source/python/py_ntsec.c

   1 /*
   2    Python wrappers for DCERPC/SMB client routines.
   3
   4    Copyright (C) Tim Potter, 2002
   5
   6    This program is free software; you can redistribute it and/or modify
   7    it under the terms of the GNU General Public License as published by
   8    the Free Software Foundation; either version 2 of the License, or
   9    (at your option) any later version.
  10
  11    This program is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14    GNU General Public License for more details.
  15
  16    You should have received a copy of the GNU General Public License
  17    along with this program; if not, write to the Free Software
  18    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  19 */
  20
  21 #include "python/py_common.h"
  22
  23 /* Convert a SID to a Python dict */
  24
  25 BOOL py_from_SID(PyObject **obj, DOM_SID *sid)
  26 {
  27         fstring sidstr;
  28
  29         if (!sid) {
  30                 Py_INCREF(Py_None);
  31                 *obj = Py_None;
  32                 return True;
  33         }
  34
  35         if (!sid_to_string(sidstr, sid))
  36                 return False;
  37
  38         *obj = PyString_FromString(sidstr);
  39
  40         return True;
  41 }
  42
  43 BOOL py_to_SID(DOM_SID *sid, PyObject *obj)
  44 {
  45         if (!PyString_Check(obj))
  46                 return False;
  47
  48         return string_to_sid(sid, PyString_AsString(obj));
  49 }
  50
  51 BOOL py_from_ACE(PyObject **dict, SEC_ACE *ace)
  52 {
  53         PyObject *obj;
  54
  55         if (!ace) {
  56                 Py_INCREF(Py_None);
  57                 *dict = Py_None;
  58                 return True;
  59         }
  60
  61         *dict = PyDict_New();
  62
  63         PyDict_SetItemString(*dict, "type", PyInt_FromLong(ace->type));
  64         PyDict_SetItemString(*dict, "flags", PyInt_FromLong(ace->flags));
  65         PyDict_SetItemString(*dict, "mask", PyInt_FromLong(ace->info.mask));
  66
  67         if (py_from_SID(&obj, &ace->trustee))
  68                 PyDict_SetItemString(*dict, "trustee", obj);
  69
  70         return True;
  71 }
  72
  73 BOOL py_to_ACE(SEC_ACE *ace, PyObject *dict)
  74 {
  75         PyObject *obj;
  76         uint8 ace_type, ace_flags;
  77         DOM_SID trustee;
  78         SEC_ACCESS sec_access;
  79
  80         if (!PyDict_Check(dict))
  81                 return False;
  82
  83         if (!(obj = PyDict_GetItemString(dict, "type")) ||
  84             !PyInt_Check(obj))
  85                 return False;
  86
  87         ace_type = PyInt_AsLong(obj);
  88
  89         if (!(obj = PyDict_GetItemString(dict, "flags")) ||
  90             !PyInt_Check(obj))
  91                 return False;
  92
  93         ace_flags = PyInt_AsLong(obj);
  94
  95         if (!(obj = PyDict_GetItemString(dict, "trustee")) ||
  96             !PyString_Check(obj))
  97                 return False;
  98
  99         if (!py_to_SID(&trustee, obj))
 100                 return False;
 101
 102         if (!(obj = PyDict_GetItemString(dict, "mask")) ||
 103             !PyInt_Check(obj))
 104                 return False;
 105
 106         sec_access.mask = PyInt_AsLong(obj);
 107
 108         init_sec_ace(ace, &trustee, ace_type, sec_access, ace_flags);
 109
 110         /* Fill in size field */
 111
 112         ace->size = SEC_ACE_HEADER_SIZE + sid_size(&trustee);
 113
 114         return True;
 115 }
 116
 117 BOOL py_from_ACL(PyObject **dict, SEC_ACL *acl)
 118 {
 119         PyObject *ace_list;
 120         int i;
 121
 122         if (!acl) {
 123                 Py_INCREF(Py_None);
 124                 *dict = Py_None;
 125                 return True;
 126         }
 127
 128         *dict = PyDict_New();
 129
 130         PyDict_SetItemString(*dict, "revision", PyInt_FromLong(acl->revision));
 131
 132         ace_list = PyList_New(acl->num_aces);
 133
 134         for (i = 0; i < acl->num_aces; i++) {
 135                 PyObject *obj;
 136
 137                 if (py_from_ACE(&obj, &acl->ace[i]))
 138                         PyList_SetItem(ace_list, i, obj);
 139         }
 140
 141         PyDict_SetItemString(*dict, "ace_list", ace_list);
 142
 143         return True;
 144 }
 145
 146 BOOL py_to_ACL(SEC_ACL *acl, PyObject *dict, TALLOC_CTX *mem_ctx)
 147 {
 148         PyObject *obj;
 149         uint32 i;
 150
 151         if (!(obj = PyDict_GetItemString(dict, "revision")) ||
 152             !PyInt_Check(obj))
 153                 return False;
 154
 155         acl->revision = PyInt_AsLong(obj);
 156
 157         if (!(obj = PyDict_GetItemString(dict, "ace_list")) ||
 158             !PyList_Check(obj))
 159                 return False;
 160
 161         acl->num_aces = PyList_Size(obj);
 162
 163         acl->ace = talloc(mem_ctx, acl->num_aces * sizeof(SEC_ACE));
 164         acl->size = SEC_ACL_HEADER_SIZE;
 165
 166         for (i = 0; i < acl->num_aces; i++) {
 167                 PyObject *py_ace = PyList_GetItem(obj, i);
 168
 169                 if (!py_to_ACE(&acl->ace[i], py_ace))
 170                         return False;
 171
 172                 acl->size += acl->ace[i].size;
 173         }
 174
 175         return True;
 176 }
 177
 178 BOOL py_from_SECDESC(PyObject **dict, SEC_DESC *sd)
 179 {
 180         PyObject *obj;
 181
 182         *dict = PyDict_New();
 183
 184         PyDict_SetItemString(*dict, "revision", PyInt_FromLong(sd->revision));
 185
 186         if (py_from_SID(&obj, sd->owner_sid))
 187                 PyDict_SetItemString(*dict, "owner_sid", obj);
 188
 189         if (py_from_SID(&obj, sd->grp_sid))
 190                 PyDict_SetItemString(*dict, "group_sid", obj);
 191
 192         if (py_from_ACL(&obj, sd->dacl))
 193                 PyDict_SetItemString(*dict, "dacl", obj);
 194
 195         if (py_from_ACL(&obj, sd->sacl))
 196                 PyDict_SetItemString(*dict, "sacl", obj);
 197
 198         return True;
 199 }
 200
 201 BOOL py_to_SECDESC(SEC_DESC **sd, PyObject *dict, TALLOC_CTX *mem_ctx)
 202 {
 203         PyObject *obj;
 204         uint16 revision;
 205         DOM_SID owner_sid, group_sid;
 206         SEC_ACL sacl, dacl;
 207         BOOL got_dacl = False, got_sacl = False;
 208         BOOL got_owner_sid = False, got_group_sid = False;
 209
 210         ZERO_STRUCT(dacl); ZERO_STRUCT(sacl);
 211         ZERO_STRUCT(owner_sid); ZERO_STRUCT(group_sid);
 212
 213         if (!(obj = PyDict_GetItemString(dict, "revision")))
 214                 return False;
 215
 216         revision = PyInt_AsLong(obj);
 217
 218         if ((obj = PyDict_GetItemString(dict, "owner_sid"))) {
 219
 220                 if (obj != Py_None) {
 221
 222                         if (!py_to_SID(&owner_sid, obj))
 223                                 return False;
 224
 225                         got_owner_sid = True;
 226                 }
 227         }
 228
 229         if ((obj = PyDict_GetItemString(dict, "group_sid"))) {
 230
 231                 if (obj != Py_None) {
 232
 233                         if (!py_to_SID(&group_sid, obj))
 234                                 return False;
 235
 236                         got_group_sid = True;
 237                 }
 238         }
 239
 240         if ((obj = PyDict_GetItemString(dict, "dacl"))) {
 241
 242                 if (obj != Py_None) {
 243
 244                         if (!py_to_ACL(&dacl, obj, mem_ctx))
 245                                 return False;
 246
 247                         got_dacl = True;
 248                 }
 249         }
 250
 251         if ((obj = PyDict_GetItemString(dict, "sacl"))) {
 252
 253                 if (obj != Py_None) {
 254
 255                         if (!py_to_ACL(&sacl, obj, mem_ctx))
 256                                 return False;
 257
 258                         got_sacl = True;
 259                 }
 260         }
 261
 262 #if 0                           /* For new secdesc code */
 263         *sd = make_sec_desc(mem_ctx, revision,
 264                             got_owner_sid ? &owner_sid : NULL,
 265                             got_group_sid ? &group_sid : NULL,
 266                             got_sacl ? &sacl : NULL,
 267                             got_dacl ? &dacl : NULL);
 268 #else
 269         {
 270                 size_t sd_size;
 271
 272                 *sd = make_sec_desc(mem_ctx, revision,
 273                             got_owner_sid ? &owner_sid : NULL,
 274                             got_group_sid ? &group_sid : NULL,
 275                             got_sacl ? &sacl : NULL,
 276                             got_dacl ? &dacl : NULL, &sd_size);
 277         }
 278 #endif
 279
 280         return True;
 281 }