along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-#include <Python.h>
+#include "lib/replace/system/python.h"
+#include "python/py3compat.h"
#include "includes.h"
+#include "python/modules.h"
#include "libcli/util/pyerrors.h"
#include "param/param.h"
#include "pyauth.h"
#include "pyldb.h"
#include "auth/system_session_proto.h"
#include "auth/auth.h"
+#include "auth/auth_util.h"
#include "param/pyparam.h"
#include "libcli/security/security.h"
#include "auth/credentials/pycredentials.h"
#include <tevent.h>
#include "librpc/rpc/pyrpc_util.h"
+#include "lib/events/events.h"
-staticforward PyTypeObject PyAuthContext;
+static PyTypeObject PyAuthContext;
-/* There's no Py_ssize_t in 2.4, apparently */
-#if PY_MAJOR_VERSION == 2 && PY_MINOR_VERSION < 5
-typedef int Py_ssize_t;
-typedef inquiry lenfunc;
-typedef intargfunc ssizeargfunc;
-#endif
-
-#ifndef Py_RETURN_NONE
-#define Py_RETURN_NONE return Py_INCREF(Py_None), Py_None
-#endif
-
-static PyObject *py_auth_session_get_security_token(PyObject *self, void *closure)
-{
- struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
- PyObject *py_security_token;
- py_security_token = py_return_ndr_struct("samba.dcerpc.security", "token",
- session->security_token, session->security_token);
- return py_security_token;
-}
-
-static int py_auth_session_set_security_token(PyObject *self, PyObject *value, void *closure)
-{
- struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
- session->security_token = talloc_reference(session, py_talloc_get_ptr(value));
- return 0;
-}
-
-static PyObject *py_auth_session_get_session_key(PyObject *self, void *closure)
-{
- struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
- return PyString_FromStringAndSize((char *)session->session_key.data, session->session_key.length);
-}
-
-static int py_auth_session_set_session_key(PyObject *self, PyObject *value, void *closure)
+static PyObject *PyAuthSession_FromSession(struct auth_session_info *session)
{
- DATA_BLOB val;
- struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
- val.data = (uint8_t *)PyString_AsString(value);
- val.length = PyString_Size(value);
-
- session->session_key = data_blob_talloc(session, val.data, val.length);
- return 0;
+ return py_return_ndr_struct("samba.dcerpc.auth", "session_info", session, session);
}
-static PyObject *py_auth_session_get_credentials(PyObject *self, void *closure)
+static PyObject *py_copy_session_info(PyObject *module,
+ PyObject *args,
+ PyObject *kwargs)
{
- struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
- PyObject *py_credentials;
- /* This is evil, as the credentials are not IDL structures */
- py_credentials = py_return_ndr_struct("samba.credentials", "Credentials", session->credentials, session->credentials);
- return py_credentials;
-}
+ PyObject *py_session = Py_None;
+ PyObject *result = Py_None;
+ struct auth_session_info *session = NULL;
+ struct auth_session_info *session_duplicate = NULL;
+ TALLOC_CTX *frame;
+ int ret = 1;
+
+ const char * const kwnames[] = { "session_info", NULL };
+
+ ret = PyArg_ParseTupleAndKeywords(args,
+ kwargs,
+ "O",
+ discard_const_p(char *, kwnames),
+ &py_session);
+ if (!ret) {
+ return NULL;
+ }
-static int py_auth_session_set_credentials(PyObject *self, PyObject *value, void *closure)
-{
- struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
- session->credentials = talloc_reference(session, PyCredentials_AsCliCredentials(value));
- return 0;
-}
+ ret = py_check_dcerpc_type(py_session,
+ "samba.dcerpc.auth",
+ "session_info");
+ if (!ret) {
+ return NULL;
+ }
+ session = pytalloc_get_type(py_session,
+ struct auth_session_info);
+ if (!session) {
+ PyErr_Format(PyExc_TypeError,
+ "Expected auth_session_info for session_info "
+ "argument got %s",
+ pytalloc_get_name(py_session));
+ return NULL;
+ }
-static PyGetSetDef py_auth_session_getset[] = {
- { discard_const_p(char, "security_token"), (getter)py_auth_session_get_security_token, (setter)py_auth_session_set_security_token, NULL },
- { discard_const_p(char, "session_key"), (getter)py_auth_session_get_session_key, (setter)py_auth_session_set_session_key, NULL },
- { discard_const_p(char, "credentials"), (getter)py_auth_session_get_credentials, (setter)py_auth_session_set_credentials, NULL },
- { NULL }
-};
+ frame = talloc_stackframe();
+ if (frame == NULL) {
+ return PyErr_NoMemory();
+ }
-static PyTypeObject PyAuthSession = {
- .tp_name = "AuthSession",
- .tp_basicsize = sizeof(py_talloc_Object),
- .tp_flags = Py_TPFLAGS_DEFAULT,
- .tp_getset = py_auth_session_getset,
-};
+ session_duplicate = copy_session_info(frame, session);
+ if (session_duplicate == NULL) {
+ TALLOC_FREE(frame);
+ return PyErr_NoMemory();
+ }
-PyObject *PyAuthSession_FromSession(struct auth_session_info *session)
-{
- return py_talloc_reference(&PyAuthSession, session);
+ result = PyAuthSession_FromSession(session_duplicate);
+ TALLOC_FREE(frame);
+ return result;
}
static PyObject *py_system_session(PyObject *module, PyObject *args)
static PyObject *py_admin_session(PyObject *module, PyObject *args)
{
PyObject *py_lp_ctx;
- PyObject *py_sid;
+ const char *sid;
struct loadparm_context *lp_ctx = NULL;
struct auth_session_info *session;
struct dom_sid *domain_sid = NULL;
TALLOC_CTX *mem_ctx;
- if (!PyArg_ParseTuple(args, "OO", &py_lp_ctx, &py_sid))
+ if (!PyArg_ParseTuple(args, "Os", &py_lp_ctx, &sid))
return NULL;
mem_ctx = talloc_new(NULL);
return NULL;
}
- domain_sid = dom_sid_parse_talloc(mem_ctx, PyString_AsString(py_sid));
+ domain_sid = dom_sid_parse_talloc(mem_ctx, sid);
if (domain_sid == NULL) {
- PyErr_Format(PyExc_RuntimeError, "Unable to parse sid %s",
- PyString_AsString(py_sid));
+ PyErr_Format(PyExc_RuntimeError, "Unable to parse sid %s", sid);
talloc_free(mem_ctx);
return NULL;
}
return NULL;
}
- ldb_ctx = PyLdb_AsLdbContext(py_ldb);
+ ldb_ctx = pyldb_Ldb_AsLdbContext(py_ldb);
+ if (ldb_ctx == NULL) {
+ talloc_free(mem_ctx);
+ return NULL;
+ }
if (py_dn == Py_None) {
user_dn = NULL;
} else {
- if (!PyObject_AsDn(ldb_ctx, py_dn, ldb_ctx, &user_dn)) {
+ if (!pyldb_Object_AsDn(ldb_ctx, py_dn, ldb_ctx, &user_dn)) {
talloc_free(mem_ctx);
return NULL;
}
return PyAuthSession_FromSession(session);
}
+static PyObject *py_session_info_fill_unix(PyObject *module,
+ PyObject *args,
+ PyObject *kwargs)
+{
+ NTSTATUS nt_status;
+ char *user_name = NULL;
+ struct loadparm_context *lp_ctx = NULL;
+ struct auth_session_info *session_info;
+ PyObject *py_lp_ctx = Py_None;
+ PyObject *py_session = Py_None;
+ TALLOC_CTX *frame;
+
+ const char * const kwnames[] = { "session_info",
+ "user_name",
+ "lp_ctx",
+ NULL };
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "Oz|O",
+ discard_const_p(char *, kwnames),
+ &py_session,
+ &user_name,
+ &py_lp_ctx)) {
+ return NULL;
+ }
+
+ if (!py_check_dcerpc_type(py_session,
+ "samba.dcerpc.auth",
+ "session_info")) {
+ return NULL;
+ }
+ session_info = pytalloc_get_type(py_session,
+ struct auth_session_info);
+ if (!session_info) {
+ PyErr_Format(PyExc_TypeError,
+ "Expected auth_session_info for session_info argument got %s",
+ pytalloc_get_name(py_session));
+ return NULL;
+ }
+
+ frame = talloc_stackframe();
+
+ lp_ctx = lpcfg_from_py_object(frame, py_lp_ctx);
+ if (lp_ctx == NULL) {
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ nt_status = auth_session_info_fill_unix(lp_ctx,
+ user_name,
+ session_info);
+ TALLOC_FREE(frame);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ PyErr_NTSTATUS_IS_ERR_RAISE(nt_status);
+ }
+
+ Py_RETURN_NONE;
+}
+
-static const char **PyList_AsStringList(TALLOC_CTX *mem_ctx, PyObject *list,
- const char *paramname)
+static PyObject *py_session_info_set_unix(PyObject *module,
+ PyObject *args,
+ PyObject *kwargs)
{
- const char **ret;
- Py_ssize_t i;
- if (!PyList_Check(list)) {
- PyErr_Format(PyExc_TypeError, "%s is not a list", paramname);
+ NTSTATUS nt_status;
+ char *user_name = NULL;
+ int uid = -1;
+ int gid = -1;
+ struct loadparm_context *lp_ctx = NULL;
+ struct auth_session_info *session_info;
+ PyObject *py_lp_ctx = Py_None;
+ PyObject *py_session = Py_None;
+ TALLOC_CTX *frame;
+
+ const char * const kwnames[] = { "session_info",
+ "user_name",
+ "uid",
+ "gid",
+ "lp_ctx",
+ NULL };
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "Ozii|O",
+ discard_const_p(char *, kwnames),
+ &py_session,
+ &user_name,
+ &uid,
+ &gid,
+ &py_lp_ctx)) {
return NULL;
}
- ret = talloc_array(NULL, const char *, PyList_Size(list)+1);
- if (ret == NULL) {
- PyErr_NoMemory();
+
+ if (!py_check_dcerpc_type(py_session,
+ "samba.dcerpc.auth",
+ "session_info")) {
+ return NULL;
+ }
+ session_info = pytalloc_get_type(py_session,
+ struct auth_session_info);
+ if (!session_info) {
+ PyErr_Format(PyExc_TypeError,
+ "Expected auth_session_info for session_info "
+ "argument got %s",
+ pytalloc_get_name(py_session));
return NULL;
}
- for (i = 0; i < PyList_Size(list); i++) {
- PyObject *item = PyList_GetItem(list, i);
- if (!PyString_Check(item)) {
- PyErr_Format(PyExc_TypeError, "%s should be strings", paramname);
- return NULL;
- }
- ret[i] = talloc_strndup(ret, PyString_AsString(item),
- PyString_Size(item));
+ frame = talloc_stackframe();
+
+ lp_ctx = lpcfg_from_py_object(frame, py_lp_ctx);
+ if (lp_ctx == NULL) {
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ nt_status = auth_session_info_set_unix(lp_ctx,
+ user_name,
+ uid,
+ gid,
+ session_info);
+ TALLOC_FREE(frame);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ PyErr_NTSTATUS_IS_ERR_RAISE(nt_status);
}
- ret[i] = NULL;
- return ret;
+
+ Py_RETURN_NONE;
}
-static PyObject *PyAuthContext_FromContext(struct auth_context *auth_context)
+
+static PyObject *PyAuthContext_FromContext(struct auth4_context *auth_context)
{
- return py_talloc_reference(&PyAuthContext, auth_context);
+ return pytalloc_reference(&PyAuthContext, auth_context);
}
static PyObject *py_auth_context_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
{
PyObject *py_lp_ctx = Py_None;
PyObject *py_ldb = Py_None;
- PyObject *py_messaging_ctx = Py_None;
PyObject *py_auth_context = Py_None;
PyObject *py_methods = Py_None;
TALLOC_CTX *mem_ctx;
- struct auth_context *auth_context;
- struct messaging_context *messaging_context = NULL;
+ struct auth4_context *auth_context;
struct loadparm_context *lp_ctx;
struct tevent_context *ev;
- struct ldb_context *ldb;
+ struct ldb_context *ldb = NULL;
NTSTATUS nt_status;
- const char **methods;
+ const char *const *methods;
- const char * const kwnames[] = { "lp_ctx", "messaging_ctx", "ldb", "methods", NULL };
+ const char *const kwnames[] = {"lp_ctx", "ldb", "methods", NULL};
- if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|OOOO",
+ if (!PyArg_ParseTupleAndKeywords(args,
+ kwargs,
+ "|OOO",
discard_const_p(char *, kwnames),
- &py_lp_ctx, &py_messaging_ctx, &py_ldb, &py_methods))
+ &py_lp_ctx,
+ &py_ldb,
+ &py_methods))
return NULL;
mem_ctx = talloc_new(NULL);
}
if (py_ldb != Py_None) {
- ldb = PyLdb_AsLdbContext(py_ldb);
+ ldb = pyldb_Ldb_AsLdbContext(py_ldb);
+ if (ldb == NULL) {
+ talloc_free(mem_ctx);
+ return NULL;
+ }
}
lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
-
- ev = tevent_context_init(mem_ctx);
- if (ev == NULL) {
+ if (lp_ctx == NULL) {
+ talloc_free(mem_ctx);
PyErr_NoMemory();
return NULL;
}
- if (py_messaging_ctx != Py_None) {
- messaging_context = py_talloc_get_type(py_messaging_ctx, struct messaging_context);
+ ev = s4_event_context_init(mem_ctx);
+ if (ev == NULL) {
+ talloc_free(mem_ctx);
+ PyErr_NoMemory();
+ return NULL;
}
if (py_methods == Py_None && py_ldb == Py_None) {
- nt_status = auth_context_create(mem_ctx, ev, messaging_context, lp_ctx, &auth_context);
+ nt_status = auth_context_create(
+ mem_ctx, ev, NULL, lp_ctx, &auth_context);
} else {
if (py_methods != Py_None) {
- methods = PyList_AsStringList(mem_ctx, py_methods, "methods");
+ methods = (const char * const *)PyList_AsStringList(mem_ctx, py_methods, "methods");
if (methods == NULL) {
talloc_free(mem_ctx);
return NULL;
} else {
methods = auth_methods_from_lp(mem_ctx, lp_ctx);
}
- nt_status = auth_context_create_methods(mem_ctx, methods, ev,
- messaging_context, lp_ctx,
- ldb, &auth_context);
+ nt_status = auth_context_create_methods(
+ mem_ctx, methods, ev, NULL, lp_ctx, ldb, &auth_context);
}
if (!NT_STATUS_IS_OK(nt_status)) {
static PyTypeObject PyAuthContext = {
.tp_name = "AuthContext",
- .tp_basicsize = sizeof(py_talloc_Object),
.tp_flags = Py_TPFLAGS_DEFAULT,
.tp_new = py_auth_context_new,
- .tp_basicsize = sizeof(py_talloc_Object),
};
static PyMethodDef py_auth_methods[] = {
{ "system_session", (PyCFunction)py_system_session, METH_VARARGS, NULL },
{ "admin_session", (PyCFunction)py_admin_session, METH_VARARGS, NULL },
- { "user_session", (PyCFunction)py_user_session, METH_VARARGS|METH_KEYWORDS, NULL },
- { NULL },
+ { "user_session", PY_DISCARD_FUNC_SIG(PyCFunction,py_user_session),
+ METH_VARARGS|METH_KEYWORDS, NULL },
+ { "session_info_fill_unix",
+ PY_DISCARD_FUNC_SIG(PyCFunction,py_session_info_fill_unix),
+ METH_VARARGS|METH_KEYWORDS,
+ NULL },
+ { "session_info_set_unix",
+ PY_DISCARD_FUNC_SIG(PyCFunction,py_session_info_set_unix),
+ METH_VARARGS|METH_KEYWORDS,
+ NULL },
+ { "copy_session_info",
+ PY_DISCARD_FUNC_SIG(PyCFunction,py_copy_session_info),
+ METH_VARARGS|METH_KEYWORDS,
+ NULL },
+ {0},
+};
+
+static struct PyModuleDef moduledef = {
+ PyModuleDef_HEAD_INIT,
+ .m_name = "auth",
+ .m_doc = "Authentication and authorization support.",
+ .m_size = -1,
+ .m_methods = py_auth_methods,
};
-void initauth(void)
+MODULE_INIT_FUNC(auth)
{
PyObject *m;
- PyAuthSession.tp_base = PyTalloc_GetObjectType();
- if (PyAuthSession.tp_base == NULL)
- return;
-
- if (PyType_Ready(&PyAuthSession) < 0)
- return;
-
- PyAuthContext.tp_base = PyTalloc_GetObjectType();
- if (PyAuthContext.tp_base == NULL)
- return;
-
- if (PyType_Ready(&PyAuthContext) < 0)
- return;
+ if (pytalloc_BaseObject_PyType_Ready(&PyAuthContext) < 0)
+ return NULL;
- m = Py_InitModule3("auth", py_auth_methods,
- "Authentication and authorization support.");
+ m = PyModule_Create(&moduledef);
if (m == NULL)
- return;
+ return NULL;
- Py_INCREF(&PyAuthSession);
- PyModule_AddObject(m, "AuthSession", (PyObject *)&PyAuthSession);
Py_INCREF(&PyAuthContext);
PyModule_AddObject(m, "AuthContext", (PyObject *)&PyAuthContext);
-#define ADD_FLAG(val) PyModule_AddObject(m, #val, PyInt_FromLong(val))
+#define ADD_FLAG(val) PyModule_AddIntConstant(m, #val, val)
ADD_FLAG(AUTH_SESSION_INFO_DEFAULT_GROUPS);
ADD_FLAG(AUTH_SESSION_INFO_AUTHENTICATED);
ADD_FLAG(AUTH_SESSION_INFO_SIMPLE_PRIVILEGES);
+ ADD_FLAG(AUTH_SESSION_INFO_NTLM);
+ return m;
}