samba-mirror/auth/credentials/pycredentials.c

/* 
   Unix SMB/CIFS implementation.
   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
   
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 3 of the License, or
   (at your option) any later version.
   
   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.
   
   You should have received a copy of the GNU General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

#include <Python.h>
#include "python/py3compat.h"
#include "includes.h"
#include "pycredentials.h"
#include "param/param.h"
#include "lib/cmdline/credentials.h"
#include "auth/credentials/credentials_internal.h"
#include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
#include "librpc/gen_ndr/netlogon.h"
#include "libcli/util/pyerrors.h"
#include "libcli/auth/libcli_auth.h"
#include "param/pyparam.h"
#include <tevent.h>
#include "libcli/auth/libcli_auth.h"
#include "auth/credentials/credentials_internal.h"

void initcredentials(void);

static PyObject *PyString_FromStringOrNULL(const char *str)
{
	if (str == NULL)
		Py_RETURN_NONE;
	return PyStr_FromString(str);
}

static PyObject *py_creds_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
{
	return pytalloc_steal(type, cli_credentials_init(NULL));
}

static PyObject *py_creds_get_username(PyObject *self, PyObject *unused)
{
	return PyString_FromStringOrNULL(cli_credentials_get_username(PyCredentials_AsCliCredentials(self)));
}

static PyObject *py_creds_set_username(PyObject *self, PyObject *args)
{
	char *newval;
	enum credentials_obtained obt = CRED_SPECIFIED;
	int _obt = obt;

	if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
		return NULL;
	}
	obt = _obt;

	return PyBool_FromLong(cli_credentials_set_username(PyCredentials_AsCliCredentials(self), newval, obt));
}

static PyObject *py_creds_get_ntlm_username_domain(PyObject *self, PyObject *unused)
{
	TALLOC_CTX *frame = talloc_stackframe();
	const char *user = NULL;
	const char *domain = NULL;
	PyObject *ret = NULL;
	cli_credentials_get_ntlm_username_domain(PyCredentials_AsCliCredentials(self),
						 frame, &user, &domain);
	ret = Py_BuildValue("(OO)",
			    PyString_FromStringOrNULL(user),
			    PyString_FromStringOrNULL(domain));
	TALLOC_FREE(frame);
	return ret;
}

static PyObject *py_creds_get_ntlm_response(PyObject *self, PyObject *args, PyObject *kwargs)
{
	TALLOC_CTX *frame = talloc_stackframe();
	PyObject *ret = NULL;
	int flags;
	struct timeval tv_now;
	NTTIME server_timestamp;
	DATA_BLOB challenge = data_blob_null;
	DATA_BLOB target_info = data_blob_null;
	NTSTATUS status;
	DATA_BLOB lm_response = data_blob_null;
	DATA_BLOB nt_response = data_blob_null;
	DATA_BLOB lm_session_key = data_blob_null;
	DATA_BLOB nt_session_key = data_blob_null;
	const char *kwnames[] = { "flags", "challenge",
				  "target_info",
				  NULL };

	tv_now = timeval_current();
	server_timestamp = timeval_to_nttime(&tv_now);

	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "is#|s#",
					 discard_const_p(char *, kwnames),
					 &flags,
					 &challenge.data,
					 &challenge.length,
					 &target_info.data,
					 &target_info.length)) {
		return NULL;
	}

	status = cli_credentials_get_ntlm_response(PyCredentials_AsCliCredentials(self),
						   frame, &flags,
						   challenge,
						   &server_timestamp,
						   target_info,
						   &lm_response, &nt_response,
						   &lm_session_key, &nt_session_key);

	if (!NT_STATUS_IS_OK(status)) {
		PyErr_SetNTSTATUS(status);
		TALLOC_FREE(frame);
		return NULL;
	}

	ret = Py_BuildValue("{sis" PYARG_BYTES_LEN "s" PYARG_BYTES_LEN
			            "s" PYARG_BYTES_LEN "s" PYARG_BYTES_LEN "}",
			    "flags", flags,
			    "lm_reponse",
			    (const char *)lm_response.data, lm_response.length,
			    "nt_response",
			    (const char *)nt_response.data, nt_response.length,
			    "lm_session_key",
			    (const char *)lm_session_key.data, lm_session_key.length,
			    "nt_session_key",
			    (const char *)nt_session_key.data, nt_session_key.length);
	TALLOC_FREE(frame);
	return ret;
}

static PyObject *py_creds_get_principal(PyObject *self, PyObject *unused)
{
	TALLOC_CTX *frame = talloc_stackframe();
	PyObject *ret = PyString_FromStringOrNULL(cli_credentials_get_principal(PyCredentials_AsCliCredentials(self), frame));
	TALLOC_FREE(frame);
	return ret;
}

static PyObject *py_creds_set_principal(PyObject *self, PyObject *args)
{
	char *newval;
	enum credentials_obtained obt = CRED_SPECIFIED;
	int _obt = obt;

	if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
		return NULL;
	}
	obt = _obt;

	return PyBool_FromLong(cli_credentials_set_principal(PyCredentials_AsCliCredentials(self), newval, obt));
}

static PyObject *py_creds_get_password(PyObject *self, PyObject *unused)
{
	return PyString_FromStringOrNULL(cli_credentials_get_password(PyCredentials_AsCliCredentials(self)));
}

static PyObject *py_creds_set_password(PyObject *self, PyObject *args)
{
	char *newval;
	enum credentials_obtained obt = CRED_SPECIFIED;
	int _obt = obt;

	if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
		return NULL;
	}
	obt = _obt;

	return PyBool_FromLong(cli_credentials_set_password(PyCredentials_AsCliCredentials(self), newval, obt));
}

static PyObject *py_creds_set_utf16_password(PyObject *self, PyObject *args)
{
	enum credentials_obtained obt = CRED_SPECIFIED;
	int _obt = obt;
	PyObject *newval = NULL;
	DATA_BLOB blob = data_blob_null;
	Py_ssize_t size =  0;
	int result;
	bool ok;

	if (!PyArg_ParseTuple(args, "O|i", &newval, &_obt)) {
		return NULL;
	}
	obt = _obt;

	result = PyBytes_AsStringAndSize(newval, (char **)&blob.data, &size);
	if (result != 0) {
		PyErr_SetString(PyExc_RuntimeError, "Failed to convert passed value to Bytes");
		return NULL;
	}
	blob.length = size;

	ok = cli_credentials_set_utf16_password(PyCredentials_AsCliCredentials(self),
						&blob, obt);

	return PyBool_FromLong(ok);
}

static PyObject *py_creds_get_old_password(PyObject *self, PyObject *unused)
{
	return PyString_FromStringOrNULL(cli_credentials_get_old_password(PyCredentials_AsCliCredentials(self)));
}

static PyObject *py_creds_set_old_password(PyObject *self, PyObject *args)
{
	char *oldval;
	enum credentials_obtained obt = CRED_SPECIFIED;
	int _obt = obt;

	if (!PyArg_ParseTuple(args, "s|i", &oldval, &_obt)) {
		return NULL;
	}
	obt = _obt;

	return PyBool_FromLong(cli_credentials_set_old_password(PyCredentials_AsCliCredentials(self), oldval, obt));
}

static PyObject *py_creds_set_old_utf16_password(PyObject *self, PyObject *args)
{
	PyObject *oldval = NULL;
	DATA_BLOB blob = data_blob_null;
	Py_ssize_t size =  0;
	int result;
	bool ok;

	if (!PyArg_ParseTuple(args, "O", &oldval)) {
		return NULL;
	}

	result = PyBytes_AsStringAndSize(oldval, (char **)&blob.data, &size);
	if (result != 0) {
		PyErr_SetString(PyExc_RuntimeError, "Failed to convert passed value to Bytes");
		return NULL;
	}
	blob.length = size;

	ok = cli_credentials_set_old_utf16_password(PyCredentials_AsCliCredentials(self),
						    &blob);

	return PyBool_FromLong(ok);
}

static PyObject *py_creds_get_domain(PyObject *self, PyObject *unused)
{
	return PyString_FromStringOrNULL(cli_credentials_get_domain(PyCredentials_AsCliCredentials(self)));
}

static PyObject *py_creds_set_domain(PyObject *self, PyObject *args)
{
	char *newval;
	enum credentials_obtained obt = CRED_SPECIFIED;
	int _obt = obt;

	if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
		return NULL;
	}
	obt = _obt;

	return PyBool_FromLong(cli_credentials_set_domain(PyCredentials_AsCliCredentials(self), newval, obt));
}

static PyObject *py_creds_get_realm(PyObject *self, PyObject *unused)
{
	return PyString_FromStringOrNULL(cli_credentials_get_realm(PyCredentials_AsCliCredentials(self)));
}

static PyObject *py_creds_set_realm(PyObject *self, PyObject *args)
{
	char *newval;
	enum credentials_obtained obt = CRED_SPECIFIED;
	int _obt = obt;

	if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
		return NULL;
	}
	obt = _obt;

	return PyBool_FromLong(cli_credentials_set_realm(PyCredentials_AsCliCredentials(self), newval, obt));
}

static PyObject *py_creds_get_bind_dn(PyObject *self, PyObject *unused)
{
	return PyString_FromStringOrNULL(cli_credentials_get_bind_dn(PyCredentials_AsCliCredentials(self)));
}

static PyObject *py_creds_set_bind_dn(PyObject *self, PyObject *args)
{
	char *newval;
	if (!PyArg_ParseTuple(args, "s", &newval))
		return NULL;

	return PyBool_FromLong(cli_credentials_set_bind_dn(PyCredentials_AsCliCredentials(self), newval));
}

static PyObject *py_creds_get_workstation(PyObject *self, PyObject *unused)
{
	return PyString_FromStringOrNULL(cli_credentials_get_workstation(PyCredentials_AsCliCredentials(self)));
}

static PyObject *py_creds_set_workstation(PyObject *self, PyObject *args)
{
	char *newval;
	enum credentials_obtained obt = CRED_SPECIFIED;
	int _obt = obt;

	if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
		return NULL;
	}
	obt = _obt;

	return PyBool_FromLong(cli_credentials_set_workstation(PyCredentials_AsCliCredentials(self), newval, obt));
}

static PyObject *py_creds_is_anonymous(PyObject *self, PyObject *unused)
{
	return PyBool_FromLong(cli_credentials_is_anonymous(PyCredentials_AsCliCredentials(self)));
}

static PyObject *py_creds_set_anonymous(PyObject *self, PyObject *unused)
{
	cli_credentials_set_anonymous(PyCredentials_AsCliCredentials(self));
	Py_RETURN_NONE;
}

static PyObject *py_creds_authentication_requested(PyObject *self, PyObject *unused)
{
        return PyBool_FromLong(cli_credentials_authentication_requested(PyCredentials_AsCliCredentials(self)));
}

static PyObject *py_creds_wrong_password(PyObject *self, PyObject *unused)
{
        return PyBool_FromLong(cli_credentials_wrong_password(PyCredentials_AsCliCredentials(self)));
}

static PyObject *py_creds_set_cmdline_callbacks(PyObject *self, PyObject *unused)
{
        return PyBool_FromLong(cli_credentials_set_cmdline_callbacks(PyCredentials_AsCliCredentials(self)));
}

static PyObject *py_creds_parse_string(PyObject *self, PyObject *args)
{
	char *newval;
	enum credentials_obtained obt = CRED_SPECIFIED;
	int _obt = obt;

	if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
		return NULL;
	}
	obt = _obt;

	cli_credentials_parse_string(PyCredentials_AsCliCredentials(self), newval, obt);
	Py_RETURN_NONE;
}

static PyObject *py_creds_parse_file(PyObject *self, PyObject *args)
{
	char *newval;
	enum credentials_obtained obt = CRED_SPECIFIED;
	int _obt = obt;

	if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
		return NULL;
	}
	obt = _obt;

	cli_credentials_parse_file(PyCredentials_AsCliCredentials(self), newval, obt);
	Py_RETURN_NONE;
}

static PyObject *py_cli_credentials_set_password_will_be_nt_hash(PyObject *self, PyObject *args)
{
	struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
	PyObject *py_val = NULL;
	bool val = false;

	if (!PyArg_ParseTuple(args, "O!", &PyBool_Type, &py_val)) {
		return NULL;
	}
	val = PyObject_IsTrue(py_val);

	cli_credentials_set_password_will_be_nt_hash(creds, val);
	Py_RETURN_NONE;
}

static PyObject *py_creds_get_nt_hash(PyObject *self, PyObject *unused)
{
	PyObject *ret;
	struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
	struct samr_Password *ntpw = cli_credentials_get_nt_hash(creds, creds);

	ret = PyBytes_FromStringAndSize(discard_const_p(char, ntpw->hash), 16);
	TALLOC_FREE(ntpw);
	return ret;
}

static PyObject *py_creds_get_kerberos_state(PyObject *self, PyObject *unused)
{
	int state = cli_credentials_get_kerberos_state(PyCredentials_AsCliCredentials(self));
	return PyInt_FromLong(state);
}

static PyObject *py_creds_set_kerberos_state(PyObject *self, PyObject *args)
{
	int state;
	if (!PyArg_ParseTuple(args, "i", &state))
		return NULL;

	cli_credentials_set_kerberos_state(PyCredentials_AsCliCredentials(self), state);
	Py_RETURN_NONE;
}

static PyObject *py_creds_set_krb_forwardable(PyObject *self, PyObject *args)
{
	int state;
	if (!PyArg_ParseTuple(args, "i", &state))
		return NULL;

	cli_credentials_set_krb_forwardable(PyCredentials_AsCliCredentials(self), state);
	Py_RETURN_NONE;
}


static PyObject *py_creds_get_forced_sasl_mech(PyObject *self, PyObject *unused)
{
	return PyString_FromStringOrNULL(cli_credentials_get_forced_sasl_mech(PyCredentials_AsCliCredentials(self)));
}

static PyObject *py_creds_set_forced_sasl_mech(PyObject *self, PyObject *args)
{
	char *newval;
	enum credentials_obtained obt = CRED_SPECIFIED;
	int _obt = obt;

	if (!PyArg_ParseTuple(args, "s", &newval)) {
		return NULL;
	}
	obt = _obt;

	cli_credentials_set_forced_sasl_mech(PyCredentials_AsCliCredentials(self), newval);
	Py_RETURN_NONE;
}

static PyObject *py_creds_guess(PyObject *self, PyObject *args)
{
	PyObject *py_lp_ctx = Py_None;
	struct loadparm_context *lp_ctx;
	TALLOC_CTX *mem_ctx;
	struct cli_credentials *creds;

	creds = PyCredentials_AsCliCredentials(self);

	if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
		return NULL;

	mem_ctx = talloc_new(NULL);
	if (mem_ctx == NULL) {
		PyErr_NoMemory();
		return NULL;
	}

	lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
	if (lp_ctx == NULL) {
		talloc_free(mem_ctx);
		return NULL;
	}

	cli_credentials_guess(creds, lp_ctx);

	talloc_free(mem_ctx);

	Py_RETURN_NONE;
}

static PyObject *py_creds_set_machine_account(PyObject *self, PyObject *args)
{
	PyObject *py_lp_ctx = Py_None;
	struct loadparm_context *lp_ctx;
	NTSTATUS status;
	struct cli_credentials *creds;
	TALLOC_CTX *mem_ctx;

	creds = PyCredentials_AsCliCredentials(self);

	if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
		return NULL;

	mem_ctx = talloc_new(NULL);
	if (mem_ctx == NULL) {
		PyErr_NoMemory();
		return NULL;
	}

	lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
	if (lp_ctx == NULL) {
		talloc_free(mem_ctx);
		return NULL;
	}

	status = cli_credentials_set_machine_account(creds, lp_ctx);
	talloc_free(mem_ctx);

	PyErr_NTSTATUS_IS_ERR_RAISE(status);

	Py_RETURN_NONE;
}

static PyObject *PyCredentialCacheContainer_from_ccache_container(struct ccache_container *ccc)
{
	return pytalloc_reference(&PyCredentialCacheContainer, ccc);
}


static PyObject *py_creds_get_named_ccache(PyObject *self, PyObject *args)
{
	PyObject *py_lp_ctx = Py_None;
	char *ccache_name;
	struct loadparm_context *lp_ctx;
	struct ccache_container *ccc;
	struct tevent_context *event_ctx;
	int ret;
	const char *error_string;
	struct cli_credentials *creds;
	TALLOC_CTX *mem_ctx;

	creds = PyCredentials_AsCliCredentials(self);

	if (!PyArg_ParseTuple(args, "|Os", &py_lp_ctx, &ccache_name))
		return NULL;

	mem_ctx = talloc_new(NULL);
	if (mem_ctx == NULL) {
		PyErr_NoMemory();
		return NULL;
	}

	lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
	if (lp_ctx == NULL) {
		talloc_free(mem_ctx);
		return NULL;
	}

	event_ctx = samba_tevent_context_init(mem_ctx);

	ret = cli_credentials_get_named_ccache(creds, event_ctx, lp_ctx,
					       ccache_name, &ccc, &error_string);
	talloc_unlink(mem_ctx, lp_ctx);
	if (ret == 0) {
		talloc_steal(ccc, event_ctx);
		talloc_free(mem_ctx);
		return PyCredentialCacheContainer_from_ccache_container(ccc);
	}

	PyErr_SetString(PyExc_RuntimeError, error_string?error_string:"NULL");

	talloc_free(mem_ctx);
	return NULL;
}

static PyObject *py_creds_set_gensec_features(PyObject *self, PyObject *args)
{
	unsigned int gensec_features;

	if (!PyArg_ParseTuple(args, "I", &gensec_features))
		return NULL;

	cli_credentials_set_gensec_features(PyCredentials_AsCliCredentials(self), gensec_features);

	Py_RETURN_NONE;
}

static PyObject *py_creds_get_gensec_features(PyObject *self, PyObject *args)
{
	unsigned int gensec_features;

	gensec_features = cli_credentials_get_gensec_features(PyCredentials_AsCliCredentials(self));
	return PyInt_FromLong(gensec_features);
}

static PyObject *py_creds_new_client_authenticator(PyObject *self,
						   PyObject *args)
{
	struct netr_Authenticator auth;
	struct cli_credentials *creds = NULL;
	struct netlogon_creds_CredentialState *nc = NULL;
	PyObject *ret = NULL;

	creds = PyCredentials_AsCliCredentials(self);
	if (creds == NULL) {
		PyErr_SetString(PyExc_RuntimeError,
				"Failed to get credentials from python");
		return NULL;
	}

	nc = creds->netlogon_creds;
	if (nc == NULL) {
		PyErr_SetString(PyExc_ValueError,
				"No netlogon credentials cannot make "
				"client authenticator");
		return NULL;
	}

	netlogon_creds_client_authenticator(
		nc,
		&auth);
	ret = Py_BuildValue("{ss#si}",
			    "credential",
			    (const char *) &auth.cred, sizeof(auth.cred),
			    "timestamp", auth.timestamp);
	return ret;
}

static PyObject *py_creds_set_secure_channel_type(PyObject *self, PyObject *args)
{
	unsigned int channel_type;

	if (!PyArg_ParseTuple(args, "I", &channel_type))
		return NULL;

	cli_credentials_set_secure_channel_type(
		PyCredentials_AsCliCredentials(self),
		channel_type);

	Py_RETURN_NONE;
}

static PyObject *py_creds_encrypt_netr_crypt_password(PyObject *self,
						      PyObject *args)
{
	DATA_BLOB data = data_blob_null;
	struct cli_credentials    *creds  = NULL;
	struct netr_CryptPassword *pwd    = NULL;
	NTSTATUS status;
	PyObject *py_cp = Py_None;

	creds = PyCredentials_AsCliCredentials(self);

	if (!PyArg_ParseTuple(args, "|O", &py_cp)) {
		return NULL;
	}
	pwd = pytalloc_get_type(py_cp, struct netr_CryptPassword);
	data.length = sizeof(struct netr_CryptPassword);
	data.data   = (uint8_t *)pwd;
	status = netlogon_creds_session_encrypt(creds->netlogon_creds, data);

	PyErr_NTSTATUS_IS_ERR_RAISE(status);

	Py_RETURN_NONE;
}

static PyMethodDef py_creds_methods[] = {
	{ "get_username", py_creds_get_username, METH_NOARGS,
		"S.get_username() -> username\nObtain username." },
	{ "set_username", py_creds_set_username, METH_VARARGS,
		"S.set_username(name[, credentials.SPECIFIED]) -> None\n"
		"Change username." },
	{ "get_principal", py_creds_get_principal, METH_NOARGS,
		"S.get_principal() -> user@realm\nObtain user principal." },
	{ "set_principal", py_creds_set_principal, METH_VARARGS,
		"S.set_principal(name[, credentials.SPECIFIED]) -> None\n"
		"Change principal." },
	{ "get_password", py_creds_get_password, METH_NOARGS,
		"S.get_password() -> password\n"
		"Obtain password." },
	{ "get_ntlm_username_domain", py_creds_get_ntlm_username_domain, METH_NOARGS,
		"S.get_ntlm_username_domain() -> (domain, username)\n"
		"Obtain NTLM username and domain, split up either as (DOMAIN, user) or (\"\", \"user@realm\")." },
	{ "get_ntlm_response", (PyCFunction)py_creds_get_ntlm_response, METH_VARARGS | METH_KEYWORDS,
		"S.get_ntlm_response"
	        "(flags, challenge[, target_info]) -> "
	        "(flags, lm_response, nt_response, lm_session_key, nt_session_key)\n"
		"Obtain LM or NTLM response." },
	{ "set_password", py_creds_set_password, METH_VARARGS,
		"S.set_password(password[, credentials.SPECIFIED]) -> None\n"
		"Change password." },
	{ "set_utf16_password", py_creds_set_utf16_password, METH_VARARGS,
		"S.set_utf16_password(password[, credentials.SPECIFIED]) -> None\n"
		"Change password." },
	{ "get_old_password", py_creds_get_old_password, METH_NOARGS,
		"S.get_old_password() -> password\n"
		"Obtain old password." },
	{ "set_old_password", py_creds_set_old_password, METH_VARARGS,
		"S.set_old_password(password[, credentials.SPECIFIED]) -> None\n"
		"Change old password." },
	{ "set_old_utf16_password", py_creds_set_old_utf16_password, METH_VARARGS,
		"S.set_old_utf16_password(password[, credentials.SPECIFIED]) -> None\n"
		"Change old password." },
	{ "get_domain", py_creds_get_domain, METH_NOARGS,
		"S.get_domain() -> domain\n"
		"Obtain domain name." },
	{ "set_domain", py_creds_set_domain, METH_VARARGS,
		"S.set_domain(domain[, credentials.SPECIFIED]) -> None\n"
		"Change domain name." },
	{ "get_realm", py_creds_get_realm, METH_NOARGS,
		"S.get_realm() -> realm\n"
		"Obtain realm name." },
	{ "set_realm", py_creds_set_realm, METH_VARARGS,
		"S.set_realm(realm[, credentials.SPECIFIED]) -> None\n"
		"Change realm name." },
	{ "get_bind_dn", py_creds_get_bind_dn, METH_NOARGS,
		"S.get_bind_dn() -> bind dn\n"
		"Obtain bind DN." },
	{ "set_bind_dn", py_creds_set_bind_dn, METH_VARARGS,
		"S.set_bind_dn(bind_dn) -> None\n"
		"Change bind DN." },
	{ "is_anonymous", py_creds_is_anonymous, METH_NOARGS,
		NULL },
	{ "set_anonymous", py_creds_set_anonymous, METH_NOARGS,
        	"S.set_anonymous() -> None\n"
		"Use anonymous credentials." },
	{ "get_workstation", py_creds_get_workstation, METH_NOARGS,
		NULL },
	{ "set_workstation", py_creds_set_workstation, METH_VARARGS,
		NULL },
	{ "authentication_requested", py_creds_authentication_requested, METH_NOARGS,
		NULL },
	{ "wrong_password", py_creds_wrong_password, METH_NOARGS,
		"S.wrong_password() -> bool\n"
		"Indicate the returned password was incorrect." },
	{ "set_cmdline_callbacks", py_creds_set_cmdline_callbacks, METH_NOARGS,
		"S.set_cmdline_callbacks() -> bool\n"
		"Use command-line to obtain credentials not explicitly set." },
	{ "parse_string", py_creds_parse_string, METH_VARARGS,
		"S.parse_string(text[, credentials.SPECIFIED]) -> None\n"
		"Parse credentials string." },
	{ "parse_file", py_creds_parse_file, METH_VARARGS,
		"S.parse_file(filename[, credentials.SPECIFIED]) -> None\n"
		"Parse credentials file." },
	{ "set_password_will_be_nt_hash",
		py_cli_credentials_set_password_will_be_nt_hash, METH_VARARGS,
		"S.set_password_will_be_nt_hash(bool) -> None\n"
		"Alters the behaviour of S.set_password() "
		"to expect the NTHASH as hexstring." },
	{ "get_nt_hash", py_creds_get_nt_hash, METH_NOARGS,
		NULL },
	{ "get_kerberos_state", py_creds_get_kerberos_state, METH_NOARGS,
		NULL },
	{ "set_kerberos_state", py_creds_set_kerberos_state, METH_VARARGS,
		NULL },
	{ "set_krb_forwardable", py_creds_set_krb_forwardable, METH_VARARGS,
		NULL },
	{ "guess", py_creds_guess, METH_VARARGS, NULL },
	{ "set_machine_account", py_creds_set_machine_account, METH_VARARGS, NULL },
	{ "get_named_ccache", py_creds_get_named_ccache, METH_VARARGS, NULL },
	{ "set_gensec_features", py_creds_set_gensec_features, METH_VARARGS, NULL },
	{ "get_gensec_features", py_creds_get_gensec_features, METH_NOARGS, NULL },
	{ "get_forced_sasl_mech", py_creds_get_forced_sasl_mech, METH_NOARGS,
		"S.get_forced_sasl_mech() -> SASL mechanism\nObtain forced SASL mechanism." },
	{ "set_forced_sasl_mech", py_creds_set_forced_sasl_mech, METH_VARARGS,
		"S.set_forced_sasl_mech(name) -> None\n"
		"Set forced SASL mechanism." },
	{ "new_client_authenticator",
		py_creds_new_client_authenticator,
		METH_NOARGS,
		"S.new_client_authenticator() -> Authenticator\n"
		"Get a new client NETLOGON_AUTHENTICATOR"},
	{ "set_secure_channel_type", py_creds_set_secure_channel_type,
	  METH_VARARGS, NULL },
	{ "encrypt_netr_crypt_password",
		py_creds_encrypt_netr_crypt_password,
		METH_VARARGS,
		"S.encrypt_netr_crypt_password(password) -> NTSTATUS\n"
		"Encrypt the supplied password using the session key and\n"
		"the negotiated encryption algorithm in place\n"
		"i.e. it overwrites the original data"},
	{ NULL }
};

static struct PyModuleDef moduledef = {
    PyModuleDef_HEAD_INIT,
    .m_name = "credentials",
    .m_doc = "Credentials management.",
    .m_size = -1,
    .m_methods = py_creds_methods,
};

PyTypeObject PyCredentials = {
	.tp_name = "credentials.Credentials",
	.tp_new = py_creds_new,
	.tp_flags = Py_TPFLAGS_DEFAULT,
	.tp_methods = py_creds_methods,
};


PyTypeObject PyCredentialCacheContainer = {
	.tp_name = "credentials.CredentialCacheContainer",
	.tp_flags = Py_TPFLAGS_DEFAULT,
};

MODULE_INIT_FUNC(credentials)
{
	PyObject *m;
	if (pytalloc_BaseObject_PyType_Ready(&PyCredentials) < 0)
		return NULL;

	if (pytalloc_BaseObject_PyType_Ready(&PyCredentialCacheContainer) < 0)
		return NULL;

	m = PyModule_Create(&moduledef);
	if (m == NULL)
		return NULL;

	PyModule_AddObject(m, "UNINITIALISED", PyInt_FromLong(CRED_UNINITIALISED));
	PyModule_AddObject(m, "CALLBACK", PyInt_FromLong(CRED_CALLBACK));
	PyModule_AddObject(m, "GUESS_ENV", PyInt_FromLong(CRED_GUESS_ENV));
	PyModule_AddObject(m, "GUESS_FILE", PyInt_FromLong(CRED_GUESS_FILE));
	PyModule_AddObject(m, "CALLBACK_RESULT", PyInt_FromLong(CRED_CALLBACK_RESULT));
	PyModule_AddObject(m, "SPECIFIED", PyInt_FromLong(CRED_SPECIFIED));

	PyModule_AddObject(m, "AUTO_USE_KERBEROS", PyInt_FromLong(CRED_AUTO_USE_KERBEROS));
	PyModule_AddObject(m, "DONT_USE_KERBEROS", PyInt_FromLong(CRED_DONT_USE_KERBEROS));
	PyModule_AddObject(m, "MUST_USE_KERBEROS", PyInt_FromLong(CRED_MUST_USE_KERBEROS));

	PyModule_AddObject(m, "AUTO_KRB_FORWARDABLE",  PyInt_FromLong(CRED_AUTO_KRB_FORWARDABLE));
	PyModule_AddObject(m, "NO_KRB_FORWARDABLE",    PyInt_FromLong(CRED_NO_KRB_FORWARDABLE));
	PyModule_AddObject(m, "FORCE_KRB_FORWARDABLE", PyInt_FromLong(CRED_FORCE_KRB_FORWARDABLE));
	PyModule_AddObject(m, "CLI_CRED_NTLM2", PyInt_FromLong(CLI_CRED_NTLM2));
	PyModule_AddObject(m, "CLI_CRED_NTLMv2_AUTH", PyInt_FromLong(CLI_CRED_NTLMv2_AUTH));
	PyModule_AddObject(m, "CLI_CRED_LANMAN_AUTH", PyInt_FromLong(CLI_CRED_LANMAN_AUTH));
	PyModule_AddObject(m, "CLI_CRED_NTLM_AUTH", PyInt_FromLong(CLI_CRED_NTLM_AUTH));
	PyModule_AddObject(m, "CLI_CRED_CLEAR_AUTH", PyInt_FromLong(CLI_CRED_CLEAR_AUTH));

	Py_INCREF(&PyCredentials);
	PyModule_AddObject(m, "Credentials", (PyObject *)&PyCredentials);
	Py_INCREF(&PyCredentialCacheContainer);
	PyModule_AddObject(m, "CredentialCacheContainer", (PyObject *)&PyCredentialCacheContainer);
	return m;
}