search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4: torture: Add an async SMB2_OP_FLUSH + SMB2_OP_CLOSE test to smb2.compound_async.
[Samba.git] / source4 / auth / pyauth.c
blobec6065d7d0aa583777e6c6f3ba29ae1d8ba99489
1 /*
2 Unix SMB/CIFS implementation.
3 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2008
4 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2011
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include <Python.h>
21 #include "python/py3compat.h"
22 #include "includes.h"
23 #include "python/modules.h"
24 #include "libcli/util/pyerrors.h"
25 #include "param/param.h"
26 #include "pyauth.h"
27 #include "pyldb.h"
28 #include "auth/system_session_proto.h"
29 #include "auth/auth.h"
30 #include "auth/auth_util.h"
31 #include "param/pyparam.h"
32 #include "libcli/security/security.h"
33 #include "auth/credentials/pycredentials.h"
34 #include <tevent.h>
35 #include "librpc/rpc/pyrpc_util.h"
36 #include "lib/events/events.h"
37
38 static PyTypeObject PyAuthContext;
39
40 static PyObject *PyAuthSession_FromSession(struct auth_session_info *session)
41 {
42 return py_return_ndr_struct("samba.dcerpc.auth", "session_info", session, session);
43 }
44
45 static PyObject *py_copy_session_info(PyObject *module,
46 PyObject *args,
47 PyObject *kwargs)
48 {
49 PyObject *py_session = Py_None;
50 PyObject *result = Py_None;
51 struct auth_session_info *session = NULL;
52 struct auth_session_info *session_duplicate = NULL;
53 TALLOC_CTX *frame;
54 int ret = 1;
55
56 const char * const kwnames[] = { "session_info", NULL };
57
58 ret = PyArg_ParseTupleAndKeywords(args,
59 kwargs,
60 "O",
61 discard_const_p(char *, kwnames),
62 &py_session);
63 if (!ret) {
64 return NULL;
65 }
66
67 ret = py_check_dcerpc_type(py_session,
68 "samba.dcerpc.auth",
69 "session_info");
70 if (!ret) {
71 return NULL;
72 }
73 session = pytalloc_get_type(py_session,
74 struct auth_session_info);
75 if (!session) {
76 PyErr_Format(PyExc_TypeError,
77 "Expected auth_session_info for session_info "
78 "argument got %s",
79 pytalloc_get_name(py_session));
80 return NULL;
81 }
82
83 frame = talloc_stackframe();
84 if (frame == NULL) {
85 return PyErr_NoMemory();
86 }
87
88 session_duplicate = copy_session_info(frame, session);
89 if (session_duplicate == NULL) {
90 TALLOC_FREE(frame);
91 return PyErr_NoMemory();
92 }
93
94 result = PyAuthSession_FromSession(session_duplicate);
95 TALLOC_FREE(frame);
96 return result;
97 }
98
99 static PyObject *py_system_session(PyObject *module, PyObject *args)
100 {
101 PyObject *py_lp_ctx = Py_None;
102 struct loadparm_context *lp_ctx = NULL;
103 struct auth_session_info *session;
104 TALLOC_CTX *mem_ctx;
105 if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
106 return NULL;
107
108 mem_ctx = talloc_new(NULL);
109 if (mem_ctx == NULL) {
110 PyErr_NoMemory();
111 return NULL;
112 }
113
114 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
115 if (lp_ctx == NULL) {
116 talloc_free(mem_ctx);
117 return NULL;
118 }
119
120 session = system_session(lp_ctx);
121
122 talloc_free(mem_ctx);
123
124 return PyAuthSession_FromSession(session);
125 }
126
127
128 static PyObject *py_admin_session(PyObject *module, PyObject *args)
129 {
130 PyObject *py_lp_ctx;
131 const char *sid;
132 struct loadparm_context *lp_ctx = NULL;
133 struct auth_session_info *session;
134 struct dom_sid *domain_sid = NULL;
135 TALLOC_CTX *mem_ctx;
136
137 if (!PyArg_ParseTuple(args, "Os", &py_lp_ctx, &sid))
138 return NULL;
139
140 mem_ctx = talloc_new(NULL);
141 if (mem_ctx == NULL) {
142 PyErr_NoMemory();
143 return NULL;
144 }
145
146 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
147 if (lp_ctx == NULL) {
148 talloc_free(mem_ctx);
149 return NULL;
150 }
151
152 domain_sid = dom_sid_parse_talloc(mem_ctx, sid);
153 if (domain_sid == NULL) {
154 PyErr_Format(PyExc_RuntimeError, "Unable to parse sid %s", sid);
155 talloc_free(mem_ctx);
156 return NULL;
157 }
158 session = admin_session(NULL, lp_ctx, domain_sid);
159 talloc_free(mem_ctx);
160
161 return PyAuthSession_FromSession(session);
162 }
163
164 static PyObject *py_user_session(PyObject *module, PyObject *args, PyObject *kwargs)
165 {
166 NTSTATUS nt_status;
167 struct auth_session_info *session;
168 TALLOC_CTX *mem_ctx;
169 const char * const kwnames[] = { "ldb", "lp_ctx", "principal", "dn", "session_info_flags", NULL };
170 struct ldb_context *ldb_ctx;
171 PyObject *py_ldb = Py_None;
172 PyObject *py_dn = Py_None;
173 PyObject *py_lp_ctx = Py_None;
174 struct loadparm_context *lp_ctx = NULL;
175 struct ldb_dn *user_dn;
176 char *principal = NULL;
177 int session_info_flags = 0; /* This is an int, because that's
178 * what we need for the python
179 * PyArg_ParseTupleAndKeywords */
180
181 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "O|OzOi",
182 discard_const_p(char *, kwnames),
183 &py_ldb, &py_lp_ctx, &principal, &py_dn, &session_info_flags)) {
184 return NULL;
185 }
186
187 mem_ctx = talloc_new(NULL);
188 if (mem_ctx == NULL) {
189 PyErr_NoMemory();
190 return NULL;
191 }
192
193 ldb_ctx = pyldb_Ldb_AsLdbContext(py_ldb);
194 if (ldb_ctx == NULL) {
195 talloc_free(mem_ctx);
196 return NULL;
197 }
198
199 if (py_dn == Py_None) {
200 user_dn = NULL;
201 } else {
202 if (!pyldb_Object_AsDn(ldb_ctx, py_dn, ldb_ctx, &user_dn)) {
203 talloc_free(mem_ctx);
204 return NULL;
205 }
206 }
207
208 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
209 if (lp_ctx == NULL) {
210 talloc_free(mem_ctx);
211 return NULL;
212 }
213
214 nt_status = authsam_get_session_info_principal(mem_ctx, lp_ctx, ldb_ctx, principal, user_dn,
215 session_info_flags, &session);
216 if (!NT_STATUS_IS_OK(nt_status)) {
217 talloc_free(mem_ctx);
218 PyErr_NTSTATUS_IS_ERR_RAISE(nt_status);
219 }
220
221 talloc_steal(NULL, session);
222 talloc_free(mem_ctx);
223
224 return PyAuthSession_FromSession(session);
225 }
226
227 static PyObject *py_session_info_fill_unix(PyObject *module,
228 PyObject *args,
229 PyObject *kwargs)
230 {
231 NTSTATUS nt_status;
232 char *user_name = NULL;
233 struct loadparm_context *lp_ctx = NULL;
234 struct auth_session_info *session_info;
235 PyObject *py_lp_ctx = Py_None;
236 PyObject *py_session = Py_None;
237 TALLOC_CTX *frame;
238
239 const char * const kwnames[] = { "session_info",
240 "user_name",
241 "lp_ctx",
242 NULL };
243 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "Oz|O",
244 discard_const_p(char *, kwnames),
245 &py_session,
246 &user_name,
247 &py_lp_ctx)) {
248 return NULL;
249 }
250
251 if (!py_check_dcerpc_type(py_session,
252 "samba.dcerpc.auth",
253 "session_info")) {
254 return NULL;
255 }
256 session_info = pytalloc_get_type(py_session,
257 struct auth_session_info);
258 if (!session_info) {
259 PyErr_Format(PyExc_TypeError,
260 "Expected auth_session_info for session_info argument got %s",
261 pytalloc_get_name(py_session));
262 return NULL;
263 }
264
265 frame = talloc_stackframe();
266
267 lp_ctx = lpcfg_from_py_object(frame, py_lp_ctx);
268 if (lp_ctx == NULL) {
269 TALLOC_FREE(frame);
270 return NULL;
271 }
272
273 nt_status = auth_session_info_fill_unix(lp_ctx,
274 user_name,
275 session_info);
276 TALLOC_FREE(frame);
277 if (!NT_STATUS_IS_OK(nt_status)) {
278 PyErr_NTSTATUS_IS_ERR_RAISE(nt_status);
279 }
280
281 Py_RETURN_NONE;
282 }
283
284
285 static PyObject *py_session_info_set_unix(PyObject *module,
286 PyObject *args,
287 PyObject *kwargs)
288 {
289 NTSTATUS nt_status;
290 char *user_name = NULL;
291 int uid = -1;
292 int gid = -1;
293 struct loadparm_context *lp_ctx = NULL;
294 struct auth_session_info *session_info;
295 PyObject *py_lp_ctx = Py_None;
296 PyObject *py_session = Py_None;
297 TALLOC_CTX *frame;
298
299 const char * const kwnames[] = { "session_info",
300 "user_name",
301 "uid",
302 "gid",
303 "lp_ctx",
304 NULL };
305
306 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "Ozii|O",
307 discard_const_p(char *, kwnames),
308 &py_session,
309 &user_name,
310 &uid,
311 &gid,
312 &py_lp_ctx)) {
313 return NULL;
314 }
315
316 if (!py_check_dcerpc_type(py_session,
317 "samba.dcerpc.auth",
318 "session_info")) {
319 return NULL;
320 }
321 session_info = pytalloc_get_type(py_session,
322 struct auth_session_info);
323 if (!session_info) {
324 PyErr_Format(PyExc_TypeError,
325 "Expected auth_session_info for session_info "
326 "argument got %s",
327 pytalloc_get_name(py_session));
328 return NULL;
329 }
330
331 frame = talloc_stackframe();
332
333 lp_ctx = lpcfg_from_py_object(frame, py_lp_ctx);
334 if (lp_ctx == NULL) {
335 TALLOC_FREE(frame);
336 return NULL;
337 }
338
339 nt_status = auth_session_info_set_unix(lp_ctx,
340 user_name,
341 uid,
342 gid,
343 session_info);
344 TALLOC_FREE(frame);
345 if (!NT_STATUS_IS_OK(nt_status)) {
346 PyErr_NTSTATUS_IS_ERR_RAISE(nt_status);
347 }
348
349 Py_RETURN_NONE;
350 }
351
352
353 static const char **PyList_AsStringList(TALLOC_CTX *mem_ctx, PyObject *list,
354 const char *paramname)
355 {
356 const char **ret;
357 Py_ssize_t i;
358 if (!PyList_Check(list)) {
359 PyErr_Format(PyExc_TypeError, "%s is not a list", paramname);
360 return NULL;
361 }
362 ret = talloc_array(NULL, const char *, PyList_Size(list)+1);
363 if (ret == NULL) {
364 PyErr_NoMemory();
365 return NULL;
366 }
367
368 for (i = 0; i < PyList_Size(list); i++) {
369 const char *value;
370 Py_ssize_t size;
371 PyObject *item = PyList_GetItem(list, i);
372 if (!PyUnicode_Check(item)) {
373 PyErr_Format(PyExc_TypeError, "%s should be strings", paramname);
374 return NULL;
375 }
376 value = PyUnicode_AsUTF8AndSize(item, &size);
377 if (value == NULL) {
378 talloc_free(ret);
379 return NULL;
380 }
381 ret[i] = talloc_strndup(ret, value, size);
382 }
383 ret[i] = NULL;
384 return ret;
385 }
386
387 static PyObject *PyAuthContext_FromContext(struct auth4_context *auth_context)
388 {
389 return pytalloc_reference(&PyAuthContext, auth_context);
390 }
391
392 static PyObject *py_auth_context_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
393 {
394 PyObject *py_lp_ctx = Py_None;
395 PyObject *py_ldb = Py_None;
396 PyObject *py_auth_context = Py_None;
397 PyObject *py_methods = Py_None;
398 TALLOC_CTX *mem_ctx;
399 struct auth4_context *auth_context;
400 struct loadparm_context *lp_ctx;
401 struct tevent_context *ev;
402 struct ldb_context *ldb = NULL;
403 NTSTATUS nt_status;
404 const char **methods;
405
406 const char *const kwnames[] = {"lp_ctx", "ldb", "methods", NULL};
407
408 if (!PyArg_ParseTupleAndKeywords(args,
409 kwargs,
410 "|OOO",
411 discard_const_p(char *, kwnames),
412 &py_lp_ctx,
413 &py_ldb,
414 &py_methods))
415 return NULL;
416
417 mem_ctx = talloc_new(NULL);
418 if (mem_ctx == NULL) {
419 PyErr_NoMemory();
420 return NULL;
421 }
422
423 if (py_ldb != Py_None) {
424 ldb = pyldb_Ldb_AsLdbContext(py_ldb);
425 if (ldb == NULL) {
426 talloc_free(mem_ctx);
427 return NULL;
428 }
429 }
430
431 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
432 if (lp_ctx == NULL) {
433 talloc_free(mem_ctx);
434 PyErr_NoMemory();
435 return NULL;
436 }
437
438 ev = s4_event_context_init(mem_ctx);
439 if (ev == NULL) {
440 talloc_free(mem_ctx);
441 PyErr_NoMemory();
442 return NULL;
443 }
444
445 if (py_methods == Py_None && py_ldb == Py_None) {
446 nt_status = auth_context_create(
447 mem_ctx, ev, NULL, lp_ctx, &auth_context);
448 } else {
449 if (py_methods != Py_None) {
450 methods = PyList_AsStringList(mem_ctx, py_methods, "methods");
451 if (methods == NULL) {
452 talloc_free(mem_ctx);
453 return NULL;
454 }
455 } else {
456 methods = auth_methods_from_lp(mem_ctx, lp_ctx);
457 }
458 nt_status = auth_context_create_methods(
459 mem_ctx, methods, ev, NULL, lp_ctx, ldb, &auth_context);
460 }
461
462 if (!NT_STATUS_IS_OK(nt_status)) {
463 talloc_free(mem_ctx);
464 PyErr_NTSTATUS_IS_ERR_RAISE(nt_status);
465 }
466
467 if (!talloc_reference(auth_context, lp_ctx)) {
468 talloc_free(mem_ctx);
469 PyErr_NoMemory();
470 return NULL;
471 }
472
473 if (!talloc_reference(auth_context, ev)) {
474 talloc_free(mem_ctx);
475 PyErr_NoMemory();
476 return NULL;
477 }
478
479 py_auth_context = PyAuthContext_FromContext(auth_context);
480
481 talloc_free(mem_ctx);
482
483 return py_auth_context;
484 }
485
486 static PyTypeObject PyAuthContext = {
487 .tp_name = "AuthContext",
488 .tp_flags = Py_TPFLAGS_DEFAULT,
489 .tp_new = py_auth_context_new,
490 };
491
492 static PyMethodDef py_auth_methods[] = {
493 { "system_session", (PyCFunction)py_system_session, METH_VARARGS, NULL },
494 { "admin_session", (PyCFunction)py_admin_session, METH_VARARGS, NULL },
495 { "user_session", PY_DISCARD_FUNC_SIG(PyCFunction,py_user_session),
496 METH_VARARGS|METH_KEYWORDS, NULL },
497 { "session_info_fill_unix",
498 PY_DISCARD_FUNC_SIG(PyCFunction,py_session_info_fill_unix),
499 METH_VARARGS|METH_KEYWORDS,
500 NULL },
501 { "session_info_set_unix",
502 PY_DISCARD_FUNC_SIG(PyCFunction,py_session_info_set_unix),
503 METH_VARARGS|METH_KEYWORDS,
504 NULL },
505 { "copy_session_info",
506 PY_DISCARD_FUNC_SIG(PyCFunction,py_copy_session_info),
507 METH_VARARGS|METH_KEYWORDS,
508 NULL },
509 {0},
510 };
511
512 static struct PyModuleDef moduledef = {
513 PyModuleDef_HEAD_INIT,
514 .m_name = "auth",
515 .m_doc = "Authentication and authorization support.",
516 .m_size = -1,
517 .m_methods = py_auth_methods,
518 };
519
520 MODULE_INIT_FUNC(auth)
521 {
522 PyObject *m;
523
524 if (pytalloc_BaseObject_PyType_Ready(&PyAuthContext) < 0)
525 return NULL;
526
527 m = PyModule_Create(&moduledef);
528 if (m == NULL)
529 return NULL;
530
531 Py_INCREF(&PyAuthContext);
532 PyModule_AddObject(m, "AuthContext", (PyObject *)&PyAuthContext);
533
534 #define ADD_FLAG(val) PyModule_AddIntConstant(m, #val, val)
535 ADD_FLAG(AUTH_SESSION_INFO_DEFAULT_GROUPS);
536 ADD_FLAG(AUTH_SESSION_INFO_AUTHENTICATED);
537 ADD_FLAG(AUTH_SESSION_INFO_SIMPLE_PRIVILEGES);
538 ADD_FLAG(AUTH_SESSION_INFO_NTLM);
539
540 return m;
541 }
Samba GIT mirror