Context Navigation

source: vendor/3.6.0/source4/auth/pyauth.c

Visit:

Last change on this file was 740, checked in by Silvan Scherrer, 13 years ago
Samba Server: update vendor to 3.6.0
File size: 11.8 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3	Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2008
4	Copyright (C) Andrew Bartlett <abartlet@samba.org> 2011
5
6	This program is free software; you can redistribute it and/or modify
7	it under the terms of the GNU General Public License as published by
8	the Free Software Foundation; either version 3 of the License, or
9	(at your option) any later version.
10
11	This program is distributed in the hope that it will be useful,
12	but WITHOUT ANY WARRANTY; without even the implied warranty of
13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	GNU General Public License for more details.
15
16	You should have received a copy of the GNU General Public License
17	along with this program. If not, see <http://www.gnu.org/licenses/>.
18	*/
19
20	#include <Python.h>
21	#include "includes.h"
22	#include "libcli/util/pyerrors.h"
23	#include "param/param.h"
24	#include "pyauth.h"
25	#include "pyldb.h"
26	#include "auth/system_session_proto.h"
27	#include "auth/auth.h"
28	#include "param/pyparam.h"
29	#include "libcli/security/security.h"
30	#include "auth/credentials/pycredentials.h"
31	#include <tevent.h>
32	#include "librpc/rpc/pyrpc_util.h"
33
34	staticforward PyTypeObject PyAuthContext;
35
36	/* There's no Py_ssize_t in 2.4, apparently */
37	#if PY_MAJOR_VERSION == 2 && PY_MINOR_VERSION < 5
38	typedef int Py_ssize_t;
39	typedef inquiry lenfunc;
40	typedef intargfunc ssizeargfunc;
41	#endif
42
43	#ifndef Py_RETURN_NONE
44	#define Py_RETURN_NONE return Py_INCREF(Py_None), Py_None
45	#endif
46
47	static PyObject py_auth_session_get_security_token(PyObject self, void *closure)
48	{
49	struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
50	PyObject *py_security_token;
51	py_security_token = py_return_ndr_struct("samba.dcerpc.security", "token",
52	session->security_token, session->security_token);
53	return py_security_token;
54	}
55
56	static int py_auth_session_set_security_token(PyObject self, PyObject value, void *closure)
57	{
58	struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
59	session->security_token = talloc_reference(session, py_talloc_get_ptr(value));
60	return 0;
61	}
62
63	static PyObject py_auth_session_get_session_key(PyObject self, void *closure)
64	{
65	struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
66	return PyString_FromStringAndSize((char *)session->session_key.data, session->session_key.length);
67	}
68
69	static int py_auth_session_set_session_key(PyObject self, PyObject value, void *closure)
70	{
71	DATA_BLOB val;
72	struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
73	val.data = (uint8_t *)PyString_AsString(value);
74	val.length = PyString_Size(value);
75
76	session->session_key = data_blob_talloc(session, val.data, val.length);
77	return 0;
78	}
79
80	static PyObject py_auth_session_get_credentials(PyObject self, void *closure)
81	{
82	struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
83	PyObject *py_credentials;
84	/* This is evil, as the credentials are not IDL structures */
85	py_credentials = py_return_ndr_struct("samba.credentials", "Credentials", session->credentials, session->credentials);
86	return py_credentials;
87	}
88
89	static int py_auth_session_set_credentials(PyObject self, PyObject value, void *closure)
90	{
91	struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
92	session->credentials = talloc_reference(session, PyCredentials_AsCliCredentials(value));
93	return 0;
94	}
95
96	static PyGetSetDef py_auth_session_getset[] = {
97	{ discard_const_p(char, "security_token"), (getter)py_auth_session_get_security_token, (setter)py_auth_session_set_security_token, NULL },
98	{ discard_const_p(char, "session_key"), (getter)py_auth_session_get_session_key, (setter)py_auth_session_set_session_key, NULL },
99	{ discard_const_p(char, "credentials"), (getter)py_auth_session_get_credentials, (setter)py_auth_session_set_credentials, NULL },
100	{ NULL }
101	};
102
103	static PyTypeObject PyAuthSession = {
104	.tp_name = "AuthSession",
105	.tp_basicsize = sizeof(py_talloc_Object),
106	.tp_flags = Py_TPFLAGS_DEFAULT,
107	.tp_getset = py_auth_session_getset,
108	};
109
110	PyObject PyAuthSession_FromSession(struct auth_session_info session)
111	{
112	return py_talloc_reference(&PyAuthSession, session);
113	}
114
115	static PyObject py_system_session(PyObject module, PyObject *args)
116	{
117	PyObject *py_lp_ctx = Py_None;
118	struct loadparm_context *lp_ctx = NULL;
119	struct auth_session_info *session;
120	TALLOC_CTX *mem_ctx;
121	if (!PyArg_ParseTuple(args, "\|O", &py_lp_ctx))
122	return NULL;
123
124	mem_ctx = talloc_new(NULL);
125	if (mem_ctx == NULL) {
126	PyErr_NoMemory();
127	return NULL;
128	}
129
130	lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
131	if (lp_ctx == NULL) {
132	talloc_free(mem_ctx);
133	return NULL;
134	}
135
136	session = system_session(lp_ctx);
137
138	talloc_free(mem_ctx);
139
140	return PyAuthSession_FromSession(session);
141	}
142
143
144	static PyObject py_admin_session(PyObject module, PyObject *args)
145	{
146	PyObject *py_lp_ctx;
147	PyObject *py_sid;
148	struct loadparm_context *lp_ctx = NULL;
149	struct auth_session_info *session;
150	struct dom_sid *domain_sid = NULL;
151	TALLOC_CTX *mem_ctx;
152
153	if (!PyArg_ParseTuple(args, "OO", &py_lp_ctx, &py_sid))
154	return NULL;
155
156	mem_ctx = talloc_new(NULL);
157	if (mem_ctx == NULL) {
158	PyErr_NoMemory();
159	return NULL;
160	}
161
162	lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
163	if (lp_ctx == NULL) {
164	talloc_free(mem_ctx);
165	return NULL;
166	}
167
168	domain_sid = dom_sid_parse_talloc(mem_ctx, PyString_AsString(py_sid));
169	if (domain_sid == NULL) {
170	PyErr_Format(PyExc_RuntimeError, "Unable to parse sid %s",
171	PyString_AsString(py_sid));
172	talloc_free(mem_ctx);
173	return NULL;
174	}
175	session = admin_session(NULL, lp_ctx, domain_sid);
176	talloc_free(mem_ctx);
177
178	return PyAuthSession_FromSession(session);
179	}
180
181	static PyObject py_user_session(PyObject module, PyObject args, PyObject kwargs)
182	{
183	NTSTATUS nt_status;
184	struct auth_session_info *session;
185	TALLOC_CTX *mem_ctx;
186	const char * const kwnames[] = { "ldb", "lp_ctx", "principal", "dn", "session_info_flags", NULL };
187	struct ldb_context *ldb_ctx;
188	PyObject *py_ldb = Py_None;
189	PyObject *py_dn = Py_None;
190	PyObject *py_lp_ctx = Py_None;
191	struct loadparm_context *lp_ctx = NULL;
192	struct ldb_dn *user_dn;
193	char *principal = NULL;
194	int session_info_flags = 0; /* This is an int, because that's
195	* what we need for the python
196	* PyArg_ParseTupleAndKeywords */
197
198	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "O\|OzOi",
199	discard_const_p(char *, kwnames),
200	&py_ldb, &py_lp_ctx, &principal, &py_dn, &session_info_flags)) {
201	return NULL;
202	}
203
204	mem_ctx = talloc_new(NULL);
205	if (mem_ctx == NULL) {
206	PyErr_NoMemory();
207	return NULL;
208	}
209
210	ldb_ctx = PyLdb_AsLdbContext(py_ldb);
211
212	if (py_dn == Py_None) {
213	user_dn = NULL;
214	} else {
215	if (!PyObject_AsDn(ldb_ctx, py_dn, ldb_ctx, &user_dn)) {
216	talloc_free(mem_ctx);
217	return NULL;
218	}
219	}
220
221	lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
222	if (lp_ctx == NULL) {
223	talloc_free(mem_ctx);
224	return NULL;
225	}
226
227	nt_status = authsam_get_session_info_principal(mem_ctx, lp_ctx, ldb_ctx, principal, user_dn,
228	session_info_flags, &session);
229	if (!NT_STATUS_IS_OK(nt_status)) {
230	talloc_free(mem_ctx);
231	PyErr_NTSTATUS_IS_ERR_RAISE(nt_status);
232	}
233
234	talloc_steal(NULL, session);
235	talloc_free(mem_ctx);
236
237	return PyAuthSession_FromSession(session);
238	}
239
240
241	static const char *PyList_AsStringList(TALLOC_CTX mem_ctx, PyObject *list,
242	const char *paramname)
243	{
244	const char **ret;
245	Py_ssize_t i;
246	if (!PyList_Check(list)) {
247	PyErr_Format(PyExc_TypeError, "%s is not a list", paramname);
248	return NULL;
249	}
250	ret = talloc_array(NULL, const char *, PyList_Size(list)+1);
251	if (ret == NULL) {
252	PyErr_NoMemory();
253	return NULL;
254	}
255
256	for (i = 0; i < PyList_Size(list); i++) {
257	PyObject *item = PyList_GetItem(list, i);
258	if (!PyString_Check(item)) {
259	PyErr_Format(PyExc_TypeError, "%s should be strings", paramname);
260	return NULL;
261	}
262	ret[i] = talloc_strndup(ret, PyString_AsString(item),
263	PyString_Size(item));
264	}
265	ret[i] = NULL;
266	return ret;
267	}
268
269	static PyObject PyAuthContext_FromContext(struct auth_context auth_context)
270	{
271	return py_talloc_reference(&PyAuthContext, auth_context);
272	}
273
274	static PyObject py_auth_context_new(PyTypeObject type, PyObject args, PyObject kwargs)
275	{
276	PyObject *py_lp_ctx = Py_None;
277	PyObject *py_ldb = Py_None;
278	PyObject *py_messaging_ctx = Py_None;
279	PyObject *py_auth_context = Py_None;
280	PyObject *py_methods = Py_None;
281	TALLOC_CTX *mem_ctx;
282	struct auth_context *auth_context;
283	struct messaging_context *messaging_context = NULL;
284	struct loadparm_context *lp_ctx;
285	struct tevent_context *ev;
286	struct ldb_context *ldb;
287	NTSTATUS nt_status;
288	const char **methods;
289
290	const char * const kwnames[] = { "lp_ctx", "messaging_ctx", "ldb", "methods", NULL };
291
292	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "\|OOOO",
293	discard_const_p(char *, kwnames),
294	&py_lp_ctx, &py_messaging_ctx, &py_ldb, &py_methods))
295	return NULL;
296
297	mem_ctx = talloc_new(NULL);
298	if (mem_ctx == NULL) {
299	PyErr_NoMemory();
300	return NULL;
301	}
302
303	if (py_ldb != Py_None) {
304	ldb = PyLdb_AsLdbContext(py_ldb);
305	}
306
307	lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
308
309	ev = tevent_context_init(mem_ctx);
310	if (ev == NULL) {
311	PyErr_NoMemory();
312	return NULL;
313	}
314
315	if (py_messaging_ctx != Py_None) {
316	messaging_context = py_talloc_get_type(py_messaging_ctx, struct messaging_context);
317	}
318
319	if (py_methods == Py_None && py_ldb == Py_None) {
320	nt_status = auth_context_create(mem_ctx, ev, messaging_context, lp_ctx, &auth_context);
321	} else {
322	if (py_methods != Py_None) {
323	methods = PyList_AsStringList(mem_ctx, py_methods, "methods");
324	if (methods == NULL) {
325	talloc_free(mem_ctx);
326	return NULL;
327	}
328	} else {
329	methods = auth_methods_from_lp(mem_ctx, lp_ctx);
330	}
331	nt_status = auth_context_create_methods(mem_ctx, methods, ev,
332	messaging_context, lp_ctx,
333	ldb, &auth_context);
334	}
335
336	if (!NT_STATUS_IS_OK(nt_status)) {
337	talloc_free(mem_ctx);
338	PyErr_NTSTATUS_IS_ERR_RAISE(nt_status);
339	}
340
341	if (!talloc_reference(auth_context, lp_ctx)) {
342	talloc_free(mem_ctx);
343	PyErr_NoMemory();
344	return NULL;
345	}
346
347	if (!talloc_reference(auth_context, ev)) {
348	talloc_free(mem_ctx);
349	PyErr_NoMemory();
350	return NULL;
351	}
352
353	py_auth_context = PyAuthContext_FromContext(auth_context);
354
355	talloc_free(mem_ctx);
356
357	return py_auth_context;
358	}
359
360	static PyTypeObject PyAuthContext = {
361	.tp_name = "AuthContext",
362	.tp_basicsize = sizeof(py_talloc_Object),
363	.tp_flags = Py_TPFLAGS_DEFAULT,
364	.tp_new = py_auth_context_new,
365	.tp_basicsize = sizeof(py_talloc_Object),
366	};
367
368	static PyMethodDef py_auth_methods[] = {
369	{ "system_session", (PyCFunction)py_system_session, METH_VARARGS, NULL },
370	{ "admin_session", (PyCFunction)py_admin_session, METH_VARARGS, NULL },
371	{ "user_session", (PyCFunction)py_user_session, METH_VARARGS\|METH_KEYWORDS, NULL },
372	{ NULL },
373	};
374
375	void initauth(void)
376	{
377	PyObject *m;
378
379	PyAuthSession.tp_base = PyTalloc_GetObjectType();
380	if (PyAuthSession.tp_base == NULL)
381	return;
382
383	if (PyType_Ready(&PyAuthSession) < 0)
384	return;
385
386	PyAuthContext.tp_base = PyTalloc_GetObjectType();
387	if (PyAuthContext.tp_base == NULL)
388	return;
389
390	if (PyType_Ready(&PyAuthContext) < 0)
391	return;
392
393	m = Py_InitModule3("auth", py_auth_methods,
394	"Authentication and authorization support.");
395	if (m == NULL)
396	return;
397
398	Py_INCREF(&PyAuthSession);
399	PyModule_AddObject(m, "AuthSession", (PyObject *)&PyAuthSession);
400	Py_INCREF(&PyAuthContext);
401	PyModule_AddObject(m, "AuthContext", (PyObject *)&PyAuthContext);
402
403	#define ADD_FLAG(val) PyModule_AddObject(m, #val, PyInt_FromLong(val))
404	ADD_FLAG(AUTH_SESSION_INFO_DEFAULT_GROUPS);
405	ADD_FLAG(AUTH_SESSION_INFO_AUTHENTICATED);
406	ADD_FLAG(AUTH_SESSION_INFO_SIMPLE_PRIVILEGES);
407
408	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: