Make krb5 wrapper library common so they can be used all over
[Samba/vl.git] / source4 / auth / pyauth.c
blobf07fa786a1791e4a700c087c23275331a44da951
1 /*
2 Unix SMB/CIFS implementation.
3 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2008
4 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2011
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 #include <Python.h>
21 #include "includes.h"
22 #include "libcli/util/pyerrors.h"
23 #include "param/param.h"
24 #include "pyauth.h"
25 #include "pyldb.h"
26 #include "auth/system_session_proto.h"
27 #include "auth/auth.h"
28 #include "param/pyparam.h"
29 #include "libcli/security/security.h"
30 #include "auth/credentials/pycredentials.h"
31 #include <tevent.h>
32 #include "librpc/rpc/pyrpc_util.h"
33 #include "lib/events/events.h"
35 void initauth(void);
37 staticforward PyTypeObject PyAuthContext;
39 /* There's no Py_ssize_t in 2.4, apparently */
40 #if PY_MAJOR_VERSION == 2 && PY_MINOR_VERSION < 5
41 typedef int Py_ssize_t;
42 typedef inquiry lenfunc;
43 typedef intargfunc ssizeargfunc;
44 #endif
46 #ifndef Py_RETURN_NONE
47 #define Py_RETURN_NONE return Py_INCREF(Py_None), Py_None
48 #endif
50 static PyObject *PyAuthSession_FromSession(struct auth_session_info *session)
52 return py_return_ndr_struct("samba.dcerpc.auth", "session_info", session, session);
55 static PyObject *py_system_session(PyObject *module, PyObject *args)
57 PyObject *py_lp_ctx = Py_None;
58 struct loadparm_context *lp_ctx = NULL;
59 struct auth_session_info *session;
60 TALLOC_CTX *mem_ctx;
61 if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
62 return NULL;
64 mem_ctx = talloc_new(NULL);
65 if (mem_ctx == NULL) {
66 PyErr_NoMemory();
67 return NULL;
70 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
71 if (lp_ctx == NULL) {
72 talloc_free(mem_ctx);
73 return NULL;
76 session = system_session(lp_ctx);
78 talloc_free(mem_ctx);
80 return PyAuthSession_FromSession(session);
84 static PyObject *py_admin_session(PyObject *module, PyObject *args)
86 PyObject *py_lp_ctx;
87 PyObject *py_sid;
88 struct loadparm_context *lp_ctx = NULL;
89 struct auth_session_info *session;
90 struct dom_sid *domain_sid = NULL;
91 TALLOC_CTX *mem_ctx;
93 if (!PyArg_ParseTuple(args, "OO", &py_lp_ctx, &py_sid))
94 return NULL;
96 mem_ctx = talloc_new(NULL);
97 if (mem_ctx == NULL) {
98 PyErr_NoMemory();
99 return NULL;
102 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
103 if (lp_ctx == NULL) {
104 talloc_free(mem_ctx);
105 return NULL;
108 domain_sid = dom_sid_parse_talloc(mem_ctx, PyString_AsString(py_sid));
109 if (domain_sid == NULL) {
110 PyErr_Format(PyExc_RuntimeError, "Unable to parse sid %s",
111 PyString_AsString(py_sid));
112 talloc_free(mem_ctx);
113 return NULL;
115 session = admin_session(NULL, lp_ctx, domain_sid);
116 talloc_free(mem_ctx);
118 return PyAuthSession_FromSession(session);
121 static PyObject *py_user_session(PyObject *module, PyObject *args, PyObject *kwargs)
123 NTSTATUS nt_status;
124 struct auth_session_info *session;
125 TALLOC_CTX *mem_ctx;
126 const char * const kwnames[] = { "ldb", "lp_ctx", "principal", "dn", "session_info_flags", NULL };
127 struct ldb_context *ldb_ctx;
128 PyObject *py_ldb = Py_None;
129 PyObject *py_dn = Py_None;
130 PyObject *py_lp_ctx = Py_None;
131 struct loadparm_context *lp_ctx = NULL;
132 struct ldb_dn *user_dn;
133 char *principal = NULL;
134 int session_info_flags = 0; /* This is an int, because that's
135 * what we need for the python
136 * PyArg_ParseTupleAndKeywords */
138 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "O|OzOi",
139 discard_const_p(char *, kwnames),
140 &py_ldb, &py_lp_ctx, &principal, &py_dn, &session_info_flags)) {
141 return NULL;
144 mem_ctx = talloc_new(NULL);
145 if (mem_ctx == NULL) {
146 PyErr_NoMemory();
147 return NULL;
150 ldb_ctx = pyldb_Ldb_AsLdbContext(py_ldb);
152 if (py_dn == Py_None) {
153 user_dn = NULL;
154 } else {
155 if (!pyldb_Object_AsDn(ldb_ctx, py_dn, ldb_ctx, &user_dn)) {
156 talloc_free(mem_ctx);
157 return NULL;
161 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
162 if (lp_ctx == NULL) {
163 talloc_free(mem_ctx);
164 return NULL;
167 nt_status = authsam_get_session_info_principal(mem_ctx, lp_ctx, ldb_ctx, principal, user_dn,
168 session_info_flags, &session);
169 if (!NT_STATUS_IS_OK(nt_status)) {
170 talloc_free(mem_ctx);
171 PyErr_NTSTATUS_IS_ERR_RAISE(nt_status);
174 talloc_steal(NULL, session);
175 talloc_free(mem_ctx);
177 return PyAuthSession_FromSession(session);
181 static const char **PyList_AsStringList(TALLOC_CTX *mem_ctx, PyObject *list,
182 const char *paramname)
184 const char **ret;
185 Py_ssize_t i;
186 if (!PyList_Check(list)) {
187 PyErr_Format(PyExc_TypeError, "%s is not a list", paramname);
188 return NULL;
190 ret = talloc_array(NULL, const char *, PyList_Size(list)+1);
191 if (ret == NULL) {
192 PyErr_NoMemory();
193 return NULL;
196 for (i = 0; i < PyList_Size(list); i++) {
197 PyObject *item = PyList_GetItem(list, i);
198 if (!PyString_Check(item)) {
199 PyErr_Format(PyExc_TypeError, "%s should be strings", paramname);
200 return NULL;
202 ret[i] = talloc_strndup(ret, PyString_AsString(item),
203 PyString_Size(item));
205 ret[i] = NULL;
206 return ret;
209 static PyObject *PyAuthContext_FromContext(struct auth4_context *auth_context)
211 return pytalloc_reference(&PyAuthContext, auth_context);
214 static PyObject *py_auth_context_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
216 PyObject *py_lp_ctx = Py_None;
217 PyObject *py_ldb = Py_None;
218 PyObject *py_imessaging_ctx = Py_None;
219 PyObject *py_auth_context = Py_None;
220 PyObject *py_methods = Py_None;
221 TALLOC_CTX *mem_ctx;
222 struct auth4_context *auth_context;
223 struct imessaging_context *imessaging_context = NULL;
224 struct loadparm_context *lp_ctx;
225 struct tevent_context *ev;
226 struct ldb_context *ldb = NULL;
227 NTSTATUS nt_status;
228 const char **methods;
230 const char * const kwnames[] = { "lp_ctx", "messaging_ctx", "ldb", "methods", NULL };
232 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|OOOO",
233 discard_const_p(char *, kwnames),
234 &py_lp_ctx, &py_imessaging_ctx, &py_ldb, &py_methods))
235 return NULL;
237 mem_ctx = talloc_new(NULL);
238 if (mem_ctx == NULL) {
239 PyErr_NoMemory();
240 return NULL;
243 if (py_ldb != Py_None) {
244 ldb = pyldb_Ldb_AsLdbContext(py_ldb);
247 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
249 ev = s4_event_context_init(mem_ctx);
250 if (ev == NULL) {
251 PyErr_NoMemory();
252 return NULL;
255 if (py_imessaging_ctx != Py_None) {
256 imessaging_context = pytalloc_get_type(py_imessaging_ctx, struct imessaging_context);
259 if (py_methods == Py_None && py_ldb == Py_None) {
260 nt_status = auth_context_create(mem_ctx, ev, imessaging_context, lp_ctx, &auth_context);
261 } else {
262 if (py_methods != Py_None) {
263 methods = PyList_AsStringList(mem_ctx, py_methods, "methods");
264 if (methods == NULL) {
265 talloc_free(mem_ctx);
266 return NULL;
268 } else {
269 methods = auth_methods_from_lp(mem_ctx, lp_ctx);
271 nt_status = auth_context_create_methods(mem_ctx, methods, ev,
272 imessaging_context, lp_ctx,
273 ldb, &auth_context);
276 if (!NT_STATUS_IS_OK(nt_status)) {
277 talloc_free(mem_ctx);
278 PyErr_NTSTATUS_IS_ERR_RAISE(nt_status);
281 if (!talloc_reference(auth_context, lp_ctx)) {
282 talloc_free(mem_ctx);
283 PyErr_NoMemory();
284 return NULL;
287 if (!talloc_reference(auth_context, ev)) {
288 talloc_free(mem_ctx);
289 PyErr_NoMemory();
290 return NULL;
293 py_auth_context = PyAuthContext_FromContext(auth_context);
295 talloc_free(mem_ctx);
297 return py_auth_context;
300 static PyTypeObject PyAuthContext = {
301 .tp_name = "AuthContext",
302 .tp_basicsize = sizeof(pytalloc_Object),
303 .tp_flags = Py_TPFLAGS_DEFAULT,
304 .tp_new = py_auth_context_new,
307 static PyMethodDef py_auth_methods[] = {
308 { "system_session", (PyCFunction)py_system_session, METH_VARARGS, NULL },
309 { "admin_session", (PyCFunction)py_admin_session, METH_VARARGS, NULL },
310 { "user_session", (PyCFunction)py_user_session, METH_VARARGS|METH_KEYWORDS, NULL },
311 { NULL },
314 void initauth(void)
316 PyObject *m;
318 PyAuthContext.tp_base = pytalloc_GetObjectType();
319 if (PyAuthContext.tp_base == NULL)
320 return;
322 if (PyType_Ready(&PyAuthContext) < 0)
323 return;
325 m = Py_InitModule3("auth", py_auth_methods,
326 "Authentication and authorization support.");
327 if (m == NULL)
328 return;
330 Py_INCREF(&PyAuthContext);
331 PyModule_AddObject(m, "AuthContext", (PyObject *)&PyAuthContext);
333 #define ADD_FLAG(val) PyModule_AddObject(m, #val, PyInt_FromLong(val))
334 ADD_FLAG(AUTH_SESSION_INFO_DEFAULT_GROUPS);
335 ADD_FLAG(AUTH_SESSION_INFO_AUTHENTICATED);
336 ADD_FLAG(AUTH_SESSION_INFO_SIMPLE_PRIVILEGES);