search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
selftest: add a durable handle test with delayed disconnect
[Samba.git] / source4 / auth / pyauth.c
blobada89ef0c8fc0f79f1d22d85b1a1cb03ebd02af1
1 /*
2 Unix SMB/CIFS implementation.
3 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2008
4 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2011
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include <Python.h>
21 #include "python/py3compat.h"
22 #include "includes.h"
23 #include "libcli/util/pyerrors.h"
24 #include "param/param.h"
25 #include "pyauth.h"
26 #include "pyldb.h"
27 #include "auth/system_session_proto.h"
28 #include "auth/auth.h"
29 #include "param/pyparam.h"
30 #include "libcli/security/security.h"
31 #include "auth/credentials/pycredentials.h"
32 #include <tevent.h>
33 #include "librpc/rpc/pyrpc_util.h"
34 #include "lib/events/events.h"
35
36 static PyTypeObject PyAuthContext;
37
38 static PyObject *PyAuthSession_FromSession(struct auth_session_info *session)
39 {
40 return py_return_ndr_struct("samba.dcerpc.auth", "session_info", session, session);
41 }
42
43 static PyObject *py_system_session(PyObject *module, PyObject *args)
44 {
45 PyObject *py_lp_ctx = Py_None;
46 struct loadparm_context *lp_ctx = NULL;
47 struct auth_session_info *session;
48 TALLOC_CTX *mem_ctx;
49 if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
50 return NULL;
51
52 mem_ctx = talloc_new(NULL);
53 if (mem_ctx == NULL) {
54 PyErr_NoMemory();
55 return NULL;
56 }
57
58 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
59 if (lp_ctx == NULL) {
60 talloc_free(mem_ctx);
61 return NULL;
62 }
63
64 session = system_session(lp_ctx);
65
66 talloc_free(mem_ctx);
67
68 return PyAuthSession_FromSession(session);
69 }
70
71
72 static PyObject *py_admin_session(PyObject *module, PyObject *args)
73 {
74 PyObject *py_lp_ctx;
75 const char *sid;
76 struct loadparm_context *lp_ctx = NULL;
77 struct auth_session_info *session;
78 struct dom_sid *domain_sid = NULL;
79 TALLOC_CTX *mem_ctx;
80
81 if (!PyArg_ParseTuple(args, "Os", &py_lp_ctx, &sid))
82 return NULL;
83
84 mem_ctx = talloc_new(NULL);
85 if (mem_ctx == NULL) {
86 PyErr_NoMemory();
87 return NULL;
88 }
89
90 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
91 if (lp_ctx == NULL) {
92 talloc_free(mem_ctx);
93 return NULL;
94 }
95
96 domain_sid = dom_sid_parse_talloc(mem_ctx, sid);
97 if (domain_sid == NULL) {
98 PyErr_Format(PyExc_RuntimeError, "Unable to parse sid %s", sid);
99 talloc_free(mem_ctx);
100 return NULL;
101 }
102 session = admin_session(NULL, lp_ctx, domain_sid);
103 talloc_free(mem_ctx);
104
105 return PyAuthSession_FromSession(session);
106 }
107
108 static PyObject *py_user_session(PyObject *module, PyObject *args, PyObject *kwargs)
109 {
110 NTSTATUS nt_status;
111 struct auth_session_info *session;
112 TALLOC_CTX *mem_ctx;
113 const char * const kwnames[] = { "ldb", "lp_ctx", "principal", "dn", "session_info_flags", NULL };
114 struct ldb_context *ldb_ctx;
115 PyObject *py_ldb = Py_None;
116 PyObject *py_dn = Py_None;
117 PyObject *py_lp_ctx = Py_None;
118 struct loadparm_context *lp_ctx = NULL;
119 struct ldb_dn *user_dn;
120 char *principal = NULL;
121 int session_info_flags = 0; /* This is an int, because that's
122 * what we need for the python
123 * PyArg_ParseTupleAndKeywords */
124
125 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "O|OzOi",
126 discard_const_p(char *, kwnames),
127 &py_ldb, &py_lp_ctx, &principal, &py_dn, &session_info_flags)) {
128 return NULL;
129 }
130
131 mem_ctx = talloc_new(NULL);
132 if (mem_ctx == NULL) {
133 PyErr_NoMemory();
134 return NULL;
135 }
136
137 ldb_ctx = pyldb_Ldb_AsLdbContext(py_ldb);
138
139 if (py_dn == Py_None) {
140 user_dn = NULL;
141 } else {
142 if (!pyldb_Object_AsDn(ldb_ctx, py_dn, ldb_ctx, &user_dn)) {
143 talloc_free(mem_ctx);
144 return NULL;
145 }
146 }
147
148 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
149 if (lp_ctx == NULL) {
150 talloc_free(mem_ctx);
151 return NULL;
152 }
153
154 nt_status = authsam_get_session_info_principal(mem_ctx, lp_ctx, ldb_ctx, principal, user_dn,
155 session_info_flags, &session);
156 if (!NT_STATUS_IS_OK(nt_status)) {
157 talloc_free(mem_ctx);
158 PyErr_NTSTATUS_IS_ERR_RAISE(nt_status);
159 }
160
161 talloc_steal(NULL, session);
162 talloc_free(mem_ctx);
163
164 return PyAuthSession_FromSession(session);
165 }
166
167 static PyObject *py_session_info_fill_unix(PyObject *module,
168 PyObject *args,
169 PyObject *kwargs)
170 {
171 NTSTATUS nt_status;
172 char *user_name = NULL;
173 struct loadparm_context *lp_ctx = NULL;
174 struct auth_session_info *session_info;
175 PyObject *py_lp_ctx = Py_None;
176 PyObject *py_session = Py_None;
177 TALLOC_CTX *frame;
178
179 const char * const kwnames[] = { "session_info",
180 "user_name",
181 "lp_ctx",
182 NULL };
183 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "Oz|O",
184 discard_const_p(char *, kwnames),
185 &py_session,
186 &user_name,
187 &py_lp_ctx)) {
188 return NULL;
189 }
190
191 if (!py_check_dcerpc_type(py_session,
192 "samba.dcerpc.auth",
193 "session_info")) {
194 return NULL;
195 }
196 session_info = pytalloc_get_type(py_session,
197 struct auth_session_info);
198 if (!session_info) {
199 PyErr_Format(PyExc_TypeError,
200 "Expected auth_session_info for session_info argument got %s",
201 talloc_get_name(pytalloc_get_ptr(py_session)));
202 return NULL;
203 }
204
205 frame = talloc_stackframe();
206
207 lp_ctx = lpcfg_from_py_object(frame, py_lp_ctx);
208 if (lp_ctx == NULL) {
209 TALLOC_FREE(frame);
210 return NULL;
211 }
212
213 nt_status = auth_session_info_fill_unix(lp_ctx,
214 user_name,
215 session_info);
216 TALLOC_FREE(frame);
217 if (!NT_STATUS_IS_OK(nt_status)) {
218 PyErr_NTSTATUS_IS_ERR_RAISE(nt_status);
219 }
220
221 Py_RETURN_NONE;
222 }
223
224
225 static const char **PyList_AsStringList(TALLOC_CTX *mem_ctx, PyObject *list,
226 const char *paramname)
227 {
228 const char **ret;
229 Py_ssize_t i;
230 if (!PyList_Check(list)) {
231 PyErr_Format(PyExc_TypeError, "%s is not a list", paramname);
232 return NULL;
233 }
234 ret = talloc_array(NULL, const char *, PyList_Size(list)+1);
235 if (ret == NULL) {
236 PyErr_NoMemory();
237 return NULL;
238 }
239
240 for (i = 0; i < PyList_Size(list); i++) {
241 const char *value;
242 Py_ssize_t size;
243 PyObject *item = PyList_GetItem(list, i);
244 if (!(PyStr_Check(item) || PyUnicode_Check(item))) {
245 PyErr_Format(PyExc_TypeError, "%s should be strings", paramname);
246 return NULL;
247 }
248 value = PyStr_AsUTF8AndSize(item, &size);
249 if (value == NULL) {
250 talloc_free(ret);
251 return NULL;
252 }
253 ret[i] = talloc_strndup(ret, value, size);
254 }
255 ret[i] = NULL;
256 return ret;
257 }
258
259 static PyObject *PyAuthContext_FromContext(struct auth4_context *auth_context)
260 {
261 return pytalloc_reference(&PyAuthContext, auth_context);
262 }
263
264 static PyObject *py_auth_context_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
265 {
266 PyObject *py_lp_ctx = Py_None;
267 PyObject *py_ldb = Py_None;
268 PyObject *py_imessaging_ctx = Py_None;
269 PyObject *py_auth_context = Py_None;
270 PyObject *py_methods = Py_None;
271 TALLOC_CTX *mem_ctx;
272 struct auth4_context *auth_context;
273 struct imessaging_context *imessaging_context = NULL;
274 struct loadparm_context *lp_ctx;
275 struct tevent_context *ev;
276 struct ldb_context *ldb = NULL;
277 NTSTATUS nt_status;
278 const char **methods;
279
280 const char * const kwnames[] = { "lp_ctx", "messaging_ctx", "ldb", "methods", NULL };
281
282 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|OOOO",
283 discard_const_p(char *, kwnames),
284 &py_lp_ctx, &py_imessaging_ctx, &py_ldb, &py_methods))
285 return NULL;
286
287 mem_ctx = talloc_new(NULL);
288 if (mem_ctx == NULL) {
289 PyErr_NoMemory();
290 return NULL;
291 }
292
293 if (py_ldb != Py_None) {
294 ldb = pyldb_Ldb_AsLdbContext(py_ldb);
295 }
296
297 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
298 if (lp_ctx == NULL) {
299 PyErr_NoMemory();
300 return NULL;
301 }
302
303 ev = s4_event_context_init(mem_ctx);
304 if (ev == NULL) {
305 PyErr_NoMemory();
306 return NULL;
307 }
308
309 if (py_imessaging_ctx != Py_None) {
310 imessaging_context = pytalloc_get_type(py_imessaging_ctx, struct imessaging_context);
311 }
312
313 if (py_methods == Py_None && py_ldb == Py_None) {
314 nt_status = auth_context_create(mem_ctx, ev, imessaging_context, lp_ctx, &auth_context);
315 } else {
316 if (py_methods != Py_None) {
317 methods = PyList_AsStringList(mem_ctx, py_methods, "methods");
318 if (methods == NULL) {
319 talloc_free(mem_ctx);
320 return NULL;
321 }
322 } else {
323 methods = auth_methods_from_lp(mem_ctx, lp_ctx);
324 }
325 nt_status = auth_context_create_methods(mem_ctx, methods, ev,
326 imessaging_context, lp_ctx,
327 ldb, &auth_context);
328 }
329
330 if (!NT_STATUS_IS_OK(nt_status)) {
331 talloc_free(mem_ctx);
332 PyErr_NTSTATUS_IS_ERR_RAISE(nt_status);
333 }
334
335 if (!talloc_reference(auth_context, lp_ctx)) {
336 talloc_free(mem_ctx);
337 PyErr_NoMemory();
338 return NULL;
339 }
340
341 if (!talloc_reference(auth_context, ev)) {
342 talloc_free(mem_ctx);
343 PyErr_NoMemory();
344 return NULL;
345 }
346
347 py_auth_context = PyAuthContext_FromContext(auth_context);
348
349 talloc_free(mem_ctx);
350
351 return py_auth_context;
352 }
353
354 static PyTypeObject PyAuthContext = {
355 .tp_name = "AuthContext",
356 .tp_flags = Py_TPFLAGS_DEFAULT,
357 .tp_new = py_auth_context_new,
358 };
359
360 static PyMethodDef py_auth_methods[] = {
361 { "system_session", (PyCFunction)py_system_session, METH_VARARGS, NULL },
362 { "admin_session", (PyCFunction)py_admin_session, METH_VARARGS, NULL },
363 { "user_session", (PyCFunction)py_user_session, METH_VARARGS|METH_KEYWORDS, NULL },
364 { "session_info_fill_unix",
365 (PyCFunction)py_session_info_fill_unix,
366 METH_VARARGS|METH_KEYWORDS,
367 NULL },
368 { NULL },
369 };
370
371 static struct PyModuleDef moduledef = {
372 PyModuleDef_HEAD_INIT,
373 .m_name = "auth",
374 .m_doc = "Authentication and authorization support.",
375 .m_size = -1,
376 .m_methods = py_auth_methods,
377 };
378
379 MODULE_INIT_FUNC(auth)
380 {
381 PyObject *m;
382
383 if (pytalloc_BaseObject_PyType_Ready(&PyAuthContext) < 0)
384 return NULL;
385
386 m = PyModule_Create(&moduledef);
387 if (m == NULL)
388 return NULL;
389
390 Py_INCREF(&PyAuthContext);
391 PyModule_AddObject(m, "AuthContext", (PyObject *)&PyAuthContext);
392
393 #define ADD_FLAG(val) PyModule_AddIntConstant(m, #val, val)
394 ADD_FLAG(AUTH_SESSION_INFO_DEFAULT_GROUPS);
395 ADD_FLAG(AUTH_SESSION_INFO_AUTHENTICATED);
396 ADD_FLAG(AUTH_SESSION_INFO_SIMPLE_PRIVILEGES);
397 ADD_FLAG(AUTH_SESSION_INFO_NTLM);
398
399 return m;
400 }
Samba GIT mirror