*/
#include <Python.h>
+#include "python/py3compat.h"
#include "includes.h"
#include "pycredentials.h"
#include "param/param.h"
#include "lib/cmdline/credentials.h"
+#include "auth/credentials/credentials_internal.h"
#include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
+#include "librpc/gen_ndr/netlogon.h"
#include "libcli/util/pyerrors.h"
+#include "libcli/auth/libcli_auth.h"
#include "param/pyparam.h"
#include <tevent.h>
+#include "libcli/auth/libcli_auth.h"
+#include "auth/credentials/credentials_internal.h"
+#include "system/kerberos.h"
+#include "auth/kerberos/kerberos.h"
void initcredentials(void);
{
if (str == NULL)
Py_RETURN_NONE;
- return PyString_FromString(str);
+ return PyStr_FromString(str);
}
static PyObject *py_creds_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
{
- pytalloc_Object *ret = (pytalloc_Object *)type->tp_alloc(type, 0);
- if (ret == NULL) {
- PyErr_NoMemory();
+ return pytalloc_steal(type, cli_credentials_init(NULL));
+}
+
+static PyObject *py_creds_get_username(PyObject *self, PyObject *unused)
+{
+ return PyString_FromStringOrNULL(cli_credentials_get_username(PyCredentials_AsCliCredentials(self)));
+}
+
+static PyObject *py_creds_set_username(PyObject *self, PyObject *args)
+{
+ char *newval;
+ enum credentials_obtained obt = CRED_SPECIFIED;
+ int _obt = obt;
+
+ if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
return NULL;
}
- ret->talloc_ctx = talloc_new(NULL);
- if (ret->talloc_ctx == NULL) {
- PyErr_NoMemory();
+ obt = _obt;
+
+ return PyBool_FromLong(cli_credentials_set_username(PyCredentials_AsCliCredentials(self), newval, obt));
+}
+
+static PyObject *py_creds_get_ntlm_username_domain(PyObject *self, PyObject *unused)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ const char *user = NULL;
+ const char *domain = NULL;
+ PyObject *ret = NULL;
+ cli_credentials_get_ntlm_username_domain(PyCredentials_AsCliCredentials(self),
+ frame, &user, &domain);
+ ret = Py_BuildValue("(OO)",
+ PyString_FromStringOrNULL(user),
+ PyString_FromStringOrNULL(domain));
+ TALLOC_FREE(frame);
+ return ret;
+}
+
+static PyObject *py_creds_get_ntlm_response(PyObject *self, PyObject *args, PyObject *kwargs)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ PyObject *ret = NULL;
+ int flags;
+ struct timeval tv_now;
+ NTTIME server_timestamp;
+ DATA_BLOB challenge = data_blob_null;
+ DATA_BLOB target_info = data_blob_null;
+ NTSTATUS status;
+ DATA_BLOB lm_response = data_blob_null;
+ DATA_BLOB nt_response = data_blob_null;
+ DATA_BLOB lm_session_key = data_blob_null;
+ DATA_BLOB nt_session_key = data_blob_null;
+ const char *kwnames[] = { "flags", "challenge",
+ "target_info",
+ NULL };
+
+ tv_now = timeval_current();
+ server_timestamp = timeval_to_nttime(&tv_now);
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "is#|s#",
+ discard_const_p(char *, kwnames),
+ &flags,
+ &challenge.data,
+ &challenge.length,
+ &target_info.data,
+ &target_info.length)) {
+ return NULL;
+ }
+
+ status = cli_credentials_get_ntlm_response(PyCredentials_AsCliCredentials(self),
+ frame, &flags,
+ challenge,
+ &server_timestamp,
+ target_info,
+ &lm_response, &nt_response,
+ &lm_session_key, &nt_session_key);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ PyErr_SetNTSTATUS(status);
+ TALLOC_FREE(frame);
return NULL;
}
- ret->ptr = cli_credentials_init(ret->talloc_ctx);
- return (PyObject *)ret;
+
+ ret = Py_BuildValue("{sis" PYARG_BYTES_LEN "s" PYARG_BYTES_LEN
+ "s" PYARG_BYTES_LEN "s" PYARG_BYTES_LEN "}",
+ "flags", flags,
+ "lm_response",
+ (const char *)lm_response.data, lm_response.length,
+ "nt_response",
+ (const char *)nt_response.data, nt_response.length,
+ "lm_session_key",
+ (const char *)lm_session_key.data, lm_session_key.length,
+ "nt_session_key",
+ (const char *)nt_session_key.data, nt_session_key.length);
+ TALLOC_FREE(frame);
+ return ret;
}
-static PyObject *py_creds_get_username(pytalloc_Object *self)
+static PyObject *py_creds_get_principal(PyObject *self, PyObject *unused)
{
- return PyString_FromStringOrNULL(cli_credentials_get_username(PyCredentials_AsCliCredentials(self)));
+ TALLOC_CTX *frame = talloc_stackframe();
+ PyObject *ret = PyString_FromStringOrNULL(cli_credentials_get_principal(PyCredentials_AsCliCredentials(self), frame));
+ TALLOC_FREE(frame);
+ return ret;
}
-static PyObject *py_creds_set_username(pytalloc_Object *self, PyObject *args)
+static PyObject *py_creds_set_principal(PyObject *self, PyObject *args)
{
char *newval;
enum credentials_obtained obt = CRED_SPECIFIED;
}
obt = _obt;
- return PyBool_FromLong(cli_credentials_set_username(PyCredentials_AsCliCredentials(self), newval, obt));
+ return PyBool_FromLong(cli_credentials_set_principal(PyCredentials_AsCliCredentials(self), newval, obt));
}
-static PyObject *py_creds_get_password(pytalloc_Object *self)
+static PyObject *py_creds_get_password(PyObject *self, PyObject *unused)
{
return PyString_FromStringOrNULL(cli_credentials_get_password(PyCredentials_AsCliCredentials(self)));
}
-
-static PyObject *py_creds_set_password(pytalloc_Object *self, PyObject *args)
+static PyObject *py_creds_set_password(PyObject *self, PyObject *args)
{
char *newval;
enum credentials_obtained obt = CRED_SPECIFIED;
return PyBool_FromLong(cli_credentials_set_password(PyCredentials_AsCliCredentials(self), newval, obt));
}
-static PyObject *py_creds_get_domain(pytalloc_Object *self)
+static PyObject *py_creds_set_utf16_password(PyObject *self, PyObject *args)
+{
+ enum credentials_obtained obt = CRED_SPECIFIED;
+ int _obt = obt;
+ PyObject *newval = NULL;
+ DATA_BLOB blob = data_blob_null;
+ Py_ssize_t size = 0;
+ int result;
+ bool ok;
+
+ if (!PyArg_ParseTuple(args, "O|i", &newval, &_obt)) {
+ return NULL;
+ }
+ obt = _obt;
+
+ result = PyBytes_AsStringAndSize(newval, (char **)&blob.data, &size);
+ if (result != 0) {
+ PyErr_SetString(PyExc_RuntimeError, "Failed to convert passed value to Bytes");
+ return NULL;
+ }
+ blob.length = size;
+
+ ok = cli_credentials_set_utf16_password(PyCredentials_AsCliCredentials(self),
+ &blob, obt);
+
+ return PyBool_FromLong(ok);
+}
+
+static PyObject *py_creds_get_old_password(PyObject *self, PyObject *unused)
+{
+ return PyString_FromStringOrNULL(cli_credentials_get_old_password(PyCredentials_AsCliCredentials(self)));
+}
+
+static PyObject *py_creds_set_old_password(PyObject *self, PyObject *args)
+{
+ char *oldval;
+ enum credentials_obtained obt = CRED_SPECIFIED;
+ int _obt = obt;
+
+ if (!PyArg_ParseTuple(args, "s|i", &oldval, &_obt)) {
+ return NULL;
+ }
+ obt = _obt;
+
+ return PyBool_FromLong(cli_credentials_set_old_password(PyCredentials_AsCliCredentials(self), oldval, obt));
+}
+
+static PyObject *py_creds_set_old_utf16_password(PyObject *self, PyObject *args)
+{
+ PyObject *oldval = NULL;
+ DATA_BLOB blob = data_blob_null;
+ Py_ssize_t size = 0;
+ int result;
+ bool ok;
+
+ if (!PyArg_ParseTuple(args, "O", &oldval)) {
+ return NULL;
+ }
+
+ result = PyBytes_AsStringAndSize(oldval, (char **)&blob.data, &size);
+ if (result != 0) {
+ PyErr_SetString(PyExc_RuntimeError, "Failed to convert passed value to Bytes");
+ return NULL;
+ }
+ blob.length = size;
+
+ ok = cli_credentials_set_old_utf16_password(PyCredentials_AsCliCredentials(self),
+ &blob);
+
+ return PyBool_FromLong(ok);
+}
+
+static PyObject *py_creds_get_domain(PyObject *self, PyObject *unused)
{
return PyString_FromStringOrNULL(cli_credentials_get_domain(PyCredentials_AsCliCredentials(self)));
}
-static PyObject *py_creds_set_domain(pytalloc_Object *self, PyObject *args)
+static PyObject *py_creds_set_domain(PyObject *self, PyObject *args)
{
char *newval;
enum credentials_obtained obt = CRED_SPECIFIED;
return PyBool_FromLong(cli_credentials_set_domain(PyCredentials_AsCliCredentials(self), newval, obt));
}
-static PyObject *py_creds_get_realm(pytalloc_Object *self)
+static PyObject *py_creds_get_realm(PyObject *self, PyObject *unused)
{
return PyString_FromStringOrNULL(cli_credentials_get_realm(PyCredentials_AsCliCredentials(self)));
}
-static PyObject *py_creds_set_realm(pytalloc_Object *self, PyObject *args)
+static PyObject *py_creds_set_realm(PyObject *self, PyObject *args)
{
char *newval;
enum credentials_obtained obt = CRED_SPECIFIED;
return PyBool_FromLong(cli_credentials_set_realm(PyCredentials_AsCliCredentials(self), newval, obt));
}
-static PyObject *py_creds_get_bind_dn(pytalloc_Object *self)
+static PyObject *py_creds_get_bind_dn(PyObject *self, PyObject *unused)
{
return PyString_FromStringOrNULL(cli_credentials_get_bind_dn(PyCredentials_AsCliCredentials(self)));
}
-static PyObject *py_creds_set_bind_dn(pytalloc_Object *self, PyObject *args)
+static PyObject *py_creds_set_bind_dn(PyObject *self, PyObject *args)
{
char *newval;
if (!PyArg_ParseTuple(args, "s", &newval))
return PyBool_FromLong(cli_credentials_set_bind_dn(PyCredentials_AsCliCredentials(self), newval));
}
-static PyObject *py_creds_get_workstation(pytalloc_Object *self)
+static PyObject *py_creds_get_workstation(PyObject *self, PyObject *unused)
{
return PyString_FromStringOrNULL(cli_credentials_get_workstation(PyCredentials_AsCliCredentials(self)));
}
-static PyObject *py_creds_set_workstation(pytalloc_Object *self, PyObject *args)
+static PyObject *py_creds_set_workstation(PyObject *self, PyObject *args)
{
char *newval;
enum credentials_obtained obt = CRED_SPECIFIED;
return PyBool_FromLong(cli_credentials_set_workstation(PyCredentials_AsCliCredentials(self), newval, obt));
}
-static PyObject *py_creds_is_anonymous(pytalloc_Object *self)
+static PyObject *py_creds_is_anonymous(PyObject *self, PyObject *unused)
{
return PyBool_FromLong(cli_credentials_is_anonymous(PyCredentials_AsCliCredentials(self)));
}
-static PyObject *py_creds_set_anonymous(pytalloc_Object *self)
+static PyObject *py_creds_set_anonymous(PyObject *self, PyObject *unused)
{
cli_credentials_set_anonymous(PyCredentials_AsCliCredentials(self));
Py_RETURN_NONE;
}
-static PyObject *py_creds_authentication_requested(pytalloc_Object *self)
+static PyObject *py_creds_authentication_requested(PyObject *self, PyObject *unused)
{
return PyBool_FromLong(cli_credentials_authentication_requested(PyCredentials_AsCliCredentials(self)));
}
-static PyObject *py_creds_wrong_password(pytalloc_Object *self)
+static PyObject *py_creds_wrong_password(PyObject *self, PyObject *unused)
{
return PyBool_FromLong(cli_credentials_wrong_password(PyCredentials_AsCliCredentials(self)));
}
-static PyObject *py_creds_set_cmdline_callbacks(pytalloc_Object *self)
+static PyObject *py_creds_set_cmdline_callbacks(PyObject *self, PyObject *unused)
{
return PyBool_FromLong(cli_credentials_set_cmdline_callbacks(PyCredentials_AsCliCredentials(self)));
}
-static PyObject *py_creds_parse_string(pytalloc_Object *self, PyObject *args)
+static PyObject *py_creds_parse_string(PyObject *self, PyObject *args)
{
char *newval;
enum credentials_obtained obt = CRED_SPECIFIED;
Py_RETURN_NONE;
}
-static PyObject *py_creds_get_nt_hash(pytalloc_Object *self)
+static PyObject *py_creds_parse_file(PyObject *self, PyObject *args)
+{
+ char *newval;
+ enum credentials_obtained obt = CRED_SPECIFIED;
+ int _obt = obt;
+
+ if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
+ return NULL;
+ }
+ obt = _obt;
+
+ cli_credentials_parse_file(PyCredentials_AsCliCredentials(self), newval, obt);
+ Py_RETURN_NONE;
+}
+
+static PyObject *py_cli_credentials_set_password_will_be_nt_hash(PyObject *self, PyObject *args)
{
- const struct samr_Password *ntpw = cli_credentials_get_nt_hash(PyCredentials_AsCliCredentials(self), self->ptr);
+ struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
+ PyObject *py_val = NULL;
+ bool val = false;
- return PyString_FromStringAndSize(discard_const_p(char, ntpw->hash), 16);
+ if (!PyArg_ParseTuple(args, "O!", &PyBool_Type, &py_val)) {
+ return NULL;
+ }
+ val = PyObject_IsTrue(py_val);
+
+ cli_credentials_set_password_will_be_nt_hash(creds, val);
+ Py_RETURN_NONE;
}
-static PyObject *py_creds_get_kerberos_state(pytalloc_Object *self)
+static PyObject *py_creds_get_nt_hash(PyObject *self, PyObject *unused)
+{
+ PyObject *ret;
+ struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
+ struct samr_Password *ntpw = cli_credentials_get_nt_hash(creds, creds);
+
+ ret = PyBytes_FromStringAndSize(discard_const_p(char, ntpw->hash), 16);
+ TALLOC_FREE(ntpw);
+ return ret;
+}
+
+static PyObject *py_creds_get_kerberos_state(PyObject *self, PyObject *unused)
{
int state = cli_credentials_get_kerberos_state(PyCredentials_AsCliCredentials(self));
return PyInt_FromLong(state);
}
-static PyObject *py_creds_set_kerberos_state(pytalloc_Object *self, PyObject *args)
+static PyObject *py_creds_set_kerberos_state(PyObject *self, PyObject *args)
{
int state;
if (!PyArg_ParseTuple(args, "i", &state))
Py_RETURN_NONE;
}
-static PyObject *py_creds_set_krb_forwardable(pytalloc_Object *self, PyObject *args)
+static PyObject *py_creds_set_krb_forwardable(PyObject *self, PyObject *args)
{
int state;
if (!PyArg_ParseTuple(args, "i", &state))
}
-static PyObject *py_creds_get_forced_sasl_mech(pytalloc_Object *self)
+static PyObject *py_creds_get_forced_sasl_mech(PyObject *self, PyObject *unused)
{
return PyString_FromStringOrNULL(cli_credentials_get_forced_sasl_mech(PyCredentials_AsCliCredentials(self)));
}
-static PyObject *py_creds_set_forced_sasl_mech(pytalloc_Object *self, PyObject *args)
+static PyObject *py_creds_set_forced_sasl_mech(PyObject *self, PyObject *args)
{
char *newval;
enum credentials_obtained obt = CRED_SPECIFIED;
Py_RETURN_NONE;
}
-static PyObject *py_creds_guess(pytalloc_Object *self, PyObject *args)
+static PyObject *py_creds_guess(PyObject *self, PyObject *args)
{
PyObject *py_lp_ctx = Py_None;
struct loadparm_context *lp_ctx;
Py_RETURN_NONE;
}
-static PyObject *py_creds_set_machine_account(pytalloc_Object *self, PyObject *args)
+static PyObject *py_creds_set_machine_account(PyObject *self, PyObject *args)
{
PyObject *py_lp_ctx = Py_None;
struct loadparm_context *lp_ctx;
static PyObject *PyCredentialCacheContainer_from_ccache_container(struct ccache_container *ccc)
{
- PyCredentialCacheContainerObject *py_ret;
-
- if (ccc == NULL) {
- Py_RETURN_NONE;
- }
-
- py_ret = (PyCredentialCacheContainerObject *)PyCredentialCacheContainer.tp_alloc(&PyCredentialCacheContainer, 0);
- if (py_ret == NULL) {
- PyErr_NoMemory();
- return NULL;
- }
- py_ret->mem_ctx = talloc_new(NULL);
- py_ret->ccc = talloc_reference(py_ret->mem_ctx, ccc);
- return (PyObject *)py_ret;
+ return pytalloc_reference(&PyCredentialCacheContainer, ccc);
}
-static PyObject *py_creds_get_named_ccache(pytalloc_Object *self, PyObject *args)
+static PyObject *py_creds_get_named_ccache(PyObject *self, PyObject *args)
{
PyObject *py_lp_ctx = Py_None;
- char *ccache_name;
+ char *ccache_name = NULL;
struct loadparm_context *lp_ctx;
struct ccache_container *ccc;
struct tevent_context *event_ctx;
return NULL;
}
-static PyObject *py_creds_set_gensec_features(pytalloc_Object *self, PyObject *args)
+static PyObject *py_creds_set_named_ccache(PyObject *self, PyObject *args)
+{
+ struct loadparm_context *lp_ctx = NULL;
+ enum credentials_obtained obt = CRED_SPECIFIED;
+ const char *error_string = NULL;
+ TALLOC_CTX *mem_ctx = NULL;
+ char *newval = NULL;
+ PyObject *py_lp_ctx = Py_None;
+ int _obt = obt;
+ int ret;
+
+ if (!PyArg_ParseTuple(args, "s|iO", &newval, &_obt, &py_lp_ctx))
+ return NULL;
+
+ mem_ctx = talloc_new(NULL);
+ if (mem_ctx == NULL) {
+ PyErr_NoMemory();
+ return NULL;
+ }
+
+ lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
+ if (lp_ctx == NULL) {
+ talloc_free(mem_ctx);
+ return NULL;
+ }
+
+ ret = cli_credentials_set_ccache(PyCredentials_AsCliCredentials(self),
+ lp_ctx,
+ newval, CRED_SPECIFIED,
+ &error_string);
+
+ if (ret != 0) {
+ PyErr_SetString(PyExc_RuntimeError,
+ error_string != NULL ? error_string : "NULL");
+ talloc_free(mem_ctx);
+ return NULL;
+ }
+
+ talloc_free(mem_ctx);
+ Py_RETURN_NONE;
+}
+
+static PyObject *py_creds_set_gensec_features(PyObject *self, PyObject *args)
{
unsigned int gensec_features;
Py_RETURN_NONE;
}
-static PyObject *py_creds_get_gensec_features(pytalloc_Object *self, PyObject *args)
+static PyObject *py_creds_get_gensec_features(PyObject *self, PyObject *args)
{
unsigned int gensec_features;
return PyInt_FromLong(gensec_features);
}
+static PyObject *py_creds_new_client_authenticator(PyObject *self,
+ PyObject *args)
+{
+ struct netr_Authenticator auth;
+ struct cli_credentials *creds = NULL;
+ struct netlogon_creds_CredentialState *nc = NULL;
+ PyObject *ret = NULL;
+
+ creds = PyCredentials_AsCliCredentials(self);
+ if (creds == NULL) {
+ PyErr_SetString(PyExc_RuntimeError,
+ "Failed to get credentials from python");
+ return NULL;
+ }
+
+ nc = creds->netlogon_creds;
+ if (nc == NULL) {
+ PyErr_SetString(PyExc_ValueError,
+ "No netlogon credentials cannot make "
+ "client authenticator");
+ return NULL;
+ }
+
+ netlogon_creds_client_authenticator(
+ nc,
+ &auth);
+ ret = Py_BuildValue("{ss#si}",
+ "credential",
+ (const char *) &auth.cred, sizeof(auth.cred),
+ "timestamp", auth.timestamp);
+ return ret;
+}
+
+static PyObject *py_creds_set_secure_channel_type(PyObject *self, PyObject *args)
+{
+ unsigned int channel_type;
+
+ if (!PyArg_ParseTuple(args, "I", &channel_type))
+ return NULL;
+
+ cli_credentials_set_secure_channel_type(
+ PyCredentials_AsCliCredentials(self),
+ channel_type);
+
+ Py_RETURN_NONE;
+}
+
+static PyObject *py_creds_encrypt_netr_crypt_password(PyObject *self,
+ PyObject *args)
+{
+ DATA_BLOB data = data_blob_null;
+ struct cli_credentials *creds = NULL;
+ struct netr_CryptPassword *pwd = NULL;
+ NTSTATUS status;
+ PyObject *py_cp = Py_None;
+
+ creds = PyCredentials_AsCliCredentials(self);
+
+ if (!PyArg_ParseTuple(args, "|O", &py_cp)) {
+ return NULL;
+ }
+ pwd = pytalloc_get_type(py_cp, struct netr_CryptPassword);
+ data.length = sizeof(struct netr_CryptPassword);
+ data.data = (uint8_t *)pwd;
+ status = netlogon_creds_session_encrypt(creds->netlogon_creds, data);
+
+ PyErr_NTSTATUS_IS_ERR_RAISE(status);
+
+ Py_RETURN_NONE;
+}
static PyMethodDef py_creds_methods[] = {
- { "get_username", (PyCFunction)py_creds_get_username, METH_NOARGS,
+ { "get_username", py_creds_get_username, METH_NOARGS,
"S.get_username() -> username\nObtain username." },
- { "set_username", (PyCFunction)py_creds_set_username, METH_VARARGS,
- "S.set_username(name, obtained=CRED_SPECIFIED) -> None\n"
+ { "set_username", py_creds_set_username, METH_VARARGS,
+ "S.set_username(name[, credentials.SPECIFIED]) -> None\n"
"Change username." },
- { "get_password", (PyCFunction)py_creds_get_password, METH_NOARGS,
+ { "get_principal", py_creds_get_principal, METH_NOARGS,
+ "S.get_principal() -> user@realm\nObtain user principal." },
+ { "set_principal", py_creds_set_principal, METH_VARARGS,
+ "S.set_principal(name[, credentials.SPECIFIED]) -> None\n"
+ "Change principal." },
+ { "get_password", py_creds_get_password, METH_NOARGS,
"S.get_password() -> password\n"
"Obtain password." },
- { "set_password", (PyCFunction)py_creds_set_password, METH_VARARGS,
- "S.set_password(password, obtained=CRED_SPECIFIED) -> None\n"
+ { "get_ntlm_username_domain", py_creds_get_ntlm_username_domain, METH_NOARGS,
+ "S.get_ntlm_username_domain() -> (domain, username)\n"
+ "Obtain NTLM username and domain, split up either as (DOMAIN, user) or (\"\", \"user@realm\")." },
+ { "get_ntlm_response", (PyCFunction)py_creds_get_ntlm_response, METH_VARARGS | METH_KEYWORDS,
+ "S.get_ntlm_response"
+ "(flags, challenge[, target_info]) -> "
+ "(flags, lm_response, nt_response, lm_session_key, nt_session_key)\n"
+ "Obtain LM or NTLM response." },
+ { "set_password", py_creds_set_password, METH_VARARGS,
+ "S.set_password(password[, credentials.SPECIFIED]) -> None\n"
+ "Change password." },
+ { "set_utf16_password", py_creds_set_utf16_password, METH_VARARGS,
+ "S.set_utf16_password(password[, credentials.SPECIFIED]) -> None\n"
"Change password." },
- { "get_domain", (PyCFunction)py_creds_get_domain, METH_NOARGS,
+ { "get_old_password", py_creds_get_old_password, METH_NOARGS,
+ "S.get_old_password() -> password\n"
+ "Obtain old password." },
+ { "set_old_password", py_creds_set_old_password, METH_VARARGS,
+ "S.set_old_password(password[, credentials.SPECIFIED]) -> None\n"
+ "Change old password." },
+ { "set_old_utf16_password", py_creds_set_old_utf16_password, METH_VARARGS,
+ "S.set_old_utf16_password(password[, credentials.SPECIFIED]) -> None\n"
+ "Change old password." },
+ { "get_domain", py_creds_get_domain, METH_NOARGS,
"S.get_domain() -> domain\n"
"Obtain domain name." },
- { "set_domain", (PyCFunction)py_creds_set_domain, METH_VARARGS,
- "S.set_domain(domain, obtained=CRED_SPECIFIED) -> None\n"
+ { "set_domain", py_creds_set_domain, METH_VARARGS,
+ "S.set_domain(domain[, credentials.SPECIFIED]) -> None\n"
"Change domain name." },
- { "get_realm", (PyCFunction)py_creds_get_realm, METH_NOARGS,
+ { "get_realm", py_creds_get_realm, METH_NOARGS,
"S.get_realm() -> realm\n"
"Obtain realm name." },
- { "set_realm", (PyCFunction)py_creds_set_realm, METH_VARARGS,
- "S.set_realm(realm, obtained=CRED_SPECIFIED) -> None\n"
+ { "set_realm", py_creds_set_realm, METH_VARARGS,
+ "S.set_realm(realm[, credentials.SPECIFIED]) -> None\n"
"Change realm name." },
- { "get_bind_dn", (PyCFunction)py_creds_get_bind_dn, METH_NOARGS,
+ { "get_bind_dn", py_creds_get_bind_dn, METH_NOARGS,
"S.get_bind_dn() -> bind dn\n"
"Obtain bind DN." },
- { "set_bind_dn", (PyCFunction)py_creds_set_bind_dn, METH_VARARGS,
+ { "set_bind_dn", py_creds_set_bind_dn, METH_VARARGS,
"S.set_bind_dn(bind_dn) -> None\n"
"Change bind DN." },
- { "is_anonymous", (PyCFunction)py_creds_is_anonymous, METH_NOARGS,
+ { "is_anonymous", py_creds_is_anonymous, METH_NOARGS,
NULL },
- { "set_anonymous", (PyCFunction)py_creds_set_anonymous, METH_NOARGS,
+ { "set_anonymous", py_creds_set_anonymous, METH_NOARGS,
"S.set_anonymous() -> None\n"
"Use anonymous credentials." },
- { "get_workstation", (PyCFunction)py_creds_get_workstation, METH_NOARGS,
+ { "get_workstation", py_creds_get_workstation, METH_NOARGS,
NULL },
- { "set_workstation", (PyCFunction)py_creds_set_workstation, METH_VARARGS,
+ { "set_workstation", py_creds_set_workstation, METH_VARARGS,
NULL },
- { "authentication_requested", (PyCFunction)py_creds_authentication_requested, METH_NOARGS,
+ { "authentication_requested", py_creds_authentication_requested, METH_NOARGS,
NULL },
- { "wrong_password", (PyCFunction)py_creds_wrong_password, METH_NOARGS,
+ { "wrong_password", py_creds_wrong_password, METH_NOARGS,
"S.wrong_password() -> bool\n"
"Indicate the returned password was incorrect." },
- { "set_cmdline_callbacks", (PyCFunction)py_creds_set_cmdline_callbacks, METH_NOARGS,
+ { "set_cmdline_callbacks", py_creds_set_cmdline_callbacks, METH_NOARGS,
"S.set_cmdline_callbacks() -> bool\n"
"Use command-line to obtain credentials not explicitly set." },
- { "parse_string", (PyCFunction)py_creds_parse_string, METH_VARARGS,
- "S.parse_string(text, obtained=CRED_SPECIFIED) -> None\n"
+ { "parse_string", py_creds_parse_string, METH_VARARGS,
+ "S.parse_string(text[, credentials.SPECIFIED]) -> None\n"
"Parse credentials string." },
- { "get_nt_hash", (PyCFunction)py_creds_get_nt_hash, METH_NOARGS,
+ { "parse_file", py_creds_parse_file, METH_VARARGS,
+ "S.parse_file(filename[, credentials.SPECIFIED]) -> None\n"
+ "Parse credentials file." },
+ { "set_password_will_be_nt_hash",
+ py_cli_credentials_set_password_will_be_nt_hash, METH_VARARGS,
+ "S.set_password_will_be_nt_hash(bool) -> None\n"
+ "Alters the behaviour of S.set_password() "
+ "to expect the NTHASH as hexstring." },
+ { "get_nt_hash", py_creds_get_nt_hash, METH_NOARGS,
NULL },
- { "get_kerberos_state", (PyCFunction)py_creds_get_kerberos_state, METH_NOARGS,
+ { "get_kerberos_state", py_creds_get_kerberos_state, METH_NOARGS,
NULL },
- { "set_kerberos_state", (PyCFunction)py_creds_set_kerberos_state, METH_VARARGS,
+ { "set_kerberos_state", py_creds_set_kerberos_state, METH_VARARGS,
NULL },
- { "set_krb_forwardable", (PyCFunction)py_creds_set_krb_forwardable, METH_VARARGS,
+ { "set_krb_forwardable", py_creds_set_krb_forwardable, METH_VARARGS,
NULL },
- { "guess", (PyCFunction)py_creds_guess, METH_VARARGS, NULL },
- { "set_machine_account", (PyCFunction)py_creds_set_machine_account, METH_VARARGS, NULL },
- { "get_named_ccache", (PyCFunction)py_creds_get_named_ccache, METH_VARARGS, NULL },
- { "set_gensec_features", (PyCFunction)py_creds_set_gensec_features, METH_VARARGS, NULL },
- { "get_gensec_features", (PyCFunction)py_creds_get_gensec_features, METH_NOARGS, NULL },
- { "get_forced_sasl_mech", (PyCFunction)py_creds_get_forced_sasl_mech, METH_NOARGS,
+ { "guess", py_creds_guess, METH_VARARGS, NULL },
+ { "set_machine_account", py_creds_set_machine_account, METH_VARARGS, NULL },
+ { "get_named_ccache", py_creds_get_named_ccache, METH_VARARGS, NULL },
+ { "set_named_ccache", py_creds_set_named_ccache, METH_VARARGS,
+ "S.set_named_ccache(krb5_ccache_name, obtained, lp) -> None\n"
+ "Set credentials to KRB5 Credentials Cache (by name)." },
+ { "set_gensec_features", py_creds_set_gensec_features, METH_VARARGS, NULL },
+ { "get_gensec_features", py_creds_get_gensec_features, METH_NOARGS, NULL },
+ { "get_forced_sasl_mech", py_creds_get_forced_sasl_mech, METH_NOARGS,
"S.get_forced_sasl_mech() -> SASL mechanism\nObtain forced SASL mechanism." },
- { "set_forced_sasl_mech", (PyCFunction)py_creds_set_forced_sasl_mech, METH_VARARGS,
+ { "set_forced_sasl_mech", py_creds_set_forced_sasl_mech, METH_VARARGS,
"S.set_forced_sasl_mech(name) -> None\n"
"Set forced SASL mechanism." },
+ { "new_client_authenticator",
+ py_creds_new_client_authenticator,
+ METH_NOARGS,
+ "S.new_client_authenticator() -> Authenticator\n"
+ "Get a new client NETLOGON_AUTHENTICATOR"},
+ { "set_secure_channel_type", py_creds_set_secure_channel_type,
+ METH_VARARGS, NULL },
+ { "encrypt_netr_crypt_password",
+ py_creds_encrypt_netr_crypt_password,
+ METH_VARARGS,
+ "S.encrypt_netr_crypt_password(password) -> NTSTATUS\n"
+ "Encrypt the supplied password using the session key and\n"
+ "the negotiated encryption algorithm in place\n"
+ "i.e. it overwrites the original data"},
{ NULL }
};
+static struct PyModuleDef moduledef = {
+ PyModuleDef_HEAD_INIT,
+ .m_name = "credentials",
+ .m_doc = "Credentials management.",
+ .m_size = -1,
+ .m_methods = py_creds_methods,
+};
+
PyTypeObject PyCredentials = {
.tp_name = "credentials.Credentials",
- .tp_basicsize = sizeof(pytalloc_Object),
.tp_new = py_creds_new,
.tp_flags = Py_TPFLAGS_DEFAULT,
.tp_methods = py_creds_methods,
};
+static PyObject *py_ccache_name(PyObject *self, PyObject *unused)
+{
+ struct ccache_container *ccc = NULL;
+ char *name = NULL;
+ PyObject *py_name = NULL;
+ int ret;
+
+ ccc = pytalloc_get_type(self, struct ccache_container);
+
+ ret = krb5_cc_get_full_name(ccc->smb_krb5_context->krb5_context,
+ ccc->ccache, &name);
+ if (ret == 0) {
+ py_name = PyString_FromStringOrNULL(name);
+ SAFE_FREE(name);
+ } else {
+ PyErr_SetString(PyExc_RuntimeError,
+ "Failed to get ccache name");
+ return NULL;
+ }
+ return py_name;
+}
+
+static PyMethodDef py_ccache_container_methods[] = {
+ { "get_name", py_ccache_name, METH_NOARGS,
+ "S.get_name() -> name\nObtain KRB5 credentials cache name." },
+ { NULL }
+};
PyTypeObject PyCredentialCacheContainer = {
.tp_name = "credentials.CredentialCacheContainer",
- .tp_basicsize = sizeof(pytalloc_Object),
.tp_flags = Py_TPFLAGS_DEFAULT,
+ .tp_methods = py_ccache_container_methods,
};
-void initcredentials(void)
+MODULE_INIT_FUNC(credentials)
{
PyObject *m;
- PyTypeObject *talloc_type = pytalloc_GetObjectType();
- if (talloc_type == NULL)
- return;
-
- PyCredentials.tp_base = PyCredentialCacheContainer.tp_base = talloc_type;
-
- if (PyType_Ready(&PyCredentials) < 0)
- return;
+ if (pytalloc_BaseObject_PyType_Ready(&PyCredentials) < 0)
+ return NULL;
- if (PyType_Ready(&PyCredentialCacheContainer) < 0)
- return;
+ if (pytalloc_BaseObject_PyType_Ready(&PyCredentialCacheContainer) < 0)
+ return NULL;
- m = Py_InitModule3("credentials", NULL, "Credentials management.");
+ m = PyModule_Create(&moduledef);
if (m == NULL)
- return;
+ return NULL;
+
+ PyModule_AddObject(m, "UNINITIALISED", PyInt_FromLong(CRED_UNINITIALISED));
+ PyModule_AddObject(m, "CALLBACK", PyInt_FromLong(CRED_CALLBACK));
+ PyModule_AddObject(m, "GUESS_ENV", PyInt_FromLong(CRED_GUESS_ENV));
+ PyModule_AddObject(m, "GUESS_FILE", PyInt_FromLong(CRED_GUESS_FILE));
+ PyModule_AddObject(m, "CALLBACK_RESULT", PyInt_FromLong(CRED_CALLBACK_RESULT));
+ PyModule_AddObject(m, "SPECIFIED", PyInt_FromLong(CRED_SPECIFIED));
PyModule_AddObject(m, "AUTO_USE_KERBEROS", PyInt_FromLong(CRED_AUTO_USE_KERBEROS));
PyModule_AddObject(m, "DONT_USE_KERBEROS", PyInt_FromLong(CRED_DONT_USE_KERBEROS));
PyModule_AddObject(m, "AUTO_KRB_FORWARDABLE", PyInt_FromLong(CRED_AUTO_KRB_FORWARDABLE));
PyModule_AddObject(m, "NO_KRB_FORWARDABLE", PyInt_FromLong(CRED_NO_KRB_FORWARDABLE));
PyModule_AddObject(m, "FORCE_KRB_FORWARDABLE", PyInt_FromLong(CRED_FORCE_KRB_FORWARDABLE));
+ PyModule_AddObject(m, "CLI_CRED_NTLM2", PyInt_FromLong(CLI_CRED_NTLM2));
+ PyModule_AddObject(m, "CLI_CRED_NTLMv2_AUTH", PyInt_FromLong(CLI_CRED_NTLMv2_AUTH));
+ PyModule_AddObject(m, "CLI_CRED_LANMAN_AUTH", PyInt_FromLong(CLI_CRED_LANMAN_AUTH));
+ PyModule_AddObject(m, "CLI_CRED_NTLM_AUTH", PyInt_FromLong(CLI_CRED_NTLM_AUTH));
+ PyModule_AddObject(m, "CLI_CRED_CLEAR_AUTH", PyInt_FromLong(CLI_CRED_CLEAR_AUTH));
Py_INCREF(&PyCredentials);
PyModule_AddObject(m, "Credentials", (PyObject *)&PyCredentials);
Py_INCREF(&PyCredentialCacheContainer);
PyModule_AddObject(m, "CredentialCacheContainer", (PyObject *)&PyCredentialCacheContainer);
+ return m;
}