2 Unix SMB/CIFS implementation.
3 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 3 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "pycredentials.h"
22 #include "param/param.h"
23 #include "lib/cmdline/credentials.h"
24 #include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
25 #include "libcli/util/pyerrors.h"
26 #include "param/pyparam.h"
29 void initcredentials(void);
31 static PyObject *PyString_FromStringOrNULL(const char *str)
35 return PyString_FromString(str);
38 static PyObject *py_creds_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
40 return pytalloc_steal(type, cli_credentials_init(NULL));
43 static PyObject *py_creds_get_username(PyObject *self, PyObject *unused)
45 return PyString_FromStringOrNULL(cli_credentials_get_username(PyCredentials_AsCliCredentials(self)));
48 static PyObject *py_creds_set_username(PyObject *self, PyObject *args)
51 enum credentials_obtained obt = CRED_SPECIFIED;
54 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
59 return PyBool_FromLong(cli_credentials_set_username(PyCredentials_AsCliCredentials(self), newval, obt));
62 static PyObject *py_creds_get_password(PyObject *self, PyObject *unused)
64 return PyString_FromStringOrNULL(cli_credentials_get_password(PyCredentials_AsCliCredentials(self)));
67 static PyObject *py_creds_set_password(PyObject *self, PyObject *args)
70 enum credentials_obtained obt = CRED_SPECIFIED;
73 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
78 return PyBool_FromLong(cli_credentials_set_password(PyCredentials_AsCliCredentials(self), newval, obt));
81 static PyObject *py_creds_set_utf16_password(PyObject *self, PyObject *args)
83 enum credentials_obtained obt = CRED_SPECIFIED;
85 PyObject *newval = NULL;
86 DATA_BLOB blob = data_blob_null;
91 if (!PyArg_ParseTuple(args, "O|i", &newval, &_obt)) {
96 result = PyBytes_AsStringAndSize(newval, (char **)&blob.data, &size);
98 PyErr_SetString(PyExc_RuntimeError, "Failed to convert passed value to Bytes");
103 ok = cli_credentials_set_utf16_password(PyCredentials_AsCliCredentials(self),
106 return PyBool_FromLong(ok);
109 static PyObject *py_creds_get_old_password(PyObject *self, PyObject *unused)
111 return PyString_FromStringOrNULL(cli_credentials_get_old_password(PyCredentials_AsCliCredentials(self)));
114 static PyObject *py_creds_set_old_password(PyObject *self, PyObject *args)
117 enum credentials_obtained obt = CRED_SPECIFIED;
120 if (!PyArg_ParseTuple(args, "s|i", &oldval, &_obt)) {
125 return PyBool_FromLong(cli_credentials_set_old_password(PyCredentials_AsCliCredentials(self), oldval, obt));
128 static PyObject *py_creds_set_old_utf16_password(PyObject *self, PyObject *args)
130 PyObject *oldval = NULL;
131 DATA_BLOB blob = data_blob_null;
136 if (!PyArg_ParseTuple(args, "O", &oldval)) {
140 result = PyBytes_AsStringAndSize(oldval, (char **)&blob.data, &size);
142 PyErr_SetString(PyExc_RuntimeError, "Failed to convert passed value to Bytes");
147 ok = cli_credentials_set_old_utf16_password(PyCredentials_AsCliCredentials(self),
150 return PyBool_FromLong(ok);
153 static PyObject *py_creds_get_domain(PyObject *self, PyObject *unused)
155 return PyString_FromStringOrNULL(cli_credentials_get_domain(PyCredentials_AsCliCredentials(self)));
158 static PyObject *py_creds_set_domain(PyObject *self, PyObject *args)
161 enum credentials_obtained obt = CRED_SPECIFIED;
164 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
169 return PyBool_FromLong(cli_credentials_set_domain(PyCredentials_AsCliCredentials(self), newval, obt));
172 static PyObject *py_creds_get_realm(PyObject *self, PyObject *unused)
174 return PyString_FromStringOrNULL(cli_credentials_get_realm(PyCredentials_AsCliCredentials(self)));
177 static PyObject *py_creds_set_realm(PyObject *self, PyObject *args)
180 enum credentials_obtained obt = CRED_SPECIFIED;
183 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
188 return PyBool_FromLong(cli_credentials_set_realm(PyCredentials_AsCliCredentials(self), newval, obt));
191 static PyObject *py_creds_get_bind_dn(PyObject *self, PyObject *unused)
193 return PyString_FromStringOrNULL(cli_credentials_get_bind_dn(PyCredentials_AsCliCredentials(self)));
196 static PyObject *py_creds_set_bind_dn(PyObject *self, PyObject *args)
199 if (!PyArg_ParseTuple(args, "s", &newval))
202 return PyBool_FromLong(cli_credentials_set_bind_dn(PyCredentials_AsCliCredentials(self), newval));
205 static PyObject *py_creds_get_workstation(PyObject *self, PyObject *unused)
207 return PyString_FromStringOrNULL(cli_credentials_get_workstation(PyCredentials_AsCliCredentials(self)));
210 static PyObject *py_creds_set_workstation(PyObject *self, PyObject *args)
213 enum credentials_obtained obt = CRED_SPECIFIED;
216 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
221 return PyBool_FromLong(cli_credentials_set_workstation(PyCredentials_AsCliCredentials(self), newval, obt));
224 static PyObject *py_creds_is_anonymous(PyObject *self, PyObject *unused)
226 return PyBool_FromLong(cli_credentials_is_anonymous(PyCredentials_AsCliCredentials(self)));
229 static PyObject *py_creds_set_anonymous(PyObject *self, PyObject *unused)
231 cli_credentials_set_anonymous(PyCredentials_AsCliCredentials(self));
235 static PyObject *py_creds_authentication_requested(PyObject *self, PyObject *unused)
237 return PyBool_FromLong(cli_credentials_authentication_requested(PyCredentials_AsCliCredentials(self)));
240 static PyObject *py_creds_wrong_password(PyObject *self, PyObject *unused)
242 return PyBool_FromLong(cli_credentials_wrong_password(PyCredentials_AsCliCredentials(self)));
245 static PyObject *py_creds_set_cmdline_callbacks(PyObject *self, PyObject *unused)
247 return PyBool_FromLong(cli_credentials_set_cmdline_callbacks(PyCredentials_AsCliCredentials(self)));
250 static PyObject *py_creds_parse_string(PyObject *self, PyObject *args)
253 enum credentials_obtained obt = CRED_SPECIFIED;
256 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
261 cli_credentials_parse_string(PyCredentials_AsCliCredentials(self), newval, obt);
265 static PyObject *py_creds_get_nt_hash(PyObject *self, PyObject *unused)
268 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
269 struct samr_Password *ntpw = cli_credentials_get_nt_hash(creds, creds);
271 ret = PyString_FromStringAndSize(discard_const_p(char, ntpw->hash), 16);
276 static PyObject *py_creds_get_kerberos_state(PyObject *self, PyObject *unused)
278 int state = cli_credentials_get_kerberos_state(PyCredentials_AsCliCredentials(self));
279 return PyInt_FromLong(state);
282 static PyObject *py_creds_set_kerberos_state(PyObject *self, PyObject *args)
285 if (!PyArg_ParseTuple(args, "i", &state))
288 cli_credentials_set_kerberos_state(PyCredentials_AsCliCredentials(self), state);
292 static PyObject *py_creds_set_krb_forwardable(PyObject *self, PyObject *args)
295 if (!PyArg_ParseTuple(args, "i", &state))
298 cli_credentials_set_krb_forwardable(PyCredentials_AsCliCredentials(self), state);
303 static PyObject *py_creds_get_forced_sasl_mech(PyObject *self, PyObject *unused)
305 return PyString_FromStringOrNULL(cli_credentials_get_forced_sasl_mech(PyCredentials_AsCliCredentials(self)));
308 static PyObject *py_creds_set_forced_sasl_mech(PyObject *self, PyObject *args)
311 enum credentials_obtained obt = CRED_SPECIFIED;
314 if (!PyArg_ParseTuple(args, "s", &newval)) {
319 cli_credentials_set_forced_sasl_mech(PyCredentials_AsCliCredentials(self), newval);
323 static PyObject *py_creds_guess(PyObject *self, PyObject *args)
325 PyObject *py_lp_ctx = Py_None;
326 struct loadparm_context *lp_ctx;
328 struct cli_credentials *creds;
330 creds = PyCredentials_AsCliCredentials(self);
332 if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
335 mem_ctx = talloc_new(NULL);
336 if (mem_ctx == NULL) {
341 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
342 if (lp_ctx == NULL) {
343 talloc_free(mem_ctx);
347 cli_credentials_guess(creds, lp_ctx);
349 talloc_free(mem_ctx);
354 static PyObject *py_creds_set_machine_account(PyObject *self, PyObject *args)
356 PyObject *py_lp_ctx = Py_None;
357 struct loadparm_context *lp_ctx;
359 struct cli_credentials *creds;
362 creds = PyCredentials_AsCliCredentials(self);
364 if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
367 mem_ctx = talloc_new(NULL);
368 if (mem_ctx == NULL) {
373 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
374 if (lp_ctx == NULL) {
375 talloc_free(mem_ctx);
379 status = cli_credentials_set_machine_account(creds, lp_ctx);
380 talloc_free(mem_ctx);
382 PyErr_NTSTATUS_IS_ERR_RAISE(status);
387 static PyObject *PyCredentialCacheContainer_from_ccache_container(struct ccache_container *ccc)
389 return pytalloc_reference(&PyCredentialCacheContainer, ccc);
393 static PyObject *py_creds_get_named_ccache(PyObject *self, PyObject *args)
395 PyObject *py_lp_ctx = Py_None;
397 struct loadparm_context *lp_ctx;
398 struct ccache_container *ccc;
399 struct tevent_context *event_ctx;
401 const char *error_string;
402 struct cli_credentials *creds;
405 creds = PyCredentials_AsCliCredentials(self);
407 if (!PyArg_ParseTuple(args, "|Os", &py_lp_ctx, &ccache_name))
410 mem_ctx = talloc_new(NULL);
411 if (mem_ctx == NULL) {
416 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
417 if (lp_ctx == NULL) {
418 talloc_free(mem_ctx);
422 event_ctx = samba_tevent_context_init(mem_ctx);
424 ret = cli_credentials_get_named_ccache(creds, event_ctx, lp_ctx,
425 ccache_name, &ccc, &error_string);
426 talloc_unlink(mem_ctx, lp_ctx);
428 talloc_steal(ccc, event_ctx);
429 talloc_free(mem_ctx);
430 return PyCredentialCacheContainer_from_ccache_container(ccc);
433 PyErr_SetString(PyExc_RuntimeError, error_string?error_string:"NULL");
435 talloc_free(mem_ctx);
439 static PyObject *py_creds_set_gensec_features(PyObject *self, PyObject *args)
441 unsigned int gensec_features;
443 if (!PyArg_ParseTuple(args, "I", &gensec_features))
446 cli_credentials_set_gensec_features(PyCredentials_AsCliCredentials(self), gensec_features);
451 static PyObject *py_creds_get_gensec_features(PyObject *self, PyObject *args)
453 unsigned int gensec_features;
455 gensec_features = cli_credentials_get_gensec_features(PyCredentials_AsCliCredentials(self));
456 return PyInt_FromLong(gensec_features);
460 static PyMethodDef py_creds_methods[] = {
461 { "get_username", py_creds_get_username, METH_NOARGS,
462 "S.get_username() -> username\nObtain username." },
463 { "set_username", py_creds_set_username, METH_VARARGS,
464 "S.set_username(name, obtained=CRED_SPECIFIED) -> None\n"
465 "Change username." },
466 { "get_password", py_creds_get_password, METH_NOARGS,
467 "S.get_password() -> password\n"
468 "Obtain password." },
469 { "set_password", py_creds_set_password, METH_VARARGS,
470 "S.set_password(password, obtained=CRED_SPECIFIED) -> None\n"
471 "Change password." },
472 { "set_utf16_password", py_creds_set_utf16_password, METH_VARARGS,
473 "S.set_utf16_password(password, obtained=CRED_SPECIFIED) -> None\n"
474 "Change password." },
475 { "get_old_password", py_creds_get_old_password, METH_NOARGS,
476 "S.get_old_password() -> password\n"
477 "Obtain old password." },
478 { "set_old_password", py_creds_set_old_password, METH_VARARGS,
479 "S.set_old_password(password, obtained=CRED_SPECIFIED) -> None\n"
480 "Change old password." },
481 { "set_old_utf16_password", py_creds_set_old_utf16_password, METH_VARARGS,
482 "S.set_old_utf16_password(password, obtained=CRED_SPECIFIED) -> None\n"
483 "Change old password." },
484 { "get_domain", py_creds_get_domain, METH_NOARGS,
485 "S.get_domain() -> domain\n"
486 "Obtain domain name." },
487 { "set_domain", py_creds_set_domain, METH_VARARGS,
488 "S.set_domain(domain, obtained=CRED_SPECIFIED) -> None\n"
489 "Change domain name." },
490 { "get_realm", py_creds_get_realm, METH_NOARGS,
491 "S.get_realm() -> realm\n"
492 "Obtain realm name." },
493 { "set_realm", py_creds_set_realm, METH_VARARGS,
494 "S.set_realm(realm, obtained=CRED_SPECIFIED) -> None\n"
495 "Change realm name." },
496 { "get_bind_dn", py_creds_get_bind_dn, METH_NOARGS,
497 "S.get_bind_dn() -> bind dn\n"
499 { "set_bind_dn", py_creds_set_bind_dn, METH_VARARGS,
500 "S.set_bind_dn(bind_dn) -> None\n"
502 { "is_anonymous", py_creds_is_anonymous, METH_NOARGS,
504 { "set_anonymous", py_creds_set_anonymous, METH_NOARGS,
505 "S.set_anonymous() -> None\n"
506 "Use anonymous credentials." },
507 { "get_workstation", py_creds_get_workstation, METH_NOARGS,
509 { "set_workstation", py_creds_set_workstation, METH_VARARGS,
511 { "authentication_requested", py_creds_authentication_requested, METH_NOARGS,
513 { "wrong_password", py_creds_wrong_password, METH_NOARGS,
514 "S.wrong_password() -> bool\n"
515 "Indicate the returned password was incorrect." },
516 { "set_cmdline_callbacks", py_creds_set_cmdline_callbacks, METH_NOARGS,
517 "S.set_cmdline_callbacks() -> bool\n"
518 "Use command-line to obtain credentials not explicitly set." },
519 { "parse_string", py_creds_parse_string, METH_VARARGS,
520 "S.parse_string(text, obtained=CRED_SPECIFIED) -> None\n"
521 "Parse credentials string." },
522 { "get_nt_hash", py_creds_get_nt_hash, METH_NOARGS,
524 { "get_kerberos_state", py_creds_get_kerberos_state, METH_NOARGS,
526 { "set_kerberos_state", py_creds_set_kerberos_state, METH_VARARGS,
528 { "set_krb_forwardable", py_creds_set_krb_forwardable, METH_VARARGS,
530 { "guess", py_creds_guess, METH_VARARGS, NULL },
531 { "set_machine_account", py_creds_set_machine_account, METH_VARARGS, NULL },
532 { "get_named_ccache", py_creds_get_named_ccache, METH_VARARGS, NULL },
533 { "set_gensec_features", py_creds_set_gensec_features, METH_VARARGS, NULL },
534 { "get_gensec_features", py_creds_get_gensec_features, METH_NOARGS, NULL },
535 { "get_forced_sasl_mech", py_creds_get_forced_sasl_mech, METH_NOARGS,
536 "S.get_forced_sasl_mech() -> SASL mechanism\nObtain forced SASL mechanism." },
537 { "set_forced_sasl_mech", py_creds_set_forced_sasl_mech, METH_VARARGS,
538 "S.set_forced_sasl_mech(name) -> None\n"
539 "Set forced SASL mechanism." },
543 PyTypeObject PyCredentials = {
544 .tp_name = "credentials.Credentials",
545 .tp_new = py_creds_new,
546 .tp_flags = Py_TPFLAGS_DEFAULT,
547 .tp_methods = py_creds_methods,
551 PyTypeObject PyCredentialCacheContainer = {
552 .tp_name = "credentials.CredentialCacheContainer",
553 .tp_flags = Py_TPFLAGS_DEFAULT,
556 void initcredentials(void)
559 if (pytalloc_BaseObject_PyType_Ready(&PyCredentials) < 0)
562 if (pytalloc_BaseObject_PyType_Ready(&PyCredentialCacheContainer) < 0)
565 m = Py_InitModule3("credentials", NULL, "Credentials management.");
569 PyModule_AddObject(m, "AUTO_USE_KERBEROS", PyInt_FromLong(CRED_AUTO_USE_KERBEROS));
570 PyModule_AddObject(m, "DONT_USE_KERBEROS", PyInt_FromLong(CRED_DONT_USE_KERBEROS));
571 PyModule_AddObject(m, "MUST_USE_KERBEROS", PyInt_FromLong(CRED_MUST_USE_KERBEROS));
573 PyModule_AddObject(m, "AUTO_KRB_FORWARDABLE", PyInt_FromLong(CRED_AUTO_KRB_FORWARDABLE));
574 PyModule_AddObject(m, "NO_KRB_FORWARDABLE", PyInt_FromLong(CRED_NO_KRB_FORWARDABLE));
575 PyModule_AddObject(m, "FORCE_KRB_FORWARDABLE", PyInt_FromLong(CRED_FORCE_KRB_FORWARDABLE));
577 Py_INCREF(&PyCredentials);
578 PyModule_AddObject(m, "Credentials", (PyObject *)&PyCredentials);
579 Py_INCREF(&PyCredentialCacheContainer);
580 PyModule_AddObject(m, "CredentialCacheContainer", (PyObject *)&PyCredentialCacheContainer);