2 Unix SMB/CIFS implementation.
4 Python wrapper for winbind client functions.
6 Copyright (C) Tim Potter 2002
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 #include "py_common_proto.h"
29 * Exceptions raised by this module
32 PyObject *winbind_error; /* A winbind call returned WINBINDD_ERROR */
34 /* Prototypes from common.h */
36 NSS_STATUS winbindd_request(int req_type,
37 struct winbindd_request *request,
38 struct winbindd_response *response);
41 * Name <-> SID conversion
44 /* Convert a name to a sid */
46 static PyObject *py_name_to_sid(PyObject *self, PyObject *args)
49 struct winbindd_request request;
50 struct winbindd_response response;
54 if (!PyArg_ParseTuple(args, "s", &name))
58 ZERO_STRUCT(response);
60 sep = lp_winbind_separator();
62 if ((p = strchr(name, sep[0]))) {
64 fstrcpy(request.data.name.dom_name, name);
65 fstrcpy(request.data.name.name, p + 1);
67 fstrcpy(request.data.name.dom_name, lp_workgroup());
68 fstrcpy(request.data.name.name, name);
71 if (winbindd_request(WINBINDD_LOOKUPNAME, &request, &response)
72 != NSS_STATUS_SUCCESS) {
73 PyErr_SetString(winbind_error, "lookup failed");
77 result = PyString_FromString(response.data.sid.sid);
82 /* Convert a sid to a name */
84 static PyObject *py_sid_to_name(PyObject *self, PyObject *args)
86 struct winbindd_request request;
87 struct winbindd_response response;
91 if (!PyArg_ParseTuple(args, "s", &sid))
95 ZERO_STRUCT(response);
97 fstrcpy(request.data.sid, sid);
99 if (winbindd_request(WINBINDD_LOOKUPSID, &request, &response)
100 != NSS_STATUS_SUCCESS) {
101 PyErr_SetString(winbind_error, "lookup failed");
105 asprintf(&name, "%s%s%s", response.data.name.dom_name,
106 lp_winbind_separator(), response.data.name.name);
108 result = PyString_FromString(name);
116 * Enumerate users/groups
119 /* Enumerate domain users */
121 static PyObject *py_enum_domain_users(PyObject *self, PyObject *args)
123 struct winbindd_response response;
126 if (!PyArg_ParseTuple(args, ""))
129 ZERO_STRUCT(response);
131 if (winbindd_request(WINBINDD_LIST_USERS, NULL, &response)
132 != NSS_STATUS_SUCCESS) {
133 PyErr_SetString(winbind_error, "lookup failed");
137 result = PyList_New(0);
139 if (response.extra_data) {
140 char *extra_data = response.extra_data;
143 while (next_token(&extra_data, name, ",", sizeof(fstring)))
144 PyList_Append(result, PyString_FromString(name));
150 /* Enumerate domain groups */
152 static PyObject *py_enum_domain_groups(PyObject *self, PyObject *args)
154 struct winbindd_response response;
155 PyObject *result = NULL;
157 if (!PyArg_ParseTuple(args, ""))
160 ZERO_STRUCT(response);
162 if (winbindd_request(WINBINDD_LIST_GROUPS, NULL, &response)
163 != NSS_STATUS_SUCCESS) {
164 PyErr_SetString(winbind_error, "lookup failed");
168 result = PyList_New(0);
170 if (response.extra_data) {
171 char *extra_data = response.extra_data;
174 while (next_token(&extra_data, name, ",", sizeof(fstring)))
175 PyList_Append(result, PyString_FromString(name));
182 * Miscellaneous domain related
185 /* Enumerate domain groups */
187 static PyObject *py_enum_trust_dom(PyObject *self, PyObject *args)
189 struct winbindd_response response;
190 PyObject *result = NULL;
192 if (!PyArg_ParseTuple(args, ""))
195 ZERO_STRUCT(response);
197 if (winbindd_request(WINBINDD_LIST_TRUSTDOM, NULL, &response)
198 != NSS_STATUS_SUCCESS) {
199 PyErr_SetString(winbind_error, "lookup failed");
203 result = PyList_New(0);
205 if (response.extra_data) {
206 char *extra_data = response.extra_data;
209 while (next_token(&extra_data, name, ",", sizeof(fstring)))
210 PyList_Append(result, PyString_FromString(name));
216 /* Check machine account password */
218 static PyObject *py_check_secret(PyObject *self, PyObject *args)
220 struct winbindd_response response;
222 if (!PyArg_ParseTuple(args, ""))
225 ZERO_STRUCT(response);
227 if (winbindd_request(WINBINDD_CHECK_MACHACC, NULL, &response)
228 != NSS_STATUS_SUCCESS) {
229 PyErr_SetString(winbind_error, "lookup failed");
233 return PyInt_FromLong(response.data.num_entries);
237 * Return a dictionary consisting of all the winbind related smb.conf
238 * parameters. This is stored in the module object.
241 static PyObject *py_config_dict(void)
247 if (!(result = PyDict_New()))
250 /* Various string parameters */
252 PyDict_SetItemString(result, "workgroup",
253 PyString_FromString(lp_workgroup()));
255 PyDict_SetItemString(result, "separator",
256 PyString_FromString(lp_winbind_separator()));
258 PyDict_SetItemString(result, "template_homedir",
259 PyString_FromString(lp_template_homedir()));
261 PyDict_SetItemString(result, "template_shell",
262 PyString_FromString(lp_template_shell()));
264 /* Winbind uid/gid range */
266 if (lp_winbind_uid(&ulow, &uhi)) {
267 PyDict_SetItemString(result, "uid_low", PyInt_FromLong(ulow));
268 PyDict_SetItemString(result, "uid_high", PyInt_FromLong(uhi));
271 if (lp_winbind_gid(&glow, &ghi)) {
272 PyDict_SetItemString(result, "gid_low", PyInt_FromLong(glow));
273 PyDict_SetItemString(result, "gid_high", PyInt_FromLong(ghi));
283 /* Convert a uid to a SID */
285 static PyObject *py_uid_to_sid(PyObject *self, PyObject *args)
287 struct winbindd_request request;
288 struct winbindd_response response;
291 if (!PyArg_ParseTuple(args, "i", &id))
294 ZERO_STRUCT(request);
295 ZERO_STRUCT(response);
297 request.data.uid = id;
299 if (winbindd_request(WINBINDD_UID_TO_SID, &request, &response)
300 != NSS_STATUS_SUCCESS) {
301 PyErr_SetString(winbind_error, "lookup failed");
305 return PyString_FromString(response.data.sid.sid);
308 /* Convert a gid to a SID */
310 static PyObject *py_gid_to_sid(PyObject *self, PyObject *args)
312 struct winbindd_request request;
313 struct winbindd_response response;
316 if (!PyArg_ParseTuple(args, "i", &id))
319 ZERO_STRUCT(request);
320 ZERO_STRUCT(response);
322 request.data.gid = id;
324 if (winbindd_request(WINBINDD_GID_TO_SID, &request, &response)
325 != NSS_STATUS_SUCCESS) {
326 PyErr_SetString(winbind_error, "lookup failed");
330 return PyString_FromString(response.data.sid.sid);
333 /* Convert a sid to a uid */
335 static PyObject *py_sid_to_uid(PyObject *self, PyObject *args)
337 struct winbindd_request request;
338 struct winbindd_response response;
341 if (!PyArg_ParseTuple(args, "s", &sid))
344 ZERO_STRUCT(request);
345 ZERO_STRUCT(response);
347 fstrcpy(request.data.sid, sid);
349 if (winbindd_request(WINBINDD_SID_TO_UID, &request, &response)
350 != NSS_STATUS_SUCCESS) {
351 PyErr_SetString(winbind_error, "lookup failed");
355 return PyInt_FromLong(response.data.uid);
358 /* Convert a sid to a gid */
360 static PyObject *py_sid_to_gid(PyObject *self, PyObject *args)
362 struct winbindd_request request;
363 struct winbindd_response response;
366 if (!PyArg_ParseTuple(args, "s", &sid))
369 ZERO_STRUCT(request);
370 ZERO_STRUCT(response);
372 fstrcpy(request.data.sid, sid);
374 if (winbindd_request(WINBINDD_SID_TO_GID, &request, &response)
375 != NSS_STATUS_SUCCESS) {
376 PyErr_SetString(winbind_error, "lookup failed");
380 return PyInt_FromLong(response.data.gid);
384 * PAM authentication functions
387 /* Plaintext authentication */
389 static PyObject *py_auth_plaintext(PyObject *self, PyObject *args)
391 struct winbindd_request request;
392 struct winbindd_response response;
393 char *username, *password;
395 if (!PyArg_ParseTuple(args, "ss", &username, &password))
398 ZERO_STRUCT(request);
399 ZERO_STRUCT(response);
401 fstrcpy(request.data.auth.user, username);
402 fstrcpy(request.data.auth.pass, password);
404 if (winbindd_request(WINBINDD_PAM_AUTH, &request, &response)
405 != NSS_STATUS_SUCCESS) {
406 PyErr_SetString(winbind_error, "lookup failed");
410 return PyInt_FromLong(response.data.auth.nt_status);
413 /* Challenge/response authentication */
415 static PyObject *py_auth_crap(PyObject *self, PyObject *args, PyObject *kw)
417 static char *kwlist[] =
418 {"username", "password", "use_lm_hash", "use_nt_hash", NULL };
419 struct winbindd_request request;
420 struct winbindd_response response;
421 char *username, *password;
422 int use_lm_hash = 1, use_nt_hash = 1;
424 if (!PyArg_ParseTupleAndKeywords(
425 args, kw, "ss|ii", kwlist, &username, &password,
426 &use_lm_hash, &use_nt_hash))
429 ZERO_STRUCT(request);
430 ZERO_STRUCT(response);
432 fstrcpy(request.data.auth_crap.user, username);
434 generate_random_buffer(request.data.auth_crap.chal, 8, False);
437 SMBencrypt((uchar *)password, request.data.auth_crap.chal,
438 (uchar *)request.data.auth_crap.lm_resp);
439 request.data.auth_crap.lm_resp_len = 24;
443 SMBNTencrypt((uchar *)password, request.data.auth_crap.chal,
444 (uchar *)request.data.auth_crap.nt_resp);
445 request.data.auth_crap.nt_resp_len = 24;
448 if (winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response)
449 != NSS_STATUS_SUCCESS) {
450 PyErr_SetString(winbind_error, "lookup failed");
454 return PyInt_FromLong(response.data.auth.nt_status);
457 /* Get user info from name */
459 static PyObject *py_getpwnam(PyObject *self, PyObject *args)
461 struct winbindd_request request;
462 struct winbindd_response response;
466 if (!PyArg_ParseTuple(args, "s", &username))
469 ZERO_STRUCT(request);
470 ZERO_STRUCT(response);
472 fstrcpy(request.data.username, username);
474 if (winbindd_request(WINBINDD_GETPWNAM, &request, &response)
475 != NSS_STATUS_SUCCESS) {
476 PyErr_SetString(winbind_error, "lookup failed");
480 if (!py_from_winbind_passwd(&result, &response)) {
488 /* Get user info from uid */
490 static PyObject *py_getpwuid(PyObject *self, PyObject *args)
492 struct winbindd_request request;
493 struct winbindd_response response;
497 if (!PyArg_ParseTuple(args, "i", &uid))
500 ZERO_STRUCT(request);
501 ZERO_STRUCT(response);
503 request.data.uid = uid;
505 if (winbindd_request(WINBINDD_GETPWUID, &request, &response)
506 != NSS_STATUS_SUCCESS) {
507 PyErr_SetString(winbind_error, "lookup failed");
511 if (!py_from_winbind_passwd(&result, &response)) {
520 * Method dispatch table
523 static PyMethodDef winbind_methods[] = {
525 { "getpwnam", py_getpwnam, METH_VARARGS, "getpwnam(3)" },
526 { "getpwuid", py_getpwuid, METH_VARARGS, "getpwuid(3)" },
528 /* Name <-> SID conversion */
530 { "name_to_sid", py_name_to_sid, METH_VARARGS,
531 "name_to_sid(s) -> string
533 Return the SID for a name.
537 >>> winbind.name_to_sid('FOO/Administrator')
538 'S-1-5-21-406022937-1377575209-526660263-500' " },
540 { "sid_to_name", py_sid_to_name, METH_VARARGS,
541 "sid_to_name(s) -> string
543 Return the name for a SID.
548 >>> winbind.sid_to_name('S-1-5-21-406022937-1377575209-526660263-500')
549 'FOO/Administrator' " },
551 /* Enumerate users/groups */
553 { "enum_domain_users", py_enum_domain_users, METH_VARARGS,
554 "enum_domain_users() -> list of strings
556 Return a list of domain users.
560 >>> winbind.enum_domain_users()
561 ['FOO/Administrator', 'FOO/anna', 'FOO/Anne Elk', 'FOO/build',
562 'FOO/foo', 'FOO/foo2', 'FOO/foo3', 'FOO/Guest', 'FOO/user1',
563 'FOO/whoops-ptang'] " },
565 { "enum_domain_groups", py_enum_domain_groups, METH_VARARGS,
566 "enum_domain_groups() -> list of strings
568 Return a list of domain groups.
572 >>> winbind.enum_domain_groups()
573 ['FOO/cows', 'FOO/Domain Admins', 'FOO/Domain Guests',
574 'FOO/Domain Users'] " },
578 { "uid_to_sid", py_uid_to_sid, METH_VARARGS,
579 "uid_to_sid(int) -> string
581 Return the SID for a UNIX uid.
585 >>> winbind.uid_to_sid(10000)
586 'S-1-5-21-406022937-1377575209-526660263-500' " },
588 { "gid_to_sid", py_gid_to_sid, METH_VARARGS,
589 "gid_to_sid(int) -> string
591 Return the UNIX gid for a SID.
595 >>> winbind.gid_to_sid(10001)
596 'S-1-5-21-406022937-1377575209-526660263-512' " },
598 { "sid_to_uid", py_sid_to_uid, METH_VARARGS,
599 "sid_to_uid(string) -> int
601 Return the UNIX uid for a SID.
605 >>> winbind.sid_to_uid('S-1-5-21-406022937-1377575209-526660263-500')
608 { "sid_to_gid", py_sid_to_gid, METH_VARARGS,
609 "sid_to_gid(string) -> int
611 Return the UNIX gid corresponding to a SID.
615 >>> winbind.sid_to_gid('S-1-5-21-406022937-1377575209-526660263-512')
620 { "check_secret", py_check_secret, METH_VARARGS,
621 "check_secret() -> int
623 Check the machine trust account password. The NT status is returned
624 with zero indicating success. " },
626 { "enum_trust_dom", py_enum_trust_dom, METH_VARARGS,
627 "enum_trust_dom() -> list of strings
629 Return a list of trusted domains. The domain the server is a member
634 >>> winbind.enum_trust_dom()
635 ['NPSD-TEST2', 'SP2NDOM'] " },
637 /* PAM authorisation functions */
639 { "auth_plaintext", py_auth_plaintext, METH_VARARGS,
640 "auth_plaintext(s, s) -> int
642 Authenticate a username and password using plaintext authentication.
643 The NT status code is returned with zero indicating success." },
645 { "auth_crap", py_auth_crap, METH_VARARGS,
646 "auth_crap(s, s) -> int
648 Authenticate a username and password using the challenge/response
649 protocol. The NT status code is returned with zero indicating
655 static struct const_vals {
659 } module_const_vals[] = {
661 /* Well known RIDs */
663 { "DOMAIN_USER_RID_ADMIN", DOMAIN_USER_RID_ADMIN,
664 "Well-known RID for Administrator user" },
666 { "DOMAIN_USER_RID_GUEST", DOMAIN_USER_RID_GUEST,
667 "Well-known RID for Guest user" },
669 { "DOMAIN_GROUP_RID_ADMINS", DOMAIN_GROUP_RID_ADMINS,
670 "Well-known RID for Domain Admins group" },
672 { "DOMAIN_GROUP_RID_USERS", DOMAIN_GROUP_RID_USERS,
673 "Well-known RID for Domain Users group" },
675 { "DOMAIN_GROUP_RID_GUESTS", DOMAIN_GROUP_RID_GUESTS,
676 "Well-known RID for Domain Guests group" },
681 static void const_init(PyObject *dict)
683 struct const_vals *tmp;
686 for (tmp = module_const_vals; tmp->name; tmp++) {
687 obj = PyInt_FromLong(tmp->value);
688 PyDict_SetItemString(dict, tmp->name, obj);
694 * Module initialisation
697 static char winbind_module__doc__[] =
698 "A python extension to winbind client functions.";
700 void initwinbind(void)
702 PyObject *module, *dict;
704 /* Initialise module */
706 module = Py_InitModule3("winbind", winbind_methods,
707 winbind_module__doc__);
709 dict = PyModule_GetDict(module);
711 winbind_error = PyErr_NewException("winbind.error", NULL, NULL);
712 PyDict_SetItemString(dict, "error", winbind_error);
714 /* Do samba initialisation */
718 /* Initialise constants */
722 /* Insert configuration dictionary */
724 PyDict_SetItemString(dict, "config", py_config_dict());