2 Unix SMB/CIFS implementation.
4 Python wrapper for winbind client functions.
6 Copyright (C) Tim Potter 2002
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 #include "py_common_proto.h"
29 * Exceptions raised by this module
32 PyObject *winbind_error; /* A winbind call returned WINBINDD_ERROR */
34 /* Prototypes from common.h */
36 NSS_STATUS winbindd_request(int req_type,
37 struct winbindd_request *request,
38 struct winbindd_response *response);
41 * Name <-> SID conversion
44 /* Convert a name to a sid */
46 static PyObject *py_name_to_sid(PyObject *self, PyObject *args)
49 struct winbindd_request request;
50 struct winbindd_response response;
54 if (!PyArg_ParseTuple(args, "s", &name))
58 ZERO_STRUCT(response);
60 sep = lp_winbind_separator();
62 if ((p = strchr(name, sep[0]))) {
64 fstrcpy(request.data.name.dom_name, name);
65 fstrcpy(request.data.name.name, p + 1);
67 fstrcpy(request.data.name.dom_name, lp_workgroup());
68 fstrcpy(request.data.name.name, name);
71 if (winbindd_request(WINBINDD_LOOKUPNAME, &request, &response)
72 != NSS_STATUS_SUCCESS) {
73 PyErr_SetString(winbind_error, "lookup failed");
77 result = PyString_FromString(response.data.sid.sid);
82 /* Convert a sid to a name */
84 static PyObject *py_sid_to_name(PyObject *self, PyObject *args)
86 struct winbindd_request request;
87 struct winbindd_response response;
91 if (!PyArg_ParseTuple(args, "s", &sid))
95 ZERO_STRUCT(response);
97 fstrcpy(request.data.sid, sid);
99 if (winbindd_request(WINBINDD_LOOKUPSID, &request, &response)
100 != NSS_STATUS_SUCCESS) {
101 PyErr_SetString(winbind_error, "lookup failed");
105 asprintf(&name, "%s%s%s", response.data.name.dom_name,
106 lp_winbind_separator(), response.data.name.name);
108 result = PyString_FromString(name);
116 * Enumerate users/groups
119 /* Enumerate domain users */
121 static PyObject *py_enum_domain_users(PyObject *self, PyObject *args)
123 struct winbindd_response response;
126 if (!PyArg_ParseTuple(args, ""))
129 ZERO_STRUCT(response);
131 if (winbindd_request(WINBINDD_LIST_USERS, NULL, &response)
132 != NSS_STATUS_SUCCESS) {
133 PyErr_SetString(winbind_error, "lookup failed");
137 result = PyList_New(0);
139 if (response.extra_data) {
140 char *extra_data = response.extra_data;
143 while (next_token(&extra_data, name, ",", sizeof(fstring)))
144 PyList_Append(result, PyString_FromString(name));
150 /* Enumerate domain groups */
152 static PyObject *py_enum_domain_groups(PyObject *self, PyObject *args)
154 struct winbindd_response response;
155 PyObject *result = NULL;
157 if (!PyArg_ParseTuple(args, ""))
160 ZERO_STRUCT(response);
162 if (winbindd_request(WINBINDD_LIST_GROUPS, NULL, &response)
163 != NSS_STATUS_SUCCESS) {
164 PyErr_SetString(winbind_error, "lookup failed");
168 result = PyList_New(0);
170 if (response.extra_data) {
171 char *extra_data = response.extra_data;
174 while (next_token(&extra_data, name, ",", sizeof(fstring)))
175 PyList_Append(result, PyString_FromString(name));
182 * Miscellaneous domain related
185 /* Enumerate domain groups */
187 static PyObject *py_enum_trust_dom(PyObject *self, PyObject *args)
189 struct winbindd_response response;
190 PyObject *result = NULL;
192 if (!PyArg_ParseTuple(args, ""))
195 ZERO_STRUCT(response);
197 if (winbindd_request(WINBINDD_LIST_TRUSTDOM, NULL, &response)
198 != NSS_STATUS_SUCCESS) {
199 PyErr_SetString(winbind_error, "lookup failed");
203 result = PyList_New(0);
205 if (response.extra_data) {
206 char *extra_data = response.extra_data;
209 while (next_token(&extra_data, name, ",", sizeof(fstring)))
210 PyList_Append(result, PyString_FromString(name));
216 /* Check machine account password */
218 static PyObject *py_check_secret(PyObject *self, PyObject *args)
220 struct winbindd_response response;
222 if (!PyArg_ParseTuple(args, ""))
225 ZERO_STRUCT(response);
227 if (winbindd_request(WINBINDD_CHECK_MACHACC, NULL, &response)
228 != NSS_STATUS_SUCCESS) {
229 PyErr_SetString(winbind_error, "lookup failed");
233 return PyInt_FromLong(response.data.num_entries);
237 * Return a dictionary consisting of all the winbind related smb.conf
238 * parameters. This is stored in the module object.
241 static PyObject *py_config_dict(void)
247 if (!(result = PyDict_New()))
250 /* Various string parameters */
252 PyDict_SetItemString(result, "workgroup",
253 PyString_FromString(lp_workgroup()));
255 PyDict_SetItemString(result, "separator",
256 PyString_FromString(lp_winbind_separator()));
258 PyDict_SetItemString(result, "template_homedir",
259 PyString_FromString(lp_template_homedir()));
261 PyDict_SetItemString(result, "template_shell",
262 PyString_FromString(lp_template_shell()));
264 /* Winbind uid/gid range */
266 if (lp_winbind_uid(&ulow, &uhi)) {
267 PyDict_SetItemString(result, "uid_low", PyInt_FromLong(ulow));
268 PyDict_SetItemString(result, "uid_high", PyInt_FromLong(uhi));
271 if (lp_winbind_gid(&glow, &ghi)) {
272 PyDict_SetItemString(result, "gid_low", PyInt_FromLong(glow));
273 PyDict_SetItemString(result, "gid_high", PyInt_FromLong(ghi));
283 /* Convert a uid to a SID */
285 static PyObject *py_uid_to_sid(PyObject *self, PyObject *args)
287 struct winbindd_request request;
288 struct winbindd_response response;
291 if (!PyArg_ParseTuple(args, "i", &id))
294 ZERO_STRUCT(request);
295 ZERO_STRUCT(response);
297 request.data.uid = id;
299 if (winbindd_request(WINBINDD_UID_TO_SID, &request, &response)
300 != NSS_STATUS_SUCCESS) {
301 PyErr_SetString(winbind_error, "lookup failed");
305 return PyString_FromString(response.data.sid.sid);
308 /* Convert a gid to a SID */
310 static PyObject *py_gid_to_sid(PyObject *self, PyObject *args)
312 struct winbindd_request request;
313 struct winbindd_response response;
316 if (!PyArg_ParseTuple(args, "i", &id))
319 ZERO_STRUCT(request);
320 ZERO_STRUCT(response);
322 request.data.gid = id;
324 if (winbindd_request(WINBINDD_GID_TO_SID, &request, &response)
325 != NSS_STATUS_SUCCESS) {
326 PyErr_SetString(winbind_error, "lookup failed");
330 return PyString_FromString(response.data.sid.sid);
333 /* Convert a sid to a uid */
335 static PyObject *py_sid_to_uid(PyObject *self, PyObject *args)
337 struct winbindd_request request;
338 struct winbindd_response response;
341 if (!PyArg_ParseTuple(args, "s", &sid))
344 ZERO_STRUCT(request);
345 ZERO_STRUCT(response);
347 fstrcpy(request.data.sid, sid);
349 if (winbindd_request(WINBINDD_SID_TO_UID, &request, &response)
350 != NSS_STATUS_SUCCESS) {
351 PyErr_SetString(winbind_error, "lookup failed");
355 return PyInt_FromLong(response.data.uid);
358 /* Convert a sid to a gid */
360 static PyObject *py_sid_to_gid(PyObject *self, PyObject *args)
362 struct winbindd_request request;
363 struct winbindd_response response;
366 if (!PyArg_ParseTuple(args, "s", &sid))
369 ZERO_STRUCT(request);
370 ZERO_STRUCT(response);
372 fstrcpy(request.data.sid, sid);
374 if (winbindd_request(WINBINDD_SID_TO_GID, &request, &response)
375 != NSS_STATUS_SUCCESS) {
376 PyErr_SetString(winbind_error, "lookup failed");
380 return PyInt_FromLong(response.data.gid);
384 * PAM authentication functions
387 /* Plaintext authentication */
389 static PyObject *py_auth_plaintext(PyObject *self, PyObject *args)
391 struct winbindd_request request;
392 struct winbindd_response response;
393 char *username, *password;
395 if (!PyArg_ParseTuple(args, "ss", &username, &password))
398 ZERO_STRUCT(request);
399 ZERO_STRUCT(response);
401 fstrcpy(request.data.auth.user, username);
402 fstrcpy(request.data.auth.pass, password);
404 if (winbindd_request(WINBINDD_PAM_AUTH, &request, &response)
405 != NSS_STATUS_SUCCESS) {
406 PyErr_SetString(winbind_error, "lookup failed");
410 return PyInt_FromLong(response.data.auth.nt_status);
413 /* Challenge/response authentication */
415 static PyObject *py_auth_crap(PyObject *self, PyObject *args)
417 struct winbindd_request request;
418 struct winbindd_response response;
419 char *username, *password;
421 if (!PyArg_ParseTuple(args, "ss", &username, &password))
424 ZERO_STRUCT(request);
425 ZERO_STRUCT(response);
427 fstrcpy(request.data.auth_crap.user, username);
429 generate_random_buffer(request.data.auth_crap.chal, 8, False);
431 SMBencrypt((uchar *)password, request.data.auth_crap.chal,
432 (uchar *)request.data.auth_crap.lm_resp);
433 SMBNTencrypt((uchar *)password, request.data.auth_crap.chal,
434 (uchar *)request.data.auth_crap.nt_resp);
436 request.data.auth_crap.lm_resp_len = 24;
437 request.data.auth_crap.nt_resp_len = 24;
439 if (winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response)
440 != NSS_STATUS_SUCCESS) {
441 PyErr_SetString(winbind_error, "lookup failed");
445 return PyInt_FromLong(response.data.auth.nt_status);
448 /* Get user info from name */
450 static PyObject *py_getpwnam(PyObject *self, PyObject *args)
452 struct winbindd_request request;
453 struct winbindd_response response;
457 if (!PyArg_ParseTuple(args, "s", &username))
460 ZERO_STRUCT(request);
461 ZERO_STRUCT(response);
463 fstrcpy(request.data.username, username);
465 if (winbindd_request(WINBINDD_GETPWNAM, &request, &response)
466 != NSS_STATUS_SUCCESS) {
467 PyErr_SetString(winbind_error, "lookup failed");
471 if (!py_from_winbind_passwd(&result, &response)) {
479 /* Get user info from uid */
481 static PyObject *py_getpwuid(PyObject *self, PyObject *args)
483 struct winbindd_request request;
484 struct winbindd_response response;
488 if (!PyArg_ParseTuple(args, "i", &uid))
491 ZERO_STRUCT(request);
492 ZERO_STRUCT(response);
494 request.data.uid = uid;
496 if (winbindd_request(WINBINDD_GETPWUID, &request, &response)
497 != NSS_STATUS_SUCCESS) {
498 PyErr_SetString(winbind_error, "lookup failed");
502 if (!py_from_winbind_passwd(&result, &response)) {
511 * Method dispatch table
514 static PyMethodDef winbind_methods[] = {
516 { "getpwnam", py_getpwnam, METH_VARARGS, "getpwnam(3)" },
517 { "getpwuid", py_getpwuid, METH_VARARGS, "getpwuid(3)" },
519 /* Name <-> SID conversion */
521 { "name_to_sid", py_name_to_sid, METH_VARARGS,
522 "name_to_sid(s) -> string
524 Return the SID for a name.
528 >>> winbind.name_to_sid('FOO/Administrator')
529 'S-1-5-21-406022937-1377575209-526660263-500' " },
531 { "sid_to_name", py_sid_to_name, METH_VARARGS,
532 "sid_to_name(s) -> string
534 Return the name for a SID.
539 >>> winbind.sid_to_name('S-1-5-21-406022937-1377575209-526660263-500')
540 'FOO/Administrator' " },
542 /* Enumerate users/groups */
544 { "enum_domain_users", py_enum_domain_users, METH_VARARGS,
545 "enum_domain_users() -> list of strings
547 Return a list of domain users.
551 >>> winbind.enum_domain_users()
552 ['FOO/Administrator', 'FOO/anna', 'FOO/Anne Elk', 'FOO/build',
553 'FOO/foo', 'FOO/foo2', 'FOO/foo3', 'FOO/Guest', 'FOO/user1',
554 'FOO/whoops-ptang'] " },
556 { "enum_domain_groups", py_enum_domain_groups, METH_VARARGS,
557 "enum_domain_groups() -> list of strings
559 Return a list of domain groups.
563 >>> winbind.enum_domain_groups()
564 ['FOO/cows', 'FOO/Domain Admins', 'FOO/Domain Guests',
565 'FOO/Domain Users'] " },
569 { "uid_to_sid", py_uid_to_sid, METH_VARARGS,
570 "uid_to_sid(int) -> string
572 Return the SID for a UNIX uid.
576 >>> winbind.uid_to_sid(10000)
577 'S-1-5-21-406022937-1377575209-526660263-500' " },
579 { "gid_to_sid", py_gid_to_sid, METH_VARARGS,
580 "gid_to_sid(int) -> string
582 Return the UNIX gid for a SID.
586 >>> winbind.gid_to_sid(10001)
587 'S-1-5-21-406022937-1377575209-526660263-512' " },
589 { "sid_to_uid", py_sid_to_uid, METH_VARARGS,
590 "sid_to_uid(string) -> int
592 Return the UNIX uid for a SID.
596 >>> winbind.sid_to_uid('S-1-5-21-406022937-1377575209-526660263-500')
599 { "sid_to_gid", py_sid_to_gid, METH_VARARGS,
600 "sid_to_gid(string) -> int
602 Return the UNIX gid corresponding to a SID.
606 >>> winbind.sid_to_gid('S-1-5-21-406022937-1377575209-526660263-512')
611 { "check_secret", py_check_secret, METH_VARARGS,
612 "check_secret() -> int
614 Check the machine trust account password. The NT status is returned
615 with zero indicating success. " },
617 { "enum_trust_dom", py_enum_trust_dom, METH_VARARGS,
618 "enum_trust_dom() -> list of strings
620 Return a list of trusted domains. The domain the server is a member
625 >>> winbind.enum_trust_dom()
626 ['NPSD-TEST2', 'SP2NDOM'] " },
628 /* PAM authorisation functions */
630 { "auth_plaintext", py_auth_plaintext, METH_VARARGS,
631 "auth_plaintext(s, s) -> int
633 Authenticate a username and password using plaintext authentication.
634 The NT status code is returned with zero indicating success." },
636 { "auth_crap", py_auth_crap, METH_VARARGS,
637 "auth_crap(s, s) -> int
639 Authenticate a username and password using the challenge/response
640 protocol. The NT status code is returned with zero indicating
646 static struct const_vals {
650 } module_const_vals[] = {
652 /* Well known RIDs */
654 { "DOMAIN_USER_RID_ADMIN", DOMAIN_USER_RID_ADMIN,
655 "Well-known RID for Administrator user" },
657 { "DOMAIN_USER_RID_GUEST", DOMAIN_USER_RID_GUEST,
658 "Well-known RID for Guest user" },
660 { "DOMAIN_GROUP_RID_ADMINS", DOMAIN_GROUP_RID_ADMINS,
661 "Well-known RID for Domain Admins group" },
663 { "DOMAIN_GROUP_RID_USERS", DOMAIN_GROUP_RID_USERS,
664 "Well-known RID for Domain Users group" },
666 { "DOMAIN_GROUP_RID_GUESTS", DOMAIN_GROUP_RID_GUESTS,
667 "Well-known RID for Domain Guests group" },
672 static void const_init(PyObject *dict)
674 struct const_vals *tmp;
677 for (tmp = module_const_vals; tmp->name; tmp++) {
678 obj = PyInt_FromLong(tmp->value);
679 PyDict_SetItemString(dict, tmp->name, obj);
685 * Module initialisation
688 static char winbind_module__doc__[] =
689 "A python extension to winbind client functions.";
691 void initwinbind(void)
693 PyObject *module, *dict;
695 /* Initialise module */
697 module = Py_InitModule3("winbind", winbind_methods,
698 winbind_module__doc__);
700 dict = PyModule_GetDict(module);
702 winbind_error = PyErr_NewException("winbind.error", NULL, NULL);
703 PyDict_SetItemString(dict, "error", winbind_error);
705 /* Do samba initialisation */
709 /* Initialise constants */
713 /* Insert configuration dictionary */
715 PyDict_SetItemString(dict, "config", py_config_dict());