", "Cryptosystem internal error"); - PyKAdminError_krb5_insert(module, base, KRB5_KT_BADNAME, "KTNameError", "Key table name malformed"); - PyKAdminError_krb5_insert(module, base, KRB5_KT_UNKNOWN_TYPE, "KTTypeUnknownError", "Unknown Key table type" ); - PyKAdminError_krb5_insert(module, base, KRB5_KT_NOTFOUND, "KTNotFoundError", "Key table entry not found"); - PyKAdminError_krb5_insert(module, base, KRB5_KT_END, "KTEndError", "End of key table reached"); - PyKAdminError_krb5_insert(module, base, KRB5_KT_NOWRITE, "KTNoWriteError", "Cannot write to specified key table"); - PyKAdminError_krb5_insert(module, base, KRB5_KT_IOERR, "KTIOError", "Error writing to key table"); - - PyKAdminError_krb5_insert(module, base, KRB5_NO_TKT_IN_RLM, "TicketNotInRealmError", "Cannot find ticket for requested realm"); - - PyKAdminError_krb5_insert(module, base, KRB5DES_BAD_KEYPAR, "DESKeyParityError", "DES key has bad parity"); - PyKAdminError_krb5_insert(module, base, KRB5DES_WEAK_KEY, "DESKeyWeakError", "DES key is a weak key"); - - PyKAdminError_krb5_insert(module, base, KRB5_BAD_ENCTYPE, "EncryptionTypeError", "Bad encryption type"); - PyKAdminError_krb5_insert(module, base, KRB5_BAD_KEYSIZE, "KeySizeError", "Key size is incompatible with encryption type"); - PyKAdminError_krb5_insert(module, base, KRB5_BAD_MSIZE, "MessageSizeError", "Message size is incompatible with encryption type"); + _pykadminerror_error_insert(module, base, KRB5_RC_TYPE_EXISTS, "RCTypeExistsError", "Replay cache type is already registered"); + _pykadminerror_error_insert(module, base, KRB5_RC_MALLOC, "RCMallocError", "No more memory to allocate (in replay cache code)"); + _pykadminerror_error_insert(module, base, KRB5_RC_TYPE_NOTFOUND, "RCTypeUnknownError", "Replay cache type is unknown"); + _pykadminerror_error_insert(module, base, KRB5_RC_UNKNOWN, "RCGenericError", "Generic unknown RC error"); + _pykadminerror_error_insert(module, base, KRB5_RC_REPLAY, "RCReplayError", "Message is a replay"); + _pykadminerror_error_insert(module, base, KRB5_RC_IO, "RCIOError", "Replay cache I/O operation failed"); + _pykadminerror_error_insert(module, base, KRB5_RC_NOIO, "RCNoIOError", "Replay cache type does not support non-volatile storage"); + _pykadminerror_error_insert(module, base, KRB5_RC_PARSE, "RCParseError", "Replay cache name parse/format error"); + _pykadminerror_error_insert(module, base, KRB5_RC_IO_EOF, "RCIOEOFError", "End-of-file on replay cache I/O"); + _pykadminerror_error_insert(module, base, KRB5_RC_IO_MALLOC, "RCIOMallocError", "No more memory to allocate (in replay cache I/O code)"); + _pykadminerror_error_insert(module, base, KRB5_RC_IO_PERM, "RCIOPermissionError", "Permission denied in replay cache code"); + _pykadminerror_error_insert(module, base, KRB5_RC_IO_IO, "RCIOIOError", "I/O error in replay cache i/o code"); + _pykadminerror_error_insert(module, base, KRB5_RC_IO_UNKNOWN, "RCIOGenericError", "Generic unknown RC/IO error"); + _pykadminerror_error_insert(module, base, KRB5_RC_IO_SPACE, "RCIOSpaceError", "Insufficient system space to store replay information"); + + _pykadminerror_error_insert(module, base, KRB5_TRANS_CANTOPEN, "TranslationCantOpenError", "Can't open/find realm translation file"); + _pykadminerror_error_insert(module, base, KRB5_TRANS_BADFORMAT, "TranslationFormatError", "Improper format of realm translation file"); + + _pykadminerror_error_insert(module, base, KRB5_LNAME_CANTOPEN, "LNameCantOpenError", "Can't open/find lname translation database"); + _pykadminerror_error_insert(module, base, KRB5_LNAME_NOTRANS, "LNameNoTranslationError", "No translation available for requested principal"); + _pykadminerror_error_insert(module, base, KRB5_LNAME_BADFORMAT, "LNameFormatError", "Improper format of translation database entry"); + + _pykadminerror_error_insert(module, base, KRB5_CRYPTO_INTERNAL, "CryptoInternalError", "Cryptosystem internal error"); + _pykadminerror_error_insert(module, base, KRB5_KT_BADNAME, "KTNameError", "Key table name malformed"); + _pykadminerror_error_insert(module, base, KRB5_KT_UNKNOWN_TYPE, "KTTypeUnknownError", "Unknown Key table type" ); + _pykadminerror_error_insert(module, base, KRB5_KT_NOTFOUND, "KTNotFoundError", "Key table entry not found"); + _pykadminerror_error_insert(module, base, KRB5_KT_END, "KTEndError", "End of key table reached"); + _pykadminerror_error_insert(module, base, KRB5_KT_NOWRITE, "KTNoWriteError", "Cannot write to specified key table"); + _pykadminerror_error_insert(module, base, KRB5_KT_IOERR, "KTIOError", "Error writing to key table"); + + _pykadminerror_error_insert(module, base, KRB5_NO_TKT_IN_RLM, "TicketNotInRealmError", "Cannot find ticket for requested realm"); + + _pykadminerror_error_insert(module, base, KRB5DES_BAD_KEYPAR, "DESKeyParityError", "DES key has bad parity"); + _pykadminerror_error_insert(module, base, KRB5DES_WEAK_KEY, "DESKeyWeakError", "DES key is a weak key"); + + _pykadminerror_error_insert(module, base, KRB5_BAD_ENCTYPE, "EncryptionTypeError", "Bad encryption type"); + _pykadminerror_error_insert(module, base, KRB5_BAD_KEYSIZE, "KeySizeError", "Key size is incompatible with encryption type"); + _pykadminerror_error_insert(module, base, KRB5_BAD_MSIZE, "MessageSizeError", "Message size is incompatible with encryption type"); - PyKAdminError_krb5_insert(module, base, KRB5_CC_TYPE_EXISTS, "CCTypeExistsError", "Credentials cache type is already registered."); - PyKAdminError_krb5_insert(module, base, KRB5_KT_TYPE_EXISTS, "KTTypeExistsError", "Key table type is already registered."); - - PyKAdminError_krb5_insert(module, base, KRB5_CC_IO, "CCIOError", "Credentials cache I/O operation failed XXX"); - PyKAdminError_krb5_insert(module, base, KRB5_FCC_PERM, "CCPermissionsError", "Credentials cache permissions incorrect"); - PyKAdminError_krb5_insert(module, base, KRB5_FCC_NOFILE, "CCNotFoundError", "No credentials cache found"); - PyKAdminError_krb5_insert(module, base, KRB5_FCC_INTERNAL, "CCInternalError", "Internal credentials cache error"); - PyKAdminError_krb5_insert(module, base, KRB5_CC_WRITE, "CCWriteError", "Error writing to credentials cache"); - PyKAdminError_krb5_insert(module, base, KRB5_CC_NOMEM, "CCMemoryError", "No more memory to allocate (in credentials cache code)"); - PyKAdminError_krb5_insert(module, base, KRB5_CC_FORMAT, "CCFormatError", "Bad format in credentials cache"); - PyKAdminError_krb5_insert(module, base, KRB5_CC_NOT_KTYPE, "CCEncryptionTypeError", "No credentials found with supported encryption types"); - - PyKAdminError_krb5_insert(module, base, KRB5_INVALID_FLAGS, "InvalidFlagsError", "Invalid KDC option combination (library internal error)"); - PyKAdminError_krb5_insert(module, base, KRB5_NO_2ND_TKT, "SecondTicketError", "Request missing second ticket"); - PyKAdminError_krb5_insert(module, base, KRB5_NOCREDS_SUPPLIED, "NoCredentialsSuppliedError", "No credentials supplied to library routine"); - PyKAdminError_krb5_insert(module, base, KRB5_SENDAUTH_BADAUTHVERS, "SendAuthVersionError", "Bad sendauth version was sent"); - PyKAdminError_krb5_insert(module, base, KRB5_SENDAUTH_BADAPPLVERS, "SendAuthApplicationVersionError", "Bad application version was sent (via sendauth)"); - PyKAdminError_krb5_insert(module, base, KRB5_SENDAUTH_BADRESPONSE, "SendAuthResponseError", "Bad response (during sendauth exchange)"); - PyKAdminError_krb5_insert(module, base, KRB5_SENDAUTH_REJECTED, "SendAuthRejectedError", "Server rejected authentication (during sendauth exchange)"); - PyKAdminError_krb5_insert(module, base, KRB5_PREAUTH_BAD_TYPE, "PreauthTypeError", "Unsupported preauthentication type"); - PyKAdminError_krb5_insert(module, base, KRB5_PREAUTH_NO_KEY, "PreauthKeyError", "Required preauthentication key not supplied"); - PyKAdminError_krb5_insert(module, base, KRB5_PREAUTH_FAILED, "PreauthGenericError", "Generic preauthentication failure"); + _pykadminerror_error_insert(module, base, KRB5_CC_TYPE_EXISTS, "CCTypeExistsError", "Credentials cache type is already registered."); + _pykadminerror_error_insert(module, base, KRB5_KT_TYPE_EXISTS, "KTTypeExistsError", "Key table type is already registered."); + + _pykadminerror_error_insert(module, base, KRB5_CC_IO, "CCIOError", "Credentials cache I/O operation failed XXX"); + _pykadminerror_error_insert(module, base, KRB5_FCC_PERM, "CCPermissionsError", "Credentials cache permissions incorrect"); + _pykadminerror_error_insert(module, base, KRB5_FCC_NOFILE, "CCNotFoundError", "No credentials cache found"); + _pykadminerror_error_insert(module, base, KRB5_FCC_INTERNAL, "CCInternalError", "Internal credentials cache error"); + _pykadminerror_error_insert(module, base, KRB5_CC_WRITE, "CCWriteError", "Error writing to credentials cache"); + _pykadminerror_error_insert(module, base, KRB5_CC_NOMEM, "CCMemoryError", "No more memory to allocate (in credentials cache code)"); + _pykadminerror_error_insert(module, base, KRB5_CC_FORMAT, "CCFormatError", "Bad format in credentials cache"); + _pykadminerror_error_insert(module, base, KRB5_CC_NOT_KTYPE, "CCEncryptionTypeError", "No credentials found with supported encryption types"); + + _pykadminerror_error_insert(module, base, KRB5_INVALID_FLAGS, "InvalidFlagsError", "Invalid KDC option combination (library internal error)"); + _pykadminerror_error_insert(module, base, KRB5_NO_2ND_TKT, "SecondTicketError", "Request missing second ticket"); + _pykadminerror_error_insert(module, base, KRB5_NOCREDS_SUPPLIED, "NoCredentialsSuppliedError", "No credentials supplied to library routine"); + _pykadminerror_error_insert(module, base, KRB5_SENDAUTH_BADAUTHVERS, "SendAuthVersionError", "Bad sendauth version was sent"); + _pykadminerror_error_insert(module, base, KRB5_SENDAUTH_BADAPPLVERS, "SendAuthApplicationVersionError", "Bad application version was sent (via sendauth)"); + _pykadminerror_error_insert(module, base, KRB5_SENDAUTH_BADRESPONSE, "SendAuthResponseError", "Bad response (during sendauth exchange)"); + _pykadminerror_error_insert(module, base, KRB5_SENDAUTH_REJECTED, "SendAuthRejectedError", "Server rejected authentication (during sendauth exchange)"); + _pykadminerror_error_insert(module, base, KRB5_PREAUTH_BAD_TYPE, "PreauthTypeError", "Unsupported preauthentication type"); + _pykadminerror_error_insert(module, base, KRB5_PREAUTH_NO_KEY, "PreauthKeyError", "Required preauthentication key not supplied"); + _pykadminerror_error_insert(module, base, KRB5_PREAUTH_FAILED, "PreauthGenericError", "Generic preauthentication failure"); - PyKAdminError_krb5_insert(module, base, KRB5_RCACHE_BADVNO, "RCVserionNumberError", "Unsupported replay cache format version number"); - PyKAdminError_krb5_insert(module, base, KRB5_CCACHE_BADVNO, "CCVserionNumberError", "Unsupported credentials cache format version number"); - PyKAdminError_krb5_insert(module, base, KRB5_KEYTAB_BADVNO, "KTVersionNumberError", "Unsupported key table format version number"); + _pykadminerror_error_insert(module, base, KRB5_RCACHE_BADVNO, "RCVserionNumberError", "Unsupported replay cache format version number"); + _pykadminerror_error_insert(module, base, KRB5_CCACHE_BADVNO, "CCVserionNumberError", "Unsupported credentials cache format version number"); + _pykadminerror_error_insert(module, base, KRB5_KEYTAB_BADVNO, "KTVersionNumberError", "Unsupported key table format version number"); - PyKAdminError_krb5_insert(module, base, KRB5_PROG_ATYPE_NOSUPP, "ProgramAddressTypeError", "Program lacks support for address type"); + _pykadminerror_error_insert(module, base, KRB5_PROG_ATYPE_NOSUPP, "ProgramAddressTypeError", "Program lacks support for address type"); - PyKAdminError_krb5_insert(module, base, KRB5_RC_REQUIRED, "RCRequiredError", "Message replay detection requires rcache parameter"); + _pykadminerror_error_insert(module, base, KRB5_RC_REQUIRED, "RCRequiredError", "Message replay detection requires rcache parameter"); - PyKAdminError_krb5_insert(module, base, KRB5_ERR_BAD_HOSTNAME, "HostnameError", "Hostname cannot be canonicalized"); - PyKAdminError_krb5_insert(module, base, KRB5_ERR_HOST_REALM_UNKNOWN, "HostRealmUnknownError", "Cannot determine realm for host"); - PyKAdminError_krb5_insert(module, base, KRB5_SNAME_UNSUPP_NAMETYPE, "ServiceNameUnsupportedError", "Conversion to service principal undefined for name type"); + _pykadminerror_error_insert(module, base, KRB5_ERR_BAD_HOSTNAME, "HostnameError", "Hostname cannot be canonicalized"); + _pykadminerror_error_insert(module, base, KRB5_ERR_HOST_REALM_UNKNOWN, "HostRealmUnknownError", "Cannot determine realm for host"); + _pykadminerror_error_insert(module, base, KRB5_SNAME_UNSUPP_NAMETYPE, "ServiceNameUnsupportedError", "Conversion to service principal undefined for name type"); - PyKAdminError_krb5_insert(module, base, KRB5KRB_AP_ERR_V4_REPLY, "APV4ReplyError", "Initial Ticket response appears to be Version 4 error"); + _pykadminerror_error_insert(module, base, KRB5KRB_AP_ERR_V4_REPLY, "APV4ReplyError", "Initial Ticket response appears to be Version 4 error"); - PyKAdminError_krb5_insert(module, base, KRB5_REALM_CANT_RESOLVE, "RealmResolveError", "Cannot resolve network address for KDC in requested realm"); - PyKAdminError_krb5_insert(module, base, KRB5_TKT_NOT_FORWARDABLE, "TicketNotForwardableError", "Requesting ticket can't get forwardable tickets"); - PyKAdminError_krb5_insert(module, base, KRB5_FWD_BAD_PRINCIPAL, "ForwardPrincipalError", "Bad principal name while trying to forward credentials"); - PyKAdminError_krb5_insert(module, base, KRB5_GET_IN_TKT_LOOP, "GetTGTLoopError", "Looping detected inside krb5_get_in_tkt"); - PyKAdminError_krb5_insert(module, base, KRB5_CONFIG_NODEFREALM, "ConfigNoDefaultRealmError", "Configuration file does not specify default realm"); - PyKAdminError_krb5_insert(module, base, KRB5_SAM_UNSUPPORTED, "SAMUnsupportedError", "Bad SAM flags in obtain_sam_padata"); - PyKAdminError_krb5_insert(module, base, KRB5_SAM_INVALID_ETYPE, "SAMInvalidEncryptionTypeError", "Invalid encryption type in SAM challenge"); - PyKAdminError_krb5_insert(module, base, KRB5_SAM_NO_CHECKSUM, "SAMNoChecksumError", "Missing checksum in SAM challenge"); - PyKAdminError_krb5_insert(module, base, KRB5_SAM_BAD_CHECKSUM, "SAMChecksumError", "Bad checksum in SAM challenge"); - PyKAdminError_krb5_insert(module, base, KRB5_KT_NAME_TOOLONG, "KTNameTooLongError", "Keytab name too long"); - PyKAdminError_krb5_insert(module, base, KRB5_KT_KVNONOTFOUND, "KTKVNOError", "Key version number for principal in key table is incorrect"); - PyKAdminError_krb5_insert(module, base, KRB5_APPL_EXPIRED, "ApplicationExpiredError", "This application has expired"); - PyKAdminError_krb5_insert(module, base, KRB5_LIB_EXPIRED, "LibraryExpiredError", "This Krb5 library has expired"); - PyKAdminError_krb5_insert(module, base, KRB5_CHPW_PWDNULL, "NullPasswordError", "New password cannot be zero length"); - PyKAdminError_krb5_insert(module, base, KRB5_CHPW_FAIL, "PasswordChangeError", "Password change failed"); - PyKAdminError_krb5_insert(module, base, KRB5_KT_FORMAT, "KTFormatError", "Bad format in keytab"); - PyKAdminError_krb5_insert(module, base, KRB5_NOPERM_ETYPE, "EncryptionTypeError", "Encryption type not permitted"); - PyKAdminError_krb5_insert(module, base, KRB5_CONFIG_ETYPE_NOSUPP, "ConfigEncryptionTypeError", "No supported encryption types (config file error?)"); - PyKAdminError_krb5_insert(module, base, KRB5_OBSOLETE_FN, "ObsoleteFunctionError", "Program called an obsolete, deleted function"); + _pykadminerror_error_insert(module, base, KRB5_REALM_CANT_RESOLVE, "RealmResolveError", "Cannot resolve network address for KDC in requested realm"); + _pykadminerror_error_insert(module, base, KRB5_TKT_NOT_FORWARDABLE, "TicketNotForwardableError", "Requesting ticket can't get forwardable tickets"); + _pykadminerror_error_insert(module, base, KRB5_FWD_BAD_PRINCIPAL, "ForwardPrincipalError", "Bad principal name while trying to forward credentials"); + _pykadminerror_error_insert(module, base, KRB5_GET_IN_TKT_LOOP, "GetTGTLoopError", "Looping detected inside krb5_get_in_tkt"); + _pykadminerror_error_insert(module, base, KRB5_CONFIG_NODEFREALM, "ConfigNoDefaultRealmError", "Configuration file does not specify default realm"); + _pykadminerror_error_insert(module, base, KRB5_SAM_UNSUPPORTED, "SAMUnsupportedError", "Bad SAM flags in obtain_sam_padata"); + _pykadminerror_error_insert(module, base, KRB5_SAM_INVALID_ETYPE, "SAMInvalidEncryptionTypeError", "Invalid encryption type in SAM challenge"); + _pykadminerror_error_insert(module, base, KRB5_SAM_NO_CHECKSUM, "SAMNoChecksumError", "Missing checksum in SAM challenge"); + _pykadminerror_error_insert(module, base, KRB5_SAM_BAD_CHECKSUM, "SAMChecksumError", "Bad checksum in SAM challenge"); + _pykadminerror_error_insert(module, base, KRB5_KT_NAME_TOOLONG, "KTNameTooLongError", "Keytab name too long"); + _pykadminerror_error_insert(module, base, KRB5_KT_KVNONOTFOUND, "KTKVNOError", "Key version number for principal in key table is incorrect"); + _pykadminerror_error_insert(module, base, KRB5_APPL_EXPIRED, "ApplicationExpiredError", "This application has expired"); + _pykadminerror_error_insert(module, base, KRB5_LIB_EXPIRED, "LibraryExpiredError", "This Krb5 library has expired"); + _pykadminerror_error_insert(module, base, KRB5_CHPW_PWDNULL, "NullPasswordError", "New password cannot be zero length"); + _pykadminerror_error_insert(module, base, KRB5_CHPW_FAIL, "PasswordChangeError", "Password change failed"); + _pykadminerror_error_insert(module, base, KRB5_KT_FORMAT, "KTFormatError", "Bad format in keytab"); + _pykadminerror_error_insert(module, base, KRB5_NOPERM_ETYPE, "EncryptionTypeError", "Encryption type not permitted"); + _pykadminerror_error_insert(module, base, KRB5_CONFIG_ETYPE_NOSUPP, "ConfigEncryptionTypeError", "No supported encryption types (config file error?)"); + _pykadminerror_error_insert(module, base, KRB5_OBSOLETE_FN, "ObsoleteFunctionError", "Program called an obsolete, deleted function"); - PyKAdminError_krb5_insert(module, base, KRB5_EAI_FAIL, "EAIGenericError", "unknown getaddrinfo failure"); - PyKAdminError_krb5_insert(module, base, KRB5_EAI_NODATA, "EAINoDataError", "no data available for host/domain name"); - PyKAdminError_krb5_insert(module, base, KRB5_EAI_NONAME, "EAINoNameError", "host/domain name not found"); - PyKAdminError_krb5_insert(module, base, KRB5_EAI_SERVICE, "EAIServiceUnknownError", "service name unknown"); - PyKAdminError_krb5_insert(module, base, KRB5_ERR_NUMERIC_REALM, "NumericRealmError", "Cannot determine realm for numeric host address"); - PyKAdminError_krb5_insert(module, base, KRB5_ERR_BAD_S2K_PARAMS, "KeyParamsError", "Invalid key generation parameters from KDC"); - PyKAdminError_krb5_insert(module, base, KRB5_ERR_NO_SERVICE, "ServiceUnavailableError", "service not available"); - - PyKAdminError_krb5_insert(module, base, KRB5_CC_READONLY, "CCReadOnlyError", "Ccache function not supported: read-only ccache type"); - PyKAdminError_krb5_insert(module, base, KRB5_CC_NOSUPP, "CCNotSupportedError", "Ccache function not supported: not implemented"); - - PyKAdminError_krb5_insert(module, base, KRB5_DELTAT_BADFORMAT, "DeltaFormatError", "Invalid format of Kerberos lifetime or clock skew string"); - PyKAdminError_krb5_insert(module, base, KRB5_PLUGIN_NO_HANDLE, "PluginHandleError", "Supplied data not handled by this plugin"); - PyKAdminError_krb5_insert(module, base, KRB5_PLUGIN_OP_NOTSUPP, "PluginSupportError", "Plugin does not support the operation"); - PyKAdminError_krb5_insert(module, base, KRB5_ERR_INVALID_UTF8, "UTF8Error", "Invalid UTF-8 string"); - PyKAdminError_krb5_insert(module, base, KRB5_ERR_FAST_REQUIRED, "FASTRequiredError", "FAST protected pre-authentication required but not supported by KDC"); - PyKAdminError_krb5_insert(module, base, KRB5_LOCAL_ADDR_REQUIRED, "LocalAddressRequiredError", "Auth context must contain local address"); - PyKAdminError_krb5_insert(module, base, KRB5_REMOTE_ADDR_REQUIRED, "RemoteAddressRequiredError", "Auth context must contain remote address"); - PyKAdminError_krb5_insert(module, base, KRB5_TRACE_NOSUPP, "TraceSupportError", "Tracing unsupported"); + _pykadminerror_error_insert(module, base, KRB5_EAI_FAIL, "EAIGenericError", "unknown getaddrinfo failure"); + _pykadminerror_error_insert(module, base, KRB5_EAI_NODATA, "EAINoDataError", "no data available for host/domain name"); + _pykadminerror_error_insert(module, base, KRB5_EAI_NONAME, "EAINoNameError", "host/domain name not found"); + _pykadminerror_error_insert(module, base, KRB5_EAI_SERVICE, "EAIServiceUnknownError", "service name unknown"); + _pykadminerror_error_insert(module, base, KRB5_ERR_NUMERIC_REALM, "NumericRealmError", "Cannot determine realm for numeric host address"); + _pykadminerror_error_insert(module, base, KRB5_ERR_BAD_S2K_PARAMS, "KeyParamsError", "Invalid key generation parameters from KDC"); + _pykadminerror_error_insert(module, base, KRB5_ERR_NO_SERVICE, "ServiceUnavailableError", "service not available"); + + _pykadminerror_error_insert(module, base, KRB5_CC_READONLY, "CCReadOnlyError", "Ccache function not supported: read-only ccache type"); + _pykadminerror_error_insert(module, base, KRB5_CC_NOSUPP, "CCNotSupportedError", "Ccache function not supported: not implemented"); + + _pykadminerror_error_insert(module, base, KRB5_DELTAT_BADFORMAT, "DeltaFormatError", "Invalid format of Kerberos lifetime or clock skew string"); + _pykadminerror_error_insert(module, base, KRB5_PLUGIN_NO_HANDLE, "PluginHandleError", "Supplied data not handled by this plugin"); + _pykadminerror_error_insert(module, base, KRB5_PLUGIN_OP_NOTSUPP, "PluginSupportError", "Plugin does not support the operation"); + _pykadminerror_error_insert(module, base, KRB5_ERR_INVALID_UTF8, "UTF8Error", "Invalid UTF-8 string"); + _pykadminerror_error_insert(module, base, KRB5_ERR_FAST_REQUIRED, "FASTRequiredError", "FAST protected pre-authentication required but not supported by KDC"); + _pykadminerror_error_insert(module, base, KRB5_LOCAL_ADDR_REQUIRED, "LocalAddressRequiredError", "Auth context must contain local address"); + _pykadminerror_error_insert(module, base, KRB5_REMOTE_ADDR_REQUIRED, "RemoteAddressRequiredError", "Auth context must contain remote address"); + _pykadminerror_error_insert(module, base, KRB5_TRACE_NOSUPP, "TraceSupportError", "Tracing unsupported"); result = 1; } @@ -471,71 +512,71 @@ int PyKAdminError_init_krb5(PyObject *module, PyObject *base) { int PyKAdminError_init_kadm(PyObject *module, PyObject *base) { int result = 0; - _pykadmin_kadm_errors = PyDict_New(); + //_pykadmin_kadm_errors = PyDict_New(); - if (_pykadmin_kadm_errors) { + if (_pykadmin_errors) { - PyKAdminError_kadm_insert(module, base, KADM5_FAILURE, "FailureError", "Operation failed for unspecified reason"); - PyKAdminError_kadm_insert(module, base, KADM5_AUTH_GET, "AuthGetError", "Operation requires ``get'' privilege"); - PyKAdminError_kadm_insert(module, base, KADM5_AUTH_ADD, "AuthAddError", "Operation requires ``add'' privilege"); - PyKAdminError_kadm_insert(module, base, KADM5_AUTH_MODIFY, "AuthModifyError", "Operation requires ``modify'' privilege"); - PyKAdminError_kadm_insert(module, base, KADM5_AUTH_DELETE, "AuthDeleteError", "Operation requires ``delete'' privilege"); - PyKAdminError_kadm_insert(module, base, KADM5_AUTH_INSUFFICIENT, "AuthInsufficientError", "Insufficient authorization for operation"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_DB, "DadtabaseError", "Database inconsistency detected"); - PyKAdminError_kadm_insert(module, base, KADM5_DUP, "DuplicateError", "Principal or policy already exists"); - PyKAdminError_kadm_insert(module, base, KADM5_RPC_ERROR, "RPCErrorError", "Communication failure with server"); - PyKAdminError_kadm_insert(module, base, KADM5_NO_SRV, "NoServerError", "No administration server found for realm"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_HIST_KEY, "HistoryKeyError", "Password history principal key version mismatch"); - PyKAdminError_kadm_insert(module, base, KADM5_NOT_INIT, "NotInitializedError", "Connection to server not initialized"); - PyKAdminError_kadm_insert(module, base, KADM5_UNK_PRINC, "UnknownPrincipalError", "Principal does not exist"); - PyKAdminError_kadm_insert(module, base, KADM5_UNK_POLICY, "UnknownPolicyError", "Policy does not exist"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_MASK, "MaskError", "Invalid field mask for operation"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_CLASS, "ClassError", "Invalid number of character classes"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_LENGTH, "LengthError", "Invalid password length"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_POLICY, "PolicyError", "Illegal policy name"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_PRINCIPAL, "PrincipalError", "Illegal principal name"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_AUX_ATTR, "AuxAttrError", "Invalid auxillary attributes"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_HISTORY, "HistoryError", "Invalid password history count"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_MIN_PASS_LIFE, "MinPasswordLifeError", "Password minimum life is greater then password maximum life"); - PyKAdminError_kadm_insert(module, base, KADM5_PASS_Q_TOOSHORT, "PasswordTooShortError", "Password is too short"); - PyKAdminError_kadm_insert(module, base, KADM5_PASS_Q_CLASS, "PasswordClassError", "Password does not contain enough character classes"); - PyKAdminError_kadm_insert(module, base, KADM5_PASS_Q_DICT, "PasswordDictError", "Password is in the password dictionary"); - PyKAdminError_kadm_insert(module, base, KADM5_PASS_REUSE, "PasswordReuseError", "Cannot resuse password"); - PyKAdminError_kadm_insert(module, base, KADM5_PASS_TOOSOON, "PasswordTooSoonError", "Current password's minimum life has not expired"); - PyKAdminError_kadm_insert(module, base, KADM5_POLICY_REF, "PolicyRefError", "Policy is in use"); - PyKAdminError_kadm_insert(module, base, KADM5_INIT, "InitializedError", "Connection to server already initialized"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_PASSWORD, "PasswordError", "Incorrect password"); - PyKAdminError_kadm_insert(module, base, KADM5_PROTECT_PRINCIPAL, "ProtectedPrincipalError", "Cannot change protected principal"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_SERVER_HANDLE, "ServerHandleError", "Programmer error! Bad Admin server handle"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_STRUCT_VERSION, "StructVersionError", "Programmer error! Bad API structure version"); - PyKAdminError_kadm_insert(module, base, KADM5_OLD_STRUCT_VERSION, "OldStructVersionError", "API structure version specified by application is no longer supported (to fix, recompile application against current Admin API header files and libraries)"); - PyKAdminError_kadm_insert(module, base, KADM5_NEW_STRUCT_VERSION, "NewStructVersionError", "API structure version specified by application is unknown to libraries (to fix, obtain current Admin API header files and libraries and recompile application)"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_API_VERSION, "APIVersionError", "Programmer error! Bad API version"); - PyKAdminError_kadm_insert(module, base, KADM5_OLD_LIB_API_VERSION, "OldLibraryAPIVersionError", "API version specified by application is no longer supported by libraries (to fix, update application to adhere to current API version and recompile)"); - PyKAdminError_kadm_insert(module, base, KADM5_OLD_SERVER_API_VERSION, "OldServerAPIVersionError", "API version specified by application is no longer supported by server (to fix, update application to adhere to current API version and recompile)"); - PyKAdminError_kadm_insert(module, base, KADM5_NEW_LIB_API_VERSION, "NewLibraryAPIVersionError", "API version specified by application is unknown to libraries (to fix, obtain current Admin API header files and libraries and recompile application)"); - PyKAdminError_kadm_insert(module, base, KADM5_NEW_SERVER_API_VERSION, "NewServerAPIVersionError", "API version specified by application is unknown to server (to fix, obtain and install newest Admin Server)"); - PyKAdminError_kadm_insert(module, base, KADM5_SECURE_PRINC_MISSING, "SecurePrincipalMissingError", "Database error! Required principal missing"); - PyKAdminError_kadm_insert(module, base, KADM5_NO_RENAME_SALT, "NoRenameSaltError", "The salt type of the specified principal does not support renaming"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_CLIENT_PARAMS, "ClientParamsError", "Illegal configuration parameter for remote KADM5 client"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_SERVER_PARAMS, "ServerParamsError", "Illegal configuration parameter for local KADM5 client."); - PyKAdminError_kadm_insert(module, base, KADM5_AUTH_LIST, "AuthListError", "Operation requires ``list'' privilege"); - PyKAdminError_kadm_insert(module, base, KADM5_AUTH_CHANGEPW, "AuthChangePasswordError", "Operation requires ``change-password'' privilege"); - PyKAdminError_kadm_insert(module, base, KADM5_GSS_ERROR, "GSSAPIErrorError", "GSS-API (or Kerberos) error"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_TL_TYPE, "TLTypeError", "Programmer error! Illegal tagged data list element type"); - PyKAdminError_kadm_insert(module, base, KADM5_MISSING_CONF_PARAMS, "MissingConfParamsError", "Required parameters in kdc.conf missing"); - PyKAdminError_kadm_insert(module, base, KADM5_BAD_SERVER_NAME, "ServerNameError", "Bad krb5 admin server hostname"); - PyKAdminError_kadm_insert(module, base, KADM5_AUTH_SETKEY, "AuthSetKeyError", "Operation requires ``set-key'' privilege"); - PyKAdminError_kadm_insert(module, base, KADM5_SETKEY_DUP_ENCTYPES, "SetKeyDuplicateEnctypesError", "Multiple values for single or folded enctype"); - PyKAdminError_kadm_insert(module, base, KADM5_SETV4KEY_INVAL_ENCTYPE, "Setv4KeyInvalEnctypeError", "Invalid enctype for setv4key"); - PyKAdminError_kadm_insert(module, base, KADM5_SETKEY3_ETYPE_MISMATCH, "SetKey3EnctypeMismatchError", "Mismatched enctypes for setkey3"); - PyKAdminError_kadm_insert(module, base, KADM5_MISSING_KRB5_CONF_PARAMS, "MissingKrb5ConfParamsError", "Missing parameters in krb5.conf required for kadmin client"); - PyKAdminError_kadm_insert(module, base, KADM5_XDR_FAILURE, "XDRFailureError", "XDR encoding error"); + _pykadminerror_error_insert(module, base, KADM5_FAILURE, "FailureError", "Operation failed for unspecified reason"); + _pykadminerror_error_insert(module, base, KADM5_AUTH_GET, "AuthGetError", "Operation requires ``get'' privilege"); + _pykadminerror_error_insert(module, base, KADM5_AUTH_ADD, "AuthAddError", "Operation requires ``add'' privilege"); + _pykadminerror_error_insert(module, base, KADM5_AUTH_MODIFY, "AuthModifyError", "Operation requires ``modify'' privilege"); + _pykadminerror_error_insert(module, base, KADM5_AUTH_DELETE, "AuthDeleteError", "Operation requires ``delete'' privilege"); + _pykadminerror_error_insert(module, base, KADM5_AUTH_INSUFFICIENT, "AuthInsufficientError", "Insufficient authorization for operation"); + _pykadminerror_error_insert(module, base, KADM5_BAD_DB, "DadtabaseError", "Database inconsistency detected"); + _pykadminerror_error_insert(module, base, KADM5_DUP, "DuplicateError", "Principal or policy already exists"); + _pykadminerror_error_insert(module, base, KADM5_RPC_ERROR, "RPCErrorError", "Communication failure with server"); + _pykadminerror_error_insert(module, base, KADM5_NO_SRV, "NoServerError", "No administration server found for realm"); + _pykadminerror_error_insert(module, base, KADM5_BAD_HIST_KEY, "HistoryKeyError", "Password history principal key version mismatch"); + _pykadminerror_error_insert(module, base, KADM5_NOT_INIT, "NotInitializedError", "Connection to server not initialized"); + _pykadminerror_error_insert(module, base, KADM5_UNK_PRINC, "UnknownPrincipalError", "Principal does not exist"); + _pykadminerror_error_insert(module, base, KADM5_UNK_POLICY, "UnknownPolicyError", "Policy does not exist"); + _pykadminerror_error_insert(module, base, KADM5_BAD_MASK, "MaskError", "Invalid field mask for operation"); + _pykadminerror_error_insert(module, base, KADM5_BAD_CLASS, "ClassError", "Invalid number of character classes"); + _pykadminerror_error_insert(module, base, KADM5_BAD_LENGTH, "LengthError", "Invalid password length"); + _pykadminerror_error_insert(module, base, KADM5_BAD_POLICY, "PolicyError", "Illegal policy name"); + _pykadminerror_error_insert(module, base, KADM5_BAD_PRINCIPAL, "PrincipalError", "Illegal principal name"); + _pykadminerror_error_insert(module, base, KADM5_BAD_AUX_ATTR, "AuxAttrError", "Invalid auxillary attributes"); + _pykadminerror_error_insert(module, base, KADM5_BAD_HISTORY, "HistoryError", "Invalid password history count"); + _pykadminerror_error_insert(module, base, KADM5_BAD_MIN_PASS_LIFE, "MinPasswordLifeError", "Password minimum life is greater then password maximum life"); + _pykadminerror_error_insert(module, base, KADM5_PASS_Q_TOOSHORT, "PasswordTooShortError", "Password is too short"); + _pykadminerror_error_insert(module, base, KADM5_PASS_Q_CLASS, "PasswordClassError", "Password does not contain enough character classes"); + _pykadminerror_error_insert(module, base, KADM5_PASS_Q_DICT, "PasswordDictError", "Password is in the password dictionary"); + _pykadminerror_error_insert(module, base, KADM5_PASS_REUSE, "PasswordReuseError", "Cannot resuse password"); + _pykadminerror_error_insert(module, base, KADM5_PASS_TOOSOON, "PasswordTooSoonError", "Current password's minimum life has not expired"); + _pykadminerror_error_insert(module, base, KADM5_POLICY_REF, "PolicyRefError", "Policy is in use"); + _pykadminerror_error_insert(module, base, KADM5_INIT, "InitializedError", "Connection to server already initialized"); + _pykadminerror_error_insert(module, base, KADM5_BAD_PASSWORD, "PasswordError", "Incorrect password"); + _pykadminerror_error_insert(module, base, KADM5_PROTECT_PRINCIPAL, "ProtectedPrincipalError", "Cannot change protected principal"); + _pykadminerror_error_insert(module, base, KADM5_BAD_SERVER_HANDLE, "ServerHandleError", "Programmer error! Bad Admin server handle"); + _pykadminerror_error_insert(module, base, KADM5_BAD_STRUCT_VERSION, "StructVersionError", "Programmer error! Bad API structure version"); + _pykadminerror_error_insert(module, base, KADM5_OLD_STRUCT_VERSION, "OldStructVersionError", "API structure version specified by application is no longer supported (to fix, recompile application against current Admin API header files and libraries)"); + _pykadminerror_error_insert(module, base, KADM5_NEW_STRUCT_VERSION, "NewStructVersionError", "API structure version specified by application is unknown to libraries (to fix, obtain current Admin API header files and libraries and recompile application)"); + _pykadminerror_error_insert(module, base, KADM5_BAD_API_VERSION, "APIVersionError", "Programmer error! Bad API version"); + _pykadminerror_error_insert(module, base, KADM5_OLD_LIB_API_VERSION, "OldLibraryAPIVersionError", "API version specified by application is no longer supported by libraries (to fix, update application to adhere to current API version and recompile)"); + _pykadminerror_error_insert(module, base, KADM5_OLD_SERVER_API_VERSION, "OldServerAPIVersionError", "API version specified by application is no longer supported by server (to fix, update application to adhere to current API version and recompile)"); + _pykadminerror_error_insert(module, base, KADM5_NEW_LIB_API_VERSION, "NewLibraryAPIVersionError", "API version specified by application is unknown to libraries (to fix, obtain current Admin API header files and libraries and recompile application)"); + _pykadminerror_error_insert(module, base, KADM5_NEW_SERVER_API_VERSION, "NewServerAPIVersionError", "API version specified by application is unknown to server (to fix, obtain and install newest Admin Server)"); + _pykadminerror_error_insert(module, base, KADM5_SECURE_PRINC_MISSING, "SecurePrincipalMissingError", "Database error! Required principal missing"); + _pykadminerror_error_insert(module, base, KADM5_NO_RENAME_SALT, "NoRenameSaltError", "The salt type of the specified principal does not support renaming"); + _pykadminerror_error_insert(module, base, KADM5_BAD_CLIENT_PARAMS, "ClientParamsError", "Illegal configuration parameter for remote KADM5 client"); + _pykadminerror_error_insert(module, base, KADM5_BAD_SERVER_PARAMS, "ServerParamsError", "Illegal configuration parameter for local KADM5 client."); + _pykadminerror_error_insert(module, base, KADM5_AUTH_LIST, "AuthListError", "Operation requires ``list'' privilege"); + _pykadminerror_error_insert(module, base, KADM5_AUTH_CHANGEPW, "AuthChangePasswordError", "Operation requires ``change-password'' privilege"); + _pykadminerror_error_insert(module, base, KADM5_GSS_ERROR, "GSSAPIErrorError", "GSS-API (or Kerberos) error"); + _pykadminerror_error_insert(module, base, KADM5_BAD_TL_TYPE, "TLTypeError", "Programmer error! Illegal tagged data list element type"); + _pykadminerror_error_insert(module, base, KADM5_MISSING_CONF_PARAMS, "MissingConfParamsError", "Required parameters in kdc.conf missing"); + _pykadminerror_error_insert(module, base, KADM5_BAD_SERVER_NAME, "ServerNameError", "Bad krb5 admin server hostname"); + _pykadminerror_error_insert(module, base, KADM5_AUTH_SETKEY, "AuthSetKeyError", "Operation requires ``set-key'' privilege"); + _pykadminerror_error_insert(module, base, KADM5_SETKEY_DUP_ENCTYPES, "SetKeyDuplicateEnctypesError", "Multiple values for single or folded enctype"); + _pykadminerror_error_insert(module, base, KADM5_SETV4KEY_INVAL_ENCTYPE, "Setv4KeyInvalEnctypeError", "Invalid enctype for setv4key"); + _pykadminerror_error_insert(module, base, KADM5_SETKEY3_ETYPE_MISMATCH, "SetKey3EnctypeMismatchError", "Mismatched enctypes for setkey3"); + _pykadminerror_error_insert(module, base, KADM5_MISSING_KRB5_CONF_PARAMS, "MissingKrb5ConfParamsError", "Missing parameters in krb5.conf required for kadmin client"); + _pykadminerror_error_insert(module, base, KADM5_XDR_FAILURE, "XDRFailureError", "XDR encoding error"); # ifdef KADM5_CANT_RESOLVE - PyKAdminError_kadm_insert(module, base, KADM5_CANT_RESOLVE, "CantResolveError", ""); + _pykadminerror_error_insert(module, base, KADM5_CANT_RESOLVE, "CantResolveError", ""); # endif # ifdef KADM5_PASS_Q_GENERIC - PyKAdminError_kadm_insert(module, base, KADM5_PASS_Q_GENERIC, "PasswordGenericError", "Database synchronization failed"); + _pykadminerror_error_insert(module, base, KADM5_PASS_Q_GENERIC, "PasswordGenericError", "Database synchronization failed"); # endif result = 1; @@ -546,3 +587,65 @@ int PyKAdminError_init_kadm(PyObject *module, PyObject *base) { } +int PyKAdminError_init_kdb(PyObject *module, PyObject *base) { + + int result = 0; + //_pykadmin_kadm_errors = PyDict_New(); + + if (_pykadmin_errors) { + + _pykadminerror_error_insert(module, base, KRB5_KDB_INUSE, "KDBInUseError", "Entry already exists in database"); + _pykadminerror_error_insert(module, base, KRB5_KDB_UK_SERROR, "KDBStoreError", "Database store error"); + _pykadminerror_error_insert(module, base, KRB5_KDB_UK_RERROR, "KDBReadError", "Database read error"); + _pykadminerror_error_insert(module, base, KRB5_KDB_UNAUTH, "KDBInsufficientAccessError", "Insufficient access to perform requested operation"); + _pykadminerror_error_insert(module, base, KRB5_KDB_NOENTRY, "KDBNoEntryError", "No such entry in the database"); + _pykadminerror_error_insert(module, base, KRB5_KDB_ILL_WILDCARD, "KDBWildcardError", "Illegal use of wildcard"); + _pykadminerror_error_insert(module, base, KRB5_KDB_DB_INUSE, "KDBLockedError", "Database is locked or in use--try again later"); + _pykadminerror_error_insert(module, base, KRB5_KDB_DB_CHANGED, "KDBChangedError", "Database was modified during read"); + _pykadminerror_error_insert(module, base, KRB5_KDB_TRUNCATED_RECORD, "KDBTruncatedError", "Database record is incomplete or corrupted"); + _pykadminerror_error_insert(module, base, KRB5_KDB_RECURSIVELOCK, "KDBRecursiveLockError", "Attempt to lock database twice"); + _pykadminerror_error_insert(module, base, KRB5_KDB_NOTLOCKED, "KDBNotLockedError", "Attempt to unlock database when not locked"); + _pykadminerror_error_insert(module, base, KRB5_KDB_BADLOCKMODE, "KDBLockModeError", "Invalid kdb lock mode"); + _pykadminerror_error_insert(module, base, KRB5_KDB_DBNOTINITED, "KDBNotInitializedError", "Database has not been initialized"); + _pykadminerror_error_insert(module, base, KRB5_KDB_DBINITED, "KDBInitializedError", "Database has already been initialized"); + _pykadminerror_error_insert(module, base, KRB5_KDB_ILLDIRECTION, "KDBDirectionError", "Bad direction for converting keys"); + _pykadminerror_error_insert(module, base, KRB5_KDB_NOMASTERKEY, "KDBNoMKeyError", "Cannot find master key record in database"); + _pykadminerror_error_insert(module, base, KRB5_KDB_BADMASTERKEY, "KDBBadMKeyError", "Master key does not match database"); + _pykadminerror_error_insert(module, base, KRB5_KDB_INVALIDKEYSIZE, "KDBKeySizeError", "Key size in database is invalid"); + _pykadminerror_error_insert(module, base, KRB5_KDB_CANTREAD_STORED, "KDBCantReadError", "Cannot find/read stored master key"); + _pykadminerror_error_insert(module, base, KRB5_KDB_BADSTORED_MKEY, "KDBCorruptedMKeyError", "Stored master key is corrupted"); + _pykadminerror_error_insert(module, base, KRB5_KDB_NOACTMASTERKEY, "KDBNoActiveMKeyError", "Cannot find active master key"); + _pykadminerror_error_insert(module, base, KRB5_KDB_KVNONOMATCH, "KDBMKeyMismatchError", "KVNO of new master key does not match expected value"); + _pykadminerror_error_insert(module, base, KRB5_KDB_STORED_MKEY_NOTCURRENT, "KDBMKeyNotCurrentError", "Stored master key is not current"); + _pykadminerror_error_insert(module, base, KRB5_KDB_CANTLOCK_DB, "KDBCantLockError", "Insufficient access to lock database"); + _pykadminerror_error_insert(module, base, KRB5_KDB_DB_CORRUPT, "KDBFormatError", "Database format error"); + _pykadminerror_error_insert(module, base, KRB5_KDB_BAD_VERSION, "KDBVersionError", "Unsupported version in database entry"); + _pykadminerror_error_insert(module, base, KRB5_KDB_BAD_SALTTYPE, "KDBSaltSupportError", "Unsupported salt type"); + _pykadminerror_error_insert(module, base, KRB5_KDB_BAD_ENCTYPE, "KDBEncryptionSupportError", "Unsupported encryption type"); + _pykadminerror_error_insert(module, base, KRB5_KDB_BAD_CREATEFLAGS, "KDBCreateFlagsError", "Bad database creation flags"); + _pykadminerror_error_insert(module, base, KRB5_KDB_NO_PERMITTED_KEY, "KDBNoPermittedKeyError", "No matching key in entry having a permitted enctype"); + _pykadminerror_error_insert(module, base, KRB5_KDB_NO_MATCHING_KEY, "KDBNoMatchingKeyError", "No matching key in entry"); + _pykadminerror_error_insert(module, base, KRB5_KDB_DBTYPE_NOTFOUND, "KDBTypeNotFoundError", "Unable to find requested database type"); + _pykadminerror_error_insert(module, base, KRB5_KDB_DBTYPE_NOSUP, "KDBTypeSupportError", "Database type not supported"); + _pykadminerror_error_insert(module, base, KRB5_KDB_DBTYPE_INIT, "KDBTypeInitializeError", "Database library failed to initialize"); + _pykadminerror_error_insert(module, base, KRB5_KDB_SERVER_INTERNAL_ERR, "KDBServerError", "Server error"); + _pykadminerror_error_insert(module, base, KRB5_KDB_ACCESS_ERROR, "KDBAccessError", "Unable to access Kerberos database"); + _pykadminerror_error_insert(module, base, KRB5_KDB_INTERNAL_ERROR, "KDBInternalError", "Kerberos database internal error"); + _pykadminerror_error_insert(module, base, KRB5_KDB_CONSTRAINT_VIOLATION, "KDBConstraintViolationError", "Kerberos database constraints violated"); + + _pykadminerror_error_insert(module, base, KRB5_LOG_CONV, "LOGUpdateConversionError", "Update log conversion error"); + _pykadminerror_error_insert(module, base, KRB5_LOG_UNSTABLE, "LOGUnstableError", "Update log is unstable"); + _pykadminerror_error_insert(module, base, KRB5_LOG_CORRUPT, "LOGCorruptError", "Update log is corrupt"); + _pykadminerror_error_insert(module, base, KRB5_LOG_ERROR, "LOGGenericError", "Generic update log error"); + + _pykadminerror_error_insert(module, base, KRB5_KDB_DBTYPE_MISMATCH, "KDBTypeMismatchError", "Database module does not match KDC version"); + _pykadminerror_error_insert(module, base, KRB5_KDB_POLICY_REF, "KDBPolicyError", "Policy is in use"); + _pykadminerror_error_insert(module, base, KRB5_KDB_STRINGS_TOOLONG, "KDBStringsTooLongError", "Too much string mapping data"); + + + result = 1; + } + + + return result; +} diff --git a/PyKAdminErrors.h b/PyKAdminErrors.h index 9c7af96..5a49f90 100644 --- a/PyKAdminErrors.h +++ b/PyKAdminErrors.h @@ -12,6 +12,7 @@ #include "pykadmin.h" +#define PyKAdmin_RETURN_ERROR(value, caller) { PyKAdminError_raise_error((long)value, caller); return NULL; } #define PyKAdmin_RETURN_KADM5_ERROR(retval, caller) { PyKAdminError_raise_kadm_error(retval, caller); return NULL; } #define PyKAdmin_RETURN_KRB5_ERROR(code, caller) { PyKAdminError_raise_krb5_error(code, caller); return NULL; } @@ -20,6 +21,7 @@ PyObject *PyKAdminError_init(PyObject *module); void PyKAdminError_raise_kadm_error(kadm5_ret_t retval, char *caller); void PyKAdminError_raise_krb5_error(krb5_error_code code, char *caller); +void PyKAdminError_raise_error(long code, char *caller); #endif diff --git a/PyKAdminObject.c b/PyKAdminObject.c index a26ebad..415ca63 100644 --- a/PyKAdminObject.c +++ b/PyKAdminObject.c @@ -45,13 +45,13 @@ static PyObject *PyKAdminObject_new(PyTypeObject *type, PyObject *args, PyObject if (self) { retval = kadm5_init_krb5_context(&self->context); - if (retval != KADM5_OK) { PyKAdmin_RETURN_KADM5_ERROR(retval, "kadm5_init_krb5_context"); } + if (retval != KADM5_OK) { PyKAdmin_RETURN_ERROR(retval, "kadm5_init_krb5_context"); } self->server_handle = NULL; // attempt to load the default realm code = krb5_get_default_realm(self->context, &self->realm); - if (code) { PyKAdmin_RETURN_KRB5_ERROR(code, "krb5_get_default_realm"); } + if (code) { PyKAdmin_RETURN_ERROR(code, "krb5_get_default_realm"); } self->_storage = PyDict_New(); } @@ -79,10 +79,10 @@ static PyObject *PyKAdminObject_delete_principal(PyKAdminObject *self, PyObject if (self->server_handle) { code = krb5_parse_name(self->context, client_name, &princ); - if (code) { PyKAdmin_RETURN_KRB5_ERROR(retval, "krb5_parse_name"); } + if (code) { PyKAdmin_RETURN_ERROR(retval, "krb5_parse_name"); } retval = kadm5_delete_principal(self->server_handle, princ); - if (retval != KADM5_OK) { PyKAdmin_RETURN_KADM5_ERROR(retval, "kadm5_delete_principal"); } + if (retval != KADM5_OK) { PyKAdmin_RETURN_ERROR(retval, "kadm5_delete_principal"); } } @@ -113,10 +113,10 @@ static PyObject *PyKAdminObject_create_principal(PyKAdminObject *self, PyObject if (self->server_handle) { code = krb5_parse_name(self->context, princ_name, &entry.principal); - if (code) { PyKAdmin_RETURN_KRB5_ERROR(retval, "krb5_parse_name"); } + if (code) { PyKAdmin_RETURN_ERROR(retval, "krb5_parse_name"); } retval = kadm5_create_principal(self->server_handle, &entry, KADM5_PRINCIPAL, princ_pass); - if (retval != KADM5_OK) { PyKAdmin_RETURN_KADM5_ERROR(retval, "kadm5_create_principal"); } + if (retval != KADM5_OK) { PyKAdmin_RETURN_ERROR(retval, "kadm5_create_principal"); } } diff --git a/PyKAdminPolicyObject.c b/PyKAdminPolicyObject.c index 68387c4..0bf3ee8 100644 --- a/PyKAdminPolicyObject.c +++ b/PyKAdminPolicyObject.c @@ -120,7 +120,7 @@ PyTypeObject PyKAdminPolicyObject_Type = { sizeof(PyKAdminPolicyObject), /*tp_basicsize*/ 0, /*tp_itemsize*/ (destructor)PyKAdminPolicyObject_dealloc, /*tp_dealloc*/ - 0, /*tp_print*/ + KAdminPolicyObject_print, /*tp_print*/ 0, /*tp_getattr*/ 0, /*tp_setattr*/ 0, /*tp_compare*/ diff --git a/PyKAdminPrincipalObject.c b/PyKAdminPrincipalObject.c index df92aee..22a5655 100644 --- a/PyKAdminPrincipalObject.c +++ b/PyKAdminPrincipalObject.c @@ -63,6 +63,10 @@ static int PyKAdminPrincipal_init(PyKAdminPrincipalObject *self, PyObject *args, } +static PyObject *PyKAdminPrincipal_str(PyKAdminPrincipalObject *self) { + return NULL; +} + static int PyKAdminPrincipal_print(PyKAdminPrincipalObject *self, FILE *file, int flags){ @@ -143,7 +147,7 @@ static PyObject *PyKAdminPrincipal_set_attributes(PyKAdminPrincipalObject *self, self->mask |= KADM5_ATTRIBUTES; //retval = kadm5_modify_principal(self->kadmin->server_handle, &self->entry, KADM5_ATTRIBUTES); - //if (retval != KADM5_OK) { PyKAdminError_raise_kadm_error(retval, "kadm5_modify_principal"); return NULL; } + //if (retval != KADM5_OK) { PyKAdminError_raise_error(retval, "kadm5_modify_principal"); return NULL; } } Py_RETURN_TRUE; @@ -174,7 +178,7 @@ static PyObject *PyKAdminPrincipal_commit(PyKAdminPrincipalObject *self) { if (self && self->mask) { retval = kadm5_modify_principal(self->kadmin->server_handle, &self->entry, self->mask); - if (retval != KADM5_OK) { PyKAdminError_raise_kadm_error(retval, "kadm5_modify_principal"); } + if (retval != KADM5_OK) { PyKAdminError_raise_error(retval, "kadm5_modify_principal"); } self->mask = 0; } @@ -196,11 +200,11 @@ static PyObject *PyKAdminPrincipal_reload(PyKAdminPrincipalObject *self) { if (ret) {} retval = kadm5_free_principal_ent(self->kadmin->server_handle, &self->entry); - if (retval != KADM5_OK) { PyKAdminError_raise_kadm_error(retval, "kadm5_free_principal_ent"); } + if (retval != KADM5_OK) { PyKAdminError_raise_error(retval, "kadm5_free_principal_ent"); } if (retval == KADM5_OK) { retval = kadm5_get_principal(self->kadmin->server_handle, temp, &self->entry, KADM5_PRINCIPAL_NORMAL_MASK); - if (retval != KADM5_OK) { PyKAdminError_raise_kadm_error(retval, "kadm5_get_principal"); } + if (retval != KADM5_OK) { PyKAdminError_raise_error(retval, "kadm5_get_principal"); } } krb5_free_principal(self->kadmin->context, temp); @@ -226,7 +230,7 @@ static PyObject *PyKAdminPrincipal_change_password(PyKAdminPrincipalObject *self return NULL; retval = kadm5_chpass_principal(self->kadmin->server_handle, self->entry.principal, password); - if (retval != KADM5_OK) { PyKAdminError_raise_kadm_error(retval, "kadm5_chpass_principal"); return NULL; } + if (retval != KADM5_OK) { PyKAdminError_raise_error(retval, "kadm5_chpass_principal"); return NULL; } Py_RETURN_TRUE; } @@ -236,7 +240,7 @@ static PyObject *PyKAdminPrincipal_randomize_key(PyKAdminPrincipalObject *self) kadm5_ret_t retval = KADM5_OK; retval = kadm5_randkey_principal(self->kadmin->server_handle, self->entry.principal, NULL, NULL); - if (retval != KADM5_OK) { PyKAdminError_raise_kadm_error(retval, "kadm5_randkey_principal"); return NULL; } + if (retval != KADM5_OK) { PyKAdminError_raise_error(retval, "kadm5_randkey_principal"); return NULL; } Py_RETURN_TRUE; } diff --git a/kadmin.c b/kadmin.c index 2f366db..121c572 100644 --- a/kadmin.c +++ b/kadmin.c @@ -167,6 +167,11 @@ static PyObject *_kadmin_get_option(PyObject *self, PyObject *args, PyObject *kw return NULL; } +static PyObject *_kadmin_set_option(PyObject *self, PyObject *args, PyObject *kwds) { + + // todo + return NULL; +} char **_kadmin_dict_to_db_args(PyObject *dict) { @@ -268,7 +273,7 @@ static PyKAdminObject *_kadmin_local(PyObject *self, PyObject *args) { if (db_args) _kadmin_free_db_args(db_args); - if (retval != KADM5_OK) { PyKAdmin_RETURN_KADM5_ERROR(retval, "kadm5_init_with_password.local"); } + if (retval != KADM5_OK) { PyKAdmin_RETURN_ERROR(retval, "kadm5_init_with_password.local"); } return kadmin; @@ -302,18 +307,18 @@ static PyKAdminObject *_kadmin_init_with_ccache(PyObject *self, PyObject *args) if (!ccache_name) { code = krb5_cc_default(kadmin->context, &cc); - if (code) { PyKAdmin_RETURN_KRB5_ERROR(code, "krb5_cc_default"); } + if (code) { PyKAdmin_RETURN_ERROR(code, "krb5_cc_default"); } } else { code = krb5_cc_resolve(kadmin->context, ccache_name, &cc); - if (code) { PyKAdmin_RETURN_KRB5_ERROR(code, "krb5_cc_resolve"); } + if (code) { PyKAdmin_RETURN_ERROR(code, "krb5_cc_resolve"); } } if (!client_name) { code = krb5_cc_get_principal(kadmin->context, cc, &princ); - if (code) { PyKAdmin_RETURN_KRB5_ERROR(code, "krb5_cc_get_principal"); } + if (code) { PyKAdmin_RETURN_ERROR(code, "krb5_cc_get_principal"); } code = krb5_unparse_name(kadmin->context, princ, &client_name); - if (code) { PyKAdmin_RETURN_KRB5_ERROR(code, "krb5_unparse_name"); } + if (code) { PyKAdmin_RETURN_ERROR(code, "krb5_unparse_name"); } krb5_free_principal(kadmin->context, princ); } @@ -332,7 +337,7 @@ static PyKAdminObject *_kadmin_init_with_ccache(PyObject *self, PyObject *args) if (db_args) _kadmin_free_db_args(db_args); - if (retval != KADM5_OK) { PyKAdmin_RETURN_KADM5_ERROR(retval, "kadm5_init_with_creds"); } + if (retval != KADM5_OK) { PyKAdmin_RETURN_ERROR(retval, "kadm5_init_with_creds"); } Py_XINCREF(kadmin); return kadmin; @@ -366,10 +371,10 @@ static PyKAdminObject *_kadmin_init_with_keytab(PyObject *self, PyObject *args) if (client_name == NULL) { code = krb5_sname_to_principal(kadmin->context, NULL, "host", KRB5_NT_SRV_HST, &princ); - if (code) { PyKAdmin_RETURN_KRB5_ERROR(code, "krb5_sname_to_principal"); } + if (code) { PyKAdmin_RETURN_ERROR(code, "krb5_sname_to_principal"); } code = krb5_unparse_name(kadmin->context, princ, &client_name); - if (code) { PyKAdmin_RETURN_KRB5_ERROR(code, "krb5_unparse_name"); } + if (code) { PyKAdmin_RETURN_ERROR(code, "krb5_unparse_name"); } krb5_free_principal(kadmin->context, princ); } @@ -389,7 +394,7 @@ static PyKAdminObject *_kadmin_init_with_keytab(PyObject *self, PyObject *args) if (db_args) _kadmin_free_db_args(db_args); - if (retval != KADM5_OK) { PyKAdmin_RETURN_KADM5_ERROR(retval, "kadm5_init_with_skey"); } + if (retval != KADM5_OK) { PyKAdmin_RETURN_ERROR(retval, "kadm5_init_with_skey"); } @@ -429,7 +434,7 @@ static PyKAdminObject *_kadmin_init_with_password(PyObject *self, PyObject *args if (db_args) _kadmin_free_db_args(db_args); - if (retval != KADM5_OK) { PyKAdmin_RETURN_KADM5_ERROR(retval, "kadm5_init_with_password"); } + if (retval != KADM5_OK) { PyKAdmin_RETURN_ERROR(retval, "kadm5_init_with_password"); } Py_XINCREF(kadmin); return kadmin; From bad169763ad97c4209171e67c42216fff85bf716 Mon Sep 17 00:00:00 2001 From: Russell Jancewicz Date: Mon, 21 Jul 2014 22:29:35 -0400 Subject: [PATCH 6/8] cleaned up iterator functions --- PyKAdminErrors.h | 8 +++---- PyKAdminIterator.c | 60 +++++++++++++++++++++++++--------------------- PyKAdminIterator.h | 15 ++++-------- PyKAdminObject.c | 18 +++++++------- kadmin.c | 35 ++++++++++++++++----------- 5 files changed, 70 insertions(+), 66 deletions(-) diff --git a/PyKAdminErrors.h b/PyKAdminErrors.h index 5a49f90..ffaeb6d 100644 --- a/PyKAdminErrors.h +++ b/PyKAdminErrors.h @@ -14,13 +14,13 @@ #define PyKAdmin_RETURN_ERROR(value, caller) { PyKAdminError_raise_error((long)value, caller); return NULL; } -#define PyKAdmin_RETURN_KADM5_ERROR(retval, caller) { PyKAdminError_raise_kadm_error(retval, caller); return NULL; } -#define PyKAdmin_RETURN_KRB5_ERROR(code, caller) { PyKAdminError_raise_krb5_error(code, caller); return NULL; } +//#define PyKAdmin_RETURN_KADM5_ERROR(retval, caller) { PyKAdminError_raise_kadm_error(retval, caller); return NULL; } +//#define PyKAdmin_RETURN_KRB5_ERROR(code, caller) { PyKAdminError_raise_krb5_error(code, caller); return NULL; } PyObject *PyKAdminError_init(PyObject *module); -void PyKAdminError_raise_kadm_error(kadm5_ret_t retval, char *caller); -void PyKAdminError_raise_krb5_error(krb5_error_code code, char *caller); +//void PyKAdminError_raise_kadm_error(kadm5_ret_t retval, char *caller); +//void PyKAdminError_raise_krb5_error(krb5_error_code code, char *caller); void PyKAdminError_raise_error(long code, char *caller); diff --git a/PyKAdminIterator.c b/PyKAdminIterator.c index 8837684..23efd6e 100644 --- a/PyKAdminIterator.c +++ b/PyKAdminIterator.c @@ -8,28 +8,13 @@ static void PyKAdminIterator_dealloc(PyKAdminIterator *self) { kadm5_free_name_list(self->kadmin->server_handle, self->names, self->count); - Py_XDECREF(self->kadmin); + Py_DECREF(self->kadmin); Py_TYPE(self)->tp_free((PyObject *)self); - //self->ob_type->tp_free((PyObject*)self); } static int PyKAdminIterator_init(PyKAdminIterator *self, PyObject *args, PyObject *kwds) { - - self->count = 0x0; - self->index = 0x0; - - if (self->kadmin->server_handle) { - - if (self->mode & iterate_principals) { - kadm5_get_principals(self->kadmin->server_handle, self->match, &self->names, &self->count); - } else if (self->mode & iterate_policies) { - kadm5_get_policies(self->kadmin->server_handle, self->match, &self->names, &self->count); - } - } - - return 0; } @@ -41,7 +26,7 @@ static PyObject *PyKAdminIterator_next(PyKAdminIterator *self) { if (self->index < self->count) { name = self->names[self->index]; - next = Py_BuildValue("s", name); + next = PyUnicode_FromString(name); self->index++; } @@ -93,25 +78,46 @@ PyTypeObject PyKAdminIterator_Type = { }; +PyKAdminIterator *PyKAdminIterator_principal_iterator(PyKAdminObject *kadmin, char *match) { -PyKAdminIterator *PyKAdminIterator_create(PyKAdminObject *kadmin, PyKadminIteratorModes mode, char *match) { - + kadm5_ret_t retval = KADM5_OK; PyKAdminIterator *iter = PyObject_New(PyKAdminIterator, &PyKAdminIterator_Type); if (iter) { - Py_XINCREF(kadmin); - iter->kadmin = kadmin; - iter->mode = mode; - iter->match = match; + + iter->count = 0x0; + iter->index = 0x0; + + iter->kadmin = kadmin; + Py_INCREF(kadmin); + + retval = kadm5_get_principals(kadmin->server_handle, match, &iter->names, &iter->count); + if (retval != KADM5_OK) { PyKAdmin_RETURN_ERROR(retval, "kadm5_get_principals"); } } - PyKAdminIterator_init(iter, NULL, NULL); Py_XINCREF(iter); - return iter; } -void PyKAdminIterator_destroy(PyKAdminIterator *self) { - PyKAdminIterator_dealloc(self); + +PyKAdminIterator *PyKAdminIterator_policy_iterator(PyKAdminObject *kadmin, char *match) { + + kadm5_ret_t retval = KADM5_OK; + PyKAdminIterator *iter = PyObject_New(PyKAdminIterator, &PyKAdminIterator_Type); + + if (iter) { + + iter->count = 0x0; + iter->index = 0x0; + + iter->kadmin = kadmin; + Py_INCREF(kadmin); + + retval = kadm5_get_policies(kadmin->server_handle, match, &iter->names, &iter->count); + if (retval != KADM5_OK) { PyKAdmin_RETURN_ERROR(retval, "kadm5_get_policies"); } + } + + Py_XINCREF(iter); + return iter; } diff --git a/PyKAdminIterator.h b/PyKAdminIterator.h index 845769d..4eff5fa 100644 --- a/PyKAdminIterator.h +++ b/PyKAdminIterator.h @@ -9,21 +9,12 @@ #include #include -typedef enum { - iterate_principals = 0x1, - iterate_policies = 0x2 -// iterate_unpack = 0x4 -} PyKadminIteratorModes; - typedef struct { PyObject_HEAD - //Py_ssize_t count; Py_ssize_t index; - PyKadminIteratorModes mode; int count; - char *match; char **names; PyKAdminObject *kadmin; @@ -32,7 +23,9 @@ typedef struct { PyTypeObject PyKAdminIterator_Type; -PyKAdminIterator *PyKAdminIterator_create(PyKAdminObject *kadmin, PyKadminIteratorModes mode, char *filter); -void PyKAdminIterator_destroy(PyKAdminIterator *self); +PyKAdminIterator *PyKAdminIterator_principal_iterator(PyKAdminObject *kadmin, char *match); +PyKAdminIterator *PyKAdminIterator_policy_iterator(PyKAdminObject *kadmin, char *match); + +//PyKAdminIterator *PyKAdminIterator_create(PyKAdminObject *kadmin, PyKadminIteratorModes mode, char *filter); #endif \ No newline at end of file diff --git a/PyKAdminObject.c b/PyKAdminObject.c index 415ca63..b31fe94 100644 --- a/PyKAdminObject.c +++ b/PyKAdminObject.c @@ -156,30 +156,28 @@ static PyKAdminPolicyObject *PyKAdminObject_get_policy(PyKAdminObject *self, PyO static PyKAdminIterator *PyKAdminObject_principal_iter(PyKAdminObject *self, PyObject *args, PyObject *kwds) { char *match = NULL; - PyObject *unpack = Py_False; - PyKadminIteratorModes mode = iterate_principals; - static char *kwlist[] = {"match", "unpack", NULL}; + static char *kwlist[] = {"match", NULL}; - if (!PyArg_ParseTupleAndKeywords(args, kwds, "|zO", kwlist, &match, &unpack)) + if (!PyArg_ParseTupleAndKeywords(args, kwds, "|z", kwlist, &match)) return NULL; - return PyKAdminIterator_create(self, mode, match); + return PyKAdminIterator_principal_iterator(self, match); + //PyKAdminIterator_create(self, iterate_principals, match); } static PyKAdminIterator *PyKAdminObject_policy_iter(PyKAdminObject *self, PyObject *args, PyObject *kwds) { char *match = NULL; - PyObject *unpack = Py_False; - PyKadminIteratorModes mode = iterate_policies; - static char *kwlist[] = {"match", "unpack", NULL}; + static char *kwlist[] = {"match", NULL}; - if (!PyArg_ParseTupleAndKeywords(args, kwds, "|zO", kwlist, &match, &unpack)) + if (!PyArg_ParseTupleAndKeywords(args, kwds, "|z", kwlist, &match)) return NULL; - return PyKAdminIterator_create(self, mode, match); + return PyKAdminIterator_policy_iterator(self, match); + //return PyKAdminIterator_create(self, iterate_policies, match); } diff --git a/kadmin.c b/kadmin.c index 121c572..5d5f4ef 100644 --- a/kadmin.c +++ b/kadmin.c @@ -125,6 +125,9 @@ PyKADMIN_INIT_FUNC { if (PyType_Ready(&PyKAdminPolicyObject_Type) < 0) PyModule_RETURN_ERROR; + if (PyType_Ready(&PyKAdminIterator_Type) < 0) + PyModule_RETURN_ERROR; + // initialize the module # ifdef PYTHON3 @@ -188,32 +191,36 @@ char **_kadmin_dict_to_db_args(PyObject *dict) { Py_ssize_t length = PyDict_Size(dict) + 1; - db_args = calloc(length, sizeof(intptr_t)); + if (dict) { - if (db_args && PyDict_CheckExact(dict)) { + db_args = calloc(length, sizeof(intptr_t)); - while (PyDict_Next(dict, &position, &key, &value)) { + if (db_args && PyDict_CheckExact(dict)) { - if (PyUnicodeBytes_Check(key) && PyUnicodeBytes_Check(value)) { + while (PyDict_Next(dict, &position, &key, &value)) { - str_key = PyUnicode_or_PyBytes_asCString(key); - str_value = PyUnicode_or_PyBytes_asCString(value); + if (PyUnicodeBytes_Check(key) && PyUnicodeBytes_Check(value)) { - if (str_key && str_value) { + str_key = PyUnicode_or_PyBytes_asCString(key); + str_value = PyUnicode_or_PyBytes_asCString(value); - length = strlen(str_key) + strlen(str_value) + 2; - argument = calloc(length, sizeof(char)); + if (str_key && str_value) { - if (argument) { - snprintf(argument, length, "%s=%s", str_key, str_value); - db_args[index++] = argument; + length = strlen(str_key) + strlen(str_value) + 2; + argument = calloc(length, sizeof(char)); + + if (argument) { + snprintf(argument, length, "%s=%s", str_key, str_value); + db_args[index++] = argument; + } } } } + + db_args[index] = NULL; } } - db_args[index] = NULL; return db_args; @@ -415,7 +422,7 @@ static PyKAdminObject *_kadmin_init_with_password(PyObject *self, PyObject *args kadm5_config_params *params = calloc(0x1, sizeof(kadm5_config_params)); - if (!PyArg_ParseTuple(args, "zzO!", &client_name, &password, &PyDict_Type, &db_args_dict)) + if (!PyArg_ParseTuple(args, "zz|O!", &client_name, &password, &PyDict_Type, &db_args_dict)) return NULL; db_args = _kadmin_dict_to_db_args(db_args_dict); From 685acab9ce741c2f384cfaa7d1c408eb1d155820 Mon Sep 17 00:00:00 2001 From: Russell Jancewicz Date: Tue, 22 Jul 2014 09:14:56 -0400 Subject: [PATCH 7/8] unit tests create keytab if needed. --- test/unittests.py | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/test/unittests.py b/test/unittests.py index 39ed27f..da70397 100644 --- a/test/unittests.py +++ b/test/unittests.py @@ -31,9 +31,20 @@ def create_test_prinicipal(): if not os.path.isfile(TEST_KEYTAB): - #kadmin_local = subprocess.Popen(['kadmin.local'], shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + command = ''' +spawn kadmin.local -p root@EXAMPLE.COM - pass +expect "kadmin.local:" { send "ank test/admin@EXAMPLE.COM\r" } +expect "Enter password for principal" { send "example\r" } +expect "Re-enter password for principal" { send "example\r" } +expect "kadmin.local:" { send "ktadd -kt ./test.keytab test/admin@EXAMPLE.COM\r"} +expect "kadmin.local:" { exit 1 } +''' + + expect = subprocess.Popen(['expect'], shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + + expect.communicate(command.encode()) + expect.wait() def create_ccache(): From ad83fa6455793c510c2d3ff3f1bfcf3e02ebec7e Mon Sep 17 00:00:00 2001 From: Russell Jancewicz Date: Tue, 22 Jul 2014 09:47:23 -0400 Subject: [PATCH 8/8] unit tests generate test.keytab as needed unit tests create the admin account and keytab for authentication using an expect script. Utilizes configure principal name password and keytab for generation --- test/unittests.py | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/test/unittests.py b/test/unittests.py index da70397..733b0f2 100644 --- a/test/unittests.py +++ b/test/unittests.py @@ -34,12 +34,17 @@ def create_test_prinicipal(): command = ''' spawn kadmin.local -p root@EXAMPLE.COM -expect "kadmin.local:" { send "ank test/admin@EXAMPLE.COM\r" } -expect "Enter password for principal" { send "example\r" } -expect "Re-enter password for principal" { send "example\r" } -expect "kadmin.local:" { send "ktadd -kt ./test.keytab test/admin@EXAMPLE.COM\r"} -expect "kadmin.local:" { exit 1 } -''' +expect "kadmin.local:" {{ send "ank {0}\r" }} +expect "Enter password for principal" {{ send "{1}\r" }} +expect "Re-enter password for principal" {{ send "{1}\r" }} + +expect "kadmin.local:" {{ send "cpw {0}\r" }} +expect "Enter password for principal" {{ send "{1}\r" }} +expect "Re-enter password for principal" {{ send "{1}\r" }} + +expect "kadmin.local:" {{ send "ktadd -kt {2} -norandkey {0}\r"}} +expect "kadmin.local:" {{ exit 1 }} +'''.format(TEST_PRINCIPAL, TEST_PASSWORD, TEST_KEYTAB) expect = subprocess.Popen(['expect'], shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)