-
Notifications
You must be signed in to change notification settings - Fork 1
/
kerberos.c
120 lines (102 loc) · 2.66 KB
/
kerberos.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
#include <kadm5/admin.h>
#include <krb5.h>
#include <string.h>
int init(krb5_context *context, void **handle,
char *keytab_name, char *princstr,
char *def_realm) {
kadm5_ret_t retval;
krb5_principal princ = NULL;
kadm5_config_params params;
char **db_args = NULL;
int err = 0;
memset(¶ms, 0, sizeof(params));
params.mask |= KADM5_CONFIG_REALM;
params.realm = def_realm;
retval = kadm5_init_krb5_context(context);
if (retval) {
err = -1;
com_err("kadm5_init_krb5_context()", retval, ".");
goto cleanup;
}
retval = kadm5_init_with_skey(*context, princstr, keytab_name,
NULL, ¶ms,
KADM5_STRUCT_VERSION,
KADM5_API_VERSION_4,
db_args,
handle);
if (retval) {
err = -1;
com_err("kadm5_init_with_skey()", retval, ".");
goto cleanup;
}
cleanup:
krb5_free_principal(*context, princ);
return err;
}
int delprinc(krb5_context context, void *handle, char *user) {
krb5_error_code retval;
krb5_principal princ;
int err = 0;
retval = krb5_parse_name(context, user, &princ);
if (retval) {
err = -1;
com_err("krb5_parse_name()", retval, ".");
goto cleanup;
}
retval = kadm5_delete_principal(handle, princ);
if (retval) {
err = -1;
com_err("kadm5_delete_principal()", retval, ".");
goto cleanup;
}
cleanup:
krb5_free_principal(context, princ);
return err;
}
int addprinc(krb5_context context, void *handle, char *user, char *pass) {
kadm5_principal_ent_rec princ;
long mask = 0;
krb5_error_code retval;
int err = 0;
memset(&princ, 0, sizeof(princ));
princ.attributes = 0;
retval = krb5_parse_name(context, user, &(princ.principal));
if (retval) {
err = -1;
com_err("krb5_parse_name()", retval, ".");
goto cleanup;
}
princ.policy = "default";
mask |= KADM5_POLICY;
mask &= ~KADM5_POLICY_CLR;
mask |= KADM5_PRINCIPAL;
retval = kadm5_create_principal(handle, &princ, mask, pass);
if (retval) {
err = -1;
com_err("kadm5_create_principal()", retval, ".");
goto cleanup;
}
princ.attributes &= ~KRB5_KDB_DISALLOW_ALL_TIX;
mask = KADM5_ATTRIBUTES;
retval = kadm5_modify_principal(handle, &princ, mask);
if (retval) {
err = -1;
com_err("kadm5_modify_principal()", retval, ".");
goto cleanup;
}
cleanup:
krb5_free_principal(context, princ.principal);
return err;
}
int main(void) {
krb5_context context;
void *handle = NULL;
if (init(&context, &handle, "/tmp/test.keytab", "test/admin", "LYTCHI.LOCAL") != -1) {
addprinc(context, handle, "titi", "pass");
delprinc(context, handle, "titi");
}
kadm5_unlock(handle);
kadm5_destroy(handle);
krb5_free_context(context);
return 0;
}