diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2010-12-22 17:17:07 +1100 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2011-01-14 16:39:32 +1100 |
| commit | ece6eae4d8862a564c581a3f3808c04edab6cb19 (patch) | |
| tree | 5989f3b1f029595076106811ff5e7c4d55d4b18a /source4/auth/pyauth.c | |
| parent | c82269cf862b00c987c02aefa78155c142f6d065 (diff) | |
| download | samba-ece6eae4d8862a564c581a3f3808c04edab6cb19.tar.gz samba-ece6eae4d8862a564c581a3f3808c04edab6cb19.tar.bz2 samba-ece6eae4d8862a564c581a3f3808c04edab6cb19.zip | |
s4-auth Add function to obtain any user's session_info from a given LDB
This will be a building block for a tokenGroups test, which can
compare against a remote server (in particular the rootDSE) against
what we would calculate the tokenGroups to be.
(this meant moving some parts out of the auth_sam code into the
containing library)
Andrew Bartlett
Diffstat (limited to 'source4/auth/pyauth.c')
| -rw-r--r-- | source4/auth/pyauth.c | 64 |
1 files changed, 63 insertions, 1 deletions
diff --git a/source4/auth/pyauth.c b/source4/auth/pyauth.c index 2ef5ebb882..f8bf4d9862 100644 --- a/source4/auth/pyauth.c +++ b/source4/auth/pyauth.c @@ -18,13 +18,15 @@ #include <Python.h> #include "includes.h" +#include "libcli/util/pyerrors.h" #include "param/param.h" #include "pyauth.h" +#include "pyldb.h" #include "auth/system_session_proto.h" +#include "auth/session.h" #include "param/pyparam.h" #include "libcli/security/security.h" - static PyTypeObject PyAuthSession = { .tp_name = "AuthSession", .tp_basicsize = sizeof(py_talloc_Object), @@ -102,9 +104,69 @@ static PyObject *py_admin_session(PyObject *module, PyObject *args) return PyAuthSession_FromSession(session); } +static PyObject *py_user_session(PyObject *module, PyObject *args, PyObject *kwargs) +{ + NTSTATUS nt_status; + struct auth_session_info *session; + TALLOC_CTX *mem_ctx; + const char * const kwnames[] = { "ldb", "lp_ctx", "principal", "dn", "session_info_flags" }; + struct ldb_context *ldb_ctx; + PyObject *py_ldb = Py_None; + PyObject *py_dn = Py_None; + PyObject *py_lp_ctx = Py_None; + struct loadparm_context *lp_ctx = NULL; + struct ldb_dn *user_dn; + char *principal = NULL; + int session_info_flags; /* This is an int, because that's what + * we need for the python + * PyArg_ParseTupleAndKeywords */ + + if (!PyArg_ParseTupleAndKeywords(args, kwargs, "O|OzOi", + discard_const_p(char *, kwnames), + &py_ldb, &py_lp_ctx, &principal, &py_dn, &session_info_flags)) { + return NULL; + } + + mem_ctx = talloc_new(NULL); + if (mem_ctx == NULL) { + PyErr_NoMemory(); + return NULL; + } + + ldb_ctx = PyLdb_AsLdbContext(py_ldb); + + if (py_dn == Py_None) { + user_dn = NULL; + } else { + if (!PyObject_AsDn(ldb_ctx, py_dn, ldb_ctx, &user_dn)) { + talloc_free(mem_ctx); + return NULL; + } + } + + lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx); + if (lp_ctx == NULL) { + talloc_free(mem_ctx); + return NULL; + } + + nt_status = authsam_get_session_info_principal(mem_ctx, lp_ctx, ldb_ctx, principal, user_dn, + session_info_flags, &session); + if (!NT_STATUS_IS_OK(nt_status)) { + talloc_free(mem_ctx); + PyErr_NTSTATUS_IS_ERR_RAISE(nt_status); + } + + talloc_steal(NULL, session); + talloc_free(mem_ctx); + + return PyAuthSession_FromSession(session); +} + static PyMethodDef py_auth_methods[] = { { "system_session", (PyCFunction)py_system_session, METH_VARARGS, NULL }, { "admin_session", (PyCFunction)py_admin_session, METH_VARARGS, NULL }, + { "user_session", (PyCFunction)py_user_session, METH_VARARGS, NULL }, { NULL }, }; |