search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3: smbd: Strip any leading '\\' characters if the SMB2 DFS flag is set.
[Samba.git] / auth / credentials / pycredentials.c
blob013d2958ea2465f399eac071e7d17bf76fb58f94
1 /*
2 Unix SMB/CIFS implementation.
3 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 3 of the License, or
8 (at your option) any later version.
9
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17 */
18
19 #include <Python.h>
20 #include "python/py3compat.h"
21 #include "includes.h"
22 #include "python/modules.h"
23 #include "pycredentials.h"
24 #include "param/param.h"
25 #include "auth/credentials/credentials_internal.h"
26 #include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
27 #include "librpc/gen_ndr/netlogon.h"
28 #include "libcli/util/pyerrors.h"
29 #include "libcli/auth/libcli_auth.h"
30 #include "param/pyparam.h"
31 #include <tevent.h>
32 #include "libcli/auth/libcli_auth.h"
33 #include "system/kerberos.h"
34 #include "auth/kerberos/kerberos.h"
35 #include "libcli/smb/smb_constants.h"
36
37 void initcredentials(void);
38
39 static PyObject *py_creds_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
40 {
41 return pytalloc_steal(type, cli_credentials_init(NULL));
42 }
43
44 static PyObject *py_creds_get_username(PyObject *self, PyObject *unused)
45 {
46 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
47 if (creds == NULL) {
48 PyErr_Format(PyExc_TypeError, "Credentials expected");
49 return NULL;
50 }
51 return PyString_FromStringOrNULL(cli_credentials_get_username(creds));
52 }
53
54 static PyObject *py_creds_set_username(PyObject *self, PyObject *args)
55 {
56 char *newval;
57 enum credentials_obtained obt = CRED_SPECIFIED;
58 int _obt = obt;
59 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
60 if (creds == NULL) {
61 PyErr_Format(PyExc_TypeError, "Credentials expected");
62 return NULL;
63 }
64
65 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
66 return NULL;
67 }
68 obt = _obt;
69
70 return PyBool_FromLong(cli_credentials_set_username(creds, newval, obt));
71 }
72
73 static PyObject *py_creds_get_ntlm_username_domain(PyObject *self, PyObject *unused)
74 {
75 TALLOC_CTX *frame = talloc_stackframe();
76 const char *user = NULL;
77 const char *domain = NULL;
78 PyObject *ret = NULL;
79 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
80 if (creds == NULL) {
81 PyErr_Format(PyExc_TypeError, "Credentials expected");
82 return NULL;
83 }
84 cli_credentials_get_ntlm_username_domain(creds,
85 frame, &user, &domain);
86 ret = Py_BuildValue("(ss)",
87 user,
88 domain);
89
90 TALLOC_FREE(frame);
91 return ret;
92 }
93
94 static PyObject *py_creds_get_ntlm_response(PyObject *self, PyObject *args, PyObject *kwargs)
95 {
96 TALLOC_CTX *frame = talloc_stackframe();
97 PyObject *ret = NULL;
98 int flags;
99 struct timeval tv_now;
100 NTTIME server_timestamp;
101 DATA_BLOB challenge = data_blob_null;
102 DATA_BLOB target_info = data_blob_null;
103 NTSTATUS status;
104 DATA_BLOB lm_response = data_blob_null;
105 DATA_BLOB nt_response = data_blob_null;
106 DATA_BLOB lm_session_key = data_blob_null;
107 DATA_BLOB nt_session_key = data_blob_null;
108 const char *kwnames[] = { "flags", "challenge",
109 "target_info",
110 NULL };
111 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
112 if (creds == NULL) {
113 PyErr_Format(PyExc_TypeError, "Credentials expected");
114 return NULL;
115 }
116
117 tv_now = timeval_current();
118 server_timestamp = timeval_to_nttime(&tv_now);
119
120 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "is#|s#",
121 discard_const_p(char *, kwnames),
122 &flags,
123 &challenge.data,
124 &challenge.length,
125 &target_info.data,
126 &target_info.length)) {
127 return NULL;
128 }
129
130 status = cli_credentials_get_ntlm_response(creds,
131 frame, &flags,
132 challenge,
133 &server_timestamp,
134 target_info,
135 &lm_response, &nt_response,
136 &lm_session_key, &nt_session_key);
137
138 if (!NT_STATUS_IS_OK(status)) {
139 PyErr_SetNTSTATUS(status);
140 TALLOC_FREE(frame);
141 return NULL;
142 }
143
144 ret = Py_BuildValue("{sis" PYARG_BYTES_LEN "s" PYARG_BYTES_LEN
145 "s" PYARG_BYTES_LEN "s" PYARG_BYTES_LEN "}",
146 "flags", flags,
147 "lm_response",
148 (const char *)lm_response.data, lm_response.length,
149 "nt_response",
150 (const char *)nt_response.data, nt_response.length,
151 "lm_session_key",
152 (const char *)lm_session_key.data, lm_session_key.length,
153 "nt_session_key",
154 (const char *)nt_session_key.data, nt_session_key.length);
155 TALLOC_FREE(frame);
156 return ret;
157 }
158
159 static PyObject *py_creds_get_principal(PyObject *self, PyObject *unused)
160 {
161 TALLOC_CTX *frame = talloc_stackframe();
162 PyObject *ret = NULL;
163 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
164 if (creds == NULL) {
165 PyErr_Format(PyExc_TypeError, "Credentials expected");
166 return NULL;
167 }
168 ret = PyString_FromStringOrNULL(cli_credentials_get_principal(creds, frame));
169 TALLOC_FREE(frame);
170 return ret;
171 }
172
173 static PyObject *py_creds_set_principal(PyObject *self, PyObject *args)
174 {
175 char *newval;
176 enum credentials_obtained obt = CRED_SPECIFIED;
177 int _obt = obt;
178 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
179 if (creds == NULL) {
180 PyErr_Format(PyExc_TypeError, "Credentials expected");
181 return NULL;
182 }
183
184 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
185 return NULL;
186 }
187 obt = _obt;
188
189 return PyBool_FromLong(cli_credentials_set_principal(creds, newval, obt));
190 }
191
192 static PyObject *py_creds_get_password(PyObject *self, PyObject *unused)
193 {
194 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
195 if (creds == NULL) {
196 PyErr_Format(PyExc_TypeError, "Credentials expected");
197 return NULL;
198 }
199 return PyString_FromStringOrNULL(cli_credentials_get_password(creds));
200 }
201
202 static PyObject *py_creds_set_password(PyObject *self, PyObject *args)
203 {
204 const char *newval = NULL;
205 enum credentials_obtained obt = CRED_SPECIFIED;
206 int _obt = obt;
207 PyObject *result = NULL;
208 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
209 if (creds == NULL) {
210 PyErr_Format(PyExc_TypeError, "Credentials expected");
211 return NULL;
212 }
213
214 if (!PyArg_ParseTuple(args, PYARG_STR_UNI"|i", "utf8", &newval, &_obt)) {
215 return NULL;
216 }
217 obt = _obt;
218
219 result = PyBool_FromLong(cli_credentials_set_password(creds, newval, obt));
220 PyMem_Free(discard_const_p(void*, newval));
221 return result;
222 }
223
224 static PyObject *py_creds_set_utf16_password(PyObject *self, PyObject *args)
225 {
226 enum credentials_obtained obt = CRED_SPECIFIED;
227 int _obt = obt;
228 PyObject *newval = NULL;
229 DATA_BLOB blob = data_blob_null;
230 Py_ssize_t size = 0;
231 int result;
232 bool ok;
233 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
234 if (creds == NULL) {
235 PyErr_Format(PyExc_TypeError, "Credentials expected");
236 return NULL;
237 }
238
239 if (!PyArg_ParseTuple(args, "O|i", &newval, &_obt)) {
240 return NULL;
241 }
242 obt = _obt;
243
244 result = PyBytes_AsStringAndSize(newval, (char **)&blob.data, &size);
245 if (result != 0) {
246 PyErr_SetString(PyExc_RuntimeError, "Failed to convert passed value to Bytes");
247 return NULL;
248 }
249 blob.length = size;
250
251 ok = cli_credentials_set_utf16_password(creds,
252 &blob, obt);
253
254 return PyBool_FromLong(ok);
255 }
256
257 static PyObject *py_creds_get_old_password(PyObject *self, PyObject *unused)
258 {
259 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
260 if (creds == NULL) {
261 PyErr_Format(PyExc_TypeError, "Credentials expected");
262 return NULL;
263 }
264 return PyString_FromStringOrNULL(cli_credentials_get_old_password(creds));
265 }
266
267 static PyObject *py_creds_set_old_password(PyObject *self, PyObject *args)
268 {
269 char *oldval;
270 enum credentials_obtained obt = CRED_SPECIFIED;
271 int _obt = obt;
272 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
273 if (creds == NULL) {
274 PyErr_Format(PyExc_TypeError, "Credentials expected");
275 return NULL;
276 }
277
278 if (!PyArg_ParseTuple(args, "s|i", &oldval, &_obt)) {
279 return NULL;
280 }
281 obt = _obt;
282
283 return PyBool_FromLong(cli_credentials_set_old_password(creds, oldval, obt));
284 }
285
286 static PyObject *py_creds_set_old_utf16_password(PyObject *self, PyObject *args)
287 {
288 PyObject *oldval = NULL;
289 DATA_BLOB blob = data_blob_null;
290 Py_ssize_t size = 0;
291 int result;
292 bool ok;
293 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
294 if (creds == NULL) {
295 PyErr_Format(PyExc_TypeError, "Credentials expected");
296 return NULL;
297 }
298
299 if (!PyArg_ParseTuple(args, "O", &oldval)) {
300 return NULL;
301 }
302
303 result = PyBytes_AsStringAndSize(oldval, (char **)&blob.data, &size);
304 if (result != 0) {
305 PyErr_SetString(PyExc_RuntimeError, "Failed to convert passed value to Bytes");
306 return NULL;
307 }
308 blob.length = size;
309
310 ok = cli_credentials_set_old_utf16_password(creds,
311 &blob);
312
313 return PyBool_FromLong(ok);
314 }
315
316 static PyObject *py_creds_get_domain(PyObject *self, PyObject *unused)
317 {
318 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
319 if (creds == NULL) {
320 PyErr_Format(PyExc_TypeError, "Credentials expected");
321 return NULL;
322 }
323 return PyString_FromStringOrNULL(cli_credentials_get_domain(creds));
324 }
325
326 static PyObject *py_creds_set_domain(PyObject *self, PyObject *args)
327 {
328 char *newval;
329 enum credentials_obtained obt = CRED_SPECIFIED;
330 int _obt = obt;
331 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
332 if (creds == NULL) {
333 PyErr_Format(PyExc_TypeError, "Credentials expected");
334 return NULL;
335 }
336
337 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
338 return NULL;
339 }
340 obt = _obt;
341
342 return PyBool_FromLong(cli_credentials_set_domain(creds, newval, obt));
343 }
344
345 static PyObject *py_creds_get_realm(PyObject *self, PyObject *unused)
346 {
347 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
348 if (creds == NULL) {
349 PyErr_Format(PyExc_TypeError, "Credentials expected");
350 return NULL;
351 }
352 return PyString_FromStringOrNULL(cli_credentials_get_realm(creds));
353 }
354
355 static PyObject *py_creds_set_realm(PyObject *self, PyObject *args)
356 {
357 char *newval;
358 enum credentials_obtained obt = CRED_SPECIFIED;
359 int _obt = obt;
360 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
361 if (creds == NULL) {
362 PyErr_Format(PyExc_TypeError, "Credentials expected");
363 return NULL;
364 }
365
366 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
367 return NULL;
368 }
369 obt = _obt;
370
371 return PyBool_FromLong(cli_credentials_set_realm(creds, newval, obt));
372 }
373
374 static PyObject *py_creds_get_bind_dn(PyObject *self, PyObject *unused)
375 {
376 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
377 if (creds == NULL) {
378 PyErr_Format(PyExc_TypeError, "Credentials expected");
379 return NULL;
380 }
381 return PyString_FromStringOrNULL(cli_credentials_get_bind_dn(creds));
382 }
383
384 static PyObject *py_creds_set_bind_dn(PyObject *self, PyObject *args)
385 {
386 char *newval;
387 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
388 if (creds == NULL) {
389 PyErr_Format(PyExc_TypeError, "Credentials expected");
390 return NULL;
391 }
392 if (!PyArg_ParseTuple(args, "s", &newval))
393 return NULL;
394
395 return PyBool_FromLong(cli_credentials_set_bind_dn(creds, newval));
396 }
397
398 static PyObject *py_creds_get_workstation(PyObject *self, PyObject *unused)
399 {
400 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
401 if (creds == NULL) {
402 PyErr_Format(PyExc_TypeError, "Credentials expected");
403 return NULL;
404 }
405 return PyString_FromStringOrNULL(cli_credentials_get_workstation(creds));
406 }
407
408 static PyObject *py_creds_set_workstation(PyObject *self, PyObject *args)
409 {
410 char *newval;
411 enum credentials_obtained obt = CRED_SPECIFIED;
412 int _obt = obt;
413 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
414 if (creds == NULL) {
415 PyErr_Format(PyExc_TypeError, "Credentials expected");
416 return NULL;
417 }
418
419 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
420 return NULL;
421 }
422 obt = _obt;
423
424 return PyBool_FromLong(cli_credentials_set_workstation(creds, newval, obt));
425 }
426
427 static PyObject *py_creds_is_anonymous(PyObject *self, PyObject *unused)
428 {
429 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
430 if (creds == NULL) {
431 PyErr_Format(PyExc_TypeError, "Credentials expected");
432 return NULL;
433 }
434 return PyBool_FromLong(cli_credentials_is_anonymous(creds));
435 }
436
437 static PyObject *py_creds_set_anonymous(PyObject *self, PyObject *unused)
438 {
439 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
440 if (creds == NULL) {
441 PyErr_Format(PyExc_TypeError, "Credentials expected");
442 return NULL;
443 }
444 cli_credentials_set_anonymous(creds);
445 Py_RETURN_NONE;
446 }
447
448 static PyObject *py_creds_authentication_requested(PyObject *self, PyObject *unused)
449 {
450 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
451 if (creds == NULL) {
452 PyErr_Format(PyExc_TypeError, "Credentials expected");
453 return NULL;
454 }
455 return PyBool_FromLong(cli_credentials_authentication_requested(creds));
456 }
457
458 static PyObject *py_creds_wrong_password(PyObject *self, PyObject *unused)
459 {
460 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
461 if (creds == NULL) {
462 PyErr_Format(PyExc_TypeError, "Credentials expected");
463 return NULL;
464 }
465 return PyBool_FromLong(cli_credentials_wrong_password(creds));
466 }
467
468 static PyObject *py_creds_set_cmdline_callbacks(PyObject *self, PyObject *unused)
469 {
470 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
471 if (creds == NULL) {
472 PyErr_Format(PyExc_TypeError, "Credentials expected");
473 return NULL;
474 }
475 return PyBool_FromLong(cli_credentials_set_cmdline_callbacks(creds));
476 }
477
478 static PyObject *py_creds_parse_string(PyObject *self, PyObject *args)
479 {
480 char *newval;
481 enum credentials_obtained obt = CRED_SPECIFIED;
482 int _obt = obt;
483 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
484 if (creds == NULL) {
485 PyErr_Format(PyExc_TypeError, "Credentials expected");
486 return NULL;
487 }
488
489 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
490 return NULL;
491 }
492 obt = _obt;
493
494 cli_credentials_parse_string(creds, newval, obt);
495 Py_RETURN_NONE;
496 }
497
498 static PyObject *py_creds_parse_file(PyObject *self, PyObject *args)
499 {
500 char *newval;
501 enum credentials_obtained obt = CRED_SPECIFIED;
502 int _obt = obt;
503 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
504 if (creds == NULL) {
505 PyErr_Format(PyExc_TypeError, "Credentials expected");
506 return NULL;
507 }
508
509 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
510 return NULL;
511 }
512 obt = _obt;
513
514 cli_credentials_parse_file(creds, newval, obt);
515 Py_RETURN_NONE;
516 }
517
518 static PyObject *py_cli_credentials_set_password_will_be_nt_hash(PyObject *self, PyObject *args)
519 {
520 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
521 PyObject *py_val = NULL;
522 bool val = false;
523
524 if (!PyArg_ParseTuple(args, "O!", &PyBool_Type, &py_val)) {
525 return NULL;
526 }
527 val = PyObject_IsTrue(py_val);
528
529 cli_credentials_set_password_will_be_nt_hash(creds, val);
530 Py_RETURN_NONE;
531 }
532
533 static PyObject *py_creds_get_nt_hash(PyObject *self, PyObject *unused)
534 {
535 PyObject *ret;
536 struct samr_Password *ntpw = NULL;
537 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
538 if (creds == NULL) {
539 PyErr_Format(PyExc_TypeError, "Credentials expected");
540 return NULL;
541 }
542 ntpw = cli_credentials_get_nt_hash(creds, creds);
543
544 ret = PyBytes_FromStringAndSize(discard_const_p(char, ntpw->hash), 16);
545 TALLOC_FREE(ntpw);
546 return ret;
547 }
548
549 static PyObject *py_creds_get_kerberos_state(PyObject *self, PyObject *unused)
550 {
551 int state;
552 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
553 if (creds == NULL) {
554 PyErr_Format(PyExc_TypeError, "Credentials expected");
555 return NULL;
556 }
557 state = cli_credentials_get_kerberos_state(creds);
558 return PyLong_FromLong(state);
559 }
560
561 static PyObject *py_creds_set_kerberos_state(PyObject *self, PyObject *args)
562 {
563 int state;
564 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
565 if (creds == NULL) {
566 PyErr_Format(PyExc_TypeError, "Credentials expected");
567 return NULL;
568 }
569 if (!PyArg_ParseTuple(args, "i", &state))
570 return NULL;
571
572 cli_credentials_set_kerberos_state(creds, state, CRED_SPECIFIED);
573 Py_RETURN_NONE;
574 }
575
576 static PyObject *py_creds_set_krb_forwardable(PyObject *self, PyObject *args)
577 {
578 int state;
579 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
580 if (creds == NULL) {
581 PyErr_Format(PyExc_TypeError, "Credentials expected");
582 return NULL;
583 }
584 if (!PyArg_ParseTuple(args, "i", &state))
585 return NULL;
586
587 cli_credentials_set_krb_forwardable(creds, state);
588 Py_RETURN_NONE;
589 }
590
591
592 static PyObject *py_creds_get_forced_sasl_mech(PyObject *self, PyObject *unused)
593 {
594 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
595 if (creds == NULL) {
596 PyErr_Format(PyExc_TypeError, "Credentials expected");
597 return NULL;
598 }
599 return PyString_FromStringOrNULL(cli_credentials_get_forced_sasl_mech(creds));
600 }
601
602 static PyObject *py_creds_set_forced_sasl_mech(PyObject *self, PyObject *args)
603 {
604 char *newval;
605 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
606 if (creds == NULL) {
607 PyErr_Format(PyExc_TypeError, "Credentials expected");
608 return NULL;
609 }
610
611 if (!PyArg_ParseTuple(args, "s", &newval)) {
612 return NULL;
613 }
614
615 cli_credentials_set_forced_sasl_mech(creds, newval);
616 Py_RETURN_NONE;
617 }
618
619 static PyObject *py_creds_set_conf(PyObject *self, PyObject *args)
620 {
621 PyObject *py_lp_ctx = Py_None;
622 struct loadparm_context *lp_ctx;
623 TALLOC_CTX *mem_ctx;
624 struct cli_credentials *creds;
625 bool ok;
626
627 creds = PyCredentials_AsCliCredentials(self);
628 if (creds == NULL) {
629 PyErr_Format(PyExc_TypeError, "Credentials expected");
630 return NULL;
631 }
632
633 if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx)) {
634 return NULL;
635 }
636
637 mem_ctx = talloc_new(NULL);
638 if (mem_ctx == NULL) {
639 PyErr_NoMemory();
640 return NULL;
641 }
642
643 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
644 if (lp_ctx == NULL) {
645 talloc_free(mem_ctx);
646 return NULL;
647 }
648
649 ok = cli_credentials_set_conf(creds, lp_ctx);
650 talloc_free(mem_ctx);
651 if (!ok) {
652 return NULL;
653 }
654
655 Py_RETURN_NONE;
656 }
657
658 static PyObject *py_creds_guess(PyObject *self, PyObject *args)
659 {
660 PyObject *py_lp_ctx = Py_None;
661 struct loadparm_context *lp_ctx;
662 TALLOC_CTX *mem_ctx;
663 struct cli_credentials *creds;
664 bool ok;
665
666 creds = PyCredentials_AsCliCredentials(self);
667 if (creds == NULL) {
668 PyErr_Format(PyExc_TypeError, "Credentials expected");
669 return NULL;
670 }
671
672 if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
673 return NULL;
674
675 mem_ctx = talloc_new(NULL);
676 if (mem_ctx == NULL) {
677 PyErr_NoMemory();
678 return NULL;
679 }
680
681 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
682 if (lp_ctx == NULL) {
683 talloc_free(mem_ctx);
684 return NULL;
685 }
686
687 ok = cli_credentials_guess(creds, lp_ctx);
688 talloc_free(mem_ctx);
689 if (!ok) {
690 return NULL;
691 }
692
693 Py_RETURN_NONE;
694 }
695
696 static PyObject *py_creds_set_machine_account(PyObject *self, PyObject *args)
697 {
698 PyObject *py_lp_ctx = Py_None;
699 struct loadparm_context *lp_ctx;
700 NTSTATUS status;
701 struct cli_credentials *creds;
702 TALLOC_CTX *mem_ctx;
703
704 creds = PyCredentials_AsCliCredentials(self);
705 if (creds == NULL) {
706 PyErr_Format(PyExc_TypeError, "Credentials expected");
707 return NULL;
708 }
709
710 if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
711 return NULL;
712
713 mem_ctx = talloc_new(NULL);
714 if (mem_ctx == NULL) {
715 PyErr_NoMemory();
716 return NULL;
717 }
718
719 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
720 if (lp_ctx == NULL) {
721 talloc_free(mem_ctx);
722 return NULL;
723 }
724
725 status = cli_credentials_set_machine_account(creds, lp_ctx);
726 talloc_free(mem_ctx);
727
728 PyErr_NTSTATUS_IS_ERR_RAISE(status);
729
730 Py_RETURN_NONE;
731 }
732
733 static PyObject *PyCredentialCacheContainer_from_ccache_container(struct ccache_container *ccc)
734 {
735 return pytalloc_reference(&PyCredentialCacheContainer, ccc);
736 }
737
738
739 static PyObject *py_creds_get_named_ccache(PyObject *self, PyObject *args)
740 {
741 PyObject *py_lp_ctx = Py_None;
742 char *ccache_name = NULL;
743 struct loadparm_context *lp_ctx;
744 struct ccache_container *ccc;
745 struct tevent_context *event_ctx;
746 int ret;
747 const char *error_string;
748 struct cli_credentials *creds;
749 TALLOC_CTX *mem_ctx;
750
751 creds = PyCredentials_AsCliCredentials(self);
752 if (creds == NULL) {
753 PyErr_Format(PyExc_TypeError, "Credentials expected");
754 return NULL;
755 }
756
757 if (!PyArg_ParseTuple(args, "|Os", &py_lp_ctx, &ccache_name))
758 return NULL;
759
760 mem_ctx = talloc_new(NULL);
761 if (mem_ctx == NULL) {
762 PyErr_NoMemory();
763 return NULL;
764 }
765
766 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
767 if (lp_ctx == NULL) {
768 talloc_free(mem_ctx);
769 return NULL;
770 }
771
772 event_ctx = samba_tevent_context_init(mem_ctx);
773
774 ret = cli_credentials_get_named_ccache(creds, event_ctx, lp_ctx,
775 ccache_name, &ccc, &error_string);
776 talloc_unlink(mem_ctx, lp_ctx);
777 if (ret == 0) {
778 talloc_steal(ccc, event_ctx);
779 talloc_free(mem_ctx);
780 return PyCredentialCacheContainer_from_ccache_container(ccc);
781 }
782
783 PyErr_SetString(PyExc_RuntimeError, error_string?error_string:"NULL");
784
785 talloc_free(mem_ctx);
786 return NULL;
787 }
788
789 static PyObject *py_creds_set_named_ccache(PyObject *self, PyObject *args)
790 {
791 struct loadparm_context *lp_ctx = NULL;
792 enum credentials_obtained obt = CRED_SPECIFIED;
793 const char *error_string = NULL;
794 TALLOC_CTX *mem_ctx = NULL;
795 char *newval = NULL;
796 PyObject *py_lp_ctx = Py_None;
797 int _obt = obt;
798 int ret;
799 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
800 if (creds == NULL) {
801 PyErr_Format(PyExc_TypeError, "Credentials expected");
802 return NULL;
803 }
804
805 if (!PyArg_ParseTuple(args, "s|iO", &newval, &_obt, &py_lp_ctx))
806 return NULL;
807 obt = _obt;
808
809 mem_ctx = talloc_new(NULL);
810 if (mem_ctx == NULL) {
811 PyErr_NoMemory();
812 return NULL;
813 }
814
815 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
816 if (lp_ctx == NULL) {
817 talloc_free(mem_ctx);
818 return NULL;
819 }
820
821 ret = cli_credentials_set_ccache(creds,
822 lp_ctx,
823 newval, obt,
824 &error_string);
825
826 if (ret != 0) {
827 PyErr_SetString(PyExc_RuntimeError,
828 error_string != NULL ? error_string : "NULL");
829 talloc_free(mem_ctx);
830 return NULL;
831 }
832
833 talloc_free(mem_ctx);
834 Py_RETURN_NONE;
835 }
836
837 static PyObject *py_creds_set_gensec_features(PyObject *self, PyObject *args)
838 {
839 unsigned int gensec_features;
840 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
841 if (creds == NULL) {
842 PyErr_Format(PyExc_TypeError, "Credentials expected");
843 return NULL;
844 }
845
846 if (!PyArg_ParseTuple(args, "I", &gensec_features))
847 return NULL;
848
849 cli_credentials_set_gensec_features(creds,
850 gensec_features,
851 CRED_SPECIFIED);
852
853 Py_RETURN_NONE;
854 }
855
856 static PyObject *py_creds_get_gensec_features(PyObject *self, PyObject *args)
857 {
858 unsigned int gensec_features;
859 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
860 if (creds == NULL) {
861 PyErr_Format(PyExc_TypeError, "Credentials expected");
862 return NULL;
863 }
864
865 gensec_features = cli_credentials_get_gensec_features(creds);
866 return PyLong_FromLong(gensec_features);
867 }
868
869 static PyObject *py_creds_new_client_authenticator(PyObject *self,
870 PyObject *args)
871 {
872 struct netr_Authenticator auth;
873 struct cli_credentials *creds = NULL;
874 struct netlogon_creds_CredentialState *nc = NULL;
875 PyObject *ret = NULL;
876 NTSTATUS status;
877
878 creds = PyCredentials_AsCliCredentials(self);
879 if (creds == NULL) {
880 PyErr_SetString(PyExc_RuntimeError,
881 "Failed to get credentials from python");
882 return NULL;
883 }
884
885 nc = creds->netlogon_creds;
886 if (nc == NULL) {
887 PyErr_SetString(PyExc_ValueError,
888 "No netlogon credentials cannot make "
889 "client authenticator");
890 return NULL;
891 }
892
893 status = netlogon_creds_client_authenticator(nc, &auth);
894 if (!NT_STATUS_IS_OK(status)) {
895 PyErr_SetString(PyExc_ValueError,
896 "Failed to create client authenticator");
897 return NULL;
898 }
899
900 ret = Py_BuildValue("{s"PYARG_BYTES_LEN"si}",
901 "credential",
902 (const char *) &auth.cred, sizeof(auth.cred),
903 "timestamp", auth.timestamp);
904 return ret;
905 }
906
907 static PyObject *py_creds_set_secure_channel_type(PyObject *self, PyObject *args)
908 {
909 unsigned int channel_type;
910 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
911 if (creds == NULL) {
912 PyErr_Format(PyExc_TypeError, "Credentials expected");
913 return NULL;
914 }
915
916 if (!PyArg_ParseTuple(args, "I", &channel_type))
917 return NULL;
918
919 cli_credentials_set_secure_channel_type(
920 creds,
921 channel_type);
922
923 Py_RETURN_NONE;
924 }
925
926 static PyObject *py_creds_get_secure_channel_type(PyObject *self, PyObject *args)
927 {
928 enum netr_SchannelType channel_type = SEC_CHAN_NULL;
929 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
930 if (creds == NULL) {
931 PyErr_Format(PyExc_TypeError, "Credentials expected");
932 return NULL;
933 }
934
935 channel_type = cli_credentials_get_secure_channel_type(creds);
936
937 return PyLong_FromLong(channel_type);
938 }
939
940 static PyObject *py_creds_get_aes256_key(PyObject *self, PyObject *args)
941 {
942 struct loadparm_context *lp_ctx = NULL;
943 TALLOC_CTX *mem_ctx = NULL;
944 PyObject *py_lp_ctx = Py_None;
945 const char *salt = NULL;
946 DATA_BLOB aes_256;
947 int code;
948 PyObject *ret = NULL;
949 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
950 if (creds == NULL) {
951 PyErr_Format(PyExc_TypeError, "Credentials expected");
952 return NULL;
953 }
954
955 if (!PyArg_ParseTuple(args, "s|O", &salt, &py_lp_ctx))
956 return NULL;
957
958 mem_ctx = talloc_new(NULL);
959 if (mem_ctx == NULL) {
960 PyErr_NoMemory();
961 return NULL;
962 }
963
964 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
965 if (lp_ctx == NULL) {
966 talloc_free(mem_ctx);
967 return NULL;
968 }
969
970 code = cli_credentials_get_aes256_key(creds,
971 mem_ctx,
972 lp_ctx,
973 salt,
974 &aes_256);
975 if (code != 0) {
976 PyErr_SetString(PyExc_RuntimeError,
977 "Failed to generate AES256 key");
978 talloc_free(mem_ctx);
979 return NULL;
980 }
981
982 ret = PyBytes_FromStringAndSize((const char *)aes_256.data,
983 aes_256.length);
984 talloc_free(mem_ctx);
985 return ret;
986 }
987
988 static PyObject *py_creds_encrypt_netr_crypt_password(PyObject *self,
989 PyObject *args)
990 {
991 DATA_BLOB data = data_blob_null;
992 struct cli_credentials *creds = NULL;
993 struct netr_CryptPassword *pwd = NULL;
994 NTSTATUS status;
995 PyObject *py_cp = Py_None;
996
997 creds = PyCredentials_AsCliCredentials(self);
998 if (creds == NULL) {
999 PyErr_Format(PyExc_TypeError, "Credentials expected");
1000 return NULL;
1001 }
1002
1003 if (!PyArg_ParseTuple(args, "O", &py_cp)) {
1004 return NULL;
1005 }
1006
1007 pwd = pytalloc_get_type(py_cp, struct netr_CryptPassword);
1008 if (pwd == NULL) {
1009 /* pytalloc_get_type sets TypeError */
1010 return NULL;
1011 }
1012 data.length = sizeof(struct netr_CryptPassword);
1013 data.data = (uint8_t *)pwd;
1014 status = netlogon_creds_session_encrypt(creds->netlogon_creds, data);
1015
1016 PyErr_NTSTATUS_IS_ERR_RAISE(status);
1017
1018 Py_RETURN_NONE;
1019 }
1020
1021 static PyObject *py_creds_encrypt_samr_password(PyObject *self,
1022 PyObject *args)
1023 {
1024 DATA_BLOB data = data_blob_null;
1025 struct cli_credentials *creds = NULL;
1026 struct samr_Password *pwd = NULL;
1027 NTSTATUS status;
1028 PyObject *py_cp = Py_None;
1029
1030 creds = PyCredentials_AsCliCredentials(self);
1031 if (creds == NULL) {
1032 PyErr_Format(PyExc_TypeError, "Credentials expected");
1033 return NULL;
1034 }
1035
1036 if (!PyArg_ParseTuple(args, "O", &py_cp)) {
1037 return NULL;
1038 }
1039
1040 pwd = pytalloc_get_type(py_cp, struct samr_Password);
1041 if (pwd == NULL) {
1042 /* pytalloc_get_type sets TypeError */
1043 return NULL;
1044 }
1045 data = data_blob_const(pwd->hash, sizeof(pwd->hash));
1046 status = netlogon_creds_session_encrypt(creds->netlogon_creds, data);
1047
1048 PyErr_NTSTATUS_IS_ERR_RAISE(status);
1049
1050 Py_RETURN_NONE;
1051 }
1052
1053 static PyObject *py_creds_get_smb_signing(PyObject *self, PyObject *unused)
1054 {
1055 enum smb_signing_setting signing_state;
1056 struct cli_credentials *creds = NULL;
1057
1058 creds = PyCredentials_AsCliCredentials(self);
1059 if (creds == NULL) {
1060 PyErr_Format(PyExc_TypeError, "Credentials expected");
1061 return NULL;
1062 }
1063
1064 signing_state = cli_credentials_get_smb_signing(creds);
1065 return PyLong_FromLong(signing_state);
1066 }
1067
1068 static PyObject *py_creds_set_smb_signing(PyObject *self, PyObject *args)
1069 {
1070 enum smb_signing_setting signing_state;
1071 struct cli_credentials *creds = NULL;
1072 enum credentials_obtained obt = CRED_SPECIFIED;
1073
1074 creds = PyCredentials_AsCliCredentials(self);
1075 if (creds == NULL) {
1076 PyErr_Format(PyExc_TypeError, "Credentials expected");
1077 return NULL;
1078 }
1079 if (!PyArg_ParseTuple(args, "i|i", &signing_state, &obt)) {
1080 return NULL;
1081 }
1082
1083 switch (signing_state) {
1084 case SMB_SIGNING_DEFAULT:
1085 case SMB_SIGNING_OFF:
1086 case SMB_SIGNING_IF_REQUIRED:
1087 case SMB_SIGNING_DESIRED:
1088 case SMB_SIGNING_REQUIRED:
1089 break;
1090 default:
1091 PyErr_Format(PyExc_TypeError, "Invalid signing state value");
1092 return NULL;
1093 }
1094
1095 cli_credentials_set_smb_signing(creds, signing_state, obt);
1096 Py_RETURN_NONE;
1097 }
1098
1099 static PyObject *py_creds_get_smb_ipc_signing(PyObject *self, PyObject *unused)
1100 {
1101 enum smb_signing_setting signing_state;
1102 struct cli_credentials *creds = NULL;
1103
1104 creds = PyCredentials_AsCliCredentials(self);
1105 if (creds == NULL) {
1106 PyErr_Format(PyExc_TypeError, "Credentials expected");
1107 return NULL;
1108 }
1109
1110 signing_state = cli_credentials_get_smb_ipc_signing(creds);
1111 return PyLong_FromLong(signing_state);
1112 }
1113
1114 static PyObject *py_creds_set_smb_ipc_signing(PyObject *self, PyObject *args)
1115 {
1116 enum smb_signing_setting signing_state;
1117 struct cli_credentials *creds = NULL;
1118 enum credentials_obtained obt = CRED_SPECIFIED;
1119
1120 creds = PyCredentials_AsCliCredentials(self);
1121 if (creds == NULL) {
1122 PyErr_Format(PyExc_TypeError, "Credentials expected");
1123 return NULL;
1124 }
1125 if (!PyArg_ParseTuple(args, "i|i", &signing_state, &obt)) {
1126 return NULL;
1127 }
1128
1129 switch (signing_state) {
1130 case SMB_SIGNING_DEFAULT:
1131 case SMB_SIGNING_OFF:
1132 case SMB_SIGNING_IF_REQUIRED:
1133 case SMB_SIGNING_DESIRED:
1134 case SMB_SIGNING_REQUIRED:
1135 break;
1136 default:
1137 PyErr_Format(PyExc_TypeError, "Invalid signing state value");
1138 return NULL;
1139 }
1140
1141 cli_credentials_set_smb_ipc_signing(creds, signing_state, obt);
1142 Py_RETURN_NONE;
1143 }
1144
1145 static PyObject *py_creds_get_smb_encryption(PyObject *self, PyObject *unused)
1146 {
1147 enum smb_encryption_setting encryption_state;
1148 struct cli_credentials *creds = NULL;
1149
1150 creds = PyCredentials_AsCliCredentials(self);
1151 if (creds == NULL) {
1152 PyErr_Format(PyExc_TypeError, "Credentials expected");
1153 return NULL;
1154 }
1155
1156 encryption_state = cli_credentials_get_smb_encryption(creds);
1157 return PyLong_FromLong(encryption_state);
1158 }
1159
1160 static PyObject *py_creds_set_smb_encryption(PyObject *self, PyObject *args)
1161 {
1162 enum smb_encryption_setting encryption_state;
1163 struct cli_credentials *creds = NULL;
1164 enum credentials_obtained obt = CRED_SPECIFIED;
1165
1166 creds = PyCredentials_AsCliCredentials(self);
1167 if (creds == NULL) {
1168 PyErr_Format(PyExc_TypeError, "Credentials expected");
1169 return NULL;
1170 }
1171 if (!PyArg_ParseTuple(args, "i|i", &encryption_state, &obt)) {
1172 return NULL;
1173 }
1174
1175 switch (encryption_state) {
1176 case SMB_ENCRYPTION_DEFAULT:
1177 case SMB_ENCRYPTION_OFF:
1178 case SMB_ENCRYPTION_IF_REQUIRED:
1179 case SMB_ENCRYPTION_DESIRED:
1180 case SMB_ENCRYPTION_REQUIRED:
1181 break;
1182 default:
1183 PyErr_Format(PyExc_TypeError, "Invalid encryption state value");
1184 return NULL;
1185 }
1186
1187 (void)cli_credentials_set_smb_encryption(creds, encryption_state, obt);
1188 Py_RETURN_NONE;
1189 }
1190
1191 static PyMethodDef py_creds_methods[] = {
1192 {
1193 .ml_name = "get_username",
1194 .ml_meth = py_creds_get_username,
1195 .ml_flags = METH_NOARGS,
1196 .ml_doc = "S.get_username() -> username\nObtain username.",
1197 },
1198 {
1199 .ml_name = "set_username",
1200 .ml_meth = py_creds_set_username,
1201 .ml_flags = METH_VARARGS,
1202 .ml_doc = "S.set_username(name[, credentials.SPECIFIED]) -> None\n"
1203 "Change username.",
1204 },
1205 {
1206 .ml_name = "get_principal",
1207 .ml_meth = py_creds_get_principal,
1208 .ml_flags = METH_NOARGS,
1209 .ml_doc = "S.get_principal() -> user@realm\nObtain user principal.",
1210 },
1211 {
1212 .ml_name = "set_principal",
1213 .ml_meth = py_creds_set_principal,
1214 .ml_flags = METH_VARARGS,
1215 .ml_doc = "S.set_principal(name[, credentials.SPECIFIED]) -> None\n"
1216 "Change principal.",
1217 },
1218 {
1219 .ml_name = "get_password",
1220 .ml_meth = py_creds_get_password,
1221 .ml_flags = METH_NOARGS,
1222 .ml_doc = "S.get_password() -> password\n"
1223 "Obtain password.",
1224 },
1225 {
1226 .ml_name = "get_ntlm_username_domain",
1227 .ml_meth = py_creds_get_ntlm_username_domain,
1228 .ml_flags = METH_NOARGS,
1229 .ml_doc = "S.get_ntlm_username_domain() -> (domain, username)\n"
1230 "Obtain NTLM username and domain, split up either as (DOMAIN, user) or (\"\", \"user@realm\").",
1231 },
1232 {
1233 .ml_name = "get_ntlm_response",
1234 .ml_meth = PY_DISCARD_FUNC_SIG(PyCFunction,
1235 py_creds_get_ntlm_response),
1236 .ml_flags = METH_VARARGS | METH_KEYWORDS,
1237 .ml_doc = "S.get_ntlm_response"
1238 "(flags, challenge[, target_info]) -> "
1239 "(flags, lm_response, nt_response, lm_session_key, nt_session_key)\n"
1240 "Obtain LM or NTLM response.",
1241 },
1242 {
1243 .ml_name = "set_password",
1244 .ml_meth = py_creds_set_password,
1245 .ml_flags = METH_VARARGS,
1246 .ml_doc = "S.set_password(password[, credentials.SPECIFIED]) -> None\n"
1247 "Change password.",
1248 },
1249 {
1250 .ml_name = "set_utf16_password",
1251 .ml_meth = py_creds_set_utf16_password,
1252 .ml_flags = METH_VARARGS,
1253 .ml_doc = "S.set_utf16_password(password[, credentials.SPECIFIED]) -> None\n"
1254 "Change password.",
1255 },
1256 {
1257 .ml_name = "get_old_password",
1258 .ml_meth = py_creds_get_old_password,
1259 .ml_flags = METH_NOARGS,
1260 .ml_doc = "S.get_old_password() -> password\n"
1261 "Obtain old password.",
1262 },
1263 {
1264 .ml_name = "set_old_password",
1265 .ml_meth = py_creds_set_old_password,
1266 .ml_flags = METH_VARARGS,
1267 .ml_doc = "S.set_old_password(password[, credentials.SPECIFIED]) -> None\n"
1268 "Change old password.",
1269 },
1270 {
1271 .ml_name = "set_old_utf16_password",
1272 .ml_meth = py_creds_set_old_utf16_password,
1273 .ml_flags = METH_VARARGS,
1274 .ml_doc = "S.set_old_utf16_password(password[, credentials.SPECIFIED]) -> None\n"
1275 "Change old password.",
1276 },
1277 {
1278 .ml_name = "get_domain",
1279 .ml_meth = py_creds_get_domain,
1280 .ml_flags = METH_NOARGS,
1281 .ml_doc = "S.get_domain() -> domain\n"
1282 "Obtain domain name.",
1283 },
1284 {
1285 .ml_name = "set_domain",
1286 .ml_meth = py_creds_set_domain,
1287 .ml_flags = METH_VARARGS,
1288 .ml_doc = "S.set_domain(domain[, credentials.SPECIFIED]) -> None\n"
1289 "Change domain name.",
1290 },
1291 {
1292 .ml_name = "get_realm",
1293 .ml_meth = py_creds_get_realm,
1294 .ml_flags = METH_NOARGS,
1295 .ml_doc = "S.get_realm() -> realm\n"
1296 "Obtain realm name.",
1297 },
1298 {
1299 .ml_name = "set_realm",
1300 .ml_meth = py_creds_set_realm,
1301 .ml_flags = METH_VARARGS,
1302 .ml_doc = "S.set_realm(realm[, credentials.SPECIFIED]) -> None\n"
1303 "Change realm name.",
1304 },
1305 {
1306 .ml_name = "get_bind_dn",
1307 .ml_meth = py_creds_get_bind_dn,
1308 .ml_flags = METH_NOARGS,
1309 .ml_doc = "S.get_bind_dn() -> bind dn\n"
1310 "Obtain bind DN.",
1311 },
1312 {
1313 .ml_name = "set_bind_dn",
1314 .ml_meth = py_creds_set_bind_dn,
1315 .ml_flags = METH_VARARGS,
1316 .ml_doc = "S.set_bind_dn(bind_dn) -> None\n"
1317 "Change bind DN.",
1318 },
1319 {
1320 .ml_name = "is_anonymous",
1321 .ml_meth = py_creds_is_anonymous,
1322 .ml_flags = METH_NOARGS,
1323 },
1324 {
1325 .ml_name = "set_anonymous",
1326 .ml_meth = py_creds_set_anonymous,
1327 .ml_flags = METH_NOARGS,
1328 .ml_doc = "S.set_anonymous() -> None\n"
1329 "Use anonymous credentials.",
1330 },
1331 {
1332 .ml_name = "get_workstation",
1333 .ml_meth = py_creds_get_workstation,
1334 .ml_flags = METH_NOARGS,
1335 },
1336 {
1337 .ml_name = "set_workstation",
1338 .ml_meth = py_creds_set_workstation,
1339 .ml_flags = METH_VARARGS,
1340 },
1341 {
1342 .ml_name = "authentication_requested",
1343 .ml_meth = py_creds_authentication_requested,
1344 .ml_flags = METH_NOARGS,
1345 },
1346 {
1347 .ml_name = "wrong_password",
1348 .ml_meth = py_creds_wrong_password,
1349 .ml_flags = METH_NOARGS,
1350 .ml_doc = "S.wrong_password() -> bool\n"
1351 "Indicate the returned password was incorrect.",
1352 },
1353 {
1354 .ml_name = "set_cmdline_callbacks",
1355 .ml_meth = py_creds_set_cmdline_callbacks,
1356 .ml_flags = METH_NOARGS,
1357 .ml_doc = "S.set_cmdline_callbacks() -> bool\n"
1358 "Use command-line to obtain credentials not explicitly set.",
1359 },
1360 {
1361 .ml_name = "parse_string",
1362 .ml_meth = py_creds_parse_string,
1363 .ml_flags = METH_VARARGS,
1364 .ml_doc = "S.parse_string(text[, credentials.SPECIFIED]) -> None\n"
1365 "Parse credentials string.",
1366 },
1367 {
1368 .ml_name = "parse_file",
1369 .ml_meth = py_creds_parse_file,
1370 .ml_flags = METH_VARARGS,
1371 .ml_doc = "S.parse_file(filename[, credentials.SPECIFIED]) -> None\n"
1372 "Parse credentials file.",
1373 },
1374 {
1375 .ml_name = "set_password_will_be_nt_hash",
1376 .ml_meth = py_cli_credentials_set_password_will_be_nt_hash,
1377 .ml_flags = METH_VARARGS,
1378 .ml_doc = "S.set_password_will_be_nt_hash(bool) -> None\n"
1379 "Alters the behaviour of S.set_password() "
1380 "to expect the NTHASH as hexstring.",
1381 },
1382 {
1383 .ml_name = "get_nt_hash",
1384 .ml_meth = py_creds_get_nt_hash,
1385 .ml_flags = METH_NOARGS,
1386 },
1387 {
1388 .ml_name = "get_kerberos_state",
1389 .ml_meth = py_creds_get_kerberos_state,
1390 .ml_flags = METH_NOARGS,
1391 },
1392 {
1393 .ml_name = "set_kerberos_state",
1394 .ml_meth = py_creds_set_kerberos_state,
1395 .ml_flags = METH_VARARGS,
1396 },
1397 {
1398 .ml_name = "set_krb_forwardable",
1399 .ml_meth = py_creds_set_krb_forwardable,
1400 .ml_flags = METH_VARARGS,
1401 },
1402 {
1403 .ml_name = "set_conf",
1404 .ml_meth = py_creds_set_conf,
1405 .ml_flags = METH_VARARGS,
1406 },
1407 {
1408 .ml_name = "guess",
1409 .ml_meth = py_creds_guess,
1410 .ml_flags = METH_VARARGS,
1411 },
1412 {
1413 .ml_name = "set_machine_account",
1414 .ml_meth = py_creds_set_machine_account,
1415 .ml_flags = METH_VARARGS,
1416 },
1417 {
1418 .ml_name = "get_named_ccache",
1419 .ml_meth = py_creds_get_named_ccache,
1420 .ml_flags = METH_VARARGS,
1421 },
1422 {
1423 .ml_name = "set_named_ccache",
1424 .ml_meth = py_creds_set_named_ccache,
1425 .ml_flags = METH_VARARGS,
1426 .ml_doc = "S.set_named_ccache(krb5_ccache_name, obtained, lp) -> None\n"
1427 "Set credentials to KRB5 Credentials Cache (by name).",
1428 },
1429 {
1430 .ml_name = "set_gensec_features",
1431 .ml_meth = py_creds_set_gensec_features,
1432 .ml_flags = METH_VARARGS,
1433 },
1434 {
1435 .ml_name = "get_gensec_features",
1436 .ml_meth = py_creds_get_gensec_features,
1437 .ml_flags = METH_NOARGS,
1438 },
1439 {
1440 .ml_name = "get_forced_sasl_mech",
1441 .ml_meth = py_creds_get_forced_sasl_mech,
1442 .ml_flags = METH_NOARGS,
1443 .ml_doc = "S.get_forced_sasl_mech() -> SASL mechanism\nObtain forced SASL mechanism.",
1444 },
1445 {
1446 .ml_name = "set_forced_sasl_mech",
1447 .ml_meth = py_creds_set_forced_sasl_mech,
1448 .ml_flags = METH_VARARGS,
1449 .ml_doc = "S.set_forced_sasl_mech(name) -> None\n"
1450 "Set forced SASL mechanism.",
1451 },
1452 {
1453 .ml_name = "new_client_authenticator",
1454 .ml_meth = py_creds_new_client_authenticator,
1455 .ml_flags = METH_NOARGS,
1456 .ml_doc = "S.new_client_authenticator() -> Authenticator\n"
1457 "Get a new client NETLOGON_AUTHENTICATOR"},
1458 {
1459 .ml_name = "set_secure_channel_type",
1460 .ml_meth = py_creds_set_secure_channel_type,
1461 .ml_flags = METH_VARARGS,
1462 },
1463 {
1464 .ml_name = "get_secure_channel_type",
1465 .ml_meth = py_creds_get_secure_channel_type,
1466 .ml_flags = METH_VARARGS,
1467 },
1468 {
1469 .ml_name = "get_aes256_key",
1470 .ml_meth = py_creds_get_aes256_key,
1471 .ml_flags = METH_VARARGS,
1472 .ml_doc = "S.get_aes256_key(salt[, lp]) -> bytes\n"
1473 "Generate an AES256 key using the current password and\n"
1474 "the specified salt",
1475 },
1476 {
1477 .ml_name = "encrypt_netr_crypt_password",
1478 .ml_meth = py_creds_encrypt_netr_crypt_password,
1479 .ml_flags = METH_VARARGS,
1480 .ml_doc = "S.encrypt_netr_crypt_password(password) -> None\n"
1481 "Encrypt the supplied password using the session key and\n"
1482 "the negotiated encryption algorithm in place\n"
1483 "i.e. it overwrites the original data"},
1484 {
1485 .ml_name = "encrypt_samr_password",
1486 .ml_meth = py_creds_encrypt_samr_password,
1487 .ml_flags = METH_VARARGS,
1488 .ml_doc = "S.encrypt_samr_password(password) -> None\n"
1489 "Encrypt the supplied password using the session key and\n"
1490 "the negotiated encryption algorithm in place\n"
1491 "i.e. it overwrites the original data"
1492 },
1493 {
1494 .ml_name = "get_smb_signing",
1495 .ml_meth = py_creds_get_smb_signing,
1496 .ml_flags = METH_NOARGS,
1497 },
1498 {
1499 .ml_name = "set_smb_signing",
1500 .ml_meth = py_creds_set_smb_signing,
1501 .ml_flags = METH_VARARGS,
1502 },
1503 {
1504 .ml_name = "get_smb_ipc_signing",
1505 .ml_meth = py_creds_get_smb_ipc_signing,
1506 .ml_flags = METH_NOARGS,
1507 },
1508 {
1509 .ml_name = "set_smb_ipc_signing",
1510 .ml_meth = py_creds_set_smb_ipc_signing,
1511 .ml_flags = METH_VARARGS,
1512 },
1513 {
1514 .ml_name = "get_smb_encryption",
1515 .ml_meth = py_creds_get_smb_encryption,
1516 .ml_flags = METH_NOARGS,
1517 },
1518 {
1519 .ml_name = "set_smb_encryption",
1520 .ml_meth = py_creds_set_smb_encryption,
1521 .ml_flags = METH_VARARGS,
1522 },
1523 { .ml_name = NULL }
1524 };
1525
1526 static struct PyModuleDef moduledef = {
1527 PyModuleDef_HEAD_INIT,
1528 .m_name = "credentials",
1529 .m_doc = "Credentials management.",
1530 .m_size = -1,
1531 .m_methods = py_creds_methods,
1532 };
1533
1534 PyTypeObject PyCredentials = {
1535 .tp_name = "credentials.Credentials",
1536 .tp_new = py_creds_new,
1537 .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE,
1538 .tp_methods = py_creds_methods,
1539 };
1540
1541 static PyObject *py_ccache_name(PyObject *self, PyObject *unused)
1542 {
1543 struct ccache_container *ccc = NULL;
1544 char *name = NULL;
1545 PyObject *py_name = NULL;
1546 int ret;
1547
1548 ccc = pytalloc_get_type(self, struct ccache_container);
1549
1550 ret = krb5_cc_get_full_name(ccc->smb_krb5_context->krb5_context,
1551 ccc->ccache, &name);
1552 if (ret == 0) {
1553 py_name = PyString_FromStringOrNULL(name);
1554 SAFE_FREE(name);
1555 } else {
1556 PyErr_SetString(PyExc_RuntimeError,
1557 "Failed to get ccache name");
1558 return NULL;
1559 }
1560 return py_name;
1561 }
1562
1563 static PyMethodDef py_ccache_container_methods[] = {
1564 { "get_name", py_ccache_name, METH_NOARGS,
1565 "S.get_name() -> name\nObtain KRB5 credentials cache name." },
1566 {0}
1567 };
1568
1569 PyTypeObject PyCredentialCacheContainer = {
1570 .tp_name = "credentials.CredentialCacheContainer",
1571 .tp_flags = Py_TPFLAGS_DEFAULT,
1572 .tp_methods = py_ccache_container_methods,
1573 };
1574
1575 MODULE_INIT_FUNC(credentials)
1576 {
1577 PyObject *m;
1578 if (pytalloc_BaseObject_PyType_Ready(&PyCredentials) < 0)
1579 return NULL;
1580
1581 if (pytalloc_BaseObject_PyType_Ready(&PyCredentialCacheContainer) < 0)
1582 return NULL;
1583
1584 m = PyModule_Create(&moduledef);
1585 if (m == NULL)
1586 return NULL;
1587
1588 PyModule_AddObject(m, "UNINITIALISED", PyLong_FromLong(CRED_UNINITIALISED));
1589 PyModule_AddObject(m, "SMB_CONF", PyLong_FromLong(CRED_SMB_CONF));
1590 PyModule_AddObject(m, "CALLBACK", PyLong_FromLong(CRED_CALLBACK));
1591 PyModule_AddObject(m, "GUESS_ENV", PyLong_FromLong(CRED_GUESS_ENV));
1592 PyModule_AddObject(m, "GUESS_FILE", PyLong_FromLong(CRED_GUESS_FILE));
1593 PyModule_AddObject(m, "CALLBACK_RESULT", PyLong_FromLong(CRED_CALLBACK_RESULT));
1594 PyModule_AddObject(m, "SPECIFIED", PyLong_FromLong(CRED_SPECIFIED));
1595
1596 PyModule_AddObject(m, "AUTO_USE_KERBEROS", PyLong_FromLong(CRED_USE_KERBEROS_DESIRED));
1597 PyModule_AddObject(m, "DONT_USE_KERBEROS", PyLong_FromLong(CRED_USE_KERBEROS_DISABLED));
1598 PyModule_AddObject(m, "MUST_USE_KERBEROS", PyLong_FromLong(CRED_USE_KERBEROS_REQUIRED));
1599
1600 PyModule_AddObject(m, "AUTO_KRB_FORWARDABLE", PyLong_FromLong(CRED_AUTO_KRB_FORWARDABLE));
1601 PyModule_AddObject(m, "NO_KRB_FORWARDABLE", PyLong_FromLong(CRED_NO_KRB_FORWARDABLE));
1602 PyModule_AddObject(m, "FORCE_KRB_FORWARDABLE", PyLong_FromLong(CRED_FORCE_KRB_FORWARDABLE));
1603 PyModule_AddObject(m, "CLI_CRED_NTLM2", PyLong_FromLong(CLI_CRED_NTLM2));
1604 PyModule_AddObject(m, "CLI_CRED_NTLMv2_AUTH", PyLong_FromLong(CLI_CRED_NTLMv2_AUTH));
1605 PyModule_AddObject(m, "CLI_CRED_LANMAN_AUTH", PyLong_FromLong(CLI_CRED_LANMAN_AUTH));
1606 PyModule_AddObject(m, "CLI_CRED_NTLM_AUTH", PyLong_FromLong(CLI_CRED_NTLM_AUTH));
1607 PyModule_AddObject(m, "CLI_CRED_CLEAR_AUTH", PyLong_FromLong(CLI_CRED_CLEAR_AUTH));
1608
1609 PyModule_AddObject(m, "SMB_SIGNING_DEFAULT", PyLong_FromLong(SMB_SIGNING_DEFAULT));
1610 PyModule_AddObject(m, "SMB_SIGNING_OFF", PyLong_FromLong(SMB_SIGNING_OFF));
1611 PyModule_AddObject(m, "SMB_SIGNING_IF_REQUIRED", PyLong_FromLong(SMB_SIGNING_IF_REQUIRED));
1612 PyModule_AddObject(m, "SMB_SIGNING_DESIRED", PyLong_FromLong(SMB_SIGNING_DESIRED));
1613 PyModule_AddObject(m, "SMB_SIGNING_REQUIRED", PyLong_FromLong(SMB_SIGNING_REQUIRED));
1614
1615 PyModule_AddObject(m, "SMB_ENCRYPTION_DEFAULT", PyLong_FromLong(SMB_ENCRYPTION_DEFAULT));
1616 PyModule_AddObject(m, "SMB_ENCRYPTION_OFF", PyLong_FromLong(SMB_ENCRYPTION_OFF));
1617 PyModule_AddObject(m, "SMB_ENCRYPTION_IF_REQUIRED", PyLong_FromLong(SMB_ENCRYPTION_IF_REQUIRED));
1618 PyModule_AddObject(m, "SMB_ENCRYPTION_DESIRED", PyLong_FromLong(SMB_ENCRYPTION_DESIRED));
1619 PyModule_AddObject(m, "SMB_ENCRYPTION_REQUIRED", PyLong_FromLong(SMB_ENCRYPTION_REQUIRED));
1620
1621 Py_INCREF(&PyCredentials);
1622 PyModule_AddObject(m, "Credentials", (PyObject *)&PyCredentials);
1623 Py_INCREF(&PyCredentialCacheContainer);
1624 PyModule_AddObject(m, "CredentialCacheContainer", (PyObject *)&PyCredentialCacheContainer);
1625 return m;
1626 }
Samba GIT mirror