source: trunk/server/source4/auth/credentials/pycredentials.c

Last change on this file was 745, checked in by Silvan Scherrer, 13 years ago

Samba Server: updated trunk to 3.6.0
File size: 14.6 KB
Line 
1/*
2 Unix SMB/CIFS implementation.
3 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 3 of the License, or
8 (at your option) any later version.
9
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17*/
18
19#include <Python.h>
20#include "includes.h"
21#include "pycredentials.h"
22#include "param/param.h"
23#include "lib/cmdline/credentials.h"
24#include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
25#include "libcli/util/pyerrors.h"
26#include "param/pyparam.h"
27#include <tevent.h>
28
29static PyObject *PyString_FromStringOrNULL(const char *str)
30{
31 if (str == NULL)
32 Py_RETURN_NONE;
33 return PyString_FromString(str);
34}
35
36static PyObject *py_creds_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
37{
38 py_talloc_Object *ret = (py_talloc_Object *)type->tp_alloc(type, 0);
39 if (ret == NULL) {
40 PyErr_NoMemory();
41 return NULL;
42 }
43 ret->talloc_ctx = talloc_new(NULL);
44 if (ret->talloc_ctx == NULL) {
45 PyErr_NoMemory();
46 return NULL;
47 }
48 ret->ptr = cli_credentials_init(ret->talloc_ctx);
49 return (PyObject *)ret;
50}
51
52static PyObject *py_creds_get_username(py_talloc_Object *self)
53{
54 return PyString_FromStringOrNULL(cli_credentials_get_username(PyCredentials_AsCliCredentials(self)));
55}
56
57static PyObject *py_creds_set_username(py_talloc_Object *self, PyObject *args)
58{
59 char *newval;
60 enum credentials_obtained obt = CRED_SPECIFIED;
61 if (!PyArg_ParseTuple(args, "s|i", &newval, &obt))
62 return NULL;
63
64 return PyBool_FromLong(cli_credentials_set_username(PyCredentials_AsCliCredentials(self), newval, obt));
65}
66
67static PyObject *py_creds_get_password(py_talloc_Object *self)
68{
69 return PyString_FromStringOrNULL(cli_credentials_get_password(PyCredentials_AsCliCredentials(self)));
70}
71
72
73static PyObject *py_creds_set_password(py_talloc_Object *self, PyObject *args)
74{
75 char *newval;
76 enum credentials_obtained obt = CRED_SPECIFIED;
77 if (!PyArg_ParseTuple(args, "s|i", &newval, &obt))
78 return NULL;
79
80 return PyBool_FromLong(cli_credentials_set_password(PyCredentials_AsCliCredentials(self), newval, obt));
81}
82
83static PyObject *py_creds_get_domain(py_talloc_Object *self)
84{
85 return PyString_FromStringOrNULL(cli_credentials_get_domain(PyCredentials_AsCliCredentials(self)));
86}
87
88static PyObject *py_creds_set_domain(py_talloc_Object *self, PyObject *args)
89{
90 char *newval;
91 enum credentials_obtained obt = CRED_SPECIFIED;
92 if (!PyArg_ParseTuple(args, "s|i", &newval, &obt))
93 return NULL;
94
95 return PyBool_FromLong(cli_credentials_set_domain(PyCredentials_AsCliCredentials(self), newval, obt));
96}
97
98static PyObject *py_creds_get_realm(py_talloc_Object *self)
99{
100 return PyString_FromStringOrNULL(cli_credentials_get_realm(PyCredentials_AsCliCredentials(self)));
101}
102
103static PyObject *py_creds_set_realm(py_talloc_Object *self, PyObject *args)
104{
105 char *newval;
106 enum credentials_obtained obt = CRED_SPECIFIED;
107 if (!PyArg_ParseTuple(args, "s|i", &newval, &obt))
108 return NULL;
109
110 return PyBool_FromLong(cli_credentials_set_realm(PyCredentials_AsCliCredentials(self), newval, obt));
111}
112
113static PyObject *py_creds_get_bind_dn(py_talloc_Object *self)
114{
115 return PyString_FromStringOrNULL(cli_credentials_get_bind_dn(PyCredentials_AsCliCredentials(self)));
116}
117
118static PyObject *py_creds_set_bind_dn(py_talloc_Object *self, PyObject *args)
119{
120 char *newval;
121 if (!PyArg_ParseTuple(args, "s", &newval))
122 return NULL;
123
124 return PyBool_FromLong(cli_credentials_set_bind_dn(PyCredentials_AsCliCredentials(self), newval));
125}
126
127static PyObject *py_creds_get_workstation(py_talloc_Object *self)
128{
129 return PyString_FromStringOrNULL(cli_credentials_get_workstation(PyCredentials_AsCliCredentials(self)));
130}
131
132static PyObject *py_creds_set_workstation(py_talloc_Object *self, PyObject *args)
133{
134 char *newval;
135 enum credentials_obtained obt = CRED_SPECIFIED;
136 if (!PyArg_ParseTuple(args, "s|i", &newval, &obt))
137 return NULL;
138
139 return PyBool_FromLong(cli_credentials_set_workstation(PyCredentials_AsCliCredentials(self), newval, obt));
140}
141
142static PyObject *py_creds_is_anonymous(py_talloc_Object *self)
143{
144 return PyBool_FromLong(cli_credentials_is_anonymous(PyCredentials_AsCliCredentials(self)));
145}
146
147static PyObject *py_creds_set_anonymous(py_talloc_Object *self)
148{
149 cli_credentials_set_anonymous(PyCredentials_AsCliCredentials(self));
150 Py_RETURN_NONE;
151}
152
153static PyObject *py_creds_authentication_requested(py_talloc_Object *self)
154{
155 return PyBool_FromLong(cli_credentials_authentication_requested(PyCredentials_AsCliCredentials(self)));
156}
157
158static PyObject *py_creds_wrong_password(py_talloc_Object *self)
159{
160 return PyBool_FromLong(cli_credentials_wrong_password(PyCredentials_AsCliCredentials(self)));
161}
162
163static PyObject *py_creds_set_cmdline_callbacks(py_talloc_Object *self)
164{
165 return PyBool_FromLong(cli_credentials_set_cmdline_callbacks(PyCredentials_AsCliCredentials(self)));
166}
167
168static PyObject *py_creds_parse_string(py_talloc_Object *self, PyObject *args)
169{
170 char *newval;
171 enum credentials_obtained obt = CRED_SPECIFIED;
172 if (!PyArg_ParseTuple(args, "s|i", &newval, &obt))
173 return NULL;
174
175 cli_credentials_parse_string(PyCredentials_AsCliCredentials(self), newval, obt);
176 Py_RETURN_NONE;
177}
178
179static PyObject *py_creds_get_nt_hash(py_talloc_Object *self)
180{
181 const struct samr_Password *ntpw = cli_credentials_get_nt_hash(PyCredentials_AsCliCredentials(self), self->ptr);
182
183 return PyString_FromStringAndSize(discard_const_p(char, ntpw->hash), 16);
184}
185
186static PyObject *py_creds_set_kerberos_state(py_talloc_Object *self, PyObject *args)
187{
188 int state;
189 if (!PyArg_ParseTuple(args, "i", &state))
190 return NULL;
191
192 cli_credentials_set_kerberos_state(PyCredentials_AsCliCredentials(self), state);
193 Py_RETURN_NONE;
194}
195
196static PyObject *py_creds_set_krb_forwardable(py_talloc_Object *self, PyObject *args)
197{
198 int state;
199 if (!PyArg_ParseTuple(args, "i", &state))
200 return NULL;
201
202 cli_credentials_set_krb_forwardable(PyCredentials_AsCliCredentials(self), state);
203 Py_RETURN_NONE;
204}
205
206static PyObject *py_creds_guess(py_talloc_Object *self, PyObject *args)
207{
208 PyObject *py_lp_ctx = Py_None;
209 struct loadparm_context *lp_ctx;
210 TALLOC_CTX *mem_ctx;
211 struct cli_credentials *creds;
212
213 creds = PyCredentials_AsCliCredentials(self);
214
215 if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
216 return NULL;
217
218 mem_ctx = talloc_new(NULL);
219 if (mem_ctx == NULL) {
220 PyErr_NoMemory();
221 return NULL;
222 }
223
224 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
225 if (lp_ctx == NULL) {
226 talloc_free(mem_ctx);
227 return NULL;
228 }
229
230 cli_credentials_guess(creds, lp_ctx);
231
232 talloc_free(mem_ctx);
233
234 Py_RETURN_NONE;
235}
236
237static PyObject *py_creds_set_machine_account(py_talloc_Object *self, PyObject *args)
238{
239 PyObject *py_lp_ctx = Py_None;
240 struct loadparm_context *lp_ctx;
241 NTSTATUS status;
242 struct cli_credentials *creds;
243 TALLOC_CTX *mem_ctx;
244
245 creds = PyCredentials_AsCliCredentials(self);
246
247 if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
248 return NULL;
249
250 mem_ctx = talloc_new(NULL);
251 if (mem_ctx == NULL) {
252 PyErr_NoMemory();
253 return NULL;
254 }
255
256 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
257 if (lp_ctx == NULL) {
258 talloc_free(mem_ctx);
259 return NULL;
260 }
261
262 status = cli_credentials_set_machine_account(creds, lp_ctx);
263 talloc_free(mem_ctx);
264
265 PyErr_NTSTATUS_IS_ERR_RAISE(status);
266
267 Py_RETURN_NONE;
268}
269
270PyObject *PyCredentialCacheContainer_from_ccache_container(struct ccache_container *ccc)
271{
272 PyCredentialCacheContainerObject *py_ret;
273
274 if (ccc == NULL) {
275 Py_RETURN_NONE;
276 }
277
278 py_ret = (PyCredentialCacheContainerObject *)PyCredentialCacheContainer.tp_alloc(&PyCredentialCacheContainer, 0);
279 if (py_ret == NULL) {
280 PyErr_NoMemory();
281 return NULL;
282 }
283 py_ret->mem_ctx = talloc_new(NULL);
284 py_ret->ccc = talloc_reference(py_ret->mem_ctx, ccc);
285 return (PyObject *)py_ret;
286}
287
288
289static PyObject *py_creds_get_named_ccache(py_talloc_Object *self, PyObject *args)
290{
291 PyObject *py_lp_ctx = Py_None;
292 char *ccache_name;
293 struct loadparm_context *lp_ctx;
294 struct ccache_container *ccc;
295 struct tevent_context *event_ctx;
296 int ret;
297 const char *error_string;
298 struct cli_credentials *creds;
299 TALLOC_CTX *mem_ctx;
300
301 creds = PyCredentials_AsCliCredentials(self);
302
303 if (!PyArg_ParseTuple(args, "|Os", &py_lp_ctx, &ccache_name))
304 return NULL;
305
306 mem_ctx = talloc_new(NULL);
307 if (mem_ctx == NULL) {
308 PyErr_NoMemory();
309 return NULL;
310 }
311
312 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
313 if (lp_ctx == NULL) {
314 talloc_free(mem_ctx);
315 return NULL;
316 }
317
318 event_ctx = tevent_context_init(mem_ctx);
319
320 ret = cli_credentials_get_named_ccache(creds, event_ctx, lp_ctx,
321 ccache_name, &ccc, &error_string);
322 talloc_unlink(mem_ctx, lp_ctx);
323 if (ret == 0) {
324 talloc_steal(ccc, event_ctx);
325 talloc_free(mem_ctx);
326 return PyCredentialCacheContainer_from_ccache_container(ccc);
327 }
328
329 PyErr_SetString(PyExc_RuntimeError, error_string?error_string:"NULL");
330
331 talloc_free(mem_ctx);
332 return NULL;
333}
334
335static PyObject *py_creds_set_gensec_features(py_talloc_Object *self, PyObject *args)
336{
337 unsigned int gensec_features;
338
339 if (!PyArg_ParseTuple(args, "I", &gensec_features))
340 return NULL;
341
342 cli_credentials_set_gensec_features(PyCredentials_AsCliCredentials(self), gensec_features);
343
344 Py_RETURN_NONE;
345}
346
347static PyObject *py_creds_get_gensec_features(py_talloc_Object *self, PyObject *args)
348{
349 unsigned int gensec_features;
350
351 gensec_features = cli_credentials_get_gensec_features(PyCredentials_AsCliCredentials(self));
352 return PyInt_FromLong(gensec_features);
353}
354
355
356static PyMethodDef py_creds_methods[] = {
357 { "get_username", (PyCFunction)py_creds_get_username, METH_NOARGS,
358 "S.get_username() -> username\nObtain username." },
359 { "set_username", (PyCFunction)py_creds_set_username, METH_VARARGS,
360 "S.set_username(name, obtained=CRED_SPECIFIED) -> None\n"
361 "Change username." },
362 { "get_password", (PyCFunction)py_creds_get_password, METH_NOARGS,
363 "S.get_password() -> password\n"
364 "Obtain password." },
365 { "set_password", (PyCFunction)py_creds_set_password, METH_VARARGS,
366 "S.set_password(password, obtained=CRED_SPECIFIED) -> None\n"
367 "Change password." },
368 { "get_domain", (PyCFunction)py_creds_get_domain, METH_NOARGS,
369 "S.get_domain() -> domain\n"
370 "Obtain domain name." },
371 { "set_domain", (PyCFunction)py_creds_set_domain, METH_VARARGS,
372 "S.set_domain(domain, obtained=CRED_SPECIFIED) -> None\n"
373 "Change domain name." },
374 { "get_realm", (PyCFunction)py_creds_get_realm, METH_NOARGS,
375 "S.get_realm() -> realm\n"
376 "Obtain realm name." },
377 { "set_realm", (PyCFunction)py_creds_set_realm, METH_VARARGS,
378 "S.set_realm(realm, obtained=CRED_SPECIFIED) -> None\n"
379 "Change realm name." },
380 { "get_bind_dn", (PyCFunction)py_creds_get_bind_dn, METH_NOARGS,
381 "S.get_bind_dn() -> bind dn\n"
382 "Obtain bind DN." },
383 { "set_bind_dn", (PyCFunction)py_creds_set_bind_dn, METH_VARARGS,
384 "S.set_bind_dn(bind_dn) -> None\n"
385 "Change bind DN." },
386 { "is_anonymous", (PyCFunction)py_creds_is_anonymous, METH_NOARGS,
387 NULL },
388 { "set_anonymous", (PyCFunction)py_creds_set_anonymous, METH_NOARGS,
389 "S.set_anonymous() -> None\n"
390 "Use anonymous credentials." },
391 { "get_workstation", (PyCFunction)py_creds_get_workstation, METH_NOARGS,
392 NULL },
393 { "set_workstation", (PyCFunction)py_creds_set_workstation, METH_VARARGS,
394 NULL },
395 { "authentication_requested", (PyCFunction)py_creds_authentication_requested, METH_NOARGS,
396 NULL },
397 { "wrong_password", (PyCFunction)py_creds_wrong_password, METH_NOARGS,
398 "S.wrong_password() -> bool\n"
399 "Indicate the returned password was incorrect." },
400 { "set_cmdline_callbacks", (PyCFunction)py_creds_set_cmdline_callbacks, METH_NOARGS,
401 "S.set_cmdline_callbacks() -> bool\n"
402 "Use command-line to obtain credentials not explicitly set." },
403 { "parse_string", (PyCFunction)py_creds_parse_string, METH_VARARGS,
404 "S.parse_string(text, obtained=CRED_SPECIFIED) -> None\n"
405 "Parse credentials string." },
406 { "get_nt_hash", (PyCFunction)py_creds_get_nt_hash, METH_NOARGS,
407 NULL },
408 { "set_kerberos_state", (PyCFunction)py_creds_set_kerberos_state, METH_VARARGS,
409 NULL },
410 { "set_krb_forwardable", (PyCFunction)py_creds_set_krb_forwardable, METH_VARARGS,
411 NULL },
412 { "guess", (PyCFunction)py_creds_guess, METH_VARARGS, NULL },
413 { "set_machine_account", (PyCFunction)py_creds_set_machine_account, METH_VARARGS, NULL },
414 { "get_named_ccache", (PyCFunction)py_creds_get_named_ccache, METH_VARARGS, NULL },
415 { "set_gensec_features", (PyCFunction)py_creds_set_gensec_features, METH_VARARGS, NULL },
416 { "get_gensec_features", (PyCFunction)py_creds_get_gensec_features, METH_NOARGS, NULL },
417 { NULL }
418};
419
420PyTypeObject PyCredentials = {
421 .tp_name = "Credentials",
422 .tp_basicsize = sizeof(py_talloc_Object),
423 .tp_new = py_creds_new,
424 .tp_flags = Py_TPFLAGS_DEFAULT,
425 .tp_methods = py_creds_methods,
426};
427
428
429PyTypeObject PyCredentialCacheContainer = {
430 .tp_name = "CredentialCacheContainer",
431 .tp_basicsize = sizeof(py_talloc_Object),
432 .tp_flags = Py_TPFLAGS_DEFAULT,
433};
434
435void initcredentials(void)
436{
437 PyObject *m;
438 PyTypeObject *talloc_type = PyTalloc_GetObjectType();
439 if (talloc_type == NULL)
440 return;
441
442 PyCredentials.tp_base = PyCredentialCacheContainer.tp_base = talloc_type;
443
444 if (PyType_Ready(&PyCredentials) < 0)
445 return;
446
447 if (PyType_Ready(&PyCredentialCacheContainer) < 0)
448 return;
449
450 m = Py_InitModule3("credentials", NULL, "Credentials management.");
451 if (m == NULL)
452 return;
453
454 PyModule_AddObject(m, "AUTO_USE_KERBEROS", PyInt_FromLong(CRED_AUTO_USE_KERBEROS));
455 PyModule_AddObject(m, "DONT_USE_KERBEROS", PyInt_FromLong(CRED_DONT_USE_KERBEROS));
456 PyModule_AddObject(m, "MUST_USE_KERBEROS", PyInt_FromLong(CRED_MUST_USE_KERBEROS));
457
458 PyModule_AddObject(m, "AUTO_KRB_FORWARDABLE", PyInt_FromLong(CRED_AUTO_KRB_FORWARDABLE));
459 PyModule_AddObject(m, "NO_KRB_FORWARDABLE", PyInt_FromLong(CRED_NO_KRB_FORWARDABLE));
460 PyModule_AddObject(m, "FORCE_KRB_FORWARDABLE", PyInt_FromLong(CRED_FORCE_KRB_FORWARDABLE));
461
462 Py_INCREF(&PyCredentials);
463 PyModule_AddObject(m, "Credentials", (PyObject *)&PyCredentials);
464 Py_INCREF(&PyCredentialCacheContainer);
465 PyModule_AddObject(m, "CredentialCacheContainer", (PyObject *)&PyCredentialCacheContainer);
466}
Note: See TracBrowser for help on using the repository browser.