git.samba.org / samba.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
auth/credentials: Add cli_credentials_{set,get}_forced_sasl_mech()
[samba.git] / auth / credentials / pycredentials.c
1 /* 
2    Unix SMB/CIFS implementation.
3    Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
4    
5    This program is free software; you can redistribute it and/or modify
6    it under the terms of the GNU General Public License as published by
7    the Free Software Foundation; either version 3 of the License, or
8    (at your option) any later version.
9    
10    This program is distributed in the hope that it will be useful,
11    but WITHOUT ANY WARRANTY; without even the implied warranty of
12    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13    GNU General Public License for more details.
14    
15    You should have received a copy of the GNU General Public License
16    along with this program.  If not, see <http://www.gnu.org/licenses/>.
17 */
18
19 #include <Python.h>
20 #include "includes.h"
21 #include "pycredentials.h"
22 #include "param/param.h"
23 #include "lib/cmdline/credentials.h"
24 #include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
25 #include "libcli/util/pyerrors.h"
26 #include "param/pyparam.h"
27 #include <tevent.h>
28
29 void initcredentials(void);
30
31 static PyObject *PyString_FromStringOrNULL(const char *str)
32 {
33         if (str == NULL)
34                 Py_RETURN_NONE;
35         return PyString_FromString(str);
36 }
37
38 static PyObject *py_creds_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
39 {
40         pytalloc_Object *ret = (pytalloc_Object *)type->tp_alloc(type, 0);
41         if (ret == NULL) {
42                 PyErr_NoMemory();
43                 return NULL;
44         }
45         ret->talloc_ctx = talloc_new(NULL);
46         if (ret->talloc_ctx == NULL) {
47                 PyErr_NoMemory();
48                 return NULL;
49         }
50         ret->ptr = cli_credentials_init(ret->talloc_ctx);
51         return (PyObject *)ret;
52 }
53
54 static PyObject *py_creds_get_username(pytalloc_Object *self)
55 {
56         return PyString_FromStringOrNULL(cli_credentials_get_username(PyCredentials_AsCliCredentials(self)));
57 }
58
59 static PyObject *py_creds_set_username(pytalloc_Object *self, PyObject *args)
60 {
61         char *newval;
62         enum credentials_obtained obt = CRED_SPECIFIED;
63         int _obt = obt;
64
65         if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
66                 return NULL;
67         }
68         obt = _obt;
69
70         return PyBool_FromLong(cli_credentials_set_username(PyCredentials_AsCliCredentials(self), newval, obt));
71 }
72
73 static PyObject *py_creds_get_password(pytalloc_Object *self)
74 {
75         return PyString_FromStringOrNULL(cli_credentials_get_password(PyCredentials_AsCliCredentials(self)));
76 }
77
78
79 static PyObject *py_creds_set_password(pytalloc_Object *self, PyObject *args)
80 {
81         char *newval;
82         enum credentials_obtained obt = CRED_SPECIFIED;
83         int _obt = obt;
84
85         if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
86                 return NULL;
87         }
88         obt = _obt;
89
90         return PyBool_FromLong(cli_credentials_set_password(PyCredentials_AsCliCredentials(self), newval, obt));
91 }
92
93 static PyObject *py_creds_get_domain(pytalloc_Object *self)
94 {
95         return PyString_FromStringOrNULL(cli_credentials_get_domain(PyCredentials_AsCliCredentials(self)));
96 }
97
98 static PyObject *py_creds_set_domain(pytalloc_Object *self, PyObject *args)
99 {
100         char *newval;
101         enum credentials_obtained obt = CRED_SPECIFIED;
102         int _obt = obt;
103
104         if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
105                 return NULL;
106         }
107         obt = _obt;
108
109         return PyBool_FromLong(cli_credentials_set_domain(PyCredentials_AsCliCredentials(self), newval, obt));
110 }
111
112 static PyObject *py_creds_get_realm(pytalloc_Object *self)
113 {
114         return PyString_FromStringOrNULL(cli_credentials_get_realm(PyCredentials_AsCliCredentials(self)));
115 }
116
117 static PyObject *py_creds_set_realm(pytalloc_Object *self, PyObject *args)
118 {
119         char *newval;
120         enum credentials_obtained obt = CRED_SPECIFIED;
121         int _obt = obt;
122
123         if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
124                 return NULL;
125         }
126         obt = _obt;
127
128         return PyBool_FromLong(cli_credentials_set_realm(PyCredentials_AsCliCredentials(self), newval, obt));
129 }
130
131 static PyObject *py_creds_get_bind_dn(pytalloc_Object *self)
132 {
133         return PyString_FromStringOrNULL(cli_credentials_get_bind_dn(PyCredentials_AsCliCredentials(self)));
134 }
135
136 static PyObject *py_creds_set_bind_dn(pytalloc_Object *self, PyObject *args)
137 {
138         char *newval;
139         if (!PyArg_ParseTuple(args, "s", &newval))
140                 return NULL;
141
142         return PyBool_FromLong(cli_credentials_set_bind_dn(PyCredentials_AsCliCredentials(self), newval));
143 }
144
145 static PyObject *py_creds_get_workstation(pytalloc_Object *self)
146 {
147         return PyString_FromStringOrNULL(cli_credentials_get_workstation(PyCredentials_AsCliCredentials(self)));
148 }
149
150 static PyObject *py_creds_set_workstation(pytalloc_Object *self, PyObject *args)
151 {
152         char *newval;
153         enum credentials_obtained obt = CRED_SPECIFIED;
154         int _obt = obt;
155
156         if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
157                 return NULL;
158         }
159         obt = _obt;
160
161         return PyBool_FromLong(cli_credentials_set_workstation(PyCredentials_AsCliCredentials(self), newval, obt));
162 }
163
164 static PyObject *py_creds_is_anonymous(pytalloc_Object *self)
165 {
166         return PyBool_FromLong(cli_credentials_is_anonymous(PyCredentials_AsCliCredentials(self)));
167 }
168
169 static PyObject *py_creds_set_anonymous(pytalloc_Object *self)
170 {
171         cli_credentials_set_anonymous(PyCredentials_AsCliCredentials(self));
172         Py_RETURN_NONE;
173 }
174
175 static PyObject *py_creds_authentication_requested(pytalloc_Object *self)
176 {
177         return PyBool_FromLong(cli_credentials_authentication_requested(PyCredentials_AsCliCredentials(self)));
178 }
179
180 static PyObject *py_creds_wrong_password(pytalloc_Object *self)
181 {
182         return PyBool_FromLong(cli_credentials_wrong_password(PyCredentials_AsCliCredentials(self)));
183 }
184
185 static PyObject *py_creds_set_cmdline_callbacks(pytalloc_Object *self)
186 {
187         return PyBool_FromLong(cli_credentials_set_cmdline_callbacks(PyCredentials_AsCliCredentials(self)));
188 }
189
190 static PyObject *py_creds_parse_string(pytalloc_Object *self, PyObject *args)
191 {
192         char *newval;
193         enum credentials_obtained obt = CRED_SPECIFIED;
194         int _obt = obt;
195
196         if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
197                 return NULL;
198         }
199         obt = _obt;
200
201         cli_credentials_parse_string(PyCredentials_AsCliCredentials(self), newval, obt);
202         Py_RETURN_NONE;
203 }
204
205 static PyObject *py_creds_get_nt_hash(pytalloc_Object *self)
206 {
207         const struct samr_Password *ntpw = cli_credentials_get_nt_hash(PyCredentials_AsCliCredentials(self), self->ptr);
208
209         return PyString_FromStringAndSize(discard_const_p(char, ntpw->hash), 16);
210 }
211
212 static PyObject *py_creds_set_kerberos_state(pytalloc_Object *self, PyObject *args)
213 {
214         int state;
215         if (!PyArg_ParseTuple(args, "i", &state))
216                 return NULL;
217
218         cli_credentials_set_kerberos_state(PyCredentials_AsCliCredentials(self), state);
219         Py_RETURN_NONE;
220 }
221
222 static PyObject *py_creds_set_krb_forwardable(pytalloc_Object *self, PyObject *args)
223 {
224         int state;
225         if (!PyArg_ParseTuple(args, "i", &state))
226                 return NULL;
227
228         cli_credentials_set_krb_forwardable(PyCredentials_AsCliCredentials(self), state);
229         Py_RETURN_NONE;
230 }
231
232
233 static PyObject *py_creds_get_forced_sasl_mech(pytalloc_Object *self)
234 {
235         return PyString_FromStringOrNULL(cli_credentials_get_forced_sasl_mech(PyCredentials_AsCliCredentials(self)));
236 }
237
238 static PyObject *py_creds_set_forced_sasl_mech(pytalloc_Object *self, PyObject *args)
239 {
240         char *newval;
241         enum credentials_obtained obt = CRED_SPECIFIED;
242         int _obt = obt;
243
244         if (!PyArg_ParseTuple(args, "s", &newval)) {
245                 return NULL;
246         }
247         obt = _obt;
248
249         cli_credentials_set_forced_sasl_mech(PyCredentials_AsCliCredentials(self), newval);
250         Py_RETURN_NONE;
251 }
252
253 static PyObject *py_creds_guess(pytalloc_Object *self, PyObject *args)
254 {
255         PyObject *py_lp_ctx = Py_None;
256         struct loadparm_context *lp_ctx;
257         TALLOC_CTX *mem_ctx;
258         struct cli_credentials *creds;
259
260         creds = PyCredentials_AsCliCredentials(self);
261
262         if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
263                 return NULL;
264
265         mem_ctx = talloc_new(NULL);
266         if (mem_ctx == NULL) {
267                 PyErr_NoMemory();
268                 return NULL;
269         }
270
271         lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
272         if (lp_ctx == NULL) {
273                 talloc_free(mem_ctx);
274                 return NULL;
275         }
276
277         cli_credentials_guess(creds, lp_ctx);
278
279         talloc_free(mem_ctx);
280
281         Py_RETURN_NONE;
282 }
283
284 static PyObject *py_creds_set_machine_account(pytalloc_Object *self, PyObject *args)
285 {
286         PyObject *py_lp_ctx = Py_None;
287         struct loadparm_context *lp_ctx;
288         NTSTATUS status;
289         struct cli_credentials *creds;
290         TALLOC_CTX *mem_ctx;
291
292         creds = PyCredentials_AsCliCredentials(self);
293
294         if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
295                 return NULL;
296
297         mem_ctx = talloc_new(NULL);
298         if (mem_ctx == NULL) {
299                 PyErr_NoMemory();
300                 return NULL;
301         }
302
303         lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
304         if (lp_ctx == NULL) {
305                 talloc_free(mem_ctx);
306                 return NULL;
307         }
308
309         status = cli_credentials_set_machine_account(creds, lp_ctx);
310         talloc_free(mem_ctx);
311
312         PyErr_NTSTATUS_IS_ERR_RAISE(status);
313
314         Py_RETURN_NONE;
315 }
316
317 static PyObject *PyCredentialCacheContainer_from_ccache_container(struct ccache_container *ccc)
318 {
319         PyCredentialCacheContainerObject *py_ret;
320
321         if (ccc == NULL) {
322                 Py_RETURN_NONE;
323         }
324
325         py_ret = (PyCredentialCacheContainerObject *)PyCredentialCacheContainer.tp_alloc(&PyCredentialCacheContainer, 0);
326         if (py_ret == NULL) {
327                 PyErr_NoMemory();
328                 return NULL;
329         }
330         py_ret->mem_ctx = talloc_new(NULL);
331         py_ret->ccc = talloc_reference(py_ret->mem_ctx, ccc);
332         return (PyObject *)py_ret;
333 }
334
335
336 static PyObject *py_creds_get_named_ccache(pytalloc_Object *self, PyObject *args)
337 {
338         PyObject *py_lp_ctx = Py_None;
339         char *ccache_name;
340         struct loadparm_context *lp_ctx;
341         struct ccache_container *ccc;
342         struct tevent_context *event_ctx;
343         int ret;
344         const char *error_string;
345         struct cli_credentials *creds;
346         TALLOC_CTX *mem_ctx;
347
348         creds = PyCredentials_AsCliCredentials(self);
349
350         if (!PyArg_ParseTuple(args, "|Os", &py_lp_ctx, &ccache_name))
351                 return NULL;
352
353         mem_ctx = talloc_new(NULL);
354         if (mem_ctx == NULL) {
355                 PyErr_NoMemory();
356                 return NULL;
357         }
358
359         lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
360         if (lp_ctx == NULL) {
361                 talloc_free(mem_ctx);
362                 return NULL;
363         }
364
365         event_ctx = samba_tevent_context_init(mem_ctx);
366
367         ret = cli_credentials_get_named_ccache(creds, event_ctx, lp_ctx,
368                                                ccache_name, &ccc, &error_string);
369         talloc_unlink(mem_ctx, lp_ctx);
370         if (ret == 0) {
371                 talloc_steal(ccc, event_ctx);
372                 talloc_free(mem_ctx);
373                 return PyCredentialCacheContainer_from_ccache_container(ccc);
374         }
375
376         PyErr_SetString(PyExc_RuntimeError, error_string?error_string:"NULL");
377
378         talloc_free(mem_ctx);
379         return NULL;
380 }
381
382 static PyObject *py_creds_set_gensec_features(pytalloc_Object *self, PyObject *args)
383 {
384         unsigned int gensec_features;
385
386         if (!PyArg_ParseTuple(args, "I", &gensec_features))
387                 return NULL;
388
389         cli_credentials_set_gensec_features(PyCredentials_AsCliCredentials(self), gensec_features);
390
391         Py_RETURN_NONE;
392 }
393
394 static PyObject *py_creds_get_gensec_features(pytalloc_Object *self, PyObject *args)
395 {
396         unsigned int gensec_features;
397
398         gensec_features = cli_credentials_get_gensec_features(PyCredentials_AsCliCredentials(self));
399         return PyInt_FromLong(gensec_features);
400 }
401
402
403 static PyMethodDef py_creds_methods[] = {
404         { "get_username", (PyCFunction)py_creds_get_username, METH_NOARGS,
405                 "S.get_username() -> username\nObtain username." },
406         { "set_username", (PyCFunction)py_creds_set_username, METH_VARARGS,
407                 "S.set_username(name, obtained=CRED_SPECIFIED) -> None\n"
408                 "Change username." },
409         { "get_password", (PyCFunction)py_creds_get_password, METH_NOARGS,
410                 "S.get_password() -> password\n"
411                 "Obtain password." },
412         { "set_password", (PyCFunction)py_creds_set_password, METH_VARARGS,
413                 "S.set_password(password, obtained=CRED_SPECIFIED) -> None\n"
414                 "Change password." },
415         { "get_domain", (PyCFunction)py_creds_get_domain, METH_NOARGS,
416                 "S.get_domain() -> domain\n"
417                 "Obtain domain name." },
418         { "set_domain", (PyCFunction)py_creds_set_domain, METH_VARARGS,
419                 "S.set_domain(domain, obtained=CRED_SPECIFIED) -> None\n"
420                 "Change domain name." },
421         { "get_realm", (PyCFunction)py_creds_get_realm, METH_NOARGS,
422                 "S.get_realm() -> realm\n"
423                 "Obtain realm name." },
424         { "set_realm", (PyCFunction)py_creds_set_realm, METH_VARARGS,
425                 "S.set_realm(realm, obtained=CRED_SPECIFIED) -> None\n"
426                 "Change realm name." },
427         { "get_bind_dn", (PyCFunction)py_creds_get_bind_dn, METH_NOARGS,
428                 "S.get_bind_dn() -> bind dn\n"
429                 "Obtain bind DN." },
430         { "set_bind_dn", (PyCFunction)py_creds_set_bind_dn, METH_VARARGS,
431                 "S.set_bind_dn(bind_dn) -> None\n"
432                 "Change bind DN." },
433         { "is_anonymous", (PyCFunction)py_creds_is_anonymous, METH_NOARGS,
434                 NULL },
435         { "set_anonymous", (PyCFunction)py_creds_set_anonymous, METH_NOARGS,
436                 "S.set_anonymous() -> None\n"
437                 "Use anonymous credentials." },
438         { "get_workstation", (PyCFunction)py_creds_get_workstation, METH_NOARGS,
439                 NULL },
440         { "set_workstation", (PyCFunction)py_creds_set_workstation, METH_VARARGS,
441                 NULL },
442         { "authentication_requested", (PyCFunction)py_creds_authentication_requested, METH_NOARGS,
443                 NULL },
444         { "wrong_password", (PyCFunction)py_creds_wrong_password, METH_NOARGS,
445                 "S.wrong_password() -> bool\n"
446                 "Indicate the returned password was incorrect." },
447         { "set_cmdline_callbacks", (PyCFunction)py_creds_set_cmdline_callbacks, METH_NOARGS,
448                 "S.set_cmdline_callbacks() -> bool\n"
449                 "Use command-line to obtain credentials not explicitly set." },
450         { "parse_string", (PyCFunction)py_creds_parse_string, METH_VARARGS,
451                 "S.parse_string(text, obtained=CRED_SPECIFIED) -> None\n"
452                 "Parse credentials string." },
453         { "get_nt_hash", (PyCFunction)py_creds_get_nt_hash, METH_NOARGS,
454                 NULL },
455         { "set_kerberos_state", (PyCFunction)py_creds_set_kerberos_state, METH_VARARGS,
456                 NULL },
457         { "set_krb_forwardable", (PyCFunction)py_creds_set_krb_forwardable, METH_VARARGS,
458                 NULL },
459         { "guess", (PyCFunction)py_creds_guess, METH_VARARGS, NULL },
460         { "set_machine_account", (PyCFunction)py_creds_set_machine_account, METH_VARARGS, NULL },
461         { "get_named_ccache", (PyCFunction)py_creds_get_named_ccache, METH_VARARGS, NULL },
462         { "set_gensec_features", (PyCFunction)py_creds_set_gensec_features, METH_VARARGS, NULL },
463         { "get_gensec_features", (PyCFunction)py_creds_get_gensec_features, METH_NOARGS, NULL },
464         { "get_forced_sasl_mech", (PyCFunction)py_creds_get_forced_sasl_mech, METH_NOARGS,
465                 "S.get_forced_sasl_mech() -> SASL mechanism\nObtain forced SASL mechanism." },
466         { "set_forced_sasl_mech", (PyCFunction)py_creds_set_forced_sasl_mech, METH_VARARGS,
467                 "S.set_forced_sasl_mech(name) -> None\n"
468                 "Set forced SASL mechanism." },
469         { NULL }
470 };
471
472 PyTypeObject PyCredentials = {
473         .tp_name = "credentials.Credentials",
474         .tp_basicsize = sizeof(pytalloc_Object),
475         .tp_new = py_creds_new,
476         .tp_flags = Py_TPFLAGS_DEFAULT,
477         .tp_methods = py_creds_methods,
478 };
479
480
481 PyTypeObject PyCredentialCacheContainer = {
482         .tp_name = "credentials.CredentialCacheContainer",
483         .tp_basicsize = sizeof(pytalloc_Object),
484         .tp_flags = Py_TPFLAGS_DEFAULT,
485 };
486
487 void initcredentials(void)
488 {
489         PyObject *m;
490         PyTypeObject *talloc_type = pytalloc_GetObjectType();
491         if (talloc_type == NULL)
492                 return;
493
494         PyCredentials.tp_base = PyCredentialCacheContainer.tp_base = talloc_type;
495
496         if (PyType_Ready(&PyCredentials) < 0)
497                 return;
498
499         if (PyType_Ready(&PyCredentialCacheContainer) < 0)
500                 return;
501
502         m = Py_InitModule3("credentials", NULL, "Credentials management.");
503         if (m == NULL)
504                 return;
505
506         PyModule_AddObject(m, "AUTO_USE_KERBEROS", PyInt_FromLong(CRED_AUTO_USE_KERBEROS));
507         PyModule_AddObject(m, "DONT_USE_KERBEROS", PyInt_FromLong(CRED_DONT_USE_KERBEROS));
508         PyModule_AddObject(m, "MUST_USE_KERBEROS", PyInt_FromLong(CRED_MUST_USE_KERBEROS));
509
510         PyModule_AddObject(m, "AUTO_KRB_FORWARDABLE",  PyInt_FromLong(CRED_AUTO_KRB_FORWARDABLE));
511         PyModule_AddObject(m, "NO_KRB_FORWARDABLE",    PyInt_FromLong(CRED_NO_KRB_FORWARDABLE));
512         PyModule_AddObject(m, "FORCE_KRB_FORWARDABLE", PyInt_FromLong(CRED_FORCE_KRB_FORWARDABLE));
513
514         Py_INCREF(&PyCredentials);
515         PyModule_AddObject(m, "Credentials", (PyObject *)&PyCredentials);
516         Py_INCREF(&PyCredentialCacheContainer);
517         PyModule_AddObject(m, "CredentialCacheContainer", (PyObject *)&PyCredentialCacheContainer);
518 }
Samba Shared Repository