sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-09 09:57:48 +03:00
Code

r26197: Add bindings for libsecurity.

Browse Source
This commit is contained in:
Jelmer Vernooij 2007-11-29 14:49:47 +01:00 committed by Stefan Metzmacher
parent 0aa19ce73f
commit 8625cd403b
14 changed files with 197 additions and 530 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.bzrignore
View File

@ -230,3 +230,5 @@ source/libcli/swig/libcli_smb_wrap.c
source/libcli/swig/libcli_nbt_wrap.c
source/lib/events/events.py
source/lib/events/events_wrap.c
source/libcli/security/security_wrap.c
source/libcli/security/security.py

2
source/autogen.sh
View File

@ -65,7 +65,7 @@ rm -rf autom4te*.cache
# Run swig if it is available
SWIG=swig
SWIG_FILES="./scripting/python/misc.i ./auth/auth.i ./auth/credentials/credentials.i ./lib/talloc/talloc.i ./lib/ldb/ldb.i ./lib/registry/registry.i ./lib/tdb/tdb.i ./libcli/swig/libcli_smb.i ./libcli/swig/libcli_nbt.i ./librpc/rpc/dcerpc.i lib/events/events.i"
SWIG_FILES="./scripting/python/misc.i ./auth/auth.i ./auth/credentials/credentials.i ./lib/ldb/ldb.i ./lib/registry/registry.i ./lib/tdb/tdb.i ./libcli/swig/libcli_smb.i ./libcli/swig/libcli_nbt.i ./librpc/rpc/dcerpc.i lib/events/events.i libcli/security/security.i"
if which $SWIG >/dev/null 2>&1; then
for I in $SWIG_FILES
do

1
source/lib/ldb/ldb_ildap/config.mk
View File

@ -3,6 +3,7 @@
[MODULE::ldb_ildap]
SUBSYSTEM = LIBLDB
CFLAGS = -Ilib/ldb/include
OUTPUT_TYPE = SHARED_LIBRARY
PRIVATE_DEPENDENCIES = LIBTALLOC LIBCLI_LDAP
INIT_FUNCTION = ldb_ildap_init
ALIASES = ldapi ldaps ldap

153
source/lib/ldb/ldb_tdb/ldb_tdb_wrap.c
View File

@ -1,153 +0,0 @@
/*
ldb database library
Copyright (C) Andrew Tridgell 2005
** NOTE! The following LGPL license applies to the ldb
** library. This does NOT imply that all of Samba is released
** under the LGPL
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 3 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, see <http://www.gnu.org/licenses/>.
*/
#include "ldb_includes.h"
#include "ldb_tdb.h"
/*
the purpose of this code is to work around the braindead posix locking
rules, to allow us to have a ldb open more than once while allowing
locking to work
*/
struct ltdb_wrap {
struct ltdb_wrap *next, *prev;
struct tdb_context *tdb;
dev_t device;
ino_t inode;
};
static struct ltdb_wrap *tdb_list;
/* destroy the last connection to a tdb */
static int ltdb_wrap_destructor(struct ltdb_wrap *w)
{
tdb_close(w->tdb);
if (w->next) {
w->next->prev = w->prev;
}
if (w->prev) {
w->prev->next = w->next;
}
if (w == tdb_list) {
tdb_list = w->next;
}
return 0;
}
static void ltdb_log_fn(struct tdb_context *tdb, enum tdb_debug_level level, const char *fmt, ...) PRINTF_ATTRIBUTE(3, 4);
static void ltdb_log_fn(struct tdb_context *tdb, enum tdb_debug_level level, const char *fmt, ...)
{
va_list ap;
const char *name = tdb_name(tdb);
struct ldb_context *ldb = talloc_get_type(tdb_get_logging_private(tdb), struct ldb_context);
enum ldb_debug_level ldb_level;
char *message;
va_start(ap, fmt);
message = talloc_vasprintf(ldb, fmt, ap);
va_end(ap);
switch (level) {
case TDB_DEBUG_FATAL:
ldb_level = LDB_DEBUG_FATAL;
break;
case TDB_DEBUG_ERROR:
ldb_level = LDB_DEBUG_ERROR;
break;
case TDB_DEBUG_WARNING:
ldb_level = LDB_DEBUG_WARNING;
break;
case TDB_DEBUG_TRACE:
ldb_level = LDB_DEBUG_TRACE;
break;
default:
ldb_level = LDB_DEBUG_FATAL;
}
ldb_debug(ldb, ldb_level, "ltdb: tdb(%s): %s", name, message);
talloc_free(message);
}
/*
wrapped connection to a tdb database. The caller should _not_ free
this as it is not a talloc structure (as tdb does not use talloc
yet). It will auto-close when the caller frees the mem_ctx that is
passed to this call
*/
struct tdb_context *ltdb_wrap_open(TALLOC_CTX *mem_ctx,
const char *path, int hash_size,
int tdb_flags,
int open_flags, mode_t mode,
struct ldb_context *ldb)
{
struct ltdb_wrap *w;
struct stat st;
struct tdb_logging_context log_ctx;
log_ctx.log_fn = ltdb_log_fn;
log_ctx.log_private = ldb;
if (stat(path, &st) == 0) {
for (w=tdb_list;w;w=w->next) {
if (st.st_dev == w->device && st.st_ino == w->inode) {
if (!talloc_reference(mem_ctx, w)) {
return NULL;
}
return w->tdb;
}
}
}
w = talloc(mem_ctx, struct ltdb_wrap);
if (w == NULL) {
return NULL;
}
w->tdb = tdb_open_ex(path, hash_size, tdb_flags, open_flags, mode, &log_ctx, NULL);
if (w->tdb == NULL) {
talloc_free(w);
return NULL;
}
if (fstat(tdb_fd(w->tdb), &st) != 0) {
tdb_close(w->tdb);
talloc_free(w);
return NULL;
}
w->device = st.st_dev;
w->inode = st.st_ino;
talloc_set_destructor(w, ltdb_wrap_destructor);
w->next = tdb_list;
w->prev = NULL;
if (tdb_list) {
tdb_list->prev = w;
}
tdb_list = w;
return w->tdb;
}

186
source/lib/ldb_wrap.c
View File

@ -1,186 +0,0 @@
/*
Unix SMB/CIFS implementation.
LDB wrap functions
Copyright (C) Andrew Tridgell 2004
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
the stupidity of the unix fcntl locking design forces us to never
allow a database file to be opened twice in the same process. These
wrappers provide convenient access to a tdb or ldb, taking advantage
of talloc destructors to ensure that only a single open is done
*/
#include "includes.h"
#include "lib/events/events.h"
#include "lib/ldb/include/ldb.h"
#include "lib/ldb/include/ldb_errors.h"
#include "lib/ldb-samba/ldif_handlers.h"
#include "ldb_wrap.h"
#include "dsdb/samdb/samdb.h"
#include "param/param.h"
/*
this is used to catch debug messages from ldb
*/
static void ldb_wrap_debug(void *context, enum ldb_debug_level level,
const char *fmt, va_list ap) PRINTF_ATTRIBUTE(3,0);
static void ldb_wrap_debug(void *context, enum ldb_debug_level level,
const char *fmt, va_list ap)
{
int samba_level;
char *s = NULL;
switch (level) {
case LDB_DEBUG_FATAL:
samba_level = 0;
break;
case LDB_DEBUG_ERROR:
samba_level = 1;
break;
case LDB_DEBUG_WARNING:
samba_level = 2;
break;
case LDB_DEBUG_TRACE:
samba_level = 5;
break;
};
vasprintf(&s, fmt, ap);
if (!s) return;
DEBUG(level, ("ldb: %s\n", s));
free(s);
}
/* check for memory leaks on the ldb context */
static int ldb_wrap_destructor(struct ldb_context *ldb)
{
size_t *startup_blocks = (size_t *)ldb_get_opaque(ldb, "startup_blocks");
if (startup_blocks &&
talloc_total_blocks(ldb) > *startup_blocks + 400) {
DEBUG(0,("WARNING: probable memory leak in ldb %s - %lu blocks (startup %lu) %lu bytes\n",
(char *)ldb_get_opaque(ldb, "wrap_url"),
(unsigned long)talloc_total_blocks(ldb),
(unsigned long)*startup_blocks,
(unsigned long)talloc_total_size(ldb)));
#if 0
talloc_report_full(ldb, stdout);
call_backtrace();
smb_panic("probable memory leak in ldb");
#endif
}
return 0;
}
/*
wrapped connection to a ldb database
to close just talloc_free() the returned ldb_context
TODO: We need an error_string parameter
*/
struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx,
const char *url,
struct auth_session_info *session_info,
struct cli_credentials *credentials,
unsigned int flags,
const char *options[])
{
struct ldb_context *ldb;
int ret;
struct event_context *ev;
char *real_url = NULL;
size_t *startup_blocks;
ldb = ldb_init(mem_ctx);
if (ldb == NULL) {
return NULL;
}
ldb_set_modules_dir(ldb,
talloc_asprintf(ldb, "%s/ldb", lp_modulesdir(lp_ctx)));
/* we want to use the existing event context if possible. This
relies on the fact that in smbd, everything is a child of
the main event_context */
ev = event_context_find(ldb);
if (ldb_set_opaque(ldb, "EventContext", ev)) {
talloc_free(ldb);
return NULL;
}
if (ldb_set_opaque(ldb, "sessionInfo", session_info)) {
talloc_free(ldb);
return NULL;
}
if (ldb_set_opaque(ldb, "credentials", credentials)) {
talloc_free(ldb);
return NULL;
}
if (strcmp(lp_sam_url(lp_ctx), url) == 0) {
dsdb_set_global_schema(ldb);
}
ret = ldb_register_samba_handlers(ldb);
if (ret == -1) {
talloc_free(ldb);
return NULL;
}
ldb_set_debug(ldb, ldb_wrap_debug, NULL);
ldb_set_utf8_fns(ldb, NULL, wrap_casefold);
real_url = private_path(ldb, lp_ctx, url);
if (real_url == NULL) {
talloc_free(ldb);
return NULL;
}
/* allow admins to force non-sync ldb for all databases */
if (lp_parm_bool(lp_ctx, NULL, "ldb", "nosync", false)) {
flags |= LDB_FLG_NOSYNC;
}
/* we usually want Samba databases to be private. If we later
find we need one public, we will need to add a parameter to
ldb_wrap_connect() */
ldb_set_create_perms(ldb, 0600);
ret = ldb_connect(ldb, real_url, flags, options);
if (ret != LDB_SUCCESS) {
talloc_free(ldb);
return NULL;
}
/* setup for leak detection */
ldb_set_opaque(ldb, "wrap_url", real_url);
startup_blocks = talloc(ldb, size_t);
*startup_blocks = talloc_total_blocks(ldb);
ldb_set_opaque(ldb, "startup_blocks", startup_blocks);
talloc_set_destructor(ldb, ldb_wrap_destructor);
return ldb;
}

9
source/lib/talloc/config.mk
View File

@ -1,13 +1,8 @@
################################################
# Start LIBRARY LIBTALLOC
[LIBRARY::LIBTALLOC]
VERSION = 0.0.1
SO_VERSION = 0
VERSION = 1.0.0
SO_VERSION = 1
OBJ_FILES = talloc.o
MANPAGE = talloc.3
CFLAGS = -Ilib/talloc
PUBLIC_HEADERS = talloc.h
DESCRIPTION = A hierarchical pool based memory system with destructors
#
# End LIBRARY LIBTALLOC
################################################

2
source/lib/talloc/talloc.i
View File

@ -19,8 +19,6 @@
/* Don't expose talloc contexts in Python code. Python does reference
counting for us, so just create a new top-level talloc context.
*/
%module talloc;
%typemap(in, numinputs=0) TALLOC_CTX * {
$1 = NULL;
}

117
source/lib/tdb_wrap.c
View File

@ -1,117 +0,0 @@
/*
Unix SMB/CIFS implementation.
TDB wrap functions
Copyright (C) Andrew Tridgell 2004
Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#include "lib/tdb/include/tdb.h"
#include "lib/util/dlinklist.h"
#include "tdb_wrap.h"
#include "tdb.h"
static struct tdb_wrap *tdb_list;
/* destroy the last connection to a tdb */
static int tdb_wrap_destructor(struct tdb_wrap *w)
{
tdb_close(w->tdb);
DLIST_REMOVE(tdb_list, w);
return 0;
}
/*
Log tdb messages via DEBUG().
*/
static void tdb_wrap_log(TDB_CONTEXT *tdb, enum tdb_debug_level level,
const char *format, ...) PRINTF_ATTRIBUTE(3,4);
static void tdb_wrap_log(TDB_CONTEXT *tdb, enum tdb_debug_level level,
const char *format, ...)
{
va_list ap;
char *ptr = NULL;
int debug_level;
va_start(ap, format);
vasprintf(&ptr, format, ap);
va_end(ap);
switch (level) {
case TDB_DEBUG_FATAL:
debug_level = 0;
break;
case TDB_DEBUG_ERROR:
debug_level = 1;
break;
case TDB_DEBUG_WARNING:
debug_level = 2;
break;
case TDB_DEBUG_TRACE:
debug_level = 5;
break;
default:
debug_level = 0;
}
if (ptr != NULL) {
const char *name = tdb_name(tdb);
DEBUG(debug_level, ("tdb(%s): %s", name ? name : "unnamed", ptr));
free(ptr);
}
}
/*
wrapped connection to a tdb database
to close just talloc_free() the tdb_wrap pointer
*/
struct tdb_wrap *tdb_wrap_open(TALLOC_CTX *mem_ctx,
const char *name, int hash_size, int tdb_flags,
int open_flags, mode_t mode)
{
struct tdb_wrap *w;
struct tdb_logging_context log_ctx;
log_ctx.log_fn = tdb_wrap_log;
for (w=tdb_list;w;w=w->next) {
if (strcmp(name, w->name) == 0) {
return talloc_reference(mem_ctx, w);
}
}
w = talloc(mem_ctx, struct tdb_wrap);
if (w == NULL) {
return NULL;
}
w->name = talloc_strdup(w, name);
w->tdb = tdb_open_ex(name, hash_size, tdb_flags,
open_flags, mode, &log_ctx, NULL);
if (w->tdb == NULL) {
talloc_free(w);
return NULL;
}
talloc_set_destructor(w, tdb_wrap_destructor);
DLIST_ADD(tdb_list, w);
return w;
}

8
source/libcli/security/config.mk
View File

@ -1,5 +1,3 @@
#################################
# Start SUBSYSTEM LIBSECURITY
[SUBSYSTEM::LIBSECURITY]
PRIVATE_PROTO_HEADER = proto.h
OBJ_FILES = security_token.o \
@ -9,5 +7,7 @@ OBJ_FILES = security_token.o \
privilege.o \
sddl.o
PUBLIC_DEPENDENCIES = NDR_MISC
# End SUBSYSTEM LIBSECURITY
#################################
[PYTHON::swig_security]
SWIG_FILE = security.i
PRIVATE_DEPENDENCIES = LIBSECURITY

121
source/libcli/security/security.i Normal file
View File

@ -0,0 +1,121 @@
/*
Unix SMB/CIFS implementation.
Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
%module(package="samba.security") security
%{
#include "includes.h"
#include "libcli/security/security.h"
typedef struct dom_sid dom_sid;
typedef struct security_token security_token;
typedef struct security_descriptor security_descriptor;
%}
%import "../../lib/talloc/talloc.i"
%import "../util/errors.i"
%import "stdint.i"
enum sec_privilege {
SEC_PRIV_SECURITY=1,
SEC_PRIV_BACKUP=2,
SEC_PRIV_RESTORE=3,
SEC_PRIV_SYSTEMTIME=4,
SEC_PRIV_SHUTDOWN=5,
SEC_PRIV_REMOTE_SHUTDOWN=6,
SEC_PRIV_TAKE_OWNERSHIP=7,
SEC_PRIV_DEBUG=8,
SEC_PRIV_SYSTEM_ENVIRONMENT=9,
SEC_PRIV_SYSTEM_PROFILE=10,
SEC_PRIV_PROFILE_SINGLE_PROCESS=11,
SEC_PRIV_INCREASE_BASE_PRIORITY=12,
SEC_PRIV_LOAD_DRIVER=13,
SEC_PRIV_CREATE_PAGEFILE=14,
SEC_PRIV_INCREASE_QUOTA=15,
SEC_PRIV_CHANGE_NOTIFY=16,
SEC_PRIV_UNDOCK=17,
SEC_PRIV_MANAGE_VOLUME=18,
SEC_PRIV_IMPERSONATE=19,
SEC_PRIV_CREATE_GLOBAL=20,
SEC_PRIV_ENABLE_DELEGATION=21,
SEC_PRIV_INTERACTIVE_LOGON=22,
SEC_PRIV_NETWORK_LOGON=23,
SEC_PRIV_REMOTE_INTERACTIVE_LOGON=24
};
%rename(SecurityToken) security_token;
typedef struct security_token {
%extend {
security_token(TALLOC_CTX *mem_ctx) { return security_token_initialise(mem_ctx); }
~security_token() { talloc_free($self); }
bool is_sid(const struct dom_sid *sid);
bool is_system();
bool is_anonymous();
bool has_sid(const struct dom_sid *sid);
bool has_builtin_administrators();
bool has_nt_authenticated_users();
bool has_privilege(enum sec_privilege privilege);
void set_privilege(enum sec_privilege privilege);
}
} security_token;
typedef struct security_descriptor {
%extend {
security_descriptor(TALLOC_CTX *mem_ctx) { return security_descriptor_initialise(mem_ctx); }
~security_descriptor() { talloc_free($self); }
NTSTATUS sacl_add(const struct security_ace *ace);
NTSTATUS dacl_add(const struct security_ace *ace);
NTSTATUS dacl_del(const struct security_ace *ace);
NTSTATUS sacl_del(const struct security_ace *ace);
#ifdef SWIGPYTHON
%rename(equal) __eq__;
#endif
bool equal(const struct security_descriptor *other);
}
} security_descriptor;
%rename(Sid) dom_sid;
typedef struct dom_sid {
%extend {
bool equal(const struct dom_sid *other);
#ifdef SWIGPYTHON
const char *__str__(TALLOC_CTX *mem_ctx) {
return dom_sid_string(mem_ctx, $self);
}
#endif
}
} dom_sid;
%inline %{
static struct dom_sid *random_sid(TALLOC_CTX *mem_ctx)
{
char *str = talloc_asprintf(mem_ctx, "S-1-5-21-%u-%u-%u",
(unsigned)generate_random(),
(unsigned)generate_random(),
(unsigned)generate_random());
return dom_sid_parse_talloc(mem_ctx, str);
}
%}
%rename(privilege_name) sec_privilege_name;
const char *sec_privilege_name(enum sec_privilege privilege);
%rename(privilege_id) sec_privilege_id;
enum sec_privilege sec_privilege_id(const char *name);

65
source/libcli/security/tests/bindings.py Normal file
View File

@ -0,0 +1,65 @@
#!/usr/bin/python
# Unix SMB/CIFS implementation.
# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
import unittest
import security
class SecurityTokenTests(unittest.TestCase):
def setUp(self):
self.token = security.SecurityToken()
def test_is_system(self):
self.assertFalse(self.token.is_system())
def test_is_anonymous(self):
self.assertFalse(self.token.is_anonymous())
def test_has_builtin_administrators(self):
self.assertFalse(self.token.has_builtin_administrators())
def test_has_nt_authenticated_users(self):
self.assertFalse(self.token.has_nt_authenticated_users())
def test_has_priv(self):
self.assertFalse(self.token.has_privilege(security.SEC_PRIV_SHUTDOWN))
def test_set_priv(self):
self.assertFalse(self.token.has_privilege(security.SEC_PRIV_SHUTDOWN))
self.assertFalse(self.token.set_privilege(security.SEC_PRIV_SHUTDOWN))
self.assertTrue(self.token.has_privilege(security.SEC_PRIV_SHUTDOWN))
class SecurityDescriptorTests(unittest.TestCase):
def setUp(self):
self.descriptor = security.SecurityDescriptor()
class RandomSidTests(unittest.TestCase):
def test_random(self):
sid = security.random_sid()
self.assertTrue(str(sid).startswith("S-1-5-21-"))
class PrivilegeTests(unittest.TestCase):
def test_privilege_name(self):
self.assertEquals("SeShutdownPrivilege", security.privilege_name(security.SEC_PRIV_SHUTDOWN))
def test_privilege_id(self):
self.assertEquals(security.SEC_PRIV_SHUTDOWN, security.privilege_id("SeShutdownPrivilege"))

4
source/scripting/python/config.mk
View File

@ -6,10 +6,6 @@ OBJ_FILES = parammodule.o
PRIVATE_DEPENDENCIES = LIBNDR
OBJ_FILES = uuidmodule.o
[PYTHON::python_sid]
PRIVATE_DEPENDENCIES = LIBNDR
OBJ_FILES = sidmodule.o
[PYTHON::python_misc]
PRIVATE_DEPENDENCIES = LIBNDR LIBLDB
SWIG_FILE = misc.i

56
source/scripting/python/sidmodule.c
View File

@ -1,56 +0,0 @@
/*
Unix SMB/CIFS implementation.
Samba utility functions
Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#include "Python.h"
#include "libcli/security/security.h"
static PyObject *sid_random(PyObject *self, PyObject *args)
{
char *str;
if (!PyArg_ParseTuple(args, ""))
return NULL;
str = talloc_asprintf(NULL, "S-1-5-21-%u-%u-%u",
(unsigned)generate_random(),
(unsigned)generate_random(),
(unsigned)generate_random());
if (str == NULL) {
PyErr_SetString(PyExc_TypeError, "can't generate random sid");
return NULL;
}
return PyString_FromString(str);
}
static PyMethodDef methods[] = {
{ "random", (PyCFunction)sid_random, METH_VARARGS, NULL},
{ NULL, NULL }
};
PyDoc_STRVAR(param_doc, "SID helper routines");
PyMODINIT_FUNC initsid(void)
{
PyObject *mod = Py_InitModule3("sid", methods, param_doc);
if (mod == NULL)
return;
}

1
source/selftest/samba4_tests.sh
View File

@ -299,4 +299,5 @@ then
plantest "registry.python" none PYTHONPATH=bin/python:scripting/python:lib/registry/tests/ scripting/bin/subunitrun bindings
plantest "tdb.python" none PYTHONPATH=bin/python:scripting/python:lib/tdb/python/tests scripting/bin/subunitrun simple
plantest "auth.python" none PYTHONPATH=bin/python:scripting/python:auth/tests/ scripting/bin/subunitrun bindings
plantest "security.python" none PYTHONPATH=bin/python:scripting/python:libcli/security/tests/ scripting/bin/subunitrun bindings
fi