s4-client: Make sure entry is a valid string.
[Samba/bjacke.git] / auth / credentials / pycredentials.c
blob14fd5e01ba92e97f2100151c9aedd485bea8a861
1 /*
2 Unix SMB/CIFS implementation.
3 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 3 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 #include <Python.h>
20 #include "includes.h"
21 #include "pycredentials.h"
22 #include "param/param.h"
23 #include "lib/cmdline/credentials.h"
24 #include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
25 #include "libcli/util/pyerrors.h"
26 #include "param/pyparam.h"
27 #include <tevent.h>
29 void initcredentials(void);
31 static PyObject *PyString_FromStringOrNULL(const char *str)
33 if (str == NULL)
34 Py_RETURN_NONE;
35 return PyString_FromString(str);
38 static PyObject *py_creds_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
40 pytalloc_Object *ret = (pytalloc_Object *)type->tp_alloc(type, 0);
41 if (ret == NULL) {
42 PyErr_NoMemory();
43 return NULL;
45 ret->talloc_ctx = talloc_new(NULL);
46 if (ret->talloc_ctx == NULL) {
47 PyErr_NoMemory();
48 return NULL;
50 ret->ptr = cli_credentials_init(ret->talloc_ctx);
51 return (PyObject *)ret;
54 static PyObject *py_creds_get_username(pytalloc_Object *self)
56 return PyString_FromStringOrNULL(cli_credentials_get_username(PyCredentials_AsCliCredentials(self)));
59 static PyObject *py_creds_set_username(pytalloc_Object *self, PyObject *args)
61 char *newval;
62 enum credentials_obtained obt = CRED_SPECIFIED;
63 int _obt = obt;
65 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
66 return NULL;
68 obt = _obt;
70 return PyBool_FromLong(cli_credentials_set_username(PyCredentials_AsCliCredentials(self), newval, obt));
73 static PyObject *py_creds_get_password(pytalloc_Object *self)
75 return PyString_FromStringOrNULL(cli_credentials_get_password(PyCredentials_AsCliCredentials(self)));
79 static PyObject *py_creds_set_password(pytalloc_Object *self, PyObject *args)
81 char *newval;
82 enum credentials_obtained obt = CRED_SPECIFIED;
83 int _obt = obt;
85 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
86 return NULL;
88 obt = _obt;
90 return PyBool_FromLong(cli_credentials_set_password(PyCredentials_AsCliCredentials(self), newval, obt));
93 static PyObject *py_creds_get_domain(pytalloc_Object *self)
95 return PyString_FromStringOrNULL(cli_credentials_get_domain(PyCredentials_AsCliCredentials(self)));
98 static PyObject *py_creds_set_domain(pytalloc_Object *self, PyObject *args)
100 char *newval;
101 enum credentials_obtained obt = CRED_SPECIFIED;
102 int _obt = obt;
104 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
105 return NULL;
107 obt = _obt;
109 return PyBool_FromLong(cli_credentials_set_domain(PyCredentials_AsCliCredentials(self), newval, obt));
112 static PyObject *py_creds_get_realm(pytalloc_Object *self)
114 return PyString_FromStringOrNULL(cli_credentials_get_realm(PyCredentials_AsCliCredentials(self)));
117 static PyObject *py_creds_set_realm(pytalloc_Object *self, PyObject *args)
119 char *newval;
120 enum credentials_obtained obt = CRED_SPECIFIED;
121 int _obt = obt;
123 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
124 return NULL;
126 obt = _obt;
128 return PyBool_FromLong(cli_credentials_set_realm(PyCredentials_AsCliCredentials(self), newval, obt));
131 static PyObject *py_creds_get_bind_dn(pytalloc_Object *self)
133 return PyString_FromStringOrNULL(cli_credentials_get_bind_dn(PyCredentials_AsCliCredentials(self)));
136 static PyObject *py_creds_set_bind_dn(pytalloc_Object *self, PyObject *args)
138 char *newval;
139 if (!PyArg_ParseTuple(args, "s", &newval))
140 return NULL;
142 return PyBool_FromLong(cli_credentials_set_bind_dn(PyCredentials_AsCliCredentials(self), newval));
145 static PyObject *py_creds_get_workstation(pytalloc_Object *self)
147 return PyString_FromStringOrNULL(cli_credentials_get_workstation(PyCredentials_AsCliCredentials(self)));
150 static PyObject *py_creds_set_workstation(pytalloc_Object *self, PyObject *args)
152 char *newval;
153 enum credentials_obtained obt = CRED_SPECIFIED;
154 int _obt = obt;
156 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
157 return NULL;
159 obt = _obt;
161 return PyBool_FromLong(cli_credentials_set_workstation(PyCredentials_AsCliCredentials(self), newval, obt));
164 static PyObject *py_creds_is_anonymous(pytalloc_Object *self)
166 return PyBool_FromLong(cli_credentials_is_anonymous(PyCredentials_AsCliCredentials(self)));
169 static PyObject *py_creds_set_anonymous(pytalloc_Object *self)
171 cli_credentials_set_anonymous(PyCredentials_AsCliCredentials(self));
172 Py_RETURN_NONE;
175 static PyObject *py_creds_authentication_requested(pytalloc_Object *self)
177 return PyBool_FromLong(cli_credentials_authentication_requested(PyCredentials_AsCliCredentials(self)));
180 static PyObject *py_creds_wrong_password(pytalloc_Object *self)
182 return PyBool_FromLong(cli_credentials_wrong_password(PyCredentials_AsCliCredentials(self)));
185 static PyObject *py_creds_set_cmdline_callbacks(pytalloc_Object *self)
187 return PyBool_FromLong(cli_credentials_set_cmdline_callbacks(PyCredentials_AsCliCredentials(self)));
190 static PyObject *py_creds_parse_string(pytalloc_Object *self, PyObject *args)
192 char *newval;
193 enum credentials_obtained obt = CRED_SPECIFIED;
194 int _obt = obt;
196 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
197 return NULL;
199 obt = _obt;
201 cli_credentials_parse_string(PyCredentials_AsCliCredentials(self), newval, obt);
202 Py_RETURN_NONE;
205 static PyObject *py_creds_get_nt_hash(pytalloc_Object *self)
207 const struct samr_Password *ntpw = cli_credentials_get_nt_hash(PyCredentials_AsCliCredentials(self), self->ptr);
209 return PyString_FromStringAndSize(discard_const_p(char, ntpw->hash), 16);
212 static PyObject *py_creds_set_kerberos_state(pytalloc_Object *self, PyObject *args)
214 int state;
215 if (!PyArg_ParseTuple(args, "i", &state))
216 return NULL;
218 cli_credentials_set_kerberos_state(PyCredentials_AsCliCredentials(self), state);
219 Py_RETURN_NONE;
222 static PyObject *py_creds_set_krb_forwardable(pytalloc_Object *self, PyObject *args)
224 int state;
225 if (!PyArg_ParseTuple(args, "i", &state))
226 return NULL;
228 cli_credentials_set_krb_forwardable(PyCredentials_AsCliCredentials(self), state);
229 Py_RETURN_NONE;
232 static PyObject *py_creds_guess(pytalloc_Object *self, PyObject *args)
234 PyObject *py_lp_ctx = Py_None;
235 struct loadparm_context *lp_ctx;
236 TALLOC_CTX *mem_ctx;
237 struct cli_credentials *creds;
239 creds = PyCredentials_AsCliCredentials(self);
241 if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
242 return NULL;
244 mem_ctx = talloc_new(NULL);
245 if (mem_ctx == NULL) {
246 PyErr_NoMemory();
247 return NULL;
250 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
251 if (lp_ctx == NULL) {
252 talloc_free(mem_ctx);
253 return NULL;
256 cli_credentials_guess(creds, lp_ctx);
258 talloc_free(mem_ctx);
260 Py_RETURN_NONE;
263 static PyObject *py_creds_set_machine_account(pytalloc_Object *self, PyObject *args)
265 PyObject *py_lp_ctx = Py_None;
266 struct loadparm_context *lp_ctx;
267 NTSTATUS status;
268 struct cli_credentials *creds;
269 TALLOC_CTX *mem_ctx;
271 creds = PyCredentials_AsCliCredentials(self);
273 if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
274 return NULL;
276 mem_ctx = talloc_new(NULL);
277 if (mem_ctx == NULL) {
278 PyErr_NoMemory();
279 return NULL;
282 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
283 if (lp_ctx == NULL) {
284 talloc_free(mem_ctx);
285 return NULL;
288 status = cli_credentials_set_machine_account(creds, lp_ctx);
289 talloc_free(mem_ctx);
291 PyErr_NTSTATUS_IS_ERR_RAISE(status);
293 Py_RETURN_NONE;
296 static PyObject *PyCredentialCacheContainer_from_ccache_container(struct ccache_container *ccc)
298 PyCredentialCacheContainerObject *py_ret;
300 if (ccc == NULL) {
301 Py_RETURN_NONE;
304 py_ret = (PyCredentialCacheContainerObject *)PyCredentialCacheContainer.tp_alloc(&PyCredentialCacheContainer, 0);
305 if (py_ret == NULL) {
306 PyErr_NoMemory();
307 return NULL;
309 py_ret->mem_ctx = talloc_new(NULL);
310 py_ret->ccc = talloc_reference(py_ret->mem_ctx, ccc);
311 return (PyObject *)py_ret;
315 static PyObject *py_creds_get_named_ccache(pytalloc_Object *self, PyObject *args)
317 PyObject *py_lp_ctx = Py_None;
318 char *ccache_name;
319 struct loadparm_context *lp_ctx;
320 struct ccache_container *ccc;
321 struct tevent_context *event_ctx;
322 int ret;
323 const char *error_string;
324 struct cli_credentials *creds;
325 TALLOC_CTX *mem_ctx;
327 creds = PyCredentials_AsCliCredentials(self);
329 if (!PyArg_ParseTuple(args, "|Os", &py_lp_ctx, &ccache_name))
330 return NULL;
332 mem_ctx = talloc_new(NULL);
333 if (mem_ctx == NULL) {
334 PyErr_NoMemory();
335 return NULL;
338 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
339 if (lp_ctx == NULL) {
340 talloc_free(mem_ctx);
341 return NULL;
344 event_ctx = samba_tevent_context_init(mem_ctx);
346 ret = cli_credentials_get_named_ccache(creds, event_ctx, lp_ctx,
347 ccache_name, &ccc, &error_string);
348 talloc_unlink(mem_ctx, lp_ctx);
349 if (ret == 0) {
350 talloc_steal(ccc, event_ctx);
351 talloc_free(mem_ctx);
352 return PyCredentialCacheContainer_from_ccache_container(ccc);
355 PyErr_SetString(PyExc_RuntimeError, error_string?error_string:"NULL");
357 talloc_free(mem_ctx);
358 return NULL;
361 static PyObject *py_creds_set_gensec_features(pytalloc_Object *self, PyObject *args)
363 unsigned int gensec_features;
365 if (!PyArg_ParseTuple(args, "I", &gensec_features))
366 return NULL;
368 cli_credentials_set_gensec_features(PyCredentials_AsCliCredentials(self), gensec_features);
370 Py_RETURN_NONE;
373 static PyObject *py_creds_get_gensec_features(pytalloc_Object *self, PyObject *args)
375 unsigned int gensec_features;
377 gensec_features = cli_credentials_get_gensec_features(PyCredentials_AsCliCredentials(self));
378 return PyInt_FromLong(gensec_features);
382 static PyMethodDef py_creds_methods[] = {
383 { "get_username", (PyCFunction)py_creds_get_username, METH_NOARGS,
384 "S.get_username() -> username\nObtain username." },
385 { "set_username", (PyCFunction)py_creds_set_username, METH_VARARGS,
386 "S.set_username(name, obtained=CRED_SPECIFIED) -> None\n"
387 "Change username." },
388 { "get_password", (PyCFunction)py_creds_get_password, METH_NOARGS,
389 "S.get_password() -> password\n"
390 "Obtain password." },
391 { "set_password", (PyCFunction)py_creds_set_password, METH_VARARGS,
392 "S.set_password(password, obtained=CRED_SPECIFIED) -> None\n"
393 "Change password." },
394 { "get_domain", (PyCFunction)py_creds_get_domain, METH_NOARGS,
395 "S.get_domain() -> domain\n"
396 "Obtain domain name." },
397 { "set_domain", (PyCFunction)py_creds_set_domain, METH_VARARGS,
398 "S.set_domain(domain, obtained=CRED_SPECIFIED) -> None\n"
399 "Change domain name." },
400 { "get_realm", (PyCFunction)py_creds_get_realm, METH_NOARGS,
401 "S.get_realm() -> realm\n"
402 "Obtain realm name." },
403 { "set_realm", (PyCFunction)py_creds_set_realm, METH_VARARGS,
404 "S.set_realm(realm, obtained=CRED_SPECIFIED) -> None\n"
405 "Change realm name." },
406 { "get_bind_dn", (PyCFunction)py_creds_get_bind_dn, METH_NOARGS,
407 "S.get_bind_dn() -> bind dn\n"
408 "Obtain bind DN." },
409 { "set_bind_dn", (PyCFunction)py_creds_set_bind_dn, METH_VARARGS,
410 "S.set_bind_dn(bind_dn) -> None\n"
411 "Change bind DN." },
412 { "is_anonymous", (PyCFunction)py_creds_is_anonymous, METH_NOARGS,
413 NULL },
414 { "set_anonymous", (PyCFunction)py_creds_set_anonymous, METH_NOARGS,
415 "S.set_anonymous() -> None\n"
416 "Use anonymous credentials." },
417 { "get_workstation", (PyCFunction)py_creds_get_workstation, METH_NOARGS,
418 NULL },
419 { "set_workstation", (PyCFunction)py_creds_set_workstation, METH_VARARGS,
420 NULL },
421 { "authentication_requested", (PyCFunction)py_creds_authentication_requested, METH_NOARGS,
422 NULL },
423 { "wrong_password", (PyCFunction)py_creds_wrong_password, METH_NOARGS,
424 "S.wrong_password() -> bool\n"
425 "Indicate the returned password was incorrect." },
426 { "set_cmdline_callbacks", (PyCFunction)py_creds_set_cmdline_callbacks, METH_NOARGS,
427 "S.set_cmdline_callbacks() -> bool\n"
428 "Use command-line to obtain credentials not explicitly set." },
429 { "parse_string", (PyCFunction)py_creds_parse_string, METH_VARARGS,
430 "S.parse_string(text, obtained=CRED_SPECIFIED) -> None\n"
431 "Parse credentials string." },
432 { "get_nt_hash", (PyCFunction)py_creds_get_nt_hash, METH_NOARGS,
433 NULL },
434 { "set_kerberos_state", (PyCFunction)py_creds_set_kerberos_state, METH_VARARGS,
435 NULL },
436 { "set_krb_forwardable", (PyCFunction)py_creds_set_krb_forwardable, METH_VARARGS,
437 NULL },
438 { "guess", (PyCFunction)py_creds_guess, METH_VARARGS, NULL },
439 { "set_machine_account", (PyCFunction)py_creds_set_machine_account, METH_VARARGS, NULL },
440 { "get_named_ccache", (PyCFunction)py_creds_get_named_ccache, METH_VARARGS, NULL },
441 { "set_gensec_features", (PyCFunction)py_creds_set_gensec_features, METH_VARARGS, NULL },
442 { "get_gensec_features", (PyCFunction)py_creds_get_gensec_features, METH_NOARGS, NULL },
443 { NULL }
446 PyTypeObject PyCredentials = {
447 .tp_name = "credentials.Credentials",
448 .tp_basicsize = sizeof(pytalloc_Object),
449 .tp_new = py_creds_new,
450 .tp_flags = Py_TPFLAGS_DEFAULT,
451 .tp_methods = py_creds_methods,
455 PyTypeObject PyCredentialCacheContainer = {
456 .tp_name = "credentials.CredentialCacheContainer",
457 .tp_basicsize = sizeof(pytalloc_Object),
458 .tp_flags = Py_TPFLAGS_DEFAULT,
461 void initcredentials(void)
463 PyObject *m;
464 PyTypeObject *talloc_type = pytalloc_GetObjectType();
465 if (talloc_type == NULL)
466 return;
468 PyCredentials.tp_base = PyCredentialCacheContainer.tp_base = talloc_type;
470 if (PyType_Ready(&PyCredentials) < 0)
471 return;
473 if (PyType_Ready(&PyCredentialCacheContainer) < 0)
474 return;
476 m = Py_InitModule3("credentials", NULL, "Credentials management.");
477 if (m == NULL)
478 return;
480 PyModule_AddObject(m, "AUTO_USE_KERBEROS", PyInt_FromLong(CRED_AUTO_USE_KERBEROS));
481 PyModule_AddObject(m, "DONT_USE_KERBEROS", PyInt_FromLong(CRED_DONT_USE_KERBEROS));
482 PyModule_AddObject(m, "MUST_USE_KERBEROS", PyInt_FromLong(CRED_MUST_USE_KERBEROS));
484 PyModule_AddObject(m, "AUTO_KRB_FORWARDABLE", PyInt_FromLong(CRED_AUTO_KRB_FORWARDABLE));
485 PyModule_AddObject(m, "NO_KRB_FORWARDABLE", PyInt_FromLong(CRED_NO_KRB_FORWARDABLE));
486 PyModule_AddObject(m, "FORCE_KRB_FORWARDABLE", PyInt_FromLong(CRED_FORCE_KRB_FORWARDABLE));
488 Py_INCREF(&PyCredentials);
489 PyModule_AddObject(m, "Credentials", (PyObject *)&PyCredentials);
490 Py_INCREF(&PyCredentialCacheContainer);
491 PyModule_AddObject(m, "CredentialCacheContainer", (PyObject *)&PyCredentialCacheContainer);