2008-12-16 00:16:02 +01:00
/*
Unix SMB / CIFS implementation .
Samba utility functions
2011-08-10 15:15:18 +02:00
Copyright ( C ) Jelmer Vernooij < jelmer @ samba . org > 2008 - 2010
2008-12-16 00:16:02 +01:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 3 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
2009-01-08 12:20:20 +01:00
# include <Python.h>
2016-12-20 10:53:23 +01:00
# include "py3compat.h"
2008-12-16 00:16:02 +01:00
# include "libcli/security/security.h"
2008-12-21 21:10:40 +01:00
static void PyType_AddMethods ( PyTypeObject * type , PyMethodDef * methods )
{
PyObject * dict ;
int i ;
if ( type - > tp_dict = = NULL )
type - > tp_dict = PyDict_New ( ) ;
dict = type - > tp_dict ;
for ( i = 0 ; methods [ i ] . ml_name ; i + + ) {
2009-01-22 14:37:59 +01:00
PyObject * descr ;
if ( methods [ i ] . ml_flags & METH_CLASS )
2009-01-22 14:49:51 +01:00
descr = PyCFunction_New ( & methods [ i ] , ( PyObject * ) type ) ;
2009-01-22 14:37:59 +01:00
else
descr = PyDescr_NewMethod ( type , & methods [ i ] ) ;
2008-12-21 21:10:40 +01:00
PyDict_SetItemString ( dict , methods [ i ] . ml_name ,
descr ) ;
}
}
2009-12-30 21:46:32 +01:00
static PyObject * py_dom_sid_split ( PyObject * py_self , PyObject * args )
{
2011-08-10 15:15:18 +02:00
struct dom_sid * self = pytalloc_get_ptr ( py_self ) ;
2009-12-30 21:46:32 +01:00
struct dom_sid * domain_sid ;
TALLOC_CTX * mem_ctx ;
uint32_t rid ;
NTSTATUS status ;
PyObject * py_domain_sid ;
mem_ctx = talloc_new ( NULL ) ;
if ( mem_ctx = = NULL ) {
PyErr_NoMemory ( ) ;
return NULL ;
}
status = dom_sid_split_rid ( mem_ctx , self , & domain_sid , & rid ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
PyErr_SetString ( PyExc_RuntimeError , " dom_sid_split_rid failed " ) ;
talloc_free ( mem_ctx ) ;
return NULL ;
}
2011-08-10 15:15:18 +02:00
py_domain_sid = pytalloc_steal ( & dom_sid_Type , domain_sid ) ;
2009-12-30 21:46:32 +01:00
talloc_free ( mem_ctx ) ;
return Py_BuildValue ( " (OI) " , py_domain_sid, rid) ;
}
2016-12-20 10:53:23 +01:00
# if PY_MAJOR_VERSION >= 3
static PyObject * py_dom_sid_richcmp ( PyObject * py_self , PyObject * py_other , int op )
{
struct dom_sid * self = pytalloc_get_ptr ( py_self ) , * other ;
int val ;
other = pytalloc_get_ptr ( py_other ) ;
if ( other = = NULL ) {
Py_INCREF ( Py_NotImplemented ) ;
return Py_NotImplemented ;
}
val = dom_sid_compare ( self , other ) ;
switch ( op ) {
case Py_EQ : if ( val = = 0 ) Py_RETURN_TRUE ; else Py_RETURN_FALSE ;
case Py_NE : if ( val ! = 0 ) Py_RETURN_TRUE ; else Py_RETURN_FALSE ;
case Py_LT : if ( val < 0 ) Py_RETURN_TRUE ; else Py_RETURN_FALSE ;
case Py_GT : if ( val > 0 ) Py_RETURN_TRUE ; else Py_RETURN_FALSE ;
case Py_LE : if ( val < = 0 ) Py_RETURN_TRUE ; else Py_RETURN_FALSE ;
case Py_GE : if ( val > = 0 ) Py_RETURN_TRUE ; else Py_RETURN_FALSE ;
}
Py_INCREF ( Py_NotImplemented ) ;
return Py_NotImplemented ;
}
# else
2009-02-02 13:00:47 +01:00
static int py_dom_sid_cmp ( PyObject * py_self , PyObject * py_other )
2008-12-16 00:16:02 +01:00
{
2011-08-10 15:15:18 +02:00
struct dom_sid * self = pytalloc_get_ptr ( py_self ) , * other ;
2011-08-18 15:11:20 +10:00
int val ;
2011-08-10 15:15:18 +02:00
other = pytalloc_get_ptr ( py_other ) ;
2008-12-16 00:16:02 +01:00
if ( other = = NULL )
2008-12-21 23:05:35 +01:00
return - 1 ;
2008-12-16 00:16:02 +01:00
2011-08-18 15:11:20 +10:00
val = dom_sid_compare ( self , other ) ;
if ( val > 0 ) {
return 1 ;
} else if ( val < 0 ) {
return - 1 ;
}
return 0 ;
2008-12-16 00:16:02 +01:00
}
2016-12-20 10:53:23 +01:00
# endif
2008-12-16 00:16:02 +01:00
2009-02-02 13:00:47 +01:00
static PyObject * py_dom_sid_str ( PyObject * py_self )
2008-12-16 00:16:02 +01:00
{
2011-08-10 15:15:18 +02:00
struct dom_sid * self = pytalloc_get_ptr ( py_self ) ;
2009-02-02 13:00:47 +01:00
char * str = dom_sid_string ( NULL , self ) ;
2016-12-20 10:53:23 +01:00
PyObject * ret = PyStr_FromString ( str ) ;
2008-12-16 00:16:02 +01:00
talloc_free ( str ) ;
return ret ;
}
2009-02-02 13:00:47 +01:00
static PyObject * py_dom_sid_repr ( PyObject * py_self )
2008-12-16 00:16:02 +01:00
{
2011-08-10 15:15:18 +02:00
struct dom_sid * self = pytalloc_get_ptr ( py_self ) ;
2009-02-02 13:00:47 +01:00
char * str = dom_sid_string ( NULL , self ) ;
2016-12-20 10:53:23 +01:00
PyObject * ret = PyStr_FromFormat ( " dom_sid('%s') " , str ) ;
2008-12-16 00:16:02 +01:00
talloc_free ( str ) ;
return ret ;
}
2008-12-21 21:10:40 +01:00
static int py_dom_sid_init ( PyObject * self , PyObject * args , PyObject * kwargs )
2008-12-21 18:03:27 +01:00
{
2008-12-21 21:10:40 +01:00
char * str = NULL ;
2011-08-10 15:15:18 +02:00
struct dom_sid * sid = pytalloc_get_ptr ( self ) ;
2008-12-21 21:10:40 +01:00
const char * kwnames [ ] = { " str " , NULL } ;
2008-12-21 18:03:27 +01:00
2008-12-21 21:10:40 +01:00
if ( ! PyArg_ParseTupleAndKeywords ( args , kwargs , " |s " , discard_const_p ( char * , kwnames ) , & str ) )
return - 1 ;
2008-12-21 18:03:27 +01:00
2008-12-21 21:10:40 +01:00
if ( str ! = NULL & & ! dom_sid_parse ( str , sid ) ) {
PyErr_SetString ( PyExc_TypeError , " Unable to parse string " ) ;
return - 1 ;
}
return 0 ;
2008-12-21 18:03:27 +01:00
}
2009-12-30 21:46:32 +01:00
static PyMethodDef py_dom_sid_extra_methods [ ] = {
{ " split " , ( PyCFunction ) py_dom_sid_split , METH_NOARGS ,
" S.split() -> (domain_sid, rid) \n "
" Split a domain sid " } ,
{ NULL }
} ;
2008-12-21 21:10:40 +01:00
static void py_dom_sid_patch ( PyTypeObject * type )
{
type - > tp_init = py_dom_sid_init ;
type - > tp_str = py_dom_sid_str ;
type - > tp_repr = py_dom_sid_repr ;
2016-12-20 10:53:23 +01:00
# if PY_MAJOR_VERSION >= 3
type - > tp_richcompare = py_dom_sid_richcmp ;
# else
2008-12-21 23:05:35 +01:00
type - > tp_compare = py_dom_sid_cmp ;
2016-12-20 10:53:23 +01:00
# endif
2009-12-30 21:46:32 +01:00
PyType_AddMethods ( type , py_dom_sid_extra_methods ) ;
2008-12-21 21:10:40 +01:00
}
# define PY_DOM_SID_PATCH py_dom_sid_patch
2008-12-21 18:03:27 +01:00
static PyObject * py_descriptor_sacl_add ( PyObject * self , PyObject * args )
{
2011-08-10 15:15:18 +02:00
struct security_descriptor * desc = pytalloc_get_ptr ( self ) ;
2008-12-21 18:03:27 +01:00
NTSTATUS status ;
struct security_ace * ace ;
PyObject * py_ace ;
if ( ! PyArg_ParseTuple ( args , " O " , & py_ace ) )
return NULL ;
2011-08-10 15:15:18 +02:00
ace = pytalloc_get_ptr ( py_ace ) ;
2008-12-21 18:03:27 +01:00
status = security_descriptor_sacl_add ( desc , ace ) ;
PyErr_NTSTATUS_IS_ERR_RAISE ( status ) ;
2009-01-06 04:13:57 +01:00
Py_RETURN_NONE ;
2008-12-21 18:03:27 +01:00
}
static PyObject * py_descriptor_dacl_add ( PyObject * self , PyObject * args )
{
2011-08-10 15:15:18 +02:00
struct security_descriptor * desc = pytalloc_get_ptr ( self ) ;
2008-12-21 18:03:27 +01:00
NTSTATUS status ;
struct security_ace * ace ;
PyObject * py_ace ;
if ( ! PyArg_ParseTuple ( args , " O " , & py_ace ) )
return NULL ;
2011-08-10 15:15:18 +02:00
ace = pytalloc_get_ptr ( py_ace ) ;
2008-12-21 18:03:27 +01:00
status = security_descriptor_dacl_add ( desc , ace ) ;
PyErr_NTSTATUS_IS_ERR_RAISE ( status ) ;
2009-01-06 04:13:57 +01:00
Py_RETURN_NONE ;
2008-12-21 18:03:27 +01:00
}
static PyObject * py_descriptor_dacl_del ( PyObject * self , PyObject * args )
{
2011-08-10 15:15:18 +02:00
struct security_descriptor * desc = pytalloc_get_ptr ( self ) ;
2008-12-21 18:03:27 +01:00
NTSTATUS status ;
struct dom_sid * sid ;
PyObject * py_sid ;
if ( ! PyArg_ParseTuple ( args , " O " , & py_sid ) )
return NULL ;
2011-08-10 15:15:18 +02:00
sid = pytalloc_get_ptr ( py_sid ) ;
2008-12-21 18:03:27 +01:00
status = security_descriptor_dacl_del ( desc , sid ) ;
PyErr_NTSTATUS_IS_ERR_RAISE ( status ) ;
2009-01-06 04:13:57 +01:00
Py_RETURN_NONE ;
2008-12-21 18:03:27 +01:00
}
static PyObject * py_descriptor_sacl_del ( PyObject * self , PyObject * args )
{
2011-08-10 15:15:18 +02:00
struct security_descriptor * desc = pytalloc_get_ptr ( self ) ;
2008-12-21 18:03:27 +01:00
NTSTATUS status ;
struct dom_sid * sid ;
PyObject * py_sid ;
if ( ! PyArg_ParseTuple ( args , " O " , & py_sid ) )
return NULL ;
2011-08-10 15:15:18 +02:00
sid = pytalloc_get_ptr ( py_sid ) ;
2008-12-21 18:03:27 +01:00
status = security_descriptor_sacl_del ( desc , sid ) ;
PyErr_NTSTATUS_IS_ERR_RAISE ( status ) ;
2009-01-06 04:13:57 +01:00
Py_RETURN_NONE ;
2008-12-21 18:03:27 +01:00
}
static PyObject * py_descriptor_new ( PyTypeObject * self , PyObject * args , PyObject * kwargs )
{
2011-08-10 15:15:18 +02:00
return pytalloc_steal ( self , security_descriptor_initialise ( NULL ) ) ;
2009-01-22 14:37:59 +01:00
}
static PyObject * py_descriptor_from_sddl ( PyObject * self , PyObject * args )
{
struct security_descriptor * secdesc ;
char * sddl ;
PyObject * py_sid ;
struct dom_sid * sid ;
2009-09-17 19:56:02 +04:00
if ( ! PyArg_ParseTuple ( args , " sO! " , & sddl , & dom_sid_Type , & py_sid ) )
2009-01-22 14:37:59 +01:00
return NULL ;
2017-08-09 13:57:13 +12:00
if ( ! PyObject_TypeCheck ( py_sid , & dom_sid_Type ) ) {
PyErr_SetString ( PyExc_TypeError ,
" expected security.dom_sid "
" for second argument to .from_sddl " ) ;
return NULL ;
}
2011-08-10 15:15:18 +02:00
sid = pytalloc_get_ptr ( py_sid ) ;
2009-01-22 14:37:59 +01:00
secdesc = sddl_decode ( NULL , sddl , sid ) ;
if ( secdesc = = NULL ) {
PyErr_SetString ( PyExc_TypeError , " Unable to parse SDDL " ) ;
return NULL ;
}
2011-08-10 15:15:18 +02:00
return pytalloc_steal ( ( PyTypeObject * ) self , secdesc ) ;
2009-01-22 14:37:59 +01:00
}
2008-12-21 18:03:27 +01:00
2009-04-20 15:03:21 +02:00
static PyObject * py_descriptor_as_sddl ( PyObject * self , PyObject * args )
2009-01-22 14:49:51 +01:00
{
2009-04-20 15:03:21 +02:00
struct dom_sid * sid ;
PyObject * py_sid = Py_None ;
2011-08-10 15:15:18 +02:00
struct security_descriptor * desc = pytalloc_get_ptr ( self ) ;
2009-01-22 14:49:51 +01:00
char * text ;
PyObject * ret ;
2009-09-17 19:56:02 +04:00
if ( ! PyArg_ParseTuple ( args , " |O! " , & dom_sid_Type , & py_sid ) )
2009-04-20 15:03:21 +02:00
return NULL ;
2009-04-23 17:18:23 +03:00
if ( py_sid ! = Py_None )
2011-08-10 15:15:18 +02:00
sid = pytalloc_get_ptr ( py_sid ) ;
2009-04-20 15:03:21 +02:00
else
sid = NULL ;
2009-01-22 14:49:51 +01:00
text = sddl_encode ( NULL , desc , sid ) ;
2016-12-20 10:53:23 +01:00
ret = PyStr_FromString ( text ) ;
2009-01-22 14:49:51 +01:00
talloc_free ( text ) ;
return ret ;
}
2008-12-21 21:10:40 +01:00
static PyMethodDef py_descriptor_extra_methods [ ] = {
{ " sacl_add " , ( PyCFunction ) py_descriptor_sacl_add , METH_VARARGS ,
" S.sacl_add(ace) -> None \n "
" Add a security ace to this security descriptor " } ,
{ " dacl_add " , ( PyCFunction ) py_descriptor_dacl_add , METH_VARARGS ,
2008-12-21 18:03:27 +01:00
NULL } ,
2008-12-21 21:10:40 +01:00
{ " dacl_del " , ( PyCFunction ) py_descriptor_dacl_del , METH_VARARGS ,
NULL } ,
{ " sacl_del " , ( PyCFunction ) py_descriptor_sacl_del , METH_VARARGS ,
NULL } ,
2009-01-22 14:37:59 +01:00
{ " from_sddl " , ( PyCFunction ) py_descriptor_from_sddl , METH_VARARGS | METH_CLASS ,
NULL } ,
2009-04-20 15:03:21 +02:00
{ " as_sddl " , ( PyCFunction ) py_descriptor_as_sddl , METH_VARARGS ,
2009-01-22 14:49:51 +01:00
NULL } ,
2008-12-21 21:10:40 +01:00
{ NULL }
} ;
static void py_descriptor_patch ( PyTypeObject * type )
{
type - > tp_new = py_descriptor_new ;
PyType_AddMethods ( type , py_descriptor_extra_methods ) ;
}
# define PY_DESCRIPTOR_PATCH py_descriptor_patch
2008-12-21 18:03:27 +01:00
static PyObject * py_token_is_sid ( PyObject * self , PyObject * args )
{
PyObject * py_sid ;
struct dom_sid * sid ;
2011-08-10 15:15:18 +02:00
struct security_token * token = pytalloc_get_ptr ( self ) ;
2008-12-21 18:03:27 +01:00
if ( ! PyArg_ParseTuple ( args , " O " , & py_sid ) )
return NULL ;
2011-08-10 15:15:18 +02:00
sid = pytalloc_get_ptr ( py_sid ) ;
2008-12-21 18:03:27 +01:00
return PyBool_FromLong ( security_token_is_sid ( token , sid ) ) ;
}
static PyObject * py_token_has_sid ( PyObject * self , PyObject * args )
{
PyObject * py_sid ;
struct dom_sid * sid ;
2011-08-10 15:15:18 +02:00
struct security_token * token = pytalloc_get_ptr ( self ) ;
2008-12-21 18:03:27 +01:00
if ( ! PyArg_ParseTuple ( args , " O " , & py_sid ) )
return NULL ;
2011-08-10 15:15:18 +02:00
sid = pytalloc_get_ptr ( py_sid ) ;
2008-12-21 18:03:27 +01:00
return PyBool_FromLong ( security_token_has_sid ( token , sid ) ) ;
}
static PyObject * py_token_is_anonymous ( PyObject * self )
{
2011-08-10 15:15:18 +02:00
struct security_token * token = pytalloc_get_ptr ( self ) ;
2008-12-21 18:03:27 +01:00
return PyBool_FromLong ( security_token_is_anonymous ( token ) ) ;
}
static PyObject * py_token_is_system ( PyObject * self )
{
2011-08-10 15:15:18 +02:00
struct security_token * token = pytalloc_get_ptr ( self ) ;
2008-12-21 18:03:27 +01:00
return PyBool_FromLong ( security_token_is_system ( token ) ) ;
}
static PyObject * py_token_has_builtin_administrators ( PyObject * self )
{
2011-08-10 15:15:18 +02:00
struct security_token * token = pytalloc_get_ptr ( self ) ;
2008-12-21 18:03:27 +01:00
return PyBool_FromLong ( security_token_has_builtin_administrators ( token ) ) ;
}
static PyObject * py_token_has_nt_authenticated_users ( PyObject * self )
{
2011-08-10 15:15:18 +02:00
struct security_token * token = pytalloc_get_ptr ( self ) ;
2008-12-21 18:03:27 +01:00
return PyBool_FromLong ( security_token_has_nt_authenticated_users ( token ) ) ;
}
static PyObject * py_token_has_privilege ( PyObject * self , PyObject * args )
{
int priv ;
2011-08-10 15:15:18 +02:00
struct security_token * token = pytalloc_get_ptr ( self ) ;
2008-12-21 18:03:27 +01:00
if ( ! PyArg_ParseTuple ( args , " i " , & priv ) )
return NULL ;
return PyBool_FromLong ( security_token_has_privilege ( token , priv ) ) ;
}
static PyObject * py_token_set_privilege ( PyObject * self , PyObject * args )
{
int priv ;
2011-08-10 15:15:18 +02:00
struct security_token * token = pytalloc_get_ptr ( self ) ;
2008-12-21 18:03:27 +01:00
if ( ! PyArg_ParseTuple ( args , " i " , & priv ) )
return NULL ;
security_token_set_privilege ( token , priv ) ;
2009-01-06 04:13:57 +01:00
Py_RETURN_NONE ;
2008-12-21 18:03:27 +01:00
}
static PyObject * py_token_new ( PyTypeObject * self , PyObject * args , PyObject * kwargs )
{
2011-08-10 15:15:18 +02:00
return pytalloc_steal ( self , security_token_initialise ( NULL ) ) ;
2008-12-21 18:03:27 +01:00
}
2008-12-21 21:10:40 +01:00
static PyMethodDef py_token_extra_methods [ ] = {
{ " is_sid " , ( PyCFunction ) py_token_is_sid , METH_VARARGS ,
" S.is_sid(sid) -> bool \n "
" Check whether this token is of the specified SID. " } ,
{ " has_sid " , ( PyCFunction ) py_token_has_sid , METH_VARARGS ,
NULL } ,
{ " is_anonymous " , ( PyCFunction ) py_token_is_anonymous , METH_NOARGS ,
" S.is_anonymus() -> bool \n "
" Check whether this is an anonymous token. " } ,
{ " is_system " , ( PyCFunction ) py_token_is_system , METH_NOARGS ,
NULL } ,
{ " has_builtin_administrators " , ( PyCFunction ) py_token_has_builtin_administrators , METH_NOARGS ,
NULL } ,
{ " has_nt_authenticated_users " , ( PyCFunction ) py_token_has_nt_authenticated_users , METH_NOARGS ,
NULL } ,
{ " has_privilege " , ( PyCFunction ) py_token_has_privilege , METH_VARARGS ,
NULL } ,
{ " set_privilege " , ( PyCFunction ) py_token_set_privilege , METH_VARARGS ,
2008-12-21 18:03:27 +01:00
NULL } ,
2008-12-21 21:10:40 +01:00
{ NULL }
} ;
# define PY_TOKEN_PATCH py_token_patch
static void py_token_patch ( PyTypeObject * type )
{
type - > tp_new = py_token_new ;
PyType_AddMethods ( type , py_token_extra_methods ) ;
}
2008-12-21 18:25:59 +01:00
static PyObject * py_privilege_name ( PyObject * self , PyObject * args )
{
int priv ;
if ( ! PyArg_ParseTuple ( args , " i " , & priv ) )
return NULL ;
2016-12-20 10:53:23 +01:00
return PyStr_FromString ( sec_privilege_name ( priv ) ) ;
2008-12-21 18:25:59 +01:00
}
static PyObject * py_privilege_id ( PyObject * self , PyObject * args )
{
char * name ;
if ( ! PyArg_ParseTuple ( args , " s " , & name ) )
return NULL ;
return PyInt_FromLong ( sec_privilege_id ( name ) ) ;
}
static PyObject * py_random_sid ( PyObject * self )
{
struct dom_sid * sid ;
PyObject * ret ;
char * str = talloc_asprintf ( NULL , " S-1-5-21-%u-%u-%u " ,
( unsigned ) generate_random ( ) ,
( unsigned ) generate_random ( ) ,
( unsigned ) generate_random ( ) ) ;
sid = dom_sid_parse_talloc ( NULL , str ) ;
talloc_free ( str ) ;
2011-08-10 15:15:18 +02:00
ret = pytalloc_steal ( & dom_sid_Type , sid ) ;
2008-12-21 18:25:59 +01:00
return ret ;
}
2008-12-21 18:46:59 +01:00
2008-12-21 21:10:40 +01:00
static PyMethodDef py_mod_security_extra_methods [ ] = {
{ " random_sid " , ( PyCFunction ) py_random_sid , METH_NOARGS , NULL } ,
{ " privilege_id " , ( PyCFunction ) py_privilege_id , METH_VARARGS , NULL } ,
2008-12-21 18:46:59 +01:00
{ " privilege_name " , ( PyCFunction ) py_privilege_name , METH_VARARGS , NULL } ,
2008-12-21 21:10:40 +01:00
{ NULL }
} ;
static void py_mod_security_patch ( PyObject * m )
{
int i ;
for ( i = 0 ; py_mod_security_extra_methods [ i ] . ml_name ; i + + ) {
PyObject * descr = PyCFunction_New ( & py_mod_security_extra_methods [ i ] , NULL ) ;
PyModule_AddObject ( m , py_mod_security_extra_methods [ i ] . ml_name ,
descr ) ;
}
}
# define PY_MOD_SECURITY_PATCH py_mod_security_patch