Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
4 :
5 : This program is free software; you can redistribute it and/or modify
6 : it under the terms of the GNU General Public License as published by
7 : the Free Software Foundation; either version 3 of the License, or
8 : (at your option) any later version.
9 :
10 : This program is distributed in the hope that it will be useful,
11 : but WITHOUT ANY WARRANTY; without even the implied warranty of
12 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 : GNU General Public License for more details.
14 :
15 : You should have received a copy of the GNU General Public License
16 : along with this program. If not, see <http://www.gnu.org/licenses/>.
17 : */
18 :
19 : #include <Python.h>
20 : #include "python/py3compat.h"
21 : #include "includes.h"
22 : #include "python/modules.h"
23 : #include "pycredentials.h"
24 : #include "param/param.h"
25 : #include "auth/credentials/credentials_internal.h"
26 : #include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
27 : #include "librpc/gen_ndr/netlogon.h"
28 : #include "libcli/util/pyerrors.h"
29 : #include "libcli/auth/libcli_auth.h"
30 : #include "param/pyparam.h"
31 : #include <tevent.h>
32 : #include "libcli/auth/libcli_auth.h"
33 : #include "system/kerberos.h"
34 : #include "auth/kerberos/kerberos.h"
35 : #include "libcli/smb/smb_constants.h"
36 :
37 : void initcredentials(void);
38 :
39 21104 : static PyObject *py_creds_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
40 : {
41 21104 : return pytalloc_steal(type, cli_credentials_init(NULL));
42 : }
43 :
44 11278 : static PyObject *py_creds_get_username(PyObject *self, PyObject *unused)
45 : {
46 11278 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
47 11278 : if (creds == NULL) {
48 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
49 0 : return NULL;
50 : }
51 11278 : return PyString_FromStringOrNULL(cli_credentials_get_username(creds));
52 : }
53 :
54 10742 : static PyObject *py_creds_set_username(PyObject *self, PyObject *args)
55 : {
56 : char *newval;
57 10742 : enum credentials_obtained obt = CRED_SPECIFIED;
58 10742 : int _obt = obt;
59 10742 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
60 10742 : if (creds == NULL) {
61 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
62 0 : return NULL;
63 : }
64 :
65 10742 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
66 0 : return NULL;
67 : }
68 10742 : obt = _obt;
69 :
70 10742 : return PyBool_FromLong(cli_credentials_set_username(creds, newval, obt));
71 : }
72 :
73 18 : static PyObject *py_creds_get_ntlm_username_domain(PyObject *self, PyObject *unused)
74 : {
75 18 : TALLOC_CTX *frame = talloc_stackframe();
76 18 : const char *user = NULL;
77 18 : const char *domain = NULL;
78 18 : PyObject *ret = NULL;
79 18 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
80 18 : if (creds == NULL) {
81 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
82 0 : return NULL;
83 : }
84 18 : cli_credentials_get_ntlm_username_domain(creds,
85 : frame, &user, &domain);
86 18 : ret = Py_BuildValue("(ss)",
87 : user,
88 : domain);
89 :
90 18 : TALLOC_FREE(frame);
91 18 : return ret;
92 : }
93 :
94 18 : static PyObject *py_creds_get_ntlm_response(PyObject *self, PyObject *args, PyObject *kwargs)
95 : {
96 18 : TALLOC_CTX *frame = talloc_stackframe();
97 18 : PyObject *ret = NULL;
98 : int flags;
99 : struct timeval tv_now;
100 : NTTIME server_timestamp;
101 18 : DATA_BLOB challenge = data_blob_null;
102 18 : DATA_BLOB target_info = data_blob_null;
103 : NTSTATUS status;
104 18 : DATA_BLOB lm_response = data_blob_null;
105 18 : DATA_BLOB nt_response = data_blob_null;
106 18 : DATA_BLOB lm_session_key = data_blob_null;
107 18 : DATA_BLOB nt_session_key = data_blob_null;
108 18 : const char *kwnames[] = { "flags", "challenge",
109 : "target_info",
110 : NULL };
111 18 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
112 18 : if (creds == NULL) {
113 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
114 0 : return NULL;
115 : }
116 :
117 18 : tv_now = timeval_current();
118 18 : server_timestamp = timeval_to_nttime(&tv_now);
119 :
120 18 : if (!PyArg_ParseTupleAndKeywords(args, kwargs, "is#|s#",
121 : discard_const_p(char *, kwnames),
122 : &flags,
123 : &challenge.data,
124 : &challenge.length,
125 : &target_info.data,
126 : &target_info.length)) {
127 0 : return NULL;
128 : }
129 :
130 18 : status = cli_credentials_get_ntlm_response(creds,
131 : frame, &flags,
132 : challenge,
133 : &server_timestamp,
134 : target_info,
135 : &lm_response, &nt_response,
136 : &lm_session_key, &nt_session_key);
137 :
138 18 : if (!NT_STATUS_IS_OK(status)) {
139 0 : PyErr_SetNTSTATUS(status);
140 0 : TALLOC_FREE(frame);
141 0 : return NULL;
142 : }
143 :
144 90 : ret = Py_BuildValue("{sis" PYARG_BYTES_LEN "s" PYARG_BYTES_LEN
145 : "s" PYARG_BYTES_LEN "s" PYARG_BYTES_LEN "}",
146 : "flags", flags,
147 : "lm_response",
148 18 : (const char *)lm_response.data, lm_response.length,
149 : "nt_response",
150 18 : (const char *)nt_response.data, nt_response.length,
151 : "lm_session_key",
152 18 : (const char *)lm_session_key.data, lm_session_key.length,
153 : "nt_session_key",
154 18 : (const char *)nt_session_key.data, nt_session_key.length);
155 18 : TALLOC_FREE(frame);
156 18 : return ret;
157 : }
158 :
159 0 : static PyObject *py_creds_get_principal(PyObject *self, PyObject *unused)
160 : {
161 0 : TALLOC_CTX *frame = talloc_stackframe();
162 0 : PyObject *ret = NULL;
163 0 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
164 0 : if (creds == NULL) {
165 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
166 0 : return NULL;
167 : }
168 0 : ret = PyString_FromStringOrNULL(cli_credentials_get_principal(creds, frame));
169 0 : TALLOC_FREE(frame);
170 0 : return ret;
171 : }
172 :
173 0 : static PyObject *py_creds_set_principal(PyObject *self, PyObject *args)
174 : {
175 : char *newval;
176 0 : enum credentials_obtained obt = CRED_SPECIFIED;
177 0 : int _obt = obt;
178 0 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
179 0 : if (creds == NULL) {
180 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
181 0 : return NULL;
182 : }
183 :
184 0 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
185 0 : return NULL;
186 : }
187 0 : obt = _obt;
188 :
189 0 : return PyBool_FromLong(cli_credentials_set_principal(creds, newval, obt));
190 : }
191 :
192 2054 : static PyObject *py_creds_get_password(PyObject *self, PyObject *unused)
193 : {
194 2054 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
195 2054 : if (creds == NULL) {
196 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
197 0 : return NULL;
198 : }
199 2054 : return PyString_FromStringOrNULL(cli_credentials_get_password(creds));
200 : }
201 :
202 11280 : static PyObject *py_creds_set_password(PyObject *self, PyObject *args)
203 : {
204 11280 : const char *newval = NULL;
205 11280 : enum credentials_obtained obt = CRED_SPECIFIED;
206 11280 : int _obt = obt;
207 11280 : PyObject *result = NULL;
208 11280 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
209 11280 : if (creds == NULL) {
210 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
211 0 : return NULL;
212 : }
213 :
214 11280 : if (!PyArg_ParseTuple(args, PYARG_STR_UNI"|i", "utf8", &newval, &_obt)) {
215 0 : return NULL;
216 : }
217 11280 : obt = _obt;
218 :
219 11280 : result = PyBool_FromLong(cli_credentials_set_password(creds, newval, obt));
220 11280 : PyMem_Free(discard_const_p(void*, newval));
221 11280 : return result;
222 : }
223 :
224 0 : static PyObject *py_creds_set_utf16_password(PyObject *self, PyObject *args)
225 : {
226 0 : enum credentials_obtained obt = CRED_SPECIFIED;
227 0 : int _obt = obt;
228 0 : PyObject *newval = NULL;
229 0 : DATA_BLOB blob = data_blob_null;
230 0 : Py_ssize_t size = 0;
231 : int result;
232 : bool ok;
233 0 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
234 0 : if (creds == NULL) {
235 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
236 0 : return NULL;
237 : }
238 :
239 0 : if (!PyArg_ParseTuple(args, "O|i", &newval, &_obt)) {
240 0 : return NULL;
241 : }
242 0 : obt = _obt;
243 :
244 0 : result = PyBytes_AsStringAndSize(newval, (char **)&blob.data, &size);
245 0 : if (result != 0) {
246 0 : PyErr_SetString(PyExc_RuntimeError, "Failed to convert passed value to Bytes");
247 0 : return NULL;
248 : }
249 0 : blob.length = size;
250 :
251 0 : ok = cli_credentials_set_utf16_password(creds,
252 : &blob, obt);
253 :
254 0 : return PyBool_FromLong(ok);
255 : }
256 :
257 0 : static PyObject *py_creds_get_old_password(PyObject *self, PyObject *unused)
258 : {
259 0 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
260 0 : if (creds == NULL) {
261 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
262 0 : return NULL;
263 : }
264 0 : return PyString_FromStringOrNULL(cli_credentials_get_old_password(creds));
265 : }
266 :
267 0 : static PyObject *py_creds_set_old_password(PyObject *self, PyObject *args)
268 : {
269 : char *oldval;
270 0 : enum credentials_obtained obt = CRED_SPECIFIED;
271 0 : int _obt = obt;
272 0 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
273 0 : if (creds == NULL) {
274 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
275 0 : return NULL;
276 : }
277 :
278 0 : if (!PyArg_ParseTuple(args, "s|i", &oldval, &_obt)) {
279 0 : return NULL;
280 : }
281 0 : obt = _obt;
282 :
283 0 : return PyBool_FromLong(cli_credentials_set_old_password(creds, oldval, obt));
284 : }
285 :
286 0 : static PyObject *py_creds_set_old_utf16_password(PyObject *self, PyObject *args)
287 : {
288 0 : PyObject *oldval = NULL;
289 0 : DATA_BLOB blob = data_blob_null;
290 0 : Py_ssize_t size = 0;
291 : int result;
292 : bool ok;
293 0 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
294 0 : if (creds == NULL) {
295 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
296 0 : return NULL;
297 : }
298 :
299 0 : if (!PyArg_ParseTuple(args, "O", &oldval)) {
300 0 : return NULL;
301 : }
302 :
303 0 : result = PyBytes_AsStringAndSize(oldval, (char **)&blob.data, &size);
304 0 : if (result != 0) {
305 0 : PyErr_SetString(PyExc_RuntimeError, "Failed to convert passed value to Bytes");
306 0 : return NULL;
307 : }
308 0 : blob.length = size;
309 :
310 0 : ok = cli_credentials_set_old_utf16_password(creds,
311 : &blob);
312 :
313 0 : return PyBool_FromLong(ok);
314 : }
315 :
316 9414 : static PyObject *py_creds_get_domain(PyObject *self, PyObject *unused)
317 : {
318 9414 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
319 9414 : if (creds == NULL) {
320 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
321 0 : return NULL;
322 : }
323 9414 : return PyString_FromStringOrNULL(cli_credentials_get_domain(creds));
324 : }
325 :
326 10263 : static PyObject *py_creds_set_domain(PyObject *self, PyObject *args)
327 : {
328 : char *newval;
329 10263 : enum credentials_obtained obt = CRED_SPECIFIED;
330 10263 : int _obt = obt;
331 10263 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
332 10263 : if (creds == NULL) {
333 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
334 0 : return NULL;
335 : }
336 :
337 10263 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
338 0 : return NULL;
339 : }
340 10263 : obt = _obt;
341 :
342 10263 : return PyBool_FromLong(cli_credentials_set_domain(creds, newval, obt));
343 : }
344 :
345 16619 : static PyObject *py_creds_get_realm(PyObject *self, PyObject *unused)
346 : {
347 16619 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
348 16619 : if (creds == NULL) {
349 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
350 0 : return NULL;
351 : }
352 16619 : return PyString_FromStringOrNULL(cli_credentials_get_realm(creds));
353 : }
354 :
355 9954 : static PyObject *py_creds_set_realm(PyObject *self, PyObject *args)
356 : {
357 : char *newval;
358 9954 : enum credentials_obtained obt = CRED_SPECIFIED;
359 9954 : int _obt = obt;
360 9954 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
361 9954 : if (creds == NULL) {
362 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
363 0 : return NULL;
364 : }
365 :
366 9954 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
367 0 : return NULL;
368 : }
369 9954 : obt = _obt;
370 :
371 9954 : return PyBool_FromLong(cli_credentials_set_realm(creds, newval, obt));
372 : }
373 :
374 755 : static PyObject *py_creds_get_bind_dn(PyObject *self, PyObject *unused)
375 : {
376 755 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
377 755 : if (creds == NULL) {
378 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
379 0 : return NULL;
380 : }
381 755 : return PyString_FromStringOrNULL(cli_credentials_get_bind_dn(creds));
382 : }
383 :
384 491 : static PyObject *py_creds_set_bind_dn(PyObject *self, PyObject *args)
385 : {
386 : char *newval;
387 491 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
388 491 : if (creds == NULL) {
389 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
390 0 : return NULL;
391 : }
392 491 : if (!PyArg_ParseTuple(args, "s", &newval))
393 0 : return NULL;
394 :
395 491 : return PyBool_FromLong(cli_credentials_set_bind_dn(creds, newval));
396 : }
397 :
398 9356 : static PyObject *py_creds_get_workstation(PyObject *self, PyObject *unused)
399 : {
400 9356 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
401 9356 : if (creds == NULL) {
402 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
403 0 : return NULL;
404 : }
405 9356 : return PyString_FromStringOrNULL(cli_credentials_get_workstation(creds));
406 : }
407 :
408 10932 : static PyObject *py_creds_set_workstation(PyObject *self, PyObject *args)
409 : {
410 : char *newval;
411 10932 : enum credentials_obtained obt = CRED_SPECIFIED;
412 10932 : int _obt = obt;
413 10932 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
414 10932 : if (creds == NULL) {
415 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
416 0 : return NULL;
417 : }
418 :
419 10932 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
420 0 : return NULL;
421 : }
422 10932 : obt = _obt;
423 :
424 10932 : return PyBool_FromLong(cli_credentials_set_workstation(creds, newval, obt));
425 : }
426 :
427 32 : static PyObject *py_creds_is_anonymous(PyObject *self, PyObject *unused)
428 : {
429 32 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
430 32 : if (creds == NULL) {
431 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
432 0 : return NULL;
433 : }
434 32 : return PyBool_FromLong(cli_credentials_is_anonymous(creds));
435 : }
436 :
437 807 : static PyObject *py_creds_set_anonymous(PyObject *self, PyObject *unused)
438 : {
439 807 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
440 807 : if (creds == NULL) {
441 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
442 0 : return NULL;
443 : }
444 807 : cli_credentials_set_anonymous(creds);
445 807 : Py_RETURN_NONE;
446 : }
447 :
448 5662 : static PyObject *py_creds_authentication_requested(PyObject *self, PyObject *unused)
449 : {
450 5662 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
451 5662 : if (creds == NULL) {
452 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
453 0 : return NULL;
454 : }
455 5662 : return PyBool_FromLong(cli_credentials_authentication_requested(creds));
456 : }
457 :
458 0 : static PyObject *py_creds_wrong_password(PyObject *self, PyObject *unused)
459 : {
460 0 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
461 0 : if (creds == NULL) {
462 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
463 0 : return NULL;
464 : }
465 0 : return PyBool_FromLong(cli_credentials_wrong_password(creds));
466 : }
467 :
468 8154 : static PyObject *py_creds_set_cmdline_callbacks(PyObject *self, PyObject *unused)
469 : {
470 8154 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
471 8154 : if (creds == NULL) {
472 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
473 0 : return NULL;
474 : }
475 8154 : return PyBool_FromLong(cli_credentials_set_cmdline_callbacks(creds));
476 : }
477 :
478 3840 : static PyObject *py_creds_parse_string(PyObject *self, PyObject *args)
479 : {
480 : char *newval;
481 3840 : enum credentials_obtained obt = CRED_SPECIFIED;
482 3840 : int _obt = obt;
483 3840 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
484 3840 : if (creds == NULL) {
485 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
486 0 : return NULL;
487 : }
488 :
489 3840 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
490 0 : return NULL;
491 : }
492 3840 : obt = _obt;
493 :
494 3840 : cli_credentials_parse_string(creds, newval, obt);
495 3840 : Py_RETURN_NONE;
496 : }
497 :
498 0 : static PyObject *py_creds_parse_file(PyObject *self, PyObject *args)
499 : {
500 : char *newval;
501 0 : enum credentials_obtained obt = CRED_SPECIFIED;
502 0 : int _obt = obt;
503 0 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
504 0 : if (creds == NULL) {
505 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
506 0 : return NULL;
507 : }
508 :
509 0 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
510 0 : return NULL;
511 : }
512 0 : obt = _obt;
513 :
514 0 : cli_credentials_parse_file(creds, newval, obt);
515 0 : Py_RETURN_NONE;
516 : }
517 :
518 0 : static PyObject *py_cli_credentials_set_password_will_be_nt_hash(PyObject *self, PyObject *args)
519 : {
520 0 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
521 0 : PyObject *py_val = NULL;
522 0 : bool val = false;
523 :
524 0 : if (!PyArg_ParseTuple(args, "O!", &PyBool_Type, &py_val)) {
525 0 : return NULL;
526 : }
527 0 : val = PyObject_IsTrue(py_val);
528 :
529 0 : cli_credentials_set_password_will_be_nt_hash(creds, val);
530 0 : Py_RETURN_NONE;
531 : }
532 :
533 197 : static PyObject *py_creds_get_nt_hash(PyObject *self, PyObject *unused)
534 : {
535 : PyObject *ret;
536 197 : struct samr_Password *ntpw = NULL;
537 197 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
538 197 : if (creds == NULL) {
539 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
540 0 : return NULL;
541 : }
542 197 : ntpw = cli_credentials_get_nt_hash(creds, creds);
543 :
544 197 : ret = PyBytes_FromStringAndSize(discard_const_p(char, ntpw->hash), 16);
545 197 : TALLOC_FREE(ntpw);
546 197 : return ret;
547 : }
548 :
549 687 : static PyObject *py_creds_get_kerberos_state(PyObject *self, PyObject *unused)
550 : {
551 : int state;
552 687 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
553 687 : if (creds == NULL) {
554 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
555 0 : return NULL;
556 : }
557 687 : state = cli_credentials_get_kerberos_state(creds);
558 687 : return PyLong_FromLong(state);
559 : }
560 :
561 9123 : static PyObject *py_creds_set_kerberos_state(PyObject *self, PyObject *args)
562 : {
563 : int state;
564 9123 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
565 9123 : if (creds == NULL) {
566 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
567 0 : return NULL;
568 : }
569 9123 : if (!PyArg_ParseTuple(args, "i", &state))
570 0 : return NULL;
571 :
572 9123 : cli_credentials_set_kerberos_state(creds, state, CRED_SPECIFIED);
573 9123 : Py_RETURN_NONE;
574 : }
575 :
576 37 : static PyObject *py_creds_set_krb_forwardable(PyObject *self, PyObject *args)
577 : {
578 : int state;
579 37 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
580 37 : if (creds == NULL) {
581 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
582 0 : return NULL;
583 : }
584 37 : if (!PyArg_ParseTuple(args, "i", &state))
585 0 : return NULL;
586 :
587 37 : cli_credentials_set_krb_forwardable(creds, state);
588 37 : Py_RETURN_NONE;
589 : }
590 :
591 :
592 0 : static PyObject *py_creds_get_forced_sasl_mech(PyObject *self, PyObject *unused)
593 : {
594 0 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
595 0 : if (creds == NULL) {
596 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
597 0 : return NULL;
598 : }
599 0 : return PyString_FromStringOrNULL(cli_credentials_get_forced_sasl_mech(creds));
600 : }
601 :
602 0 : static PyObject *py_creds_set_forced_sasl_mech(PyObject *self, PyObject *args)
603 : {
604 : char *newval;
605 0 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
606 0 : if (creds == NULL) {
607 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
608 0 : return NULL;
609 : }
610 :
611 0 : if (!PyArg_ParseTuple(args, "s", &newval)) {
612 0 : return NULL;
613 : }
614 :
615 0 : cli_credentials_set_forced_sasl_mech(creds, newval);
616 0 : Py_RETURN_NONE;
617 : }
618 :
619 0 : static PyObject *py_creds_set_conf(PyObject *self, PyObject *args)
620 : {
621 0 : PyObject *py_lp_ctx = Py_None;
622 : struct loadparm_context *lp_ctx;
623 : TALLOC_CTX *mem_ctx;
624 : struct cli_credentials *creds;
625 : bool ok;
626 :
627 0 : creds = PyCredentials_AsCliCredentials(self);
628 0 : if (creds == NULL) {
629 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
630 0 : return NULL;
631 : }
632 :
633 0 : if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx)) {
634 0 : return NULL;
635 : }
636 :
637 0 : mem_ctx = talloc_new(NULL);
638 0 : if (mem_ctx == NULL) {
639 0 : PyErr_NoMemory();
640 0 : return NULL;
641 : }
642 :
643 0 : lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
644 0 : if (lp_ctx == NULL) {
645 0 : talloc_free(mem_ctx);
646 0 : return NULL;
647 : }
648 :
649 0 : ok = cli_credentials_set_conf(creds, lp_ctx);
650 0 : talloc_free(mem_ctx);
651 0 : if (!ok) {
652 0 : return NULL;
653 : }
654 :
655 0 : Py_RETURN_NONE;
656 : }
657 :
658 10293 : static PyObject *py_creds_guess(PyObject *self, PyObject *args)
659 : {
660 10293 : PyObject *py_lp_ctx = Py_None;
661 : struct loadparm_context *lp_ctx;
662 : TALLOC_CTX *mem_ctx;
663 : struct cli_credentials *creds;
664 : bool ok;
665 :
666 10293 : creds = PyCredentials_AsCliCredentials(self);
667 10293 : if (creds == NULL) {
668 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
669 0 : return NULL;
670 : }
671 :
672 10293 : if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
673 0 : return NULL;
674 :
675 10293 : mem_ctx = talloc_new(NULL);
676 10293 : if (mem_ctx == NULL) {
677 0 : PyErr_NoMemory();
678 0 : return NULL;
679 : }
680 :
681 10293 : lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
682 10293 : if (lp_ctx == NULL) {
683 0 : talloc_free(mem_ctx);
684 0 : return NULL;
685 : }
686 :
687 10293 : ok = cli_credentials_guess(creds, lp_ctx);
688 10293 : talloc_free(mem_ctx);
689 10293 : if (!ok) {
690 0 : return NULL;
691 : }
692 :
693 10293 : Py_RETURN_NONE;
694 : }
695 :
696 2243 : static PyObject *py_creds_set_machine_account(PyObject *self, PyObject *args)
697 : {
698 2243 : PyObject *py_lp_ctx = Py_None;
699 : struct loadparm_context *lp_ctx;
700 : NTSTATUS status;
701 : struct cli_credentials *creds;
702 : TALLOC_CTX *mem_ctx;
703 :
704 2243 : creds = PyCredentials_AsCliCredentials(self);
705 2243 : if (creds == NULL) {
706 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
707 0 : return NULL;
708 : }
709 :
710 2243 : if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
711 0 : return NULL;
712 :
713 2243 : mem_ctx = talloc_new(NULL);
714 2243 : if (mem_ctx == NULL) {
715 0 : PyErr_NoMemory();
716 0 : return NULL;
717 : }
718 :
719 2243 : lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
720 2243 : if (lp_ctx == NULL) {
721 0 : talloc_free(mem_ctx);
722 0 : return NULL;
723 : }
724 :
725 2243 : status = cli_credentials_set_machine_account(creds, lp_ctx);
726 2243 : talloc_free(mem_ctx);
727 :
728 2243 : PyErr_NTSTATUS_IS_ERR_RAISE(status);
729 :
730 1707 : Py_RETURN_NONE;
731 : }
732 :
733 1874 : static PyObject *PyCredentialCacheContainer_from_ccache_container(struct ccache_container *ccc)
734 : {
735 1874 : return pytalloc_reference(&PyCredentialCacheContainer, ccc);
736 : }
737 :
738 :
739 1874 : static PyObject *py_creds_get_named_ccache(PyObject *self, PyObject *args)
740 : {
741 1874 : PyObject *py_lp_ctx = Py_None;
742 1874 : char *ccache_name = NULL;
743 : struct loadparm_context *lp_ctx;
744 : struct ccache_container *ccc;
745 : struct tevent_context *event_ctx;
746 : int ret;
747 : const char *error_string;
748 : struct cli_credentials *creds;
749 : TALLOC_CTX *mem_ctx;
750 :
751 1874 : creds = PyCredentials_AsCliCredentials(self);
752 1874 : if (creds == NULL) {
753 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
754 0 : return NULL;
755 : }
756 :
757 1874 : if (!PyArg_ParseTuple(args, "|Os", &py_lp_ctx, &ccache_name))
758 0 : return NULL;
759 :
760 1874 : mem_ctx = talloc_new(NULL);
761 1874 : if (mem_ctx == NULL) {
762 0 : PyErr_NoMemory();
763 0 : return NULL;
764 : }
765 :
766 1874 : lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
767 1874 : if (lp_ctx == NULL) {
768 0 : talloc_free(mem_ctx);
769 0 : return NULL;
770 : }
771 :
772 1874 : event_ctx = samba_tevent_context_init(mem_ctx);
773 :
774 1874 : ret = cli_credentials_get_named_ccache(creds, event_ctx, lp_ctx,
775 : ccache_name, &ccc, &error_string);
776 1874 : talloc_unlink(mem_ctx, lp_ctx);
777 1874 : if (ret == 0) {
778 1874 : talloc_steal(ccc, event_ctx);
779 1874 : talloc_free(mem_ctx);
780 1874 : return PyCredentialCacheContainer_from_ccache_container(ccc);
781 : }
782 :
783 0 : PyErr_SetString(PyExc_RuntimeError, error_string?error_string:"NULL");
784 :
785 0 : talloc_free(mem_ctx);
786 0 : return NULL;
787 : }
788 :
789 1875 : static PyObject *py_creds_set_named_ccache(PyObject *self, PyObject *args)
790 : {
791 1875 : struct loadparm_context *lp_ctx = NULL;
792 1875 : enum credentials_obtained obt = CRED_SPECIFIED;
793 1875 : const char *error_string = NULL;
794 1875 : TALLOC_CTX *mem_ctx = NULL;
795 1875 : char *newval = NULL;
796 1875 : PyObject *py_lp_ctx = Py_None;
797 1875 : int _obt = obt;
798 : int ret;
799 1875 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
800 1875 : if (creds == NULL) {
801 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
802 0 : return NULL;
803 : }
804 :
805 1875 : if (!PyArg_ParseTuple(args, "s|iO", &newval, &_obt, &py_lp_ctx))
806 0 : return NULL;
807 1875 : obt = _obt;
808 :
809 1875 : mem_ctx = talloc_new(NULL);
810 1875 : if (mem_ctx == NULL) {
811 0 : PyErr_NoMemory();
812 0 : return NULL;
813 : }
814 :
815 1875 : lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
816 1875 : if (lp_ctx == NULL) {
817 0 : talloc_free(mem_ctx);
818 0 : return NULL;
819 : }
820 :
821 1875 : ret = cli_credentials_set_ccache(creds,
822 : lp_ctx,
823 : newval, obt,
824 : &error_string);
825 :
826 1875 : if (ret != 0) {
827 0 : PyErr_SetString(PyExc_RuntimeError,
828 0 : error_string != NULL ? error_string : "NULL");
829 0 : talloc_free(mem_ctx);
830 0 : return NULL;
831 : }
832 :
833 1875 : talloc_free(mem_ctx);
834 1875 : Py_RETURN_NONE;
835 : }
836 :
837 7866 : static PyObject *py_creds_set_gensec_features(PyObject *self, PyObject *args)
838 : {
839 : unsigned int gensec_features;
840 7866 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
841 7866 : if (creds == NULL) {
842 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
843 0 : return NULL;
844 : }
845 :
846 7866 : if (!PyArg_ParseTuple(args, "I", &gensec_features))
847 0 : return NULL;
848 :
849 7866 : cli_credentials_set_gensec_features(creds,
850 : gensec_features,
851 : CRED_SPECIFIED);
852 :
853 7866 : Py_RETURN_NONE;
854 : }
855 :
856 7866 : static PyObject *py_creds_get_gensec_features(PyObject *self, PyObject *args)
857 : {
858 : unsigned int gensec_features;
859 7866 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
860 7866 : if (creds == NULL) {
861 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
862 0 : return NULL;
863 : }
864 :
865 7866 : gensec_features = cli_credentials_get_gensec_features(creds);
866 7866 : return PyLong_FromLong(gensec_features);
867 : }
868 :
869 49 : static PyObject *py_creds_new_client_authenticator(PyObject *self,
870 : PyObject *args)
871 : {
872 : struct netr_Authenticator auth;
873 49 : struct cli_credentials *creds = NULL;
874 49 : struct netlogon_creds_CredentialState *nc = NULL;
875 49 : PyObject *ret = NULL;
876 : NTSTATUS status;
877 :
878 49 : creds = PyCredentials_AsCliCredentials(self);
879 49 : if (creds == NULL) {
880 0 : PyErr_SetString(PyExc_RuntimeError,
881 : "Failed to get credentials from python");
882 0 : return NULL;
883 : }
884 :
885 49 : nc = creds->netlogon_creds;
886 49 : if (nc == NULL) {
887 3 : PyErr_SetString(PyExc_ValueError,
888 : "No netlogon credentials cannot make "
889 : "client authenticator");
890 3 : return NULL;
891 : }
892 :
893 46 : status = netlogon_creds_client_authenticator(nc, &auth);
894 46 : if (!NT_STATUS_IS_OK(status)) {
895 0 : PyErr_SetString(PyExc_ValueError,
896 : "Failed to create client authenticator");
897 0 : return NULL;
898 : }
899 :
900 46 : ret = Py_BuildValue("{s"PYARG_BYTES_LEN"si}",
901 : "credential",
902 : (const char *) &auth.cred, sizeof(auth.cred),
903 : "timestamp", auth.timestamp);
904 46 : return ret;
905 : }
906 :
907 528 : static PyObject *py_creds_set_secure_channel_type(PyObject *self, PyObject *args)
908 : {
909 : unsigned int channel_type;
910 528 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
911 528 : if (creds == NULL) {
912 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
913 0 : return NULL;
914 : }
915 :
916 528 : if (!PyArg_ParseTuple(args, "I", &channel_type))
917 0 : return NULL;
918 :
919 528 : cli_credentials_set_secure_channel_type(
920 : creds,
921 : channel_type);
922 :
923 528 : Py_RETURN_NONE;
924 : }
925 :
926 2275 : static PyObject *py_creds_get_secure_channel_type(PyObject *self, PyObject *args)
927 : {
928 2275 : enum netr_SchannelType channel_type = SEC_CHAN_NULL;
929 2275 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
930 2275 : if (creds == NULL) {
931 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
932 0 : return NULL;
933 : }
934 :
935 2275 : channel_type = cli_credentials_get_secure_channel_type(creds);
936 :
937 2275 : return PyLong_FromLong(channel_type);
938 : }
939 :
940 0 : static PyObject *py_creds_get_aes256_key(PyObject *self, PyObject *args)
941 : {
942 0 : struct loadparm_context *lp_ctx = NULL;
943 0 : TALLOC_CTX *mem_ctx = NULL;
944 0 : PyObject *py_lp_ctx = Py_None;
945 0 : const char *salt = NULL;
946 : DATA_BLOB aes_256;
947 : int code;
948 0 : PyObject *ret = NULL;
949 0 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
950 0 : if (creds == NULL) {
951 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
952 0 : return NULL;
953 : }
954 :
955 0 : if (!PyArg_ParseTuple(args, "s|O", &salt, &py_lp_ctx))
956 0 : return NULL;
957 :
958 0 : mem_ctx = talloc_new(NULL);
959 0 : if (mem_ctx == NULL) {
960 0 : PyErr_NoMemory();
961 0 : return NULL;
962 : }
963 :
964 0 : lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
965 0 : if (lp_ctx == NULL) {
966 0 : talloc_free(mem_ctx);
967 0 : return NULL;
968 : }
969 :
970 0 : code = cli_credentials_get_aes256_key(creds,
971 : mem_ctx,
972 : lp_ctx,
973 : salt,
974 : &aes_256);
975 0 : if (code != 0) {
976 0 : PyErr_SetString(PyExc_RuntimeError,
977 : "Failed to generate AES256 key");
978 0 : talloc_free(mem_ctx);
979 0 : return NULL;
980 : }
981 :
982 0 : ret = PyBytes_FromStringAndSize((const char *)aes_256.data,
983 0 : aes_256.length);
984 0 : talloc_free(mem_ctx);
985 0 : return ret;
986 : }
987 :
988 4 : static PyObject *py_creds_encrypt_netr_crypt_password(PyObject *self,
989 : PyObject *args)
990 : {
991 4 : DATA_BLOB data = data_blob_null;
992 4 : struct cli_credentials *creds = NULL;
993 4 : struct netr_CryptPassword *pwd = NULL;
994 : NTSTATUS status;
995 4 : PyObject *py_cp = Py_None;
996 :
997 4 : creds = PyCredentials_AsCliCredentials(self);
998 4 : if (creds == NULL) {
999 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1000 0 : return NULL;
1001 : }
1002 :
1003 4 : if (!PyArg_ParseTuple(args, "O", &py_cp)) {
1004 0 : return NULL;
1005 : }
1006 :
1007 4 : pwd = pytalloc_get_type(py_cp, struct netr_CryptPassword);
1008 4 : if (pwd == NULL) {
1009 : /* pytalloc_get_type sets TypeError */
1010 0 : return NULL;
1011 : }
1012 4 : data.length = sizeof(struct netr_CryptPassword);
1013 4 : data.data = (uint8_t *)pwd;
1014 4 : status = netlogon_creds_session_encrypt(creds->netlogon_creds, data);
1015 :
1016 4 : PyErr_NTSTATUS_IS_ERR_RAISE(status);
1017 :
1018 4 : Py_RETURN_NONE;
1019 : }
1020 :
1021 0 : static PyObject *py_creds_encrypt_samr_password(PyObject *self,
1022 : PyObject *args)
1023 : {
1024 0 : DATA_BLOB data = data_blob_null;
1025 0 : struct cli_credentials *creds = NULL;
1026 0 : struct samr_Password *pwd = NULL;
1027 : NTSTATUS status;
1028 0 : PyObject *py_cp = Py_None;
1029 :
1030 0 : creds = PyCredentials_AsCliCredentials(self);
1031 0 : if (creds == NULL) {
1032 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1033 0 : return NULL;
1034 : }
1035 :
1036 0 : if (!PyArg_ParseTuple(args, "O", &py_cp)) {
1037 0 : return NULL;
1038 : }
1039 :
1040 0 : pwd = pytalloc_get_type(py_cp, struct samr_Password);
1041 0 : if (pwd == NULL) {
1042 : /* pytalloc_get_type sets TypeError */
1043 0 : return NULL;
1044 : }
1045 0 : data = data_blob_const(pwd->hash, sizeof(pwd->hash));
1046 0 : status = netlogon_creds_session_encrypt(creds->netlogon_creds, data);
1047 :
1048 0 : PyErr_NTSTATUS_IS_ERR_RAISE(status);
1049 :
1050 0 : Py_RETURN_NONE;
1051 : }
1052 :
1053 588 : static PyObject *py_creds_get_smb_signing(PyObject *self, PyObject *unused)
1054 : {
1055 : enum smb_signing_setting signing_state;
1056 588 : struct cli_credentials *creds = NULL;
1057 :
1058 588 : creds = PyCredentials_AsCliCredentials(self);
1059 588 : if (creds == NULL) {
1060 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1061 0 : return NULL;
1062 : }
1063 :
1064 588 : signing_state = cli_credentials_get_smb_signing(creds);
1065 588 : return PyLong_FromLong(signing_state);
1066 : }
1067 :
1068 1176 : static PyObject *py_creds_set_smb_signing(PyObject *self, PyObject *args)
1069 : {
1070 : enum smb_signing_setting signing_state;
1071 1176 : struct cli_credentials *creds = NULL;
1072 1176 : enum credentials_obtained obt = CRED_SPECIFIED;
1073 :
1074 1176 : creds = PyCredentials_AsCliCredentials(self);
1075 1176 : if (creds == NULL) {
1076 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1077 0 : return NULL;
1078 : }
1079 1176 : if (!PyArg_ParseTuple(args, "i|i", &signing_state, &obt)) {
1080 0 : return NULL;
1081 : }
1082 :
1083 1176 : switch (signing_state) {
1084 1176 : case SMB_SIGNING_DEFAULT:
1085 : case SMB_SIGNING_OFF:
1086 : case SMB_SIGNING_IF_REQUIRED:
1087 : case SMB_SIGNING_DESIRED:
1088 : case SMB_SIGNING_REQUIRED:
1089 1176 : break;
1090 0 : default:
1091 0 : PyErr_Format(PyExc_TypeError, "Invalid signing state value");
1092 0 : return NULL;
1093 : }
1094 :
1095 1176 : cli_credentials_set_smb_signing(creds, signing_state, obt);
1096 1176 : Py_RETURN_NONE;
1097 : }
1098 :
1099 39 : static PyObject *py_creds_get_smb_ipc_signing(PyObject *self, PyObject *unused)
1100 : {
1101 : enum smb_signing_setting signing_state;
1102 39 : struct cli_credentials *creds = NULL;
1103 :
1104 39 : creds = PyCredentials_AsCliCredentials(self);
1105 39 : if (creds == NULL) {
1106 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1107 0 : return NULL;
1108 : }
1109 :
1110 39 : signing_state = cli_credentials_get_smb_ipc_signing(creds);
1111 39 : return PyLong_FromLong(signing_state);
1112 : }
1113 :
1114 78 : static PyObject *py_creds_set_smb_ipc_signing(PyObject *self, PyObject *args)
1115 : {
1116 : enum smb_signing_setting signing_state;
1117 78 : struct cli_credentials *creds = NULL;
1118 78 : enum credentials_obtained obt = CRED_SPECIFIED;
1119 :
1120 78 : creds = PyCredentials_AsCliCredentials(self);
1121 78 : if (creds == NULL) {
1122 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1123 0 : return NULL;
1124 : }
1125 78 : if (!PyArg_ParseTuple(args, "i|i", &signing_state, &obt)) {
1126 0 : return NULL;
1127 : }
1128 :
1129 78 : switch (signing_state) {
1130 78 : case SMB_SIGNING_DEFAULT:
1131 : case SMB_SIGNING_OFF:
1132 : case SMB_SIGNING_IF_REQUIRED:
1133 : case SMB_SIGNING_DESIRED:
1134 : case SMB_SIGNING_REQUIRED:
1135 78 : break;
1136 0 : default:
1137 0 : PyErr_Format(PyExc_TypeError, "Invalid signing state value");
1138 0 : return NULL;
1139 : }
1140 :
1141 78 : cli_credentials_set_smb_ipc_signing(creds, signing_state, obt);
1142 78 : Py_RETURN_NONE;
1143 : }
1144 :
1145 0 : static PyObject *py_creds_get_smb_encryption(PyObject *self, PyObject *unused)
1146 : {
1147 : enum smb_encryption_setting encryption_state;
1148 0 : struct cli_credentials *creds = NULL;
1149 :
1150 0 : creds = PyCredentials_AsCliCredentials(self);
1151 0 : if (creds == NULL) {
1152 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1153 0 : return NULL;
1154 : }
1155 :
1156 0 : encryption_state = cli_credentials_get_smb_encryption(creds);
1157 0 : return PyLong_FromLong(encryption_state);
1158 : }
1159 :
1160 0 : static PyObject *py_creds_set_smb_encryption(PyObject *self, PyObject *args)
1161 : {
1162 : enum smb_encryption_setting encryption_state;
1163 0 : struct cli_credentials *creds = NULL;
1164 0 : enum credentials_obtained obt = CRED_SPECIFIED;
1165 :
1166 0 : creds = PyCredentials_AsCliCredentials(self);
1167 0 : if (creds == NULL) {
1168 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1169 0 : return NULL;
1170 : }
1171 0 : if (!PyArg_ParseTuple(args, "i|i", &encryption_state, &obt)) {
1172 0 : return NULL;
1173 : }
1174 :
1175 0 : switch (encryption_state) {
1176 0 : case SMB_ENCRYPTION_DEFAULT:
1177 : case SMB_ENCRYPTION_OFF:
1178 : case SMB_ENCRYPTION_IF_REQUIRED:
1179 : case SMB_ENCRYPTION_DESIRED:
1180 : case SMB_ENCRYPTION_REQUIRED:
1181 0 : break;
1182 0 : default:
1183 0 : PyErr_Format(PyExc_TypeError, "Invalid encryption state value");
1184 0 : return NULL;
1185 : }
1186 :
1187 0 : (void)cli_credentials_set_smb_encryption(creds, encryption_state, obt);
1188 0 : Py_RETURN_NONE;
1189 : }
1190 :
1191 : static PyMethodDef py_creds_methods[] = {
1192 : {
1193 : .ml_name = "get_username",
1194 : .ml_meth = py_creds_get_username,
1195 : .ml_flags = METH_NOARGS,
1196 : .ml_doc = "S.get_username() -> username\nObtain username.",
1197 : },
1198 : {
1199 : .ml_name = "set_username",
1200 : .ml_meth = py_creds_set_username,
1201 : .ml_flags = METH_VARARGS,
1202 : .ml_doc = "S.set_username(name[, credentials.SPECIFIED]) -> None\n"
1203 : "Change username.",
1204 : },
1205 : {
1206 : .ml_name = "get_principal",
1207 : .ml_meth = py_creds_get_principal,
1208 : .ml_flags = METH_NOARGS,
1209 : .ml_doc = "S.get_principal() -> user@realm\nObtain user principal.",
1210 : },
1211 : {
1212 : .ml_name = "set_principal",
1213 : .ml_meth = py_creds_set_principal,
1214 : .ml_flags = METH_VARARGS,
1215 : .ml_doc = "S.set_principal(name[, credentials.SPECIFIED]) -> None\n"
1216 : "Change principal.",
1217 : },
1218 : {
1219 : .ml_name = "get_password",
1220 : .ml_meth = py_creds_get_password,
1221 : .ml_flags = METH_NOARGS,
1222 : .ml_doc = "S.get_password() -> password\n"
1223 : "Obtain password.",
1224 : },
1225 : {
1226 : .ml_name = "get_ntlm_username_domain",
1227 : .ml_meth = py_creds_get_ntlm_username_domain,
1228 : .ml_flags = METH_NOARGS,
1229 : .ml_doc = "S.get_ntlm_username_domain() -> (domain, username)\n"
1230 : "Obtain NTLM username and domain, split up either as (DOMAIN, user) or (\"\", \"user@realm\").",
1231 : },
1232 : {
1233 : .ml_name = "get_ntlm_response",
1234 : .ml_meth = PY_DISCARD_FUNC_SIG(PyCFunction,
1235 : py_creds_get_ntlm_response),
1236 : .ml_flags = METH_VARARGS | METH_KEYWORDS,
1237 : .ml_doc = "S.get_ntlm_response"
1238 : "(flags, challenge[, target_info]) -> "
1239 : "(flags, lm_response, nt_response, lm_session_key, nt_session_key)\n"
1240 : "Obtain LM or NTLM response.",
1241 : },
1242 : {
1243 : .ml_name = "set_password",
1244 : .ml_meth = py_creds_set_password,
1245 : .ml_flags = METH_VARARGS,
1246 : .ml_doc = "S.set_password(password[, credentials.SPECIFIED]) -> None\n"
1247 : "Change password.",
1248 : },
1249 : {
1250 : .ml_name = "set_utf16_password",
1251 : .ml_meth = py_creds_set_utf16_password,
1252 : .ml_flags = METH_VARARGS,
1253 : .ml_doc = "S.set_utf16_password(password[, credentials.SPECIFIED]) -> None\n"
1254 : "Change password.",
1255 : },
1256 : {
1257 : .ml_name = "get_old_password",
1258 : .ml_meth = py_creds_get_old_password,
1259 : .ml_flags = METH_NOARGS,
1260 : .ml_doc = "S.get_old_password() -> password\n"
1261 : "Obtain old password.",
1262 : },
1263 : {
1264 : .ml_name = "set_old_password",
1265 : .ml_meth = py_creds_set_old_password,
1266 : .ml_flags = METH_VARARGS,
1267 : .ml_doc = "S.set_old_password(password[, credentials.SPECIFIED]) -> None\n"
1268 : "Change old password.",
1269 : },
1270 : {
1271 : .ml_name = "set_old_utf16_password",
1272 : .ml_meth = py_creds_set_old_utf16_password,
1273 : .ml_flags = METH_VARARGS,
1274 : .ml_doc = "S.set_old_utf16_password(password[, credentials.SPECIFIED]) -> None\n"
1275 : "Change old password.",
1276 : },
1277 : {
1278 : .ml_name = "get_domain",
1279 : .ml_meth = py_creds_get_domain,
1280 : .ml_flags = METH_NOARGS,
1281 : .ml_doc = "S.get_domain() -> domain\n"
1282 : "Obtain domain name.",
1283 : },
1284 : {
1285 : .ml_name = "set_domain",
1286 : .ml_meth = py_creds_set_domain,
1287 : .ml_flags = METH_VARARGS,
1288 : .ml_doc = "S.set_domain(domain[, credentials.SPECIFIED]) -> None\n"
1289 : "Change domain name.",
1290 : },
1291 : {
1292 : .ml_name = "get_realm",
1293 : .ml_meth = py_creds_get_realm,
1294 : .ml_flags = METH_NOARGS,
1295 : .ml_doc = "S.get_realm() -> realm\n"
1296 : "Obtain realm name.",
1297 : },
1298 : {
1299 : .ml_name = "set_realm",
1300 : .ml_meth = py_creds_set_realm,
1301 : .ml_flags = METH_VARARGS,
1302 : .ml_doc = "S.set_realm(realm[, credentials.SPECIFIED]) -> None\n"
1303 : "Change realm name.",
1304 : },
1305 : {
1306 : .ml_name = "get_bind_dn",
1307 : .ml_meth = py_creds_get_bind_dn,
1308 : .ml_flags = METH_NOARGS,
1309 : .ml_doc = "S.get_bind_dn() -> bind dn\n"
1310 : "Obtain bind DN.",
1311 : },
1312 : {
1313 : .ml_name = "set_bind_dn",
1314 : .ml_meth = py_creds_set_bind_dn,
1315 : .ml_flags = METH_VARARGS,
1316 : .ml_doc = "S.set_bind_dn(bind_dn) -> None\n"
1317 : "Change bind DN.",
1318 : },
1319 : {
1320 : .ml_name = "is_anonymous",
1321 : .ml_meth = py_creds_is_anonymous,
1322 : .ml_flags = METH_NOARGS,
1323 : },
1324 : {
1325 : .ml_name = "set_anonymous",
1326 : .ml_meth = py_creds_set_anonymous,
1327 : .ml_flags = METH_NOARGS,
1328 : .ml_doc = "S.set_anonymous() -> None\n"
1329 : "Use anonymous credentials.",
1330 : },
1331 : {
1332 : .ml_name = "get_workstation",
1333 : .ml_meth = py_creds_get_workstation,
1334 : .ml_flags = METH_NOARGS,
1335 : },
1336 : {
1337 : .ml_name = "set_workstation",
1338 : .ml_meth = py_creds_set_workstation,
1339 : .ml_flags = METH_VARARGS,
1340 : },
1341 : {
1342 : .ml_name = "authentication_requested",
1343 : .ml_meth = py_creds_authentication_requested,
1344 : .ml_flags = METH_NOARGS,
1345 : },
1346 : {
1347 : .ml_name = "wrong_password",
1348 : .ml_meth = py_creds_wrong_password,
1349 : .ml_flags = METH_NOARGS,
1350 : .ml_doc = "S.wrong_password() -> bool\n"
1351 : "Indicate the returned password was incorrect.",
1352 : },
1353 : {
1354 : .ml_name = "set_cmdline_callbacks",
1355 : .ml_meth = py_creds_set_cmdline_callbacks,
1356 : .ml_flags = METH_NOARGS,
1357 : .ml_doc = "S.set_cmdline_callbacks() -> bool\n"
1358 : "Use command-line to obtain credentials not explicitly set.",
1359 : },
1360 : {
1361 : .ml_name = "parse_string",
1362 : .ml_meth = py_creds_parse_string,
1363 : .ml_flags = METH_VARARGS,
1364 : .ml_doc = "S.parse_string(text[, credentials.SPECIFIED]) -> None\n"
1365 : "Parse credentials string.",
1366 : },
1367 : {
1368 : .ml_name = "parse_file",
1369 : .ml_meth = py_creds_parse_file,
1370 : .ml_flags = METH_VARARGS,
1371 : .ml_doc = "S.parse_file(filename[, credentials.SPECIFIED]) -> None\n"
1372 : "Parse credentials file.",
1373 : },
1374 : {
1375 : .ml_name = "set_password_will_be_nt_hash",
1376 : .ml_meth = py_cli_credentials_set_password_will_be_nt_hash,
1377 : .ml_flags = METH_VARARGS,
1378 : .ml_doc = "S.set_password_will_be_nt_hash(bool) -> None\n"
1379 : "Alters the behaviour of S.set_password() "
1380 : "to expect the NTHASH as hexstring.",
1381 : },
1382 : {
1383 : .ml_name = "get_nt_hash",
1384 : .ml_meth = py_creds_get_nt_hash,
1385 : .ml_flags = METH_NOARGS,
1386 : },
1387 : {
1388 : .ml_name = "get_kerberos_state",
1389 : .ml_meth = py_creds_get_kerberos_state,
1390 : .ml_flags = METH_NOARGS,
1391 : },
1392 : {
1393 : .ml_name = "set_kerberos_state",
1394 : .ml_meth = py_creds_set_kerberos_state,
1395 : .ml_flags = METH_VARARGS,
1396 : },
1397 : {
1398 : .ml_name = "set_krb_forwardable",
1399 : .ml_meth = py_creds_set_krb_forwardable,
1400 : .ml_flags = METH_VARARGS,
1401 : },
1402 : {
1403 : .ml_name = "set_conf",
1404 : .ml_meth = py_creds_set_conf,
1405 : .ml_flags = METH_VARARGS,
1406 : },
1407 : {
1408 : .ml_name = "guess",
1409 : .ml_meth = py_creds_guess,
1410 : .ml_flags = METH_VARARGS,
1411 : },
1412 : {
1413 : .ml_name = "set_machine_account",
1414 : .ml_meth = py_creds_set_machine_account,
1415 : .ml_flags = METH_VARARGS,
1416 : },
1417 : {
1418 : .ml_name = "get_named_ccache",
1419 : .ml_meth = py_creds_get_named_ccache,
1420 : .ml_flags = METH_VARARGS,
1421 : },
1422 : {
1423 : .ml_name = "set_named_ccache",
1424 : .ml_meth = py_creds_set_named_ccache,
1425 : .ml_flags = METH_VARARGS,
1426 : .ml_doc = "S.set_named_ccache(krb5_ccache_name, obtained, lp) -> None\n"
1427 : "Set credentials to KRB5 Credentials Cache (by name).",
1428 : },
1429 : {
1430 : .ml_name = "set_gensec_features",
1431 : .ml_meth = py_creds_set_gensec_features,
1432 : .ml_flags = METH_VARARGS,
1433 : },
1434 : {
1435 : .ml_name = "get_gensec_features",
1436 : .ml_meth = py_creds_get_gensec_features,
1437 : .ml_flags = METH_NOARGS,
1438 : },
1439 : {
1440 : .ml_name = "get_forced_sasl_mech",
1441 : .ml_meth = py_creds_get_forced_sasl_mech,
1442 : .ml_flags = METH_NOARGS,
1443 : .ml_doc = "S.get_forced_sasl_mech() -> SASL mechanism\nObtain forced SASL mechanism.",
1444 : },
1445 : {
1446 : .ml_name = "set_forced_sasl_mech",
1447 : .ml_meth = py_creds_set_forced_sasl_mech,
1448 : .ml_flags = METH_VARARGS,
1449 : .ml_doc = "S.set_forced_sasl_mech(name) -> None\n"
1450 : "Set forced SASL mechanism.",
1451 : },
1452 : {
1453 : .ml_name = "new_client_authenticator",
1454 : .ml_meth = py_creds_new_client_authenticator,
1455 : .ml_flags = METH_NOARGS,
1456 : .ml_doc = "S.new_client_authenticator() -> Authenticator\n"
1457 : "Get a new client NETLOGON_AUTHENTICATOR"},
1458 : {
1459 : .ml_name = "set_secure_channel_type",
1460 : .ml_meth = py_creds_set_secure_channel_type,
1461 : .ml_flags = METH_VARARGS,
1462 : },
1463 : {
1464 : .ml_name = "get_secure_channel_type",
1465 : .ml_meth = py_creds_get_secure_channel_type,
1466 : .ml_flags = METH_VARARGS,
1467 : },
1468 : {
1469 : .ml_name = "get_aes256_key",
1470 : .ml_meth = py_creds_get_aes256_key,
1471 : .ml_flags = METH_VARARGS,
1472 : .ml_doc = "S.get_aes256_key(salt[, lp]) -> bytes\n"
1473 : "Generate an AES256 key using the current password and\n"
1474 : "the specified salt",
1475 : },
1476 : {
1477 : .ml_name = "encrypt_netr_crypt_password",
1478 : .ml_meth = py_creds_encrypt_netr_crypt_password,
1479 : .ml_flags = METH_VARARGS,
1480 : .ml_doc = "S.encrypt_netr_crypt_password(password) -> None\n"
1481 : "Encrypt the supplied password using the session key and\n"
1482 : "the negotiated encryption algorithm in place\n"
1483 : "i.e. it overwrites the original data"},
1484 : {
1485 : .ml_name = "encrypt_samr_password",
1486 : .ml_meth = py_creds_encrypt_samr_password,
1487 : .ml_flags = METH_VARARGS,
1488 : .ml_doc = "S.encrypt_samr_password(password) -> None\n"
1489 : "Encrypt the supplied password using the session key and\n"
1490 : "the negotiated encryption algorithm in place\n"
1491 : "i.e. it overwrites the original data"
1492 : },
1493 : {
1494 : .ml_name = "get_smb_signing",
1495 : .ml_meth = py_creds_get_smb_signing,
1496 : .ml_flags = METH_NOARGS,
1497 : },
1498 : {
1499 : .ml_name = "set_smb_signing",
1500 : .ml_meth = py_creds_set_smb_signing,
1501 : .ml_flags = METH_VARARGS,
1502 : },
1503 : {
1504 : .ml_name = "get_smb_ipc_signing",
1505 : .ml_meth = py_creds_get_smb_ipc_signing,
1506 : .ml_flags = METH_NOARGS,
1507 : },
1508 : {
1509 : .ml_name = "set_smb_ipc_signing",
1510 : .ml_meth = py_creds_set_smb_ipc_signing,
1511 : .ml_flags = METH_VARARGS,
1512 : },
1513 : {
1514 : .ml_name = "get_smb_encryption",
1515 : .ml_meth = py_creds_get_smb_encryption,
1516 : .ml_flags = METH_NOARGS,
1517 : },
1518 : {
1519 : .ml_name = "set_smb_encryption",
1520 : .ml_meth = py_creds_set_smb_encryption,
1521 : .ml_flags = METH_VARARGS,
1522 : },
1523 : { .ml_name = NULL }
1524 : };
1525 :
1526 : static struct PyModuleDef moduledef = {
1527 : PyModuleDef_HEAD_INIT,
1528 : .m_name = "credentials",
1529 : .m_doc = "Credentials management.",
1530 : .m_size = -1,
1531 : .m_methods = py_creds_methods,
1532 : };
1533 :
1534 : PyTypeObject PyCredentials = {
1535 : .tp_name = "credentials.Credentials",
1536 : .tp_new = py_creds_new,
1537 : .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE,
1538 : .tp_methods = py_creds_methods,
1539 : };
1540 :
1541 1852 : static PyObject *py_ccache_name(PyObject *self, PyObject *unused)
1542 : {
1543 1852 : struct ccache_container *ccc = NULL;
1544 1852 : char *name = NULL;
1545 1852 : PyObject *py_name = NULL;
1546 : int ret;
1547 :
1548 1852 : ccc = pytalloc_get_type(self, struct ccache_container);
1549 :
1550 1852 : ret = krb5_cc_get_full_name(ccc->smb_krb5_context->krb5_context,
1551 : ccc->ccache, &name);
1552 1852 : if (ret == 0) {
1553 1852 : py_name = PyString_FromStringOrNULL(name);
1554 1852 : SAFE_FREE(name);
1555 : } else {
1556 0 : PyErr_SetString(PyExc_RuntimeError,
1557 : "Failed to get ccache name");
1558 0 : return NULL;
1559 : }
1560 1852 : return py_name;
1561 : }
1562 :
1563 : static PyMethodDef py_ccache_container_methods[] = {
1564 : { "get_name", py_ccache_name, METH_NOARGS,
1565 : "S.get_name() -> name\nObtain KRB5 credentials cache name." },
1566 : {0}
1567 : };
1568 :
1569 : PyTypeObject PyCredentialCacheContainer = {
1570 : .tp_name = "credentials.CredentialCacheContainer",
1571 : .tp_flags = Py_TPFLAGS_DEFAULT,
1572 : .tp_methods = py_ccache_container_methods,
1573 : };
1574 :
1575 5578 : MODULE_INIT_FUNC(credentials)
1576 : {
1577 : PyObject *m;
1578 5578 : if (pytalloc_BaseObject_PyType_Ready(&PyCredentials) < 0)
1579 0 : return NULL;
1580 :
1581 5578 : if (pytalloc_BaseObject_PyType_Ready(&PyCredentialCacheContainer) < 0)
1582 0 : return NULL;
1583 :
1584 5578 : m = PyModule_Create(&moduledef);
1585 5578 : if (m == NULL)
1586 0 : return NULL;
1587 :
1588 5578 : PyModule_AddObject(m, "UNINITIALISED", PyLong_FromLong(CRED_UNINITIALISED));
1589 5578 : PyModule_AddObject(m, "SMB_CONF", PyLong_FromLong(CRED_SMB_CONF));
1590 5578 : PyModule_AddObject(m, "CALLBACK", PyLong_FromLong(CRED_CALLBACK));
1591 5578 : PyModule_AddObject(m, "GUESS_ENV", PyLong_FromLong(CRED_GUESS_ENV));
1592 5578 : PyModule_AddObject(m, "GUESS_FILE", PyLong_FromLong(CRED_GUESS_FILE));
1593 5578 : PyModule_AddObject(m, "CALLBACK_RESULT", PyLong_FromLong(CRED_CALLBACK_RESULT));
1594 5578 : PyModule_AddObject(m, "SPECIFIED", PyLong_FromLong(CRED_SPECIFIED));
1595 :
1596 5578 : PyModule_AddObject(m, "AUTO_USE_KERBEROS", PyLong_FromLong(CRED_USE_KERBEROS_DESIRED));
1597 5578 : PyModule_AddObject(m, "DONT_USE_KERBEROS", PyLong_FromLong(CRED_USE_KERBEROS_DISABLED));
1598 5578 : PyModule_AddObject(m, "MUST_USE_KERBEROS", PyLong_FromLong(CRED_USE_KERBEROS_REQUIRED));
1599 :
1600 5578 : PyModule_AddObject(m, "AUTO_KRB_FORWARDABLE", PyLong_FromLong(CRED_AUTO_KRB_FORWARDABLE));
1601 5578 : PyModule_AddObject(m, "NO_KRB_FORWARDABLE", PyLong_FromLong(CRED_NO_KRB_FORWARDABLE));
1602 5578 : PyModule_AddObject(m, "FORCE_KRB_FORWARDABLE", PyLong_FromLong(CRED_FORCE_KRB_FORWARDABLE));
1603 5578 : PyModule_AddObject(m, "CLI_CRED_NTLM2", PyLong_FromLong(CLI_CRED_NTLM2));
1604 5578 : PyModule_AddObject(m, "CLI_CRED_NTLMv2_AUTH", PyLong_FromLong(CLI_CRED_NTLMv2_AUTH));
1605 5578 : PyModule_AddObject(m, "CLI_CRED_LANMAN_AUTH", PyLong_FromLong(CLI_CRED_LANMAN_AUTH));
1606 5578 : PyModule_AddObject(m, "CLI_CRED_NTLM_AUTH", PyLong_FromLong(CLI_CRED_NTLM_AUTH));
1607 5578 : PyModule_AddObject(m, "CLI_CRED_CLEAR_AUTH", PyLong_FromLong(CLI_CRED_CLEAR_AUTH));
1608 :
1609 5578 : PyModule_AddObject(m, "SMB_SIGNING_DEFAULT", PyLong_FromLong(SMB_SIGNING_DEFAULT));
1610 5578 : PyModule_AddObject(m, "SMB_SIGNING_OFF", PyLong_FromLong(SMB_SIGNING_OFF));
1611 5578 : PyModule_AddObject(m, "SMB_SIGNING_IF_REQUIRED", PyLong_FromLong(SMB_SIGNING_IF_REQUIRED));
1612 5578 : PyModule_AddObject(m, "SMB_SIGNING_DESIRED", PyLong_FromLong(SMB_SIGNING_DESIRED));
1613 5578 : PyModule_AddObject(m, "SMB_SIGNING_REQUIRED", PyLong_FromLong(SMB_SIGNING_REQUIRED));
1614 :
1615 5578 : PyModule_AddObject(m, "SMB_ENCRYPTION_DEFAULT", PyLong_FromLong(SMB_ENCRYPTION_DEFAULT));
1616 5578 : PyModule_AddObject(m, "SMB_ENCRYPTION_OFF", PyLong_FromLong(SMB_ENCRYPTION_OFF));
1617 5578 : PyModule_AddObject(m, "SMB_ENCRYPTION_IF_REQUIRED", PyLong_FromLong(SMB_ENCRYPTION_IF_REQUIRED));
1618 5578 : PyModule_AddObject(m, "SMB_ENCRYPTION_DESIRED", PyLong_FromLong(SMB_ENCRYPTION_DESIRED));
1619 5578 : PyModule_AddObject(m, "SMB_ENCRYPTION_REQUIRED", PyLong_FromLong(SMB_ENCRYPTION_REQUIRED));
1620 :
1621 5578 : Py_INCREF(&PyCredentials);
1622 5578 : PyModule_AddObject(m, "Credentials", (PyObject *)&PyCredentials);
1623 5578 : Py_INCREF(&PyCredentialCacheContainer);
1624 5578 : PyModule_AddObject(m, "CredentialCacheContainer", (PyObject *)&PyCredentialCacheContainer);
1625 5578 : return m;
1626 : }
|
