From 663dc94e630910b0b5b61801a03622641b2b83b4 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 5 Apr 2011 16:15:27 +1000 Subject: auth: Move auth_session_info into IDL This changes auth_session_info_transport to just be a wrapper, rather than a copy that has to be kept in sync. As auth_session_info was already wrapped in python, this required changes to the existing pyauth wrapper and it's users. Andrew Bartlett --- libcli/security/session.h | 11 +----- librpc/idl/auth.idl | 18 +++++++++- librpc/ndr/ndr_auth.c | 44 +++++++++++++++++++++++ librpc/ndr/ndr_auth.h | 32 +++++++++++++++++ librpc/wscript_build | 2 +- source3/Makefile.in | 2 +- source3/rpc_server/rpc_ncacn_np.c | 33 ++++++++++------- source3/rpc_server/rpc_server.c | 18 ++++++---- source4/auth/gensec/pygensec.c | 2 +- source4/auth/pyauth.c | 76 ++------------------------------------- source4/auth/pyauth.h | 2 -- source4/auth/session.c | 40 +++++++-------------- source4/lib/ldb-samba/pyldb.c | 4 +-- source4/librpc/ndr/py_auth.c | 74 ++++++++++++++++++++++++++++++++++++++ source4/librpc/wscript_build | 11 ++++++ 15 files changed, 231 insertions(+), 138 deletions(-) create mode 100644 librpc/ndr/ndr_auth.c create mode 100644 librpc/ndr/ndr_auth.h create mode 100644 source4/librpc/ndr/py_auth.c diff --git a/libcli/security/session.h b/libcli/security/session.h index 1f0d486107..ee9187d2c9 100644 --- a/libcli/security/session.h +++ b/libcli/security/session.h @@ -35,16 +35,7 @@ struct cli_credentials; struct security_token; struct auth_user_info; struct auth_user_info_torture; - -struct auth_session_info { - struct security_token *security_token; - struct security_unix_token *unix_token; - struct auth_user_info *info; - struct auth_user_info_unix *unix_info; - struct auth_user_info_torture *torture; - DATA_BLOB session_key; - struct cli_credentials *credentials; -}; +struct auth_session_info; enum security_user_level security_session_user_level(struct auth_session_info *session_info, const struct dom_sid *domain_sid); diff --git a/librpc/idl/auth.idl b/librpc/idl/auth.idl index 7b4556a6d7..904becac61 100644 --- a/librpc/idl/auth.idl +++ b/librpc/idl/auth.idl @@ -1,10 +1,20 @@ #include "idl_types.h" /* - security IDL structures + Authentication IDL structures + + These are NOT public network structures, but it is helpful to define + these things in IDL. They may change without ABI breakage or + warning. + */ import "misc.idl", "security.idl", "lsa.idl", "krb5pac.idl"; +[ + pyhelper("librpc/ndr/py_auth.c"), + helper("../librpc/ndr/ndr_auth.h"), + helpstring("internal Samba authentication structures") +] interface auth { @@ -79,7 +89,13 @@ interface auth security_unix_token *unix_token; auth_user_info *info; auth_user_info_unix *unix_info; + [value(NULL), ignore] auth_user_info_torture *torture; DATA_BLOB session_key; + [value(NULL), ignore] cli_credentials *credentials; + } auth_session_info; + + typedef [public] struct { + auth_session_info *session_info; DATA_BLOB exported_gssapi_credentials; } auth_session_info_transport; } diff --git a/librpc/ndr/ndr_auth.c b/librpc/ndr/ndr_auth.c new file mode 100644 index 0000000000..5252d80052 --- /dev/null +++ b/librpc/ndr/ndr_auth.c @@ -0,0 +1,44 @@ +/* + Unix SMB/CIFS implementation. + + Helper routines for marshalling the internal 'auth.idl' + + Copyright (C) Andrew Bartlett 2011 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "librpc/ndr/ndr_auth.h" +#include "librpc/ndr/libndr.h" + +_PUBLIC_ void ndr_print_cli_credentials(struct ndr_print *ndr, const char *name, struct cli_credentials *v) +{ + ndr->print(ndr, "%-25s: NULL", name); +} + +/* + cli_credentials does not have a network representation, just pull/push a NULL pointer +*/ +_PUBLIC_ enum ndr_err_code ndr_pull_cli_credentials(struct ndr_pull *ndr, int ndr_flags, struct cli_credentials *v) +{ + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ enum ndr_err_code ndr_push_cli_credentials(struct ndr_push *ndr, int ndr_flags, struct cli_credentials *v) +{ + return ndr_push_pointer(ndr, ndr_flags, NULL); +} + + diff --git a/librpc/ndr/ndr_auth.h b/librpc/ndr/ndr_auth.h new file mode 100644 index 0000000000..57f653551f --- /dev/null +++ b/librpc/ndr/ndr_auth.h @@ -0,0 +1,32 @@ +/* + Unix SMB/CIFS implementation. + + Helper routines for marshalling the internal 'auth.idl' + + Copyright (C) Andrew Bartlett 2011 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +/* + cli_credentials does not have a network representation, just pull/push a NULL pointer +*/ + +#include "librpc/gen_ndr/ndr_auth.h" + +struct cli_credentials; +_PUBLIC_ enum ndr_err_code ndr_pull_cli_credentials(struct ndr_pull *ndr, int ndr_flags, struct cli_credentials *v); +_PUBLIC_ enum ndr_err_code ndr_push_cli_credentials(struct ndr_push *ndr, int ndr_flags, struct cli_credentials *v); + +_PUBLIC_ void ndr_print_cli_credentials(struct ndr_print *ndr, const char *name, struct cli_credentials *v); diff --git a/librpc/wscript_build b/librpc/wscript_build index ce78cb6767..b71a3ae5d9 100644 --- a/librpc/wscript_build +++ b/librpc/wscript_build @@ -9,7 +9,7 @@ bld.SAMBA_SUBSYSTEM('NDR_AUDIOSRV', ) bld.SAMBA_SUBSYSTEM('NDR_AUTH', - source='gen_ndr/ndr_auth.c', + source='gen_ndr/ndr_auth.c ndr/ndr_auth.c', public_headers='gen_ndr/auth.h', header_path='gen_ndr', public_deps='ndr NDR_SECURITY ndr-krb5pac' diff --git a/source3/Makefile.in b/source3/Makefile.in index 108bfefe06..f70eb63a70 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -711,7 +711,7 @@ RPC_EVENTLOG_OBJ = rpc_server/eventlog/srv_eventlog_nt.o \ NPA_TSTREAM_OBJ = ../libcli/named_pipe_auth/npa_tstream.o \ librpc/gen_ndr/ndr_named_pipe_auth.o \ - ../auth/auth_sam_reply.o librpc/gen_ndr/ndr_auth.o + ../auth/auth_sam_reply.o librpc/gen_ndr/ndr_auth.o ../librpc/ndr/ndr_auth.o RPC_NCACN_NP = rpc_server/srv_pipe_register.o rpc_server/rpc_ncacn_np.o \ rpc_server/rpc_handles.o rpc_server/srv_access_check.o diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/rpc_ncacn_np.c index f000b64f71..e89a366f9e 100644 --- a/source3/rpc_server/rpc_ncacn_np.c +++ b/source3/rpc_server/rpc_ncacn_np.c @@ -607,6 +607,7 @@ struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx, struct tevent_context *ev; struct tevent_req *subreq; struct auth_session_info_transport *session_info_t; + struct auth_session_info *session_info_npa; struct auth_user_info_dc *user_info_dc; union netr_Validation val; NTSTATUS status; @@ -651,20 +652,20 @@ struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx, goto fail; } - session_info_t = talloc_zero(talloc_tos(), struct auth_session_info_transport); - if (session_info_t == NULL) { + session_info_npa = talloc_zero(talloc_tos(), struct auth_session_info); + if (session_info_npa == NULL) { DEBUG(0, ("talloc failed\n")); goto fail; } /* Send the named_pipe_auth server the user's full token */ - session_info_t->security_token = session_info->security_token; - session_info_t->session_key = session_info->session_key; + session_info_npa->security_token = session_info->security_token; + session_info_npa->session_key = session_info->session_key; val.sam3 = session_info->info3; /* Convert into something we can build a struct - * auth_session_info_transport from. Most of the work here + * auth_session_info from. Most of the work here * will be to convert the SIDS, which we will then ignore, but * this is the easier way to handle it */ status = make_user_info_dc_netlogon_validation(talloc_tos(), "", 3, &val, &user_info_dc); @@ -673,9 +674,17 @@ struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx, goto fail; } - session_info_t->info = talloc_move(session_info_t, &user_info_dc->info); + session_info_npa->info = talloc_move(session_info_npa, &user_info_dc->info); talloc_free(user_info_dc); + session_info_t = talloc_zero(talloc_tos(), struct auth_session_info_transport); + if (session_info_npa == NULL) { + DEBUG(0, ("talloc failed\n")); + goto fail; + } + + session_info_t->session_info = talloc_steal(session_info_t, session_info_npa); + become_root(); subreq = tstream_npa_connect_send(talloc_tos(), ev, socket_np_dir, @@ -689,8 +698,8 @@ struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx, unbecome_root(); DEBUG(0, ("tstream_npa_connect_send to %s for pipe %s and " "user %s\\%s failed\n", - socket_np_dir, pipe_name, session_info_t->info->domain_name, - session_info_t->info->account_name)); + socket_np_dir, pipe_name, session_info_t->session_info->info->domain_name, + session_info_t->session_info->info->account_name)); goto fail; } ok = tevent_req_poll(subreq, ev); @@ -698,8 +707,8 @@ struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx, if (!ok) { DEBUG(0, ("tevent_req_poll to %s for pipe %s and user %s\\%s " "failed for tstream_npa_connect: %s\n", - socket_np_dir, pipe_name, session_info_t->info->domain_name, - session_info_t->info->account_name, + socket_np_dir, pipe_name, session_info_t->session_info->info->domain_name, + session_info_t->session_info->info->account_name, strerror(errno))); goto fail; @@ -714,8 +723,8 @@ struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx, if (ret != 0) { DEBUG(0, ("tstream_npa_connect_recv to %s for pipe %s and " "user %s\\%s failed: %s\n", - socket_np_dir, pipe_name, session_info_t->info->domain_name, - session_info_t->info->account_name, + socket_np_dir, pipe_name, session_info_t->session_info->info->domain_name, + session_info_t->session_info->info->account_name, strerror(sys_errno))); goto fail; } diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c index 2fa2a77112..c7c77f0375 100644 --- a/source3/rpc_server/rpc_server.c +++ b/source3/rpc_server/rpc_server.c @@ -32,15 +32,15 @@ #define SERVER_TCP_HIGH_PORT 1300 static NTSTATUS auth_anonymous_session_info(TALLOC_CTX *mem_ctx, - struct auth_session_info_transport **session_info) + struct auth_session_info **session_info) { - struct auth_session_info_transport *i; + struct auth_session_info *i; struct auth_serversupplied_info *s; struct auth_user_info_dc *u; union netr_Validation val; NTSTATUS status; - i = talloc_zero(mem_ctx, struct auth_session_info_transport); + i = talloc_zero(mem_ctx, struct auth_session_info); if (i == NULL) { return NT_STATUS_NO_MEMORY; } @@ -81,7 +81,7 @@ static int make_server_pipes_struct(TALLOC_CTX *mem_ctx, bool ncalrpc_as_system, const char *client_address, const char *server_address, - struct auth_session_info_transport *session_info, + struct auth_session_info *session_info, struct pipes_struct **_p, int *perrno) { @@ -355,7 +355,7 @@ struct named_pipe_client { char *client_name; struct tsocket_address *server; char *server_name; - struct auth_session_info_transport *session_info; + struct auth_session_info *session_info; struct pipes_struct *p; @@ -433,6 +433,7 @@ static void named_pipe_packet_done(struct tevent_req *subreq); static void named_pipe_accept_done(struct tevent_req *subreq) { + struct auth_session_info_transport *session_info_transport; struct named_pipe_client *npc = tevent_req_callback_data(subreq, struct named_pipe_client); const char *cli_addr; @@ -445,7 +446,10 @@ static void named_pipe_accept_done(struct tevent_req *subreq) &npc->client_name, &npc->server, &npc->server_name, - &npc->session_info); + &session_info_transport); + + npc->session_info = talloc_move(npc, &session_info_transport->session_info); + TALLOC_FREE(subreq); if (ret != 0) { DEBUG(2, ("Failed to accept named pipe connection! (%s)\n", @@ -996,7 +1000,7 @@ struct dcerpc_ncacn_conn { char *client_name; struct tsocket_address *server; char *server_name; - struct auth_session_info_transport *session_info; + struct auth_session_info *session_info; struct iovec *iov; size_t count; diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/pygensec.c index 5fe3703138..fd9726eb75 100644 --- a/source4/auth/gensec/pygensec.c +++ b/source4/auth/gensec/pygensec.c @@ -271,7 +271,7 @@ static PyObject *py_gensec_session_info(PyObject *self) return NULL; } - py_session_info = py_return_ndr_struct("samba.auth", "AuthSession", + py_session_info = py_return_ndr_struct("samba.dcerpc.auth", "session_info", info, info); return py_session_info; } diff --git a/source4/auth/pyauth.c b/source4/auth/pyauth.c index 9cb770b798..a4ba88c581 100644 --- a/source4/auth/pyauth.c +++ b/source4/auth/pyauth.c @@ -46,72 +46,9 @@ typedef intargfunc ssizeargfunc; #define Py_RETURN_NONE return Py_INCREF(Py_None), Py_None #endif -static PyObject *py_auth_session_get_security_token(PyObject *self, void *closure) +static PyObject *PyAuthSession_FromSession(struct auth_session_info *session) { - struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info); - PyObject *py_security_token; - py_security_token = py_return_ndr_struct("samba.dcerpc.security", "token", - session->security_token, session->security_token); - return py_security_token; -} - -static int py_auth_session_set_security_token(PyObject *self, PyObject *value, void *closure) -{ - struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info); - session->security_token = talloc_reference(session, py_talloc_get_ptr(value)); - return 0; -} - -static PyObject *py_auth_session_get_session_key(PyObject *self, void *closure) -{ - struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info); - return PyString_FromStringAndSize((char *)session->session_key.data, session->session_key.length); -} - -static int py_auth_session_set_session_key(PyObject *self, PyObject *value, void *closure) -{ - DATA_BLOB val; - struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info); - val.data = (uint8_t *)PyString_AsString(value); - val.length = PyString_Size(value); - - session->session_key = data_blob_talloc(session, val.data, val.length); - return 0; -} - -static PyObject *py_auth_session_get_credentials(PyObject *self, void *closure) -{ - struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info); - PyObject *py_credentials; - /* This is evil, as the credentials are not IDL structures */ - py_credentials = py_return_ndr_struct("samba.credentials", "Credentials", session->credentials, session->credentials); - return py_credentials; -} - -static int py_auth_session_set_credentials(PyObject *self, PyObject *value, void *closure) -{ - struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info); - session->credentials = talloc_reference(session, PyCredentials_AsCliCredentials(value)); - return 0; -} - -static PyGetSetDef py_auth_session_getset[] = { - { discard_const_p(char, "security_token"), (getter)py_auth_session_get_security_token, (setter)py_auth_session_set_security_token, NULL }, - { discard_const_p(char, "session_key"), (getter)py_auth_session_get_session_key, (setter)py_auth_session_set_session_key, NULL }, - { discard_const_p(char, "credentials"), (getter)py_auth_session_get_credentials, (setter)py_auth_session_set_credentials, NULL }, - { NULL } -}; - -static PyTypeObject PyAuthSession = { - .tp_name = "AuthSession", - .tp_basicsize = sizeof(py_talloc_Object), - .tp_flags = Py_TPFLAGS_DEFAULT, - .tp_getset = py_auth_session_getset, -}; - -PyObject *PyAuthSession_FromSession(struct auth_session_info *session) -{ - return py_talloc_reference(&PyAuthSession, session); + return py_return_ndr_struct("samba.dcerpc.auth", "session_info", session, session); } static PyObject *py_system_session(PyObject *module, PyObject *args) @@ -378,13 +315,6 @@ void initauth(void) { PyObject *m; - PyAuthSession.tp_base = PyTalloc_GetObjectType(); - if (PyAuthSession.tp_base == NULL) - return; - - if (PyType_Ready(&PyAuthSession) < 0) - return; - PyAuthContext.tp_base = PyTalloc_GetObjectType(); if (PyAuthContext.tp_base == NULL) return; @@ -397,8 +327,6 @@ void initauth(void) if (m == NULL) return; - Py_INCREF(&PyAuthSession); - PyModule_AddObject(m, "AuthSession", (PyObject *)&PyAuthSession); Py_INCREF(&PyAuthContext); PyModule_AddObject(m, "AuthContext", (PyObject *)&PyAuthContext); diff --git a/source4/auth/pyauth.h b/source4/auth/pyauth.h index 38fd2a56a8..60fd2e5d14 100644 --- a/source4/auth/pyauth.h +++ b/source4/auth/pyauth.h @@ -24,8 +24,6 @@ #include "auth/session.h" #define PyAuthSession_AsSession(obj) py_talloc_get_type(obj, struct auth_session_info) -#define PyAuthSession_Check(obj) PyObject_TypeCheck(obj, &PyAuthSession) struct auth_session_info *PyObject_AsSession(PyObject *obj); -PyObject *PyAuthSession_FromSession(struct auth_session_info *session); #endif /* _PYAUTH_H */ diff --git a/source4/auth/session.c b/source4/auth/session.c index 9475104569..7a4dc5426b 100644 --- a/source4/auth/session.c +++ b/source4/auth/session.c @@ -155,9 +155,8 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } -/* Create a session_info structure from the - * auth_session_info_transport we were forwarded over named pipe - * forwarding. +/* Fill out the auth_session_info with a cli_credentials based on the + * auth_session_info we were forwarded over named pipe forwarding. * * NOTE: The stucture members of session_info_transport are stolen * with talloc_move() into auth_session_info for long term use @@ -168,16 +167,7 @@ struct auth_session_info *auth_session_info_from_transport(TALLOC_CTX *mem_ctx, const char **reason) { struct auth_session_info *session_info; - session_info = talloc_zero(mem_ctx, struct auth_session_info); - if (!session_info) { - *reason = "failed to allocate session_info"; - return NULL; - } - - session_info->security_token = talloc_move(session_info, &session_info_transport->security_token); - session_info->info = talloc_move(session_info, &session_info_transport->info); - session_info->session_key = session_info_transport->session_key; - session_info->session_key.data = talloc_move(session_info, &session_info_transport->session_key.data); + session_info = talloc_steal(mem_ctx, session_info_transport->session_info); if (session_info_transport->exported_gssapi_credentials.length) { struct cli_credentials *creds; @@ -236,9 +226,8 @@ struct auth_session_info *auth_session_info_from_transport(TALLOC_CTX *mem_ctx, /* Create a auth_session_info_transport from an auth_session_info. * - * NOTE: Members of the auth_session_info_transport structure are not talloc_referenced, but simply assigned. They are only valid for the lifetime of the struct auth_session_info - * - * This isn't normally an issue, as the auth_session_info has a very long typical life + * NOTE: Members of the auth_session_info_transport structure are + * talloc_referenced() into this structure, and should not be changed. */ NTSTATUS auth_session_info_transport_from_session(TALLOC_CTX *mem_ctx, struct auth_session_info *session_info, @@ -247,18 +236,15 @@ NTSTATUS auth_session_info_transport_from_session(TALLOC_CTX *mem_ctx, struct auth_session_info_transport **transport_out) { - struct auth_session_info_transport *session_info_transport = talloc_zero(mem_ctx, struct auth_session_info_transport); - session_info_transport->security_token = talloc_reference(session_info, session_info->security_token); - NT_STATUS_HAVE_NO_MEMORY(session_info_transport->security_token); - - session_info_transport->info = talloc_reference(session_info, session_info->info); - NT_STATUS_HAVE_NO_MEMORY(session_info_transport->info); - - session_info_transport->session_key = session_info->session_key; - session_info_transport->session_key.data = talloc_reference(session_info, session_info->session_key.data); - if (!session_info_transport->session_key.data && session_info->session_key.length) { + struct auth_session_info_transport *session_info_transport + = talloc_zero(mem_ctx, struct auth_session_info_transport); + if (!session_info_transport) { return NT_STATUS_NO_MEMORY; - } + }; + session_info_transport->session_info = talloc_reference(session_info_transport, session_info); + if (!session_info_transport->session_info) { + return NT_STATUS_NO_MEMORY; + }; if (session_info->credentials) { struct gssapi_creds_container *gcc; diff --git a/source4/lib/ldb-samba/pyldb.c b/source4/lib/ldb-samba/pyldb.c index 472a4664ea..ff48a3bb04 100644 --- a/source4/lib/ldb-samba/pyldb.c +++ b/source4/lib/ldb-samba/pyldb.c @@ -174,11 +174,11 @@ static PyObject *py_ldb_set_session_info(PyObject *self, PyObject *args) PyObject *PyAuthSession_Type; bool ret; - mod_samba_auth = PyImport_ImportModule("samba.auth"); + mod_samba_auth = PyImport_ImportModule("samba.dcerpc.auth"); if (mod_samba_auth == NULL) return NULL; - PyAuthSession_Type = PyObject_GetAttrString(mod_samba_auth, "AuthSession"); + PyAuthSession_Type = PyObject_GetAttrString(mod_samba_auth, "session_info"); if (PyAuthSession_Type == NULL) return NULL; diff --git a/source4/librpc/ndr/py_auth.c b/source4/librpc/ndr/py_auth.c new file mode 100644 index 0000000000..40164e0981 --- /dev/null +++ b/source4/librpc/ndr/py_auth.c @@ -0,0 +1,74 @@ +/* + Unix SMB/CIFS implementation. + Copyright (C) Jelmer Vernooij 2007-2008 + Copyright (C) Andrew Bartlett 2011 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include +#include "includes.h" +#include "libcli/util/pyerrors.h" +#include "pyauth.h" +#include "auth/auth.h" +#include "auth/credentials/pycredentials.h" +#include "librpc/rpc/pyrpc_util.h" + +#ifndef Py_RETURN_NONE +#define Py_RETURN_NONE return Py_INCREF(Py_None), Py_None +#endif + +static void PyType_AddGetSet(PyTypeObject *type, PyGetSetDef *getset) +{ + PyObject *dict; + int i; + if (type->tp_dict == NULL) + type->tp_dict = PyDict_New(); + dict = type->tp_dict; + for (i = 0; getset[i].name; i++) { + PyObject *descr; + descr = PyDescr_NewGetSet(type, &getset[i]); + PyDict_SetItemString(dict, getset[i].name, + descr); + } +} + +static PyObject *py_auth_session_get_credentials(PyObject *self, void *closure) +{ + struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info); + PyObject *py_credentials; + /* This is evil, as the credentials are not IDL structures */ + py_credentials = py_return_ndr_struct("samba.credentials", "Credentials", session->credentials, session->credentials); + return py_credentials; +} + +static int py_auth_session_set_credentials(PyObject *self, PyObject *value, void *closure) +{ + struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info); + session->credentials = talloc_reference(session, PyCredentials_AsCliCredentials(value)); + return 0; +} + +static PyGetSetDef py_auth_session_extra_getset[] = { + { discard_const_p(char, "credentials"), (getter)py_auth_session_get_credentials, (setter)py_auth_session_set_credentials, NULL }, + { NULL } +}; + +static void py_auth_session_info_patch(PyTypeObject *type) +{ + PyType_AddGetSet(type, py_auth_session_extra_getset); +} + +#define PY_SESSION_INFO_PATCH py_auth_session_info_patch + diff --git a/source4/librpc/wscript_build b/source4/librpc/wscript_build index 8d1e9a8220..ce015ccaa5 100755 --- a/source4/librpc/wscript_build +++ b/source4/librpc/wscript_build @@ -199,6 +199,17 @@ bld.SAMBA_PYTHON('python_echo', realname='samba/dcerpc/echo.so' ) +bld.SAMBA_PYTHON('python_auth', + source='../../librpc/gen_ndr/py_auth.c', + deps='NDR_AUTH pytalloc-util pyrpc_util', + realname='samba/dcerpc/auth.so' + ) + +bld.SAMBA_PYTHON('python_krb5pac', + source='../../librpc/gen_ndr/py_krb5pac.c', + deps='ndr-krb5pac pytalloc-util pyrpc_util', + realname='samba/dcerpc/krb5pac.so' + ) bld.SAMBA_PYTHON('python_winreg', source='../../librpc/gen_ndr/py_winreg.c', -- cgit