summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJelmer Vernooij <jelmer@samba.org>2007-11-29 14:49:47 +0100
committerStefan Metzmacher <metze@samba.org>2007-12-21 05:46:47 +0100
commitf2f16b45b58c2bbf3053ff55e7a290fc069e0efd (patch)
treecbdfe72b17761638da5119a6085d9f5774f62c51
parent8515d23a3a920c27b37f3653850c61ba0f6eec71 (diff)
downloadsamba-f2f16b45b58c2bbf3053ff55e7a290fc069e0efd.tar.gz
samba-f2f16b45b58c2bbf3053ff55e7a290fc069e0efd.tar.bz2
samba-f2f16b45b58c2bbf3053ff55e7a290fc069e0efd.zip
r26197: Add bindings for libsecurity.
(This used to be commit 8625cd403ba3a7d2b1b1fccfeb5efd7e21de0135)
-rw-r--r--.bzrignore2
-rwxr-xr-xsource4/autogen.sh2
-rw-r--r--source4/lib/ldb/ldb_ildap/config.mk1
-rw-r--r--source4/lib/ldb/ldb_tdb/ldb_tdb_wrap.c153
-rw-r--r--source4/lib/ldb_wrap.c186
-rw-r--r--source4/lib/talloc/config.mk9
-rw-r--r--source4/lib/talloc/talloc.i2
-rw-r--r--source4/lib/tdb_wrap.c117
-rw-r--r--source4/libcli/security/config.mk8
-rw-r--r--source4/libcli/security/security.i121
-rw-r--r--source4/libcli/security/tests/bindings.py65
-rw-r--r--source4/scripting/python/config.mk4
-rw-r--r--source4/scripting/python/sidmodule.c56
-rwxr-xr-xsource4/selftest/samba4_tests.sh1
14 files changed, 197 insertions, 530 deletions
diff --git a/.bzrignore b/.bzrignore
index 270f318819..dd96e8280f 100644
--- a/.bzrignore
+++ b/.bzrignore
@@ -230,3 +230,5 @@ source/libcli/swig/libcli_smb_wrap.c
source/libcli/swig/libcli_nbt_wrap.c
source/lib/events/events.py
source/lib/events/events_wrap.c
+source/libcli/security/security_wrap.c
+source/libcli/security/security.py
diff --git a/source4/autogen.sh b/source4/autogen.sh
index 9288cba986..667ac89a44 100755
--- a/source4/autogen.sh
+++ b/source4/autogen.sh
@@ -65,7 +65,7 @@ rm -rf autom4te*.cache
# Run swig if it is available
SWIG=swig
-SWIG_FILES="./scripting/python/misc.i ./auth/auth.i ./auth/credentials/credentials.i ./lib/talloc/talloc.i ./lib/ldb/ldb.i ./lib/registry/registry.i ./lib/tdb/tdb.i ./libcli/swig/libcli_smb.i ./libcli/swig/libcli_nbt.i ./librpc/rpc/dcerpc.i lib/events/events.i"
+SWIG_FILES="./scripting/python/misc.i ./auth/auth.i ./auth/credentials/credentials.i ./lib/ldb/ldb.i ./lib/registry/registry.i ./lib/tdb/tdb.i ./libcli/swig/libcli_smb.i ./libcli/swig/libcli_nbt.i ./librpc/rpc/dcerpc.i lib/events/events.i libcli/security/security.i"
if which $SWIG >/dev/null 2>&1; then
for I in $SWIG_FILES
do
diff --git a/source4/lib/ldb/ldb_ildap/config.mk b/source4/lib/ldb/ldb_ildap/config.mk
index 71887c14f8..f7ed3469f3 100644
--- a/source4/lib/ldb/ldb_ildap/config.mk
+++ b/source4/lib/ldb/ldb_ildap/config.mk
@@ -3,6 +3,7 @@
[MODULE::ldb_ildap]
SUBSYSTEM = LIBLDB
CFLAGS = -Ilib/ldb/include
+OUTPUT_TYPE = SHARED_LIBRARY
PRIVATE_DEPENDENCIES = LIBTALLOC LIBCLI_LDAP
INIT_FUNCTION = ldb_ildap_init
ALIASES = ldapi ldaps ldap
diff --git a/source4/lib/ldb/ldb_tdb/ldb_tdb_wrap.c b/source4/lib/ldb/ldb_tdb/ldb_tdb_wrap.c
deleted file mode 100644
index 654574cd2f..0000000000
--- a/source4/lib/ldb/ldb_tdb/ldb_tdb_wrap.c
+++ /dev/null
@@ -1,153 +0,0 @@
-/*
- ldb database library
-
- Copyright (C) Andrew Tridgell 2005
-
- ** NOTE! The following LGPL license applies to the ldb
- ** library. This does NOT imply that all of Samba is released
- ** under the LGPL
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 3 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "ldb_includes.h"
-
-#include "ldb_tdb.h"
-
-/*
- the purpose of this code is to work around the braindead posix locking
- rules, to allow us to have a ldb open more than once while allowing
- locking to work
-*/
-
-struct ltdb_wrap {
- struct ltdb_wrap *next, *prev;
- struct tdb_context *tdb;
- dev_t device;
- ino_t inode;
-};
-
-static struct ltdb_wrap *tdb_list;
-
-/* destroy the last connection to a tdb */
-static int ltdb_wrap_destructor(struct ltdb_wrap *w)
-{
- tdb_close(w->tdb);
- if (w->next) {
- w->next->prev = w->prev;
- }
- if (w->prev) {
- w->prev->next = w->next;
- }
- if (w == tdb_list) {
- tdb_list = w->next;
- }
- return 0;
-}
-
-static void ltdb_log_fn(struct tdb_context *tdb, enum tdb_debug_level level, const char *fmt, ...) PRINTF_ATTRIBUTE(3, 4);
-static void ltdb_log_fn(struct tdb_context *tdb, enum tdb_debug_level level, const char *fmt, ...)
-{
- va_list ap;
- const char *name = tdb_name(tdb);
- struct ldb_context *ldb = talloc_get_type(tdb_get_logging_private(tdb), struct ldb_context);
- enum ldb_debug_level ldb_level;
- char *message;
- va_start(ap, fmt);
- message = talloc_vasprintf(ldb, fmt, ap);
- va_end(ap);
-
- switch (level) {
- case TDB_DEBUG_FATAL:
- ldb_level = LDB_DEBUG_FATAL;
- break;
- case TDB_DEBUG_ERROR:
- ldb_level = LDB_DEBUG_ERROR;
- break;
- case TDB_DEBUG_WARNING:
- ldb_level = LDB_DEBUG_WARNING;
- break;
- case TDB_DEBUG_TRACE:
- ldb_level = LDB_DEBUG_TRACE;
- break;
- default:
- ldb_level = LDB_DEBUG_FATAL;
- }
-
- ldb_debug(ldb, ldb_level, "ltdb: tdb(%s): %s", name, message);
- talloc_free(message);
-}
-
-/*
- wrapped connection to a tdb database. The caller should _not_ free
- this as it is not a talloc structure (as tdb does not use talloc
- yet). It will auto-close when the caller frees the mem_ctx that is
- passed to this call
- */
-struct tdb_context *ltdb_wrap_open(TALLOC_CTX *mem_ctx,
- const char *path, int hash_size,
- int tdb_flags,
- int open_flags, mode_t mode,
- struct ldb_context *ldb)
-{
- struct ltdb_wrap *w;
- struct stat st;
- struct tdb_logging_context log_ctx;
-
- log_ctx.log_fn = ltdb_log_fn;
- log_ctx.log_private = ldb;
-
- if (stat(path, &st) == 0) {
- for (w=tdb_list;w;w=w->next) {
- if (st.st_dev == w->device && st.st_ino == w->inode) {
- if (!talloc_reference(mem_ctx, w)) {
- return NULL;
- }
- return w->tdb;
- }
- }
- }
-
- w = talloc(mem_ctx, struct ltdb_wrap);
- if (w == NULL) {
- return NULL;
- }
-
- w->tdb = tdb_open_ex(path, hash_size, tdb_flags, open_flags, mode, &log_ctx, NULL);
- if (w->tdb == NULL) {
- talloc_free(w);
- return NULL;
- }
-
- if (fstat(tdb_fd(w->tdb), &st) != 0) {
- tdb_close(w->tdb);
- talloc_free(w);
- return NULL;
- }
-
- w->device = st.st_dev;
- w->inode = st.st_ino;
-
- talloc_set_destructor(w, ltdb_wrap_destructor);
-
- w->next = tdb_list;
- w->prev = NULL;
- if (tdb_list) {
- tdb_list->prev = w;
- }
- tdb_list = w;
-
- return w->tdb;
-}
-
diff --git a/source4/lib/ldb_wrap.c b/source4/lib/ldb_wrap.c
deleted file mode 100644
index 21ca04997e..0000000000
--- a/source4/lib/ldb_wrap.c
+++ /dev/null
@@ -1,186 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- LDB wrap functions
-
- Copyright (C) Andrew Tridgell 2004
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/*
- the stupidity of the unix fcntl locking design forces us to never
- allow a database file to be opened twice in the same process. These
- wrappers provide convenient access to a tdb or ldb, taking advantage
- of talloc destructors to ensure that only a single open is done
-*/
-
-#include "includes.h"
-#include "lib/events/events.h"
-#include "lib/ldb/include/ldb.h"
-#include "lib/ldb/include/ldb_errors.h"
-#include "lib/ldb-samba/ldif_handlers.h"
-#include "ldb_wrap.h"
-#include "dsdb/samdb/samdb.h"
-#include "param/param.h"
-
-/*
- this is used to catch debug messages from ldb
-*/
-static void ldb_wrap_debug(void *context, enum ldb_debug_level level,
- const char *fmt, va_list ap) PRINTF_ATTRIBUTE(3,0);
-
-static void ldb_wrap_debug(void *context, enum ldb_debug_level level,
- const char *fmt, va_list ap)
-{
- int samba_level;
- char *s = NULL;
- switch (level) {
- case LDB_DEBUG_FATAL:
- samba_level = 0;
- break;
- case LDB_DEBUG_ERROR:
- samba_level = 1;
- break;
- case LDB_DEBUG_WARNING:
- samba_level = 2;
- break;
- case LDB_DEBUG_TRACE:
- samba_level = 5;
- break;
-
- };
- vasprintf(&s, fmt, ap);
- if (!s) return;
- DEBUG(level, ("ldb: %s\n", s));
- free(s);
-}
-
-/* check for memory leaks on the ldb context */
-static int ldb_wrap_destructor(struct ldb_context *ldb)
-{
- size_t *startup_blocks = (size_t *)ldb_get_opaque(ldb, "startup_blocks");
- if (startup_blocks &&
- talloc_total_blocks(ldb) > *startup_blocks + 400) {
- DEBUG(0,("WARNING: probable memory leak in ldb %s - %lu blocks (startup %lu) %lu bytes\n",
- (char *)ldb_get_opaque(ldb, "wrap_url"),
- (unsigned long)talloc_total_blocks(ldb),
- (unsigned long)*startup_blocks,
- (unsigned long)talloc_total_size(ldb)));
-#if 0
- talloc_report_full(ldb, stdout);
- call_backtrace();
- smb_panic("probable memory leak in ldb");
-#endif
- }
- return 0;
-}
-
-/*
- wrapped connection to a ldb database
- to close just talloc_free() the returned ldb_context
-
- TODO: We need an error_string parameter
- */
-struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx,
- struct loadparm_context *lp_ctx,
- const char *url,
- struct auth_session_info *session_info,
- struct cli_credentials *credentials,
- unsigned int flags,
- const char *options[])
-{
- struct ldb_context *ldb;
- int ret;
- struct event_context *ev;
- char *real_url = NULL;
- size_t *startup_blocks;
-
- ldb = ldb_init(mem_ctx);
- if (ldb == NULL) {
- return NULL;
- }
-
- ldb_set_modules_dir(ldb,
- talloc_asprintf(ldb, "%s/ldb", lp_modulesdir(lp_ctx)));
-
- /* we want to use the existing event context if possible. This
- relies on the fact that in smbd, everything is a child of
- the main event_context */
- ev = event_context_find(ldb);
-
- if (ldb_set_opaque(ldb, "EventContext", ev)) {
- talloc_free(ldb);
- return NULL;
- }
-
- if (ldb_set_opaque(ldb, "sessionInfo", session_info)) {
- talloc_free(ldb);
- return NULL;
- }
-
- if (ldb_set_opaque(ldb, "credentials", credentials)) {
- talloc_free(ldb);
- return NULL;
- }
-
- if (strcmp(lp_sam_url(lp_ctx), url) == 0) {
- dsdb_set_global_schema(ldb);
- }
-
- ret = ldb_register_samba_handlers(ldb);
- if (ret == -1) {
- talloc_free(ldb);
- return NULL;
- }
-
- ldb_set_debug(ldb, ldb_wrap_debug, NULL);
-
- ldb_set_utf8_fns(ldb, NULL, wrap_casefold);
-
- real_url = private_path(ldb, lp_ctx, url);
- if (real_url == NULL) {
- talloc_free(ldb);
- return NULL;
- }
-
- /* allow admins to force non-sync ldb for all databases */
- if (lp_parm_bool(lp_ctx, NULL, "ldb", "nosync", false)) {
- flags |= LDB_FLG_NOSYNC;
- }
-
- /* we usually want Samba databases to be private. If we later
- find we need one public, we will need to add a parameter to
- ldb_wrap_connect() */
- ldb_set_create_perms(ldb, 0600);
-
- ret = ldb_connect(ldb, real_url, flags, options);
- if (ret != LDB_SUCCESS) {
- talloc_free(ldb);
- return NULL;
- }
-
- /* setup for leak detection */
- ldb_set_opaque(ldb, "wrap_url", real_url);
- startup_blocks = talloc(ldb, size_t);
- *startup_blocks = talloc_total_blocks(ldb);
- ldb_set_opaque(ldb, "startup_blocks", startup_blocks);
-
- talloc_set_destructor(ldb, ldb_wrap_destructor);
-
- return ldb;
-}
-
-
-
diff --git a/source4/lib/talloc/config.mk b/source4/lib/talloc/config.mk
index 714ad72d1c..942ced6b86 100644
--- a/source4/lib/talloc/config.mk
+++ b/source4/lib/talloc/config.mk
@@ -1,13 +1,8 @@
-################################################
-# Start LIBRARY LIBTALLOC
[LIBRARY::LIBTALLOC]
-VERSION = 0.0.1
-SO_VERSION = 0
+VERSION = 1.0.0
+SO_VERSION = 1
OBJ_FILES = talloc.o
MANPAGE = talloc.3
CFLAGS = -Ilib/talloc
PUBLIC_HEADERS = talloc.h
DESCRIPTION = A hierarchical pool based memory system with destructors
-#
-# End LIBRARY LIBTALLOC
-################################################
diff --git a/source4/lib/talloc/talloc.i b/source4/lib/talloc/talloc.i
index 593c20465e..c35d5d2411 100644
--- a/source4/lib/talloc/talloc.i
+++ b/source4/lib/talloc/talloc.i
@@ -19,8 +19,6 @@
/* Don't expose talloc contexts in Python code. Python does reference
counting for us, so just create a new top-level talloc context.
*/
-%module talloc;
-
%typemap(in, numinputs=0) TALLOC_CTX * {
$1 = NULL;
}
diff --git a/source4/lib/tdb_wrap.c b/source4/lib/tdb_wrap.c
deleted file mode 100644
index 37095dff2c..0000000000
--- a/source4/lib/tdb_wrap.c
+++ /dev/null
@@ -1,117 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- TDB wrap functions
-
- Copyright (C) Andrew Tridgell 2004
- Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#include "lib/tdb/include/tdb.h"
-#include "lib/util/dlinklist.h"
-#include "tdb_wrap.h"
-#include "tdb.h"
-
-static struct tdb_wrap *tdb_list;
-
-/* destroy the last connection to a tdb */
-static int tdb_wrap_destructor(struct tdb_wrap *w)
-{
- tdb_close(w->tdb);
- DLIST_REMOVE(tdb_list, w);
- return 0;
-}
-
-/*
- Log tdb messages via DEBUG().
-*/
-static void tdb_wrap_log(TDB_CONTEXT *tdb, enum tdb_debug_level level,
- const char *format, ...) PRINTF_ATTRIBUTE(3,4);
-
-static void tdb_wrap_log(TDB_CONTEXT *tdb, enum tdb_debug_level level,
- const char *format, ...)
-{
- va_list ap;
- char *ptr = NULL;
- int debug_level;
-
- va_start(ap, format);
- vasprintf(&ptr, format, ap);
- va_end(ap);
-
- switch (level) {
- case TDB_DEBUG_FATAL:
- debug_level = 0;
- break;
- case TDB_DEBUG_ERROR:
- debug_level = 1;
- break;
- case TDB_DEBUG_WARNING:
- debug_level = 2;
- break;
- case TDB_DEBUG_TRACE:
- debug_level = 5;
- break;
- default:
- debug_level = 0;
- }
-
- if (ptr != NULL) {
- const char *name = tdb_name(tdb);
- DEBUG(debug_level, ("tdb(%s): %s", name ? name : "unnamed", ptr));
- free(ptr);
- }
-}
-
-
-/*
- wrapped connection to a tdb database
- to close just talloc_free() the tdb_wrap pointer
- */
-struct tdb_wrap *tdb_wrap_open(TALLOC_CTX *mem_ctx,
- const char *name, int hash_size, int tdb_flags,
- int open_flags, mode_t mode)
-{
- struct tdb_wrap *w;
- struct tdb_logging_context log_ctx;
- log_ctx.log_fn = tdb_wrap_log;
-
- for (w=tdb_list;w;w=w->next) {
- if (strcmp(name, w->name) == 0) {
- return talloc_reference(mem_ctx, w);
- }
- }
-
- w = talloc(mem_ctx, struct tdb_wrap);
- if (w == NULL) {
- return NULL;
- }
-
- w->name = talloc_strdup(w, name);
-
- w->tdb = tdb_open_ex(name, hash_size, tdb_flags,
- open_flags, mode, &log_ctx, NULL);
- if (w->tdb == NULL) {
- talloc_free(w);
- return NULL;
- }
-
- talloc_set_destructor(w, tdb_wrap_destructor);
-
- DLIST_ADD(tdb_list, w);
-
- return w;
-}
diff --git a/source4/libcli/security/config.mk b/source4/libcli/security/config.mk
index 3c97ec4264..ff7480c957 100644
--- a/source4/libcli/security/config.mk
+++ b/source4/libcli/security/config.mk
@@ -1,5 +1,3 @@
-#################################
-# Start SUBSYSTEM LIBSECURITY
[SUBSYSTEM::LIBSECURITY]
PRIVATE_PROTO_HEADER = proto.h
OBJ_FILES = security_token.o \
@@ -9,5 +7,7 @@ OBJ_FILES = security_token.o \
privilege.o \
sddl.o
PUBLIC_DEPENDENCIES = NDR_MISC
-# End SUBSYSTEM LIBSECURITY
-#################################
+
+[PYTHON::swig_security]
+SWIG_FILE = security.i
+PRIVATE_DEPENDENCIES = LIBSECURITY
diff --git a/source4/libcli/security/security.i b/source4/libcli/security/security.i
new file mode 100644
index 0000000000..cc5afb40c0
--- /dev/null
+++ b/source4/libcli/security/security.i
@@ -0,0 +1,121 @@
+/*
+ Unix SMB/CIFS implementation.
+ Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+%module(package="samba.security") security
+
+%{
+#include "includes.h"
+#include "libcli/security/security.h"
+
+typedef struct dom_sid dom_sid;
+typedef struct security_token security_token;
+typedef struct security_descriptor security_descriptor;
+%}
+
+%import "../../lib/talloc/talloc.i"
+%import "../util/errors.i"
+%import "stdint.i"
+
+enum sec_privilege {
+ SEC_PRIV_SECURITY=1,
+ SEC_PRIV_BACKUP=2,
+ SEC_PRIV_RESTORE=3,
+ SEC_PRIV_SYSTEMTIME=4,
+ SEC_PRIV_SHUTDOWN=5,
+ SEC_PRIV_REMOTE_SHUTDOWN=6,
+ SEC_PRIV_TAKE_OWNERSHIP=7,
+ SEC_PRIV_DEBUG=8,
+ SEC_PRIV_SYSTEM_ENVIRONMENT=9,
+ SEC_PRIV_SYSTEM_PROFILE=10,
+ SEC_PRIV_PROFILE_SINGLE_PROCESS=11,
+ SEC_PRIV_INCREASE_BASE_PRIORITY=12,
+ SEC_PRIV_LOAD_DRIVER=13,
+ SEC_PRIV_CREATE_PAGEFILE=14,
+ SEC_PRIV_INCREASE_QUOTA=15,
+ SEC_PRIV_CHANGE_NOTIFY=16,
+ SEC_PRIV_UNDOCK=17,
+ SEC_PRIV_MANAGE_VOLUME=18,
+ SEC_PRIV_IMPERSONATE=19,
+ SEC_PRIV_CREATE_GLOBAL=20,
+ SEC_PRIV_ENABLE_DELEGATION=21,
+ SEC_PRIV_INTERACTIVE_LOGON=22,
+ SEC_PRIV_NETWORK_LOGON=23,
+ SEC_PRIV_REMOTE_INTERACTIVE_LOGON=24
+};
+
+%rename(SecurityToken) security_token;
+
+typedef struct security_token {
+ %extend {
+ security_token(TALLOC_CTX *mem_ctx) { return security_token_initialise(mem_ctx); }
+ ~security_token() { talloc_free($self); }
+ bool is_sid(const struct dom_sid *sid);
+ bool is_system();
+ bool is_anonymous();
+ bool has_sid(const struct dom_sid *sid);
+ bool has_builtin_administrators();
+ bool has_nt_authenticated_users();
+ bool has_privilege(enum sec_privilege privilege);
+ void set_privilege(enum sec_privilege privilege);
+ }
+} security_token;
+
+typedef struct security_descriptor {
+ %extend {
+ security_descriptor(TALLOC_CTX *mem_ctx) { return security_descriptor_initialise(mem_ctx); }
+ ~security_descriptor() { talloc_free($self); }
+ NTSTATUS sacl_add(const struct security_ace *ace);
+ NTSTATUS dacl_add(const struct security_ace *ace);
+ NTSTATUS dacl_del(const struct security_ace *ace);
+ NTSTATUS sacl_del(const struct security_ace *ace);
+#ifdef SWIGPYTHON
+ %rename(equal) __eq__;
+#endif
+ bool equal(const struct security_descriptor *other);
+ }
+} security_descriptor;
+
+%rename(Sid) dom_sid;
+
+typedef struct dom_sid {
+ %extend {
+ bool equal(const struct dom_sid *other);
+#ifdef SWIGPYTHON
+ const char *__str__(TALLOC_CTX *mem_ctx) {
+ return dom_sid_string(mem_ctx, $self);
+ }
+#endif
+ }
+} dom_sid;
+
+%inline %{
+static struct dom_sid *random_sid(TALLOC_CTX *mem_ctx)
+{
+ char *str = talloc_asprintf(mem_ctx, "S-1-5-21-%u-%u-%u",
+ (unsigned)generate_random(),
+ (unsigned)generate_random(),
+ (unsigned)generate_random());
+
+ return dom_sid_parse_talloc(mem_ctx, str);
+}
+%}
+
+%rename(privilege_name) sec_privilege_name;
+const char *sec_privilege_name(enum sec_privilege privilege);
+%rename(privilege_id) sec_privilege_id;
+enum sec_privilege sec_privilege_id(const char *name);
diff --git a/source4/libcli/security/tests/bindings.py b/source4/libcli/security/tests/bindings.py
new file mode 100644
index 0000000000..15e2381a2b
--- /dev/null
+++ b/source4/libcli/security/tests/bindings.py
@@ -0,0 +1,65 @@
+#!/usr/bin/python
+
+# Unix SMB/CIFS implementation.
+# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+import unittest
+import security
+
+class SecurityTokenTests(unittest.TestCase):
+ def setUp(self):
+ self.token = security.SecurityToken()
+
+ def test_is_system(self):
+ self.assertFalse(self.token.is_system())
+
+ def test_is_anonymous(self):
+ self.assertFalse(self.token.is_anonymous())
+
+ def test_has_builtin_administrators(self):
+ self.assertFalse(self.token.has_builtin_administrators())
+
+ def test_has_nt_authenticated_users(self):
+ self.assertFalse(self.token.has_nt_authenticated_users())
+
+ def test_has_priv(self):
+ self.assertFalse(self.token.has_privilege(security.SEC_PRIV_SHUTDOWN))
+
+ def test_set_priv(self):
+ self.assertFalse(self.token.has_privilege(security.SEC_PRIV_SHUTDOWN))
+ self.assertFalse(self.token.set_privilege(security.SEC_PRIV_SHUTDOWN))
+ self.assertTrue(self.token.has_privilege(security.SEC_PRIV_SHUTDOWN))
+
+
+class SecurityDescriptorTests(unittest.TestCase):
+ def setUp(self):
+ self.descriptor = security.SecurityDescriptor()
+
+
+class RandomSidTests(unittest.TestCase):
+ def test_random(self):
+ sid = security.random_sid()
+ self.assertTrue(str(sid).startswith("S-1-5-21-"))
+
+
+class PrivilegeTests(unittest.TestCase):
+ def test_privilege_name(self):
+ self.assertEquals("SeShutdownPrivilege", security.privilege_name(security.SEC_PRIV_SHUTDOWN))
+
+ def test_privilege_id(self):
+ self.assertEquals(security.SEC_PRIV_SHUTDOWN, security.privilege_id("SeShutdownPrivilege"))
+
diff --git a/source4/scripting/python/config.mk b/source4/scripting/python/config.mk
index c396cf62bc..c17511203e 100644
--- a/source4/scripting/python/config.mk
+++ b/source4/scripting/python/config.mk
@@ -6,10 +6,6 @@ OBJ_FILES = parammodule.o
PRIVATE_DEPENDENCIES = LIBNDR
OBJ_FILES = uuidmodule.o
-[PYTHON::python_sid]
-PRIVATE_DEPENDENCIES = LIBNDR
-OBJ_FILES = sidmodule.o
-
[PYTHON::python_misc]
PRIVATE_DEPENDENCIES = LIBNDR LIBLDB
SWIG_FILE = misc.i
diff --git a/source4/scripting/python/sidmodule.c b/source4/scripting/python/sidmodule.c
deleted file mode 100644
index 4b199b1158..0000000000
--- a/source4/scripting/python/sidmodule.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- Samba utility functions
- Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#include "Python.h"
-#include "libcli/security/security.h"
-
-static PyObject *sid_random(PyObject *self, PyObject *args)
-{
- char *str;
-
- if (!PyArg_ParseTuple(args, ""))
- return NULL;
-
- str = talloc_asprintf(NULL, "S-1-5-21-%u-%u-%u",
- (unsigned)generate_random(),
- (unsigned)generate_random(),
- (unsigned)generate_random());
-
- if (str == NULL) {
- PyErr_SetString(PyExc_TypeError, "can't generate random sid");
- return NULL;
- }
-
- return PyString_FromString(str);
-}
-
-static PyMethodDef methods[] = {
- { "random", (PyCFunction)sid_random, METH_VARARGS, NULL},
- { NULL, NULL }
-};
-
-PyDoc_STRVAR(param_doc, "SID helper routines");
-
-PyMODINIT_FUNC initsid(void)
-{
- PyObject *mod = Py_InitModule3("sid", methods, param_doc);
- if (mod == NULL)
- return;
-}
diff --git a/source4/selftest/samba4_tests.sh b/source4/selftest/samba4_tests.sh
index ac8f4dd95f..b0034f888a 100755
--- a/source4/selftest/samba4_tests.sh
+++ b/source4/selftest/samba4_tests.sh
@@ -299,4 +299,5 @@ then
plantest "registry.python" none PYTHONPATH=bin/python:scripting/python:lib/registry/tests/ scripting/bin/subunitrun bindings
plantest "tdb.python" none PYTHONPATH=bin/python:scripting/python:lib/tdb/python/tests scripting/bin/subunitrun simple
plantest "auth.python" none PYTHONPATH=bin/python:scripting/python:auth/tests/ scripting/bin/subunitrun bindings
+ plantest "security.python" none PYTHONPATH=bin/python:scripting/python:libcli/security/tests/ scripting/bin/subunitrun bindings
fi