search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
vfs_fruit: use VFS functions in ad_read_rsrc_adouble()
[Samba.git] / auth / credentials / pycredentials.c
blob7f9bc38af8e178a2fa0ec57814ebb05a485fbe46
1 /*
2 Unix SMB/CIFS implementation.
3 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 3 of the License, or
8 (at your option) any later version.
9
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17 */
18
19 #include <Python.h>
20 #include "python/py3compat.h"
21 #include "includes.h"
22 #include "pycredentials.h"
23 #include "param/param.h"
24 #include "lib/cmdline/credentials.h"
25 #include "auth/credentials/credentials_internal.h"
26 #include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
27 #include "librpc/gen_ndr/netlogon.h"
28 #include "libcli/util/pyerrors.h"
29 #include "libcli/auth/libcli_auth.h"
30 #include "param/pyparam.h"
31 #include <tevent.h>
32 #include "libcli/auth/libcli_auth.h"
33 #include "auth/credentials/credentials_internal.h"
34 #include "system/kerberos.h"
35 #include "auth/kerberos/kerberos.h"
36
37 void initcredentials(void);
38
39 static PyObject *PyString_FromStringOrNULL(const char *str)
40 {
41 if (str == NULL)
42 Py_RETURN_NONE;
43 return PyStr_FromString(str);
44 }
45
46 static PyObject *py_creds_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
47 {
48 return pytalloc_steal(type, cli_credentials_init(NULL));
49 }
50
51 static PyObject *py_creds_get_username(PyObject *self, PyObject *unused)
52 {
53 return PyString_FromStringOrNULL(cli_credentials_get_username(PyCredentials_AsCliCredentials(self)));
54 }
55
56 static PyObject *py_creds_set_username(PyObject *self, PyObject *args)
57 {
58 char *newval;
59 enum credentials_obtained obt = CRED_SPECIFIED;
60 int _obt = obt;
61
62 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
63 return NULL;
64 }
65 obt = _obt;
66
67 return PyBool_FromLong(cli_credentials_set_username(PyCredentials_AsCliCredentials(self), newval, obt));
68 }
69
70 static PyObject *py_creds_get_ntlm_username_domain(PyObject *self, PyObject *unused)
71 {
72 TALLOC_CTX *frame = talloc_stackframe();
73 const char *user = NULL;
74 const char *domain = NULL;
75 PyObject *ret = NULL;
76 cli_credentials_get_ntlm_username_domain(PyCredentials_AsCliCredentials(self),
77 frame, &user, &domain);
78 ret = Py_BuildValue("(OO)",
79 PyString_FromStringOrNULL(user),
80 PyString_FromStringOrNULL(domain));
81 TALLOC_FREE(frame);
82 return ret;
83 }
84
85 static PyObject *py_creds_get_ntlm_response(PyObject *self, PyObject *args, PyObject *kwargs)
86 {
87 TALLOC_CTX *frame = talloc_stackframe();
88 PyObject *ret = NULL;
89 int flags;
90 struct timeval tv_now;
91 NTTIME server_timestamp;
92 DATA_BLOB challenge = data_blob_null;
93 DATA_BLOB target_info = data_blob_null;
94 NTSTATUS status;
95 DATA_BLOB lm_response = data_blob_null;
96 DATA_BLOB nt_response = data_blob_null;
97 DATA_BLOB lm_session_key = data_blob_null;
98 DATA_BLOB nt_session_key = data_blob_null;
99 const char *kwnames[] = { "flags", "challenge",
100 "target_info",
101 NULL };
102
103 tv_now = timeval_current();
104 server_timestamp = timeval_to_nttime(&tv_now);
105
106 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "is#|s#",
107 discard_const_p(char *, kwnames),
108 &flags,
109 &challenge.data,
110 &challenge.length,
111 &target_info.data,
112 &target_info.length)) {
113 return NULL;
114 }
115
116 status = cli_credentials_get_ntlm_response(PyCredentials_AsCliCredentials(self),
117 frame, &flags,
118 challenge,
119 &server_timestamp,
120 target_info,
121 &lm_response, &nt_response,
122 &lm_session_key, &nt_session_key);
123
124 if (!NT_STATUS_IS_OK(status)) {
125 PyErr_SetNTSTATUS(status);
126 TALLOC_FREE(frame);
127 return NULL;
128 }
129
130 ret = Py_BuildValue("{sis" PYARG_BYTES_LEN "s" PYARG_BYTES_LEN
131 "s" PYARG_BYTES_LEN "s" PYARG_BYTES_LEN "}",
132 "flags", flags,
133 "lm_response",
134 (const char *)lm_response.data, lm_response.length,
135 "nt_response",
136 (const char *)nt_response.data, nt_response.length,
137 "lm_session_key",
138 (const char *)lm_session_key.data, lm_session_key.length,
139 "nt_session_key",
140 (const char *)nt_session_key.data, nt_session_key.length);
141 TALLOC_FREE(frame);
142 return ret;
143 }
144
145 static PyObject *py_creds_get_principal(PyObject *self, PyObject *unused)
146 {
147 TALLOC_CTX *frame = talloc_stackframe();
148 PyObject *ret = PyString_FromStringOrNULL(cli_credentials_get_principal(PyCredentials_AsCliCredentials(self), frame));
149 TALLOC_FREE(frame);
150 return ret;
151 }
152
153 static PyObject *py_creds_set_principal(PyObject *self, PyObject *args)
154 {
155 char *newval;
156 enum credentials_obtained obt = CRED_SPECIFIED;
157 int _obt = obt;
158
159 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
160 return NULL;
161 }
162 obt = _obt;
163
164 return PyBool_FromLong(cli_credentials_set_principal(PyCredentials_AsCliCredentials(self), newval, obt));
165 }
166
167 static PyObject *py_creds_get_password(PyObject *self, PyObject *unused)
168 {
169 return PyString_FromStringOrNULL(cli_credentials_get_password(PyCredentials_AsCliCredentials(self)));
170 }
171
172 static PyObject *py_creds_set_password(PyObject *self, PyObject *args)
173 {
174 const char *newval = NULL;
175 enum credentials_obtained obt = CRED_SPECIFIED;
176 int _obt = obt;
177 PyObject *result = NULL;
178 if (!PyArg_ParseTuple(args, PYARG_STR_UNI"|i", "utf8", &newval, &_obt)) {
179 return NULL;
180 }
181 obt = _obt;
182
183 result = PyBool_FromLong(cli_credentials_set_password(PyCredentials_AsCliCredentials(self), newval, obt));
184 PyMem_Free(discard_const_p(void*, newval));
185 return result;
186 }
187
188 static PyObject *py_creds_set_utf16_password(PyObject *self, PyObject *args)
189 {
190 enum credentials_obtained obt = CRED_SPECIFIED;
191 int _obt = obt;
192 PyObject *newval = NULL;
193 DATA_BLOB blob = data_blob_null;
194 Py_ssize_t size = 0;
195 int result;
196 bool ok;
197
198 if (!PyArg_ParseTuple(args, "O|i", &newval, &_obt)) {
199 return NULL;
200 }
201 obt = _obt;
202
203 result = PyBytes_AsStringAndSize(newval, (char **)&blob.data, &size);
204 if (result != 0) {
205 PyErr_SetString(PyExc_RuntimeError, "Failed to convert passed value to Bytes");
206 return NULL;
207 }
208 blob.length = size;
209
210 ok = cli_credentials_set_utf16_password(PyCredentials_AsCliCredentials(self),
211 &blob, obt);
212
213 return PyBool_FromLong(ok);
214 }
215
216 static PyObject *py_creds_get_old_password(PyObject *self, PyObject *unused)
217 {
218 return PyString_FromStringOrNULL(cli_credentials_get_old_password(PyCredentials_AsCliCredentials(self)));
219 }
220
221 static PyObject *py_creds_set_old_password(PyObject *self, PyObject *args)
222 {
223 char *oldval;
224 enum credentials_obtained obt = CRED_SPECIFIED;
225 int _obt = obt;
226
227 if (!PyArg_ParseTuple(args, "s|i", &oldval, &_obt)) {
228 return NULL;
229 }
230 obt = _obt;
231
232 return PyBool_FromLong(cli_credentials_set_old_password(PyCredentials_AsCliCredentials(self), oldval, obt));
233 }
234
235 static PyObject *py_creds_set_old_utf16_password(PyObject *self, PyObject *args)
236 {
237 PyObject *oldval = NULL;
238 DATA_BLOB blob = data_blob_null;
239 Py_ssize_t size = 0;
240 int result;
241 bool ok;
242
243 if (!PyArg_ParseTuple(args, "O", &oldval)) {
244 return NULL;
245 }
246
247 result = PyBytes_AsStringAndSize(oldval, (char **)&blob.data, &size);
248 if (result != 0) {
249 PyErr_SetString(PyExc_RuntimeError, "Failed to convert passed value to Bytes");
250 return NULL;
251 }
252 blob.length = size;
253
254 ok = cli_credentials_set_old_utf16_password(PyCredentials_AsCliCredentials(self),
255 &blob);
256
257 return PyBool_FromLong(ok);
258 }
259
260 static PyObject *py_creds_get_domain(PyObject *self, PyObject *unused)
261 {
262 return PyString_FromStringOrNULL(cli_credentials_get_domain(PyCredentials_AsCliCredentials(self)));
263 }
264
265 static PyObject *py_creds_set_domain(PyObject *self, PyObject *args)
266 {
267 char *newval;
268 enum credentials_obtained obt = CRED_SPECIFIED;
269 int _obt = obt;
270
271 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
272 return NULL;
273 }
274 obt = _obt;
275
276 return PyBool_FromLong(cli_credentials_set_domain(PyCredentials_AsCliCredentials(self), newval, obt));
277 }
278
279 static PyObject *py_creds_get_realm(PyObject *self, PyObject *unused)
280 {
281 return PyString_FromStringOrNULL(cli_credentials_get_realm(PyCredentials_AsCliCredentials(self)));
282 }
283
284 static PyObject *py_creds_set_realm(PyObject *self, PyObject *args)
285 {
286 char *newval;
287 enum credentials_obtained obt = CRED_SPECIFIED;
288 int _obt = obt;
289
290 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
291 return NULL;
292 }
293 obt = _obt;
294
295 return PyBool_FromLong(cli_credentials_set_realm(PyCredentials_AsCliCredentials(self), newval, obt));
296 }
297
298 static PyObject *py_creds_get_bind_dn(PyObject *self, PyObject *unused)
299 {
300 return PyString_FromStringOrNULL(cli_credentials_get_bind_dn(PyCredentials_AsCliCredentials(self)));
301 }
302
303 static PyObject *py_creds_set_bind_dn(PyObject *self, PyObject *args)
304 {
305 char *newval;
306 if (!PyArg_ParseTuple(args, "s", &newval))
307 return NULL;
308
309 return PyBool_FromLong(cli_credentials_set_bind_dn(PyCredentials_AsCliCredentials(self), newval));
310 }
311
312 static PyObject *py_creds_get_workstation(PyObject *self, PyObject *unused)
313 {
314 return PyString_FromStringOrNULL(cli_credentials_get_workstation(PyCredentials_AsCliCredentials(self)));
315 }
316
317 static PyObject *py_creds_set_workstation(PyObject *self, PyObject *args)
318 {
319 char *newval;
320 enum credentials_obtained obt = CRED_SPECIFIED;
321 int _obt = obt;
322
323 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
324 return NULL;
325 }
326 obt = _obt;
327
328 return PyBool_FromLong(cli_credentials_set_workstation(PyCredentials_AsCliCredentials(self), newval, obt));
329 }
330
331 static PyObject *py_creds_is_anonymous(PyObject *self, PyObject *unused)
332 {
333 return PyBool_FromLong(cli_credentials_is_anonymous(PyCredentials_AsCliCredentials(self)));
334 }
335
336 static PyObject *py_creds_set_anonymous(PyObject *self, PyObject *unused)
337 {
338 cli_credentials_set_anonymous(PyCredentials_AsCliCredentials(self));
339 Py_RETURN_NONE;
340 }
341
342 static PyObject *py_creds_authentication_requested(PyObject *self, PyObject *unused)
343 {
344 return PyBool_FromLong(cli_credentials_authentication_requested(PyCredentials_AsCliCredentials(self)));
345 }
346
347 static PyObject *py_creds_wrong_password(PyObject *self, PyObject *unused)
348 {
349 return PyBool_FromLong(cli_credentials_wrong_password(PyCredentials_AsCliCredentials(self)));
350 }
351
352 static PyObject *py_creds_set_cmdline_callbacks(PyObject *self, PyObject *unused)
353 {
354 return PyBool_FromLong(cli_credentials_set_cmdline_callbacks(PyCredentials_AsCliCredentials(self)));
355 }
356
357 static PyObject *py_creds_parse_string(PyObject *self, PyObject *args)
358 {
359 char *newval;
360 enum credentials_obtained obt = CRED_SPECIFIED;
361 int _obt = obt;
362
363 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
364 return NULL;
365 }
366 obt = _obt;
367
368 cli_credentials_parse_string(PyCredentials_AsCliCredentials(self), newval, obt);
369 Py_RETURN_NONE;
370 }
371
372 static PyObject *py_creds_parse_file(PyObject *self, PyObject *args)
373 {
374 char *newval;
375 enum credentials_obtained obt = CRED_SPECIFIED;
376 int _obt = obt;
377
378 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
379 return NULL;
380 }
381 obt = _obt;
382
383 cli_credentials_parse_file(PyCredentials_AsCliCredentials(self), newval, obt);
384 Py_RETURN_NONE;
385 }
386
387 static PyObject *py_cli_credentials_set_password_will_be_nt_hash(PyObject *self, PyObject *args)
388 {
389 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
390 PyObject *py_val = NULL;
391 bool val = false;
392
393 if (!PyArg_ParseTuple(args, "O!", &PyBool_Type, &py_val)) {
394 return NULL;
395 }
396 val = PyObject_IsTrue(py_val);
397
398 cli_credentials_set_password_will_be_nt_hash(creds, val);
399 Py_RETURN_NONE;
400 }
401
402 static PyObject *py_creds_get_nt_hash(PyObject *self, PyObject *unused)
403 {
404 PyObject *ret;
405 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
406 struct samr_Password *ntpw = cli_credentials_get_nt_hash(creds, creds);
407
408 ret = PyBytes_FromStringAndSize(discard_const_p(char, ntpw->hash), 16);
409 TALLOC_FREE(ntpw);
410 return ret;
411 }
412
413 static PyObject *py_creds_get_kerberos_state(PyObject *self, PyObject *unused)
414 {
415 int state = cli_credentials_get_kerberos_state(PyCredentials_AsCliCredentials(self));
416 return PyInt_FromLong(state);
417 }
418
419 static PyObject *py_creds_set_kerberos_state(PyObject *self, PyObject *args)
420 {
421 int state;
422 if (!PyArg_ParseTuple(args, "i", &state))
423 return NULL;
424
425 cli_credentials_set_kerberos_state(PyCredentials_AsCliCredentials(self), state);
426 Py_RETURN_NONE;
427 }
428
429 static PyObject *py_creds_set_krb_forwardable(PyObject *self, PyObject *args)
430 {
431 int state;
432 if (!PyArg_ParseTuple(args, "i", &state))
433 return NULL;
434
435 cli_credentials_set_krb_forwardable(PyCredentials_AsCliCredentials(self), state);
436 Py_RETURN_NONE;
437 }
438
439
440 static PyObject *py_creds_get_forced_sasl_mech(PyObject *self, PyObject *unused)
441 {
442 return PyString_FromStringOrNULL(cli_credentials_get_forced_sasl_mech(PyCredentials_AsCliCredentials(self)));
443 }
444
445 static PyObject *py_creds_set_forced_sasl_mech(PyObject *self, PyObject *args)
446 {
447 char *newval;
448 enum credentials_obtained obt = CRED_SPECIFIED;
449 int _obt = obt;
450
451 if (!PyArg_ParseTuple(args, "s", &newval)) {
452 return NULL;
453 }
454 obt = _obt;
455
456 cli_credentials_set_forced_sasl_mech(PyCredentials_AsCliCredentials(self), newval);
457 Py_RETURN_NONE;
458 }
459
460 static PyObject *py_creds_guess(PyObject *self, PyObject *args)
461 {
462 PyObject *py_lp_ctx = Py_None;
463 struct loadparm_context *lp_ctx;
464 TALLOC_CTX *mem_ctx;
465 struct cli_credentials *creds;
466
467 creds = PyCredentials_AsCliCredentials(self);
468
469 if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
470 return NULL;
471
472 mem_ctx = talloc_new(NULL);
473 if (mem_ctx == NULL) {
474 PyErr_NoMemory();
475 return NULL;
476 }
477
478 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
479 if (lp_ctx == NULL) {
480 talloc_free(mem_ctx);
481 return NULL;
482 }
483
484 cli_credentials_guess(creds, lp_ctx);
485
486 talloc_free(mem_ctx);
487
488 Py_RETURN_NONE;
489 }
490
491 static PyObject *py_creds_set_machine_account(PyObject *self, PyObject *args)
492 {
493 PyObject *py_lp_ctx = Py_None;
494 struct loadparm_context *lp_ctx;
495 NTSTATUS status;
496 struct cli_credentials *creds;
497 TALLOC_CTX *mem_ctx;
498
499 creds = PyCredentials_AsCliCredentials(self);
500
501 if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
502 return NULL;
503
504 mem_ctx = talloc_new(NULL);
505 if (mem_ctx == NULL) {
506 PyErr_NoMemory();
507 return NULL;
508 }
509
510 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
511 if (lp_ctx == NULL) {
512 talloc_free(mem_ctx);
513 return NULL;
514 }
515
516 status = cli_credentials_set_machine_account(creds, lp_ctx);
517 talloc_free(mem_ctx);
518
519 PyErr_NTSTATUS_IS_ERR_RAISE(status);
520
521 Py_RETURN_NONE;
522 }
523
524 static PyObject *PyCredentialCacheContainer_from_ccache_container(struct ccache_container *ccc)
525 {
526 return pytalloc_reference(&PyCredentialCacheContainer, ccc);
527 }
528
529
530 static PyObject *py_creds_get_named_ccache(PyObject *self, PyObject *args)
531 {
532 PyObject *py_lp_ctx = Py_None;
533 char *ccache_name = NULL;
534 struct loadparm_context *lp_ctx;
535 struct ccache_container *ccc;
536 struct tevent_context *event_ctx;
537 int ret;
538 const char *error_string;
539 struct cli_credentials *creds;
540 TALLOC_CTX *mem_ctx;
541
542 creds = PyCredentials_AsCliCredentials(self);
543
544 if (!PyArg_ParseTuple(args, "|Os", &py_lp_ctx, &ccache_name))
545 return NULL;
546
547 mem_ctx = talloc_new(NULL);
548 if (mem_ctx == NULL) {
549 PyErr_NoMemory();
550 return NULL;
551 }
552
553 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
554 if (lp_ctx == NULL) {
555 talloc_free(mem_ctx);
556 return NULL;
557 }
558
559 event_ctx = samba_tevent_context_init(mem_ctx);
560
561 ret = cli_credentials_get_named_ccache(creds, event_ctx, lp_ctx,
562 ccache_name, &ccc, &error_string);
563 talloc_unlink(mem_ctx, lp_ctx);
564 if (ret == 0) {
565 talloc_steal(ccc, event_ctx);
566 talloc_free(mem_ctx);
567 return PyCredentialCacheContainer_from_ccache_container(ccc);
568 }
569
570 PyErr_SetString(PyExc_RuntimeError, error_string?error_string:"NULL");
571
572 talloc_free(mem_ctx);
573 return NULL;
574 }
575
576 static PyObject *py_creds_set_named_ccache(PyObject *self, PyObject *args)
577 {
578 struct loadparm_context *lp_ctx = NULL;
579 enum credentials_obtained obt = CRED_SPECIFIED;
580 const char *error_string = NULL;
581 TALLOC_CTX *mem_ctx = NULL;
582 char *newval = NULL;
583 PyObject *py_lp_ctx = Py_None;
584 int _obt = obt;
585 int ret;
586
587 if (!PyArg_ParseTuple(args, "s|iO", &newval, &_obt, &py_lp_ctx))
588 return NULL;
589
590 mem_ctx = talloc_new(NULL);
591 if (mem_ctx == NULL) {
592 PyErr_NoMemory();
593 return NULL;
594 }
595
596 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
597 if (lp_ctx == NULL) {
598 talloc_free(mem_ctx);
599 return NULL;
600 }
601
602 ret = cli_credentials_set_ccache(PyCredentials_AsCliCredentials(self),
603 lp_ctx,
604 newval, CRED_SPECIFIED,
605 &error_string);
606
607 if (ret != 0) {
608 PyErr_SetString(PyExc_RuntimeError,
609 error_string != NULL ? error_string : "NULL");
610 talloc_free(mem_ctx);
611 return NULL;
612 }
613
614 talloc_free(mem_ctx);
615 Py_RETURN_NONE;
616 }
617
618 static PyObject *py_creds_set_gensec_features(PyObject *self, PyObject *args)
619 {
620 unsigned int gensec_features;
621
622 if (!PyArg_ParseTuple(args, "I", &gensec_features))
623 return NULL;
624
625 cli_credentials_set_gensec_features(PyCredentials_AsCliCredentials(self), gensec_features);
626
627 Py_RETURN_NONE;
628 }
629
630 static PyObject *py_creds_get_gensec_features(PyObject *self, PyObject *args)
631 {
632 unsigned int gensec_features;
633
634 gensec_features = cli_credentials_get_gensec_features(PyCredentials_AsCliCredentials(self));
635 return PyInt_FromLong(gensec_features);
636 }
637
638 static PyObject *py_creds_new_client_authenticator(PyObject *self,
639 PyObject *args)
640 {
641 struct netr_Authenticator auth;
642 struct cli_credentials *creds = NULL;
643 struct netlogon_creds_CredentialState *nc = NULL;
644 PyObject *ret = NULL;
645
646 creds = PyCredentials_AsCliCredentials(self);
647 if (creds == NULL) {
648 PyErr_SetString(PyExc_RuntimeError,
649 "Failed to get credentials from python");
650 return NULL;
651 }
652
653 nc = creds->netlogon_creds;
654 if (nc == NULL) {
655 PyErr_SetString(PyExc_ValueError,
656 "No netlogon credentials cannot make "
657 "client authenticator");
658 return NULL;
659 }
660
661 netlogon_creds_client_authenticator(
662 nc,
663 &auth);
664 ret = Py_BuildValue("{s"PYARG_BYTES_LEN"si}",
665 "credential",
666 (const char *) &auth.cred, sizeof(auth.cred),
667 "timestamp", auth.timestamp);
668 return ret;
669 }
670
671 static PyObject *py_creds_set_secure_channel_type(PyObject *self, PyObject *args)
672 {
673 unsigned int channel_type;
674
675 if (!PyArg_ParseTuple(args, "I", &channel_type))
676 return NULL;
677
678 cli_credentials_set_secure_channel_type(
679 PyCredentials_AsCliCredentials(self),
680 channel_type);
681
682 Py_RETURN_NONE;
683 }
684
685 static PyObject *py_creds_get_secure_channel_type(PyObject *self, PyObject *args)
686 {
687 enum netr_SchannelType channel_type = SEC_CHAN_NULL;
688
689 channel_type = cli_credentials_get_secure_channel_type(
690 PyCredentials_AsCliCredentials(self));
691
692 return PyInt_FromLong(channel_type);
693 }
694
695 static PyObject *py_creds_encrypt_netr_crypt_password(PyObject *self,
696 PyObject *args)
697 {
698 DATA_BLOB data = data_blob_null;
699 struct cli_credentials *creds = NULL;
700 struct netr_CryptPassword *pwd = NULL;
701 NTSTATUS status;
702 PyObject *py_cp = Py_None;
703
704 creds = PyCredentials_AsCliCredentials(self);
705
706 if (!PyArg_ParseTuple(args, "|O", &py_cp)) {
707 return NULL;
708 }
709 pwd = pytalloc_get_type(py_cp, struct netr_CryptPassword);
710 data.length = sizeof(struct netr_CryptPassword);
711 data.data = (uint8_t *)pwd;
712 status = netlogon_creds_session_encrypt(creds->netlogon_creds, data);
713
714 PyErr_NTSTATUS_IS_ERR_RAISE(status);
715
716 Py_RETURN_NONE;
717 }
718
719 static PyMethodDef py_creds_methods[] = {
720 { "get_username", py_creds_get_username, METH_NOARGS,
721 "S.get_username() -> username\nObtain username." },
722 { "set_username", py_creds_set_username, METH_VARARGS,
723 "S.set_username(name[, credentials.SPECIFIED]) -> None\n"
724 "Change username." },
725 { "get_principal", py_creds_get_principal, METH_NOARGS,
726 "S.get_principal() -> user@realm\nObtain user principal." },
727 { "set_principal", py_creds_set_principal, METH_VARARGS,
728 "S.set_principal(name[, credentials.SPECIFIED]) -> None\n"
729 "Change principal." },
730 { "get_password", py_creds_get_password, METH_NOARGS,
731 "S.get_password() -> password\n"
732 "Obtain password." },
733 { "get_ntlm_username_domain", py_creds_get_ntlm_username_domain, METH_NOARGS,
734 "S.get_ntlm_username_domain() -> (domain, username)\n"
735 "Obtain NTLM username and domain, split up either as (DOMAIN, user) or (\"\", \"user@realm\")." },
736 { "get_ntlm_response", (PyCFunction)py_creds_get_ntlm_response, METH_VARARGS | METH_KEYWORDS,
737 "S.get_ntlm_response"
738 "(flags, challenge[, target_info]) -> "
739 "(flags, lm_response, nt_response, lm_session_key, nt_session_key)\n"
740 "Obtain LM or NTLM response." },
741 { "set_password", py_creds_set_password, METH_VARARGS,
742 "S.set_password(password[, credentials.SPECIFIED]) -> None\n"
743 "Change password." },
744 { "set_utf16_password", py_creds_set_utf16_password, METH_VARARGS,
745 "S.set_utf16_password(password[, credentials.SPECIFIED]) -> None\n"
746 "Change password." },
747 { "get_old_password", py_creds_get_old_password, METH_NOARGS,
748 "S.get_old_password() -> password\n"
749 "Obtain old password." },
750 { "set_old_password", py_creds_set_old_password, METH_VARARGS,
751 "S.set_old_password(password[, credentials.SPECIFIED]) -> None\n"
752 "Change old password." },
753 { "set_old_utf16_password", py_creds_set_old_utf16_password, METH_VARARGS,
754 "S.set_old_utf16_password(password[, credentials.SPECIFIED]) -> None\n"
755 "Change old password." },
756 { "get_domain", py_creds_get_domain, METH_NOARGS,
757 "S.get_domain() -> domain\n"
758 "Obtain domain name." },
759 { "set_domain", py_creds_set_domain, METH_VARARGS,
760 "S.set_domain(domain[, credentials.SPECIFIED]) -> None\n"
761 "Change domain name." },
762 { "get_realm", py_creds_get_realm, METH_NOARGS,
763 "S.get_realm() -> realm\n"
764 "Obtain realm name." },
765 { "set_realm", py_creds_set_realm, METH_VARARGS,
766 "S.set_realm(realm[, credentials.SPECIFIED]) -> None\n"
767 "Change realm name." },
768 { "get_bind_dn", py_creds_get_bind_dn, METH_NOARGS,
769 "S.get_bind_dn() -> bind dn\n"
770 "Obtain bind DN." },
771 { "set_bind_dn", py_creds_set_bind_dn, METH_VARARGS,
772 "S.set_bind_dn(bind_dn) -> None\n"
773 "Change bind DN." },
774 { "is_anonymous", py_creds_is_anonymous, METH_NOARGS,
775 NULL },
776 { "set_anonymous", py_creds_set_anonymous, METH_NOARGS,
777 "S.set_anonymous() -> None\n"
778 "Use anonymous credentials." },
779 { "get_workstation", py_creds_get_workstation, METH_NOARGS,
780 NULL },
781 { "set_workstation", py_creds_set_workstation, METH_VARARGS,
782 NULL },
783 { "authentication_requested", py_creds_authentication_requested, METH_NOARGS,
784 NULL },
785 { "wrong_password", py_creds_wrong_password, METH_NOARGS,
786 "S.wrong_password() -> bool\n"
787 "Indicate the returned password was incorrect." },
788 { "set_cmdline_callbacks", py_creds_set_cmdline_callbacks, METH_NOARGS,
789 "S.set_cmdline_callbacks() -> bool\n"
790 "Use command-line to obtain credentials not explicitly set." },
791 { "parse_string", py_creds_parse_string, METH_VARARGS,
792 "S.parse_string(text[, credentials.SPECIFIED]) -> None\n"
793 "Parse credentials string." },
794 { "parse_file", py_creds_parse_file, METH_VARARGS,
795 "S.parse_file(filename[, credentials.SPECIFIED]) -> None\n"
796 "Parse credentials file." },
797 { "set_password_will_be_nt_hash",
798 py_cli_credentials_set_password_will_be_nt_hash, METH_VARARGS,
799 "S.set_password_will_be_nt_hash(bool) -> None\n"
800 "Alters the behaviour of S.set_password() "
801 "to expect the NTHASH as hexstring." },
802 { "get_nt_hash", py_creds_get_nt_hash, METH_NOARGS,
803 NULL },
804 { "get_kerberos_state", py_creds_get_kerberos_state, METH_NOARGS,
805 NULL },
806 { "set_kerberos_state", py_creds_set_kerberos_state, METH_VARARGS,
807 NULL },
808 { "set_krb_forwardable", py_creds_set_krb_forwardable, METH_VARARGS,
809 NULL },
810 { "guess", py_creds_guess, METH_VARARGS, NULL },
811 { "set_machine_account", py_creds_set_machine_account, METH_VARARGS, NULL },
812 { "get_named_ccache", py_creds_get_named_ccache, METH_VARARGS, NULL },
813 { "set_named_ccache", py_creds_set_named_ccache, METH_VARARGS,
814 "S.set_named_ccache(krb5_ccache_name, obtained, lp) -> None\n"
815 "Set credentials to KRB5 Credentials Cache (by name)." },
816 { "set_gensec_features", py_creds_set_gensec_features, METH_VARARGS, NULL },
817 { "get_gensec_features", py_creds_get_gensec_features, METH_NOARGS, NULL },
818 { "get_forced_sasl_mech", py_creds_get_forced_sasl_mech, METH_NOARGS,
819 "S.get_forced_sasl_mech() -> SASL mechanism\nObtain forced SASL mechanism." },
820 { "set_forced_sasl_mech", py_creds_set_forced_sasl_mech, METH_VARARGS,
821 "S.set_forced_sasl_mech(name) -> None\n"
822 "Set forced SASL mechanism." },
823 { "new_client_authenticator",
824 py_creds_new_client_authenticator,
825 METH_NOARGS,
826 "S.new_client_authenticator() -> Authenticator\n"
827 "Get a new client NETLOGON_AUTHENTICATOR"},
828 { "set_secure_channel_type", py_creds_set_secure_channel_type,
829 METH_VARARGS, NULL },
830 { "get_secure_channel_type", py_creds_get_secure_channel_type,
831 METH_VARARGS },
832 { "encrypt_netr_crypt_password",
833 py_creds_encrypt_netr_crypt_password,
834 METH_VARARGS,
835 "S.encrypt_netr_crypt_password(password) -> NTSTATUS\n"
836 "Encrypt the supplied password using the session key and\n"
837 "the negotiated encryption algorithm in place\n"
838 "i.e. it overwrites the original data"},
839 { NULL }
840 };
841
842 static struct PyModuleDef moduledef = {
843 PyModuleDef_HEAD_INIT,
844 .m_name = "credentials",
845 .m_doc = "Credentials management.",
846 .m_size = -1,
847 .m_methods = py_creds_methods,
848 };
849
850 PyTypeObject PyCredentials = {
851 .tp_name = "credentials.Credentials",
852 .tp_new = py_creds_new,
853 .tp_flags = Py_TPFLAGS_DEFAULT,
854 .tp_methods = py_creds_methods,
855 };
856
857 static PyObject *py_ccache_name(PyObject *self, PyObject *unused)
858 {
859 struct ccache_container *ccc = NULL;
860 char *name = NULL;
861 PyObject *py_name = NULL;
862 int ret;
863
864 ccc = pytalloc_get_type(self, struct ccache_container);
865
866 ret = krb5_cc_get_full_name(ccc->smb_krb5_context->krb5_context,
867 ccc->ccache, &name);
868 if (ret == 0) {
869 py_name = PyString_FromStringOrNULL(name);
870 SAFE_FREE(name);
871 } else {
872 PyErr_SetString(PyExc_RuntimeError,
873 "Failed to get ccache name");
874 return NULL;
875 }
876 return py_name;
877 }
878
879 static PyMethodDef py_ccache_container_methods[] = {
880 { "get_name", py_ccache_name, METH_NOARGS,
881 "S.get_name() -> name\nObtain KRB5 credentials cache name." },
882 { NULL }
883 };
884
885 PyTypeObject PyCredentialCacheContainer = {
886 .tp_name = "credentials.CredentialCacheContainer",
887 .tp_flags = Py_TPFLAGS_DEFAULT,
888 .tp_methods = py_ccache_container_methods,
889 };
890
891 MODULE_INIT_FUNC(credentials)
892 {
893 PyObject *m;
894 if (pytalloc_BaseObject_PyType_Ready(&PyCredentials) < 0)
895 return NULL;
896
897 if (pytalloc_BaseObject_PyType_Ready(&PyCredentialCacheContainer) < 0)
898 return NULL;
899
900 m = PyModule_Create(&moduledef);
901 if (m == NULL)
902 return NULL;
903
904 PyModule_AddObject(m, "UNINITIALISED", PyInt_FromLong(CRED_UNINITIALISED));
905 PyModule_AddObject(m, "CALLBACK", PyInt_FromLong(CRED_CALLBACK));
906 PyModule_AddObject(m, "GUESS_ENV", PyInt_FromLong(CRED_GUESS_ENV));
907 PyModule_AddObject(m, "GUESS_FILE", PyInt_FromLong(CRED_GUESS_FILE));
908 PyModule_AddObject(m, "CALLBACK_RESULT", PyInt_FromLong(CRED_CALLBACK_RESULT));
909 PyModule_AddObject(m, "SPECIFIED", PyInt_FromLong(CRED_SPECIFIED));
910
911 PyModule_AddObject(m, "AUTO_USE_KERBEROS", PyInt_FromLong(CRED_AUTO_USE_KERBEROS));
912 PyModule_AddObject(m, "DONT_USE_KERBEROS", PyInt_FromLong(CRED_DONT_USE_KERBEROS));
913 PyModule_AddObject(m, "MUST_USE_KERBEROS", PyInt_FromLong(CRED_MUST_USE_KERBEROS));
914
915 PyModule_AddObject(m, "AUTO_KRB_FORWARDABLE", PyInt_FromLong(CRED_AUTO_KRB_FORWARDABLE));
916 PyModule_AddObject(m, "NO_KRB_FORWARDABLE", PyInt_FromLong(CRED_NO_KRB_FORWARDABLE));
917 PyModule_AddObject(m, "FORCE_KRB_FORWARDABLE", PyInt_FromLong(CRED_FORCE_KRB_FORWARDABLE));
918 PyModule_AddObject(m, "CLI_CRED_NTLM2", PyInt_FromLong(CLI_CRED_NTLM2));
919 PyModule_AddObject(m, "CLI_CRED_NTLMv2_AUTH", PyInt_FromLong(CLI_CRED_NTLMv2_AUTH));
920 PyModule_AddObject(m, "CLI_CRED_LANMAN_AUTH", PyInt_FromLong(CLI_CRED_LANMAN_AUTH));
921 PyModule_AddObject(m, "CLI_CRED_NTLM_AUTH", PyInt_FromLong(CLI_CRED_NTLM_AUTH));
922 PyModule_AddObject(m, "CLI_CRED_CLEAR_AUTH", PyInt_FromLong(CLI_CRED_CLEAR_AUTH));
923
924 Py_INCREF(&PyCredentials);
925 PyModule_AddObject(m, "Credentials", (PyObject *)&PyCredentials);
926 Py_INCREF(&PyCredentialCacheContainer);
927 PyModule_AddObject(m, "CredentialCacheContainer", (PyObject *)&PyCredentialCacheContainer);
928 return m;
929 }
Samba GIT mirror