Context Navigation

← Previous Revision
Next Revision →
Normal
Revision Log

pyauth.c

Visit:

Last change on this file was 745, checked in by Silvan Scherrer, 13 years ago
Samba Server: updated trunk to 3.6.0
File size: 11.8 KB

Rev	Line
[745]	1	/*
	2	Unix SMB/CIFS implementation.
	3	Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2008
	4	Copyright (C) Andrew Bartlett <abartlet@samba.org> 2011
	5
	6	This program is free software; you can redistribute it and/or modify
	7	it under the terms of the GNU General Public License as published by
	8	the Free Software Foundation; either version 3 of the License, or
	9	(at your option) any later version.
	10
	11	This program is distributed in the hope that it will be useful,
	12	but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	GNU General Public License for more details.
	15
	16	You should have received a copy of the GNU General Public License
	17	along with this program. If not, see <http://www.gnu.org/licenses/>.
	18	*/
	19
	20	#include <Python.h>
	21	#include "includes.h"
	22	#include "libcli/util/pyerrors.h"
	23	#include "param/param.h"
	24	#include "pyauth.h"
	25	#include "pyldb.h"
	26	#include "auth/system_session_proto.h"
	27	#include "auth/auth.h"
	28	#include "param/pyparam.h"
	29	#include "libcli/security/security.h"
	30	#include "auth/credentials/pycredentials.h"
	31	#include <tevent.h>
	32	#include "librpc/rpc/pyrpc_util.h"
	33
	34	staticforward PyTypeObject PyAuthContext;
	35
	36	/* There's no Py_ssize_t in 2.4, apparently */
	37	#if PY_MAJOR_VERSION == 2 && PY_MINOR_VERSION < 5
	38	typedef int Py_ssize_t;
	39	typedef inquiry lenfunc;
	40	typedef intargfunc ssizeargfunc;
	41	#endif
	42
	43	#ifndef Py_RETURN_NONE
	44	#define Py_RETURN_NONE return Py_INCREF(Py_None), Py_None
	45	#endif
	46
	47	static PyObject py_auth_session_get_security_token(PyObject self, void *closure)
	48	{
	49	struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
	50	PyObject *py_security_token;
	51	py_security_token = py_return_ndr_struct("samba.dcerpc.security", "token",
	52	session->security_token, session->security_token);
	53	return py_security_token;
	54	}
	55
	56	static int py_auth_session_set_security_token(PyObject self, PyObject value, void *closure)
	57	{
	58	struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
	59	session->security_token = talloc_reference(session, py_talloc_get_ptr(value));
	60	return 0;
	61	}
	62
	63	static PyObject py_auth_session_get_session_key(PyObject self, void *closure)
	64	{
	65	struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
	66	return PyString_FromStringAndSize((char *)session->session_key.data, session->session_key.length);
	67	}
	68
	69	static int py_auth_session_set_session_key(PyObject self, PyObject value, void *closure)
	70	{
	71	DATA_BLOB val;
	72	struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
	73	val.data = (uint8_t *)PyString_AsString(value);
	74	val.length = PyString_Size(value);
	75
	76	session->session_key = data_blob_talloc(session, val.data, val.length);
	77	return 0;
	78	}
	79
	80	static PyObject py_auth_session_get_credentials(PyObject self, void *closure)
	81	{
	82	struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
	83	PyObject *py_credentials;
	84	/* This is evil, as the credentials are not IDL structures */
	85	py_credentials = py_return_ndr_struct("samba.credentials", "Credentials", session->credentials, session->credentials);
	86	return py_credentials;
	87	}
	88
	89	static int py_auth_session_set_credentials(PyObject self, PyObject value, void *closure)
	90	{
	91	struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
	92	session->credentials = talloc_reference(session, PyCredentials_AsCliCredentials(value));
	93	return 0;
	94	}
	95
	96	static PyGetSetDef py_auth_session_getset[] = {
	97	{ discard_const_p(char, "security_token"), (getter)py_auth_session_get_security_token, (setter)py_auth_session_set_security_token, NULL },
	98	{ discard_const_p(char, "session_key"), (getter)py_auth_session_get_session_key, (setter)py_auth_session_set_session_key, NULL },
	99	{ discard_const_p(char, "credentials"), (getter)py_auth_session_get_credentials, (setter)py_auth_session_set_credentials, NULL },
	100	{ NULL }
	101	};
	102
	103	static PyTypeObject PyAuthSession = {
	104	.tp_name = "AuthSession",
	105	.tp_basicsize = sizeof(py_talloc_Object),
	106	.tp_flags = Py_TPFLAGS_DEFAULT,
	107	.tp_getset = py_auth_session_getset,
	108	};
	109
	110	PyObject PyAuthSession_FromSession(struct auth_session_info session)
	111	{
	112	return py_talloc_reference(&PyAuthSession, session);
	113	}
	114
	115	static PyObject py_system_session(PyObject module, PyObject *args)
	116	{
	117	PyObject *py_lp_ctx = Py_None;
	118	struct loadparm_context *lp_ctx = NULL;
	119	struct auth_session_info *session;
	120	TALLOC_CTX *mem_ctx;
	121	if (!PyArg_ParseTuple(args, "\|O", &py_lp_ctx))
	122	return NULL;
	123
	124	mem_ctx = talloc_new(NULL);
	125	if (mem_ctx == NULL) {
	126	PyErr_NoMemory();
	127	return NULL;
	128	}
	129
	130	lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
	131	if (lp_ctx == NULL) {
	132	talloc_free(mem_ctx);
	133	return NULL;
	134	}
	135
	136	session = system_session(lp_ctx);
	137
	138	talloc_free(mem_ctx);
	139
	140	return PyAuthSession_FromSession(session);
	141	}
	142
	143
	144	static PyObject py_admin_session(PyObject module, PyObject *args)
	145	{
	146	PyObject *py_lp_ctx;
	147	PyObject *py_sid;
	148	struct loadparm_context *lp_ctx = NULL;
	149	struct auth_session_info *session;
	150	struct dom_sid *domain_sid = NULL;
	151	TALLOC_CTX *mem_ctx;
	152
	153	if (!PyArg_ParseTuple(args, "OO", &py_lp_ctx, &py_sid))
	154	return NULL;
	155
	156	mem_ctx = talloc_new(NULL);
	157	if (mem_ctx == NULL) {
	158	PyErr_NoMemory();
	159	return NULL;
	160	}
	161
	162	lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
	163	if (lp_ctx == NULL) {
	164	talloc_free(mem_ctx);
	165	return NULL;
	166	}
	167
	168	domain_sid = dom_sid_parse_talloc(mem_ctx, PyString_AsString(py_sid));
	169	if (domain_sid == NULL) {
	170	PyErr_Format(PyExc_RuntimeError, "Unable to parse sid %s",
	171	PyString_AsString(py_sid));
	172	talloc_free(mem_ctx);
	173	return NULL;
	174	}
	175	session = admin_session(NULL, lp_ctx, domain_sid);
	176	talloc_free(mem_ctx);
	177
	178	return PyAuthSession_FromSession(session);
	179	}
	180
	181	static PyObject py_user_session(PyObject module, PyObject args, PyObject kwargs)
	182	{
	183	NTSTATUS nt_status;
	184	struct auth_session_info *session;
	185	TALLOC_CTX *mem_ctx;
	186	const char * const kwnames[] = { "ldb", "lp_ctx", "principal", "dn", "session_info_flags", NULL };
	187	struct ldb_context *ldb_ctx;
	188	PyObject *py_ldb = Py_None;
	189	PyObject *py_dn = Py_None;
	190	PyObject *py_lp_ctx = Py_None;
	191	struct loadparm_context *lp_ctx = NULL;
	192	struct ldb_dn *user_dn;
	193	char *principal = NULL;
	194	int session_info_flags = 0; /* This is an int, because that's
	195	* what we need for the python
	196	* PyArg_ParseTupleAndKeywords */
	197
	198	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "O\|OzOi",
	199	discard_const_p(char *, kwnames),
	200	&py_ldb, &py_lp_ctx, &principal, &py_dn, &session_info_flags)) {
	201	return NULL;
	202	}
	203
	204	mem_ctx = talloc_new(NULL);
	205	if (mem_ctx == NULL) {
	206	PyErr_NoMemory();
	207	return NULL;
	208	}
	209
	210	ldb_ctx = PyLdb_AsLdbContext(py_ldb);
	211
	212	if (py_dn == Py_None) {
	213	user_dn = NULL;
	214	} else {
	215	if (!PyObject_AsDn(ldb_ctx, py_dn, ldb_ctx, &user_dn)) {
	216	talloc_free(mem_ctx);
	217	return NULL;
	218	}
	219	}
	220
	221	lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
	222	if (lp_ctx == NULL) {
	223	talloc_free(mem_ctx);
	224	return NULL;
	225	}
	226
	227	nt_status = authsam_get_session_info_principal(mem_ctx, lp_ctx, ldb_ctx, principal, user_dn,
	228	session_info_flags, &session);
	229	if (!NT_STATUS_IS_OK(nt_status)) {
	230	talloc_free(mem_ctx);
	231	PyErr_NTSTATUS_IS_ERR_RAISE(nt_status);
	232	}
	233
	234	talloc_steal(NULL, session);
	235	talloc_free(mem_ctx);
	236
	237	return PyAuthSession_FromSession(session);
	238	}
	239
	240
	241	static const char *PyList_AsStringList(TALLOC_CTX mem_ctx, PyObject *list,
	242	const char *paramname)
	243	{
	244	const char **ret;
	245	Py_ssize_t i;
	246	if (!PyList_Check(list)) {
	247	PyErr_Format(PyExc_TypeError, "%s is not a list", paramname);
	248	return NULL;
	249	}
	250	ret = talloc_array(NULL, const char *, PyList_Size(list)+1);
	251	if (ret == NULL) {
	252	PyErr_NoMemory();
	253	return NULL;
	254	}
	255
	256	for (i = 0; i < PyList_Size(list); i++) {
	257	PyObject *item = PyList_GetItem(list, i);
	258	if (!PyString_Check(item)) {
	259	PyErr_Format(PyExc_TypeError, "%s should be strings", paramname);
	260	return NULL;
	261	}
	262	ret[i] = talloc_strndup(ret, PyString_AsString(item),
	263	PyString_Size(item));
	264	}
	265	ret[i] = NULL;
	266	return ret;
	267	}
	268
	269	static PyObject PyAuthContext_FromContext(struct auth_context auth_context)
	270	{
	271	return py_talloc_reference(&PyAuthContext, auth_context);
	272	}
	273
	274	static PyObject py_auth_context_new(PyTypeObject type, PyObject args, PyObject kwargs)
	275	{
	276	PyObject *py_lp_ctx = Py_None;
	277	PyObject *py_ldb = Py_None;
	278	PyObject *py_messaging_ctx = Py_None;
	279	PyObject *py_auth_context = Py_None;
	280	PyObject *py_methods = Py_None;
	281	TALLOC_CTX *mem_ctx;
	282	struct auth_context *auth_context;
	283	struct messaging_context *messaging_context = NULL;
	284	struct loadparm_context *lp_ctx;
	285	struct tevent_context *ev;
	286	struct ldb_context *ldb;
	287	NTSTATUS nt_status;
	288	const char **methods;
	289
	290	const char * const kwnames[] = { "lp_ctx", "messaging_ctx", "ldb", "methods", NULL };
	291
	292	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "\|OOOO",
	293	discard_const_p(char *, kwnames),
	294	&py_lp_ctx, &py_messaging_ctx, &py_ldb, &py_methods))
	295	return NULL;
	296
	297	mem_ctx = talloc_new(NULL);
	298	if (mem_ctx == NULL) {
	299	PyErr_NoMemory();
	300	return NULL;
	301	}
	302
	303	if (py_ldb != Py_None) {
	304	ldb = PyLdb_AsLdbContext(py_ldb);
	305	}
	306
	307	lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
	308
	309	ev = tevent_context_init(mem_ctx);
	310	if (ev == NULL) {
	311	PyErr_NoMemory();
	312	return NULL;
	313	}
	314
	315	if (py_messaging_ctx != Py_None) {
	316	messaging_context = py_talloc_get_type(py_messaging_ctx, struct messaging_context);
	317	}
	318
	319	if (py_methods == Py_None && py_ldb == Py_None) {
	320	nt_status = auth_context_create(mem_ctx, ev, messaging_context, lp_ctx, &auth_context);
	321	} else {
	322	if (py_methods != Py_None) {
	323	methods = PyList_AsStringList(mem_ctx, py_methods, "methods");
	324	if (methods == NULL) {
	325	talloc_free(mem_ctx);
	326	return NULL;
	327	}
	328	} else {
	329	methods = auth_methods_from_lp(mem_ctx, lp_ctx);
	330	}
	331	nt_status = auth_context_create_methods(mem_ctx, methods, ev,
	332	messaging_context, lp_ctx,
	333	ldb, &auth_context);
	334	}
	335
	336	if (!NT_STATUS_IS_OK(nt_status)) {
	337	talloc_free(mem_ctx);
	338	PyErr_NTSTATUS_IS_ERR_RAISE(nt_status);
	339	}
	340
	341	if (!talloc_reference(auth_context, lp_ctx)) {
	342	talloc_free(mem_ctx);
	343	PyErr_NoMemory();
	344	return NULL;
	345	}
	346
	347	if (!talloc_reference(auth_context, ev)) {
	348	talloc_free(mem_ctx);
	349	PyErr_NoMemory();
	350	return NULL;
	351	}
	352
	353	py_auth_context = PyAuthContext_FromContext(auth_context);
	354
	355	talloc_free(mem_ctx);
	356
	357	return py_auth_context;
	358	}
	359
	360	static PyTypeObject PyAuthContext = {
	361	.tp_name = "AuthContext",
	362	.tp_basicsize = sizeof(py_talloc_Object),
	363	.tp_flags = Py_TPFLAGS_DEFAULT,
	364	.tp_new = py_auth_context_new,
	365	.tp_basicsize = sizeof(py_talloc_Object),
	366	};
	367
	368	static PyMethodDef py_auth_methods[] = {
	369	{ "system_session", (PyCFunction)py_system_session, METH_VARARGS, NULL },
	370	{ "admin_session", (PyCFunction)py_admin_session, METH_VARARGS, NULL },
	371	{ "user_session", (PyCFunction)py_user_session, METH_VARARGS\|METH_KEYWORDS, NULL },
	372	{ NULL },
	373	};
	374
	375	void initauth(void)
	376	{
	377	PyObject *m;
	378
	379	PyAuthSession.tp_base = PyTalloc_GetObjectType();
	380	if (PyAuthSession.tp_base == NULL)
	381	return;
	382
	383	if (PyType_Ready(&PyAuthSession) < 0)
	384	return;
	385
	386	PyAuthContext.tp_base = PyTalloc_GetObjectType();
	387	if (PyAuthContext.tp_base == NULL)
	388	return;
	389
	390	if (PyType_Ready(&PyAuthContext) < 0)
	391	return;
	392
	393	m = Py_InitModule3("auth", py_auth_methods,
	394	"Authentication and authorization support.");
	395	if (m == NULL)
	396	return;
	397
	398	Py_INCREF(&PyAuthSession);
	399	PyModule_AddObject(m, "AuthSession", (PyObject *)&PyAuthSession);
	400	Py_INCREF(&PyAuthContext);
	401	PyModule_AddObject(m, "AuthContext", (PyObject *)&PyAuthContext);
	402
	403	#define ADD_FLAG(val) PyModule_AddObject(m, #val, PyInt_FromLong(val))
	404	ADD_FLAG(AUTH_SESSION_INFO_DEFAULT_GROUPS);
	405	ADD_FLAG(AUTH_SESSION_INFO_AUTHENTICATED);
	406	ADD_FLAG(AUTH_SESSION_INFO_SIMPLE_PRIVILEGES);
	407
	408	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: trunk/server/source4/auth/pyauth.c

Download in other formats: