HEX

File: //opt/saltstack/salt/lib/python3.10/site-packages/salt/modules/__pycache__/kerberos.cpython-310.pyc
o

�N�g]�@svdZddlZddlZe�e�Zdd�Zdd�Zdd�Z	d	d
�Z
dd�Zd
d�Zdd�Z
ddd�Zdd�Zddd�ZdS)a�
Manage Kerberos KDC

:configuration:
    In order to manage your KDC you will need to generate a keytab
    that can authenticate without requiring a password.

.. code-block:: bash

    # ktadd -k /root/secure.keytab kadmin/admin kadmin/changepw

On the KDC minion you will need to add the following to the minion
configuration file so Salt knows what keytab to use and what principal to
authenticate as.

.. code-block:: yaml

    auth_keytab: /root/auth.keytab
    auth_principal: kadmin/admin
�NcCstjj�d�r	dSdS)NZkadminT)Fz<The kerberos execution module not loaded: kadmin not in path)�salt�utils�path�which�rr�I/opt/saltstack/salt/lib/python3.10/site-packages/salt/modules/kerberos.py�__virtual__srcCsji}t�dd�}t�dd�}td|�r&|r&tdd|�d|�d|�d	��St�d
�d|d<d
|d<|S)z!
    Execute kadmin commands
    �auth_keytabN�auth_principalzfile.file_existszcmd.run_allz
kadmin -k -t z -p z -q "�"z(Unable to find kerberos keytab/principal��retcodez'Missing authentication keytab/principal�comment)Z__opts__�getZ__salt__�log�error)�cmd�retr	r
rrr�__execute_kadmin$s�
rcC�ti}td�}|ddks|dr |d��d|d<d|d<|Sd	gi}|d
��dd�D]	}|d	�|�q.|S)
z�
    Get all principals

    CLI Example:

    .. code-block:: bash

        salt 'kde.example.com' kerberos.list_principals
    �list_principalsr
r�stderr���rF�resultZ
principals�stdoutrN�r�
splitlines�append�rr�irrrr9�
rcC�|i}td|���}|ddks|dr#|d��d|d<d|d<|S|d	��d
d�D]}|�dd
�\}}|||<q-|S)
z�
    Get princial details

    CLI Example:

    .. code-block:: bash

        salt 'kdc.example.com' kerberos.get_principal root/admin
    zget_principal r
rrrrFrrrN�:�rr�split��namerrr�prop�valrrr�
get_principalU�

r)cCr)
zz
    List policies

    CLI Example:

    .. code-block:: bash

        salt 'kdc.example.com' kerberos.list_policies
    �
list_policiesr
rrrrFrZpoliciesrrNrrrrrr+qr r+cCr!)
z�
    Get policy details

    CLI Example:

    .. code-block:: bash

        salt 'kdc.example.com' kerberos.get_policy my_policy
    zget_policy r
rrrrFrrrNr"r#r%rrr�
get_policy�r*r,cCs�i}td�}|ddks|dr |d��d|d<d|d<|S|d	��d
d�D]}|�dd
�\}}d
d�|��D�||<q*|S)z{
    Current privileges

    CLI Example:

    .. code-block:: bash

        salt 'kdc.example.com' kerberos.get_privs
    �	get_privsr
rrrrFrrrNr"cSsg|]}|�qSrr)�.0�jrrr�
<listcomp>�szget_privs.<locals>.<listcomp>r#)rrrr'r(rrrr-�s
r-cCs~i}d}|r
|d|��7}|d|��7}t|�}|ddks"|dr=|d��d�d�s=|d��d|d	<d
|d<|SdS)
z�
    Create Principal

    CLI Example:

    .. code-block:: bash

        salt 'kdc.example.com' kerberos.create_principal host/example.com
    zaddprinc -randkey� -e � r
rrrzWARNING:rFrT)rr�
startswith)r&�enctypesr�krb_cmdrrrr�create_principal�s
r6cCsJi}td|���}|ddks|dr#|d��d|d<d|d<|Sd	S)
z�
    Delete Principal

    CLI Example:

    .. code-block:: bash

        salt 'kdc.example.com' kerberos.delete_principal host/example.com@EXAMPLE.COM
    zdelprinc -force r
rrrrFrT�rr)r&rrrrr�delete_principal�s
r8cCsni}d|��}|r|d|��7}|d|��7}t|�}|ddks%|dr5|d��d|d<d	|d
<|SdS)z�
    Create keytab

    CLI Example:

    .. code-block:: bash

        salt 'kdc.example.com' kerberos.create_keytab host/host1.example.com host1.example.com.keytab
    z	ktadd -k r1r2r
rrrrFrTr7)r&Zkeytabr4rr5rrrr�
create_keytab�s

r9)N)�__doc__�loggingZsalt.utils.pathr�	getLogger�__name__rrrrr)r+r,r-r6r8r9rrrr�<module>s