Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
4 :
5 : This program is free software; you can redistribute it and/or modify
6 : it under the terms of the GNU General Public License as published by
7 : the Free Software Foundation; either version 3 of the License, or
8 : (at your option) any later version.
9 :
10 : This program is distributed in the hope that it will be useful,
11 : but WITHOUT ANY WARRANTY; without even the implied warranty of
12 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 : GNU General Public License for more details.
14 :
15 : You should have received a copy of the GNU General Public License
16 : along with this program. If not, see <http://www.gnu.org/licenses/>.
17 : */
18 :
19 : #include "lib/replace/system/python.h"
20 : #include "python/py3compat.h"
21 : #include "includes.h"
22 : #include "python/modules.h"
23 : #include "pycredentials.h"
24 : #include "param/param.h"
25 : #include "auth/credentials/credentials_internal.h"
26 : #include "auth/credentials/credentials_krb5.h"
27 : #include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
28 : #include "librpc/gen_ndr/netlogon.h"
29 : #include "libcli/util/pyerrors.h"
30 : #include "libcli/auth/libcli_auth.h"
31 : #include "param/pyparam.h"
32 : #include <tevent.h>
33 : #include "libcli/auth/libcli_auth.h"
34 : #include "system/kerberos.h"
35 : #include "auth/kerberos/kerberos.h"
36 : #include "libcli/smb/smb_constants.h"
37 :
38 : void initcredentials(void);
39 :
40 36256 : static PyObject *py_creds_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
41 : {
42 36256 : return pytalloc_steal(type, cli_credentials_init(NULL));
43 : }
44 :
45 0 : static PyObject *PyCredentials_from_cli_credentials(struct cli_credentials *creds)
46 : {
47 0 : return pytalloc_reference(&PyCredentials, creds);
48 : }
49 :
50 38843 : static PyObject *py_creds_get_username(PyObject *self, PyObject *unused)
51 : {
52 38843 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
53 38843 : if (creds == NULL) {
54 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
55 0 : return NULL;
56 : }
57 38843 : return PyString_FromStringOrNULL(cli_credentials_get_username(creds));
58 : }
59 :
60 16905 : static PyObject *py_creds_set_username(PyObject *self, PyObject *args)
61 : {
62 6 : char *newval;
63 16905 : enum credentials_obtained obt = CRED_SPECIFIED;
64 16905 : int _obt = obt;
65 16905 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
66 16905 : if (creds == NULL) {
67 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
68 0 : return NULL;
69 : }
70 :
71 16905 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
72 0 : return NULL;
73 : }
74 16905 : obt = _obt;
75 :
76 16905 : return PyBool_FromLong(cli_credentials_set_username(creds, newval, obt));
77 : }
78 :
79 207 : static PyObject *py_creds_get_ntlm_username_domain(PyObject *self, PyObject *unused)
80 : {
81 207 : TALLOC_CTX *frame = talloc_stackframe();
82 207 : const char *user = NULL;
83 207 : const char *domain = NULL;
84 207 : PyObject *ret = NULL;
85 207 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
86 207 : if (creds == NULL) {
87 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
88 0 : return NULL;
89 : }
90 207 : cli_credentials_get_ntlm_username_domain(creds,
91 : frame, &user, &domain);
92 207 : ret = Py_BuildValue("(ss)",
93 : user,
94 : domain);
95 :
96 207 : TALLOC_FREE(frame);
97 207 : return ret;
98 : }
99 :
100 123 : static PyObject *py_creds_get_ntlm_response(PyObject *self, PyObject *args, PyObject *kwargs)
101 : {
102 123 : TALLOC_CTX *frame = talloc_stackframe();
103 123 : PyObject *ret = NULL;
104 1 : int flags;
105 1 : struct timeval tv_now;
106 1 : NTTIME server_timestamp;
107 123 : DATA_BLOB challenge = data_blob_null;
108 123 : DATA_BLOB target_info = data_blob_null;
109 1 : NTSTATUS status;
110 123 : DATA_BLOB lm_response = data_blob_null;
111 123 : DATA_BLOB nt_response = data_blob_null;
112 123 : DATA_BLOB lm_session_key = data_blob_null;
113 123 : DATA_BLOB nt_session_key = data_blob_null;
114 123 : const char *kwnames[] = { "flags", "challenge",
115 : "target_info",
116 : NULL };
117 123 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
118 123 : if (creds == NULL) {
119 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
120 0 : return NULL;
121 : }
122 :
123 123 : tv_now = timeval_current();
124 123 : server_timestamp = timeval_to_nttime(&tv_now);
125 :
126 123 : if (!PyArg_ParseTupleAndKeywords(args, kwargs, "is#|s#",
127 : discard_const_p(char *, kwnames),
128 : &flags,
129 : &challenge.data,
130 : &challenge.length,
131 : &target_info.data,
132 : &target_info.length)) {
133 0 : return NULL;
134 : }
135 :
136 123 : status = cli_credentials_get_ntlm_response(creds,
137 : frame, &flags,
138 : challenge,
139 : &server_timestamp,
140 : target_info,
141 : &lm_response, &nt_response,
142 : &lm_session_key, &nt_session_key);
143 :
144 123 : if (!NT_STATUS_IS_OK(status)) {
145 0 : PyErr_SetNTSTATUS(status);
146 0 : TALLOC_FREE(frame);
147 0 : return NULL;
148 : }
149 :
150 124 : ret = Py_BuildValue("{sis" PYARG_BYTES_LEN "s" PYARG_BYTES_LEN
151 : "s" PYARG_BYTES_LEN "s" PYARG_BYTES_LEN "}",
152 : "flags", flags,
153 : "lm_response",
154 123 : (const char *)lm_response.data, lm_response.length,
155 : "nt_response",
156 123 : (const char *)nt_response.data, nt_response.length,
157 : "lm_session_key",
158 123 : (const char *)lm_session_key.data, lm_session_key.length,
159 : "nt_session_key",
160 123 : (const char *)nt_session_key.data, nt_session_key.length);
161 123 : TALLOC_FREE(frame);
162 122 : return ret;
163 : }
164 :
165 44 : static PyObject *py_creds_get_principal(PyObject *self, PyObject *unused)
166 : {
167 44 : TALLOC_CTX *frame = talloc_stackframe();
168 44 : PyObject *ret = NULL;
169 44 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
170 44 : if (creds == NULL) {
171 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
172 0 : return NULL;
173 : }
174 44 : ret = PyString_FromStringOrNULL(cli_credentials_get_principal(creds, frame));
175 44 : TALLOC_FREE(frame);
176 22 : return ret;
177 : }
178 :
179 2 : static PyObject *py_creds_set_principal(PyObject *self, PyObject *args)
180 : {
181 2 : char *newval;
182 2 : enum credentials_obtained obt = CRED_SPECIFIED;
183 2 : int _obt = obt;
184 2 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
185 2 : if (creds == NULL) {
186 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
187 0 : return NULL;
188 : }
189 :
190 2 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
191 0 : return NULL;
192 : }
193 2 : obt = _obt;
194 :
195 2 : return PyBool_FromLong(cli_credentials_set_principal(creds, newval, obt));
196 : }
197 :
198 10200 : static PyObject *py_creds_get_password(PyObject *self, PyObject *unused)
199 : {
200 10200 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
201 10200 : if (creds == NULL) {
202 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
203 0 : return NULL;
204 : }
205 10200 : return PyString_FromStringOrNULL(cli_credentials_get_password(creds));
206 : }
207 :
208 17439 : static PyObject *py_creds_set_password(PyObject *self, PyObject *args)
209 : {
210 17439 : const char *newval = NULL;
211 17439 : enum credentials_obtained obt = CRED_SPECIFIED;
212 17439 : int _obt = obt;
213 17439 : PyObject *result = NULL;
214 17439 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
215 17439 : if (creds == NULL) {
216 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
217 0 : return NULL;
218 : }
219 :
220 17439 : if (!PyArg_ParseTuple(args, PYARG_STR_UNI"|i", "utf8", &newval, &_obt)) {
221 0 : return NULL;
222 : }
223 17439 : obt = _obt;
224 :
225 17439 : result = PyBool_FromLong(cli_credentials_set_password(creds, newval, obt));
226 17439 : PyMem_Free(discard_const_p(void*, newval));
227 17439 : return result;
228 : }
229 :
230 801 : static PyObject *py_creds_set_utf16_password(PyObject *self, PyObject *args)
231 : {
232 801 : enum credentials_obtained obt = CRED_SPECIFIED;
233 801 : int _obt = obt;
234 801 : PyObject *newval = NULL;
235 801 : DATA_BLOB blob = data_blob_null;
236 801 : Py_ssize_t size = 0;
237 1 : int result;
238 1 : bool ok;
239 801 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
240 801 : if (creds == NULL) {
241 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
242 0 : return NULL;
243 : }
244 :
245 801 : if (!PyArg_ParseTuple(args, "O|i", &newval, &_obt)) {
246 0 : return NULL;
247 : }
248 801 : obt = _obt;
249 :
250 801 : result = PyBytes_AsStringAndSize(newval, (char **)&blob.data, &size);
251 801 : if (result != 0) {
252 0 : PyErr_SetString(PyExc_RuntimeError, "Failed to convert passed value to Bytes");
253 0 : return NULL;
254 : }
255 801 : blob.length = size;
256 :
257 801 : ok = cli_credentials_set_utf16_password(creds,
258 : &blob, obt);
259 :
260 801 : return PyBool_FromLong(ok);
261 : }
262 :
263 3 : static PyObject *py_creds_get_old_password(PyObject *self, PyObject *unused)
264 : {
265 3 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
266 3 : if (creds == NULL) {
267 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
268 0 : return NULL;
269 : }
270 3 : return PyString_FromStringOrNULL(cli_credentials_get_old_password(creds));
271 : }
272 :
273 1 : static PyObject *py_creds_set_old_password(PyObject *self, PyObject *args)
274 : {
275 1 : char *oldval;
276 1 : enum credentials_obtained obt = CRED_SPECIFIED;
277 1 : int _obt = obt;
278 1 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
279 1 : if (creds == NULL) {
280 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
281 0 : return NULL;
282 : }
283 :
284 1 : if (!PyArg_ParseTuple(args, "s|i", &oldval, &_obt)) {
285 0 : return NULL;
286 : }
287 1 : obt = _obt;
288 :
289 1 : return PyBool_FromLong(cli_credentials_set_old_password(creds, oldval, obt));
290 : }
291 :
292 1 : static PyObject *py_creds_set_old_utf16_password(PyObject *self, PyObject *args)
293 : {
294 1 : PyObject *oldval = NULL;
295 1 : DATA_BLOB blob = data_blob_null;
296 1 : Py_ssize_t size = 0;
297 1 : int result;
298 1 : bool ok;
299 1 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
300 1 : if (creds == NULL) {
301 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
302 0 : return NULL;
303 : }
304 :
305 1 : if (!PyArg_ParseTuple(args, "O", &oldval)) {
306 0 : return NULL;
307 : }
308 :
309 1 : result = PyBytes_AsStringAndSize(oldval, (char **)&blob.data, &size);
310 1 : if (result != 0) {
311 0 : PyErr_SetString(PyExc_RuntimeError, "Failed to convert passed value to Bytes");
312 0 : return NULL;
313 : }
314 1 : blob.length = size;
315 :
316 1 : ok = cli_credentials_set_old_utf16_password(creds,
317 : &blob);
318 :
319 1 : return PyBool_FromLong(ok);
320 : }
321 :
322 13346 : static PyObject *py_creds_get_domain(PyObject *self, PyObject *unused)
323 : {
324 13346 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
325 13346 : if (creds == NULL) {
326 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
327 0 : return NULL;
328 : }
329 13346 : return PyString_FromStringOrNULL(cli_credentials_get_domain(creds));
330 : }
331 :
332 16112 : static PyObject *py_creds_set_domain(PyObject *self, PyObject *args)
333 : {
334 2 : char *newval;
335 16112 : enum credentials_obtained obt = CRED_SPECIFIED;
336 16112 : int _obt = obt;
337 16112 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
338 16112 : if (creds == NULL) {
339 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
340 0 : return NULL;
341 : }
342 :
343 16112 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
344 0 : return NULL;
345 : }
346 16112 : obt = _obt;
347 :
348 16112 : return PyBool_FromLong(cli_credentials_set_domain(creds, newval, obt));
349 : }
350 :
351 38803 : static PyObject *py_creds_get_realm(PyObject *self, PyObject *unused)
352 : {
353 38803 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
354 38803 : if (creds == NULL) {
355 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
356 0 : return NULL;
357 : }
358 38803 : return PyString_FromStringOrNULL(cli_credentials_get_realm(creds));
359 : }
360 :
361 15740 : static PyObject *py_creds_set_realm(PyObject *self, PyObject *args)
362 : {
363 4 : char *newval;
364 15740 : enum credentials_obtained obt = CRED_SPECIFIED;
365 15740 : int _obt = obt;
366 15740 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
367 15740 : if (creds == NULL) {
368 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
369 0 : return NULL;
370 : }
371 :
372 15740 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
373 0 : return NULL;
374 : }
375 15740 : obt = _obt;
376 :
377 15740 : return PyBool_FromLong(cli_credentials_set_realm(creds, newval, obt));
378 : }
379 :
380 1043 : static PyObject *py_creds_get_bind_dn(PyObject *self, PyObject *unused)
381 : {
382 1043 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
383 1043 : if (creds == NULL) {
384 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
385 0 : return NULL;
386 : }
387 1043 : return PyString_FromStringOrNULL(cli_credentials_get_bind_dn(creds));
388 : }
389 :
390 550 : static PyObject *py_creds_set_bind_dn(PyObject *self, PyObject *args)
391 : {
392 1 : char *newval;
393 550 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
394 550 : if (creds == NULL) {
395 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
396 0 : return NULL;
397 : }
398 550 : if (!PyArg_ParseTuple(args, "z", &newval))
399 0 : return NULL;
400 :
401 550 : return PyBool_FromLong(cli_credentials_set_bind_dn(creds, newval));
402 : }
403 :
404 12598 : static PyObject *py_creds_get_workstation(PyObject *self, PyObject *unused)
405 : {
406 12598 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
407 12598 : if (creds == NULL) {
408 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
409 0 : return NULL;
410 : }
411 12598 : return PyString_FromStringOrNULL(cli_credentials_get_workstation(creds));
412 : }
413 :
414 19071 : static PyObject *py_creds_set_workstation(PyObject *self, PyObject *args)
415 : {
416 1 : char *newval;
417 19071 : enum credentials_obtained obt = CRED_SPECIFIED;
418 19071 : int _obt = obt;
419 19071 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
420 19071 : if (creds == NULL) {
421 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
422 0 : return NULL;
423 : }
424 :
425 19071 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
426 0 : return NULL;
427 : }
428 19071 : obt = _obt;
429 :
430 19071 : return PyBool_FromLong(cli_credentials_set_workstation(creds, newval, obt));
431 : }
432 :
433 91 : static PyObject *py_creds_is_anonymous(PyObject *self, PyObject *unused)
434 : {
435 91 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
436 91 : if (creds == NULL) {
437 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
438 0 : return NULL;
439 : }
440 91 : return PyBool_FromLong(cli_credentials_is_anonymous(creds));
441 : }
442 :
443 1990 : static PyObject *py_creds_set_anonymous(PyObject *self, PyObject *unused)
444 : {
445 1990 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
446 1990 : if (creds == NULL) {
447 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
448 0 : return NULL;
449 : }
450 1990 : cli_credentials_set_anonymous(creds);
451 1990 : Py_RETURN_NONE;
452 : }
453 :
454 9116 : static PyObject *py_creds_authentication_requested(PyObject *self, PyObject *unused)
455 : {
456 9116 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
457 9116 : if (creds == NULL) {
458 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
459 0 : return NULL;
460 : }
461 9116 : return PyBool_FromLong(cli_credentials_authentication_requested(creds));
462 : }
463 :
464 1 : static PyObject *py_creds_wrong_password(PyObject *self, PyObject *unused)
465 : {
466 1 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
467 1 : if (creds == NULL) {
468 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
469 0 : return NULL;
470 : }
471 1 : return PyBool_FromLong(cli_credentials_wrong_password(creds));
472 : }
473 :
474 14598 : static PyObject *py_creds_set_cmdline_callbacks(PyObject *self, PyObject *unused)
475 : {
476 14598 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
477 14598 : if (creds == NULL) {
478 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
479 0 : return NULL;
480 : }
481 14598 : return PyBool_FromLong(cli_credentials_set_cmdline_callbacks(creds));
482 : }
483 :
484 6737 : static PyObject *py_creds_parse_string(PyObject *self, PyObject *args)
485 : {
486 13 : char *newval;
487 6737 : enum credentials_obtained obt = CRED_SPECIFIED;
488 6737 : int _obt = obt;
489 6737 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
490 6737 : if (creds == NULL) {
491 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
492 0 : return NULL;
493 : }
494 :
495 6737 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
496 0 : return NULL;
497 : }
498 6737 : obt = _obt;
499 :
500 6737 : cli_credentials_parse_string(creds, newval, obt);
501 6737 : Py_RETURN_NONE;
502 : }
503 :
504 7 : static PyObject *py_creds_parse_file(PyObject *self, PyObject *args)
505 : {
506 7 : char *newval;
507 7 : enum credentials_obtained obt = CRED_SPECIFIED;
508 7 : int _obt = obt;
509 7 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
510 7 : if (creds == NULL) {
511 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
512 0 : return NULL;
513 : }
514 :
515 7 : if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
516 0 : return NULL;
517 : }
518 7 : obt = _obt;
519 :
520 7 : cli_credentials_parse_file(creds, newval, obt);
521 7 : Py_RETURN_NONE;
522 : }
523 :
524 1 : static PyObject *py_cli_credentials_set_password_will_be_nt_hash(PyObject *self, PyObject *args)
525 : {
526 1 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
527 1 : PyObject *py_val = NULL;
528 1 : bool val = false;
529 :
530 1 : if (!PyArg_ParseTuple(args, "O!", &PyBool_Type, &py_val)) {
531 0 : return NULL;
532 : }
533 1 : val = PyObject_IsTrue(py_val);
534 :
535 1 : cli_credentials_set_password_will_be_nt_hash(creds, val);
536 1 : Py_RETURN_NONE;
537 : }
538 :
539 1301 : static PyObject *py_creds_get_nt_hash(PyObject *self, PyObject *unused)
540 : {
541 12 : PyObject *ret;
542 1301 : struct samr_Password *ntpw = NULL;
543 1301 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
544 1301 : if (creds == NULL) {
545 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
546 0 : return NULL;
547 : }
548 1301 : ntpw = cli_credentials_get_nt_hash(creds, creds);
549 :
550 1301 : ret = PyBytes_FromStringAndSize(discard_const_p(char, ntpw->hash), 16);
551 1301 : TALLOC_FREE(ntpw);
552 1289 : return ret;
553 : }
554 :
555 128 : static PyObject *py_creds_set_nt_hash(PyObject *self, PyObject *args)
556 : {
557 128 : PyObject *py_cp = Py_None;
558 128 : const struct samr_Password *pwd = NULL;
559 128 : enum credentials_obtained obt = CRED_SPECIFIED;
560 128 : int _obt = obt;
561 128 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
562 128 : if (creds == NULL) {
563 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
564 0 : return NULL;
565 : }
566 :
567 128 : if (!PyArg_ParseTuple(args, "O|i", &py_cp, &_obt)) {
568 0 : return NULL;
569 : }
570 128 : obt = _obt;
571 :
572 128 : if (!py_check_dcerpc_type(py_cp, "samba.dcerpc.samr", "Password")) {
573 : /* py_check_dcerpc_type sets TypeError */
574 0 : return NULL;
575 : }
576 :
577 128 : pwd = pytalloc_get_ptr(py_cp);
578 :
579 128 : return PyBool_FromLong(cli_credentials_set_nt_hash(creds, pwd, obt));
580 : }
581 :
582 938 : static PyObject *py_creds_get_kerberos_state(PyObject *self, PyObject *unused)
583 : {
584 0 : int state;
585 938 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
586 938 : if (creds == NULL) {
587 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
588 0 : return NULL;
589 : }
590 938 : state = cli_credentials_get_kerberos_state(creds);
591 938 : return PyLong_FromLong(state);
592 : }
593 :
594 14093 : static PyObject *py_creds_set_kerberos_state(PyObject *self, PyObject *args)
595 : {
596 2 : int state;
597 14093 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
598 14093 : if (creds == NULL) {
599 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
600 0 : return NULL;
601 : }
602 14093 : if (!PyArg_ParseTuple(args, "i", &state))
603 0 : return NULL;
604 :
605 14093 : cli_credentials_set_kerberos_state(creds, state, CRED_SPECIFIED);
606 14093 : Py_RETURN_NONE;
607 : }
608 :
609 79 : static PyObject *py_creds_set_krb_forwardable(PyObject *self, PyObject *args)
610 : {
611 2 : int state;
612 79 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
613 79 : if (creds == NULL) {
614 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
615 0 : return NULL;
616 : }
617 79 : if (!PyArg_ParseTuple(args, "i", &state))
618 0 : return NULL;
619 :
620 79 : cli_credentials_set_krb_forwardable(creds, state);
621 79 : Py_RETURN_NONE;
622 : }
623 :
624 :
625 0 : static PyObject *py_creds_get_forced_sasl_mech(PyObject *self, PyObject *unused)
626 : {
627 0 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
628 0 : if (creds == NULL) {
629 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
630 0 : return NULL;
631 : }
632 0 : return PyString_FromStringOrNULL(cli_credentials_get_forced_sasl_mech(creds));
633 : }
634 :
635 0 : static PyObject *py_creds_set_forced_sasl_mech(PyObject *self, PyObject *args)
636 : {
637 0 : char *newval;
638 0 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
639 0 : if (creds == NULL) {
640 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
641 0 : return NULL;
642 : }
643 :
644 0 : if (!PyArg_ParseTuple(args, "s", &newval)) {
645 0 : return NULL;
646 : }
647 :
648 0 : cli_credentials_set_forced_sasl_mech(creds, newval);
649 0 : Py_RETURN_NONE;
650 : }
651 :
652 6 : static PyObject *py_creds_set_conf(PyObject *self, PyObject *args)
653 : {
654 6 : PyObject *py_lp_ctx = Py_None;
655 6 : struct loadparm_context *lp_ctx;
656 6 : TALLOC_CTX *mem_ctx;
657 6 : struct cli_credentials *creds;
658 6 : bool ok;
659 :
660 6 : creds = PyCredentials_AsCliCredentials(self);
661 6 : if (creds == NULL) {
662 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
663 0 : return NULL;
664 : }
665 :
666 6 : if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx)) {
667 0 : return NULL;
668 : }
669 :
670 6 : mem_ctx = talloc_new(NULL);
671 6 : if (mem_ctx == NULL) {
672 0 : PyErr_NoMemory();
673 0 : return NULL;
674 : }
675 :
676 6 : lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
677 6 : if (lp_ctx == NULL) {
678 0 : talloc_free(mem_ctx);
679 0 : return NULL;
680 : }
681 :
682 6 : ok = cli_credentials_set_conf(creds, lp_ctx);
683 6 : talloc_free(mem_ctx);
684 6 : if (!ok) {
685 0 : return NULL;
686 : }
687 :
688 6 : Py_RETURN_NONE;
689 : }
690 :
691 20132 : static PyObject *py_creds_guess(PyObject *self, PyObject *args)
692 : {
693 20132 : PyObject *py_lp_ctx = Py_None;
694 118 : struct loadparm_context *lp_ctx;
695 118 : TALLOC_CTX *mem_ctx;
696 118 : struct cli_credentials *creds;
697 118 : bool ok;
698 :
699 20132 : creds = PyCredentials_AsCliCredentials(self);
700 20132 : if (creds == NULL) {
701 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
702 0 : return NULL;
703 : }
704 :
705 20132 : if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
706 0 : return NULL;
707 :
708 20132 : mem_ctx = talloc_new(NULL);
709 20132 : if (mem_ctx == NULL) {
710 0 : PyErr_NoMemory();
711 0 : return NULL;
712 : }
713 :
714 20132 : lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
715 20132 : if (lp_ctx == NULL) {
716 0 : talloc_free(mem_ctx);
717 0 : return NULL;
718 : }
719 :
720 20132 : ok = cli_credentials_guess(creds, lp_ctx);
721 20132 : talloc_free(mem_ctx);
722 20132 : if (!ok) {
723 0 : return NULL;
724 : }
725 :
726 20132 : Py_RETURN_NONE;
727 : }
728 :
729 5200 : static PyObject *py_creds_set_machine_account(PyObject *self, PyObject *args)
730 : {
731 5200 : PyObject *py_lp_ctx = Py_None;
732 22 : struct loadparm_context *lp_ctx;
733 22 : NTSTATUS status;
734 22 : struct cli_credentials *creds;
735 22 : TALLOC_CTX *mem_ctx;
736 :
737 5200 : creds = PyCredentials_AsCliCredentials(self);
738 5200 : if (creds == NULL) {
739 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
740 0 : return NULL;
741 : }
742 :
743 5200 : if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
744 0 : return NULL;
745 :
746 5200 : mem_ctx = talloc_new(NULL);
747 5200 : if (mem_ctx == NULL) {
748 0 : PyErr_NoMemory();
749 0 : return NULL;
750 : }
751 :
752 5200 : lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
753 5200 : if (lp_ctx == NULL) {
754 0 : talloc_free(mem_ctx);
755 0 : return NULL;
756 : }
757 :
758 5200 : status = cli_credentials_set_machine_account(creds, lp_ctx);
759 5200 : talloc_free(mem_ctx);
760 :
761 5200 : PyErr_NTSTATUS_IS_ERR_RAISE(status);
762 :
763 4462 : Py_RETURN_NONE;
764 : }
765 :
766 1878 : static PyObject *PyCredentialCacheContainer_from_ccache_container(struct ccache_container *ccc)
767 : {
768 1878 : return pytalloc_reference(&PyCredentialCacheContainer, ccc);
769 : }
770 :
771 :
772 1878 : static PyObject *py_creds_get_named_ccache(PyObject *self, PyObject *args)
773 : {
774 1878 : PyObject *py_lp_ctx = Py_None;
775 1878 : char *ccache_name = NULL;
776 0 : struct loadparm_context *lp_ctx;
777 0 : struct ccache_container *ccc;
778 0 : struct tevent_context *event_ctx;
779 0 : int ret;
780 0 : const char *error_string;
781 0 : struct cli_credentials *creds;
782 0 : TALLOC_CTX *mem_ctx;
783 :
784 1878 : creds = PyCredentials_AsCliCredentials(self);
785 1878 : if (creds == NULL) {
786 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
787 0 : return NULL;
788 : }
789 :
790 1878 : if (!PyArg_ParseTuple(args, "|Os", &py_lp_ctx, &ccache_name))
791 0 : return NULL;
792 :
793 1878 : mem_ctx = talloc_new(NULL);
794 1878 : if (mem_ctx == NULL) {
795 0 : PyErr_NoMemory();
796 0 : return NULL;
797 : }
798 :
799 1878 : lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
800 1878 : if (lp_ctx == NULL) {
801 0 : talloc_free(mem_ctx);
802 0 : return NULL;
803 : }
804 :
805 1878 : event_ctx = samba_tevent_context_init(mem_ctx);
806 :
807 1878 : ret = cli_credentials_get_named_ccache(creds, event_ctx, lp_ctx,
808 : ccache_name, &ccc, &error_string);
809 1878 : talloc_unlink(mem_ctx, lp_ctx);
810 1878 : if (ret == 0) {
811 1878 : talloc_steal(ccc, event_ctx);
812 1878 : talloc_free(mem_ctx);
813 1878 : return PyCredentialCacheContainer_from_ccache_container(ccc);
814 : }
815 :
816 0 : PyErr_SetString(PyExc_RuntimeError, error_string?error_string:"NULL");
817 :
818 0 : talloc_free(mem_ctx);
819 0 : return NULL;
820 : }
821 :
822 1935 : static PyObject *py_creds_set_named_ccache(PyObject *self, PyObject *args)
823 : {
824 1935 : struct loadparm_context *lp_ctx = NULL;
825 1935 : enum credentials_obtained obt = CRED_SPECIFIED;
826 1935 : const char *error_string = NULL;
827 1935 : TALLOC_CTX *mem_ctx = NULL;
828 1935 : char *newval = NULL;
829 1935 : PyObject *py_lp_ctx = Py_None;
830 1935 : int _obt = obt;
831 0 : int ret;
832 1935 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
833 1935 : if (creds == NULL) {
834 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
835 0 : return NULL;
836 : }
837 :
838 1935 : if (!PyArg_ParseTuple(args, "s|iO", &newval, &_obt, &py_lp_ctx))
839 0 : return NULL;
840 1935 : obt = _obt;
841 :
842 1935 : mem_ctx = talloc_new(NULL);
843 1935 : if (mem_ctx == NULL) {
844 0 : PyErr_NoMemory();
845 0 : return NULL;
846 : }
847 :
848 1935 : lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
849 1935 : if (lp_ctx == NULL) {
850 0 : talloc_free(mem_ctx);
851 0 : return NULL;
852 : }
853 :
854 1935 : ret = cli_credentials_set_ccache(creds,
855 : lp_ctx,
856 : newval, obt,
857 : &error_string);
858 :
859 1935 : if (ret != 0) {
860 0 : PyErr_SetString(PyExc_RuntimeError,
861 0 : error_string != NULL ? error_string : "NULL");
862 0 : talloc_free(mem_ctx);
863 0 : return NULL;
864 : }
865 :
866 1935 : talloc_free(mem_ctx);
867 1935 : Py_RETURN_NONE;
868 : }
869 :
870 13125 : static PyObject *py_creds_set_gensec_features(PyObject *self, PyObject *args)
871 : {
872 5 : unsigned int gensec_features;
873 13125 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
874 13125 : if (creds == NULL) {
875 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
876 0 : return NULL;
877 : }
878 :
879 13125 : if (!PyArg_ParseTuple(args, "I", &gensec_features))
880 0 : return NULL;
881 :
882 13125 : cli_credentials_set_gensec_features(creds,
883 : gensec_features,
884 : CRED_SPECIFIED);
885 :
886 13125 : Py_RETURN_NONE;
887 : }
888 :
889 13125 : static PyObject *py_creds_get_gensec_features(PyObject *self, PyObject *args)
890 : {
891 5 : unsigned int gensec_features;
892 13125 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
893 13125 : if (creds == NULL) {
894 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
895 0 : return NULL;
896 : }
897 :
898 13125 : gensec_features = cli_credentials_get_gensec_features(creds);
899 13125 : return PyLong_FromLong(gensec_features);
900 : }
901 :
902 45 : static PyObject *py_creds_new_client_authenticator(PyObject *self,
903 : PyObject *args)
904 : {
905 0 : struct netr_Authenticator auth;
906 45 : struct cli_credentials *creds = NULL;
907 45 : struct netlogon_creds_CredentialState *nc = NULL;
908 45 : PyObject *ret = NULL;
909 0 : NTSTATUS status;
910 :
911 45 : creds = PyCredentials_AsCliCredentials(self);
912 45 : if (creds == NULL) {
913 0 : PyErr_SetString(PyExc_RuntimeError,
914 : "Failed to get credentials from python");
915 0 : return NULL;
916 : }
917 :
918 45 : nc = creds->netlogon_creds;
919 45 : if (nc == NULL) {
920 3 : PyErr_SetString(PyExc_ValueError,
921 : "No netlogon credentials cannot make "
922 : "client authenticator");
923 3 : return NULL;
924 : }
925 :
926 42 : status = netlogon_creds_client_authenticator(nc, &auth);
927 42 : if (!NT_STATUS_IS_OK(status)) {
928 0 : PyErr_SetString(PyExc_ValueError,
929 : "Failed to create client authenticator");
930 0 : return NULL;
931 : }
932 :
933 42 : ret = Py_BuildValue("{s"PYARG_BYTES_LEN"si}",
934 : "credential",
935 : (const char *) &auth.cred, sizeof(auth.cred),
936 : "timestamp", auth.timestamp);
937 42 : return ret;
938 : }
939 :
940 3161 : static PyObject *py_creds_set_secure_channel_type(PyObject *self, PyObject *args)
941 : {
942 1 : unsigned int channel_type;
943 3161 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
944 3161 : if (creds == NULL) {
945 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
946 0 : return NULL;
947 : }
948 :
949 3161 : if (!PyArg_ParseTuple(args, "I", &channel_type))
950 0 : return NULL;
951 :
952 3161 : cli_credentials_set_secure_channel_type(
953 : creds,
954 : channel_type);
955 :
956 3161 : Py_RETURN_NONE;
957 : }
958 :
959 8070 : static PyObject *py_creds_get_secure_channel_type(PyObject *self, PyObject *args)
960 : {
961 8070 : enum netr_SchannelType channel_type = SEC_CHAN_NULL;
962 8070 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
963 8070 : if (creds == NULL) {
964 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
965 0 : return NULL;
966 : }
967 :
968 8070 : channel_type = cli_credentials_get_secure_channel_type(creds);
969 :
970 8070 : return PyLong_FromLong(channel_type);
971 : }
972 :
973 114 : static PyObject *py_creds_set_kerberos_salt_principal(PyObject *self, PyObject *args)
974 : {
975 114 : char *salt_principal = NULL;
976 114 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
977 114 : if (creds == NULL) {
978 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
979 0 : return NULL;
980 : }
981 :
982 114 : if (!PyArg_ParseTuple(args, "s", &salt_principal))
983 0 : return NULL;
984 :
985 114 : cli_credentials_set_salt_principal(
986 : creds,
987 : salt_principal);
988 :
989 114 : Py_RETURN_NONE;
990 : }
991 :
992 0 : static PyObject *py_creds_get_kerberos_salt_principal(PyObject *self, PyObject *unused)
993 : {
994 0 : TALLOC_CTX *mem_ctx;
995 0 : PyObject *ret = NULL;
996 0 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
997 0 : if (creds == NULL) {
998 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
999 0 : return NULL;
1000 : }
1001 0 : mem_ctx = talloc_new(NULL);
1002 0 : if (mem_ctx == NULL) {
1003 0 : PyErr_NoMemory();
1004 0 : return NULL;
1005 : }
1006 :
1007 0 : ret = PyString_FromStringOrNULL(cli_credentials_get_salt_principal(creds, mem_ctx));
1008 :
1009 0 : TALLOC_FREE(mem_ctx);
1010 :
1011 0 : return ret;
1012 : }
1013 :
1014 114 : static PyObject *py_creds_get_kerberos_key_current_or_old(PyObject *self, PyObject *args, bool old)
1015 : {
1016 114 : struct loadparm_context *lp_ctx = NULL;
1017 114 : TALLOC_CTX *mem_ctx = NULL;
1018 114 : PyObject *py_lp_ctx = Py_None;
1019 0 : DATA_BLOB key;
1020 0 : int code;
1021 0 : int enctype;
1022 114 : PyObject *ret = NULL;
1023 114 : struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
1024 114 : if (creds == NULL) {
1025 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1026 0 : return NULL;
1027 : }
1028 :
1029 114 : if (!PyArg_ParseTuple(args, "i|O", &enctype, &py_lp_ctx))
1030 0 : return NULL;
1031 :
1032 114 : mem_ctx = talloc_new(NULL);
1033 114 : if (mem_ctx == NULL) {
1034 0 : PyErr_NoMemory();
1035 0 : return NULL;
1036 : }
1037 :
1038 114 : lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
1039 114 : if (lp_ctx == NULL) {
1040 0 : talloc_free(mem_ctx);
1041 0 : return NULL;
1042 : }
1043 :
1044 114 : code = cli_credentials_get_kerberos_key(creds,
1045 : mem_ctx,
1046 : lp_ctx,
1047 : enctype,
1048 : old,
1049 : &key);
1050 114 : if (code != 0) {
1051 0 : PyErr_SetString(PyExc_RuntimeError,
1052 : "Failed to generate Kerberos key");
1053 0 : talloc_free(mem_ctx);
1054 0 : return NULL;
1055 : }
1056 :
1057 114 : ret = PyBytes_FromStringAndSize((const char *)key.data,
1058 114 : key.length);
1059 114 : talloc_free(mem_ctx);
1060 114 : return ret;
1061 : }
1062 :
1063 114 : static PyObject *py_creds_get_kerberos_key(PyObject *self, PyObject *args)
1064 : {
1065 114 : return py_creds_get_kerberos_key_current_or_old(self, args, false);
1066 : }
1067 :
1068 0 : static PyObject *py_creds_get_old_kerberos_key(PyObject *self, PyObject *args)
1069 : {
1070 0 : return py_creds_get_kerberos_key_current_or_old(self, args, true);
1071 : }
1072 :
1073 4 : static PyObject *py_creds_encrypt_netr_crypt_password(PyObject *self,
1074 : PyObject *args)
1075 : {
1076 4 : DATA_BLOB data = data_blob_null;
1077 4 : struct cli_credentials *creds = NULL;
1078 4 : struct netr_CryptPassword *pwd = NULL;
1079 0 : NTSTATUS status;
1080 4 : PyObject *py_cp = Py_None;
1081 :
1082 4 : creds = PyCredentials_AsCliCredentials(self);
1083 4 : if (creds == NULL) {
1084 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1085 0 : return NULL;
1086 : }
1087 :
1088 4 : if (!PyArg_ParseTuple(args, "O", &py_cp)) {
1089 0 : return NULL;
1090 : }
1091 :
1092 4 : if (!py_check_dcerpc_type(py_cp, "samba.dcerpc.netlogon", "netr_CryptPassword")) {
1093 : /* py_check_dcerpc_type sets TypeError */
1094 0 : return NULL;
1095 : }
1096 :
1097 4 : pwd = pytalloc_get_ptr(py_cp);
1098 4 : if (pwd == NULL) {
1099 : /* pytalloc_get_type sets TypeError */
1100 0 : return NULL;
1101 : }
1102 4 : data.length = sizeof(struct netr_CryptPassword);
1103 4 : data.data = (uint8_t *)pwd;
1104 4 : status = netlogon_creds_session_encrypt(creds->netlogon_creds, data);
1105 :
1106 4 : PyErr_NTSTATUS_IS_ERR_RAISE(status);
1107 :
1108 4 : Py_RETURN_NONE;
1109 : }
1110 :
1111 85 : static PyObject *py_creds_encrypt_samr_password(PyObject *self,
1112 : PyObject *args)
1113 : {
1114 85 : DATA_BLOB data = data_blob_null;
1115 85 : struct cli_credentials *creds = NULL;
1116 85 : struct samr_Password *pwd = NULL;
1117 0 : NTSTATUS status;
1118 85 : PyObject *py_cp = Py_None;
1119 :
1120 85 : creds = PyCredentials_AsCliCredentials(self);
1121 85 : if (creds == NULL) {
1122 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1123 0 : return NULL;
1124 : }
1125 :
1126 85 : if (creds->netlogon_creds == NULL) {
1127 0 : PyErr_Format(PyExc_ValueError, "NetLogon credentials not set");
1128 0 : return NULL;
1129 : }
1130 :
1131 85 : if (!PyArg_ParseTuple(args, "O", &py_cp)) {
1132 0 : return NULL;
1133 : }
1134 :
1135 85 : if (!py_check_dcerpc_type(py_cp, "samba.dcerpc.samr", "Password")) {
1136 : /* py_check_dcerpc_type sets TypeError */
1137 0 : return NULL;
1138 : }
1139 :
1140 85 : pwd = pytalloc_get_type(py_cp, struct samr_Password);
1141 85 : if (pwd == NULL) {
1142 : /* pytalloc_get_type sets TypeError */
1143 0 : return NULL;
1144 : }
1145 85 : data = data_blob_const(pwd->hash, sizeof(pwd->hash));
1146 85 : status = netlogon_creds_session_encrypt(creds->netlogon_creds, data);
1147 :
1148 85 : PyErr_NTSTATUS_IS_ERR_RAISE(status);
1149 :
1150 85 : Py_RETURN_NONE;
1151 : }
1152 :
1153 1223 : static PyObject *py_creds_get_smb_signing(PyObject *self, PyObject *unused)
1154 : {
1155 5 : enum smb_signing_setting signing_state;
1156 1223 : struct cli_credentials *creds = NULL;
1157 :
1158 1223 : creds = PyCredentials_AsCliCredentials(self);
1159 1223 : if (creds == NULL) {
1160 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1161 0 : return NULL;
1162 : }
1163 :
1164 1223 : signing_state = cli_credentials_get_smb_signing(creds);
1165 1223 : return PyLong_FromLong(signing_state);
1166 : }
1167 :
1168 2438 : static PyObject *py_creds_set_smb_signing(PyObject *self, PyObject *args)
1169 : {
1170 2 : enum smb_signing_setting signing_state;
1171 2438 : struct cli_credentials *creds = NULL;
1172 2438 : enum credentials_obtained obt = CRED_SPECIFIED;
1173 :
1174 2438 : creds = PyCredentials_AsCliCredentials(self);
1175 2438 : if (creds == NULL) {
1176 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1177 0 : return NULL;
1178 : }
1179 2438 : if (!PyArg_ParseTuple(args, "i|i", &signing_state, &obt)) {
1180 0 : return NULL;
1181 : }
1182 :
1183 2438 : switch (signing_state) {
1184 2436 : case SMB_SIGNING_DEFAULT:
1185 : case SMB_SIGNING_OFF:
1186 : case SMB_SIGNING_IF_REQUIRED:
1187 : case SMB_SIGNING_DESIRED:
1188 : case SMB_SIGNING_REQUIRED:
1189 2438 : break;
1190 0 : default:
1191 0 : PyErr_Format(PyExc_TypeError, "Invalid signing state value");
1192 0 : return NULL;
1193 : }
1194 :
1195 2438 : cli_credentials_set_smb_signing(creds, signing_state, obt);
1196 2438 : Py_RETURN_NONE;
1197 : }
1198 :
1199 44 : static PyObject *py_creds_get_smb_ipc_signing(PyObject *self, PyObject *unused)
1200 : {
1201 5 : enum smb_signing_setting signing_state;
1202 44 : struct cli_credentials *creds = NULL;
1203 :
1204 44 : creds = PyCredentials_AsCliCredentials(self);
1205 44 : if (creds == NULL) {
1206 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1207 0 : return NULL;
1208 : }
1209 :
1210 44 : signing_state = cli_credentials_get_smb_ipc_signing(creds);
1211 44 : return PyLong_FromLong(signing_state);
1212 : }
1213 :
1214 80 : static PyObject *py_creds_set_smb_ipc_signing(PyObject *self, PyObject *args)
1215 : {
1216 2 : enum smb_signing_setting signing_state;
1217 80 : struct cli_credentials *creds = NULL;
1218 80 : enum credentials_obtained obt = CRED_SPECIFIED;
1219 :
1220 80 : creds = PyCredentials_AsCliCredentials(self);
1221 80 : if (creds == NULL) {
1222 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1223 0 : return NULL;
1224 : }
1225 80 : if (!PyArg_ParseTuple(args, "i|i", &signing_state, &obt)) {
1226 0 : return NULL;
1227 : }
1228 :
1229 80 : switch (signing_state) {
1230 78 : case SMB_SIGNING_DEFAULT:
1231 : case SMB_SIGNING_OFF:
1232 : case SMB_SIGNING_IF_REQUIRED:
1233 : case SMB_SIGNING_DESIRED:
1234 : case SMB_SIGNING_REQUIRED:
1235 80 : break;
1236 0 : default:
1237 0 : PyErr_Format(PyExc_TypeError, "Invalid signing state value");
1238 0 : return NULL;
1239 : }
1240 :
1241 80 : cli_credentials_set_smb_ipc_signing(creds, signing_state, obt);
1242 80 : Py_RETURN_NONE;
1243 : }
1244 :
1245 5 : static PyObject *py_creds_get_smb_encryption(PyObject *self, PyObject *unused)
1246 : {
1247 5 : enum smb_encryption_setting encryption_state;
1248 5 : struct cli_credentials *creds = NULL;
1249 :
1250 5 : creds = PyCredentials_AsCliCredentials(self);
1251 5 : if (creds == NULL) {
1252 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1253 0 : return NULL;
1254 : }
1255 :
1256 5 : encryption_state = cli_credentials_get_smb_encryption(creds);
1257 5 : return PyLong_FromLong(encryption_state);
1258 : }
1259 :
1260 18 : static PyObject *py_creds_set_smb_encryption(PyObject *self, PyObject *args)
1261 : {
1262 2 : enum smb_encryption_setting encryption_state;
1263 18 : struct cli_credentials *creds = NULL;
1264 18 : enum credentials_obtained obt = CRED_SPECIFIED;
1265 :
1266 18 : creds = PyCredentials_AsCliCredentials(self);
1267 18 : if (creds == NULL) {
1268 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1269 0 : return NULL;
1270 : }
1271 18 : if (!PyArg_ParseTuple(args, "i|i", &encryption_state, &obt)) {
1272 0 : return NULL;
1273 : }
1274 :
1275 18 : switch (encryption_state) {
1276 16 : case SMB_ENCRYPTION_DEFAULT:
1277 : case SMB_ENCRYPTION_OFF:
1278 : case SMB_ENCRYPTION_IF_REQUIRED:
1279 : case SMB_ENCRYPTION_DESIRED:
1280 : case SMB_ENCRYPTION_REQUIRED:
1281 18 : break;
1282 0 : default:
1283 0 : PyErr_Format(PyExc_TypeError, "Invalid encryption state value");
1284 0 : return NULL;
1285 : }
1286 :
1287 18 : (void)cli_credentials_set_smb_encryption(creds, encryption_state, obt);
1288 18 : Py_RETURN_NONE;
1289 : }
1290 :
1291 0 : static PyObject *py_creds_get_krb5_fast_armor_credentials(PyObject *self, PyObject *unused)
1292 : {
1293 0 : struct cli_credentials *creds = NULL;
1294 0 : struct cli_credentials *fast_creds = NULL;
1295 :
1296 0 : creds = PyCredentials_AsCliCredentials(self);
1297 0 : if (creds == NULL) {
1298 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1299 0 : return NULL;
1300 : }
1301 :
1302 0 : fast_creds = cli_credentials_get_krb5_fast_armor_credentials(creds);
1303 0 : if (fast_creds == NULL) {
1304 0 : Py_RETURN_NONE;
1305 : }
1306 :
1307 0 : return PyCredentials_from_cli_credentials(fast_creds);
1308 : }
1309 :
1310 13 : static PyObject *py_creds_set_krb5_fast_armor_credentials(PyObject *self, PyObject *args)
1311 : {
1312 13 : struct cli_credentials *creds = NULL;
1313 0 : PyObject *pyfast_creds;
1314 13 : struct cli_credentials *fast_creds = NULL;
1315 13 : int fast_armor_required = 0;
1316 0 : NTSTATUS status;
1317 :
1318 13 : creds = PyCredentials_AsCliCredentials(self);
1319 13 : if (creds == NULL) {
1320 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1321 0 : return NULL;
1322 : }
1323 13 : if (!PyArg_ParseTuple(args, "Op", &pyfast_creds, &fast_armor_required)) {
1324 0 : return NULL;
1325 : }
1326 13 : if (pyfast_creds == Py_None) {
1327 2 : fast_creds = NULL;
1328 : } else {
1329 11 : fast_creds = PyCredentials_AsCliCredentials(pyfast_creds);
1330 11 : if (fast_creds == NULL) {
1331 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1332 0 : return NULL;
1333 : }
1334 : }
1335 :
1336 13 : status = cli_credentials_set_krb5_fast_armor_credentials(creds,
1337 : fast_creds,
1338 : fast_armor_required);
1339 :
1340 13 : PyErr_NTSTATUS_IS_ERR_RAISE(status);
1341 13 : Py_RETURN_NONE;
1342 : }
1343 :
1344 0 : static PyObject *py_creds_get_krb5_require_fast_armor(PyObject *self, PyObject *unused)
1345 : {
1346 0 : bool krb5_fast_armor_required;
1347 0 : struct cli_credentials *creds = NULL;
1348 :
1349 0 : creds = PyCredentials_AsCliCredentials(self);
1350 0 : if (creds == NULL) {
1351 0 : PyErr_Format(PyExc_TypeError, "Credentials expected");
1352 0 : return NULL;
1353 : }
1354 :
1355 0 : krb5_fast_armor_required = cli_credentials_get_krb5_require_fast_armor(creds);
1356 0 : return PyBool_FromLong(krb5_fast_armor_required);
1357 : }
1358 :
1359 : static PyMethodDef py_creds_methods[] = {
1360 : {
1361 : .ml_name = "get_username",
1362 : .ml_meth = py_creds_get_username,
1363 : .ml_flags = METH_NOARGS,
1364 : .ml_doc = "S.get_username() -> username\nObtain username.",
1365 : },
1366 : {
1367 : .ml_name = "set_username",
1368 : .ml_meth = py_creds_set_username,
1369 : .ml_flags = METH_VARARGS,
1370 : .ml_doc = "S.set_username(name[, credentials.SPECIFIED]) -> None\n"
1371 : "Change username.",
1372 : },
1373 : {
1374 : .ml_name = "get_principal",
1375 : .ml_meth = py_creds_get_principal,
1376 : .ml_flags = METH_NOARGS,
1377 : .ml_doc = "S.get_principal() -> user@realm\nObtain user principal.",
1378 : },
1379 : {
1380 : .ml_name = "set_principal",
1381 : .ml_meth = py_creds_set_principal,
1382 : .ml_flags = METH_VARARGS,
1383 : .ml_doc = "S.set_principal(name[, credentials.SPECIFIED]) -> None\n"
1384 : "Change principal.",
1385 : },
1386 : {
1387 : .ml_name = "get_password",
1388 : .ml_meth = py_creds_get_password,
1389 : .ml_flags = METH_NOARGS,
1390 : .ml_doc = "S.get_password() -> password\n"
1391 : "Obtain password.",
1392 : },
1393 : {
1394 : .ml_name = "get_ntlm_username_domain",
1395 : .ml_meth = py_creds_get_ntlm_username_domain,
1396 : .ml_flags = METH_NOARGS,
1397 : .ml_doc = "S.get_ntlm_username_domain() -> (domain, username)\n"
1398 : "Obtain NTLM username and domain, split up either as (DOMAIN, user) or (\"\", \"user@realm\").",
1399 : },
1400 : {
1401 : .ml_name = "get_ntlm_response",
1402 : .ml_meth = PY_DISCARD_FUNC_SIG(PyCFunction,
1403 : py_creds_get_ntlm_response),
1404 : .ml_flags = METH_VARARGS | METH_KEYWORDS,
1405 : .ml_doc = "S.get_ntlm_response"
1406 : "(flags, challenge[, target_info]) -> "
1407 : "(flags, lm_response, nt_response, lm_session_key, nt_session_key)\n"
1408 : "Obtain LM or NTLM response.",
1409 : },
1410 : {
1411 : .ml_name = "set_password",
1412 : .ml_meth = py_creds_set_password,
1413 : .ml_flags = METH_VARARGS,
1414 : .ml_doc = "S.set_password(password[, credentials.SPECIFIED]) -> None\n"
1415 : "Change password.",
1416 : },
1417 : {
1418 : .ml_name = "set_utf16_password",
1419 : .ml_meth = py_creds_set_utf16_password,
1420 : .ml_flags = METH_VARARGS,
1421 : .ml_doc = "S.set_utf16_password(password[, credentials.SPECIFIED]) -> None\n"
1422 : "Change password.",
1423 : },
1424 : {
1425 : .ml_name = "get_old_password",
1426 : .ml_meth = py_creds_get_old_password,
1427 : .ml_flags = METH_NOARGS,
1428 : .ml_doc = "S.get_old_password() -> password\n"
1429 : "Obtain old password.",
1430 : },
1431 : {
1432 : .ml_name = "set_old_password",
1433 : .ml_meth = py_creds_set_old_password,
1434 : .ml_flags = METH_VARARGS,
1435 : .ml_doc = "S.set_old_password(password[, credentials.SPECIFIED]) -> None\n"
1436 : "Change old password.",
1437 : },
1438 : {
1439 : .ml_name = "set_old_utf16_password",
1440 : .ml_meth = py_creds_set_old_utf16_password,
1441 : .ml_flags = METH_VARARGS,
1442 : .ml_doc = "S.set_old_utf16_password(password[, credentials.SPECIFIED]) -> None\n"
1443 : "Change old password.",
1444 : },
1445 : {
1446 : .ml_name = "get_domain",
1447 : .ml_meth = py_creds_get_domain,
1448 : .ml_flags = METH_NOARGS,
1449 : .ml_doc = "S.get_domain() -> domain\n"
1450 : "Obtain domain name.",
1451 : },
1452 : {
1453 : .ml_name = "set_domain",
1454 : .ml_meth = py_creds_set_domain,
1455 : .ml_flags = METH_VARARGS,
1456 : .ml_doc = "S.set_domain(domain[, credentials.SPECIFIED]) -> None\n"
1457 : "Change domain name.",
1458 : },
1459 : {
1460 : .ml_name = "get_realm",
1461 : .ml_meth = py_creds_get_realm,
1462 : .ml_flags = METH_NOARGS,
1463 : .ml_doc = "S.get_realm() -> realm\n"
1464 : "Obtain realm name.",
1465 : },
1466 : {
1467 : .ml_name = "set_realm",
1468 : .ml_meth = py_creds_set_realm,
1469 : .ml_flags = METH_VARARGS,
1470 : .ml_doc = "S.set_realm(realm[, credentials.SPECIFIED]) -> None\n"
1471 : "Change realm name.",
1472 : },
1473 : {
1474 : .ml_name = "get_bind_dn",
1475 : .ml_meth = py_creds_get_bind_dn,
1476 : .ml_flags = METH_NOARGS,
1477 : .ml_doc = "S.get_bind_dn() -> bind dn\n"
1478 : "Obtain bind DN.",
1479 : },
1480 : {
1481 : .ml_name = "set_bind_dn",
1482 : .ml_meth = py_creds_set_bind_dn,
1483 : .ml_flags = METH_VARARGS,
1484 : .ml_doc = "S.set_bind_dn(bind_dn) -> None\n"
1485 : "Change bind DN.",
1486 : },
1487 : {
1488 : .ml_name = "is_anonymous",
1489 : .ml_meth = py_creds_is_anonymous,
1490 : .ml_flags = METH_NOARGS,
1491 : },
1492 : {
1493 : .ml_name = "set_anonymous",
1494 : .ml_meth = py_creds_set_anonymous,
1495 : .ml_flags = METH_NOARGS,
1496 : .ml_doc = "S.set_anonymous() -> None\n"
1497 : "Use anonymous credentials.",
1498 : },
1499 : {
1500 : .ml_name = "get_workstation",
1501 : .ml_meth = py_creds_get_workstation,
1502 : .ml_flags = METH_NOARGS,
1503 : },
1504 : {
1505 : .ml_name = "set_workstation",
1506 : .ml_meth = py_creds_set_workstation,
1507 : .ml_flags = METH_VARARGS,
1508 : },
1509 : {
1510 : .ml_name = "authentication_requested",
1511 : .ml_meth = py_creds_authentication_requested,
1512 : .ml_flags = METH_NOARGS,
1513 : },
1514 : {
1515 : .ml_name = "wrong_password",
1516 : .ml_meth = py_creds_wrong_password,
1517 : .ml_flags = METH_NOARGS,
1518 : .ml_doc = "S.wrong_password() -> bool\n"
1519 : "Indicate the returned password was incorrect.",
1520 : },
1521 : {
1522 : .ml_name = "set_cmdline_callbacks",
1523 : .ml_meth = py_creds_set_cmdline_callbacks,
1524 : .ml_flags = METH_NOARGS,
1525 : .ml_doc = "S.set_cmdline_callbacks() -> bool\n"
1526 : "Use command-line to obtain credentials not explicitly set.",
1527 : },
1528 : {
1529 : .ml_name = "parse_string",
1530 : .ml_meth = py_creds_parse_string,
1531 : .ml_flags = METH_VARARGS,
1532 : .ml_doc = "S.parse_string(text[, credentials.SPECIFIED]) -> None\n"
1533 : "Parse credentials string.",
1534 : },
1535 : {
1536 : .ml_name = "parse_file",
1537 : .ml_meth = py_creds_parse_file,
1538 : .ml_flags = METH_VARARGS,
1539 : .ml_doc = "S.parse_file(filename[, credentials.SPECIFIED]) -> None\n"
1540 : "Parse credentials file.",
1541 : },
1542 : {
1543 : .ml_name = "set_password_will_be_nt_hash",
1544 : .ml_meth = py_cli_credentials_set_password_will_be_nt_hash,
1545 : .ml_flags = METH_VARARGS,
1546 : .ml_doc = "S.set_password_will_be_nt_hash(bool) -> None\n"
1547 : "Alters the behaviour of S.set_password() "
1548 : "to expect the NTHASH as hexstring.",
1549 : },
1550 : {
1551 : .ml_name = "get_nt_hash",
1552 : .ml_meth = py_creds_get_nt_hash,
1553 : .ml_flags = METH_NOARGS,
1554 : },
1555 : {
1556 : .ml_name = "set_nt_hash",
1557 : .ml_meth = py_creds_set_nt_hash,
1558 : .ml_flags = METH_VARARGS,
1559 : .ml_doc = "S.set_net_sh(samr_Password[, credentials.SPECIFIED]) -> bool\n"
1560 : "Change NT hash.",
1561 : },
1562 : {
1563 : .ml_name = "get_kerberos_state",
1564 : .ml_meth = py_creds_get_kerberos_state,
1565 : .ml_flags = METH_NOARGS,
1566 : },
1567 : {
1568 : .ml_name = "set_kerberos_state",
1569 : .ml_meth = py_creds_set_kerberos_state,
1570 : .ml_flags = METH_VARARGS,
1571 : },
1572 : {
1573 : .ml_name = "set_krb_forwardable",
1574 : .ml_meth = py_creds_set_krb_forwardable,
1575 : .ml_flags = METH_VARARGS,
1576 : },
1577 : {
1578 : .ml_name = "set_conf",
1579 : .ml_meth = py_creds_set_conf,
1580 : .ml_flags = METH_VARARGS,
1581 : },
1582 : {
1583 : .ml_name = "guess",
1584 : .ml_meth = py_creds_guess,
1585 : .ml_flags = METH_VARARGS,
1586 : },
1587 : {
1588 : .ml_name = "set_machine_account",
1589 : .ml_meth = py_creds_set_machine_account,
1590 : .ml_flags = METH_VARARGS,
1591 : },
1592 : {
1593 : .ml_name = "get_named_ccache",
1594 : .ml_meth = py_creds_get_named_ccache,
1595 : .ml_flags = METH_VARARGS,
1596 : },
1597 : {
1598 : .ml_name = "set_named_ccache",
1599 : .ml_meth = py_creds_set_named_ccache,
1600 : .ml_flags = METH_VARARGS,
1601 : .ml_doc = "S.set_named_ccache(krb5_ccache_name, obtained, lp) -> None\n"
1602 : "Set credentials to KRB5 Credentials Cache (by name).",
1603 : },
1604 : {
1605 : .ml_name = "set_gensec_features",
1606 : .ml_meth = py_creds_set_gensec_features,
1607 : .ml_flags = METH_VARARGS,
1608 : },
1609 : {
1610 : .ml_name = "get_gensec_features",
1611 : .ml_meth = py_creds_get_gensec_features,
1612 : .ml_flags = METH_NOARGS,
1613 : },
1614 : {
1615 : .ml_name = "get_forced_sasl_mech",
1616 : .ml_meth = py_creds_get_forced_sasl_mech,
1617 : .ml_flags = METH_NOARGS,
1618 : .ml_doc = "S.get_forced_sasl_mech() -> SASL mechanism\nObtain forced SASL mechanism.",
1619 : },
1620 : {
1621 : .ml_name = "set_forced_sasl_mech",
1622 : .ml_meth = py_creds_set_forced_sasl_mech,
1623 : .ml_flags = METH_VARARGS,
1624 : .ml_doc = "S.set_forced_sasl_mech(name) -> None\n"
1625 : "Set forced SASL mechanism.",
1626 : },
1627 : {
1628 : .ml_name = "new_client_authenticator",
1629 : .ml_meth = py_creds_new_client_authenticator,
1630 : .ml_flags = METH_NOARGS,
1631 : .ml_doc = "S.new_client_authenticator() -> Authenticator\n"
1632 : "Get a new client NETLOGON_AUTHENTICATOR"},
1633 : {
1634 : .ml_name = "set_secure_channel_type",
1635 : .ml_meth = py_creds_set_secure_channel_type,
1636 : .ml_flags = METH_VARARGS,
1637 : },
1638 : {
1639 : .ml_name = "get_secure_channel_type",
1640 : .ml_meth = py_creds_get_secure_channel_type,
1641 : .ml_flags = METH_VARARGS,
1642 : },
1643 : {
1644 : .ml_name = "set_kerberos_salt_principal",
1645 : .ml_meth = py_creds_set_kerberos_salt_principal,
1646 : .ml_flags = METH_VARARGS,
1647 : },
1648 : {
1649 : .ml_name = "get_kerberos_salt_principal",
1650 : .ml_meth = py_creds_get_kerberos_salt_principal,
1651 : .ml_flags = METH_VARARGS,
1652 : },
1653 : {
1654 : .ml_name = "get_kerberos_key",
1655 : .ml_meth = py_creds_get_kerberos_key,
1656 : .ml_flags = METH_VARARGS,
1657 : .ml_doc = "S.get_kerberos_key(enctype, [lp]) -> bytes\n"
1658 : "Generate a Kerberos key using the current password and\n"
1659 : "the salt on this credentials object",
1660 : },
1661 : {
1662 : .ml_name = "get_old_kerberos_key",
1663 : .ml_meth = py_creds_get_old_kerberos_key,
1664 : .ml_flags = METH_VARARGS,
1665 : .ml_doc = "S.get_old_kerberos_key(enctype, [lp]) -> bytes\n"
1666 : "Generate a Kerberos key using the old (previous) password and\n"
1667 : "the salt on this credentials object",
1668 : },
1669 : {
1670 : .ml_name = "encrypt_netr_crypt_password",
1671 : .ml_meth = py_creds_encrypt_netr_crypt_password,
1672 : .ml_flags = METH_VARARGS,
1673 : .ml_doc = "S.encrypt_netr_crypt_password(password) -> None\n"
1674 : "Encrypt the supplied password using the session key and\n"
1675 : "the negotiated encryption algorithm in place\n"
1676 : "i.e. it overwrites the original data"},
1677 : {
1678 : .ml_name = "encrypt_samr_password",
1679 : .ml_meth = py_creds_encrypt_samr_password,
1680 : .ml_flags = METH_VARARGS,
1681 : .ml_doc = "S.encrypt_samr_password(password) -> None\n"
1682 : "Encrypt the supplied password using the session key and\n"
1683 : "the negotiated encryption algorithm in place\n"
1684 : "i.e. it overwrites the original data"
1685 : },
1686 : {
1687 : .ml_name = "get_smb_signing",
1688 : .ml_meth = py_creds_get_smb_signing,
1689 : .ml_flags = METH_NOARGS,
1690 : },
1691 : {
1692 : .ml_name = "set_smb_signing",
1693 : .ml_meth = py_creds_set_smb_signing,
1694 : .ml_flags = METH_VARARGS,
1695 : },
1696 : {
1697 : .ml_name = "get_smb_ipc_signing",
1698 : .ml_meth = py_creds_get_smb_ipc_signing,
1699 : .ml_flags = METH_NOARGS,
1700 : },
1701 : {
1702 : .ml_name = "set_smb_ipc_signing",
1703 : .ml_meth = py_creds_set_smb_ipc_signing,
1704 : .ml_flags = METH_VARARGS,
1705 : },
1706 : {
1707 : .ml_name = "get_smb_encryption",
1708 : .ml_meth = py_creds_get_smb_encryption,
1709 : .ml_flags = METH_NOARGS,
1710 : },
1711 : {
1712 : .ml_name = "set_smb_encryption",
1713 : .ml_meth = py_creds_set_smb_encryption,
1714 : .ml_flags = METH_VARARGS,
1715 : },
1716 : {
1717 : .ml_name = "get_krb5_fast_armor_credentials",
1718 : .ml_meth = py_creds_get_krb5_fast_armor_credentials,
1719 : .ml_flags = METH_NOARGS,
1720 : .ml_doc = "S.get_krb5_fast_armor_credentials() -> Credentials\n"
1721 : "Get the Kerberos FAST credentials set on this credentials object"
1722 : },
1723 : {
1724 : .ml_name = "set_krb5_fast_armor_credentials",
1725 : .ml_meth = py_creds_set_krb5_fast_armor_credentials,
1726 : .ml_flags = METH_VARARGS,
1727 : .ml_doc = "S.set_krb5_fast_armor_credentials(credentials, required) -> None\n"
1728 : "Set Kerberos FAST credentials for this credentials object, and if FAST armoring must be used."
1729 : },
1730 : {
1731 : .ml_name = "get_krb5_require_fast_armor",
1732 : .ml_meth = py_creds_get_krb5_require_fast_armor,
1733 : .ml_flags = METH_NOARGS,
1734 : .ml_doc = "S.get_krb5_fast_armor() -> bool\n"
1735 : "Indicate if Kerberos FAST armor is required"
1736 : },
1737 : { .ml_name = NULL }
1738 : };
1739 :
1740 : static struct PyModuleDef moduledef = {
1741 : PyModuleDef_HEAD_INIT,
1742 : .m_name = "credentials",
1743 : .m_doc = "Credentials management.",
1744 : .m_size = -1,
1745 : .m_methods = py_creds_methods,
1746 : };
1747 :
1748 : PyTypeObject PyCredentials = {
1749 : .tp_name = "credentials.Credentials",
1750 : .tp_new = py_creds_new,
1751 : .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE,
1752 : .tp_methods = py_creds_methods,
1753 : };
1754 :
1755 1858 : static PyObject *py_ccache_name(PyObject *self, PyObject *unused)
1756 : {
1757 1858 : struct ccache_container *ccc = NULL;
1758 1858 : char *name = NULL;
1759 1858 : PyObject *py_name = NULL;
1760 0 : int ret;
1761 :
1762 1858 : ccc = pytalloc_get_type(self, struct ccache_container);
1763 :
1764 1858 : ret = krb5_cc_get_full_name(ccc->smb_krb5_context->krb5_context,
1765 : ccc->ccache, &name);
1766 1858 : if (ret == 0) {
1767 1858 : py_name = PyString_FromStringOrNULL(name);
1768 1858 : krb5_free_string(ccc->smb_krb5_context->krb5_context, name);
1769 : } else {
1770 0 : PyErr_SetString(PyExc_RuntimeError,
1771 : "Failed to get ccache name");
1772 0 : return NULL;
1773 : }
1774 1858 : return py_name;
1775 : }
1776 :
1777 : static PyMethodDef py_ccache_container_methods[] = {
1778 : { "get_name", py_ccache_name, METH_NOARGS,
1779 : "S.get_name() -> name\nObtain KRB5 credentials cache name." },
1780 : {0}
1781 : };
1782 :
1783 : PyTypeObject PyCredentialCacheContainer = {
1784 : .tp_name = "credentials.CredentialCacheContainer",
1785 : .tp_flags = Py_TPFLAGS_DEFAULT,
1786 : .tp_methods = py_ccache_container_methods,
1787 : };
1788 :
1789 7672 : MODULE_INIT_FUNC(credentials)
1790 : {
1791 192 : PyObject *m;
1792 7672 : if (pytalloc_BaseObject_PyType_Ready(&PyCredentials) < 0)
1793 0 : return NULL;
1794 :
1795 7672 : if (pytalloc_BaseObject_PyType_Ready(&PyCredentialCacheContainer) < 0)
1796 0 : return NULL;
1797 :
1798 7672 : m = PyModule_Create(&moduledef);
1799 7672 : if (m == NULL)
1800 0 : return NULL;
1801 :
1802 7672 : PyModule_AddObject(m, "UNINITIALISED", PyLong_FromLong(CRED_UNINITIALISED));
1803 7672 : PyModule_AddObject(m, "SMB_CONF", PyLong_FromLong(CRED_SMB_CONF));
1804 7672 : PyModule_AddObject(m, "CALLBACK", PyLong_FromLong(CRED_CALLBACK));
1805 7672 : PyModule_AddObject(m, "GUESS_ENV", PyLong_FromLong(CRED_GUESS_ENV));
1806 7672 : PyModule_AddObject(m, "GUESS_FILE", PyLong_FromLong(CRED_GUESS_FILE));
1807 7672 : PyModule_AddObject(m, "CALLBACK_RESULT", PyLong_FromLong(CRED_CALLBACK_RESULT));
1808 7672 : PyModule_AddObject(m, "SPECIFIED", PyLong_FromLong(CRED_SPECIFIED));
1809 :
1810 7672 : PyModule_AddObject(m, "AUTO_USE_KERBEROS", PyLong_FromLong(CRED_USE_KERBEROS_DESIRED));
1811 7672 : PyModule_AddObject(m, "DONT_USE_KERBEROS", PyLong_FromLong(CRED_USE_KERBEROS_DISABLED));
1812 7672 : PyModule_AddObject(m, "MUST_USE_KERBEROS", PyLong_FromLong(CRED_USE_KERBEROS_REQUIRED));
1813 :
1814 7672 : PyModule_AddObject(m, "AUTO_KRB_FORWARDABLE", PyLong_FromLong(CRED_AUTO_KRB_FORWARDABLE));
1815 7672 : PyModule_AddObject(m, "NO_KRB_FORWARDABLE", PyLong_FromLong(CRED_NO_KRB_FORWARDABLE));
1816 7672 : PyModule_AddObject(m, "FORCE_KRB_FORWARDABLE", PyLong_FromLong(CRED_FORCE_KRB_FORWARDABLE));
1817 7672 : PyModule_AddObject(m, "CLI_CRED_NTLM2", PyLong_FromLong(CLI_CRED_NTLM2));
1818 7672 : PyModule_AddObject(m, "CLI_CRED_NTLMv2_AUTH", PyLong_FromLong(CLI_CRED_NTLMv2_AUTH));
1819 7672 : PyModule_AddObject(m, "CLI_CRED_LANMAN_AUTH", PyLong_FromLong(CLI_CRED_LANMAN_AUTH));
1820 7672 : PyModule_AddObject(m, "CLI_CRED_NTLM_AUTH", PyLong_FromLong(CLI_CRED_NTLM_AUTH));
1821 7672 : PyModule_AddObject(m, "CLI_CRED_CLEAR_AUTH", PyLong_FromLong(CLI_CRED_CLEAR_AUTH));
1822 :
1823 7672 : PyModule_AddObject(m, "SMB_SIGNING_DEFAULT", PyLong_FromLong(SMB_SIGNING_DEFAULT));
1824 7672 : PyModule_AddObject(m, "SMB_SIGNING_OFF", PyLong_FromLong(SMB_SIGNING_OFF));
1825 7672 : PyModule_AddObject(m, "SMB_SIGNING_IF_REQUIRED", PyLong_FromLong(SMB_SIGNING_IF_REQUIRED));
1826 7672 : PyModule_AddObject(m, "SMB_SIGNING_DESIRED", PyLong_FromLong(SMB_SIGNING_DESIRED));
1827 7672 : PyModule_AddObject(m, "SMB_SIGNING_REQUIRED", PyLong_FromLong(SMB_SIGNING_REQUIRED));
1828 :
1829 7672 : PyModule_AddObject(m, "SMB_ENCRYPTION_DEFAULT", PyLong_FromLong(SMB_ENCRYPTION_DEFAULT));
1830 7672 : PyModule_AddObject(m, "SMB_ENCRYPTION_OFF", PyLong_FromLong(SMB_ENCRYPTION_OFF));
1831 7672 : PyModule_AddObject(m, "SMB_ENCRYPTION_IF_REQUIRED", PyLong_FromLong(SMB_ENCRYPTION_IF_REQUIRED));
1832 7672 : PyModule_AddObject(m, "SMB_ENCRYPTION_DESIRED", PyLong_FromLong(SMB_ENCRYPTION_DESIRED));
1833 7672 : PyModule_AddObject(m, "SMB_ENCRYPTION_REQUIRED", PyLong_FromLong(SMB_ENCRYPTION_REQUIRED));
1834 :
1835 7672 : PyModule_AddObject(m, "ENCTYPE_ARCFOUR_HMAC", PyLong_FromLong(ENCTYPE_ARCFOUR_HMAC));
1836 7672 : PyModule_AddObject(m, "ENCTYPE_AES128_CTS_HMAC_SHA1_96", PyLong_FromLong(ENCTYPE_AES128_CTS_HMAC_SHA1_96));
1837 7672 : PyModule_AddObject(m, "ENCTYPE_AES256_CTS_HMAC_SHA1_96", PyLong_FromLong(ENCTYPE_AES256_CTS_HMAC_SHA1_96));
1838 :
1839 6419 : Py_INCREF(&PyCredentials);
1840 7672 : PyModule_AddObject(m, "Credentials", (PyObject *)&PyCredentials);
1841 6419 : Py_INCREF(&PyCredentialCacheContainer);
1842 7672 : PyModule_AddObject(m, "CredentialCacheContainer", (PyObject *)&PyCredentialCacheContainer);
1843 7672 : return m;
1844 : }
|
