libcli/security/pysecurity.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2008
   4    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2011
   5
   6    This program is free software; you can redistribute it and/or modify
   7    it under the terms of the GNU General Public License as published by
   8    the Free Software Foundation; either version 3 of the License, or
   9    (at your option) any later version.
  10
  11    This program is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14    GNU General Public License for more details.
  15
  16    You should have received a copy of the GNU General Public License
  17    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18 */
  19
  20 #include <Python.h>
  21 #include "includes.h"
  22 #include "libcli/util/pyerrors.h"
  23 #include "libcli/security/security.h"
  24 #include "pytalloc.h"
  25
  26 static PyObject *py_se_access_check(PyObject *module, PyObject *args, PyObject *kwargs)
  27 {
  28         NTSTATUS nt_status;
  29         const char * const kwnames[] = { "security_descriptor", "token", "access_desired", NULL };
  30         PyObject *py_sec_desc = Py_None;
  31         PyObject *py_security_token = Py_None;
  32         struct security_descriptor *security_descriptor;
  33         struct security_token *security_token;
  34         int access_desired; /* This is an int, because that's what
  35                              * we need for the python
  36                              * PyArg_ParseTupleAndKeywords */
  37         uint32_t access_granted;
  38
  39         if (!PyArg_ParseTupleAndKeywords(args, kwargs, "OOi",
  40                                          discard_const_p(char *, kwnames),
  41                                          &py_sec_desc, &py_security_token, &access_desired)) {
  42                 return NULL;
  43         }
  44
  45         security_descriptor = py_talloc_get_type(py_sec_desc, struct security_descriptor);
  46         if (!security_descriptor) {
  47                 PyErr_Format(PyExc_TypeError,
  48                              "Expected dcerpc.security.descriptor for security_descriptor argument got  %s",
  49                              talloc_get_name(py_talloc_get_ptr(py_sec_desc)));
  50                 return NULL;
  51         }
  52
  53         security_token = py_talloc_get_type(py_security_token, struct security_token);
  54         if (!security_token) {
  55                 PyErr_Format(PyExc_TypeError,
  56                              "Expected dcerpc.security.token for token argument, got %s",
  57                              talloc_get_name(py_talloc_get_ptr(py_security_token)));
  58                 return NULL;
  59         }
  60
  61         nt_status = se_access_check(security_descriptor, security_token, access_desired, &access_granted);
  62         if (!NT_STATUS_IS_OK(nt_status)) {
  63                 PyErr_NTSTATUS_IS_ERR_RAISE(nt_status);
  64         }
  65
  66         return PyLong_FromLong(access_granted);
  67 }
  68
  69 static PyMethodDef py_security_methods[] = {
  70         { "access_check", (PyCFunction)py_se_access_check, METH_VARARGS|METH_KEYWORDS,
  71         "access_check(security_descriptor, token, access_desired) -> access_granted.  Raises NT_STATUS on error, including on access check failure, returns access granted bitmask"},
  72         { NULL },
  73 };
  74
  75 void initsecurity(void)
  76 {
  77         PyObject *m;
  78
  79         m = Py_InitModule3("security", py_security_methods,
  80                            "Security support.");
  81         if (m == NULL)
  82                 return;
  83 }