Programmer error! Bad Admin server handle
John Hascall
john at iastate.edu
Thu Feb 14 08:26:02 EST 2008
What version of Kerberos libraries are you using?
They changed the API for all the kadm5_init* functions
somewhere around 1.6 to add a parameter:
kadm5_ret_t kadm5_init_with_password(char *client_name,
char *pass,
char *service_name,
kadm5_config_params *params,
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
/* Heh, look at me, I'm new ----> */ char **db_args,
void **server_handle);
Which has bit me more than once.
> Hello,
>
> for a project that is mainly developed in Python/Zope, I need to wrap
> some functions of the kadm5-clnt lib. In particular, I need
>
> kadm5_create_principal
> kadm5_delete_principal
> kadm5_chpass_principal
>
> to be wrapped into a Python extension. Unfortunately, I'm not very
> familiar with C, so I'm a bit lost here.
> So far I checked out the PyKerberos extension from Apple's
> Calenderserver project and extended it by a kadm5 module, which
> basically consists of the following code (I use the
> kadm5_get_principals method for testing to avoid potentially dangerous
> writes to our Kerberos DB):
>
> --- snip ---
> #include <Python.h>
>
> #include <sys/stat.h>
> #include <sys/types.h>
> #include <com_err.h>
>
> #include <krb5.h>
>
> #include "admin.h"
>
>
> static PyObject *k5_error;
>
> #define RETURN_ON_ERROR(message, code) \
> do if (code != 0) \
> { \
> const char *error; \
> error = krb5_get_error_message(ctx, code); \
> PyErr_Format(k5_error, "%s: %s", message, error); \
> krb5_free_error_message(ctx, error); \
> return NULL; \
> } while (0)
>
>
>
> static PyObject *getPrincipals(PyObject *self, PyObject *args)
> {
> char *client;
> char *pass;
> char *realm;
> void **handle;
> char ***princs;
> int *count;
> krb5_context ctx;
> krb5_error_code code = 0;
>
> code = krb5_init_context(&ctx);
> RETURN_ON_ERROR("krb5_init_context()", code);
>
> if (!PyArg_ParseTuple(args, "sss", &client, &pass, &realm))
> return NULL;
>
> code = kadm5_init_with_password(client, pass, KADM5_ADMIN_SERVICE,
> realm, KADM5_STRUCT_VERSION_1, KADM5_API_VERSION_1,
> handle);
> RETURN_ON_ERROR("kadm5_init_with_password()", code);
>
> code = kadm5_get_principals(&handle, "*", princs, count);
> RETURN_ON_ERROR("kadm5_get_principals()", code);
>
> /* return Py_BuildValue("s", &princs); */
> return Py_BuildValue("");
> }
>
>
> static PyMethodDef kadm5Methods[] = {
> {"kadm5_get_principals", getPrincipals, METH_VARARGS, "Test."},
> {NULL, NULL, 0, NULL} /* Sentinel */
> };
>
> PyMODINIT_FUNC initkadm5(void)
> {
> PyObject *module, *dict;
>
> initialize_krb5_error_table();
>
> module = Py_InitModule("kadm5", kadm5Methods);
> dict = PyModule_GetDict(module);
> k5_error = PyErr_NewException("PyKerberos.kadm5.Error", NULL, NULL);
> PyDict_SetItemString(dict, "Error", k5_error);
> }
> --- snap ---
>
> If you ignore the Python wrapping stuff, you'll see that the code
> consecutively calls kadm5_init_with_password and kadm5_get_principals,
> where the latter doesn't accept the server-handle referenced by the
> first.
> kadm5_init_with_password returns "correct" errors, if I provide an
> unconfigured realm or a wrong client_name/password combination, so
> that's not it.
> I don't know, if I did all the (de)referencing for the handle right or
> if I have some fundamental misunderstanding here.
> Does someone have a clue what's wrong?
>
> Thank you in advance and best regards,
> Torsten
> --
> Gentlemen, I want you to know that I am not always right, but I am
> never wrong. -Samuel Goldwyn
> _______________________________________________
> krbdev mailing list krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
>
More information about the krbdev
mailing list