2 Unix SMB/CIFS implementation.
3 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 3 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 #include "python/py3compat.h"
22 #include "pycredentials.h"
23 #include "param/param.h"
24 #include "lib/cmdline/credentials.h"
25 #include "auth/credentials/credentials_internal.h"
26 #include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
27 #include "librpc/gen_ndr/netlogon.h"
28 #include "libcli/util/pyerrors.h"
29 #include "libcli/auth/libcli_auth.h"
30 #include "param/pyparam.h"
32 #include "libcli/auth/libcli_auth.h"
33 #include "auth/credentials/credentials_internal.h"
34 #include "system/kerberos.h"
35 #include "auth/kerberos/kerberos.h"
37 void initcredentials(void);
39 static PyObject *PyString_FromStringOrNULL(const char *str)
43 return PyStr_FromString(str);
46 static PyObject *py_creds_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
48 return pytalloc_steal(type, cli_credentials_init(NULL));
51 static PyObject *py_creds_get_username(PyObject *self, PyObject *unused)
53 return PyString_FromStringOrNULL(cli_credentials_get_username(PyCredentials_AsCliCredentials(self)));
56 static PyObject *py_creds_set_username(PyObject *self, PyObject *args)
59 enum credentials_obtained obt = CRED_SPECIFIED;
62 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
67 return PyBool_FromLong(cli_credentials_set_username(PyCredentials_AsCliCredentials(self), newval, obt));
70 static PyObject *py_creds_get_ntlm_username_domain(PyObject *self, PyObject *unused)
72 TALLOC_CTX *frame = talloc_stackframe();
73 const char *user = NULL;
74 const char *domain = NULL;
76 cli_credentials_get_ntlm_username_domain(PyCredentials_AsCliCredentials(self),
77 frame, &user, &domain);
78 ret = Py_BuildValue("(ss)",
86 static PyObject *py_creds_get_ntlm_response(PyObject *self, PyObject *args, PyObject *kwargs)
88 TALLOC_CTX *frame = talloc_stackframe();
91 struct timeval tv_now;
92 NTTIME server_timestamp;
93 DATA_BLOB challenge = data_blob_null;
94 DATA_BLOB target_info = data_blob_null;
96 DATA_BLOB lm_response = data_blob_null;
97 DATA_BLOB nt_response = data_blob_null;
98 DATA_BLOB lm_session_key = data_blob_null;
99 DATA_BLOB nt_session_key = data_blob_null;
100 const char *kwnames[] = { "flags", "challenge",
104 tv_now = timeval_current();
105 server_timestamp = timeval_to_nttime(&tv_now);
107 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "is#|s#",
108 discard_const_p(char *, kwnames),
113 &target_info.length)) {
117 status = cli_credentials_get_ntlm_response(PyCredentials_AsCliCredentials(self),
122 &lm_response, &nt_response,
123 &lm_session_key, &nt_session_key);
125 if (!NT_STATUS_IS_OK(status)) {
126 PyErr_SetNTSTATUS(status);
131 ret = Py_BuildValue("{sis" PYARG_BYTES_LEN "s" PYARG_BYTES_LEN
132 "s" PYARG_BYTES_LEN "s" PYARG_BYTES_LEN "}",
135 (const char *)lm_response.data, lm_response.length,
137 (const char *)nt_response.data, nt_response.length,
139 (const char *)lm_session_key.data, lm_session_key.length,
141 (const char *)nt_session_key.data, nt_session_key.length);
146 static PyObject *py_creds_get_principal(PyObject *self, PyObject *unused)
148 TALLOC_CTX *frame = talloc_stackframe();
149 PyObject *ret = PyString_FromStringOrNULL(cli_credentials_get_principal(PyCredentials_AsCliCredentials(self), frame));
154 static PyObject *py_creds_set_principal(PyObject *self, PyObject *args)
157 enum credentials_obtained obt = CRED_SPECIFIED;
160 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
165 return PyBool_FromLong(cli_credentials_set_principal(PyCredentials_AsCliCredentials(self), newval, obt));
168 static PyObject *py_creds_get_password(PyObject *self, PyObject *unused)
170 return PyString_FromStringOrNULL(cli_credentials_get_password(PyCredentials_AsCliCredentials(self)));
173 static PyObject *py_creds_set_password(PyObject *self, PyObject *args)
175 const char *newval = NULL;
176 enum credentials_obtained obt = CRED_SPECIFIED;
178 PyObject *result = NULL;
179 if (!PyArg_ParseTuple(args, PYARG_STR_UNI"|i", "utf8", &newval, &_obt)) {
184 result = PyBool_FromLong(cli_credentials_set_password(PyCredentials_AsCliCredentials(self), newval, obt));
185 PyMem_Free(discard_const_p(void*, newval));
189 static PyObject *py_creds_set_utf16_password(PyObject *self, PyObject *args)
191 enum credentials_obtained obt = CRED_SPECIFIED;
193 PyObject *newval = NULL;
194 DATA_BLOB blob = data_blob_null;
199 if (!PyArg_ParseTuple(args, "O|i", &newval, &_obt)) {
204 result = PyBytes_AsStringAndSize(newval, (char **)&blob.data, &size);
206 PyErr_SetString(PyExc_RuntimeError, "Failed to convert passed value to Bytes");
211 ok = cli_credentials_set_utf16_password(PyCredentials_AsCliCredentials(self),
214 return PyBool_FromLong(ok);
217 static PyObject *py_creds_get_old_password(PyObject *self, PyObject *unused)
219 return PyString_FromStringOrNULL(cli_credentials_get_old_password(PyCredentials_AsCliCredentials(self)));
222 static PyObject *py_creds_set_old_password(PyObject *self, PyObject *args)
225 enum credentials_obtained obt = CRED_SPECIFIED;
228 if (!PyArg_ParseTuple(args, "s|i", &oldval, &_obt)) {
233 return PyBool_FromLong(cli_credentials_set_old_password(PyCredentials_AsCliCredentials(self), oldval, obt));
236 static PyObject *py_creds_set_old_utf16_password(PyObject *self, PyObject *args)
238 PyObject *oldval = NULL;
239 DATA_BLOB blob = data_blob_null;
244 if (!PyArg_ParseTuple(args, "O", &oldval)) {
248 result = PyBytes_AsStringAndSize(oldval, (char **)&blob.data, &size);
250 PyErr_SetString(PyExc_RuntimeError, "Failed to convert passed value to Bytes");
255 ok = cli_credentials_set_old_utf16_password(PyCredentials_AsCliCredentials(self),
258 return PyBool_FromLong(ok);
261 static PyObject *py_creds_get_domain(PyObject *self, PyObject *unused)
263 return PyString_FromStringOrNULL(cli_credentials_get_domain(PyCredentials_AsCliCredentials(self)));
266 static PyObject *py_creds_set_domain(PyObject *self, PyObject *args)
269 enum credentials_obtained obt = CRED_SPECIFIED;
272 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
277 return PyBool_FromLong(cli_credentials_set_domain(PyCredentials_AsCliCredentials(self), newval, obt));
280 static PyObject *py_creds_get_realm(PyObject *self, PyObject *unused)
282 return PyString_FromStringOrNULL(cli_credentials_get_realm(PyCredentials_AsCliCredentials(self)));
285 static PyObject *py_creds_set_realm(PyObject *self, PyObject *args)
288 enum credentials_obtained obt = CRED_SPECIFIED;
291 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
296 return PyBool_FromLong(cli_credentials_set_realm(PyCredentials_AsCliCredentials(self), newval, obt));
299 static PyObject *py_creds_get_bind_dn(PyObject *self, PyObject *unused)
301 return PyString_FromStringOrNULL(cli_credentials_get_bind_dn(PyCredentials_AsCliCredentials(self)));
304 static PyObject *py_creds_set_bind_dn(PyObject *self, PyObject *args)
307 if (!PyArg_ParseTuple(args, "s", &newval))
310 return PyBool_FromLong(cli_credentials_set_bind_dn(PyCredentials_AsCliCredentials(self), newval));
313 static PyObject *py_creds_get_workstation(PyObject *self, PyObject *unused)
315 return PyString_FromStringOrNULL(cli_credentials_get_workstation(PyCredentials_AsCliCredentials(self)));
318 static PyObject *py_creds_set_workstation(PyObject *self, PyObject *args)
321 enum credentials_obtained obt = CRED_SPECIFIED;
324 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
329 return PyBool_FromLong(cli_credentials_set_workstation(PyCredentials_AsCliCredentials(self), newval, obt));
332 static PyObject *py_creds_is_anonymous(PyObject *self, PyObject *unused)
334 return PyBool_FromLong(cli_credentials_is_anonymous(PyCredentials_AsCliCredentials(self)));
337 static PyObject *py_creds_set_anonymous(PyObject *self, PyObject *unused)
339 cli_credentials_set_anonymous(PyCredentials_AsCliCredentials(self));
343 static PyObject *py_creds_authentication_requested(PyObject *self, PyObject *unused)
345 return PyBool_FromLong(cli_credentials_authentication_requested(PyCredentials_AsCliCredentials(self)));
348 static PyObject *py_creds_wrong_password(PyObject *self, PyObject *unused)
350 return PyBool_FromLong(cli_credentials_wrong_password(PyCredentials_AsCliCredentials(self)));
353 static PyObject *py_creds_set_cmdline_callbacks(PyObject *self, PyObject *unused)
355 return PyBool_FromLong(cli_credentials_set_cmdline_callbacks(PyCredentials_AsCliCredentials(self)));
358 static PyObject *py_creds_parse_string(PyObject *self, PyObject *args)
361 enum credentials_obtained obt = CRED_SPECIFIED;
364 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
369 cli_credentials_parse_string(PyCredentials_AsCliCredentials(self), newval, obt);
373 static PyObject *py_creds_parse_file(PyObject *self, PyObject *args)
376 enum credentials_obtained obt = CRED_SPECIFIED;
379 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
384 cli_credentials_parse_file(PyCredentials_AsCliCredentials(self), newval, obt);
388 static PyObject *py_cli_credentials_set_password_will_be_nt_hash(PyObject *self, PyObject *args)
390 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
391 PyObject *py_val = NULL;
394 if (!PyArg_ParseTuple(args, "O!", &PyBool_Type, &py_val)) {
397 val = PyObject_IsTrue(py_val);
399 cli_credentials_set_password_will_be_nt_hash(creds, val);
403 static PyObject *py_creds_get_nt_hash(PyObject *self, PyObject *unused)
406 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
407 struct samr_Password *ntpw = cli_credentials_get_nt_hash(creds, creds);
409 ret = PyBytes_FromStringAndSize(discard_const_p(char, ntpw->hash), 16);
414 static PyObject *py_creds_get_kerberos_state(PyObject *self, PyObject *unused)
416 int state = cli_credentials_get_kerberos_state(PyCredentials_AsCliCredentials(self));
417 return PyInt_FromLong(state);
420 static PyObject *py_creds_set_kerberos_state(PyObject *self, PyObject *args)
423 if (!PyArg_ParseTuple(args, "i", &state))
426 cli_credentials_set_kerberos_state(PyCredentials_AsCliCredentials(self), state);
430 static PyObject *py_creds_set_krb_forwardable(PyObject *self, PyObject *args)
433 if (!PyArg_ParseTuple(args, "i", &state))
436 cli_credentials_set_krb_forwardable(PyCredentials_AsCliCredentials(self), state);
441 static PyObject *py_creds_get_forced_sasl_mech(PyObject *self, PyObject *unused)
443 return PyString_FromStringOrNULL(cli_credentials_get_forced_sasl_mech(PyCredentials_AsCliCredentials(self)));
446 static PyObject *py_creds_set_forced_sasl_mech(PyObject *self, PyObject *args)
449 enum credentials_obtained obt = CRED_SPECIFIED;
452 if (!PyArg_ParseTuple(args, "s", &newval)) {
457 cli_credentials_set_forced_sasl_mech(PyCredentials_AsCliCredentials(self), newval);
461 static PyObject *py_creds_guess(PyObject *self, PyObject *args)
463 PyObject *py_lp_ctx = Py_None;
464 struct loadparm_context *lp_ctx;
466 struct cli_credentials *creds;
468 creds = PyCredentials_AsCliCredentials(self);
470 if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
473 mem_ctx = talloc_new(NULL);
474 if (mem_ctx == NULL) {
479 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
480 if (lp_ctx == NULL) {
481 talloc_free(mem_ctx);
485 cli_credentials_guess(creds, lp_ctx);
487 talloc_free(mem_ctx);
492 static PyObject *py_creds_set_machine_account(PyObject *self, PyObject *args)
494 PyObject *py_lp_ctx = Py_None;
495 struct loadparm_context *lp_ctx;
497 struct cli_credentials *creds;
500 creds = PyCredentials_AsCliCredentials(self);
502 if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
505 mem_ctx = talloc_new(NULL);
506 if (mem_ctx == NULL) {
511 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
512 if (lp_ctx == NULL) {
513 talloc_free(mem_ctx);
517 status = cli_credentials_set_machine_account(creds, lp_ctx);
518 talloc_free(mem_ctx);
520 PyErr_NTSTATUS_IS_ERR_RAISE(status);
525 static PyObject *PyCredentialCacheContainer_from_ccache_container(struct ccache_container *ccc)
527 return pytalloc_reference(&PyCredentialCacheContainer, ccc);
531 static PyObject *py_creds_get_named_ccache(PyObject *self, PyObject *args)
533 PyObject *py_lp_ctx = Py_None;
534 char *ccache_name = NULL;
535 struct loadparm_context *lp_ctx;
536 struct ccache_container *ccc;
537 struct tevent_context *event_ctx;
539 const char *error_string;
540 struct cli_credentials *creds;
543 creds = PyCredentials_AsCliCredentials(self);
545 if (!PyArg_ParseTuple(args, "|Os", &py_lp_ctx, &ccache_name))
548 mem_ctx = talloc_new(NULL);
549 if (mem_ctx == NULL) {
554 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
555 if (lp_ctx == NULL) {
556 talloc_free(mem_ctx);
560 event_ctx = samba_tevent_context_init(mem_ctx);
562 ret = cli_credentials_get_named_ccache(creds, event_ctx, lp_ctx,
563 ccache_name, &ccc, &error_string);
564 talloc_unlink(mem_ctx, lp_ctx);
566 talloc_steal(ccc, event_ctx);
567 talloc_free(mem_ctx);
568 return PyCredentialCacheContainer_from_ccache_container(ccc);
571 PyErr_SetString(PyExc_RuntimeError, error_string?error_string:"NULL");
573 talloc_free(mem_ctx);
577 static PyObject *py_creds_set_named_ccache(PyObject *self, PyObject *args)
579 struct loadparm_context *lp_ctx = NULL;
580 enum credentials_obtained obt = CRED_SPECIFIED;
581 const char *error_string = NULL;
582 TALLOC_CTX *mem_ctx = NULL;
584 PyObject *py_lp_ctx = Py_None;
588 if (!PyArg_ParseTuple(args, "s|iO", &newval, &_obt, &py_lp_ctx))
591 mem_ctx = talloc_new(NULL);
592 if (mem_ctx == NULL) {
597 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
598 if (lp_ctx == NULL) {
599 talloc_free(mem_ctx);
603 ret = cli_credentials_set_ccache(PyCredentials_AsCliCredentials(self),
605 newval, CRED_SPECIFIED,
609 PyErr_SetString(PyExc_RuntimeError,
610 error_string != NULL ? error_string : "NULL");
611 talloc_free(mem_ctx);
615 talloc_free(mem_ctx);
619 static PyObject *py_creds_set_gensec_features(PyObject *self, PyObject *args)
621 unsigned int gensec_features;
623 if (!PyArg_ParseTuple(args, "I", &gensec_features))
626 cli_credentials_set_gensec_features(PyCredentials_AsCliCredentials(self), gensec_features);
631 static PyObject *py_creds_get_gensec_features(PyObject *self, PyObject *args)
633 unsigned int gensec_features;
635 gensec_features = cli_credentials_get_gensec_features(PyCredentials_AsCliCredentials(self));
636 return PyInt_FromLong(gensec_features);
639 static PyObject *py_creds_new_client_authenticator(PyObject *self,
642 struct netr_Authenticator auth;
643 struct cli_credentials *creds = NULL;
644 struct netlogon_creds_CredentialState *nc = NULL;
645 PyObject *ret = NULL;
647 creds = PyCredentials_AsCliCredentials(self);
649 PyErr_SetString(PyExc_RuntimeError,
650 "Failed to get credentials from python");
654 nc = creds->netlogon_creds;
656 PyErr_SetString(PyExc_ValueError,
657 "No netlogon credentials cannot make "
658 "client authenticator");
662 netlogon_creds_client_authenticator(
665 ret = Py_BuildValue("{s"PYARG_BYTES_LEN"si}",
667 (const char *) &auth.cred, sizeof(auth.cred),
668 "timestamp", auth.timestamp);
672 static PyObject *py_creds_set_secure_channel_type(PyObject *self, PyObject *args)
674 unsigned int channel_type;
676 if (!PyArg_ParseTuple(args, "I", &channel_type))
679 cli_credentials_set_secure_channel_type(
680 PyCredentials_AsCliCredentials(self),
686 static PyObject *py_creds_get_secure_channel_type(PyObject *self, PyObject *args)
688 enum netr_SchannelType channel_type = SEC_CHAN_NULL;
690 channel_type = cli_credentials_get_secure_channel_type(
691 PyCredentials_AsCliCredentials(self));
693 return PyInt_FromLong(channel_type);
696 static PyObject *py_creds_encrypt_netr_crypt_password(PyObject *self,
699 DATA_BLOB data = data_blob_null;
700 struct cli_credentials *creds = NULL;
701 struct netr_CryptPassword *pwd = NULL;
703 PyObject *py_cp = Py_None;
705 creds = PyCredentials_AsCliCredentials(self);
707 if (!PyArg_ParseTuple(args, "|O", &py_cp)) {
710 pwd = pytalloc_get_type(py_cp, struct netr_CryptPassword);
711 data.length = sizeof(struct netr_CryptPassword);
712 data.data = (uint8_t *)pwd;
713 status = netlogon_creds_session_encrypt(creds->netlogon_creds, data);
715 PyErr_NTSTATUS_IS_ERR_RAISE(status);
720 static PyMethodDef py_creds_methods[] = {
722 .ml_name = "get_username",
723 .ml_meth = py_creds_get_username,
724 .ml_flags = METH_NOARGS,
725 .ml_doc = "S.get_username() -> username\nObtain username.",
728 .ml_name = "set_username",
729 .ml_meth = py_creds_set_username,
730 .ml_flags = METH_VARARGS,
731 .ml_doc = "S.set_username(name[, credentials.SPECIFIED]) -> None\n"
735 .ml_name = "get_principal",
736 .ml_meth = py_creds_get_principal,
737 .ml_flags = METH_NOARGS,
738 .ml_doc = "S.get_principal() -> user@realm\nObtain user principal.",
741 .ml_name = "set_principal",
742 .ml_meth = py_creds_set_principal,
743 .ml_flags = METH_VARARGS,
744 .ml_doc = "S.set_principal(name[, credentials.SPECIFIED]) -> None\n"
748 .ml_name = "get_password",
749 .ml_meth = py_creds_get_password,
750 .ml_flags = METH_NOARGS,
751 .ml_doc = "S.get_password() -> password\n"
755 .ml_name = "get_ntlm_username_domain",
756 .ml_meth = py_creds_get_ntlm_username_domain,
757 .ml_flags = METH_NOARGS,
758 .ml_doc = "S.get_ntlm_username_domain() -> (domain, username)\n"
759 "Obtain NTLM username and domain, split up either as (DOMAIN, user) or (\"\", \"user@realm\").",
762 .ml_name = "get_ntlm_response",
763 .ml_meth = (PyCFunction)py_creds_get_ntlm_response,
764 .ml_flags = METH_VARARGS | METH_KEYWORDS,
765 .ml_doc = "S.get_ntlm_response"
766 "(flags, challenge[, target_info]) -> "
767 "(flags, lm_response, nt_response, lm_session_key, nt_session_key)\n"
768 "Obtain LM or NTLM response.",
771 .ml_name = "set_password",
772 .ml_meth = py_creds_set_password,
773 .ml_flags = METH_VARARGS,
774 .ml_doc = "S.set_password(password[, credentials.SPECIFIED]) -> None\n"
778 .ml_name = "set_utf16_password",
779 .ml_meth = py_creds_set_utf16_password,
780 .ml_flags = METH_VARARGS,
781 .ml_doc = "S.set_utf16_password(password[, credentials.SPECIFIED]) -> None\n"
785 .ml_name = "get_old_password",
786 .ml_meth = py_creds_get_old_password,
787 .ml_flags = METH_NOARGS,
788 .ml_doc = "S.get_old_password() -> password\n"
789 "Obtain old password.",
792 .ml_name = "set_old_password",
793 .ml_meth = py_creds_set_old_password,
794 .ml_flags = METH_VARARGS,
795 .ml_doc = "S.set_old_password(password[, credentials.SPECIFIED]) -> None\n"
796 "Change old password.",
799 .ml_name = "set_old_utf16_password",
800 .ml_meth = py_creds_set_old_utf16_password,
801 .ml_flags = METH_VARARGS,
802 .ml_doc = "S.set_old_utf16_password(password[, credentials.SPECIFIED]) -> None\n"
803 "Change old password.",
806 .ml_name = "get_domain",
807 .ml_meth = py_creds_get_domain,
808 .ml_flags = METH_NOARGS,
809 .ml_doc = "S.get_domain() -> domain\n"
810 "Obtain domain name.",
813 .ml_name = "set_domain",
814 .ml_meth = py_creds_set_domain,
815 .ml_flags = METH_VARARGS,
816 .ml_doc = "S.set_domain(domain[, credentials.SPECIFIED]) -> None\n"
817 "Change domain name.",
820 .ml_name = "get_realm",
821 .ml_meth = py_creds_get_realm,
822 .ml_flags = METH_NOARGS,
823 .ml_doc = "S.get_realm() -> realm\n"
824 "Obtain realm name.",
827 .ml_name = "set_realm",
828 .ml_meth = py_creds_set_realm,
829 .ml_flags = METH_VARARGS,
830 .ml_doc = "S.set_realm(realm[, credentials.SPECIFIED]) -> None\n"
831 "Change realm name.",
834 .ml_name = "get_bind_dn",
835 .ml_meth = py_creds_get_bind_dn,
836 .ml_flags = METH_NOARGS,
837 .ml_doc = "S.get_bind_dn() -> bind dn\n"
841 .ml_name = "set_bind_dn",
842 .ml_meth = py_creds_set_bind_dn,
843 .ml_flags = METH_VARARGS,
844 .ml_doc = "S.set_bind_dn(bind_dn) -> None\n"
848 .ml_name = "is_anonymous",
849 .ml_meth = py_creds_is_anonymous,
850 .ml_flags = METH_NOARGS,
853 .ml_name = "set_anonymous",
854 .ml_meth = py_creds_set_anonymous,
855 .ml_flags = METH_NOARGS,
856 .ml_doc = "S.set_anonymous() -> None\n"
857 "Use anonymous credentials.",
860 .ml_name = "get_workstation",
861 .ml_meth = py_creds_get_workstation,
862 .ml_flags = METH_NOARGS,
865 .ml_name = "set_workstation",
866 .ml_meth = py_creds_set_workstation,
867 .ml_flags = METH_VARARGS,
870 .ml_name = "authentication_requested",
871 .ml_meth = py_creds_authentication_requested,
872 .ml_flags = METH_NOARGS,
875 .ml_name = "wrong_password",
876 .ml_meth = py_creds_wrong_password,
877 .ml_flags = METH_NOARGS,
878 .ml_doc = "S.wrong_password() -> bool\n"
879 "Indicate the returned password was incorrect.",
882 .ml_name = "set_cmdline_callbacks",
883 .ml_meth = py_creds_set_cmdline_callbacks,
884 .ml_flags = METH_NOARGS,
885 .ml_doc = "S.set_cmdline_callbacks() -> bool\n"
886 "Use command-line to obtain credentials not explicitly set.",
889 .ml_name = "parse_string",
890 .ml_meth = py_creds_parse_string,
891 .ml_flags = METH_VARARGS,
892 .ml_doc = "S.parse_string(text[, credentials.SPECIFIED]) -> None\n"
893 "Parse credentials string.",
896 .ml_name = "parse_file",
897 .ml_meth = py_creds_parse_file,
898 .ml_flags = METH_VARARGS,
899 .ml_doc = "S.parse_file(filename[, credentials.SPECIFIED]) -> None\n"
900 "Parse credentials file.",
903 .ml_name = "set_password_will_be_nt_hash",
904 .ml_meth = py_cli_credentials_set_password_will_be_nt_hash,
905 .ml_flags = METH_VARARGS,
906 .ml_doc = "S.set_password_will_be_nt_hash(bool) -> None\n"
907 "Alters the behaviour of S.set_password() "
908 "to expect the NTHASH as hexstring.",
911 .ml_name = "get_nt_hash",
912 .ml_meth = py_creds_get_nt_hash,
913 .ml_flags = METH_NOARGS,
916 .ml_name = "get_kerberos_state",
917 .ml_meth = py_creds_get_kerberos_state,
918 .ml_flags = METH_NOARGS,
921 .ml_name = "set_kerberos_state",
922 .ml_meth = py_creds_set_kerberos_state,
923 .ml_flags = METH_VARARGS,
926 .ml_name = "set_krb_forwardable",
927 .ml_meth = py_creds_set_krb_forwardable,
928 .ml_flags = METH_VARARGS,
932 .ml_meth = py_creds_guess,
933 .ml_flags = METH_VARARGS,
936 .ml_name = "set_machine_account",
937 .ml_meth = py_creds_set_machine_account,
938 .ml_flags = METH_VARARGS,
941 .ml_name = "get_named_ccache",
942 .ml_meth = py_creds_get_named_ccache,
943 .ml_flags = METH_VARARGS,
946 .ml_name = "set_named_ccache",
947 .ml_meth = py_creds_set_named_ccache,
948 .ml_flags = METH_VARARGS,
949 .ml_doc = "S.set_named_ccache(krb5_ccache_name, obtained, lp) -> None\n"
950 "Set credentials to KRB5 Credentials Cache (by name).",
953 .ml_name = "set_gensec_features",
954 .ml_meth = py_creds_set_gensec_features,
955 .ml_flags = METH_VARARGS,
958 .ml_name = "get_gensec_features",
959 .ml_meth = py_creds_get_gensec_features,
960 .ml_flags = METH_NOARGS,
963 .ml_name = "get_forced_sasl_mech",
964 .ml_meth = py_creds_get_forced_sasl_mech,
965 .ml_flags = METH_NOARGS,
966 .ml_doc = "S.get_forced_sasl_mech() -> SASL mechanism\nObtain forced SASL mechanism.",
969 .ml_name = "set_forced_sasl_mech",
970 .ml_meth = py_creds_set_forced_sasl_mech,
971 .ml_flags = METH_VARARGS,
972 .ml_doc = "S.set_forced_sasl_mech(name) -> None\n"
973 "Set forced SASL mechanism.",
976 .ml_name = "new_client_authenticator",
977 .ml_meth = py_creds_new_client_authenticator,
978 .ml_flags = METH_NOARGS,
979 .ml_doc = "S.new_client_authenticator() -> Authenticator\n"
980 "Get a new client NETLOGON_AUTHENTICATOR"},
982 .ml_name = "set_secure_channel_type",
983 .ml_meth = py_creds_set_secure_channel_type,
984 .ml_flags = METH_VARARGS,
987 .ml_name = "get_secure_channel_type",
988 .ml_meth = py_creds_get_secure_channel_type,
989 .ml_flags = METH_VARARGS,
992 .ml_name = "encrypt_netr_crypt_password",
993 .ml_meth = py_creds_encrypt_netr_crypt_password,
994 .ml_flags = METH_VARARGS,
995 .ml_doc = "S.encrypt_netr_crypt_password(password) -> NTSTATUS\n"
996 "Encrypt the supplied password using the session key and\n"
997 "the negotiated encryption algorithm in place\n"
998 "i.e. it overwrites the original data"},
1002 static struct PyModuleDef moduledef = {
1003 PyModuleDef_HEAD_INIT,
1004 .m_name = "credentials",
1005 .m_doc = "Credentials management.",
1007 .m_methods = py_creds_methods,
1010 PyTypeObject PyCredentials = {
1011 .tp_name = "credentials.Credentials",
1012 .tp_new = py_creds_new,
1013 .tp_flags = Py_TPFLAGS_DEFAULT,
1014 .tp_methods = py_creds_methods,
1017 static PyObject *py_ccache_name(PyObject *self, PyObject *unused)
1019 struct ccache_container *ccc = NULL;
1021 PyObject *py_name = NULL;
1024 ccc = pytalloc_get_type(self, struct ccache_container);
1026 ret = krb5_cc_get_full_name(ccc->smb_krb5_context->krb5_context,
1027 ccc->ccache, &name);
1029 py_name = PyString_FromStringOrNULL(name);
1032 PyErr_SetString(PyExc_RuntimeError,
1033 "Failed to get ccache name");
1039 static PyMethodDef py_ccache_container_methods[] = {
1040 { "get_name", py_ccache_name, METH_NOARGS,
1041 "S.get_name() -> name\nObtain KRB5 credentials cache name." },
1045 PyTypeObject PyCredentialCacheContainer = {
1046 .tp_name = "credentials.CredentialCacheContainer",
1047 .tp_flags = Py_TPFLAGS_DEFAULT,
1048 .tp_methods = py_ccache_container_methods,
1051 MODULE_INIT_FUNC(credentials)
1054 if (pytalloc_BaseObject_PyType_Ready(&PyCredentials) < 0)
1057 if (pytalloc_BaseObject_PyType_Ready(&PyCredentialCacheContainer) < 0)
1060 m = PyModule_Create(&moduledef);
1064 PyModule_AddObject(m, "UNINITIALISED", PyInt_FromLong(CRED_UNINITIALISED));
1065 PyModule_AddObject(m, "CALLBACK", PyInt_FromLong(CRED_CALLBACK));
1066 PyModule_AddObject(m, "GUESS_ENV", PyInt_FromLong(CRED_GUESS_ENV));
1067 PyModule_AddObject(m, "GUESS_FILE", PyInt_FromLong(CRED_GUESS_FILE));
1068 PyModule_AddObject(m, "CALLBACK_RESULT", PyInt_FromLong(CRED_CALLBACK_RESULT));
1069 PyModule_AddObject(m, "SPECIFIED", PyInt_FromLong(CRED_SPECIFIED));
1071 PyModule_AddObject(m, "AUTO_USE_KERBEROS", PyInt_FromLong(CRED_AUTO_USE_KERBEROS));
1072 PyModule_AddObject(m, "DONT_USE_KERBEROS", PyInt_FromLong(CRED_DONT_USE_KERBEROS));
1073 PyModule_AddObject(m, "MUST_USE_KERBEROS", PyInt_FromLong(CRED_MUST_USE_KERBEROS));
1075 PyModule_AddObject(m, "AUTO_KRB_FORWARDABLE", PyInt_FromLong(CRED_AUTO_KRB_FORWARDABLE));
1076 PyModule_AddObject(m, "NO_KRB_FORWARDABLE", PyInt_FromLong(CRED_NO_KRB_FORWARDABLE));
1077 PyModule_AddObject(m, "FORCE_KRB_FORWARDABLE", PyInt_FromLong(CRED_FORCE_KRB_FORWARDABLE));
1078 PyModule_AddObject(m, "CLI_CRED_NTLM2", PyInt_FromLong(CLI_CRED_NTLM2));
1079 PyModule_AddObject(m, "CLI_CRED_NTLMv2_AUTH", PyInt_FromLong(CLI_CRED_NTLMv2_AUTH));
1080 PyModule_AddObject(m, "CLI_CRED_LANMAN_AUTH", PyInt_FromLong(CLI_CRED_LANMAN_AUTH));
1081 PyModule_AddObject(m, "CLI_CRED_NTLM_AUTH", PyInt_FromLong(CLI_CRED_NTLM_AUTH));
1082 PyModule_AddObject(m, "CLI_CRED_CLEAR_AUTH", PyInt_FromLong(CLI_CRED_CLEAR_AUTH));
1084 Py_INCREF(&PyCredentials);
1085 PyModule_AddObject(m, "Credentials", (PyObject *)&PyCredentials);
1086 Py_INCREF(&PyCredentialCacheContainer);
1087 PyModule_AddObject(m, "CredentialCacheContainer", (PyObject *)&PyCredentialCacheContainer);