libcli/security/pysecurity.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2008
   4    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2011
   5
   6    This program is free software; you can redistribute it and/or modify
   7    it under the terms of the GNU General Public License as published by
   8    the Free Software Foundation; either version 3 of the License, or
   9    (at your option) any later version.
  10
  11    This program is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14    GNU General Public License for more details.
  15
  16    You should have received a copy of the GNU General Public License
  17    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18 */
  19
  20 #include <Python.h>
  21 #include "includes.h"
  22 #include "libcli/util/pyerrors.h"
  23 #include "libcli/security/security.h"
  24 #include "pytalloc.h"
  25
  26 void initsecurity(void);
  27
  28 static PyObject *py_se_access_check(PyObject *module, PyObject *args, PyObject *kwargs)
  29 {
  30         NTSTATUS nt_status;
  31         const char * const kwnames[] = { "security_descriptor", "token", "access_desired", NULL };
  32         PyObject *py_sec_desc = Py_None;
  33         PyObject *py_security_token = Py_None;
  34         struct security_descriptor *security_descriptor;
  35         struct security_token *security_token;
  36         int access_desired; /* This is an int, because that's what
  37                              * we need for the python
  38                              * PyArg_ParseTupleAndKeywords */
  39         uint32_t access_granted;
  40
  41         if (!PyArg_ParseTupleAndKeywords(args, kwargs, "OOi",
  42                                          discard_const_p(char *, kwnames),
  43                                          &py_sec_desc, &py_security_token, &access_desired)) {
  44                 return NULL;
  45         }
  46
  47         security_descriptor = pytalloc_get_type(py_sec_desc, struct security_descriptor);
  48         if (!security_descriptor) {
  49                 PyErr_Format(PyExc_TypeError,
  50                              "Expected dcerpc.security.descriptor for security_descriptor argument got  %s",
  51                              talloc_get_name(pytalloc_get_ptr(py_sec_desc)));
  52                 return NULL;
  53         }
  54
  55         security_token = pytalloc_get_type(py_security_token, struct security_token);
  56         if (!security_token) {
  57                 PyErr_Format(PyExc_TypeError,
  58                              "Expected dcerpc.security.token for token argument, got %s",
  59                              talloc_get_name(pytalloc_get_ptr(py_security_token)));
  60                 return NULL;
  61         }
  62
  63         nt_status = se_access_check(security_descriptor, security_token, access_desired, &access_granted);
  64         if (!NT_STATUS_IS_OK(nt_status)) {
  65                 PyErr_NTSTATUS_IS_ERR_RAISE(nt_status);
  66         }
  67
  68         return PyLong_FromLong(access_granted);
  69 }
  70
  71 static PyMethodDef py_security_methods[] = {
  72         { "access_check", (PyCFunction)py_se_access_check, METH_VARARGS|METH_KEYWORDS,
  73         "access_check(security_descriptor, token, access_desired) -> access_granted.  Raises NT_STATUS on error, including on access check failure, returns access granted bitmask"},
  74         { NULL },
  75 };
  76
  77 void initsecurity(void)
  78 {
  79         PyObject *m;
  80
  81         m = Py_InitModule3("security", py_security_methods,
  82                            "Security support.");
  83         if (m == NULL)
  84                 return;
  85 }