source4/auth/credentials/pycredentials.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
   4
   5    This program is free software; you can redistribute it and/or modify
   6    it under the terms of the GNU General Public License as published by
   7    the Free Software Foundation; either version 3 of the License, or
   8    (at your option) any later version.
   9
  10    This program is distributed in the hope that it will be useful,
  11    but WITHOUT ANY WARRANTY; without even the implied warranty of
  12    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13    GNU General Public License for more details.
  14
  15    You should have received a copy of the GNU General Public License
  16    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  17 */
  18
  19 #include "includes.h"
  20 #include "../lib/util/python_util.h"
  21 #include "pycredentials.h"
  22 #include "param/param.h"
  23 #include "lib/cmdline/credentials.h"
  24 #include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
  25 #include "libcli/util/pyerrors.h"
  26 #include "param/pyparam.h"
  27
  28 struct cli_credentials *cli_credentials_from_py_object(PyObject *py_obj)
  29 {
  30     if (py_obj == Py_None) {
  31         return cli_credentials_init_anon(NULL);
  32     }
  33
  34     /* FIXME: Check type? */
  35     return PyCredentials_AsCliCredentials(py_obj);
  36 }
  37
  38 static PyObject *PyString_FromStringOrNULL(const char *str)
  39 {
  40         if (str == NULL)
  41                 Py_RETURN_NONE;
  42         return PyString_FromString(str);
  43 }
  44
  45 static PyObject *py_creds_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
  46 {
  47         return py_talloc_import(type, cli_credentials_init(NULL));
  48 }
  49
  50 static PyObject *py_creds_get_username(py_talloc_Object *self)
  51 {
  52         return PyString_FromStringOrNULL(cli_credentials_get_username(self->ptr));
  53 }
  54
  55 static PyObject *py_creds_set_username(py_talloc_Object *self, PyObject *args)
  56 {
  57         char *newval;
  58         enum credentials_obtained obt = CRED_SPECIFIED;
  59         if (!PyArg_ParseTuple(args, "s|i", &newval, &obt))
  60                 return NULL;
  61
  62         return PyBool_FromLong(cli_credentials_set_username(self->ptr, newval, obt));
  63 }
  64
  65 static PyObject *py_creds_get_password(py_talloc_Object *self)
  66 {
  67         return PyString_FromStringOrNULL(cli_credentials_get_password(self->ptr));
  68 }
  69
  70
  71 static PyObject *py_creds_set_password(py_talloc_Object *self, PyObject *args)
  72 {
  73         char *newval;
  74         enum credentials_obtained obt = CRED_SPECIFIED;
  75         if (!PyArg_ParseTuple(args, "s|i", &newval, &obt))
  76                 return NULL;
  77
  78         return PyBool_FromLong(cli_credentials_set_password(self->ptr, newval, obt));
  79 }
  80
  81 static PyObject *py_creds_get_domain(py_talloc_Object *self)
  82 {
  83         return PyString_FromStringOrNULL(cli_credentials_get_domain(self->ptr));
  84 }
  85
  86 static PyObject *py_creds_set_domain(py_talloc_Object *self, PyObject *args)
  87 {
  88         char *newval;
  89         enum credentials_obtained obt = CRED_SPECIFIED;
  90         if (!PyArg_ParseTuple(args, "s|i", &newval, &obt))
  91                 return NULL;
  92
  93         return PyBool_FromLong(cli_credentials_set_domain(self->ptr, newval, obt));
  94 }
  95
  96 static PyObject *py_creds_get_realm(py_talloc_Object *self)
  97 {
  98         return PyString_FromStringOrNULL(cli_credentials_get_realm(self->ptr));
  99 }
 100
 101 static PyObject *py_creds_set_realm(py_talloc_Object *self, PyObject *args)
 102 {
 103         char *newval;
 104         enum credentials_obtained obt = CRED_SPECIFIED;
 105         if (!PyArg_ParseTuple(args, "s|i", &newval, &obt))
 106                 return NULL;
 107
 108         return PyBool_FromLong(cli_credentials_set_realm(self->ptr, newval, obt));
 109 }
 110
 111 static PyObject *py_creds_get_bind_dn(py_talloc_Object *self)
 112 {
 113         return PyString_FromStringOrNULL(cli_credentials_get_bind_dn(self->ptr));
 114 }
 115
 116 static PyObject *py_creds_set_bind_dn(py_talloc_Object *self, PyObject *args)
 117 {
 118         char *newval;
 119         if (!PyArg_ParseTuple(args, "s", &newval))
 120                 return NULL;
 121
 122         return PyBool_FromLong(cli_credentials_set_bind_dn(self->ptr, newval));
 123 }
 124
 125 static PyObject *py_creds_get_workstation(py_talloc_Object *self)
 126 {
 127         return PyString_FromStringOrNULL(cli_credentials_get_workstation(self->ptr));
 128 }
 129
 130 static PyObject *py_creds_set_workstation(py_talloc_Object *self, PyObject *args)
 131 {
 132         char *newval;
 133         enum credentials_obtained obt = CRED_SPECIFIED;
 134         if (!PyArg_ParseTuple(args, "s|i", &newval, &obt))
 135                 return NULL;
 136
 137         return PyBool_FromLong(cli_credentials_set_workstation(self->ptr, newval, obt));
 138 }
 139
 140 static PyObject *py_creds_is_anonymous(py_talloc_Object *self)
 141 {
 142         return PyBool_FromLong(cli_credentials_is_anonymous(self->ptr));
 143 }
 144
 145 static PyObject *py_creds_set_anonymous(py_talloc_Object *self)
 146 {
 147         cli_credentials_set_anonymous(self->ptr);
 148         Py_RETURN_NONE;
 149 }
 150
 151 static PyObject *py_creds_authentication_requested(py_talloc_Object *self)
 152 {
 153         return PyBool_FromLong(cli_credentials_authentication_requested(self->ptr));
 154 }
 155
 156 static PyObject *py_creds_wrong_password(py_talloc_Object *self)
 157 {
 158         return PyBool_FromLong(cli_credentials_wrong_password(self->ptr));
 159 }
 160
 161 static PyObject *py_creds_set_cmdline_callbacks(py_talloc_Object *self)
 162 {
 163         return PyBool_FromLong(cli_credentials_set_cmdline_callbacks(self->ptr));
 164 }
 165
 166 static PyObject *py_creds_parse_string(py_talloc_Object *self, PyObject *args)
 167 {
 168         char *newval;
 169         enum credentials_obtained obt = CRED_SPECIFIED;
 170         if (!PyArg_ParseTuple(args, "s|i", &newval, &obt))
 171                 return NULL;
 172
 173         cli_credentials_parse_string(self->ptr, newval, obt);
 174         Py_RETURN_NONE;
 175 }
 176
 177 static PyObject *py_creds_get_nt_hash(py_talloc_Object *self)
 178 {
 179         const struct samr_Password *ntpw = cli_credentials_get_nt_hash(self->ptr, self->ptr);
 180
 181         return PyString_FromStringAndSize((char *)ntpw->hash, 16);
 182 }
 183
 184 static PyObject *py_creds_set_kerberos_state(py_talloc_Object *self, PyObject *args)
 185 {
 186         int state;
 187         if (!PyArg_ParseTuple(args, "i", &state))
 188                 return NULL;
 189
 190         cli_credentials_set_kerberos_state(self->ptr, state);
 191         Py_RETURN_NONE;
 192 }
 193
 194 static PyObject *py_creds_guess(py_talloc_Object *self, PyObject *args)
 195 {
 196         PyObject *py_lp_ctx = Py_None;
 197         struct loadparm_context *lp_ctx;
 198         if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
 199                 return NULL;
 200
 201         lp_ctx = lp_from_py_object(py_lp_ctx);
 202         if (lp_ctx == NULL)
 203                 return NULL;
 204
 205         cli_credentials_guess(self->ptr, lp_ctx);
 206
 207         Py_RETURN_NONE;
 208 }
 209
 210 static PyObject *py_creds_set_machine_account(py_talloc_Object *self, PyObject *args)
 211 {
 212         PyObject *py_lp_ctx = Py_None;
 213         struct loadparm_context *lp_ctx;
 214         NTSTATUS status;
 215         if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
 216                 return NULL;
 217
 218         lp_ctx = lp_from_py_object(py_lp_ctx);
 219         if (lp_ctx == NULL)
 220                 return NULL;
 221
 222         status = cli_credentials_set_machine_account(self->ptr, lp_ctx);
 223         PyErr_NTSTATUS_IS_ERR_RAISE(status);
 224
 225         Py_RETURN_NONE;
 226 }
 227
 228 static PyMethodDef py_creds_methods[] = {
 229         { "get_username", (PyCFunction)py_creds_get_username, METH_NOARGS,
 230                 "S.get_username() -> username\nObtain username." },
 231         { "set_username", (PyCFunction)py_creds_set_username, METH_VARARGS,
 232                 "S.set_username(name, obtained=CRED_SPECIFIED) -> None\n"
 233                 "Change username." },
 234         { "get_password", (PyCFunction)py_creds_get_password, METH_NOARGS,
 235                 "S.get_password() -> password\n"
 236                 "Obtain password." },
 237         { "set_password", (PyCFunction)py_creds_set_password, METH_VARARGS,
 238                 "S.set_password(password, obtained=CRED_SPECIFIED) -> None\n"
 239                 "Change password." },
 240         { "get_domain", (PyCFunction)py_creds_get_domain, METH_NOARGS,
 241                 "S.get_domain() -> domain\n"
 242                 "Obtain domain name." },
 243         { "set_domain", (PyCFunction)py_creds_set_domain, METH_VARARGS,
 244                 "S.set_domain(domain, obtained=CRED_SPECIFIED) -> None\n"
 245                 "Change domain name." },
 246         { "get_realm", (PyCFunction)py_creds_get_realm, METH_NOARGS,
 247                 "S.get_realm() -> realm\n"
 248                 "Obtain realm name." },
 249         { "set_realm", (PyCFunction)py_creds_set_realm, METH_VARARGS,
 250                 "S.set_realm(realm, obtained=CRED_SPECIFIED) -> None\n"
 251                 "Change realm name." },
 252         { "get_bind_dn", (PyCFunction)py_creds_get_bind_dn, METH_NOARGS,
 253                 "S.get_bind_dn() -> bind dn\n"
 254                 "Obtain bind DN." },
 255         { "set_bind_dn", (PyCFunction)py_creds_set_bind_dn, METH_VARARGS,
 256                 "S.set_bind_dn(bind_dn) -> None\n"
 257                 "Change bind DN." },
 258         { "is_anonymous", (PyCFunction)py_creds_is_anonymous, METH_NOARGS,
 259                 NULL },
 260         { "set_anonymous", (PyCFunction)py_creds_set_anonymous, METH_NOARGS,
 261                 "S.set_anonymous() -> None\n"
 262                 "Use anonymous credentials." },
 263         { "get_workstation", (PyCFunction)py_creds_get_workstation, METH_NOARGS,
 264                 NULL },
 265         { "set_workstation", (PyCFunction)py_creds_set_workstation, METH_VARARGS,
 266                 NULL },
 267         { "authentication_requested", (PyCFunction)py_creds_authentication_requested, METH_NOARGS,
 268                 NULL },
 269         { "wrong_password", (PyCFunction)py_creds_wrong_password, METH_NOARGS,
 270                 "S.wrong_password() -> bool\n"
 271                 "Indicate the returned password was incorrect." },
 272         { "set_cmdline_callbacks", (PyCFunction)py_creds_set_cmdline_callbacks, METH_NOARGS,
 273                 "S.set_cmdline_callbacks() -> bool\n"
 274                 "Use command-line to obtain credentials not explicitly set." },
 275         { "parse_string", (PyCFunction)py_creds_parse_string, METH_VARARGS,
 276                 "S.parse_string(text, obtained=CRED_SPECIFIED) -> None\n"
 277                 "Parse credentials string." },
 278         { "get_nt_hash", (PyCFunction)py_creds_get_nt_hash, METH_NOARGS,
 279                 NULL },
 280         { "set_kerberos_state", (PyCFunction)py_creds_set_kerberos_state, METH_VARARGS,
 281                 NULL },
 282         { "guess", (PyCFunction)py_creds_guess, METH_VARARGS, NULL },
 283         { "set_machine_account", (PyCFunction)py_creds_set_machine_account, METH_VARARGS, NULL },
 284         { NULL }
 285 };
 286
 287 PyTypeObject PyCredentials = {
 288         .tp_name = "Credentials",
 289         .tp_basicsize = sizeof(py_talloc_Object),
 290         .tp_dealloc = py_talloc_dealloc,
 291         .tp_new = py_creds_new,
 292         .tp_flags = Py_TPFLAGS_DEFAULT,
 293         .tp_methods = py_creds_methods,
 294 };
 295
 296 void initcredentials(void)
 297 {
 298         PyObject *m;
 299
 300         if (PyType_Ready(&PyCredentials) < 0)
 301                 return;
 302
 303         m = Py_InitModule3("credentials", NULL, "Credentials management.");
 304         if (m == NULL)
 305                 return;
 306
 307         PyModule_AddObject(m, "AUTO_USE_KERBEROS", PyInt_FromLong(CRED_AUTO_USE_KERBEROS));
 308         PyModule_AddObject(m, "DONT_USE_KERBEROS", PyInt_FromLong(CRED_DONT_USE_KERBEROS));
 309         PyModule_AddObject(m, "MUST_USE_KERBEROS", PyInt_FromLong(CRED_MUST_USE_KERBEROS));
 310
 311         Py_INCREF(&PyCredentials);
 312         PyModule_AddObject(m, "Credentials", (PyObject *)&PyCredentials);
 313 }