Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
4 :
5 : This program is free software; you can redistribute it and/or modify
6 : it under the terms of the GNU General Public License as published by
7 : the Free Software Foundation; either version 3 of the License, or
8 : (at your option) any later version.
9 :
10 : This program is distributed in the hope that it will be useful,
11 : but WITHOUT ANY WARRANTY; without even the implied warranty of
12 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 : GNU General Public License for more details.
14 :
15 : You should have received a copy of the GNU General Public License
16 : along with this program. If not, see <http://www.gnu.org/licenses/>.
17 : */
18 :
19 : #include "lib/replace/system/python.h"
20 : #include "python/py3compat.h"
21 : #include "includes.h"
22 : #include "python/modules.h"
23 : #include "pycredentials.h"
24 : #include "param/param.h"
25 : #include "auth/credentials/credentials_internal.h"
26 : #include "auth/credentials/credentials_krb5.h"
27 : #include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
28 : #include "librpc/gen_ndr/netlogon.h"
29 : #include "libcli/util/pyerrors.h"
30 : #include "libcli/auth/libcli_auth.h"
31 : #include "param/pyparam.h"
32 : #include <tevent.h>
33 : #include "libcli/auth/libcli_auth.h"
34 : #include "system/kerberos.h"
35 : #include "auth/kerberos/kerberos.h"
36 : #include "libcli/smb/smb_constants.h"
37 :
38 36424 : static PyObject *py_creds_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
39 : {
40 36424 : return pytalloc_steal(type, cli_credentials_init(NULL));
41 : }
42 :
43 0 : static PyObject *PyCredentials_from_cli_credentials(struct cli_credentials *creds)
44 : {
45 0 : return pytalloc_reference(&PyCredentials, creds);
46 : }
47 :
48 38917 : static PyObject *py_creds_get_username(PyObject *self, PyObject *unused)
49 : {
50 38917 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
51 38917 : if (creds == NULL) {
52 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
53 0 : return NULL;
54 : }
55 38917 : return PyString_FromStringOrNULL(cli_credentials_get_username(creds));
56 : }
57 :
58 16995 : static PyObject *py_creds_set_username(PyObject *self, PyObject *args)
59 : {
60 6 : char *newval;
61 16995 : enum credentials_obtained obt = CRED_SPECIFIED;
62 16995 : int _obt = obt;
63 16995 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
64 16995 : if (creds == NULL) {
65 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
66 0 : return NULL;
67 : }
68 :
69 16995 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
70 0 : return NULL;
71 : }
72 16995 : obt = _obt;
73 :
74 16995 : return PyBool_FromLong(cli_credentials_set_username(creds, newval, obt));
75 : }
76 :
77 213 : static PyObject *py_creds_get_ntlm_username_domain(PyObject *self, PyObject *unused)
78 : {
79 213 : TALLOC_CTX *frame = talloc_stackframe();
80 213 : const char *user = NULL;
81 213 : const char *domain = NULL;
82 213 : PyObject *ret = NULL;
83 213 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
84 213 : if (creds == NULL) {
85 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
86 0 : return NULL;
87 : }
88 213 : cli_credentials_get_ntlm_username_domain(creds,
89 : frame, &user, &domain);
90 213 : ret = Py_BuildValue("(ss)",
91 : user,
92 : domain);
93 :
94 213 : TALLOC_FREE(frame);
95 213 : return ret;
96 : }
97 :
98 124 : static PyObject *py_creds_get_ntlm_response(PyObject *self, PyObject *args, PyObject *kwargs)
99 : {
100 124 : TALLOC_CTX *frame = talloc_stackframe();
101 124 : PyObject *ret = NULL;
102 1 : int flags;
103 1 : struct timeval tv_now;
104 1 : NTTIME server_timestamp;
105 124 : DATA_BLOB challenge = data_blob_null;
106 124 : DATA_BLOB target_info = data_blob_null;
107 1 : NTSTATUS status;
108 124 : DATA_BLOB lm_response = data_blob_null;
109 124 : DATA_BLOB nt_response = data_blob_null;
110 124 : DATA_BLOB lm_session_key = data_blob_null;
111 124 : DATA_BLOB nt_session_key = data_blob_null;
112 124 : const char *kwnames[] = { "flags", "challenge",
113 : "target_info",
114 : NULL };
115 124 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
116 124 : if (creds == NULL) {
117 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
118 0 : return NULL;
119 : }
120 :
121 124 : tv_now = timeval_current();
122 124 : server_timestamp = timeval_to_nttime(&tv_now);
123 :
124 124 : if (!PyArg_ParseTupleAndKeywords(args, kwargs, "is#|s#",
125 : discard_const_p(char *, kwnames),
126 : &flags,
127 : &challenge.data,
128 : &challenge.length,
129 : &target_info.data,
130 : &target_info.length)) {
131 0 : return NULL;
132 : }
133 :
134 124 : status = cli_credentials_get_ntlm_response(creds,
135 : frame, &flags,
136 : challenge,
137 : &server_timestamp,
138 : target_info,
139 : &lm_response, &nt_response,
140 : &lm_session_key, &nt_session_key);
141 :
142 124 : if (!NT_STATUS_IS_OK(status)) {
143 0 : PyErr_SetNTSTATUS(status);
144 0 : TALLOC_FREE(frame);
145 0 : return NULL;
146 : }
147 :
148 125 : ret = Py_BuildValue("{sis" PYARG_BYTES_LEN "s" PYARG_BYTES_LEN
149 : "s" PYARG_BYTES_LEN "s" PYARG_BYTES_LEN "}",
150 : "flags", flags,
151 : "lm_response",
152 124 : (const char *)lm_response.data, lm_response.length,
153 : "nt_response",
154 124 : (const char *)nt_response.data, nt_response.length,
155 : "lm_session_key",
156 124 : (const char *)lm_session_key.data, lm_session_key.length,
157 : "nt_session_key",
158 124 : (const char *)nt_session_key.data, nt_session_key.length);
159 124 : TALLOC_FREE(frame);
160 123 : return ret;
161 : }
162 :
163 46 : static PyObject *py_creds_get_principal(PyObject *self, PyObject *unused)
164 : {
165 46 : TALLOC_CTX *frame = talloc_stackframe();
166 46 : PyObject *ret = NULL;
167 46 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
168 46 : if (creds == NULL) {
169 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
170 0 : return NULL;
171 : }
172 46 : ret = PyString_FromStringOrNULL(cli_credentials_get_principal(creds, frame));
173 46 : TALLOC_FREE(frame);
174 24 : return ret;
175 : }
176 :
177 2 : static PyObject *py_creds_set_principal(PyObject *self, PyObject *args)
178 : {
179 2 : char *newval;
180 2 : enum credentials_obtained obt = CRED_SPECIFIED;
181 2 : int _obt = obt;
182 2 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
183 2 : if (creds == NULL) {
184 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
185 0 : return NULL;
186 : }
187 :
188 2 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
189 0 : return NULL;
190 : }
191 2 : obt = _obt;
192 :
193 2 : return PyBool_FromLong(cli_credentials_set_principal(creds, newval, obt));
194 : }
195 :
196 10274 : static PyObject *py_creds_get_password(PyObject *self, PyObject *unused)
197 : {
198 10274 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
199 10274 : if (creds == NULL) {
200 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
201 0 : return NULL;
202 : }
203 10274 : return PyString_FromStringOrNULL(cli_credentials_get_password(creds));
204 : }
205 :
206 17491 : static PyObject *py_creds_set_password(PyObject *self, PyObject *args)
207 : {
208 17491 : const char *newval = NULL;
209 17491 : enum credentials_obtained obt = CRED_SPECIFIED;
210 17491 : int _obt = obt;
211 17491 : PyObject *result = NULL;
212 17491 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
213 17491 : if (creds == NULL) {
214 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
215 0 : return NULL;
216 : }
217 :
218 17491 : if (!PyArg_ParseTuple(args, PYARG_STR_UNI"|i", "utf8", &newval, &_obt)) {
219 0 : return NULL;
220 : }
221 17491 : obt = _obt;
222 :
223 17491 : result = PyBool_FromLong(cli_credentials_set_password(creds, newval, obt));
224 17491 : PyMem_Free(discard_const_p(void*, newval));
225 17491 : return result;
226 : }
227 :
228 865 : static PyObject *py_creds_set_utf16_password(PyObject *self, PyObject *args)
229 : {
230 865 : enum credentials_obtained obt = CRED_SPECIFIED;
231 865 : int _obt = obt;
232 865 : PyObject *newval = NULL;
233 865 : DATA_BLOB blob = data_blob_null;
234 865 : Py_ssize_t size = 0;
235 1 : int result;
236 1 : bool ok;
237 865 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
238 865 : if (creds == NULL) {
239 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
240 0 : return NULL;
241 : }
242 :
243 865 : if (!PyArg_ParseTuple(args, "O|i", &newval, &_obt)) {
244 0 : return NULL;
245 : }
246 865 : obt = _obt;
247 :
248 865 : result = PyBytes_AsStringAndSize(newval, (char **)&blob.data, &size);
249 865 : if (result != 0) {
250 0 : PyErr_SetString(PyExc_RuntimeError, "Failed to convert passed value to Bytes");
251 0 : return NULL;
252 : }
253 865 : blob.length = size;
254 :
255 865 : ok = cli_credentials_set_utf16_password(creds,
256 : &blob, obt);
257 :
258 865 : return PyBool_FromLong(ok);
259 : }
260 :
261 3 : static PyObject *py_creds_get_old_password(PyObject *self, PyObject *unused)
262 : {
263 3 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
264 3 : if (creds == NULL) {
265 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
266 0 : return NULL;
267 : }
268 3 : return PyString_FromStringOrNULL(cli_credentials_get_old_password(creds));
269 : }
270 :
271 1 : static PyObject *py_creds_set_old_password(PyObject *self, PyObject *args)
272 : {
273 1 : char *oldval;
274 1 : enum credentials_obtained obt = CRED_SPECIFIED;
275 1 : int _obt = obt;
276 1 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
277 1 : if (creds == NULL) {
278 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
279 0 : return NULL;
280 : }
281 :
282 1 : if (!PyArg_ParseTuple(args, "s|i", &oldval, &_obt)) {
283 0 : return NULL;
284 : }
285 1 : obt = _obt;
286 :
287 1 : return PyBool_FromLong(cli_credentials_set_old_password(creds, oldval, obt));
288 : }
289 :
290 1 : static PyObject *py_creds_set_old_utf16_password(PyObject *self, PyObject *args)
291 : {
292 1 : PyObject *oldval = NULL;
293 1 : DATA_BLOB blob = data_blob_null;
294 1 : Py_ssize_t size = 0;
295 1 : int result;
296 1 : bool ok;
297 1 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
298 1 : if (creds == NULL) {
299 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
300 0 : return NULL;
301 : }
302 :
303 1 : if (!PyArg_ParseTuple(args, "O", &oldval)) {
304 0 : return NULL;
305 : }
306 :
307 1 : result = PyBytes_AsStringAndSize(oldval, (char **)&blob.data, &size);
308 1 : if (result != 0) {
309 0 : PyErr_SetString(PyExc_RuntimeError, "Failed to convert passed value to Bytes");
310 0 : return NULL;
311 : }
312 1 : blob.length = size;
313 :
314 1 : ok = cli_credentials_set_old_utf16_password(creds,
315 : &blob);
316 :
317 1 : return PyBool_FromLong(ok);
318 : }
319 :
320 13356 : static PyObject *py_creds_get_domain(PyObject *self, PyObject *unused)
321 : {
322 13356 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
323 13356 : if (creds == NULL) {
324 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
325 0 : return NULL;
326 : }
327 13356 : return PyString_FromStringOrNULL(cli_credentials_get_domain(creds));
328 : }
329 :
330 16190 : static PyObject *py_creds_set_domain(PyObject *self, PyObject *args)
331 : {
332 2 : char *newval;
333 16190 : enum credentials_obtained obt = CRED_SPECIFIED;
334 16190 : int _obt = obt;
335 16190 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
336 16190 : if (creds == NULL) {
337 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
338 0 : return NULL;
339 : }
340 :
341 16190 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
342 0 : return NULL;
343 : }
344 16190 : obt = _obt;
345 :
346 16190 : return PyBool_FromLong(cli_credentials_set_domain(creds, newval, obt));
347 : }
348 :
349 38847 : static PyObject *py_creds_get_realm(PyObject *self, PyObject *unused)
350 : {
351 38847 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
352 38847 : if (creds == NULL) {
353 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
354 0 : return NULL;
355 : }
356 38847 : return PyString_FromStringOrNULL(cli_credentials_get_realm(creds));
357 : }
358 :
359 15800 : static PyObject *py_creds_set_realm(PyObject *self, PyObject *args)
360 : {
361 4 : char *newval;
362 15800 : enum credentials_obtained obt = CRED_SPECIFIED;
363 15800 : int _obt = obt;
364 15800 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
365 15800 : if (creds == NULL) {
366 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
367 0 : return NULL;
368 : }
369 :
370 15800 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
371 0 : return NULL;
372 : }
373 15800 : obt = _obt;
374 :
375 15800 : return PyBool_FromLong(cli_credentials_set_realm(creds, newval, obt));
376 : }
377 :
378 1053 : static PyObject *py_creds_get_bind_dn(PyObject *self, PyObject *unused)
379 : {
380 1053 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
381 1053 : if (creds == NULL) {
382 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
383 0 : return NULL;
384 : }
385 1053 : return PyString_FromStringOrNULL(cli_credentials_get_bind_dn(creds));
386 : }
387 :
388 554 : static PyObject *py_creds_set_bind_dn(PyObject *self, PyObject *args)
389 : {
390 1 : char *newval;
391 554 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
392 554 : if (creds == NULL) {
393 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
394 0 : return NULL;
395 : }
396 554 : if (!PyArg_ParseTuple(args, "z", &newval))
397 0 : return NULL;
398 :
399 554 : return PyBool_FromLong(cli_credentials_set_bind_dn(creds, newval));
400 : }
401 :
402 12618 : static PyObject *py_creds_get_workstation(PyObject *self, PyObject *unused)
403 : {
404 12618 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
405 12618 : if (creds == NULL) {
406 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
407 0 : return NULL;
408 : }
409 12618 : return PyString_FromStringOrNULL(cli_credentials_get_workstation(creds));
410 : }
411 :
412 19221 : static PyObject *py_creds_set_workstation(PyObject *self, PyObject *args)
413 : {
414 1 : char *newval;
415 19221 : enum credentials_obtained obt = CRED_SPECIFIED;
416 19221 : int _obt = obt;
417 19221 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
418 19221 : if (creds == NULL) {
419 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
420 0 : return NULL;
421 : }
422 :
423 19221 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
424 0 : return NULL;
425 : }
426 19221 : obt = _obt;
427 :
428 19221 : return PyBool_FromLong(cli_credentials_set_workstation(creds, newval, obt));
429 : }
430 :
431 91 : static PyObject *py_creds_is_anonymous(PyObject *self, PyObject *unused)
432 : {
433 91 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
434 91 : if (creds == NULL) {
435 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
436 0 : return NULL;
437 : }
438 91 : return PyBool_FromLong(cli_credentials_is_anonymous(creds));
439 : }
440 :
441 1990 : static PyObject *py_creds_set_anonymous(PyObject *self, PyObject *unused)
442 : {
443 1990 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
444 1990 : if (creds == NULL) {
445 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
446 0 : return NULL;
447 : }
448 1990 : cli_credentials_set_anonymous(creds);
449 1990 : Py_RETURN_NONE;
450 : }
451 :
452 9142 : static PyObject *py_creds_authentication_requested(PyObject *self, PyObject *unused)
453 : {
454 9142 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
455 9142 : if (creds == NULL) {
456 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
457 0 : return NULL;
458 : }
459 9142 : return PyBool_FromLong(cli_credentials_authentication_requested(creds));
460 : }
461 :
462 1 : static PyObject *py_creds_wrong_password(PyObject *self, PyObject *unused)
463 : {
464 1 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
465 1 : if (creds == NULL) {
466 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
467 0 : return NULL;
468 : }
469 1 : return PyBool_FromLong(cli_credentials_wrong_password(creds));
470 : }
471 :
472 12743 : static PyObject *py_creds_set_cmdline_callbacks(PyObject *self, PyObject *unused)
473 : {
474 12743 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
475 12743 : if (creds == NULL) {
476 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
477 0 : return NULL;
478 : }
479 12743 : return PyBool_FromLong(cli_credentials_set_cmdline_callbacks(creds));
480 : }
481 :
482 6744 : static PyObject *py_creds_parse_string(PyObject *self, PyObject *args)
483 : {
484 13 : char *newval;
485 6744 : enum credentials_obtained obt = CRED_SPECIFIED;
486 6744 : int _obt = obt;
487 6744 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
488 6744 : if (creds == NULL) {
489 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
490 0 : return NULL;
491 : }
492 :
493 6744 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
494 0 : return NULL;
495 : }
496 6744 : obt = _obt;
497 :
498 6744 : cli_credentials_parse_string(creds, newval, obt);
499 6744 : Py_RETURN_NONE;
500 : }
501 :
502 7 : static PyObject *py_creds_parse_file(PyObject *self, PyObject *args)
503 : {
504 7 : char *newval;
505 7 : enum credentials_obtained obt = CRED_SPECIFIED;
506 7 : int _obt = obt;
507 7 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
508 7 : if (creds == NULL) {
509 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
510 0 : return NULL;
511 : }
512 :
513 7 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
514 0 : return NULL;
515 : }
516 7 : obt = _obt;
517 :
518 7 : cli_credentials_parse_file(creds, newval, obt);
519 7 : Py_RETURN_NONE;
520 : }
521 :
522 1 : static PyObject *py_cli_credentials_set_password_will_be_nt_hash(PyObject *self, PyObject *args)
523 : {
524 1 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
525 1 : PyObject *py_val = NULL;
526 1 : bool val = false;
527 :
528 1 : if (!PyArg_ParseTuple(args, "O!", &PyBool_Type, &py_val)) {
529 0 : return NULL;
530 : }
531 1 : val = PyObject_IsTrue(py_val);
532 :
533 1 : cli_credentials_set_password_will_be_nt_hash(creds, val);
534 1 : Py_RETURN_NONE;
535 : }
536 :
537 1317 : static PyObject *py_creds_get_nt_hash(PyObject *self, PyObject *unused)
538 : {
539 12 : PyObject *ret;
540 1317 : struct samr_Password *ntpw = NULL;
541 1317 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
542 1317 : if (creds == NULL) {
543 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
544 0 : return NULL;
545 : }
546 1317 : ntpw = cli_credentials_get_nt_hash(creds, creds);
547 1317 : if (ntpw == NULL) {
548 0 : Py_RETURN_NONE;
549 : }
550 :
551 1317 : ret = PyBytes_FromStringAndSize(discard_const_p(char, ntpw->hash), 16);
552 1317 : TALLOC_FREE(ntpw);
553 1317 : return ret;
554 : }
555 :
556 174 : static PyObject *py_creds_set_nt_hash(PyObject *self, PyObject *args)
557 : {
558 174 : PyObject *py_cp = Py_None;
559 174 : const struct samr_Password *pwd = NULL;
560 174 : enum credentials_obtained obt = CRED_SPECIFIED;
561 174 : int _obt = obt;
562 174 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
563 174 : if (creds == NULL) {
564 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
565 0 : return NULL;
566 : }
567 :
568 174 : if (!PyArg_ParseTuple(args, "O|i", &py_cp, &_obt)) {
569 0 : return NULL;
570 : }
571 174 : obt = _obt;
572 :
573 174 : if (!py_check_dcerpc_type(py_cp, "samba.dcerpc.samr", "Password")) {
574 : /* py_check_dcerpc_type sets TypeError */
575 0 : return NULL;
576 : }
577 :
578 174 : pwd = pytalloc_get_ptr(py_cp);
579 :
580 174 : return PyBool_FromLong(cli_credentials_set_nt_hash(creds, pwd, obt));
581 : }
582 :
583 980 : static PyObject *py_creds_get_kerberos_state(PyObject *self, PyObject *unused)
584 : {
585 0 : int state;
586 980 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
587 980 : if (creds == NULL) {
588 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
589 0 : return NULL;
590 : }
591 980 : state = cli_credentials_get_kerberos_state(creds);
592 980 : return PyLong_FromLong(state);
593 : }
594 :
595 14153 : static PyObject *py_creds_set_kerberos_state(PyObject *self, PyObject *args)
596 : {
597 2 : int state;
598 14153 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
599 14153 : if (creds == NULL) {
600 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
601 0 : return NULL;
602 : }
603 14153 : if (!PyArg_ParseTuple(args, "i", &state))
604 0 : return NULL;
605 :
606 14153 : cli_credentials_set_kerberos_state(creds, state, CRED_SPECIFIED);
607 14153 : Py_RETURN_NONE;
608 : }
609 :
610 80 : static PyObject *py_creds_set_krb_forwardable(PyObject *self, PyObject *args)
611 : {
612 2 : int state;
613 80 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
614 80 : if (creds == NULL) {
615 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
616 0 : return NULL;
617 : }
618 80 : if (!PyArg_ParseTuple(args, "i", &state))
619 0 : return NULL;
620 :
621 80 : cli_credentials_set_krb_forwardable(creds, state);
622 80 : Py_RETURN_NONE;
623 : }
624 :
625 :
626 0 : static PyObject *py_creds_get_forced_sasl_mech(PyObject *self, PyObject *unused)
627 : {
628 0 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
629 0 : if (creds == NULL) {
630 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
631 0 : return NULL;
632 : }
633 0 : return PyString_FromStringOrNULL(cli_credentials_get_forced_sasl_mech(creds));
634 : }
635 :
636 0 : static PyObject *py_creds_set_forced_sasl_mech(PyObject *self, PyObject *args)
637 : {
638 0 : char *newval;
639 0 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
640 0 : if (creds == NULL) {
641 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
642 0 : return NULL;
643 : }
644 :
645 0 : if (!PyArg_ParseTuple(args, "s", &newval)) {
646 0 : return NULL;
647 : }
648 :
649 0 : cli_credentials_set_forced_sasl_mech(creds, newval);
650 0 : Py_RETURN_NONE;
651 : }
652 :
653 6 : static PyObject *py_creds_set_conf(PyObject *self, PyObject *args)
654 : {
655 6 : PyObject *py_lp_ctx = Py_None;
656 6 : struct loadparm_context *lp_ctx;
657 6 : TALLOC_CTX *mem_ctx;
658 6 : struct cli_credentials *creds;
659 6 : bool ok;
660 :
661 6 : creds = PyCredentials_AsCliCredentials(self);
662 6 : if (creds == NULL) {
663 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
664 0 : return NULL;
665 : }
666 :
667 6 : if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx)) {
668 0 : return NULL;
669 : }
670 :
671 6 : mem_ctx = talloc_new(NULL);
672 6 : if (mem_ctx == NULL) {
673 0 : PyErr_NoMemory();
674 0 : return NULL;
675 : }
676 :
677 6 : lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
678 6 : if (lp_ctx == NULL) {
679 0 : talloc_free(mem_ctx);
680 0 : return NULL;
681 : }
682 :
683 6 : ok = cli_credentials_set_conf(creds, lp_ctx);
684 6 : talloc_free(mem_ctx);
685 6 : if (!ok) {
686 0 : return NULL;
687 : }
688 :
689 6 : Py_RETURN_NONE;
690 : }
691 :
692 20291 : static PyObject *py_creds_guess(PyObject *self, PyObject *args)
693 : {
694 20291 : PyObject *py_lp_ctx = Py_None;
695 118 : struct loadparm_context *lp_ctx;
696 118 : TALLOC_CTX *mem_ctx;
697 118 : struct cli_credentials *creds;
698 118 : bool ok;
699 :
700 20291 : creds = PyCredentials_AsCliCredentials(self);
701 20291 : if (creds == NULL) {
702 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
703 0 : return NULL;
704 : }
705 :
706 20291 : if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
707 0 : return NULL;
708 :
709 20291 : mem_ctx = talloc_new(NULL);
710 20291 : if (mem_ctx == NULL) {
711 0 : PyErr_NoMemory();
712 0 : return NULL;
713 : }
714 :
715 20291 : lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
716 20291 : if (lp_ctx == NULL) {
717 0 : talloc_free(mem_ctx);
718 0 : return NULL;
719 : }
720 :
721 20291 : ok = cli_credentials_guess(creds, lp_ctx);
722 20291 : talloc_free(mem_ctx);
723 20291 : if (!ok) {
724 0 : return NULL;
725 : }
726 :
727 20291 : Py_RETURN_NONE;
728 : }
729 :
730 5253 : static PyObject *py_creds_set_machine_account(PyObject *self, PyObject *args)
731 : {
732 5253 : PyObject *py_lp_ctx = Py_None;
733 22 : struct loadparm_context *lp_ctx;
734 22 : NTSTATUS status;
735 22 : struct cli_credentials *creds;
736 22 : TALLOC_CTX *mem_ctx;
737 :
738 5253 : creds = PyCredentials_AsCliCredentials(self);
739 5253 : if (creds == NULL) {
740 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
741 0 : return NULL;
742 : }
743 :
744 5253 : if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
745 0 : return NULL;
746 :
747 5253 : mem_ctx = talloc_new(NULL);
748 5253 : if (mem_ctx == NULL) {
749 0 : PyErr_NoMemory();
750 0 : return NULL;
751 : }
752 :
753 5253 : lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
754 5253 : if (lp_ctx == NULL) {
755 0 : talloc_free(mem_ctx);
756 0 : return NULL;
757 : }
758 :
759 5253 : status = cli_credentials_set_machine_account(creds, lp_ctx);
760 5253 : talloc_free(mem_ctx);
761 :
762 5253 : PyErr_NTSTATUS_IS_ERR_RAISE(status);
763 :
764 4515 : Py_RETURN_NONE;
765 : }
766 :
767 1878 : static PyObject *PyCredentialCacheContainer_from_ccache_container(struct ccache_container *ccc)
768 : {
769 1878 : return pytalloc_reference(&PyCredentialCacheContainer, ccc);
770 : }
771 :
772 :
773 1878 : static PyObject *py_creds_get_named_ccache(PyObject *self, PyObject *args)
774 : {
775 1878 : PyObject *py_lp_ctx = Py_None;
776 1878 : char *ccache_name = NULL;
777 0 : struct loadparm_context *lp_ctx;
778 0 : struct ccache_container *ccc;
779 0 : struct tevent_context *event_ctx;
780 0 : int ret;
781 0 : const char *error_string;
782 0 : struct cli_credentials *creds;
783 0 : TALLOC_CTX *mem_ctx;
784 :
785 1878 : creds = PyCredentials_AsCliCredentials(self);
786 1878 : if (creds == NULL) {
787 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
788 0 : return NULL;
789 : }
790 :
791 1878 : if (!PyArg_ParseTuple(args, "|Os", &py_lp_ctx, &ccache_name))
792 0 : return NULL;
793 :
794 1878 : mem_ctx = talloc_new(NULL);
795 1878 : if (mem_ctx == NULL) {
796 0 : PyErr_NoMemory();
797 0 : return NULL;
798 : }
799 :
800 1878 : lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
801 1878 : if (lp_ctx == NULL) {
802 0 : talloc_free(mem_ctx);
803 0 : return NULL;
804 : }
805 :
806 1878 : event_ctx = samba_tevent_context_init(mem_ctx);
807 :
808 1878 : ret = cli_credentials_get_named_ccache(creds, event_ctx, lp_ctx,
809 : ccache_name, &ccc, &error_string);
810 1878 : talloc_unlink(mem_ctx, lp_ctx);
811 1878 : if (ret == 0) {
812 1878 : talloc_steal(ccc, event_ctx);
813 1878 : talloc_free(mem_ctx);
814 1878 : return PyCredentialCacheContainer_from_ccache_container(ccc);
815 : }
816 :
817 0 : PyErr_SetString(PyExc_RuntimeError, error_string?error_string:"NULL");
818 :
819 0 : talloc_free(mem_ctx);
820 0 : return NULL;
821 : }
822 :
823 1935 : static PyObject *py_creds_set_named_ccache(PyObject *self, PyObject *args)
824 : {
825 1935 : struct loadparm_context *lp_ctx = NULL;
826 1935 : enum credentials_obtained obt = CRED_SPECIFIED;
827 1935 : const char *error_string = NULL;
828 1935 : TALLOC_CTX *mem_ctx = NULL;
829 1935 : char *newval = NULL;
830 1935 : PyObject *py_lp_ctx = Py_None;
831 1935 : int _obt = obt;
832 0 : int ret;
833 1935 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
834 1935 : if (creds == NULL) {
835 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
836 0 : return NULL;
837 : }
838 :
839 1935 : if (!PyArg_ParseTuple(args, "s|iO", &newval, &_obt, &py_lp_ctx))
840 0 : return NULL;
841 1935 : obt = _obt;
842 :
843 1935 : mem_ctx = talloc_new(NULL);
844 1935 : if (mem_ctx == NULL) {
845 0 : PyErr_NoMemory();
846 0 : return NULL;
847 : }
848 :
849 1935 : lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
850 1935 : if (lp_ctx == NULL) {
851 0 : talloc_free(mem_ctx);
852 0 : return NULL;
853 : }
854 :
855 1935 : ret = cli_credentials_set_ccache(creds,
856 : lp_ctx,
857 : newval, obt,
858 : &error_string);
859 :
860 1935 : if (ret != 0) {
861 0 : PyErr_SetString(PyExc_RuntimeError,
862 0 : error_string != NULL ? error_string : "NULL");
863 0 : talloc_free(mem_ctx);
864 0 : return NULL;
865 : }
866 :
867 1935 : talloc_free(mem_ctx);
868 1935 : Py_RETURN_NONE;
869 : }
870 :
871 13231 : static PyObject *py_creds_set_gensec_features(PyObject *self, PyObject *args)
872 : {
873 5 : unsigned int gensec_features;
874 13231 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
875 13231 : if (creds == NULL) {
876 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
877 0 : return NULL;
878 : }
879 :
880 13231 : if (!PyArg_ParseTuple(args, "I", &gensec_features))
881 0 : return NULL;
882 :
883 13231 : cli_credentials_set_gensec_features(creds,
884 : gensec_features,
885 : CRED_SPECIFIED);
886 :
887 13231 : Py_RETURN_NONE;
888 : }
889 :
890 13231 : static PyObject *py_creds_get_gensec_features(PyObject *self, PyObject *args)
891 : {
892 5 : unsigned int gensec_features;
893 13231 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
894 13231 : if (creds == NULL) {
895 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
896 0 : return NULL;
897 : }
898 :
899 13231 : gensec_features = cli_credentials_get_gensec_features(creds);
900 13231 : return PyLong_FromLong(gensec_features);
901 : }
902 :
903 49 : static PyObject *py_creds_new_client_authenticator(PyObject *self,
904 : PyObject *args)
905 : {
906 0 : struct netr_Authenticator auth;
907 49 : struct cli_credentials *creds = NULL;
908 49 : struct netlogon_creds_CredentialState *nc = NULL;
909 49 : PyObject *ret = NULL;
910 0 : NTSTATUS status;
911 :
912 49 : creds = PyCredentials_AsCliCredentials(self);
913 49 : if (creds == NULL) {
914 0 : PyErr_SetString(PyExc_RuntimeError,
915 : "Failed to get credentials from python");
916 0 : return NULL;
917 : }
918 :
919 49 : nc = creds->netlogon_creds;
920 49 : if (nc == NULL) {
921 3 : PyErr_SetString(PyExc_ValueError,
922 : "No netlogon credentials cannot make "
923 : "client authenticator");
924 3 : return NULL;
925 : }
926 :
927 46 : status = netlogon_creds_client_authenticator(nc, &auth);
928 46 : if (!NT_STATUS_IS_OK(status)) {
929 0 : PyErr_SetString(PyExc_ValueError,
930 : "Failed to create client authenticator");
931 0 : return NULL;
932 : }
933 :
934 46 : ret = Py_BuildValue("{s"PYARG_BYTES_LEN"si}",
935 : "credential",
936 : (const char *) &auth.cred, sizeof(auth.cred),
937 : "timestamp", auth.timestamp);
938 46 : return ret;
939 : }
940 :
941 3213 : static PyObject *py_creds_set_secure_channel_type(PyObject *self, PyObject *args)
942 : {
943 1 : unsigned int channel_type;
944 3213 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
945 3213 : if (creds == NULL) {
946 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
947 0 : return NULL;
948 : }
949 :
950 3213 : if (!PyArg_ParseTuple(args, "I", &channel_type))
951 0 : return NULL;
952 :
953 3213 : cli_credentials_set_secure_channel_type(
954 : creds,
955 : channel_type);
956 :
957 3213 : Py_RETURN_NONE;
958 : }
959 :
960 8082 : static PyObject *py_creds_get_secure_channel_type(PyObject *self, PyObject *args)
961 : {
962 8082 : enum netr_SchannelType channel_type = SEC_CHAN_NULL;
963 8082 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
964 8082 : if (creds == NULL) {
965 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
966 0 : return NULL;
967 : }
968 :
969 8082 : channel_type = cli_credentials_get_secure_channel_type(creds);
970 :
971 8082 : return PyLong_FromLong(channel_type);
972 : }
973 :
974 114 : static PyObject *py_creds_set_kerberos_salt_principal(PyObject *self, PyObject *args)
975 : {
976 114 : char *salt_principal = NULL;
977 114 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
978 114 : if (creds == NULL) {
979 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
980 0 : return NULL;
981 : }
982 :
983 114 : if (!PyArg_ParseTuple(args, "s", &salt_principal))
984 0 : return NULL;
985 :
986 114 : cli_credentials_set_salt_principal(
987 : creds,
988 : salt_principal);
989 :
990 114 : Py_RETURN_NONE;
991 : }
992 :
993 0 : static PyObject *py_creds_get_kerberos_salt_principal(PyObject *self, PyObject *unused)
994 : {
995 0 : TALLOC_CTX *mem_ctx;
996 0 : PyObject *ret = NULL;
997 0 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
998 0 : if (creds == NULL) {
999 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1000 0 : return NULL;
1001 : }
1002 0 : mem_ctx = talloc_new(NULL);
1003 0 : if (mem_ctx == NULL) {
1004 0 : PyErr_NoMemory();
1005 0 : return NULL;
1006 : }
1007 :
1008 0 : ret = PyString_FromStringOrNULL(cli_credentials_get_salt_principal(creds, mem_ctx));
1009 :
1010 0 : TALLOC_FREE(mem_ctx);
1011 :
1012 0 : return ret;
1013 : }
1014 :
1015 114 : static PyObject *py_creds_get_kerberos_key_current_or_old(PyObject *self, PyObject *args, bool old)
1016 : {
1017 114 : struct loadparm_context *lp_ctx = NULL;
1018 114 : TALLOC_CTX *mem_ctx = NULL;
1019 114 : PyObject *py_lp_ctx = Py_None;
1020 0 : DATA_BLOB key;
1021 0 : int code;
1022 0 : int enctype;
1023 114 : PyObject *ret = NULL;
1024 114 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
1025 114 : if (creds == NULL) {
1026 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1027 0 : return NULL;
1028 : }
1029 :
1030 114 : if (!PyArg_ParseTuple(args, "i|O", &enctype, &py_lp_ctx))
1031 0 : return NULL;
1032 :
1033 114 : mem_ctx = talloc_new(NULL);
1034 114 : if (mem_ctx == NULL) {
1035 0 : PyErr_NoMemory();
1036 0 : return NULL;
1037 : }
1038 :
1039 114 : lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
1040 114 : if (lp_ctx == NULL) {
1041 0 : talloc_free(mem_ctx);
1042 0 : return NULL;
1043 : }
1044 :
1045 114 : code = cli_credentials_get_kerberos_key(creds,
1046 : mem_ctx,
1047 : lp_ctx,
1048 : enctype,
1049 : old,
1050 : &key);
1051 114 : if (code != 0) {
1052 0 : PyErr_SetString(PyExc_RuntimeError,
1053 : "Failed to generate Kerberos key");
1054 0 : talloc_free(mem_ctx);
1055 0 : return NULL;
1056 : }
1057 :
1058 114 : ret = PyBytes_FromStringAndSize((const char *)key.data,
1059 114 : key.length);
1060 114 : talloc_free(mem_ctx);
1061 114 : return ret;
1062 : }
1063 :
1064 114 : static PyObject *py_creds_get_kerberos_key(PyObject *self, PyObject *args)
1065 : {
1066 114 : return py_creds_get_kerberos_key_current_or_old(self, args, false);
1067 : }
1068 :
1069 0 : static PyObject *py_creds_get_old_kerberos_key(PyObject *self, PyObject *args)
1070 : {
1071 0 : return py_creds_get_kerberos_key_current_or_old(self, args, true);
1072 : }
1073 :
1074 8 : static PyObject *py_creds_encrypt_netr_crypt_password(PyObject *self,
1075 : PyObject *args)
1076 : {
1077 8 : DATA_BLOB data = data_blob_null;
1078 8 : struct cli_credentials *creds = NULL;
1079 8 : struct netr_CryptPassword *pwd = NULL;
1080 0 : NTSTATUS status;
1081 8 : PyObject *py_cp = Py_None;
1082 :
1083 8 : creds = PyCredentials_AsCliCredentials(self);
1084 8 : if (creds == NULL) {
1085 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1086 0 : return NULL;
1087 : }
1088 :
1089 8 : if (!PyArg_ParseTuple(args, "O", &py_cp)) {
1090 0 : return NULL;
1091 : }
1092 :
1093 8 : if (!py_check_dcerpc_type(py_cp, "samba.dcerpc.netlogon", "netr_CryptPassword")) {
1094 : /* py_check_dcerpc_type sets TypeError */
1095 0 : return NULL;
1096 : }
1097 :
1098 8 : pwd = pytalloc_get_ptr(py_cp);
1099 8 : if (pwd == NULL) {
1100 : /* pytalloc_get_type sets TypeError */
1101 0 : return NULL;
1102 : }
1103 8 : data.length = sizeof(struct netr_CryptPassword);
1104 8 : data.data = (uint8_t *)pwd;
1105 8 : status = netlogon_creds_session_encrypt(creds->netlogon_creds, data);
1106 :
1107 8 : PyErr_NTSTATUS_IS_ERR_RAISE(status);
1108 :
1109 8 : Py_RETURN_NONE;
1110 : }
1111 :
1112 90 : static PyObject *py_creds_encrypt_samr_password(PyObject *self,
1113 : PyObject *args)
1114 : {
1115 90 : DATA_BLOB data = data_blob_null;
1116 90 : struct cli_credentials *creds = NULL;
1117 90 : struct samr_Password *pwd = NULL;
1118 0 : NTSTATUS status;
1119 90 : PyObject *py_cp = Py_None;
1120 :
1121 90 : creds = PyCredentials_AsCliCredentials(self);
1122 90 : if (creds == NULL) {
1123 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1124 0 : return NULL;
1125 : }
1126 :
1127 90 : if (creds->netlogon_creds == NULL) {
1128 0 : PyErr_Format(PyExc_ValueError, "NetLogon credentials not set");
1129 0 : return NULL;
1130 : }
1131 :
1132 90 : if (!PyArg_ParseTuple(args, "O", &py_cp)) {
1133 0 : return NULL;
1134 : }
1135 :
1136 90 : if (!py_check_dcerpc_type(py_cp, "samba.dcerpc.samr", "Password")) {
1137 : /* py_check_dcerpc_type sets TypeError */
1138 0 : return NULL;
1139 : }
1140 :
1141 90 : pwd = pytalloc_get_type(py_cp, struct samr_Password);
1142 90 : if (pwd == NULL) {
1143 : /* pytalloc_get_type sets TypeError */
1144 0 : return NULL;
1145 : }
1146 90 : data = data_blob_const(pwd->hash, sizeof(pwd->hash));
1147 90 : status = netlogon_creds_session_encrypt(creds->netlogon_creds, data);
1148 :
1149 90 : PyErr_NTSTATUS_IS_ERR_RAISE(status);
1150 :
1151 90 : Py_RETURN_NONE;
1152 : }
1153 :
1154 1223 : static PyObject *py_creds_get_smb_signing(PyObject *self, PyObject *unused)
1155 : {
1156 5 : enum smb_signing_setting signing_state;
1157 1223 : struct cli_credentials *creds = NULL;
1158 :
1159 1223 : creds = PyCredentials_AsCliCredentials(self);
1160 1223 : if (creds == NULL) {
1161 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1162 0 : return NULL;
1163 : }
1164 :
1165 1223 : signing_state = cli_credentials_get_smb_signing(creds);
1166 1223 : return PyLong_FromLong(signing_state);
1167 : }
1168 :
1169 2438 : static PyObject *py_creds_set_smb_signing(PyObject *self, PyObject *args)
1170 : {
1171 2 : enum smb_signing_setting signing_state;
1172 2438 : struct cli_credentials *creds = NULL;
1173 2438 : enum credentials_obtained obt = CRED_SPECIFIED;
1174 :
1175 2438 : creds = PyCredentials_AsCliCredentials(self);
1176 2438 : if (creds == NULL) {
1177 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1178 0 : return NULL;
1179 : }
1180 2438 : if (!PyArg_ParseTuple(args, "i|i", &signing_state, &obt)) {
1181 0 : return NULL;
1182 : }
1183 :
1184 2438 : switch (signing_state) {
1185 2436 : case SMB_SIGNING_DEFAULT:
1186 : case SMB_SIGNING_OFF:
1187 : case SMB_SIGNING_IF_REQUIRED:
1188 : case SMB_SIGNING_DESIRED:
1189 : case SMB_SIGNING_REQUIRED:
1190 2438 : break;
1191 0 : default:
1192 0 : PyErr_Format(PyExc_TypeError, "Invalid signing state value");
1193 0 : return NULL;
1194 : }
1195 :
1196 2438 : cli_credentials_set_smb_signing(creds, signing_state, obt);
1197 2438 : Py_RETURN_NONE;
1198 : }
1199 :
1200 44 : static PyObject *py_creds_get_smb_ipc_signing(PyObject *self, PyObject *unused)
1201 : {
1202 5 : enum smb_signing_setting signing_state;
1203 44 : struct cli_credentials *creds = NULL;
1204 :
1205 44 : creds = PyCredentials_AsCliCredentials(self);
1206 44 : if (creds == NULL) {
1207 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1208 0 : return NULL;
1209 : }
1210 :
1211 44 : signing_state = cli_credentials_get_smb_ipc_signing(creds);
1212 44 : return PyLong_FromLong(signing_state);
1213 : }
1214 :
1215 80 : static PyObject *py_creds_set_smb_ipc_signing(PyObject *self, PyObject *args)
1216 : {
1217 2 : enum smb_signing_setting signing_state;
1218 80 : struct cli_credentials *creds = NULL;
1219 80 : enum credentials_obtained obt = CRED_SPECIFIED;
1220 :
1221 80 : creds = PyCredentials_AsCliCredentials(self);
1222 80 : if (creds == NULL) {
1223 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1224 0 : return NULL;
1225 : }
1226 80 : if (!PyArg_ParseTuple(args, "i|i", &signing_state, &obt)) {
1227 0 : return NULL;
1228 : }
1229 :
1230 80 : switch (signing_state) {
1231 78 : case SMB_SIGNING_DEFAULT:
1232 : case SMB_SIGNING_OFF:
1233 : case SMB_SIGNING_IF_REQUIRED:
1234 : case SMB_SIGNING_DESIRED:
1235 : case SMB_SIGNING_REQUIRED:
1236 80 : break;
1237 0 : default:
1238 0 : PyErr_Format(PyExc_TypeError, "Invalid signing state value");
1239 0 : return NULL;
1240 : }
1241 :
1242 80 : cli_credentials_set_smb_ipc_signing(creds, signing_state, obt);
1243 80 : Py_RETURN_NONE;
1244 : }
1245 :
1246 5 : static PyObject *py_creds_get_smb_encryption(PyObject *self, PyObject *unused)
1247 : {
1248 5 : enum smb_encryption_setting encryption_state;
1249 5 : struct cli_credentials *creds = NULL;
1250 :
1251 5 : creds = PyCredentials_AsCliCredentials(self);
1252 5 : if (creds == NULL) {
1253 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1254 0 : return NULL;
1255 : }
1256 :
1257 5 : encryption_state = cli_credentials_get_smb_encryption(creds);
1258 5 : return PyLong_FromLong(encryption_state);
1259 : }
1260 :
1261 18 : static PyObject *py_creds_set_smb_encryption(PyObject *self, PyObject *args)
1262 : {
1263 2 : enum smb_encryption_setting encryption_state;
1264 18 : struct cli_credentials *creds = NULL;
1265 18 : enum credentials_obtained obt = CRED_SPECIFIED;
1266 :
1267 18 : creds = PyCredentials_AsCliCredentials(self);
1268 18 : if (creds == NULL) {
1269 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1270 0 : return NULL;
1271 : }
1272 18 : if (!PyArg_ParseTuple(args, "i|i", &encryption_state, &obt)) {
1273 0 : return NULL;
1274 : }
1275 :
1276 18 : switch (encryption_state) {
1277 16 : case SMB_ENCRYPTION_DEFAULT:
1278 : case SMB_ENCRYPTION_OFF:
1279 : case SMB_ENCRYPTION_IF_REQUIRED:
1280 : case SMB_ENCRYPTION_DESIRED:
1281 : case SMB_ENCRYPTION_REQUIRED:
1282 18 : break;
1283 0 : default:
1284 0 : PyErr_Format(PyExc_TypeError, "Invalid encryption state value");
1285 0 : return NULL;
1286 : }
1287 :
1288 18 : (void)cli_credentials_set_smb_encryption(creds, encryption_state, obt);
1289 18 : Py_RETURN_NONE;
1290 : }
1291 :
1292 0 : static PyObject *py_creds_get_krb5_fast_armor_credentials(PyObject *self, PyObject *unused)
1293 : {
1294 0 : struct cli_credentials *creds = NULL;
1295 0 : struct cli_credentials *fast_creds = NULL;
1296 :
1297 0 : creds = PyCredentials_AsCliCredentials(self);
1298 0 : if (creds == NULL) {
1299 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1300 0 : return NULL;
1301 : }
1302 :
1303 0 : fast_creds = cli_credentials_get_krb5_fast_armor_credentials(creds);
1304 0 : if (fast_creds == NULL) {
1305 0 : Py_RETURN_NONE;
1306 : }
1307 :
1308 0 : return PyCredentials_from_cli_credentials(fast_creds);
1309 : }
1310 :
1311 13 : static PyObject *py_creds_set_krb5_fast_armor_credentials(PyObject *self, PyObject *args)
1312 : {
1313 13 : struct cli_credentials *creds = NULL;
1314 0 : PyObject *pyfast_creds;
1315 13 : struct cli_credentials *fast_creds = NULL;
1316 13 : int fast_armor_required = 0;
1317 0 : NTSTATUS status;
1318 :
1319 13 : creds = PyCredentials_AsCliCredentials(self);
1320 13 : if (creds == NULL) {
1321 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1322 0 : return NULL;
1323 : }
1324 13 : if (!PyArg_ParseTuple(args, "Op", &pyfast_creds, &fast_armor_required)) {
1325 0 : return NULL;
1326 : }
1327 13 : if (pyfast_creds == Py_None) {
1328 2 : fast_creds = NULL;
1329 : } else {
1330 11 : fast_creds = PyCredentials_AsCliCredentials(pyfast_creds);
1331 11 : if (fast_creds == NULL) {
1332 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1333 0 : return NULL;
1334 : }
1335 : }
1336 :
1337 13 : status = cli_credentials_set_krb5_fast_armor_credentials(creds,
1338 : fast_creds,
1339 : fast_armor_required);
1340 :
1341 13 : PyErr_NTSTATUS_IS_ERR_RAISE(status);
1342 13 : Py_RETURN_NONE;
1343 : }
1344 :
1345 0 : static PyObject *py_creds_get_krb5_require_fast_armor(PyObject *self, PyObject *unused)
1346 : {
1347 0 : bool krb5_fast_armor_required;
1348 0 : struct cli_credentials *creds = NULL;
1349 :
1350 0 : creds = PyCredentials_AsCliCredentials(self);
1351 0 : if (creds == NULL) {
1352 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1353 0 : return NULL;
1354 : }
1355 :
1356 0 : krb5_fast_armor_required = cli_credentials_get_krb5_require_fast_armor(creds);
1357 0 : return PyBool_FromLong(krb5_fast_armor_required);
1358 : }
1359 :
1360 : static PyMethodDef py_creds_methods[] = {
1361 : {
1362 : .ml_name = "get_username",
1363 : .ml_meth = py_creds_get_username,
1364 : .ml_flags = METH_NOARGS,
1365 : .ml_doc = "S.get_username() -> username\nObtain username.",
1366 : },
1367 : {
1368 : .ml_name = "set_username",
1369 : .ml_meth = py_creds_set_username,
1370 : .ml_flags = METH_VARARGS,
1371 : .ml_doc = "S.set_username(name[, credentials.SPECIFIED]) -> None\n"
1372 : "Change username.",
1373 : },
1374 : {
1375 : .ml_name = "get_principal",
1376 : .ml_meth = py_creds_get_principal,
1377 : .ml_flags = METH_NOARGS,
1378 : .ml_doc = "S.get_principal() -> user@realm\nObtain user principal.",
1379 : },
1380 : {
1381 : .ml_name = "set_principal",
1382 : .ml_meth = py_creds_set_principal,
1383 : .ml_flags = METH_VARARGS,
1384 : .ml_doc = "S.set_principal(name[, credentials.SPECIFIED]) -> None\n"
1385 : "Change principal.",
1386 : },
1387 : {
1388 : .ml_name = "get_password",
1389 : .ml_meth = py_creds_get_password,
1390 : .ml_flags = METH_NOARGS,
1391 : .ml_doc = "S.get_password() -> password\n"
1392 : "Obtain password.",
1393 : },
1394 : {
1395 : .ml_name = "get_ntlm_username_domain",
1396 : .ml_meth = py_creds_get_ntlm_username_domain,
1397 : .ml_flags = METH_NOARGS,
1398 : .ml_doc = "S.get_ntlm_username_domain() -> (domain, username)\n"
1399 : "Obtain NTLM username and domain, split up either as (DOMAIN, user) or (\"\", \"user@realm\").",
1400 : },
1401 : {
1402 : .ml_name = "get_ntlm_response",
1403 : .ml_meth = PY_DISCARD_FUNC_SIG(PyCFunction,
1404 : py_creds_get_ntlm_response),
1405 : .ml_flags = METH_VARARGS | METH_KEYWORDS,
1406 : .ml_doc = "S.get_ntlm_response"
1407 : "(flags, challenge[, target_info]) -> "
1408 : "(flags, lm_response, nt_response, lm_session_key, nt_session_key)\n"
1409 : "Obtain LM or NTLM response.",
1410 : },
1411 : {
1412 : .ml_name = "set_password",
1413 : .ml_meth = py_creds_set_password,
1414 : .ml_flags = METH_VARARGS,
1415 : .ml_doc = "S.set_password(password[, credentials.SPECIFIED]) -> None\n"
1416 : "Change password.",
1417 : },
1418 : {
1419 : .ml_name = "set_utf16_password",
1420 : .ml_meth = py_creds_set_utf16_password,
1421 : .ml_flags = METH_VARARGS,
1422 : .ml_doc = "S.set_utf16_password(password[, credentials.SPECIFIED]) -> None\n"
1423 : "Change password.",
1424 : },
1425 : {
1426 : .ml_name = "get_old_password",
1427 : .ml_meth = py_creds_get_old_password,
1428 : .ml_flags = METH_NOARGS,
1429 : .ml_doc = "S.get_old_password() -> password\n"
1430 : "Obtain old password.",
1431 : },
1432 : {
1433 : .ml_name = "set_old_password",
1434 : .ml_meth = py_creds_set_old_password,
1435 : .ml_flags = METH_VARARGS,
1436 : .ml_doc = "S.set_old_password(password[, credentials.SPECIFIED]) -> None\n"
1437 : "Change old password.",
1438 : },
1439 : {
1440 : .ml_name = "set_old_utf16_password",
1441 : .ml_meth = py_creds_set_old_utf16_password,
1442 : .ml_flags = METH_VARARGS,
1443 : .ml_doc = "S.set_old_utf16_password(password[, credentials.SPECIFIED]) -> None\n"
1444 : "Change old password.",
1445 : },
1446 : {
1447 : .ml_name = "get_domain",
1448 : .ml_meth = py_creds_get_domain,
1449 : .ml_flags = METH_NOARGS,
1450 : .ml_doc = "S.get_domain() -> domain\n"
1451 : "Obtain domain name.",
1452 : },
1453 : {
1454 : .ml_name = "set_domain",
1455 : .ml_meth = py_creds_set_domain,
1456 : .ml_flags = METH_VARARGS,
1457 : .ml_doc = "S.set_domain(domain[, credentials.SPECIFIED]) -> None\n"
1458 : "Change domain name.",
1459 : },
1460 : {
1461 : .ml_name = "get_realm",
1462 : .ml_meth = py_creds_get_realm,
1463 : .ml_flags = METH_NOARGS,
1464 : .ml_doc = "S.get_realm() -> realm\n"
1465 : "Obtain realm name.",
1466 : },
1467 : {
1468 : .ml_name = "set_realm",
1469 : .ml_meth = py_creds_set_realm,
1470 : .ml_flags = METH_VARARGS,
1471 : .ml_doc = "S.set_realm(realm[, credentials.SPECIFIED]) -> None\n"
1472 : "Change realm name.",
1473 : },
1474 : {
1475 : .ml_name = "get_bind_dn",
1476 : .ml_meth = py_creds_get_bind_dn,
1477 : .ml_flags = METH_NOARGS,
1478 : .ml_doc = "S.get_bind_dn() -> bind dn\n"
1479 : "Obtain bind DN.",
1480 : },
1481 : {
1482 : .ml_name = "set_bind_dn",
1483 : .ml_meth = py_creds_set_bind_dn,
1484 : .ml_flags = METH_VARARGS,
1485 : .ml_doc = "S.set_bind_dn(bind_dn) -> None\n"
1486 : "Change bind DN.",
1487 : },
1488 : {
1489 : .ml_name = "is_anonymous",
1490 : .ml_meth = py_creds_is_anonymous,
1491 : .ml_flags = METH_NOARGS,
1492 : },
1493 : {
1494 : .ml_name = "set_anonymous",
1495 : .ml_meth = py_creds_set_anonymous,
1496 : .ml_flags = METH_NOARGS,
1497 : .ml_doc = "S.set_anonymous() -> None\n"
1498 : "Use anonymous credentials.",
1499 : },
1500 : {
1501 : .ml_name = "get_workstation",
1502 : .ml_meth = py_creds_get_workstation,
1503 : .ml_flags = METH_NOARGS,
1504 : },
1505 : {
1506 : .ml_name = "set_workstation",
1507 : .ml_meth = py_creds_set_workstation,
1508 : .ml_flags = METH_VARARGS,
1509 : },
1510 : {
1511 : .ml_name = "authentication_requested",
1512 : .ml_meth = py_creds_authentication_requested,
1513 : .ml_flags = METH_NOARGS,
1514 : },
1515 : {
1516 : .ml_name = "wrong_password",
1517 : .ml_meth = py_creds_wrong_password,
1518 : .ml_flags = METH_NOARGS,
1519 : .ml_doc = "S.wrong_password() -> bool\n"
1520 : "Indicate the returned password was incorrect.",
1521 : },
1522 : {
1523 : .ml_name = "set_cmdline_callbacks",
1524 : .ml_meth = py_creds_set_cmdline_callbacks,
1525 : .ml_flags = METH_NOARGS,
1526 : .ml_doc = "S.set_cmdline_callbacks() -> bool\n"
1527 : "Use command-line to obtain credentials not explicitly set.",
1528 : },
1529 : {
1530 : .ml_name = "parse_string",
1531 : .ml_meth = py_creds_parse_string,
1532 : .ml_flags = METH_VARARGS,
1533 : .ml_doc = "S.parse_string(text[, credentials.SPECIFIED]) -> None\n"
1534 : "Parse credentials string.",
1535 : },
1536 : {
1537 : .ml_name = "parse_file",
1538 : .ml_meth = py_creds_parse_file,
1539 : .ml_flags = METH_VARARGS,
1540 : .ml_doc = "S.parse_file(filename[, credentials.SPECIFIED]) -> None\n"
1541 : "Parse credentials file.",
1542 : },
1543 : {
1544 : .ml_name = "set_password_will_be_nt_hash",
1545 : .ml_meth = py_cli_credentials_set_password_will_be_nt_hash,
1546 : .ml_flags = METH_VARARGS,
1547 : .ml_doc = "S.set_password_will_be_nt_hash(bool) -> None\n"
1548 : "Alters the behaviour of S.set_password() "
1549 : "to expect the NTHASH as hexstring.",
1550 : },
1551 : {
1552 : .ml_name = "get_nt_hash",
1553 : .ml_meth = py_creds_get_nt_hash,
1554 : .ml_flags = METH_NOARGS,
1555 : },
1556 : {
1557 : .ml_name = "set_nt_hash",
1558 : .ml_meth = py_creds_set_nt_hash,
1559 : .ml_flags = METH_VARARGS,
1560 : .ml_doc = "S.set_net_sh(samr_Password[, credentials.SPECIFIED]) -> bool\n"
1561 : "Change NT hash.",
1562 : },
1563 : {
1564 : .ml_name = "get_kerberos_state",
1565 : .ml_meth = py_creds_get_kerberos_state,
1566 : .ml_flags = METH_NOARGS,
1567 : },
1568 : {
1569 : .ml_name = "set_kerberos_state",
1570 : .ml_meth = py_creds_set_kerberos_state,
1571 : .ml_flags = METH_VARARGS,
1572 : },
1573 : {
1574 : .ml_name = "set_krb_forwardable",
1575 : .ml_meth = py_creds_set_krb_forwardable,
1576 : .ml_flags = METH_VARARGS,
1577 : },
1578 : {
1579 : .ml_name = "set_conf",
1580 : .ml_meth = py_creds_set_conf,
1581 : .ml_flags = METH_VARARGS,
1582 : },
1583 : {
1584 : .ml_name = "guess",
1585 : .ml_meth = py_creds_guess,
1586 : .ml_flags = METH_VARARGS,
1587 : },
1588 : {
1589 : .ml_name = "set_machine_account",
1590 : .ml_meth = py_creds_set_machine_account,
1591 : .ml_flags = METH_VARARGS,
1592 : },
1593 : {
1594 : .ml_name = "get_named_ccache",
1595 : .ml_meth = py_creds_get_named_ccache,
1596 : .ml_flags = METH_VARARGS,
1597 : },
1598 : {
1599 : .ml_name = "set_named_ccache",
1600 : .ml_meth = py_creds_set_named_ccache,
1601 : .ml_flags = METH_VARARGS,
1602 : .ml_doc = "S.set_named_ccache(krb5_ccache_name, obtained, lp) -> None\n"
1603 : "Set credentials to KRB5 Credentials Cache (by name).",
1604 : },
1605 : {
1606 : .ml_name = "set_gensec_features",
1607 : .ml_meth = py_creds_set_gensec_features,
1608 : .ml_flags = METH_VARARGS,
1609 : },
1610 : {
1611 : .ml_name = "get_gensec_features",
1612 : .ml_meth = py_creds_get_gensec_features,
1613 : .ml_flags = METH_NOARGS,
1614 : },
1615 : {
1616 : .ml_name = "get_forced_sasl_mech",
1617 : .ml_meth = py_creds_get_forced_sasl_mech,
1618 : .ml_flags = METH_NOARGS,
1619 : .ml_doc = "S.get_forced_sasl_mech() -> SASL mechanism\nObtain forced SASL mechanism.",
1620 : },
1621 : {
1622 : .ml_name = "set_forced_sasl_mech",
1623 : .ml_meth = py_creds_set_forced_sasl_mech,
1624 : .ml_flags = METH_VARARGS,
1625 : .ml_doc = "S.set_forced_sasl_mech(name) -> None\n"
1626 : "Set forced SASL mechanism.",
1627 : },
1628 : {
1629 : .ml_name = "new_client_authenticator",
1630 : .ml_meth = py_creds_new_client_authenticator,
1631 : .ml_flags = METH_NOARGS,
1632 : .ml_doc = "S.new_client_authenticator() -> Authenticator\n"
1633 : "Get a new client NETLOGON_AUTHENTICATOR"},
1634 : {
1635 : .ml_name = "set_secure_channel_type",
1636 : .ml_meth = py_creds_set_secure_channel_type,
1637 : .ml_flags = METH_VARARGS,
1638 : },
1639 : {
1640 : .ml_name = "get_secure_channel_type",
1641 : .ml_meth = py_creds_get_secure_channel_type,
1642 : .ml_flags = METH_VARARGS,
1643 : },
1644 : {
1645 : .ml_name = "set_kerberos_salt_principal",
1646 : .ml_meth = py_creds_set_kerberos_salt_principal,
1647 : .ml_flags = METH_VARARGS,
1648 : },
1649 : {
1650 : .ml_name = "get_kerberos_salt_principal",
1651 : .ml_meth = py_creds_get_kerberos_salt_principal,
1652 : .ml_flags = METH_VARARGS,
1653 : },
1654 : {
1655 : .ml_name = "get_kerberos_key",
1656 : .ml_meth = py_creds_get_kerberos_key,
1657 : .ml_flags = METH_VARARGS,
1658 : .ml_doc = "S.get_kerberos_key(enctype, [lp]) -> bytes\n"
1659 : "Generate a Kerberos key using the current password and\n"
1660 : "the salt on this credentials object",
1661 : },
1662 : {
1663 : .ml_name = "get_old_kerberos_key",
1664 : .ml_meth = py_creds_get_old_kerberos_key,
1665 : .ml_flags = METH_VARARGS,
1666 : .ml_doc = "S.get_old_kerberos_key(enctype, [lp]) -> bytes\n"
1667 : "Generate a Kerberos key using the old (previous) password and\n"
1668 : "the salt on this credentials object",
1669 : },
1670 : {
1671 : .ml_name = "encrypt_netr_crypt_password",
1672 : .ml_meth = py_creds_encrypt_netr_crypt_password,
1673 : .ml_flags = METH_VARARGS,
1674 : .ml_doc = "S.encrypt_netr_crypt_password(password) -> None\n"
1675 : "Encrypt the supplied password using the session key and\n"
1676 : "the negotiated encryption algorithm in place\n"
1677 : "i.e. it overwrites the original data"},
1678 : {
1679 : .ml_name = "encrypt_samr_password",
1680 : .ml_meth = py_creds_encrypt_samr_password,
1681 : .ml_flags = METH_VARARGS,
1682 : .ml_doc = "S.encrypt_samr_password(password) -> None\n"
1683 : "Encrypt the supplied password using the session key and\n"
1684 : "the negotiated encryption algorithm in place\n"
1685 : "i.e. it overwrites the original data"
1686 : },
1687 : {
1688 : .ml_name = "get_smb_signing",
1689 : .ml_meth = py_creds_get_smb_signing,
1690 : .ml_flags = METH_NOARGS,
1691 : },
1692 : {
1693 : .ml_name = "set_smb_signing",
1694 : .ml_meth = py_creds_set_smb_signing,
1695 : .ml_flags = METH_VARARGS,
1696 : },
1697 : {
1698 : .ml_name = "get_smb_ipc_signing",
1699 : .ml_meth = py_creds_get_smb_ipc_signing,
1700 : .ml_flags = METH_NOARGS,
1701 : },
1702 : {
1703 : .ml_name = "set_smb_ipc_signing",
1704 : .ml_meth = py_creds_set_smb_ipc_signing,
1705 : .ml_flags = METH_VARARGS,
1706 : },
1707 : {
1708 : .ml_name = "get_smb_encryption",
1709 : .ml_meth = py_creds_get_smb_encryption,
1710 : .ml_flags = METH_NOARGS,
1711 : },
1712 : {
1713 : .ml_name = "set_smb_encryption",
1714 : .ml_meth = py_creds_set_smb_encryption,
1715 : .ml_flags = METH_VARARGS,
1716 : },
1717 : {
1718 : .ml_name = "get_krb5_fast_armor_credentials",
1719 : .ml_meth = py_creds_get_krb5_fast_armor_credentials,
1720 : .ml_flags = METH_NOARGS,
1721 : .ml_doc = "S.get_krb5_fast_armor_credentials() -> Credentials\n"
1722 : "Get the Kerberos FAST credentials set on this credentials object"
1723 : },
1724 : {
1725 : .ml_name = "set_krb5_fast_armor_credentials",
1726 : .ml_meth = py_creds_set_krb5_fast_armor_credentials,
1727 : .ml_flags = METH_VARARGS,
1728 : .ml_doc = "S.set_krb5_fast_armor_credentials(credentials, required) -> None\n"
1729 : "Set Kerberos FAST credentials for this credentials object, and if FAST armoring must be used."
1730 : },
1731 : {
1732 : .ml_name = "get_krb5_require_fast_armor",
1733 : .ml_meth = py_creds_get_krb5_require_fast_armor,
1734 : .ml_flags = METH_NOARGS,
1735 : .ml_doc = "S.get_krb5_fast_armor() -> bool\n"
1736 : "Indicate if Kerberos FAST armor is required"
1737 : },
1738 : { .ml_name = NULL }
1739 : };
1740 :
1741 : static struct PyModuleDef moduledef = {
1742 : PyModuleDef_HEAD_INIT,
1743 : .m_name = "credentials",
1744 : .m_doc = "Credentials management.",
1745 : .m_size = -1,
1746 : .m_methods = py_creds_methods,
1747 : };
1748 :
1749 : PyTypeObject PyCredentials = {
1750 : .tp_name = "credentials.Credentials",
1751 : .tp_new = py_creds_new,
1752 : .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE,
1753 : .tp_methods = py_creds_methods,
1754 : };
1755 :
1756 1858 : static PyObject *py_ccache_name(PyObject *self, PyObject *unused)
1757 : {
1758 1858 : struct ccache_container *ccc = NULL;
1759 1858 : char *name = NULL;
1760 1858 : PyObject *py_name = NULL;
1761 0 : int ret;
1762 :
1763 1858 : ccc = pytalloc_get_type(self, struct ccache_container);
1764 :
1765 1858 : ret = krb5_cc_get_full_name(ccc->smb_krb5_context->krb5_context,
1766 : ccc->ccache, &name);
1767 1858 : if (ret == 0) {
1768 1858 : py_name = PyString_FromStringOrNULL(name);
1769 1858 : krb5_free_string(ccc->smb_krb5_context->krb5_context, name);
1770 : } else {
1771 0 : PyErr_SetString(PyExc_RuntimeError,
1772 : "Failed to get ccache name");
1773 0 : return NULL;
1774 : }
1775 1858 : return py_name;
1776 : }
1777 :
1778 : static PyMethodDef py_ccache_container_methods[] = {
1779 : { "get_name", py_ccache_name, METH_NOARGS,
1780 : "S.get_name() -> name\nObtain KRB5 credentials cache name." },
1781 : {0}
1782 : };
1783 :
1784 : PyTypeObject PyCredentialCacheContainer = {
1785 : .tp_name = "credentials.CredentialCacheContainer",
1786 : .tp_flags = Py_TPFLAGS_DEFAULT,
1787 : .tp_methods = py_ccache_container_methods,
1788 : };
1789 :
1790 7736 : MODULE_INIT_FUNC(credentials)
1791 : {
1792 192 : PyObject *m;
1793 7736 : if (pytalloc_BaseObject_PyType_Ready(&PyCredentials) < 0)
1794 0 : return NULL;
1795 :
1796 7736 : if (pytalloc_BaseObject_PyType_Ready(&PyCredentialCacheContainer) < 0)
1797 0 : return NULL;
1798 :
1799 7736 : m = PyModule_Create(&moduledef);
1800 7736 : if (m == NULL)
1801 0 : return NULL;
1802 :
1803 7736 : PyModule_AddObject(m, "UNINITIALISED", PyLong_FromLong(CRED_UNINITIALISED));
1804 7736 : PyModule_AddObject(m, "SMB_CONF", PyLong_FromLong(CRED_SMB_CONF));
1805 7736 : PyModule_AddObject(m, "CALLBACK", PyLong_FromLong(CRED_CALLBACK));
1806 7736 : PyModule_AddObject(m, "GUESS_ENV", PyLong_FromLong(CRED_GUESS_ENV));
1807 7736 : PyModule_AddObject(m, "GUESS_FILE", PyLong_FromLong(CRED_GUESS_FILE));
1808 7736 : PyModule_AddObject(m, "CALLBACK_RESULT", PyLong_FromLong(CRED_CALLBACK_RESULT));
1809 7736 : PyModule_AddObject(m, "SPECIFIED", PyLong_FromLong(CRED_SPECIFIED));
1810 :
1811 7736 : PyModule_AddObject(m, "AUTO_USE_KERBEROS", PyLong_FromLong(CRED_USE_KERBEROS_DESIRED));
1812 7736 : PyModule_AddObject(m, "DONT_USE_KERBEROS", PyLong_FromLong(CRED_USE_KERBEROS_DISABLED));
1813 7736 : PyModule_AddObject(m, "MUST_USE_KERBEROS", PyLong_FromLong(CRED_USE_KERBEROS_REQUIRED));
1814 :
1815 7736 : PyModule_AddObject(m, "AUTO_KRB_FORWARDABLE", PyLong_FromLong(CRED_AUTO_KRB_FORWARDABLE));
1816 7736 : PyModule_AddObject(m, "NO_KRB_FORWARDABLE", PyLong_FromLong(CRED_NO_KRB_FORWARDABLE));
1817 7736 : PyModule_AddObject(m, "FORCE_KRB_FORWARDABLE", PyLong_FromLong(CRED_FORCE_KRB_FORWARDABLE));
1818 7736 : PyModule_AddObject(m, "CLI_CRED_NTLM2", PyLong_FromLong(CLI_CRED_NTLM2));
1819 7736 : PyModule_AddObject(m, "CLI_CRED_NTLMv2_AUTH", PyLong_FromLong(CLI_CRED_NTLMv2_AUTH));
1820 7736 : PyModule_AddObject(m, "CLI_CRED_LANMAN_AUTH", PyLong_FromLong(CLI_CRED_LANMAN_AUTH));
1821 7736 : PyModule_AddObject(m, "CLI_CRED_NTLM_AUTH", PyLong_FromLong(CLI_CRED_NTLM_AUTH));
1822 7736 : PyModule_AddObject(m, "CLI_CRED_CLEAR_AUTH", PyLong_FromLong(CLI_CRED_CLEAR_AUTH));
1823 :
1824 7736 : PyModule_AddObject(m, "SMB_SIGNING_DEFAULT", PyLong_FromLong(SMB_SIGNING_DEFAULT));
1825 7736 : PyModule_AddObject(m, "SMB_SIGNING_OFF", PyLong_FromLong(SMB_SIGNING_OFF));
1826 7736 : PyModule_AddObject(m, "SMB_SIGNING_IF_REQUIRED", PyLong_FromLong(SMB_SIGNING_IF_REQUIRED));
1827 7736 : PyModule_AddObject(m, "SMB_SIGNING_DESIRED", PyLong_FromLong(SMB_SIGNING_DESIRED));
1828 7736 : PyModule_AddObject(m, "SMB_SIGNING_REQUIRED", PyLong_FromLong(SMB_SIGNING_REQUIRED));
1829 :
1830 7736 : PyModule_AddObject(m, "SMB_ENCRYPTION_DEFAULT", PyLong_FromLong(SMB_ENCRYPTION_DEFAULT));
1831 7736 : PyModule_AddObject(m, "SMB_ENCRYPTION_OFF", PyLong_FromLong(SMB_ENCRYPTION_OFF));
1832 7736 : PyModule_AddObject(m, "SMB_ENCRYPTION_IF_REQUIRED", PyLong_FromLong(SMB_ENCRYPTION_IF_REQUIRED));
1833 7736 : PyModule_AddObject(m, "SMB_ENCRYPTION_DESIRED", PyLong_FromLong(SMB_ENCRYPTION_DESIRED));
1834 7736 : PyModule_AddObject(m, "SMB_ENCRYPTION_REQUIRED", PyLong_FromLong(SMB_ENCRYPTION_REQUIRED));
1835 :
1836 7736 : PyModule_AddObject(m, "ENCTYPE_ARCFOUR_HMAC", PyLong_FromLong(ENCTYPE_ARCFOUR_HMAC));
1837 7736 : PyModule_AddObject(m, "ENCTYPE_AES128_CTS_HMAC_SHA1_96", PyLong_FromLong(ENCTYPE_AES128_CTS_HMAC_SHA1_96));
1838 7736 : PyModule_AddObject(m, "ENCTYPE_AES256_CTS_HMAC_SHA1_96", PyLong_FromLong(ENCTYPE_AES256_CTS_HMAC_SHA1_96));
1839 :
1840 6457 : Py_INCREF(&PyCredentials);
1841 7736 : PyModule_AddObject(m, "Credentials", (PyObject *)&PyCredentials);
1842 6457 : Py_INCREF(&PyCredentialCacheContainer);
1843 7736 : PyModule_AddObject(m, "CredentialCacheContainer", (PyObject *)&PyCredentialCacheContainer);
1844 7736 : return m;
1845 : }
|
