Figure out what realm an afs._pts.PTS instance authenticates against.

[invirt/packages/python-afs.git] / afs / _pts.pyx

diff --git a/afs/_pts.pyx b/afs/_pts.pyx
index 90b3327..107bf85 100644 (file)
--- a/afs/_pts.pyx
+++ b/afs/_pts.pyx
@@ -70,7 +70,27 @@ cdef import from "afs/ptuser.h":
 cdef import from "afs/pterror.h":
     enum:
         PRNOENT
-        PRTOOMANY
+
+cdef import from "krb5/krb5.h":
+    struct _krb5_context:
+        pass
+    struct krb5_principal_data:
+        pass
+
+    ctypedef _krb5_context krb5_context
+    ctypedef krb5_principal_data * krb5_principal
+
+    ctypedef long krb5_int32
+    ctypedef krb5_int32 krb5_error_code
+    krb5_error_code krb5_init_context(krb5_context *)
+    krb5_error_code krb5_parse_name(krb5_context, char *, krb5_principal *)
+    krb5_error_code krb5_unparse_name(krb5_context, krb5_principal, char **)
+    krb5_error_code krb5_524_conv_principal(krb5_context, krb5_principal, char *, char *, char *)
+    krb5_error_code krb5_425_conv_principal(krb5_context, char *, char *, char *, krb5_principal *)
+    krb5_error_code krb5_get_host_realm(krb5_context, char *, char ***)
+    void krb5_free_host_realm(krb5_context, char **)
+    void krb5_free_principal(krb5_context, krb5_principal)
+    void krb5_free_context(krb5_context)
 
 cdef class PTEntry:
     cdef public afs_int32 flags
@@ -132,13 +152,20 @@ cdef class PTS:
       - 2: fail if an authenticated connection can't be established
       - 3: same as 2, plus encrypt all traffic to the protection
         server
+
+    The realm attribute is the Kerberos realm against which this cell
+    authenticates.
     """
     cdef ubik_client * client
+    cdef readonly object cell
+    cdef readonly object realm
 
     def __cinit__(self, cell=None, sec=1):
         cdef afs_int32 code
         cdef afsconf_dir *cdir
         cdef afsconf_cell info
+        cdef krb5_context context
+        cdef char ** hrealms = NULL
         cdef char * c_cell
         cdef ktc_principal prin
         cdef ktc_token token
@@ -167,6 +194,16 @@ cdef class PTS:
         code = afsconf_GetCellInfo(cdir, c_cell, "afsprot", &info)
         pyafs_error(code)
 
+        code = krb5_init_context(&context)
+        pyafs_error(code)
+        code = krb5_get_host_realm(context, info.hostName[0], &hrealms)
+        pyafs_error(code)
+        self.realm = hrealms[0]
+        krb5_free_host_realm(context, hrealms)
+        krb5_free_context(context)
+
+        self.cell = info.name
+
         if sec > 0:
             strncpy(prin.cell, info.name, sizeof(prin.cell))
             prin.instance[0] = 0
@@ -215,8 +252,8 @@ cdef class PTS:
         name if it's a string, or otherwise just converting it to an
         integer.
         """
-        if isinstance(ident, (str, unicode)):
-            return self.NameToId(ident)
+        if isinstance(ident, basestring):
+            return self._NameToId(ident)
         else:
             return int(ident)
 
@@ -296,7 +333,7 @@ cdef class PTS:
         cdef afs_int32 code, cid
 
         name = name[:PR_MAXNAMELEN].lower()
-        oid = self.NameOrId(owner)
+        oid = self._NameOrId(owner)
 
         if id is not None:
             cid = id
@@ -313,7 +350,7 @@ cdef class PTS:
         identifier.
         """
         cdef afs_int32 code
-        cdef afs_int32 id = self.NameOrId(ident)
+        cdef afs_int32 id = self._NameOrId(ident)
 
         code = ubik_PR_Delete(self.client, 0, id)
         pyafs_error(code)
@@ -323,7 +360,7 @@ cdef class PTS:
         Add the given user to the given group.
         """
         cdef afs_int32 code
-        cdef afs_int32 uid = self.NameOrId(user), gid = self.NameOrId(group)
+        cdef afs_int32 uid = self._NameOrId(user), gid = self._NameOrId(group)
 
         code = ubik_PR_AddToGroup(self.client, 0, uid, gid)
         pyafs_error(code)
@@ -333,7 +370,7 @@ cdef class PTS:
         Remove the given user from the given group.
         """
         cdef afs_int32 code
-        cdef afs_int32 uid = self.NameOrId(user), gid = self.NameOrId(group)
+        cdef afs_int32 uid = self._NameOrId(user), gid = self._NameOrId(group)
 
         code = ubik_PR_RemoveFromGroup(self.client, 0, uid, gid)
         pyafs_error(code)
@@ -355,7 +392,7 @@ cdef class PTS:
         cdef int i
         cdef object members = []
 
-        cdef afs_int32 id = self.NameOrId(ident)
+        cdef afs_int32 id = self._NameOrId(ident)
 
         alist.prlist_len = 0
         alist.prlist_val = NULL
@@ -367,8 +404,6 @@ cdef class PTS:
                 members.append(alist.prlist_val[i])
             free(alist.prlist_val)
 
-        if over:
-            code = PRTOOMANY
         pyafs_error(code)
 
         return members
@@ -382,7 +417,7 @@ cdef class PTS:
         cdef int i
         cdef object owned = []
 
-        cdef afs_int32 oid = self.NameOrId(owner)
+        cdef afs_int32 oid = self._NameOrId(owner)
 
         alist.prlist_len = 0
         alist.prlist_val = NULL
@@ -394,8 +429,6 @@ cdef class PTS:
                 owned.append(alist.prlist_val[i])
             free(alist.prlist_val)
 
-        if over:
-            code = PRTOOMANY
         pyafs_error(code)
 
         return owned
@@ -409,7 +442,7 @@ cdef class PTS:
         cdef prcheckentry centry
         cdef object entry = PTEntry()
 
-        cdef afs_int32 id = self.NameOrId(ident)
+        cdef afs_int32 id = self._NameOrId(ident)
 
         code = ubik_PR_ListEntry(self.client, 0, id, &centry)
         pyafs_error(code)
@@ -428,10 +461,10 @@ cdef class PTS:
         cdef afs_int32 c_newid = 0, c_newoid = 0
         cdef char * c_newname
 
-        cdef afs_int32 id = self.NameOrId(ident)
+        cdef afs_int32 id = self._NameOrId(ident)
 
         if newname is None:
-            newname = self.IdToName(id)
+            newname = self._IdToName(id)
         c_newname = newname
         if newid is not None:
             c_newid = newid
@@ -448,7 +481,7 @@ cdef class PTS:
         cdef afs_int32 code
         cdef afs_int32 flag
 
-        cdef afs_int32 uid = self.NameOrId(user), gid = self.NameOrId(group)
+        cdef afs_int32 uid = self._NameOrId(user), gid = self._NameOrId(group)
 
         code = ubik_PR_IsAMemberOf(self.client, 0, uid, gid, &flag)
         pyafs_error(code)
@@ -537,7 +570,7 @@ cdef class PTS:
         cdef afs_int32 code
         cdef afs_int32 mask = 0, flags = 0, nusers = 0, ngroups = 0
 
-        cdef afs_int32 id = self.NameOrId(ident)
+        cdef afs_int32 id = self._NameOrId(ident)
 
         if access is not None:
             flags = access