2 Unix SMB/CIFS implementation.
3 Samba utility functions
5 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008-2010
6 Copyright (C) Kamen Mazdrashki <kamen.mazdrashki@postpath.com> 2009
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 #include "auth/credentials/pycredentials.h"
27 #include "libcli/security/security.h"
28 #include "lib/events/events.h"
29 #include "param/pyparam.h"
30 #include "auth/gensec/gensec.h"
31 #include "librpc/rpc/pyrpc_util.h"
32 #include "libcli/resolve/resolve.h"
33 #include "libcli/finddc.h"
34 #include "dsdb/samdb/samdb.h"
41 struct libnet_context *libnet_ctx;
42 struct tevent_context *ev;
45 static PyObject *py_net_join_member(py_net_Object *self, PyObject *args, PyObject *kwargs)
47 struct libnet_Join_member r;
52 const char *kwnames[] = { "domain_name", "netbios_name", "level", "machinepass", NULL };
56 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "ssi|z:Join", discard_const_p(char *, kwnames),
57 &r.in.domain_name, &r.in.netbios_name,
59 &r.in.account_pass)) {
64 mem_ctx = talloc_new(self->mem_ctx);
65 if (mem_ctx == NULL) {
70 status = libnet_Join_member(self->libnet_ctx, mem_ctx, &r);
71 if (NT_STATUS_IS_ERR(status)) {
72 PyErr_SetString(PyExc_RuntimeError, r.out.error_string?r.out.error_string:nt_errstr(status));
77 result = Py_BuildValue("sss", r.out.join_password,
78 dom_sid_string(mem_ctx, r.out.domain_sid),
86 static const char py_net_join_member_doc[] = "join_member(domain_name, netbios_name, level) -> (join_password, domain_sid, domain_name)\n\n" \
87 "Join the domain with the specified name.";
89 static PyObject *py_net_change_password(py_net_Object *self, PyObject *args, PyObject *kwargs)
91 union libnet_ChangePassword r;
94 struct tevent_context *ev;
95 const char *kwnames[] = { "newpassword", NULL };
99 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s:change_password",
100 discard_const_p(char *, kwnames),
101 &r.generic.in.newpassword)) {
105 r.generic.level = LIBNET_CHANGE_PASSWORD_GENERIC;
106 r.generic.in.account_name = cli_credentials_get_username(self->libnet_ctx->cred);
107 r.generic.in.domain_name = cli_credentials_get_domain(self->libnet_ctx->cred);
108 r.generic.in.oldpassword = cli_credentials_get_password(self->libnet_ctx->cred);
110 /* FIXME: we really need to get a context from the caller or we may end
111 * up with 2 event contexts */
112 ev = s4_event_context_init(NULL);
114 mem_ctx = talloc_new(ev);
115 if (mem_ctx == NULL) {
120 status = libnet_ChangePassword(self->libnet_ctx, mem_ctx, &r);
121 if (NT_STATUS_IS_ERR(status)) {
122 PyErr_SetString(PyExc_RuntimeError,
123 r.generic.out.error_string?r.generic.out.error_string:nt_errstr(status));
124 talloc_free(mem_ctx);
128 talloc_free(mem_ctx);
133 static const char py_net_change_password_doc[] = "change_password(newpassword) -> True\n\n" \
134 "Change password for a user. You must supply credential with enough rights to do this.\n\n" \
135 "Sample usage is:\n" \
136 "net.set_password(newpassword=<new_password>\n";
139 static PyObject *py_net_set_password(py_net_Object *self, PyObject *args, PyObject *kwargs)
141 union libnet_SetPassword r;
144 struct tevent_context *ev;
145 const char *kwnames[] = { "account_name", "domain_name", "newpassword", NULL };
149 r.generic.level = LIBNET_SET_PASSWORD_GENERIC;
151 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "sss:set_password",
152 discard_const_p(char *, kwnames),
153 &r.generic.in.account_name,
154 &r.generic.in.domain_name,
155 &r.generic.in.newpassword)) {
159 /* FIXME: we really need to get a context from the caller or we may end
160 * up with 2 event contexts */
161 ev = s4_event_context_init(NULL);
163 mem_ctx = talloc_new(ev);
164 if (mem_ctx == NULL) {
169 status = libnet_SetPassword(self->libnet_ctx, mem_ctx, &r);
170 if (NT_STATUS_IS_ERR(status)) {
171 PyErr_SetString(PyExc_RuntimeError,
172 r.generic.out.error_string?r.generic.out.error_string:nt_errstr(status));
173 talloc_free(mem_ctx);
177 talloc_free(mem_ctx);
182 static const char py_net_set_password_doc[] = "set_password(account_name, domain_name, newpassword) -> True\n\n" \
183 "Set password for a user. You must supply credential with enough rights to do this.\n\n" \
184 "Sample usage is:\n" \
185 "net.set_password(account_name=<account_name>,\n" \
186 " domain_name=domain_name,\n" \
187 " newpassword=new_pass)\n";
190 static PyObject *py_net_export_keytab(py_net_Object *self, PyObject *args, PyObject *kwargs)
192 struct libnet_export_keytab r;
194 const char *kwnames[] = { "keytab", "principal", NULL };
196 r.in.principal = NULL;
198 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|z:export_keytab", discard_const_p(char *, kwnames),
204 mem_ctx = talloc_new(self->mem_ctx);
205 if (mem_ctx == NULL) {
210 status = libnet_export_keytab(self->libnet_ctx, mem_ctx, &r);
211 if (NT_STATUS_IS_ERR(status)) {
212 PyErr_SetString(PyExc_RuntimeError,
213 r.out.error_string?r.out.error_string:nt_errstr(status));
214 talloc_free(mem_ctx);
218 talloc_free(mem_ctx);
223 static const char py_net_export_keytab_doc[] = "export_keytab(keytab, name)\n\n"
224 "Export the DC keytab to a keytab file.";
226 static PyObject *py_net_time(py_net_Object *self, PyObject *args, PyObject *kwargs)
228 const char *kwnames[] = { "server_name", NULL };
229 union libnet_RemoteTOD r;
236 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s",
237 discard_const_p(char *, kwnames), &r.generic.in.server_name))
240 r.generic.level = LIBNET_REMOTE_TOD_GENERIC;
242 mem_ctx = talloc_new(NULL);
243 if (mem_ctx == NULL) {
248 status = libnet_RemoteTOD(self->libnet_ctx, mem_ctx, &r);
249 if (!NT_STATUS_IS_OK(status)) {
250 PyErr_SetString(PyExc_RuntimeError,
251 r.generic.out.error_string?r.generic.out.error_string:nt_errstr(status));
252 talloc_free(mem_ctx);
256 ZERO_STRUCT(timestr);
257 tm = localtime(&r.generic.out.time);
258 strftime(timestr, sizeof(timestr)-1, "%c %Z",tm);
260 ret = PyString_FromString(timestr);
262 talloc_free(mem_ctx);
267 static const char py_net_time_doc[] = "time(server_name) -> timestr\n"
268 "Retrieve the remote time on a server";
270 static PyObject *py_net_user_create(py_net_Object *self, PyObject *args, PyObject *kwargs)
272 const char *kwnames[] = { "username", NULL };
275 struct libnet_CreateUser r;
277 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s", discard_const_p(char *, kwnames),
281 r.in.domain_name = cli_credentials_get_domain(self->libnet_ctx->cred);
283 mem_ctx = talloc_new(NULL);
284 if (mem_ctx == NULL) {
289 status = libnet_CreateUser(self->libnet_ctx, mem_ctx, &r);
290 if (!NT_STATUS_IS_OK(status)) {
291 PyErr_SetString(PyExc_RuntimeError, r.out.error_string?r.out.error_string:nt_errstr(status));
292 talloc_free(mem_ctx);
296 talloc_free(mem_ctx);
301 static const char py_net_create_user_doc[] = "create_user(username)\n"
302 "Create a new user.";
304 static PyObject *py_net_user_delete(py_net_Object *self, PyObject *args, PyObject *kwargs)
306 const char *kwnames[] = { "username", NULL };
309 struct libnet_DeleteUser r;
311 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s", discard_const_p(char *, kwnames),
315 r.in.domain_name = cli_credentials_get_domain(self->libnet_ctx->cred);
317 mem_ctx = talloc_new(NULL);
318 if (mem_ctx == NULL) {
323 status = libnet_DeleteUser(self->libnet_ctx, mem_ctx, &r);
324 if (!NT_STATUS_IS_OK(status)) {
325 PyErr_SetString(PyExc_RuntimeError, r.out.error_string?r.out.error_string:nt_errstr(status));
326 talloc_free(mem_ctx);
330 talloc_free(mem_ctx);
335 static const char py_net_delete_user_doc[] = "delete_user(username)\n"
338 static PyObject *py_dom_sid_FromSid(struct dom_sid *sid)
340 PyObject *mod_security, *dom_sid_Type;
342 mod_security = PyImport_ImportModule("samba.dcerpc.security");
343 if (mod_security == NULL)
346 dom_sid_Type = PyObject_GetAttrString(mod_security, "dom_sid");
347 if (dom_sid_Type == NULL)
350 return pytalloc_reference((PyTypeObject *)dom_sid_Type, sid);
353 static PyObject *py_net_vampire(py_net_Object *self, PyObject *args, PyObject *kwargs)
355 const char *kwnames[] = { "domain", "target_dir", NULL };
359 struct libnet_Vampire r;
363 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|z", discard_const_p(char *, kwnames),
364 &r.in.domain_name, &r.in.targetdir)) {
368 r.in.netbios_name = lpcfg_netbios_name(self->libnet_ctx->lp_ctx);
369 r.out.error_string = NULL;
371 mem_ctx = talloc_new(NULL);
372 if (mem_ctx == NULL) {
377 status = libnet_Vampire(self->libnet_ctx, mem_ctx, &r);
379 if (!NT_STATUS_IS_OK(status)) {
380 PyErr_SetString(PyExc_RuntimeError,
381 r.out.error_string ? r.out.error_string : nt_errstr(status));
382 talloc_free(mem_ctx);
386 ret = Py_BuildValue("(sO)", r.out.domain_name, py_dom_sid_FromSid(r.out.domain_sid));
388 talloc_free(mem_ctx);
393 struct replicate_state {
395 dcerpc_InterfaceObject *drs_pipe;
396 struct libnet_BecomeDC_StoreChunk chunk;
397 DATA_BLOB gensec_skey;
398 struct libnet_BecomeDC_Partition partition;
399 struct libnet_BecomeDC_Forest forest;
400 struct libnet_BecomeDC_DestDSA dest_dsa;
404 setup for replicate_chunk() calls
406 static PyObject *py_net_replicate_init(py_net_Object *self, PyObject *args, PyObject *kwargs)
408 const char *kwnames[] = { "samdb", "lp", "drspipe", NULL };
409 PyObject *py_ldb, *py_lp, *py_drspipe;
410 struct ldb_context *samdb;
411 struct loadparm_context *lp;
412 struct replicate_state *s;
415 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "OOO",
416 discard_const_p(char *, kwnames),
417 &py_ldb, &py_lp, &py_drspipe)) {
421 s = talloc_zero(NULL, struct replicate_state);
424 lp = lpcfg_from_py_object(s, py_lp);
426 PyErr_SetString(PyExc_TypeError, "Expected lp object");
431 samdb = pyldb_Ldb_AsLdbContext(py_ldb);
433 PyErr_SetString(PyExc_TypeError, "Expected ldb object");
438 s->drs_pipe = (dcerpc_InterfaceObject *)(py_drspipe);
440 s->vampire_state = libnet_vampire_replicate_init(s, samdb, lp);
441 if (s->vampire_state == NULL) {
442 PyErr_SetString(PyExc_TypeError, "Failed to initialise vampire_state");
447 status = gensec_session_key(s->drs_pipe->pipe->conn->security_state.generic_state,
450 if (!NT_STATUS_IS_OK(status)) {
451 PyErr_Format(PyExc_RuntimeError, "Unable to get session key from drspipe: %s",
457 s->forest.dns_name = samdb_dn_to_dns_domain(s, ldb_get_root_basedn(samdb));
458 s->forest.root_dn_str = ldb_dn_get_linearized(ldb_get_root_basedn(samdb));
459 s->forest.config_dn_str = ldb_dn_get_linearized(ldb_get_config_basedn(samdb));
460 s->forest.schema_dn_str = ldb_dn_get_linearized(ldb_get_schema_basedn(samdb));
462 s->chunk.gensec_skey = &s->gensec_skey;
463 s->chunk.partition = &s->partition;
464 s->chunk.forest = &s->forest;
465 s->chunk.dest_dsa = &s->dest_dsa;
467 return pytalloc_CObject_FromTallocPtr(s);
472 process one replication chunk
474 static PyObject *py_net_replicate_chunk(py_net_Object *self, PyObject *args, PyObject *kwargs)
476 const char *kwnames[] = { "state", "level", "ctr",
477 "schema", "req_level", "req",
479 PyObject *py_state, *py_ctr, *py_schema = Py_None, *py_req = Py_None;
480 struct replicate_state *s;
482 unsigned req_level = 0;
483 NTSTATUS (*chunk_handler)(void *private_data, const struct libnet_BecomeDC_StoreChunk *c);
486 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "OIO|OIO",
487 discard_const_p(char *, kwnames),
488 &py_state, &level, &py_ctr,
489 &py_schema, &req_level, &py_req)) {
493 s = talloc_get_type(PyCObject_AsVoidPtr(py_state), struct replicate_state);
495 PyErr_SetString(PyExc_TypeError, "Expected replication_state");
501 if (!py_check_dcerpc_type(py_ctr, "samba.dcerpc.drsuapi", "DsGetNCChangesCtr1")) {
504 s->chunk.ctr1 = pytalloc_get_ptr(py_ctr);
505 s->partition.nc = *s->chunk.ctr1->naming_context;
506 s->partition.more_data = s->chunk.ctr1->more_data;
507 s->partition.source_dsa_guid = s->chunk.ctr1->source_dsa_guid;
508 s->partition.source_dsa_invocation_id = s->chunk.ctr1->source_dsa_invocation_id;
509 s->partition.highwatermark = s->chunk.ctr1->new_highwatermark;
512 if (!py_check_dcerpc_type(py_ctr, "samba.dcerpc.drsuapi", "DsGetNCChangesCtr6")) {
515 s->chunk.ctr6 = pytalloc_get_ptr(py_ctr);
516 s->partition.nc = *s->chunk.ctr6->naming_context;
517 s->partition.more_data = s->chunk.ctr6->more_data;
518 s->partition.source_dsa_guid = s->chunk.ctr6->source_dsa_guid;
519 s->partition.source_dsa_invocation_id = s->chunk.ctr6->source_dsa_invocation_id;
520 s->partition.highwatermark = s->chunk.ctr6->new_highwatermark;
523 PyErr_Format(PyExc_TypeError, "Bad level %u in replicate_chunk", level);
527 s->chunk.req5 = NULL;
528 s->chunk.req8 = NULL;
529 s->chunk.req10 = NULL;
535 if (!py_check_dcerpc_type(py_req, "samba.dcerpc.drsuapi", "DsGetNCChangesRequest5")) {
539 s->chunk.req5 = pytalloc_get_ptr(py_req);
542 if (!py_check_dcerpc_type(py_req, "samba.dcerpc.drsuapi", "DsGetNCChangesRequest8")) {
546 s->chunk.req8 = pytalloc_get_ptr(py_req);
549 if (!py_check_dcerpc_type(py_req, "samba.dcerpc.drsuapi", "DsGetNCChangesRequest10")) {
553 s->chunk.req10 = pytalloc_get_ptr(py_req);
556 PyErr_Format(PyExc_TypeError, "Bad req_level %u in replicate_chunk", req_level);
560 s->chunk.req_level = req_level;
562 chunk_handler = libnet_vampire_cb_store_chunk;
564 if (!PyBool_Check(py_schema)) {
565 PyErr_SetString(PyExc_TypeError, "Expected boolean schema");
568 if (py_schema == Py_True) {
569 chunk_handler = libnet_vampire_cb_schema_chunk;
573 s->chunk.ctr_level = level;
575 status = chunk_handler(s->vampire_state, &s->chunk);
576 if (!NT_STATUS_IS_OK(status)) {
577 PyErr_Format(PyExc_TypeError, "Failed to process chunk: %s", nt_errstr(status));
586 find a DC given a domain name and server type
588 static PyObject *py_net_finddc(py_net_Object *self, PyObject *args, PyObject *kwargs)
590 const char *domain = NULL, *address = NULL;
591 unsigned server_type;
596 const char * const kwnames[] = { "flags", "domain", "address", NULL };
598 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "I|ss",
599 discard_const_p(char *, kwnames),
600 &server_type, &domain, &address)) {
604 mem_ctx = talloc_new(self->mem_ctx);
606 io = talloc_zero(mem_ctx, struct finddcs);
607 if (domain != NULL) {
608 io->in.domain_name = domain;
610 if (address != NULL) {
611 io->in.server_address = address;
613 io->in.minimum_dc_flags = server_type;
615 status = finddcs_cldap(io, io,
616 lpcfg_resolve_context(self->libnet_ctx->lp_ctx), self->ev);
617 if (NT_STATUS_IS_ERR(status)) {
618 PyErr_SetString(PyExc_RuntimeError, nt_errstr(status));
619 talloc_free(mem_ctx);
623 ret = py_return_ndr_struct("samba.dcerpc.nbt", "NETLOGON_SAM_LOGON_RESPONSE_EX",
624 io, &io->out.netlogon.data.nt5_ex);
625 talloc_free(mem_ctx);
631 static const char py_net_vampire_doc[] = "vampire(domain, target_dir=None)\n"
634 static const char py_net_replicate_init_doc[] = "replicate_init(samdb, lp, drspipe)\n"
635 "Setup for replicate_chunk calls.";
637 static const char py_net_replicate_chunk_doc[] = "replicate_chunk(state, level, ctr, schema)\n"
638 "Process replication for one chunk";
640 static const char py_net_finddc_doc[] = "finddc(flags=server_type, domain=None, address=None)\n"
641 "Find a DC with the specified 'server_type' bits. The 'domain' and/or 'address' have to be used as additional search criteria. Returns the whole netlogon struct";
643 static PyMethodDef net_obj_methods[] = {
644 {"join_member", (PyCFunction)py_net_join_member, METH_VARARGS|METH_KEYWORDS, py_net_join_member_doc},
645 {"change_password", (PyCFunction)py_net_change_password, METH_VARARGS|METH_KEYWORDS, py_net_change_password_doc},
646 {"set_password", (PyCFunction)py_net_set_password, METH_VARARGS|METH_KEYWORDS, py_net_set_password_doc},
647 {"export_keytab", (PyCFunction)py_net_export_keytab, METH_VARARGS|METH_KEYWORDS, py_net_export_keytab_doc},
648 {"time", (PyCFunction)py_net_time, METH_VARARGS|METH_KEYWORDS, py_net_time_doc},
649 {"create_user", (PyCFunction)py_net_user_create, METH_VARARGS|METH_KEYWORDS, py_net_create_user_doc},
650 {"delete_user", (PyCFunction)py_net_user_delete, METH_VARARGS|METH_KEYWORDS, py_net_delete_user_doc},
651 {"vampire", (PyCFunction)py_net_vampire, METH_VARARGS|METH_KEYWORDS, py_net_vampire_doc},
652 {"replicate_init", (PyCFunction)py_net_replicate_init, METH_VARARGS|METH_KEYWORDS, py_net_replicate_init_doc},
653 {"replicate_chunk", (PyCFunction)py_net_replicate_chunk, METH_VARARGS|METH_KEYWORDS, py_net_replicate_chunk_doc},
654 {"finddc", (PyCFunction)py_net_finddc, METH_KEYWORDS, py_net_finddc_doc},
658 static void py_net_dealloc(py_net_Object *self)
660 talloc_free(self->mem_ctx);
664 static PyObject *net_obj_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
666 PyObject *py_creds, *py_lp = Py_None;
667 const char *kwnames[] = { "creds", "lp", "server", NULL };
669 struct loadparm_context *lp;
670 const char *server_address = NULL;
672 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "O|Oz",
673 discard_const_p(char *, kwnames), &py_creds, &py_lp,
677 ret = PyObject_New(py_net_Object, type);
682 /* FIXME: we really need to get a context from the caller or we may end
683 * up with 2 event contexts */
684 ret->ev = s4_event_context_init(NULL);
685 ret->mem_ctx = talloc_new(ret->ev);
687 lp = lpcfg_from_py_object(ret->mem_ctx, py_lp);
693 ret->libnet_ctx = libnet_context_init(ret->ev, lp);
694 if (ret->libnet_ctx == NULL) {
695 PyErr_SetString(PyExc_RuntimeError, "Unable to initialize net");
700 ret->libnet_ctx->server_address = server_address;
702 ret->libnet_ctx->cred = cli_credentials_from_py_object(py_creds);
703 if (ret->libnet_ctx->cred == NULL) {
704 PyErr_SetString(PyExc_TypeError, "Expected credentials object");
709 return (PyObject *)ret;
713 PyTypeObject py_net_Type = {
714 PyObject_HEAD_INIT(NULL) 0,
715 .tp_name = "net.Net",
716 .tp_basicsize = sizeof(py_net_Object),
717 .tp_dealloc = (destructor)py_net_dealloc,
718 .tp_methods = net_obj_methods,
719 .tp_new = net_obj_new,
726 if (PyType_Ready(&py_net_Type) < 0)
729 m = Py_InitModule3("net", NULL, NULL);
733 Py_INCREF(&py_net_Type);
734 PyModule_AddObject(m, "Net", (PyObject *)&py_net_Type);
735 PyModule_AddObject(m, "LIBNET_JOINDOMAIN_AUTOMATIC", PyInt_FromLong(LIBNET_JOINDOMAIN_AUTOMATIC));
736 PyModule_AddObject(m, "LIBNET_JOINDOMAIN_SPECIFIED", PyInt_FromLong(LIBNET_JOINDOMAIN_SPECIFIED));
737 PyModule_AddObject(m, "LIBNET_JOIN_AUTOMATIC", PyInt_FromLong(LIBNET_JOIN_AUTOMATIC));
738 PyModule_AddObject(m, "LIBNET_JOIN_SPECIFIED", PyInt_FromLong(LIBNET_JOIN_SPECIFIED));