search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
lib: Avoid duplicate definition of ADD_TO_ARRAY
[samba4-gss.git] / auth / credentials / pycredentials.c
blob8008bd0418d5b424cf6625dcb9fd7b1e87277999
1 /*
2 Unix SMB/CIFS implementation.
3 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 3 of the License, or
8 (at your option) any later version.
9
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17 */
18
19 #include "lib/replace/system/python.h"
20 #include "python/py3compat.h"
21 #include "includes.h"
22 #include "python/modules.h"
23 #include "pycredentials.h"
24 #include "param/param.h"
25 #include "auth/credentials/credentials_internal.h"
26 #include "auth/credentials/credentials_krb5.h"
27 #include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
28 #include "librpc/gen_ndr/netlogon.h"
29 #include "libcli/util/pyerrors.h"
30 #include "libcli/auth/libcli_auth.h"
31 #include "param/pyparam.h"
32 #include <tevent.h>
33 #include "libcli/auth/libcli_auth.h"
34 #include "system/kerberos.h"
35 #include "auth/kerberos/kerberos.h"
36 #include "libcli/smb/smb_constants.h"
37
38 static PyObject *py_creds_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
39 {
40 return pytalloc_steal(type, cli_credentials_init(NULL));
41 }
42
43 static PyObject *PyCredentials_from_cli_credentials(struct cli_credentials *creds)
44 {
45 return pytalloc_reference(&PyCredentials, creds);
46 }
47
48 static PyObject *py_creds_get_username(PyObject *self, PyObject *unused)
49 {
50 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
51 if (creds == NULL) {
52 PyErr_Format(PyExc_TypeError, "Credentials expected");
53 return NULL;
54 }
55 return PyString_FromStringOrNULL(cli_credentials_get_username(creds));
56 }
57
58 static PyObject *py_creds_set_username(PyObject *self, PyObject *args)
59 {
60 char *newval;
61 enum credentials_obtained obt = CRED_SPECIFIED;
62 int _obt = obt;
63 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
64 if (creds == NULL) {
65 PyErr_Format(PyExc_TypeError, "Credentials expected");
66 return NULL;
67 }
68
69 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
70 return NULL;
71 }
72 obt = _obt;
73
74 return PyBool_FromLong(cli_credentials_set_username(creds, newval, obt));
75 }
76
77 static PyObject *py_creds_get_ntlm_username_domain(PyObject *self, PyObject *unused)
78 {
79 TALLOC_CTX *frame = talloc_stackframe();
80 const char *user = NULL;
81 const char *domain = NULL;
82 PyObject *ret = NULL;
83 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
84 if (creds == NULL) {
85 PyErr_Format(PyExc_TypeError, "Credentials expected");
86 return NULL;
87 }
88 cli_credentials_get_ntlm_username_domain(creds,
89 frame, &user, &domain);
90 ret = Py_BuildValue("(ss)",
91 user,
92 domain);
93
94 TALLOC_FREE(frame);
95 return ret;
96 }
97
98 static PyObject *py_creds_get_ntlm_response(PyObject *self, PyObject *args, PyObject *kwargs)
99 {
100 TALLOC_CTX *frame = talloc_stackframe();
101 PyObject *ret = NULL;
102 int flags;
103 struct timeval tv_now;
104 NTTIME server_timestamp;
105 DATA_BLOB challenge = data_blob_null;
106 DATA_BLOB target_info = data_blob_null;
107 NTSTATUS status;
108 DATA_BLOB lm_response = data_blob_null;
109 DATA_BLOB nt_response = data_blob_null;
110 DATA_BLOB lm_session_key = data_blob_null;
111 DATA_BLOB nt_session_key = data_blob_null;
112 const char *kwnames[] = { "flags", "challenge",
113 "target_info",
114 NULL };
115 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
116 if (creds == NULL) {
117 PyErr_Format(PyExc_TypeError, "Credentials expected");
118 return NULL;
119 }
120
121 tv_now = timeval_current();
122 server_timestamp = timeval_to_nttime(&tv_now);
123
124 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "is#|s#",
125 discard_const_p(char *, kwnames),
126 &flags,
127 &challenge.data,
128 &challenge.length,
129 &target_info.data,
130 &target_info.length)) {
131 return NULL;
132 }
133
134 status = cli_credentials_get_ntlm_response(creds,
135 frame, &flags,
136 challenge,
137 &server_timestamp,
138 target_info,
139 &lm_response, &nt_response,
140 &lm_session_key, &nt_session_key);
141
142 if (!NT_STATUS_IS_OK(status)) {
143 PyErr_SetNTSTATUS(status);
144 TALLOC_FREE(frame);
145 return NULL;
146 }
147
148 ret = Py_BuildValue("{sis" PYARG_BYTES_LEN "s" PYARG_BYTES_LEN
149 "s" PYARG_BYTES_LEN "s" PYARG_BYTES_LEN "}",
150 "flags", flags,
151 "lm_response",
152 (const char *)lm_response.data, lm_response.length,
153 "nt_response",
154 (const char *)nt_response.data, nt_response.length,
155 "lm_session_key",
156 (const char *)lm_session_key.data, lm_session_key.length,
157 "nt_session_key",
158 (const char *)nt_session_key.data, nt_session_key.length);
159 TALLOC_FREE(frame);
160 return ret;
161 }
162
163 static PyObject *py_creds_get_principal(PyObject *self, PyObject *unused)
164 {
165 TALLOC_CTX *frame = talloc_stackframe();
166 PyObject *ret = NULL;
167 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
168 if (creds == NULL) {
169 PyErr_Format(PyExc_TypeError, "Credentials expected");
170 return NULL;
171 }
172 ret = PyString_FromStringOrNULL(cli_credentials_get_principal(creds, frame));
173 TALLOC_FREE(frame);
174 return ret;
175 }
176
177 static PyObject *py_creds_set_principal(PyObject *self, PyObject *args)
178 {
179 char *newval;
180 enum credentials_obtained obt = CRED_SPECIFIED;
181 int _obt = obt;
182 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
183 if (creds == NULL) {
184 PyErr_Format(PyExc_TypeError, "Credentials expected");
185 return NULL;
186 }
187
188 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
189 return NULL;
190 }
191 obt = _obt;
192
193 return PyBool_FromLong(cli_credentials_set_principal(creds, newval, obt));
194 }
195
196 static PyObject *py_creds_get_password(PyObject *self, PyObject *unused)
197 {
198 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
199 if (creds == NULL) {
200 PyErr_Format(PyExc_TypeError, "Credentials expected");
201 return NULL;
202 }
203 return PyString_FromStringOrNULL(cli_credentials_get_password(creds));
204 }
205
206 static PyObject *py_creds_set_password(PyObject *self, PyObject *args)
207 {
208 const char *newval = NULL;
209 enum credentials_obtained obt = CRED_SPECIFIED;
210 int _obt = obt;
211 PyObject *result = NULL;
212 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
213 if (creds == NULL) {
214 PyErr_Format(PyExc_TypeError, "Credentials expected");
215 return NULL;
216 }
217
218 if (!PyArg_ParseTuple(args, PYARG_STR_UNI"|i", "utf8", &newval, &_obt)) {
219 return NULL;
220 }
221 obt = _obt;
222
223 result = PyBool_FromLong(cli_credentials_set_password(creds, newval, obt));
224 PyMem_Free(discard_const_p(void*, newval));
225 return result;
226 }
227
228 static PyObject *py_creds_set_utf16_password(PyObject *self, PyObject *args)
229 {
230 enum credentials_obtained obt = CRED_SPECIFIED;
231 int _obt = obt;
232 PyObject *newval = NULL;
233 DATA_BLOB blob = data_blob_null;
234 Py_ssize_t size = 0;
235 int result;
236 bool ok;
237 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
238 if (creds == NULL) {
239 PyErr_Format(PyExc_TypeError, "Credentials expected");
240 return NULL;
241 }
242
243 if (!PyArg_ParseTuple(args, "O|i", &newval, &_obt)) {
244 return NULL;
245 }
246 obt = _obt;
247
248 result = PyBytes_AsStringAndSize(newval, (char **)&blob.data, &size);
249 if (result != 0) {
250 PyErr_SetString(PyExc_RuntimeError, "Failed to convert passed value to Bytes");
251 return NULL;
252 }
253 blob.length = size;
254
255 ok = cli_credentials_set_utf16_password(creds,
256 &blob, obt);
257
258 return PyBool_FromLong(ok);
259 }
260
261 static PyObject *py_creds_get_old_password(PyObject *self, PyObject *unused)
262 {
263 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
264 if (creds == NULL) {
265 PyErr_Format(PyExc_TypeError, "Credentials expected");
266 return NULL;
267 }
268 return PyString_FromStringOrNULL(cli_credentials_get_old_password(creds));
269 }
270
271 static PyObject *py_creds_set_old_password(PyObject *self, PyObject *args)
272 {
273 char *oldval;
274 enum credentials_obtained obt = CRED_SPECIFIED;
275 int _obt = obt;
276 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
277 if (creds == NULL) {
278 PyErr_Format(PyExc_TypeError, "Credentials expected");
279 return NULL;
280 }
281
282 if (!PyArg_ParseTuple(args, "s|i", &oldval, &_obt)) {
283 return NULL;
284 }
285 obt = _obt;
286
287 return PyBool_FromLong(cli_credentials_set_old_password(creds, oldval, obt));
288 }
289
290 static PyObject *py_creds_set_old_utf16_password(PyObject *self, PyObject *args)
291 {
292 PyObject *oldval = NULL;
293 DATA_BLOB blob = data_blob_null;
294 Py_ssize_t size = 0;
295 int result;
296 bool ok;
297 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
298 if (creds == NULL) {
299 PyErr_Format(PyExc_TypeError, "Credentials expected");
300 return NULL;
301 }
302
303 if (!PyArg_ParseTuple(args, "O", &oldval)) {
304 return NULL;
305 }
306
307 result = PyBytes_AsStringAndSize(oldval, (char **)&blob.data, &size);
308 if (result != 0) {
309 PyErr_SetString(PyExc_RuntimeError, "Failed to convert passed value to Bytes");
310 return NULL;
311 }
312 blob.length = size;
313
314 ok = cli_credentials_set_old_utf16_password(creds,
315 &blob);
316
317 return PyBool_FromLong(ok);
318 }
319
320 static PyObject *py_creds_get_domain(PyObject *self, PyObject *unused)
321 {
322 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
323 if (creds == NULL) {
324 PyErr_Format(PyExc_TypeError, "Credentials expected");
325 return NULL;
326 }
327 return PyString_FromStringOrNULL(cli_credentials_get_domain(creds));
328 }
329
330 static PyObject *py_creds_set_domain(PyObject *self, PyObject *args)
331 {
332 char *newval;
333 enum credentials_obtained obt = CRED_SPECIFIED;
334 int _obt = obt;
335 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
336 if (creds == NULL) {
337 PyErr_Format(PyExc_TypeError, "Credentials expected");
338 return NULL;
339 }
340
341 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
342 return NULL;
343 }
344 obt = _obt;
345
346 return PyBool_FromLong(cli_credentials_set_domain(creds, newval, obt));
347 }
348
349 static PyObject *py_creds_get_realm(PyObject *self, PyObject *unused)
350 {
351 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
352 if (creds == NULL) {
353 PyErr_Format(PyExc_TypeError, "Credentials expected");
354 return NULL;
355 }
356 return PyString_FromStringOrNULL(cli_credentials_get_realm(creds));
357 }
358
359 static PyObject *py_creds_set_realm(PyObject *self, PyObject *args)
360 {
361 char *newval;
362 enum credentials_obtained obt = CRED_SPECIFIED;
363 int _obt = obt;
364 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
365 if (creds == NULL) {
366 PyErr_Format(PyExc_TypeError, "Credentials expected");
367 return NULL;
368 }
369
370 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
371 return NULL;
372 }
373 obt = _obt;
374
375 return PyBool_FromLong(cli_credentials_set_realm(creds, newval, obt));
376 }
377
378 static PyObject *py_creds_get_bind_dn(PyObject *self, PyObject *unused)
379 {
380 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
381 if (creds == NULL) {
382 PyErr_Format(PyExc_TypeError, "Credentials expected");
383 return NULL;
384 }
385 return PyString_FromStringOrNULL(cli_credentials_get_bind_dn(creds));
386 }
387
388 static PyObject *py_creds_set_bind_dn(PyObject *self, PyObject *args)
389 {
390 char *newval;
391 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
392 if (creds == NULL) {
393 PyErr_Format(PyExc_TypeError, "Credentials expected");
394 return NULL;
395 }
396 if (!PyArg_ParseTuple(args, "z", &newval))
397 return NULL;
398
399 return PyBool_FromLong(cli_credentials_set_bind_dn(creds, newval));
400 }
401
402 static PyObject *py_creds_get_workstation(PyObject *self, PyObject *unused)
403 {
404 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
405 if (creds == NULL) {
406 PyErr_Format(PyExc_TypeError, "Credentials expected");
407 return NULL;
408 }
409 return PyString_FromStringOrNULL(cli_credentials_get_workstation(creds));
410 }
411
412 static PyObject *py_creds_set_workstation(PyObject *self, PyObject *args)
413 {
414 char *newval;
415 enum credentials_obtained obt = CRED_SPECIFIED;
416 int _obt = obt;
417 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
418 if (creds == NULL) {
419 PyErr_Format(PyExc_TypeError, "Credentials expected");
420 return NULL;
421 }
422
423 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
424 return NULL;
425 }
426 obt = _obt;
427
428 return PyBool_FromLong(cli_credentials_set_workstation(creds, newval, obt));
429 }
430
431 static PyObject *py_creds_is_anonymous(PyObject *self, PyObject *unused)
432 {
433 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
434 if (creds == NULL) {
435 PyErr_Format(PyExc_TypeError, "Credentials expected");
436 return NULL;
437 }
438 return PyBool_FromLong(cli_credentials_is_anonymous(creds));
439 }
440
441 static PyObject *py_creds_set_anonymous(PyObject *self, PyObject *unused)
442 {
443 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
444 if (creds == NULL) {
445 PyErr_Format(PyExc_TypeError, "Credentials expected");
446 return NULL;
447 }
448 cli_credentials_set_anonymous(creds);
449 Py_RETURN_NONE;
450 }
451
452 static PyObject *py_creds_authentication_requested(PyObject *self, PyObject *unused)
453 {
454 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
455 if (creds == NULL) {
456 PyErr_Format(PyExc_TypeError, "Credentials expected");
457 return NULL;
458 }
459 return PyBool_FromLong(cli_credentials_authentication_requested(creds));
460 }
461
462 static PyObject *py_creds_wrong_password(PyObject *self, PyObject *unused)
463 {
464 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
465 if (creds == NULL) {
466 PyErr_Format(PyExc_TypeError, "Credentials expected");
467 return NULL;
468 }
469 return PyBool_FromLong(cli_credentials_wrong_password(creds));
470 }
471
472 static PyObject *py_creds_set_cmdline_callbacks(PyObject *self, PyObject *unused)
473 {
474 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
475 if (creds == NULL) {
476 PyErr_Format(PyExc_TypeError, "Credentials expected");
477 return NULL;
478 }
479 return PyBool_FromLong(cli_credentials_set_cmdline_callbacks(creds));
480 }
481
482 static PyObject *py_creds_parse_string(PyObject *self, PyObject *args)
483 {
484 char *newval;
485 enum credentials_obtained obt = CRED_SPECIFIED;
486 int _obt = obt;
487 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
488 if (creds == NULL) {
489 PyErr_Format(PyExc_TypeError, "Credentials expected");
490 return NULL;
491 }
492
493 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
494 return NULL;
495 }
496 obt = _obt;
497
498 cli_credentials_parse_string(creds, newval, obt);
499 Py_RETURN_NONE;
500 }
501
502 static PyObject *py_creds_parse_file(PyObject *self, PyObject *args)
503 {
504 char *newval;
505 enum credentials_obtained obt = CRED_SPECIFIED;
506 int _obt = obt;
507 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
508 if (creds == NULL) {
509 PyErr_Format(PyExc_TypeError, "Credentials expected");
510 return NULL;
511 }
512
513 if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
514 return NULL;
515 }
516 obt = _obt;
517
518 cli_credentials_parse_file(creds, newval, obt);
519 Py_RETURN_NONE;
520 }
521
522 static PyObject *py_cli_credentials_set_password_will_be_nt_hash(PyObject *self, PyObject *args)
523 {
524 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
525 PyObject *py_val = NULL;
526 bool val = false;
527
528 if (!PyArg_ParseTuple(args, "O!", &PyBool_Type, &py_val)) {
529 return NULL;
530 }
531 val = PyObject_IsTrue(py_val);
532
533 cli_credentials_set_password_will_be_nt_hash(creds, val);
534 Py_RETURN_NONE;
535 }
536
537 static PyObject *py_creds_get_nt_hash(PyObject *self, PyObject *unused)
538 {
539 PyObject *ret;
540 struct samr_Password *ntpw = NULL;
541 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
542 if (creds == NULL) {
543 PyErr_Format(PyExc_TypeError, "Credentials expected");
544 return NULL;
545 }
546 ntpw = cli_credentials_get_nt_hash(creds, creds);
547 if (ntpw == NULL) {
548 Py_RETURN_NONE;
549 }
550
551 ret = PyBytes_FromStringAndSize(discard_const_p(char, ntpw->hash), 16);
552 TALLOC_FREE(ntpw);
553 return ret;
554 }
555
556 static PyObject *py_creds_set_nt_hash(PyObject *self, PyObject *args)
557 {
558 PyObject *py_cp = Py_None;
559 const struct samr_Password *pwd = NULL;
560 enum credentials_obtained obt = CRED_SPECIFIED;
561 int _obt = obt;
562 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
563 if (creds == NULL) {
564 PyErr_Format(PyExc_TypeError, "Credentials expected");
565 return NULL;
566 }
567
568 if (!PyArg_ParseTuple(args, "O|i", &py_cp, &_obt)) {
569 return NULL;
570 }
571 obt = _obt;
572
573 if (!py_check_dcerpc_type(py_cp, "samba.dcerpc.samr", "Password")) {
574 /* py_check_dcerpc_type sets TypeError */
575 return NULL;
576 }
577
578 pwd = pytalloc_get_ptr(py_cp);
579
580 return PyBool_FromLong(cli_credentials_set_nt_hash(creds, pwd, obt));
581 }
582
583 static PyObject *py_creds_get_kerberos_state(PyObject *self, PyObject *unused)
584 {
585 int state;
586 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
587 if (creds == NULL) {
588 PyErr_Format(PyExc_TypeError, "Credentials expected");
589 return NULL;
590 }
591 state = cli_credentials_get_kerberos_state(creds);
592 return PyLong_FromLong(state);
593 }
594
595 static PyObject *py_creds_set_kerberos_state(PyObject *self, PyObject *args)
596 {
597 int state;
598 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
599 if (creds == NULL) {
600 PyErr_Format(PyExc_TypeError, "Credentials expected");
601 return NULL;
602 }
603 if (!PyArg_ParseTuple(args, "i", &state))
604 return NULL;
605
606 cli_credentials_set_kerberos_state(creds, state, CRED_SPECIFIED);
607 Py_RETURN_NONE;
608 }
609
610 static PyObject *py_creds_set_krb_forwardable(PyObject *self, PyObject *args)
611 {
612 int state;
613 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
614 if (creds == NULL) {
615 PyErr_Format(PyExc_TypeError, "Credentials expected");
616 return NULL;
617 }
618 if (!PyArg_ParseTuple(args, "i", &state))
619 return NULL;
620
621 cli_credentials_set_krb_forwardable(creds, state);
622 Py_RETURN_NONE;
623 }
624
625
626 static PyObject *py_creds_get_forced_sasl_mech(PyObject *self, PyObject *unused)
627 {
628 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
629 if (creds == NULL) {
630 PyErr_Format(PyExc_TypeError, "Credentials expected");
631 return NULL;
632 }
633 return PyString_FromStringOrNULL(cli_credentials_get_forced_sasl_mech(creds));
634 }
635
636 static PyObject *py_creds_set_forced_sasl_mech(PyObject *self, PyObject *args)
637 {
638 char *newval;
639 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
640 if (creds == NULL) {
641 PyErr_Format(PyExc_TypeError, "Credentials expected");
642 return NULL;
643 }
644
645 if (!PyArg_ParseTuple(args, "s", &newval)) {
646 return NULL;
647 }
648
649 cli_credentials_set_forced_sasl_mech(creds, newval);
650 Py_RETURN_NONE;
651 }
652
653 static PyObject *py_creds_set_conf(PyObject *self, PyObject *args)
654 {
655 PyObject *py_lp_ctx = Py_None;
656 struct loadparm_context *lp_ctx;
657 TALLOC_CTX *mem_ctx;
658 struct cli_credentials *creds;
659 bool ok;
660
661 creds = PyCredentials_AsCliCredentials(self);
662 if (creds == NULL) {
663 PyErr_Format(PyExc_TypeError, "Credentials expected");
664 return NULL;
665 }
666
667 if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx)) {
668 return NULL;
669 }
670
671 mem_ctx = talloc_new(NULL);
672 if (mem_ctx == NULL) {
673 PyErr_NoMemory();
674 return NULL;
675 }
676
677 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
678 if (lp_ctx == NULL) {
679 talloc_free(mem_ctx);
680 return NULL;
681 }
682
683 ok = cli_credentials_set_conf(creds, lp_ctx);
684 talloc_free(mem_ctx);
685 if (!ok) {
686 return NULL;
687 }
688
689 Py_RETURN_NONE;
690 }
691
692 static PyObject *py_creds_guess(PyObject *self, PyObject *args)
693 {
694 PyObject *py_lp_ctx = Py_None;
695 struct loadparm_context *lp_ctx;
696 TALLOC_CTX *mem_ctx;
697 struct cli_credentials *creds;
698 bool ok;
699
700 creds = PyCredentials_AsCliCredentials(self);
701 if (creds == NULL) {
702 PyErr_Format(PyExc_TypeError, "Credentials expected");
703 return NULL;
704 }
705
706 if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
707 return NULL;
708
709 mem_ctx = talloc_new(NULL);
710 if (mem_ctx == NULL) {
711 PyErr_NoMemory();
712 return NULL;
713 }
714
715 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
716 if (lp_ctx == NULL) {
717 talloc_free(mem_ctx);
718 return NULL;
719 }
720
721 ok = cli_credentials_guess(creds, lp_ctx);
722 talloc_free(mem_ctx);
723 if (!ok) {
724 return NULL;
725 }
726
727 Py_RETURN_NONE;
728 }
729
730 static PyObject *py_creds_set_machine_account(PyObject *self, PyObject *args)
731 {
732 PyObject *py_lp_ctx = Py_None;
733 struct loadparm_context *lp_ctx;
734 NTSTATUS status;
735 struct cli_credentials *creds;
736 TALLOC_CTX *mem_ctx;
737
738 creds = PyCredentials_AsCliCredentials(self);
739 if (creds == NULL) {
740 PyErr_Format(PyExc_TypeError, "Credentials expected");
741 return NULL;
742 }
743
744 if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
745 return NULL;
746
747 mem_ctx = talloc_new(NULL);
748 if (mem_ctx == NULL) {
749 PyErr_NoMemory();
750 return NULL;
751 }
752
753 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
754 if (lp_ctx == NULL) {
755 talloc_free(mem_ctx);
756 return NULL;
757 }
758
759 status = cli_credentials_set_machine_account(creds, lp_ctx);
760 talloc_free(mem_ctx);
761
762 PyErr_NTSTATUS_IS_ERR_RAISE(status);
763
764 Py_RETURN_NONE;
765 }
766
767 static PyObject *PyCredentialCacheContainer_from_ccache_container(struct ccache_container *ccc)
768 {
769 return pytalloc_reference(&PyCredentialCacheContainer, ccc);
770 }
771
772
773 static PyObject *py_creds_get_named_ccache(PyObject *self, PyObject *args)
774 {
775 PyObject *py_lp_ctx = Py_None;
776 char *ccache_name = NULL;
777 struct loadparm_context *lp_ctx;
778 struct ccache_container *ccc;
779 struct tevent_context *event_ctx;
780 int ret;
781 const char *error_string;
782 struct cli_credentials *creds;
783 TALLOC_CTX *mem_ctx;
784
785 creds = PyCredentials_AsCliCredentials(self);
786 if (creds == NULL) {
787 PyErr_Format(PyExc_TypeError, "Credentials expected");
788 return NULL;
789 }
790
791 if (!PyArg_ParseTuple(args, "|Os", &py_lp_ctx, &ccache_name))
792 return NULL;
793
794 mem_ctx = talloc_new(NULL);
795 if (mem_ctx == NULL) {
796 PyErr_NoMemory();
797 return NULL;
798 }
799
800 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
801 if (lp_ctx == NULL) {
802 talloc_free(mem_ctx);
803 return NULL;
804 }
805
806 event_ctx = samba_tevent_context_init(mem_ctx);
807
808 ret = cli_credentials_get_named_ccache(creds, event_ctx, lp_ctx,
809 ccache_name, &ccc, &error_string);
810 talloc_unlink(mem_ctx, lp_ctx);
811 if (ret == 0) {
812 talloc_steal(ccc, event_ctx);
813 talloc_free(mem_ctx);
814 return PyCredentialCacheContainer_from_ccache_container(ccc);
815 }
816
817 PyErr_SetString(PyExc_RuntimeError, error_string?error_string:"NULL");
818
819 talloc_free(mem_ctx);
820 return NULL;
821 }
822
823 static PyObject *py_creds_set_named_ccache(PyObject *self, PyObject *args)
824 {
825 struct loadparm_context *lp_ctx = NULL;
826 enum credentials_obtained obt = CRED_SPECIFIED;
827 const char *error_string = NULL;
828 TALLOC_CTX *mem_ctx = NULL;
829 char *newval = NULL;
830 PyObject *py_lp_ctx = Py_None;
831 int _obt = obt;
832 int ret;
833 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
834 if (creds == NULL) {
835 PyErr_Format(PyExc_TypeError, "Credentials expected");
836 return NULL;
837 }
838
839 if (!PyArg_ParseTuple(args, "s|iO", &newval, &_obt, &py_lp_ctx))
840 return NULL;
841 obt = _obt;
842
843 mem_ctx = talloc_new(NULL);
844 if (mem_ctx == NULL) {
845 PyErr_NoMemory();
846 return NULL;
847 }
848
849 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
850 if (lp_ctx == NULL) {
851 talloc_free(mem_ctx);
852 return NULL;
853 }
854
855 ret = cli_credentials_set_ccache(creds,
856 lp_ctx,
857 newval, obt,
858 &error_string);
859
860 if (ret != 0) {
861 PyErr_SetString(PyExc_RuntimeError,
862 error_string != NULL ? error_string : "NULL");
863 talloc_free(mem_ctx);
864 return NULL;
865 }
866
867 talloc_free(mem_ctx);
868 Py_RETURN_NONE;
869 }
870
871 static PyObject *py_creds_set_gensec_features(PyObject *self, PyObject *args)
872 {
873 unsigned int gensec_features;
874 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
875 if (creds == NULL) {
876 PyErr_Format(PyExc_TypeError, "Credentials expected");
877 return NULL;
878 }
879
880 if (!PyArg_ParseTuple(args, "I", &gensec_features))
881 return NULL;
882
883 cli_credentials_set_gensec_features(creds,
884 gensec_features,
885 CRED_SPECIFIED);
886
887 Py_RETURN_NONE;
888 }
889
890 static PyObject *py_creds_get_gensec_features(PyObject *self, PyObject *args)
891 {
892 unsigned int gensec_features;
893 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
894 if (creds == NULL) {
895 PyErr_Format(PyExc_TypeError, "Credentials expected");
896 return NULL;
897 }
898
899 gensec_features = cli_credentials_get_gensec_features(creds);
900 return PyLong_FromLong(gensec_features);
901 }
902
903 static PyObject *py_creds_new_client_authenticator(PyObject *self,
904 PyObject *args)
905 {
906 struct netr_Authenticator auth;
907 struct cli_credentials *creds = NULL;
908 struct netlogon_creds_CredentialState *nc = NULL;
909 PyObject *ret = NULL;
910 NTSTATUS status;
911
912 creds = PyCredentials_AsCliCredentials(self);
913 if (creds == NULL) {
914 PyErr_SetString(PyExc_RuntimeError,
915 "Failed to get credentials from python");
916 return NULL;
917 }
918
919 nc = creds->netlogon_creds;
920 if (nc == NULL) {
921 PyErr_SetString(PyExc_ValueError,
922 "No netlogon credentials cannot make "
923 "client authenticator");
924 return NULL;
925 }
926
927 status = netlogon_creds_client_authenticator(nc, &auth);
928 if (!NT_STATUS_IS_OK(status)) {
929 PyErr_SetString(PyExc_ValueError,
930 "Failed to create client authenticator");
931 return NULL;
932 }
933
934 ret = Py_BuildValue("{s"PYARG_BYTES_LEN"si}",
935 "credential",
936 (const char *) &auth.cred, sizeof(auth.cred),
937 "timestamp", auth.timestamp);
938 return ret;
939 }
940
941 static PyObject *py_creds_set_secure_channel_type(PyObject *self, PyObject *args)
942 {
943 unsigned int channel_type;
944 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
945 if (creds == NULL) {
946 PyErr_Format(PyExc_TypeError, "Credentials expected");
947 return NULL;
948 }
949
950 if (!PyArg_ParseTuple(args, "I", &channel_type))
951 return NULL;
952
953 cli_credentials_set_secure_channel_type(
954 creds,
955 channel_type);
956
957 Py_RETURN_NONE;
958 }
959
960 static PyObject *py_creds_get_secure_channel_type(PyObject *self, PyObject *args)
961 {
962 enum netr_SchannelType channel_type = SEC_CHAN_NULL;
963 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
964 if (creds == NULL) {
965 PyErr_Format(PyExc_TypeError, "Credentials expected");
966 return NULL;
967 }
968
969 channel_type = cli_credentials_get_secure_channel_type(creds);
970
971 return PyLong_FromLong(channel_type);
972 }
973
974 static PyObject *py_creds_set_kerberos_salt_principal(PyObject *self, PyObject *args)
975 {
976 char *salt_principal = NULL;
977 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
978 if (creds == NULL) {
979 PyErr_Format(PyExc_TypeError, "Credentials expected");
980 return NULL;
981 }
982
983 if (!PyArg_ParseTuple(args, "s", &salt_principal))
984 return NULL;
985
986 cli_credentials_set_salt_principal(
987 creds,
988 salt_principal);
989
990 Py_RETURN_NONE;
991 }
992
993 static PyObject *py_creds_get_kerberos_salt_principal(PyObject *self, PyObject *unused)
994 {
995 TALLOC_CTX *mem_ctx;
996 PyObject *ret = NULL;
997 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
998 if (creds == NULL) {
999 PyErr_Format(PyExc_TypeError, "Credentials expected");
1000 return NULL;
1001 }
1002 mem_ctx = talloc_new(NULL);
1003 if (mem_ctx == NULL) {
1004 PyErr_NoMemory();
1005 return NULL;
1006 }
1007
1008 ret = PyString_FromStringOrNULL(cli_credentials_get_salt_principal(creds, mem_ctx));
1009
1010 TALLOC_FREE(mem_ctx);
1011
1012 return ret;
1013 }
1014
1015 static PyObject *py_creds_get_kerberos_key_current_or_old(PyObject *self, PyObject *args, bool old)
1016 {
1017 struct loadparm_context *lp_ctx = NULL;
1018 TALLOC_CTX *mem_ctx = NULL;
1019 PyObject *py_lp_ctx = Py_None;
1020 DATA_BLOB key;
1021 int code;
1022 int enctype;
1023 PyObject *ret = NULL;
1024 struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
1025 if (creds == NULL) {
1026 PyErr_Format(PyExc_TypeError, "Credentials expected");
1027 return NULL;
1028 }
1029
1030 if (!PyArg_ParseTuple(args, "i|O", &enctype, &py_lp_ctx))
1031 return NULL;
1032
1033 mem_ctx = talloc_new(NULL);
1034 if (mem_ctx == NULL) {
1035 PyErr_NoMemory();
1036 return NULL;
1037 }
1038
1039 lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
1040 if (lp_ctx == NULL) {
1041 talloc_free(mem_ctx);
1042 return NULL;
1043 }
1044
1045 code = cli_credentials_get_kerberos_key(creds,
1046 mem_ctx,
1047 lp_ctx,
1048 enctype,
1049 old,
1050 &key);
1051 if (code != 0) {
1052 PyErr_SetString(PyExc_RuntimeError,
1053 "Failed to generate Kerberos key");
1054 talloc_free(mem_ctx);
1055 return NULL;
1056 }
1057
1058 ret = PyBytes_FromStringAndSize((const char *)key.data,
1059 key.length);
1060 talloc_free(mem_ctx);
1061 return ret;
1062 }
1063
1064 static PyObject *py_creds_get_kerberos_key(PyObject *self, PyObject *args)
1065 {
1066 return py_creds_get_kerberos_key_current_or_old(self, args, false);
1067 }
1068
1069 static PyObject *py_creds_get_old_kerberos_key(PyObject *self, PyObject *args)
1070 {
1071 return py_creds_get_kerberos_key_current_or_old(self, args, true);
1072 }
1073
1074 static PyObject *py_creds_encrypt_netr_crypt_password(PyObject *self,
1075 PyObject *args)
1076 {
1077 DATA_BLOB data = data_blob_null;
1078 struct cli_credentials *creds = NULL;
1079 struct netr_CryptPassword *pwd = NULL;
1080 NTSTATUS status;
1081 PyObject *py_cp = Py_None;
1082
1083 creds = PyCredentials_AsCliCredentials(self);
1084 if (creds == NULL) {
1085 PyErr_Format(PyExc_TypeError, "Credentials expected");
1086 return NULL;
1087 }
1088
1089 if (!PyArg_ParseTuple(args, "O", &py_cp)) {
1090 return NULL;
1091 }
1092
1093 if (!py_check_dcerpc_type(py_cp, "samba.dcerpc.netlogon", "netr_CryptPassword")) {
1094 /* py_check_dcerpc_type sets TypeError */
1095 return NULL;
1096 }
1097
1098 pwd = pytalloc_get_ptr(py_cp);
1099 if (pwd == NULL) {
1100 /* pytalloc_get_type sets TypeError */
1101 return NULL;
1102 }
1103 data.length = sizeof(struct netr_CryptPassword);
1104 data.data = (uint8_t *)pwd;
1105 status = netlogon_creds_session_encrypt(creds->netlogon_creds, data);
1106
1107 PyErr_NTSTATUS_IS_ERR_RAISE(status);
1108
1109 Py_RETURN_NONE;
1110 }
1111
1112 static PyObject *py_creds_encrypt_samr_password(PyObject *self,
1113 PyObject *args)
1114 {
1115 DATA_BLOB data = data_blob_null;
1116 struct cli_credentials *creds = NULL;
1117 struct samr_Password *pwd = NULL;
1118 NTSTATUS status;
1119 PyObject *py_cp = Py_None;
1120
1121 creds = PyCredentials_AsCliCredentials(self);
1122 if (creds == NULL) {
1123 PyErr_Format(PyExc_TypeError, "Credentials expected");
1124 return NULL;
1125 }
1126
1127 if (creds->netlogon_creds == NULL) {
1128 PyErr_Format(PyExc_ValueError, "NetLogon credentials not set");
1129 return NULL;
1130 }
1131
1132 if (!PyArg_ParseTuple(args, "O", &py_cp)) {
1133 return NULL;
1134 }
1135
1136 if (!py_check_dcerpc_type(py_cp, "samba.dcerpc.samr", "Password")) {
1137 /* py_check_dcerpc_type sets TypeError */
1138 return NULL;
1139 }
1140
1141 pwd = pytalloc_get_type(py_cp, struct samr_Password);
1142 if (pwd == NULL) {
1143 /* pytalloc_get_type sets TypeError */
1144 return NULL;
1145 }
1146 data = data_blob_const(pwd->hash, sizeof(pwd->hash));
1147 status = netlogon_creds_session_encrypt(creds->netlogon_creds, data);
1148
1149 PyErr_NTSTATUS_IS_ERR_RAISE(status);
1150
1151 Py_RETURN_NONE;
1152 }
1153
1154 static PyObject *py_creds_get_smb_signing(PyObject *self, PyObject *unused)
1155 {
1156 enum smb_signing_setting signing_state;
1157 struct cli_credentials *creds = NULL;
1158
1159 creds = PyCredentials_AsCliCredentials(self);
1160 if (creds == NULL) {
1161 PyErr_Format(PyExc_TypeError, "Credentials expected");
1162 return NULL;
1163 }
1164
1165 signing_state = cli_credentials_get_smb_signing(creds);
1166 return PyLong_FromLong(signing_state);
1167 }
1168
1169 static PyObject *py_creds_set_smb_signing(PyObject *self, PyObject *args)
1170 {
1171 enum smb_signing_setting signing_state;
1172 struct cli_credentials *creds = NULL;
1173 enum credentials_obtained obt = CRED_SPECIFIED;
1174
1175 creds = PyCredentials_AsCliCredentials(self);
1176 if (creds == NULL) {
1177 PyErr_Format(PyExc_TypeError, "Credentials expected");
1178 return NULL;
1179 }
1180 if (!PyArg_ParseTuple(args, "i|i", &signing_state, &obt)) {
1181 return NULL;
1182 }
1183
1184 switch (signing_state) {
1185 case SMB_SIGNING_DEFAULT:
1186 case SMB_SIGNING_OFF:
1187 case SMB_SIGNING_IF_REQUIRED:
1188 case SMB_SIGNING_DESIRED:
1189 case SMB_SIGNING_REQUIRED:
1190 break;
1191 default:
1192 PyErr_Format(PyExc_TypeError, "Invalid signing state value");
1193 return NULL;
1194 }
1195
1196 cli_credentials_set_smb_signing(creds, signing_state, obt);
1197 Py_RETURN_NONE;
1198 }
1199
1200 static PyObject *py_creds_get_smb_ipc_signing(PyObject *self, PyObject *unused)
1201 {
1202 enum smb_signing_setting signing_state;
1203 struct cli_credentials *creds = NULL;
1204
1205 creds = PyCredentials_AsCliCredentials(self);
1206 if (creds == NULL) {
1207 PyErr_Format(PyExc_TypeError, "Credentials expected");
1208 return NULL;
1209 }
1210
1211 signing_state = cli_credentials_get_smb_ipc_signing(creds);
1212 return PyLong_FromLong(signing_state);
1213 }
1214
1215 static PyObject *py_creds_set_smb_ipc_signing(PyObject *self, PyObject *args)
1216 {
1217 enum smb_signing_setting signing_state;
1218 struct cli_credentials *creds = NULL;
1219 enum credentials_obtained obt = CRED_SPECIFIED;
1220
1221 creds = PyCredentials_AsCliCredentials(self);
1222 if (creds == NULL) {
1223 PyErr_Format(PyExc_TypeError, "Credentials expected");
1224 return NULL;
1225 }
1226 if (!PyArg_ParseTuple(args, "i|i", &signing_state, &obt)) {
1227 return NULL;
1228 }
1229
1230 switch (signing_state) {
1231 case SMB_SIGNING_DEFAULT:
1232 case SMB_SIGNING_OFF:
1233 case SMB_SIGNING_IF_REQUIRED:
1234 case SMB_SIGNING_DESIRED:
1235 case SMB_SIGNING_REQUIRED:
1236 break;
1237 default:
1238 PyErr_Format(PyExc_TypeError, "Invalid signing state value");
1239 return NULL;
1240 }
1241
1242 cli_credentials_set_smb_ipc_signing(creds, signing_state, obt);
1243 Py_RETURN_NONE;
1244 }
1245
1246 static PyObject *py_creds_get_smb_encryption(PyObject *self, PyObject *unused)
1247 {
1248 enum smb_encryption_setting encryption_state;
1249 struct cli_credentials *creds = NULL;
1250
1251 creds = PyCredentials_AsCliCredentials(self);
1252 if (creds == NULL) {
1253 PyErr_Format(PyExc_TypeError, "Credentials expected");
1254 return NULL;
1255 }
1256
1257 encryption_state = cli_credentials_get_smb_encryption(creds);
1258 return PyLong_FromLong(encryption_state);
1259 }
1260
1261 static PyObject *py_creds_set_smb_encryption(PyObject *self, PyObject *args)
1262 {
1263 enum smb_encryption_setting encryption_state;
1264 struct cli_credentials *creds = NULL;
1265 enum credentials_obtained obt = CRED_SPECIFIED;
1266
1267 creds = PyCredentials_AsCliCredentials(self);
1268 if (creds == NULL) {
1269 PyErr_Format(PyExc_TypeError, "Credentials expected");
1270 return NULL;
1271 }
1272 if (!PyArg_ParseTuple(args, "i|i", &encryption_state, &obt)) {
1273 return NULL;
1274 }
1275
1276 switch (encryption_state) {
1277 case SMB_ENCRYPTION_DEFAULT:
1278 case SMB_ENCRYPTION_OFF:
1279 case SMB_ENCRYPTION_IF_REQUIRED:
1280 case SMB_ENCRYPTION_DESIRED:
1281 case SMB_ENCRYPTION_REQUIRED:
1282 break;
1283 default:
1284 PyErr_Format(PyExc_TypeError, "Invalid encryption state value");
1285 return NULL;
1286 }
1287
1288 (void)cli_credentials_set_smb_encryption(creds, encryption_state, obt);
1289 Py_RETURN_NONE;
1290 }
1291
1292 static PyObject *py_creds_get_krb5_fast_armor_credentials(PyObject *self, PyObject *unused)
1293 {
1294 struct cli_credentials *creds = NULL;
1295 struct cli_credentials *fast_creds = NULL;
1296
1297 creds = PyCredentials_AsCliCredentials(self);
1298 if (creds == NULL) {
1299 PyErr_Format(PyExc_TypeError, "Credentials expected");
1300 return NULL;
1301 }
1302
1303 fast_creds = cli_credentials_get_krb5_fast_armor_credentials(creds);
1304 if (fast_creds == NULL) {
1305 Py_RETURN_NONE;
1306 }
1307
1308 return PyCredentials_from_cli_credentials(fast_creds);
1309 }
1310
1311 static PyObject *py_creds_set_krb5_fast_armor_credentials(PyObject *self, PyObject *args)
1312 {
1313 struct cli_credentials *creds = NULL;
1314 PyObject *pyfast_creds;
1315 struct cli_credentials *fast_creds = NULL;
1316 int fast_armor_required = 0;
1317 NTSTATUS status;
1318
1319 creds = PyCredentials_AsCliCredentials(self);
1320 if (creds == NULL) {
1321 PyErr_Format(PyExc_TypeError, "Credentials expected");
1322 return NULL;
1323 }
1324 if (!PyArg_ParseTuple(args, "Op", &pyfast_creds, &fast_armor_required)) {
1325 return NULL;
1326 }
1327 if (pyfast_creds == Py_None) {
1328 fast_creds = NULL;
1329 } else {
1330 fast_creds = PyCredentials_AsCliCredentials(pyfast_creds);
1331 if (fast_creds == NULL) {
1332 PyErr_Format(PyExc_TypeError, "Credentials expected");
1333 return NULL;
1334 }
1335 }
1336
1337 status = cli_credentials_set_krb5_fast_armor_credentials(creds,
1338 fast_creds,
1339 fast_armor_required);
1340
1341 PyErr_NTSTATUS_IS_ERR_RAISE(status);
1342 Py_RETURN_NONE;
1343 }
1344
1345 static PyObject *py_creds_get_krb5_require_fast_armor(PyObject *self, PyObject *unused)
1346 {
1347 bool krb5_fast_armor_required;
1348 struct cli_credentials *creds = NULL;
1349
1350 creds = PyCredentials_AsCliCredentials(self);
1351 if (creds == NULL) {
1352 PyErr_Format(PyExc_TypeError, "Credentials expected");
1353 return NULL;
1354 }
1355
1356 krb5_fast_armor_required = cli_credentials_get_krb5_require_fast_armor(creds);
1357 return PyBool_FromLong(krb5_fast_armor_required);
1358 }
1359
1360 static PyMethodDef py_creds_methods[] = {
1361 {
1362 .ml_name = "get_username",
1363 .ml_meth = py_creds_get_username,
1364 .ml_flags = METH_NOARGS,
1365 .ml_doc = "S.get_username() -> username\nObtain username.",
1366 },
1367 {
1368 .ml_name = "set_username",
1369 .ml_meth = py_creds_set_username,
1370 .ml_flags = METH_VARARGS,
1371 .ml_doc = "S.set_username(name[, credentials.SPECIFIED]) -> None\n"
1372 "Change username.",
1373 },
1374 {
1375 .ml_name = "get_principal",
1376 .ml_meth = py_creds_get_principal,
1377 .ml_flags = METH_NOARGS,
1378 .ml_doc = "S.get_principal() -> user@realm\nObtain user principal.",
1379 },
1380 {
1381 .ml_name = "set_principal",
1382 .ml_meth = py_creds_set_principal,
1383 .ml_flags = METH_VARARGS,
1384 .ml_doc = "S.set_principal(name[, credentials.SPECIFIED]) -> None\n"
1385 "Change principal.",
1386 },
1387 {
1388 .ml_name = "get_password",
1389 .ml_meth = py_creds_get_password,
1390 .ml_flags = METH_NOARGS,
1391 .ml_doc = "S.get_password() -> password\n"
1392 "Obtain password.",
1393 },
1394 {
1395 .ml_name = "get_ntlm_username_domain",
1396 .ml_meth = py_creds_get_ntlm_username_domain,
1397 .ml_flags = METH_NOARGS,
1398 .ml_doc = "S.get_ntlm_username_domain() -> (domain, username)\n"
1399 "Obtain NTLM username and domain, split up either as (DOMAIN, user) or (\"\", \"user@realm\").",
1400 },
1401 {
1402 .ml_name = "get_ntlm_response",
1403 .ml_meth = PY_DISCARD_FUNC_SIG(PyCFunction,
1404 py_creds_get_ntlm_response),
1405 .ml_flags = METH_VARARGS | METH_KEYWORDS,
1406 .ml_doc = "S.get_ntlm_response"
1407 "(flags, challenge[, target_info]) -> "
1408 "(flags, lm_response, nt_response, lm_session_key, nt_session_key)\n"
1409 "Obtain LM or NTLM response.",
1410 },
1411 {
1412 .ml_name = "set_password",
1413 .ml_meth = py_creds_set_password,
1414 .ml_flags = METH_VARARGS,
1415 .ml_doc = "S.set_password(password[, credentials.SPECIFIED]) -> None\n"
1416 "Change password.",
1417 },
1418 {
1419 .ml_name = "set_utf16_password",
1420 .ml_meth = py_creds_set_utf16_password,
1421 .ml_flags = METH_VARARGS,
1422 .ml_doc = "S.set_utf16_password(password[, credentials.SPECIFIED]) -> None\n"
1423 "Change password.",
1424 },
1425 {
1426 .ml_name = "get_old_password",
1427 .ml_meth = py_creds_get_old_password,
1428 .ml_flags = METH_NOARGS,
1429 .ml_doc = "S.get_old_password() -> password\n"
1430 "Obtain old password.",
1431 },
1432 {
1433 .ml_name = "set_old_password",
1434 .ml_meth = py_creds_set_old_password,
1435 .ml_flags = METH_VARARGS,
1436 .ml_doc = "S.set_old_password(password[, credentials.SPECIFIED]) -> None\n"
1437 "Change old password.",
1438 },
1439 {
1440 .ml_name = "set_old_utf16_password",
1441 .ml_meth = py_creds_set_old_utf16_password,
1442 .ml_flags = METH_VARARGS,
1443 .ml_doc = "S.set_old_utf16_password(password[, credentials.SPECIFIED]) -> None\n"
1444 "Change old password.",
1445 },
1446 {
1447 .ml_name = "get_domain",
1448 .ml_meth = py_creds_get_domain,
1449 .ml_flags = METH_NOARGS,
1450 .ml_doc = "S.get_domain() -> domain\n"
1451 "Obtain domain name.",
1452 },
1453 {
1454 .ml_name = "set_domain",
1455 .ml_meth = py_creds_set_domain,
1456 .ml_flags = METH_VARARGS,
1457 .ml_doc = "S.set_domain(domain[, credentials.SPECIFIED]) -> None\n"
1458 "Change domain name.",
1459 },
1460 {
1461 .ml_name = "get_realm",
1462 .ml_meth = py_creds_get_realm,
1463 .ml_flags = METH_NOARGS,
1464 .ml_doc = "S.get_realm() -> realm\n"
1465 "Obtain realm name.",
1466 },
1467 {
1468 .ml_name = "set_realm",
1469 .ml_meth = py_creds_set_realm,
1470 .ml_flags = METH_VARARGS,
1471 .ml_doc = "S.set_realm(realm[, credentials.SPECIFIED]) -> None\n"
1472 "Change realm name.",
1473 },
1474 {
1475 .ml_name = "get_bind_dn",
1476 .ml_meth = py_creds_get_bind_dn,
1477 .ml_flags = METH_NOARGS,
1478 .ml_doc = "S.get_bind_dn() -> bind dn\n"
1479 "Obtain bind DN.",
1480 },
1481 {
1482 .ml_name = "set_bind_dn",
1483 .ml_meth = py_creds_set_bind_dn,
1484 .ml_flags = METH_VARARGS,
1485 .ml_doc = "S.set_bind_dn(bind_dn) -> None\n"
1486 "Change bind DN.",
1487 },
1488 {
1489 .ml_name = "is_anonymous",
1490 .ml_meth = py_creds_is_anonymous,
1491 .ml_flags = METH_NOARGS,
1492 },
1493 {
1494 .ml_name = "set_anonymous",
1495 .ml_meth = py_creds_set_anonymous,
1496 .ml_flags = METH_NOARGS,
1497 .ml_doc = "S.set_anonymous() -> None\n"
1498 "Use anonymous credentials.",
1499 },
1500 {
1501 .ml_name = "get_workstation",
1502 .ml_meth = py_creds_get_workstation,
1503 .ml_flags = METH_NOARGS,
1504 },
1505 {
1506 .ml_name = "set_workstation",
1507 .ml_meth = py_creds_set_workstation,
1508 .ml_flags = METH_VARARGS,
1509 },
1510 {
1511 .ml_name = "authentication_requested",
1512 .ml_meth = py_creds_authentication_requested,
1513 .ml_flags = METH_NOARGS,
1514 },
1515 {
1516 .ml_name = "wrong_password",
1517 .ml_meth = py_creds_wrong_password,
1518 .ml_flags = METH_NOARGS,
1519 .ml_doc = "S.wrong_password() -> bool\n"
1520 "Indicate the returned password was incorrect.",
1521 },
1522 {
1523 .ml_name = "set_cmdline_callbacks",
1524 .ml_meth = py_creds_set_cmdline_callbacks,
1525 .ml_flags = METH_NOARGS,
1526 .ml_doc = "S.set_cmdline_callbacks() -> bool\n"
1527 "Use command-line to obtain credentials not explicitly set.",
1528 },
1529 {
1530 .ml_name = "parse_string",
1531 .ml_meth = py_creds_parse_string,
1532 .ml_flags = METH_VARARGS,
1533 .ml_doc = "S.parse_string(text[, credentials.SPECIFIED]) -> None\n"
1534 "Parse credentials string.",
1535 },
1536 {
1537 .ml_name = "parse_file",
1538 .ml_meth = py_creds_parse_file,
1539 .ml_flags = METH_VARARGS,
1540 .ml_doc = "S.parse_file(filename[, credentials.SPECIFIED]) -> None\n"
1541 "Parse credentials file.",
1542 },
1543 {
1544 .ml_name = "set_password_will_be_nt_hash",
1545 .ml_meth = py_cli_credentials_set_password_will_be_nt_hash,
1546 .ml_flags = METH_VARARGS,
1547 .ml_doc = "S.set_password_will_be_nt_hash(bool) -> None\n"
1548 "Alters the behaviour of S.set_password() "
1549 "to expect the NTHASH as hexstring.",
1550 },
1551 {
1552 .ml_name = "get_nt_hash",
1553 .ml_meth = py_creds_get_nt_hash,
1554 .ml_flags = METH_NOARGS,
1555 },
1556 {
1557 .ml_name = "set_nt_hash",
1558 .ml_meth = py_creds_set_nt_hash,
1559 .ml_flags = METH_VARARGS,
1560 .ml_doc = "S.set_net_sh(samr_Password[, credentials.SPECIFIED]) -> bool\n"
1561 "Change NT hash.",
1562 },
1563 {
1564 .ml_name = "get_kerberos_state",
1565 .ml_meth = py_creds_get_kerberos_state,
1566 .ml_flags = METH_NOARGS,
1567 },
1568 {
1569 .ml_name = "set_kerberos_state",
1570 .ml_meth = py_creds_set_kerberos_state,
1571 .ml_flags = METH_VARARGS,
1572 },
1573 {
1574 .ml_name = "set_krb_forwardable",
1575 .ml_meth = py_creds_set_krb_forwardable,
1576 .ml_flags = METH_VARARGS,
1577 },
1578 {
1579 .ml_name = "set_conf",
1580 .ml_meth = py_creds_set_conf,
1581 .ml_flags = METH_VARARGS,
1582 },
1583 {
1584 .ml_name = "guess",
1585 .ml_meth = py_creds_guess,
1586 .ml_flags = METH_VARARGS,
1587 },
1588 {
1589 .ml_name = "set_machine_account",
1590 .ml_meth = py_creds_set_machine_account,
1591 .ml_flags = METH_VARARGS,
1592 },
1593 {
1594 .ml_name = "get_named_ccache",
1595 .ml_meth = py_creds_get_named_ccache,
1596 .ml_flags = METH_VARARGS,
1597 },
1598 {
1599 .ml_name = "set_named_ccache",
1600 .ml_meth = py_creds_set_named_ccache,
1601 .ml_flags = METH_VARARGS,
1602 .ml_doc = "S.set_named_ccache(krb5_ccache_name, obtained, lp) -> None\n"
1603 "Set credentials to KRB5 Credentials Cache (by name).",
1604 },
1605 {
1606 .ml_name = "set_gensec_features",
1607 .ml_meth = py_creds_set_gensec_features,
1608 .ml_flags = METH_VARARGS,
1609 },
1610 {
1611 .ml_name = "get_gensec_features",
1612 .ml_meth = py_creds_get_gensec_features,
1613 .ml_flags = METH_NOARGS,
1614 },
1615 {
1616 .ml_name = "get_forced_sasl_mech",
1617 .ml_meth = py_creds_get_forced_sasl_mech,
1618 .ml_flags = METH_NOARGS,
1619 .ml_doc = "S.get_forced_sasl_mech() -> SASL mechanism\nObtain forced SASL mechanism.",
1620 },
1621 {
1622 .ml_name = "set_forced_sasl_mech",
1623 .ml_meth = py_creds_set_forced_sasl_mech,
1624 .ml_flags = METH_VARARGS,
1625 .ml_doc = "S.set_forced_sasl_mech(name) -> None\n"
1626 "Set forced SASL mechanism.",
1627 },
1628 {
1629 .ml_name = "new_client_authenticator",
1630 .ml_meth = py_creds_new_client_authenticator,
1631 .ml_flags = METH_NOARGS,
1632 .ml_doc = "S.new_client_authenticator() -> Authenticator\n"
1633 "Get a new client NETLOGON_AUTHENTICATOR"},
1634 {
1635 .ml_name = "set_secure_channel_type",
1636 .ml_meth = py_creds_set_secure_channel_type,
1637 .ml_flags = METH_VARARGS,
1638 },
1639 {
1640 .ml_name = "get_secure_channel_type",
1641 .ml_meth = py_creds_get_secure_channel_type,
1642 .ml_flags = METH_VARARGS,
1643 },
1644 {
1645 .ml_name = "set_kerberos_salt_principal",
1646 .ml_meth = py_creds_set_kerberos_salt_principal,
1647 .ml_flags = METH_VARARGS,
1648 },
1649 {
1650 .ml_name = "get_kerberos_salt_principal",
1651 .ml_meth = py_creds_get_kerberos_salt_principal,
1652 .ml_flags = METH_VARARGS,
1653 },
1654 {
1655 .ml_name = "get_kerberos_key",
1656 .ml_meth = py_creds_get_kerberos_key,
1657 .ml_flags = METH_VARARGS,
1658 .ml_doc = "S.get_kerberos_key(enctype, [lp]) -> bytes\n"
1659 "Generate a Kerberos key using the current password and\n"
1660 "the salt on this credentials object",
1661 },
1662 {
1663 .ml_name = "get_old_kerberos_key",
1664 .ml_meth = py_creds_get_old_kerberos_key,
1665 .ml_flags = METH_VARARGS,
1666 .ml_doc = "S.get_old_kerberos_key(enctype, [lp]) -> bytes\n"
1667 "Generate a Kerberos key using the old (previous) password and\n"
1668 "the salt on this credentials object",
1669 },
1670 {
1671 .ml_name = "encrypt_netr_crypt_password",
1672 .ml_meth = py_creds_encrypt_netr_crypt_password,
1673 .ml_flags = METH_VARARGS,
1674 .ml_doc = "S.encrypt_netr_crypt_password(password) -> None\n"
1675 "Encrypt the supplied password using the session key and\n"
1676 "the negotiated encryption algorithm in place\n"
1677 "i.e. it overwrites the original data"},
1678 {
1679 .ml_name = "encrypt_samr_password",
1680 .ml_meth = py_creds_encrypt_samr_password,
1681 .ml_flags = METH_VARARGS,
1682 .ml_doc = "S.encrypt_samr_password(password) -> None\n"
1683 "Encrypt the supplied password using the session key and\n"
1684 "the negotiated encryption algorithm in place\n"
1685 "i.e. it overwrites the original data"
1686 },
1687 {
1688 .ml_name = "get_smb_signing",
1689 .ml_meth = py_creds_get_smb_signing,
1690 .ml_flags = METH_NOARGS,
1691 },
1692 {
1693 .ml_name = "set_smb_signing",
1694 .ml_meth = py_creds_set_smb_signing,
1695 .ml_flags = METH_VARARGS,
1696 },
1697 {
1698 .ml_name = "get_smb_ipc_signing",
1699 .ml_meth = py_creds_get_smb_ipc_signing,
1700 .ml_flags = METH_NOARGS,
1701 },
1702 {
1703 .ml_name = "set_smb_ipc_signing",
1704 .ml_meth = py_creds_set_smb_ipc_signing,
1705 .ml_flags = METH_VARARGS,
1706 },
1707 {
1708 .ml_name = "get_smb_encryption",
1709 .ml_meth = py_creds_get_smb_encryption,
1710 .ml_flags = METH_NOARGS,
1711 },
1712 {
1713 .ml_name = "set_smb_encryption",
1714 .ml_meth = py_creds_set_smb_encryption,
1715 .ml_flags = METH_VARARGS,
1716 },
1717 {
1718 .ml_name = "get_krb5_fast_armor_credentials",
1719 .ml_meth = py_creds_get_krb5_fast_armor_credentials,
1720 .ml_flags = METH_NOARGS,
1721 .ml_doc = "S.get_krb5_fast_armor_credentials() -> Credentials\n"
1722 "Get the Kerberos FAST credentials set on this credentials object"
1723 },
1724 {
1725 .ml_name = "set_krb5_fast_armor_credentials",
1726 .ml_meth = py_creds_set_krb5_fast_armor_credentials,
1727 .ml_flags = METH_VARARGS,
1728 .ml_doc = "S.set_krb5_fast_armor_credentials(credentials, required) -> None\n"
1729 "Set Kerberos FAST credentials for this credentials object, and if FAST armoring must be used."
1730 },
1731 {
1732 .ml_name = "get_krb5_require_fast_armor",
1733 .ml_meth = py_creds_get_krb5_require_fast_armor,
1734 .ml_flags = METH_NOARGS,
1735 .ml_doc = "S.get_krb5_fast_armor() -> bool\n"
1736 "Indicate if Kerberos FAST armor is required"
1737 },
1738 { .ml_name = NULL }
1739 };
1740
1741 static struct PyModuleDef moduledef = {
1742 PyModuleDef_HEAD_INIT,
1743 .m_name = "credentials",
1744 .m_doc = "Credentials management.",
1745 .m_size = -1,
1746 .m_methods = py_creds_methods,
1747 };
1748
1749 PyTypeObject PyCredentials = {
1750 .tp_name = "credentials.Credentials",
1751 .tp_new = py_creds_new,
1752 .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE,
1753 .tp_methods = py_creds_methods,
1754 };
1755
1756 static PyObject *py_ccache_name(PyObject *self, PyObject *unused)
1757 {
1758 struct ccache_container *ccc = NULL;
1759 char *name = NULL;
1760 PyObject *py_name = NULL;
1761 int ret;
1762
1763 ccc = pytalloc_get_type(self, struct ccache_container);
1764
1765 ret = krb5_cc_get_full_name(ccc->smb_krb5_context->krb5_context,
1766 ccc->ccache, &name);
1767 if (ret == 0) {
1768 py_name = PyString_FromStringOrNULL(name);
1769 krb5_free_string(ccc->smb_krb5_context->krb5_context, name);
1770 } else {
1771 PyErr_SetString(PyExc_RuntimeError,
1772 "Failed to get ccache name");
1773 return NULL;
1774 }
1775 return py_name;
1776 }
1777
1778 static PyMethodDef py_ccache_container_methods[] = {
1779 { "get_name", py_ccache_name, METH_NOARGS,
1780 "S.get_name() -> name\nObtain KRB5 credentials cache name." },
1781 {0}
1782 };
1783
1784 PyTypeObject PyCredentialCacheContainer = {
1785 .tp_name = "credentials.CredentialCacheContainer",
1786 .tp_flags = Py_TPFLAGS_DEFAULT,
1787 .tp_methods = py_ccache_container_methods,
1788 };
1789
1790 MODULE_INIT_FUNC(credentials)
1791 {
1792 PyObject *m;
1793 if (pytalloc_BaseObject_PyType_Ready(&PyCredentials) < 0)
1794 return NULL;
1795
1796 if (pytalloc_BaseObject_PyType_Ready(&PyCredentialCacheContainer) < 0)
1797 return NULL;
1798
1799 m = PyModule_Create(&moduledef);
1800 if (m == NULL)
1801 return NULL;
1802
1803 PyModule_AddObject(m, "UNINITIALISED", PyLong_FromLong(CRED_UNINITIALISED));
1804 PyModule_AddObject(m, "SMB_CONF", PyLong_FromLong(CRED_SMB_CONF));
1805 PyModule_AddObject(m, "CALLBACK", PyLong_FromLong(CRED_CALLBACK));
1806 PyModule_AddObject(m, "GUESS_ENV", PyLong_FromLong(CRED_GUESS_ENV));
1807 PyModule_AddObject(m, "GUESS_FILE", PyLong_FromLong(CRED_GUESS_FILE));
1808 PyModule_AddObject(m, "CALLBACK_RESULT", PyLong_FromLong(CRED_CALLBACK_RESULT));
1809 PyModule_AddObject(m, "SPECIFIED", PyLong_FromLong(CRED_SPECIFIED));
1810
1811 PyModule_AddObject(m, "AUTO_USE_KERBEROS", PyLong_FromLong(CRED_USE_KERBEROS_DESIRED));
1812 PyModule_AddObject(m, "DONT_USE_KERBEROS", PyLong_FromLong(CRED_USE_KERBEROS_DISABLED));
1813 PyModule_AddObject(m, "MUST_USE_KERBEROS", PyLong_FromLong(CRED_USE_KERBEROS_REQUIRED));
1814
1815 PyModule_AddObject(m, "AUTO_KRB_FORWARDABLE", PyLong_FromLong(CRED_AUTO_KRB_FORWARDABLE));
1816 PyModule_AddObject(m, "NO_KRB_FORWARDABLE", PyLong_FromLong(CRED_NO_KRB_FORWARDABLE));
1817 PyModule_AddObject(m, "FORCE_KRB_FORWARDABLE", PyLong_FromLong(CRED_FORCE_KRB_FORWARDABLE));
1818 PyModule_AddObject(m, "CLI_CRED_NTLM2", PyLong_FromLong(CLI_CRED_NTLM2));
1819 PyModule_AddObject(m, "CLI_CRED_NTLMv2_AUTH", PyLong_FromLong(CLI_CRED_NTLMv2_AUTH));
1820 PyModule_AddObject(m, "CLI_CRED_LANMAN_AUTH", PyLong_FromLong(CLI_CRED_LANMAN_AUTH));
1821 PyModule_AddObject(m, "CLI_CRED_NTLM_AUTH", PyLong_FromLong(CLI_CRED_NTLM_AUTH));
1822 PyModule_AddObject(m, "CLI_CRED_CLEAR_AUTH", PyLong_FromLong(CLI_CRED_CLEAR_AUTH));
1823
1824 PyModule_AddObject(m, "SMB_SIGNING_DEFAULT", PyLong_FromLong(SMB_SIGNING_DEFAULT));
1825 PyModule_AddObject(m, "SMB_SIGNING_OFF", PyLong_FromLong(SMB_SIGNING_OFF));
1826 PyModule_AddObject(m, "SMB_SIGNING_IF_REQUIRED", PyLong_FromLong(SMB_SIGNING_IF_REQUIRED));
1827 PyModule_AddObject(m, "SMB_SIGNING_DESIRED", PyLong_FromLong(SMB_SIGNING_DESIRED));
1828 PyModule_AddObject(m, "SMB_SIGNING_REQUIRED", PyLong_FromLong(SMB_SIGNING_REQUIRED));
1829
1830 PyModule_AddObject(m, "SMB_ENCRYPTION_DEFAULT", PyLong_FromLong(SMB_ENCRYPTION_DEFAULT));
1831 PyModule_AddObject(m, "SMB_ENCRYPTION_OFF", PyLong_FromLong(SMB_ENCRYPTION_OFF));
1832 PyModule_AddObject(m, "SMB_ENCRYPTION_IF_REQUIRED", PyLong_FromLong(SMB_ENCRYPTION_IF_REQUIRED));
1833 PyModule_AddObject(m, "SMB_ENCRYPTION_DESIRED", PyLong_FromLong(SMB_ENCRYPTION_DESIRED));
1834 PyModule_AddObject(m, "SMB_ENCRYPTION_REQUIRED", PyLong_FromLong(SMB_ENCRYPTION_REQUIRED));
1835
1836 PyModule_AddObject(m, "ENCTYPE_ARCFOUR_HMAC", PyLong_FromLong(ENCTYPE_ARCFOUR_HMAC));
1837 PyModule_AddObject(m, "ENCTYPE_AES128_CTS_HMAC_SHA1_96", PyLong_FromLong(ENCTYPE_AES128_CTS_HMAC_SHA1_96));
1838 PyModule_AddObject(m, "ENCTYPE_AES256_CTS_HMAC_SHA1_96", PyLong_FromLong(ENCTYPE_AES256_CTS_HMAC_SHA1_96));
1839
1840 Py_INCREF(&PyCredentials);
1841 PyModule_AddObject(m, "Credentials", (PyObject *)&PyCredentials);
1842 Py_INCREF(&PyCredentialCacheContainer);
1843 PyModule_AddObject(m, "CredentialCacheContainer", (PyObject *)&PyCredentialCacheContainer);
1844 return m;
1845 }
GSS-enabled samba4