2014-01-31 04:27:05 +04:00
/*
Unix SMB / CIFS implementation .
Copyright ( C ) Luke Morrison < luc785 @ hotmail . com > 2013
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 3 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
2023-11-09 13:35:56 +03:00
# include "lib/replace/system/python.h"
2014-01-31 04:27:05 +04:00
# include "includes.h"
# include "version.h"
# include "param/pyparam.h"
# include "gpo.h"
# include "ads.h"
2017-05-10 22:30:17 +03:00
# include "secrets.h"
# include "../libds/common/flags.h"
2017-10-24 06:40:02 +03:00
# include "librpc/rpc/pyrpc_util.h"
2017-05-10 22:30:17 +03:00
# include "auth/credentials/pycredentials.h"
2017-10-24 05:58:45 +03:00
# include "libcli/util/pyerrors.h"
2018-01-30 22:31:42 +03:00
# include "python/py3compat.h"
2019-05-02 21:47:29 +03:00
# include "python/modules.h"
2022-05-24 13:44:36 +03:00
# include <pytalloc.h>
2023-03-14 20:21:02 +03:00
# include "../libcli/security/security.h"
2014-01-31 04:27:05 +04:00
/* A Python C API module to use LIBGPO */
2017-05-10 22:30:17 +03:00
# define GPO_getter(ATTR) \
2017-10-24 06:48:13 +03:00
static PyObject * GPO_get_ # # ATTR ( PyObject * self , void * closure ) \
2017-05-10 22:30:17 +03:00
{ \
2017-10-24 06:48:13 +03:00
struct GROUP_POLICY_OBJECT * gpo_ptr \
= pytalloc_get_ptr ( self ) ; \
\
if ( gpo_ptr - > ATTR ) \
2019-06-07 11:45:52 +03:00
return PyUnicode_FromString ( gpo_ptr - > ATTR ) ; \
2017-05-10 22:30:17 +03:00
else \
2021-05-03 05:42:10 +03:00
Py_RETURN_NONE ; \
2017-05-10 22:30:17 +03:00
}
GPO_getter ( ds_path )
GPO_getter ( file_sys_path )
GPO_getter ( display_name )
GPO_getter ( name )
GPO_getter ( link )
GPO_getter ( user_extensions )
GPO_getter ( machine_extensions )
2023-03-14 20:21:02 +03:00
# define GPO_setter(ATTR) \
static int GPO_set_ # # ATTR ( PyObject * self , PyObject * val , void * closure ) \
{ \
struct GROUP_POLICY_OBJECT * gpo_ptr \
= pytalloc_get_ptr ( self ) ; \
\
if ( ! PyUnicode_Check ( val ) ) { \
PyErr_Format ( PyExc_TypeError , \
" Cannot convert input to string " ) ; \
return - 1 ; \
} \
if ( val ! = Py_None ) { \
gpo_ptr - > ATTR = talloc_strdup ( gpo_ptr , \
_PyUnicode_AsString ( val ) ) ; \
} else { \
gpo_ptr - > ATTR = NULL ; \
} \
return 0 ; \
}
GPO_setter ( ds_path )
GPO_setter ( file_sys_path )
GPO_setter ( display_name )
GPO_setter ( name )
GPO_setter ( link )
GPO_setter ( user_extensions )
GPO_setter ( machine_extensions )
# define GPO_int_getter(ATTR) \
static PyObject * GPO_get_ # # ATTR ( PyObject * self , void * closure ) \
{ \
struct GROUP_POLICY_OBJECT * gpo_ptr \
= pytalloc_get_ptr ( self ) ; \
\
return PyLong_FromLong ( gpo_ptr - > ATTR ) ; \
}
GPO_int_getter ( options )
GPO_int_getter ( version )
GPO_int_getter ( link_type )
# define GPO_int_setter(ATTR) \
static int GPO_set_ # # ATTR ( PyObject * self , PyObject * val , void * closure ) \
{ \
struct GROUP_POLICY_OBJECT * gpo_ptr \
= pytalloc_get_ptr ( self ) ; \
\
if ( ! PyLong_Check ( val ) ) { \
PyErr_Format ( PyExc_TypeError , \
" Cannot convert input to int " ) ; \
return - 1 ; \
} else { \
gpo_ptr - > ATTR = PyLong_AsLong ( val ) ; \
} \
return 0 ; \
}
GPO_int_setter ( options )
GPO_int_setter ( version )
GPO_int_setter ( link_type )
static PyObject * GPO_marshall_get_sec_desc_buf ( PyObject * self , PyObject * args ,
PyObject * kwds )
{
struct GROUP_POLICY_OBJECT * gpo_ptr = pytalloc_get_ptr ( self ) ;
NTSTATUS status ;
uint8_t * data = NULL ;
size_t len = 0 ;
libgpo: Do not segfault if we don't have a valid security descriptor
Program received signal SIGSEGV, Segmentation fault.
ndr_push_security_descriptor (ndr=ndr@entry=0x555555bf41b0, ndr_flags=ndr_flags@entry=768, r=r@entry=0x0) at librpc/gen_ndr/ndr_security.c:713
713 NDR_CHECK(ndr_push_security_descriptor_revision(ndr, NDR_SCALARS, r->revision));
Thread 1 (Thread 0x7ffff7ece740 (LWP 21460) "python3"):
#0 ndr_push_security_descriptor (ndr=ndr@entry=0x555555bf41b0, ndr_flags=ndr_flags@entry=768, r=r@entry=0x0) at librpc/gen_ndr/ndr_security.c:713
_flags_save_STRUCT = 0
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
__FUNCTION__ = "ndr_push_security_descriptor"
#1 0x00007ffff617237f in ndr_push_struct_blob (blob=blob@entry=0x7fffffffdb20, mem_ctx=0x555555aa3bd0, p=0x0, fn=0x7ffff6074ad0 <ndr_push_security_descriptor>, fn@entry=0x7ffff60706c8 <ndr_push_security_descriptor@plt>) at ../../librpc/ndr/ndr.c:1438
_status = <optimized out>
ndr = 0x555555bf41b0
#2 0x00007ffff607cccf in marshall_sec_desc (mem_ctx=<optimized out>, secdesc=<optimized out>, data=data@entry=0x7fffffffdb80, len=len@entry=0x7fffffffdb78) at ../../libcli/security/secdesc.c:241
blob = {data = 0x7fffffffdb40 "`\333\377\377\377\177", length = 140737352374299}
ndr_err = <optimized out>
__FUNCTION__ = "marshall_sec_desc"
#3 0x00007ffff29edd94 in GPO_marshall_get_sec_desc_buf (self=<optimized out>, args=<optimized out>, kwds=<optimized out>) at ../../libgpo/pygpo.c:119
gpo_ptr = <optimized out>
status = <optimized out>
data = 0x0
len = 0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15599
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Mar 6 15:44:19 UTC 2024 on atb-devel-224
2024-03-05 15:17:19 +03:00
if ( gpo_ptr - > security_descriptor = = NULL ) {
PyErr_SetString ( PyExc_RuntimeError , " Uninitialized " ) ;
return NULL ;
}
2023-03-14 20:21:02 +03:00
status = marshall_sec_desc ( gpo_ptr , gpo_ptr - > security_descriptor ,
& data , & len ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
PyErr_Format ( PyExc_BufferError ,
" marshall_sec_desc_buf failed: %s " ,
nt_errstr ( status ) ) ;
return NULL ;
}
return PyBytes_FromStringAndSize ( ( char * ) data , len ) ;
}
static PyObject * GPO_unmarshall_set_sec_desc ( PyObject * self , PyObject * args ,
PyObject * kwds )
{
struct GROUP_POLICY_OBJECT * gpo_ptr = pytalloc_get_ptr ( self ) ;
char * bytes = NULL ;
size_t length = 0 ;
NTSTATUS status ;
if ( ! PyArg_ParseTuple ( args , " s# " , & bytes , & length ) ) {
PyErr_Format ( PyExc_TypeError ,
" Cannot convert input to bytes " ) ;
return NULL ;
}
gpo_ptr - > security_descriptor = talloc_zero ( gpo_ptr ,
struct security_descriptor ) ;
status = unmarshall_sec_desc ( gpo_ptr , ( uint8_t * ) bytes , length ,
& gpo_ptr - > security_descriptor ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
PyErr_Format ( PyExc_BufferError ,
" unmarshall_sec_desc failed: %s " ,
nt_errstr ( status ) ) ;
return NULL ;
}
return Py_None ;
}
2017-05-10 22:30:17 +03:00
static PyGetSetDef GPO_setters [ ] = {
2023-03-14 20:21:02 +03:00
{ discard_const_p ( char , " options " ) , ( getter ) GPO_get_options ,
( setter ) GPO_set_options , NULL , NULL } ,
{ discard_const_p ( char , " version " ) , ( getter ) GPO_get_version ,
( setter ) GPO_set_version , NULL , NULL } ,
{ discard_const_p ( char , " ds_path " ) , ( getter ) GPO_get_ds_path ,
( setter ) GPO_set_ds_path , NULL , NULL } ,
2017-11-20 00:28:33 +03:00
{ discard_const_p ( char , " file_sys_path " ) , ( getter ) GPO_get_file_sys_path ,
2023-03-14 20:21:02 +03:00
( setter ) GPO_set_file_sys_path , NULL , NULL } ,
2017-11-22 01:00:56 +03:00
{ discard_const_p ( char , " display_name " ) , ( getter ) GPO_get_display_name ,
2023-03-14 20:21:02 +03:00
( setter ) GPO_set_display_name , NULL , NULL } ,
{ discard_const_p ( char , " name " ) , ( getter ) GPO_get_name ,
( setter ) GPO_set_name , NULL , NULL } ,
{ discard_const_p ( char , " link " ) , ( getter ) GPO_get_link ,
( setter ) GPO_set_link , NULL , NULL } ,
{ discard_const_p ( char , " link_type " ) , ( getter ) GPO_get_link_type ,
( setter ) GPO_set_link_type , NULL , NULL } ,
2017-11-22 01:00:56 +03:00
{ discard_const_p ( char , " user_extensions " ) ,
( getter ) GPO_get_user_extensions ,
2023-03-14 20:21:02 +03:00
( setter ) GPO_set_user_extensions , NULL , NULL } ,
2017-11-20 00:28:33 +03:00
{ discard_const_p ( char , " machine_extensions " ) ,
2023-03-14 20:21:02 +03:00
( getter ) GPO_get_machine_extensions ,
( setter ) GPO_set_machine_extensions , NULL , NULL } ,
2020-05-05 04:47:39 +03:00
{ 0 }
2017-05-10 22:30:17 +03:00
} ;
2017-10-24 06:48:13 +03:00
static PyObject * py_gpo_get_unix_path ( PyObject * self , PyObject * args ,
PyObject * kwds )
2017-05-10 22:30:17 +03:00
{
NTSTATUS status ;
const char * cache_dir = NULL ;
2019-02-27 19:03:16 +03:00
PyObject * ret = NULL ;
2017-05-10 22:30:17 +03:00
char * unix_path = NULL ;
2017-10-24 07:24:38 +03:00
TALLOC_CTX * frame = NULL ;
2017-05-10 22:30:17 +03:00
static const char * kwlist [ ] = { " cache_dir " , NULL } ;
2017-10-24 06:48:13 +03:00
struct GROUP_POLICY_OBJECT * gpo_ptr \
= ( struct GROUP_POLICY_OBJECT * ) pytalloc_get_ptr ( self ) ;
2018-08-17 11:11:03 +03:00
frame = talloc_stackframe ( ) ;
2017-11-20 00:28:33 +03:00
if ( ! PyArg_ParseTupleAndKeywords ( args , kwds , " |s " ,
discard_const_p ( char * , kwlist ) ,
& cache_dir ) ) {
2017-05-10 22:30:17 +03:00
goto out ;
}
if ( ! cache_dir ) {
2018-08-16 11:51:44 +03:00
cache_dir = cache_path ( talloc_tos ( ) , GPO_CACHE_DIR ) ;
2017-05-10 22:30:17 +03:00
if ( ! cache_dir ) {
2017-11-20 00:28:33 +03:00
PyErr_SetString ( PyExc_MemoryError ,
" Failed to determine gpo cache dir " ) ;
2017-05-10 22:30:17 +03:00
goto out ;
}
}
2017-10-24 06:48:13 +03:00
status = gpo_get_unix_path ( frame , cache_dir , gpo_ptr , & unix_path ) ;
2017-10-24 07:24:38 +03:00
2017-05-10 22:30:17 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2019-02-27 19:03:16 +03:00
PyErr_Format ( PyExc_RuntimeError ,
" Failed to determine gpo unix path: %s " ,
get_friendly_nt_error_msg ( status ) ) ;
2017-05-10 22:30:17 +03:00
goto out ;
}
2019-06-07 11:45:52 +03:00
ret = PyUnicode_FromString ( unix_path ) ;
2017-05-10 22:30:17 +03:00
out :
2018-08-17 11:11:03 +03:00
TALLOC_FREE ( frame ) ;
2017-05-10 22:30:17 +03:00
return ret ;
}
static PyMethodDef GPO_methods [ ] = {
2019-05-02 21:47:29 +03:00
{ " get_unix_path " , PY_DISCARD_FUNC_SIG ( PyCFunction ,
py_gpo_get_unix_path ) ,
2019-12-03 01:17:26 +03:00
METH_VARARGS | METH_KEYWORDS ,
2017-11-22 01:00:56 +03:00
NULL } ,
2023-03-14 20:21:02 +03:00
{ " set_sec_desc " , PY_DISCARD_FUNC_SIG ( PyCFunction ,
GPO_unmarshall_set_sec_desc ) ,
METH_VARARGS , NULL } ,
{ " get_sec_desc_buf " , PY_DISCARD_FUNC_SIG ( PyCFunction ,
GPO_marshall_get_sec_desc_buf ) ,
METH_NOARGS , NULL } ,
2020-05-05 04:47:39 +03:00
{ 0 }
2017-05-10 22:30:17 +03:00
} ;
2023-03-14 20:21:02 +03:00
static int py_gpo_init ( PyObject * self , PyObject * args , PyObject * kwds )
{
struct GROUP_POLICY_OBJECT * gpo_ptr = pytalloc_get_ptr ( self ) ;
const char * name = NULL ;
const char * display_name = NULL ;
enum GPO_LINK_TYPE link_type = GP_LINK_UNKOWN ;
const char * file_sys_path = NULL ;
static const char * kwlist [ ] = {
" name " , " display_name " , " link_type " , " file_sys_path " , NULL
} ;
if ( ! PyArg_ParseTupleAndKeywords ( args , kwds , " |ssIs " ,
discard_const_p ( char * , kwlist ) ,
& name , & display_name , & link_type ,
& file_sys_path ) ) {
return - 1 ;
}
if ( name ) {
gpo_ptr - > name = talloc_strdup ( gpo_ptr , name ) ;
}
if ( display_name ) {
gpo_ptr - > display_name = talloc_strdup ( gpo_ptr , display_name ) ;
}
gpo_ptr - > link_type = link_type ;
if ( file_sys_path ) {
gpo_ptr - > file_sys_path = talloc_strdup ( gpo_ptr , file_sys_path ) ;
}
return 0 ;
}
static PyObject * py_gpo_new ( PyTypeObject * type , PyObject * args , PyObject * kwargs )
{
return pytalloc_new ( struct GROUP_POLICY_OBJECT , type ) ;
}
2017-05-10 22:30:17 +03:00
static PyTypeObject GPOType = {
2017-10-24 06:48:13 +03:00
PyVarObject_HEAD_INIT ( NULL , 0 )
2017-05-10 22:30:17 +03:00
. tp_name = " gpo.GROUP_POLICY_OBJECT " ,
. tp_doc = " GROUP_POLICY_OBJECT " ,
. tp_getset = GPO_setters ,
. tp_methods = GPO_methods ,
2017-10-24 06:48:13 +03:00
. tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE ,
2023-03-14 20:21:02 +03:00
. tp_new = py_gpo_new ,
. tp_init = ( initproc ) py_gpo_init ,
2017-05-10 22:30:17 +03:00
} ;
typedef struct {
PyObject_HEAD
ADS_STRUCT * ads_ptr ;
2019-02-27 19:36:32 +03:00
PyObject * py_creds ;
2017-05-10 22:30:17 +03:00
struct cli_credentials * cli_creds ;
} ADS ;
static void py_ads_dealloc ( ADS * self )
{
2022-05-26 18:28:34 +03:00
TALLOC_FREE ( self - > ads_ptr ) ;
2019-02-27 19:36:32 +03:00
Py_CLEAR ( self - > py_creds ) ;
2017-05-10 22:30:17 +03:00
Py_TYPE ( self ) - > tp_free ( ( PyObject * ) self ) ;
}
2019-05-02 21:47:29 +03:00
static PyObject * py_ads_connect ( ADS * self , PyObject * Py_UNUSED ( ignored ) ) ;
2017-05-10 22:30:17 +03:00
static int py_ads_init ( ADS * self , PyObject * args , PyObject * kwds )
{
const char * realm = NULL ;
const char * workgroup = NULL ;
const char * ldap_server = NULL ;
PyObject * lp_obj = NULL ;
2019-02-28 14:34:47 +03:00
PyObject * py_creds = NULL ;
2017-05-10 22:30:17 +03:00
struct loadparm_context * lp_ctx = NULL ;
2019-02-27 19:32:14 +03:00
bool ok = false ;
2017-05-10 22:30:17 +03:00
2017-11-22 01:00:56 +03:00
static const char * kwlist [ ] = {
" ldap_server " , " loadparm_context " , " credentials " , NULL
} ;
2017-11-20 00:28:33 +03:00
if ( ! PyArg_ParseTupleAndKeywords ( args , kwds , " sO|O " ,
discard_const_p ( char * , kwlist ) ,
2019-02-28 14:34:47 +03:00
& ldap_server , & lp_obj , & py_creds ) ) {
2017-05-10 22:30:17 +03:00
return - 1 ;
2017-11-22 01:00:35 +03:00
}
2019-02-28 14:34:47 +03:00
/* keep reference to the credentials. Clear any earlier ones */
Py_CLEAR ( self - > py_creds ) ;
self - > cli_creds = NULL ;
self - > py_creds = py_creds ;
2019-02-27 19:36:32 +03:00
Py_XINCREF ( self - > py_creds ) ;
2017-05-10 22:30:17 +03:00
2019-02-27 19:36:32 +03:00
if ( self - > py_creds ) {
ok = py_check_dcerpc_type ( self - > py_creds , " samba.credentials " ,
2019-02-27 19:32:14 +03:00
" Credentials " ) ;
if ( ! ok ) {
2017-10-24 06:40:02 +03:00
return - 1 ;
}
self - > cli_creds
2019-02-27 19:36:32 +03:00
= PyCredentials_AsCliCredentials ( self - > py_creds ) ;
2017-10-24 06:40:02 +03:00
}
2017-05-10 22:30:17 +03:00
2019-02-27 19:32:14 +03:00
ok = py_check_dcerpc_type ( lp_obj , " samba.param " , " LoadParm " ) ;
if ( ! ok ) {
return - 1 ;
}
lp_ctx = pytalloc_get_type ( lp_obj , struct loadparm_context ) ;
if ( lp_ctx = = NULL ) {
return - 1 ;
}
ok = lp_load_initial_only ( lp_ctx - > szConfigFile ) ;
if ( ! ok ) {
PyErr_Format ( PyExc_RuntimeError , " Could not load config file '%s' " ,
lp_ctx - > szConfigFile ) ;
return - 1 ;
2017-05-10 22:30:17 +03:00
}
if ( self - > cli_creds ) {
realm = cli_credentials_get_realm ( self - > cli_creds ) ;
workgroup = cli_credentials_get_domain ( self - > cli_creds ) ;
} else {
realm = lp_realm ( ) ;
workgroup = lp_workgroup ( ) ;
}
2019-02-28 14:34:47 +03:00
/* in case __init__ is called more than once */
if ( self - > ads_ptr ) {
2022-05-26 18:28:34 +03:00
TALLOC_FREE ( self - > ads_ptr ) ;
2019-02-28 14:34:47 +03:00
}
2019-02-27 19:32:14 +03:00
/* always succeeds or crashes */
2022-05-26 18:28:34 +03:00
self - > ads_ptr = ads_init ( pytalloc_get_mem_ctx ( args ) ,
realm ,
workgroup ,
ldap_server ,
ADS_SASL_PLAIN ) ;
2024-03-04 18:42:38 +03:00
2017-05-10 22:30:17 +03:00
return 0 ;
}
2019-02-27 17:12:43 +03:00
/* connect. Failure to connect results in an Exception */
2019-05-02 21:47:29 +03:00
static PyObject * py_ads_connect ( ADS * self ,
PyObject * Py_UNUSED ( ignored ) )
2017-05-10 22:30:17 +03:00
{
ADS_STATUS status ;
2017-11-07 20:41:05 +03:00
TALLOC_CTX * frame = talloc_stackframe ( ) ;
2019-02-28 14:34:47 +03:00
if ( ! self - > ads_ptr ) {
PyErr_SetString ( PyExc_RuntimeError , " Uninitialized " ) ;
return NULL ;
}
2016-08-17 12:58:02 +03:00
ADS_TALLOC_CONST_FREE ( self - > ads_ptr - > auth . user_name ) ;
ADS_TALLOC_CONST_FREE ( self - > ads_ptr - > auth . password ) ;
ADS_TALLOC_CONST_FREE ( self - > ads_ptr - > auth . realm ) ;
2017-05-10 22:30:17 +03:00
if ( self - > cli_creds ) {
2022-06-13 17:53:32 +03:00
self - > ads_ptr - > auth . user_name = talloc_strdup ( self - > ads_ptr ,
cli_credentials_get_username ( self - > cli_creds ) ) ;
if ( self - > ads_ptr - > auth . user_name = = NULL ) {
PyErr_NoMemory ( ) ;
goto err ;
}
2022-06-13 14:56:10 +03:00
self - > ads_ptr - > auth . password = talloc_strdup ( self - > ads_ptr ,
cli_credentials_get_password ( self - > cli_creds ) ) ;
if ( self - > ads_ptr - > auth . password = = NULL ) {
PyErr_NoMemory ( ) ;
goto err ;
}
2022-06-13 13:38:24 +03:00
self - > ads_ptr - > auth . realm = talloc_strdup ( self - > ads_ptr ,
cli_credentials_get_realm ( self - > cli_creds ) ) ;
if ( self - > ads_ptr - > auth . realm = = NULL ) {
PyErr_NoMemory ( ) ;
goto err ;
}
2019-02-28 14:34:47 +03:00
self - > ads_ptr - > auth . flags | = ADS_AUTH_USER_CREDS ;
2017-05-10 22:30:17 +03:00
status = ads_connect_user_creds ( self - > ads_ptr ) ;
} else {
2017-11-22 01:00:35 +03:00
char * passwd = NULL ;
2022-06-13 17:53:32 +03:00
2017-05-10 22:30:17 +03:00
if ( ! secrets_init ( ) ) {
2019-02-27 16:36:03 +03:00
PyErr_SetString ( PyExc_RuntimeError ,
2017-11-22 01:00:35 +03:00
" secrets_init() failed " ) ;
2019-02-27 17:12:43 +03:00
goto err ;
2017-05-10 22:30:17 +03:00
}
2017-11-22 01:00:35 +03:00
2022-06-13 17:53:32 +03:00
self - > ads_ptr - > auth . user_name = talloc_asprintf ( self - > ads_ptr ,
" %s$ " ,
lp_netbios_name ( ) ) ;
if ( self - > ads_ptr - > auth . user_name = = NULL ) {
2022-06-13 14:56:10 +03:00
PyErr_NoMemory ( ) ;
goto err ;
}
passwd = secrets_fetch_machine_password (
self - > ads_ptr - > server . workgroup , NULL , NULL ) ;
2017-11-22 01:00:35 +03:00
if ( passwd = = NULL ) {
2019-02-27 16:36:03 +03:00
PyErr_SetString ( PyExc_RuntimeError ,
2017-11-22 01:00:56 +03:00
" Failed to fetch the machine account "
" password " ) ;
2019-02-27 17:12:43 +03:00
goto err ;
2017-05-10 22:30:17 +03:00
}
2022-06-13 14:56:10 +03:00
self - > ads_ptr - > auth . password = talloc_strdup ( self - > ads_ptr ,
passwd ) ;
SAFE_FREE ( passwd ) ;
if ( self - > ads_ptr - > auth . password = = NULL ) {
2019-02-28 14:34:47 +03:00
PyErr_NoMemory ( ) ;
goto err ;
}
2022-06-13 13:38:24 +03:00
self - > ads_ptr - > auth . realm = talloc_asprintf_strupper_m (
self - > ads_ptr , " %s " , self - > ads_ptr - > server . realm ) ;
if ( self - > ads_ptr - > auth . realm = = NULL ) {
PyErr_NoMemory ( ) ;
2019-02-27 17:12:43 +03:00
goto err ;
2017-05-10 22:30:17 +03:00
}
2019-02-28 14:34:47 +03:00
self - > ads_ptr - > auth . flags | = ADS_AUTH_USER_CREDS ;
2017-05-10 22:30:17 +03:00
status = ads_connect ( self - > ads_ptr ) ;
2019-02-28 14:34:47 +03:00
}
if ( ! ADS_ERR_OK ( status ) ) {
PyErr_Format ( PyExc_RuntimeError ,
" ads_connect() failed: %s " ,
ads_errstr ( status ) ) ;
goto err ;
2017-05-10 22:30:17 +03:00
}
2017-11-07 20:41:05 +03:00
TALLOC_FREE ( frame ) ;
2017-05-10 22:30:17 +03:00
Py_RETURN_TRUE ;
2019-02-27 17:12:43 +03:00
err :
TALLOC_FREE ( frame ) ;
return NULL ;
2017-05-10 22:30:17 +03:00
}
2014-01-31 04:27:05 +04:00
/* Parameter mapping and functions for the GP_EXT struct */
void initgpo ( void ) ;
/* Global methods aka do not need a special pyobject type */
2017-11-20 00:28:33 +03:00
static PyObject * py_gpo_get_sysvol_gpt_version ( PyObject * self ,
PyObject * args )
2014-01-31 04:27:05 +04:00
{
TALLOC_CTX * tmp_ctx = NULL ;
char * unix_path ;
char * display_name = NULL ;
uint32_t sysvol_version = 0 ;
PyObject * result ;
2017-10-24 05:58:45 +03:00
NTSTATUS status ;
2014-01-31 04:27:05 +04:00
if ( ! PyArg_ParseTuple ( args , " s " , & unix_path ) ) {
return NULL ;
}
2019-02-27 19:32:14 +03:00
tmp_ctx = talloc_new ( NULL ) ;
if ( ! tmp_ctx ) {
return PyErr_NoMemory ( ) ;
}
2017-10-24 05:58:45 +03:00
status = gpo_get_sysvol_gpt_version ( tmp_ctx , unix_path ,
& sysvol_version ,
& display_name ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
PyErr_SetNTSTATUS ( status ) ;
TALLOC_FREE ( tmp_ctx ) ;
return NULL ;
}
2014-01-31 04:27:05 +04:00
result = Py_BuildValue ( " [s,i] " , display_name , sysvol_version ) ;
2019-02-27 19:32:14 +03:00
talloc_free ( tmp_ctx ) ;
2014-01-31 04:27:05 +04:00
return result ;
}
2018-02-03 09:07:55 +03:00
# ifdef HAVE_ADS
2017-11-20 00:28:33 +03:00
static ADS_STATUS find_samaccount ( ADS_STRUCT * ads , TALLOC_CTX * mem_ctx ,
const char * samaccountname ,
uint32_t * uac_ret , const char * * dn_ret )
2017-05-10 22:30:17 +03:00
{
ADS_STATUS status ;
const char * attrs [ ] = { " userAccountControl " , NULL } ;
const char * filter ;
LDAPMessage * res = NULL ;
char * dn = NULL ;
uint32_t uac = 0 ;
2017-11-22 01:00:56 +03:00
filter = talloc_asprintf ( mem_ctx , " (sAMAccountName=%s) " ,
samaccountname ) ;
2017-05-10 22:30:17 +03:00
if ( filter = = NULL ) {
status = ADS_ERROR_NT ( NT_STATUS_NO_MEMORY ) ;
goto out ;
}
2017-11-22 01:00:56 +03:00
status = ads_do_search_all ( ads , ads - > config . bind_path ,
LDAP_SCOPE_SUBTREE , filter , attrs , & res ) ;
2017-05-10 22:30:17 +03:00
if ( ! ADS_ERR_OK ( status ) ) {
goto out ;
}
if ( ads_count_replies ( ads , res ) ! = 1 ) {
status = ADS_ERROR ( LDAP_NO_RESULTS_RETURNED ) ;
goto out ;
}
dn = ads_get_dn ( ads , talloc_tos ( ) , res ) ;
if ( dn = = NULL ) {
status = ADS_ERROR ( LDAP_NO_MEMORY ) ;
goto out ;
}
if ( ! ads_pull_uint32 ( ads , res , " userAccountControl " , & uac ) ) {
status = ADS_ERROR ( LDAP_NO_SUCH_ATTRIBUTE ) ;
goto out ;
}
if ( uac_ret ) {
* uac_ret = uac ;
}
if ( dn_ret ) {
* dn_ret = talloc_strdup ( mem_ctx , dn ) ;
2017-11-22 01:00:35 +03:00
if ( * dn_ret = = NULL ) {
2017-05-10 22:30:17 +03:00
status = ADS_ERROR ( LDAP_NO_MEMORY ) ;
goto out ;
}
}
out :
TALLOC_FREE ( dn ) ;
ads_msgfree ( ads , res ) ;
return status ;
}
static PyObject * py_ads_get_gpo_list ( ADS * self , PyObject * args , PyObject * kwds )
{
2017-10-24 07:24:38 +03:00
TALLOC_CTX * frame = NULL ;
2017-10-24 06:48:13 +03:00
struct GROUP_POLICY_OBJECT * gpo = NULL , * gpo_list = NULL ;
2017-05-10 22:30:17 +03:00
ADS_STATUS status ;
const char * samaccountname = NULL ;
const char * dn = NULL ;
uint32_t uac = 0 ;
uint32_t flags = 0 ;
struct security_token * token = NULL ;
2019-02-27 19:32:14 +03:00
PyObject * ret = NULL ;
TALLOC_CTX * gpo_ctx = NULL ;
2017-10-24 06:48:13 +03:00
size_t list_size ;
size_t i ;
2017-05-10 22:30:17 +03:00
static const char * kwlist [ ] = { " samaccountname " , NULL } ;
2023-03-14 21:37:54 +03:00
PyErr_WarnEx ( PyExc_DeprecationWarning , " The get_gpo_list function "
" is deprecated as of Samba 4.19. Please use "
" the samba.gp module instead. " , 2 ) ;
2017-11-20 00:28:33 +03:00
if ( ! PyArg_ParseTupleAndKeywords ( args , kwds , " s " ,
discard_const_p ( char * , kwlist ) ,
& samaccountname ) ) {
2019-02-27 19:32:14 +03:00
return NULL ;
2017-05-10 22:30:17 +03:00
}
2019-02-28 14:34:47 +03:00
if ( ! self - > ads_ptr ) {
PyErr_SetString ( PyExc_RuntimeError , " Uninitialized " ) ;
return NULL ;
}
2017-05-10 22:30:17 +03:00
2017-10-24 07:24:38 +03:00
frame = talloc_stackframe ( ) ;
2017-05-10 22:30:17 +03:00
2017-11-22 01:00:56 +03:00
status = find_samaccount ( self - > ads_ptr , frame ,
samaccountname , & uac , & dn ) ;
2017-05-10 22:30:17 +03:00
if ( ! ADS_ERR_OK ( status ) ) {
2019-02-27 19:32:14 +03:00
PyErr_Format ( PyExc_RuntimeError ,
" Failed to find samAccountName '%s': %s " ,
samaccountname , ads_errstr ( status ) ) ;
2017-05-10 22:30:17 +03:00
goto out ;
}
2017-11-22 01:00:56 +03:00
if ( uac & UF_WORKSTATION_TRUST_ACCOUNT | |
uac & UF_SERVER_TRUST_ACCOUNT ) {
2017-05-10 22:30:17 +03:00
flags | = GPO_LIST_FLAG_MACHINE ;
2017-11-22 01:00:56 +03:00
status = gp_get_machine_token ( self - > ads_ptr , frame , dn ,
& token ) ;
2019-02-27 19:32:14 +03:00
if ( ! ADS_ERR_OK ( status ) ) {
PyErr_Format ( PyExc_RuntimeError ,
" Failed to get machine token for '%s'(%s): %s " ,
samaccountname , dn , ads_errstr ( status ) ) ;
goto out ;
}
2017-05-10 22:30:17 +03:00
} else {
2017-10-24 07:24:38 +03:00
status = ads_get_sid_token ( self - > ads_ptr , frame , dn , & token ) ;
2019-02-27 19:32:14 +03:00
if ( ! ADS_ERR_OK ( status ) ) {
PyErr_Format ( PyExc_RuntimeError ,
" Failed to get sid token for '%s'(%s): %s " ,
samaccountname , dn , ads_errstr ( status ) ) ;
goto out ;
}
2017-05-10 22:30:17 +03:00
}
2017-10-24 06:48:13 +03:00
gpo_ctx = talloc_new ( frame ) ;
2019-02-27 19:32:14 +03:00
if ( ! gpo_ctx ) {
PyErr_NoMemory ( ) ;
goto out ;
}
2017-11-20 00:28:33 +03:00
status = ads_get_gpo_list ( self - > ads_ptr , gpo_ctx , dn , flags , token ,
& gpo_list ) ;
2017-05-10 22:30:17 +03:00
if ( ! ADS_ERR_OK ( status ) ) {
2019-02-27 19:32:14 +03:00
PyErr_Format ( PyExc_RuntimeError ,
" Failed to fetch GPO list: %s " ,
ads_errstr ( status ) ) ;
2017-05-10 22:30:17 +03:00
goto out ;
}
2017-10-24 06:48:13 +03:00
/* Convert the C linked list into a python list */
list_size = 0 ;
for ( gpo = gpo_list ; gpo ! = NULL ; gpo = gpo - > next ) {
list_size + + ;
}
i = 0 ;
ret = PyList_New ( list_size ) ;
if ( ret = = NULL ) {
goto out ;
}
for ( gpo = gpo_list ; gpo ! = NULL ; gpo = gpo - > next ) {
PyObject * obj = pytalloc_reference_ex ( & GPOType ,
gpo_ctx , gpo ) ;
if ( obj = = NULL ) {
2019-02-27 19:32:14 +03:00
Py_CLEAR ( ret ) ;
2017-10-24 06:48:13 +03:00
goto out ;
}
PyList_SetItem ( ret , i , obj ) ;
i + + ;
}
2017-05-10 22:30:17 +03:00
out :
2017-10-24 07:24:38 +03:00
TALLOC_FREE ( frame ) ;
2017-05-10 22:30:17 +03:00
return ret ;
}
2018-02-03 09:07:55 +03:00
# endif
2017-05-10 22:30:17 +03:00
static PyMethodDef ADS_methods [ ] = {
2017-11-20 00:28:33 +03:00
{ " connect " , ( PyCFunction ) py_ads_connect , METH_NOARGS ,
" Connect to the LDAP server " } ,
2018-02-03 09:07:55 +03:00
# ifdef HAVE_ADS
2019-05-02 21:47:29 +03:00
{ " get_gpo_list " , PY_DISCARD_FUNC_SIG ( PyCFunction , py_ads_get_gpo_list ) ,
METH_VARARGS | METH_KEYWORDS ,
2017-11-22 01:00:56 +03:00
NULL } ,
2018-02-03 09:07:55 +03:00
# endif
2020-05-05 04:47:39 +03:00
{ 0 }
2017-05-10 22:30:17 +03:00
} ;
static PyTypeObject ads_ADSType = {
. tp_name = " gpo.ADS_STRUCT " ,
. tp_basicsize = sizeof ( ADS ) ,
2022-05-24 13:44:36 +03:00
. tp_new = PyType_GenericNew ,
2017-05-10 22:30:17 +03:00
. tp_dealloc = ( destructor ) py_ads_dealloc ,
. tp_flags = Py_TPFLAGS_DEFAULT ,
. tp_doc = " ADS struct " ,
. tp_methods = ADS_methods ,
. tp_init = ( initproc ) py_ads_init ,
} ;
2014-01-31 04:27:05 +04:00
static PyMethodDef py_gpo_methods [ ] = {
2017-11-22 01:00:56 +03:00
{ " gpo_get_sysvol_gpt_version " ,
( PyCFunction ) py_gpo_get_sysvol_gpt_version ,
2017-11-20 00:28:33 +03:00
METH_VARARGS , NULL } ,
2020-05-05 04:47:39 +03:00
{ 0 }
2014-01-31 04:27:05 +04:00
} ;
2018-01-30 22:31:42 +03:00
static struct PyModuleDef moduledef = {
PyModuleDef_HEAD_INIT ,
. m_name = " gpo " ,
. m_doc = " libgpo python bindings " ,
. m_size = - 1 ,
. m_methods = py_gpo_methods ,
} ;
2014-01-31 04:27:05 +04:00
/* Will be called by python when loading this module */
2018-01-30 22:31:42 +03:00
void initgpo ( void ) ;
MODULE_INIT_FUNC ( gpo )
2014-01-31 04:27:05 +04:00
{
PyObject * m ;
debug_setup_talloc_log ( ) ;
2017-11-22 01:00:35 +03:00
2014-01-31 04:27:05 +04:00
/* Instantiate the types */
2018-01-30 22:31:42 +03:00
m = PyModule_Create ( & moduledef ) ;
2017-11-22 01:00:35 +03:00
if ( m = = NULL ) {
2019-02-27 19:48:39 +03:00
goto err ;
2017-11-22 01:00:35 +03:00
}
2019-02-27 19:48:39 +03:00
if ( PyModule_AddObject ( m , " version " ,
2019-06-07 11:45:52 +03:00
PyUnicode_FromString ( SAMBA_VERSION_STRING ) ) ) {
2019-02-27 19:48:39 +03:00
goto err ;
}
2017-10-24 06:48:13 +03:00
2022-05-24 13:44:36 +03:00
if ( pytalloc_BaseObject_PyType_Ready ( & ads_ADSType ) < 0 ) {
2019-02-27 19:48:39 +03:00
goto err ;
2017-11-22 01:00:35 +03:00
}
2019-02-27 19:48:39 +03:00
Py_INCREF ( & ads_ADSType ) ;
if ( PyModule_AddObject ( m , " ADS_STRUCT " , ( PyObject * ) & ads_ADSType ) ) {
goto err ;
}
2017-10-24 06:48:13 +03:00
2017-11-22 01:00:35 +03:00
if ( pytalloc_BaseObject_PyType_Ready ( & GPOType ) < 0 ) {
2019-02-27 19:48:39 +03:00
goto err ;
2017-11-22 01:00:35 +03:00
}
2017-10-24 06:48:13 +03:00
Py_INCREF ( ( PyObject * ) ( void * ) & GPOType ) ;
2019-02-27 19:48:39 +03:00
if ( PyModule_AddObject ( m , " GROUP_POLICY_OBJECT " ,
( PyObject * ) & GPOType ) ) {
goto err ;
}
2023-03-14 20:21:02 +03:00
# define ADD_FLAGS(val) PyModule_AddObject(m, #val, PyLong_FromLong(val))
ADD_FLAGS ( GP_LINK_UNKOWN ) ;
ADD_FLAGS ( GP_LINK_MACHINE ) ;
ADD_FLAGS ( GP_LINK_SITE ) ;
ADD_FLAGS ( GP_LINK_DOMAIN ) ;
ADD_FLAGS ( GP_LINK_OU ) ;
ADD_FLAGS ( GP_LINK_LOCAL ) ;
2018-01-30 22:31:42 +03:00
return m ;
2017-10-24 06:48:13 +03:00
2019-02-27 19:48:39 +03:00
err :
Py_CLEAR ( m ) ;
return NULL ;
2014-01-31 04:27:05 +04:00
}