Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

pyauth.c

Visit:

Last change on this file was 988, checked in by Silvan Scherrer, 9 years ago
Samba Server: update vendor to version 4.4.3
File size: 8.3 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3	Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2008
4	Copyright (C) Andrew Bartlett <abartlet@samba.org> 2011
5
6	This program is free software; you can redistribute it and/or modify
7	it under the terms of the GNU General Public License as published by
8	the Free Software Foundation; either version 3 of the License, or
9	(at your option) any later version.
10
11	This program is distributed in the hope that it will be useful,
12	but WITHOUT ANY WARRANTY; without even the implied warranty of
13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	GNU General Public License for more details.
15
16	You should have received a copy of the GNU General Public License
17	along with this program. If not, see <http://www.gnu.org/licenses/>.
18	*/
19
20	#include <Python.h>
21	#include "includes.h"
22	#include "libcli/util/pyerrors.h"
23	#include "param/param.h"
24	#include "pyauth.h"
25	#include "pyldb.h"
26	#include "auth/system_session_proto.h"
27	#include "auth/auth.h"
28	#include "param/pyparam.h"
29	#include "libcli/security/security.h"
30	#include "auth/credentials/pycredentials.h"
31	#include <tevent.h>
32	#include "librpc/rpc/pyrpc_util.h"
33	#include "lib/events/events.h"
34
35	void initauth(void);
36
37	staticforward PyTypeObject PyAuthContext;
38
39	static PyObject PyAuthSession_FromSession(struct auth_session_info session)
40	{
41	return py_return_ndr_struct("samba.dcerpc.auth", "session_info", session, session);
42	}
43
44	static PyObject py_system_session(PyObject module, PyObject *args)
45	{
46	PyObject *py_lp_ctx = Py_None;
47	struct loadparm_context *lp_ctx = NULL;
48	struct auth_session_info *session;
49	TALLOC_CTX *mem_ctx;
50	if (!PyArg_ParseTuple(args, "\|O", &py_lp_ctx))
51	return NULL;
52
53	mem_ctx = talloc_new(NULL);
54	if (mem_ctx == NULL) {
55	PyErr_NoMemory();
56	return NULL;
57	}
58
59	lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
60	if (lp_ctx == NULL) {
61	talloc_free(mem_ctx);
62	return NULL;
63	}
64
65	session = system_session(lp_ctx);
66
67	talloc_free(mem_ctx);
68
69	return PyAuthSession_FromSession(session);
70	}
71
72
73	static PyObject py_admin_session(PyObject module, PyObject *args)
74	{
75	PyObject *py_lp_ctx;
76	PyObject *py_sid;
77	struct loadparm_context *lp_ctx = NULL;
78	struct auth_session_info *session;
79	struct dom_sid *domain_sid = NULL;
80	TALLOC_CTX *mem_ctx;
81
82	if (!PyArg_ParseTuple(args, "OO", &py_lp_ctx, &py_sid))
83	return NULL;
84
85	mem_ctx = talloc_new(NULL);
86	if (mem_ctx == NULL) {
87	PyErr_NoMemory();
88	return NULL;
89	}
90
91	lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
92	if (lp_ctx == NULL) {
93	talloc_free(mem_ctx);
94	return NULL;
95	}
96
97	domain_sid = dom_sid_parse_talloc(mem_ctx, PyString_AsString(py_sid));
98	if (domain_sid == NULL) {
99	PyErr_Format(PyExc_RuntimeError, "Unable to parse sid %s",
100	PyString_AsString(py_sid));
101	talloc_free(mem_ctx);
102	return NULL;
103	}
104	session = admin_session(NULL, lp_ctx, domain_sid);
105	talloc_free(mem_ctx);
106
107	return PyAuthSession_FromSession(session);
108	}
109
110	static PyObject py_user_session(PyObject module, PyObject args, PyObject kwargs)
111	{
112	NTSTATUS nt_status;
113	struct auth_session_info *session;
114	TALLOC_CTX *mem_ctx;
115	const char * const kwnames[] = { "ldb", "lp_ctx", "principal", "dn", "session_info_flags", NULL };
116	struct ldb_context *ldb_ctx;
117	PyObject *py_ldb = Py_None;
118	PyObject *py_dn = Py_None;
119	PyObject *py_lp_ctx = Py_None;
120	struct loadparm_context *lp_ctx = NULL;
121	struct ldb_dn *user_dn;
122	char *principal = NULL;
123	int session_info_flags = 0; /* This is an int, because that's
124	* what we need for the python
125	* PyArg_ParseTupleAndKeywords */
126
127	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "O\|OzOi",
128	discard_const_p(char *, kwnames),
129	&py_ldb, &py_lp_ctx, &principal, &py_dn, &session_info_flags)) {
130	return NULL;
131	}
132
133	mem_ctx = talloc_new(NULL);
134	if (mem_ctx == NULL) {
135	PyErr_NoMemory();
136	return NULL;
137	}
138
139	ldb_ctx = pyldb_Ldb_AsLdbContext(py_ldb);
140
141	if (py_dn == Py_None) {
142	user_dn = NULL;
143	} else {
144	if (!pyldb_Object_AsDn(ldb_ctx, py_dn, ldb_ctx, &user_dn)) {
145	talloc_free(mem_ctx);
146	return NULL;
147	}
148	}
149
150	lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
151	if (lp_ctx == NULL) {
152	talloc_free(mem_ctx);
153	return NULL;
154	}
155
156	nt_status = authsam_get_session_info_principal(mem_ctx, lp_ctx, ldb_ctx, principal, user_dn,
157	session_info_flags, &session);
158	if (!NT_STATUS_IS_OK(nt_status)) {
159	talloc_free(mem_ctx);
160	PyErr_NTSTATUS_IS_ERR_RAISE(nt_status);
161	}
162
163	talloc_steal(NULL, session);
164	talloc_free(mem_ctx);
165
166	return PyAuthSession_FromSession(session);
167	}
168
169
170	static const char *PyList_AsStringList(TALLOC_CTX mem_ctx, PyObject *list,
171	const char *paramname)
172	{
173	const char **ret;
174	Py_ssize_t i;
175	if (!PyList_Check(list)) {
176	PyErr_Format(PyExc_TypeError, "%s is not a list", paramname);
177	return NULL;
178	}
179	ret = talloc_array(NULL, const char *, PyList_Size(list)+1);
180	if (ret == NULL) {
181	PyErr_NoMemory();
182	return NULL;
183	}
184
185	for (i = 0; i < PyList_Size(list); i++) {
186	PyObject *item = PyList_GetItem(list, i);
187	if (!PyString_Check(item)) {
188	PyErr_Format(PyExc_TypeError, "%s should be strings", paramname);
189	return NULL;
190	}
191	ret[i] = talloc_strndup(ret, PyString_AsString(item),
192	PyString_Size(item));
193	}
194	ret[i] = NULL;
195	return ret;
196	}
197
198	static PyObject PyAuthContext_FromContext(struct auth4_context auth_context)
199	{
200	return pytalloc_reference(&PyAuthContext, auth_context);
201	}
202
203	static PyObject py_auth_context_new(PyTypeObject type, PyObject args, PyObject kwargs)
204	{
205	PyObject *py_lp_ctx = Py_None;
206	PyObject *py_ldb = Py_None;
207	PyObject *py_imessaging_ctx = Py_None;
208	PyObject *py_auth_context = Py_None;
209	PyObject *py_methods = Py_None;
210	TALLOC_CTX *mem_ctx;
211	struct auth4_context *auth_context;
212	struct imessaging_context *imessaging_context = NULL;
213	struct loadparm_context *lp_ctx;
214	struct tevent_context *ev;
215	struct ldb_context *ldb = NULL;
216	NTSTATUS nt_status;
217	const char **methods;
218
219	const char * const kwnames[] = { "lp_ctx", "messaging_ctx", "ldb", "methods", NULL };
220
221	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "\|OOOO",
222	discard_const_p(char *, kwnames),
223	&py_lp_ctx, &py_imessaging_ctx, &py_ldb, &py_methods))
224	return NULL;
225
226	mem_ctx = talloc_new(NULL);
227	if (mem_ctx == NULL) {
228	PyErr_NoMemory();
229	return NULL;
230	}
231
232	if (py_ldb != Py_None) {
233	ldb = pyldb_Ldb_AsLdbContext(py_ldb);
234	}
235
236	lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
237	if (lp_ctx == NULL) {
238	PyErr_NoMemory();
239	return NULL;
240	}
241
242	ev = s4_event_context_init(mem_ctx);
243	if (ev == NULL) {
244	PyErr_NoMemory();
245	return NULL;
246	}
247
248	if (py_imessaging_ctx != Py_None) {
249	imessaging_context = pytalloc_get_type(py_imessaging_ctx, struct imessaging_context);
250	}
251
252	if (py_methods == Py_None && py_ldb == Py_None) {
253	nt_status = auth_context_create(mem_ctx, ev, imessaging_context, lp_ctx, &auth_context);
254	} else {
255	if (py_methods != Py_None) {
256	methods = PyList_AsStringList(mem_ctx, py_methods, "methods");
257	if (methods == NULL) {
258	talloc_free(mem_ctx);
259	return NULL;
260	}
261	} else {
262	methods = auth_methods_from_lp(mem_ctx, lp_ctx);
263	}
264	nt_status = auth_context_create_methods(mem_ctx, methods, ev,
265	imessaging_context, lp_ctx,
266	ldb, &auth_context);
267	}
268
269	if (!NT_STATUS_IS_OK(nt_status)) {
270	talloc_free(mem_ctx);
271	PyErr_NTSTATUS_IS_ERR_RAISE(nt_status);
272	}
273
274	if (!talloc_reference(auth_context, lp_ctx)) {
275	talloc_free(mem_ctx);
276	PyErr_NoMemory();
277	return NULL;
278	}
279
280	if (!talloc_reference(auth_context, ev)) {
281	talloc_free(mem_ctx);
282	PyErr_NoMemory();
283	return NULL;
284	}
285
286	py_auth_context = PyAuthContext_FromContext(auth_context);
287
288	talloc_free(mem_ctx);
289
290	return py_auth_context;
291	}
292
293	static PyTypeObject PyAuthContext = {
294	.tp_name = "AuthContext",
295	.tp_flags = Py_TPFLAGS_DEFAULT,
296	.tp_new = py_auth_context_new,
297	};
298
299	static PyMethodDef py_auth_methods[] = {
300	{ "system_session", (PyCFunction)py_system_session, METH_VARARGS, NULL },
301	{ "admin_session", (PyCFunction)py_admin_session, METH_VARARGS, NULL },
302	{ "user_session", (PyCFunction)py_user_session, METH_VARARGS\|METH_KEYWORDS, NULL },
303	{ NULL },
304	};
305
306	void initauth(void)
307	{
308	PyObject *m;
309
310	if (pytalloc_BaseObject_PyType_Ready(&PyAuthContext) < 0)
311	return;
312
313	m = Py_InitModule3("auth", py_auth_methods,
314	"Authentication and authorization support.");
315	if (m == NULL)
316	return;
317
318	Py_INCREF(&PyAuthContext);
319	PyModule_AddObject(m, "AuthContext", (PyObject *)&PyAuthContext);
320
321	#define ADD_FLAG(val) PyModule_AddObject(m, #val, PyInt_FromLong(val))
322	ADD_FLAG(AUTH_SESSION_INFO_DEFAULT_GROUPS);
323	ADD_FLAG(AUTH_SESSION_INFO_AUTHENTICATED);
324	ADD_FLAG(AUTH_SESSION_INFO_SIMPLE_PRIVILEGES);
325
326	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: vendor/current/source4/auth/pyauth.c

Download in other formats: