2 Unix SMB/CIFS implementation.
3 Samba utility functions
5 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008-2010
6 Copyright (C) Kamen Mazdrashki <kamen.mazdrashki@postpath.com> 2009
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
27 #include "auth/credentials/pycredentials.h"
28 #include "libcli/security/security.h"
29 #include "lib/events/events.h"
30 #include "param/pyparam.h"
31 #include "auth/gensec/gensec.h"
32 #include "librpc/rpc/pyrpc_util.h"
33 #include "libcli/resolve/resolve.h"
34 #include "libcli/finddc.h"
35 #include "dsdb/samdb/samdb.h"
37 #include "librpc/rpc/pyrpc_util.h"
41 static PyObject *py_net_join_member(py_net_Object *self, PyObject *args, PyObject *kwargs)
43 struct libnet_Join_member r;
48 const char *kwnames[] = { "domain_name", "netbios_name", "level", "machinepass", NULL };
52 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "ssi|z:Join", discard_const_p(char *, kwnames),
53 &r.in.domain_name, &r.in.netbios_name,
55 &r.in.account_pass)) {
60 mem_ctx = talloc_new(self->mem_ctx);
61 if (mem_ctx == NULL) {
66 status = libnet_Join_member(self->libnet_ctx, mem_ctx, &r);
67 if (NT_STATUS_IS_ERR(status)) {
68 PyErr_SetString(PyExc_RuntimeError, r.out.error_string?r.out.error_string:nt_errstr(status));
73 result = Py_BuildValue("sss", r.out.join_password,
74 dom_sid_string(mem_ctx, r.out.domain_sid),
82 static const char py_net_join_member_doc[] = "join_member(domain_name, netbios_name, level) -> (join_password, domain_sid, domain_name)\n\n" \
83 "Join the domain with the specified name.";
85 static PyObject *py_net_change_password(py_net_Object *self, PyObject *args, PyObject *kwargs)
87 union libnet_ChangePassword r;
90 struct tevent_context *ev;
91 const char *kwnames[] = { "newpassword", NULL };
95 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s:change_password",
96 discard_const_p(char *, kwnames),
97 &r.generic.in.newpassword)) {
101 r.generic.level = LIBNET_CHANGE_PASSWORD_GENERIC;
102 r.generic.in.account_name = cli_credentials_get_username(self->libnet_ctx->cred);
103 r.generic.in.domain_name = cli_credentials_get_domain(self->libnet_ctx->cred);
104 r.generic.in.oldpassword = cli_credentials_get_password(self->libnet_ctx->cred);
106 /* FIXME: we really need to get a context from the caller or we may end
107 * up with 2 event contexts */
108 ev = s4_event_context_init(NULL);
110 mem_ctx = talloc_new(ev);
111 if (mem_ctx == NULL) {
116 status = libnet_ChangePassword(self->libnet_ctx, mem_ctx, &r);
117 if (NT_STATUS_IS_ERR(status)) {
118 PyErr_SetString(PyExc_RuntimeError,
119 r.generic.out.error_string?r.generic.out.error_string:nt_errstr(status));
120 talloc_free(mem_ctx);
124 talloc_free(mem_ctx);
129 static const char py_net_change_password_doc[] = "change_password(newpassword) -> True\n\n" \
130 "Change password for a user. You must supply credential with enough rights to do this.\n\n" \
131 "Sample usage is:\n" \
132 "net.change_password(newpassword=<new_password>)\n";
135 static PyObject *py_net_set_password(py_net_Object *self, PyObject *args, PyObject *kwargs)
137 union libnet_SetPassword r;
140 struct tevent_context *ev;
141 const char *kwnames[] = { "account_name", "domain_name", "newpassword", NULL };
145 r.generic.level = LIBNET_SET_PASSWORD_GENERIC;
147 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "sss:set_password",
148 discard_const_p(char *, kwnames),
149 &r.generic.in.account_name,
150 &r.generic.in.domain_name,
151 &r.generic.in.newpassword)) {
155 /* FIXME: we really need to get a context from the caller or we may end
156 * up with 2 event contexts */
157 ev = s4_event_context_init(NULL);
159 mem_ctx = talloc_new(ev);
160 if (mem_ctx == NULL) {
165 status = libnet_SetPassword(self->libnet_ctx, mem_ctx, &r);
166 if (NT_STATUS_IS_ERR(status)) {
167 PyErr_SetString(PyExc_RuntimeError,
168 r.generic.out.error_string?r.generic.out.error_string:nt_errstr(status));
169 talloc_free(mem_ctx);
173 talloc_free(mem_ctx);
178 static const char py_net_set_password_doc[] = "set_password(account_name, domain_name, newpassword) -> True\n\n" \
179 "Set password for a user. You must supply credential with enough rights to do this.\n\n" \
180 "Sample usage is:\n" \
181 "net.set_password(account_name=account_name, domain_name=domain_name, newpassword=new_pass)\n";
184 static PyObject *py_net_time(py_net_Object *self, PyObject *args, PyObject *kwargs)
186 const char *kwnames[] = { "server_name", NULL };
187 union libnet_RemoteTOD r;
194 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s",
195 discard_const_p(char *, kwnames), &r.generic.in.server_name))
198 r.generic.level = LIBNET_REMOTE_TOD_GENERIC;
200 mem_ctx = talloc_new(NULL);
201 if (mem_ctx == NULL) {
206 status = libnet_RemoteTOD(self->libnet_ctx, mem_ctx, &r);
207 if (!NT_STATUS_IS_OK(status)) {
208 PyErr_SetString(PyExc_RuntimeError,
209 r.generic.out.error_string?r.generic.out.error_string:nt_errstr(status));
210 talloc_free(mem_ctx);
214 ZERO_STRUCT(timestr);
215 tm = localtime(&r.generic.out.time);
216 strftime(timestr, sizeof(timestr)-1, "%c %Z",tm);
218 ret = PyString_FromString(timestr);
220 talloc_free(mem_ctx);
225 static const char py_net_time_doc[] = "time(server_name) -> timestr\n"
226 "Retrieve the remote time on a server";
228 static PyObject *py_net_user_create(py_net_Object *self, PyObject *args, PyObject *kwargs)
230 const char *kwnames[] = { "username", NULL };
233 struct libnet_CreateUser r;
235 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s", discard_const_p(char *, kwnames),
239 r.in.domain_name = cli_credentials_get_domain(self->libnet_ctx->cred);
241 mem_ctx = talloc_new(NULL);
242 if (mem_ctx == NULL) {
247 status = libnet_CreateUser(self->libnet_ctx, mem_ctx, &r);
248 if (!NT_STATUS_IS_OK(status)) {
249 PyErr_SetString(PyExc_RuntimeError, r.out.error_string?r.out.error_string:nt_errstr(status));
250 talloc_free(mem_ctx);
254 talloc_free(mem_ctx);
259 static const char py_net_create_user_doc[] = "create_user(username)\n"
260 "Create a new user.";
262 static PyObject *py_net_user_delete(py_net_Object *self, PyObject *args, PyObject *kwargs)
264 const char *kwnames[] = { "username", NULL };
267 struct libnet_DeleteUser r;
269 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s", discard_const_p(char *, kwnames),
273 r.in.domain_name = cli_credentials_get_domain(self->libnet_ctx->cred);
275 mem_ctx = talloc_new(NULL);
276 if (mem_ctx == NULL) {
281 status = libnet_DeleteUser(self->libnet_ctx, mem_ctx, &r);
282 if (!NT_STATUS_IS_OK(status)) {
283 PyErr_SetString(PyExc_RuntimeError, r.out.error_string?r.out.error_string:nt_errstr(status));
284 talloc_free(mem_ctx);
288 talloc_free(mem_ctx);
293 static const char py_net_delete_user_doc[] = "delete_user(username)\n"
296 static PyObject *py_dom_sid_FromSid(struct dom_sid *sid)
298 PyObject *mod_security, *dom_sid_Type;
300 mod_security = PyImport_ImportModule("samba.dcerpc.security");
301 if (mod_security == NULL)
304 dom_sid_Type = PyObject_GetAttrString(mod_security, "dom_sid");
305 if (dom_sid_Type == NULL)
308 return pytalloc_reference((PyTypeObject *)dom_sid_Type, sid);
311 static PyObject *py_net_vampire(py_net_Object *self, PyObject *args, PyObject *kwargs)
313 const char *kwnames[] = { "domain", "target_dir", NULL };
317 struct libnet_Vampire r;
321 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|z", discard_const_p(char *, kwnames),
322 &r.in.domain_name, &r.in.targetdir)) {
326 r.in.netbios_name = lpcfg_netbios_name(self->libnet_ctx->lp_ctx);
327 r.out.error_string = NULL;
329 mem_ctx = talloc_new(NULL);
330 if (mem_ctx == NULL) {
335 status = libnet_Vampire(self->libnet_ctx, mem_ctx, &r);
337 if (!NT_STATUS_IS_OK(status)) {
338 PyErr_SetString(PyExc_RuntimeError,
339 r.out.error_string ? r.out.error_string : nt_errstr(status));
340 talloc_free(mem_ctx);
344 ret = Py_BuildValue("(sO)", r.out.domain_name, py_dom_sid_FromSid(r.out.domain_sid));
346 talloc_free(mem_ctx);
351 struct replicate_state {
353 dcerpc_InterfaceObject *drs_pipe;
354 struct libnet_BecomeDC_StoreChunk chunk;
355 DATA_BLOB gensec_skey;
356 struct libnet_BecomeDC_Partition partition;
357 struct libnet_BecomeDC_Forest forest;
358 struct libnet_BecomeDC_DestDSA dest_dsa;
362 setup for replicate_chunk() calls
364 static PyObject *py_net_replicate_init(py_net_Object *self, PyObject *args, PyObject *kwargs)
366 const char *kwnames[] = { "samdb", "lp", "drspipe", "invocation_id", NULL };
367 PyObject *py_ldb, *py_lp, *py_drspipe, *py_invocation_id;
368 struct ldb_context *samdb;
369 struct loadparm_context *lp;
370 struct replicate_state *s;
373 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "OOOO",
374 discard_const_p(char *, kwnames),
375 &py_ldb, &py_lp, &py_drspipe,
376 &py_invocation_id)) {
380 s = talloc_zero(NULL, struct replicate_state);
383 lp = lpcfg_from_py_object(s, py_lp);
385 PyErr_SetString(PyExc_TypeError, "Expected lp object");
390 samdb = pyldb_Ldb_AsLdbContext(py_ldb);
392 PyErr_SetString(PyExc_TypeError, "Expected ldb object");
396 if (!py_check_dcerpc_type(py_invocation_id, "samba.dcerpc.misc", "GUID")) {
401 s->dest_dsa.invocation_id = *pytalloc_get_type(py_invocation_id, struct GUID);
403 s->drs_pipe = (dcerpc_InterfaceObject *)(py_drspipe);
405 s->vampire_state = libnet_vampire_replicate_init(s, samdb, lp);
406 if (s->vampire_state == NULL) {
407 PyErr_SetString(PyExc_TypeError, "Failed to initialise vampire_state");
412 status = gensec_session_key(s->drs_pipe->pipe->conn->security_state.generic_state,
415 if (!NT_STATUS_IS_OK(status)) {
416 PyErr_Format(PyExc_RuntimeError, "Unable to get session key from drspipe: %s",
422 s->forest.dns_name = samdb_dn_to_dns_domain(s, ldb_get_root_basedn(samdb));
423 s->forest.root_dn_str = ldb_dn_get_linearized(ldb_get_root_basedn(samdb));
424 s->forest.config_dn_str = ldb_dn_get_linearized(ldb_get_config_basedn(samdb));
425 s->forest.schema_dn_str = ldb_dn_get_linearized(ldb_get_schema_basedn(samdb));
427 s->chunk.gensec_skey = &s->gensec_skey;
428 s->chunk.partition = &s->partition;
429 s->chunk.forest = &s->forest;
430 s->chunk.dest_dsa = &s->dest_dsa;
432 return pytalloc_CObject_FromTallocPtr(s);
437 process one replication chunk
439 static PyObject *py_net_replicate_chunk(py_net_Object *self, PyObject *args, PyObject *kwargs)
441 const char *kwnames[] = { "state", "level", "ctr",
442 "schema", "req_level", "req",
444 PyObject *py_state, *py_ctr, *py_schema = Py_None, *py_req = Py_None;
445 struct replicate_state *s;
447 unsigned req_level = 0;
448 NTSTATUS (*chunk_handler)(void *private_data, const struct libnet_BecomeDC_StoreChunk *c);
451 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "OIO|OIO",
452 discard_const_p(char *, kwnames),
453 &py_state, &level, &py_ctr,
454 &py_schema, &req_level, &py_req)) {
458 s = talloc_get_type(PyCObject_AsVoidPtr(py_state), struct replicate_state);
460 PyErr_SetString(PyExc_TypeError, "Expected replication_state");
466 if (!py_check_dcerpc_type(py_ctr, "samba.dcerpc.drsuapi", "DsGetNCChangesCtr1")) {
469 s->chunk.ctr1 = pytalloc_get_ptr(py_ctr);
470 s->partition.nc = *s->chunk.ctr1->naming_context;
471 s->partition.more_data = s->chunk.ctr1->more_data;
472 s->partition.source_dsa_guid = s->chunk.ctr1->source_dsa_guid;
473 s->partition.source_dsa_invocation_id = s->chunk.ctr1->source_dsa_invocation_id;
474 s->partition.highwatermark = s->chunk.ctr1->new_highwatermark;
477 if (!py_check_dcerpc_type(py_ctr, "samba.dcerpc.drsuapi", "DsGetNCChangesCtr6")) {
480 s->chunk.ctr6 = pytalloc_get_ptr(py_ctr);
481 s->partition.nc = *s->chunk.ctr6->naming_context;
482 s->partition.more_data = s->chunk.ctr6->more_data;
483 s->partition.source_dsa_guid = s->chunk.ctr6->source_dsa_guid;
484 s->partition.source_dsa_invocation_id = s->chunk.ctr6->source_dsa_invocation_id;
485 s->partition.highwatermark = s->chunk.ctr6->new_highwatermark;
488 PyErr_Format(PyExc_TypeError, "Bad level %u in replicate_chunk", level);
492 s->chunk.req5 = NULL;
493 s->chunk.req8 = NULL;
494 s->chunk.req10 = NULL;
500 if (!py_check_dcerpc_type(py_req, "samba.dcerpc.drsuapi", "DsGetNCChangesRequest5")) {
504 s->chunk.req5 = pytalloc_get_ptr(py_req);
507 if (!py_check_dcerpc_type(py_req, "samba.dcerpc.drsuapi", "DsGetNCChangesRequest8")) {
511 s->chunk.req8 = pytalloc_get_ptr(py_req);
514 if (!py_check_dcerpc_type(py_req, "samba.dcerpc.drsuapi", "DsGetNCChangesRequest10")) {
518 s->chunk.req10 = pytalloc_get_ptr(py_req);
521 PyErr_Format(PyExc_TypeError, "Bad req_level %u in replicate_chunk", req_level);
525 s->chunk.req_level = req_level;
527 chunk_handler = libnet_vampire_cb_store_chunk;
529 if (!PyBool_Check(py_schema)) {
530 PyErr_SetString(PyExc_TypeError, "Expected boolean schema");
533 if (py_schema == Py_True) {
534 chunk_handler = libnet_vampire_cb_schema_chunk;
538 s->chunk.ctr_level = level;
540 status = chunk_handler(s->vampire_state, &s->chunk);
541 if (!NT_STATUS_IS_OK(status)) {
542 PyErr_Format(PyExc_TypeError, "Failed to process chunk: %s", nt_errstr(status));
551 find a DC given a domain name and server type
553 static PyObject *py_net_finddc(py_net_Object *self, PyObject *args, PyObject *kwargs)
555 const char *domain = NULL, *address = NULL;
556 unsigned server_type;
561 const char * const kwnames[] = { "flags", "domain", "address", NULL };
563 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "I|ss",
564 discard_const_p(char *, kwnames),
565 &server_type, &domain, &address)) {
569 mem_ctx = talloc_new(self->mem_ctx);
571 io = talloc_zero(mem_ctx, struct finddcs);
572 if (domain != NULL) {
573 io->in.domain_name = domain;
575 if (address != NULL) {
576 io->in.server_address = address;
578 io->in.minimum_dc_flags = server_type;
580 status = finddcs_cldap(io, io,
581 lpcfg_resolve_context(self->libnet_ctx->lp_ctx), self->ev);
582 if (NT_STATUS_IS_ERR(status)) {
583 PyErr_SetString(PyExc_RuntimeError, nt_errstr(status));
584 talloc_free(mem_ctx);
588 ret = py_return_ndr_struct("samba.dcerpc.nbt", "NETLOGON_SAM_LOGON_RESPONSE_EX",
589 io, &io->out.netlogon.data.nt5_ex);
590 talloc_free(mem_ctx);
596 static const char py_net_vampire_doc[] = "vampire(domain, target_dir=None)\n"
599 static const char py_net_replicate_init_doc[] = "replicate_init(samdb, lp, drspipe)\n"
600 "Setup for replicate_chunk calls.";
602 static const char py_net_replicate_chunk_doc[] = "replicate_chunk(state, level, ctr, schema)\n"
603 "Process replication for one chunk";
605 static const char py_net_finddc_doc[] = "finddc(flags=server_type, domain=None, address=None)\n"
606 "Find a DC with the specified 'server_type' bits. The 'domain' and/or 'address' have to be used as additional search criteria. Returns the whole netlogon struct";
608 static PyMethodDef net_obj_methods[] = {
609 {"join_member", (PyCFunction)py_net_join_member, METH_VARARGS|METH_KEYWORDS, py_net_join_member_doc},
610 {"change_password", (PyCFunction)py_net_change_password, METH_VARARGS|METH_KEYWORDS, py_net_change_password_doc},
611 {"set_password", (PyCFunction)py_net_set_password, METH_VARARGS|METH_KEYWORDS, py_net_set_password_doc},
612 {"time", (PyCFunction)py_net_time, METH_VARARGS|METH_KEYWORDS, py_net_time_doc},
613 {"create_user", (PyCFunction)py_net_user_create, METH_VARARGS|METH_KEYWORDS, py_net_create_user_doc},
614 {"delete_user", (PyCFunction)py_net_user_delete, METH_VARARGS|METH_KEYWORDS, py_net_delete_user_doc},
615 {"vampire", (PyCFunction)py_net_vampire, METH_VARARGS|METH_KEYWORDS, py_net_vampire_doc},
616 {"replicate_init", (PyCFunction)py_net_replicate_init, METH_VARARGS|METH_KEYWORDS, py_net_replicate_init_doc},
617 {"replicate_chunk", (PyCFunction)py_net_replicate_chunk, METH_VARARGS|METH_KEYWORDS, py_net_replicate_chunk_doc},
618 {"finddc", (PyCFunction)py_net_finddc, METH_KEYWORDS, py_net_finddc_doc},
622 static void py_net_dealloc(py_net_Object *self)
624 talloc_free(self->mem_ctx);
628 static PyObject *net_obj_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
630 PyObject *py_creds, *py_lp = Py_None;
631 const char *kwnames[] = { "creds", "lp", "server", NULL };
633 struct loadparm_context *lp;
634 const char *server_address = NULL;
636 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "O|Oz",
637 discard_const_p(char *, kwnames), &py_creds, &py_lp,
641 ret = PyObject_New(py_net_Object, type);
646 /* FIXME: we really need to get a context from the caller or we may end
647 * up with 2 event contexts */
648 ret->ev = s4_event_context_init(NULL);
649 ret->mem_ctx = talloc_new(ret->ev);
651 lp = lpcfg_from_py_object(ret->mem_ctx, py_lp);
657 ret->libnet_ctx = libnet_context_init(ret->ev, lp);
658 if (ret->libnet_ctx == NULL) {
659 PyErr_SetString(PyExc_RuntimeError, "Unable to initialize net");
664 ret->libnet_ctx->server_address = server_address;
666 ret->libnet_ctx->cred = cli_credentials_from_py_object(py_creds);
667 if (ret->libnet_ctx->cred == NULL) {
668 PyErr_SetString(PyExc_TypeError, "Expected credentials object");
673 return (PyObject *)ret;
677 PyTypeObject py_net_Type = {
678 PyObject_HEAD_INIT(NULL) 0,
679 .tp_name = "net.Net",
680 .tp_basicsize = sizeof(py_net_Object),
681 .tp_dealloc = (destructor)py_net_dealloc,
682 .tp_methods = net_obj_methods,
683 .tp_new = net_obj_new,
690 if (PyType_Ready(&py_net_Type) < 0)
693 m = Py_InitModule3("net", NULL, NULL);
697 Py_INCREF(&py_net_Type);
698 PyModule_AddObject(m, "Net", (PyObject *)&py_net_Type);
699 PyModule_AddObject(m, "LIBNET_JOINDOMAIN_AUTOMATIC", PyInt_FromLong(LIBNET_JOINDOMAIN_AUTOMATIC));
700 PyModule_AddObject(m, "LIBNET_JOINDOMAIN_SPECIFIED", PyInt_FromLong(LIBNET_JOINDOMAIN_SPECIFIED));
701 PyModule_AddObject(m, "LIBNET_JOIN_AUTOMATIC", PyInt_FromLong(LIBNET_JOIN_AUTOMATIC));
702 PyModule_AddObject(m, "LIBNET_JOIN_SPECIFIED", PyInt_FromLong(LIBNET_JOIN_SPECIFIED));
git.samba.org / samba.git / blob