search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4-param: Check type when converting python object to lp_ctx, fix some
[Samba.git] / source4 / auth / credentials / pycredentials.c
blobe1a74037ecffbe31abc78b69bb450795e2b341e6
1 /*
2 Unix SMB/CIFS implementation.
3 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 3 of the License, or
8 (at your option) any later version.
9
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17 */
18
19 #include <Python.h>
20 #include "includes.h"
21 #include "pycredentials.h"
22 #include "param/param.h"
23 #include "lib/cmdline/credentials.h"
24 #include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
25 #include "libcli/util/pyerrors.h"
26 #include "param/pyparam.h"
27 #include <tevent.h>
28
29 static PyObject *PyString_FromStringOrNULL(const char *str)
30 {
31 if (str == NULL)
32 Py_RETURN_NONE;
33 return PyString_FromString(str);
34 }
35
36 static PyObject *py_creds_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
37 {
38 py_talloc_Object *ret = (py_talloc_Object *)type->tp_alloc(type, 0);
39 if (ret == NULL) {
40 PyErr_NoMemory();
41 return NULL;
42 }
43 ret->talloc_ctx = talloc_new(NULL);
44 if (ret->talloc_ctx == NULL) {
45 PyErr_NoMemory();
46 return NULL;
47 }
48 ret->ptr = cli_credentials_init(ret->talloc_ctx);
49 return (PyObject *)ret;
50 }
51
52 static PyObject *py_creds_get_username(py_talloc_Object *self)
53 {
54 return PyString_FromStringOrNULL(cli_credentials_get_username(PyCredentials_AsCliCredentials(self)));
55 }
56
57 static PyObject *py_creds_set_username(py_talloc_Object *self, PyObject *args)
58 {
59 char *newval;
60 enum credentials_obtained obt = CRED_SPECIFIED;
61 if (!PyArg_ParseTuple(args, "s|i", &newval, &obt))
62 return NULL;
63
64 return PyBool_FromLong(cli_credentials_set_username(PyCredentials_AsCliCredentials(self), newval, obt));
65 }
66
67 static PyObject *py_creds_get_password(py_talloc_Object *self)
68 {
69 return PyString_FromStringOrNULL(cli_credentials_get_password(PyCredentials_AsCliCredentials(self)));
70 }
71
72
73 static PyObject *py_creds_set_password(py_talloc_Object *self, PyObject *args)
74 {
75 char *newval;
76 enum credentials_obtained obt = CRED_SPECIFIED;
77 if (!PyArg_ParseTuple(args, "s|i", &newval, &obt))
78 return NULL;
79
80 return PyBool_FromLong(cli_credentials_set_password(PyCredentials_AsCliCredentials(self), newval, obt));
81 }
82
83 static PyObject *py_creds_get_domain(py_talloc_Object *self)
84 {
85 return PyString_FromStringOrNULL(cli_credentials_get_domain(PyCredentials_AsCliCredentials(self)));
86 }
87
88 static PyObject *py_creds_set_domain(py_talloc_Object *self, PyObject *args)
89 {
90 char *newval;
91 enum credentials_obtained obt = CRED_SPECIFIED;
92 if (!PyArg_ParseTuple(args, "s|i", &newval, &obt))
93 return NULL;
94
95 return PyBool_FromLong(cli_credentials_set_domain(PyCredentials_AsCliCredentials(self), newval, obt));
96 }
97
98 static PyObject *py_creds_get_realm(py_talloc_Object *self)
99 {
100 return PyString_FromStringOrNULL(cli_credentials_get_realm(PyCredentials_AsCliCredentials(self)));
101 }
102
103 static PyObject *py_creds_set_realm(py_talloc_Object *self, PyObject *args)
104 {
105 char *newval;
106 enum credentials_obtained obt = CRED_SPECIFIED;
107 if (!PyArg_ParseTuple(args, "s|i", &newval, &obt))
108 return NULL;
109
110 return PyBool_FromLong(cli_credentials_set_realm(PyCredentials_AsCliCredentials(self), newval, obt));
111 }
112
113 static PyObject *py_creds_get_bind_dn(py_talloc_Object *self)
114 {
115 return PyString_FromStringOrNULL(cli_credentials_get_bind_dn(PyCredentials_AsCliCredentials(self)));
116 }
117
118 static PyObject *py_creds_set_bind_dn(py_talloc_Object *self, PyObject *args)
119 {
120 char *newval;
121 if (!PyArg_ParseTuple(args, "s", &newval))
122 return NULL;
123
124 return PyBool_FromLong(cli_credentials_set_bind_dn(PyCredentials_AsCliCredentials(self), newval));
125 }
126
127 static PyObject *py_creds_get_workstation(py_talloc_Object *self)
128 {
129 return PyString_FromStringOrNULL(cli_credentials_get_workstation(PyCredentials_AsCliCredentials(self)));
130 }
131
132 static PyObject *py_creds_set_workstation(py_talloc_Object *self, PyObject *args)
133 {
134 char *newval;
135 enum credentials_obtained obt = CRED_SPECIFIED;
136 if (!PyArg_ParseTuple(args, "s|i", &newval, &obt))
137 return NULL;
138
139 return PyBool_FromLong(cli_credentials_set_workstation(PyCredentials_AsCliCredentials(self), newval, obt));
140 }
141
142 static PyObject *py_creds_is_anonymous(py_talloc_Object *self)
143 {
144 return PyBool_FromLong(cli_credentials_is_anonymous(PyCredentials_AsCliCredentials(self)));
145 }
146
147 static PyObject *py_creds_set_anonymous(py_talloc_Object *self)
148 {
149 cli_credentials_set_anonymous(PyCredentials_AsCliCredentials(self));
150 Py_RETURN_NONE;
151 }
152
153 static PyObject *py_creds_authentication_requested(py_talloc_Object *self)
154 {
155 return PyBool_FromLong(cli_credentials_authentication_requested(PyCredentials_AsCliCredentials(self)));
156 }
157
158 static PyObject *py_creds_wrong_password(py_talloc_Object *self)
159 {
160 return PyBool_FromLong(cli_credentials_wrong_password(PyCredentials_AsCliCredentials(self)));
161 }
162
163 static PyObject *py_creds_set_cmdline_callbacks(py_talloc_Object *self)
164 {
165 return PyBool_FromLong(cli_credentials_set_cmdline_callbacks(PyCredentials_AsCliCredentials(self)));
166 }
167
168 static PyObject *py_creds_parse_string(py_talloc_Object *self, PyObject *args)
169 {
170 char *newval;
171 enum credentials_obtained obt = CRED_SPECIFIED;
172 if (!PyArg_ParseTuple(args, "s|i", &newval, &obt))
173 return NULL;
174
175 cli_credentials_parse_string(PyCredentials_AsCliCredentials(self), newval, obt);
176 Py_RETURN_NONE;
177 }
178
179 static PyObject *py_creds_get_nt_hash(py_talloc_Object *self)
180 {
181 const struct samr_Password *ntpw = cli_credentials_get_nt_hash(PyCredentials_AsCliCredentials(self), self->ptr);
182
183 return PyString_FromStringAndSize(discard_const_p(char, ntpw->hash), 16);
184 }
185
186 static PyObject *py_creds_set_kerberos_state(py_talloc_Object *self, PyObject *args)
187 {
188 int state;
189 if (!PyArg_ParseTuple(args, "i", &state))
190 return NULL;
191
192 cli_credentials_set_kerberos_state(PyCredentials_AsCliCredentials(self), state);
193 Py_RETURN_NONE;
194 }
195
196 static PyObject *py_creds_set_krb_forwardable(py_talloc_Object *self, PyObject *args)
197 {
198 int state;
199 if (!PyArg_ParseTuple(args, "i", &state))
200 return NULL;
201
202 cli_credentials_set_krb_forwardable(PyCredentials_AsCliCredentials(self), state);
203 Py_RETURN_NONE;
204 }
205
206 static PyObject *py_creds_guess(py_talloc_Object *self, PyObject *args)
207 {
208 PyObject *py_lp_ctx = Py_None;
209 struct loadparm_context *lp_ctx;
210 struct cli_credentials *creds;
211
212 creds = PyCredentials_AsCliCredentials(self);
213
214 if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
215 return NULL;
216
217 lp_ctx = lpcfg_from_py_object(NULL, py_lp_ctx);
218 if (lp_ctx == NULL)
219 return NULL;
220
221 cli_credentials_guess(creds, lp_ctx);
222
223 talloc_free(lp_ctx);
224
225 Py_RETURN_NONE;
226 }
227
228 static PyObject *py_creds_set_machine_account(py_talloc_Object *self, PyObject *args)
229 {
230 PyObject *py_lp_ctx = Py_None;
231 struct loadparm_context *lp_ctx;
232 NTSTATUS status;
233 struct cli_credentials *creds;
234
235 creds = PyCredentials_AsCliCredentials(self);
236
237 if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
238 return NULL;
239
240 lp_ctx = lpcfg_from_py_object(NULL, py_lp_ctx);
241 if (lp_ctx == NULL)
242 return NULL;
243
244 status = cli_credentials_set_machine_account(creds, lp_ctx);
245 talloc_free(lp_ctx);
246
247 PyErr_NTSTATUS_IS_ERR_RAISE(status);
248
249 Py_RETURN_NONE;
250 }
251
252 PyObject *PyCredentialCacheContainer_from_ccache_container(struct ccache_container *ccc)
253 {
254 PyCredentialCacheContainerObject *py_ret;
255
256 if (ccc == NULL) {
257 Py_RETURN_NONE;
258 }
259
260 py_ret = (PyCredentialCacheContainerObject *)PyCredentialCacheContainer.tp_alloc(&PyCredentialCacheContainer, 0);
261 if (py_ret == NULL) {
262 PyErr_NoMemory();
263 return NULL;
264 }
265 py_ret->mem_ctx = talloc_new(NULL);
266 py_ret->ccc = talloc_reference(py_ret->mem_ctx, ccc);
267 return (PyObject *)py_ret;
268 }
269
270
271 static PyObject *py_creds_get_named_ccache(py_talloc_Object *self, PyObject *args)
272 {
273 PyObject *py_lp_ctx = Py_None;
274 char *ccache_name;
275 struct loadparm_context *lp_ctx;
276 struct ccache_container *ccc;
277 struct tevent_context *event_ctx;
278 int ret;
279 const char *error_string;
280 struct cli_credentials *creds;
281
282 creds = PyCredentials_AsCliCredentials(self);
283
284 if (!PyArg_ParseTuple(args, "|Os", &py_lp_ctx, &ccache_name))
285 return NULL;
286
287 lp_ctx = lpcfg_from_py_object(NULL, py_lp_ctx); /* FIXME: leaky */
288 if (lp_ctx == NULL)
289 return NULL;
290
291 event_ctx = tevent_context_init(NULL);
292
293 ret = cli_credentials_get_named_ccache(creds, event_ctx, lp_ctx,
294 ccache_name, &ccc, &error_string);
295 talloc_free(lp_ctx);
296 if (ret == 0) {
297 talloc_steal(ccc, event_ctx);
298 return PyCredentialCacheContainer_from_ccache_container(ccc);
299 }
300
301 PyErr_SetString(PyExc_RuntimeError, error_string?error_string:"NULL");
302
303 talloc_free(event_ctx);
304 return NULL;
305 }
306
307 static PyObject *py_creds_set_gensec_features(py_talloc_Object *self, PyObject *args)
308 {
309 unsigned int gensec_features;
310
311 if (!PyArg_ParseTuple(args, "I", &gensec_features))
312 return NULL;
313
314 cli_credentials_set_gensec_features(PyCredentials_AsCliCredentials(self), gensec_features);
315
316 Py_RETURN_NONE;
317 }
318
319 static PyObject *py_creds_get_gensec_features(py_talloc_Object *self, PyObject *args)
320 {
321 unsigned int gensec_features;
322
323 gensec_features = cli_credentials_get_gensec_features(PyCredentials_AsCliCredentials(self));
324 return PyInt_FromLong(gensec_features);
325 }
326
327
328 static PyMethodDef py_creds_methods[] = {
329 { "get_username", (PyCFunction)py_creds_get_username, METH_NOARGS,
330 "S.get_username() -> username\nObtain username." },
331 { "set_username", (PyCFunction)py_creds_set_username, METH_VARARGS,
332 "S.set_username(name, obtained=CRED_SPECIFIED) -> None\n"
333 "Change username." },
334 { "get_password", (PyCFunction)py_creds_get_password, METH_NOARGS,
335 "S.get_password() -> password\n"
336 "Obtain password." },
337 { "set_password", (PyCFunction)py_creds_set_password, METH_VARARGS,
338 "S.set_password(password, obtained=CRED_SPECIFIED) -> None\n"
339 "Change password." },
340 { "get_domain", (PyCFunction)py_creds_get_domain, METH_NOARGS,
341 "S.get_domain() -> domain\n"
342 "Obtain domain name." },
343 { "set_domain", (PyCFunction)py_creds_set_domain, METH_VARARGS,
344 "S.set_domain(domain, obtained=CRED_SPECIFIED) -> None\n"
345 "Change domain name." },
346 { "get_realm", (PyCFunction)py_creds_get_realm, METH_NOARGS,
347 "S.get_realm() -> realm\n"
348 "Obtain realm name." },
349 { "set_realm", (PyCFunction)py_creds_set_realm, METH_VARARGS,
350 "S.set_realm(realm, obtained=CRED_SPECIFIED) -> None\n"
351 "Change realm name." },
352 { "get_bind_dn", (PyCFunction)py_creds_get_bind_dn, METH_NOARGS,
353 "S.get_bind_dn() -> bind dn\n"
354 "Obtain bind DN." },
355 { "set_bind_dn", (PyCFunction)py_creds_set_bind_dn, METH_VARARGS,
356 "S.set_bind_dn(bind_dn) -> None\n"
357 "Change bind DN." },
358 { "is_anonymous", (PyCFunction)py_creds_is_anonymous, METH_NOARGS,
359 NULL },
360 { "set_anonymous", (PyCFunction)py_creds_set_anonymous, METH_NOARGS,
361 "S.set_anonymous() -> None\n"
362 "Use anonymous credentials." },
363 { "get_workstation", (PyCFunction)py_creds_get_workstation, METH_NOARGS,
364 NULL },
365 { "set_workstation", (PyCFunction)py_creds_set_workstation, METH_VARARGS,
366 NULL },
367 { "authentication_requested", (PyCFunction)py_creds_authentication_requested, METH_NOARGS,
368 NULL },
369 { "wrong_password", (PyCFunction)py_creds_wrong_password, METH_NOARGS,
370 "S.wrong_password() -> bool\n"
371 "Indicate the returned password was incorrect." },
372 { "set_cmdline_callbacks", (PyCFunction)py_creds_set_cmdline_callbacks, METH_NOARGS,
373 "S.set_cmdline_callbacks() -> bool\n"
374 "Use command-line to obtain credentials not explicitly set." },
375 { "parse_string", (PyCFunction)py_creds_parse_string, METH_VARARGS,
376 "S.parse_string(text, obtained=CRED_SPECIFIED) -> None\n"
377 "Parse credentials string." },
378 { "get_nt_hash", (PyCFunction)py_creds_get_nt_hash, METH_NOARGS,
379 NULL },
380 { "set_kerberos_state", (PyCFunction)py_creds_set_kerberos_state, METH_VARARGS,
381 NULL },
382 { "set_krb_forwardable", (PyCFunction)py_creds_set_krb_forwardable, METH_VARARGS,
383 NULL },
384 { "guess", (PyCFunction)py_creds_guess, METH_VARARGS, NULL },
385 { "set_machine_account", (PyCFunction)py_creds_set_machine_account, METH_VARARGS, NULL },
386 { "get_named_ccache", (PyCFunction)py_creds_get_named_ccache, METH_VARARGS, NULL },
387 { "set_gensec_features", (PyCFunction)py_creds_set_gensec_features, METH_VARARGS, NULL },
388 { "get_gensec_features", (PyCFunction)py_creds_get_gensec_features, METH_NOARGS, NULL },
389 { NULL }
390 };
391
392 PyTypeObject PyCredentials = {
393 .tp_name = "Credentials",
394 .tp_basicsize = sizeof(py_talloc_Object),
395 .tp_dealloc = py_talloc_dealloc,
396 .tp_new = py_creds_new,
397 .tp_flags = Py_TPFLAGS_DEFAULT,
398 .tp_methods = py_creds_methods,
399 };
400
401
402 PyTypeObject PyCredentialCacheContainer = {
403 .tp_name = "CredentialCacheContainer",
404 .tp_basicsize = sizeof(py_talloc_Object),
405 .tp_dealloc = py_talloc_dealloc,
406 .tp_flags = Py_TPFLAGS_DEFAULT,
407 };
408
409 void initcredentials(void)
410 {
411 PyObject *m;
412
413 if (PyType_Ready(&PyCredentials) < 0)
414 return;
415
416 if (PyType_Ready(&PyCredentialCacheContainer) < 0)
417 return;
418
419 m = Py_InitModule3("credentials", NULL, "Credentials management.");
420 if (m == NULL)
421 return;
422
423 PyModule_AddObject(m, "AUTO_USE_KERBEROS", PyInt_FromLong(CRED_AUTO_USE_KERBEROS));
424 PyModule_AddObject(m, "DONT_USE_KERBEROS", PyInt_FromLong(CRED_DONT_USE_KERBEROS));
425 PyModule_AddObject(m, "MUST_USE_KERBEROS", PyInt_FromLong(CRED_MUST_USE_KERBEROS));
426
427 PyModule_AddObject(m, "AUTO_KRB_FORWARDABLE", PyInt_FromLong(CRED_AUTO_KRB_FORWARDABLE));
428 PyModule_AddObject(m, "NO_KRB_FORWARDABLE", PyInt_FromLong(CRED_NO_KRB_FORWARDABLE));
429 PyModule_AddObject(m, "FORCE_KRB_FORWARDABLE", PyInt_FromLong(CRED_FORCE_KRB_FORWARDABLE));
430
431 Py_INCREF(&PyCredentials);
432 PyModule_AddObject(m, "Credentials", (PyObject *)&PyCredentials);
433 Py_INCREF(&PyCredentialCacheContainer);
434 PyModule_AddObject(m, "CredentialCacheContainer", (PyObject *)&PyCredentialCacheContainer);
435 }
Samba GIT mirror