source4/auth/credentials/pycredentials.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
   4
   5    This program is free software; you can redistribute it and/or modify
   6    it under the terms of the GNU General Public License as published by
   7    the Free Software Foundation; either version 3 of the License, or
   8    (at your option) any later version.
   9
  10    This program is distributed in the hope that it will be useful,
  11    but WITHOUT ANY WARRANTY; without even the implied warranty of
  12    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13    GNU General Public License for more details.
  14
  15    You should have received a copy of the GNU General Public License
  16    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  17 */
  18
  19 #include <Python.h>
  20 #include "includes.h"
  21 #include "pycredentials.h"
  22 #include "param/param.h"
  23 #include "lib/cmdline/credentials.h"
  24 #include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
  25 #include "libcli/util/pyerrors.h"
  26 #include "param/pyparam.h"
  27 #include <tevent.h>
  28
  29 static PyObject *PyString_FromStringOrNULL(const char *str)
  30 {
  31         if (str == NULL)
  32                 Py_RETURN_NONE;
  33         return PyString_FromString(str);
  34 }
  35
  36 static PyObject *py_creds_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
  37 {
  38         py_talloc_Object *ret = (py_talloc_Object *)type->tp_alloc(type, 0);
  39         if (ret == NULL) {
  40                 PyErr_NoMemory();
  41                 return NULL;
  42         }
  43         ret->talloc_ctx = talloc_new(NULL);
  44         if (ret->talloc_ctx == NULL) {
  45                 PyErr_NoMemory();
  46                 return NULL;
  47         }
  48         ret->ptr = cli_credentials_init(ret->talloc_ctx);
  49         return (PyObject *)ret;
  50 }
  51
  52 static PyObject *py_creds_get_username(py_talloc_Object *self)
  53 {
  54         return PyString_FromStringOrNULL(cli_credentials_get_username(PyCredentials_AsCliCredentials(self)));
  55 }
  56
  57 static PyObject *py_creds_set_username(py_talloc_Object *self, PyObject *args)
  58 {
  59         char *newval;
  60         enum credentials_obtained obt = CRED_SPECIFIED;
  61         if (!PyArg_ParseTuple(args, "s|i", &newval, &obt))
  62                 return NULL;
  63
  64         return PyBool_FromLong(cli_credentials_set_username(PyCredentials_AsCliCredentials(self), newval, obt));
  65 }
  66
  67 static PyObject *py_creds_get_password(py_talloc_Object *self)
  68 {
  69         return PyString_FromStringOrNULL(cli_credentials_get_password(PyCredentials_AsCliCredentials(self)));
  70 }
  71
  72
  73 static PyObject *py_creds_set_password(py_talloc_Object *self, PyObject *args)
  74 {
  75         char *newval;
  76         enum credentials_obtained obt = CRED_SPECIFIED;
  77         if (!PyArg_ParseTuple(args, "s|i", &newval, &obt))
  78                 return NULL;
  79
  80         return PyBool_FromLong(cli_credentials_set_password(PyCredentials_AsCliCredentials(self), newval, obt));
  81 }
  82
  83 static PyObject *py_creds_get_domain(py_talloc_Object *self)
  84 {
  85         return PyString_FromStringOrNULL(cli_credentials_get_domain(PyCredentials_AsCliCredentials(self)));
  86 }
  87
  88 static PyObject *py_creds_set_domain(py_talloc_Object *self, PyObject *args)
  89 {
  90         char *newval;
  91         enum credentials_obtained obt = CRED_SPECIFIED;
  92         if (!PyArg_ParseTuple(args, "s|i", &newval, &obt))
  93                 return NULL;
  94
  95         return PyBool_FromLong(cli_credentials_set_domain(PyCredentials_AsCliCredentials(self), newval, obt));
  96 }
  97
  98 static PyObject *py_creds_get_realm(py_talloc_Object *self)
  99 {
 100         return PyString_FromStringOrNULL(cli_credentials_get_realm(PyCredentials_AsCliCredentials(self)));
 101 }
 102
 103 static PyObject *py_creds_set_realm(py_talloc_Object *self, PyObject *args)
 104 {
 105         char *newval;
 106         enum credentials_obtained obt = CRED_SPECIFIED;
 107         if (!PyArg_ParseTuple(args, "s|i", &newval, &obt))
 108                 return NULL;
 109
 110         return PyBool_FromLong(cli_credentials_set_realm(PyCredentials_AsCliCredentials(self), newval, obt));
 111 }
 112
 113 static PyObject *py_creds_get_bind_dn(py_talloc_Object *self)
 114 {
 115         return PyString_FromStringOrNULL(cli_credentials_get_bind_dn(PyCredentials_AsCliCredentials(self)));
 116 }
 117
 118 static PyObject *py_creds_set_bind_dn(py_talloc_Object *self, PyObject *args)
 119 {
 120         char *newval;
 121         if (!PyArg_ParseTuple(args, "s", &newval))
 122                 return NULL;
 123
 124         return PyBool_FromLong(cli_credentials_set_bind_dn(PyCredentials_AsCliCredentials(self), newval));
 125 }
 126
 127 static PyObject *py_creds_get_workstation(py_talloc_Object *self)
 128 {
 129         return PyString_FromStringOrNULL(cli_credentials_get_workstation(PyCredentials_AsCliCredentials(self)));
 130 }
 131
 132 static PyObject *py_creds_set_workstation(py_talloc_Object *self, PyObject *args)
 133 {
 134         char *newval;
 135         enum credentials_obtained obt = CRED_SPECIFIED;
 136         if (!PyArg_ParseTuple(args, "s|i", &newval, &obt))
 137                 return NULL;
 138
 139         return PyBool_FromLong(cli_credentials_set_workstation(PyCredentials_AsCliCredentials(self), newval, obt));
 140 }
 141
 142 static PyObject *py_creds_is_anonymous(py_talloc_Object *self)
 143 {
 144         return PyBool_FromLong(cli_credentials_is_anonymous(PyCredentials_AsCliCredentials(self)));
 145 }
 146
 147 static PyObject *py_creds_set_anonymous(py_talloc_Object *self)
 148 {
 149         cli_credentials_set_anonymous(PyCredentials_AsCliCredentials(self));
 150         Py_RETURN_NONE;
 151 }
 152
 153 static PyObject *py_creds_authentication_requested(py_talloc_Object *self)
 154 {
 155         return PyBool_FromLong(cli_credentials_authentication_requested(PyCredentials_AsCliCredentials(self)));
 156 }
 157
 158 static PyObject *py_creds_wrong_password(py_talloc_Object *self)
 159 {
 160         return PyBool_FromLong(cli_credentials_wrong_password(PyCredentials_AsCliCredentials(self)));
 161 }
 162
 163 static PyObject *py_creds_set_cmdline_callbacks(py_talloc_Object *self)
 164 {
 165         return PyBool_FromLong(cli_credentials_set_cmdline_callbacks(PyCredentials_AsCliCredentials(self)));
 166 }
 167
 168 static PyObject *py_creds_parse_string(py_talloc_Object *self, PyObject *args)
 169 {
 170         char *newval;
 171         enum credentials_obtained obt = CRED_SPECIFIED;
 172         if (!PyArg_ParseTuple(args, "s|i", &newval, &obt))
 173                 return NULL;
 174
 175         cli_credentials_parse_string(PyCredentials_AsCliCredentials(self), newval, obt);
 176         Py_RETURN_NONE;
 177 }
 178
 179 static PyObject *py_creds_get_nt_hash(py_talloc_Object *self)
 180 {
 181         const struct samr_Password *ntpw = cli_credentials_get_nt_hash(PyCredentials_AsCliCredentials(self), self->ptr);
 182
 183         return PyString_FromStringAndSize(discard_const_p(char, ntpw->hash), 16);
 184 }
 185
 186 static PyObject *py_creds_set_kerberos_state(py_talloc_Object *self, PyObject *args)
 187 {
 188         int state;
 189         if (!PyArg_ParseTuple(args, "i", &state))
 190                 return NULL;
 191
 192         cli_credentials_set_kerberos_state(PyCredentials_AsCliCredentials(self), state);
 193         Py_RETURN_NONE;
 194 }
 195
 196 static PyObject *py_creds_guess(py_talloc_Object *self, PyObject *args)
 197 {
 198         PyObject *py_lp_ctx = Py_None;
 199         struct loadparm_context *lp_ctx;
 200         struct cli_credentials *creds;
 201
 202         creds = PyCredentials_AsCliCredentials(self);
 203
 204         if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
 205                 return NULL;
 206
 207         lp_ctx = lpcfg_from_py_object(NULL, py_lp_ctx); /* FIXME: leaky */
 208         if (lp_ctx == NULL)
 209                 return NULL;
 210
 211         cli_credentials_guess(creds, lp_ctx);
 212
 213         Py_RETURN_NONE;
 214 }
 215
 216 static PyObject *py_creds_set_machine_account(py_talloc_Object *self, PyObject *args)
 217 {
 218         PyObject *py_lp_ctx = Py_None;
 219         struct loadparm_context *lp_ctx;
 220         NTSTATUS status;
 221         struct cli_credentials *creds;
 222
 223         creds = PyCredentials_AsCliCredentials(self);
 224
 225         if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
 226                 return NULL;
 227
 228         lp_ctx = lpcfg_from_py_object(NULL, py_lp_ctx); /* FIXME: leaky */
 229         if (lp_ctx == NULL)
 230                 return NULL;
 231
 232         status = cli_credentials_set_machine_account(creds, lp_ctx);
 233         PyErr_NTSTATUS_IS_ERR_RAISE(status);
 234
 235         Py_RETURN_NONE;
 236 }
 237
 238 PyObject *PyCredentialCacheContainer_from_ccache_container(struct ccache_container *ccc)
 239 {
 240         PyCredentialCacheContainerObject *py_ret;
 241
 242         if (ccc == NULL) {
 243                 Py_RETURN_NONE;
 244         }
 245
 246         py_ret = (PyCredentialCacheContainerObject *)PyCredentialCacheContainer.tp_alloc(&PyCredentialCacheContainer, 0);
 247         if (py_ret == NULL) {
 248                 PyErr_NoMemory();
 249                 return NULL;
 250         }
 251         py_ret->mem_ctx = talloc_new(NULL);
 252         py_ret->ccc = talloc_reference(py_ret->mem_ctx, ccc);
 253         return (PyObject *)py_ret;
 254 }
 255
 256
 257 static PyObject *py_creds_get_named_ccache(py_talloc_Object *self, PyObject *args)
 258 {
 259         PyObject *py_lp_ctx = Py_None;
 260         char *ccache_name;
 261         struct loadparm_context *lp_ctx;
 262         struct ccache_container *ccc;
 263         struct tevent_context *event_ctx;
 264         int ret;
 265         const char *error_string;
 266         struct cli_credentials *creds;
 267
 268         creds = PyCredentials_AsCliCredentials(self);
 269
 270         if (!PyArg_ParseTuple(args, "|Os", &py_lp_ctx, &ccache_name))
 271                 return NULL;
 272
 273         lp_ctx = lpcfg_from_py_object(NULL, py_lp_ctx); /* FIXME: leaky */
 274         if (lp_ctx == NULL)
 275                 return NULL;
 276
 277         event_ctx = tevent_context_init(NULL);
 278
 279         ret = cli_credentials_get_named_ccache(creds, event_ctx, lp_ctx,
 280                                                ccache_name, &ccc, &error_string);
 281         if (ret == 0) {
 282                 talloc_steal(ccc, event_ctx);
 283                 return PyCredentialCacheContainer_from_ccache_container(ccc);
 284         }
 285
 286         PyErr_SetString(PyExc_RuntimeError, error_string?error_string:"NULL");
 287
 288         talloc_free(event_ctx);
 289         return NULL;
 290 }
 291
 292 static PyObject *py_creds_set_gensec_features(py_talloc_Object *self, PyObject *args)
 293 {
 294         unsigned int gensec_features;
 295
 296         if (!PyArg_ParseTuple(args, "I", &gensec_features))
 297                 return NULL;
 298
 299         cli_credentials_set_gensec_features(PyCredentials_AsCliCredentials(self), gensec_features);
 300
 301         Py_RETURN_NONE;
 302 }
 303
 304 static PyObject *py_creds_get_gensec_features(py_talloc_Object *self, PyObject *args)
 305 {
 306         unsigned int gensec_features;
 307
 308         gensec_features = cli_credentials_get_gensec_features(PyCredentials_AsCliCredentials(self));
 309         return PyInt_FromLong(gensec_features);
 310 }
 311
 312
 313 static PyMethodDef py_creds_methods[] = {
 314         { "get_username", (PyCFunction)py_creds_get_username, METH_NOARGS,
 315                 "S.get_username() -> username\nObtain username." },
 316         { "set_username", (PyCFunction)py_creds_set_username, METH_VARARGS,
 317                 "S.set_username(name, obtained=CRED_SPECIFIED) -> None\n"
 318                 "Change username." },
 319         { "get_password", (PyCFunction)py_creds_get_password, METH_NOARGS,
 320                 "S.get_password() -> password\n"
 321                 "Obtain password." },
 322         { "set_password", (PyCFunction)py_creds_set_password, METH_VARARGS,
 323                 "S.set_password(password, obtained=CRED_SPECIFIED) -> None\n"
 324                 "Change password." },
 325         { "get_domain", (PyCFunction)py_creds_get_domain, METH_NOARGS,
 326                 "S.get_domain() -> domain\n"
 327                 "Obtain domain name." },
 328         { "set_domain", (PyCFunction)py_creds_set_domain, METH_VARARGS,
 329                 "S.set_domain(domain, obtained=CRED_SPECIFIED) -> None\n"
 330                 "Change domain name." },
 331         { "get_realm", (PyCFunction)py_creds_get_realm, METH_NOARGS,
 332                 "S.get_realm() -> realm\n"
 333                 "Obtain realm name." },
 334         { "set_realm", (PyCFunction)py_creds_set_realm, METH_VARARGS,
 335                 "S.set_realm(realm, obtained=CRED_SPECIFIED) -> None\n"
 336                 "Change realm name." },
 337         { "get_bind_dn", (PyCFunction)py_creds_get_bind_dn, METH_NOARGS,
 338                 "S.get_bind_dn() -> bind dn\n"
 339                 "Obtain bind DN." },
 340         { "set_bind_dn", (PyCFunction)py_creds_set_bind_dn, METH_VARARGS,
 341                 "S.set_bind_dn(bind_dn) -> None\n"
 342                 "Change bind DN." },
 343         { "is_anonymous", (PyCFunction)py_creds_is_anonymous, METH_NOARGS,
 344                 NULL },
 345         { "set_anonymous", (PyCFunction)py_creds_set_anonymous, METH_NOARGS,
 346                 "S.set_anonymous() -> None\n"
 347                 "Use anonymous credentials." },
 348         { "get_workstation", (PyCFunction)py_creds_get_workstation, METH_NOARGS,
 349                 NULL },
 350         { "set_workstation", (PyCFunction)py_creds_set_workstation, METH_VARARGS,
 351                 NULL },
 352         { "authentication_requested", (PyCFunction)py_creds_authentication_requested, METH_NOARGS,
 353                 NULL },
 354         { "wrong_password", (PyCFunction)py_creds_wrong_password, METH_NOARGS,
 355                 "S.wrong_password() -> bool\n"
 356                 "Indicate the returned password was incorrect." },
 357         { "set_cmdline_callbacks", (PyCFunction)py_creds_set_cmdline_callbacks, METH_NOARGS,
 358                 "S.set_cmdline_callbacks() -> bool\n"
 359                 "Use command-line to obtain credentials not explicitly set." },
 360         { "parse_string", (PyCFunction)py_creds_parse_string, METH_VARARGS,
 361                 "S.parse_string(text, obtained=CRED_SPECIFIED) -> None\n"
 362                 "Parse credentials string." },
 363         { "get_nt_hash", (PyCFunction)py_creds_get_nt_hash, METH_NOARGS,
 364                 NULL },
 365         { "set_kerberos_state", (PyCFunction)py_creds_set_kerberos_state, METH_VARARGS,
 366                 NULL },
 367         { "guess", (PyCFunction)py_creds_guess, METH_VARARGS, NULL },
 368         { "set_machine_account", (PyCFunction)py_creds_set_machine_account, METH_VARARGS, NULL },
 369         { "get_named_ccache", (PyCFunction)py_creds_get_named_ccache, METH_VARARGS, NULL },
 370         { "set_gensec_features", (PyCFunction)py_creds_set_gensec_features, METH_VARARGS, NULL },
 371         { "get_gensec_features", (PyCFunction)py_creds_get_gensec_features, METH_NOARGS, NULL },
 372         { NULL }
 373 };
 374
 375 PyTypeObject PyCredentials = {
 376         .tp_name = "Credentials",
 377         .tp_basicsize = sizeof(py_talloc_Object),
 378         .tp_dealloc = py_talloc_dealloc,
 379         .tp_new = py_creds_new,
 380         .tp_flags = Py_TPFLAGS_DEFAULT,
 381         .tp_methods = py_creds_methods,
 382 };
 383
 384
 385 PyTypeObject PyCredentialCacheContainer = {
 386         .tp_name = "CredentialCacheContainer",
 387         .tp_basicsize = sizeof(py_talloc_Object),
 388         .tp_dealloc = py_talloc_dealloc,
 389         .tp_flags = Py_TPFLAGS_DEFAULT,
 390 };
 391
 392 void initcredentials(void)
 393 {
 394         PyObject *m;
 395
 396         if (PyType_Ready(&PyCredentials) < 0)
 397                 return;
 398
 399         if (PyType_Ready(&PyCredentialCacheContainer) < 0)
 400                 return;
 401
 402         m = Py_InitModule3("credentials", NULL, "Credentials management.");
 403         if (m == NULL)
 404                 return;
 405
 406         PyModule_AddObject(m, "AUTO_USE_KERBEROS", PyInt_FromLong(CRED_AUTO_USE_KERBEROS));
 407         PyModule_AddObject(m, "DONT_USE_KERBEROS", PyInt_FromLong(CRED_DONT_USE_KERBEROS));
 408         PyModule_AddObject(m, "MUST_USE_KERBEROS", PyInt_FromLong(CRED_MUST_USE_KERBEROS));
 409
 410         Py_INCREF(&PyCredentials);
 411         PyModule_AddObject(m, "Credentials", (PyObject *)&PyCredentials);
 412         Py_INCREF(&PyCredentialCacheContainer);
 413         PyModule_AddObject(m, "CredentialCacheContainer", (PyObject *)&PyCredentialCacheContainer);
 414 }