source4/auth/credentials/pycredentials.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
   4
   5    This program is free software; you can redistribute it and/or modify
   6    it under the terms of the GNU General Public License as published by
   7    the Free Software Foundation; either version 3 of the License, or
   8    (at your option) any later version.
   9
  10    This program is distributed in the hope that it will be useful,
  11    but WITHOUT ANY WARRANTY; without even the implied warranty of
  12    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13    GNU General Public License for more details.
  14
  15    You should have received a copy of the GNU General Public License
  16    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  17 */
  18
  19 #include <Python.h>
  20 #include "includes.h"
  21 #include "pycredentials.h"
  22 #include "param/param.h"
  23 #include "lib/cmdline/credentials.h"
  24 #include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
  25 #include "libcli/util/pyerrors.h"
  26 #include "param/pyparam.h"
  27 #include <tevent.h>
  28
  29 static PyObject *PyString_FromStringOrNULL(const char *str)
  30 {
  31         if (str == NULL)
  32                 Py_RETURN_NONE;
  33         return PyString_FromString(str);
  34 }
  35
  36 static PyObject *py_creds_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
  37 {
  38         py_talloc_Object *ret = (py_talloc_Object *)type->tp_alloc(type, 0);
  39         if (ret == NULL) {
  40                 PyErr_NoMemory();
  41                 return NULL;
  42         }
  43         ret->talloc_ctx = talloc_new(NULL);
  44         if (ret->talloc_ctx == NULL) {
  45                 PyErr_NoMemory();
  46                 return NULL;
  47         }
  48         ret->ptr = cli_credentials_init(ret->talloc_ctx);
  49         return (PyObject *)ret;
  50 }
  51
  52 static PyObject *py_creds_get_username(py_talloc_Object *self)
  53 {
  54         return PyString_FromStringOrNULL(cli_credentials_get_username(PyCredentials_AsCliCredentials(self)));
  55 }
  56
  57 static PyObject *py_creds_set_username(py_talloc_Object *self, PyObject *args)
  58 {
  59         char *newval;
  60         enum credentials_obtained obt = CRED_SPECIFIED;
  61         if (!PyArg_ParseTuple(args, "s|i", &newval, &obt))
  62                 return NULL;
  63
  64         return PyBool_FromLong(cli_credentials_set_username(PyCredentials_AsCliCredentials(self), newval, obt));
  65 }
  66
  67 static PyObject *py_creds_get_password(py_talloc_Object *self)
  68 {
  69         return PyString_FromStringOrNULL(cli_credentials_get_password(PyCredentials_AsCliCredentials(self)));
  70 }
  71
  72
  73 static PyObject *py_creds_set_password(py_talloc_Object *self, PyObject *args)
  74 {
  75         char *newval;
  76         enum credentials_obtained obt = CRED_SPECIFIED;
  77         if (!PyArg_ParseTuple(args, "s|i", &newval, &obt))
  78                 return NULL;
  79
  80         return PyBool_FromLong(cli_credentials_set_password(PyCredentials_AsCliCredentials(self), newval, obt));
  81 }
  82
  83 static PyObject *py_creds_get_domain(py_talloc_Object *self)
  84 {
  85         return PyString_FromStringOrNULL(cli_credentials_get_domain(PyCredentials_AsCliCredentials(self)));
  86 }
  87
  88 static PyObject *py_creds_set_domain(py_talloc_Object *self, PyObject *args)
  89 {
  90         char *newval;
  91         enum credentials_obtained obt = CRED_SPECIFIED;
  92         if (!PyArg_ParseTuple(args, "s|i", &newval, &obt))
  93                 return NULL;
  94
  95         return PyBool_FromLong(cli_credentials_set_domain(PyCredentials_AsCliCredentials(self), newval, obt));
  96 }
  97
  98 static PyObject *py_creds_get_realm(py_talloc_Object *self)
  99 {
 100         return PyString_FromStringOrNULL(cli_credentials_get_realm(PyCredentials_AsCliCredentials(self)));
 101 }
 102
 103 static PyObject *py_creds_set_realm(py_talloc_Object *self, PyObject *args)
 104 {
 105         char *newval;
 106         enum credentials_obtained obt = CRED_SPECIFIED;
 107         if (!PyArg_ParseTuple(args, "s|i", &newval, &obt))
 108                 return NULL;
 109
 110         return PyBool_FromLong(cli_credentials_set_realm(PyCredentials_AsCliCredentials(self), newval, obt));
 111 }
 112
 113 static PyObject *py_creds_get_bind_dn(py_talloc_Object *self)
 114 {
 115         return PyString_FromStringOrNULL(cli_credentials_get_bind_dn(PyCredentials_AsCliCredentials(self)));
 116 }
 117
 118 static PyObject *py_creds_set_bind_dn(py_talloc_Object *self, PyObject *args)
 119 {
 120         char *newval;
 121         if (!PyArg_ParseTuple(args, "s", &newval))
 122                 return NULL;
 123
 124         return PyBool_FromLong(cli_credentials_set_bind_dn(PyCredentials_AsCliCredentials(self), newval));
 125 }
 126
 127 static PyObject *py_creds_get_workstation(py_talloc_Object *self)
 128 {
 129         return PyString_FromStringOrNULL(cli_credentials_get_workstation(PyCredentials_AsCliCredentials(self)));
 130 }
 131
 132 static PyObject *py_creds_set_workstation(py_talloc_Object *self, PyObject *args)
 133 {
 134         char *newval;
 135         enum credentials_obtained obt = CRED_SPECIFIED;
 136         if (!PyArg_ParseTuple(args, "s|i", &newval, &obt))
 137                 return NULL;
 138
 139         return PyBool_FromLong(cli_credentials_set_workstation(PyCredentials_AsCliCredentials(self), newval, obt));
 140 }
 141
 142 static PyObject *py_creds_is_anonymous(py_talloc_Object *self)
 143 {
 144         return PyBool_FromLong(cli_credentials_is_anonymous(PyCredentials_AsCliCredentials(self)));
 145 }
 146
 147 static PyObject *py_creds_set_anonymous(py_talloc_Object *self)
 148 {
 149         cli_credentials_set_anonymous(PyCredentials_AsCliCredentials(self));
 150         Py_RETURN_NONE;
 151 }
 152
 153 static PyObject *py_creds_authentication_requested(py_talloc_Object *self)
 154 {
 155         return PyBool_FromLong(cli_credentials_authentication_requested(PyCredentials_AsCliCredentials(self)));
 156 }
 157
 158 static PyObject *py_creds_wrong_password(py_talloc_Object *self)
 159 {
 160         return PyBool_FromLong(cli_credentials_wrong_password(PyCredentials_AsCliCredentials(self)));
 161 }
 162
 163 static PyObject *py_creds_set_cmdline_callbacks(py_talloc_Object *self)
 164 {
 165         return PyBool_FromLong(cli_credentials_set_cmdline_callbacks(PyCredentials_AsCliCredentials(self)));
 166 }
 167
 168 static PyObject *py_creds_parse_string(py_talloc_Object *self, PyObject *args)
 169 {
 170         char *newval;
 171         enum credentials_obtained obt = CRED_SPECIFIED;
 172         if (!PyArg_ParseTuple(args, "s|i", &newval, &obt))
 173                 return NULL;
 174
 175         cli_credentials_parse_string(PyCredentials_AsCliCredentials(self), newval, obt);
 176         Py_RETURN_NONE;
 177 }
 178
 179 static PyObject *py_creds_get_nt_hash(py_talloc_Object *self)
 180 {
 181         const struct samr_Password *ntpw = cli_credentials_get_nt_hash(PyCredentials_AsCliCredentials(self), self->ptr);
 182
 183         return PyString_FromStringAndSize(discard_const_p(char, ntpw->hash), 16);
 184 }
 185
 186 static PyObject *py_creds_set_kerberos_state(py_talloc_Object *self, PyObject *args)
 187 {
 188         int state;
 189         if (!PyArg_ParseTuple(args, "i", &state))
 190                 return NULL;
 191
 192         cli_credentials_set_kerberos_state(PyCredentials_AsCliCredentials(self), state);
 193         Py_RETURN_NONE;
 194 }
 195
 196 static PyObject *py_creds_guess(py_talloc_Object *self, PyObject *args)
 197 {
 198         PyObject *py_lp_ctx = Py_None;
 199         struct loadparm_context *lp_ctx;
 200         if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
 201                 return NULL;
 202
 203         lp_ctx = lp_from_py_object(py_lp_ctx);
 204         if (lp_ctx == NULL)
 205                 return NULL;
 206
 207         cli_credentials_guess(PyCredentials_AsCliCredentials(self), lp_ctx);
 208
 209         Py_RETURN_NONE;
 210 }
 211
 212 static PyObject *py_creds_set_machine_account(py_talloc_Object *self, PyObject *args)
 213 {
 214         PyObject *py_lp_ctx = Py_None;
 215         struct loadparm_context *lp_ctx;
 216         NTSTATUS status;
 217         if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
 218                 return NULL;
 219
 220         lp_ctx = lp_from_py_object(py_lp_ctx);
 221         if (lp_ctx == NULL)
 222                 return NULL;
 223
 224         status = cli_credentials_set_machine_account(PyCredentials_AsCliCredentials(self), lp_ctx);
 225         PyErr_NTSTATUS_IS_ERR_RAISE(status);
 226
 227         Py_RETURN_NONE;
 228 }
 229
 230 PyObject *PyCredentialCacheContainer_from_ccache_container(struct ccache_container *ccc)
 231 {
 232         PyCredentialCacheContainerObject *py_ret;
 233
 234         if (ccc == NULL) {
 235                 Py_RETURN_NONE;
 236         }
 237
 238         py_ret = (PyCredentialCacheContainerObject *)PyCredentialCacheContainer.tp_alloc(&PyCredentialCacheContainer, 0);
 239         if (py_ret == NULL) {
 240                 PyErr_NoMemory();
 241                 return NULL;
 242         }
 243         py_ret->mem_ctx = talloc_new(NULL);
 244         py_ret->ccc = talloc_reference(py_ret->mem_ctx, ccc);
 245         return (PyObject *)py_ret;
 246 }
 247
 248
 249 static PyObject *py_creds_get_named_ccache(py_talloc_Object *self, PyObject *args)
 250 {
 251         PyObject *py_lp_ctx = Py_None;
 252         char *ccache_name;
 253         struct loadparm_context *lp_ctx;
 254         struct ccache_container *ccc;
 255         struct tevent_context *event_ctx;
 256         int ret;
 257
 258         if (!PyArg_ParseTuple(args, "|Os", &py_lp_ctx, &ccache_name))
 259                 return NULL;
 260
 261         lp_ctx = lp_from_py_object(py_lp_ctx);
 262         if (lp_ctx == NULL)
 263                 return NULL;
 264
 265         event_ctx = tevent_context_init(NULL);
 266
 267         ret = cli_credentials_get_named_ccache(PyCredentials_AsCliCredentials(self), event_ctx, lp_ctx, ccache_name, &ccc);
 268         if (ret == 0) {
 269                 talloc_steal(ccc, event_ctx);
 270                 return PyCredentialCacheContainer_from_ccache_container(ccc);
 271         } else {
 272                 talloc_free(event_ctx);
 273                 return NULL;
 274         }
 275
 276 }
 277
 278 static PyMethodDef py_creds_methods[] = {
 279         { "get_username", (PyCFunction)py_creds_get_username, METH_NOARGS,
 280                 "S.get_username() -> username\nObtain username." },
 281         { "set_username", (PyCFunction)py_creds_set_username, METH_VARARGS,
 282                 "S.set_username(name, obtained=CRED_SPECIFIED) -> None\n"
 283                 "Change username." },
 284         { "get_password", (PyCFunction)py_creds_get_password, METH_NOARGS,
 285                 "S.get_password() -> password\n"
 286                 "Obtain password." },
 287         { "set_password", (PyCFunction)py_creds_set_password, METH_VARARGS,
 288                 "S.set_password(password, obtained=CRED_SPECIFIED) -> None\n"
 289                 "Change password." },
 290         { "get_domain", (PyCFunction)py_creds_get_domain, METH_NOARGS,
 291                 "S.get_domain() -> domain\n"
 292                 "Obtain domain name." },
 293         { "set_domain", (PyCFunction)py_creds_set_domain, METH_VARARGS,
 294                 "S.set_domain(domain, obtained=CRED_SPECIFIED) -> None\n"
 295                 "Change domain name." },
 296         { "get_realm", (PyCFunction)py_creds_get_realm, METH_NOARGS,
 297                 "S.get_realm() -> realm\n"
 298                 "Obtain realm name." },
 299         { "set_realm", (PyCFunction)py_creds_set_realm, METH_VARARGS,
 300                 "S.set_realm(realm, obtained=CRED_SPECIFIED) -> None\n"
 301                 "Change realm name." },
 302         { "get_bind_dn", (PyCFunction)py_creds_get_bind_dn, METH_NOARGS,
 303                 "S.get_bind_dn() -> bind dn\n"
 304                 "Obtain bind DN." },
 305         { "set_bind_dn", (PyCFunction)py_creds_set_bind_dn, METH_VARARGS,
 306                 "S.set_bind_dn(bind_dn) -> None\n"
 307                 "Change bind DN." },
 308         { "is_anonymous", (PyCFunction)py_creds_is_anonymous, METH_NOARGS,
 309                 NULL },
 310         { "set_anonymous", (PyCFunction)py_creds_set_anonymous, METH_NOARGS,
 311                 "S.set_anonymous() -> None\n"
 312                 "Use anonymous credentials." },
 313         { "get_workstation", (PyCFunction)py_creds_get_workstation, METH_NOARGS,
 314                 NULL },
 315         { "set_workstation", (PyCFunction)py_creds_set_workstation, METH_VARARGS,
 316                 NULL },
 317         { "authentication_requested", (PyCFunction)py_creds_authentication_requested, METH_NOARGS,
 318                 NULL },
 319         { "wrong_password", (PyCFunction)py_creds_wrong_password, METH_NOARGS,
 320                 "S.wrong_password() -> bool\n"
 321                 "Indicate the returned password was incorrect." },
 322         { "set_cmdline_callbacks", (PyCFunction)py_creds_set_cmdline_callbacks, METH_NOARGS,
 323                 "S.set_cmdline_callbacks() -> bool\n"
 324                 "Use command-line to obtain credentials not explicitly set." },
 325         { "parse_string", (PyCFunction)py_creds_parse_string, METH_VARARGS,
 326                 "S.parse_string(text, obtained=CRED_SPECIFIED) -> None\n"
 327                 "Parse credentials string." },
 328         { "get_nt_hash", (PyCFunction)py_creds_get_nt_hash, METH_NOARGS,
 329                 NULL },
 330         { "set_kerberos_state", (PyCFunction)py_creds_set_kerberos_state, METH_VARARGS,
 331                 NULL },
 332         { "guess", (PyCFunction)py_creds_guess, METH_VARARGS, NULL },
 333         { "set_machine_account", (PyCFunction)py_creds_set_machine_account, METH_VARARGS, NULL },
 334         { "get_named_ccache", (PyCFunction)py_creds_get_named_ccache, METH_VARARGS, NULL },
 335         { NULL }
 336 };
 337
 338 PyTypeObject PyCredentials = {
 339         .tp_name = "Credentials",
 340         .tp_basicsize = sizeof(py_talloc_Object),
 341         .tp_dealloc = py_talloc_dealloc,
 342         .tp_new = py_creds_new,
 343         .tp_flags = Py_TPFLAGS_DEFAULT,
 344         .tp_methods = py_creds_methods,
 345 };
 346
 347
 348 PyTypeObject PyCredentialCacheContainer = {
 349         .tp_name = "CredentialCacheContainer",
 350         .tp_basicsize = sizeof(py_talloc_Object),
 351         .tp_dealloc = py_talloc_dealloc,
 352         .tp_flags = Py_TPFLAGS_DEFAULT,
 353 };
 354
 355 void initcredentials(void)
 356 {
 357         PyObject *m;
 358
 359         if (PyType_Ready(&PyCredentials) < 0)
 360                 return;
 361
 362         if (PyType_Ready(&PyCredentialCacheContainer) < 0)
 363                 return;
 364
 365         m = Py_InitModule3("credentials", NULL, "Credentials management.");
 366         if (m == NULL)
 367                 return;
 368
 369         PyModule_AddObject(m, "AUTO_USE_KERBEROS", PyInt_FromLong(CRED_AUTO_USE_KERBEROS));
 370         PyModule_AddObject(m, "DONT_USE_KERBEROS", PyInt_FromLong(CRED_DONT_USE_KERBEROS));
 371         PyModule_AddObject(m, "MUST_USE_KERBEROS", PyInt_FromLong(CRED_MUST_USE_KERBEROS));
 372
 373         Py_INCREF(&PyCredentials);
 374         PyModule_AddObject(m, "Credentials", (PyObject *)&PyCredentials);
 375         Py_INCREF(&PyCredentialCacheContainer);
 376         PyModule_AddObject(m, "CredentialCacheContainer", (PyObject *)&PyCredentialCacheContainer);
 377 }