diff options
-rw-r--r-- | source3/python/py_winbind.c | 202 |
1 files changed, 182 insertions, 20 deletions
diff --git a/source3/python/py_winbind.c b/source3/python/py_winbind.c index 73bc811409..87f348b8c3 100644 --- a/source3/python/py_winbind.c +++ b/source3/python/py_winbind.c @@ -102,10 +102,8 @@ static PyObject *py_sid_to_name(PyObject *self, PyObject *args) return NULL; } - /* FIXME: use actual winbind separator */ - - asprintf(&name, "%s%c%s", response.data.name.dom_name, - '\\', response.data.name.name); + asprintf(&name, "%s%s%s", response.data.name.dom_name, + lp_winbind_separator(), response.data.name.name); result = PyString_FromString(name); @@ -383,6 +381,71 @@ static PyObject *py_sid_to_gid(PyObject *self, PyObject *args) } /* + * PAM authentication functions + */ + +/* Plaintext authentication */ + +static PyObject *py_auth_plaintext(PyObject *self, PyObject *args) +{ + struct winbindd_request request; + struct winbindd_response response; + char *username, *password; + + if (!PyArg_ParseTuple(args, "ss", &username, &password)) + return NULL; + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + fstrcpy(request.data.auth.user, username); + fstrcpy(request.data.auth.pass, password); + + if (winbindd_request(WINBINDD_PAM_AUTH, &request, &response) + != NSS_STATUS_SUCCESS) { + PyErr_SetString(winbind_error, "lookup failed"); + return NULL; + } + + return PyInt_FromLong(response.data.auth.nt_status); +} + +/* Challenge/response authentication */ + +static PyObject *py_auth_crap(PyObject *self, PyObject *args) +{ + struct winbindd_request request; + struct winbindd_response response; + char *username, *password; + + if (!PyArg_ParseTuple(args, "ss", &username, &password)) + return NULL; + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + fstrcpy(request.data.auth_crap.user, username); + + generate_random_buffer(request.data.auth_crap.chal, 8, False); + + SMBencrypt((uchar *)password, request.data.auth_crap.chal, + (uchar *)request.data.auth_crap.lm_resp); + SMBNTencrypt((uchar *)password, request.data.auth_crap.chal, + (uchar *)request.data.auth_crap.nt_resp); + + request.data.auth_crap.lm_resp_len = 24; + request.data.auth_crap.nt_resp_len = 24; + + if (winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response) + != NSS_STATUS_SUCCESS) { + PyErr_SetString(winbind_error, "lookup failed"); + return NULL; + } + + return PyInt_FromLong(response.data.auth.nt_status); +} + +/* * Method dispatch table */ @@ -391,40 +454,123 @@ static PyMethodDef winbind_methods[] = { /* Name <-> SID conversion */ { "name_to_sid", py_name_to_sid, METH_VARARGS, - "Convert a name to a sid" }, + "name_to_sid(s) -> string\n +Return the SID for a name.\n +Example:\n +>>> winbind.name_to_sid('FOO/Administrator') +'S-1-5-21-406022937-1377575209-526660263-500' " }, { "sid_to_name", py_sid_to_name, METH_VARARGS, - "Convert a sid to a name" }, + "sid_to_name(s) -> string + +Return the name for a SID. + +Example: + +>>> import winbind +>>> winbind.sid_to_name('S-1-5-21-406022937-1377575209-526660263-500') +'FOO/Administrator' " }, /* Enumerate users/groups */ { "enum_domain_users", py_enum_domain_users, METH_VARARGS, - "Enumerate domain users" }, + "enum_domain_users() -> list of strings + +Return a list of domain users. + +Example: + +>>> winbind.enum_domain_users() +['FOO/Administrator', 'FOO/anna', 'FOO/Anne Elk', 'FOO/build', +'FOO/foo', 'FOO/foo2', 'FOO/foo3', 'FOO/Guest', 'FOO/user1', +'FOO/whoops-ptang'] " }, { "enum_domain_groups", py_enum_domain_groups, METH_VARARGS, - "Enumerate domain groups" }, + "enum_domain_groups() -> list of strings + +Return a list of domain groups. + +Example: + +>>> winbind.enum_domain_groups() +['FOO/cows', 'FOO/Domain Admins', 'FOO/Domain Guests', +'FOO/Domain Users'] " }, /* ID mapping */ { "uid_to_sid", py_uid_to_sid, METH_VARARGS, - "Convert a uid to a SID" }, + "uid_to_sid(int) -> string + +Return the SID for a UNIX uid. + +Example: + +>>> winbind.uid_to_sid(10000) +'S-1-5-21-406022937-1377575209-526660263-500' " }, { "gid_to_sid", py_gid_to_sid, METH_VARARGS, - "Convert a gid to a SID" }, + "gid_to_sid(int) -> string + +Return the UNIX gid for a SID. + +Example: + +>>> winbind.gid_to_sid(10001) +'S-1-5-21-406022937-1377575209-526660263-512' " }, { "sid_to_uid", py_sid_to_uid, METH_VARARGS, - "Convert a uid to a SID" }, + "sid_to_uid(string) -> int + +Return the UNIX uid for a SID. + +Example: + +>>> winbind.sid_to_uid('S-1-5-21-406022937-1377575209-526660263-500') +10000 " }, { "sid_to_gid", py_sid_to_gid, METH_VARARGS, - "Convert a gid to a SID" }, + "sid_to_gid(string) -> int + +Return the UNIX gid corresponding to a SID. + +Example: + +>>> winbind.sid_to_gid('S-1-5-21-406022937-1377575209-526660263-512') +10001 " }, /* Miscellaneous */ { "check_secret", py_check_secret, METH_VARARGS, - "Check machine account password" }, + "check_secret() -> int + +Check the machine trust account password. The NT status is returned +with zero indicating success. " }, { "enum_trust_dom", py_enum_trust_dom, METH_VARARGS, - "Enumerate trusted domains" }, + "enum_trust_dom() -> list of strings + +Return a list of trusted domains. The domain the server is a member +of is not included. + +Example: + +>>> winbind.enum_trust_dom() +['NPSD-TEST2', 'SP2NDOM'] " }, + + /* PAM authorisation functions */ + + { "auth_plaintext", py_auth_plaintext, METH_VARARGS, + "auth_plaintext(s, s) -> int + +Authenticate a username and password using plaintext authentication. +The NT status code is returned with zero indicating success." }, + + { "auth_crap", py_auth_crap, METH_VARARGS, + "auth_crap(s, s) -> int + +Authenticate a username and password using the challenge/response +protocol. The NT status code is returned with zero indicating +success." }, { NULL } }; @@ -432,15 +578,25 @@ static PyMethodDef winbind_methods[] = { static struct winbind_const { char *name; uint32 value; + char *docstring; } winbind_const_vals[] = { /* Well known RIDs */ - { "DOMAIN_USER_RID_ADMIN", DOMAIN_USER_RID_ADMIN }, - { "DOMAIN_USER_RID_GUEST", DOMAIN_USER_RID_GUEST }, - { "DOMAIN_GROUP_RID_ADMINS", DOMAIN_GROUP_RID_ADMINS }, - { "DOMAIN_GROUP_RID_USERS", DOMAIN_GROUP_RID_USERS }, - { "DOMAIN_GROUP_RID_GUESTS", DOMAIN_GROUP_RID_GUESTS }, + { "DOMAIN_USER_RID_ADMIN", DOMAIN_USER_RID_ADMIN, + "Well-known RID for Administrator user" }, + + { "DOMAIN_USER_RID_GUEST", DOMAIN_USER_RID_GUEST, + "Well-known RID for Guest user" }, + + { "DOMAIN_GROUP_RID_ADMINS", DOMAIN_GROUP_RID_ADMINS, + "Well-known RID for Domain Admins group" }, + + { "DOMAIN_GROUP_RID_USERS", DOMAIN_GROUP_RID_USERS, + "Well-known RID for Domain Users group" }, + + { "DOMAIN_GROUP_RID_GUESTS", DOMAIN_GROUP_RID_GUESTS, + "Well-known RID for Domain Guests group" }, { NULL } }; @@ -461,13 +617,19 @@ static void const_init(PyObject *dict) * Module initialisation */ +static char winbind_module__doc__[] = +"A python extension to winbind client functions."; + void initwinbind(void) { PyObject *module, *dict; /* Initialise module */ - module = Py_InitModule("winbind", winbind_methods); + module = Py_InitModule4("winbind", winbind_methods, + winbind_module__doc__, + (PyObject*)NULL,PYTHON_API_VERSION); + dict = PyModule_GetDict(module); winbind_error = PyErr_NewException("winbind.error", NULL, NULL); |