search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
pycredentials: Do not use pytalloc_Object directly
[Samba.git] / auth / credentials / pycredentials.c
blobe1c0b3ece759b7f84a2a3f4d60bf1a09829a3d6f
1 /*
2 Unix SMB/CIFS implementation.
3 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 3 of the License, or
8 (at your option) any later version.
9
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17 */
18
19 #include <Python.h>
20 #include "includes.h"
21 #include "pycredentials.h"
22 #include "param/param.h"
23 #include "lib/cmdline/credentials.h"
24 #include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
25 #include "libcli/util/pyerrors.h"
26 #include "param/pyparam.h"
27 #include <tevent.h>
28
29 void initcredentials(void);
30
31 static PyObject *PyString_FromStringOrNULL(const char *str)
32 {
33 if (str == NULL)
34 Py_RETURN_NONE;
35 return PyString_FromString(str);
36 }
37
38 static PyObject *py_creds_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
39 {
40 return pytalloc_steal(type, cli_credentials_init(NULL));
41 }
42
43 static PyObject *py_creds_get_username(PyObject *self, PyObject *unused)
44 {
45 return PyString_FromStringOrNULL(cli_credentials_get_username(PyCredentials_AsCliCredentials(self)));
46 }
47
48 static PyObject *py_creds_set_username(PyObject *self, PyObject *args)
49 {
50 char *newval;
51 enum credentials_obtained obt = CRED_SPECIFIED;
52 int _obt = obt;
53
54 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
55 return NULL;
56 }
57 obt = _obt;
58
59 return PyBool_FromLong(cli_credentials_set_username(PyCredentials_AsCliCredentials(self), newval, obt));
60 }
61
62 static PyObject *py_creds_get_password(PyObject *self, PyObject *unused)
63 {
64 return PyString_FromStringOrNULL(cli_credentials_get_password(PyCredentials_AsCliCredentials(self)));
65 }
66
67
68 static PyObject *py_creds_set_password(PyObject *self, PyObject *args)
69 {
70 char *newval;
71 enum credentials_obtained obt = CRED_SPECIFIED;
72 int _obt = obt;
73
74 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
75 return NULL;
76 }
77 obt = _obt;
78
79 return PyBool_FromLong(cli_credentials_set_password(PyCredentials_AsCliCredentials(self), newval, obt));
80 }
81
82 static PyObject *py_creds_get_domain(PyObject *self, PyObject *unused)
83 {
84 return PyString_FromStringOrNULL(cli_credentials_get_domain(PyCredentials_AsCliCredentials(self)));
85 }
86
87 static PyObject *py_creds_set_domain(PyObject *self, PyObject *args)
88 {
89 char *newval;
90 enum credentials_obtained obt = CRED_SPECIFIED;
91 int _obt = obt;
92
93 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
94 return NULL;
95 }
96 obt = _obt;
97
98 return PyBool_FromLong(cli_credentials_set_domain(PyCredentials_AsCliCredentials(self), newval, obt));
99 }
100
101 static PyObject *py_creds_get_realm(PyObject *self, PyObject *unused)
102 {
103 return PyString_FromStringOrNULL(cli_credentials_get_realm(PyCredentials_AsCliCredentials(self)));
104 }
105
106 static PyObject *py_creds_set_realm(PyObject *self, PyObject *args)
107 {
108 char *newval;
109 enum credentials_obtained obt = CRED_SPECIFIED;
110 int _obt = obt;
111
112 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
113 return NULL;
114 }
115 obt = _obt;
116
117 return PyBool_FromLong(cli_credentials_set_realm(PyCredentials_AsCliCredentials(self), newval, obt));
118 }
119
120 static PyObject *py_creds_get_bind_dn(PyObject *self, PyObject *unused)
121 {
122 return PyString_FromStringOrNULL(cli_credentials_get_bind_dn(PyCredentials_AsCliCredentials(self)));
123 }
124
125 static PyObject *py_creds_set_bind_dn(PyObject *self, PyObject *args)
126 {
127 char *newval;
128 if (!PyArg_ParseTuple(args, "s", &newval))
129 return NULL;
130
131 return PyBool_FromLong(cli_credentials_set_bind_dn(PyCredentials_AsCliCredentials(self), newval));
132 }
133
134 static PyObject *py_creds_get_workstation(PyObject *self, PyObject *unused)
135 {
136 return PyString_FromStringOrNULL(cli_credentials_get_workstation(PyCredentials_AsCliCredentials(self)));
137 }
138
139 static PyObject *py_creds_set_workstation(PyObject *self, PyObject *args)
140 {
141 char *newval;
142 enum credentials_obtained obt = CRED_SPECIFIED;
143 int _obt = obt;
144
145 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
146 return NULL;
147 }
148 obt = _obt;
149
150 return PyBool_FromLong(cli_credentials_set_workstation(PyCredentials_AsCliCredentials(self), newval, obt));
151 }
152
153 static PyObject *py_creds_is_anonymous(PyObject *self, PyObject *unused)
154 {
155 return PyBool_FromLong(cli_credentials_is_anonymous(PyCredentials_AsCliCredentials(self)));
156 }
157
158 static PyObject *py_creds_set_anonymous(PyObject *self, PyObject *unused)
159 {
160 cli_credentials_set_anonymous(PyCredentials_AsCliCredentials(self));
161 Py_RETURN_NONE;
162 }
163
164 static PyObject *py_creds_authentication_requested(PyObject *self, PyObject *unused)
165 {
166 return PyBool_FromLong(cli_credentials_authentication_requested(PyCredentials_AsCliCredentials(self)));
167 }
168
169 static PyObject *py_creds_wrong_password(PyObject *self, PyObject *unused)
170 {
171 return PyBool_FromLong(cli_credentials_wrong_password(PyCredentials_AsCliCredentials(self)));
172 }
173
174 static PyObject *py_creds_set_cmdline_callbacks(PyObject *self, PyObject *unused)
175 {
176 return PyBool_FromLong(cli_credentials_set_cmdline_callbacks(PyCredentials_AsCliCredentials(self)));
177 }
178
179 static PyObject *py_creds_parse_string(PyObject *self, PyObject *args)
180 {
181 char *newval;
182 enum credentials_obtained obt = CRED_SPECIFIED;
183 int _obt = obt;
184
185 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
186 return NULL;
187 }
188 obt = _obt;
189
190 cli_credentials_parse_string(PyCredentials_AsCliCredentials(self), newval, obt);
191 Py_RETURN_NONE;
192 }
193
194 static PyObject *py_creds_get_nt_hash(PyObject *self, PyObject *unused)
195 {
196 PyObject *ret;
197 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
198 struct samr_Password *ntpw = cli_credentials_get_nt_hash(creds, creds);
199
200 ret = PyString_FromStringAndSize(discard_const_p(char, ntpw->hash), 16);
201 TALLOC_FREE(ntpw);
202 return ret;
203 }
204
205 static PyObject *py_creds_get_kerberos_state(PyObject *self, PyObject *unused)
206 {
207 int state = cli_credentials_get_kerberos_state(PyCredentials_AsCliCredentials(self));
208 return PyInt_FromLong(state);
209 }
210
211 static PyObject *py_creds_set_kerberos_state(PyObject *self, PyObject *args)
212 {
213 int state;
214 if (!PyArg_ParseTuple(args, "i", &state))
215 return NULL;
216
217 cli_credentials_set_kerberos_state(PyCredentials_AsCliCredentials(self), state);
218 Py_RETURN_NONE;
219 }
220
221 static PyObject *py_creds_set_krb_forwardable(PyObject *self, PyObject *args)
222 {
223 int state;
224 if (!PyArg_ParseTuple(args, "i", &state))
225 return NULL;
226
227 cli_credentials_set_krb_forwardable(PyCredentials_AsCliCredentials(self), state);
228 Py_RETURN_NONE;
229 }
230
231
232 static PyObject *py_creds_get_forced_sasl_mech(PyObject *self, PyObject *unused)
233 {
234 return PyString_FromStringOrNULL(cli_credentials_get_forced_sasl_mech(PyCredentials_AsCliCredentials(self)));
235 }
236
237 static PyObject *py_creds_set_forced_sasl_mech(PyObject *self, PyObject *args)
238 {
239 char *newval;
240 enum credentials_obtained obt = CRED_SPECIFIED;
241 int _obt = obt;
242
243 if (!PyArg_ParseTuple(args, "s", &newval)) {
244 return NULL;
245 }
246 obt = _obt;
247
248 cli_credentials_set_forced_sasl_mech(PyCredentials_AsCliCredentials(self), newval);
249 Py_RETURN_NONE;
250 }
251
252 static PyObject *py_creds_guess(PyObject *self, PyObject *args)
253 {
254 PyObject *py_lp_ctx = Py_None;
255 struct loadparm_context *lp_ctx;
256 TALLOC_CTX *mem_ctx;
257 struct cli_credentials *creds;
258
259 creds = PyCredentials_AsCliCredentials(self);
260
261 if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
262 return NULL;
263
264 mem_ctx = talloc_new(NULL);
265 if (mem_ctx == NULL) {
266 PyErr_NoMemory();
267 return NULL;
268 }
269
270 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
271 if (lp_ctx == NULL) {
272 talloc_free(mem_ctx);
273 return NULL;
274 }
275
276 cli_credentials_guess(creds, lp_ctx);
277
278 talloc_free(mem_ctx);
279
280 Py_RETURN_NONE;
281 }
282
283 static PyObject *py_creds_set_machine_account(PyObject *self, PyObject *args)
284 {
285 PyObject *py_lp_ctx = Py_None;
286 struct loadparm_context *lp_ctx;
287 NTSTATUS status;
288 struct cli_credentials *creds;
289 TALLOC_CTX *mem_ctx;
290
291 creds = PyCredentials_AsCliCredentials(self);
292
293 if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
294 return NULL;
295
296 mem_ctx = talloc_new(NULL);
297 if (mem_ctx == NULL) {
298 PyErr_NoMemory();
299 return NULL;
300 }
301
302 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
303 if (lp_ctx == NULL) {
304 talloc_free(mem_ctx);
305 return NULL;
306 }
307
308 status = cli_credentials_set_machine_account(creds, lp_ctx);
309 talloc_free(mem_ctx);
310
311 PyErr_NTSTATUS_IS_ERR_RAISE(status);
312
313 Py_RETURN_NONE;
314 }
315
316 static PyObject *PyCredentialCacheContainer_from_ccache_container(struct ccache_container *ccc)
317 {
318 PyCredentialCacheContainerObject *py_ret;
319
320 if (ccc == NULL) {
321 Py_RETURN_NONE;
322 }
323
324 py_ret = (PyCredentialCacheContainerObject *)PyCredentialCacheContainer.tp_alloc(&PyCredentialCacheContainer, 0);
325 if (py_ret == NULL) {
326 PyErr_NoMemory();
327 return NULL;
328 }
329 py_ret->mem_ctx = talloc_new(NULL);
330 py_ret->ccc = talloc_reference(py_ret->mem_ctx, ccc);
331 return (PyObject *)py_ret;
332 }
333
334
335 static PyObject *py_creds_get_named_ccache(PyObject *self, PyObject *args)
336 {
337 PyObject *py_lp_ctx = Py_None;
338 char *ccache_name;
339 struct loadparm_context *lp_ctx;
340 struct ccache_container *ccc;
341 struct tevent_context *event_ctx;
342 int ret;
343 const char *error_string;
344 struct cli_credentials *creds;
345 TALLOC_CTX *mem_ctx;
346
347 creds = PyCredentials_AsCliCredentials(self);
348
349 if (!PyArg_ParseTuple(args, "|Os", &py_lp_ctx, &ccache_name))
350 return NULL;
351
352 mem_ctx = talloc_new(NULL);
353 if (mem_ctx == NULL) {
354 PyErr_NoMemory();
355 return NULL;
356 }
357
358 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
359 if (lp_ctx == NULL) {
360 talloc_free(mem_ctx);
361 return NULL;
362 }
363
364 event_ctx = samba_tevent_context_init(mem_ctx);
365
366 ret = cli_credentials_get_named_ccache(creds, event_ctx, lp_ctx,
367 ccache_name, &ccc, &error_string);
368 talloc_unlink(mem_ctx, lp_ctx);
369 if (ret == 0) {
370 talloc_steal(ccc, event_ctx);
371 talloc_free(mem_ctx);
372 return PyCredentialCacheContainer_from_ccache_container(ccc);
373 }
374
375 PyErr_SetString(PyExc_RuntimeError, error_string?error_string:"NULL");
376
377 talloc_free(mem_ctx);
378 return NULL;
379 }
380
381 static PyObject *py_creds_set_gensec_features(PyObject *self, PyObject *args)
382 {
383 unsigned int gensec_features;
384
385 if (!PyArg_ParseTuple(args, "I", &gensec_features))
386 return NULL;
387
388 cli_credentials_set_gensec_features(PyCredentials_AsCliCredentials(self), gensec_features);
389
390 Py_RETURN_NONE;
391 }
392
393 static PyObject *py_creds_get_gensec_features(PyObject *self, PyObject *args)
394 {
395 unsigned int gensec_features;
396
397 gensec_features = cli_credentials_get_gensec_features(PyCredentials_AsCliCredentials(self));
398 return PyInt_FromLong(gensec_features);
399 }
400
401
402 static PyMethodDef py_creds_methods[] = {
403 { "get_username", py_creds_get_username, METH_NOARGS,
404 "S.get_username() -> username\nObtain username." },
405 { "set_username", py_creds_set_username, METH_VARARGS,
406 "S.set_username(name, obtained=CRED_SPECIFIED) -> None\n"
407 "Change username." },
408 { "get_password", py_creds_get_password, METH_NOARGS,
409 "S.get_password() -> password\n"
410 "Obtain password." },
411 { "set_password", py_creds_set_password, METH_VARARGS,
412 "S.set_password(password, obtained=CRED_SPECIFIED) -> None\n"
413 "Change password." },
414 { "get_domain", py_creds_get_domain, METH_NOARGS,
415 "S.get_domain() -> domain\n"
416 "Obtain domain name." },
417 { "set_domain", py_creds_set_domain, METH_VARARGS,
418 "S.set_domain(domain, obtained=CRED_SPECIFIED) -> None\n"
419 "Change domain name." },
420 { "get_realm", py_creds_get_realm, METH_NOARGS,
421 "S.get_realm() -> realm\n"
422 "Obtain realm name." },
423 { "set_realm", py_creds_set_realm, METH_VARARGS,
424 "S.set_realm(realm, obtained=CRED_SPECIFIED) -> None\n"
425 "Change realm name." },
426 { "get_bind_dn", py_creds_get_bind_dn, METH_NOARGS,
427 "S.get_bind_dn() -> bind dn\n"
428 "Obtain bind DN." },
429 { "set_bind_dn", py_creds_set_bind_dn, METH_VARARGS,
430 "S.set_bind_dn(bind_dn) -> None\n"
431 "Change bind DN." },
432 { "is_anonymous", py_creds_is_anonymous, METH_NOARGS,
433 NULL },
434 { "set_anonymous", py_creds_set_anonymous, METH_NOARGS,
435 "S.set_anonymous() -> None\n"
436 "Use anonymous credentials." },
437 { "get_workstation", py_creds_get_workstation, METH_NOARGS,
438 NULL },
439 { "set_workstation", py_creds_set_workstation, METH_VARARGS,
440 NULL },
441 { "authentication_requested", py_creds_authentication_requested, METH_NOARGS,
442 NULL },
443 { "wrong_password", py_creds_wrong_password, METH_NOARGS,
444 "S.wrong_password() -> bool\n"
445 "Indicate the returned password was incorrect." },
446 { "set_cmdline_callbacks", py_creds_set_cmdline_callbacks, METH_NOARGS,
447 "S.set_cmdline_callbacks() -> bool\n"
448 "Use command-line to obtain credentials not explicitly set." },
449 { "parse_string", py_creds_parse_string, METH_VARARGS,
450 "S.parse_string(text, obtained=CRED_SPECIFIED) -> None\n"
451 "Parse credentials string." },
452 { "get_nt_hash", py_creds_get_nt_hash, METH_NOARGS,
453 NULL },
454 { "get_kerberos_state", py_creds_get_kerberos_state, METH_NOARGS,
455 NULL },
456 { "set_kerberos_state", py_creds_set_kerberos_state, METH_VARARGS,
457 NULL },
458 { "set_krb_forwardable", py_creds_set_krb_forwardable, METH_VARARGS,
459 NULL },
460 { "guess", py_creds_guess, METH_VARARGS, NULL },
461 { "set_machine_account", py_creds_set_machine_account, METH_VARARGS, NULL },
462 { "get_named_ccache", py_creds_get_named_ccache, METH_VARARGS, NULL },
463 { "set_gensec_features", py_creds_set_gensec_features, METH_VARARGS, NULL },
464 { "get_gensec_features", py_creds_get_gensec_features, METH_NOARGS, NULL },
465 { "get_forced_sasl_mech", py_creds_get_forced_sasl_mech, METH_NOARGS,
466 "S.get_forced_sasl_mech() -> SASL mechanism\nObtain forced SASL mechanism." },
467 { "set_forced_sasl_mech", py_creds_set_forced_sasl_mech, METH_VARARGS,
468 "S.set_forced_sasl_mech(name) -> None\n"
469 "Set forced SASL mechanism." },
470 { NULL }
471 };
472
473 PyTypeObject PyCredentials = {
474 .tp_name = "credentials.Credentials",
475 .tp_basicsize = sizeof(pytalloc_Object),
476 .tp_new = py_creds_new,
477 .tp_flags = Py_TPFLAGS_DEFAULT,
478 .tp_methods = py_creds_methods,
479 };
480
481
482 PyTypeObject PyCredentialCacheContainer = {
483 .tp_name = "credentials.CredentialCacheContainer",
484 .tp_basicsize = sizeof(pytalloc_Object),
485 .tp_flags = Py_TPFLAGS_DEFAULT,
486 };
487
488 void initcredentials(void)
489 {
490 PyObject *m;
491 PyTypeObject *talloc_type = pytalloc_GetObjectType();
492 if (talloc_type == NULL)
493 return;
494
495 PyCredentials.tp_base = PyCredentialCacheContainer.tp_base = talloc_type;
496
497 if (PyType_Ready(&PyCredentials) < 0)
498 return;
499
500 if (PyType_Ready(&PyCredentialCacheContainer) < 0)
501 return;
502
503 m = Py_InitModule3("credentials", NULL, "Credentials management.");
504 if (m == NULL)
505 return;
506
507 PyModule_AddObject(m, "AUTO_USE_KERBEROS", PyInt_FromLong(CRED_AUTO_USE_KERBEROS));
508 PyModule_AddObject(m, "DONT_USE_KERBEROS", PyInt_FromLong(CRED_DONT_USE_KERBEROS));
509 PyModule_AddObject(m, "MUST_USE_KERBEROS", PyInt_FromLong(CRED_MUST_USE_KERBEROS));
510
511 PyModule_AddObject(m, "AUTO_KRB_FORWARDABLE", PyInt_FromLong(CRED_AUTO_KRB_FORWARDABLE));
512 PyModule_AddObject(m, "NO_KRB_FORWARDABLE", PyInt_FromLong(CRED_NO_KRB_FORWARDABLE));
513 PyModule_AddObject(m, "FORCE_KRB_FORWARDABLE", PyInt_FromLong(CRED_FORCE_KRB_FORWARDABLE));
514
515 Py_INCREF(&PyCredentials);
516 PyModule_AddObject(m, "Credentials", (PyObject *)&PyCredentials);
517 Py_INCREF(&PyCredentialCacheContainer);
518 PyModule_AddObject(m, "CredentialCacheContainer", (PyObject *)&PyCredentialCacheContainer);
519 }
Samba GIT mirror