search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3-swat: Fix typo.
[Samba.git] / source4 / auth / pyauth.c
blob2b310bfa1b89418420b908addb66f2eed72965ad
1 /*
2 Unix SMB/CIFS implementation.
3 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2008
4 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2011
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include <Python.h>
21 #include "includes.h"
22 #include "libcli/util/pyerrors.h"
23 #include "param/param.h"
24 #include "pyauth.h"
25 #include "pyldb.h"
26 #include "auth/system_session_proto.h"
27 #include "auth/auth.h"
28 #include "param/pyparam.h"
29 #include "libcli/security/security.h"
30 #include "auth/credentials/pycredentials.h"
31 #include <tevent.h>
32 #include "librpc/rpc/pyrpc_util.h"
33
34 staticforward PyTypeObject PyAuthContext;
35
36 /* There's no Py_ssize_t in 2.4, apparently */
37 #if PY_MAJOR_VERSION == 2 && PY_MINOR_VERSION < 5
38 typedef int Py_ssize_t;
39 typedef inquiry lenfunc;
40 typedef intargfunc ssizeargfunc;
41 #endif
42
43 #ifndef Py_RETURN_NONE
44 #define Py_RETURN_NONE return Py_INCREF(Py_None), Py_None
45 #endif
46
47 static PyObject *py_auth_session_get_security_token(PyObject *self, void *closure)
48 {
49 struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
50 PyObject *py_security_token;
51 py_security_token = py_return_ndr_struct("samba.dcerpc.security", "token",
52 session->security_token, session->security_token);
53 return py_security_token;
54 }
55
56 static int py_auth_session_set_security_token(PyObject *self, PyObject *value, void *closure)
57 {
58 struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
59 session->security_token = talloc_reference(session, py_talloc_get_ptr(value));
60 return 0;
61 }
62
63 static PyObject *py_auth_session_get_session_key(PyObject *self, void *closure)
64 {
65 struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
66 return PyString_FromStringAndSize((char *)session->session_key.data, session->session_key.length);
67 }
68
69 static int py_auth_session_set_session_key(PyObject *self, PyObject *value, void *closure)
70 {
71 DATA_BLOB val;
72 struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
73 val.data = (uint8_t *)PyString_AsString(value);
74 val.length = PyString_Size(value);
75
76 session->session_key = data_blob_talloc(session, val.data, val.length);
77 return 0;
78 }
79
80 static PyObject *py_auth_session_get_credentials(PyObject *self, void *closure)
81 {
82 struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
83 PyObject *py_credentials;
84 /* This is evil, as the credentials are not IDL structures */
85 py_credentials = py_return_ndr_struct("samba.credentials", "Credentials", session->credentials, session->credentials);
86 return py_credentials;
87 }
88
89 static int py_auth_session_set_credentials(PyObject *self, PyObject *value, void *closure)
90 {
91 struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
92 session->credentials = talloc_reference(session, PyCredentials_AsCliCredentials(value));
93 return 0;
94 }
95
96 static PyGetSetDef py_auth_session_getset[] = {
97 { discard_const_p(char, "security_token"), (getter)py_auth_session_get_security_token, (setter)py_auth_session_set_security_token, NULL },
98 { discard_const_p(char, "session_key"), (getter)py_auth_session_get_session_key, (setter)py_auth_session_set_session_key, NULL },
99 { discard_const_p(char, "credentials"), (getter)py_auth_session_get_credentials, (setter)py_auth_session_set_credentials, NULL },
100 { NULL }
101 };
102
103 static PyTypeObject PyAuthSession = {
104 .tp_name = "AuthSession",
105 .tp_basicsize = sizeof(py_talloc_Object),
106 .tp_flags = Py_TPFLAGS_DEFAULT,
107 .tp_getset = py_auth_session_getset,
108 };
109
110 PyObject *PyAuthSession_FromSession(struct auth_session_info *session)
111 {
112 return py_talloc_reference(&PyAuthSession, session);
113 }
114
115 static PyObject *py_system_session(PyObject *module, PyObject *args)
116 {
117 PyObject *py_lp_ctx = Py_None;
118 struct loadparm_context *lp_ctx = NULL;
119 struct auth_session_info *session;
120 TALLOC_CTX *mem_ctx;
121 if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
122 return NULL;
123
124 mem_ctx = talloc_new(NULL);
125 if (mem_ctx == NULL) {
126 PyErr_NoMemory();
127 return NULL;
128 }
129
130 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
131 if (lp_ctx == NULL) {
132 talloc_free(mem_ctx);
133 return NULL;
134 }
135
136 session = system_session(lp_ctx);
137
138 talloc_free(mem_ctx);
139
140 return PyAuthSession_FromSession(session);
141 }
142
143
144 static PyObject *py_admin_session(PyObject *module, PyObject *args)
145 {
146 PyObject *py_lp_ctx;
147 PyObject *py_sid;
148 struct loadparm_context *lp_ctx = NULL;
149 struct auth_session_info *session;
150 struct dom_sid *domain_sid = NULL;
151 TALLOC_CTX *mem_ctx;
152
153 if (!PyArg_ParseTuple(args, "OO", &py_lp_ctx, &py_sid))
154 return NULL;
155
156 mem_ctx = talloc_new(NULL);
157 if (mem_ctx == NULL) {
158 PyErr_NoMemory();
159 return NULL;
160 }
161
162 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
163 if (lp_ctx == NULL) {
164 talloc_free(mem_ctx);
165 return NULL;
166 }
167
168 domain_sid = dom_sid_parse_talloc(mem_ctx, PyString_AsString(py_sid));
169 if (domain_sid == NULL) {
170 PyErr_Format(PyExc_RuntimeError, "Unable to parse sid %s",
171 PyString_AsString(py_sid));
172 talloc_free(mem_ctx);
173 return NULL;
174 }
175 session = admin_session(NULL, lp_ctx, domain_sid);
176 talloc_free(mem_ctx);
177
178 return PyAuthSession_FromSession(session);
179 }
180
181 static PyObject *py_user_session(PyObject *module, PyObject *args, PyObject *kwargs)
182 {
183 NTSTATUS nt_status;
184 struct auth_session_info *session;
185 TALLOC_CTX *mem_ctx;
186 const char * const kwnames[] = { "ldb", "lp_ctx", "principal", "dn", "session_info_flags", NULL };
187 struct ldb_context *ldb_ctx;
188 PyObject *py_ldb = Py_None;
189 PyObject *py_dn = Py_None;
190 PyObject *py_lp_ctx = Py_None;
191 struct loadparm_context *lp_ctx = NULL;
192 struct ldb_dn *user_dn;
193 char *principal = NULL;
194 int session_info_flags = 0; /* This is an int, because that's
195 * what we need for the python
196 * PyArg_ParseTupleAndKeywords */
197
198 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "O|OzOi",
199 discard_const_p(char *, kwnames),
200 &py_ldb, &py_lp_ctx, &principal, &py_dn, &session_info_flags)) {
201 return NULL;
202 }
203
204 mem_ctx = talloc_new(NULL);
205 if (mem_ctx == NULL) {
206 PyErr_NoMemory();
207 return NULL;
208 }
209
210 ldb_ctx = PyLdb_AsLdbContext(py_ldb);
211
212 if (py_dn == Py_None) {
213 user_dn = NULL;
214 } else {
215 if (!PyObject_AsDn(ldb_ctx, py_dn, ldb_ctx, &user_dn)) {
216 talloc_free(mem_ctx);
217 return NULL;
218 }
219 }
220
221 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
222 if (lp_ctx == NULL) {
223 talloc_free(mem_ctx);
224 return NULL;
225 }
226
227 nt_status = authsam_get_session_info_principal(mem_ctx, lp_ctx, ldb_ctx, principal, user_dn,
228 session_info_flags, &session);
229 if (!NT_STATUS_IS_OK(nt_status)) {
230 talloc_free(mem_ctx);
231 PyErr_NTSTATUS_IS_ERR_RAISE(nt_status);
232 }
233
234 talloc_steal(NULL, session);
235 talloc_free(mem_ctx);
236
237 return PyAuthSession_FromSession(session);
238 }
239
240
241 static const char **PyList_AsStringList(TALLOC_CTX *mem_ctx, PyObject *list,
242 const char *paramname)
243 {
244 const char **ret;
245 Py_ssize_t i;
246 if (!PyList_Check(list)) {
247 PyErr_Format(PyExc_TypeError, "%s is not a list", paramname);
248 return NULL;
249 }
250 ret = talloc_array(NULL, const char *, PyList_Size(list)+1);
251 if (ret == NULL) {
252 PyErr_NoMemory();
253 return NULL;
254 }
255
256 for (i = 0; i < PyList_Size(list); i++) {
257 PyObject *item = PyList_GetItem(list, i);
258 if (!PyString_Check(item)) {
259 PyErr_Format(PyExc_TypeError, "%s should be strings", paramname);
260 return NULL;
261 }
262 ret[i] = talloc_strndup(ret, PyString_AsString(item),
263 PyString_Size(item));
264 }
265 ret[i] = NULL;
266 return ret;
267 }
268
269 static PyObject *PyAuthContext_FromContext(struct auth_context *auth_context)
270 {
271 return py_talloc_reference(&PyAuthContext, auth_context);
272 }
273
274 static PyObject *py_auth_context_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
275 {
276 PyObject *py_lp_ctx = Py_None;
277 PyObject *py_ldb = Py_None;
278 PyObject *py_messaging_ctx = Py_None;
279 PyObject *py_auth_context = Py_None;
280 PyObject *py_methods = Py_None;
281 TALLOC_CTX *mem_ctx;
282 struct auth_context *auth_context;
283 struct messaging_context *messaging_context = NULL;
284 struct loadparm_context *lp_ctx;
285 struct tevent_context *ev;
286 struct ldb_context *ldb;
287 NTSTATUS nt_status;
288 const char **methods;
289
290 const char * const kwnames[] = { "lp_ctx", "messaging_ctx", "ldb", "methods", NULL };
291
292 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|OOOO",
293 discard_const_p(char *, kwnames),
294 &py_lp_ctx, &py_messaging_ctx, &py_ldb, &py_methods))
295 return NULL;
296
297 mem_ctx = talloc_new(NULL);
298 if (mem_ctx == NULL) {
299 PyErr_NoMemory();
300 return NULL;
301 }
302
303 if (py_ldb != Py_None) {
304 ldb = PyLdb_AsLdbContext(py_ldb);
305 }
306
307 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
308
309 ev = tevent_context_init(mem_ctx);
310 if (ev == NULL) {
311 PyErr_NoMemory();
312 return NULL;
313 }
314
315 if (py_messaging_ctx != Py_None) {
316 messaging_context = py_talloc_get_type(py_messaging_ctx, struct messaging_context);
317 }
318
319 if (py_methods == Py_None && py_ldb == Py_None) {
320 nt_status = auth_context_create(mem_ctx, ev, messaging_context, lp_ctx, &auth_context);
321 } else {
322 if (py_methods != Py_None) {
323 methods = PyList_AsStringList(mem_ctx, py_methods, "methods");
324 if (methods == NULL) {
325 talloc_free(mem_ctx);
326 return NULL;
327 }
328 } else {
329 methods = auth_methods_from_lp(mem_ctx, lp_ctx);
330 }
331 nt_status = auth_context_create_methods(mem_ctx, methods, ev,
332 messaging_context, lp_ctx,
333 ldb, &auth_context);
334 }
335
336 if (!NT_STATUS_IS_OK(nt_status)) {
337 talloc_free(mem_ctx);
338 PyErr_NTSTATUS_IS_ERR_RAISE(nt_status);
339 }
340
341 if (!talloc_reference(auth_context, lp_ctx)) {
342 talloc_free(mem_ctx);
343 PyErr_NoMemory();
344 return NULL;
345 }
346
347 if (!talloc_reference(auth_context, ev)) {
348 talloc_free(mem_ctx);
349 PyErr_NoMemory();
350 return NULL;
351 }
352
353 py_auth_context = PyAuthContext_FromContext(auth_context);
354
355 talloc_free(mem_ctx);
356
357 return py_auth_context;
358 }
359
360 static PyTypeObject PyAuthContext = {
361 .tp_name = "AuthContext",
362 .tp_basicsize = sizeof(py_talloc_Object),
363 .tp_flags = Py_TPFLAGS_DEFAULT,
364 .tp_new = py_auth_context_new,
365 .tp_basicsize = sizeof(py_talloc_Object),
366 };
367
368 static PyMethodDef py_auth_methods[] = {
369 { "system_session", (PyCFunction)py_system_session, METH_VARARGS, NULL },
370 { "admin_session", (PyCFunction)py_admin_session, METH_VARARGS, NULL },
371 { "user_session", (PyCFunction)py_user_session, METH_VARARGS|METH_KEYWORDS, NULL },
372 { NULL },
373 };
374
375 void initauth(void)
376 {
377 PyObject *m;
378
379 PyAuthSession.tp_base = PyTalloc_GetObjectType();
380 if (PyAuthSession.tp_base == NULL)
381 return;
382
383 if (PyType_Ready(&PyAuthSession) < 0)
384 return;
385
386 PyAuthContext.tp_base = PyTalloc_GetObjectType();
387 if (PyAuthContext.tp_base == NULL)
388 return;
389
390 if (PyType_Ready(&PyAuthContext) < 0)
391 return;
392
393 m = Py_InitModule3("auth", py_auth_methods,
394 "Authentication and authorization support.");
395 if (m == NULL)
396 return;
397
398 Py_INCREF(&PyAuthSession);
399 PyModule_AddObject(m, "AuthSession", (PyObject *)&PyAuthSession);
400 Py_INCREF(&PyAuthContext);
401 PyModule_AddObject(m, "AuthContext", (PyObject *)&PyAuthContext);
402
403 #define ADD_FLAG(val) PyModule_AddObject(m, #val, PyInt_FromLong(val))
404 ADD_FLAG(AUTH_SESSION_INFO_DEFAULT_GROUPS);
405 ADD_FLAG(AUTH_SESSION_INFO_AUTHENTICATED);
406 ADD_FLAG(AUTH_SESSION_INFO_SIMPLE_PRIVILEGES);
407
408 }
Samba GIT mirror