2008-12-21 05:37:31 +03:00
/*
Unix SMB / CIFS implementation .
Copyright ( C ) Jelmer Vernooij < jelmer @ samba . org > 2007 - 2008
2011-01-11 08:43:54 +03:00
Copyright ( C ) Andrew Bartlett < abartlet @ samba . org > 2011
2008-12-21 05:37:31 +03:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 3 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
2010-01-20 06:27:38 +03:00
# include <Python.h>
2008-12-21 05:37:31 +03:00
# include "includes.h"
2010-12-22 09:17:07 +03:00
# include "libcli/util/pyerrors.h"
2008-12-21 05:37:31 +03:00
# include "param/param.h"
# include "pyauth.h"
2010-12-22 09:17:07 +03:00
# include "pyldb.h"
2008-12-21 05:37:31 +03:00
# include "auth/system_session_proto.h"
2011-01-11 08:43:54 +03:00
# include "auth/auth.h"
2008-12-22 06:38:57 +03:00
# include "param/pyparam.h"
2009-09-03 15:39:40 +04:00
# include "libcli/security/security.h"
2011-01-11 08:43:54 +03:00
# include "auth/credentials/pycredentials.h"
# include "librpc/rpc/pyrpc_util.h"
static PyObject * py_auth_session_get_security_token ( PyObject * self , void * closure )
{
2011-01-17 08:21:28 +03:00
struct auth_session_info * session = py_talloc_get_type ( self , struct auth_session_info ) ;
2011-01-11 08:43:54 +03:00
PyObject * py_security_token ;
py_security_token = py_return_ndr_struct ( " samba.dcerpc.security " , " token " ,
session - > security_token , session - > security_token ) ;
return py_security_token ;
}
static int py_auth_session_set_security_token ( PyObject * self , PyObject * value , void * closure )
{
2011-01-17 08:21:28 +03:00
struct auth_session_info * session = py_talloc_get_type ( self , struct auth_session_info ) ;
2011-01-11 08:43:54 +03:00
session - > security_token = talloc_reference ( session , py_talloc_get_ptr ( value ) ) ;
return 0 ;
}
static PyObject * py_auth_session_get_session_key ( PyObject * self , void * closure )
{
2011-01-17 08:21:28 +03:00
struct auth_session_info * session = py_talloc_get_type ( self , struct auth_session_info ) ;
2011-01-11 08:43:54 +03:00
return PyString_FromStringAndSize ( ( char * ) session - > session_key . data , session - > session_key . length ) ;
}
static int py_auth_session_set_session_key ( PyObject * self , PyObject * value , void * closure )
{
DATA_BLOB val ;
2011-01-17 08:21:28 +03:00
struct auth_session_info * session = py_talloc_get_type ( self , struct auth_session_info ) ;
2011-01-11 08:43:54 +03:00
val . data = ( uint8_t * ) PyString_AsString ( value ) ;
val . length = PyString_Size ( value ) ;
session - > session_key = data_blob_talloc ( session , val . data , val . length ) ;
return 0 ;
}
static PyObject * py_auth_session_get_credentials ( PyObject * self , void * closure )
{
2011-01-17 08:21:28 +03:00
struct auth_session_info * session = py_talloc_get_type ( self , struct auth_session_info ) ;
2011-01-11 08:43:54 +03:00
PyObject * py_credentials ;
/* This is evil, as the credentials are not IDL structures */
py_credentials = py_return_ndr_struct ( " samba.credentials " , " Credentials " , session - > credentials , session - > credentials ) ;
return py_credentials ;
}
static int py_auth_session_set_credentials ( PyObject * self , PyObject * value , void * closure )
{
2011-01-17 08:21:28 +03:00
struct auth_session_info * session = py_talloc_get_type ( self , struct auth_session_info ) ;
2011-01-11 08:43:54 +03:00
session - > credentials = talloc_reference ( session , PyCredentials_AsCliCredentials ( value ) ) ;
return 0 ;
}
static PyGetSetDef py_auth_session_getset [ ] = {
{ discard_const_p ( char , " security_token " ) , ( getter ) py_auth_session_get_security_token , ( setter ) py_auth_session_set_security_token , NULL } ,
{ discard_const_p ( char , " session_key " ) , ( getter ) py_auth_session_get_session_key , ( setter ) py_auth_session_set_session_key , NULL } ,
{ discard_const_p ( char , " credentials " ) , ( getter ) py_auth_session_get_credentials , ( setter ) py_auth_session_set_credentials , NULL } ,
{ NULL }
} ;
2009-09-03 15:39:40 +04:00
2010-12-01 02:03:00 +03:00
static PyTypeObject PyAuthSession = {
2008-12-21 05:37:31 +03:00
. tp_name = " AuthSession " ,
. tp_basicsize = sizeof ( py_talloc_Object ) ,
. tp_flags = Py_TPFLAGS_DEFAULT ,
2011-01-11 08:43:54 +03:00
. tp_getset = py_auth_session_getset ,
2008-12-21 05:37:31 +03:00
} ;
PyObject * PyAuthSession_FromSession ( struct auth_session_info * session )
{
2009-07-01 08:06:56 +04:00
return py_talloc_reference ( & PyAuthSession , session ) ;
2008-12-21 05:37:31 +03:00
}
static PyObject * py_system_session ( PyObject * module , PyObject * args )
{
PyObject * py_lp_ctx = Py_None ;
struct loadparm_context * lp_ctx = NULL ;
struct auth_session_info * session ;
2010-09-23 03:44:17 +04:00
TALLOC_CTX * mem_ctx ;
2008-12-21 05:37:31 +03:00
if ( ! PyArg_ParseTuple ( args , " |O " , & py_lp_ctx ) )
return NULL ;
2010-09-23 03:44:17 +04:00
mem_ctx = talloc_new ( NULL ) ;
if ( mem_ctx = = NULL ) {
PyErr_NoMemory ( ) ;
2008-12-21 05:37:31 +03:00
return NULL ;
2010-09-23 03:44:17 +04:00
}
lp_ctx = lpcfg_from_py_object ( mem_ctx , py_lp_ctx ) ;
if ( lp_ctx = = NULL ) {
talloc_free ( mem_ctx ) ;
return NULL ;
}
2008-12-21 05:37:31 +03:00
2009-10-23 07:19:28 +04:00
session = system_session ( lp_ctx ) ;
2008-12-21 05:37:31 +03:00
2010-09-23 03:44:17 +04:00
talloc_free ( mem_ctx ) ;
2010-09-23 02:35:36 +04:00
2008-12-21 05:37:31 +03:00
return PyAuthSession_FromSession ( session ) ;
}
2009-09-03 15:39:40 +04:00
static PyObject * py_admin_session ( PyObject * module , PyObject * args )
{
PyObject * py_lp_ctx ;
PyObject * py_sid ;
struct loadparm_context * lp_ctx = NULL ;
struct auth_session_info * session ;
struct dom_sid * domain_sid = NULL ;
2010-09-23 03:44:17 +04:00
TALLOC_CTX * mem_ctx ;
2009-09-03 15:39:40 +04:00
if ( ! PyArg_ParseTuple ( args , " OO " , & py_lp_ctx , & py_sid ) )
return NULL ;
2010-09-23 03:44:17 +04:00
mem_ctx = talloc_new ( NULL ) ;
if ( mem_ctx = = NULL ) {
PyErr_NoMemory ( ) ;
2009-09-03 15:39:40 +04:00
return NULL ;
2010-09-23 03:44:17 +04:00
}
2009-09-03 15:39:40 +04:00
2010-09-23 03:44:17 +04:00
lp_ctx = lpcfg_from_py_object ( mem_ctx , py_lp_ctx ) ;
if ( lp_ctx = = NULL ) {
talloc_free ( mem_ctx ) ;
return NULL ;
}
2009-09-03 15:39:40 +04:00
2010-09-23 03:44:17 +04:00
domain_sid = dom_sid_parse_talloc ( mem_ctx , PyString_AsString ( py_sid ) ) ;
if ( domain_sid = = NULL ) {
PyErr_Format ( PyExc_RuntimeError , " Unable to parse sid %s " ,
PyString_AsString ( py_sid ) ) ;
talloc_free ( mem_ctx ) ;
return NULL ;
}
session = admin_session ( NULL , lp_ctx , domain_sid ) ;
talloc_free ( mem_ctx ) ;
2010-09-23 02:35:36 +04:00
2009-09-03 15:39:40 +04:00
return PyAuthSession_FromSession ( session ) ;
}
2010-12-22 09:17:07 +03:00
static PyObject * py_user_session ( PyObject * module , PyObject * args , PyObject * kwargs )
{
NTSTATUS nt_status ;
struct auth_session_info * session ;
TALLOC_CTX * mem_ctx ;
2011-01-11 08:43:54 +03:00
const char * const kwnames [ ] = { " ldb " , " lp_ctx " , " principal " , " dn " , " session_info_flags " , NULL } ;
2010-12-22 09:17:07 +03:00
struct ldb_context * ldb_ctx ;
PyObject * py_ldb = Py_None ;
PyObject * py_dn = Py_None ;
PyObject * py_lp_ctx = Py_None ;
struct loadparm_context * lp_ctx = NULL ;
struct ldb_dn * user_dn ;
char * principal = NULL ;
2011-01-11 08:43:54 +03:00
int session_info_flags = 0 ; /* This is an int, because that's
* what we need for the python
2010-12-22 09:17:07 +03:00
* PyArg_ParseTupleAndKeywords */
if ( ! PyArg_ParseTupleAndKeywords ( args , kwargs , " O|OzOi " ,
discard_const_p ( char * , kwnames ) ,
& py_ldb , & py_lp_ctx , & principal , & py_dn , & session_info_flags ) ) {
return NULL ;
}
mem_ctx = talloc_new ( NULL ) ;
if ( mem_ctx = = NULL ) {
PyErr_NoMemory ( ) ;
return NULL ;
}
ldb_ctx = PyLdb_AsLdbContext ( py_ldb ) ;
if ( py_dn = = Py_None ) {
user_dn = NULL ;
} else {
if ( ! PyObject_AsDn ( ldb_ctx , py_dn , ldb_ctx , & user_dn ) ) {
talloc_free ( mem_ctx ) ;
return NULL ;
}
}
lp_ctx = lpcfg_from_py_object ( mem_ctx , py_lp_ctx ) ;
if ( lp_ctx = = NULL ) {
talloc_free ( mem_ctx ) ;
return NULL ;
}
nt_status = authsam_get_session_info_principal ( mem_ctx , lp_ctx , ldb_ctx , principal , user_dn ,
session_info_flags , & session ) ;
if ( ! NT_STATUS_IS_OK ( nt_status ) ) {
talloc_free ( mem_ctx ) ;
PyErr_NTSTATUS_IS_ERR_RAISE ( nt_status ) ;
}
talloc_steal ( NULL , session ) ;
talloc_free ( mem_ctx ) ;
return PyAuthSession_FromSession ( session ) ;
}
2008-12-21 05:37:31 +03:00
static PyMethodDef py_auth_methods [ ] = {
{ " system_session " , ( PyCFunction ) py_system_session , METH_VARARGS , NULL } ,
2009-09-03 15:39:40 +04:00
{ " admin_session " , ( PyCFunction ) py_admin_session , METH_VARARGS , NULL } ,
2011-01-11 08:43:54 +03:00
{ " user_session " , ( PyCFunction ) py_user_session , METH_VARARGS | METH_KEYWORDS , NULL } ,
2008-12-21 05:37:31 +03:00
{ NULL } ,
} ;
void initauth ( void )
{
PyObject * m ;
2010-12-01 02:03:00 +03:00
PyAuthSession . tp_base = PyTalloc_GetObjectType ( ) ;
if ( PyAuthSession . tp_base = = NULL )
return ;
2008-12-21 05:37:31 +03:00
if ( PyType_Ready ( & PyAuthSession ) < 0 )
return ;
2010-04-04 04:20:52 +04:00
m = Py_InitModule3 ( " auth " , py_auth_methods ,
" Authentication and authorization support. " ) ;
2008-12-21 05:37:31 +03:00
if ( m = = NULL )
return ;
Py_INCREF ( & PyAuthSession ) ;
PyModule_AddObject ( m , " AuthSession " , ( PyObject * ) & PyAuthSession ) ;
2011-01-11 08:43:54 +03:00
# define ADD_FLAG(val) PyModule_AddObject(m, #val, PyInt_FromLong(val))
ADD_FLAG ( AUTH_SESSION_INFO_DEFAULT_GROUPS ) ;
ADD_FLAG ( AUTH_SESSION_INFO_AUTHENTICATED ) ;
ADD_FLAG ( AUTH_SESSION_INFO_SIMPLE_PRIVILEGES ) ;
2008-12-21 05:37:31 +03:00
}
