2 Unix SMB/CIFS implementation.
3 Samba utility functions
5 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008-2010
6 Copyright (C) Kamen Mazdrashki <kamen.mazdrashki@postpath.com> 2009
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
27 #include "auth/credentials/pycredentials.h"
28 #include "libcli/security/security.h"
29 #include "lib/events/events.h"
30 #include "param/pyparam.h"
31 #include "auth/gensec/gensec.h"
32 #include "librpc/rpc/pyrpc_util.h"
33 #include "libcli/resolve/resolve.h"
34 #include "libcli/finddc.h"
35 #include "dsdb/samdb/samdb.h"
37 #include "librpc/rpc/pyrpc_util.h"
41 static PyObject *py_net_join_member(py_net_Object *self, PyObject *args, PyObject *kwargs)
43 struct libnet_Join_member r;
48 const char *kwnames[] = { "domain_name", "netbios_name", "level", "machinepass", NULL };
52 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "ssi|z:Join", discard_const_p(char *, kwnames),
53 &r.in.domain_name, &r.in.netbios_name,
55 &r.in.account_pass)) {
60 mem_ctx = talloc_new(self->mem_ctx);
61 if (mem_ctx == NULL) {
66 status = libnet_Join_member(self->libnet_ctx, mem_ctx, &r);
67 if (NT_STATUS_IS_ERR(status)) {
68 PyErr_SetString(PyExc_RuntimeError, r.out.error_string?r.out.error_string:nt_errstr(status));
73 result = Py_BuildValue("sss", r.out.join_password,
74 dom_sid_string(mem_ctx, r.out.domain_sid),
82 static const char py_net_join_member_doc[] = "join_member(domain_name, netbios_name, level) -> (join_password, domain_sid, domain_name)\n\n" \
83 "Join the domain with the specified name.";
85 static PyObject *py_net_change_password(py_net_Object *self, PyObject *args, PyObject *kwargs)
87 union libnet_ChangePassword r;
90 struct tevent_context *ev;
91 const char *kwnames[] = { "newpassword", NULL };
95 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s:change_password",
96 discard_const_p(char *, kwnames),
97 &r.generic.in.newpassword)) {
101 r.generic.level = LIBNET_CHANGE_PASSWORD_GENERIC;
102 r.generic.in.account_name = cli_credentials_get_username(self->libnet_ctx->cred);
103 r.generic.in.domain_name = cli_credentials_get_domain(self->libnet_ctx->cred);
104 r.generic.in.oldpassword = cli_credentials_get_password(self->libnet_ctx->cred);
106 /* FIXME: we really need to get a context from the caller or we may end
107 * up with 2 event contexts */
108 ev = s4_event_context_init(NULL);
110 mem_ctx = talloc_new(ev);
111 if (mem_ctx == NULL) {
116 status = libnet_ChangePassword(self->libnet_ctx, mem_ctx, &r);
117 if (NT_STATUS_IS_ERR(status)) {
118 PyErr_SetString(PyExc_RuntimeError,
119 r.generic.out.error_string?r.generic.out.error_string:nt_errstr(status));
120 talloc_free(mem_ctx);
124 talloc_free(mem_ctx);
129 static const char py_net_change_password_doc[] = "change_password(newpassword) -> True\n\n" \
130 "Change password for a user. You must supply credential with enough rights to do this.\n\n" \
131 "Sample usage is:\n" \
132 "net.change_password(newpassword=<new_password>)\n";
135 static PyObject *py_net_set_password(py_net_Object *self, PyObject *args, PyObject *kwargs)
137 union libnet_SetPassword r;
140 struct tevent_context *ev;
141 const char *kwnames[] = { "account_name", "domain_name", "newpassword", NULL };
145 r.generic.level = LIBNET_SET_PASSWORD_GENERIC;
147 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "sss:set_password",
148 discard_const_p(char *, kwnames),
149 &r.generic.in.account_name,
150 &r.generic.in.domain_name,
151 &r.generic.in.newpassword)) {
155 /* FIXME: we really need to get a context from the caller or we may end
156 * up with 2 event contexts */
157 ev = s4_event_context_init(NULL);
159 mem_ctx = talloc_new(ev);
160 if (mem_ctx == NULL) {
165 status = libnet_SetPassword(self->libnet_ctx, mem_ctx, &r);
166 if (NT_STATUS_IS_ERR(status)) {
167 PyErr_SetString(PyExc_RuntimeError,
168 r.generic.out.error_string?r.generic.out.error_string:nt_errstr(status));
169 talloc_free(mem_ctx);
173 talloc_free(mem_ctx);
178 static const char py_net_set_password_doc[] = "set_password(account_name, domain_name, newpassword) -> True\n\n" \
179 "Set password for a user. You must supply credential with enough rights to do this.\n\n" \
180 "Sample usage is:\n" \
181 "net.set_password(account_name=account_name, domain_name=domain_name, newpassword=new_pass)\n";
184 static PyObject *py_net_time(py_net_Object *self, PyObject *args, PyObject *kwargs)
186 const char *kwnames[] = { "server_name", NULL };
187 union libnet_RemoteTOD r;
194 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s",
195 discard_const_p(char *, kwnames), &r.generic.in.server_name))
198 r.generic.level = LIBNET_REMOTE_TOD_GENERIC;
200 mem_ctx = talloc_new(NULL);
201 if (mem_ctx == NULL) {
206 status = libnet_RemoteTOD(self->libnet_ctx, mem_ctx, &r);
207 if (!NT_STATUS_IS_OK(status)) {
208 PyErr_SetString(PyExc_RuntimeError,
209 r.generic.out.error_string?r.generic.out.error_string:nt_errstr(status));
210 talloc_free(mem_ctx);
214 ZERO_STRUCT(timestr);
215 tm = localtime(&r.generic.out.time);
216 strftime(timestr, sizeof(timestr)-1, "%c %Z",tm);
218 ret = PyString_FromString(timestr);
220 talloc_free(mem_ctx);
225 static const char py_net_time_doc[] = "time(server_name) -> timestr\n"
226 "Retrieve the remote time on a server";
228 static PyObject *py_net_user_create(py_net_Object *self, PyObject *args, PyObject *kwargs)
230 const char *kwnames[] = { "username", NULL };
233 struct libnet_CreateUser r;
235 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s", discard_const_p(char *, kwnames),
239 r.in.domain_name = cli_credentials_get_domain(self->libnet_ctx->cred);
241 mem_ctx = talloc_new(NULL);
242 if (mem_ctx == NULL) {
247 status = libnet_CreateUser(self->libnet_ctx, mem_ctx, &r);
248 if (!NT_STATUS_IS_OK(status)) {
249 PyErr_SetString(PyExc_RuntimeError, r.out.error_string?r.out.error_string:nt_errstr(status));
250 talloc_free(mem_ctx);
254 talloc_free(mem_ctx);
259 static const char py_net_create_user_doc[] = "create_user(username)\n"
260 "Create a new user.";
262 static PyObject *py_net_user_delete(py_net_Object *self, PyObject *args, PyObject *kwargs)
264 const char *kwnames[] = { "username", NULL };
267 struct libnet_DeleteUser r;
269 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s", discard_const_p(char *, kwnames),
273 r.in.domain_name = cli_credentials_get_domain(self->libnet_ctx->cred);
275 mem_ctx = talloc_new(NULL);
276 if (mem_ctx == NULL) {
281 status = libnet_DeleteUser(self->libnet_ctx, mem_ctx, &r);
282 if (!NT_STATUS_IS_OK(status)) {
283 PyErr_SetString(PyExc_RuntimeError, r.out.error_string?r.out.error_string:nt_errstr(status));
284 talloc_free(mem_ctx);
288 talloc_free(mem_ctx);
293 static const char py_net_delete_user_doc[] = "delete_user(username)\n"
296 struct replicate_state {
298 dcerpc_InterfaceObject *drs_pipe;
299 struct libnet_BecomeDC_StoreChunk chunk;
300 DATA_BLOB gensec_skey;
301 struct libnet_BecomeDC_Partition partition;
302 struct libnet_BecomeDC_Forest forest;
303 struct libnet_BecomeDC_DestDSA dest_dsa;
307 setup for replicate_chunk() calls
309 static PyObject *py_net_replicate_init(py_net_Object *self, PyObject *args, PyObject *kwargs)
311 const char *kwnames[] = { "samdb", "lp", "drspipe", "invocation_id", NULL };
312 PyObject *py_ldb, *py_lp, *py_drspipe, *py_invocation_id;
313 struct ldb_context *samdb;
314 struct loadparm_context *lp;
315 struct replicate_state *s;
318 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "OOOO",
319 discard_const_p(char *, kwnames),
320 &py_ldb, &py_lp, &py_drspipe,
321 &py_invocation_id)) {
325 s = talloc_zero(NULL, struct replicate_state);
328 lp = lpcfg_from_py_object(s, py_lp);
330 PyErr_SetString(PyExc_TypeError, "Expected lp object");
335 samdb = pyldb_Ldb_AsLdbContext(py_ldb);
337 PyErr_SetString(PyExc_TypeError, "Expected ldb object");
341 if (!py_check_dcerpc_type(py_invocation_id, "samba.dcerpc.misc", "GUID")) {
346 s->dest_dsa.invocation_id = *pytalloc_get_type(py_invocation_id, struct GUID);
348 s->drs_pipe = (dcerpc_InterfaceObject *)(py_drspipe);
350 s->vampire_state = libnet_vampire_replicate_init(s, samdb, lp);
351 if (s->vampire_state == NULL) {
352 PyErr_SetString(PyExc_TypeError, "Failed to initialise vampire_state");
357 status = gensec_session_key(s->drs_pipe->pipe->conn->security_state.generic_state,
360 if (!NT_STATUS_IS_OK(status)) {
361 PyErr_Format(PyExc_RuntimeError, "Unable to get session key from drspipe: %s",
367 s->forest.dns_name = samdb_dn_to_dns_domain(s, ldb_get_root_basedn(samdb));
368 s->forest.root_dn_str = ldb_dn_get_linearized(ldb_get_root_basedn(samdb));
369 s->forest.config_dn_str = ldb_dn_get_linearized(ldb_get_config_basedn(samdb));
370 s->forest.schema_dn_str = ldb_dn_get_linearized(ldb_get_schema_basedn(samdb));
372 s->chunk.gensec_skey = &s->gensec_skey;
373 s->chunk.partition = &s->partition;
374 s->chunk.forest = &s->forest;
375 s->chunk.dest_dsa = &s->dest_dsa;
377 return pytalloc_CObject_FromTallocPtr(s);
382 process one replication chunk
384 static PyObject *py_net_replicate_chunk(py_net_Object *self, PyObject *args, PyObject *kwargs)
386 const char *kwnames[] = { "state", "level", "ctr",
387 "schema", "req_level", "req",
389 PyObject *py_state, *py_ctr, *py_schema = Py_None, *py_req = Py_None;
390 struct replicate_state *s;
392 unsigned req_level = 0;
393 WERROR (*chunk_handler)(void *private_data, const struct libnet_BecomeDC_StoreChunk *c);
395 enum drsuapi_DsExtendedError extended_ret = DRSUAPI_EXOP_ERR_NONE;
396 enum drsuapi_DsExtendedOperation exop = DRSUAPI_EXOP_NONE;
398 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "OIO|OIO",
399 discard_const_p(char *, kwnames),
400 &py_state, &level, &py_ctr,
401 &py_schema, &req_level, &py_req)) {
405 s = talloc_get_type(PyCObject_AsVoidPtr(py_state), struct replicate_state);
407 PyErr_SetString(PyExc_TypeError, "Expected replication_state");
413 if (!py_check_dcerpc_type(py_ctr, "samba.dcerpc.drsuapi", "DsGetNCChangesCtr1")) {
416 s->chunk.ctr1 = pytalloc_get_ptr(py_ctr);
417 if (s->chunk.ctr1->naming_context != NULL) {
418 s->partition.nc = *s->chunk.ctr1->naming_context;
420 extended_ret = s->chunk.ctr1->extended_ret;
421 s->partition.more_data = s->chunk.ctr1->more_data;
422 s->partition.source_dsa_guid = s->chunk.ctr1->source_dsa_guid;
423 s->partition.source_dsa_invocation_id = s->chunk.ctr1->source_dsa_invocation_id;
424 s->partition.highwatermark = s->chunk.ctr1->new_highwatermark;
427 if (!py_check_dcerpc_type(py_ctr, "samba.dcerpc.drsuapi", "DsGetNCChangesCtr6")) {
430 s->chunk.ctr6 = pytalloc_get_ptr(py_ctr);
431 if (s->chunk.ctr6->naming_context != NULL) {
432 s->partition.nc = *s->chunk.ctr6->naming_context;
434 extended_ret = s->chunk.ctr6->extended_ret;
435 s->partition.more_data = s->chunk.ctr6->more_data;
436 s->partition.source_dsa_guid = s->chunk.ctr6->source_dsa_guid;
437 s->partition.source_dsa_invocation_id = s->chunk.ctr6->source_dsa_invocation_id;
438 s->partition.highwatermark = s->chunk.ctr6->new_highwatermark;
441 PyErr_Format(PyExc_TypeError, "Bad level %u in replicate_chunk", level);
445 s->chunk.req5 = NULL;
446 s->chunk.req8 = NULL;
447 s->chunk.req10 = NULL;
453 if (!py_check_dcerpc_type(py_req, "samba.dcerpc.drsuapi", "DsGetNCChangesRequest5")) {
457 s->chunk.req5 = pytalloc_get_ptr(py_req);
458 exop = s->chunk.req5->extended_op;
461 if (!py_check_dcerpc_type(py_req, "samba.dcerpc.drsuapi", "DsGetNCChangesRequest8")) {
465 s->chunk.req8 = pytalloc_get_ptr(py_req);
466 exop = s->chunk.req8->extended_op;
469 if (!py_check_dcerpc_type(py_req, "samba.dcerpc.drsuapi", "DsGetNCChangesRequest10")) {
473 s->chunk.req10 = pytalloc_get_ptr(py_req);
474 exop = s->chunk.req10->extended_op;
477 PyErr_Format(PyExc_TypeError, "Bad req_level %u in replicate_chunk", req_level);
482 if (exop != DRSUAPI_EXOP_NONE && extended_ret != DRSUAPI_EXOP_ERR_SUCCESS) {
483 PyErr_Format(PyExc_RuntimeError, "Remote EXOP %d failed with %d", exop, extended_ret);
487 s->chunk.req_level = req_level;
489 chunk_handler = libnet_vampire_cb_store_chunk;
491 if (!PyBool_Check(py_schema)) {
492 PyErr_SetString(PyExc_TypeError, "Expected boolean schema");
495 if (py_schema == Py_True) {
496 chunk_handler = libnet_vampire_cb_schema_chunk;
500 s->chunk.ctr_level = level;
502 werr = chunk_handler(s->vampire_state, &s->chunk);
503 if (!W_ERROR_IS_OK(werr)) {
504 PyErr_Format(PyExc_TypeError, "Failed to process chunk: %s", win_errstr(werr));
513 find a DC given a domain name and server type
515 static PyObject *py_net_finddc(py_net_Object *self, PyObject *args, PyObject *kwargs)
517 const char *domain = NULL, *address = NULL;
518 unsigned server_type;
523 const char * const kwnames[] = { "flags", "domain", "address", NULL };
525 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "I|zz",
526 discard_const_p(char *, kwnames),
527 &server_type, &domain, &address)) {
531 mem_ctx = talloc_new(self->mem_ctx);
533 io = talloc_zero(mem_ctx, struct finddcs);
534 if (domain != NULL) {
535 io->in.domain_name = domain;
537 if (address != NULL) {
538 io->in.server_address = address;
540 io->in.minimum_dc_flags = server_type;
542 status = finddcs_cldap(io, io,
543 lpcfg_resolve_context(self->libnet_ctx->lp_ctx), self->ev);
544 if (NT_STATUS_IS_ERR(status)) {
545 PyErr_SetString(PyExc_RuntimeError, nt_errstr(status));
546 talloc_free(mem_ctx);
550 ret = py_return_ndr_struct("samba.dcerpc.nbt", "NETLOGON_SAM_LOGON_RESPONSE_EX",
551 io, &io->out.netlogon.data.nt5_ex);
552 talloc_free(mem_ctx);
558 static const char py_net_replicate_init_doc[] = "replicate_init(samdb, lp, drspipe)\n"
559 "Setup for replicate_chunk calls.";
561 static const char py_net_replicate_chunk_doc[] = "replicate_chunk(state, level, ctr, schema)\n"
562 "Process replication for one chunk";
564 static const char py_net_finddc_doc[] = "finddc(flags=server_type, domain=None, address=None)\n"
565 "Find a DC with the specified 'server_type' bits. The 'domain' and/or 'address' have to be used as additional search criteria. Returns the whole netlogon struct";
567 static PyMethodDef net_obj_methods[] = {
568 {"join_member", (PyCFunction)py_net_join_member, METH_VARARGS|METH_KEYWORDS, py_net_join_member_doc},
569 {"change_password", (PyCFunction)py_net_change_password, METH_VARARGS|METH_KEYWORDS, py_net_change_password_doc},
570 {"set_password", (PyCFunction)py_net_set_password, METH_VARARGS|METH_KEYWORDS, py_net_set_password_doc},
571 {"time", (PyCFunction)py_net_time, METH_VARARGS|METH_KEYWORDS, py_net_time_doc},
572 {"create_user", (PyCFunction)py_net_user_create, METH_VARARGS|METH_KEYWORDS, py_net_create_user_doc},
573 {"delete_user", (PyCFunction)py_net_user_delete, METH_VARARGS|METH_KEYWORDS, py_net_delete_user_doc},
574 {"replicate_init", (PyCFunction)py_net_replicate_init, METH_VARARGS|METH_KEYWORDS, py_net_replicate_init_doc},
575 {"replicate_chunk", (PyCFunction)py_net_replicate_chunk, METH_VARARGS|METH_KEYWORDS, py_net_replicate_chunk_doc},
576 {"finddc", (PyCFunction)py_net_finddc, METH_KEYWORDS, py_net_finddc_doc},
580 static void py_net_dealloc(py_net_Object *self)
582 talloc_free(self->mem_ctx);
586 static PyObject *net_obj_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
588 PyObject *py_creds, *py_lp = Py_None;
589 const char *kwnames[] = { "creds", "lp", "server", NULL };
591 struct loadparm_context *lp;
592 const char *server_address = NULL;
594 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "O|Oz",
595 discard_const_p(char *, kwnames), &py_creds, &py_lp,
599 ret = PyObject_New(py_net_Object, type);
604 /* FIXME: we really need to get a context from the caller or we may end
605 * up with 2 event contexts */
606 ret->ev = s4_event_context_init(NULL);
607 ret->mem_ctx = talloc_new(ret->ev);
609 lp = lpcfg_from_py_object(ret->mem_ctx, py_lp);
615 ret->libnet_ctx = libnet_context_init(ret->ev, lp);
616 if (ret->libnet_ctx == NULL) {
617 PyErr_SetString(PyExc_RuntimeError, "Unable to initialize net");
622 ret->libnet_ctx->server_address = server_address;
624 ret->libnet_ctx->cred = cli_credentials_from_py_object(py_creds);
625 if (ret->libnet_ctx->cred == NULL) {
626 PyErr_SetString(PyExc_TypeError, "Expected credentials object");
631 return (PyObject *)ret;
635 PyTypeObject py_net_Type = {
636 PyObject_HEAD_INIT(NULL) 0,
637 .tp_name = "net.Net",
638 .tp_basicsize = sizeof(py_net_Object),
639 .tp_dealloc = (destructor)py_net_dealloc,
640 .tp_methods = net_obj_methods,
641 .tp_new = net_obj_new,
648 if (PyType_Ready(&py_net_Type) < 0)
651 m = Py_InitModule3("net", NULL, NULL);
655 Py_INCREF(&py_net_Type);
656 PyModule_AddObject(m, "Net", (PyObject *)&py_net_Type);
657 PyModule_AddObject(m, "LIBNET_JOINDOMAIN_AUTOMATIC", PyInt_FromLong(LIBNET_JOINDOMAIN_AUTOMATIC));
658 PyModule_AddObject(m, "LIBNET_JOINDOMAIN_SPECIFIED", PyInt_FromLong(LIBNET_JOINDOMAIN_SPECIFIED));
659 PyModule_AddObject(m, "LIBNET_JOIN_AUTOMATIC", PyInt_FromLong(LIBNET_JOIN_AUTOMATIC));
660 PyModule_AddObject(m, "LIBNET_JOIN_SPECIFIED", PyInt_FromLong(LIBNET_JOIN_SPECIFIED));