2 Unix SMB/CIFS implementation.
3 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 3 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "pycredentials.h"
22 #include "param/param.h"
23 #include "lib/cmdline/credentials.h"
24 #include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
25 #include "libcli/util/pyerrors.h"
26 #include "param/pyparam.h"
29 void initcredentials(void);
31 static PyObject *PyString_FromStringOrNULL(const char *str)
35 return PyString_FromString(str);
38 static PyObject *py_creds_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
40 return pytalloc_steal(type, cli_credentials_init(NULL));
43 static PyObject *py_creds_get_username(PyObject *self, PyObject *unused)
45 return PyString_FromStringOrNULL(cli_credentials_get_username(PyCredentials_AsCliCredentials(self)));
48 static PyObject *py_creds_set_username(PyObject *self, PyObject *args)
51 enum credentials_obtained obt = CRED_SPECIFIED;
54 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
59 return PyBool_FromLong(cli_credentials_set_username(PyCredentials_AsCliCredentials(self), newval, obt));
62 static PyObject *py_creds_get_ntlm_username_domain(PyObject *self, PyObject *unused)
64 TALLOC_CTX *frame = talloc_stackframe();
65 const char *user = NULL;
66 const char *domain = NULL;
68 cli_credentials_get_ntlm_username_domain(PyCredentials_AsCliCredentials(self),
69 frame, &user, &domain);
70 ret = Py_BuildValue("(OO)",
71 PyString_FromStringOrNULL(user),
72 PyString_FromStringOrNULL(domain));
77 static PyObject *py_creds_get_principal(PyObject *self, PyObject *unused)
79 TALLOC_CTX *frame = talloc_stackframe();
80 PyObject *ret = PyString_FromStringOrNULL(cli_credentials_get_principal(PyCredentials_AsCliCredentials(self), frame));
85 static PyObject *py_creds_set_principal(PyObject *self, PyObject *args)
88 enum credentials_obtained obt = CRED_SPECIFIED;
91 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
96 return PyBool_FromLong(cli_credentials_set_principal(PyCredentials_AsCliCredentials(self), newval, obt));
99 static PyObject *py_creds_get_password(PyObject *self, PyObject *unused)
101 return PyString_FromStringOrNULL(cli_credentials_get_password(PyCredentials_AsCliCredentials(self)));
104 static PyObject *py_creds_set_password(PyObject *self, PyObject *args)
107 enum credentials_obtained obt = CRED_SPECIFIED;
110 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
115 return PyBool_FromLong(cli_credentials_set_password(PyCredentials_AsCliCredentials(self), newval, obt));
118 static PyObject *py_creds_set_utf16_password(PyObject *self, PyObject *args)
120 enum credentials_obtained obt = CRED_SPECIFIED;
122 PyObject *newval = NULL;
123 DATA_BLOB blob = data_blob_null;
128 if (!PyArg_ParseTuple(args, "O|i", &newval, &_obt)) {
133 result = PyBytes_AsStringAndSize(newval, (char **)&blob.data, &size);
135 PyErr_SetString(PyExc_RuntimeError, "Failed to convert passed value to Bytes");
140 ok = cli_credentials_set_utf16_password(PyCredentials_AsCliCredentials(self),
143 return PyBool_FromLong(ok);
146 static PyObject *py_creds_get_old_password(PyObject *self, PyObject *unused)
148 return PyString_FromStringOrNULL(cli_credentials_get_old_password(PyCredentials_AsCliCredentials(self)));
151 static PyObject *py_creds_set_old_password(PyObject *self, PyObject *args)
154 enum credentials_obtained obt = CRED_SPECIFIED;
157 if (!PyArg_ParseTuple(args, "s|i", &oldval, &_obt)) {
162 return PyBool_FromLong(cli_credentials_set_old_password(PyCredentials_AsCliCredentials(self), oldval, obt));
165 static PyObject *py_creds_set_old_utf16_password(PyObject *self, PyObject *args)
167 PyObject *oldval = NULL;
168 DATA_BLOB blob = data_blob_null;
173 if (!PyArg_ParseTuple(args, "O", &oldval)) {
177 result = PyBytes_AsStringAndSize(oldval, (char **)&blob.data, &size);
179 PyErr_SetString(PyExc_RuntimeError, "Failed to convert passed value to Bytes");
184 ok = cli_credentials_set_old_utf16_password(PyCredentials_AsCliCredentials(self),
187 return PyBool_FromLong(ok);
190 static PyObject *py_creds_get_domain(PyObject *self, PyObject *unused)
192 return PyString_FromStringOrNULL(cli_credentials_get_domain(PyCredentials_AsCliCredentials(self)));
195 static PyObject *py_creds_set_domain(PyObject *self, PyObject *args)
198 enum credentials_obtained obt = CRED_SPECIFIED;
201 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
206 return PyBool_FromLong(cli_credentials_set_domain(PyCredentials_AsCliCredentials(self), newval, obt));
209 static PyObject *py_creds_get_realm(PyObject *self, PyObject *unused)
211 return PyString_FromStringOrNULL(cli_credentials_get_realm(PyCredentials_AsCliCredentials(self)));
214 static PyObject *py_creds_set_realm(PyObject *self, PyObject *args)
217 enum credentials_obtained obt = CRED_SPECIFIED;
220 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
225 return PyBool_FromLong(cli_credentials_set_realm(PyCredentials_AsCliCredentials(self), newval, obt));
228 static PyObject *py_creds_get_bind_dn(PyObject *self, PyObject *unused)
230 return PyString_FromStringOrNULL(cli_credentials_get_bind_dn(PyCredentials_AsCliCredentials(self)));
233 static PyObject *py_creds_set_bind_dn(PyObject *self, PyObject *args)
236 if (!PyArg_ParseTuple(args, "s", &newval))
239 return PyBool_FromLong(cli_credentials_set_bind_dn(PyCredentials_AsCliCredentials(self), newval));
242 static PyObject *py_creds_get_workstation(PyObject *self, PyObject *unused)
244 return PyString_FromStringOrNULL(cli_credentials_get_workstation(PyCredentials_AsCliCredentials(self)));
247 static PyObject *py_creds_set_workstation(PyObject *self, PyObject *args)
250 enum credentials_obtained obt = CRED_SPECIFIED;
253 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
258 return PyBool_FromLong(cli_credentials_set_workstation(PyCredentials_AsCliCredentials(self), newval, obt));
261 static PyObject *py_creds_is_anonymous(PyObject *self, PyObject *unused)
263 return PyBool_FromLong(cli_credentials_is_anonymous(PyCredentials_AsCliCredentials(self)));
266 static PyObject *py_creds_set_anonymous(PyObject *self, PyObject *unused)
268 cli_credentials_set_anonymous(PyCredentials_AsCliCredentials(self));
272 static PyObject *py_creds_authentication_requested(PyObject *self, PyObject *unused)
274 return PyBool_FromLong(cli_credentials_authentication_requested(PyCredentials_AsCliCredentials(self)));
277 static PyObject *py_creds_wrong_password(PyObject *self, PyObject *unused)
279 return PyBool_FromLong(cli_credentials_wrong_password(PyCredentials_AsCliCredentials(self)));
282 static PyObject *py_creds_set_cmdline_callbacks(PyObject *self, PyObject *unused)
284 return PyBool_FromLong(cli_credentials_set_cmdline_callbacks(PyCredentials_AsCliCredentials(self)));
287 static PyObject *py_creds_parse_string(PyObject *self, PyObject *args)
290 enum credentials_obtained obt = CRED_SPECIFIED;
293 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
298 cli_credentials_parse_string(PyCredentials_AsCliCredentials(self), newval, obt);
302 static PyObject *py_creds_parse_file(PyObject *self, PyObject *args)
305 enum credentials_obtained obt = CRED_SPECIFIED;
308 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
313 cli_credentials_parse_file(PyCredentials_AsCliCredentials(self), newval, obt);
317 static PyObject *py_cli_credentials_set_password_will_be_nt_hash(PyObject *self, PyObject *args)
319 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
320 PyObject *py_val = NULL;
323 if (!PyArg_ParseTuple(args, "O!", &PyBool_Type, &py_val)) {
326 val = PyObject_IsTrue(py_val);
328 cli_credentials_set_password_will_be_nt_hash(creds, val);
332 static PyObject *py_creds_get_nt_hash(PyObject *self, PyObject *unused)
335 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
336 struct samr_Password *ntpw = cli_credentials_get_nt_hash(creds, creds);
338 ret = PyString_FromStringAndSize(discard_const_p(char, ntpw->hash), 16);
343 static PyObject *py_creds_get_kerberos_state(PyObject *self, PyObject *unused)
345 int state = cli_credentials_get_kerberos_state(PyCredentials_AsCliCredentials(self));
346 return PyInt_FromLong(state);
349 static PyObject *py_creds_set_kerberos_state(PyObject *self, PyObject *args)
352 if (!PyArg_ParseTuple(args, "i", &state))
355 cli_credentials_set_kerberos_state(PyCredentials_AsCliCredentials(self), state);
359 static PyObject *py_creds_set_krb_forwardable(PyObject *self, PyObject *args)
362 if (!PyArg_ParseTuple(args, "i", &state))
365 cli_credentials_set_krb_forwardable(PyCredentials_AsCliCredentials(self), state);
370 static PyObject *py_creds_get_forced_sasl_mech(PyObject *self, PyObject *unused)
372 return PyString_FromStringOrNULL(cli_credentials_get_forced_sasl_mech(PyCredentials_AsCliCredentials(self)));
375 static PyObject *py_creds_set_forced_sasl_mech(PyObject *self, PyObject *args)
378 enum credentials_obtained obt = CRED_SPECIFIED;
381 if (!PyArg_ParseTuple(args, "s", &newval)) {
386 cli_credentials_set_forced_sasl_mech(PyCredentials_AsCliCredentials(self), newval);
390 static PyObject *py_creds_guess(PyObject *self, PyObject *args)
392 PyObject *py_lp_ctx = Py_None;
393 struct loadparm_context *lp_ctx;
395 struct cli_credentials *creds;
397 creds = PyCredentials_AsCliCredentials(self);
399 if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
402 mem_ctx = talloc_new(NULL);
403 if (mem_ctx == NULL) {
408 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
409 if (lp_ctx == NULL) {
410 talloc_free(mem_ctx);
414 cli_credentials_guess(creds, lp_ctx);
416 talloc_free(mem_ctx);
421 static PyObject *py_creds_set_machine_account(PyObject *self, PyObject *args)
423 PyObject *py_lp_ctx = Py_None;
424 struct loadparm_context *lp_ctx;
426 struct cli_credentials *creds;
429 creds = PyCredentials_AsCliCredentials(self);
431 if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
434 mem_ctx = talloc_new(NULL);
435 if (mem_ctx == NULL) {
440 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
441 if (lp_ctx == NULL) {
442 talloc_free(mem_ctx);
446 status = cli_credentials_set_machine_account(creds, lp_ctx);
447 talloc_free(mem_ctx);
449 PyErr_NTSTATUS_IS_ERR_RAISE(status);
454 static PyObject *PyCredentialCacheContainer_from_ccache_container(struct ccache_container *ccc)
456 return pytalloc_reference(&PyCredentialCacheContainer, ccc);
460 static PyObject *py_creds_get_named_ccache(PyObject *self, PyObject *args)
462 PyObject *py_lp_ctx = Py_None;
464 struct loadparm_context *lp_ctx;
465 struct ccache_container *ccc;
466 struct tevent_context *event_ctx;
468 const char *error_string;
469 struct cli_credentials *creds;
472 creds = PyCredentials_AsCliCredentials(self);
474 if (!PyArg_ParseTuple(args, "|Os", &py_lp_ctx, &ccache_name))
477 mem_ctx = talloc_new(NULL);
478 if (mem_ctx == NULL) {
483 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
484 if (lp_ctx == NULL) {
485 talloc_free(mem_ctx);
489 event_ctx = samba_tevent_context_init(mem_ctx);
491 ret = cli_credentials_get_named_ccache(creds, event_ctx, lp_ctx,
492 ccache_name, &ccc, &error_string);
493 talloc_unlink(mem_ctx, lp_ctx);
495 talloc_steal(ccc, event_ctx);
496 talloc_free(mem_ctx);
497 return PyCredentialCacheContainer_from_ccache_container(ccc);
500 PyErr_SetString(PyExc_RuntimeError, error_string?error_string:"NULL");
502 talloc_free(mem_ctx);
506 static PyObject *py_creds_set_gensec_features(PyObject *self, PyObject *args)
508 unsigned int gensec_features;
510 if (!PyArg_ParseTuple(args, "I", &gensec_features))
513 cli_credentials_set_gensec_features(PyCredentials_AsCliCredentials(self), gensec_features);
518 static PyObject *py_creds_get_gensec_features(PyObject *self, PyObject *args)
520 unsigned int gensec_features;
522 gensec_features = cli_credentials_get_gensec_features(PyCredentials_AsCliCredentials(self));
523 return PyInt_FromLong(gensec_features);
527 static PyMethodDef py_creds_methods[] = {
528 { "get_username", py_creds_get_username, METH_NOARGS,
529 "S.get_username() -> username\nObtain username." },
530 { "set_username", py_creds_set_username, METH_VARARGS,
531 "S.set_username(name, obtained=CRED_SPECIFIED) -> None\n"
532 "Change username." },
533 { "get_principal", py_creds_get_principal, METH_NOARGS,
534 "S.get_principal() -> user@realm\nObtain user principal." },
535 { "set_principal", py_creds_set_principal, METH_VARARGS,
536 "S.set_principal(name, obtained=CRED_SPECIFIED) -> None\n"
537 "Change principal." },
538 { "get_password", py_creds_get_password, METH_NOARGS,
539 "S.get_password() -> password\n"
540 "Obtain password." },
541 { "get_ntlm_username_domain", py_creds_get_ntlm_username_domain, METH_NOARGS,
542 "S.get_ntlm_username_domain() -> (domain, username)\n"
543 "Obtain NTLM username and domain, split up either as (DOMAIN, user) or (\"\", \"user@realm\")." },
544 { "set_password", py_creds_set_password, METH_VARARGS,
545 "S.set_password(password, obtained=CRED_SPECIFIED) -> None\n"
546 "Change password." },
547 { "set_utf16_password", py_creds_set_utf16_password, METH_VARARGS,
548 "S.set_utf16_password(password, obtained=CRED_SPECIFIED) -> None\n"
549 "Change password." },
550 { "get_old_password", py_creds_get_old_password, METH_NOARGS,
551 "S.get_old_password() -> password\n"
552 "Obtain old password." },
553 { "set_old_password", py_creds_set_old_password, METH_VARARGS,
554 "S.set_old_password(password, obtained=CRED_SPECIFIED) -> None\n"
555 "Change old password." },
556 { "set_old_utf16_password", py_creds_set_old_utf16_password, METH_VARARGS,
557 "S.set_old_utf16_password(password, obtained=CRED_SPECIFIED) -> None\n"
558 "Change old password." },
559 { "get_domain", py_creds_get_domain, METH_NOARGS,
560 "S.get_domain() -> domain\n"
561 "Obtain domain name." },
562 { "set_domain", py_creds_set_domain, METH_VARARGS,
563 "S.set_domain(domain, obtained=CRED_SPECIFIED) -> None\n"
564 "Change domain name." },
565 { "get_realm", py_creds_get_realm, METH_NOARGS,
566 "S.get_realm() -> realm\n"
567 "Obtain realm name." },
568 { "set_realm", py_creds_set_realm, METH_VARARGS,
569 "S.set_realm(realm, obtained=CRED_SPECIFIED) -> None\n"
570 "Change realm name." },
571 { "get_bind_dn", py_creds_get_bind_dn, METH_NOARGS,
572 "S.get_bind_dn() -> bind dn\n"
574 { "set_bind_dn", py_creds_set_bind_dn, METH_VARARGS,
575 "S.set_bind_dn(bind_dn) -> None\n"
577 { "is_anonymous", py_creds_is_anonymous, METH_NOARGS,
579 { "set_anonymous", py_creds_set_anonymous, METH_NOARGS,
580 "S.set_anonymous() -> None\n"
581 "Use anonymous credentials." },
582 { "get_workstation", py_creds_get_workstation, METH_NOARGS,
584 { "set_workstation", py_creds_set_workstation, METH_VARARGS,
586 { "authentication_requested", py_creds_authentication_requested, METH_NOARGS,
588 { "wrong_password", py_creds_wrong_password, METH_NOARGS,
589 "S.wrong_password() -> bool\n"
590 "Indicate the returned password was incorrect." },
591 { "set_cmdline_callbacks", py_creds_set_cmdline_callbacks, METH_NOARGS,
592 "S.set_cmdline_callbacks() -> bool\n"
593 "Use command-line to obtain credentials not explicitly set." },
594 { "parse_string", py_creds_parse_string, METH_VARARGS,
595 "S.parse_string(text, obtained=CRED_SPECIFIED) -> None\n"
596 "Parse credentials string." },
597 { "parse_file", py_creds_parse_file, METH_VARARGS,
598 "S.parse_file(filename, obtained=CRED_SPECIFIED) -> None\n"
599 "Parse credentials file." },
600 { "set_password_will_be_nt_hash",
601 py_cli_credentials_set_password_will_be_nt_hash, METH_VARARGS,
602 "S.set_password_will_be_nt_hash(bool) -> None\n"
603 "Alters the behaviour of S.set_password() "
604 "to expect the NTHASH as hexstring." },
605 { "get_nt_hash", py_creds_get_nt_hash, METH_NOARGS,
607 { "get_kerberos_state", py_creds_get_kerberos_state, METH_NOARGS,
609 { "set_kerberos_state", py_creds_set_kerberos_state, METH_VARARGS,
611 { "set_krb_forwardable", py_creds_set_krb_forwardable, METH_VARARGS,
613 { "guess", py_creds_guess, METH_VARARGS, NULL },
614 { "set_machine_account", py_creds_set_machine_account, METH_VARARGS, NULL },
615 { "get_named_ccache", py_creds_get_named_ccache, METH_VARARGS, NULL },
616 { "set_gensec_features", py_creds_set_gensec_features, METH_VARARGS, NULL },
617 { "get_gensec_features", py_creds_get_gensec_features, METH_NOARGS, NULL },
618 { "get_forced_sasl_mech", py_creds_get_forced_sasl_mech, METH_NOARGS,
619 "S.get_forced_sasl_mech() -> SASL mechanism\nObtain forced SASL mechanism." },
620 { "set_forced_sasl_mech", py_creds_set_forced_sasl_mech, METH_VARARGS,
621 "S.set_forced_sasl_mech(name) -> None\n"
622 "Set forced SASL mechanism." },
626 PyTypeObject PyCredentials = {
627 .tp_name = "credentials.Credentials",
628 .tp_new = py_creds_new,
629 .tp_flags = Py_TPFLAGS_DEFAULT,
630 .tp_methods = py_creds_methods,
634 PyTypeObject PyCredentialCacheContainer = {
635 .tp_name = "credentials.CredentialCacheContainer",
636 .tp_flags = Py_TPFLAGS_DEFAULT,
639 void initcredentials(void)
642 if (pytalloc_BaseObject_PyType_Ready(&PyCredentials) < 0)
645 if (pytalloc_BaseObject_PyType_Ready(&PyCredentialCacheContainer) < 0)
648 m = Py_InitModule3("credentials", NULL, "Credentials management.");
652 PyModule_AddObject(m, "AUTO_USE_KERBEROS", PyInt_FromLong(CRED_AUTO_USE_KERBEROS));
653 PyModule_AddObject(m, "DONT_USE_KERBEROS", PyInt_FromLong(CRED_DONT_USE_KERBEROS));
654 PyModule_AddObject(m, "MUST_USE_KERBEROS", PyInt_FromLong(CRED_MUST_USE_KERBEROS));
656 PyModule_AddObject(m, "AUTO_KRB_FORWARDABLE", PyInt_FromLong(CRED_AUTO_KRB_FORWARDABLE));
657 PyModule_AddObject(m, "NO_KRB_FORWARDABLE", PyInt_FromLong(CRED_NO_KRB_FORWARDABLE));
658 PyModule_AddObject(m, "FORCE_KRB_FORWARDABLE", PyInt_FromLong(CRED_FORCE_KRB_FORWARDABLE));
660 Py_INCREF(&PyCredentials);
661 PyModule_AddObject(m, "Credentials", (PyObject *)&PyCredentials);
662 Py_INCREF(&PyCredentialCacheContainer);
663 PyModule_AddObject(m, "CredentialCacheContainer", (PyObject *)&PyCredentialCacheContainer);