2011-01-11 17:39:25 +11:00
/*
Unix SMB / CIFS implementation .
Copyright ( C ) Jelmer Vernooij < jelmer @ samba . org > 2007 - 2008
Copyright ( C ) Andrew Bartlett < abartlet @ samba . org > 2011
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 3 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
2023-11-09 11:35:56 +01:00
# include "lib/replace/system/python.h"
2017-05-22 15:21:08 +02:00
# include "python/py3compat.h"
2011-01-11 17:39:25 +11:00
# include "includes.h"
2019-05-02 19:47:29 +01:00
# include "python/modules.h"
2011-01-11 17:39:25 +11:00
# include "libcli/util/pyerrors.h"
# include "libcli/security/security.h"
# include "pytalloc.h"
static PyObject * py_se_access_check ( PyObject * module , PyObject * args , PyObject * kwargs )
{
NTSTATUS nt_status ;
const char * const kwnames [ ] = { " security_descriptor " , " token " , " access_desired " , NULL } ;
2023-04-14 13:58:15 +12:00
PyObject * py_sec_desc = NULL ;
PyObject * py_security_token = NULL ;
2011-01-11 17:39:25 +11:00
struct security_descriptor * security_descriptor ;
struct security_token * security_token ;
2019-07-07 12:14:50 +12:00
unsigned int access_desired ; /* This is an unsigned int, not uint32_t,
* because that ' s what we need for the
* python PyArg_ParseTupleAndKeywords */
2011-01-11 17:39:25 +11:00
uint32_t access_granted ;
2019-07-07 12:14:50 +12:00
if ( ! PyArg_ParseTupleAndKeywords ( args , kwargs , " OOI " ,
2011-01-11 17:39:25 +11:00
discard_const_p ( char * , kwnames ) ,
& py_sec_desc , & py_security_token , & access_desired ) ) {
return NULL ;
}
2011-08-10 15:15:18 +02:00
security_descriptor = pytalloc_get_type ( py_sec_desc , struct security_descriptor ) ;
2011-01-11 17:39:25 +11:00
if ( ! security_descriptor ) {
PyErr_Format ( PyExc_TypeError ,
" Expected dcerpc.security.descriptor for security_descriptor argument got %s " ,
2019-07-09 09:45:03 +00:00
pytalloc_get_name ( py_sec_desc ) ) ;
2011-01-11 17:39:25 +11:00
return NULL ;
}
2011-08-10 15:15:18 +02:00
security_token = pytalloc_get_type ( py_security_token , struct security_token ) ;
2011-01-11 17:39:25 +11:00
if ( ! security_token ) {
PyErr_Format ( PyExc_TypeError ,
" Expected dcerpc.security.token for token argument, got %s " ,
2019-07-09 09:45:03 +00:00
pytalloc_get_name ( py_sec_desc ) ) ;
2011-01-11 17:39:25 +11:00
return NULL ;
}
nt_status = se_access_check ( security_descriptor , security_token , access_desired , & access_granted ) ;
if ( ! NT_STATUS_IS_OK ( nt_status ) ) {
PyErr_NTSTATUS_IS_ERR_RAISE ( nt_status ) ;
}
2020-03-15 10:36:59 +13:00
return PyLong_FromLong ( access_granted ) ;
2011-01-11 17:39:25 +11:00
}
static PyMethodDef py_security_methods [ ] = {
2019-05-02 19:47:29 +01:00
{ " access_check " , PY_DISCARD_FUNC_SIG ( PyCFunction ,
py_se_access_check ) ,
METH_VARARGS | METH_KEYWORDS ,
2011-01-11 17:39:25 +11:00
" access_check(security_descriptor, token, access_desired) -> access_granted. Raises NT_STATUS on error, including on access check failure, returns access granted bitmask " } ,
2020-05-05 13:47:39 +12:00
{ 0 } ,
2011-01-11 17:39:25 +11:00
} ;
2017-05-22 15:21:08 +02:00
static struct PyModuleDef moduledef = {
PyModuleDef_HEAD_INIT ,
. m_name = " security " ,
. m_doc = " Security support. " ,
. m_size = - 1 ,
. m_methods = py_security_methods ,
} ;
MODULE_INIT_FUNC ( security )
2011-01-11 17:39:25 +11:00
{
PyObject * m ;
2017-05-22 15:21:08 +02:00
m = PyModule_Create ( & moduledef ) ;
2011-01-11 17:39:25 +11:00
if ( m = = NULL )
2017-05-22 15:21:08 +02:00
return NULL ;
return m ;
2011-01-11 17:39:25 +11:00
}