Merge branch 'master' of /users/git/public/pyceo

Conflicts: debian/changelog
2012-03-19 16:29:54 -04:00 · 2012-03-19 16:29:54 -04:00 · a81a97e296
parent 3bed2ad5c0 494ec5106a
commit a81a97e296
2 changed files with 32 additions and 11 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -1,8 +1,9 @@
-ceo (0.5.16ubuntu1) oneiric; urgency=low
+ceo (0.5.17) stable; urgency=low

-  * Build for oneiric.
+  * Change behavior of ceod to add Kerberos principal,
+  * as opposed to changing principal password.

- -- Jeremy Roman <jbroman@csclub.uwaterloo.ca>  Wed, 14 Mar 2012 21:35:51 -0400
+ -- Marc Burns <m4burns@csclub.uwaterloo.ca>  Fri, 16 Mar 2012 15:27:35 -0400

 ceo (0.5.16) stable; urgency=low

--- a/src/kadm.c
+++ b/src/kadm.c
@ -36,22 +36,42 @@ void ceo_kadm_cleanup() {

 int ceo_add_princ(char *user, char *password) {
    krb5_error_code retval;
-    krb5_principal princ;
-    memset((void *) &princ, 0, sizeof(princ));

    debug("kadmin: adding principal %s", user);

-    if ((retval = krb5_parse_name(context, user, &princ))) {
-        com_err(prog, retval, "while parsing principal name");
+    // Added March 2012: Change behavior of ceod to add the kerberos principal.
+    kadm5_policy_ent_rec defpol;
+    kadm5_principal_ent_rec princ;
+
+    memset((void*) &princ, 0, sizeof(princ));
+
+    if ((retval = kadm5_get_policy(handle, "default", &defpol))) {
+        com_err(prog, retval, "while retrieving default policy");
+        return retval;
+    }
+    kadm5_free_policy_ent(handle, &defpol);
+
+    princ.policy = "default";
+
+    if ((retval = krb5_parse_name(context, user, &princ.principal))) {
+        com_err(prog, retval, "while parsing user name");
        return retval;
    }

-    if ((retval = kadm5_chpass_principal(handle, princ, password))) {
-        com_err(prog, retval, "while creating principal");
-        return retval;
+    long flags = KADM5_POLICY | KADM5_PRINCIPAL;
+    if ((retval = kadm5_create_principal(handle, &princ, flags, password))) {
+        if(retval == KADM5_DUP) {
+            if ((retval = kadm5_chpass_principal(handle, princ.principal, password))) {
+                com_err(prog, retval, "while setting principal password");
+                return retval;
+            }
+        } else {
+            com_err(prog, retval, "while creating principal");
+            return retval;
+        }
    }

-    krb5_free_principal(context, princ);
+    krb5_free_principal(context, princ.principal);
    return 0;
 }