search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:libnet_join: remember r->out.krb5_salt in libnet_join_derive_salting_principal()
[Samba.git] / source4 / auth / pyauth.c
blob61db907b90260917f05a26e91ad350d92134f2ed
1 /*
2 Unix SMB/CIFS implementation.
3 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2008
4 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2011
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include <Python.h>
21 #include "includes.h"
22 #include "libcli/util/pyerrors.h"
23 #include "param/param.h"
24 #include "pyauth.h"
25 #include "pyldb.h"
26 #include "auth/system_session_proto.h"
27 #include "auth/auth.h"
28 #include "param/pyparam.h"
29 #include "libcli/security/security.h"
30 #include "auth/credentials/pycredentials.h"
31 #include <tevent.h>
32 #include "librpc/rpc/pyrpc_util.h"
33 #include "lib/events/events.h"
34
35 void initauth(void);
36
37 staticforward PyTypeObject PyAuthContext;
38
39 static PyObject *PyAuthSession_FromSession(struct auth_session_info *session)
40 {
41 return py_return_ndr_struct("samba.dcerpc.auth", "session_info", session, session);
42 }
43
44 static PyObject *py_system_session(PyObject *module, PyObject *args)
45 {
46 PyObject *py_lp_ctx = Py_None;
47 struct loadparm_context *lp_ctx = NULL;
48 struct auth_session_info *session;
49 TALLOC_CTX *mem_ctx;
50 if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
51 return NULL;
52
53 mem_ctx = talloc_new(NULL);
54 if (mem_ctx == NULL) {
55 PyErr_NoMemory();
56 return NULL;
57 }
58
59 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
60 if (lp_ctx == NULL) {
61 talloc_free(mem_ctx);
62 return NULL;
63 }
64
65 session = system_session(lp_ctx);
66
67 talloc_free(mem_ctx);
68
69 return PyAuthSession_FromSession(session);
70 }
71
72
73 static PyObject *py_admin_session(PyObject *module, PyObject *args)
74 {
75 PyObject *py_lp_ctx;
76 PyObject *py_sid;
77 struct loadparm_context *lp_ctx = NULL;
78 struct auth_session_info *session;
79 struct dom_sid *domain_sid = NULL;
80 TALLOC_CTX *mem_ctx;
81
82 if (!PyArg_ParseTuple(args, "OO", &py_lp_ctx, &py_sid))
83 return NULL;
84
85 mem_ctx = talloc_new(NULL);
86 if (mem_ctx == NULL) {
87 PyErr_NoMemory();
88 return NULL;
89 }
90
91 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
92 if (lp_ctx == NULL) {
93 talloc_free(mem_ctx);
94 return NULL;
95 }
96
97 domain_sid = dom_sid_parse_talloc(mem_ctx, PyString_AsString(py_sid));
98 if (domain_sid == NULL) {
99 PyErr_Format(PyExc_RuntimeError, "Unable to parse sid %s",
100 PyString_AsString(py_sid));
101 talloc_free(mem_ctx);
102 return NULL;
103 }
104 session = admin_session(NULL, lp_ctx, domain_sid);
105 talloc_free(mem_ctx);
106
107 return PyAuthSession_FromSession(session);
108 }
109
110 static PyObject *py_user_session(PyObject *module, PyObject *args, PyObject *kwargs)
111 {
112 NTSTATUS nt_status;
113 struct auth_session_info *session;
114 TALLOC_CTX *mem_ctx;
115 const char * const kwnames[] = { "ldb", "lp_ctx", "principal", "dn", "session_info_flags", NULL };
116 struct ldb_context *ldb_ctx;
117 PyObject *py_ldb = Py_None;
118 PyObject *py_dn = Py_None;
119 PyObject *py_lp_ctx = Py_None;
120 struct loadparm_context *lp_ctx = NULL;
121 struct ldb_dn *user_dn;
122 char *principal = NULL;
123 int session_info_flags = 0; /* This is an int, because that's
124 * what we need for the python
125 * PyArg_ParseTupleAndKeywords */
126
127 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "O|OzOi",
128 discard_const_p(char *, kwnames),
129 &py_ldb, &py_lp_ctx, &principal, &py_dn, &session_info_flags)) {
130 return NULL;
131 }
132
133 mem_ctx = talloc_new(NULL);
134 if (mem_ctx == NULL) {
135 PyErr_NoMemory();
136 return NULL;
137 }
138
139 ldb_ctx = pyldb_Ldb_AsLdbContext(py_ldb);
140
141 if (py_dn == Py_None) {
142 user_dn = NULL;
143 } else {
144 if (!pyldb_Object_AsDn(ldb_ctx, py_dn, ldb_ctx, &user_dn)) {
145 talloc_free(mem_ctx);
146 return NULL;
147 }
148 }
149
150 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
151 if (lp_ctx == NULL) {
152 talloc_free(mem_ctx);
153 return NULL;
154 }
155
156 nt_status = authsam_get_session_info_principal(mem_ctx, lp_ctx, ldb_ctx, principal, user_dn,
157 session_info_flags, &session);
158 if (!NT_STATUS_IS_OK(nt_status)) {
159 talloc_free(mem_ctx);
160 PyErr_NTSTATUS_IS_ERR_RAISE(nt_status);
161 }
162
163 talloc_steal(NULL, session);
164 talloc_free(mem_ctx);
165
166 return PyAuthSession_FromSession(session);
167 }
168
169
170 static const char **PyList_AsStringList(TALLOC_CTX *mem_ctx, PyObject *list,
171 const char *paramname)
172 {
173 const char **ret;
174 Py_ssize_t i;
175 if (!PyList_Check(list)) {
176 PyErr_Format(PyExc_TypeError, "%s is not a list", paramname);
177 return NULL;
178 }
179 ret = talloc_array(NULL, const char *, PyList_Size(list)+1);
180 if (ret == NULL) {
181 PyErr_NoMemory();
182 return NULL;
183 }
184
185 for (i = 0; i < PyList_Size(list); i++) {
186 PyObject *item = PyList_GetItem(list, i);
187 if (!PyString_Check(item)) {
188 PyErr_Format(PyExc_TypeError, "%s should be strings", paramname);
189 return NULL;
190 }
191 ret[i] = talloc_strndup(ret, PyString_AsString(item),
192 PyString_Size(item));
193 }
194 ret[i] = NULL;
195 return ret;
196 }
197
198 static PyObject *PyAuthContext_FromContext(struct auth4_context *auth_context)
199 {
200 return pytalloc_reference(&PyAuthContext, auth_context);
201 }
202
203 static PyObject *py_auth_context_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
204 {
205 PyObject *py_lp_ctx = Py_None;
206 PyObject *py_ldb = Py_None;
207 PyObject *py_imessaging_ctx = Py_None;
208 PyObject *py_auth_context = Py_None;
209 PyObject *py_methods = Py_None;
210 TALLOC_CTX *mem_ctx;
211 struct auth4_context *auth_context;
212 struct imessaging_context *imessaging_context = NULL;
213 struct loadparm_context *lp_ctx;
214 struct tevent_context *ev;
215 struct ldb_context *ldb = NULL;
216 NTSTATUS nt_status;
217 const char **methods;
218
219 const char * const kwnames[] = { "lp_ctx", "messaging_ctx", "ldb", "methods", NULL };
220
221 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|OOOO",
222 discard_const_p(char *, kwnames),
223 &py_lp_ctx, &py_imessaging_ctx, &py_ldb, &py_methods))
224 return NULL;
225
226 mem_ctx = talloc_new(NULL);
227 if (mem_ctx == NULL) {
228 PyErr_NoMemory();
229 return NULL;
230 }
231
232 if (py_ldb != Py_None) {
233 ldb = pyldb_Ldb_AsLdbContext(py_ldb);
234 }
235
236 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
237 if (lp_ctx == NULL) {
238 PyErr_NoMemory();
239 return NULL;
240 }
241
242 ev = s4_event_context_init(mem_ctx);
243 if (ev == NULL) {
244 PyErr_NoMemory();
245 return NULL;
246 }
247
248 if (py_imessaging_ctx != Py_None) {
249 imessaging_context = pytalloc_get_type(py_imessaging_ctx, struct imessaging_context);
250 }
251
252 if (py_methods == Py_None && py_ldb == Py_None) {
253 nt_status = auth_context_create(mem_ctx, ev, imessaging_context, lp_ctx, &auth_context);
254 } else {
255 if (py_methods != Py_None) {
256 methods = PyList_AsStringList(mem_ctx, py_methods, "methods");
257 if (methods == NULL) {
258 talloc_free(mem_ctx);
259 return NULL;
260 }
261 } else {
262 methods = auth_methods_from_lp(mem_ctx, lp_ctx);
263 }
264 nt_status = auth_context_create_methods(mem_ctx, methods, ev,
265 imessaging_context, lp_ctx,
266 ldb, &auth_context);
267 }
268
269 if (!NT_STATUS_IS_OK(nt_status)) {
270 talloc_free(mem_ctx);
271 PyErr_NTSTATUS_IS_ERR_RAISE(nt_status);
272 }
273
274 if (!talloc_reference(auth_context, lp_ctx)) {
275 talloc_free(mem_ctx);
276 PyErr_NoMemory();
277 return NULL;
278 }
279
280 if (!talloc_reference(auth_context, ev)) {
281 talloc_free(mem_ctx);
282 PyErr_NoMemory();
283 return NULL;
284 }
285
286 py_auth_context = PyAuthContext_FromContext(auth_context);
287
288 talloc_free(mem_ctx);
289
290 return py_auth_context;
291 }
292
293 static PyTypeObject PyAuthContext = {
294 .tp_name = "AuthContext",
295 .tp_flags = Py_TPFLAGS_DEFAULT,
296 .tp_new = py_auth_context_new,
297 };
298
299 static PyMethodDef py_auth_methods[] = {
300 { "system_session", (PyCFunction)py_system_session, METH_VARARGS, NULL },
301 { "admin_session", (PyCFunction)py_admin_session, METH_VARARGS, NULL },
302 { "user_session", (PyCFunction)py_user_session, METH_VARARGS|METH_KEYWORDS, NULL },
303 { NULL },
304 };
305
306 void initauth(void)
307 {
308 PyObject *m;
309
310 if (pytalloc_BaseObject_PyType_Ready(&PyAuthContext) < 0)
311 return;
312
313 m = Py_InitModule3("auth", py_auth_methods,
314 "Authentication and authorization support.");
315 if (m == NULL)
316 return;
317
318 Py_INCREF(&PyAuthContext);
319 PyModule_AddObject(m, "AuthContext", (PyObject *)&PyAuthContext);
320
321 #define ADD_FLAG(val) PyModule_AddObject(m, #val, PyInt_FromLong(val))
322 ADD_FLAG(AUTH_SESSION_INFO_DEFAULT_GROUPS);
323 ADD_FLAG(AUTH_SESSION_INFO_AUTHENTICATED);
324 ADD_FLAG(AUTH_SESSION_INFO_SIMPLE_PRIVILEGES);
325
326 }
Samba GIT mirror