2 Unix SMB/CIFS implementation.
3 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2008
4 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2011
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "python/py3compat.h"
23 #include "libcli/util/pyerrors.h"
24 #include "param/param.h"
27 #include "auth/system_session_proto.h"
28 #include "auth/auth.h"
29 #include "param/pyparam.h"
30 #include "libcli/security/security.h"
31 #include "auth/credentials/pycredentials.h"
33 #include "librpc/rpc/pyrpc_util.h"
34 #include "lib/events/events.h"
36 static PyTypeObject PyAuthContext
;
38 static PyObject
*PyAuthSession_FromSession(struct auth_session_info
*session
)
40 return py_return_ndr_struct("samba.dcerpc.auth", "session_info", session
, session
);
43 static PyObject
*py_system_session(PyObject
*module
, PyObject
*args
)
45 PyObject
*py_lp_ctx
= Py_None
;
46 struct loadparm_context
*lp_ctx
= NULL
;
47 struct auth_session_info
*session
;
49 if (!PyArg_ParseTuple(args
, "|O", &py_lp_ctx
))
52 mem_ctx
= talloc_new(NULL
);
53 if (mem_ctx
== NULL
) {
58 lp_ctx
= lpcfg_from_py_object(mem_ctx
, py_lp_ctx
);
64 session
= system_session(lp_ctx
);
68 return PyAuthSession_FromSession(session
);
72 static PyObject
*py_admin_session(PyObject
*module
, PyObject
*args
)
76 struct loadparm_context
*lp_ctx
= NULL
;
77 struct auth_session_info
*session
;
78 struct dom_sid
*domain_sid
= NULL
;
81 if (!PyArg_ParseTuple(args
, "Os", &py_lp_ctx
, &sid
))
84 mem_ctx
= talloc_new(NULL
);
85 if (mem_ctx
== NULL
) {
90 lp_ctx
= lpcfg_from_py_object(mem_ctx
, py_lp_ctx
);
96 domain_sid
= dom_sid_parse_talloc(mem_ctx
, sid
);
97 if (domain_sid
== NULL
) {
98 PyErr_Format(PyExc_RuntimeError
, "Unable to parse sid %s", sid
);
102 session
= admin_session(NULL
, lp_ctx
, domain_sid
);
103 talloc_free(mem_ctx
);
105 return PyAuthSession_FromSession(session
);
108 static PyObject
*py_user_session(PyObject
*module
, PyObject
*args
, PyObject
*kwargs
)
111 struct auth_session_info
*session
;
113 const char * const kwnames
[] = { "ldb", "lp_ctx", "principal", "dn", "session_info_flags", NULL
};
114 struct ldb_context
*ldb_ctx
;
115 PyObject
*py_ldb
= Py_None
;
116 PyObject
*py_dn
= Py_None
;
117 PyObject
*py_lp_ctx
= Py_None
;
118 struct loadparm_context
*lp_ctx
= NULL
;
119 struct ldb_dn
*user_dn
;
120 char *principal
= NULL
;
121 int session_info_flags
= 0; /* This is an int, because that's
122 * what we need for the python
123 * PyArg_ParseTupleAndKeywords */
125 if (!PyArg_ParseTupleAndKeywords(args
, kwargs
, "O|OzOi",
126 discard_const_p(char *, kwnames
),
127 &py_ldb
, &py_lp_ctx
, &principal
, &py_dn
, &session_info_flags
)) {
131 mem_ctx
= talloc_new(NULL
);
132 if (mem_ctx
== NULL
) {
137 ldb_ctx
= pyldb_Ldb_AsLdbContext(py_ldb
);
139 if (py_dn
== Py_None
) {
142 if (!pyldb_Object_AsDn(ldb_ctx
, py_dn
, ldb_ctx
, &user_dn
)) {
143 talloc_free(mem_ctx
);
148 lp_ctx
= lpcfg_from_py_object(mem_ctx
, py_lp_ctx
);
149 if (lp_ctx
== NULL
) {
150 talloc_free(mem_ctx
);
154 nt_status
= authsam_get_session_info_principal(mem_ctx
, lp_ctx
, ldb_ctx
, principal
, user_dn
,
155 session_info_flags
, &session
);
156 if (!NT_STATUS_IS_OK(nt_status
)) {
157 talloc_free(mem_ctx
);
158 PyErr_NTSTATUS_IS_ERR_RAISE(nt_status
);
161 talloc_steal(NULL
, session
);
162 talloc_free(mem_ctx
);
164 return PyAuthSession_FromSession(session
);
167 static PyObject
*py_session_info_fill_unix(PyObject
*module
,
172 char *user_name
= NULL
;
173 struct loadparm_context
*lp_ctx
= NULL
;
174 struct auth_session_info
*session_info
;
175 PyObject
*py_lp_ctx
= Py_None
;
176 PyObject
*py_session
= Py_None
;
179 const char * const kwnames
[] = { "session_info",
183 if (!PyArg_ParseTupleAndKeywords(args
, kwargs
, "Oz|O",
184 discard_const_p(char *, kwnames
),
191 if (!py_check_dcerpc_type(py_session
,
196 session_info
= pytalloc_get_type(py_session
,
197 struct auth_session_info
);
199 PyErr_Format(PyExc_TypeError
,
200 "Expected auth_session_info for session_info argument got %s",
201 talloc_get_name(pytalloc_get_ptr(py_session
)));
205 frame
= talloc_stackframe();
207 lp_ctx
= lpcfg_from_py_object(frame
, py_lp_ctx
);
208 if (lp_ctx
== NULL
) {
213 nt_status
= auth_session_info_fill_unix(lp_ctx
,
217 if (!NT_STATUS_IS_OK(nt_status
)) {
218 PyErr_NTSTATUS_IS_ERR_RAISE(nt_status
);
225 static const char **PyList_AsStringList(TALLOC_CTX
*mem_ctx
, PyObject
*list
,
226 const char *paramname
)
230 if (!PyList_Check(list
)) {
231 PyErr_Format(PyExc_TypeError
, "%s is not a list", paramname
);
234 ret
= talloc_array(NULL
, const char *, PyList_Size(list
)+1);
240 for (i
= 0; i
< PyList_Size(list
); i
++) {
243 PyObject
*item
= PyList_GetItem(list
, i
);
244 if (!(PyStr_Check(item
) || PyUnicode_Check(item
))) {
245 PyErr_Format(PyExc_TypeError
, "%s should be strings", paramname
);
248 value
= PyStr_AsUTF8AndSize(item
, &size
);
253 ret
[i
] = talloc_strndup(ret
, value
, size
);
259 static PyObject
*PyAuthContext_FromContext(struct auth4_context
*auth_context
)
261 return pytalloc_reference(&PyAuthContext
, auth_context
);
264 static PyObject
*py_auth_context_new(PyTypeObject
*type
, PyObject
*args
, PyObject
*kwargs
)
266 PyObject
*py_lp_ctx
= Py_None
;
267 PyObject
*py_ldb
= Py_None
;
268 PyObject
*py_imessaging_ctx
= Py_None
;
269 PyObject
*py_auth_context
= Py_None
;
270 PyObject
*py_methods
= Py_None
;
272 struct auth4_context
*auth_context
;
273 struct imessaging_context
*imessaging_context
= NULL
;
274 struct loadparm_context
*lp_ctx
;
275 struct tevent_context
*ev
;
276 struct ldb_context
*ldb
= NULL
;
278 const char **methods
;
280 const char * const kwnames
[] = { "lp_ctx", "messaging_ctx", "ldb", "methods", NULL
};
282 if (!PyArg_ParseTupleAndKeywords(args
, kwargs
, "|OOOO",
283 discard_const_p(char *, kwnames
),
284 &py_lp_ctx
, &py_imessaging_ctx
, &py_ldb
, &py_methods
))
287 mem_ctx
= talloc_new(NULL
);
288 if (mem_ctx
== NULL
) {
293 if (py_ldb
!= Py_None
) {
294 ldb
= pyldb_Ldb_AsLdbContext(py_ldb
);
297 lp_ctx
= lpcfg_from_py_object(mem_ctx
, py_lp_ctx
);
298 if (lp_ctx
== NULL
) {
303 ev
= s4_event_context_init(mem_ctx
);
309 if (py_imessaging_ctx
!= Py_None
) {
310 imessaging_context
= pytalloc_get_type(py_imessaging_ctx
, struct imessaging_context
);
313 if (py_methods
== Py_None
&& py_ldb
== Py_None
) {
314 nt_status
= auth_context_create(mem_ctx
, ev
, imessaging_context
, lp_ctx
, &auth_context
);
316 if (py_methods
!= Py_None
) {
317 methods
= PyList_AsStringList(mem_ctx
, py_methods
, "methods");
318 if (methods
== NULL
) {
319 talloc_free(mem_ctx
);
323 methods
= auth_methods_from_lp(mem_ctx
, lp_ctx
);
325 nt_status
= auth_context_create_methods(mem_ctx
, methods
, ev
,
326 imessaging_context
, lp_ctx
,
330 if (!NT_STATUS_IS_OK(nt_status
)) {
331 talloc_free(mem_ctx
);
332 PyErr_NTSTATUS_IS_ERR_RAISE(nt_status
);
335 if (!talloc_reference(auth_context
, lp_ctx
)) {
336 talloc_free(mem_ctx
);
341 if (!talloc_reference(auth_context
, ev
)) {
342 talloc_free(mem_ctx
);
347 py_auth_context
= PyAuthContext_FromContext(auth_context
);
349 talloc_free(mem_ctx
);
351 return py_auth_context
;
354 static PyTypeObject PyAuthContext
= {
355 .tp_name
= "AuthContext",
356 .tp_flags
= Py_TPFLAGS_DEFAULT
,
357 .tp_new
= py_auth_context_new
,
360 static PyMethodDef py_auth_methods
[] = {
361 { "system_session", (PyCFunction
)py_system_session
, METH_VARARGS
, NULL
},
362 { "admin_session", (PyCFunction
)py_admin_session
, METH_VARARGS
, NULL
},
363 { "user_session", (PyCFunction
)py_user_session
, METH_VARARGS
|METH_KEYWORDS
, NULL
},
364 { "session_info_fill_unix",
365 (PyCFunction
)py_session_info_fill_unix
,
366 METH_VARARGS
|METH_KEYWORDS
,
371 static struct PyModuleDef moduledef
= {
372 PyModuleDef_HEAD_INIT
,
374 .m_doc
= "Authentication and authorization support.",
376 .m_methods
= py_auth_methods
,
379 MODULE_INIT_FUNC(auth
)
383 if (pytalloc_BaseObject_PyType_Ready(&PyAuthContext
) < 0)
386 m
= PyModule_Create(&moduledef
);
390 Py_INCREF(&PyAuthContext
);
391 PyModule_AddObject(m
, "AuthContext", (PyObject
*)&PyAuthContext
);
393 #define ADD_FLAG(val) PyModule_AddIntConstant(m, #val, val)
394 ADD_FLAG(AUTH_SESSION_INFO_DEFAULT_GROUPS
);
395 ADD_FLAG(AUTH_SESSION_INFO_AUTHENTICATED
);
396 ADD_FLAG(AUTH_SESSION_INFO_SIMPLE_PRIVILEGES
);
397 ADD_FLAG(AUTH_SESSION_INFO_NTLM
);