/* [<][>][^][v][top][bottom][index][help] */
DEFINITIONS
This source file includes following definitions.
- PyType_AddMethods
- py_dom_sid_cmp
- py_dom_sid_str
- py_dom_sid_repr
- py_dom_sid_init
- py_dom_sid_patch
- py_descriptor_sacl_add
- py_descriptor_dacl_add
- py_descriptor_dacl_del
- py_descriptor_sacl_del
- py_descriptor_new
- py_descriptor_from_sddl
- py_descriptor_as_sddl
- py_descriptor_patch
- py_token_is_sid
- py_token_has_sid
- py_token_is_anonymous
- py_token_is_system
- py_token_has_builtin_administrators
- py_token_has_nt_authenticated_users
- py_token_has_privilege
- py_token_set_privilege
- py_token_new
- py_token_patch
- py_privilege_name
- py_privilege_id
- py_random_sid
- py_mod_security_patch
1 /*
2 Unix SMB/CIFS implementation.
3 Samba utility functions
4 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19 #include <Python.h>
20 #include "libcli/security/security.h"
21
22 #ifndef Py_RETURN_NONE
23 #define Py_RETURN_NONE return Py_INCREF(Py_None), Py_None
24 #endif
25
26 static void PyType_AddMethods(PyTypeObject *type, PyMethodDef *methods)
/* [<][>][^][v][top][bottom][index][help] */
27 {
28 PyObject *dict;
29 int i;
30 if (type->tp_dict == NULL)
31 type->tp_dict = PyDict_New();
32 dict = type->tp_dict;
33 for (i = 0; methods[i].ml_name; i++) {
34 PyObject *descr;
35 if (methods[i].ml_flags & METH_CLASS)
36 descr = PyCFunction_New(&methods[i], (PyObject *)type);
37 else
38 descr = PyDescr_NewMethod(type, &methods[i]);
39 PyDict_SetItemString(dict, methods[i].ml_name,
40 descr);
41 }
42 }
43
44 static int py_dom_sid_cmp(PyObject *py_self, PyObject *py_other)
/* [<][>][^][v][top][bottom][index][help] */
45 {
46 struct dom_sid *self = py_talloc_get_ptr(py_self), *other;
47 other = py_talloc_get_ptr(py_other);
48 if (other == NULL)
49 return -1;
50
51 return dom_sid_compare(self, other);
52 }
53
54 static PyObject *py_dom_sid_str(PyObject *py_self)
/* [<][>][^][v][top][bottom][index][help] */
55 {
56 struct dom_sid *self = py_talloc_get_ptr(py_self);
57 char *str = dom_sid_string(NULL, self);
58 PyObject *ret = PyString_FromString(str);
59 talloc_free(str);
60 return ret;
61 }
62
63 static PyObject *py_dom_sid_repr(PyObject *py_self)
/* [<][>][^][v][top][bottom][index][help] */
64 {
65 struct dom_sid *self = py_talloc_get_ptr(py_self);
66 char *str = dom_sid_string(NULL, self);
67 PyObject *ret = PyString_FromFormat("dom_sid('%s')", str);
68 talloc_free(str);
69 return ret;
70 }
71
72 static int py_dom_sid_init(PyObject *self, PyObject *args, PyObject *kwargs)
/* [<][>][^][v][top][bottom][index][help] */
73 {
74 char *str = NULL;
75 struct dom_sid *sid = py_talloc_get_ptr(self);
76 const char *kwnames[] = { "str", NULL };
77
78 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|s", discard_const_p(char *, kwnames), &str))
79 return -1;
80
81 if (str != NULL && !dom_sid_parse(str, sid)) {
82 PyErr_SetString(PyExc_TypeError, "Unable to parse string");
83 return -1;
84 }
85
86 return 0;
87 }
88
89 static void py_dom_sid_patch(PyTypeObject *type)
/* [<][>][^][v][top][bottom][index][help] */
90 {
91 type->tp_init = py_dom_sid_init;
92 type->tp_str = py_dom_sid_str;
93 type->tp_repr = py_dom_sid_repr;
94 type->tp_compare = py_dom_sid_cmp;
95 }
96
97 #define PY_DOM_SID_PATCH py_dom_sid_patch
98
99 static PyObject *py_descriptor_sacl_add(PyObject *self, PyObject *args)
/* [<][>][^][v][top][bottom][index][help] */
100 {
101 struct security_descriptor *desc = py_talloc_get_ptr(self);
102 NTSTATUS status;
103 struct security_ace *ace;
104 PyObject *py_ace;
105
106 if (!PyArg_ParseTuple(args, "O", &py_ace))
107 return NULL;
108
109 ace = py_talloc_get_ptr(py_ace);
110 status = security_descriptor_sacl_add(desc, ace);
111 PyErr_NTSTATUS_IS_ERR_RAISE(status);
112 Py_RETURN_NONE;
113 }
114
115 static PyObject *py_descriptor_dacl_add(PyObject *self, PyObject *args)
/* [<][>][^][v][top][bottom][index][help] */
116 {
117 struct security_descriptor *desc = py_talloc_get_ptr(self);
118 NTSTATUS status;
119 struct security_ace *ace;
120 PyObject *py_ace;
121
122 if (!PyArg_ParseTuple(args, "O", &py_ace))
123 return NULL;
124
125 ace = py_talloc_get_ptr(py_ace);
126
127 status = security_descriptor_dacl_add(desc, ace);
128 PyErr_NTSTATUS_IS_ERR_RAISE(status);
129 Py_RETURN_NONE;
130 }
131
132 static PyObject *py_descriptor_dacl_del(PyObject *self, PyObject *args)
/* [<][>][^][v][top][bottom][index][help] */
133 {
134 struct security_descriptor *desc = py_talloc_get_ptr(self);
135 NTSTATUS status;
136 struct dom_sid *sid;
137 PyObject *py_sid;
138
139 if (!PyArg_ParseTuple(args, "O", &py_sid))
140 return NULL;
141
142 sid = py_talloc_get_ptr(py_sid);
143 status = security_descriptor_dacl_del(desc, sid);
144 PyErr_NTSTATUS_IS_ERR_RAISE(status);
145 Py_RETURN_NONE;
146 }
147
148 static PyObject *py_descriptor_sacl_del(PyObject *self, PyObject *args)
/* [<][>][^][v][top][bottom][index][help] */
149 {
150 struct security_descriptor *desc = py_talloc_get_ptr(self);
151 NTSTATUS status;
152 struct dom_sid *sid;
153 PyObject *py_sid;
154
155 if (!PyArg_ParseTuple(args, "O", &py_sid))
156 return NULL;
157
158 sid = py_talloc_get_ptr(py_sid);
159 status = security_descriptor_sacl_del(desc, sid);
160 PyErr_NTSTATUS_IS_ERR_RAISE(status);
161 Py_RETURN_NONE;
162 }
163
164 static PyObject *py_descriptor_new(PyTypeObject *self, PyObject *args, PyObject *kwargs)
/* [<][>][^][v][top][bottom][index][help] */
165 {
166 return py_talloc_import(self, security_descriptor_initialise(NULL));
167 }
168
169 static PyObject *py_descriptor_from_sddl(PyObject *self, PyObject *args)
/* [<][>][^][v][top][bottom][index][help] */
170 {
171 struct security_descriptor *secdesc;
172 char *sddl;
173 PyObject *py_sid;
174 struct dom_sid *sid;
175
176 if (!PyArg_ParseTuple(args, "sO", &sddl, &py_sid))
177 return NULL;
178
179 sid = py_talloc_get_ptr(py_sid);
180
181 secdesc = sddl_decode(NULL, sddl, sid);
182 if (secdesc == NULL) {
183 PyErr_SetString(PyExc_TypeError, "Unable to parse SDDL");
184 return NULL;
185 }
186
187 return py_talloc_import((PyTypeObject *)self, secdesc);
188 }
189
190 static PyObject *py_descriptor_as_sddl(PyObject *self, PyObject *py_sid)
/* [<][>][^][v][top][bottom][index][help] */
191 {
192 struct dom_sid *sid = py_talloc_get_ptr(py_sid);
193 struct security_descriptor *desc = py_talloc_get_ptr(self);
194 char *text;
195 PyObject *ret;
196
197 text = sddl_encode(NULL, desc, sid);
198
199 ret = PyString_FromString(text);
200
201 talloc_free(text);
202
203 return ret;
204 }
205
206 static PyMethodDef py_descriptor_extra_methods[] = {
207 { "sacl_add", (PyCFunction)py_descriptor_sacl_add, METH_VARARGS,
208 "S.sacl_add(ace) -> None\n"
209 "Add a security ace to this security descriptor" },
210 { "dacl_add", (PyCFunction)py_descriptor_dacl_add, METH_VARARGS,
211 NULL },
212 { "dacl_del", (PyCFunction)py_descriptor_dacl_del, METH_VARARGS,
213 NULL },
214 { "sacl_del", (PyCFunction)py_descriptor_sacl_del, METH_VARARGS,
215 NULL },
216 { "from_sddl", (PyCFunction)py_descriptor_from_sddl, METH_VARARGS|METH_CLASS,
217 NULL },
218 { "as_sddl", (PyCFunction)py_descriptor_as_sddl, METH_O,
219 NULL },
220 { NULL }
221 };
222
223 static void py_descriptor_patch(PyTypeObject *type)
/* [<][>][^][v][top][bottom][index][help] */
224 {
225 type->tp_new = py_descriptor_new;
226 PyType_AddMethods(type, py_descriptor_extra_methods);
227 }
228
229 #define PY_DESCRIPTOR_PATCH py_descriptor_patch
230
231 static PyObject *py_token_is_sid(PyObject *self, PyObject *args)
/* [<][>][^][v][top][bottom][index][help] */
232 {
233 PyObject *py_sid;
234 struct dom_sid *sid;
235 struct security_token *token = py_talloc_get_ptr(self);
236 if (!PyArg_ParseTuple(args, "O", &py_sid))
237 return NULL;
238
239 sid = py_talloc_get_ptr(py_sid);
240
241 return PyBool_FromLong(security_token_is_sid(token, sid));
242 }
243
244 static PyObject *py_token_has_sid(PyObject *self, PyObject *args)
/* [<][>][^][v][top][bottom][index][help] */
245 {
246 PyObject *py_sid;
247 struct dom_sid *sid;
248 struct security_token *token = py_talloc_get_ptr(self);
249 if (!PyArg_ParseTuple(args, "O", &py_sid))
250 return NULL;
251
252 sid = py_talloc_get_ptr(py_sid);
253
254 return PyBool_FromLong(security_token_has_sid(token, sid));
255 }
256
257 static PyObject *py_token_is_anonymous(PyObject *self)
/* [<][>][^][v][top][bottom][index][help] */
258 {
259 struct security_token *token = py_talloc_get_ptr(self);
260
261 return PyBool_FromLong(security_token_is_anonymous(token));
262 }
263
264 static PyObject *py_token_is_system(PyObject *self)
/* [<][>][^][v][top][bottom][index][help] */
265 {
266 struct security_token *token = py_talloc_get_ptr(self);
267
268 return PyBool_FromLong(security_token_is_system(token));
269 }
270
271 static PyObject *py_token_has_builtin_administrators(PyObject *self)
/* [<][>][^][v][top][bottom][index][help] */
272 {
273 struct security_token *token = py_talloc_get_ptr(self);
274
275 return PyBool_FromLong(security_token_has_builtin_administrators(token));
276 }
277
278 static PyObject *py_token_has_nt_authenticated_users(PyObject *self)
/* [<][>][^][v][top][bottom][index][help] */
279 {
280 struct security_token *token = py_talloc_get_ptr(self);
281
282 return PyBool_FromLong(security_token_has_nt_authenticated_users(token));
283 }
284
285 static PyObject *py_token_has_privilege(PyObject *self, PyObject *args)
/* [<][>][^][v][top][bottom][index][help] */
286 {
287 int priv;
288 struct security_token *token = py_talloc_get_ptr(self);
289
290 if (!PyArg_ParseTuple(args, "i", &priv))
291 return NULL;
292
293 return PyBool_FromLong(security_token_has_privilege(token, priv));
294 }
295
296 static PyObject *py_token_set_privilege(PyObject *self, PyObject *args)
/* [<][>][^][v][top][bottom][index][help] */
297 {
298 int priv;
299 struct security_token *token = py_talloc_get_ptr(self);
300
301 if (!PyArg_ParseTuple(args, "i", &priv))
302 return NULL;
303
304 security_token_set_privilege(token, priv);
305 Py_RETURN_NONE;
306 }
307
308 static PyObject *py_token_new(PyTypeObject *self, PyObject *args, PyObject *kwargs)
/* [<][>][^][v][top][bottom][index][help] */
309 {
310 return py_talloc_import(self, security_token_initialise(NULL));
311 }
312
313 static PyMethodDef py_token_extra_methods[] = {
314 { "is_sid", (PyCFunction)py_token_is_sid, METH_VARARGS,
315 "S.is_sid(sid) -> bool\n"
316 "Check whether this token is of the specified SID." },
317 { "has_sid", (PyCFunction)py_token_has_sid, METH_VARARGS,
318 NULL },
319 { "is_anonymous", (PyCFunction)py_token_is_anonymous, METH_NOARGS,
320 "S.is_anonymus() -> bool\n"
321 "Check whether this is an anonymous token." },
322 { "is_system", (PyCFunction)py_token_is_system, METH_NOARGS,
323 NULL },
324 { "has_builtin_administrators", (PyCFunction)py_token_has_builtin_administrators, METH_NOARGS,
325 NULL },
326 { "has_nt_authenticated_users", (PyCFunction)py_token_has_nt_authenticated_users, METH_NOARGS,
327 NULL },
328 { "has_privilege", (PyCFunction)py_token_has_privilege, METH_VARARGS,
329 NULL },
330 { "set_privilege", (PyCFunction)py_token_set_privilege, METH_VARARGS,
331 NULL },
332 { NULL }
333 };
334
335 #define PY_TOKEN_PATCH py_token_patch
336 static void py_token_patch(PyTypeObject *type)
/* [<][>][^][v][top][bottom][index][help] */
337 {
338 type->tp_new = py_token_new;
339 PyType_AddMethods(type, py_token_extra_methods);
340 }
341
342 static PyObject *py_privilege_name(PyObject *self, PyObject *args)
/* [<][>][^][v][top][bottom][index][help] */
343 {
344 int priv;
345 if (!PyArg_ParseTuple(args, "i", &priv))
346 return NULL;
347
348 return PyString_FromString(sec_privilege_name(priv));
349 }
350
351 static PyObject *py_privilege_id(PyObject *self, PyObject *args)
/* [<][>][^][v][top][bottom][index][help] */
352 {
353 char *name;
354
355 if (!PyArg_ParseTuple(args, "s", &name))
356 return NULL;
357
358 return PyInt_FromLong(sec_privilege_id(name));
359 }
360
361 static PyObject *py_random_sid(PyObject *self)
/* [<][>][^][v][top][bottom][index][help] */
362 {
363 struct dom_sid *sid;
364 PyObject *ret;
365 char *str = talloc_asprintf(NULL, "S-1-5-21-%u-%u-%u",
366 (unsigned)generate_random(),
367 (unsigned)generate_random(),
368 (unsigned)generate_random());
369
370 sid = dom_sid_parse_talloc(NULL, str);
371 talloc_free(str);
372 ret = py_talloc_import(&dom_sid_Type, sid);
373 talloc_free(sid);
374 return ret;
375 }
376
377 static PyMethodDef py_mod_security_extra_methods[] = {
378 { "random_sid", (PyCFunction)py_random_sid, METH_NOARGS, NULL },
379 { "privilege_id", (PyCFunction)py_privilege_id, METH_VARARGS, NULL },
380 { "privilege_name", (PyCFunction)py_privilege_name, METH_VARARGS, NULL },
381 { NULL }
382 };
383
384 static void py_mod_security_patch(PyObject *m)
/* [<][>][^][v][top][bottom][index][help] */
385 {
386 int i;
387 for (i = 0; py_mod_security_extra_methods[i].ml_name; i++) {
388 PyObject *descr = PyCFunction_New(&py_mod_security_extra_methods[i], NULL);
389 PyModule_AddObject(m, py_mod_security_extra_methods[i].ml_name,
390 descr);
391 }
392 }
393
394 #define PY_MOD_SECURITY_PATCH py_mod_security_patch