2 Unix SMB/CIFS implementation.
3 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 3 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 #include "python/py3compat.h"
22 #include "pycredentials.h"
23 #include "param/param.h"
24 #include "lib/cmdline/credentials.h"
25 #include "auth/credentials/credentials_internal.h"
26 #include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
27 #include "librpc/gen_ndr/netlogon.h"
28 #include "libcli/util/pyerrors.h"
29 #include "libcli/auth/libcli_auth.h"
30 #include "param/pyparam.h"
32 #include "libcli/auth/libcli_auth.h"
33 #include "auth/credentials/credentials_internal.h"
34 #include "system/kerberos.h"
35 #include "auth/kerberos/kerberos.h"
37 void initcredentials(void);
39 static PyObject
*PyString_FromStringOrNULL(const char *str
)
43 return PyStr_FromString(str
);
46 static PyObject
*py_creds_new(PyTypeObject
*type
, PyObject
*args
, PyObject
*kwargs
)
48 return pytalloc_steal(type
, cli_credentials_init(NULL
));
51 static PyObject
*py_creds_get_username(PyObject
*self
, PyObject
*unused
)
53 return PyString_FromStringOrNULL(cli_credentials_get_username(PyCredentials_AsCliCredentials(self
)));
56 static PyObject
*py_creds_set_username(PyObject
*self
, PyObject
*args
)
59 enum credentials_obtained obt
= CRED_SPECIFIED
;
62 if (!PyArg_ParseTuple(args
, "s|i", &newval
, &_obt
)) {
67 return PyBool_FromLong(cli_credentials_set_username(PyCredentials_AsCliCredentials(self
), newval
, obt
));
70 static PyObject
*py_creds_get_ntlm_username_domain(PyObject
*self
, PyObject
*unused
)
72 TALLOC_CTX
*frame
= talloc_stackframe();
73 const char *user
= NULL
;
74 const char *domain
= NULL
;
76 cli_credentials_get_ntlm_username_domain(PyCredentials_AsCliCredentials(self
),
77 frame
, &user
, &domain
);
78 ret
= Py_BuildValue("(OO)",
79 PyString_FromStringOrNULL(user
),
80 PyString_FromStringOrNULL(domain
));
85 static PyObject
*py_creds_get_ntlm_response(PyObject
*self
, PyObject
*args
, PyObject
*kwargs
)
87 TALLOC_CTX
*frame
= talloc_stackframe();
90 struct timeval tv_now
;
91 NTTIME server_timestamp
;
92 DATA_BLOB challenge
= data_blob_null
;
93 DATA_BLOB target_info
= data_blob_null
;
95 DATA_BLOB lm_response
= data_blob_null
;
96 DATA_BLOB nt_response
= data_blob_null
;
97 DATA_BLOB lm_session_key
= data_blob_null
;
98 DATA_BLOB nt_session_key
= data_blob_null
;
99 const char *kwnames
[] = { "flags", "challenge",
103 tv_now
= timeval_current();
104 server_timestamp
= timeval_to_nttime(&tv_now
);
106 if (!PyArg_ParseTupleAndKeywords(args
, kwargs
, "is#|s#",
107 discard_const_p(char *, kwnames
),
112 &target_info
.length
)) {
116 status
= cli_credentials_get_ntlm_response(PyCredentials_AsCliCredentials(self
),
121 &lm_response
, &nt_response
,
122 &lm_session_key
, &nt_session_key
);
124 if (!NT_STATUS_IS_OK(status
)) {
125 PyErr_SetNTSTATUS(status
);
130 ret
= Py_BuildValue("{sis" PYARG_BYTES_LEN
"s" PYARG_BYTES_LEN
131 "s" PYARG_BYTES_LEN
"s" PYARG_BYTES_LEN
"}",
134 (const char *)lm_response
.data
, lm_response
.length
,
136 (const char *)nt_response
.data
, nt_response
.length
,
138 (const char *)lm_session_key
.data
, lm_session_key
.length
,
140 (const char *)nt_session_key
.data
, nt_session_key
.length
);
145 static PyObject
*py_creds_get_principal(PyObject
*self
, PyObject
*unused
)
147 TALLOC_CTX
*frame
= talloc_stackframe();
148 PyObject
*ret
= PyString_FromStringOrNULL(cli_credentials_get_principal(PyCredentials_AsCliCredentials(self
), frame
));
153 static PyObject
*py_creds_set_principal(PyObject
*self
, PyObject
*args
)
156 enum credentials_obtained obt
= CRED_SPECIFIED
;
159 if (!PyArg_ParseTuple(args
, "s|i", &newval
, &_obt
)) {
164 return PyBool_FromLong(cli_credentials_set_principal(PyCredentials_AsCliCredentials(self
), newval
, obt
));
167 static PyObject
*py_creds_get_password(PyObject
*self
, PyObject
*unused
)
169 return PyString_FromStringOrNULL(cli_credentials_get_password(PyCredentials_AsCliCredentials(self
)));
172 static PyObject
*py_creds_set_password(PyObject
*self
, PyObject
*args
)
175 enum credentials_obtained obt
= CRED_SPECIFIED
;
178 if (!PyArg_ParseTuple(args
, "s|i", &newval
, &_obt
)) {
183 return PyBool_FromLong(cli_credentials_set_password(PyCredentials_AsCliCredentials(self
), newval
, obt
));
186 static PyObject
*py_creds_set_utf16_password(PyObject
*self
, PyObject
*args
)
188 enum credentials_obtained obt
= CRED_SPECIFIED
;
190 PyObject
*newval
= NULL
;
191 DATA_BLOB blob
= data_blob_null
;
196 if (!PyArg_ParseTuple(args
, "O|i", &newval
, &_obt
)) {
201 result
= PyBytes_AsStringAndSize(newval
, (char **)&blob
.data
, &size
);
203 PyErr_SetString(PyExc_RuntimeError
, "Failed to convert passed value to Bytes");
208 ok
= cli_credentials_set_utf16_password(PyCredentials_AsCliCredentials(self
),
211 return PyBool_FromLong(ok
);
214 static PyObject
*py_creds_get_old_password(PyObject
*self
, PyObject
*unused
)
216 return PyString_FromStringOrNULL(cli_credentials_get_old_password(PyCredentials_AsCliCredentials(self
)));
219 static PyObject
*py_creds_set_old_password(PyObject
*self
, PyObject
*args
)
222 enum credentials_obtained obt
= CRED_SPECIFIED
;
225 if (!PyArg_ParseTuple(args
, "s|i", &oldval
, &_obt
)) {
230 return PyBool_FromLong(cli_credentials_set_old_password(PyCredentials_AsCliCredentials(self
), oldval
, obt
));
233 static PyObject
*py_creds_set_old_utf16_password(PyObject
*self
, PyObject
*args
)
235 PyObject
*oldval
= NULL
;
236 DATA_BLOB blob
= data_blob_null
;
241 if (!PyArg_ParseTuple(args
, "O", &oldval
)) {
245 result
= PyBytes_AsStringAndSize(oldval
, (char **)&blob
.data
, &size
);
247 PyErr_SetString(PyExc_RuntimeError
, "Failed to convert passed value to Bytes");
252 ok
= cli_credentials_set_old_utf16_password(PyCredentials_AsCliCredentials(self
),
255 return PyBool_FromLong(ok
);
258 static PyObject
*py_creds_get_domain(PyObject
*self
, PyObject
*unused
)
260 return PyString_FromStringOrNULL(cli_credentials_get_domain(PyCredentials_AsCliCredentials(self
)));
263 static PyObject
*py_creds_set_domain(PyObject
*self
, PyObject
*args
)
266 enum credentials_obtained obt
= CRED_SPECIFIED
;
269 if (!PyArg_ParseTuple(args
, "s|i", &newval
, &_obt
)) {
274 return PyBool_FromLong(cli_credentials_set_domain(PyCredentials_AsCliCredentials(self
), newval
, obt
));
277 static PyObject
*py_creds_get_realm(PyObject
*self
, PyObject
*unused
)
279 return PyString_FromStringOrNULL(cli_credentials_get_realm(PyCredentials_AsCliCredentials(self
)));
282 static PyObject
*py_creds_set_realm(PyObject
*self
, PyObject
*args
)
285 enum credentials_obtained obt
= CRED_SPECIFIED
;
288 if (!PyArg_ParseTuple(args
, "s|i", &newval
, &_obt
)) {
293 return PyBool_FromLong(cli_credentials_set_realm(PyCredentials_AsCliCredentials(self
), newval
, obt
));
296 static PyObject
*py_creds_get_bind_dn(PyObject
*self
, PyObject
*unused
)
298 return PyString_FromStringOrNULL(cli_credentials_get_bind_dn(PyCredentials_AsCliCredentials(self
)));
301 static PyObject
*py_creds_set_bind_dn(PyObject
*self
, PyObject
*args
)
304 if (!PyArg_ParseTuple(args
, "s", &newval
))
307 return PyBool_FromLong(cli_credentials_set_bind_dn(PyCredentials_AsCliCredentials(self
), newval
));
310 static PyObject
*py_creds_get_workstation(PyObject
*self
, PyObject
*unused
)
312 return PyString_FromStringOrNULL(cli_credentials_get_workstation(PyCredentials_AsCliCredentials(self
)));
315 static PyObject
*py_creds_set_workstation(PyObject
*self
, PyObject
*args
)
318 enum credentials_obtained obt
= CRED_SPECIFIED
;
321 if (!PyArg_ParseTuple(args
, "s|i", &newval
, &_obt
)) {
326 return PyBool_FromLong(cli_credentials_set_workstation(PyCredentials_AsCliCredentials(self
), newval
, obt
));
329 static PyObject
*py_creds_is_anonymous(PyObject
*self
, PyObject
*unused
)
331 return PyBool_FromLong(cli_credentials_is_anonymous(PyCredentials_AsCliCredentials(self
)));
334 static PyObject
*py_creds_set_anonymous(PyObject
*self
, PyObject
*unused
)
336 cli_credentials_set_anonymous(PyCredentials_AsCliCredentials(self
));
340 static PyObject
*py_creds_authentication_requested(PyObject
*self
, PyObject
*unused
)
342 return PyBool_FromLong(cli_credentials_authentication_requested(PyCredentials_AsCliCredentials(self
)));
345 static PyObject
*py_creds_wrong_password(PyObject
*self
, PyObject
*unused
)
347 return PyBool_FromLong(cli_credentials_wrong_password(PyCredentials_AsCliCredentials(self
)));
350 static PyObject
*py_creds_set_cmdline_callbacks(PyObject
*self
, PyObject
*unused
)
352 return PyBool_FromLong(cli_credentials_set_cmdline_callbacks(PyCredentials_AsCliCredentials(self
)));
355 static PyObject
*py_creds_parse_string(PyObject
*self
, PyObject
*args
)
358 enum credentials_obtained obt
= CRED_SPECIFIED
;
361 if (!PyArg_ParseTuple(args
, "s|i", &newval
, &_obt
)) {
366 cli_credentials_parse_string(PyCredentials_AsCliCredentials(self
), newval
, obt
);
370 static PyObject
*py_creds_parse_file(PyObject
*self
, PyObject
*args
)
373 enum credentials_obtained obt
= CRED_SPECIFIED
;
376 if (!PyArg_ParseTuple(args
, "s|i", &newval
, &_obt
)) {
381 cli_credentials_parse_file(PyCredentials_AsCliCredentials(self
), newval
, obt
);
385 static PyObject
*py_cli_credentials_set_password_will_be_nt_hash(PyObject
*self
, PyObject
*args
)
387 struct cli_credentials
*creds
= PyCredentials_AsCliCredentials(self
);
388 PyObject
*py_val
= NULL
;
391 if (!PyArg_ParseTuple(args
, "O!", &PyBool_Type
, &py_val
)) {
394 val
= PyObject_IsTrue(py_val
);
396 cli_credentials_set_password_will_be_nt_hash(creds
, val
);
400 static PyObject
*py_creds_get_nt_hash(PyObject
*self
, PyObject
*unused
)
403 struct cli_credentials
*creds
= PyCredentials_AsCliCredentials(self
);
404 struct samr_Password
*ntpw
= cli_credentials_get_nt_hash(creds
, creds
);
406 ret
= PyBytes_FromStringAndSize(discard_const_p(char, ntpw
->hash
), 16);
411 static PyObject
*py_creds_get_kerberos_state(PyObject
*self
, PyObject
*unused
)
413 int state
= cli_credentials_get_kerberos_state(PyCredentials_AsCliCredentials(self
));
414 return PyInt_FromLong(state
);
417 static PyObject
*py_creds_set_kerberos_state(PyObject
*self
, PyObject
*args
)
420 if (!PyArg_ParseTuple(args
, "i", &state
))
423 cli_credentials_set_kerberos_state(PyCredentials_AsCliCredentials(self
), state
);
427 static PyObject
*py_creds_set_krb_forwardable(PyObject
*self
, PyObject
*args
)
430 if (!PyArg_ParseTuple(args
, "i", &state
))
433 cli_credentials_set_krb_forwardable(PyCredentials_AsCliCredentials(self
), state
);
438 static PyObject
*py_creds_get_forced_sasl_mech(PyObject
*self
, PyObject
*unused
)
440 return PyString_FromStringOrNULL(cli_credentials_get_forced_sasl_mech(PyCredentials_AsCliCredentials(self
)));
443 static PyObject
*py_creds_set_forced_sasl_mech(PyObject
*self
, PyObject
*args
)
446 enum credentials_obtained obt
= CRED_SPECIFIED
;
449 if (!PyArg_ParseTuple(args
, "s", &newval
)) {
454 cli_credentials_set_forced_sasl_mech(PyCredentials_AsCliCredentials(self
), newval
);
458 static PyObject
*py_creds_guess(PyObject
*self
, PyObject
*args
)
460 PyObject
*py_lp_ctx
= Py_None
;
461 struct loadparm_context
*lp_ctx
;
463 struct cli_credentials
*creds
;
465 creds
= PyCredentials_AsCliCredentials(self
);
467 if (!PyArg_ParseTuple(args
, "|O", &py_lp_ctx
))
470 mem_ctx
= talloc_new(NULL
);
471 if (mem_ctx
== NULL
) {
476 lp_ctx
= lpcfg_from_py_object(mem_ctx
, py_lp_ctx
);
477 if (lp_ctx
== NULL
) {
478 talloc_free(mem_ctx
);
482 cli_credentials_guess(creds
, lp_ctx
);
484 talloc_free(mem_ctx
);
489 static PyObject
*py_creds_set_machine_account(PyObject
*self
, PyObject
*args
)
491 PyObject
*py_lp_ctx
= Py_None
;
492 struct loadparm_context
*lp_ctx
;
494 struct cli_credentials
*creds
;
497 creds
= PyCredentials_AsCliCredentials(self
);
499 if (!PyArg_ParseTuple(args
, "|O", &py_lp_ctx
))
502 mem_ctx
= talloc_new(NULL
);
503 if (mem_ctx
== NULL
) {
508 lp_ctx
= lpcfg_from_py_object(mem_ctx
, py_lp_ctx
);
509 if (lp_ctx
== NULL
) {
510 talloc_free(mem_ctx
);
514 status
= cli_credentials_set_machine_account(creds
, lp_ctx
);
515 talloc_free(mem_ctx
);
517 PyErr_NTSTATUS_IS_ERR_RAISE(status
);
522 static PyObject
*PyCredentialCacheContainer_from_ccache_container(struct ccache_container
*ccc
)
524 return pytalloc_reference(&PyCredentialCacheContainer
, ccc
);
528 static PyObject
*py_creds_get_named_ccache(PyObject
*self
, PyObject
*args
)
530 PyObject
*py_lp_ctx
= Py_None
;
531 char *ccache_name
= NULL
;
532 struct loadparm_context
*lp_ctx
;
533 struct ccache_container
*ccc
;
534 struct tevent_context
*event_ctx
;
536 const char *error_string
;
537 struct cli_credentials
*creds
;
540 creds
= PyCredentials_AsCliCredentials(self
);
542 if (!PyArg_ParseTuple(args
, "|Os", &py_lp_ctx
, &ccache_name
))
545 mem_ctx
= talloc_new(NULL
);
546 if (mem_ctx
== NULL
) {
551 lp_ctx
= lpcfg_from_py_object(mem_ctx
, py_lp_ctx
);
552 if (lp_ctx
== NULL
) {
553 talloc_free(mem_ctx
);
557 event_ctx
= samba_tevent_context_init(mem_ctx
);
559 ret
= cli_credentials_get_named_ccache(creds
, event_ctx
, lp_ctx
,
560 ccache_name
, &ccc
, &error_string
);
561 talloc_unlink(mem_ctx
, lp_ctx
);
563 talloc_steal(ccc
, event_ctx
);
564 talloc_free(mem_ctx
);
565 return PyCredentialCacheContainer_from_ccache_container(ccc
);
568 PyErr_SetString(PyExc_RuntimeError
, error_string
?error_string
:"NULL");
570 talloc_free(mem_ctx
);
574 static PyObject
*py_creds_set_named_ccache(PyObject
*self
, PyObject
*args
)
576 struct loadparm_context
*lp_ctx
= NULL
;
577 enum credentials_obtained obt
= CRED_SPECIFIED
;
578 const char *error_string
= NULL
;
579 TALLOC_CTX
*mem_ctx
= NULL
;
581 PyObject
*py_lp_ctx
= Py_None
;
585 if (!PyArg_ParseTuple(args
, "s|iO", &newval
, &_obt
, &py_lp_ctx
))
588 mem_ctx
= talloc_new(NULL
);
589 if (mem_ctx
== NULL
) {
594 lp_ctx
= lpcfg_from_py_object(mem_ctx
, py_lp_ctx
);
595 if (lp_ctx
== NULL
) {
596 talloc_free(mem_ctx
);
600 ret
= cli_credentials_set_ccache(PyCredentials_AsCliCredentials(self
),
602 newval
, CRED_SPECIFIED
,
606 PyErr_SetString(PyExc_RuntimeError
,
607 error_string
!= NULL
? error_string
: "NULL");
608 talloc_free(mem_ctx
);
612 talloc_free(mem_ctx
);
616 static PyObject
*py_creds_set_gensec_features(PyObject
*self
, PyObject
*args
)
618 unsigned int gensec_features
;
620 if (!PyArg_ParseTuple(args
, "I", &gensec_features
))
623 cli_credentials_set_gensec_features(PyCredentials_AsCliCredentials(self
), gensec_features
);
628 static PyObject
*py_creds_get_gensec_features(PyObject
*self
, PyObject
*args
)
630 unsigned int gensec_features
;
632 gensec_features
= cli_credentials_get_gensec_features(PyCredentials_AsCliCredentials(self
));
633 return PyInt_FromLong(gensec_features
);
636 static PyObject
*py_creds_new_client_authenticator(PyObject
*self
,
639 struct netr_Authenticator auth
;
640 struct cli_credentials
*creds
= NULL
;
641 struct netlogon_creds_CredentialState
*nc
= NULL
;
642 PyObject
*ret
= NULL
;
644 creds
= PyCredentials_AsCliCredentials(self
);
646 PyErr_SetString(PyExc_RuntimeError
,
647 "Failed to get credentials from python");
651 nc
= creds
->netlogon_creds
;
653 PyErr_SetString(PyExc_ValueError
,
654 "No netlogon credentials cannot make "
655 "client authenticator");
659 netlogon_creds_client_authenticator(
662 ret
= Py_BuildValue("{ss#si}",
664 (const char *) &auth
.cred
, sizeof(auth
.cred
),
665 "timestamp", auth
.timestamp
);
669 static PyObject
*py_creds_set_secure_channel_type(PyObject
*self
, PyObject
*args
)
671 unsigned int channel_type
;
673 if (!PyArg_ParseTuple(args
, "I", &channel_type
))
676 cli_credentials_set_secure_channel_type(
677 PyCredentials_AsCliCredentials(self
),
683 static PyObject
*py_creds_encrypt_netr_crypt_password(PyObject
*self
,
686 DATA_BLOB data
= data_blob_null
;
687 struct cli_credentials
*creds
= NULL
;
688 struct netr_CryptPassword
*pwd
= NULL
;
690 PyObject
*py_cp
= Py_None
;
692 creds
= PyCredentials_AsCliCredentials(self
);
694 if (!PyArg_ParseTuple(args
, "|O", &py_cp
)) {
697 pwd
= pytalloc_get_type(py_cp
, struct netr_CryptPassword
);
698 data
.length
= sizeof(struct netr_CryptPassword
);
699 data
.data
= (uint8_t *)pwd
;
700 status
= netlogon_creds_session_encrypt(creds
->netlogon_creds
, data
);
702 PyErr_NTSTATUS_IS_ERR_RAISE(status
);
707 static PyMethodDef py_creds_methods
[] = {
708 { "get_username", py_creds_get_username
, METH_NOARGS
,
709 "S.get_username() -> username\nObtain username." },
710 { "set_username", py_creds_set_username
, METH_VARARGS
,
711 "S.set_username(name[, credentials.SPECIFIED]) -> None\n"
712 "Change username." },
713 { "get_principal", py_creds_get_principal
, METH_NOARGS
,
714 "S.get_principal() -> user@realm\nObtain user principal." },
715 { "set_principal", py_creds_set_principal
, METH_VARARGS
,
716 "S.set_principal(name[, credentials.SPECIFIED]) -> None\n"
717 "Change principal." },
718 { "get_password", py_creds_get_password
, METH_NOARGS
,
719 "S.get_password() -> password\n"
720 "Obtain password." },
721 { "get_ntlm_username_domain", py_creds_get_ntlm_username_domain
, METH_NOARGS
,
722 "S.get_ntlm_username_domain() -> (domain, username)\n"
723 "Obtain NTLM username and domain, split up either as (DOMAIN, user) or (\"\", \"user@realm\")." },
724 { "get_ntlm_response", (PyCFunction
)py_creds_get_ntlm_response
, METH_VARARGS
| METH_KEYWORDS
,
725 "S.get_ntlm_response"
726 "(flags, challenge[, target_info]) -> "
727 "(flags, lm_response, nt_response, lm_session_key, nt_session_key)\n"
728 "Obtain LM or NTLM response." },
729 { "set_password", py_creds_set_password
, METH_VARARGS
,
730 "S.set_password(password[, credentials.SPECIFIED]) -> None\n"
731 "Change password." },
732 { "set_utf16_password", py_creds_set_utf16_password
, METH_VARARGS
,
733 "S.set_utf16_password(password[, credentials.SPECIFIED]) -> None\n"
734 "Change password." },
735 { "get_old_password", py_creds_get_old_password
, METH_NOARGS
,
736 "S.get_old_password() -> password\n"
737 "Obtain old password." },
738 { "set_old_password", py_creds_set_old_password
, METH_VARARGS
,
739 "S.set_old_password(password[, credentials.SPECIFIED]) -> None\n"
740 "Change old password." },
741 { "set_old_utf16_password", py_creds_set_old_utf16_password
, METH_VARARGS
,
742 "S.set_old_utf16_password(password[, credentials.SPECIFIED]) -> None\n"
743 "Change old password." },
744 { "get_domain", py_creds_get_domain
, METH_NOARGS
,
745 "S.get_domain() -> domain\n"
746 "Obtain domain name." },
747 { "set_domain", py_creds_set_domain
, METH_VARARGS
,
748 "S.set_domain(domain[, credentials.SPECIFIED]) -> None\n"
749 "Change domain name." },
750 { "get_realm", py_creds_get_realm
, METH_NOARGS
,
751 "S.get_realm() -> realm\n"
752 "Obtain realm name." },
753 { "set_realm", py_creds_set_realm
, METH_VARARGS
,
754 "S.set_realm(realm[, credentials.SPECIFIED]) -> None\n"
755 "Change realm name." },
756 { "get_bind_dn", py_creds_get_bind_dn
, METH_NOARGS
,
757 "S.get_bind_dn() -> bind dn\n"
759 { "set_bind_dn", py_creds_set_bind_dn
, METH_VARARGS
,
760 "S.set_bind_dn(bind_dn) -> None\n"
762 { "is_anonymous", py_creds_is_anonymous
, METH_NOARGS
,
764 { "set_anonymous", py_creds_set_anonymous
, METH_NOARGS
,
765 "S.set_anonymous() -> None\n"
766 "Use anonymous credentials." },
767 { "get_workstation", py_creds_get_workstation
, METH_NOARGS
,
769 { "set_workstation", py_creds_set_workstation
, METH_VARARGS
,
771 { "authentication_requested", py_creds_authentication_requested
, METH_NOARGS
,
773 { "wrong_password", py_creds_wrong_password
, METH_NOARGS
,
774 "S.wrong_password() -> bool\n"
775 "Indicate the returned password was incorrect." },
776 { "set_cmdline_callbacks", py_creds_set_cmdline_callbacks
, METH_NOARGS
,
777 "S.set_cmdline_callbacks() -> bool\n"
778 "Use command-line to obtain credentials not explicitly set." },
779 { "parse_string", py_creds_parse_string
, METH_VARARGS
,
780 "S.parse_string(text[, credentials.SPECIFIED]) -> None\n"
781 "Parse credentials string." },
782 { "parse_file", py_creds_parse_file
, METH_VARARGS
,
783 "S.parse_file(filename[, credentials.SPECIFIED]) -> None\n"
784 "Parse credentials file." },
785 { "set_password_will_be_nt_hash",
786 py_cli_credentials_set_password_will_be_nt_hash
, METH_VARARGS
,
787 "S.set_password_will_be_nt_hash(bool) -> None\n"
788 "Alters the behaviour of S.set_password() "
789 "to expect the NTHASH as hexstring." },
790 { "get_nt_hash", py_creds_get_nt_hash
, METH_NOARGS
,
792 { "get_kerberos_state", py_creds_get_kerberos_state
, METH_NOARGS
,
794 { "set_kerberos_state", py_creds_set_kerberos_state
, METH_VARARGS
,
796 { "set_krb_forwardable", py_creds_set_krb_forwardable
, METH_VARARGS
,
798 { "guess", py_creds_guess
, METH_VARARGS
, NULL
},
799 { "set_machine_account", py_creds_set_machine_account
, METH_VARARGS
, NULL
},
800 { "get_named_ccache", py_creds_get_named_ccache
, METH_VARARGS
, NULL
},
801 { "set_named_ccache", py_creds_set_named_ccache
, METH_VARARGS
,
802 "S.set_named_ccache(krb5_ccache_name, obtained, lp) -> None\n"
803 "Set credentials to KRB5 Credentials Cache (by name)." },
804 { "set_gensec_features", py_creds_set_gensec_features
, METH_VARARGS
, NULL
},
805 { "get_gensec_features", py_creds_get_gensec_features
, METH_NOARGS
, NULL
},
806 { "get_forced_sasl_mech", py_creds_get_forced_sasl_mech
, METH_NOARGS
,
807 "S.get_forced_sasl_mech() -> SASL mechanism\nObtain forced SASL mechanism." },
808 { "set_forced_sasl_mech", py_creds_set_forced_sasl_mech
, METH_VARARGS
,
809 "S.set_forced_sasl_mech(name) -> None\n"
810 "Set forced SASL mechanism." },
811 { "new_client_authenticator",
812 py_creds_new_client_authenticator
,
814 "S.new_client_authenticator() -> Authenticator\n"
815 "Get a new client NETLOGON_AUTHENTICATOR"},
816 { "set_secure_channel_type", py_creds_set_secure_channel_type
,
817 METH_VARARGS
, NULL
},
818 { "encrypt_netr_crypt_password",
819 py_creds_encrypt_netr_crypt_password
,
821 "S.encrypt_netr_crypt_password(password) -> NTSTATUS\n"
822 "Encrypt the supplied password using the session key and\n"
823 "the negotiated encryption algorithm in place\n"
824 "i.e. it overwrites the original data"},
828 static struct PyModuleDef moduledef
= {
829 PyModuleDef_HEAD_INIT
,
830 .m_name
= "credentials",
831 .m_doc
= "Credentials management.",
833 .m_methods
= py_creds_methods
,
836 PyTypeObject PyCredentials
= {
837 .tp_name
= "credentials.Credentials",
838 .tp_new
= py_creds_new
,
839 .tp_flags
= Py_TPFLAGS_DEFAULT
,
840 .tp_methods
= py_creds_methods
,
843 static PyObject
*py_ccache_name(PyObject
*self
, PyObject
*unused
)
845 struct ccache_container
*ccc
= NULL
;
847 PyObject
*py_name
= NULL
;
850 ccc
= pytalloc_get_type(self
, struct ccache_container
);
852 ret
= krb5_cc_get_full_name(ccc
->smb_krb5_context
->krb5_context
,
855 py_name
= PyString_FromStringOrNULL(name
);
858 PyErr_SetString(PyExc_RuntimeError
,
859 "Failed to get ccache name");
865 static PyMethodDef py_ccache_container_methods
[] = {
866 { "get_name", py_ccache_name
, METH_NOARGS
,
867 "S.get_name() -> name\nObtain KRB5 credentials cache name." },
871 PyTypeObject PyCredentialCacheContainer
= {
872 .tp_name
= "credentials.CredentialCacheContainer",
873 .tp_flags
= Py_TPFLAGS_DEFAULT
,
874 .tp_methods
= py_ccache_container_methods
,
877 MODULE_INIT_FUNC(credentials
)
880 if (pytalloc_BaseObject_PyType_Ready(&PyCredentials
) < 0)
883 if (pytalloc_BaseObject_PyType_Ready(&PyCredentialCacheContainer
) < 0)
886 m
= PyModule_Create(&moduledef
);
890 PyModule_AddObject(m
, "UNINITIALISED", PyInt_FromLong(CRED_UNINITIALISED
));
891 PyModule_AddObject(m
, "CALLBACK", PyInt_FromLong(CRED_CALLBACK
));
892 PyModule_AddObject(m
, "GUESS_ENV", PyInt_FromLong(CRED_GUESS_ENV
));
893 PyModule_AddObject(m
, "GUESS_FILE", PyInt_FromLong(CRED_GUESS_FILE
));
894 PyModule_AddObject(m
, "CALLBACK_RESULT", PyInt_FromLong(CRED_CALLBACK_RESULT
));
895 PyModule_AddObject(m
, "SPECIFIED", PyInt_FromLong(CRED_SPECIFIED
));
897 PyModule_AddObject(m
, "AUTO_USE_KERBEROS", PyInt_FromLong(CRED_AUTO_USE_KERBEROS
));
898 PyModule_AddObject(m
, "DONT_USE_KERBEROS", PyInt_FromLong(CRED_DONT_USE_KERBEROS
));
899 PyModule_AddObject(m
, "MUST_USE_KERBEROS", PyInt_FromLong(CRED_MUST_USE_KERBEROS
));
901 PyModule_AddObject(m
, "AUTO_KRB_FORWARDABLE", PyInt_FromLong(CRED_AUTO_KRB_FORWARDABLE
));
902 PyModule_AddObject(m
, "NO_KRB_FORWARDABLE", PyInt_FromLong(CRED_NO_KRB_FORWARDABLE
));
903 PyModule_AddObject(m
, "FORCE_KRB_FORWARDABLE", PyInt_FromLong(CRED_FORCE_KRB_FORWARDABLE
));
904 PyModule_AddObject(m
, "CLI_CRED_NTLM2", PyInt_FromLong(CLI_CRED_NTLM2
));
905 PyModule_AddObject(m
, "CLI_CRED_NTLMv2_AUTH", PyInt_FromLong(CLI_CRED_NTLMv2_AUTH
));
906 PyModule_AddObject(m
, "CLI_CRED_LANMAN_AUTH", PyInt_FromLong(CLI_CRED_LANMAN_AUTH
));
907 PyModule_AddObject(m
, "CLI_CRED_NTLM_AUTH", PyInt_FromLong(CLI_CRED_NTLM_AUTH
));
908 PyModule_AddObject(m
, "CLI_CRED_CLEAR_AUTH", PyInt_FromLong(CLI_CRED_CLEAR_AUTH
));
910 Py_INCREF(&PyCredentials
);
911 PyModule_AddObject(m
, "Credentials", (PyObject
*)&PyCredentials
);
912 Py_INCREF(&PyCredentialCacheContainer
);
913 PyModule_AddObject(m
, "CredentialCacheContainer", (PyObject
*)&PyCredentialCacheContainer
);