pax_global_header00006660000000000000000000000064112234464160014515gustar00rootroot0000000000000052 comment=381c49f1da90fdb1a127a28c0df4c2eaf72bdd3c krb5user-0.1.2/000075500000000000000000000000001122344641600132555ustar00rootroot00000000000000krb5user-0.1.2/.gear/000075500000000000000000000000001122344641600142515ustar00rootroot00000000000000krb5user-0.1.2/.gear/rules000064400000000000000000000000061122344641600153220ustar00rootroot00000000000000tar: .krb5user-0.1.2/SConstruct000064400000000000000000000006311122344641600153070ustar00rootroot00000000000000Environment(tools=['install']) AddOption('--libdir', dest='libdir', type='string', nargs=1, action='store', default='/usr/lib', metavar='DIR', help='installation libdir') destdir = GetOption('install_sandbox') destdir = destdir if destdir else '/' Export('destdir') SConscript('libkrb5user/SConscript') SConscript('pykrb5user/SConscript') Alias('install', destdir) krb5user-0.1.2/krb5user.spec000064400000000000000000000051641122344641600157010ustar00rootroot00000000000000Name: krb5user Version: 0.1.2 Release: alt2 Summary: User helper library for MIT Kerberos License: %gpl2plus URL: http://tartarus.ru/ Group: System/Libraries Packager: Evgeny Sinelnikov Source: %name-%version.tar %setup_python_subpackage %name # Automatically added by buildreq on Tue Oct 07 2008 BuildRequires: boost-python-devel gcc-c++ libkrb5-devel scons BuildRequires: libcom_err-devel libkrb5-devel scons BuildRequires: boost-devel >= 1.39.0 BuildRequires(pre): rpm-build-licenses %description User helper library for MIT Kerberos. %package -n lib%name Summary: User helper library for MIT Kerberos Group: System/Libraries %description -n lib%name User helper library for MIT Kerberos %package -n lib%name-devel Summary: Headers for developing with MIT Kerberos user helper library Group: System/Libraries %description -n lib%name-devel Headers for developing with MIT Kerberos user helper library %package -n %packagename Summary: Python binding for MIT Kerberos user helper library Group: Development/Python %setup_std_python_package_deps %description -n %packagename Python binding for MIT Kerberos user helper library %prep %setup -q %build scons %install scons install --install-sandbox=%buildroot --libdir=%_libdir %files -n lib%name %_libdir/lib*.so.* %files -n lib%name-devel %_includedir/* %_libdir/lib*.so %_libdir/pkgconfig/* %files -n %packagename %python_sitelibdir/* %changelog * Fri Jul 03 2009 Evgeny Sinelnikov 0.1.2-alt2 - Rebuild with boost-1.39.0 * Tue Apr 21 2009 Evgeny Sinelnikov 0.1.2-alt1 - Clean code for krb5 internal FQDN lookup * Tue Mar 03 2009 Evgeny Sinelnikov 0.1.1-alt1 - Fixed long delay due backward resolving with hostname like FQDN - Removed obsolete macroses %post*_ldconfig * Tue Nov 11 2008 Evgeny Sinelnikov 0.1.0-alt4 - Fixed install for x86_64 * Wed Oct 22 2008 Evgeny Sinelnikov 0.1.0-alt3 - Fixed bug with check for fqdn from gethostname() if getaddrinfo() failed * Wed Oct 22 2008 Evgeny Sinelnikov 0.1.0-alt2 - Added krb5user_set_ccname() to python binding * Wed Oct 22 2008 Evgeny Sinelnikov 0.1.0-alt1 - Using gethostname() if getaddrinfo() failed for default hostname - Added krb5user_set_ccname() for change credential cache * Tue Oct 07 2008 Evgeny Sinelnikov 0.0.3-alt1 - Added kinit_password_*() functions - Added python bindings * Fri Sep 26 2008 Evgeny Sinelnikov 0.0.2-alt1 - Fixed build scripts - Added pkgconfig * Thu Sep 25 2008 Evgeny Sinelnikov 0.0.1-alt1 - Initial first build krb5user-0.1.2/libkrb5user/000075500000000000000000000000001122344641600155065ustar00rootroot00000000000000krb5user-0.1.2/libkrb5user/SConscript000064400000000000000000000026071122344641600175250ustar00rootroot00000000000000from os.path import join Import('destdir') env = Environment(LIBDIR = GetOption('libdir')) env.ParseConfig("/usr/bin/krb5-config --cflags --libs") env['INC_FLAGS'] = env.subst(env['_CPPINCFLAGS']) env['LIBNAME'] = 'krb5user' #env['CFLAGS'] = ['-g'] LIBDEVSUFFIX = ".so" NAME = "libkrb5user" LIBBASEVERSION = "0" LIBSUBVERSION = "0.1" LIBFULLVERSION = LIBBASEVERSION + '.' + LIBSUBVERSION LIBBASESUFFIX = LIBDEVSUFFIX + '.' + LIBBASEVERSION LIBFULLSUFFIX = LIBDEVSUFFIX + '.' + LIBFULLVERSION SONAME = NAME + LIBBASESUFFIX FULLNAME = NAME + LIBFULLSUFFIX DEVNAME = NAME + LIBDEVSUFFIX env["SHLIBSUFFIX"] = [LIBFULLSUFFIX] env.Append(LINKFLAGS=['-Wl,-soname,' + SONAME]) lib = env.SharedLibrary(NAME, 'krb5user.c') inst_lib = env.Install('$LIBDIR', lib) Command(SONAME, lib, 'ln -fs `basename $SOURCE` $TARGET') devlib = Command(DEVNAME, lib, 'ln -fs `basename $SOURCE` $TARGET') env.Command(join(destdir, '$LIBDIR', SONAME), inst_lib, 'ln -fs `basename $SOURCE` $TARGET') env.Command(join(destdir, '$LIBDIR', DEVNAME), inst_lib, 'ln -fs `basename $SOURCE` $TARGET') Install('/usr/include', 'krb5user.h') def gen_pkgconfig(target, source, env): out = open(str(target[0]), 'w+') in_str = open(str(source[0])).read() out.write(env.subst(in_str)) Builder(action=gen_pkgconfig)(env, join(destdir, '$LIBDIR/pkgconfig/krb5user.pc'), 'krb5user.pc') Export('env','devlib') SConscript('test/SConscript') krb5user-0.1.2/libkrb5user/krb5user.c000064400000000000000000000162471122344641600174260ustar00rootroot00000000000000#include #include #include #include #include #include "krb5user.h" static krb5_error_code krb5user_kinit_keytab_common(krb5_context ctx, krb5_principal princ, const char* ktname, const char* ccname, const char** what) { const char *dummy = 0; if (!what) what = &dummy; krb5_error_code e = 0; krb5_keytab kt = 0; krb5_get_init_creds_opt *options = 0; krb5_ccache cc = 0; krb5_creds creds; memset(&creds, 0, sizeof(creds)); if (ktname) { *what = "resolving keytab"; e = krb5_kt_resolve(ctx, ktname, &kt); if (e != 0) goto out0; } *what = "initalizing options structure"; e = krb5_get_init_creds_opt_alloc(ctx, &options); if (e != 0) goto out1; if (ccname) { *what = "locating credential cache"; e = krb5_cc_resolve(ctx, ccname, &cc); } else { *what = "locating default credential cache"; e = krb5_cc_default(ctx, &cc); } if (e != 0) goto out2; //forwardable: //krb5_get_init_creds_opt_set_forwardable(options, 1); *what = "getting credentials"; e = krb5_get_init_creds_keytab(ctx, &creds, princ, kt, 0, //starttime 0, //service name options); if (e != 0) goto out3; *what = "initializing credential cache"; e = krb5_cc_initialize(ctx, cc, princ); if (e != 0) goto out4; *what = "storing credentials in cache"; e = krb5_cc_store_cred(ctx, cc, &creds); if (e != 0) goto out4; *what = "OK"; out4: //avoid freeing principal twice if (creds.client == princ) creds.client = 0; krb5_free_cred_contents(ctx, &creds); out3: if (cc) krb5_cc_close(ctx, cc); out2: if (options) krb5_get_init_creds_opt_free(ctx, options); out1: if (kt) krb5_kt_close(ctx, kt); out0: return e; // ok } krb5_error_code krb5user_kinit_keytab_spn(const char* spn, const char* ktname, const char* ccname, const char** what) { const char *dummy = 0; if (!what) what = &dummy; krb5_error_code e = 0; krb5_context ctx = 0; krb5_principal princ = 0; *what = "initializing context"; e = krb5_init_context(&ctx); if (e != 0) return e; *what = "parsing principal name"; e = krb5_parse_name(ctx, spn, &princ); if (e != 0) goto out1; e = krb5user_kinit_keytab_common(ctx, princ, ktname, ccname, what); if (e != 0) goto out2; *what = "OK"; out2: if (princ) krb5_free_principal(ctx, princ); out1: if (ctx) krb5_free_context(ctx); return e; // ok } krb5_error_code krb5user_kinit_keytab (const char *service, const char *hostname, const char* ktname, const char* ccname, const char **what) { const char *dummy = 0; if (!what) what = &dummy; krb5_error_code e = 0; krb5_context ctx = 0; krb5_principal princ = 0; *what = "initializing context"; e = krb5_init_context(&ctx); if (e != 0) return e; *what = "parsing principal name"; e = krb5_sname_to_principal(ctx, hostname, service, KRB5_NT_SRV_HST, &princ); if (e != 0) goto out1; e = krb5user_kinit_keytab_common(ctx, princ, ktname, ccname, what); if (e != 0) goto out2; *what = "OK"; out2: if (princ) krb5_free_principal(ctx, princ); out1: if (ctx) krb5_free_context(ctx); return e; // ok } static krb5_error_code krb5user_kinit_password_common(const char* principal, char* password, krb5_prompter_fct prompter, char *prompter_data, const char* ccname, const char** what) { const char *dummy = 0; if (!what) what = &dummy; krb5_error_code e = 0; krb5_context ctx = 0; krb5_principal princ = 0; krb5_get_init_creds_opt *options = 0; krb5_ccache cc = 0; krb5_creds creds; memset(&creds, 0, sizeof(creds)); *what = "initializing context"; e = krb5_init_context(&ctx); if (e != 0) return e; *what = "parsing principal name"; e = krb5_parse_name(ctx, principal, &princ); if (e != 0) goto out1; *what = "initalizing options structure"; e = krb5_get_init_creds_opt_alloc(ctx, &options); if (e != 0) goto out2; //forwardable: //krb5_get_init_creds_opt_set_forwardable(options, 1); *what = "getting credentials"; e = krb5_get_init_creds_password(ctx, &creds, princ, password, prompter, //prompter prompter_data, //data 0, //starttime 0, //service name options); if (e != 0) goto out3; if (ccname) { *what = "locating credential cache"; e = krb5_cc_resolve(ctx, ccname, &cc); } else { *what = "locating default credential cache"; e = krb5_cc_default(ctx, &cc); } if (e != 0) goto out4; *what = "initializing credential cache"; e = krb5_cc_initialize(ctx, cc, princ); if (e != 0) goto out5; *what = "storing credentials in cache"; e = krb5_cc_store_cred(ctx, cc, &creds); if (e != 0) goto out5; *what = "OK"; out5: if (cc) krb5_cc_close(ctx, cc); out4: //avoid freeing principal twice if (creds.client == princ) creds.client = 0; krb5_free_cred_contents(ctx, &creds); out3: if (options) krb5_get_init_creds_opt_free(ctx, options); out2: if (princ) krb5_free_principal(ctx, princ); out1: if (ctx) krb5_free_context(ctx); return e; // ok } krb5_error_code krb5user_kinit_password(const char* principal, char* password, const char* ccname, const char** what) { return krb5user_kinit_password_common(principal, password, NULL, NULL, ccname, what); } typedef struct _krb5user_prompt { krb5user_prompter_fct prompter; void *data; } krb5user_prompt; static krb5_error_code KRB5_CALLCONV krb5user_common_prompter( krb5_context ctx, void *data, const char *name, const char *banner, int num_prompts, krb5_prompt prompts[]) { krb5user_prompt *prompt = data; return prompt->prompter(prompt->data, name, banner, prompts[0].prompt, prompts[0].reply->data, prompts[0].reply->length); } krb5_error_code krb5user_kinit_password_prompt(const char* principal, krb5user_prompter_fct prompter, void *prompter_data, const char* ccname, const char** what) { krb5user_prompt prompt; prompt.prompter = prompter; prompt.data = prompter_data; return krb5user_kinit_password_common(principal, NULL, krb5user_common_prompter, (void*)&prompt, ccname, what); } krb5_error_code krb5user_kinit_password_prompt_posix(const char* principal, const char* ccname, const char** what) { return krb5user_kinit_password_common(principal, NULL, krb5_prompter_posix, NULL, ccname, what); } krb5_error_code krb5user_kdestroy (const char* ccname, const char **what) { const char *dummy = 0; if (!what) what = &dummy; krb5_error_code e = 0; krb5_context ctx = 0; krb5_ccache cc = NULL; *what = "initializing context"; e = krb5_init_context(&ctx); if (e != 0) return e; if (ccname) { *what = "locating credential cache"; e = krb5_cc_resolve(ctx, ccname, &cc); } else { *what = "locating default credential cache"; e = krb5_cc_default(ctx, &cc); } if (e != 0) goto out1; e = krb5_cc_destroy (ctx, cc); if (e != 0) { if (e != KRB5_FCC_NOFILE) *what = "Ticket cache NOT destroyed"; else *what = "Ticket cache %cNOT%c destroyed"; goto out1; } *what = "OK"; out1: if (ctx) krb5_free_context(ctx); return e; // ok } krb5user_error_code krb5user_set_ccname (const char* ccname, const char **what) { const char *dummy = 0; if (!what) what = &dummy; if (ccname != NULL && setenv("KRB5CCNAME", ccname, 1) != 0) { *what = "can't set KRB5CCNAME"; return EINVAL; } return 0; } char const *krb5user_error_message (krb5user_error_code e) { return error_message(e); } krb5user-0.1.2/libkrb5user/krb5user.h000064400000000000000000000035121122344641600174220ustar00rootroot00000000000000#ifndef KRB5USER_H #define KRB5USER_H #ifdef __cplusplus extern "C" { #endif #include typedef int32_t krb5user_error_code; typedef krb5user_error_code (*krb5user_prompter_fct)( void *data, const char *name, const char *banner, const char *prompt, char *reply, unsigned int reply_length); krb5user_error_code krb5user_kinit_keytab_spn (const char* spn, const char* ktname, const char* ccname, const char** what); krb5user_error_code krb5user_kinit_keytab (const char *service, const char *hostname, const char* ktname, const char* ccname, const char **what); krb5user_error_code krb5user_kinit_password (const char *principal, char* password, const char* ccname, const char **what); krb5user_error_code krb5user_kinit_password_prompt (const char *principal, krb5user_prompter_fct prompter, void *data, const char* ccname, const char **what); krb5user_error_code krb5user_kinit_password_prompt_posix (const char *principal, const char* ccname, const char **what); krb5user_error_code krb5user_kdestroy (const char* ccname, const char **what); krb5user_error_code krb5user_set_ccname (const char* ccname, const char **what); char const *krb5user_error_message (krb5user_error_code); #ifdef __cplusplus } #endif #endif krb5user-0.1.2/libkrb5user/krb5user.pc000064400000000000000000000003211122344641600175700ustar00rootroot00000000000000prefix=/usr exec_prefix=/usr libdir=$LIBDIR includedir=/usr/include Name: krb5user Description: MIT Kerberos user helper library Requires: Version: 0.0.1 Libs: -l$LIBNAME Cflags: -I$${includedir} $INC_FLAGS krb5user-0.1.2/libkrb5user/test/000075500000000000000000000000001122344641600164655ustar00rootroot00000000000000krb5user-0.1.2/libkrb5user/test/SConscript000064400000000000000000000004321122344641600204760ustar00rootroot00000000000000env = Environment() env.ParseConfig("/usr/bin/krb5-config --cflags") env['CPPPATH'] += ['#/libkrb5user'] env['LIBPATH'] = ['#/libkrb5user'] env['LIBS'] = ['krb5user'] env.Program('krb5user_keytab.cpp') env.Program('krb5user_kdestroy.cpp') env.Program('krb5user_keytab_memleak.cpp') krb5user-0.1.2/libkrb5user/test/krb5user_kdestroy.cpp000064400000000000000000000003101122344641600226510ustar00rootroot00000000000000#include #include int main() { const char *problem; krb5user_error_code e = krb5user_kdestroy(0, &problem); std::cout << (int)e << "\n: " << problem << "!\n"; return 0; } krb5user-0.1.2/libkrb5user/test/krb5user_keytab.cpp000064400000000000000000000003321122344641600222700ustar00rootroot00000000000000#include #include int main() { const char *problem; krb5user_error_code e = krb5user_kinit_keytab("host", 0, 0, 0, &problem); std::cout << (int)e << "\n: " << problem << "!\n"; return 0; } krb5user-0.1.2/libkrb5user/test/krb5user_keytab_memleak.cpp000064400000000000000000000006101122344641600237620ustar00rootroot00000000000000#include #include int main() { const char *problem; while(1) { //krb5user_error_code e = krb5user_kinit_keytab("host", 0, 0, 0, &problem); krb5user_error_code e = krb5user_kinit_keytab_spn("host/server.saratov.etersoft.ru", 0, 0, &problem); std::cout << (int)e << "\n: " << problem << ": " << krb5user_error_message(e) << "!\n"; // sleep(1); } return 0; } krb5user-0.1.2/pykrb5user/000075500000000000000000000000001122344641600153705ustar00rootroot00000000000000krb5user-0.1.2/pykrb5user/SConscript000064400000000000000000000006571122344641600174120ustar00rootroot00000000000000from distutils.sysconfig import get_python_lib, get_python_version python = 'python' + get_python_version() env = Environment() env.ParseConfig("/usr/bin/krb5-config --cflags") env['LIBS'] = [python, 'boost_python', 'krb5user'] env['LIBPREFIX'] = '' env['LIBPATH'] = '#/libkrb5user' env['CPPPATH'] += ['#/libkrb5user', "/usr/include/" + python] so = env.SharedLibrary('krb5user', 'module.cpp') Install(get_python_lib(True), so) krb5user-0.1.2/pykrb5user/module.cpp000064400000000000000000000111761122344641600173670ustar00rootroot00000000000000#include #include //#include //#include #include #include using namespace boost::python; void throw_exception(krb5user_error_code e, const char *what) { std::string error(krb5user_error_message(e)); error += std::string(" while ") + what; PyErr_SetString(PyExc_RuntimeError, error.c_str()); throw_error_already_set(); } void kinitKeytab(const char *service, const char *fqdn, const char* ktname, const char* ccname) { const char* what = 0; krb5user_error_code e = krb5user_kinit_keytab(service, fqdn, ktname, ccname, &what); if (e != 0) throw_exception(e, what); } void kinitKeytabSPN(const char *spn, const char* ktname, const char* ccname) { const char* what = 0; krb5user_error_code e = krb5user_kinit_keytab_spn(spn, ktname, ccname, &what); if (e != 0) throw_exception(e, what); } void kinitPassword(const char *principal, char* password, const char* ccname) { const char* what = 0; krb5user_error_code e = krb5user_kinit_password(principal, password, ccname, &what); if (e != 0) throw_exception(e, what); } /*static krb5user_error_code object_prompter(void *data, const char *name, const char *banner, const char *prompt, char *reply, unsigned int reply_length) { bool res = false; PyGILState_STATE GILState = PyGILState_Ensure(); try { ConnectionInfo ci = makeConnectionInfo(info); res = extract(verify_(ci)); } catch (const error_already_set&) { PyErr_Print(); PyGILState_Release(GILState); return false; } catch (...) { PyGILState_Release(GILState); return false; } PyGILState_Release(GILState); return res; }*/ //static object_prompter() //void kinitPasswordPrompt(const char *principal, const char* password, object prompter, const char* ccname) //{ // char* what = 0; // krb5user_error_code e = krb5user_kinit_password_prompt(principal, prompter, data, ccname, &what); // if (e != 0) // throw_exception(e, what); //} void kinitPasswordPromptPosix(const char *principal, const char* ccname) { const char* what = 0; krb5user_error_code e = krb5user_kinit_password_prompt_posix(principal, ccname, &what); if (e != 0) throw_exception(e, what); } //krb5user_kinit_password_prompt (const char *principal, // krb5user_prompter_fct prompter, // void *data, // const char* ccname, // char **what); void setCredentialCacheName(const char* ccname) { const char* what = 0; krb5user_error_code e = krb5user_set_ccname(ccname, &what); if (e != 0) throw_exception(e, what); } void kdestroy(const char* ccname) { const char* what = 0; krb5user_error_code e = krb5user_kdestroy(ccname, &what); if (e != 0) throw_exception(e, what); } BOOST_PYTHON_MODULE(krb5user) { def("kinitKeytab", kinitKeytab, "kinit from keytab for service at hostname.", ( arg("service") = (const char *) 0, arg("fqdn") = (const char *) 0, arg("ktname") = (const char *) 0, arg("ccname") = (const char *) 0 )); def("kinitKeytabSPN", kinitKeytabSPN, "kinit from keytab for service principal name.", ( arg("ktname") = (const char *) 0, arg("ccname") = (const char *) 0 )); def("kinitPassword", kinitPassword, "kinit from user password.", ( arg("password"), arg("ccname") = (const char *) 0 )); def("kinitPasswordPromptPosix", kinitPasswordPromptPosix, "kinit prompt from posix console.", ( arg("ccname") = (const char *) 0 )); // def("kinitPasswordPrompt", // kinitPasswordPrompt, // "kinit from user password from prompter.", // ( // arg("principal"), // arg("prompter"), // arg("ccname") = (const char *) 0 // )); def("setCredentialCacheName", setCredentialCacheName, "set default ccname for current process." ); def("kdestroy", kdestroy, "kdestroy for given credential cache", ( arg("ccname") = (const char *) 0 )); }