Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
4 :
5 : This program is free software; you can redistribute it and/or modify
6 : it under the terms of the GNU General Public License as published by
7 : the Free Software Foundation; either version 3 of the License, or
8 : (at your option) any later version.
9 :
10 : This program is distributed in the hope that it will be useful,
11 : but WITHOUT ANY WARRANTY; without even the implied warranty of
12 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 : GNU General Public License for more details.
14 :
15 : You should have received a copy of the GNU General Public License
16 : along with this program. If not, see <http://www.gnu.org/licenses/>.
17 : */
18 :
19 : #include <Python.h>
20 : #include "python/py3compat.h"
21 : #include "includes.h"
22 : #include "python/modules.h"
23 : #include "pycredentials.h"
24 : #include "param/param.h"
25 : #include "auth/credentials/credentials_internal.h"
26 : #include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
27 : #include "librpc/gen_ndr/netlogon.h"
28 : #include "libcli/util/pyerrors.h"
29 : #include "libcli/auth/libcli_auth.h"
30 : #include "param/pyparam.h"
31 : #include <tevent.h>
32 : #include "libcli/auth/libcli_auth.h"
33 : #include "system/kerberos.h"
34 : #include "auth/kerberos/kerberos.h"
35 : #include "libcli/smb/smb_constants.h"
36 :
37 : void initcredentials(void);
38 :
39 23453 : static PyObject *py_creds_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
40 : {
41 23453 : return pytalloc_steal(type, cli_credentials_init(NULL));
42 : }
43 :
44 4902 : static PyObject *py_creds_get_username(PyObject *self, PyObject *unused)
45 : {
46 4902 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
47 4902 : if (creds == NULL) {
48 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
49 0 : return NULL;
50 : }
51 4902 : return PyString_FromStringOrNULL(cli_credentials_get_username(creds));
52 : }
53 :
54 9369 : static PyObject *py_creds_set_username(PyObject *self, PyObject *args)
55 : {
56 : char *newval;
57 9369 : enum credentials_obtained obt = CRED_SPECIFIED;
58 9369 : int _obt = obt;
59 9369 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
60 9369 : if (creds == NULL) {
61 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
62 0 : return NULL;
63 : }
64 :
65 9369 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
66 0 : return NULL;
67 : }
68 9369 : obt = _obt;
69 :
70 9369 : return PyBool_FromLong(cli_credentials_set_username(creds, newval, obt));
71 : }
72 :
73 19 : static PyObject *py_creds_get_ntlm_username_domain(PyObject *self, PyObject *unused)
74 : {
75 19 : TALLOC_CTX *frame = talloc_stackframe();
76 19 : const char *user = NULL;
77 19 : const char *domain = NULL;
78 19 : PyObject *ret = NULL;
79 19 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
80 19 : if (creds == NULL) {
81 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
82 0 : return NULL;
83 : }
84 19 : cli_credentials_get_ntlm_username_domain(creds,
85 : frame, &user, &domain);
86 19 : ret = Py_BuildValue("(ss)",
87 : user,
88 : domain);
89 :
90 19 : TALLOC_FREE(frame);
91 19 : return ret;
92 : }
93 :
94 20 : static PyObject *py_creds_get_ntlm_response(PyObject *self, PyObject *args, PyObject *kwargs)
95 : {
96 20 : TALLOC_CTX *frame = talloc_stackframe();
97 20 : PyObject *ret = NULL;
98 : int flags;
99 : struct timeval tv_now;
100 : NTTIME server_timestamp;
101 20 : DATA_BLOB challenge = data_blob_null;
102 20 : DATA_BLOB target_info = data_blob_null;
103 : NTSTATUS status;
104 20 : DATA_BLOB lm_response = data_blob_null;
105 20 : DATA_BLOB nt_response = data_blob_null;
106 20 : DATA_BLOB lm_session_key = data_blob_null;
107 20 : DATA_BLOB nt_session_key = data_blob_null;
108 20 : const char *kwnames[] = { "flags", "challenge",
109 : "target_info",
110 : NULL };
111 20 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
112 20 : if (creds == NULL) {
113 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
114 0 : return NULL;
115 : }
116 :
117 20 : tv_now = timeval_current();
118 20 : server_timestamp = timeval_to_nttime(&tv_now);
119 :
120 20 : if (!PyArg_ParseTupleAndKeywords(args, kwargs, "is#|s#",
121 : discard_const_p(char *, kwnames),
122 : &flags,
123 : &challenge.data,
124 : &challenge.length,
125 : &target_info.data,
126 : &target_info.length)) {
127 0 : return NULL;
128 : }
129 :
130 20 : status = cli_credentials_get_ntlm_response(creds,
131 : frame, &flags,
132 : challenge,
133 : &server_timestamp,
134 : target_info,
135 : &lm_response, &nt_response,
136 : &lm_session_key, &nt_session_key);
137 :
138 20 : if (!NT_STATUS_IS_OK(status)) {
139 0 : PyErr_SetNTSTATUS(status);
140 0 : TALLOC_FREE(frame);
141 0 : return NULL;
142 : }
143 :
144 100 : ret = Py_BuildValue("{sis" PYARG_BYTES_LEN "s" PYARG_BYTES_LEN
145 : "s" PYARG_BYTES_LEN "s" PYARG_BYTES_LEN "}",
146 : "flags", flags,
147 : "lm_response",
148 20 : (const char *)lm_response.data, lm_response.length,
149 : "nt_response",
150 20 : (const char *)nt_response.data, nt_response.length,
151 : "lm_session_key",
152 20 : (const char *)lm_session_key.data, lm_session_key.length,
153 : "nt_session_key",
154 20 : (const char *)nt_session_key.data, nt_session_key.length);
155 20 : TALLOC_FREE(frame);
156 19 : return ret;
157 : }
158 :
159 24 : static PyObject *py_creds_get_principal(PyObject *self, PyObject *unused)
160 : {
161 24 : TALLOC_CTX *frame = talloc_stackframe();
162 24 : PyObject *ret = NULL;
163 24 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
164 24 : if (creds == NULL) {
165 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
166 0 : return NULL;
167 : }
168 24 : ret = PyString_FromStringOrNULL(cli_credentials_get_principal(creds, frame));
169 24 : TALLOC_FREE(frame);
170 2 : return ret;
171 : }
172 :
173 2 : static PyObject *py_creds_set_principal(PyObject *self, PyObject *args)
174 : {
175 : char *newval;
176 2 : enum credentials_obtained obt = CRED_SPECIFIED;
177 2 : int _obt = obt;
178 2 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
179 2 : if (creds == NULL) {
180 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
181 0 : return NULL;
182 : }
183 :
184 2 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
185 0 : return NULL;
186 : }
187 2 : obt = _obt;
188 :
189 2 : return PyBool_FromLong(cli_credentials_set_principal(creds, newval, obt));
190 : }
191 :
192 1117 : static PyObject *py_creds_get_password(PyObject *self, PyObject *unused)
193 : {
194 1117 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
195 1117 : if (creds == NULL) {
196 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
197 0 : return NULL;
198 : }
199 1117 : return PyString_FromStringOrNULL(cli_credentials_get_password(creds));
200 : }
201 :
202 9997 : static PyObject *py_creds_set_password(PyObject *self, PyObject *args)
203 : {
204 9997 : const char *newval = NULL;
205 9997 : enum credentials_obtained obt = CRED_SPECIFIED;
206 9997 : int _obt = obt;
207 9997 : PyObject *result = NULL;
208 9997 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
209 9997 : if (creds == NULL) {
210 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
211 0 : return NULL;
212 : }
213 :
214 9997 : if (!PyArg_ParseTuple(args, PYARG_STR_UNI"|i", "utf8", &newval, &_obt)) {
215 0 : return NULL;
216 : }
217 9997 : obt = _obt;
218 :
219 9997 : result = PyBool_FromLong(cli_credentials_set_password(creds, newval, obt));
220 9997 : PyMem_Free(discard_const_p(void*, newval));
221 9997 : return result;
222 : }
223 :
224 121 : static PyObject *py_creds_set_utf16_password(PyObject *self, PyObject *args)
225 : {
226 121 : enum credentials_obtained obt = CRED_SPECIFIED;
227 121 : int _obt = obt;
228 121 : PyObject *newval = NULL;
229 121 : DATA_BLOB blob = data_blob_null;
230 121 : Py_ssize_t size = 0;
231 : int result;
232 : bool ok;
233 121 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
234 121 : if (creds == NULL) {
235 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
236 0 : return NULL;
237 : }
238 :
239 121 : if (!PyArg_ParseTuple(args, "O|i", &newval, &_obt)) {
240 0 : return NULL;
241 : }
242 121 : obt = _obt;
243 :
244 121 : result = PyBytes_AsStringAndSize(newval, (char **)&blob.data, &size);
245 121 : if (result != 0) {
246 0 : PyErr_SetString(PyExc_RuntimeError, "Failed to convert passed value to Bytes");
247 0 : return NULL;
248 : }
249 121 : blob.length = size;
250 :
251 121 : ok = cli_credentials_set_utf16_password(creds,
252 : &blob, obt);
253 :
254 121 : return PyBool_FromLong(ok);
255 : }
256 :
257 3 : static PyObject *py_creds_get_old_password(PyObject *self, PyObject *unused)
258 : {
259 3 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
260 3 : if (creds == NULL) {
261 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
262 0 : return NULL;
263 : }
264 3 : return PyString_FromStringOrNULL(cli_credentials_get_old_password(creds));
265 : }
266 :
267 1 : static PyObject *py_creds_set_old_password(PyObject *self, PyObject *args)
268 : {
269 : char *oldval;
270 1 : enum credentials_obtained obt = CRED_SPECIFIED;
271 1 : int _obt = obt;
272 1 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
273 1 : if (creds == NULL) {
274 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
275 0 : return NULL;
276 : }
277 :
278 1 : if (!PyArg_ParseTuple(args, "s|i", &oldval, &_obt)) {
279 0 : return NULL;
280 : }
281 1 : obt = _obt;
282 :
283 1 : return PyBool_FromLong(cli_credentials_set_old_password(creds, oldval, obt));
284 : }
285 :
286 1 : static PyObject *py_creds_set_old_utf16_password(PyObject *self, PyObject *args)
287 : {
288 1 : PyObject *oldval = NULL;
289 1 : DATA_BLOB blob = data_blob_null;
290 1 : Py_ssize_t size = 0;
291 : int result;
292 : bool ok;
293 1 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
294 1 : if (creds == NULL) {
295 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
296 0 : return NULL;
297 : }
298 :
299 1 : if (!PyArg_ParseTuple(args, "O", &oldval)) {
300 0 : return NULL;
301 : }
302 :
303 1 : result = PyBytes_AsStringAndSize(oldval, (char **)&blob.data, &size);
304 1 : if (result != 0) {
305 0 : PyErr_SetString(PyExc_RuntimeError, "Failed to convert passed value to Bytes");
306 0 : return NULL;
307 : }
308 1 : blob.length = size;
309 :
310 1 : ok = cli_credentials_set_old_utf16_password(creds,
311 : &blob);
312 :
313 1 : return PyBool_FromLong(ok);
314 : }
315 :
316 7987 : static PyObject *py_creds_get_domain(PyObject *self, PyObject *unused)
317 : {
318 7987 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
319 7987 : if (creds == NULL) {
320 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
321 0 : return NULL;
322 : }
323 7987 : return PyString_FromStringOrNULL(cli_credentials_get_domain(creds));
324 : }
325 :
326 8780 : static PyObject *py_creds_set_domain(PyObject *self, PyObject *args)
327 : {
328 : char *newval;
329 8780 : enum credentials_obtained obt = CRED_SPECIFIED;
330 8780 : int _obt = obt;
331 8780 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
332 8780 : if (creds == NULL) {
333 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
334 0 : return NULL;
335 : }
336 :
337 8780 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
338 0 : return NULL;
339 : }
340 8780 : obt = _obt;
341 :
342 8780 : return PyBool_FromLong(cli_credentials_set_domain(creds, newval, obt));
343 : }
344 :
345 12613 : static PyObject *py_creds_get_realm(PyObject *self, PyObject *unused)
346 : {
347 12613 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
348 12613 : if (creds == NULL) {
349 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
350 0 : return NULL;
351 : }
352 12613 : return PyString_FromStringOrNULL(cli_credentials_get_realm(creds));
353 : }
354 :
355 8440 : static PyObject *py_creds_set_realm(PyObject *self, PyObject *args)
356 : {
357 : char *newval;
358 8440 : enum credentials_obtained obt = CRED_SPECIFIED;
359 8440 : int _obt = obt;
360 8440 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
361 8440 : if (creds == NULL) {
362 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
363 0 : return NULL;
364 : }
365 :
366 8440 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
367 0 : return NULL;
368 : }
369 8440 : obt = _obt;
370 :
371 8440 : return PyBool_FromLong(cli_credentials_set_realm(creds, newval, obt));
372 : }
373 :
374 19 : static PyObject *py_creds_get_bind_dn(PyObject *self, PyObject *unused)
375 : {
376 19 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
377 19 : if (creds == NULL) {
378 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
379 0 : return NULL;
380 : }
381 19 : return PyString_FromStringOrNULL(cli_credentials_get_bind_dn(creds));
382 : }
383 :
384 259 : static PyObject *py_creds_set_bind_dn(PyObject *self, PyObject *args)
385 : {
386 : char *newval;
387 259 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
388 259 : if (creds == NULL) {
389 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
390 0 : return NULL;
391 : }
392 259 : if (!PyArg_ParseTuple(args, "s", &newval))
393 0 : return NULL;
394 :
395 259 : return PyBool_FromLong(cli_credentials_set_bind_dn(creds, newval));
396 : }
397 :
398 8487 : static PyObject *py_creds_get_workstation(PyObject *self, PyObject *unused)
399 : {
400 8487 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
401 8487 : if (creds == NULL) {
402 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
403 0 : return NULL;
404 : }
405 8487 : return PyString_FromStringOrNULL(cli_credentials_get_workstation(creds));
406 : }
407 :
408 8884 : static PyObject *py_creds_set_workstation(PyObject *self, PyObject *args)
409 : {
410 : char *newval;
411 8884 : enum credentials_obtained obt = CRED_SPECIFIED;
412 8884 : int _obt = obt;
413 8884 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
414 8884 : if (creds == NULL) {
415 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
416 0 : return NULL;
417 : }
418 :
419 8884 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
420 0 : return NULL;
421 : }
422 8884 : obt = _obt;
423 :
424 8884 : return PyBool_FromLong(cli_credentials_set_workstation(creds, newval, obt));
425 : }
426 :
427 91 : static PyObject *py_creds_is_anonymous(PyObject *self, PyObject *unused)
428 : {
429 91 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
430 91 : if (creds == NULL) {
431 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
432 0 : return NULL;
433 : }
434 91 : return PyBool_FromLong(cli_credentials_is_anonymous(creds));
435 : }
436 :
437 1012 : static PyObject *py_creds_set_anonymous(PyObject *self, PyObject *unused)
438 : {
439 1012 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
440 1012 : if (creds == NULL) {
441 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
442 0 : return NULL;
443 : }
444 1012 : cli_credentials_set_anonymous(creds);
445 1012 : Py_RETURN_NONE;
446 : }
447 :
448 7289 : static PyObject *py_creds_authentication_requested(PyObject *self, PyObject *unused)
449 : {
450 7289 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
451 7289 : if (creds == NULL) {
452 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
453 0 : return NULL;
454 : }
455 7289 : return PyBool_FromLong(cli_credentials_authentication_requested(creds));
456 : }
457 :
458 1 : static PyObject *py_creds_wrong_password(PyObject *self, PyObject *unused)
459 : {
460 1 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
461 1 : if (creds == NULL) {
462 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
463 0 : return NULL;
464 : }
465 1 : return PyBool_FromLong(cli_credentials_wrong_password(creds));
466 : }
467 :
468 10835 : static PyObject *py_creds_set_cmdline_callbacks(PyObject *self, PyObject *unused)
469 : {
470 10835 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
471 10835 : if (creds == NULL) {
472 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
473 0 : return NULL;
474 : }
475 10835 : return PyBool_FromLong(cli_credentials_set_cmdline_callbacks(creds));
476 : }
477 :
478 4946 : static PyObject *py_creds_parse_string(PyObject *self, PyObject *args)
479 : {
480 : char *newval;
481 4946 : enum credentials_obtained obt = CRED_SPECIFIED;
482 4946 : int _obt = obt;
483 4946 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
484 4946 : if (creds == NULL) {
485 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
486 0 : return NULL;
487 : }
488 :
489 4946 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
490 0 : return NULL;
491 : }
492 4946 : obt = _obt;
493 :
494 4946 : cli_credentials_parse_string(creds, newval, obt);
495 4946 : Py_RETURN_NONE;
496 : }
497 :
498 5 : static PyObject *py_creds_parse_file(PyObject *self, PyObject *args)
499 : {
500 : char *newval;
501 5 : enum credentials_obtained obt = CRED_SPECIFIED;
502 5 : int _obt = obt;
503 5 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
504 5 : if (creds == NULL) {
505 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
506 0 : return NULL;
507 : }
508 :
509 5 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
510 0 : return NULL;
511 : }
512 5 : obt = _obt;
513 :
514 5 : cli_credentials_parse_file(creds, newval, obt);
515 5 : Py_RETURN_NONE;
516 : }
517 :
518 1 : static PyObject *py_cli_credentials_set_password_will_be_nt_hash(PyObject *self, PyObject *args)
519 : {
520 1 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
521 1 : PyObject *py_val = NULL;
522 1 : bool val = false;
523 :
524 1 : if (!PyArg_ParseTuple(args, "O!", &PyBool_Type, &py_val)) {
525 0 : return NULL;
526 : }
527 1 : val = PyObject_IsTrue(py_val);
528 :
529 1 : cli_credentials_set_password_will_be_nt_hash(creds, val);
530 1 : Py_RETURN_NONE;
531 : }
532 :
533 510 : static PyObject *py_creds_get_nt_hash(PyObject *self, PyObject *unused)
534 : {
535 : PyObject *ret;
536 510 : struct samr_Password *ntpw = NULL;
537 510 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
538 510 : if (creds == NULL) {
539 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
540 0 : return NULL;
541 : }
542 510 : ntpw = cli_credentials_get_nt_hash(creds, creds);
543 :
544 510 : ret = PyBytes_FromStringAndSize(discard_const_p(char, ntpw->hash), 16);
545 510 : TALLOC_FREE(ntpw);
546 498 : return ret;
547 : }
548 :
549 524 : static PyObject *py_creds_get_kerberos_state(PyObject *self, PyObject *unused)
550 : {
551 : int state;
552 524 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
553 524 : if (creds == NULL) {
554 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
555 0 : return NULL;
556 : }
557 524 : state = cli_credentials_get_kerberos_state(creds);
558 524 : return PyLong_FromLong(state);
559 : }
560 :
561 7828 : static PyObject *py_creds_set_kerberos_state(PyObject *self, PyObject *args)
562 : {
563 : int state;
564 7828 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
565 7828 : if (creds == NULL) {
566 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
567 0 : return NULL;
568 : }
569 7828 : if (!PyArg_ParseTuple(args, "i", &state))
570 0 : return NULL;
571 :
572 7828 : cli_credentials_set_kerberos_state(creds, state, CRED_SPECIFIED);
573 7828 : Py_RETURN_NONE;
574 : }
575 :
576 32 : static PyObject *py_creds_set_krb_forwardable(PyObject *self, PyObject *args)
577 : {
578 : int state;
579 32 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
580 32 : if (creds == NULL) {
581 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
582 0 : return NULL;
583 : }
584 32 : if (!PyArg_ParseTuple(args, "i", &state))
585 0 : return NULL;
586 :
587 32 : cli_credentials_set_krb_forwardable(creds, state);
588 32 : Py_RETURN_NONE;
589 : }
590 :
591 :
592 0 : static PyObject *py_creds_get_forced_sasl_mech(PyObject *self, PyObject *unused)
593 : {
594 0 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
595 0 : if (creds == NULL) {
596 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
597 0 : return NULL;
598 : }
599 0 : return PyString_FromStringOrNULL(cli_credentials_get_forced_sasl_mech(creds));
600 : }
601 :
602 0 : static PyObject *py_creds_set_forced_sasl_mech(PyObject *self, PyObject *args)
603 : {
604 : char *newval;
605 0 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
606 0 : if (creds == NULL) {
607 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
608 0 : return NULL;
609 : }
610 :
611 0 : if (!PyArg_ParseTuple(args, "s", &newval)) {
612 0 : return NULL;
613 : }
614 :
615 0 : cli_credentials_set_forced_sasl_mech(creds, newval);
616 0 : Py_RETURN_NONE;
617 : }
618 :
619 6 : static PyObject *py_creds_set_conf(PyObject *self, PyObject *args)
620 : {
621 6 : PyObject *py_lp_ctx = Py_None;
622 : struct loadparm_context *lp_ctx;
623 : TALLOC_CTX *mem_ctx;
624 : struct cli_credentials *creds;
625 : bool ok;
626 :
627 6 : creds = PyCredentials_AsCliCredentials(self);
628 6 : if (creds == NULL) {
629 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
630 0 : return NULL;
631 : }
632 :
633 6 : if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx)) {
634 0 : return NULL;
635 : }
636 :
637 6 : mem_ctx = talloc_new(NULL);
638 6 : if (mem_ctx == NULL) {
639 0 : PyErr_NoMemory();
640 0 : return NULL;
641 : }
642 :
643 6 : lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
644 6 : if (lp_ctx == NULL) {
645 0 : talloc_free(mem_ctx);
646 0 : return NULL;
647 : }
648 :
649 6 : ok = cli_credentials_set_conf(creds, lp_ctx);
650 6 : talloc_free(mem_ctx);
651 6 : if (!ok) {
652 0 : return NULL;
653 : }
654 :
655 6 : Py_RETURN_NONE;
656 : }
657 :
658 13385 : static PyObject *py_creds_guess(PyObject *self, PyObject *args)
659 : {
660 13385 : PyObject *py_lp_ctx = Py_None;
661 : struct loadparm_context *lp_ctx;
662 : TALLOC_CTX *mem_ctx;
663 : struct cli_credentials *creds;
664 : bool ok;
665 :
666 13385 : creds = PyCredentials_AsCliCredentials(self);
667 13385 : if (creds == NULL) {
668 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
669 0 : return NULL;
670 : }
671 :
672 13385 : if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
673 0 : return NULL;
674 :
675 13385 : mem_ctx = talloc_new(NULL);
676 13385 : if (mem_ctx == NULL) {
677 0 : PyErr_NoMemory();
678 0 : return NULL;
679 : }
680 :
681 13385 : lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
682 13385 : if (lp_ctx == NULL) {
683 0 : talloc_free(mem_ctx);
684 0 : return NULL;
685 : }
686 :
687 13385 : ok = cli_credentials_guess(creds, lp_ctx);
688 13385 : talloc_free(mem_ctx);
689 13385 : if (!ok) {
690 0 : return NULL;
691 : }
692 :
693 13385 : Py_RETURN_NONE;
694 : }
695 :
696 3486 : static PyObject *py_creds_set_machine_account(PyObject *self, PyObject *args)
697 : {
698 3486 : PyObject *py_lp_ctx = Py_None;
699 : struct loadparm_context *lp_ctx;
700 : NTSTATUS status;
701 : struct cli_credentials *creds;
702 : TALLOC_CTX *mem_ctx;
703 :
704 3486 : creds = PyCredentials_AsCliCredentials(self);
705 3486 : if (creds == NULL) {
706 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
707 0 : return NULL;
708 : }
709 :
710 3486 : if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
711 0 : return NULL;
712 :
713 3486 : mem_ctx = talloc_new(NULL);
714 3486 : if (mem_ctx == NULL) {
715 0 : PyErr_NoMemory();
716 0 : return NULL;
717 : }
718 :
719 3486 : lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
720 3486 : if (lp_ctx == NULL) {
721 0 : talloc_free(mem_ctx);
722 0 : return NULL;
723 : }
724 :
725 3486 : status = cli_credentials_set_machine_account(creds, lp_ctx);
726 3486 : talloc_free(mem_ctx);
727 :
728 3486 : PyErr_NTSTATUS_IS_ERR_RAISE(status);
729 :
730 3005 : Py_RETURN_NONE;
731 : }
732 :
733 1873 : static PyObject *PyCredentialCacheContainer_from_ccache_container(struct ccache_container *ccc)
734 : {
735 1873 : return pytalloc_reference(&PyCredentialCacheContainer, ccc);
736 : }
737 :
738 :
739 1873 : static PyObject *py_creds_get_named_ccache(PyObject *self, PyObject *args)
740 : {
741 1873 : PyObject *py_lp_ctx = Py_None;
742 1873 : char *ccache_name = NULL;
743 : struct loadparm_context *lp_ctx;
744 : struct ccache_container *ccc;
745 : struct tevent_context *event_ctx;
746 : int ret;
747 : const char *error_string;
748 : struct cli_credentials *creds;
749 : TALLOC_CTX *mem_ctx;
750 :
751 1873 : creds = PyCredentials_AsCliCredentials(self);
752 1873 : if (creds == NULL) {
753 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
754 0 : return NULL;
755 : }
756 :
757 1873 : if (!PyArg_ParseTuple(args, "|Os", &py_lp_ctx, &ccache_name))
758 0 : return NULL;
759 :
760 1873 : mem_ctx = talloc_new(NULL);
761 1873 : if (mem_ctx == NULL) {
762 0 : PyErr_NoMemory();
763 0 : return NULL;
764 : }
765 :
766 1873 : lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
767 1873 : if (lp_ctx == NULL) {
768 0 : talloc_free(mem_ctx);
769 0 : return NULL;
770 : }
771 :
772 1873 : event_ctx = samba_tevent_context_init(mem_ctx);
773 :
774 1873 : ret = cli_credentials_get_named_ccache(creds, event_ctx, lp_ctx,
775 : ccache_name, &ccc, &error_string);
776 1873 : talloc_unlink(mem_ctx, lp_ctx);
777 1873 : if (ret == 0) {
778 1873 : talloc_steal(ccc, event_ctx);
779 1873 : talloc_free(mem_ctx);
780 1873 : return PyCredentialCacheContainer_from_ccache_container(ccc);
781 : }
782 :
783 0 : PyErr_SetString(PyExc_RuntimeError, error_string?error_string:"NULL");
784 :
785 0 : talloc_free(mem_ctx);
786 0 : return NULL;
787 : }
788 :
789 1849 : static PyObject *py_creds_set_named_ccache(PyObject *self, PyObject *args)
790 : {
791 1849 : struct loadparm_context *lp_ctx = NULL;
792 1849 : enum credentials_obtained obt = CRED_SPECIFIED;
793 1849 : const char *error_string = NULL;
794 1849 : TALLOC_CTX *mem_ctx = NULL;
795 1849 : char *newval = NULL;
796 1849 : PyObject *py_lp_ctx = Py_None;
797 1849 : int _obt = obt;
798 : int ret;
799 1849 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
800 1849 : if (creds == NULL) {
801 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
802 0 : return NULL;
803 : }
804 :
805 1849 : if (!PyArg_ParseTuple(args, "s|iO", &newval, &_obt, &py_lp_ctx))
806 0 : return NULL;
807 1849 : obt = _obt;
808 :
809 1849 : mem_ctx = talloc_new(NULL);
810 1849 : if (mem_ctx == NULL) {
811 0 : PyErr_NoMemory();
812 0 : return NULL;
813 : }
814 :
815 1849 : lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
816 1849 : if (lp_ctx == NULL) {
817 0 : talloc_free(mem_ctx);
818 0 : return NULL;
819 : }
820 :
821 1849 : ret = cli_credentials_set_ccache(creds,
822 : lp_ctx,
823 : newval, obt,
824 : &error_string);
825 :
826 1849 : if (ret != 0) {
827 0 : PyErr_SetString(PyExc_RuntimeError,
828 0 : error_string != NULL ? error_string : "NULL");
829 0 : talloc_free(mem_ctx);
830 0 : return NULL;
831 : }
832 :
833 1849 : talloc_free(mem_ctx);
834 1849 : Py_RETURN_NONE;
835 : }
836 :
837 5680 : static PyObject *py_creds_set_gensec_features(PyObject *self, PyObject *args)
838 : {
839 : unsigned int gensec_features;
840 5680 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
841 5680 : if (creds == NULL) {
842 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
843 0 : return NULL;
844 : }
845 :
846 5680 : if (!PyArg_ParseTuple(args, "I", &gensec_features))
847 0 : return NULL;
848 :
849 5680 : cli_credentials_set_gensec_features(creds,
850 : gensec_features,
851 : CRED_SPECIFIED);
852 :
853 5680 : Py_RETURN_NONE;
854 : }
855 :
856 5680 : static PyObject *py_creds_get_gensec_features(PyObject *self, PyObject *args)
857 : {
858 : unsigned int gensec_features;
859 5680 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
860 5680 : if (creds == NULL) {
861 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
862 0 : return NULL;
863 : }
864 :
865 5680 : gensec_features = cli_credentials_get_gensec_features(creds);
866 5680 : return PyLong_FromLong(gensec_features);
867 : }
868 :
869 25 : static PyObject *py_creds_new_client_authenticator(PyObject *self,
870 : PyObject *args)
871 : {
872 : struct netr_Authenticator auth;
873 25 : struct cli_credentials *creds = NULL;
874 25 : struct netlogon_creds_CredentialState *nc = NULL;
875 25 : PyObject *ret = NULL;
876 : NTSTATUS status;
877 :
878 25 : creds = PyCredentials_AsCliCredentials(self);
879 25 : if (creds == NULL) {
880 0 : PyErr_SetString(PyExc_RuntimeError,
881 : "Failed to get credentials from python");
882 0 : return NULL;
883 : }
884 :
885 25 : nc = creds->netlogon_creds;
886 25 : if (nc == NULL) {
887 3 : PyErr_SetString(PyExc_ValueError,
888 : "No netlogon credentials cannot make "
889 : "client authenticator");
890 3 : return NULL;
891 : }
892 :
893 22 : status = netlogon_creds_client_authenticator(nc, &auth);
894 22 : if (!NT_STATUS_IS_OK(status)) {
895 0 : PyErr_SetString(PyExc_ValueError,
896 : "Failed to create client authenticator");
897 0 : return NULL;
898 : }
899 :
900 22 : ret = Py_BuildValue("{s"PYARG_BYTES_LEN"si}",
901 : "credential",
902 : (const char *) &auth.cred, sizeof(auth.cred),
903 : "timestamp", auth.timestamp);
904 22 : return ret;
905 : }
906 :
907 747 : static PyObject *py_creds_set_secure_channel_type(PyObject *self, PyObject *args)
908 : {
909 : unsigned int channel_type;
910 747 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
911 747 : if (creds == NULL) {
912 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
913 0 : return NULL;
914 : }
915 :
916 747 : if (!PyArg_ParseTuple(args, "I", &channel_type))
917 0 : return NULL;
918 :
919 747 : cli_credentials_set_secure_channel_type(
920 : creds,
921 : channel_type);
922 :
923 747 : Py_RETURN_NONE;
924 : }
925 :
926 3 : static PyObject *py_creds_get_secure_channel_type(PyObject *self, PyObject *args)
927 : {
928 3 : enum netr_SchannelType channel_type = SEC_CHAN_NULL;
929 3 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
930 3 : if (creds == NULL) {
931 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
932 0 : return NULL;
933 : }
934 :
935 3 : channel_type = cli_credentials_get_secure_channel_type(creds);
936 :
937 3 : return PyLong_FromLong(channel_type);
938 : }
939 :
940 4 : static PyObject *py_creds_encrypt_netr_crypt_password(PyObject *self,
941 : PyObject *args)
942 : {
943 4 : DATA_BLOB data = data_blob_null;
944 4 : struct cli_credentials *creds = NULL;
945 4 : struct netr_CryptPassword *pwd = NULL;
946 : NTSTATUS status;
947 4 : PyObject *py_cp = Py_None;
948 :
949 4 : creds = PyCredentials_AsCliCredentials(self);
950 4 : if (creds == NULL) {
951 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
952 0 : return NULL;
953 : }
954 :
955 4 : if (!PyArg_ParseTuple(args, "O", &py_cp)) {
956 0 : return NULL;
957 : }
958 :
959 4 : pwd = pytalloc_get_type(py_cp, struct netr_CryptPassword);
960 4 : if (pwd == NULL) {
961 : /* pytalloc_get_type sets TypeError */
962 0 : return NULL;
963 : }
964 4 : data.length = sizeof(struct netr_CryptPassword);
965 4 : data.data = (uint8_t *)pwd;
966 4 : status = netlogon_creds_session_encrypt(creds->netlogon_creds, data);
967 :
968 4 : PyErr_NTSTATUS_IS_ERR_RAISE(status);
969 :
970 4 : Py_RETURN_NONE;
971 : }
972 :
973 907 : static PyObject *py_creds_get_smb_signing(PyObject *self, PyObject *unused)
974 : {
975 : enum smb_signing_setting signing_state;
976 907 : struct cli_credentials *creds = NULL;
977 :
978 907 : creds = PyCredentials_AsCliCredentials(self);
979 907 : if (creds == NULL) {
980 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
981 0 : return NULL;
982 : }
983 :
984 907 : signing_state = cli_credentials_get_smb_signing(creds);
985 907 : return PyLong_FromLong(signing_state);
986 : }
987 :
988 1806 : static PyObject *py_creds_set_smb_signing(PyObject *self, PyObject *args)
989 : {
990 : enum smb_signing_setting signing_state;
991 1806 : struct cli_credentials *creds = NULL;
992 1806 : enum credentials_obtained obt = CRED_SPECIFIED;
993 :
994 1806 : creds = PyCredentials_AsCliCredentials(self);
995 1806 : if (creds == NULL) {
996 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
997 0 : return NULL;
998 : }
999 1806 : if (!PyArg_ParseTuple(args, "i|i", &signing_state, &obt)) {
1000 0 : return NULL;
1001 : }
1002 :
1003 1806 : switch (signing_state) {
1004 1804 : case SMB_SIGNING_DEFAULT:
1005 : case SMB_SIGNING_OFF:
1006 : case SMB_SIGNING_IF_REQUIRED:
1007 : case SMB_SIGNING_DESIRED:
1008 : case SMB_SIGNING_REQUIRED:
1009 1804 : break;
1010 0 : default:
1011 0 : PyErr_Format(PyExc_TypeError, "Invalid signing state value");
1012 0 : return NULL;
1013 : }
1014 :
1015 1806 : cli_credentials_set_smb_signing(creds, signing_state, obt);
1016 1806 : Py_RETURN_NONE;
1017 : }
1018 :
1019 44 : static PyObject *py_creds_get_smb_ipc_signing(PyObject *self, PyObject *unused)
1020 : {
1021 : enum smb_signing_setting signing_state;
1022 44 : struct cli_credentials *creds = NULL;
1023 :
1024 44 : creds = PyCredentials_AsCliCredentials(self);
1025 44 : if (creds == NULL) {
1026 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1027 0 : return NULL;
1028 : }
1029 :
1030 44 : signing_state = cli_credentials_get_smb_ipc_signing(creds);
1031 44 : return PyLong_FromLong(signing_state);
1032 : }
1033 :
1034 80 : static PyObject *py_creds_set_smb_ipc_signing(PyObject *self, PyObject *args)
1035 : {
1036 : enum smb_signing_setting signing_state;
1037 80 : struct cli_credentials *creds = NULL;
1038 80 : enum credentials_obtained obt = CRED_SPECIFIED;
1039 :
1040 80 : creds = PyCredentials_AsCliCredentials(self);
1041 80 : if (creds == NULL) {
1042 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1043 0 : return NULL;
1044 : }
1045 80 : if (!PyArg_ParseTuple(args, "i|i", &signing_state, &obt)) {
1046 0 : return NULL;
1047 : }
1048 :
1049 80 : switch (signing_state) {
1050 78 : case SMB_SIGNING_DEFAULT:
1051 : case SMB_SIGNING_OFF:
1052 : case SMB_SIGNING_IF_REQUIRED:
1053 : case SMB_SIGNING_DESIRED:
1054 : case SMB_SIGNING_REQUIRED:
1055 78 : break;
1056 0 : default:
1057 0 : PyErr_Format(PyExc_TypeError, "Invalid signing state value");
1058 0 : return NULL;
1059 : }
1060 :
1061 80 : cli_credentials_set_smb_ipc_signing(creds, signing_state, obt);
1062 80 : Py_RETURN_NONE;
1063 : }
1064 :
1065 5 : static PyObject *py_creds_get_smb_encryption(PyObject *self, PyObject *unused)
1066 : {
1067 : enum smb_encryption_setting encryption_state;
1068 5 : struct cli_credentials *creds = NULL;
1069 :
1070 5 : creds = PyCredentials_AsCliCredentials(self);
1071 5 : if (creds == NULL) {
1072 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1073 0 : return NULL;
1074 : }
1075 :
1076 5 : encryption_state = cli_credentials_get_smb_encryption(creds);
1077 5 : return PyLong_FromLong(encryption_state);
1078 : }
1079 :
1080 18 : static PyObject *py_creds_set_smb_encryption(PyObject *self, PyObject *args)
1081 : {
1082 : enum smb_encryption_setting encryption_state;
1083 18 : struct cli_credentials *creds = NULL;
1084 18 : enum credentials_obtained obt = CRED_SPECIFIED;
1085 :
1086 18 : creds = PyCredentials_AsCliCredentials(self);
1087 18 : if (creds == NULL) {
1088 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1089 0 : return NULL;
1090 : }
1091 18 : if (!PyArg_ParseTuple(args, "i|i", &encryption_state, &obt)) {
1092 0 : return NULL;
1093 : }
1094 :
1095 18 : switch (encryption_state) {
1096 16 : case SMB_ENCRYPTION_DEFAULT:
1097 : case SMB_ENCRYPTION_OFF:
1098 : case SMB_ENCRYPTION_IF_REQUIRED:
1099 : case SMB_ENCRYPTION_DESIRED:
1100 : case SMB_ENCRYPTION_REQUIRED:
1101 16 : break;
1102 0 : default:
1103 0 : PyErr_Format(PyExc_TypeError, "Invalid encryption state value");
1104 0 : return NULL;
1105 : }
1106 :
1107 18 : cli_credentials_set_smb_encryption(creds, encryption_state, obt);
1108 18 : Py_RETURN_NONE;
1109 : }
1110 :
1111 : static PyMethodDef py_creds_methods[] = {
1112 : {
1113 : .ml_name = "get_username",
1114 : .ml_meth = py_creds_get_username,
1115 : .ml_flags = METH_NOARGS,
1116 : .ml_doc = "S.get_username() -> username\nObtain username.",
1117 : },
1118 : {
1119 : .ml_name = "set_username",
1120 : .ml_meth = py_creds_set_username,
1121 : .ml_flags = METH_VARARGS,
1122 : .ml_doc = "S.set_username(name[, credentials.SPECIFIED]) -> None\n"
1123 : "Change username.",
1124 : },
1125 : {
1126 : .ml_name = "get_principal",
1127 : .ml_meth = py_creds_get_principal,
1128 : .ml_flags = METH_NOARGS,
1129 : .ml_doc = "S.get_principal() -> user@realm\nObtain user principal.",
1130 : },
1131 : {
1132 : .ml_name = "set_principal",
1133 : .ml_meth = py_creds_set_principal,
1134 : .ml_flags = METH_VARARGS,
1135 : .ml_doc = "S.set_principal(name[, credentials.SPECIFIED]) -> None\n"
1136 : "Change principal.",
1137 : },
1138 : {
1139 : .ml_name = "get_password",
1140 : .ml_meth = py_creds_get_password,
1141 : .ml_flags = METH_NOARGS,
1142 : .ml_doc = "S.get_password() -> password\n"
1143 : "Obtain password.",
1144 : },
1145 : {
1146 : .ml_name = "get_ntlm_username_domain",
1147 : .ml_meth = py_creds_get_ntlm_username_domain,
1148 : .ml_flags = METH_NOARGS,
1149 : .ml_doc = "S.get_ntlm_username_domain() -> (domain, username)\n"
1150 : "Obtain NTLM username and domain, split up either as (DOMAIN, user) or (\"\", \"user@realm\").",
1151 : },
1152 : {
1153 : .ml_name = "get_ntlm_response",
1154 : .ml_meth = PY_DISCARD_FUNC_SIG(PyCFunction,
1155 : py_creds_get_ntlm_response),
1156 : .ml_flags = METH_VARARGS | METH_KEYWORDS,
1157 : .ml_doc = "S.get_ntlm_response"
1158 : "(flags, challenge[, target_info]) -> "
1159 : "(flags, lm_response, nt_response, lm_session_key, nt_session_key)\n"
1160 : "Obtain LM or NTLM response.",
1161 : },
1162 : {
1163 : .ml_name = "set_password",
1164 : .ml_meth = py_creds_set_password,
1165 : .ml_flags = METH_VARARGS,
1166 : .ml_doc = "S.set_password(password[, credentials.SPECIFIED]) -> None\n"
1167 : "Change password.",
1168 : },
1169 : {
1170 : .ml_name = "set_utf16_password",
1171 : .ml_meth = py_creds_set_utf16_password,
1172 : .ml_flags = METH_VARARGS,
1173 : .ml_doc = "S.set_utf16_password(password[, credentials.SPECIFIED]) -> None\n"
1174 : "Change password.",
1175 : },
1176 : {
1177 : .ml_name = "get_old_password",
1178 : .ml_meth = py_creds_get_old_password,
1179 : .ml_flags = METH_NOARGS,
1180 : .ml_doc = "S.get_old_password() -> password\n"
1181 : "Obtain old password.",
1182 : },
1183 : {
1184 : .ml_name = "set_old_password",
1185 : .ml_meth = py_creds_set_old_password,
1186 : .ml_flags = METH_VARARGS,
1187 : .ml_doc = "S.set_old_password(password[, credentials.SPECIFIED]) -> None\n"
1188 : "Change old password.",
1189 : },
1190 : {
1191 : .ml_name = "set_old_utf16_password",
1192 : .ml_meth = py_creds_set_old_utf16_password,
1193 : .ml_flags = METH_VARARGS,
1194 : .ml_doc = "S.set_old_utf16_password(password[, credentials.SPECIFIED]) -> None\n"
1195 : "Change old password.",
1196 : },
1197 : {
1198 : .ml_name = "get_domain",
1199 : .ml_meth = py_creds_get_domain,
1200 : .ml_flags = METH_NOARGS,
1201 : .ml_doc = "S.get_domain() -> domain\n"
1202 : "Obtain domain name.",
1203 : },
1204 : {
1205 : .ml_name = "set_domain",
1206 : .ml_meth = py_creds_set_domain,
1207 : .ml_flags = METH_VARARGS,
1208 : .ml_doc = "S.set_domain(domain[, credentials.SPECIFIED]) -> None\n"
1209 : "Change domain name.",
1210 : },
1211 : {
1212 : .ml_name = "get_realm",
1213 : .ml_meth = py_creds_get_realm,
1214 : .ml_flags = METH_NOARGS,
1215 : .ml_doc = "S.get_realm() -> realm\n"
1216 : "Obtain realm name.",
1217 : },
1218 : {
1219 : .ml_name = "set_realm",
1220 : .ml_meth = py_creds_set_realm,
1221 : .ml_flags = METH_VARARGS,
1222 : .ml_doc = "S.set_realm(realm[, credentials.SPECIFIED]) -> None\n"
1223 : "Change realm name.",
1224 : },
1225 : {
1226 : .ml_name = "get_bind_dn",
1227 : .ml_meth = py_creds_get_bind_dn,
1228 : .ml_flags = METH_NOARGS,
1229 : .ml_doc = "S.get_bind_dn() -> bind dn\n"
1230 : "Obtain bind DN.",
1231 : },
1232 : {
1233 : .ml_name = "set_bind_dn",
1234 : .ml_meth = py_creds_set_bind_dn,
1235 : .ml_flags = METH_VARARGS,
1236 : .ml_doc = "S.set_bind_dn(bind_dn) -> None\n"
1237 : "Change bind DN.",
1238 : },
1239 : {
1240 : .ml_name = "is_anonymous",
1241 : .ml_meth = py_creds_is_anonymous,
1242 : .ml_flags = METH_NOARGS,
1243 : },
1244 : {
1245 : .ml_name = "set_anonymous",
1246 : .ml_meth = py_creds_set_anonymous,
1247 : .ml_flags = METH_NOARGS,
1248 : .ml_doc = "S.set_anonymous() -> None\n"
1249 : "Use anonymous credentials.",
1250 : },
1251 : {
1252 : .ml_name = "get_workstation",
1253 : .ml_meth = py_creds_get_workstation,
1254 : .ml_flags = METH_NOARGS,
1255 : },
1256 : {
1257 : .ml_name = "set_workstation",
1258 : .ml_meth = py_creds_set_workstation,
1259 : .ml_flags = METH_VARARGS,
1260 : },
1261 : {
1262 : .ml_name = "authentication_requested",
1263 : .ml_meth = py_creds_authentication_requested,
1264 : .ml_flags = METH_NOARGS,
1265 : },
1266 : {
1267 : .ml_name = "wrong_password",
1268 : .ml_meth = py_creds_wrong_password,
1269 : .ml_flags = METH_NOARGS,
1270 : .ml_doc = "S.wrong_password() -> bool\n"
1271 : "Indicate the returned password was incorrect.",
1272 : },
1273 : {
1274 : .ml_name = "set_cmdline_callbacks",
1275 : .ml_meth = py_creds_set_cmdline_callbacks,
1276 : .ml_flags = METH_NOARGS,
1277 : .ml_doc = "S.set_cmdline_callbacks() -> bool\n"
1278 : "Use command-line to obtain credentials not explicitly set.",
1279 : },
1280 : {
1281 : .ml_name = "parse_string",
1282 : .ml_meth = py_creds_parse_string,
1283 : .ml_flags = METH_VARARGS,
1284 : .ml_doc = "S.parse_string(text[, credentials.SPECIFIED]) -> None\n"
1285 : "Parse credentials string.",
1286 : },
1287 : {
1288 : .ml_name = "parse_file",
1289 : .ml_meth = py_creds_parse_file,
1290 : .ml_flags = METH_VARARGS,
1291 : .ml_doc = "S.parse_file(filename[, credentials.SPECIFIED]) -> None\n"
1292 : "Parse credentials file.",
1293 : },
1294 : {
1295 : .ml_name = "set_password_will_be_nt_hash",
1296 : .ml_meth = py_cli_credentials_set_password_will_be_nt_hash,
1297 : .ml_flags = METH_VARARGS,
1298 : .ml_doc = "S.set_password_will_be_nt_hash(bool) -> None\n"
1299 : "Alters the behaviour of S.set_password() "
1300 : "to expect the NTHASH as hexstring.",
1301 : },
1302 : {
1303 : .ml_name = "get_nt_hash",
1304 : .ml_meth = py_creds_get_nt_hash,
1305 : .ml_flags = METH_NOARGS,
1306 : },
1307 : {
1308 : .ml_name = "get_kerberos_state",
1309 : .ml_meth = py_creds_get_kerberos_state,
1310 : .ml_flags = METH_NOARGS,
1311 : },
1312 : {
1313 : .ml_name = "set_kerberos_state",
1314 : .ml_meth = py_creds_set_kerberos_state,
1315 : .ml_flags = METH_VARARGS,
1316 : },
1317 : {
1318 : .ml_name = "set_krb_forwardable",
1319 : .ml_meth = py_creds_set_krb_forwardable,
1320 : .ml_flags = METH_VARARGS,
1321 : },
1322 : {
1323 : .ml_name = "set_conf",
1324 : .ml_meth = py_creds_set_conf,
1325 : .ml_flags = METH_VARARGS,
1326 : },
1327 : {
1328 : .ml_name = "guess",
1329 : .ml_meth = py_creds_guess,
1330 : .ml_flags = METH_VARARGS,
1331 : },
1332 : {
1333 : .ml_name = "set_machine_account",
1334 : .ml_meth = py_creds_set_machine_account,
1335 : .ml_flags = METH_VARARGS,
1336 : },
1337 : {
1338 : .ml_name = "get_named_ccache",
1339 : .ml_meth = py_creds_get_named_ccache,
1340 : .ml_flags = METH_VARARGS,
1341 : },
1342 : {
1343 : .ml_name = "set_named_ccache",
1344 : .ml_meth = py_creds_set_named_ccache,
1345 : .ml_flags = METH_VARARGS,
1346 : .ml_doc = "S.set_named_ccache(krb5_ccache_name, obtained, lp) -> None\n"
1347 : "Set credentials to KRB5 Credentials Cache (by name).",
1348 : },
1349 : {
1350 : .ml_name = "set_gensec_features",
1351 : .ml_meth = py_creds_set_gensec_features,
1352 : .ml_flags = METH_VARARGS,
1353 : },
1354 : {
1355 : .ml_name = "get_gensec_features",
1356 : .ml_meth = py_creds_get_gensec_features,
1357 : .ml_flags = METH_NOARGS,
1358 : },
1359 : {
1360 : .ml_name = "get_forced_sasl_mech",
1361 : .ml_meth = py_creds_get_forced_sasl_mech,
1362 : .ml_flags = METH_NOARGS,
1363 : .ml_doc = "S.get_forced_sasl_mech() -> SASL mechanism\nObtain forced SASL mechanism.",
1364 : },
1365 : {
1366 : .ml_name = "set_forced_sasl_mech",
1367 : .ml_meth = py_creds_set_forced_sasl_mech,
1368 : .ml_flags = METH_VARARGS,
1369 : .ml_doc = "S.set_forced_sasl_mech(name) -> None\n"
1370 : "Set forced SASL mechanism.",
1371 : },
1372 : {
1373 : .ml_name = "new_client_authenticator",
1374 : .ml_meth = py_creds_new_client_authenticator,
1375 : .ml_flags = METH_NOARGS,
1376 : .ml_doc = "S.new_client_authenticator() -> Authenticator\n"
1377 : "Get a new client NETLOGON_AUTHENTICATOR"},
1378 : {
1379 : .ml_name = "set_secure_channel_type",
1380 : .ml_meth = py_creds_set_secure_channel_type,
1381 : .ml_flags = METH_VARARGS,
1382 : },
1383 : {
1384 : .ml_name = "get_secure_channel_type",
1385 : .ml_meth = py_creds_get_secure_channel_type,
1386 : .ml_flags = METH_VARARGS,
1387 : },
1388 : {
1389 : .ml_name = "encrypt_netr_crypt_password",
1390 : .ml_meth = py_creds_encrypt_netr_crypt_password,
1391 : .ml_flags = METH_VARARGS,
1392 : .ml_doc = "S.encrypt_netr_crypt_password(password) -> NTSTATUS\n"
1393 : "Encrypt the supplied password using the session key and\n"
1394 : "the negotiated encryption algorithm in place\n"
1395 : "i.e. it overwrites the original data"},
1396 : {
1397 : .ml_name = "get_smb_signing",
1398 : .ml_meth = py_creds_get_smb_signing,
1399 : .ml_flags = METH_NOARGS,
1400 : },
1401 : {
1402 : .ml_name = "set_smb_signing",
1403 : .ml_meth = py_creds_set_smb_signing,
1404 : .ml_flags = METH_VARARGS,
1405 : },
1406 : {
1407 : .ml_name = "get_smb_ipc_signing",
1408 : .ml_meth = py_creds_get_smb_ipc_signing,
1409 : .ml_flags = METH_NOARGS,
1410 : },
1411 : {
1412 : .ml_name = "set_smb_ipc_signing",
1413 : .ml_meth = py_creds_set_smb_ipc_signing,
1414 : .ml_flags = METH_VARARGS,
1415 : },
1416 : {
1417 : .ml_name = "get_smb_encryption",
1418 : .ml_meth = py_creds_get_smb_encryption,
1419 : .ml_flags = METH_NOARGS,
1420 : },
1421 : {
1422 : .ml_name = "set_smb_encryption",
1423 : .ml_meth = py_creds_set_smb_encryption,
1424 : .ml_flags = METH_VARARGS,
1425 : },
1426 : { .ml_name = NULL }
1427 : };
1428 :
1429 : static struct PyModuleDef moduledef = {
1430 : PyModuleDef_HEAD_INIT,
1431 : .m_name = "credentials",
1432 : .m_doc = "Credentials management.",
1433 : .m_size = -1,
1434 : .m_methods = py_creds_methods,
1435 : };
1436 :
1437 : PyTypeObject PyCredentials = {
1438 : .tp_name = "credentials.Credentials",
1439 : .tp_new = py_creds_new,
1440 : .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE,
1441 : .tp_methods = py_creds_methods,
1442 : };
1443 :
1444 1848 : static PyObject *py_ccache_name(PyObject *self, PyObject *unused)
1445 : {
1446 1848 : struct ccache_container *ccc = NULL;
1447 1848 : char *name = NULL;
1448 1848 : PyObject *py_name = NULL;
1449 : int ret;
1450 :
1451 1848 : ccc = pytalloc_get_type(self, struct ccache_container);
1452 :
1453 1848 : ret = krb5_cc_get_full_name(ccc->smb_krb5_context->krb5_context,
1454 : ccc->ccache, &name);
1455 1848 : if (ret == 0) {
1456 1848 : py_name = PyString_FromStringOrNULL(name);
1457 1848 : SAFE_FREE(name);
1458 : } else {
1459 0 : PyErr_SetString(PyExc_RuntimeError,
1460 : "Failed to get ccache name");
1461 0 : return NULL;
1462 : }
1463 1848 : return py_name;
1464 : }
1465 :
1466 : static PyMethodDef py_ccache_container_methods[] = {
1467 : { "get_name", py_ccache_name, METH_NOARGS,
1468 : "S.get_name() -> name\nObtain KRB5 credentials cache name." },
1469 : {0}
1470 : };
1471 :
1472 : PyTypeObject PyCredentialCacheContainer = {
1473 : .tp_name = "credentials.CredentialCacheContainer",
1474 : .tp_flags = Py_TPFLAGS_DEFAULT,
1475 : .tp_methods = py_ccache_container_methods,
1476 : };
1477 :
1478 6985 : MODULE_INIT_FUNC(credentials)
1479 : {
1480 : PyObject *m;
1481 6985 : if (pytalloc_BaseObject_PyType_Ready(&PyCredentials) < 0)
1482 0 : return NULL;
1483 :
1484 6985 : if (pytalloc_BaseObject_PyType_Ready(&PyCredentialCacheContainer) < 0)
1485 0 : return NULL;
1486 :
1487 6985 : m = PyModule_Create(&moduledef);
1488 6985 : if (m == NULL)
1489 0 : return NULL;
1490 :
1491 6985 : PyModule_AddObject(m, "UNINITIALISED", PyLong_FromLong(CRED_UNINITIALISED));
1492 6985 : PyModule_AddObject(m, "SMB_CONF", PyLong_FromLong(CRED_SMB_CONF));
1493 6985 : PyModule_AddObject(m, "CALLBACK", PyLong_FromLong(CRED_CALLBACK));
1494 6985 : PyModule_AddObject(m, "GUESS_ENV", PyLong_FromLong(CRED_GUESS_ENV));
1495 6985 : PyModule_AddObject(m, "GUESS_FILE", PyLong_FromLong(CRED_GUESS_FILE));
1496 6985 : PyModule_AddObject(m, "CALLBACK_RESULT", PyLong_FromLong(CRED_CALLBACK_RESULT));
1497 6985 : PyModule_AddObject(m, "SPECIFIED", PyLong_FromLong(CRED_SPECIFIED));
1498 :
1499 6985 : PyModule_AddObject(m, "AUTO_USE_KERBEROS", PyLong_FromLong(CRED_USE_KERBEROS_DESIRED));
1500 6985 : PyModule_AddObject(m, "DONT_USE_KERBEROS", PyLong_FromLong(CRED_USE_KERBEROS_DISABLED));
1501 6985 : PyModule_AddObject(m, "MUST_USE_KERBEROS", PyLong_FromLong(CRED_USE_KERBEROS_REQUIRED));
1502 :
1503 6985 : PyModule_AddObject(m, "AUTO_KRB_FORWARDABLE", PyLong_FromLong(CRED_AUTO_KRB_FORWARDABLE));
1504 6985 : PyModule_AddObject(m, "NO_KRB_FORWARDABLE", PyLong_FromLong(CRED_NO_KRB_FORWARDABLE));
1505 6985 : PyModule_AddObject(m, "FORCE_KRB_FORWARDABLE", PyLong_FromLong(CRED_FORCE_KRB_FORWARDABLE));
1506 6985 : PyModule_AddObject(m, "CLI_CRED_NTLM2", PyLong_FromLong(CLI_CRED_NTLM2));
1507 6985 : PyModule_AddObject(m, "CLI_CRED_NTLMv2_AUTH", PyLong_FromLong(CLI_CRED_NTLMv2_AUTH));
1508 6985 : PyModule_AddObject(m, "CLI_CRED_LANMAN_AUTH", PyLong_FromLong(CLI_CRED_LANMAN_AUTH));
1509 6985 : PyModule_AddObject(m, "CLI_CRED_NTLM_AUTH", PyLong_FromLong(CLI_CRED_NTLM_AUTH));
1510 6985 : PyModule_AddObject(m, "CLI_CRED_CLEAR_AUTH", PyLong_FromLong(CLI_CRED_CLEAR_AUTH));
1511 :
1512 6985 : PyModule_AddObject(m, "SMB_SIGNING_DEFAULT", PyLong_FromLong(SMB_SIGNING_DEFAULT));
1513 6985 : PyModule_AddObject(m, "SMB_SIGNING_OFF", PyLong_FromLong(SMB_SIGNING_OFF));
1514 6985 : PyModule_AddObject(m, "SMB_SIGNING_IF_REQUIRED", PyLong_FromLong(SMB_SIGNING_IF_REQUIRED));
1515 6985 : PyModule_AddObject(m, "SMB_SIGNING_DESIRED", PyLong_FromLong(SMB_SIGNING_DESIRED));
1516 6985 : PyModule_AddObject(m, "SMB_SIGNING_REQUIRED", PyLong_FromLong(SMB_SIGNING_REQUIRED));
1517 :
1518 6985 : PyModule_AddObject(m, "SMB_ENCRYPTION_DEFAULT", PyLong_FromLong(SMB_ENCRYPTION_DEFAULT));
1519 6985 : PyModule_AddObject(m, "SMB_ENCRYPTION_OFF", PyLong_FromLong(SMB_ENCRYPTION_OFF));
1520 6985 : PyModule_AddObject(m, "SMB_ENCRYPTION_IF_REQUIRED", PyLong_FromLong(SMB_ENCRYPTION_IF_REQUIRED));
1521 6985 : PyModule_AddObject(m, "SMB_ENCRYPTION_DESIRED", PyLong_FromLong(SMB_ENCRYPTION_DESIRED));
1522 6985 : PyModule_AddObject(m, "SMB_ENCRYPTION_REQUIRED", PyLong_FromLong(SMB_ENCRYPTION_REQUIRED));
1523 :
1524 6985 : Py_INCREF(&PyCredentials);
1525 6985 : PyModule_AddObject(m, "Credentials", (PyObject *)&PyCredentials);
1526 6985 : Py_INCREF(&PyCredentialCacheContainer);
1527 6985 : PyModule_AddObject(m, "CredentialCacheContainer", (PyObject *)&PyCredentialCacheContainer);
1528 6985 : return m;
1529 : }
|