sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-24 13:57:43 +03:00
Code
samba-mirror/auth/credentials/pycredentials.c
Stefan Metzmacher 6c96f9499f pycredentials: add [g|s]et_old_nt_hash() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
2025-01-08 09:13:30 +00:00

3204 lines
84 KiB
C
Raw Blame History

/*
Unix SMB/CIFS implementation.
Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "lib/replace/system/python.h"
#include "python/py3compat.h"
#include "includes.h"
#include "python/modules.h"
#include "pycredentials.h"
#include "param/param.h"
#include "auth/credentials/credentials_internal.h"
#include "auth/credentials/credentials_krb5.h"
#include "librpc/gen_ndr/dcerpc.h"
#include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
#include "librpc/gen_ndr/netlogon.h"
#include "libcli/util/pyerrors.h"
#include "libcli/auth/libcli_auth.h"
#include "param/pyparam.h"
#include <tevent.h>
#include "libcli/auth/libcli_auth.h"
#include "system/kerberos.h"
#include "auth/kerberos/kerberos.h"
#include "libcli/smb/smb_constants.h"
static PyObject *py_creds_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
{
return pytalloc_steal(type, cli_credentials_init(NULL));
}
static PyObject *PyCredentials_from_cli_credentials(struct cli_credentials *creds)
{
return pytalloc_reference(&PyCredentials, creds);
}
static PyObject *py_creds_get_username(PyObject *self, PyObject *unused)
{
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
return PyString_FromStringOrNULL(cli_credentials_get_username(creds));
}
static PyObject *py_creds_set_username(PyObject *self, PyObject *args)
{
char *newval;
enum credentials_obtained obt = CRED_SPECIFIED;
int _obt = obt;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
return NULL;
}
obt = _obt;
return PyBool_FromLong(cli_credentials_set_username(creds, newval, obt));
}
static PyObject *py_creds_get_ntlm_username_domain(PyObject *self, PyObject *unused)
{
TALLOC_CTX *frame = talloc_stackframe();
const char *user = NULL;
const char *domain = NULL;
PyObject *ret = NULL;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
cli_credentials_get_ntlm_username_domain(creds,
frame, &user, &domain);
ret = Py_BuildValue("(ss)",
user,
domain);
TALLOC_FREE(frame);
return ret;
}
static PyObject *py_creds_get_ntlm_response(PyObject *self, PyObject *args, PyObject *kwargs)
{
TALLOC_CTX *frame = talloc_stackframe();
PyObject *ret = NULL;
int flags;
struct timeval tv_now;
NTTIME server_timestamp;
DATA_BLOB challenge = data_blob_null;
DATA_BLOB target_info = data_blob_null;
NTSTATUS status;
DATA_BLOB lm_response = data_blob_null;
DATA_BLOB nt_response = data_blob_null;
DATA_BLOB lm_session_key = data_blob_null;
DATA_BLOB nt_session_key = data_blob_null;
const char *kwnames[] = { "flags", "challenge",
"target_info",
NULL };
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
tv_now = timeval_current();
server_timestamp = timeval_to_nttime(&tv_now);
if (!PyArg_ParseTupleAndKeywords(args, kwargs, "is#|s#",
discard_const_p(char *, kwnames),
&flags,
&challenge.data,
&challenge.length,
&target_info.data,
&target_info.length)) {
return NULL;
}
status = cli_credentials_get_ntlm_response(creds,
frame, &flags,
challenge,
&server_timestamp,
target_info,
&lm_response, &nt_response,
&lm_session_key, &nt_session_key);
if (!NT_STATUS_IS_OK(status)) {
PyErr_SetNTSTATUS(status);
TALLOC_FREE(frame);
return NULL;
}
ret = Py_BuildValue("{sis" PYARG_BYTES_LEN "s" PYARG_BYTES_LEN
"s" PYARG_BYTES_LEN "s" PYARG_BYTES_LEN "}",
"flags", flags,
"lm_response",
(const char *)lm_response.data, lm_response.length,
"nt_response",
(const char *)nt_response.data, nt_response.length,
"lm_session_key",
(const char *)lm_session_key.data, lm_session_key.length,
"nt_session_key",
(const char *)nt_session_key.data, nt_session_key.length);
TALLOC_FREE(frame);
return ret;
}
static PyObject *py_creds_get_principal(PyObject *self, PyObject *unused)
{
TALLOC_CTX *frame = talloc_stackframe();
PyObject *ret = NULL;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
ret = PyString_FromStringOrNULL(cli_credentials_get_principal(creds, frame));
TALLOC_FREE(frame);
return ret;
}
static PyObject *py_creds_set_principal(PyObject *self, PyObject *args)
{
char *newval;
enum credentials_obtained obt = CRED_SPECIFIED;
int _obt = obt;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
return NULL;
}
obt = _obt;
return PyBool_FromLong(cli_credentials_set_principal(creds, newval, obt));
}
static PyObject *py_creds_get_password(PyObject *self, PyObject *unused)
{
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
return PyString_FromStringOrNULL(cli_credentials_get_password(creds));
}
static PyObject *py_creds_set_password(PyObject *self, PyObject *args)
{
const char *newval = NULL;
enum credentials_obtained obt = CRED_SPECIFIED;
int _obt = obt;
PyObject *result = NULL;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, PYARG_STR_UNI"|i", "utf8", &newval, &_obt)) {
return NULL;
}
obt = _obt;
result = PyBool_FromLong(cli_credentials_set_password(creds, newval, obt));
PyMem_Free(discard_const_p(void*, newval));
return result;
}
static PyObject *py_creds_set_utf16_password(PyObject *self, PyObject *args)
{
enum credentials_obtained obt = CRED_SPECIFIED;
int _obt = obt;
PyObject *newval = NULL;
DATA_BLOB blob = data_blob_null;
Py_ssize_t size = 0;
int result;
bool ok;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "O|i", &newval, &_obt)) {
return NULL;
}
obt = _obt;
result = PyBytes_AsStringAndSize(newval, (char **)&blob.data, &size);
if (result != 0) {
PyErr_SetString(PyExc_RuntimeError, "Failed to convert passed value to Bytes");
return NULL;
}
blob.length = size;
ok = cli_credentials_set_utf16_password(creds,
&blob, obt);
return PyBool_FromLong(ok);
}
static PyObject *py_creds_get_old_password(PyObject *self, PyObject *unused)
{
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
return PyString_FromStringOrNULL(cli_credentials_get_old_password(creds));
}
static PyObject *py_creds_set_old_password(PyObject *self, PyObject *args)
{
char *oldval;
enum credentials_obtained obt = CRED_SPECIFIED;
int _obt = obt;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "s|i", &oldval, &_obt)) {
return NULL;
}
obt = _obt;
return PyBool_FromLong(cli_credentials_set_old_password(creds, oldval, obt));
}
static PyObject *py_creds_set_old_utf16_password(PyObject *self, PyObject *args)
{
PyObject *oldval = NULL;
DATA_BLOB blob = data_blob_null;
Py_ssize_t size = 0;
int result;
bool ok;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "O", &oldval)) {
return NULL;
}
result = PyBytes_AsStringAndSize(oldval, (char **)&blob.data, &size);
if (result != 0) {
PyErr_SetString(PyExc_RuntimeError, "Failed to convert passed value to Bytes");
return NULL;
}
blob.length = size;
ok = cli_credentials_set_old_utf16_password(creds,
&blob);
return PyBool_FromLong(ok);
}
static PyObject *py_creds_get_domain(PyObject *self, PyObject *unused)
{
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
return PyString_FromStringOrNULL(cli_credentials_get_domain(creds));
}
static PyObject *py_creds_set_domain(PyObject *self, PyObject *args)
{
char *newval;
enum credentials_obtained obt = CRED_SPECIFIED;
int _obt = obt;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
return NULL;
}
obt = _obt;
return PyBool_FromLong(cli_credentials_set_domain(creds, newval, obt));
}
static PyObject *py_creds_get_realm(PyObject *self, PyObject *unused)
{
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
return PyString_FromStringOrNULL(cli_credentials_get_realm(creds));
}
static PyObject *py_creds_set_realm(PyObject *self, PyObject *args)
{
char *newval;
enum credentials_obtained obt = CRED_SPECIFIED;
int _obt = obt;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
return NULL;
}
obt = _obt;
return PyBool_FromLong(cli_credentials_set_realm(creds, newval, obt));
}
static PyObject *py_creds_get_bind_dn(PyObject *self, PyObject *unused)
{
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
return PyString_FromStringOrNULL(cli_credentials_get_bind_dn(creds));
}
static PyObject *py_creds_set_bind_dn(PyObject *self, PyObject *args)
{
char *newval;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "z", &newval))
return NULL;
return PyBool_FromLong(cli_credentials_set_bind_dn(creds, newval));
}
static PyObject *py_creds_get_workstation(PyObject *self, PyObject *unused)
{
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
return PyString_FromStringOrNULL(cli_credentials_get_workstation(creds));
}
static PyObject *py_creds_set_workstation(PyObject *self, PyObject *args)
{
char *newval;
enum credentials_obtained obt = CRED_SPECIFIED;
int _obt = obt;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
return NULL;
}
obt = _obt;
return PyBool_FromLong(cli_credentials_set_workstation(creds, newval, obt));
}
static PyObject *py_creds_is_anonymous(PyObject *self, PyObject *unused)
{
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
return PyBool_FromLong(cli_credentials_is_anonymous(creds));
}
static PyObject *py_creds_set_anonymous(PyObject *self, PyObject *unused)
{
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
cli_credentials_set_anonymous(creds);
Py_RETURN_NONE;
}
static PyObject *py_creds_authentication_requested(PyObject *self, PyObject *unused)
{
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
return PyBool_FromLong(cli_credentials_authentication_requested(creds));
}
static PyObject *py_creds_wrong_password(PyObject *self, PyObject *unused)
{
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
return PyBool_FromLong(cli_credentials_wrong_password(creds));
}
static PyObject *py_creds_set_cmdline_callbacks(PyObject *self, PyObject *unused)
{
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
return PyBool_FromLong(cli_credentials_set_cmdline_callbacks(creds));
}
static PyObject *py_creds_parse_string(PyObject *self, PyObject *args)
{
char *newval;
enum credentials_obtained obt = CRED_SPECIFIED;
int _obt = obt;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
return NULL;
}
obt = _obt;
cli_credentials_parse_string(creds, newval, obt);
Py_RETURN_NONE;
}
static PyObject *py_creds_parse_file(PyObject *self, PyObject *args)
{
char *newval;
enum credentials_obtained obt = CRED_SPECIFIED;
int _obt = obt;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
return NULL;
}
obt = _obt;
cli_credentials_parse_file(creds, newval, obt);
Py_RETURN_NONE;
}
static PyObject *py_cli_credentials_set_password_will_be_nt_hash(PyObject *self, PyObject *args)
{
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
PyObject *py_val = NULL;
bool val = false;
if (!PyArg_ParseTuple(args, "O!", &PyBool_Type, &py_val)) {
return NULL;
}
val = PyObject_IsTrue(py_val);
cli_credentials_set_password_will_be_nt_hash(creds, val);
Py_RETURN_NONE;
}
static PyObject *py_creds_get_nt_hash(PyObject *self, PyObject *unused)
{
PyObject *ret;
struct samr_Password *ntpw = NULL;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
ntpw = cli_credentials_get_nt_hash(creds, creds);
if (ntpw == NULL) {
Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize(discard_const_p(char, ntpw->hash), 16);
TALLOC_FREE(ntpw);
return ret;
}
static PyObject *py_creds_set_nt_hash(PyObject *self, PyObject *args)
{
PyObject *py_cp = Py_None;
const struct samr_Password *pwd = NULL;
enum credentials_obtained obt = CRED_SPECIFIED;
int _obt = obt;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "O|i", &py_cp, &_obt)) {
return NULL;
}
obt = _obt;
if (!py_check_dcerpc_type(py_cp, "samba.dcerpc.samr", "Password")) {
/* py_check_dcerpc_type sets TypeError */
return NULL;
}
pwd = pytalloc_get_ptr(py_cp);
return PyBool_FromLong(cli_credentials_set_nt_hash(creds, pwd, obt));
}
static PyObject *py_creds_get_old_nt_hash(PyObject *self, PyObject *unused)
{
PyObject *ret;
struct samr_Password *ntpw = NULL;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
ntpw = cli_credentials_get_old_nt_hash(creds, creds);
if (ntpw == NULL) {
Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize(discard_const_p(char, ntpw->hash), 16);
TALLOC_FREE(ntpw);
return ret;
}
static PyObject *py_creds_set_old_nt_hash(PyObject *self, PyObject *args)
{
PyObject *py_cp = Py_None;
const struct samr_Password *pwd = NULL;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "O", &py_cp)) {
return NULL;
}
if (!py_check_dcerpc_type(py_cp, "samba.dcerpc.samr", "Password")) {
/* py_check_dcerpc_type sets TypeError */
return NULL;
}
pwd = pytalloc_get_ptr(py_cp);
return PyBool_FromLong(cli_credentials_set_old_nt_hash(creds, pwd));
}
static PyObject *py_creds_get_kerberos_state(PyObject *self, PyObject *unused)
{
int state;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
state = cli_credentials_get_kerberos_state(creds);
return PyLong_FromLong(state);
}
static PyObject *py_creds_set_kerberos_state(PyObject *self, PyObject *args)
{
int state;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "i", &state))
return NULL;
cli_credentials_set_kerberos_state(creds, state, CRED_SPECIFIED);
Py_RETURN_NONE;
}
static PyObject *py_creds_set_krb_forwardable(PyObject *self, PyObject *args)
{
int state;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "i", &state))
return NULL;
cli_credentials_set_krb_forwardable(creds, state);
Py_RETURN_NONE;
}
static PyObject *py_creds_get_forced_sasl_mech(PyObject *self, PyObject *unused)
{
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
return PyString_FromStringOrNULL(cli_credentials_get_forced_sasl_mech(creds));
}
static PyObject *py_creds_set_forced_sasl_mech(PyObject *self, PyObject *args)
{
char *newval;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "s", &newval)) {
return NULL;
}
cli_credentials_set_forced_sasl_mech(creds, newval);
Py_RETURN_NONE;
}
static PyObject *py_creds_set_conf(PyObject *self, PyObject *args)
{
PyObject *py_lp_ctx = Py_None;
struct loadparm_context *lp_ctx;
TALLOC_CTX *mem_ctx;
struct cli_credentials *creds;
bool ok;
creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx)) {
return NULL;
}
mem_ctx = talloc_new(NULL);
if (mem_ctx == NULL) {
PyErr_NoMemory();
return NULL;
}
lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
if (lp_ctx == NULL) {
talloc_free(mem_ctx);
return NULL;
}
ok = cli_credentials_set_conf(creds, lp_ctx);
talloc_free(mem_ctx);
if (!ok) {
return NULL;
}
Py_RETURN_NONE;
}
static PyObject *py_creds_guess(PyObject *self, PyObject *args)
{
PyObject *py_lp_ctx = Py_None;
struct loadparm_context *lp_ctx;
TALLOC_CTX *mem_ctx;
struct cli_credentials *creds;
bool ok;
creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
return NULL;
mem_ctx = talloc_new(NULL);
if (mem_ctx == NULL) {
PyErr_NoMemory();
return NULL;
}
lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
if (lp_ctx == NULL) {
talloc_free(mem_ctx);
return NULL;
}
ok = cli_credentials_guess(creds, lp_ctx);
talloc_free(mem_ctx);
if (!ok) {
return NULL;
}
Py_RETURN_NONE;
}
static PyObject *py_creds_set_machine_account(PyObject *self, PyObject *args)
{
PyObject *py_lp_ctx = Py_None;
struct loadparm_context *lp_ctx;
NTSTATUS status;
struct cli_credentials *creds;
TALLOC_CTX *mem_ctx;
creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
return NULL;
mem_ctx = talloc_new(NULL);
if (mem_ctx == NULL) {
PyErr_NoMemory();
return NULL;
}
lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
if (lp_ctx == NULL) {
talloc_free(mem_ctx);
return NULL;
}
status = cli_credentials_set_machine_account(creds, lp_ctx);
talloc_free(mem_ctx);
PyErr_NTSTATUS_IS_ERR_RAISE(status);
Py_RETURN_NONE;
}
static PyObject *PyCredentialCacheContainer_from_ccache_container(struct ccache_container *ccc)
{
return pytalloc_reference(&PyCredentialCacheContainer, ccc);
}
static PyObject *py_creds_get_named_ccache(PyObject *self, PyObject *args)
{
PyObject *py_lp_ctx = Py_None;
char *ccache_name = NULL;
struct loadparm_context *lp_ctx;
struct ccache_container *ccc;
struct tevent_context *event_ctx;
int ret;
const char *error_string;
struct cli_credentials *creds;
TALLOC_CTX *mem_ctx;
creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "|Os", &py_lp_ctx, &ccache_name))
return NULL;
mem_ctx = talloc_new(NULL);
if (mem_ctx == NULL) {
PyErr_NoMemory();
return NULL;
}
lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
if (lp_ctx == NULL) {
talloc_free(mem_ctx);
return NULL;
}
event_ctx = samba_tevent_context_init(mem_ctx);
ret = cli_credentials_get_named_ccache(creds, event_ctx, lp_ctx,
ccache_name, &ccc, &error_string);
talloc_unlink(mem_ctx, lp_ctx);
if (ret == 0) {
talloc_steal(ccc, event_ctx);
talloc_free(mem_ctx);
return PyCredentialCacheContainer_from_ccache_container(ccc);
}
PyErr_SetString(PyExc_RuntimeError, error_string?error_string:"NULL");
talloc_free(mem_ctx);
return NULL;
}
static PyObject *py_creds_set_named_ccache(PyObject *self, PyObject *args)
{
struct loadparm_context *lp_ctx = NULL;
enum credentials_obtained obt = CRED_SPECIFIED;
const char *error_string = NULL;
TALLOC_CTX *mem_ctx = NULL;
char *newval = NULL;
PyObject *py_lp_ctx = Py_None;
int _obt = obt;
int ret;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "s|iO", &newval, &_obt, &py_lp_ctx))
return NULL;
obt = _obt;
mem_ctx = talloc_new(NULL);
if (mem_ctx == NULL) {
PyErr_NoMemory();
return NULL;
}
lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
if (lp_ctx == NULL) {
talloc_free(mem_ctx);
return NULL;
}
ret = cli_credentials_set_ccache(creds,
lp_ctx,
newval, obt,
&error_string);
if (ret != 0) {
PyErr_SetString(PyExc_RuntimeError,
error_string != NULL ? error_string : "NULL");
talloc_free(mem_ctx);
return NULL;
}
talloc_free(mem_ctx);
Py_RETURN_NONE;
}
static PyObject *py_creds_set_gensec_features(PyObject *self, PyObject *args)
{
unsigned int gensec_features;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "I", &gensec_features))
return NULL;
cli_credentials_set_gensec_features(creds,
gensec_features,
CRED_SPECIFIED);
Py_RETURN_NONE;
}
static PyObject *py_creds_get_gensec_features(PyObject *self, PyObject *args)
{
unsigned int gensec_features;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
gensec_features = cli_credentials_get_gensec_features(creds);
return PyLong_FromLong(gensec_features);
}
static PyObject *py_creds_new_client_authenticator(PyObject *self,
PyObject *args)
{
struct netr_Authenticator auth;
struct cli_credentials *creds = NULL;
struct netlogon_creds_CredentialState *nc = NULL;
PyObject *ret = NULL;
NTSTATUS status;
creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_SetString(PyExc_RuntimeError,
"Failed to get credentials from python");
return NULL;
}
nc = creds->netlogon_creds;
if (nc == NULL) {
PyErr_SetString(PyExc_ValueError,
"No netlogon credentials cannot make "
"client authenticator");
return NULL;
}
status = netlogon_creds_client_authenticator(nc, &auth);
if (!NT_STATUS_IS_OK(status)) {
PyErr_SetString(PyExc_ValueError,
"Failed to create client authenticator");
return NULL;
}
ret = Py_BuildValue("{s"PYARG_BYTES_LEN"si}",
"credential",
(const char *) &auth.cred, sizeof(auth.cred),
"timestamp", auth.timestamp);
return ret;
}
static PyObject *py_creds_set_secure_channel_type(PyObject *self, PyObject *args)
{
unsigned int channel_type;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "I", &channel_type))
return NULL;
cli_credentials_set_secure_channel_type(
creds,
channel_type);
Py_RETURN_NONE;
}
static PyObject *py_creds_get_secure_channel_type(PyObject *self, PyObject *args)
{
enum netr_SchannelType channel_type = SEC_CHAN_NULL;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
channel_type = cli_credentials_get_secure_channel_type(creds);
return PyLong_FromLong(channel_type);
}
static PyObject *py_creds_get_netlogon_creds(PyObject *self, PyObject *unused)
{
struct cli_credentials *creds = NULL;
struct netlogon_creds_CredentialState *ncreds = NULL;
PyObject *py_ncreds = Py_None;
creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (creds->netlogon_creds == NULL) {
Py_RETURN_NONE;
}
ncreds = netlogon_creds_copy(NULL, creds->netlogon_creds);
if (ncreds == NULL) {
PyErr_NoMemory();
return NULL;
}
py_ncreds = py_return_ndr_struct("samba.dcerpc.schannel",
"netlogon_creds_CredentialState",
ncreds,
ncreds);
if (py_ncreds == NULL) {
TALLOC_FREE(ncreds);
return NULL;
}
return py_ncreds;
}
static PyObject *py_creds_set_netlogon_creds(PyObject *self, PyObject *args)
{
struct cli_credentials *creds = NULL;
const struct netlogon_creds_CredentialState *ncreds = NULL;
PyObject *py_ncreds = Py_None;
creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "O", &py_ncreds))
return NULL;
if (py_ncreds == Py_None) {
ncreds = NULL;
} else {
bool ok;
ok = py_check_dcerpc_type(py_ncreds,
"samba.dcerpc.schannel",
"netlogon_creds_CredentialState");
if (!ok) {
/* py_check_dcerpc_type sets TypeError */
return NULL;
}
ncreds = pytalloc_get_type(py_ncreds,
struct netlogon_creds_CredentialState);
if (ncreds == NULL) {
/* pytalloc_get_type sets TypeError */
return NULL;
}
}
cli_credentials_set_netlogon_creds(creds, ncreds);
if (ncreds != NULL && creds->netlogon_creds == NULL) {
PyErr_NoMemory();
return NULL;
}
Py_RETURN_NONE;
}
static PyObject *py_creds_set_kerberos_salt_principal(PyObject *self, PyObject *args)
{
char *salt_principal = NULL;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "s", &salt_principal))
return NULL;
cli_credentials_set_salt_principal(
creds,
salt_principal);
Py_RETURN_NONE;
}
static PyObject *py_creds_get_kerberos_salt_principal(PyObject *self, PyObject *unused)
{
TALLOC_CTX *mem_ctx;
PyObject *ret = NULL;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
mem_ctx = talloc_new(NULL);
if (mem_ctx == NULL) {
PyErr_NoMemory();
return NULL;
}
ret = PyString_FromStringOrNULL(cli_credentials_get_salt_principal(creds, mem_ctx));
TALLOC_FREE(mem_ctx);
return ret;
}
static PyObject *py_creds_get_kerberos_key_current_or_old(PyObject *self, PyObject *args, bool old)
{
struct loadparm_context *lp_ctx = NULL;
TALLOC_CTX *mem_ctx = NULL;
PyObject *py_lp_ctx = Py_None;
DATA_BLOB key;
int code;
int enctype;
PyObject *ret = NULL;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "i|O", &enctype, &py_lp_ctx))
return NULL;
mem_ctx = talloc_new(NULL);
if (mem_ctx == NULL) {
PyErr_NoMemory();
return NULL;
}
lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
if (lp_ctx == NULL) {
talloc_free(mem_ctx);
return NULL;
}
code = cli_credentials_get_kerberos_key(creds,
mem_ctx,
lp_ctx,
enctype,
old,
&key);
if (code != 0) {
PyErr_SetString(PyExc_RuntimeError,
"Failed to generate Kerberos key");
talloc_free(mem_ctx);
return NULL;
}
ret = PyBytes_FromStringAndSize((const char *)key.data,
key.length);
talloc_free(mem_ctx);
return ret;
}
static PyObject *py_creds_get_kerberos_key(PyObject *self, PyObject *args)
{
return py_creds_get_kerberos_key_current_or_old(self, args, false);
}
static PyObject *py_creds_get_old_kerberos_key(PyObject *self, PyObject *args)
{
return py_creds_get_kerberos_key_current_or_old(self, args, true);
}
static PyObject *py_creds_encrypt_netr_crypt_password(PyObject *self,
PyObject *args)
{
struct cli_credentials *creds = NULL;
struct netr_CryptPassword *pwd = NULL;
struct samr_CryptPassword spwd;
enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
NTSTATUS status;
PyObject *py_cp = Py_None;
creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "O", &py_cp)) {
return NULL;
}
if (!py_check_dcerpc_type(py_cp, "samba.dcerpc.netlogon", "netr_CryptPassword")) {
/* py_check_dcerpc_type sets TypeError */
return NULL;
}
pwd = pytalloc_get_ptr(py_cp);
if (pwd == NULL) {
/* pytalloc_get_type sets TypeError */
return NULL;
}
memcpy(spwd.data, pwd->data, 512);
PUSH_LE_U32(spwd.data, 512, pwd->length);
status = netlogon_creds_encrypt_samr_CryptPassword(creds->netlogon_creds,
&spwd,
auth_type,
auth_level);
memcpy(pwd->data, spwd.data, 512);
pwd->length = PULL_LE_U32(spwd.data, 512);
ZERO_STRUCT(spwd);
PyErr_NTSTATUS_IS_ERR_RAISE(status);
Py_RETURN_NONE;
}
static PyObject *py_creds_encrypt_netr_PasswordInfo(PyObject *self,
PyObject *args,
PyObject *kwargs)
{
const char * const kwnames[] = {
"info",
"auth_type",
"auth_level",
NULL
};
struct cli_credentials *creds = NULL;
PyObject *py_info = Py_None;
enum netr_LogonInfoClass level = NetlogonInteractiveInformation;
union netr_LogonLevel logon = { .password = NULL, };
uint8_t auth_type = DCERPC_AUTH_TYPE_NONE;
uint8_t auth_level = DCERPC_AUTH_LEVEL_NONE;
NTSTATUS status;
bool ok;
creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (creds->netlogon_creds == NULL) {
PyErr_Format(PyExc_ValueError, "NetLogon credentials not set");
return NULL;
}
if (!PyArg_ParseTupleAndKeywords(args, kwargs, "Obb",
discard_const_p(char *, kwnames),
&py_info, &auth_type, &auth_level))
{
return NULL;
}
ok = py_check_dcerpc_type(py_info,
"samba.dcerpc.netlogon",
"netr_PasswordInfo");
if (!ok) {
/* py_check_dcerpc_type sets TypeError */
return NULL;
}
logon.password = pytalloc_get_type(py_info, struct netr_PasswordInfo);
if (logon.password == NULL) {
/* pytalloc_get_type sets TypeError */
return NULL;
}
status = netlogon_creds_encrypt_samlogon_logon(creds->netlogon_creds,
level,
&logon,
auth_type,
auth_level);
PyErr_NTSTATUS_IS_ERR_RAISE(status);
Py_RETURN_NONE;
}
static PyObject *py_creds_get_smb_signing(PyObject *self, PyObject *unused)
{
enum smb_signing_setting signing_state;
struct cli_credentials *creds = NULL;
creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
signing_state = cli_credentials_get_smb_signing(creds);
return PyLong_FromLong(signing_state);
}
static PyObject *py_creds_set_smb_signing(PyObject *self, PyObject *args)
{
enum smb_signing_setting signing_state;
struct cli_credentials *creds = NULL;
enum credentials_obtained obt = CRED_SPECIFIED;
creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "i|i", &signing_state, &obt)) {
return NULL;
}
switch (signing_state) {
case SMB_SIGNING_DEFAULT:
case SMB_SIGNING_OFF:
case SMB_SIGNING_IF_REQUIRED:
case SMB_SIGNING_DESIRED:
case SMB_SIGNING_REQUIRED:
break;
default:
PyErr_Format(PyExc_TypeError, "Invalid signing state value");
return NULL;
}
cli_credentials_set_smb_signing(creds, signing_state, obt);
Py_RETURN_NONE;
}
static PyObject *py_creds_get_smb_ipc_signing(PyObject *self, PyObject *unused)
{
enum smb_signing_setting signing_state;
struct cli_credentials *creds = NULL;
creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
signing_state = cli_credentials_get_smb_ipc_signing(creds);
return PyLong_FromLong(signing_state);
}
static PyObject *py_creds_set_smb_ipc_signing(PyObject *self, PyObject *args)
{
enum smb_signing_setting signing_state;
struct cli_credentials *creds = NULL;
enum credentials_obtained obt = CRED_SPECIFIED;
creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "i|i", &signing_state, &obt)) {
return NULL;
}
switch (signing_state) {
case SMB_SIGNING_DEFAULT:
case SMB_SIGNING_OFF:
case SMB_SIGNING_IF_REQUIRED:
case SMB_SIGNING_DESIRED:
case SMB_SIGNING_REQUIRED:
break;
default:
PyErr_Format(PyExc_TypeError, "Invalid signing state value");
return NULL;
}
cli_credentials_set_smb_ipc_signing(creds, signing_state, obt);
Py_RETURN_NONE;
}
static PyObject *py_creds_get_smb_encryption(PyObject *self, PyObject *unused)
{
enum smb_encryption_setting encryption_state;
struct cli_credentials *creds = NULL;
creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
encryption_state = cli_credentials_get_smb_encryption(creds);
return PyLong_FromLong(encryption_state);
}
static PyObject *py_creds_set_smb_encryption(PyObject *self, PyObject *args)
{
enum smb_encryption_setting encryption_state;
struct cli_credentials *creds = NULL;
enum credentials_obtained obt = CRED_SPECIFIED;
creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "i|i", &encryption_state, &obt)) {
return NULL;
}
switch (encryption_state) {
case SMB_ENCRYPTION_DEFAULT:
case SMB_ENCRYPTION_OFF:
case SMB_ENCRYPTION_IF_REQUIRED:
case SMB_ENCRYPTION_DESIRED:
case SMB_ENCRYPTION_REQUIRED:
break;
default:
PyErr_Format(PyExc_TypeError, "Invalid encryption state value");
return NULL;
}
(void)cli_credentials_set_smb_encryption(creds, encryption_state, obt);
Py_RETURN_NONE;
}
static PyObject *py_creds_get_krb5_fast_armor_credentials(PyObject *self, PyObject *unused)
{
struct cli_credentials *creds = NULL;
struct cli_credentials *fast_creds = NULL;
creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
fast_creds = cli_credentials_get_krb5_fast_armor_credentials(creds);
if (fast_creds == NULL) {
Py_RETURN_NONE;
}
return PyCredentials_from_cli_credentials(fast_creds);
}
static PyObject *py_creds_set_krb5_fast_armor_credentials(PyObject *self, PyObject *args)
{
struct cli_credentials *creds = NULL;
PyObject *pyfast_creds;
struct cli_credentials *fast_creds = NULL;
int fast_armor_required = 0;
NTSTATUS status;
creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
if (!PyArg_ParseTuple(args, "Op", &pyfast_creds, &fast_armor_required)) {
return NULL;
}
if (pyfast_creds == Py_None) {
fast_creds = NULL;
} else {
fast_creds = PyCredentials_AsCliCredentials(pyfast_creds);
if (fast_creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
}
status = cli_credentials_set_krb5_fast_armor_credentials(creds,
fast_creds,
fast_armor_required);
PyErr_NTSTATUS_IS_ERR_RAISE(status);
Py_RETURN_NONE;
}
static PyObject *py_creds_get_krb5_require_fast_armor(PyObject *self, PyObject *unused)
{
bool krb5_fast_armor_required;
struct cli_credentials *creds = NULL;
creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
PyErr_Format(PyExc_TypeError, "Credentials expected");
return NULL;
}
krb5_fast_armor_required = cli_credentials_get_krb5_require_fast_armor(creds);
return PyBool_FromLong(krb5_fast_armor_required);
}
static PyMethodDef py_creds_methods[] = {
{
.ml_name = "get_username",
.ml_meth = py_creds_get_username,
.ml_flags = METH_NOARGS,
.ml_doc = "S.get_username() -> username\nObtain username.",
},
{
.ml_name = "set_username",
.ml_meth = py_creds_set_username,
.ml_flags = METH_VARARGS,
.ml_doc = "S.set_username(name[, credentials.SPECIFIED]) -> None\n"
"Change username.",
},
{
.ml_name = "get_principal",
.ml_meth = py_creds_get_principal,
.ml_flags = METH_NOARGS,
.ml_doc = "S.get_principal() -> user@realm\nObtain user principal.",
},
{
.ml_name = "set_principal",
.ml_meth = py_creds_set_principal,
.ml_flags = METH_VARARGS,
.ml_doc = "S.set_principal(name[, credentials.SPECIFIED]) -> None\n"
"Change principal.",
},
{
.ml_name = "get_password",
.ml_meth = py_creds_get_password,
.ml_flags = METH_NOARGS,
.ml_doc = "S.get_password() -> password\n"
"Obtain password.",
},
{
.ml_name = "get_ntlm_username_domain",
.ml_meth = py_creds_get_ntlm_username_domain,
.ml_flags = METH_NOARGS,
.ml_doc = "S.get_ntlm_username_domain() -> (domain, username)\n"
"Obtain NTLM username and domain, split up either as (DOMAIN, user) or (\"\", \"user@realm\").",
},
{
.ml_name = "get_ntlm_response",
.ml_meth = PY_DISCARD_FUNC_SIG(PyCFunction,
py_creds_get_ntlm_response),
.ml_flags = METH_VARARGS | METH_KEYWORDS,
.ml_doc = "S.get_ntlm_response"
"(flags, challenge[, target_info]) -> "
"(flags, lm_response, nt_response, lm_session_key, nt_session_key)\n"
"Obtain LM or NTLM response.",
},
{
.ml_name = "set_password",
.ml_meth = py_creds_set_password,
.ml_flags = METH_VARARGS,
.ml_doc = "S.set_password(password[, credentials.SPECIFIED]) -> None\n"
"Change password.",
},
{
.ml_name = "set_utf16_password",
.ml_meth = py_creds_set_utf16_password,
.ml_flags = METH_VARARGS,
.ml_doc = "S.set_utf16_password(password[, credentials.SPECIFIED]) -> None\n"
"Change password.",
},
{
.ml_name = "get_old_password",
.ml_meth = py_creds_get_old_password,
.ml_flags = METH_NOARGS,
.ml_doc = "S.get_old_password() -> password\n"
"Obtain old password.",
},
{
.ml_name = "set_old_password",
.ml_meth = py_creds_set_old_password,
.ml_flags = METH_VARARGS,
.ml_doc = "S.set_old_password(password[, credentials.SPECIFIED]) -> None\n"
"Change old password.",
},
{
.ml_name = "set_old_utf16_password",
.ml_meth = py_creds_set_old_utf16_password,
.ml_flags = METH_VARARGS,
.ml_doc = "S.set_old_utf16_password(password[, credentials.SPECIFIED]) -> None\n"
"Change old password.",
},
{
.ml_name = "get_domain",
.ml_meth = py_creds_get_domain,
.ml_flags = METH_NOARGS,
.ml_doc = "S.get_domain() -> domain\n"
"Obtain domain name.",
},
{
.ml_name = "set_domain",
.ml_meth = py_creds_set_domain,
.ml_flags = METH_VARARGS,
.ml_doc = "S.set_domain(domain[, credentials.SPECIFIED]) -> None\n"
"Change domain name.",
},
{
.ml_name = "get_realm",
.ml_meth = py_creds_get_realm,
.ml_flags = METH_NOARGS,
.ml_doc = "S.get_realm() -> realm\n"
"Obtain realm name.",
},
{
.ml_name = "set_realm",
.ml_meth = py_creds_set_realm,
.ml_flags = METH_VARARGS,
.ml_doc = "S.set_realm(realm[, credentials.SPECIFIED]) -> None\n"
"Change realm name.",
},
{
.ml_name = "get_bind_dn",
.ml_meth = py_creds_get_bind_dn,
.ml_flags = METH_NOARGS,
.ml_doc = "S.get_bind_dn() -> bind dn\n"
"Obtain bind DN.",
},
{
.ml_name = "set_bind_dn",
.ml_meth = py_creds_set_bind_dn,
.ml_flags = METH_VARARGS,
.ml_doc = "S.set_bind_dn(bind_dn) -> None\n"
"Change bind DN.",
},
{
.ml_name = "is_anonymous",
.ml_meth = py_creds_is_anonymous,
.ml_flags = METH_NOARGS,
},
{
.ml_name = "set_anonymous",
.ml_meth = py_creds_set_anonymous,
.ml_flags = METH_NOARGS,
.ml_doc = "S.set_anonymous() -> None\n"
"Use anonymous credentials.",
},
{
.ml_name = "get_workstation",
.ml_meth = py_creds_get_workstation,
.ml_flags = METH_NOARGS,
},
{
.ml_name = "set_workstation",
.ml_meth = py_creds_set_workstation,
.ml_flags = METH_VARARGS,
},
{
.ml_name = "authentication_requested",
.ml_meth = py_creds_authentication_requested,
.ml_flags = METH_NOARGS,
},
{
.ml_name = "wrong_password",
.ml_meth = py_creds_wrong_password,
.ml_flags = METH_NOARGS,
.ml_doc = "S.wrong_password() -> bool\n"
"Indicate the returned password was incorrect.",
},
{
.ml_name = "set_cmdline_callbacks",
.ml_meth = py_creds_set_cmdline_callbacks,
.ml_flags = METH_NOARGS,
.ml_doc = "S.set_cmdline_callbacks() -> bool\n"
"Use command-line to obtain credentials not explicitly set.",
},
{
.ml_name = "parse_string",
.ml_meth = py_creds_parse_string,
.ml_flags = METH_VARARGS,
.ml_doc = "S.parse_string(text[, credentials.SPECIFIED]) -> None\n"
"Parse credentials string.",
},
{
.ml_name = "parse_file",
.ml_meth = py_creds_parse_file,
.ml_flags = METH_VARARGS,
.ml_doc = "S.parse_file(filename[, credentials.SPECIFIED]) -> None\n"
"Parse credentials file.",
},
{
.ml_name = "set_password_will_be_nt_hash",
.ml_meth = py_cli_credentials_set_password_will_be_nt_hash,
.ml_flags = METH_VARARGS,
.ml_doc = "S.set_password_will_be_nt_hash(bool) -> None\n"
"Alters the behaviour of S.set_password() "
"to expect the NTHASH as hexstring.",
},
{
.ml_name = "get_nt_hash",
.ml_meth = py_creds_get_nt_hash,
.ml_flags = METH_NOARGS,
},
{
.ml_name = "set_nt_hash",
.ml_meth = py_creds_set_nt_hash,
.ml_flags = METH_VARARGS,
.ml_doc = "S.set_nt_hash(samr_Password[, credentials.SPECIFIED]) -> bool\n"
"Change NT hash.",
},
{
.ml_name = "get_old_nt_hash",
.ml_meth = py_creds_get_old_nt_hash,
.ml_flags = METH_NOARGS,
},
{
.ml_name = "set_old_nt_hash",
.ml_meth = py_creds_set_old_nt_hash,
.ml_flags = METH_VARARGS,
.ml_doc = "S.set_old_nt_hash(samr_Password) -> bool\n"
"Change old NT hash.",
},
{
.ml_name = "get_kerberos_state",
.ml_meth = py_creds_get_kerberos_state,
.ml_flags = METH_NOARGS,
},
{
.ml_name = "set_kerberos_state",
.ml_meth = py_creds_set_kerberos_state,
.ml_flags = METH_VARARGS,
},
{
.ml_name = "set_krb_forwardable",
.ml_meth = py_creds_set_krb_forwardable,
.ml_flags = METH_VARARGS,
},
{
.ml_name = "set_conf",
.ml_meth = py_creds_set_conf,
.ml_flags = METH_VARARGS,
},
{
.ml_name = "guess",
.ml_meth = py_creds_guess,
.ml_flags = METH_VARARGS,
},
{
.ml_name = "set_machine_account",
.ml_meth = py_creds_set_machine_account,
.ml_flags = METH_VARARGS,
},
{
.ml_name = "get_named_ccache",
.ml_meth = py_creds_get_named_ccache,
.ml_flags = METH_VARARGS,
},
{
.ml_name = "set_named_ccache",
.ml_meth = py_creds_set_named_ccache,
.ml_flags = METH_VARARGS,
.ml_doc = "S.set_named_ccache(krb5_ccache_name, obtained, lp) -> None\n"
"Set credentials to KRB5 Credentials Cache (by name).",
},
{
.ml_name = "set_gensec_features",
.ml_meth = py_creds_set_gensec_features,
.ml_flags = METH_VARARGS,
},
{
.ml_name = "get_gensec_features",
.ml_meth = py_creds_get_gensec_features,
.ml_flags = METH_NOARGS,
},
{
.ml_name = "get_forced_sasl_mech",
.ml_meth = py_creds_get_forced_sasl_mech,
.ml_flags = METH_NOARGS,
.ml_doc = "S.get_forced_sasl_mech() -> SASL mechanism\nObtain forced SASL mechanism.",
},
{
.ml_name = "set_forced_sasl_mech",
.ml_meth = py_creds_set_forced_sasl_mech,
.ml_flags = METH_VARARGS,
.ml_doc = "S.set_forced_sasl_mech(name) -> None\n"
"Set forced SASL mechanism.",
},
{
.ml_name = "new_client_authenticator",
.ml_meth = py_creds_new_client_authenticator,
.ml_flags = METH_NOARGS,
.ml_doc = "S.new_client_authenticator() -> Authenticator\n"
"Get a new client NETLOGON_AUTHENTICATOR"},
{
.ml_name = "set_secure_channel_type",
.ml_meth = py_creds_set_secure_channel_type,
.ml_flags = METH_VARARGS,
},
{
.ml_name = "get_secure_channel_type",
.ml_meth = py_creds_get_secure_channel_type,
.ml_flags = METH_VARARGS,
},
{
.ml_name = "get_netlogon_creds",
.ml_meth = py_creds_get_netlogon_creds,
.ml_flags = METH_NOARGS,
},
{
.ml_name = "set_netlogon_creds",
.ml_meth = py_creds_set_netlogon_creds,
.ml_flags = METH_VARARGS,
},
{
.ml_name = "set_kerberos_salt_principal",
.ml_meth = py_creds_set_kerberos_salt_principal,
.ml_flags = METH_VARARGS,
},
{
.ml_name = "get_kerberos_salt_principal",
.ml_meth = py_creds_get_kerberos_salt_principal,
.ml_flags = METH_VARARGS,
},
{
.ml_name = "get_kerberos_key",
.ml_meth = py_creds_get_kerberos_key,
.ml_flags = METH_VARARGS,
.ml_doc = "S.get_kerberos_key(enctype, [lp]) -> bytes\n"
"Generate a Kerberos key using the current password and\n"
"the salt on this credentials object",
},
{
.ml_name = "get_old_kerberos_key",
.ml_meth = py_creds_get_old_kerberos_key,
.ml_flags = METH_VARARGS,
.ml_doc = "S.get_old_kerberos_key(enctype, [lp]) -> bytes\n"
"Generate a Kerberos key using the old (previous) password and\n"
"the salt on this credentials object",
},
{
.ml_name = "encrypt_netr_crypt_password",
.ml_meth = py_creds_encrypt_netr_crypt_password,
.ml_flags = METH_VARARGS,
.ml_doc = "S.encrypt_netr_crypt_password(password) -> None\n"
"Encrypt the supplied password using the session key and\n"
"the negotiated encryption algorithm in place\n"
"i.e. it overwrites the original data"},
{
.ml_name = "encrypt_netr_PasswordInfo",
.ml_meth = PY_DISCARD_FUNC_SIG(PyCFunction,
py_creds_encrypt_netr_PasswordInfo),
.ml_flags = METH_VARARGS | METH_KEYWORDS,
.ml_doc = "S.encrypt_netr_PasswordInfo(info, "
"auth_type, auth_level) -> None\n"
"Encrypt the supplied password info using the session key and\n"
"the negotiated encryption algorithm in place\n"
"i.e. it overwrites the original data"
},
{
.ml_name = "get_smb_signing",
.ml_meth = py_creds_get_smb_signing,
.ml_flags = METH_NOARGS,
},
{
.ml_name = "set_smb_signing",
.ml_meth = py_creds_set_smb_signing,
.ml_flags = METH_VARARGS,
},
{
.ml_name = "get_smb_ipc_signing",
.ml_meth = py_creds_get_smb_ipc_signing,
.ml_flags = METH_NOARGS,
},
{
.ml_name = "set_smb_ipc_signing",
.ml_meth = py_creds_set_smb_ipc_signing,
.ml_flags = METH_VARARGS,
},
{
.ml_name = "get_smb_encryption",
.ml_meth = py_creds_get_smb_encryption,
.ml_flags = METH_NOARGS,
},
{
.ml_name = "set_smb_encryption",
.ml_meth = py_creds_set_smb_encryption,
.ml_flags = METH_VARARGS,
},
{
.ml_name = "get_krb5_fast_armor_credentials",
.ml_meth = py_creds_get_krb5_fast_armor_credentials,
.ml_flags = METH_NOARGS,
.ml_doc = "S.get_krb5_fast_armor_credentials() -> Credentials\n"
"Get the Kerberos FAST credentials set on this credentials object"
},
{
.ml_name = "set_krb5_fast_armor_credentials",
.ml_meth = py_creds_set_krb5_fast_armor_credentials,
.ml_flags = METH_VARARGS,
.ml_doc = "S.set_krb5_fast_armor_credentials(credentials, required) -> None\n"
"Set Kerberos FAST credentials for this credentials object, and if FAST armoring must be used."
},
{
.ml_name = "get_krb5_require_fast_armor",
.ml_meth = py_creds_get_krb5_require_fast_armor,
.ml_flags = METH_NOARGS,
.ml_doc = "S.get_krb5_fast_armor() -> bool\n"
"Indicate if Kerberos FAST armor is required"
},
{ .ml_name = NULL }
};
PyTypeObject PyCredentials = {
.tp_name = "credentials.Credentials",
.tp_new = py_creds_new,
.tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE,
.tp_methods = py_creds_methods,
};
static PyObject *py_ccache_name(PyObject *self, PyObject *unused)
{
struct ccache_container *ccc = NULL;
char *name = NULL;
PyObject *py_name = NULL;
int ret;
ccc = pytalloc_get_type(self, struct ccache_container);
ret = krb5_cc_get_full_name(ccc->smb_krb5_context->krb5_context,
ccc->ccache, &name);
if (ret == 0) {
py_name = PyString_FromStringOrNULL(name);
krb5_free_string(ccc->smb_krb5_context->krb5_context, name);
} else {
PyErr_SetString(PyExc_RuntimeError,
"Failed to get ccache name");
return NULL;
}
return py_name;
}
static PyMethodDef py_ccache_container_methods[] = {
{ "get_name", py_ccache_name, METH_NOARGS,
"S.get_name() -> name\nObtain KRB5 credentials cache name." },
{0}
};
PyTypeObject PyCredentialCacheContainer = {
.tp_name = "credentials.CredentialCacheContainer",
.tp_flags = Py_TPFLAGS_DEFAULT,
.tp_methods = py_ccache_container_methods,
};
static PyObject *py_netlogon_creds_kerberos_init(PyObject *module,
PyObject *args,
PyObject *kwargs)
{
const char * const kwnames[] = {
"client_account",
"client_computer_name",
"secure_channel_type",
"client_requested_flags",
"negotiate_flags",
NULL,
};
const char *client_account = NULL;
const char *client_computer_name = NULL;
unsigned short secure_channel_type = 0;
unsigned int client_requested_flags = 0;
unsigned int negotiate_flags = 0;
struct netlogon_creds_CredentialState *ncreds = NULL;
PyObject *py_ncreds = Py_None;
bool ok;
ok = PyArg_ParseTupleAndKeywords(args, kwargs, "ssHII",
discard_const_p(char *, kwnames),
&client_account,
&client_computer_name,
&secure_channel_type,
&client_requested_flags,
&negotiate_flags);
if (!ok) {
return NULL;
}
ncreds = netlogon_creds_kerberos_init(NULL,
client_account,
client_computer_name,
secure_channel_type,
client_requested_flags,
NULL, /* client_sid */
negotiate_flags);
if (ncreds == NULL) {
PyErr_NoMemory();
return NULL;
}
py_ncreds = py_return_ndr_struct("samba.dcerpc.schannel",
"netlogon_creds_CredentialState",
ncreds,
ncreds);
if (py_ncreds == NULL) {
TALLOC_FREE(ncreds);
return NULL;
}
return py_ncreds;
}
static PyObject *py_netlogon_creds_random_challenge(PyObject *module,
PyObject *unused)
{
struct netr_Credential *challenge = NULL;
PyObject *py_challenge = Py_None;
challenge = talloc(NULL, struct netr_Credential);
if (challenge == NULL) {
PyErr_NoMemory();
return NULL;
}
netlogon_creds_random_challenge(challenge);
py_challenge = py_return_ndr_struct("samba.dcerpc.netlogon",
"netr_Credential",
challenge,
challenge);
if (py_challenge == NULL) {
TALLOC_FREE(challenge);
return NULL;
}
return py_challenge;
}
static PyObject *py_netlogon_creds_client_init(PyObject *module,
PyObject *args,
PyObject *kwargs)
{
const char * const kwnames[] = {
"client_account",
"client_computer_name",
"secure_channel_type",
"client_challenge",
"server_challenge",
"machine_password",
"client_requested_flags",
"negotiate_flags",
NULL,
};
const char *client_account = NULL;
const char *client_computer_name = NULL;
unsigned short secure_channel_type = 0;
unsigned int client_requested_flags = 0;
unsigned int negotiate_flags = 0;
PyObject *py_client_challenge = Py_None;
const struct netr_Credential *client_challenge = NULL;
PyObject *py_server_challenge = Py_None;
const struct netr_Credential *server_challenge = NULL;
PyObject *py_machine_password = Py_None;
const struct samr_Password *machine_password = NULL;
struct netlogon_creds_CredentialState *ncreds = NULL;
PyObject *py_ncreds = Py_None;
struct netr_Credential *initial_credential = NULL;
PyObject *py_initial_credential = Py_None;
PyObject *py_result = Py_None;
bool ok;
ok = PyArg_ParseTupleAndKeywords(args, kwargs, "ssHOOOII",
discard_const_p(char *, kwnames),
&client_account,
&client_computer_name,
&secure_channel_type,
&py_client_challenge,
&py_server_challenge,
&py_machine_password,
&client_requested_flags,
&negotiate_flags);
if (!ok) {
return NULL;
}
ok = py_check_dcerpc_type(py_client_challenge,
"samba.dcerpc.netlogon",
"netr_Credential");
if (!ok) {
/* py_check_dcerpc_type sets TypeError */
return NULL;
}
client_challenge = pytalloc_get_type(py_client_challenge,
struct netr_Credential);
if (client_challenge == NULL) {
/* pytalloc_get_type sets TypeError */
return NULL;
}
ok = py_check_dcerpc_type(py_server_challenge,
"samba.dcerpc.netlogon",
"netr_Credential");
if (!ok) {
/* py_check_dcerpc_type sets TypeError */
return NULL;
}
/*
* we can't use pytalloc_get_type as
* NDR_PULL_ALLOC()/talloc_ptrtype() doesn't set the
* correct talloc name because of old
* compilers.
*/
server_challenge = pytalloc_get_ptr(py_server_challenge);
if (server_challenge == NULL) {
return NULL;
}
ok = py_check_dcerpc_type(py_machine_password,
"samba.dcerpc.samr",
"Password");
if (!ok) {
/* py_check_dcerpc_type sets TypeError */
return NULL;
}
machine_password = pytalloc_get_type(py_machine_password,
struct samr_Password);
if (machine_password == NULL) {
/* pytalloc_get_type sets TypeError */
return NULL;
}
initial_credential = talloc_zero(NULL, struct netr_Credential);
if (initial_credential == NULL) {
PyErr_NoMemory();
return NULL;
}
ncreds = netlogon_creds_client_init(NULL,
client_account,
client_computer_name,
secure_channel_type,
client_challenge,
server_challenge,
machine_password,
initial_credential,
client_requested_flags,
negotiate_flags);
if (ncreds == NULL) {
TALLOC_FREE(initial_credential);
PyErr_NoMemory();
return NULL;
}
py_ncreds = py_return_ndr_struct("samba.dcerpc.schannel",
"netlogon_creds_CredentialState",
ncreds,
ncreds);
if (py_ncreds == NULL) {
TALLOC_FREE(initial_credential);
TALLOC_FREE(ncreds);
return NULL;
}
py_initial_credential = py_return_ndr_struct("samba.dcerpc.netlogon",
"netr_Credential",
initial_credential,
initial_credential);
if (py_ncreds == NULL) {
Py_DECREF(py_ncreds);
TALLOC_FREE(initial_credential);
return NULL;
}
py_result = Py_BuildValue("(OO)",
py_ncreds,
py_initial_credential);
if (py_result == NULL) {
Py_DECREF(py_ncreds);
Py_DECREF(py_initial_credential);
return NULL;
}
return py_result;
}
static PyObject *py_netlogon_creds_client_update(PyObject *module,
PyObject *args,
PyObject *kwargs)
{
const char * const kwnames[] = {
"netlogon_creds",
"negotiated_flags",
"client_rid",
NULL,
};
PyObject *py_ncreds = Py_None;
struct netlogon_creds_CredentialState *ncreds = NULL;
unsigned int negotiated_flags = 0;
unsigned int client_rid = 0;
bool ok;
ok = PyArg_ParseTupleAndKeywords(args, kwargs, "OII",
discard_const_p(char *, kwnames),
&py_ncreds,
&negotiated_flags,
&client_rid);
if (!ok) {
return NULL;
}
ok = py_check_dcerpc_type(py_ncreds,
"samba.dcerpc.schannel",
"netlogon_creds_CredentialState");
if (!ok) {
/* py_check_dcerpc_type sets TypeError */
return NULL;
}
ncreds = pytalloc_get_type(py_ncreds,
struct netlogon_creds_CredentialState);
if (ncreds == NULL) {
/* pytalloc_get_type sets TypeError */
return NULL;
}
ncreds->negotiate_flags = negotiated_flags;
ncreds->client_sid.sub_auths[0] = client_rid;
Py_RETURN_NONE;
}
static PyObject *py_netlogon_creds_client_authenticator(PyObject *module,
PyObject *args,
PyObject *kwargs)
{
const char * const kwnames[] = {
"netlogon_creds",
NULL,
};
PyObject *py_ncreds = Py_None;
struct netlogon_creds_CredentialState *ncreds = NULL;
struct netlogon_creds_CredentialState _ncreds;
struct netr_Authenticator _auth;
struct netr_Authenticator *auth = NULL;
PyObject *py_auth = Py_None;
NTSTATUS status;
bool ok;
ok = PyArg_ParseTupleAndKeywords(args, kwargs, "O",
discard_const_p(char *, kwnames),
&py_ncreds);
if (!ok) {
return NULL;
}
ok = py_check_dcerpc_type(py_ncreds,
"samba.dcerpc.schannel",
"netlogon_creds_CredentialState");
if (!ok) {
/* py_check_dcerpc_type sets TypeError */
return NULL;
}
ncreds = pytalloc_get_type(py_ncreds,
struct netlogon_creds_CredentialState);
if (ncreds == NULL) {
/* pytalloc_get_type sets TypeError */
return NULL;
}
_ncreds = *ncreds;
status = netlogon_creds_client_authenticator(&_ncreds, &_auth);
PyErr_NTSTATUS_IS_ERR_RAISE(status);
auth = talloc(NULL, struct netr_Authenticator);
if (auth == NULL) {
PyErr_NoMemory();
return NULL;
}
*auth = _auth;
py_auth = py_return_ndr_struct("samba.dcerpc.netlogon",
"netr_Authenticator",
auth,
auth);
if (py_auth == NULL) {
TALLOC_FREE(auth);
return NULL;
}
*ncreds = _ncreds;
return py_auth;
}
static PyObject *py_netlogon_creds_client_verify(PyObject *module,
PyObject *args,
PyObject *kwargs)
{
const char * const kwnames[] = {
"netlogon_creds",
"received_credentials",
"auth_type",
"auth_level",
NULL,
};
PyObject *py_ncreds = Py_None;
struct netlogon_creds_CredentialState *ncreds = NULL;
PyObject *py_rcreds = Py_None;
const struct netr_Credential *rcreds = NULL;
uint8_t _auth_type = DCERPC_AUTH_TYPE_NONE;
enum dcerpc_AuthType auth_type;
uint8_t _auth_level = DCERPC_AUTH_LEVEL_NONE;
enum dcerpc_AuthLevel auth_level;
NTSTATUS status;
bool ok;
ok = PyArg_ParseTupleAndKeywords(args, kwargs, "OObb",
discard_const_p(char *, kwnames),
&py_ncreds,
&py_rcreds,
&_auth_type,
&_auth_level);
if (!ok) {
return NULL;
}
auth_type = _auth_type;
auth_level = _auth_level;
ok = py_check_dcerpc_type(py_ncreds,
"samba.dcerpc.schannel",
"netlogon_creds_CredentialState");
if (!ok) {
/* py_check_dcerpc_type sets TypeError */
return NULL;
}
ncreds = pytalloc_get_type(py_ncreds,
struct netlogon_creds_CredentialState);
if (ncreds == NULL) {
/* pytalloc_get_type sets TypeError */
return NULL;
}
ok = py_check_dcerpc_type(py_rcreds,
"samba.dcerpc.netlogon",
"netr_Credential");
if (!ok) {
/* py_check_dcerpc_type sets TypeError */
return NULL;
}
/*
* we can't use pytalloc_get_type as
* NDR_PULL_ALLOC()/talloc_ptrtype() doesn't set the
* correct talloc name because of old
* compilers.
*/
rcreds = pytalloc_get_ptr(py_rcreds);
if (rcreds == NULL) {
return NULL;
}
status = netlogon_creds_client_verify(ncreds,
rcreds,
auth_type,
auth_level);
PyErr_NTSTATUS_IS_ERR_RAISE(status);
Py_RETURN_NONE;
}
static PyObject *py_netlogon_creds_encrypt_netr_LogonLevel(PyObject *module,
PyObject *args,
PyObject *kwargs)
{
const char * const kwnames[] = {
"netlogon_creds",
"level",
"info",
"auth_type",
"auth_level",
NULL,
};
PyObject *py_ncreds = Py_None;
struct netlogon_creds_CredentialState *ncreds = NULL;
uint8_t _level = 0;
enum netr_LogonInfoClass level = NetlogonInteractiveInformation;
PyObject *py_info = Py_None;
union netr_LogonLevel logon = { .password = NULL, };
const void *info_ptr = NULL;
uint8_t _auth_type = DCERPC_AUTH_TYPE_NONE;
enum dcerpc_AuthType auth_type;
uint8_t _auth_level = DCERPC_AUTH_LEVEL_NONE;
enum dcerpc_AuthLevel auth_level;
NTSTATUS status;
bool ok;
ok = PyArg_ParseTupleAndKeywords(args, kwargs, "ObObb",
discard_const_p(char *, kwnames),
&py_ncreds,
&_level,
&py_info,
&_auth_type,
&_auth_level);
if (!ok) {
return NULL;
}
level = _level;
auth_type = _auth_type;
auth_level = _auth_level;
ok = py_check_dcerpc_type(py_ncreds,
"samba.dcerpc.schannel",
"netlogon_creds_CredentialState");
if (!ok) {
/* py_check_dcerpc_type sets TypeError */
return NULL;
}
ncreds = pytalloc_get_type(py_ncreds,
struct netlogon_creds_CredentialState);
if (ncreds == NULL) {
/* pytalloc_get_type sets TypeError */
return NULL;
}
switch (level) {
case NetlogonInteractiveInformation:
case NetlogonInteractiveTransitiveInformation:
case NetlogonServiceInformation:
case NetlogonServiceTransitiveInformation:
ok = py_check_dcerpc_type(py_info,
"samba.dcerpc.netlogon",
"netr_PasswordInfo");
if (!ok) {
/* py_check_dcerpc_type sets TypeError */
return NULL;
}
logon.password = pytalloc_get_type(py_info,
struct netr_PasswordInfo);
if (logon.password == NULL) {
/* pytalloc_get_type sets TypeError */
return NULL;
}
info_ptr = logon.password;
break;
case NetlogonNetworkInformation:
case NetlogonNetworkTransitiveInformation:
ok = py_check_dcerpc_type(py_info,
"samba.dcerpc.netlogon",
"netr_NetworkInfo");
if (!ok) {
/* py_check_dcerpc_type sets TypeError */
return NULL;
}
logon.network = pytalloc_get_type(py_info,
struct netr_NetworkInfo);
if (logon.network == NULL) {
/* pytalloc_get_type sets TypeError */
return NULL;
}
info_ptr = logon.network;
break;
case NetlogonGenericInformation:
ok = py_check_dcerpc_type(py_info,
"samba.dcerpc.netlogon",
"netr_GenericInfo");
if (!ok) {
/* py_check_dcerpc_type sets TypeError */
return NULL;
}
logon.generic = pytalloc_get_type(py_info,
struct netr_GenericInfo);
if (logon.generic == NULL) {
/* pytalloc_get_type sets TypeError */
return NULL;
}
info_ptr = logon.generic;
break;
case NetlogonTicketLogonInformation:
ok = py_check_dcerpc_type(py_info,
"samba.dcerpc.netlogon",
"netr_TicketLogonInfo");
if (!ok) {
/* py_check_dcerpc_type sets TypeError */
return NULL;
}
logon.ticket = pytalloc_get_type(py_info,
struct netr_TicketLogonInfo);
if (logon.ticket == NULL) {
/* pytalloc_get_type sets TypeError */
return NULL;
}
info_ptr = logon.ticket;
break;
}
if (info_ptr == NULL) {
PyErr_SetString(PyExc_ValueError,
"Invalid netr_LogonInfoClass value");
return NULL;
}
status = netlogon_creds_encrypt_samlogon_logon(ncreds,
level,
&logon,
auth_type,
auth_level);
PyErr_NTSTATUS_IS_ERR_RAISE(status);
Py_RETURN_NONE;
}
static PyObject *py_netlogon_creds_decrypt_netr_Validation(PyObject *module,
PyObject *args,
PyObject *kwargs)
{
const char * const kwnames[] = {
"netlogon_creds",
"level",
"validation",
"auth_type",
"auth_level",
NULL,
};
PyObject *py_ncreds = Py_None;
struct netlogon_creds_CredentialState *ncreds = NULL;
uint8_t _level = 0;
enum netr_ValidationInfoClass level = NetlogonValidationUasInfo;
PyObject *py_validation = Py_None;
union netr_Validation validation = { .generic = NULL, };
const void *validation_ptr = NULL;
uint8_t _auth_type = DCERPC_AUTH_TYPE_NONE;
enum dcerpc_AuthType auth_type;
uint8_t _auth_level = DCERPC_AUTH_LEVEL_NONE;
enum dcerpc_AuthLevel auth_level;
NTSTATUS status;
bool ok;
ok = PyArg_ParseTupleAndKeywords(args, kwargs, "ObObb",
discard_const_p(char *, kwnames),
&py_ncreds,
&_level,
&py_validation,
&_auth_type,
&_auth_level);
if (!ok) {
return NULL;
}
level = _level;
auth_type = _auth_type;
auth_level = _auth_level;
ok = py_check_dcerpc_type(py_ncreds,
"samba.dcerpc.schannel",
"netlogon_creds_CredentialState");
if (!ok) {
/* py_check_dcerpc_type sets TypeError */
return NULL;
}
ncreds = pytalloc_get_type(py_ncreds,
struct netlogon_creds_CredentialState);
if (ncreds == NULL) {
/* pytalloc_get_type sets TypeError */
return NULL;
}
switch (level) {
case NetlogonValidationUasInfo:
break;
case NetlogonValidationSamInfo:
ok = py_check_dcerpc_type(py_validation,
"samba.dcerpc.netlogon",
"netr_SamInfo2");
if (!ok) {
/* py_check_dcerpc_type sets TypeError */
return NULL;
}
/*
* we can't use pytalloc_get_type as
* NDR_PULL_ALLOC()/talloc_ptrtype() doesn't set the
* correct talloc name because of old
* compilers.
*/
validation.sam2 = pytalloc_get_ptr(py_validation);
if (validation.sam2 == NULL) {
return NULL;
}
validation_ptr = validation.sam2;
break;
case NetlogonValidationSamInfo2:
ok = py_check_dcerpc_type(py_validation,
"samba.dcerpc.netlogon",
"netr_SamInfo3");
if (!ok) {
/* py_check_dcerpc_type sets TypeError */
return NULL;
}
/*
* we can't use pytalloc_get_type as
* NDR_PULL_ALLOC()/talloc_ptrtype() doesn't set the
* correct talloc name because of old
* compilers.
*/
validation.sam3 = pytalloc_get_ptr(py_validation);
if (validation.sam3 == NULL) {
return NULL;
}
validation_ptr = validation.sam3;
break;
case NetlogonValidationGenericInfo2:
ok = py_check_dcerpc_type(py_validation,
"samba.dcerpc.netlogon",
"netr_GenericInfo2");
if (!ok) {
/* py_check_dcerpc_type sets TypeError */
return NULL;
}
/*
* we can't use pytalloc_get_type as
* NDR_PULL_ALLOC()/talloc_ptrtype() doesn't set the
* correct talloc name because of old
* compilers.
*/
validation.generic = pytalloc_get_ptr(py_validation);
if (validation.generic == NULL) {
return NULL;
}
validation_ptr = validation.generic;
break;
case NetlogonValidationSamInfo4:
ok = py_check_dcerpc_type(py_validation,
"samba.dcerpc.netlogon",
"netr_SamInfo6");
if (!ok) {
/* py_check_dcerpc_type sets TypeError */
return NULL;
}
/*
* we can't use pytalloc_get_type as
* NDR_PULL_ALLOC()/talloc_ptrtype() doesn't set the
* correct talloc name because of old
* compilers.
*/
validation.sam6 = pytalloc_get_ptr(py_validation);
if (validation.sam6 == NULL) {
return NULL;
}
validation_ptr = validation.sam6;
break;
case NetlogonValidationTicketLogon:
ok = py_check_dcerpc_type(py_validation,
"samba.dcerpc.netlogon",
"netr_ValidationTicketLogon");
if (!ok) {
/* py_check_dcerpc_type sets TypeError */
return NULL;
}
/*
* we can't use pytalloc_get_type as
* NDR_PULL_ALLOC()/talloc_ptrtype() doesn't set the
* correct talloc name because of old
* compilers.
*/
validation.ticket = pytalloc_get_ptr(py_validation);
if (validation.ticket == NULL) {
return NULL;
}
validation_ptr = validation.ticket;
break;
}
if (validation_ptr == NULL) {
PyErr_SetString(PyExc_RuntimeError,
"Unexpected netr_Validation value");
return NULL;
}
status = netlogon_creds_decrypt_samlogon_validation(ncreds,
level,
&validation,
auth_type,
auth_level);
PyErr_NTSTATUS_IS_ERR_RAISE(status);
Py_RETURN_NONE;
}
static PyObject *py_netlogon_creds_decrypt_samr_Password(PyObject *module,
PyObject *args,
PyObject *kwargs)
{
const char * const kwnames[] = {
"netlogon_creds",
"pwd",
"auth_type",
"auth_level",
NULL,
};
PyObject *py_ncreds = Py_None;
struct netlogon_creds_CredentialState *ncreds = NULL;
PyObject *py_pwd = Py_None;
struct samr_Password *pwd = NULL;
uint8_t _auth_type = DCERPC_AUTH_TYPE_NONE;
enum dcerpc_AuthType auth_type;
uint8_t _auth_level = DCERPC_AUTH_LEVEL_NONE;
enum dcerpc_AuthLevel auth_level;
NTSTATUS status;
bool ok;
ok = PyArg_ParseTupleAndKeywords(args, kwargs, "OObb",
discard_const_p(char *, kwnames),
&py_ncreds,
&py_pwd,
&_auth_type,
&_auth_level);
if (!ok) {
return NULL;
}
auth_type = _auth_type;
auth_level = _auth_level;
ok = py_check_dcerpc_type(py_ncreds,
"samba.dcerpc.schannel",
"netlogon_creds_CredentialState");
if (!ok) {
/* py_check_dcerpc_type sets TypeError */
return NULL;
}
ncreds = pytalloc_get_type(py_ncreds,
struct netlogon_creds_CredentialState);
if (ncreds == NULL) {
/* pytalloc_get_type sets TypeError */
return NULL;
}
ok = py_check_dcerpc_type(py_pwd,
"samba.dcerpc.samr",
"Password");
if (!ok) {
/* py_check_dcerpc_type sets TypeError */
return NULL;
}
/*
* we can't use pytalloc_get_type as
* NDR_PULL_ALLOC()/talloc_ptrtype() doesn't set the
* correct talloc name because of old
* compilers.
*/
pwd = pytalloc_get_ptr(py_pwd);
if (pwd == NULL) {
/* pytalloc_get_type sets TypeError */
return NULL;
}
status = netlogon_creds_decrypt_samr_Password(ncreds,
pwd,
auth_type,
auth_level);
PyErr_NTSTATUS_IS_ERR_RAISE(status);
Py_RETURN_NONE;
}
static PyObject *py_netlogon_creds_encrypt_samr_Password(PyObject *module,
PyObject *args,
PyObject *kwargs)
{
const char * const kwnames[] = {
"netlogon_creds",
"pwd",
"auth_type",
"auth_level",
NULL,
};
PyObject *py_ncreds = Py_None;
struct netlogon_creds_CredentialState *ncreds = NULL;
PyObject *py_pwd = Py_None;
struct samr_Password *pwd = NULL;
uint8_t _auth_type = DCERPC_AUTH_TYPE_NONE;
enum dcerpc_AuthType auth_type;
uint8_t _auth_level = DCERPC_AUTH_LEVEL_NONE;
enum dcerpc_AuthLevel auth_level;
NTSTATUS status;
bool ok;
ok = PyArg_ParseTupleAndKeywords(args, kwargs, "OObb",
discard_const_p(char *, kwnames),
&py_ncreds,
&py_pwd,
&_auth_type,
&_auth_level);
if (!ok) {
return NULL;
}
auth_type = _auth_type;
auth_level = _auth_level;
ok = py_check_dcerpc_type(py_ncreds,
"samba.dcerpc.schannel",
"netlogon_creds_CredentialState");
if (!ok) {
/* py_check_dcerpc_type sets TypeError */
return NULL;
}
ncreds = pytalloc_get_type(py_ncreds,
struct netlogon_creds_CredentialState);
if (ncreds == NULL) {
/* pytalloc_get_type sets TypeError */
return NULL;
}
ok = py_check_dcerpc_type(py_pwd,
"samba.dcerpc.samr",
"Password");
if (!ok) {
/* py_check_dcerpc_type sets TypeError */
return NULL;
}
pwd = pytalloc_get_type(py_pwd,
struct samr_Password);
if (pwd == NULL) {
/* pytalloc_get_type sets TypeError */
return NULL;
}
status = netlogon_creds_encrypt_samr_Password(ncreds,
pwd,
auth_type,
auth_level);
PyErr_NTSTATUS_IS_ERR_RAISE(status);
Py_RETURN_NONE;
}
static PyObject *py_netlogon_creds_encrypt_netr_CryptPassword(PyObject *module,
PyObject *args,
PyObject *kwargs)
{
const char * const kwnames[] = {
"netlogon_creds",
"pwd",
"auth_type",
"auth_level",
NULL,
};
PyObject *py_ncreds = Py_None;
struct netlogon_creds_CredentialState *ncreds = NULL;
PyObject *py_pwd = Py_None;
struct netr_CryptPassword *pwd = NULL;
struct samr_CryptPassword spwd;
uint8_t _auth_type = DCERPC_AUTH_TYPE_NONE;
enum dcerpc_AuthType auth_type;
uint8_t _auth_level = DCERPC_AUTH_LEVEL_NONE;
enum dcerpc_AuthLevel auth_level;
NTSTATUS status;
bool ok;
ok = PyArg_ParseTupleAndKeywords(args, kwargs, "OObb",
discard_const_p(char *, kwnames),
&py_ncreds,
&py_pwd,
&_auth_type,
&_auth_level);
if (!ok) {
return NULL;
}
auth_type = _auth_type;
auth_level = _auth_level;
ok = py_check_dcerpc_type(py_ncreds,
"samba.dcerpc.schannel",
"netlogon_creds_CredentialState");
if (!ok) {
/* py_check_dcerpc_type sets TypeError */
return NULL;
}
ncreds = pytalloc_get_type(py_ncreds,
struct netlogon_creds_CredentialState);
if (ncreds == NULL) {
/* pytalloc_get_type sets TypeError */
return NULL;
}
ok = py_check_dcerpc_type(py_pwd,
"samba.dcerpc.netlogon",
"netr_CryptPassword");
if (!ok) {
/* py_check_dcerpc_type sets TypeError */
return NULL;
}
pwd = pytalloc_get_type(py_pwd,
struct netr_CryptPassword);
if (pwd == NULL) {
/* pytalloc_get_type sets TypeError */
return NULL;
}
memcpy(spwd.data, pwd->data, 512);
PUSH_LE_U32(spwd.data, 512, pwd->length);
status = netlogon_creds_encrypt_samr_CryptPassword(ncreds,
&spwd,
auth_type,
auth_level);
memcpy(pwd->data, spwd.data, 512);
pwd->length = PULL_LE_U32(spwd.data, 512);
ZERO_STRUCT(spwd);
PyErr_NTSTATUS_IS_ERR_RAISE(status);
Py_RETURN_NONE;
}
static PyObject *py_netlogon_creds_encrypt_SendToSam(PyObject *module,
PyObject *args,
PyObject *kwargs)
{
const char * const kwnames[] = {
"netlogon_creds",
"opaque_buffer",
"auth_type",
"auth_level",
NULL,
};
PyObject *py_ncreds = Py_None;
struct netlogon_creds_CredentialState *ncreds = NULL;
PyObject *py_opaque = Py_None;
uint8_t *opaque_data = NULL;
size_t opaque_length = 0;
uint8_t _auth_type = DCERPC_AUTH_TYPE_NONE;
enum dcerpc_AuthType auth_type;
uint8_t _auth_level = DCERPC_AUTH_LEVEL_NONE;
enum dcerpc_AuthLevel auth_level;
NTSTATUS status;
bool ok;
ok = PyArg_ParseTupleAndKeywords(args, kwargs, "OSbb",
discard_const_p(char *, kwnames),
&py_ncreds,
&py_opaque,
&_auth_type,
&_auth_level);
if (!ok) {
return NULL;
}
auth_type = _auth_type;
auth_level = _auth_level;
ok = py_check_dcerpc_type(py_ncreds,
"samba.dcerpc.schannel",
"netlogon_creds_CredentialState");
if (!ok) {
/* py_check_dcerpc_type sets TypeError */
return NULL;
}
ncreds = pytalloc_get_type(py_ncreds,
struct netlogon_creds_CredentialState);
if (ncreds == NULL) {
/* pytalloc_get_type sets TypeError */
return NULL;
}
opaque_data = (uint8_t *)PyBytes_AsString(py_opaque);
opaque_length = PyBytes_Size(py_opaque);
status = netlogon_creds_encrypt_SendToSam(ncreds,
opaque_data,
opaque_length,
auth_type,
auth_level);
PyErr_NTSTATUS_IS_ERR_RAISE(status);
Py_RETURN_NONE;
}
static PyMethodDef py_module_methods[] = {
{
.ml_name = "netlogon_creds_kerberos_init",
.ml_meth = PY_DISCARD_FUNC_SIG(PyCFunction,
py_netlogon_creds_kerberos_init),
.ml_flags = METH_VARARGS | METH_KEYWORDS,
.ml_doc = "credentials.netlogon_creds_kerberos_init("
"client_account, client_computer_name,"
"secure_channel_type, "
"client_requested_flags, negotiate_flags)"
"-> netlogon_creds_CredentialState\n"
"Create a new state for netr_ServerAuthenticateKerberos()",
},
{
.ml_name = "netlogon_creds_random_challenge",
.ml_meth = py_netlogon_creds_random_challenge,
.ml_flags = METH_NOARGS,
.ml_doc = "credentials.netlogon_creds_random_challenge()"
"-> netr_Credential\n"
"Create a new random netr_Credential",
},
{
.ml_name = "netlogon_creds_client_init",
.ml_meth = PY_DISCARD_FUNC_SIG(PyCFunction,
py_netlogon_creds_client_init),
.ml_flags = METH_VARARGS | METH_KEYWORDS,
.ml_doc = "credentials.netlogon_creds_client_init("
"client_account, client_computer_name,"
"secure_channel_type, "
"client_challenge, server_challenge, "
"machine_password, "
"client_requested_flags, negotiate_flags)"
"-> (netlogon_creds_CredentialState, initial_credential)\n"
"Create a new state for netr_ServerAuthenticate3()",
},
{
.ml_name = "netlogon_creds_client_update",
.ml_meth = PY_DISCARD_FUNC_SIG(PyCFunction,
py_netlogon_creds_client_update),
.ml_flags = METH_VARARGS | METH_KEYWORDS,
.ml_doc = "credentials.netlogon_creds_client_update("
"netlogon_creds, negotiated_flags, client_rid)"
"-> None\n"
"Update the negotiated flags and client rid",
},
{
.ml_name = "netlogon_creds_client_authenticator",
.ml_meth = PY_DISCARD_FUNC_SIG(PyCFunction,
py_netlogon_creds_client_authenticator),
.ml_flags = METH_VARARGS | METH_KEYWORDS,
.ml_doc = "credentials.netlogon_creds_client_authenticator(netlogon_creds) -> Authenticator\n"
"Get a new client NETLOGON_AUTHENTICATOR"
},
{
.ml_name = "netlogon_creds_client_verify",
.ml_meth = PY_DISCARD_FUNC_SIG(PyCFunction,
py_netlogon_creds_client_verify),
.ml_flags = METH_VARARGS | METH_KEYWORDS,
.ml_doc = "credentials.py_netlogon_creds_client_verify(netlogon_creds, "
"received_credentials, auth_type, auth_level) -> None\n"
"Verify the NETLOGON_AUTHENTICATOR.credentials from a server"
},
{
.ml_name = "netlogon_creds_encrypt_netr_LogonLevel",
.ml_meth = PY_DISCARD_FUNC_SIG(PyCFunction,
py_netlogon_creds_encrypt_netr_LogonLevel),
.ml_flags = METH_VARARGS | METH_KEYWORDS,
.ml_doc = "credentials.netlogon_creds_encrypt_netr_LogonLevel(netlogon_creds, "
"level, info, auth_type, auth_level) -> None\n"
"Encrypt the supplied logon info using the session key and\n"
"the negotiated encryption algorithm in place\n"
"i.e. it overwrites the original data",
},
{
.ml_name = "netlogon_creds_decrypt_netr_Validation",
.ml_meth = PY_DISCARD_FUNC_SIG(PyCFunction,
py_netlogon_creds_decrypt_netr_Validation),
.ml_flags = METH_VARARGS | METH_KEYWORDS,
.ml_doc = "credentials.netlogon_creds_decrypt_netr_Validation(netlogon_creds, "
"level, validation, auth_type, auth_level) -> None\n"
"Encrypt the supplied validation info using the session key and\n"
"the negotiated encryption algorithm in place\n"
"i.e. it overwrites the original data",
},
{
.ml_name = "netlogon_creds_decrypt_samr_Password",
.ml_meth = PY_DISCARD_FUNC_SIG(PyCFunction,
py_netlogon_creds_decrypt_samr_Password),
.ml_flags = METH_VARARGS | METH_KEYWORDS,
.ml_doc = "credentials.netlogon_creds_decrypt_samr_Password(netlogon_creds, "
"pwd, auth_type, auth_level) -> None\n"
"Encrypt the supplied samr_Password using the session key and\n"
"the negotiated encryption algorithm in place\n"
"i.e. it overwrites the original data",
},
{
.ml_name = "netlogon_creds_encrypt_samr_Password",
.ml_meth = PY_DISCARD_FUNC_SIG(PyCFunction,
py_netlogon_creds_encrypt_samr_Password),
.ml_flags = METH_VARARGS | METH_KEYWORDS,
.ml_doc = "credentials.netlogon_creds_encrypt_samr_Password(netlogon_creds, "
"pwd, auth_type, auth_level) -> None\n"
"Encrypt the supplied samr_Password using the session key and\n"
"the negotiated encryption algorithm in place\n"
"i.e. it overwrites the original data",
},
{
.ml_name = "netlogon_creds_encrypt_netr_CryptPassword",
.ml_meth = PY_DISCARD_FUNC_SIG(PyCFunction,
py_netlogon_creds_encrypt_netr_CryptPassword),
.ml_flags = METH_VARARGS | METH_KEYWORDS,
.ml_doc = "credentials.netlogon_creds_encrypt_netr_CryptPassword(netlogon_creds, "
"pwd, auth_type, auth_level) -> None\n"
"Encrypt the supplied netr_CryptPassword using the session key and\n"
"the negotiated encryption algorithm in place\n"
"i.e. it overwrites the original data",
},
{
.ml_name = "netlogon_creds_encrypt_SendToSam",
.ml_meth = PY_DISCARD_FUNC_SIG(PyCFunction,
py_netlogon_creds_encrypt_SendToSam),
.ml_flags = METH_VARARGS | METH_KEYWORDS,
.ml_doc = "credentials.netlogon_creds_encrypt_SendToSam(netlogon_creds, "
"opaque_buffer, auth_type, auth_level) -> None\n"
"Encrypt the supplied opaque_buffer using the session key and\n"
"the negotiated encryption algorithm in place\n"
"i.e. it overwrites the original data",
},
{ .ml_name = NULL }
};
static struct PyModuleDef moduledef = {
PyModuleDef_HEAD_INIT,
.m_name = "credentials",
.m_doc = "Credentials management.",
.m_size = -1,
.m_methods = py_module_methods,
};
MODULE_INIT_FUNC(credentials)
{
PyObject *m;
if (pytalloc_BaseObject_PyType_Ready(&PyCredentials) < 0)
return NULL;
if (pytalloc_BaseObject_PyType_Ready(&PyCredentialCacheContainer) < 0)
return NULL;
m = PyModule_Create(&moduledef);
if (m == NULL)
return NULL;
PyModule_AddObject(m, "UNINITIALISED", PyLong_FromLong(CRED_UNINITIALISED));
PyModule_AddObject(m, "SMB_CONF", PyLong_FromLong(CRED_SMB_CONF));
PyModule_AddObject(m, "CALLBACK", PyLong_FromLong(CRED_CALLBACK));
PyModule_AddObject(m, "GUESS_ENV", PyLong_FromLong(CRED_GUESS_ENV));
PyModule_AddObject(m, "GUESS_FILE", PyLong_FromLong(CRED_GUESS_FILE));
PyModule_AddObject(m, "CALLBACK_RESULT", PyLong_FromLong(CRED_CALLBACK_RESULT));
PyModule_AddObject(m, "SPECIFIED", PyLong_FromLong(CRED_SPECIFIED));
PyModule_AddObject(m, "AUTO_USE_KERBEROS", PyLong_FromLong(CRED_USE_KERBEROS_DESIRED));
PyModule_AddObject(m, "DONT_USE_KERBEROS", PyLong_FromLong(CRED_USE_KERBEROS_DISABLED));
PyModule_AddObject(m, "MUST_USE_KERBEROS", PyLong_FromLong(CRED_USE_KERBEROS_REQUIRED));
PyModule_AddObject(m, "AUTO_KRB_FORWARDABLE", PyLong_FromLong(CRED_AUTO_KRB_FORWARDABLE));
PyModule_AddObject(m, "NO_KRB_FORWARDABLE", PyLong_FromLong(CRED_NO_KRB_FORWARDABLE));
PyModule_AddObject(m, "FORCE_KRB_FORWARDABLE", PyLong_FromLong(CRED_FORCE_KRB_FORWARDABLE));
PyModule_AddObject(m, "CLI_CRED_NTLM2", PyLong_FromLong(CLI_CRED_NTLM2));
PyModule_AddObject(m, "CLI_CRED_NTLMv2_AUTH", PyLong_FromLong(CLI_CRED_NTLMv2_AUTH));
PyModule_AddObject(m, "CLI_CRED_LANMAN_AUTH", PyLong_FromLong(CLI_CRED_LANMAN_AUTH));
PyModule_AddObject(m, "CLI_CRED_NTLM_AUTH", PyLong_FromLong(CLI_CRED_NTLM_AUTH));
PyModule_AddObject(m, "CLI_CRED_CLEAR_AUTH", PyLong_FromLong(CLI_CRED_CLEAR_AUTH));
PyModule_AddObject(m, "SMB_SIGNING_DEFAULT", PyLong_FromLong(SMB_SIGNING_DEFAULT));
PyModule_AddObject(m, "SMB_SIGNING_OFF", PyLong_FromLong(SMB_SIGNING_OFF));
PyModule_AddObject(m, "SMB_SIGNING_IF_REQUIRED", PyLong_FromLong(SMB_SIGNING_IF_REQUIRED));
PyModule_AddObject(m, "SMB_SIGNING_DESIRED", PyLong_FromLong(SMB_SIGNING_DESIRED));
PyModule_AddObject(m, "SMB_SIGNING_REQUIRED", PyLong_FromLong(SMB_SIGNING_REQUIRED));
PyModule_AddObject(m, "SMB_ENCRYPTION_DEFAULT", PyLong_FromLong(SMB_ENCRYPTION_DEFAULT));
PyModule_AddObject(m, "SMB_ENCRYPTION_OFF", PyLong_FromLong(SMB_ENCRYPTION_OFF));
PyModule_AddObject(m, "SMB_ENCRYPTION_IF_REQUIRED", PyLong_FromLong(SMB_ENCRYPTION_IF_REQUIRED));
PyModule_AddObject(m, "SMB_ENCRYPTION_DESIRED", PyLong_FromLong(SMB_ENCRYPTION_DESIRED));
PyModule_AddObject(m, "SMB_ENCRYPTION_REQUIRED", PyLong_FromLong(SMB_ENCRYPTION_REQUIRED));
PyModule_AddObject(m, "ENCTYPE_ARCFOUR_HMAC", PyLong_FromLong(ENCTYPE_ARCFOUR_HMAC));
PyModule_AddObject(m, "ENCTYPE_AES128_CTS_HMAC_SHA1_96", PyLong_FromLong(ENCTYPE_AES128_CTS_HMAC_SHA1_96));
PyModule_AddObject(m, "ENCTYPE_AES256_CTS_HMAC_SHA1_96", PyLong_FromLong(ENCTYPE_AES256_CTS_HMAC_SHA1_96));
Py_INCREF(&PyCredentials);
PyModule_AddObject(m, "Credentials", (PyObject *)&PyCredentials);
Py_INCREF(&PyCredentialCacheContainer);
PyModule_AddObject(m, "CredentialCacheContainer", (PyObject *)&PyCredentialCacheContainer);
return m;
}
View Git Blame Copy Permalink