root/source4/librpc/ndr/py_security.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. PyType_AddMethods
  2. py_dom_sid_cmp
  3. py_dom_sid_str
  4. py_dom_sid_repr
  5. py_dom_sid_init
  6. py_dom_sid_patch
  7. py_descriptor_sacl_add
  8. py_descriptor_dacl_add
  9. py_descriptor_dacl_del
  10. py_descriptor_sacl_del
  11. py_descriptor_new
  12. py_descriptor_from_sddl
  13. py_descriptor_as_sddl
  14. py_descriptor_patch
  15. py_token_is_sid
  16. py_token_has_sid
  17. py_token_is_anonymous
  18. py_token_is_system
  19. py_token_has_builtin_administrators
  20. py_token_has_nt_authenticated_users
  21. py_token_has_privilege
  22. py_token_set_privilege
  23. py_token_new
  24. py_token_patch
  25. py_privilege_name
  26. py_privilege_id
  27. py_random_sid
  28. py_mod_security_patch

   1 /* 
   2    Unix SMB/CIFS implementation.
   3    Samba utility functions
   4    Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008
   5    
   6    This program is free software; you can redistribute it and/or modify
   7    it under the terms of the GNU General Public License as published by
   8    the Free Software Foundation; either version 3 of the License, or
   9    (at your option) any later version.
  10    
  11    This program is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14    GNU General Public License for more details.
  15    
  16    You should have received a copy of the GNU General Public License
  17    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18 */
  19 #include <Python.h>
  20 #include "libcli/security/security.h"
  21 
  22 #ifndef Py_RETURN_NONE
  23 #define Py_RETURN_NONE return Py_INCREF(Py_None), Py_None
  24 #endif
  25 
  26 static void PyType_AddMethods(PyTypeObject *type, PyMethodDef *methods)
     /* [<][>][^][v][top][bottom][index][help] */
  27 {
  28         PyObject *dict;
  29         int i;
  30         if (type->tp_dict == NULL)
  31                 type->tp_dict = PyDict_New();
  32         dict = type->tp_dict;
  33         for (i = 0; methods[i].ml_name; i++) {
  34                 PyObject *descr;
  35                 if (methods[i].ml_flags & METH_CLASS) 
  36                         descr = PyCFunction_New(&methods[i], (PyObject *)type);
  37                 else 
  38                         descr = PyDescr_NewMethod(type, &methods[i]);
  39                 PyDict_SetItemString(dict, methods[i].ml_name, 
  40                                      descr);
  41         }
  42 }
  43 
  44 static int py_dom_sid_cmp(PyObject *py_self, PyObject *py_other)
     /* [<][>][^][v][top][bottom][index][help] */
  45 {
  46         struct dom_sid *self = py_talloc_get_ptr(py_self), *other;
  47         other = py_talloc_get_ptr(py_other);
  48         if (other == NULL)
  49                 return -1;
  50 
  51         return dom_sid_compare(self, other);
  52 }
  53 
  54 static PyObject *py_dom_sid_str(PyObject *py_self)
     /* [<][>][^][v][top][bottom][index][help] */
  55 {
  56         struct dom_sid *self = py_talloc_get_ptr(py_self);
  57         char *str = dom_sid_string(NULL, self);
  58         PyObject *ret = PyString_FromString(str);
  59         talloc_free(str);
  60         return ret;
  61 }
  62 
  63 static PyObject *py_dom_sid_repr(PyObject *py_self)
     /* [<][>][^][v][top][bottom][index][help] */
  64 {
  65         struct dom_sid *self = py_talloc_get_ptr(py_self);
  66         char *str = dom_sid_string(NULL, self);
  67         PyObject *ret = PyString_FromFormat("dom_sid('%s')", str);
  68         talloc_free(str);
  69         return ret;
  70 }
  71 
  72 static int py_dom_sid_init(PyObject *self, PyObject *args, PyObject *kwargs)
     /* [<][>][^][v][top][bottom][index][help] */
  73 {
  74         char *str = NULL;
  75         struct dom_sid *sid = py_talloc_get_ptr(self);
  76         const char *kwnames[] = { "str", NULL };
  77 
  78         if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|s", discard_const_p(char *, kwnames), &str))
  79                 return -1;
  80 
  81         if (str != NULL && !dom_sid_parse(str, sid)) {
  82                 PyErr_SetString(PyExc_TypeError, "Unable to parse string");
  83                 return -1;
  84         }
  85 
  86         return 0;
  87 }
  88 
  89 static void py_dom_sid_patch(PyTypeObject *type)
     /* [<][>][^][v][top][bottom][index][help] */
  90 {
  91         type->tp_init = py_dom_sid_init;
  92         type->tp_str = py_dom_sid_str;
  93         type->tp_repr = py_dom_sid_repr;
  94         type->tp_compare = py_dom_sid_cmp;
  95 }
  96 
  97 #define PY_DOM_SID_PATCH py_dom_sid_patch
  98 
  99 static PyObject *py_descriptor_sacl_add(PyObject *self, PyObject *args)
     /* [<][>][^][v][top][bottom][index][help] */
 100 {
 101         struct security_descriptor *desc = py_talloc_get_ptr(self);
 102         NTSTATUS status;
 103         struct security_ace *ace;
 104         PyObject *py_ace;
 105 
 106         if (!PyArg_ParseTuple(args, "O", &py_ace))
 107                 return NULL;
 108 
 109         ace = py_talloc_get_ptr(py_ace);
 110         status = security_descriptor_sacl_add(desc, ace);
 111         PyErr_NTSTATUS_IS_ERR_RAISE(status);
 112         Py_RETURN_NONE;
 113 }
 114 
 115 static PyObject *py_descriptor_dacl_add(PyObject *self, PyObject *args)
     /* [<][>][^][v][top][bottom][index][help] */
 116 {
 117         struct security_descriptor *desc = py_talloc_get_ptr(self);
 118         NTSTATUS status;
 119         struct security_ace *ace;
 120         PyObject *py_ace;
 121 
 122         if (!PyArg_ParseTuple(args, "O", &py_ace))
 123                 return NULL;
 124 
 125         ace = py_talloc_get_ptr(py_ace);
 126 
 127         status = security_descriptor_dacl_add(desc, ace);
 128         PyErr_NTSTATUS_IS_ERR_RAISE(status);
 129         Py_RETURN_NONE;
 130 }
 131 
 132 static PyObject *py_descriptor_dacl_del(PyObject *self, PyObject *args)
     /* [<][>][^][v][top][bottom][index][help] */
 133 {
 134         struct security_descriptor *desc = py_talloc_get_ptr(self);
 135         NTSTATUS status;
 136         struct dom_sid *sid;
 137         PyObject *py_sid;
 138 
 139         if (!PyArg_ParseTuple(args, "O", &py_sid))
 140                 return NULL;
 141 
 142         sid = py_talloc_get_ptr(py_sid);
 143         status = security_descriptor_dacl_del(desc, sid);
 144         PyErr_NTSTATUS_IS_ERR_RAISE(status);
 145         Py_RETURN_NONE;
 146 }
 147 
 148 static PyObject *py_descriptor_sacl_del(PyObject *self, PyObject *args)
     /* [<][>][^][v][top][bottom][index][help] */
 149 {
 150         struct security_descriptor *desc = py_talloc_get_ptr(self);
 151         NTSTATUS status;
 152         struct dom_sid *sid;
 153         PyObject *py_sid;
 154 
 155         if (!PyArg_ParseTuple(args, "O", &py_sid))
 156                 return NULL;
 157 
 158         sid = py_talloc_get_ptr(py_sid);
 159         status = security_descriptor_sacl_del(desc, sid);
 160         PyErr_NTSTATUS_IS_ERR_RAISE(status);
 161         Py_RETURN_NONE;
 162 }
 163 
 164 static PyObject *py_descriptor_new(PyTypeObject *self, PyObject *args, PyObject *kwargs)
     /* [<][>][^][v][top][bottom][index][help] */
 165 {
 166         return py_talloc_import(self, security_descriptor_initialise(NULL));
 167 }
 168 
 169 static PyObject *py_descriptor_from_sddl(PyObject *self, PyObject *args)
     /* [<][>][^][v][top][bottom][index][help] */
 170 {
 171         struct security_descriptor *secdesc;
 172         char *sddl;
 173         PyObject *py_sid;
 174         struct dom_sid *sid;
 175 
 176         if (!PyArg_ParseTuple(args, "sO", &sddl, &py_sid))
 177                 return NULL;
 178 
 179         sid = py_talloc_get_ptr(py_sid);
 180 
 181         secdesc = sddl_decode(NULL, sddl, sid);
 182         if (secdesc == NULL) {
 183                 PyErr_SetString(PyExc_TypeError, "Unable to parse SDDL");
 184                 return NULL;
 185         }
 186 
 187         return py_talloc_import((PyTypeObject *)self, secdesc);
 188 }
 189 
 190 static PyObject *py_descriptor_as_sddl(PyObject *self, PyObject *py_sid)
     /* [<][>][^][v][top][bottom][index][help] */
 191 {
 192         struct dom_sid *sid = py_talloc_get_ptr(py_sid);
 193         struct security_descriptor *desc = py_talloc_get_ptr(self);
 194         char *text;
 195         PyObject *ret;
 196 
 197         text = sddl_encode(NULL, desc, sid);
 198 
 199         ret = PyString_FromString(text);
 200 
 201         talloc_free(text);
 202 
 203         return ret;
 204 }
 205 
 206 static PyMethodDef py_descriptor_extra_methods[] = {
 207         { "sacl_add", (PyCFunction)py_descriptor_sacl_add, METH_VARARGS,
 208                 "S.sacl_add(ace) -> None\n"
 209                 "Add a security ace to this security descriptor" },
 210         { "dacl_add", (PyCFunction)py_descriptor_dacl_add, METH_VARARGS,
 211                 NULL },
 212         { "dacl_del", (PyCFunction)py_descriptor_dacl_del, METH_VARARGS,
 213                 NULL },
 214         { "sacl_del", (PyCFunction)py_descriptor_sacl_del, METH_VARARGS,
 215                 NULL },
 216         { "from_sddl", (PyCFunction)py_descriptor_from_sddl, METH_VARARGS|METH_CLASS, 
 217                 NULL },
 218         { "as_sddl", (PyCFunction)py_descriptor_as_sddl, METH_O,
 219                 NULL },
 220         { NULL }
 221 };
 222 
 223 static void py_descriptor_patch(PyTypeObject *type)
     /* [<][>][^][v][top][bottom][index][help] */
 224 {
 225         type->tp_new = py_descriptor_new;
 226         PyType_AddMethods(type, py_descriptor_extra_methods);
 227 }
 228 
 229 #define PY_DESCRIPTOR_PATCH py_descriptor_patch
 230 
 231 static PyObject *py_token_is_sid(PyObject *self, PyObject *args)
     /* [<][>][^][v][top][bottom][index][help] */
 232 {
 233         PyObject *py_sid;
 234         struct dom_sid *sid;
 235         struct security_token *token = py_talloc_get_ptr(self);
 236         if (!PyArg_ParseTuple(args, "O", &py_sid))
 237                 return NULL;
 238 
 239         sid = py_talloc_get_ptr(py_sid);
 240 
 241         return PyBool_FromLong(security_token_is_sid(token, sid));
 242 }
 243 
 244 static PyObject *py_token_has_sid(PyObject *self, PyObject *args)
     /* [<][>][^][v][top][bottom][index][help] */
 245 {
 246         PyObject *py_sid;
 247         struct dom_sid *sid;
 248         struct security_token *token = py_talloc_get_ptr(self);
 249         if (!PyArg_ParseTuple(args, "O", &py_sid))
 250                 return NULL;
 251 
 252         sid = py_talloc_get_ptr(py_sid);
 253 
 254         return PyBool_FromLong(security_token_has_sid(token, sid));
 255 }
 256 
 257 static PyObject *py_token_is_anonymous(PyObject *self)
     /* [<][>][^][v][top][bottom][index][help] */
 258 {
 259         struct security_token *token = py_talloc_get_ptr(self);
 260         
 261         return PyBool_FromLong(security_token_is_anonymous(token));
 262 }
 263 
 264 static PyObject *py_token_is_system(PyObject *self)
     /* [<][>][^][v][top][bottom][index][help] */
 265 {
 266         struct security_token *token = py_talloc_get_ptr(self);
 267         
 268         return PyBool_FromLong(security_token_is_system(token));
 269 }
 270 
 271 static PyObject *py_token_has_builtin_administrators(PyObject *self)
     /* [<][>][^][v][top][bottom][index][help] */
 272 {
 273         struct security_token *token = py_talloc_get_ptr(self);
 274         
 275         return PyBool_FromLong(security_token_has_builtin_administrators(token));
 276 }
 277 
 278 static PyObject *py_token_has_nt_authenticated_users(PyObject *self)
     /* [<][>][^][v][top][bottom][index][help] */
 279 {
 280         struct security_token *token = py_talloc_get_ptr(self);
 281         
 282         return PyBool_FromLong(security_token_has_nt_authenticated_users(token));
 283 }
 284 
 285 static PyObject *py_token_has_privilege(PyObject *self, PyObject *args)
     /* [<][>][^][v][top][bottom][index][help] */
 286 {
 287         int priv;
 288         struct security_token *token = py_talloc_get_ptr(self);
 289 
 290         if (!PyArg_ParseTuple(args, "i", &priv))
 291                 return NULL;
 292 
 293         return PyBool_FromLong(security_token_has_privilege(token, priv));
 294 }
 295 
 296 static PyObject *py_token_set_privilege(PyObject *self, PyObject *args)
     /* [<][>][^][v][top][bottom][index][help] */
 297 {
 298         int priv;
 299         struct security_token *token = py_talloc_get_ptr(self);
 300 
 301         if (!PyArg_ParseTuple(args, "i", &priv))
 302                 return NULL;
 303 
 304         security_token_set_privilege(token, priv);
 305         Py_RETURN_NONE;
 306 }
 307 
 308 static PyObject *py_token_new(PyTypeObject *self, PyObject *args, PyObject *kwargs)
     /* [<][>][^][v][top][bottom][index][help] */
 309 {
 310         return py_talloc_import(self, security_token_initialise(NULL));
 311 }       
 312 
 313 static PyMethodDef py_token_extra_methods[] = {
 314         { "is_sid", (PyCFunction)py_token_is_sid, METH_VARARGS,
 315                 "S.is_sid(sid) -> bool\n"
 316                 "Check whether this token is of the specified SID." },
 317         { "has_sid", (PyCFunction)py_token_has_sid, METH_VARARGS,
 318                 NULL },
 319         { "is_anonymous", (PyCFunction)py_token_is_anonymous, METH_NOARGS,
 320                 "S.is_anonymus() -> bool\n"
 321                 "Check whether this is an anonymous token." },
 322         { "is_system", (PyCFunction)py_token_is_system, METH_NOARGS,
 323                 NULL },
 324         { "has_builtin_administrators", (PyCFunction)py_token_has_builtin_administrators, METH_NOARGS,
 325                 NULL },
 326         { "has_nt_authenticated_users", (PyCFunction)py_token_has_nt_authenticated_users, METH_NOARGS,
 327                 NULL },
 328         { "has_privilege", (PyCFunction)py_token_has_privilege, METH_VARARGS,
 329                 NULL },
 330         { "set_privilege", (PyCFunction)py_token_set_privilege, METH_VARARGS,
 331                 NULL },
 332         { NULL }
 333 };
 334 
 335 #define PY_TOKEN_PATCH py_token_patch
 336 static void py_token_patch(PyTypeObject *type)
     /* [<][>][^][v][top][bottom][index][help] */
 337 {
 338         type->tp_new = py_token_new;
 339         PyType_AddMethods(type, py_token_extra_methods);
 340 }
 341 
 342 static PyObject *py_privilege_name(PyObject *self, PyObject *args)
     /* [<][>][^][v][top][bottom][index][help] */
 343 {
 344         int priv;
 345         if (!PyArg_ParseTuple(args, "i", &priv))
 346                 return NULL;
 347 
 348         return PyString_FromString(sec_privilege_name(priv));
 349 }
 350 
 351 static PyObject *py_privilege_id(PyObject *self, PyObject *args)
     /* [<][>][^][v][top][bottom][index][help] */
 352 {
 353         char *name;
 354 
 355         if (!PyArg_ParseTuple(args, "s", &name))
 356                 return NULL;
 357 
 358         return PyInt_FromLong(sec_privilege_id(name));
 359 }
 360 
 361 static PyObject *py_random_sid(PyObject *self)
     /* [<][>][^][v][top][bottom][index][help] */
 362 {
 363         struct dom_sid *sid;
 364         PyObject *ret;
 365         char *str = talloc_asprintf(NULL, "S-1-5-21-%u-%u-%u", 
 366                         (unsigned)generate_random(), 
 367                         (unsigned)generate_random(), 
 368                         (unsigned)generate_random());
 369 
 370         sid = dom_sid_parse_talloc(NULL, str);
 371         talloc_free(str);
 372         ret = py_talloc_import(&dom_sid_Type, sid);
 373         talloc_free(sid);
 374         return ret;
 375 }
 376 
 377 static PyMethodDef py_mod_security_extra_methods[] = {
 378         { "random_sid", (PyCFunction)py_random_sid, METH_NOARGS, NULL },
 379         { "privilege_id", (PyCFunction)py_privilege_id, METH_VARARGS, NULL },
 380         { "privilege_name", (PyCFunction)py_privilege_name, METH_VARARGS, NULL },
 381         { NULL }
 382 };
 383 
 384 static void py_mod_security_patch(PyObject *m)
     /* [<][>][^][v][top][bottom][index][help] */
 385 {
 386         int i;
 387         for (i = 0; py_mod_security_extra_methods[i].ml_name; i++) {
 388                 PyObject *descr = PyCFunction_New(&py_mod_security_extra_methods[i], NULL);
 389                 PyModule_AddObject(m, py_mod_security_extra_methods[i].ml_name,
 390                                    descr);
 391         }
 392 }
 393 
 394 #define PY_MOD_SECURITY_PATCH py_mod_security_patch

/* [<][>][^][v][top][bottom][index][help] */