mirror of
https://github.com/samba-team/samba.git
synced 2024-12-27 03:21:53 +03:00
486 lines
11 KiB
C
486 lines
11 KiB
C
/*
|
|
Python wrappers for DCERPC/SMB client routines.
|
|
|
|
Copyright (C) Tim Potter, 2002
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 2 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; if not, write to the Free Software
|
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
*/
|
|
|
|
#include "python/py_lsa.h"
|
|
|
|
PyObject *new_lsa_policy_hnd_object(struct cli_state *cli, TALLOC_CTX *mem_ctx,
|
|
POLICY_HND *pol)
|
|
{
|
|
lsa_policy_hnd_object *o;
|
|
|
|
o = PyObject_New(lsa_policy_hnd_object, &lsa_policy_hnd_type);
|
|
|
|
o->cli = cli;
|
|
o->mem_ctx = mem_ctx;
|
|
memcpy(&o->pol, pol, sizeof(POLICY_HND));
|
|
|
|
return (PyObject*)o;
|
|
}
|
|
|
|
/*
|
|
* Exceptions raised by this module
|
|
*/
|
|
|
|
PyObject *lsa_error; /* This indicates a non-RPC related error
|
|
such as name lookup failure */
|
|
|
|
PyObject *lsa_ntstatus; /* This exception is raised when a RPC call
|
|
returns a status code other than
|
|
NT_STATUS_OK */
|
|
|
|
/*
|
|
* Open/close lsa handles
|
|
*/
|
|
|
|
static PyObject *lsa_open_policy(PyObject *self, PyObject *args,
|
|
PyObject *kw)
|
|
{
|
|
static char *kwlist[] = { "servername", "creds", "access", NULL };
|
|
char *server, *errstr;
|
|
PyObject *creds = NULL, *result = NULL;
|
|
uint32 desired_access = GENERIC_EXECUTE_ACCESS;
|
|
struct cli_state *cli = NULL;
|
|
NTSTATUS ntstatus;
|
|
TALLOC_CTX *mem_ctx = NULL;
|
|
POLICY_HND hnd;
|
|
|
|
if (!PyArg_ParseTupleAndKeywords(
|
|
args, kw, "s|Oi", kwlist, &server, &creds, &desired_access))
|
|
return NULL;
|
|
|
|
if (creds && creds != Py_None && !PyDict_Check(creds)) {
|
|
PyErr_SetString(PyExc_TypeError,
|
|
"credentials must be dictionary or None");
|
|
return NULL;
|
|
}
|
|
|
|
if (server[0] != '\\' || server[1] != '\\') {
|
|
PyErr_SetString(PyExc_ValueError, "UNC name required");
|
|
return NULL;
|
|
}
|
|
|
|
server += 2;
|
|
|
|
if (!(cli = open_pipe_creds(server, creds, PI_LSARPC, &errstr))) {
|
|
PyErr_SetString(lsa_error, errstr);
|
|
free(errstr);
|
|
return NULL;
|
|
}
|
|
|
|
if (!(mem_ctx = talloc_init("lsa_open_policy"))) {
|
|
PyErr_SetString(lsa_error, "unable to init talloc context\n");
|
|
goto done;
|
|
}
|
|
|
|
ntstatus = rpccli_lsa_open_policy(
|
|
cli, mem_ctx, True, desired_access, &hnd);
|
|
|
|
if (!NT_STATUS_IS_OK(ntstatus)) {
|
|
PyErr_SetObject(lsa_ntstatus, py_ntstatus_tuple(ntstatus));
|
|
goto done;
|
|
}
|
|
|
|
result = new_lsa_policy_hnd_object(cli, mem_ctx, &hnd);
|
|
|
|
done:
|
|
if (!result) {
|
|
if (cli)
|
|
cli_shutdown(cli);
|
|
|
|
talloc_destroy(mem_ctx);
|
|
}
|
|
|
|
return result;
|
|
}
|
|
|
|
static PyObject *lsa_close(PyObject *self, PyObject *args, PyObject *kw)
|
|
{
|
|
PyObject *po;
|
|
lsa_policy_hnd_object *hnd;
|
|
NTSTATUS result;
|
|
|
|
/* Parse parameters */
|
|
|
|
if (!PyArg_ParseTuple(args, "O!", &lsa_policy_hnd_type, &po))
|
|
return NULL;
|
|
|
|
hnd = (lsa_policy_hnd_object *)po;
|
|
|
|
/* Call rpc function */
|
|
|
|
result = rpccli_lsa_close(hnd->cli, hnd->mem_ctx, &hnd->pol);
|
|
|
|
/* Cleanup samba stuff */
|
|
|
|
cli_shutdown(hnd->cli);
|
|
talloc_destroy(hnd->mem_ctx);
|
|
|
|
/* Return value */
|
|
|
|
Py_INCREF(Py_None);
|
|
return Py_None;
|
|
}
|
|
|
|
static PyObject *lsa_lookup_names(PyObject *self, PyObject *args)
|
|
{
|
|
PyObject *py_names, *result = NULL;
|
|
NTSTATUS ntstatus;
|
|
lsa_policy_hnd_object *hnd = (lsa_policy_hnd_object *)self;
|
|
int num_names, i;
|
|
const char **names;
|
|
DOM_SID *sids;
|
|
TALLOC_CTX *mem_ctx = NULL;
|
|
uint32 *name_types;
|
|
|
|
if (!PyArg_ParseTuple(args, "O", &py_names))
|
|
return NULL;
|
|
|
|
if (!PyList_Check(py_names) && !PyString_Check(py_names)) {
|
|
PyErr_SetString(PyExc_TypeError, "must be list or string");
|
|
return NULL;
|
|
}
|
|
|
|
if (!(mem_ctx = talloc_init("lsa_lookup_names"))) {
|
|
PyErr_SetString(lsa_error, "unable to init talloc context\n");
|
|
goto done;
|
|
}
|
|
|
|
if (PyList_Check(py_names)) {
|
|
|
|
/* Convert list to char ** array */
|
|
|
|
num_names = PyList_Size(py_names);
|
|
names = (const char **)_talloc(mem_ctx, num_names * sizeof(char *));
|
|
|
|
for (i = 0; i < num_names; i++) {
|
|
PyObject *obj = PyList_GetItem(py_names, i);
|
|
|
|
names[i] = talloc_strdup(mem_ctx, PyString_AsString(obj));
|
|
}
|
|
|
|
} else {
|
|
|
|
/* Just a single element */
|
|
|
|
num_names = 1;
|
|
names = (const char **)_talloc(mem_ctx, sizeof(char *));
|
|
|
|
names[0] = PyString_AsString(py_names);
|
|
}
|
|
|
|
ntstatus = rpccli_lsa_lookup_names(
|
|
hnd->cli, mem_ctx, &hnd->pol, num_names, names, &sids,
|
|
&name_types);
|
|
|
|
if (!NT_STATUS_IS_OK(ntstatus) && NT_STATUS_V(ntstatus) != 0x107) {
|
|
PyErr_SetObject(lsa_ntstatus, py_ntstatus_tuple(ntstatus));
|
|
goto done;
|
|
}
|
|
|
|
result = PyList_New(num_names);
|
|
|
|
for (i = 0; i < num_names; i++) {
|
|
PyObject *sid_obj, *obj;
|
|
|
|
py_from_SID(&sid_obj, &sids[i]);
|
|
|
|
obj = Py_BuildValue("(Ni)", sid_obj, name_types[i]);
|
|
|
|
PyList_SetItem(result, i, obj);
|
|
}
|
|
|
|
done:
|
|
talloc_destroy(mem_ctx);
|
|
|
|
return result;
|
|
}
|
|
|
|
static PyObject *lsa_lookup_sids(PyObject *self, PyObject *args,
|
|
PyObject *kw)
|
|
{
|
|
PyObject *py_sids, *result = NULL;
|
|
NTSTATUS ntstatus;
|
|
int num_sids, i;
|
|
char **domains, **names;
|
|
uint32 *types;
|
|
lsa_policy_hnd_object *hnd = (lsa_policy_hnd_object *)self;
|
|
TALLOC_CTX *mem_ctx = NULL;
|
|
DOM_SID *sids;
|
|
|
|
if (!PyArg_ParseTuple(args, "O", &py_sids))
|
|
return NULL;
|
|
|
|
if (!PyList_Check(py_sids) && !PyString_Check(py_sids)) {
|
|
PyErr_SetString(PyExc_TypeError, "must be list or string");
|
|
return NULL;
|
|
}
|
|
|
|
if (!(mem_ctx = talloc_init("lsa_lookup_sids"))) {
|
|
PyErr_SetString(lsa_error, "unable to init talloc context\n");
|
|
goto done;
|
|
}
|
|
|
|
if (PyList_Check(py_sids)) {
|
|
|
|
/* Convert dictionary to char ** array */
|
|
|
|
num_sids = PyList_Size(py_sids);
|
|
sids = (DOM_SID *)_talloc(mem_ctx, num_sids * sizeof(DOM_SID));
|
|
|
|
memset(sids, 0, num_sids * sizeof(DOM_SID));
|
|
|
|
for (i = 0; i < num_sids; i++) {
|
|
PyObject *obj = PyList_GetItem(py_sids, i);
|
|
|
|
if (!string_to_sid(&sids[i], PyString_AsString(obj))) {
|
|
PyErr_SetString(PyExc_ValueError, "string_to_sid failed");
|
|
goto done;
|
|
}
|
|
}
|
|
|
|
} else {
|
|
|
|
/* Just a single element */
|
|
|
|
num_sids = 1;
|
|
sids = (DOM_SID *)_talloc(mem_ctx, sizeof(DOM_SID));
|
|
|
|
if (!string_to_sid(&sids[0], PyString_AsString(py_sids))) {
|
|
PyErr_SetString(PyExc_ValueError, "string_to_sid failed");
|
|
goto done;
|
|
}
|
|
}
|
|
|
|
ntstatus = rpccli_lsa_lookup_sids(
|
|
hnd->cli, mem_ctx, &hnd->pol, num_sids, sids, &domains,
|
|
&names, &types);
|
|
|
|
if (!NT_STATUS_IS_OK(ntstatus)) {
|
|
PyErr_SetObject(lsa_ntstatus, py_ntstatus_tuple(ntstatus));
|
|
goto done;
|
|
}
|
|
|
|
result = PyList_New(num_sids);
|
|
|
|
for (i = 0; i < num_sids; i++) {
|
|
PyObject *obj;
|
|
|
|
obj = Py_BuildValue("{sssssi}", "username", names[i],
|
|
"domain", domains[i], "name_type",
|
|
types[i]);
|
|
|
|
PyList_SetItem(result, i, obj);
|
|
}
|
|
|
|
done:
|
|
talloc_destroy(mem_ctx);
|
|
|
|
return result;
|
|
}
|
|
|
|
static PyObject *lsa_enum_trust_dom(PyObject *self, PyObject *args)
|
|
{
|
|
lsa_policy_hnd_object *hnd = (lsa_policy_hnd_object *)self;
|
|
NTSTATUS ntstatus;
|
|
uint32 enum_ctx = 0, num_domains, i;
|
|
char **domain_names;
|
|
DOM_SID *domain_sids;
|
|
PyObject *result;
|
|
|
|
if (!PyArg_ParseTuple(args, ""))
|
|
return NULL;
|
|
|
|
ntstatus = rpccli_lsa_enum_trust_dom(
|
|
hnd->cli, hnd->mem_ctx, &hnd->pol, &enum_ctx,
|
|
&num_domains, &domain_names, &domain_sids);
|
|
|
|
if (!NT_STATUS_IS_OK(ntstatus)) {
|
|
PyErr_SetObject(lsa_ntstatus, py_ntstatus_tuple(ntstatus));
|
|
return NULL;
|
|
}
|
|
|
|
result = PyList_New(num_domains);
|
|
|
|
for (i = 0; i < num_domains; i++) {
|
|
fstring sid_str;
|
|
|
|
sid_to_string(sid_str, &domain_sids[i]);
|
|
PyList_SetItem(
|
|
result, i,
|
|
Py_BuildValue("(ss)", domain_names[i], sid_str));
|
|
}
|
|
|
|
return result;
|
|
}
|
|
|
|
/*
|
|
* Method dispatch tables
|
|
*/
|
|
|
|
static PyMethodDef lsa_hnd_methods[] = {
|
|
|
|
/* SIDs<->names */
|
|
|
|
{ "lookup_sids", (PyCFunction)lsa_lookup_sids,
|
|
METH_VARARGS | METH_KEYWORDS,
|
|
"Convert sids to names." },
|
|
|
|
{ "lookup_names", (PyCFunction)lsa_lookup_names,
|
|
METH_VARARGS | METH_KEYWORDS,
|
|
"Convert names to sids." },
|
|
|
|
/* Trusted domains */
|
|
|
|
{ "enum_trusted_domains", (PyCFunction)lsa_enum_trust_dom,
|
|
METH_VARARGS,
|
|
"Enumerate trusted domains." },
|
|
|
|
{ NULL }
|
|
};
|
|
|
|
static void py_lsa_policy_hnd_dealloc(PyObject* self)
|
|
{
|
|
PyObject_Del(self);
|
|
}
|
|
|
|
static PyObject *py_lsa_policy_hnd_getattr(PyObject *self, char *attrname)
|
|
{
|
|
return Py_FindMethod(lsa_hnd_methods, self, attrname);
|
|
}
|
|
|
|
PyTypeObject lsa_policy_hnd_type = {
|
|
PyObject_HEAD_INIT(NULL)
|
|
0,
|
|
"LSA Policy Handle",
|
|
sizeof(lsa_policy_hnd_object),
|
|
0,
|
|
py_lsa_policy_hnd_dealloc, /*tp_dealloc*/
|
|
0, /*tp_print*/
|
|
py_lsa_policy_hnd_getattr, /*tp_getattr*/
|
|
0, /*tp_setattr*/
|
|
0, /*tp_compare*/
|
|
0, /*tp_repr*/
|
|
0, /*tp_as_number*/
|
|
0, /*tp_as_sequence*/
|
|
0, /*tp_as_mapping*/
|
|
0, /*tp_hash */
|
|
};
|
|
|
|
static PyMethodDef lsa_methods[] = {
|
|
|
|
/* Open/close lsa handles */
|
|
|
|
{ "open_policy", (PyCFunction)lsa_open_policy,
|
|
METH_VARARGS | METH_KEYWORDS,
|
|
"Open a policy handle" },
|
|
|
|
{ "close", (PyCFunction)lsa_close,
|
|
METH_VARARGS,
|
|
"Close a policy handle" },
|
|
|
|
/* Other stuff - this should really go into a samba config module
|
|
but for the moment let's leave it here. */
|
|
|
|
{ "setup_logging", (PyCFunction)py_setup_logging,
|
|
METH_VARARGS | METH_KEYWORDS,
|
|
"Set up debug logging.\n"
|
|
"\n"
|
|
"Initialises Samba's debug logging system. One argument is expected which\n"
|
|
"is a boolean specifying whether debugging is interactive and sent to stdout\n"
|
|
"or logged to a file.\n"
|
|
"\n"
|
|
"Example:\n"
|
|
"\n"
|
|
">>> lsa.setup_logging(interactive = 1)" },
|
|
|
|
{ "get_debuglevel", (PyCFunction)get_debuglevel,
|
|
METH_VARARGS,
|
|
"Set the current debug level.\n"
|
|
"\n"
|
|
"Example:\n"
|
|
"\n"
|
|
">>> lsa.get_debuglevel()\n"
|
|
"0" },
|
|
|
|
{ "set_debuglevel", (PyCFunction)set_debuglevel,
|
|
METH_VARARGS,
|
|
"Get the current debug level.\n"
|
|
"\n"
|
|
"Example:\n"
|
|
"\n"
|
|
">>> lsa.set_debuglevel(10)" },
|
|
|
|
{ NULL }
|
|
};
|
|
|
|
static struct const_vals {
|
|
char *name;
|
|
uint32 value;
|
|
} module_const_vals[] = {
|
|
{ NULL }
|
|
};
|
|
|
|
static void const_init(PyObject *dict)
|
|
{
|
|
struct const_vals *tmp;
|
|
PyObject *obj;
|
|
|
|
for (tmp = module_const_vals; tmp->name; tmp++) {
|
|
obj = PyInt_FromLong(tmp->value);
|
|
PyDict_SetItemString(dict, tmp->name, obj);
|
|
Py_DECREF(obj);
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Module initialisation
|
|
*/
|
|
|
|
void initlsa(void)
|
|
{
|
|
PyObject *module, *dict;
|
|
|
|
/* Initialise module */
|
|
|
|
module = Py_InitModule("lsa", lsa_methods);
|
|
dict = PyModule_GetDict(module);
|
|
|
|
lsa_error = PyErr_NewException("lsa.error", NULL, NULL);
|
|
PyDict_SetItemString(dict, "error", lsa_error);
|
|
|
|
lsa_ntstatus = PyErr_NewException("lsa.ntstatus", NULL, NULL);
|
|
PyDict_SetItemString(dict, "ntstatus", lsa_ntstatus);
|
|
|
|
/* Initialise policy handle object */
|
|
|
|
lsa_policy_hnd_type.ob_type = &PyType_Type;
|
|
|
|
/* Initialise constants */
|
|
|
|
const_init(dict);
|
|
|
|
/* Do samba initialisation */
|
|
|
|
py_samba_init();
|
|
|
|
setup_logging("lsa", True);
|
|
DEBUGLEVEL = 10;
|
|
}
|