sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-04 08:22:08 +03:00
Code Activity

pysmbd: make "session_info" arg to py_smbd_set_nt_acl() mandatory

Browse Source 
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Ralph Boehme
2019-12-17 14:49:42 +01:00
parent a4f3860da3
commit 437af4d079
7 changed files with 92 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
python/samba/netcmd/domain.py
View File

@ -66,6 +66,7 @@ from samba.samba3 import param as s3param
from samba.upgrade import upgrade_from_samba3
from samba.drs_utils import drsuapi_connect
from samba import remove_dc, arcfour_encrypt, string_to_byte_array
from samba.auth_util import system_session_unix
from samba.dsdb import (
DS_DOMAIN_FUNCTION_2000,
@ -463,7 +464,10 @@ class cmd_domain_provision(Command):
try:
try:
samba.ntacls.setntacl(lp, file.name,
"O:S-1-5-32G:S-1-5-32", "S-1-5-32", "native")
"O:S-1-5-32G:S-1-5-32",
"S-1-5-32",
system_session_unix(),
"native")
eadb = False
except Exception:
self.logger.info("You are not root or your system does not support xattr, using tdb backend for attributes. ")
@ -1607,7 +1611,10 @@ class cmd_domain_classicupgrade(Command):
try:
try:
samba.ntacls.setntacl(lp, tmpfile.name,
"O:S-1-5-32G:S-1-5-32", "S-1-5-32", "native")
"O:S-1-5-32G:S-1-5-32",
"S-1-5-32",
system_session_unix(),
"native")
eadb = False
except Exception:
# FIXME: Don't catch all exceptions here

8
python/samba/netcmd/ntacl.py
View File

@ -107,11 +107,11 @@ class cmd_ntacl_set(Command):
file,
acl,
str(domain_sid),
system_session_unix(),
xattr_backend,
eadb_file,
use_ntvfs=use_ntvfs,
service=service,
session_info=system_session_unix())
service=service)
if use_ntvfs:
logger.warning("Please note that POSIX permissions have NOT been changed, only the stored NT ACL")
@ -323,11 +323,11 @@ class cmd_ntacl_changedomsid(Command):
file,
acl,
new_domain_sid,
system_session_unix(),
xattr_backend,
eadb_file,
use_ntvfs=use_ntvfs,
service=service,
session_info=system_session_unix())
service=service)
except Exception as e:
raise CommandError("Could not set acl for %s: %s" % (file, e))

22
python/samba/ntacls.py
View File

@ -35,6 +35,7 @@ from samba.samba3 import smbd
from samba.samba3 import libsmb_samba_internal as libsmb
from samba.logger import get_samba_logger
from samba import NTSTATUSError
from samba.auth_util import system_session_unix
# don't include volumes
SMB_FILE_ATTRIBUTE_FLAGS = libsmb.FILE_ATTRIBUTE_SYSTEM | \
@ -134,10 +135,10 @@ def getntacl(lp,
session_info=session_info)
def setntacl(lp, file, sddl, domsid,
def setntacl(lp, file, sddl, domsid, session_info,
backend=None, eadbfile=None,
use_ntvfs=True, skip_invalid_chown=False,
passdb=None, service=None, session_info=None):
passdb=None, service=None):
"""
A wrapper for smbd set_nt_acl api.
@ -190,7 +191,8 @@ def setntacl(lp, file, sddl, domsid,
smbd.set_nt_acl(
file, SECURITY_SECINFO_FLAGS, sd2,
service=service, session_info=session_info)
session_info,
service=service)
# and then set an NTVFS ACL (which does not set the posix ACL) to pretend the owner really was set
use_ntvfs = True
@ -208,7 +210,9 @@ def setntacl(lp, file, sddl, domsid,
security.SECINFO_GROUP |
security.SECINFO_DACL |
security.SECINFO_SACL,
sd, service=service, session_info=session_info)
sd,
session_info,
service=service)
if use_ntvfs:
(backend_obj, dbname) = checkset_backend(lp, backend, eadbfile)
@ -456,9 +460,9 @@ class NtaclsHelper:
return ntacl_sd.as_sddl(self.dom_sid) if as_sddl else ntacl_sd
def setntacl(self, path, ntacl_sd):
def setntacl(self, path, ntacl_sd, session_info):
# ntacl_sd can be obj or str
return setntacl(self.lp, path, ntacl_sd, self.dom_sid,
return setntacl(self.lp, path, ntacl_sd, self.dom_sid, session_info,
use_ntvfs=self.use_ntvfs)
@ -543,6 +547,7 @@ def backup_offline(src_service_path, dest_tarfile_path, samdb_conn, smb_conf_pat
"""
service = src_service_path.rstrip('/').rsplit('/', 1)[-1]
tempdir = tempfile.mkdtemp()
session_info = system_session_unix()
dom_sid_str = samdb_conn.get_domain_sid()
dom_sid = security.dom_sid(dom_sid_str)
@ -599,6 +604,7 @@ def backup_restore(src_tarfile_path, dst_service_path, samdb_conn, smb_conf_path
dom_sid = security.dom_sid(dom_sid_str)
ntacls_helper = NtaclsHelper(service, smb_conf_path, dom_sid)
session_info = system_session_unix()
with tarfile.open(src_tarfile_path) as f:
f.extractall(path=tempdir)
@ -619,7 +625,7 @@ def backup_restore(src_tarfile_path, dst_service_path, samdb_conn, smb_conf_path
ntacl_sddl_str = _read_ntacl_file(src)
if ntacl_sddl_str:
ntacls_helper.setntacl(dst, ntacl_sddl_str)
ntacls_helper.setntacl(dst, ntacl_sddl_str, session_info)
else:
logger.warning(
'Failed to restore ntacl for directory %s.' % dst
@ -635,7 +641,7 @@ def backup_restore(src_tarfile_path, dst_service_path, samdb_conn, smb_conf_path
ntacl_sddl_str = _read_ntacl_file(src)
if ntacl_sddl_str:
ntacls_helper.setntacl(dst, ntacl_sddl_str)
ntacls_helper.setntacl(dst, ntacl_sddl_str, session_info)
else:
logger.warning('Failed to restore ntacl for file %s.' % dst
+ ' Please check the permissions are correct')

15
python/samba/provision/__init__.py
View File

@ -1633,13 +1633,14 @@ SYSVOL_SERVICE = "sysvol"
def set_dir_acl(path, acl, lp, domsid, use_ntvfs, passdb, service=SYSVOL_SERVICE):
setntacl(lp, path, acl, domsid, use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=service)
session_info = system_session_unix()
setntacl(lp, path, acl, domsid, session_info, use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=service)
for root, dirs, files in os.walk(path, topdown=False):
for name in files:
setntacl(lp, os.path.join(root, name), acl, domsid,
setntacl(lp, os.path.join(root, name), acl, domsid, session_info,
use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=service)
for name in dirs:
setntacl(lp, os.path.join(root, name), acl, domsid,
setntacl(lp, os.path.join(root, name), acl, domsid, session_info,
use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=service)
@ -1657,7 +1658,9 @@ def set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, p
# Set ACL for GPO root folder
root_policy_path = os.path.join(sysvol, dnsdomain, "Policies")
setntacl(lp, root_policy_path, POLICIES_ACL, str(domainsid),
session_info = system_session_unix()
setntacl(lp, root_policy_path, POLICIES_ACL, str(domainsid), session_info,
use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=SYSVOL_SERVICE)
res = samdb.search(base="CN=Policies,CN=System,%s" %(domaindn),
@ -1759,9 +1762,9 @@ def setsysvolacl(samdb, netlogon, sysvol, uid, gid, domainsid, dnsdomain,
def _setntacl(path):
"""A helper to reuse args"""
return setntacl(
lp, path, SYSVOL_ACL, str(domainsid),
lp, path, SYSVOL_ACL, str(domainsid), session_info,
use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=s4_passdb,
service=SYSVOL_SERVICE, session_info=session_info)
service=SYSVOL_SERVICE)
# Set the SYSVOL_ACL on the sysvol folder and subfolder (first level)
_setntacl(sysvol)

12
python/samba/tests/ntacls.py
View File

@ -24,6 +24,7 @@ from samba.ntacls import setntacl, getntacl, XattrBackendError
from samba.param import LoadParm
from samba.dcerpc import security
from samba.tests import TestCaseInTempDir, SkipTest
from samba.auth_util import system_session_unix
NTACL_SDDL = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
DOMAIN_SID = "S-1-5-21-2212615479-2695158682-2101375467"
@ -35,6 +36,7 @@ class NtaclsTests(TestCaseInTempDir):
super(NtaclsTests, self).setUp()
self.tempf = os.path.join(self.tempdir, "test")
open(self.tempf, 'w').write("empty")
self.session_info = system_session_unix()
def tearDown(self):
os.unlink(self.tempf)
@ -44,14 +46,14 @@ class NtaclsTests(TestCaseInTempDir):
lp = LoadParm()
open(self.tempf, 'w').write("empty")
lp.set("posix:eadb", os.path.join(self.tempdir, "eadbtest.tdb"))
setntacl(lp, self.tempf, NTACL_SDDL, DOMAIN_SID)
setntacl(lp, self.tempf, NTACL_SDDL, DOMAIN_SID, self.session_info)
os.unlink(os.path.join(self.tempdir, "eadbtest.tdb"))
def test_setntacl_getntacl(self):
lp = LoadParm()
open(self.tempf, 'w').write("empty")
lp.set("posix:eadb", os.path.join(self.tempdir, "eadbtest.tdb"))
setntacl(lp, self.tempf, NTACL_SDDL, DOMAIN_SID)
setntacl(lp, self.tempf, NTACL_SDDL, DOMAIN_SID, self.session_info)
facl = getntacl(lp, self.tempf)
anysid = security.dom_sid(security.SID_NT_SELF)
self.assertEquals(facl.as_sddl(anysid), NTACL_SDDL)
@ -60,7 +62,7 @@ class NtaclsTests(TestCaseInTempDir):
def test_setntacl_getntacl_param(self):
lp = LoadParm()
open(self.tempf, 'w').write("empty")
setntacl(lp, self.tempf, NTACL_SDDL, DOMAIN_SID, "tdb",
setntacl(lp, self.tempf, NTACL_SDDL, DOMAIN_SID, self.session_info, "tdb",
os.path.join(self.tempdir, "eadbtest.tdb"))
facl = getntacl(lp, self.tempf, "tdb", os.path.join(
self.tempdir, "eadbtest.tdb"))
@ -72,7 +74,7 @@ class NtaclsTests(TestCaseInTempDir):
lp = LoadParm()
open(self.tempf, 'w').write("empty")
self.assertRaises(XattrBackendError, setntacl, lp, self.tempf,
NTACL_SDDL, DOMAIN_SID, "ttdb",
NTACL_SDDL, DOMAIN_SID, self.session_info, "ttdb",
os.path.join(self.tempdir, "eadbtest.tdb"))
def test_setntacl_forcenative(self):
@ -82,4 +84,4 @@ class NtaclsTests(TestCaseInTempDir):
open(self.tempf, 'w').write("empty")
lp.set("posix:eadb", os.path.join(self.tempdir, "eadbtest.tdb"))
self.assertRaises(Exception, setntacl, lp, self.tempf, NTACL_SDDL,
DOMAIN_SID, "native")
DOMAIN_SID, self.session_info, "native")

64
python/samba/tests/posixacl.py
View File

@ -69,21 +69,21 @@ class PosixAclMappingTests(SmbdBaseTests):
def test_setntacl(self):
acl = ACL
setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=False,
session_info=self.get_session_info())
setntacl(self.lp, self.tempf, acl, DOM_SID,
self.get_session_info(), use_ntvfs=False)
def test_setntacl_smbd_getntacl(self):
acl = ACL
setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=True,
session_info=self.get_session_info())
setntacl(self.lp, self.tempf, acl, DOM_SID,
self.get_session_info(), use_ntvfs=True)
facl = getntacl(self.lp, self.tempf, direct_db_access=True)
anysid = security.dom_sid(security.SID_NT_SELF)
self.assertEquals(facl.as_sddl(anysid), acl)
def test_setntacl_smbd_setposixacl_getntacl(self):
acl = ACL
setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=True,
session_info=self.get_session_info())
setntacl(self.lp, self.tempf, acl, DOM_SID,
self.get_session_info(), use_ntvfs=True)
# This will invalidate the ACL, as we have a hook!
smbd.set_simple_acl(self.tempf, 0o640, self.get_session_info())
@ -94,8 +94,8 @@ class PosixAclMappingTests(SmbdBaseTests):
def test_setntacl_invalidate_getntacl(self):
acl = ACL
setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=True,
session_info=self.get_session_info())
setntacl(self.lp, self.tempf, acl, DOM_SID,
self.get_session_info(), use_ntvfs=True)
# This should invalidate the ACL, as we include the posix ACL in the hash
(backend_obj, dbname) = checkset_backend(self.lp, None, None)
@ -109,8 +109,8 @@ class PosixAclMappingTests(SmbdBaseTests):
def test_setntacl_invalidate_getntacl_smbd(self):
acl = ACL
setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=False,
session_info=self.get_session_info())
setntacl(self.lp, self.tempf, acl, DOM_SID,
self.get_session_info(), use_ntvfs=False)
# This should invalidate the ACL, as we include the posix ACL in the hash
(backend_obj, dbname) = checkset_backend(self.lp, None, None)
@ -126,8 +126,8 @@ class PosixAclMappingTests(SmbdBaseTests):
acl = ACL
simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x001200a9;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)"
os.chmod(self.tempf, 0o750)
setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=False,
session_info=self.get_session_info())
setntacl(self.lp, self.tempf, acl, DOM_SID,
self.get_session_info(), use_ntvfs=False)
# This should invalidate the ACL, as we include the posix ACL in the hash
(backend_obj, dbname) = checkset_backend(self.lp, None, None)
@ -141,16 +141,16 @@ class PosixAclMappingTests(SmbdBaseTests):
def test_setntacl_getntacl_smbd(self):
acl = ACL
setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=True,
session_info=self.get_session_info())
setntacl(self.lp, self.tempf, acl, DOM_SID,
self.get_session_info(), use_ntvfs=True)
facl = getntacl(self.lp, self.tempf, direct_db_access=False)
anysid = security.dom_sid(security.SID_NT_SELF)
self.assertEquals(facl.as_sddl(anysid), acl)
def test_setntacl_smbd_getntacl_smbd(self):
acl = ACL
setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=False,
session_info=self.get_session_info())
setntacl(self.lp, self.tempf, acl, DOM_SID,
self.get_session_info(), use_ntvfs=False)
facl = getntacl(self.lp, self.tempf, direct_db_access=False)
anysid = security.dom_sid(security.SID_NT_SELF)
self.assertEquals(facl.as_sddl(anysid), acl)
@ -158,8 +158,8 @@ class PosixAclMappingTests(SmbdBaseTests):
def test_setntacl_smbd_setposixacl_getntacl_smbd(self):
acl = ACL
simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x001f019f;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x00120089;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)"
setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=False,
session_info=self.get_session_info())
setntacl(self.lp, self.tempf, acl, DOM_SID,
self.get_session_info(), use_ntvfs=False)
# This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code
smbd.set_simple_acl(self.tempf, 0o640, self.get_session_info())
facl = getntacl(self.lp, self.tempf, direct_db_access=False)
@ -170,8 +170,8 @@ class PosixAclMappingTests(SmbdBaseTests):
acl = ACL
BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x001f019f;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x00120089;;;BA)(A;;0x00120089;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)"
setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=False,
session_info=self.get_session_info())
setntacl(self.lp, self.tempf, acl, DOM_SID,
self.get_session_info(), use_ntvfs=False)
# This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code
s4_passdb = passdb.PDB(self.lp.get("passdb backend"))
(BA_gid, BA_type) = s4_passdb.sid_to_id(BA_sid)
@ -184,16 +184,16 @@ class PosixAclMappingTests(SmbdBaseTests):
def test_setntacl_smbd_getntacl_smbd_gpo(self):
acl = "O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=False,
session_info=self.get_session_info())
setntacl(self.lp, self.tempf, acl, DOM_SID,
self.get_session_info(), use_ntvfs=False)
facl = getntacl(self.lp, self.tempf, direct_db_access=False)
domsid = security.dom_sid(DOM_SID)
self.assertEquals(facl.as_sddl(domsid), acl)
def test_setntacl_getposixacl(self):
acl = ACL
setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=False,
session_info=self.get_session_info())
setntacl(self.lp, self.tempf, acl, DOM_SID,
self.get_session_info(), use_ntvfs=False)
facl = getntacl(self.lp, self.tempf)
anysid = security.dom_sid(security.SID_NT_SELF)
self.assertEquals(facl.as_sddl(anysid), acl)
@ -310,8 +310,8 @@ class PosixAclMappingTests(SmbdBaseTests):
acl = provision.SYSVOL_ACL
domsid = passdb.get_global_sam_sid()
session_info = self.get_session_info(domsid)
setntacl(self.lp, self.tempf, acl, str(domsid), use_ntvfs=False,
session_info=session_info)
setntacl(self.lp, self.tempf, acl, str(domsid),
session_info, use_ntvfs=False)
facl = getntacl(self.lp, self.tempf)
self.assertEquals(facl.as_sddl(domsid), acl)
posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS)
@ -454,8 +454,8 @@ class PosixAclMappingTests(SmbdBaseTests):
acl = provision.SYSVOL_ACL
domsid = passdb.get_global_sam_sid()
session_info = self.get_session_info(domsid)
setntacl(self.lp, self.tempdir, acl, str(domsid), use_ntvfs=False,
session_info=session_info)
setntacl(self.lp, self.tempdir, acl, str(domsid),
session_info, use_ntvfs=False)
facl = getntacl(self.lp, self.tempdir)
self.assertEquals(facl.as_sddl(domsid), acl)
posix_acl = smbd.get_sys_acl(self.tempdir, smb_acl.SMB_ACL_TYPE_ACCESS)
@ -547,8 +547,8 @@ class PosixAclMappingTests(SmbdBaseTests):
acl = provision.POLICIES_ACL
domsid = passdb.get_global_sam_sid()
session_info = self.get_session_info(domsid)
setntacl(self.lp, self.tempdir, acl, str(domsid), use_ntvfs=False,
session_info=session_info)
setntacl(self.lp, self.tempdir, acl, str(domsid),
session_info, use_ntvfs=False)
facl = getntacl(self.lp, self.tempdir)
self.assertEquals(facl.as_sddl(domsid), acl)
posix_acl = smbd.get_sys_acl(self.tempdir, smb_acl.SMB_ACL_TYPE_ACCESS)
@ -653,8 +653,8 @@ class PosixAclMappingTests(SmbdBaseTests):
domsid = passdb.get_global_sam_sid()
session_info = self.get_session_info(domsid)
setntacl(self.lp, self.tempf, acl, str(domsid), use_ntvfs=False,
session_info=session_info)
setntacl(self.lp, self.tempf, acl, str(domsid),
session_info, use_ntvfs=False)
facl = getntacl(self.lp, self.tempf)
self.assertEquals(facl.as_sddl(domsid), acl)
posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS)

36
source3/smbd/pysmbd.c
View File

@ -686,8 +686,8 @@ static PyObject *py_smbd_set_nt_acl(PyObject *self, PyObject *args, PyObject *kw
"fname",
"security_info_sent",
"sd",
"service",
"session_info",
"service",
NULL
};
@ -703,13 +703,13 @@ static PyObject *py_smbd_set_nt_acl(PyObject *self, PyObject *args, PyObject *kw
frame = talloc_stackframe();
if (!PyArg_ParseTupleAndKeywords(args, kwargs, "siO|zO",
if (!PyArg_ParseTupleAndKeywords(args, kwargs, "siOO|z",
discard_const_p(char *, kwnames),
&fname,
&security_info_sent,
&py_sd,
&service,
&py_session)) {
&py_session,
&service)) {
TALLOC_FREE(frame);
return NULL;
}
@ -719,21 +719,19 @@ static PyObject *py_smbd_set_nt_acl(PyObject *self, PyObject *args, PyObject *kw
return NULL;
}
if (py_session != Py_None) {
if (!py_check_dcerpc_type(py_session,
"samba.dcerpc.auth",
"session_info")) {
TALLOC_FREE(frame);
return NULL;
}
session_info = pytalloc_get_type(py_session,
struct auth_session_info);
if (!session_info) {
PyErr_Format(PyExc_TypeError,
"Expected auth_session_info for session_info argument got %s",
pytalloc_get_name(py_session));
return NULL;
}
if (!py_check_dcerpc_type(py_session,
"samba.dcerpc.auth",
"session_info")) {
TALLOC_FREE(frame);
return NULL;
}
session_info = pytalloc_get_type(py_session,
struct auth_session_info);
if (session_info == NULL) {
PyErr_Format(PyExc_TypeError,
"Expected auth_session_info for session_info argument got %s",
pytalloc_get_name(py_session));
return NULL;
}
conn = get_conn_tos(service, session_info);