2008-12-21 05:37:31 +03:00
/*
Unix SMB / CIFS implementation .
Copyright ( C ) Jelmer Vernooij < jelmer @ samba . org > 2007 - 2008
2011-01-11 08:43:54 +03:00
Copyright ( C ) Andrew Bartlett < abartlet @ samba . org > 2011
2008-12-21 05:37:31 +03:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 3 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
2010-01-20 06:27:38 +03:00
# include <Python.h>
2016-12-20 12:57:13 +03:00
# include "python/py3compat.h"
2008-12-21 05:37:31 +03:00
# include "includes.h"
2019-05-02 21:45:14 +03:00
# include "python/modules.h"
2010-12-22 09:17:07 +03:00
# include "libcli/util/pyerrors.h"
2008-12-21 05:37:31 +03:00
# include "param/param.h"
# include "pyauth.h"
2010-12-22 09:17:07 +03:00
# include "pyldb.h"
2008-12-21 05:37:31 +03:00
# include "auth/system_session_proto.h"
2011-01-11 08:43:54 +03:00
# include "auth/auth.h"
2018-09-04 15:37:41 +03:00
# include "auth/auth_util.h"
2008-12-22 06:38:57 +03:00
# include "param/pyparam.h"
2009-09-03 15:39:40 +04:00
# include "libcli/security/security.h"
2011-01-11 08:43:54 +03:00
# include "auth/credentials/pycredentials.h"
2011-01-17 08:22:31 +03:00
# include <tevent.h>
2011-01-11 08:43:54 +03:00
# include "librpc/rpc/pyrpc_util.h"
2011-12-29 06:51:17 +04:00
# include "lib/events/events.h"
2011-01-11 08:43:54 +03:00
2016-12-20 12:57:13 +03:00
static PyTypeObject PyAuthContext ;
2011-01-17 08:22:31 +03:00
2011-04-05 10:15:27 +04:00
static PyObject * PyAuthSession_FromSession ( struct auth_session_info * session )
2011-01-11 08:43:54 +03:00
{
2011-04-05 10:15:27 +04:00
return py_return_ndr_struct ( " samba.dcerpc.auth " , " session_info " , session , session ) ;
2008-12-21 05:37:31 +03:00
}
2018-09-04 15:37:41 +03:00
static PyObject * py_copy_session_info ( PyObject * module ,
PyObject * args ,
PyObject * kwargs )
{
PyObject * py_session = Py_None ;
PyObject * result = Py_None ;
struct auth_session_info * session = NULL ;
struct auth_session_info * session_duplicate = NULL ;
TALLOC_CTX * frame ;
int ret = 1 ;
const char * const kwnames [ ] = { " session_info " , NULL } ;
ret = PyArg_ParseTupleAndKeywords ( args ,
kwargs ,
" O " ,
discard_const_p ( char * , kwnames ) ,
& py_session ) ;
if ( ! ret ) {
return NULL ;
}
ret = py_check_dcerpc_type ( py_session ,
" samba.dcerpc.auth " ,
" session_info " ) ;
if ( ! ret ) {
return NULL ;
}
session = pytalloc_get_type ( py_session ,
struct auth_session_info ) ;
if ( ! session ) {
PyErr_Format ( PyExc_TypeError ,
" Expected auth_session_info for session_info "
" argument got %s " ,
2019-07-09 13:52:33 +03:00
pytalloc_get_name ( py_session ) ) ;
2018-09-04 15:37:41 +03:00
return NULL ;
}
frame = talloc_stackframe ( ) ;
if ( frame = = NULL ) {
return PyErr_NoMemory ( ) ;
}
session_duplicate = copy_session_info ( frame , session ) ;
if ( session_duplicate = = NULL ) {
TALLOC_FREE ( frame ) ;
return PyErr_NoMemory ( ) ;
}
result = PyAuthSession_FromSession ( session_duplicate ) ;
TALLOC_FREE ( frame ) ;
return result ;
}
2008-12-21 05:37:31 +03:00
static PyObject * py_system_session ( PyObject * module , PyObject * args )
{
PyObject * py_lp_ctx = Py_None ;
struct loadparm_context * lp_ctx = NULL ;
struct auth_session_info * session ;
2010-09-23 03:44:17 +04:00
TALLOC_CTX * mem_ctx ;
2008-12-21 05:37:31 +03:00
if ( ! PyArg_ParseTuple ( args , " |O " , & py_lp_ctx ) )
return NULL ;
2010-09-23 03:44:17 +04:00
mem_ctx = talloc_new ( NULL ) ;
if ( mem_ctx = = NULL ) {
PyErr_NoMemory ( ) ;
2008-12-21 05:37:31 +03:00
return NULL ;
2010-09-23 03:44:17 +04:00
}
lp_ctx = lpcfg_from_py_object ( mem_ctx , py_lp_ctx ) ;
if ( lp_ctx = = NULL ) {
talloc_free ( mem_ctx ) ;
return NULL ;
}
2008-12-21 05:37:31 +03:00
2009-10-23 07:19:28 +04:00
session = system_session ( lp_ctx ) ;
2008-12-21 05:37:31 +03:00
2010-09-23 03:44:17 +04:00
talloc_free ( mem_ctx ) ;
2010-09-23 02:35:36 +04:00
2008-12-21 05:37:31 +03:00
return PyAuthSession_FromSession ( session ) ;
}
2009-09-03 15:39:40 +04:00
static PyObject * py_admin_session ( PyObject * module , PyObject * args )
{
PyObject * py_lp_ctx ;
2016-12-20 12:57:13 +03:00
const char * sid ;
2009-09-03 15:39:40 +04:00
struct loadparm_context * lp_ctx = NULL ;
struct auth_session_info * session ;
struct dom_sid * domain_sid = NULL ;
2010-09-23 03:44:17 +04:00
TALLOC_CTX * mem_ctx ;
2016-12-20 12:57:13 +03:00
if ( ! PyArg_ParseTuple ( args , " Os " , & py_lp_ctx , & sid ) )
2009-09-03 15:39:40 +04:00
return NULL ;
2010-09-23 03:44:17 +04:00
mem_ctx = talloc_new ( NULL ) ;
if ( mem_ctx = = NULL ) {
PyErr_NoMemory ( ) ;
2009-09-03 15:39:40 +04:00
return NULL ;
2010-09-23 03:44:17 +04:00
}
2009-09-03 15:39:40 +04:00
2010-09-23 03:44:17 +04:00
lp_ctx = lpcfg_from_py_object ( mem_ctx , py_lp_ctx ) ;
if ( lp_ctx = = NULL ) {
talloc_free ( mem_ctx ) ;
return NULL ;
}
2009-09-03 15:39:40 +04:00
2016-12-20 12:57:13 +03:00
domain_sid = dom_sid_parse_talloc ( mem_ctx , sid ) ;
2010-09-23 03:44:17 +04:00
if ( domain_sid = = NULL ) {
2016-12-20 12:57:13 +03:00
PyErr_Format ( PyExc_RuntimeError , " Unable to parse sid %s " , sid ) ;
2010-09-23 03:44:17 +04:00
talloc_free ( mem_ctx ) ;
return NULL ;
}
session = admin_session ( NULL , lp_ctx , domain_sid ) ;
talloc_free ( mem_ctx ) ;
2010-09-23 02:35:36 +04:00
2009-09-03 15:39:40 +04:00
return PyAuthSession_FromSession ( session ) ;
}
2010-12-22 09:17:07 +03:00
static PyObject * py_user_session ( PyObject * module , PyObject * args , PyObject * kwargs )
{
NTSTATUS nt_status ;
struct auth_session_info * session ;
TALLOC_CTX * mem_ctx ;
2011-01-11 08:43:54 +03:00
const char * const kwnames [ ] = { " ldb " , " lp_ctx " , " principal " , " dn " , " session_info_flags " , NULL } ;
2010-12-22 09:17:07 +03:00
struct ldb_context * ldb_ctx ;
PyObject * py_ldb = Py_None ;
PyObject * py_dn = Py_None ;
PyObject * py_lp_ctx = Py_None ;
struct loadparm_context * lp_ctx = NULL ;
struct ldb_dn * user_dn ;
char * principal = NULL ;
2011-01-11 08:43:54 +03:00
int session_info_flags = 0 ; /* This is an int, because that's
* what we need for the python
2010-12-22 09:17:07 +03:00
* PyArg_ParseTupleAndKeywords */
if ( ! PyArg_ParseTupleAndKeywords ( args , kwargs , " O|OzOi " ,
discard_const_p ( char * , kwnames ) ,
& py_ldb , & py_lp_ctx , & principal , & py_dn , & session_info_flags ) ) {
return NULL ;
}
mem_ctx = talloc_new ( NULL ) ;
if ( mem_ctx = = NULL ) {
PyErr_NoMemory ( ) ;
return NULL ;
}
2011-08-07 19:08:56 +04:00
ldb_ctx = pyldb_Ldb_AsLdbContext ( py_ldb ) ;
2018-04-24 03:37:02 +03:00
if ( ldb_ctx = = NULL ) {
talloc_free ( mem_ctx ) ;
return NULL ;
}
2010-12-22 09:17:07 +03:00
if ( py_dn = = Py_None ) {
user_dn = NULL ;
} else {
2011-08-07 19:08:56 +04:00
if ( ! pyldb_Object_AsDn ( ldb_ctx , py_dn , ldb_ctx , & user_dn ) ) {
2010-12-22 09:17:07 +03:00
talloc_free ( mem_ctx ) ;
return NULL ;
}
}
lp_ctx = lpcfg_from_py_object ( mem_ctx , py_lp_ctx ) ;
if ( lp_ctx = = NULL ) {
talloc_free ( mem_ctx ) ;
return NULL ;
}
nt_status = authsam_get_session_info_principal ( mem_ctx , lp_ctx , ldb_ctx , principal , user_dn ,
session_info_flags , & session ) ;
if ( ! NT_STATUS_IS_OK ( nt_status ) ) {
talloc_free ( mem_ctx ) ;
PyErr_NTSTATUS_IS_ERR_RAISE ( nt_status ) ;
}
talloc_steal ( NULL , session ) ;
talloc_free ( mem_ctx ) ;
return PyAuthSession_FromSession ( session ) ;
}
2018-07-11 07:48:40 +03:00
static PyObject * py_session_info_fill_unix ( PyObject * module ,
PyObject * args ,
PyObject * kwargs )
{
NTSTATUS nt_status ;
char * user_name = NULL ;
struct loadparm_context * lp_ctx = NULL ;
struct auth_session_info * session_info ;
PyObject * py_lp_ctx = Py_None ;
PyObject * py_session = Py_None ;
TALLOC_CTX * frame ;
const char * const kwnames [ ] = { " session_info " ,
" user_name " ,
" lp_ctx " ,
NULL } ;
if ( ! PyArg_ParseTupleAndKeywords ( args , kwargs , " Oz|O " ,
discard_const_p ( char * , kwnames ) ,
& py_session ,
& user_name ,
& py_lp_ctx ) ) {
return NULL ;
}
if ( ! py_check_dcerpc_type ( py_session ,
" samba.dcerpc.auth " ,
" session_info " ) ) {
return NULL ;
}
session_info = pytalloc_get_type ( py_session ,
struct auth_session_info ) ;
if ( ! session_info ) {
PyErr_Format ( PyExc_TypeError ,
" Expected auth_session_info for session_info argument got %s " ,
2019-07-09 13:52:33 +03:00
pytalloc_get_name ( py_session ) ) ;
2018-07-11 07:48:40 +03:00
return NULL ;
}
frame = talloc_stackframe ( ) ;
lp_ctx = lpcfg_from_py_object ( frame , py_lp_ctx ) ;
if ( lp_ctx = = NULL ) {
TALLOC_FREE ( frame ) ;
return NULL ;
}
nt_status = auth_session_info_fill_unix ( lp_ctx ,
user_name ,
session_info ) ;
TALLOC_FREE ( frame ) ;
if ( ! NT_STATUS_IS_OK ( nt_status ) ) {
PyErr_NTSTATUS_IS_ERR_RAISE ( nt_status ) ;
}
Py_RETURN_NONE ;
}
2011-01-18 11:13:19 +03:00
2020-06-04 17:00:04 +03:00
static PyObject * py_session_info_set_unix ( PyObject * module ,
PyObject * args ,
PyObject * kwargs )
{
NTSTATUS nt_status ;
char * user_name = NULL ;
int uid = - 1 ;
int gid = - 1 ;
struct loadparm_context * lp_ctx = NULL ;
struct auth_session_info * session_info ;
PyObject * py_lp_ctx = Py_None ;
PyObject * py_session = Py_None ;
TALLOC_CTX * frame ;
const char * const kwnames [ ] = { " session_info " ,
" user_name " ,
" uid " ,
" gid " ,
" lp_ctx " ,
NULL } ;
if ( ! PyArg_ParseTupleAndKeywords ( args , kwargs , " Ozii|O " ,
discard_const_p ( char * , kwnames ) ,
& py_session ,
& user_name ,
& uid ,
& gid ,
& py_lp_ctx ) ) {
return NULL ;
}
if ( ! py_check_dcerpc_type ( py_session ,
" samba.dcerpc.auth " ,
" session_info " ) ) {
return NULL ;
}
session_info = pytalloc_get_type ( py_session ,
struct auth_session_info ) ;
if ( ! session_info ) {
PyErr_Format ( PyExc_TypeError ,
" Expected auth_session_info for session_info "
" argument got %s " ,
pytalloc_get_name ( py_session ) ) ;
return NULL ;
}
frame = talloc_stackframe ( ) ;
lp_ctx = lpcfg_from_py_object ( frame , py_lp_ctx ) ;
if ( lp_ctx = = NULL ) {
TALLOC_FREE ( frame ) ;
return NULL ;
}
nt_status = auth_session_info_set_unix ( lp_ctx ,
user_name ,
uid ,
gid ,
session_info ) ;
TALLOC_FREE ( frame ) ;
if ( ! NT_STATUS_IS_OK ( nt_status ) ) {
PyErr_NTSTATUS_IS_ERR_RAISE ( nt_status ) ;
}
Py_RETURN_NONE ;
}
2011-05-07 10:14:06 +04:00
static PyObject * PyAuthContext_FromContext ( struct auth4_context * auth_context )
2011-01-17 08:22:31 +03:00
{
2011-08-10 17:15:18 +04:00
return pytalloc_reference ( & PyAuthContext , auth_context ) ;
2011-01-17 08:22:31 +03:00
}
static PyObject * py_auth_context_new ( PyTypeObject * type , PyObject * args , PyObject * kwargs )
{
2011-01-18 11:13:19 +03:00
PyObject * py_lp_ctx = Py_None ;
PyObject * py_ldb = Py_None ;
PyObject * py_auth_context = Py_None ;
PyObject * py_methods = Py_None ;
2011-01-17 08:22:31 +03:00
TALLOC_CTX * mem_ctx ;
2011-05-07 10:14:06 +04:00
struct auth4_context * auth_context ;
2011-01-17 08:22:31 +03:00
struct loadparm_context * lp_ctx ;
struct tevent_context * ev ;
2012-04-14 00:44:52 +04:00
struct ldb_context * ldb = NULL ;
2011-01-17 08:22:31 +03:00
NTSTATUS nt_status ;
2023-07-21 05:32:46 +03:00
const char * const * methods ;
2011-01-17 08:22:31 +03:00
2018-10-01 02:20:44 +03:00
const char * const kwnames [ ] = { " lp_ctx " , " ldb " , " methods " , NULL } ;
2011-01-17 08:22:31 +03:00
2018-10-01 02:20:44 +03:00
if ( ! PyArg_ParseTupleAndKeywords ( args ,
kwargs ,
" |OOO " ,
2011-01-17 08:22:31 +03:00
discard_const_p ( char * , kwnames ) ,
2018-10-01 02:20:44 +03:00
& py_lp_ctx ,
& py_ldb ,
& py_methods ) )
2011-01-17 08:22:31 +03:00
return NULL ;
mem_ctx = talloc_new ( NULL ) ;
if ( mem_ctx = = NULL ) {
PyErr_NoMemory ( ) ;
return NULL ;
}
2011-01-18 11:13:19 +03:00
if ( py_ldb ! = Py_None ) {
2011-08-07 19:08:56 +04:00
ldb = pyldb_Ldb_AsLdbContext ( py_ldb ) ;
2018-05-03 01:26:34 +03:00
if ( ldb = = NULL ) {
talloc_free ( mem_ctx ) ;
return NULL ;
}
2011-01-17 08:22:31 +03:00
}
2011-01-18 11:13:19 +03:00
lp_ctx = lpcfg_from_py_object ( mem_ctx , py_lp_ctx ) ;
2013-02-19 11:58:00 +04:00
if ( lp_ctx = = NULL ) {
2018-04-24 03:38:22 +03:00
talloc_free ( mem_ctx ) ;
2013-02-19 11:58:00 +04:00
PyErr_NoMemory ( ) ;
return NULL ;
}
2011-01-18 11:13:19 +03:00
2011-12-29 06:51:17 +04:00
ev = s4_event_context_init ( mem_ctx ) ;
2011-01-17 08:22:31 +03:00
if ( ev = = NULL ) {
2018-04-24 03:38:22 +03:00
talloc_free ( mem_ctx ) ;
2011-01-17 08:22:31 +03:00
PyErr_NoMemory ( ) ;
return NULL ;
}
2011-01-18 11:13:19 +03:00
if ( py_methods = = Py_None & & py_ldb = = Py_None ) {
2018-10-01 02:20:44 +03:00
nt_status = auth_context_create (
mem_ctx , ev , NULL , lp_ctx , & auth_context ) ;
2011-01-18 11:13:19 +03:00
} else {
if ( py_methods ! = Py_None ) {
2023-07-21 05:32:46 +03:00
methods = ( const char * const * ) PyList_AsStringList ( mem_ctx , py_methods , " methods " ) ;
2011-01-18 11:13:19 +03:00
if ( methods = = NULL ) {
talloc_free ( mem_ctx ) ;
return NULL ;
}
} else {
methods = auth_methods_from_lp ( mem_ctx , lp_ctx ) ;
}
2018-10-01 02:20:44 +03:00
nt_status = auth_context_create_methods (
mem_ctx , methods , ev , NULL , lp_ctx , ldb , & auth_context ) ;
2011-01-18 11:13:19 +03:00
}
2011-01-17 08:22:31 +03:00
if ( ! NT_STATUS_IS_OK ( nt_status ) ) {
talloc_free ( mem_ctx ) ;
PyErr_NTSTATUS_IS_ERR_RAISE ( nt_status ) ;
}
if ( ! talloc_reference ( auth_context , lp_ctx ) ) {
talloc_free ( mem_ctx ) ;
PyErr_NoMemory ( ) ;
return NULL ;
}
if ( ! talloc_reference ( auth_context , ev ) ) {
talloc_free ( mem_ctx ) ;
PyErr_NoMemory ( ) ;
return NULL ;
}
py_auth_context = PyAuthContext_FromContext ( auth_context ) ;
talloc_free ( mem_ctx ) ;
return py_auth_context ;
}
static PyTypeObject PyAuthContext = {
. tp_name = " AuthContext " ,
. tp_flags = Py_TPFLAGS_DEFAULT ,
. tp_new = py_auth_context_new ,
} ;
2008-12-21 05:37:31 +03:00
static PyMethodDef py_auth_methods [ ] = {
{ " system_session " , ( PyCFunction ) py_system_session , METH_VARARGS , NULL } ,
2009-09-03 15:39:40 +04:00
{ " admin_session " , ( PyCFunction ) py_admin_session , METH_VARARGS , NULL } ,
2019-05-02 21:45:14 +03:00
{ " user_session " , PY_DISCARD_FUNC_SIG ( PyCFunction , py_user_session ) ,
METH_VARARGS | METH_KEYWORDS , NULL } ,
2018-07-11 07:48:40 +03:00
{ " session_info_fill_unix " ,
2019-05-02 21:45:14 +03:00
PY_DISCARD_FUNC_SIG ( PyCFunction , py_session_info_fill_unix ) ,
2018-07-11 07:48:40 +03:00
METH_VARARGS | METH_KEYWORDS ,
NULL } ,
2020-06-04 17:00:04 +03:00
{ " session_info_set_unix " ,
PY_DISCARD_FUNC_SIG ( PyCFunction , py_session_info_set_unix ) ,
METH_VARARGS | METH_KEYWORDS ,
NULL } ,
2018-09-04 15:37:41 +03:00
{ " copy_session_info " ,
2019-05-02 21:45:14 +03:00
PY_DISCARD_FUNC_SIG ( PyCFunction , py_copy_session_info ) ,
2018-09-04 15:37:41 +03:00
METH_VARARGS | METH_KEYWORDS ,
NULL } ,
2020-05-05 04:47:39 +03:00
{ 0 } ,
2008-12-21 05:37:31 +03:00
} ;
2016-12-20 12:57:13 +03:00
static struct PyModuleDef moduledef = {
PyModuleDef_HEAD_INIT ,
. m_name = " auth " ,
. m_doc = " Authentication and authorization support. " ,
. m_size = - 1 ,
. m_methods = py_auth_methods ,
} ;
MODULE_INIT_FUNC ( auth )
2008-12-21 05:37:31 +03:00
{
PyObject * m ;
2016-02-29 23:32:56 +03:00
if ( pytalloc_BaseObject_PyType_Ready ( & PyAuthContext ) < 0 )
2016-12-20 12:57:13 +03:00
return NULL ;
2011-01-19 14:29:08 +03:00
2016-12-20 12:57:13 +03:00
m = PyModule_Create ( & moduledef ) ;
2008-12-21 05:37:31 +03:00
if ( m = = NULL )
2016-12-20 12:57:13 +03:00
return NULL ;
2008-12-21 05:37:31 +03:00
2011-01-19 14:29:08 +03:00
Py_INCREF ( & PyAuthContext ) ;
PyModule_AddObject ( m , " AuthContext " , ( PyObject * ) & PyAuthContext ) ;
2011-01-11 08:43:54 +03:00
2016-12-20 12:57:13 +03:00
# define ADD_FLAG(val) PyModule_AddIntConstant(m, #val, val)
2011-01-11 08:43:54 +03:00
ADD_FLAG ( AUTH_SESSION_INFO_DEFAULT_GROUPS ) ;
ADD_FLAG ( AUTH_SESSION_INFO_AUTHENTICATED ) ;
ADD_FLAG ( AUTH_SESSION_INFO_SIMPLE_PRIVILEGES ) ;
2017-03-06 02:11:18 +03:00
ADD_FLAG ( AUTH_SESSION_INFO_NTLM ) ;
2011-01-11 08:43:54 +03:00
2016-12-20 12:57:13 +03:00
return m ;
2008-12-21 05:37:31 +03:00
}