Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
4 :
5 : This program is free software; you can redistribute it and/or modify
6 : it under the terms of the GNU General Public License as published by
7 : the Free Software Foundation; either version 3 of the License, or
8 : (at your option) any later version.
9 :
10 : This program is distributed in the hope that it will be useful,
11 : but WITHOUT ANY WARRANTY; without even the implied warranty of
12 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 : GNU General Public License for more details.
14 :
15 : You should have received a copy of the GNU General Public License
16 : along with this program. If not, see <http://www.gnu.org/licenses/>.
17 : */
18 :
19 : #include "lib/replace/system/python.h"
20 : #include "python/py3compat.h"
21 : #include "includes.h"
22 : #include "python/modules.h"
23 : #include "pycredentials.h"
24 : #include "param/param.h"
25 : #include "auth/credentials/credentials_internal.h"
26 : #include "auth/credentials/credentials_krb5.h"
27 : #include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
28 : #include "librpc/gen_ndr/netlogon.h"
29 : #include "libcli/util/pyerrors.h"
30 : #include "libcli/auth/libcli_auth.h"
31 : #include "param/pyparam.h"
32 : #include <tevent.h>
33 : #include "libcli/auth/libcli_auth.h"
34 : #include "system/kerberos.h"
35 : #include "auth/kerberos/kerberos.h"
36 : #include "libcli/smb/smb_constants.h"
37 :
38 : void initcredentials(void);
39 :
40 36112 : static PyObject *py_creds_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
41 : {
42 36112 : return pytalloc_steal(type, cli_credentials_init(NULL));
43 : }
44 :
45 0 : static PyObject *PyCredentials_from_cli_credentials(struct cli_credentials *creds)
46 : {
47 0 : return pytalloc_reference(&PyCredentials, creds);
48 : }
49 :
50 38681 : static PyObject *py_creds_get_username(PyObject *self, PyObject *unused)
51 : {
52 38681 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
53 38681 : if (creds == NULL) {
54 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
55 0 : return NULL;
56 : }
57 38681 : return PyString_FromStringOrNULL(cli_credentials_get_username(creds));
58 : }
59 :
60 16770 : static PyObject *py_creds_set_username(PyObject *self, PyObject *args)
61 : {
62 6 : char *newval;
63 16770 : enum credentials_obtained obt = CRED_SPECIFIED;
64 16770 : int _obt = obt;
65 16770 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
66 16770 : if (creds == NULL) {
67 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
68 0 : return NULL;
69 : }
70 :
71 16770 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
72 0 : return NULL;
73 : }
74 16770 : obt = _obt;
75 :
76 16770 : return PyBool_FromLong(cli_credentials_set_username(creds, newval, obt));
77 : }
78 :
79 199 : static PyObject *py_creds_get_ntlm_username_domain(PyObject *self, PyObject *unused)
80 : {
81 199 : TALLOC_CTX *frame = talloc_stackframe();
82 199 : const char *user = NULL;
83 199 : const char *domain = NULL;
84 199 : PyObject *ret = NULL;
85 199 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
86 199 : if (creds == NULL) {
87 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
88 0 : return NULL;
89 : }
90 199 : cli_credentials_get_ntlm_username_domain(creds,
91 : frame, &user, &domain);
92 199 : ret = Py_BuildValue("(ss)",
93 : user,
94 : domain);
95 :
96 199 : TALLOC_FREE(frame);
97 199 : return ret;
98 : }
99 :
100 118 : static PyObject *py_creds_get_ntlm_response(PyObject *self, PyObject *args, PyObject *kwargs)
101 : {
102 118 : TALLOC_CTX *frame = talloc_stackframe();
103 118 : PyObject *ret = NULL;
104 1 : int flags;
105 1 : struct timeval tv_now;
106 1 : NTTIME server_timestamp;
107 118 : DATA_BLOB challenge = data_blob_null;
108 118 : DATA_BLOB target_info = data_blob_null;
109 1 : NTSTATUS status;
110 118 : DATA_BLOB lm_response = data_blob_null;
111 118 : DATA_BLOB nt_response = data_blob_null;
112 118 : DATA_BLOB lm_session_key = data_blob_null;
113 118 : DATA_BLOB nt_session_key = data_blob_null;
114 118 : const char *kwnames[] = { "flags", "challenge",
115 : "target_info",
116 : NULL };
117 118 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
118 118 : if (creds == NULL) {
119 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
120 0 : return NULL;
121 : }
122 :
123 118 : tv_now = timeval_current();
124 118 : server_timestamp = timeval_to_nttime(&tv_now);
125 :
126 118 : if (!PyArg_ParseTupleAndKeywords(args, kwargs, "is#|s#",
127 : discard_const_p(char *, kwnames),
128 : &flags,
129 : &challenge.data,
130 : &challenge.length,
131 : &target_info.data,
132 : &target_info.length)) {
133 0 : return NULL;
134 : }
135 :
136 118 : status = cli_credentials_get_ntlm_response(creds,
137 : frame, &flags,
138 : challenge,
139 : &server_timestamp,
140 : target_info,
141 : &lm_response, &nt_response,
142 : &lm_session_key, &nt_session_key);
143 :
144 118 : if (!NT_STATUS_IS_OK(status)) {
145 0 : PyErr_SetNTSTATUS(status);
146 0 : TALLOC_FREE(frame);
147 0 : return NULL;
148 : }
149 :
150 119 : ret = Py_BuildValue("{sis" PYARG_BYTES_LEN "s" PYARG_BYTES_LEN
151 : "s" PYARG_BYTES_LEN "s" PYARG_BYTES_LEN "}",
152 : "flags", flags,
153 : "lm_response",
154 118 : (const char *)lm_response.data, lm_response.length,
155 : "nt_response",
156 118 : (const char *)nt_response.data, nt_response.length,
157 : "lm_session_key",
158 118 : (const char *)lm_session_key.data, lm_session_key.length,
159 : "nt_session_key",
160 118 : (const char *)nt_session_key.data, nt_session_key.length);
161 118 : TALLOC_FREE(frame);
162 117 : return ret;
163 : }
164 :
165 44 : static PyObject *py_creds_get_principal(PyObject *self, PyObject *unused)
166 : {
167 44 : TALLOC_CTX *frame = talloc_stackframe();
168 44 : PyObject *ret = NULL;
169 44 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
170 44 : if (creds == NULL) {
171 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
172 0 : return NULL;
173 : }
174 44 : ret = PyString_FromStringOrNULL(cli_credentials_get_principal(creds, frame));
175 44 : TALLOC_FREE(frame);
176 22 : return ret;
177 : }
178 :
179 2 : static PyObject *py_creds_set_principal(PyObject *self, PyObject *args)
180 : {
181 2 : char *newval;
182 2 : enum credentials_obtained obt = CRED_SPECIFIED;
183 2 : int _obt = obt;
184 2 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
185 2 : if (creds == NULL) {
186 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
187 0 : return NULL;
188 : }
189 :
190 2 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
191 0 : return NULL;
192 : }
193 2 : obt = _obt;
194 :
195 2 : return PyBool_FromLong(cli_credentials_set_principal(creds, newval, obt));
196 : }
197 :
198 10065 : static PyObject *py_creds_get_password(PyObject *self, PyObject *unused)
199 : {
200 10065 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
201 10065 : if (creds == NULL) {
202 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
203 0 : return NULL;
204 : }
205 10065 : return PyString_FromStringOrNULL(cli_credentials_get_password(creds));
206 : }
207 :
208 17338 : static PyObject *py_creds_set_password(PyObject *self, PyObject *args)
209 : {
210 17338 : const char *newval = NULL;
211 17338 : enum credentials_obtained obt = CRED_SPECIFIED;
212 17338 : int _obt = obt;
213 17338 : PyObject *result = NULL;
214 17338 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
215 17338 : if (creds == NULL) {
216 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
217 0 : return NULL;
218 : }
219 :
220 17338 : if (!PyArg_ParseTuple(args, PYARG_STR_UNI"|i", "utf8", &newval, &_obt)) {
221 0 : return NULL;
222 : }
223 17338 : obt = _obt;
224 :
225 17338 : result = PyBool_FromLong(cli_credentials_set_password(creds, newval, obt));
226 17338 : PyMem_Free(discard_const_p(void*, newval));
227 17338 : return result;
228 : }
229 :
230 761 : static PyObject *py_creds_set_utf16_password(PyObject *self, PyObject *args)
231 : {
232 761 : enum credentials_obtained obt = CRED_SPECIFIED;
233 761 : int _obt = obt;
234 761 : PyObject *newval = NULL;
235 761 : DATA_BLOB blob = data_blob_null;
236 761 : Py_ssize_t size = 0;
237 1 : int result;
238 1 : bool ok;
239 761 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
240 761 : if (creds == NULL) {
241 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
242 0 : return NULL;
243 : }
244 :
245 761 : if (!PyArg_ParseTuple(args, "O|i", &newval, &_obt)) {
246 0 : return NULL;
247 : }
248 761 : obt = _obt;
249 :
250 761 : result = PyBytes_AsStringAndSize(newval, (char **)&blob.data, &size);
251 761 : if (result != 0) {
252 0 : PyErr_SetString(PyExc_RuntimeError, "Failed to convert passed value to Bytes");
253 0 : return NULL;
254 : }
255 761 : blob.length = size;
256 :
257 761 : ok = cli_credentials_set_utf16_password(creds,
258 : &blob, obt);
259 :
260 761 : return PyBool_FromLong(ok);
261 : }
262 :
263 3 : static PyObject *py_creds_get_old_password(PyObject *self, PyObject *unused)
264 : {
265 3 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
266 3 : if (creds == NULL) {
267 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
268 0 : return NULL;
269 : }
270 3 : return PyString_FromStringOrNULL(cli_credentials_get_old_password(creds));
271 : }
272 :
273 1 : static PyObject *py_creds_set_old_password(PyObject *self, PyObject *args)
274 : {
275 1 : char *oldval;
276 1 : enum credentials_obtained obt = CRED_SPECIFIED;
277 1 : int _obt = obt;
278 1 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
279 1 : if (creds == NULL) {
280 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
281 0 : return NULL;
282 : }
283 :
284 1 : if (!PyArg_ParseTuple(args, "s|i", &oldval, &_obt)) {
285 0 : return NULL;
286 : }
287 1 : obt = _obt;
288 :
289 1 : return PyBool_FromLong(cli_credentials_set_old_password(creds, oldval, obt));
290 : }
291 :
292 1 : static PyObject *py_creds_set_old_utf16_password(PyObject *self, PyObject *args)
293 : {
294 1 : PyObject *oldval = NULL;
295 1 : DATA_BLOB blob = data_blob_null;
296 1 : Py_ssize_t size = 0;
297 1 : int result;
298 1 : bool ok;
299 1 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
300 1 : if (creds == NULL) {
301 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
302 0 : return NULL;
303 : }
304 :
305 1 : if (!PyArg_ParseTuple(args, "O", &oldval)) {
306 0 : return NULL;
307 : }
308 :
309 1 : result = PyBytes_AsStringAndSize(oldval, (char **)&blob.data, &size);
310 1 : if (result != 0) {
311 0 : PyErr_SetString(PyExc_RuntimeError, "Failed to convert passed value to Bytes");
312 0 : return NULL;
313 : }
314 1 : blob.length = size;
315 :
316 1 : ok = cli_credentials_set_old_utf16_password(creds,
317 : &blob);
318 :
319 1 : return PyBool_FromLong(ok);
320 : }
321 :
322 13339 : static PyObject *py_creds_get_domain(PyObject *self, PyObject *unused)
323 : {
324 13339 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
325 13339 : if (creds == NULL) {
326 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
327 0 : return NULL;
328 : }
329 13339 : return PyString_FromStringOrNULL(cli_credentials_get_domain(creds));
330 : }
331 :
332 15980 : static PyObject *py_creds_set_domain(PyObject *self, PyObject *args)
333 : {
334 2 : char *newval;
335 15980 : enum credentials_obtained obt = CRED_SPECIFIED;
336 15980 : int _obt = obt;
337 15980 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
338 15980 : if (creds == NULL) {
339 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
340 0 : return NULL;
341 : }
342 :
343 15980 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
344 0 : return NULL;
345 : }
346 15980 : obt = _obt;
347 :
348 15980 : return PyBool_FromLong(cli_credentials_set_domain(creds, newval, obt));
349 : }
350 :
351 38728 : static PyObject *py_creds_get_realm(PyObject *self, PyObject *unused)
352 : {
353 38728 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
354 38728 : if (creds == NULL) {
355 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
356 0 : return NULL;
357 : }
358 38728 : return PyString_FromStringOrNULL(cli_credentials_get_realm(creds));
359 : }
360 :
361 15609 : static PyObject *py_creds_set_realm(PyObject *self, PyObject *args)
362 : {
363 4 : char *newval;
364 15609 : enum credentials_obtained obt = CRED_SPECIFIED;
365 15609 : int _obt = obt;
366 15609 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
367 15609 : if (creds == NULL) {
368 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
369 0 : return NULL;
370 : }
371 :
372 15609 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
373 0 : return NULL;
374 : }
375 15609 : obt = _obt;
376 :
377 15609 : return PyBool_FromLong(cli_credentials_set_realm(creds, newval, obt));
378 : }
379 :
380 1036 : static PyObject *py_creds_get_bind_dn(PyObject *self, PyObject *unused)
381 : {
382 1036 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
383 1036 : if (creds == NULL) {
384 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
385 0 : return NULL;
386 : }
387 1036 : return PyString_FromStringOrNULL(cli_credentials_get_bind_dn(creds));
388 : }
389 :
390 550 : static PyObject *py_creds_set_bind_dn(PyObject *self, PyObject *args)
391 : {
392 1 : char *newval;
393 550 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
394 550 : if (creds == NULL) {
395 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
396 0 : return NULL;
397 : }
398 550 : if (!PyArg_ParseTuple(args, "z", &newval))
399 0 : return NULL;
400 :
401 550 : return PyBool_FromLong(cli_credentials_set_bind_dn(creds, newval));
402 : }
403 :
404 12583 : static PyObject *py_creds_get_workstation(PyObject *self, PyObject *unused)
405 : {
406 12583 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
407 12583 : if (creds == NULL) {
408 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
409 0 : return NULL;
410 : }
411 12583 : return PyString_FromStringOrNULL(cli_credentials_get_workstation(creds));
412 : }
413 :
414 18805 : static PyObject *py_creds_set_workstation(PyObject *self, PyObject *args)
415 : {
416 1 : char *newval;
417 18805 : enum credentials_obtained obt = CRED_SPECIFIED;
418 18805 : int _obt = obt;
419 18805 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
420 18805 : if (creds == NULL) {
421 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
422 0 : return NULL;
423 : }
424 :
425 18805 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
426 0 : return NULL;
427 : }
428 18805 : obt = _obt;
429 :
430 18805 : return PyBool_FromLong(cli_credentials_set_workstation(creds, newval, obt));
431 : }
432 :
433 91 : static PyObject *py_creds_is_anonymous(PyObject *self, PyObject *unused)
434 : {
435 91 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
436 91 : if (creds == NULL) {
437 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
438 0 : return NULL;
439 : }
440 91 : return PyBool_FromLong(cli_credentials_is_anonymous(creds));
441 : }
442 :
443 1982 : static PyObject *py_creds_set_anonymous(PyObject *self, PyObject *unused)
444 : {
445 1982 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
446 1982 : if (creds == NULL) {
447 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
448 0 : return NULL;
449 : }
450 1982 : cli_credentials_set_anonymous(creds);
451 1982 : Py_RETURN_NONE;
452 : }
453 :
454 9115 : static PyObject *py_creds_authentication_requested(PyObject *self, PyObject *unused)
455 : {
456 9115 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
457 9115 : if (creds == NULL) {
458 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
459 0 : return NULL;
460 : }
461 9115 : return PyBool_FromLong(cli_credentials_authentication_requested(creds));
462 : }
463 :
464 1 : static PyObject *py_creds_wrong_password(PyObject *self, PyObject *unused)
465 : {
466 1 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
467 1 : if (creds == NULL) {
468 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
469 0 : return NULL;
470 : }
471 1 : return PyBool_FromLong(cli_credentials_wrong_password(creds));
472 : }
473 :
474 14599 : static PyObject *py_creds_set_cmdline_callbacks(PyObject *self, PyObject *unused)
475 : {
476 14599 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
477 14599 : if (creds == NULL) {
478 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
479 0 : return NULL;
480 : }
481 14599 : return PyBool_FromLong(cli_credentials_set_cmdline_callbacks(creds));
482 : }
483 :
484 6742 : static PyObject *py_creds_parse_string(PyObject *self, PyObject *args)
485 : {
486 13 : char *newval;
487 6742 : enum credentials_obtained obt = CRED_SPECIFIED;
488 6742 : int _obt = obt;
489 6742 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
490 6742 : if (creds == NULL) {
491 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
492 0 : return NULL;
493 : }
494 :
495 6742 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
496 0 : return NULL;
497 : }
498 6742 : obt = _obt;
499 :
500 6742 : cli_credentials_parse_string(creds, newval, obt);
501 6742 : Py_RETURN_NONE;
502 : }
503 :
504 7 : static PyObject *py_creds_parse_file(PyObject *self, PyObject *args)
505 : {
506 7 : char *newval;
507 7 : enum credentials_obtained obt = CRED_SPECIFIED;
508 7 : int _obt = obt;
509 7 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
510 7 : if (creds == NULL) {
511 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
512 0 : return NULL;
513 : }
514 :
515 7 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
516 0 : return NULL;
517 : }
518 7 : obt = _obt;
519 :
520 7 : cli_credentials_parse_file(creds, newval, obt);
521 7 : Py_RETURN_NONE;
522 : }
523 :
524 1 : static PyObject *py_cli_credentials_set_password_will_be_nt_hash(PyObject *self, PyObject *args)
525 : {
526 1 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
527 1 : PyObject *py_val = NULL;
528 1 : bool val = false;
529 :
530 1 : if (!PyArg_ParseTuple(args, "O!", &PyBool_Type, &py_val)) {
531 0 : return NULL;
532 : }
533 1 : val = PyObject_IsTrue(py_val);
534 :
535 1 : cli_credentials_set_password_will_be_nt_hash(creds, val);
536 1 : Py_RETURN_NONE;
537 : }
538 :
539 1286 : static PyObject *py_creds_get_nt_hash(PyObject *self, PyObject *unused)
540 : {
541 12 : PyObject *ret;
542 1286 : struct samr_Password *ntpw = NULL;
543 1286 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
544 1286 : if (creds == NULL) {
545 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
546 0 : return NULL;
547 : }
548 1286 : ntpw = cli_credentials_get_nt_hash(creds, creds);
549 :
550 1286 : ret = PyBytes_FromStringAndSize(discard_const_p(char, ntpw->hash), 16);
551 1286 : TALLOC_FREE(ntpw);
552 1274 : return ret;
553 : }
554 :
555 94 : static PyObject *py_creds_set_nt_hash(PyObject *self, PyObject *args)
556 : {
557 94 : PyObject *py_cp = Py_None;
558 94 : const struct samr_Password *pwd = NULL;
559 94 : enum credentials_obtained obt = CRED_SPECIFIED;
560 94 : int _obt = obt;
561 94 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
562 94 : if (creds == NULL) {
563 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
564 0 : return NULL;
565 : }
566 :
567 94 : if (!PyArg_ParseTuple(args, "O|i", &py_cp, &_obt)) {
568 0 : return NULL;
569 : }
570 94 : obt = _obt;
571 :
572 94 : if (!py_check_dcerpc_type(py_cp, "samba.dcerpc.samr", "Password")) {
573 : /* py_check_dcerpc_type sets TypeError */
574 0 : return NULL;
575 : }
576 :
577 94 : pwd = pytalloc_get_type(py_cp, struct samr_Password);
578 94 : if (pwd == NULL) {
579 : /* pytalloc_get_type sets TypeError */
580 0 : return NULL;
581 : }
582 :
583 94 : return PyBool_FromLong(cli_credentials_set_nt_hash(creds, pwd, obt));
584 : }
585 :
586 929 : static PyObject *py_creds_get_kerberos_state(PyObject *self, PyObject *unused)
587 : {
588 0 : int state;
589 929 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
590 929 : if (creds == NULL) {
591 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
592 0 : return NULL;
593 : }
594 929 : state = cli_credentials_get_kerberos_state(creds);
595 929 : return PyLong_FromLong(state);
596 : }
597 :
598 13951 : static PyObject *py_creds_set_kerberos_state(PyObject *self, PyObject *args)
599 : {
600 2 : int state;
601 13951 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
602 13951 : if (creds == NULL) {
603 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
604 0 : return NULL;
605 : }
606 13951 : if (!PyArg_ParseTuple(args, "i", &state))
607 0 : return NULL;
608 :
609 13951 : cli_credentials_set_kerberos_state(creds, state, CRED_SPECIFIED);
610 13951 : Py_RETURN_NONE;
611 : }
612 :
613 79 : static PyObject *py_creds_set_krb_forwardable(PyObject *self, PyObject *args)
614 : {
615 2 : int state;
616 79 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
617 79 : if (creds == NULL) {
618 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
619 0 : return NULL;
620 : }
621 79 : if (!PyArg_ParseTuple(args, "i", &state))
622 0 : return NULL;
623 :
624 79 : cli_credentials_set_krb_forwardable(creds, state);
625 79 : Py_RETURN_NONE;
626 : }
627 :
628 :
629 0 : static PyObject *py_creds_get_forced_sasl_mech(PyObject *self, PyObject *unused)
630 : {
631 0 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
632 0 : if (creds == NULL) {
633 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
634 0 : return NULL;
635 : }
636 0 : return PyString_FromStringOrNULL(cli_credentials_get_forced_sasl_mech(creds));
637 : }
638 :
639 0 : static PyObject *py_creds_set_forced_sasl_mech(PyObject *self, PyObject *args)
640 : {
641 0 : char *newval;
642 0 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
643 0 : if (creds == NULL) {
644 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
645 0 : return NULL;
646 : }
647 :
648 0 : if (!PyArg_ParseTuple(args, "s", &newval)) {
649 0 : return NULL;
650 : }
651 :
652 0 : cli_credentials_set_forced_sasl_mech(creds, newval);
653 0 : Py_RETURN_NONE;
654 : }
655 :
656 6 : static PyObject *py_creds_set_conf(PyObject *self, PyObject *args)
657 : {
658 6 : PyObject *py_lp_ctx = Py_None;
659 6 : struct loadparm_context *lp_ctx;
660 6 : TALLOC_CTX *mem_ctx;
661 6 : struct cli_credentials *creds;
662 6 : bool ok;
663 :
664 6 : creds = PyCredentials_AsCliCredentials(self);
665 6 : if (creds == NULL) {
666 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
667 0 : return NULL;
668 : }
669 :
670 6 : if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx)) {
671 0 : return NULL;
672 : }
673 :
674 6 : mem_ctx = talloc_new(NULL);
675 6 : if (mem_ctx == NULL) {
676 0 : PyErr_NoMemory();
677 0 : return NULL;
678 : }
679 :
680 6 : lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
681 6 : if (lp_ctx == NULL) {
682 0 : talloc_free(mem_ctx);
683 0 : return NULL;
684 : }
685 :
686 6 : ok = cli_credentials_set_conf(creds, lp_ctx);
687 6 : talloc_free(mem_ctx);
688 6 : if (!ok) {
689 0 : return NULL;
690 : }
691 :
692 6 : Py_RETURN_NONE;
693 : }
694 :
695 20000 : static PyObject *py_creds_guess(PyObject *self, PyObject *args)
696 : {
697 20000 : PyObject *py_lp_ctx = Py_None;
698 118 : struct loadparm_context *lp_ctx;
699 118 : TALLOC_CTX *mem_ctx;
700 118 : struct cli_credentials *creds;
701 118 : bool ok;
702 :
703 20000 : creds = PyCredentials_AsCliCredentials(self);
704 20000 : if (creds == NULL) {
705 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
706 0 : return NULL;
707 : }
708 :
709 20000 : if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
710 0 : return NULL;
711 :
712 20000 : mem_ctx = talloc_new(NULL);
713 20000 : if (mem_ctx == NULL) {
714 0 : PyErr_NoMemory();
715 0 : return NULL;
716 : }
717 :
718 20000 : lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
719 20000 : if (lp_ctx == NULL) {
720 0 : talloc_free(mem_ctx);
721 0 : return NULL;
722 : }
723 :
724 20000 : ok = cli_credentials_guess(creds, lp_ctx);
725 20000 : talloc_free(mem_ctx);
726 20000 : if (!ok) {
727 0 : return NULL;
728 : }
729 :
730 20000 : Py_RETURN_NONE;
731 : }
732 :
733 5197 : static PyObject *py_creds_set_machine_account(PyObject *self, PyObject *args)
734 : {
735 5197 : PyObject *py_lp_ctx = Py_None;
736 22 : struct loadparm_context *lp_ctx;
737 22 : NTSTATUS status;
738 22 : struct cli_credentials *creds;
739 22 : TALLOC_CTX *mem_ctx;
740 :
741 5197 : creds = PyCredentials_AsCliCredentials(self);
742 5197 : if (creds == NULL) {
743 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
744 0 : return NULL;
745 : }
746 :
747 5197 : if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
748 0 : return NULL;
749 :
750 5197 : mem_ctx = talloc_new(NULL);
751 5197 : if (mem_ctx == NULL) {
752 0 : PyErr_NoMemory();
753 0 : return NULL;
754 : }
755 :
756 5197 : lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
757 5197 : if (lp_ctx == NULL) {
758 0 : talloc_free(mem_ctx);
759 0 : return NULL;
760 : }
761 :
762 5197 : status = cli_credentials_set_machine_account(creds, lp_ctx);
763 5197 : talloc_free(mem_ctx);
764 :
765 5197 : PyErr_NTSTATUS_IS_ERR_RAISE(status);
766 :
767 4459 : Py_RETURN_NONE;
768 : }
769 :
770 1874 : static PyObject *PyCredentialCacheContainer_from_ccache_container(struct ccache_container *ccc)
771 : {
772 1874 : return pytalloc_reference(&PyCredentialCacheContainer, ccc);
773 : }
774 :
775 :
776 1874 : static PyObject *py_creds_get_named_ccache(PyObject *self, PyObject *args)
777 : {
778 1874 : PyObject *py_lp_ctx = Py_None;
779 1874 : char *ccache_name = NULL;
780 0 : struct loadparm_context *lp_ctx;
781 0 : struct ccache_container *ccc;
782 0 : struct tevent_context *event_ctx;
783 0 : int ret;
784 0 : const char *error_string;
785 0 : struct cli_credentials *creds;
786 0 : TALLOC_CTX *mem_ctx;
787 :
788 1874 : creds = PyCredentials_AsCliCredentials(self);
789 1874 : if (creds == NULL) {
790 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
791 0 : return NULL;
792 : }
793 :
794 1874 : if (!PyArg_ParseTuple(args, "|Os", &py_lp_ctx, &ccache_name))
795 0 : return NULL;
796 :
797 1874 : mem_ctx = talloc_new(NULL);
798 1874 : if (mem_ctx == NULL) {
799 0 : PyErr_NoMemory();
800 0 : return NULL;
801 : }
802 :
803 1874 : lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
804 1874 : if (lp_ctx == NULL) {
805 0 : talloc_free(mem_ctx);
806 0 : return NULL;
807 : }
808 :
809 1874 : event_ctx = samba_tevent_context_init(mem_ctx);
810 :
811 1874 : ret = cli_credentials_get_named_ccache(creds, event_ctx, lp_ctx,
812 : ccache_name, &ccc, &error_string);
813 1874 : talloc_unlink(mem_ctx, lp_ctx);
814 1874 : if (ret == 0) {
815 1874 : talloc_steal(ccc, event_ctx);
816 1874 : talloc_free(mem_ctx);
817 1874 : return PyCredentialCacheContainer_from_ccache_container(ccc);
818 : }
819 :
820 0 : PyErr_SetString(PyExc_RuntimeError, error_string?error_string:"NULL");
821 :
822 0 : talloc_free(mem_ctx);
823 0 : return NULL;
824 : }
825 :
826 1931 : static PyObject *py_creds_set_named_ccache(PyObject *self, PyObject *args)
827 : {
828 1931 : struct loadparm_context *lp_ctx = NULL;
829 1931 : enum credentials_obtained obt = CRED_SPECIFIED;
830 1931 : const char *error_string = NULL;
831 1931 : TALLOC_CTX *mem_ctx = NULL;
832 1931 : char *newval = NULL;
833 1931 : PyObject *py_lp_ctx = Py_None;
834 1931 : int _obt = obt;
835 0 : int ret;
836 1931 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
837 1931 : if (creds == NULL) {
838 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
839 0 : return NULL;
840 : }
841 :
842 1931 : if (!PyArg_ParseTuple(args, "s|iO", &newval, &_obt, &py_lp_ctx))
843 0 : return NULL;
844 1931 : obt = _obt;
845 :
846 1931 : mem_ctx = talloc_new(NULL);
847 1931 : if (mem_ctx == NULL) {
848 0 : PyErr_NoMemory();
849 0 : return NULL;
850 : }
851 :
852 1931 : lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
853 1931 : if (lp_ctx == NULL) {
854 0 : talloc_free(mem_ctx);
855 0 : return NULL;
856 : }
857 :
858 1931 : ret = cli_credentials_set_ccache(creds,
859 : lp_ctx,
860 : newval, obt,
861 : &error_string);
862 :
863 1931 : if (ret != 0) {
864 0 : PyErr_SetString(PyExc_RuntimeError,
865 0 : error_string != NULL ? error_string : "NULL");
866 0 : talloc_free(mem_ctx);
867 0 : return NULL;
868 : }
869 :
870 1931 : talloc_free(mem_ctx);
871 1931 : Py_RETURN_NONE;
872 : }
873 :
874 12979 : static PyObject *py_creds_set_gensec_features(PyObject *self, PyObject *args)
875 : {
876 5 : unsigned int gensec_features;
877 12979 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
878 12979 : if (creds == NULL) {
879 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
880 0 : return NULL;
881 : }
882 :
883 12979 : if (!PyArg_ParseTuple(args, "I", &gensec_features))
884 0 : return NULL;
885 :
886 12979 : cli_credentials_set_gensec_features(creds,
887 : gensec_features,
888 : CRED_SPECIFIED);
889 :
890 12979 : Py_RETURN_NONE;
891 : }
892 :
893 12979 : static PyObject *py_creds_get_gensec_features(PyObject *self, PyObject *args)
894 : {
895 5 : unsigned int gensec_features;
896 12979 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
897 12979 : if (creds == NULL) {
898 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
899 0 : return NULL;
900 : }
901 :
902 12979 : gensec_features = cli_credentials_get_gensec_features(creds);
903 12979 : return PyLong_FromLong(gensec_features);
904 : }
905 :
906 45 : static PyObject *py_creds_new_client_authenticator(PyObject *self,
907 : PyObject *args)
908 : {
909 0 : struct netr_Authenticator auth;
910 45 : struct cli_credentials *creds = NULL;
911 45 : struct netlogon_creds_CredentialState *nc = NULL;
912 45 : PyObject *ret = NULL;
913 0 : NTSTATUS status;
914 :
915 45 : creds = PyCredentials_AsCliCredentials(self);
916 45 : if (creds == NULL) {
917 0 : PyErr_SetString(PyExc_RuntimeError,
918 : "Failed to get credentials from python");
919 0 : return NULL;
920 : }
921 :
922 45 : nc = creds->netlogon_creds;
923 45 : if (nc == NULL) {
924 3 : PyErr_SetString(PyExc_ValueError,
925 : "No netlogon credentials cannot make "
926 : "client authenticator");
927 3 : return NULL;
928 : }
929 :
930 42 : status = netlogon_creds_client_authenticator(nc, &auth);
931 42 : if (!NT_STATUS_IS_OK(status)) {
932 0 : PyErr_SetString(PyExc_ValueError,
933 : "Failed to create client authenticator");
934 0 : return NULL;
935 : }
936 :
937 42 : ret = Py_BuildValue("{s"PYARG_BYTES_LEN"si}",
938 : "credential",
939 : (const char *) &auth.cred, sizeof(auth.cred),
940 : "timestamp", auth.timestamp);
941 42 : return ret;
942 : }
943 :
944 3039 : static PyObject *py_creds_set_secure_channel_type(PyObject *self, PyObject *args)
945 : {
946 1 : unsigned int channel_type;
947 3039 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
948 3039 : if (creds == NULL) {
949 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
950 0 : return NULL;
951 : }
952 :
953 3039 : if (!PyArg_ParseTuple(args, "I", &channel_type))
954 0 : return NULL;
955 :
956 3039 : cli_credentials_set_secure_channel_type(
957 : creds,
958 : channel_type);
959 :
960 3039 : Py_RETURN_NONE;
961 : }
962 :
963 8049 : static PyObject *py_creds_get_secure_channel_type(PyObject *self, PyObject *args)
964 : {
965 8049 : enum netr_SchannelType channel_type = SEC_CHAN_NULL;
966 8049 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
967 8049 : if (creds == NULL) {
968 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
969 0 : return NULL;
970 : }
971 :
972 8049 : channel_type = cli_credentials_get_secure_channel_type(creds);
973 :
974 8049 : return PyLong_FromLong(channel_type);
975 : }
976 :
977 114 : static PyObject *py_creds_set_kerberos_salt_principal(PyObject *self, PyObject *args)
978 : {
979 114 : char *salt_principal = NULL;
980 114 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
981 114 : if (creds == NULL) {
982 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
983 0 : return NULL;
984 : }
985 :
986 114 : if (!PyArg_ParseTuple(args, "s", &salt_principal))
987 0 : return NULL;
988 :
989 114 : cli_credentials_set_salt_principal(
990 : creds,
991 : salt_principal);
992 :
993 114 : Py_RETURN_NONE;
994 : }
995 :
996 0 : static PyObject *py_creds_get_kerberos_salt_principal(PyObject *self, PyObject *unused)
997 : {
998 0 : TALLOC_CTX *mem_ctx;
999 0 : PyObject *ret = NULL;
1000 0 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
1001 0 : if (creds == NULL) {
1002 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1003 0 : return NULL;
1004 : }
1005 0 : mem_ctx = talloc_new(NULL);
1006 0 : if (mem_ctx == NULL) {
1007 0 : PyErr_NoMemory();
1008 0 : return NULL;
1009 : }
1010 :
1011 0 : ret = PyString_FromStringOrNULL(cli_credentials_get_salt_principal(creds, mem_ctx));
1012 :
1013 0 : TALLOC_FREE(mem_ctx);
1014 :
1015 0 : return ret;
1016 : }
1017 :
1018 114 : static PyObject *py_creds_get_kerberos_key_current_or_old(PyObject *self, PyObject *args, bool old)
1019 : {
1020 114 : struct loadparm_context *lp_ctx = NULL;
1021 114 : TALLOC_CTX *mem_ctx = NULL;
1022 114 : PyObject *py_lp_ctx = Py_None;
1023 0 : DATA_BLOB key;
1024 0 : int code;
1025 0 : int enctype;
1026 114 : PyObject *ret = NULL;
1027 114 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
1028 114 : if (creds == NULL) {
1029 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1030 0 : return NULL;
1031 : }
1032 :
1033 114 : if (!PyArg_ParseTuple(args, "i|O", &enctype, &py_lp_ctx))
1034 0 : return NULL;
1035 :
1036 114 : mem_ctx = talloc_new(NULL);
1037 114 : if (mem_ctx == NULL) {
1038 0 : PyErr_NoMemory();
1039 0 : return NULL;
1040 : }
1041 :
1042 114 : lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
1043 114 : if (lp_ctx == NULL) {
1044 0 : talloc_free(mem_ctx);
1045 0 : return NULL;
1046 : }
1047 :
1048 114 : code = cli_credentials_get_kerberos_key(creds,
1049 : mem_ctx,
1050 : lp_ctx,
1051 : enctype,
1052 : old,
1053 : &key);
1054 114 : if (code != 0) {
1055 0 : PyErr_SetString(PyExc_RuntimeError,
1056 : "Failed to generate Kerberos key");
1057 0 : talloc_free(mem_ctx);
1058 0 : return NULL;
1059 : }
1060 :
1061 114 : ret = PyBytes_FromStringAndSize((const char *)key.data,
1062 114 : key.length);
1063 114 : talloc_free(mem_ctx);
1064 114 : return ret;
1065 : }
1066 :
1067 114 : static PyObject *py_creds_get_kerberos_key(PyObject *self, PyObject *args)
1068 : {
1069 114 : return py_creds_get_kerberos_key_current_or_old(self, args, false);
1070 : }
1071 :
1072 0 : static PyObject *py_creds_get_old_kerberos_key(PyObject *self, PyObject *args)
1073 : {
1074 0 : return py_creds_get_kerberos_key_current_or_old(self, args, true);
1075 : }
1076 :
1077 4 : static PyObject *py_creds_encrypt_netr_crypt_password(PyObject *self,
1078 : PyObject *args)
1079 : {
1080 4 : DATA_BLOB data = data_blob_null;
1081 4 : struct cli_credentials *creds = NULL;
1082 4 : struct netr_CryptPassword *pwd = NULL;
1083 0 : NTSTATUS status;
1084 4 : PyObject *py_cp = Py_None;
1085 :
1086 4 : creds = PyCredentials_AsCliCredentials(self);
1087 4 : if (creds == NULL) {
1088 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1089 0 : return NULL;
1090 : }
1091 :
1092 4 : if (!PyArg_ParseTuple(args, "O", &py_cp)) {
1093 0 : return NULL;
1094 : }
1095 :
1096 4 : pwd = pytalloc_get_type(py_cp, struct netr_CryptPassword);
1097 4 : if (pwd == NULL) {
1098 : /* pytalloc_get_type sets TypeError */
1099 0 : return NULL;
1100 : }
1101 4 : data.length = sizeof(struct netr_CryptPassword);
1102 4 : data.data = (uint8_t *)pwd;
1103 4 : status = netlogon_creds_session_encrypt(creds->netlogon_creds, data);
1104 :
1105 4 : PyErr_NTSTATUS_IS_ERR_RAISE(status);
1106 :
1107 4 : Py_RETURN_NONE;
1108 : }
1109 :
1110 82 : static PyObject *py_creds_encrypt_samr_password(PyObject *self,
1111 : PyObject *args)
1112 : {
1113 82 : DATA_BLOB data = data_blob_null;
1114 82 : struct cli_credentials *creds = NULL;
1115 82 : struct samr_Password *pwd = NULL;
1116 0 : NTSTATUS status;
1117 82 : PyObject *py_cp = Py_None;
1118 :
1119 82 : creds = PyCredentials_AsCliCredentials(self);
1120 82 : if (creds == NULL) {
1121 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1122 0 : return NULL;
1123 : }
1124 :
1125 82 : if (creds->netlogon_creds == NULL) {
1126 0 : PyErr_Format(PyExc_ValueError, "NetLogon credentials not set");
1127 0 : return NULL;
1128 : }
1129 :
1130 82 : if (!PyArg_ParseTuple(args, "O", &py_cp)) {
1131 0 : return NULL;
1132 : }
1133 :
1134 82 : if (!py_check_dcerpc_type(py_cp, "samba.dcerpc.samr", "Password")) {
1135 : /* py_check_dcerpc_type sets TypeError */
1136 0 : return NULL;
1137 : }
1138 :
1139 82 : pwd = pytalloc_get_type(py_cp, struct samr_Password);
1140 82 : if (pwd == NULL) {
1141 : /* pytalloc_get_type sets TypeError */
1142 0 : return NULL;
1143 : }
1144 82 : data = data_blob_const(pwd->hash, sizeof(pwd->hash));
1145 82 : status = netlogon_creds_session_encrypt(creds->netlogon_creds, data);
1146 :
1147 82 : PyErr_NTSTATUS_IS_ERR_RAISE(status);
1148 :
1149 82 : Py_RETURN_NONE;
1150 : }
1151 :
1152 1223 : static PyObject *py_creds_get_smb_signing(PyObject *self, PyObject *unused)
1153 : {
1154 5 : enum smb_signing_setting signing_state;
1155 1223 : struct cli_credentials *creds = NULL;
1156 :
1157 1223 : creds = PyCredentials_AsCliCredentials(self);
1158 1223 : if (creds == NULL) {
1159 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1160 0 : return NULL;
1161 : }
1162 :
1163 1223 : signing_state = cli_credentials_get_smb_signing(creds);
1164 1223 : return PyLong_FromLong(signing_state);
1165 : }
1166 :
1167 2438 : static PyObject *py_creds_set_smb_signing(PyObject *self, PyObject *args)
1168 : {
1169 2 : enum smb_signing_setting signing_state;
1170 2438 : struct cli_credentials *creds = NULL;
1171 2438 : enum credentials_obtained obt = CRED_SPECIFIED;
1172 :
1173 2438 : creds = PyCredentials_AsCliCredentials(self);
1174 2438 : if (creds == NULL) {
1175 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1176 0 : return NULL;
1177 : }
1178 2438 : if (!PyArg_ParseTuple(args, "i|i", &signing_state, &obt)) {
1179 0 : return NULL;
1180 : }
1181 :
1182 2438 : switch (signing_state) {
1183 2436 : case SMB_SIGNING_DEFAULT:
1184 : case SMB_SIGNING_OFF:
1185 : case SMB_SIGNING_IF_REQUIRED:
1186 : case SMB_SIGNING_DESIRED:
1187 : case SMB_SIGNING_REQUIRED:
1188 2438 : break;
1189 0 : default:
1190 0 : PyErr_Format(PyExc_TypeError, "Invalid signing state value");
1191 0 : return NULL;
1192 : }
1193 :
1194 2438 : cli_credentials_set_smb_signing(creds, signing_state, obt);
1195 2438 : Py_RETURN_NONE;
1196 : }
1197 :
1198 44 : static PyObject *py_creds_get_smb_ipc_signing(PyObject *self, PyObject *unused)
1199 : {
1200 5 : enum smb_signing_setting signing_state;
1201 44 : struct cli_credentials *creds = NULL;
1202 :
1203 44 : creds = PyCredentials_AsCliCredentials(self);
1204 44 : if (creds == NULL) {
1205 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1206 0 : return NULL;
1207 : }
1208 :
1209 44 : signing_state = cli_credentials_get_smb_ipc_signing(creds);
1210 44 : return PyLong_FromLong(signing_state);
1211 : }
1212 :
1213 80 : static PyObject *py_creds_set_smb_ipc_signing(PyObject *self, PyObject *args)
1214 : {
1215 2 : enum smb_signing_setting signing_state;
1216 80 : struct cli_credentials *creds = NULL;
1217 80 : enum credentials_obtained obt = CRED_SPECIFIED;
1218 :
1219 80 : creds = PyCredentials_AsCliCredentials(self);
1220 80 : if (creds == NULL) {
1221 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1222 0 : return NULL;
1223 : }
1224 80 : if (!PyArg_ParseTuple(args, "i|i", &signing_state, &obt)) {
1225 0 : return NULL;
1226 : }
1227 :
1228 80 : switch (signing_state) {
1229 78 : case SMB_SIGNING_DEFAULT:
1230 : case SMB_SIGNING_OFF:
1231 : case SMB_SIGNING_IF_REQUIRED:
1232 : case SMB_SIGNING_DESIRED:
1233 : case SMB_SIGNING_REQUIRED:
1234 80 : break;
1235 0 : default:
1236 0 : PyErr_Format(PyExc_TypeError, "Invalid signing state value");
1237 0 : return NULL;
1238 : }
1239 :
1240 80 : cli_credentials_set_smb_ipc_signing(creds, signing_state, obt);
1241 80 : Py_RETURN_NONE;
1242 : }
1243 :
1244 5 : static PyObject *py_creds_get_smb_encryption(PyObject *self, PyObject *unused)
1245 : {
1246 5 : enum smb_encryption_setting encryption_state;
1247 5 : struct cli_credentials *creds = NULL;
1248 :
1249 5 : creds = PyCredentials_AsCliCredentials(self);
1250 5 : if (creds == NULL) {
1251 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1252 0 : return NULL;
1253 : }
1254 :
1255 5 : encryption_state = cli_credentials_get_smb_encryption(creds);
1256 5 : return PyLong_FromLong(encryption_state);
1257 : }
1258 :
1259 18 : static PyObject *py_creds_set_smb_encryption(PyObject *self, PyObject *args)
1260 : {
1261 2 : enum smb_encryption_setting encryption_state;
1262 18 : struct cli_credentials *creds = NULL;
1263 18 : enum credentials_obtained obt = CRED_SPECIFIED;
1264 :
1265 18 : creds = PyCredentials_AsCliCredentials(self);
1266 18 : if (creds == NULL) {
1267 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1268 0 : return NULL;
1269 : }
1270 18 : if (!PyArg_ParseTuple(args, "i|i", &encryption_state, &obt)) {
1271 0 : return NULL;
1272 : }
1273 :
1274 18 : switch (encryption_state) {
1275 16 : case SMB_ENCRYPTION_DEFAULT:
1276 : case SMB_ENCRYPTION_OFF:
1277 : case SMB_ENCRYPTION_IF_REQUIRED:
1278 : case SMB_ENCRYPTION_DESIRED:
1279 : case SMB_ENCRYPTION_REQUIRED:
1280 18 : break;
1281 0 : default:
1282 0 : PyErr_Format(PyExc_TypeError, "Invalid encryption state value");
1283 0 : return NULL;
1284 : }
1285 :
1286 18 : (void)cli_credentials_set_smb_encryption(creds, encryption_state, obt);
1287 18 : Py_RETURN_NONE;
1288 : }
1289 :
1290 0 : static PyObject *py_creds_get_krb5_fast_armor_credentials(PyObject *self, PyObject *unused)
1291 : {
1292 0 : struct cli_credentials *creds = NULL;
1293 0 : struct cli_credentials *fast_creds = NULL;
1294 :
1295 0 : creds = PyCredentials_AsCliCredentials(self);
1296 0 : if (creds == NULL) {
1297 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1298 0 : return NULL;
1299 : }
1300 :
1301 0 : fast_creds = cli_credentials_get_krb5_fast_armor_credentials(creds);
1302 0 : if (fast_creds == NULL) {
1303 0 : Py_RETURN_NONE;
1304 : }
1305 :
1306 0 : return PyCredentials_from_cli_credentials(fast_creds);
1307 : }
1308 :
1309 13 : static PyObject *py_creds_set_krb5_fast_armor_credentials(PyObject *self, PyObject *args)
1310 : {
1311 13 : struct cli_credentials *creds = NULL;
1312 0 : PyObject *pyfast_creds;
1313 13 : struct cli_credentials *fast_creds = NULL;
1314 13 : int fast_armor_required = 0;
1315 0 : NTSTATUS status;
1316 :
1317 13 : creds = PyCredentials_AsCliCredentials(self);
1318 13 : if (creds == NULL) {
1319 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1320 0 : return NULL;
1321 : }
1322 13 : if (!PyArg_ParseTuple(args, "Op", &pyfast_creds, &fast_armor_required)) {
1323 0 : return NULL;
1324 : }
1325 13 : if (pyfast_creds == Py_None) {
1326 2 : fast_creds = NULL;
1327 : } else {
1328 11 : fast_creds = PyCredentials_AsCliCredentials(pyfast_creds);
1329 11 : if (fast_creds == NULL) {
1330 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1331 0 : return NULL;
1332 : }
1333 : }
1334 :
1335 13 : status = cli_credentials_set_krb5_fast_armor_credentials(creds,
1336 : fast_creds,
1337 : fast_armor_required);
1338 :
1339 13 : PyErr_NTSTATUS_IS_ERR_RAISE(status);
1340 13 : Py_RETURN_NONE;
1341 : }
1342 :
1343 0 : static PyObject *py_creds_get_krb5_require_fast_armor(PyObject *self, PyObject *unused)
1344 : {
1345 0 : bool krb5_fast_armor_required;
1346 0 : struct cli_credentials *creds = NULL;
1347 :
1348 0 : creds = PyCredentials_AsCliCredentials(self);
1349 0 : if (creds == NULL) {
1350 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1351 0 : return NULL;
1352 : }
1353 :
1354 0 : krb5_fast_armor_required = cli_credentials_get_krb5_require_fast_armor(creds);
1355 0 : return PyBool_FromLong(krb5_fast_armor_required);
1356 : }
1357 :
1358 : static PyMethodDef py_creds_methods[] = {
1359 : {
1360 : .ml_name = "get_username",
1361 : .ml_meth = py_creds_get_username,
1362 : .ml_flags = METH_NOARGS,
1363 : .ml_doc = "S.get_username() -> username\nObtain username.",
1364 : },
1365 : {
1366 : .ml_name = "set_username",
1367 : .ml_meth = py_creds_set_username,
1368 : .ml_flags = METH_VARARGS,
1369 : .ml_doc = "S.set_username(name[, credentials.SPECIFIED]) -> None\n"
1370 : "Change username.",
1371 : },
1372 : {
1373 : .ml_name = "get_principal",
1374 : .ml_meth = py_creds_get_principal,
1375 : .ml_flags = METH_NOARGS,
1376 : .ml_doc = "S.get_principal() -> user@realm\nObtain user principal.",
1377 : },
1378 : {
1379 : .ml_name = "set_principal",
1380 : .ml_meth = py_creds_set_principal,
1381 : .ml_flags = METH_VARARGS,
1382 : .ml_doc = "S.set_principal(name[, credentials.SPECIFIED]) -> None\n"
1383 : "Change principal.",
1384 : },
1385 : {
1386 : .ml_name = "get_password",
1387 : .ml_meth = py_creds_get_password,
1388 : .ml_flags = METH_NOARGS,
1389 : .ml_doc = "S.get_password() -> password\n"
1390 : "Obtain password.",
1391 : },
1392 : {
1393 : .ml_name = "get_ntlm_username_domain",
1394 : .ml_meth = py_creds_get_ntlm_username_domain,
1395 : .ml_flags = METH_NOARGS,
1396 : .ml_doc = "S.get_ntlm_username_domain() -> (domain, username)\n"
1397 : "Obtain NTLM username and domain, split up either as (DOMAIN, user) or (\"\", \"user@realm\").",
1398 : },
1399 : {
1400 : .ml_name = "get_ntlm_response",
1401 : .ml_meth = PY_DISCARD_FUNC_SIG(PyCFunction,
1402 : py_creds_get_ntlm_response),
1403 : .ml_flags = METH_VARARGS | METH_KEYWORDS,
1404 : .ml_doc = "S.get_ntlm_response"
1405 : "(flags, challenge[, target_info]) -> "
1406 : "(flags, lm_response, nt_response, lm_session_key, nt_session_key)\n"
1407 : "Obtain LM or NTLM response.",
1408 : },
1409 : {
1410 : .ml_name = "set_password",
1411 : .ml_meth = py_creds_set_password,
1412 : .ml_flags = METH_VARARGS,
1413 : .ml_doc = "S.set_password(password[, credentials.SPECIFIED]) -> None\n"
1414 : "Change password.",
1415 : },
1416 : {
1417 : .ml_name = "set_utf16_password",
1418 : .ml_meth = py_creds_set_utf16_password,
1419 : .ml_flags = METH_VARARGS,
1420 : .ml_doc = "S.set_utf16_password(password[, credentials.SPECIFIED]) -> None\n"
1421 : "Change password.",
1422 : },
1423 : {
1424 : .ml_name = "get_old_password",
1425 : .ml_meth = py_creds_get_old_password,
1426 : .ml_flags = METH_NOARGS,
1427 : .ml_doc = "S.get_old_password() -> password\n"
1428 : "Obtain old password.",
1429 : },
1430 : {
1431 : .ml_name = "set_old_password",
1432 : .ml_meth = py_creds_set_old_password,
1433 : .ml_flags = METH_VARARGS,
1434 : .ml_doc = "S.set_old_password(password[, credentials.SPECIFIED]) -> None\n"
1435 : "Change old password.",
1436 : },
1437 : {
1438 : .ml_name = "set_old_utf16_password",
1439 : .ml_meth = py_creds_set_old_utf16_password,
1440 : .ml_flags = METH_VARARGS,
1441 : .ml_doc = "S.set_old_utf16_password(password[, credentials.SPECIFIED]) -> None\n"
1442 : "Change old password.",
1443 : },
1444 : {
1445 : .ml_name = "get_domain",
1446 : .ml_meth = py_creds_get_domain,
1447 : .ml_flags = METH_NOARGS,
1448 : .ml_doc = "S.get_domain() -> domain\n"
1449 : "Obtain domain name.",
1450 : },
1451 : {
1452 : .ml_name = "set_domain",
1453 : .ml_meth = py_creds_set_domain,
1454 : .ml_flags = METH_VARARGS,
1455 : .ml_doc = "S.set_domain(domain[, credentials.SPECIFIED]) -> None\n"
1456 : "Change domain name.",
1457 : },
1458 : {
1459 : .ml_name = "get_realm",
1460 : .ml_meth = py_creds_get_realm,
1461 : .ml_flags = METH_NOARGS,
1462 : .ml_doc = "S.get_realm() -> realm\n"
1463 : "Obtain realm name.",
1464 : },
1465 : {
1466 : .ml_name = "set_realm",
1467 : .ml_meth = py_creds_set_realm,
1468 : .ml_flags = METH_VARARGS,
1469 : .ml_doc = "S.set_realm(realm[, credentials.SPECIFIED]) -> None\n"
1470 : "Change realm name.",
1471 : },
1472 : {
1473 : .ml_name = "get_bind_dn",
1474 : .ml_meth = py_creds_get_bind_dn,
1475 : .ml_flags = METH_NOARGS,
1476 : .ml_doc = "S.get_bind_dn() -> bind dn\n"
1477 : "Obtain bind DN.",
1478 : },
1479 : {
1480 : .ml_name = "set_bind_dn",
1481 : .ml_meth = py_creds_set_bind_dn,
1482 : .ml_flags = METH_VARARGS,
1483 : .ml_doc = "S.set_bind_dn(bind_dn) -> None\n"
1484 : "Change bind DN.",
1485 : },
1486 : {
1487 : .ml_name = "is_anonymous",
1488 : .ml_meth = py_creds_is_anonymous,
1489 : .ml_flags = METH_NOARGS,
1490 : },
1491 : {
1492 : .ml_name = "set_anonymous",
1493 : .ml_meth = py_creds_set_anonymous,
1494 : .ml_flags = METH_NOARGS,
1495 : .ml_doc = "S.set_anonymous() -> None\n"
1496 : "Use anonymous credentials.",
1497 : },
1498 : {
1499 : .ml_name = "get_workstation",
1500 : .ml_meth = py_creds_get_workstation,
1501 : .ml_flags = METH_NOARGS,
1502 : },
1503 : {
1504 : .ml_name = "set_workstation",
1505 : .ml_meth = py_creds_set_workstation,
1506 : .ml_flags = METH_VARARGS,
1507 : },
1508 : {
1509 : .ml_name = "authentication_requested",
1510 : .ml_meth = py_creds_authentication_requested,
1511 : .ml_flags = METH_NOARGS,
1512 : },
1513 : {
1514 : .ml_name = "wrong_password",
1515 : .ml_meth = py_creds_wrong_password,
1516 : .ml_flags = METH_NOARGS,
1517 : .ml_doc = "S.wrong_password() -> bool\n"
1518 : "Indicate the returned password was incorrect.",
1519 : },
1520 : {
1521 : .ml_name = "set_cmdline_callbacks",
1522 : .ml_meth = py_creds_set_cmdline_callbacks,
1523 : .ml_flags = METH_NOARGS,
1524 : .ml_doc = "S.set_cmdline_callbacks() -> bool\n"
1525 : "Use command-line to obtain credentials not explicitly set.",
1526 : },
1527 : {
1528 : .ml_name = "parse_string",
1529 : .ml_meth = py_creds_parse_string,
1530 : .ml_flags = METH_VARARGS,
1531 : .ml_doc = "S.parse_string(text[, credentials.SPECIFIED]) -> None\n"
1532 : "Parse credentials string.",
1533 : },
1534 : {
1535 : .ml_name = "parse_file",
1536 : .ml_meth = py_creds_parse_file,
1537 : .ml_flags = METH_VARARGS,
1538 : .ml_doc = "S.parse_file(filename[, credentials.SPECIFIED]) -> None\n"
1539 : "Parse credentials file.",
1540 : },
1541 : {
1542 : .ml_name = "set_password_will_be_nt_hash",
1543 : .ml_meth = py_cli_credentials_set_password_will_be_nt_hash,
1544 : .ml_flags = METH_VARARGS,
1545 : .ml_doc = "S.set_password_will_be_nt_hash(bool) -> None\n"
1546 : "Alters the behaviour of S.set_password() "
1547 : "to expect the NTHASH as hexstring.",
1548 : },
1549 : {
1550 : .ml_name = "get_nt_hash",
1551 : .ml_meth = py_creds_get_nt_hash,
1552 : .ml_flags = METH_NOARGS,
1553 : },
1554 : {
1555 : .ml_name = "set_nt_hash",
1556 : .ml_meth = py_creds_set_nt_hash,
1557 : .ml_flags = METH_VARARGS,
1558 : .ml_doc = "S.set_net_sh(samr_Password[, credentials.SPECIFIED]) -> bool\n"
1559 : "Change NT hash.",
1560 : },
1561 : {
1562 : .ml_name = "get_kerberos_state",
1563 : .ml_meth = py_creds_get_kerberos_state,
1564 : .ml_flags = METH_NOARGS,
1565 : },
1566 : {
1567 : .ml_name = "set_kerberos_state",
1568 : .ml_meth = py_creds_set_kerberos_state,
1569 : .ml_flags = METH_VARARGS,
1570 : },
1571 : {
1572 : .ml_name = "set_krb_forwardable",
1573 : .ml_meth = py_creds_set_krb_forwardable,
1574 : .ml_flags = METH_VARARGS,
1575 : },
1576 : {
1577 : .ml_name = "set_conf",
1578 : .ml_meth = py_creds_set_conf,
1579 : .ml_flags = METH_VARARGS,
1580 : },
1581 : {
1582 : .ml_name = "guess",
1583 : .ml_meth = py_creds_guess,
1584 : .ml_flags = METH_VARARGS,
1585 : },
1586 : {
1587 : .ml_name = "set_machine_account",
1588 : .ml_meth = py_creds_set_machine_account,
1589 : .ml_flags = METH_VARARGS,
1590 : },
1591 : {
1592 : .ml_name = "get_named_ccache",
1593 : .ml_meth = py_creds_get_named_ccache,
1594 : .ml_flags = METH_VARARGS,
1595 : },
1596 : {
1597 : .ml_name = "set_named_ccache",
1598 : .ml_meth = py_creds_set_named_ccache,
1599 : .ml_flags = METH_VARARGS,
1600 : .ml_doc = "S.set_named_ccache(krb5_ccache_name, obtained, lp) -> None\n"
1601 : "Set credentials to KRB5 Credentials Cache (by name).",
1602 : },
1603 : {
1604 : .ml_name = "set_gensec_features",
1605 : .ml_meth = py_creds_set_gensec_features,
1606 : .ml_flags = METH_VARARGS,
1607 : },
1608 : {
1609 : .ml_name = "get_gensec_features",
1610 : .ml_meth = py_creds_get_gensec_features,
1611 : .ml_flags = METH_NOARGS,
1612 : },
1613 : {
1614 : .ml_name = "get_forced_sasl_mech",
1615 : .ml_meth = py_creds_get_forced_sasl_mech,
1616 : .ml_flags = METH_NOARGS,
1617 : .ml_doc = "S.get_forced_sasl_mech() -> SASL mechanism\nObtain forced SASL mechanism.",
1618 : },
1619 : {
1620 : .ml_name = "set_forced_sasl_mech",
1621 : .ml_meth = py_creds_set_forced_sasl_mech,
1622 : .ml_flags = METH_VARARGS,
1623 : .ml_doc = "S.set_forced_sasl_mech(name) -> None\n"
1624 : "Set forced SASL mechanism.",
1625 : },
1626 : {
1627 : .ml_name = "new_client_authenticator",
1628 : .ml_meth = py_creds_new_client_authenticator,
1629 : .ml_flags = METH_NOARGS,
1630 : .ml_doc = "S.new_client_authenticator() -> Authenticator\n"
1631 : "Get a new client NETLOGON_AUTHENTICATOR"},
1632 : {
1633 : .ml_name = "set_secure_channel_type",
1634 : .ml_meth = py_creds_set_secure_channel_type,
1635 : .ml_flags = METH_VARARGS,
1636 : },
1637 : {
1638 : .ml_name = "get_secure_channel_type",
1639 : .ml_meth = py_creds_get_secure_channel_type,
1640 : .ml_flags = METH_VARARGS,
1641 : },
1642 : {
1643 : .ml_name = "set_kerberos_salt_principal",
1644 : .ml_meth = py_creds_set_kerberos_salt_principal,
1645 : .ml_flags = METH_VARARGS,
1646 : },
1647 : {
1648 : .ml_name = "get_kerberos_salt_principal",
1649 : .ml_meth = py_creds_get_kerberos_salt_principal,
1650 : .ml_flags = METH_VARARGS,
1651 : },
1652 : {
1653 : .ml_name = "get_kerberos_key",
1654 : .ml_meth = py_creds_get_kerberos_key,
1655 : .ml_flags = METH_VARARGS,
1656 : .ml_doc = "S.get_kerberos_key(enctype, [lp]) -> bytes\n"
1657 : "Generate a Kerberos key using the current password and\n"
1658 : "the salt on this credentials object",
1659 : },
1660 : {
1661 : .ml_name = "get_old_kerberos_key",
1662 : .ml_meth = py_creds_get_old_kerberos_key,
1663 : .ml_flags = METH_VARARGS,
1664 : .ml_doc = "S.get_old_kerberos_key(enctype, [lp]) -> bytes\n"
1665 : "Generate a Kerberos key using the old (previous) password and\n"
1666 : "the salt on this credentials object",
1667 : },
1668 : {
1669 : .ml_name = "encrypt_netr_crypt_password",
1670 : .ml_meth = py_creds_encrypt_netr_crypt_password,
1671 : .ml_flags = METH_VARARGS,
1672 : .ml_doc = "S.encrypt_netr_crypt_password(password) -> None\n"
1673 : "Encrypt the supplied password using the session key and\n"
1674 : "the negotiated encryption algorithm in place\n"
1675 : "i.e. it overwrites the original data"},
1676 : {
1677 : .ml_name = "encrypt_samr_password",
1678 : .ml_meth = py_creds_encrypt_samr_password,
1679 : .ml_flags = METH_VARARGS,
1680 : .ml_doc = "S.encrypt_samr_password(password) -> None\n"
1681 : "Encrypt the supplied password using the session key and\n"
1682 : "the negotiated encryption algorithm in place\n"
1683 : "i.e. it overwrites the original data"
1684 : },
1685 : {
1686 : .ml_name = "get_smb_signing",
1687 : .ml_meth = py_creds_get_smb_signing,
1688 : .ml_flags = METH_NOARGS,
1689 : },
1690 : {
1691 : .ml_name = "set_smb_signing",
1692 : .ml_meth = py_creds_set_smb_signing,
1693 : .ml_flags = METH_VARARGS,
1694 : },
1695 : {
1696 : .ml_name = "get_smb_ipc_signing",
1697 : .ml_meth = py_creds_get_smb_ipc_signing,
1698 : .ml_flags = METH_NOARGS,
1699 : },
1700 : {
1701 : .ml_name = "set_smb_ipc_signing",
1702 : .ml_meth = py_creds_set_smb_ipc_signing,
1703 : .ml_flags = METH_VARARGS,
1704 : },
1705 : {
1706 : .ml_name = "get_smb_encryption",
1707 : .ml_meth = py_creds_get_smb_encryption,
1708 : .ml_flags = METH_NOARGS,
1709 : },
1710 : {
1711 : .ml_name = "set_smb_encryption",
1712 : .ml_meth = py_creds_set_smb_encryption,
1713 : .ml_flags = METH_VARARGS,
1714 : },
1715 : {
1716 : .ml_name = "get_krb5_fast_armor_credentials",
1717 : .ml_meth = py_creds_get_krb5_fast_armor_credentials,
1718 : .ml_flags = METH_NOARGS,
1719 : .ml_doc = "S.get_krb5_fast_armor_credentials() -> Credentials\n"
1720 : "Get the Kerberos FAST credentials set on this credentials object"
1721 : },
1722 : {
1723 : .ml_name = "set_krb5_fast_armor_credentials",
1724 : .ml_meth = py_creds_set_krb5_fast_armor_credentials,
1725 : .ml_flags = METH_VARARGS,
1726 : .ml_doc = "S.set_krb5_fast_armor_credentials(credentials, required) -> None\n"
1727 : "Set Kerberos FAST credentials for this credentials object, and if FAST armoring must be used."
1728 : },
1729 : {
1730 : .ml_name = "get_krb5_require_fast_armor",
1731 : .ml_meth = py_creds_get_krb5_require_fast_armor,
1732 : .ml_flags = METH_NOARGS,
1733 : .ml_doc = "S.get_krb5_fast_armor() -> bool\n"
1734 : "Indicate if Kerberos FAST armor is required"
1735 : },
1736 : { .ml_name = NULL }
1737 : };
1738 :
1739 : static struct PyModuleDef moduledef = {
1740 : PyModuleDef_HEAD_INIT,
1741 : .m_name = "credentials",
1742 : .m_doc = "Credentials management.",
1743 : .m_size = -1,
1744 : .m_methods = py_creds_methods,
1745 : };
1746 :
1747 : PyTypeObject PyCredentials = {
1748 : .tp_name = "credentials.Credentials",
1749 : .tp_new = py_creds_new,
1750 : .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE,
1751 : .tp_methods = py_creds_methods,
1752 : };
1753 :
1754 1858 : static PyObject *py_ccache_name(PyObject *self, PyObject *unused)
1755 : {
1756 1858 : struct ccache_container *ccc = NULL;
1757 1858 : char *name = NULL;
1758 1858 : PyObject *py_name = NULL;
1759 0 : int ret;
1760 :
1761 1858 : ccc = pytalloc_get_type(self, struct ccache_container);
1762 :
1763 1858 : ret = krb5_cc_get_full_name(ccc->smb_krb5_context->krb5_context,
1764 : ccc->ccache, &name);
1765 1858 : if (ret == 0) {
1766 1858 : py_name = PyString_FromStringOrNULL(name);
1767 1858 : krb5_free_string(ccc->smb_krb5_context->krb5_context, name);
1768 : } else {
1769 0 : PyErr_SetString(PyExc_RuntimeError,
1770 : "Failed to get ccache name");
1771 0 : return NULL;
1772 : }
1773 1858 : return py_name;
1774 : }
1775 :
1776 : static PyMethodDef py_ccache_container_methods[] = {
1777 : { "get_name", py_ccache_name, METH_NOARGS,
1778 : "S.get_name() -> name\nObtain KRB5 credentials cache name." },
1779 : {0}
1780 : };
1781 :
1782 : PyTypeObject PyCredentialCacheContainer = {
1783 : .tp_name = "credentials.CredentialCacheContainer",
1784 : .tp_flags = Py_TPFLAGS_DEFAULT,
1785 : .tp_methods = py_ccache_container_methods,
1786 : };
1787 :
1788 7657 : MODULE_INIT_FUNC(credentials)
1789 : {
1790 192 : PyObject *m;
1791 7657 : if (pytalloc_BaseObject_PyType_Ready(&PyCredentials) < 0)
1792 0 : return NULL;
1793 :
1794 7657 : if (pytalloc_BaseObject_PyType_Ready(&PyCredentialCacheContainer) < 0)
1795 0 : return NULL;
1796 :
1797 7657 : m = PyModule_Create(&moduledef);
1798 7657 : if (m == NULL)
1799 0 : return NULL;
1800 :
1801 7657 : PyModule_AddObject(m, "UNINITIALISED", PyLong_FromLong(CRED_UNINITIALISED));
1802 7657 : PyModule_AddObject(m, "SMB_CONF", PyLong_FromLong(CRED_SMB_CONF));
1803 7657 : PyModule_AddObject(m, "CALLBACK", PyLong_FromLong(CRED_CALLBACK));
1804 7657 : PyModule_AddObject(m, "GUESS_ENV", PyLong_FromLong(CRED_GUESS_ENV));
1805 7657 : PyModule_AddObject(m, "GUESS_FILE", PyLong_FromLong(CRED_GUESS_FILE));
1806 7657 : PyModule_AddObject(m, "CALLBACK_RESULT", PyLong_FromLong(CRED_CALLBACK_RESULT));
1807 7657 : PyModule_AddObject(m, "SPECIFIED", PyLong_FromLong(CRED_SPECIFIED));
1808 :
1809 7657 : PyModule_AddObject(m, "AUTO_USE_KERBEROS", PyLong_FromLong(CRED_USE_KERBEROS_DESIRED));
1810 7657 : PyModule_AddObject(m, "DONT_USE_KERBEROS", PyLong_FromLong(CRED_USE_KERBEROS_DISABLED));
1811 7657 : PyModule_AddObject(m, "MUST_USE_KERBEROS", PyLong_FromLong(CRED_USE_KERBEROS_REQUIRED));
1812 :
1813 7657 : PyModule_AddObject(m, "AUTO_KRB_FORWARDABLE", PyLong_FromLong(CRED_AUTO_KRB_FORWARDABLE));
1814 7657 : PyModule_AddObject(m, "NO_KRB_FORWARDABLE", PyLong_FromLong(CRED_NO_KRB_FORWARDABLE));
1815 7657 : PyModule_AddObject(m, "FORCE_KRB_FORWARDABLE", PyLong_FromLong(CRED_FORCE_KRB_FORWARDABLE));
1816 7657 : PyModule_AddObject(m, "CLI_CRED_NTLM2", PyLong_FromLong(CLI_CRED_NTLM2));
1817 7657 : PyModule_AddObject(m, "CLI_CRED_NTLMv2_AUTH", PyLong_FromLong(CLI_CRED_NTLMv2_AUTH));
1818 7657 : PyModule_AddObject(m, "CLI_CRED_LANMAN_AUTH", PyLong_FromLong(CLI_CRED_LANMAN_AUTH));
1819 7657 : PyModule_AddObject(m, "CLI_CRED_NTLM_AUTH", PyLong_FromLong(CLI_CRED_NTLM_AUTH));
1820 7657 : PyModule_AddObject(m, "CLI_CRED_CLEAR_AUTH", PyLong_FromLong(CLI_CRED_CLEAR_AUTH));
1821 :
1822 7657 : PyModule_AddObject(m, "SMB_SIGNING_DEFAULT", PyLong_FromLong(SMB_SIGNING_DEFAULT));
1823 7657 : PyModule_AddObject(m, "SMB_SIGNING_OFF", PyLong_FromLong(SMB_SIGNING_OFF));
1824 7657 : PyModule_AddObject(m, "SMB_SIGNING_IF_REQUIRED", PyLong_FromLong(SMB_SIGNING_IF_REQUIRED));
1825 7657 : PyModule_AddObject(m, "SMB_SIGNING_DESIRED", PyLong_FromLong(SMB_SIGNING_DESIRED));
1826 7657 : PyModule_AddObject(m, "SMB_SIGNING_REQUIRED", PyLong_FromLong(SMB_SIGNING_REQUIRED));
1827 :
1828 7657 : PyModule_AddObject(m, "SMB_ENCRYPTION_DEFAULT", PyLong_FromLong(SMB_ENCRYPTION_DEFAULT));
1829 7657 : PyModule_AddObject(m, "SMB_ENCRYPTION_OFF", PyLong_FromLong(SMB_ENCRYPTION_OFF));
1830 7657 : PyModule_AddObject(m, "SMB_ENCRYPTION_IF_REQUIRED", PyLong_FromLong(SMB_ENCRYPTION_IF_REQUIRED));
1831 7657 : PyModule_AddObject(m, "SMB_ENCRYPTION_DESIRED", PyLong_FromLong(SMB_ENCRYPTION_DESIRED));
1832 7657 : PyModule_AddObject(m, "SMB_ENCRYPTION_REQUIRED", PyLong_FromLong(SMB_ENCRYPTION_REQUIRED));
1833 :
1834 7657 : PyModule_AddObject(m, "ENCTYPE_ARCFOUR_HMAC", PyLong_FromLong(ENCTYPE_ARCFOUR_HMAC));
1835 7657 : PyModule_AddObject(m, "ENCTYPE_AES128_CTS_HMAC_SHA1_96", PyLong_FromLong(ENCTYPE_AES128_CTS_HMAC_SHA1_96));
1836 7657 : PyModule_AddObject(m, "ENCTYPE_AES256_CTS_HMAC_SHA1_96", PyLong_FromLong(ENCTYPE_AES256_CTS_HMAC_SHA1_96));
1837 :
1838 6404 : Py_INCREF(&PyCredentials);
1839 7657 : PyModule_AddObject(m, "Credentials", (PyObject *)&PyCredentials);
1840 6404 : Py_INCREF(&PyCredentialCacheContainer);
1841 7657 : PyModule_AddObject(m, "CredentialCacheContainer", (PyObject *)&PyCredentialCacheContainer);
1842 7657 : return m;
1843 : }
|
