LCOV - code coverage report
Current view: top level - auth/credentials - pycredentials.c (source / functions) Hit Total Coverage
Test: coverage report for fix-15632 9995c5c2 Lines: 573 829 69.1 %
Date: 2024-04-13 12:30:31 Functions: 57 62 91.9 %

          Line data    Source code
       1             : /*
       2             :    Unix SMB/CIFS implementation.
       3             :    Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
       4             : 
       5             :    This program is free software; you can redistribute it and/or modify
       6             :    it under the terms of the GNU General Public License as published by
       7             :    the Free Software Foundation; either version 3 of the License, or
       8             :    (at your option) any later version.
       9             : 
      10             :    This program is distributed in the hope that it will be useful,
      11             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      12             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      13             :    GNU General Public License for more details.
      14             : 
      15             :    You should have received a copy of the GNU General Public License
      16             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      17             : */
      18             : 
      19             : #include "lib/replace/system/python.h"
      20             : #include "python/py3compat.h"
      21             : #include "includes.h"
      22             : #include "python/modules.h"
      23             : #include "pycredentials.h"
      24             : #include "param/param.h"
      25             : #include "auth/credentials/credentials_internal.h"
      26             : #include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
      27             : #include "librpc/gen_ndr/netlogon.h"
      28             : #include "libcli/util/pyerrors.h"
      29             : #include "libcli/auth/libcli_auth.h"
      30             : #include "param/pyparam.h"
      31             : #include <tevent.h>
      32             : #include "libcli/auth/libcli_auth.h"
      33             : #include "system/kerberos.h"
      34             : #include "auth/kerberos/kerberos.h"
      35             : #include "libcli/smb/smb_constants.h"
      36             : 
      37             : void initcredentials(void);
      38             : 
      39       35726 : static PyObject *py_creds_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
      40             : {
      41       35726 :         return pytalloc_steal(type, cli_credentials_init(NULL));
      42             : }
      43             : 
      44           0 : static PyObject *PyCredentials_from_cli_credentials(struct cli_credentials *creds)
      45             : {
      46           0 :         return pytalloc_reference(&PyCredentials, creds);
      47             : }
      48             : 
      49       38543 : static PyObject *py_creds_get_username(PyObject *self, PyObject *unused)
      50             : {
      51       38543 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
      52       38543 :         if (creds == NULL) {
      53           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
      54           0 :                 return NULL;
      55             :         }
      56       38543 :         return PyString_FromStringOrNULL(cli_credentials_get_username(creds));
      57             : }
      58             : 
      59       16729 : static PyObject *py_creds_set_username(PyObject *self, PyObject *args)
      60             : {
      61           6 :         char *newval;
      62       16729 :         enum credentials_obtained obt = CRED_SPECIFIED;
      63       16729 :         int _obt = obt;
      64       16729 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
      65       16729 :         if (creds == NULL) {
      66           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
      67           0 :                 return NULL;
      68             :         }
      69             : 
      70       16729 :         if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
      71           0 :                 return NULL;
      72             :         }
      73       16729 :         obt = _obt;
      74             : 
      75       16729 :         return PyBool_FromLong(cli_credentials_set_username(creds, newval, obt));
      76             : }
      77             : 
      78         199 : static PyObject *py_creds_get_ntlm_username_domain(PyObject *self, PyObject *unused)
      79             : {
      80         199 :         TALLOC_CTX *frame = talloc_stackframe();
      81         199 :         const char *user = NULL;
      82         199 :         const char *domain = NULL;
      83         199 :         PyObject *ret = NULL;
      84         199 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
      85         199 :         if (creds == NULL) {
      86           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
      87           0 :                 return NULL;
      88             :         }
      89         199 :         cli_credentials_get_ntlm_username_domain(creds,
      90             :                                                  frame, &user, &domain);
      91         199 :         ret = Py_BuildValue("(ss)",
      92             :                             user,
      93             :                             domain);
      94             : 
      95         199 :         TALLOC_FREE(frame);
      96         199 :         return ret;
      97             : }
      98             : 
      99         118 : static PyObject *py_creds_get_ntlm_response(PyObject *self, PyObject *args, PyObject *kwargs)
     100             : {
     101         118 :         TALLOC_CTX *frame = talloc_stackframe();
     102         118 :         PyObject *ret = NULL;
     103           1 :         int flags;
     104           1 :         struct timeval tv_now;
     105           1 :         NTTIME server_timestamp;
     106         118 :         DATA_BLOB challenge = data_blob_null;
     107         118 :         DATA_BLOB target_info = data_blob_null;
     108           1 :         NTSTATUS status;
     109         118 :         DATA_BLOB lm_response = data_blob_null;
     110         118 :         DATA_BLOB nt_response = data_blob_null;
     111         118 :         DATA_BLOB lm_session_key = data_blob_null;
     112         118 :         DATA_BLOB nt_session_key = data_blob_null;
     113         118 :         const char *kwnames[] = { "flags", "challenge",
     114             :                                   "target_info",
     115             :                                   NULL };
     116         118 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     117         118 :         if (creds == NULL) {
     118           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     119           0 :                 return NULL;
     120             :         }
     121             : 
     122         118 :         tv_now = timeval_current();
     123         118 :         server_timestamp = timeval_to_nttime(&tv_now);
     124             : 
     125         118 :         if (!PyArg_ParseTupleAndKeywords(args, kwargs, "is#|s#",
     126             :                                          discard_const_p(char *, kwnames),
     127             :                                          &flags,
     128             :                                          &challenge.data,
     129             :                                          &challenge.length,
     130             :                                          &target_info.data,
     131             :                                          &target_info.length)) {
     132           0 :                 return NULL;
     133             :         }
     134             : 
     135         118 :         status = cli_credentials_get_ntlm_response(creds,
     136             :                                                    frame, &flags,
     137             :                                                    challenge,
     138             :                                                    &server_timestamp,
     139             :                                                    target_info,
     140             :                                                    &lm_response, &nt_response,
     141             :                                                    &lm_session_key, &nt_session_key);
     142             : 
     143         118 :         if (!NT_STATUS_IS_OK(status)) {
     144           0 :                 PyErr_SetNTSTATUS(status);
     145           0 :                 TALLOC_FREE(frame);
     146           0 :                 return NULL;
     147             :         }
     148             : 
     149         119 :         ret = Py_BuildValue("{sis" PYARG_BYTES_LEN "s" PYARG_BYTES_LEN
     150             :                                     "s" PYARG_BYTES_LEN "s" PYARG_BYTES_LEN "}",
     151             :                             "flags", flags,
     152             :                             "lm_response",
     153         118 :                             (const char *)lm_response.data, lm_response.length,
     154             :                             "nt_response",
     155         118 :                             (const char *)nt_response.data, nt_response.length,
     156             :                             "lm_session_key",
     157         118 :                             (const char *)lm_session_key.data, lm_session_key.length,
     158             :                             "nt_session_key",
     159         118 :                             (const char *)nt_session_key.data, nt_session_key.length);
     160         118 :         TALLOC_FREE(frame);
     161         117 :         return ret;
     162             : }
     163             : 
     164          24 : static PyObject *py_creds_get_principal(PyObject *self, PyObject *unused)
     165             : {
     166          24 :         TALLOC_CTX *frame = talloc_stackframe();
     167          24 :         PyObject *ret = NULL;
     168          24 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     169          24 :         if (creds == NULL) {
     170           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     171           0 :                 return NULL;
     172             :         }
     173          24 :         ret = PyString_FromStringOrNULL(cli_credentials_get_principal(creds, frame));
     174          24 :         TALLOC_FREE(frame);
     175           2 :         return ret;
     176             : }
     177             : 
     178           2 : static PyObject *py_creds_set_principal(PyObject *self, PyObject *args)
     179             : {
     180           2 :         char *newval;
     181           2 :         enum credentials_obtained obt = CRED_SPECIFIED;
     182           2 :         int _obt = obt;
     183           2 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     184           2 :         if (creds == NULL) {
     185           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     186           0 :                 return NULL;
     187             :         }
     188             : 
     189           2 :         if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
     190           0 :                 return NULL;
     191             :         }
     192           2 :         obt = _obt;
     193             : 
     194           2 :         return PyBool_FromLong(cli_credentials_set_principal(creds, newval, obt));
     195             : }
     196             : 
     197        9991 : static PyObject *py_creds_get_password(PyObject *self, PyObject *unused)
     198             : {
     199        9991 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     200        9991 :         if (creds == NULL) {
     201           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     202           0 :                 return NULL;
     203             :         }
     204        9991 :         return PyString_FromStringOrNULL(cli_credentials_get_password(creds));
     205             : }
     206             : 
     207       17297 : static PyObject *py_creds_set_password(PyObject *self, PyObject *args)
     208             : {
     209       17297 :         const char *newval = NULL;
     210       17297 :         enum credentials_obtained obt = CRED_SPECIFIED;
     211       17297 :         int _obt = obt;
     212       17297 :         PyObject *result = NULL;
     213       17297 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     214       17297 :         if (creds == NULL) {
     215           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     216           0 :                 return NULL;
     217             :         }
     218             : 
     219       17297 :         if (!PyArg_ParseTuple(args, PYARG_STR_UNI"|i", "utf8", &newval, &_obt)) {
     220           0 :                 return NULL;
     221             :         }
     222       17297 :         obt = _obt;
     223             : 
     224       17297 :         result = PyBool_FromLong(cli_credentials_set_password(creds, newval, obt));
     225       17297 :         PyMem_Free(discard_const_p(void*, newval));
     226       17297 :         return result;
     227             : }
     228             : 
     229         761 : static PyObject *py_creds_set_utf16_password(PyObject *self, PyObject *args)
     230             : {
     231         761 :         enum credentials_obtained obt = CRED_SPECIFIED;
     232         761 :         int _obt = obt;
     233         761 :         PyObject *newval = NULL;
     234         761 :         DATA_BLOB blob = data_blob_null;
     235         761 :         Py_ssize_t size =  0;
     236           1 :         int result;
     237           1 :         bool ok;
     238         761 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     239         761 :         if (creds == NULL) {
     240           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     241           0 :                 return NULL;
     242             :         }
     243             : 
     244         761 :         if (!PyArg_ParseTuple(args, "O|i", &newval, &_obt)) {
     245           0 :                 return NULL;
     246             :         }
     247         761 :         obt = _obt;
     248             : 
     249         761 :         result = PyBytes_AsStringAndSize(newval, (char **)&blob.data, &size);
     250         761 :         if (result != 0) {
     251           0 :                 PyErr_SetString(PyExc_RuntimeError, "Failed to convert passed value to Bytes");
     252           0 :                 return NULL;
     253             :         }
     254         761 :         blob.length = size;
     255             : 
     256         761 :         ok = cli_credentials_set_utf16_password(creds,
     257             :                                                 &blob, obt);
     258             : 
     259         761 :         return PyBool_FromLong(ok);
     260             : }
     261             : 
     262           3 : static PyObject *py_creds_get_old_password(PyObject *self, PyObject *unused)
     263             : {
     264           3 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     265           3 :         if (creds == NULL) {
     266           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     267           0 :                 return NULL;
     268             :         }
     269           3 :         return PyString_FromStringOrNULL(cli_credentials_get_old_password(creds));
     270             : }
     271             : 
     272           1 : static PyObject *py_creds_set_old_password(PyObject *self, PyObject *args)
     273             : {
     274           1 :         char *oldval;
     275           1 :         enum credentials_obtained obt = CRED_SPECIFIED;
     276           1 :         int _obt = obt;
     277           1 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     278           1 :         if (creds == NULL) {
     279           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     280           0 :                 return NULL;
     281             :         }
     282             : 
     283           1 :         if (!PyArg_ParseTuple(args, "s|i", &oldval, &_obt)) {
     284           0 :                 return NULL;
     285             :         }
     286           1 :         obt = _obt;
     287             : 
     288           1 :         return PyBool_FromLong(cli_credentials_set_old_password(creds, oldval, obt));
     289             : }
     290             : 
     291           1 : static PyObject *py_creds_set_old_utf16_password(PyObject *self, PyObject *args)
     292             : {
     293           1 :         PyObject *oldval = NULL;
     294           1 :         DATA_BLOB blob = data_blob_null;
     295           1 :         Py_ssize_t size =  0;
     296           1 :         int result;
     297           1 :         bool ok;
     298           1 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     299           1 :         if (creds == NULL) {
     300           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     301           0 :                 return NULL;
     302             :         }
     303             : 
     304           1 :         if (!PyArg_ParseTuple(args, "O", &oldval)) {
     305           0 :                 return NULL;
     306             :         }
     307             : 
     308           1 :         result = PyBytes_AsStringAndSize(oldval, (char **)&blob.data, &size);
     309           1 :         if (result != 0) {
     310           0 :                 PyErr_SetString(PyExc_RuntimeError, "Failed to convert passed value to Bytes");
     311           0 :                 return NULL;
     312             :         }
     313           1 :         blob.length = size;
     314             : 
     315           1 :         ok = cli_credentials_set_old_utf16_password(creds,
     316             :                                                     &blob);
     317             : 
     318           1 :         return PyBool_FromLong(ok);
     319             : }
     320             : 
     321       13309 : static PyObject *py_creds_get_domain(PyObject *self, PyObject *unused)
     322             : {
     323       13309 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     324       13309 :         if (creds == NULL) {
     325           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     326           0 :                 return NULL;
     327             :         }
     328       13309 :         return PyString_FromStringOrNULL(cli_credentials_get_domain(creds));
     329             : }
     330             : 
     331       15941 : static PyObject *py_creds_set_domain(PyObject *self, PyObject *args)
     332             : {
     333           2 :         char *newval;
     334       15941 :         enum credentials_obtained obt = CRED_SPECIFIED;
     335       15941 :         int _obt = obt;
     336       15941 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     337       15941 :         if (creds == NULL) {
     338           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     339           0 :                 return NULL;
     340             :         }
     341             : 
     342       15941 :         if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
     343           0 :                 return NULL;
     344             :         }
     345       15941 :         obt = _obt;
     346             : 
     347       15941 :         return PyBool_FromLong(cli_credentials_set_domain(creds, newval, obt));
     348             : }
     349             : 
     350       38630 : static PyObject *py_creds_get_realm(PyObject *self, PyObject *unused)
     351             : {
     352       38630 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     353       38630 :         if (creds == NULL) {
     354           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     355           0 :                 return NULL;
     356             :         }
     357       38630 :         return PyString_FromStringOrNULL(cli_credentials_get_realm(creds));
     358             : }
     359             : 
     360       15568 : static PyObject *py_creds_set_realm(PyObject *self, PyObject *args)
     361             : {
     362           4 :         char *newval;
     363       15568 :         enum credentials_obtained obt = CRED_SPECIFIED;
     364       15568 :         int _obt = obt;
     365       15568 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     366       15568 :         if (creds == NULL) {
     367           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     368           0 :                 return NULL;
     369             :         }
     370             : 
     371       15568 :         if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
     372           0 :                 return NULL;
     373             :         }
     374       15568 :         obt = _obt;
     375             : 
     376       15568 :         return PyBool_FromLong(cli_credentials_set_realm(creds, newval, obt));
     377             : }
     378             : 
     379        1014 : static PyObject *py_creds_get_bind_dn(PyObject *self, PyObject *unused)
     380             : {
     381        1014 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     382        1014 :         if (creds == NULL) {
     383           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     384           0 :                 return NULL;
     385             :         }
     386        1014 :         return PyString_FromStringOrNULL(cli_credentials_get_bind_dn(creds));
     387             : }
     388             : 
     389         550 : static PyObject *py_creds_set_bind_dn(PyObject *self, PyObject *args)
     390             : {
     391           1 :         char *newval;
     392         550 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     393         550 :         if (creds == NULL) {
     394           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     395           0 :                 return NULL;
     396             :         }
     397         550 :         if (!PyArg_ParseTuple(args, "z", &newval))
     398           0 :                 return NULL;
     399             : 
     400         550 :         return PyBool_FromLong(cli_credentials_set_bind_dn(creds, newval));
     401             : }
     402             : 
     403       12561 : static PyObject *py_creds_get_workstation(PyObject *self, PyObject *unused)
     404             : {
     405       12561 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     406       12561 :         if (creds == NULL) {
     407           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     408           0 :                 return NULL;
     409             :         }
     410       12561 :         return PyString_FromStringOrNULL(cli_credentials_get_workstation(creds));
     411             : }
     412             : 
     413       18751 : static PyObject *py_creds_set_workstation(PyObject *self, PyObject *args)
     414             : {
     415           1 :         char *newval;
     416       18751 :         enum credentials_obtained obt = CRED_SPECIFIED;
     417       18751 :         int _obt = obt;
     418       18751 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     419       18751 :         if (creds == NULL) {
     420           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     421           0 :                 return NULL;
     422             :         }
     423             : 
     424       18751 :         if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
     425           0 :                 return NULL;
     426             :         }
     427       18751 :         obt = _obt;
     428             : 
     429       18751 :         return PyBool_FromLong(cli_credentials_set_workstation(creds, newval, obt));
     430             : }
     431             : 
     432          91 : static PyObject *py_creds_is_anonymous(PyObject *self, PyObject *unused)
     433             : {
     434          91 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     435          91 :         if (creds == NULL) {
     436           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     437           0 :                 return NULL;
     438             :         }
     439          91 :         return PyBool_FromLong(cli_credentials_is_anonymous(creds));
     440             : }
     441             : 
     442        1979 : static PyObject *py_creds_set_anonymous(PyObject *self, PyObject *unused)
     443             : {
     444        1979 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     445        1979 :         if (creds == NULL) {
     446           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     447           0 :                 return NULL;
     448             :         }
     449        1979 :         cli_credentials_set_anonymous(creds);
     450        1979 :         Py_RETURN_NONE;
     451             : }
     452             : 
     453        9008 : static PyObject *py_creds_authentication_requested(PyObject *self, PyObject *unused)
     454             : {
     455        9008 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     456        9008 :         if (creds == NULL) {
     457           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     458           0 :                 return NULL;
     459             :         }
     460        9008 :         return PyBool_FromLong(cli_credentials_authentication_requested(creds));
     461             : }
     462             : 
     463           1 : static PyObject *py_creds_wrong_password(PyObject *self, PyObject *unused)
     464             : {
     465           1 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     466           1 :         if (creds == NULL) {
     467           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     468           0 :                 return NULL;
     469             :         }
     470           1 :          return PyBool_FromLong(cli_credentials_wrong_password(creds));
     471             : }
     472             : 
     473       14291 : static PyObject *py_creds_set_cmdline_callbacks(PyObject *self, PyObject *unused)
     474             : {
     475       14291 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     476       14291 :         if (creds == NULL) {
     477           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     478           0 :                 return NULL;
     479             :         }
     480       14291 :         return PyBool_FromLong(cli_credentials_set_cmdline_callbacks(creds));
     481             : }
     482             : 
     483        6522 : static PyObject *py_creds_parse_string(PyObject *self, PyObject *args)
     484             : {
     485          13 :         char *newval;
     486        6522 :         enum credentials_obtained obt = CRED_SPECIFIED;
     487        6522 :         int _obt = obt;
     488        6522 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     489        6522 :         if (creds == NULL) {
     490           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     491           0 :                 return NULL;
     492             :         }
     493             : 
     494        6522 :         if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
     495           0 :                 return NULL;
     496             :         }
     497        6522 :         obt = _obt;
     498             : 
     499        6522 :         cli_credentials_parse_string(creds, newval, obt);
     500        6522 :         Py_RETURN_NONE;
     501             : }
     502             : 
     503           7 : static PyObject *py_creds_parse_file(PyObject *self, PyObject *args)
     504             : {
     505           7 :         char *newval;
     506           7 :         enum credentials_obtained obt = CRED_SPECIFIED;
     507           7 :         int _obt = obt;
     508           7 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     509           7 :         if (creds == NULL) {
     510           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     511           0 :                 return NULL;
     512             :         }
     513             : 
     514           7 :         if (!PyArg_ParseTuple(args, "s|i", &newval, &_obt)) {
     515           0 :                 return NULL;
     516             :         }
     517           7 :         obt = _obt;
     518             : 
     519           7 :         cli_credentials_parse_file(creds, newval, obt);
     520           7 :         Py_RETURN_NONE;
     521             : }
     522             : 
     523           1 : static PyObject *py_cli_credentials_set_password_will_be_nt_hash(PyObject *self, PyObject *args)
     524             : {
     525           1 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     526           1 :         PyObject *py_val = NULL;
     527           1 :         bool val = false;
     528             : 
     529           1 :         if (!PyArg_ParseTuple(args, "O!", &PyBool_Type, &py_val)) {
     530           0 :                 return NULL;
     531             :         }
     532           1 :         val = PyObject_IsTrue(py_val);
     533             : 
     534           1 :         cli_credentials_set_password_will_be_nt_hash(creds, val);
     535           1 :         Py_RETURN_NONE;
     536             : }
     537             : 
     538        1286 : static PyObject *py_creds_get_nt_hash(PyObject *self, PyObject *unused)
     539             : {
     540          12 :         PyObject *ret;
     541        1286 :         struct samr_Password *ntpw = NULL;
     542        1286 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     543        1286 :         if (creds == NULL) {
     544           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     545           0 :                 return NULL;
     546             :         }
     547        1286 :         ntpw = cli_credentials_get_nt_hash(creds, creds);
     548             : 
     549        1286 :         ret = PyBytes_FromStringAndSize(discard_const_p(char, ntpw->hash), 16);
     550        1286 :         TALLOC_FREE(ntpw);
     551        1274 :         return ret;
     552             : }
     553             : 
     554          94 : static PyObject *py_creds_set_nt_hash(PyObject *self, PyObject *args)
     555             : {
     556          94 :         PyObject *py_cp = Py_None;
     557          94 :         const struct samr_Password *pwd = NULL;
     558          94 :         enum credentials_obtained obt = CRED_SPECIFIED;
     559          94 :         int _obt = obt;
     560          94 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     561          94 :         if (creds == NULL) {
     562           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     563           0 :                 return NULL;
     564             :         }
     565             : 
     566          94 :         if (!PyArg_ParseTuple(args, "O|i", &py_cp, &_obt)) {
     567           0 :                 return NULL;
     568             :         }
     569          94 :         obt = _obt;
     570             : 
     571          94 :         if (!py_check_dcerpc_type(py_cp, "samba.dcerpc.samr", "Password")) {
     572             :                 /* py_check_dcerpc_type sets TypeError */
     573           0 :                 return NULL;
     574             :         }
     575             : 
     576          94 :         pwd = pytalloc_get_type(py_cp, struct samr_Password);
     577          94 :         if (pwd == NULL) {
     578             :                 /* pytalloc_get_type sets TypeError */
     579           0 :                 return NULL;
     580             :         }
     581             : 
     582          94 :         return PyBool_FromLong(cli_credentials_set_nt_hash(creds, pwd, obt));
     583             : }
     584             : 
     585         907 : static PyObject *py_creds_get_kerberos_state(PyObject *self, PyObject *unused)
     586             : {
     587           0 :         int state;
     588         907 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     589         907 :         if (creds == NULL) {
     590           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     591           0 :                 return NULL;
     592             :         }
     593         907 :         state = cli_credentials_get_kerberos_state(creds);
     594         907 :         return PyLong_FromLong(state);
     595             : }
     596             : 
     597       13913 : static PyObject *py_creds_set_kerberos_state(PyObject *self, PyObject *args)
     598             : {
     599           2 :         int state;
     600       13913 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     601       13913 :         if (creds == NULL) {
     602           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     603           0 :                 return NULL;
     604             :         }
     605       13913 :         if (!PyArg_ParseTuple(args, "i", &state))
     606           0 :                 return NULL;
     607             : 
     608       13913 :         cli_credentials_set_kerberos_state(creds, state, CRED_SPECIFIED);
     609       13913 :         Py_RETURN_NONE;
     610             : }
     611             : 
     612          80 : static PyObject *py_creds_set_krb_forwardable(PyObject *self, PyObject *args)
     613             : {
     614           2 :         int state;
     615          80 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     616          80 :         if (creds == NULL) {
     617           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     618           0 :                 return NULL;
     619             :         }
     620          80 :         if (!PyArg_ParseTuple(args, "i", &state))
     621           0 :                 return NULL;
     622             : 
     623          80 :         cli_credentials_set_krb_forwardable(creds, state);
     624          80 :         Py_RETURN_NONE;
     625             : }
     626             : 
     627             : 
     628           0 : static PyObject *py_creds_get_forced_sasl_mech(PyObject *self, PyObject *unused)
     629             : {
     630           0 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     631           0 :         if (creds == NULL) {
     632           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     633           0 :                 return NULL;
     634             :         }
     635           0 :         return PyString_FromStringOrNULL(cli_credentials_get_forced_sasl_mech(creds));
     636             : }
     637             : 
     638           0 : static PyObject *py_creds_set_forced_sasl_mech(PyObject *self, PyObject *args)
     639             : {
     640           0 :         char *newval;
     641           0 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     642           0 :         if (creds == NULL) {
     643           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     644           0 :                 return NULL;
     645             :         }
     646             : 
     647           0 :         if (!PyArg_ParseTuple(args, "s", &newval)) {
     648           0 :                 return NULL;
     649             :         }
     650             : 
     651           0 :         cli_credentials_set_forced_sasl_mech(creds, newval);
     652           0 :         Py_RETURN_NONE;
     653             : }
     654             : 
     655           6 : static PyObject *py_creds_set_conf(PyObject *self, PyObject *args)
     656             : {
     657           6 :         PyObject *py_lp_ctx = Py_None;
     658           6 :         struct loadparm_context *lp_ctx;
     659           6 :         TALLOC_CTX *mem_ctx;
     660           6 :         struct cli_credentials *creds;
     661           6 :         bool ok;
     662             : 
     663           6 :         creds = PyCredentials_AsCliCredentials(self);
     664           6 :         if (creds == NULL) {
     665           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     666           0 :                 return NULL;
     667             :         }
     668             : 
     669           6 :         if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx)) {
     670           0 :                 return NULL;
     671             :         }
     672             : 
     673           6 :         mem_ctx = talloc_new(NULL);
     674           6 :         if (mem_ctx == NULL) {
     675           0 :                 PyErr_NoMemory();
     676           0 :                 return NULL;
     677             :         }
     678             : 
     679           6 :         lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
     680           6 :         if (lp_ctx == NULL) {
     681           0 :                 talloc_free(mem_ctx);
     682           0 :                 return NULL;
     683             :         }
     684             : 
     685           6 :         ok = cli_credentials_set_conf(creds, lp_ctx);
     686           6 :         talloc_free(mem_ctx);
     687           6 :         if (!ok) {
     688           0 :                 return NULL;
     689             :         }
     690             : 
     691           6 :         Py_RETURN_NONE;
     692             : }
     693             : 
     694       19677 : static PyObject *py_creds_guess(PyObject *self, PyObject *args)
     695             : {
     696       19677 :         PyObject *py_lp_ctx = Py_None;
     697         118 :         struct loadparm_context *lp_ctx;
     698         118 :         TALLOC_CTX *mem_ctx;
     699         118 :         struct cli_credentials *creds;
     700         118 :         bool ok;
     701             : 
     702       19677 :         creds = PyCredentials_AsCliCredentials(self);
     703       19677 :         if (creds == NULL) {
     704           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     705           0 :                 return NULL;
     706             :         }
     707             : 
     708       19677 :         if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
     709           0 :                 return NULL;
     710             : 
     711       19677 :         mem_ctx = talloc_new(NULL);
     712       19677 :         if (mem_ctx == NULL) {
     713           0 :                 PyErr_NoMemory();
     714           0 :                 return NULL;
     715             :         }
     716             : 
     717       19677 :         lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
     718       19677 :         if (lp_ctx == NULL) {
     719           0 :                 talloc_free(mem_ctx);
     720           0 :                 return NULL;
     721             :         }
     722             : 
     723       19677 :         ok = cli_credentials_guess(creds, lp_ctx);
     724       19677 :         talloc_free(mem_ctx);
     725       19677 :         if (!ok) {
     726           0 :                 return NULL;
     727             :         }
     728             : 
     729       19677 :         Py_RETURN_NONE;
     730             : }
     731             : 
     732        5127 : static PyObject *py_creds_set_machine_account(PyObject *self, PyObject *args)
     733             : {
     734        5127 :         PyObject *py_lp_ctx = Py_None;
     735          22 :         struct loadparm_context *lp_ctx;
     736          22 :         NTSTATUS status;
     737          22 :         struct cli_credentials *creds;
     738          22 :         TALLOC_CTX *mem_ctx;
     739             : 
     740        5127 :         creds = PyCredentials_AsCliCredentials(self);
     741        5127 :         if (creds == NULL) {
     742           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     743           0 :                 return NULL;
     744             :         }
     745             : 
     746        5127 :         if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
     747           0 :                 return NULL;
     748             : 
     749        5127 :         mem_ctx = talloc_new(NULL);
     750        5127 :         if (mem_ctx == NULL) {
     751           0 :                 PyErr_NoMemory();
     752           0 :                 return NULL;
     753             :         }
     754             : 
     755        5127 :         lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
     756        5127 :         if (lp_ctx == NULL) {
     757           0 :                 talloc_free(mem_ctx);
     758           0 :                 return NULL;
     759             :         }
     760             : 
     761        5127 :         status = cli_credentials_set_machine_account(creds, lp_ctx);
     762        5127 :         talloc_free(mem_ctx);
     763             : 
     764        5127 :         PyErr_NTSTATUS_IS_ERR_RAISE(status);
     765             : 
     766        4389 :         Py_RETURN_NONE;
     767             : }
     768             : 
     769        1874 : static PyObject *PyCredentialCacheContainer_from_ccache_container(struct ccache_container *ccc)
     770             : {
     771        1874 :         return pytalloc_reference(&PyCredentialCacheContainer, ccc);
     772             : }
     773             : 
     774             : 
     775        1880 : static PyObject *py_creds_get_named_ccache(PyObject *self, PyObject *args)
     776             : {
     777        1880 :         PyObject *py_lp_ctx = Py_None;
     778        1880 :         char *ccache_name = NULL;
     779           0 :         struct loadparm_context *lp_ctx;
     780           0 :         struct ccache_container *ccc;
     781           0 :         struct tevent_context *event_ctx;
     782           0 :         int ret;
     783           0 :         const char *error_string;
     784           0 :         struct cli_credentials *creds;
     785           0 :         TALLOC_CTX *mem_ctx;
     786             : 
     787        1880 :         creds = PyCredentials_AsCliCredentials(self);
     788        1880 :         if (creds == NULL) {
     789           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     790           0 :                 return NULL;
     791             :         }
     792             : 
     793        1880 :         if (!PyArg_ParseTuple(args, "|Os", &py_lp_ctx, &ccache_name))
     794           0 :                 return NULL;
     795             : 
     796        1880 :         mem_ctx = talloc_new(NULL);
     797        1880 :         if (mem_ctx == NULL) {
     798           0 :                 PyErr_NoMemory();
     799           0 :                 return NULL;
     800             :         }
     801             : 
     802        1880 :         lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
     803        1880 :         if (lp_ctx == NULL) {
     804           0 :                 talloc_free(mem_ctx);
     805           0 :                 return NULL;
     806             :         }
     807             : 
     808        1880 :         event_ctx = samba_tevent_context_init(mem_ctx);
     809             : 
     810        1880 :         ret = cli_credentials_get_named_ccache(creds, event_ctx, lp_ctx,
     811             :                                                ccache_name, &ccc, &error_string);
     812        1880 :         talloc_unlink(mem_ctx, lp_ctx);
     813        1880 :         if (ret == 0) {
     814        1874 :                 talloc_steal(ccc, event_ctx);
     815        1874 :                 talloc_free(mem_ctx);
     816        1874 :                 return PyCredentialCacheContainer_from_ccache_container(ccc);
     817             :         }
     818             : 
     819           6 :         PyErr_SetString(PyExc_RuntimeError, error_string?error_string:"NULL");
     820             : 
     821           6 :         talloc_free(mem_ctx);
     822           6 :         return NULL;
     823             : }
     824             : 
     825        1931 : static PyObject *py_creds_set_named_ccache(PyObject *self, PyObject *args)
     826             : {
     827        1931 :         struct loadparm_context *lp_ctx = NULL;
     828        1931 :         enum credentials_obtained obt = CRED_SPECIFIED;
     829        1931 :         const char *error_string = NULL;
     830        1931 :         TALLOC_CTX *mem_ctx = NULL;
     831        1931 :         char *newval = NULL;
     832        1931 :         PyObject *py_lp_ctx = Py_None;
     833        1931 :         int _obt = obt;
     834           0 :         int ret;
     835        1931 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     836        1931 :         if (creds == NULL) {
     837           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     838           0 :                 return NULL;
     839             :         }
     840             : 
     841        1931 :         if (!PyArg_ParseTuple(args, "s|iO", &newval, &_obt, &py_lp_ctx))
     842           0 :                 return NULL;
     843        1931 :         obt = _obt;
     844             : 
     845        1931 :         mem_ctx = talloc_new(NULL);
     846        1931 :         if (mem_ctx == NULL) {
     847           0 :                 PyErr_NoMemory();
     848           0 :                 return NULL;
     849             :         }
     850             : 
     851        1931 :         lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
     852        1931 :         if (lp_ctx == NULL) {
     853           0 :                 talloc_free(mem_ctx);
     854           0 :                 return NULL;
     855             :         }
     856             : 
     857        1931 :         ret = cli_credentials_set_ccache(creds,
     858             :                                          lp_ctx,
     859             :                                          newval, obt,
     860             :                                          &error_string);
     861             : 
     862        1931 :         if (ret != 0) {
     863           0 :                 PyErr_SetString(PyExc_RuntimeError,
     864           0 :                                 error_string != NULL ? error_string : "NULL");
     865           0 :                 talloc_free(mem_ctx);
     866           0 :                 return NULL;
     867             :         }
     868             : 
     869        1931 :         talloc_free(mem_ctx);
     870        1931 :         Py_RETURN_NONE;
     871             : }
     872             : 
     873       12938 : static PyObject *py_creds_set_gensec_features(PyObject *self, PyObject *args)
     874             : {
     875           5 :         unsigned int gensec_features;
     876       12938 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     877       12938 :         if (creds == NULL) {
     878           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     879           0 :                 return NULL;
     880             :         }
     881             : 
     882       12938 :         if (!PyArg_ParseTuple(args, "I", &gensec_features))
     883           0 :                 return NULL;
     884             : 
     885       12938 :         cli_credentials_set_gensec_features(creds,
     886             :                                             gensec_features,
     887             :                                             CRED_SPECIFIED);
     888             : 
     889       12938 :         Py_RETURN_NONE;
     890             : }
     891             : 
     892       12938 : static PyObject *py_creds_get_gensec_features(PyObject *self, PyObject *args)
     893             : {
     894           5 :         unsigned int gensec_features;
     895       12938 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     896       12938 :         if (creds == NULL) {
     897           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     898           0 :                 return NULL;
     899             :         }
     900             : 
     901       12938 :         gensec_features = cli_credentials_get_gensec_features(creds);
     902       12938 :         return PyLong_FromLong(gensec_features);
     903             : }
     904             : 
     905          45 : static PyObject *py_creds_new_client_authenticator(PyObject *self,
     906             :                                                    PyObject *args)
     907             : {
     908           0 :         struct netr_Authenticator auth;
     909          45 :         struct cli_credentials *creds = NULL;
     910          45 :         struct netlogon_creds_CredentialState *nc = NULL;
     911          45 :         PyObject *ret = NULL;
     912           0 :         NTSTATUS status;
     913             : 
     914          45 :         creds = PyCredentials_AsCliCredentials(self);
     915          45 :         if (creds == NULL) {
     916           0 :                 PyErr_SetString(PyExc_RuntimeError,
     917             :                                 "Failed to get credentials from python");
     918           0 :                 return NULL;
     919             :         }
     920             : 
     921          45 :         nc = creds->netlogon_creds;
     922          45 :         if (nc == NULL) {
     923           3 :                 PyErr_SetString(PyExc_ValueError,
     924             :                                 "No netlogon credentials cannot make "
     925             :                                 "client authenticator");
     926           3 :                 return NULL;
     927             :         }
     928             : 
     929          42 :         status = netlogon_creds_client_authenticator(nc, &auth);
     930          42 :         if (!NT_STATUS_IS_OK(status)) {
     931           0 :                 PyErr_SetString(PyExc_ValueError,
     932             :                                 "Failed to create client authenticator");
     933           0 :                 return NULL;
     934             :         }
     935             : 
     936          42 :         ret = Py_BuildValue("{s"PYARG_BYTES_LEN"si}",
     937             :                             "credential",
     938             :                             (const char *) &auth.cred, sizeof(auth.cred),
     939             :                             "timestamp", auth.timestamp);
     940          42 :         return ret;
     941             : }
     942             : 
     943        3023 : static PyObject *py_creds_set_secure_channel_type(PyObject *self, PyObject *args)
     944             : {
     945           1 :         unsigned int channel_type;
     946        3023 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     947        3023 :         if (creds == NULL) {
     948           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     949           0 :                 return NULL;
     950             :         }
     951             : 
     952        3023 :         if (!PyArg_ParseTuple(args, "I", &channel_type))
     953           0 :                 return NULL;
     954             : 
     955        3023 :         cli_credentials_set_secure_channel_type(
     956             :                 creds,
     957             :                 channel_type);
     958             : 
     959        3023 :         Py_RETURN_NONE;
     960             : }
     961             : 
     962        8021 : static PyObject *py_creds_get_secure_channel_type(PyObject *self, PyObject *args)
     963             : {
     964        8021 :         enum netr_SchannelType channel_type = SEC_CHAN_NULL;
     965        8021 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     966        8021 :         if (creds == NULL) {
     967           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     968           0 :                 return NULL;
     969             :         }
     970             : 
     971        8021 :         channel_type = cli_credentials_get_secure_channel_type(creds);
     972             : 
     973        8021 :         return PyLong_FromLong(channel_type);
     974             : }
     975             : 
     976         114 : static PyObject *py_creds_get_aes256_key(PyObject *self, PyObject *args)
     977             : {
     978         114 :         struct loadparm_context *lp_ctx = NULL;
     979         114 :         TALLOC_CTX *mem_ctx = NULL;
     980         114 :         PyObject *py_lp_ctx = Py_None;
     981         114 :         const char *salt = NULL;
     982           0 :         DATA_BLOB aes_256;
     983           0 :         int code;
     984         114 :         PyObject *ret = NULL;
     985         114 :         struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
     986         114 :         if (creds == NULL) {
     987           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
     988           0 :                 return NULL;
     989             :         }
     990             : 
     991         114 :         if (!PyArg_ParseTuple(args, "s|O", &salt, &py_lp_ctx))
     992           0 :                 return NULL;
     993             : 
     994         114 :         mem_ctx = talloc_new(NULL);
     995         114 :         if (mem_ctx == NULL) {
     996           0 :                 PyErr_NoMemory();
     997           0 :                 return NULL;
     998             :         }
     999             : 
    1000         114 :         lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
    1001         114 :         if (lp_ctx == NULL) {
    1002           0 :                 talloc_free(mem_ctx);
    1003           0 :                 return NULL;
    1004             :         }
    1005             : 
    1006         114 :         code = cli_credentials_get_aes256_key(creds,
    1007             :                                               mem_ctx,
    1008             :                                               lp_ctx,
    1009             :                                               salt,
    1010             :                                               &aes_256);
    1011         114 :         if (code != 0) {
    1012           0 :                 PyErr_SetString(PyExc_RuntimeError,
    1013             :                                 "Failed to generate AES256 key");
    1014           0 :                 talloc_free(mem_ctx);
    1015           0 :                 return NULL;
    1016             :         }
    1017             : 
    1018         114 :         ret = PyBytes_FromStringAndSize((const char *)aes_256.data,
    1019         114 :                                         aes_256.length);
    1020         114 :         talloc_free(mem_ctx);
    1021         114 :         return ret;
    1022             : }
    1023             : 
    1024           4 : static PyObject *py_creds_encrypt_netr_crypt_password(PyObject *self,
    1025             :                                                       PyObject *args)
    1026             : {
    1027           4 :         DATA_BLOB data = data_blob_null;
    1028           4 :         struct cli_credentials    *creds  = NULL;
    1029           4 :         struct netr_CryptPassword *pwd    = NULL;
    1030           0 :         NTSTATUS status;
    1031           4 :         PyObject *py_cp = Py_None;
    1032             : 
    1033           4 :         creds = PyCredentials_AsCliCredentials(self);
    1034           4 :         if (creds == NULL) {
    1035           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
    1036           0 :                 return NULL;
    1037             :         }
    1038             : 
    1039           4 :         if (!PyArg_ParseTuple(args, "O", &py_cp)) {
    1040           0 :                 return NULL;
    1041             :         }
    1042             : 
    1043           4 :         pwd = pytalloc_get_type(py_cp, struct netr_CryptPassword);
    1044           4 :         if (pwd == NULL) {
    1045             :                 /* pytalloc_get_type sets TypeError */
    1046           0 :                 return NULL;
    1047             :         }
    1048           4 :         data.length = sizeof(struct netr_CryptPassword);
    1049           4 :         data.data   = (uint8_t *)pwd;
    1050           4 :         status = netlogon_creds_session_encrypt(creds->netlogon_creds, data);
    1051             : 
    1052           4 :         PyErr_NTSTATUS_IS_ERR_RAISE(status);
    1053             : 
    1054           4 :         Py_RETURN_NONE;
    1055             : }
    1056             : 
    1057          82 : static PyObject *py_creds_encrypt_samr_password(PyObject *self,
    1058             :                                                 PyObject *args)
    1059             : {
    1060          82 :         DATA_BLOB data = data_blob_null;
    1061          82 :         struct cli_credentials *creds  = NULL;
    1062          82 :         struct samr_Password   *pwd    = NULL;
    1063           0 :         NTSTATUS status;
    1064          82 :         PyObject *py_cp = Py_None;
    1065             : 
    1066          82 :         creds = PyCredentials_AsCliCredentials(self);
    1067          82 :         if (creds == NULL) {
    1068           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
    1069           0 :                 return NULL;
    1070             :         }
    1071             : 
    1072          82 :         if (creds->netlogon_creds == NULL) {
    1073           0 :                 PyErr_Format(PyExc_ValueError, "NetLogon credentials not set");
    1074           0 :                 return NULL;
    1075             :         }
    1076             : 
    1077          82 :         if (!PyArg_ParseTuple(args, "O", &py_cp)) {
    1078           0 :                 return NULL;
    1079             :         }
    1080             : 
    1081          82 :         if (!py_check_dcerpc_type(py_cp, "samba.dcerpc.samr", "Password")) {
    1082             :                 /* py_check_dcerpc_type sets TypeError */
    1083           0 :                 return NULL;
    1084             :         }
    1085             : 
    1086          82 :         pwd = pytalloc_get_type(py_cp, struct samr_Password);
    1087          82 :         if (pwd == NULL) {
    1088             :                 /* pytalloc_get_type sets TypeError */
    1089           0 :                 return NULL;
    1090             :         }
    1091          82 :         data = data_blob_const(pwd->hash, sizeof(pwd->hash));
    1092          82 :         status = netlogon_creds_session_encrypt(creds->netlogon_creds, data);
    1093             : 
    1094          82 :         PyErr_NTSTATUS_IS_ERR_RAISE(status);
    1095             : 
    1096          82 :         Py_RETURN_NONE;
    1097             : }
    1098             : 
    1099        1221 : static PyObject *py_creds_get_smb_signing(PyObject *self, PyObject *unused)
    1100             : {
    1101           5 :         enum smb_signing_setting signing_state;
    1102        1221 :         struct cli_credentials *creds = NULL;
    1103             : 
    1104        1221 :         creds = PyCredentials_AsCliCredentials(self);
    1105        1221 :         if (creds == NULL) {
    1106           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
    1107           0 :                 return NULL;
    1108             :         }
    1109             : 
    1110        1221 :         signing_state = cli_credentials_get_smb_signing(creds);
    1111        1221 :         return PyLong_FromLong(signing_state);
    1112             : }
    1113             : 
    1114        2434 : static PyObject *py_creds_set_smb_signing(PyObject *self, PyObject *args)
    1115             : {
    1116           2 :         enum smb_signing_setting signing_state;
    1117        2434 :         struct cli_credentials *creds = NULL;
    1118        2434 :         enum credentials_obtained obt = CRED_SPECIFIED;
    1119             : 
    1120        2434 :         creds = PyCredentials_AsCliCredentials(self);
    1121        2434 :         if (creds == NULL) {
    1122           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
    1123           0 :                 return NULL;
    1124             :         }
    1125        2434 :         if (!PyArg_ParseTuple(args, "i|i", &signing_state, &obt)) {
    1126           0 :                 return NULL;
    1127             :         }
    1128             : 
    1129        2434 :         switch (signing_state) {
    1130        2432 :         case SMB_SIGNING_DEFAULT:
    1131             :         case SMB_SIGNING_OFF:
    1132             :         case SMB_SIGNING_IF_REQUIRED:
    1133             :         case SMB_SIGNING_DESIRED:
    1134             :         case SMB_SIGNING_REQUIRED:
    1135        2434 :                 break;
    1136           0 :         default:
    1137           0 :                 PyErr_Format(PyExc_TypeError, "Invalid signing state value");
    1138           0 :                 return NULL;
    1139             :         }
    1140             : 
    1141        2434 :         cli_credentials_set_smb_signing(creds, signing_state, obt);
    1142        2434 :         Py_RETURN_NONE;
    1143             : }
    1144             : 
    1145          44 : static PyObject *py_creds_get_smb_ipc_signing(PyObject *self, PyObject *unused)
    1146             : {
    1147           5 :         enum smb_signing_setting signing_state;
    1148          44 :         struct cli_credentials *creds = NULL;
    1149             : 
    1150          44 :         creds = PyCredentials_AsCliCredentials(self);
    1151          44 :         if (creds == NULL) {
    1152           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
    1153           0 :                 return NULL;
    1154             :         }
    1155             : 
    1156          44 :         signing_state = cli_credentials_get_smb_ipc_signing(creds);
    1157          44 :         return PyLong_FromLong(signing_state);
    1158             : }
    1159             : 
    1160          80 : static PyObject *py_creds_set_smb_ipc_signing(PyObject *self, PyObject *args)
    1161             : {
    1162           2 :         enum smb_signing_setting signing_state;
    1163          80 :         struct cli_credentials *creds = NULL;
    1164          80 :         enum credentials_obtained obt = CRED_SPECIFIED;
    1165             : 
    1166          80 :         creds = PyCredentials_AsCliCredentials(self);
    1167          80 :         if (creds == NULL) {
    1168           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
    1169           0 :                 return NULL;
    1170             :         }
    1171          80 :         if (!PyArg_ParseTuple(args, "i|i", &signing_state, &obt)) {
    1172           0 :                 return NULL;
    1173             :         }
    1174             : 
    1175          80 :         switch (signing_state) {
    1176          78 :         case SMB_SIGNING_DEFAULT:
    1177             :         case SMB_SIGNING_OFF:
    1178             :         case SMB_SIGNING_IF_REQUIRED:
    1179             :         case SMB_SIGNING_DESIRED:
    1180             :         case SMB_SIGNING_REQUIRED:
    1181          80 :                 break;
    1182           0 :         default:
    1183           0 :                 PyErr_Format(PyExc_TypeError, "Invalid signing state value");
    1184           0 :                 return NULL;
    1185             :         }
    1186             : 
    1187          80 :         cli_credentials_set_smb_ipc_signing(creds, signing_state, obt);
    1188          80 :         Py_RETURN_NONE;
    1189             : }
    1190             : 
    1191           5 : static PyObject *py_creds_get_smb_encryption(PyObject *self, PyObject *unused)
    1192             : {
    1193           5 :         enum smb_encryption_setting encryption_state;
    1194           5 :         struct cli_credentials *creds = NULL;
    1195             : 
    1196           5 :         creds = PyCredentials_AsCliCredentials(self);
    1197           5 :         if (creds == NULL) {
    1198           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
    1199           0 :                 return NULL;
    1200             :         }
    1201             : 
    1202           5 :         encryption_state = cli_credentials_get_smb_encryption(creds);
    1203           5 :         return PyLong_FromLong(encryption_state);
    1204             : }
    1205             : 
    1206          18 : static PyObject *py_creds_set_smb_encryption(PyObject *self, PyObject *args)
    1207             : {
    1208           2 :         enum smb_encryption_setting encryption_state;
    1209          18 :         struct cli_credentials *creds = NULL;
    1210          18 :         enum credentials_obtained obt = CRED_SPECIFIED;
    1211             : 
    1212          18 :         creds = PyCredentials_AsCliCredentials(self);
    1213          18 :         if (creds == NULL) {
    1214           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
    1215           0 :                 return NULL;
    1216             :         }
    1217          18 :         if (!PyArg_ParseTuple(args, "i|i", &encryption_state, &obt)) {
    1218           0 :                 return NULL;
    1219             :         }
    1220             : 
    1221          18 :         switch (encryption_state) {
    1222          16 :         case SMB_ENCRYPTION_DEFAULT:
    1223             :         case SMB_ENCRYPTION_OFF:
    1224             :         case SMB_ENCRYPTION_IF_REQUIRED:
    1225             :         case SMB_ENCRYPTION_DESIRED:
    1226             :         case SMB_ENCRYPTION_REQUIRED:
    1227          18 :                 break;
    1228           0 :         default:
    1229           0 :                 PyErr_Format(PyExc_TypeError, "Invalid encryption state value");
    1230           0 :                 return NULL;
    1231             :         }
    1232             : 
    1233          18 :         (void)cli_credentials_set_smb_encryption(creds, encryption_state, obt);
    1234          18 :         Py_RETURN_NONE;
    1235             : }
    1236             : 
    1237           0 : static PyObject *py_creds_get_krb5_fast_armor_credentials(PyObject *self, PyObject *unused)
    1238             : {
    1239           0 :         struct cli_credentials *creds = NULL;
    1240           0 :         struct cli_credentials *fast_creds = NULL;
    1241             : 
    1242           0 :         creds = PyCredentials_AsCliCredentials(self);
    1243           0 :         if (creds == NULL) {
    1244           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
    1245           0 :                 return NULL;
    1246             :         }
    1247             : 
    1248           0 :         fast_creds = cli_credentials_get_krb5_fast_armor_credentials(creds);
    1249           0 :         if (fast_creds == NULL) {
    1250           0 :                 Py_RETURN_NONE;
    1251             :         }
    1252             : 
    1253           0 :         return PyCredentials_from_cli_credentials(fast_creds);
    1254             : }
    1255             : 
    1256          13 : static PyObject *py_creds_set_krb5_fast_armor_credentials(PyObject *self, PyObject *args)
    1257             : {
    1258          13 :         struct cli_credentials *creds = NULL;
    1259           0 :         PyObject *pyfast_creds;
    1260          13 :         struct cli_credentials *fast_creds = NULL;
    1261          13 :         int fast_armor_required = 0;
    1262           0 :         NTSTATUS status;
    1263             : 
    1264          13 :         creds = PyCredentials_AsCliCredentials(self);
    1265          13 :         if (creds == NULL) {
    1266           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
    1267           0 :                 return NULL;
    1268             :         }
    1269          13 :         if (!PyArg_ParseTuple(args, "Op", &pyfast_creds, &fast_armor_required)) {
    1270           0 :                 return NULL;
    1271             :         }
    1272          13 :         if (pyfast_creds == Py_None) {
    1273           2 :                 fast_creds = NULL;
    1274             :         } else {
    1275          11 :                 fast_creds = PyCredentials_AsCliCredentials(pyfast_creds);
    1276          11 :                 if (fast_creds == NULL) {
    1277           0 :                         PyErr_Format(PyExc_TypeError, "Credentials expected");
    1278           0 :                         return NULL;
    1279             :                 }
    1280             :         }
    1281             : 
    1282          13 :         status = cli_credentials_set_krb5_fast_armor_credentials(creds,
    1283             :                                                                  fast_creds,
    1284             :                                                                  fast_armor_required);
    1285             : 
    1286          13 :         PyErr_NTSTATUS_IS_ERR_RAISE(status);
    1287          13 :         Py_RETURN_NONE;
    1288             : }
    1289             : 
    1290           0 : static PyObject *py_creds_get_krb5_require_fast_armor(PyObject *self, PyObject *unused)
    1291             : {
    1292           0 :         bool krb5_fast_armor_required;
    1293           0 :         struct cli_credentials *creds = NULL;
    1294             : 
    1295           0 :         creds = PyCredentials_AsCliCredentials(self);
    1296           0 :         if (creds == NULL) {
    1297           0 :                 PyErr_Format(PyExc_TypeError, "Credentials expected");
    1298           0 :                 return NULL;
    1299             :         }
    1300             : 
    1301           0 :         krb5_fast_armor_required = cli_credentials_get_krb5_require_fast_armor(creds);
    1302           0 :         return PyBool_FromLong(krb5_fast_armor_required);
    1303             : }
    1304             : 
    1305             : static PyMethodDef py_creds_methods[] = {
    1306             :         {
    1307             :                 .ml_name  = "get_username",
    1308             :                 .ml_meth  = py_creds_get_username,
    1309             :                 .ml_flags = METH_NOARGS,
    1310             :                 .ml_doc   = "S.get_username() -> username\nObtain username.",
    1311             :         },
    1312             :         {
    1313             :                 .ml_name  = "set_username",
    1314             :                 .ml_meth  = py_creds_set_username,
    1315             :                 .ml_flags = METH_VARARGS,
    1316             :                 .ml_doc   = "S.set_username(name[, credentials.SPECIFIED]) -> None\n"
    1317             :                             "Change username.",
    1318             :         },
    1319             :         {
    1320             :                 .ml_name  = "get_principal",
    1321             :                 .ml_meth  = py_creds_get_principal,
    1322             :                 .ml_flags = METH_NOARGS,
    1323             :                 .ml_doc   = "S.get_principal() -> user@realm\nObtain user principal.",
    1324             :         },
    1325             :         {
    1326             :                 .ml_name  = "set_principal",
    1327             :                 .ml_meth  = py_creds_set_principal,
    1328             :                 .ml_flags = METH_VARARGS,
    1329             :                 .ml_doc   = "S.set_principal(name[, credentials.SPECIFIED]) -> None\n"
    1330             :                             "Change principal.",
    1331             :         },
    1332             :         {
    1333             :                 .ml_name  = "get_password",
    1334             :                 .ml_meth  = py_creds_get_password,
    1335             :                 .ml_flags = METH_NOARGS,
    1336             :                 .ml_doc   = "S.get_password() -> password\n"
    1337             :                             "Obtain password.",
    1338             :         },
    1339             :         {
    1340             :                 .ml_name  = "get_ntlm_username_domain",
    1341             :                 .ml_meth  = py_creds_get_ntlm_username_domain,
    1342             :                 .ml_flags = METH_NOARGS,
    1343             :                 .ml_doc   = "S.get_ntlm_username_domain() -> (domain, username)\n"
    1344             :                             "Obtain NTLM username and domain, split up either as (DOMAIN, user) or (\"\", \"user@realm\").",
    1345             :         },
    1346             :         {
    1347             :                 .ml_name  = "get_ntlm_response",
    1348             :                 .ml_meth  = PY_DISCARD_FUNC_SIG(PyCFunction,
    1349             :                                                 py_creds_get_ntlm_response),
    1350             :                 .ml_flags = METH_VARARGS | METH_KEYWORDS,
    1351             :                 .ml_doc   = "S.get_ntlm_response"
    1352             :                             "(flags, challenge[, target_info]) -> "
    1353             :                             "(flags, lm_response, nt_response, lm_session_key, nt_session_key)\n"
    1354             :                             "Obtain LM or NTLM response.",
    1355             :         },
    1356             :         {
    1357             :                 .ml_name  = "set_password",
    1358             :                 .ml_meth  = py_creds_set_password,
    1359             :                 .ml_flags = METH_VARARGS,
    1360             :                 .ml_doc   = "S.set_password(password[, credentials.SPECIFIED]) -> None\n"
    1361             :                             "Change password.",
    1362             :         },
    1363             :         {
    1364             :                 .ml_name  = "set_utf16_password",
    1365             :                 .ml_meth  = py_creds_set_utf16_password,
    1366             :                 .ml_flags = METH_VARARGS,
    1367             :                 .ml_doc   = "S.set_utf16_password(password[, credentials.SPECIFIED]) -> None\n"
    1368             :                             "Change password.",
    1369             :         },
    1370             :         {
    1371             :                 .ml_name  = "get_old_password",
    1372             :                 .ml_meth  = py_creds_get_old_password,
    1373             :                 .ml_flags = METH_NOARGS,
    1374             :                 .ml_doc   = "S.get_old_password() -> password\n"
    1375             :                             "Obtain old password.",
    1376             :         },
    1377             :         {
    1378             :                 .ml_name  = "set_old_password",
    1379             :                 .ml_meth  = py_creds_set_old_password,
    1380             :                 .ml_flags = METH_VARARGS,
    1381             :                 .ml_doc   = "S.set_old_password(password[, credentials.SPECIFIED]) -> None\n"
    1382             :                             "Change old password.",
    1383             :         },
    1384             :         {
    1385             :                 .ml_name  = "set_old_utf16_password",
    1386             :                 .ml_meth  = py_creds_set_old_utf16_password,
    1387             :                 .ml_flags = METH_VARARGS,
    1388             :                 .ml_doc   = "S.set_old_utf16_password(password[, credentials.SPECIFIED]) -> None\n"
    1389             :                             "Change old password.",
    1390             :         },
    1391             :         {
    1392             :                 .ml_name  = "get_domain",
    1393             :                 .ml_meth  = py_creds_get_domain,
    1394             :                 .ml_flags = METH_NOARGS,
    1395             :                 .ml_doc   = "S.get_domain() -> domain\n"
    1396             :                             "Obtain domain name.",
    1397             :         },
    1398             :         {
    1399             :                 .ml_name  = "set_domain",
    1400             :                 .ml_meth  = py_creds_set_domain,
    1401             :                 .ml_flags = METH_VARARGS,
    1402             :                 .ml_doc   = "S.set_domain(domain[, credentials.SPECIFIED]) -> None\n"
    1403             :                             "Change domain name.",
    1404             :         },
    1405             :         {
    1406             :                 .ml_name  = "get_realm",
    1407             :                 .ml_meth  = py_creds_get_realm,
    1408             :                 .ml_flags = METH_NOARGS,
    1409             :                 .ml_doc   = "S.get_realm() -> realm\n"
    1410             :                             "Obtain realm name.",
    1411             :         },
    1412             :         {
    1413             :                 .ml_name  = "set_realm",
    1414             :                 .ml_meth  = py_creds_set_realm,
    1415             :                 .ml_flags = METH_VARARGS,
    1416             :                 .ml_doc   = "S.set_realm(realm[, credentials.SPECIFIED]) -> None\n"
    1417             :                             "Change realm name.",
    1418             :         },
    1419             :         {
    1420             :                 .ml_name  = "get_bind_dn",
    1421             :                 .ml_meth  = py_creds_get_bind_dn,
    1422             :                 .ml_flags = METH_NOARGS,
    1423             :                 .ml_doc   = "S.get_bind_dn() -> bind dn\n"
    1424             :                             "Obtain bind DN.",
    1425             :         },
    1426             :         {
    1427             :                 .ml_name  = "set_bind_dn",
    1428             :                 .ml_meth  = py_creds_set_bind_dn,
    1429             :                 .ml_flags = METH_VARARGS,
    1430             :                 .ml_doc   = "S.set_bind_dn(bind_dn) -> None\n"
    1431             :                             "Change bind DN.",
    1432             :         },
    1433             :         {
    1434             :                 .ml_name  = "is_anonymous",
    1435             :                 .ml_meth  = py_creds_is_anonymous,
    1436             :                 .ml_flags = METH_NOARGS,
    1437             :         },
    1438             :         {
    1439             :                 .ml_name  = "set_anonymous",
    1440             :                 .ml_meth  = py_creds_set_anonymous,
    1441             :                 .ml_flags = METH_NOARGS,
    1442             :                 .ml_doc   = "S.set_anonymous() -> None\n"
    1443             :                             "Use anonymous credentials.",
    1444             :         },
    1445             :         {
    1446             :                 .ml_name  = "get_workstation",
    1447             :                 .ml_meth  = py_creds_get_workstation,
    1448             :                 .ml_flags = METH_NOARGS,
    1449             :         },
    1450             :         {
    1451             :                 .ml_name  = "set_workstation",
    1452             :                 .ml_meth  = py_creds_set_workstation,
    1453             :                 .ml_flags = METH_VARARGS,
    1454             :         },
    1455             :         {
    1456             :                 .ml_name  = "authentication_requested",
    1457             :                 .ml_meth  = py_creds_authentication_requested,
    1458             :                 .ml_flags = METH_NOARGS,
    1459             :         },
    1460             :         {
    1461             :                 .ml_name  = "wrong_password",
    1462             :                 .ml_meth  = py_creds_wrong_password,
    1463             :                 .ml_flags = METH_NOARGS,
    1464             :                 .ml_doc   = "S.wrong_password() -> bool\n"
    1465             :                             "Indicate the returned password was incorrect.",
    1466             :         },
    1467             :         {
    1468             :                 .ml_name  = "set_cmdline_callbacks",
    1469             :                 .ml_meth  = py_creds_set_cmdline_callbacks,
    1470             :                 .ml_flags = METH_NOARGS,
    1471             :                 .ml_doc   = "S.set_cmdline_callbacks() -> bool\n"
    1472             :                             "Use command-line to obtain credentials not explicitly set.",
    1473             :         },
    1474             :         {
    1475             :                 .ml_name  = "parse_string",
    1476             :                 .ml_meth  = py_creds_parse_string,
    1477             :                 .ml_flags = METH_VARARGS,
    1478             :                 .ml_doc   = "S.parse_string(text[, credentials.SPECIFIED]) -> None\n"
    1479             :                             "Parse credentials string.",
    1480             :         },
    1481             :         {
    1482             :                 .ml_name  = "parse_file",
    1483             :                 .ml_meth  = py_creds_parse_file,
    1484             :                 .ml_flags = METH_VARARGS,
    1485             :                 .ml_doc   = "S.parse_file(filename[, credentials.SPECIFIED]) -> None\n"
    1486             :                             "Parse credentials file.",
    1487             :         },
    1488             :         {
    1489             :                 .ml_name  = "set_password_will_be_nt_hash",
    1490             :                 .ml_meth  = py_cli_credentials_set_password_will_be_nt_hash,
    1491             :                 .ml_flags = METH_VARARGS,
    1492             :                 .ml_doc   = "S.set_password_will_be_nt_hash(bool) -> None\n"
    1493             :                             "Alters the behaviour of S.set_password() "
    1494             :                             "to expect the NTHASH as hexstring.",
    1495             :         },
    1496             :         {
    1497             :                 .ml_name  = "get_nt_hash",
    1498             :                 .ml_meth  = py_creds_get_nt_hash,
    1499             :                 .ml_flags = METH_NOARGS,
    1500             :         },
    1501             :         {
    1502             :                 .ml_name  = "set_nt_hash",
    1503             :                 .ml_meth  = py_creds_set_nt_hash,
    1504             :                 .ml_flags = METH_VARARGS,
    1505             :                 .ml_doc = "S.set_net_sh(samr_Password[, credentials.SPECIFIED]) -> bool\n"
    1506             :                         "Change NT hash.",
    1507             :         },
    1508             :         {
    1509             :                 .ml_name  = "get_kerberos_state",
    1510             :                 .ml_meth  = py_creds_get_kerberos_state,
    1511             :                 .ml_flags = METH_NOARGS,
    1512             :         },
    1513             :         {
    1514             :                 .ml_name  = "set_kerberos_state",
    1515             :                 .ml_meth  = py_creds_set_kerberos_state,
    1516             :                 .ml_flags = METH_VARARGS,
    1517             :         },
    1518             :         {
    1519             :                 .ml_name  = "set_krb_forwardable",
    1520             :                 .ml_meth  = py_creds_set_krb_forwardable,
    1521             :                 .ml_flags = METH_VARARGS,
    1522             :         },
    1523             :         {
    1524             :                 .ml_name  = "set_conf",
    1525             :                 .ml_meth  = py_creds_set_conf,
    1526             :                 .ml_flags = METH_VARARGS,
    1527             :         },
    1528             :         {
    1529             :                 .ml_name  = "guess",
    1530             :                 .ml_meth  = py_creds_guess,
    1531             :                 .ml_flags = METH_VARARGS,
    1532             :         },
    1533             :         {
    1534             :                 .ml_name  = "set_machine_account",
    1535             :                 .ml_meth  = py_creds_set_machine_account,
    1536             :                 .ml_flags = METH_VARARGS,
    1537             :         },
    1538             :         {
    1539             :                 .ml_name  = "get_named_ccache",
    1540             :                 .ml_meth  = py_creds_get_named_ccache,
    1541             :                 .ml_flags = METH_VARARGS,
    1542             :         },
    1543             :         {
    1544             :                 .ml_name  = "set_named_ccache",
    1545             :                 .ml_meth  = py_creds_set_named_ccache,
    1546             :                 .ml_flags = METH_VARARGS,
    1547             :                 .ml_doc   = "S.set_named_ccache(krb5_ccache_name, obtained, lp) -> None\n"
    1548             :                             "Set credentials to KRB5 Credentials Cache (by name).",
    1549             :         },
    1550             :         {
    1551             :                 .ml_name  = "set_gensec_features",
    1552             :                 .ml_meth  = py_creds_set_gensec_features,
    1553             :                 .ml_flags = METH_VARARGS,
    1554             :         },
    1555             :         {
    1556             :                 .ml_name  = "get_gensec_features",
    1557             :                 .ml_meth  = py_creds_get_gensec_features,
    1558             :                 .ml_flags = METH_NOARGS,
    1559             :         },
    1560             :         {
    1561             :                 .ml_name  = "get_forced_sasl_mech",
    1562             :                 .ml_meth  = py_creds_get_forced_sasl_mech,
    1563             :                 .ml_flags = METH_NOARGS,
    1564             :                 .ml_doc   = "S.get_forced_sasl_mech() -> SASL mechanism\nObtain forced SASL mechanism.",
    1565             :         },
    1566             :         {
    1567             :                 .ml_name  = "set_forced_sasl_mech",
    1568             :                 .ml_meth  = py_creds_set_forced_sasl_mech,
    1569             :                 .ml_flags = METH_VARARGS,
    1570             :                 .ml_doc   = "S.set_forced_sasl_mech(name) -> None\n"
    1571             :                             "Set forced SASL mechanism.",
    1572             :         },
    1573             :         {
    1574             :                 .ml_name  = "new_client_authenticator",
    1575             :                 .ml_meth  = py_creds_new_client_authenticator,
    1576             :                 .ml_flags = METH_NOARGS,
    1577             :                 .ml_doc   = "S.new_client_authenticator() -> Authenticator\n"
    1578             :                             "Get a new client NETLOGON_AUTHENTICATOR"},
    1579             :         {
    1580             :                 .ml_name  = "set_secure_channel_type",
    1581             :                 .ml_meth  = py_creds_set_secure_channel_type,
    1582             :                 .ml_flags = METH_VARARGS,
    1583             :         },
    1584             :         {
    1585             :                 .ml_name  = "get_secure_channel_type",
    1586             :                 .ml_meth  = py_creds_get_secure_channel_type,
    1587             :                 .ml_flags = METH_VARARGS,
    1588             :         },
    1589             :         {
    1590             :                 .ml_name  = "get_aes256_key",
    1591             :                 .ml_meth  = py_creds_get_aes256_key,
    1592             :                 .ml_flags = METH_VARARGS,
    1593             :                 .ml_doc   = "S.get_aes256_key(salt[, lp]) -> bytes\n"
    1594             :                             "Generate an AES256 key using the current password and\n"
    1595             :                             "the specified salt",
    1596             :         },
    1597             :         {
    1598             :                 .ml_name  = "encrypt_netr_crypt_password",
    1599             :                 .ml_meth  = py_creds_encrypt_netr_crypt_password,
    1600             :                 .ml_flags = METH_VARARGS,
    1601             :                 .ml_doc   = "S.encrypt_netr_crypt_password(password) -> None\n"
    1602             :                             "Encrypt the supplied password using the session key and\n"
    1603             :                             "the negotiated encryption algorithm in place\n"
    1604             :                             "i.e. it overwrites the original data"},
    1605             :         {
    1606             :                 .ml_name  = "encrypt_samr_password",
    1607             :                 .ml_meth  = py_creds_encrypt_samr_password,
    1608             :                 .ml_flags = METH_VARARGS,
    1609             :                 .ml_doc   = "S.encrypt_samr_password(password) -> None\n"
    1610             :                             "Encrypt the supplied password using the session key and\n"
    1611             :                             "the negotiated encryption algorithm in place\n"
    1612             :                             "i.e. it overwrites the original data"
    1613             :         },
    1614             :         {
    1615             :                 .ml_name  = "get_smb_signing",
    1616             :                 .ml_meth  = py_creds_get_smb_signing,
    1617             :                 .ml_flags = METH_NOARGS,
    1618             :         },
    1619             :         {
    1620             :                 .ml_name  = "set_smb_signing",
    1621             :                 .ml_meth  = py_creds_set_smb_signing,
    1622             :                 .ml_flags = METH_VARARGS,
    1623             :         },
    1624             :         {
    1625             :                 .ml_name  = "get_smb_ipc_signing",
    1626             :                 .ml_meth  = py_creds_get_smb_ipc_signing,
    1627             :                 .ml_flags = METH_NOARGS,
    1628             :         },
    1629             :         {
    1630             :                 .ml_name  = "set_smb_ipc_signing",
    1631             :                 .ml_meth  = py_creds_set_smb_ipc_signing,
    1632             :                 .ml_flags = METH_VARARGS,
    1633             :         },
    1634             :         {
    1635             :                 .ml_name  = "get_smb_encryption",
    1636             :                 .ml_meth  = py_creds_get_smb_encryption,
    1637             :                 .ml_flags = METH_NOARGS,
    1638             :         },
    1639             :         {
    1640             :                 .ml_name  = "set_smb_encryption",
    1641             :                 .ml_meth  = py_creds_set_smb_encryption,
    1642             :                 .ml_flags = METH_VARARGS,
    1643             :         },
    1644             :         {
    1645             :                 .ml_name  = "get_krb5_fast_armor_credentials",
    1646             :                 .ml_meth  = py_creds_get_krb5_fast_armor_credentials,
    1647             :                 .ml_flags = METH_NOARGS,
    1648             :                 .ml_doc   = "S.get_krb5_fast_armor_credentials() -> Credentials\n"
    1649             :                             "Get the Kerberos FAST credentials set on this credentials object"
    1650             :         },
    1651             :         {
    1652             :                 .ml_name  = "set_krb5_fast_armor_credentials",
    1653             :                 .ml_meth  = py_creds_set_krb5_fast_armor_credentials,
    1654             :                 .ml_flags = METH_VARARGS,
    1655             :                 .ml_doc   = "S.set_krb5_fast_armor_credentials(credentials, required) -> None\n"
    1656             :                             "Set Kerberos FAST credentials for this credentials object, and if FAST armoring must be used."
    1657             :         },
    1658             :         {
    1659             :                 .ml_name  = "get_krb5_require_fast_armor",
    1660             :                 .ml_meth  = py_creds_get_krb5_require_fast_armor,
    1661             :                 .ml_flags = METH_NOARGS,
    1662             :                 .ml_doc   = "S.get_krb5_fast_armor() -> bool\n"
    1663             :                             "Indicate if Kerberos FAST armor is required"
    1664             :         },
    1665             :         { .ml_name = NULL }
    1666             : };
    1667             : 
    1668             : static struct PyModuleDef moduledef = {
    1669             :     PyModuleDef_HEAD_INIT,
    1670             :     .m_name = "credentials",
    1671             :     .m_doc = "Credentials management.",
    1672             :     .m_size = -1,
    1673             :     .m_methods = py_creds_methods,
    1674             : };
    1675             : 
    1676             : PyTypeObject PyCredentials = {
    1677             :         .tp_name = "credentials.Credentials",
    1678             :         .tp_new = py_creds_new,
    1679             :         .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE,
    1680             :         .tp_methods = py_creds_methods,
    1681             : };
    1682             : 
    1683        1858 : static PyObject *py_ccache_name(PyObject *self, PyObject *unused)
    1684             : {
    1685        1858 :         struct ccache_container *ccc = NULL;
    1686        1858 :         char *name = NULL;
    1687        1858 :         PyObject *py_name = NULL;
    1688           0 :         int ret;
    1689             : 
    1690        1858 :         ccc = pytalloc_get_type(self, struct ccache_container);
    1691             : 
    1692        1858 :         ret = krb5_cc_get_full_name(ccc->smb_krb5_context->krb5_context,
    1693             :                                     ccc->ccache, &name);
    1694        1858 :         if (ret == 0) {
    1695        1858 :                 py_name = PyString_FromStringOrNULL(name);
    1696        1858 :                 krb5_free_string(ccc->smb_krb5_context->krb5_context, name);
    1697             :         } else {
    1698           0 :                 PyErr_SetString(PyExc_RuntimeError,
    1699             :                                 "Failed to get ccache name");
    1700           0 :                 return NULL;
    1701             :         }
    1702        1858 :         return py_name;
    1703             : }
    1704             : 
    1705             : static PyMethodDef py_ccache_container_methods[] = {
    1706             :         { "get_name", py_ccache_name, METH_NOARGS,
    1707             :           "S.get_name() -> name\nObtain KRB5 credentials cache name." },
    1708             :         {0}
    1709             : };
    1710             : 
    1711             : PyTypeObject PyCredentialCacheContainer = {
    1712             :         .tp_name = "credentials.CredentialCacheContainer",
    1713             :         .tp_flags = Py_TPFLAGS_DEFAULT,
    1714             :         .tp_methods = py_ccache_container_methods,
    1715             : };
    1716             : 
    1717        7520 : MODULE_INIT_FUNC(credentials)
    1718             : {
    1719         192 :         PyObject *m;
    1720        7520 :         if (pytalloc_BaseObject_PyType_Ready(&PyCredentials) < 0)
    1721           0 :                 return NULL;
    1722             : 
    1723        7520 :         if (pytalloc_BaseObject_PyType_Ready(&PyCredentialCacheContainer) < 0)
    1724           0 :                 return NULL;
    1725             : 
    1726        7520 :         m = PyModule_Create(&moduledef);
    1727        7520 :         if (m == NULL)
    1728           0 :                 return NULL;
    1729             : 
    1730        7520 :         PyModule_AddObject(m, "UNINITIALISED", PyLong_FromLong(CRED_UNINITIALISED));
    1731        7520 :         PyModule_AddObject(m, "SMB_CONF", PyLong_FromLong(CRED_SMB_CONF));
    1732        7520 :         PyModule_AddObject(m, "CALLBACK", PyLong_FromLong(CRED_CALLBACK));
    1733        7520 :         PyModule_AddObject(m, "GUESS_ENV", PyLong_FromLong(CRED_GUESS_ENV));
    1734        7520 :         PyModule_AddObject(m, "GUESS_FILE", PyLong_FromLong(CRED_GUESS_FILE));
    1735        7520 :         PyModule_AddObject(m, "CALLBACK_RESULT", PyLong_FromLong(CRED_CALLBACK_RESULT));
    1736        7520 :         PyModule_AddObject(m, "SPECIFIED", PyLong_FromLong(CRED_SPECIFIED));
    1737             : 
    1738        7520 :         PyModule_AddObject(m, "AUTO_USE_KERBEROS", PyLong_FromLong(CRED_USE_KERBEROS_DESIRED));
    1739        7520 :         PyModule_AddObject(m, "DONT_USE_KERBEROS", PyLong_FromLong(CRED_USE_KERBEROS_DISABLED));
    1740        7520 :         PyModule_AddObject(m, "MUST_USE_KERBEROS", PyLong_FromLong(CRED_USE_KERBEROS_REQUIRED));
    1741             : 
    1742        7520 :         PyModule_AddObject(m, "AUTO_KRB_FORWARDABLE",  PyLong_FromLong(CRED_AUTO_KRB_FORWARDABLE));
    1743        7520 :         PyModule_AddObject(m, "NO_KRB_FORWARDABLE",    PyLong_FromLong(CRED_NO_KRB_FORWARDABLE));
    1744        7520 :         PyModule_AddObject(m, "FORCE_KRB_FORWARDABLE", PyLong_FromLong(CRED_FORCE_KRB_FORWARDABLE));
    1745        7520 :         PyModule_AddObject(m, "CLI_CRED_NTLM2", PyLong_FromLong(CLI_CRED_NTLM2));
    1746        7520 :         PyModule_AddObject(m, "CLI_CRED_NTLMv2_AUTH", PyLong_FromLong(CLI_CRED_NTLMv2_AUTH));
    1747        7520 :         PyModule_AddObject(m, "CLI_CRED_LANMAN_AUTH", PyLong_FromLong(CLI_CRED_LANMAN_AUTH));
    1748        7520 :         PyModule_AddObject(m, "CLI_CRED_NTLM_AUTH", PyLong_FromLong(CLI_CRED_NTLM_AUTH));
    1749        7520 :         PyModule_AddObject(m, "CLI_CRED_CLEAR_AUTH", PyLong_FromLong(CLI_CRED_CLEAR_AUTH));
    1750             : 
    1751        7520 :         PyModule_AddObject(m, "SMB_SIGNING_DEFAULT", PyLong_FromLong(SMB_SIGNING_DEFAULT));
    1752        7520 :         PyModule_AddObject(m, "SMB_SIGNING_OFF", PyLong_FromLong(SMB_SIGNING_OFF));
    1753        7520 :         PyModule_AddObject(m, "SMB_SIGNING_IF_REQUIRED", PyLong_FromLong(SMB_SIGNING_IF_REQUIRED));
    1754        7520 :         PyModule_AddObject(m, "SMB_SIGNING_DESIRED", PyLong_FromLong(SMB_SIGNING_DESIRED));
    1755        7520 :         PyModule_AddObject(m, "SMB_SIGNING_REQUIRED", PyLong_FromLong(SMB_SIGNING_REQUIRED));
    1756             : 
    1757        7520 :         PyModule_AddObject(m, "SMB_ENCRYPTION_DEFAULT", PyLong_FromLong(SMB_ENCRYPTION_DEFAULT));
    1758        7520 :         PyModule_AddObject(m, "SMB_ENCRYPTION_OFF", PyLong_FromLong(SMB_ENCRYPTION_OFF));
    1759        7520 :         PyModule_AddObject(m, "SMB_ENCRYPTION_IF_REQUIRED", PyLong_FromLong(SMB_ENCRYPTION_IF_REQUIRED));
    1760        7520 :         PyModule_AddObject(m, "SMB_ENCRYPTION_DESIRED", PyLong_FromLong(SMB_ENCRYPTION_DESIRED));
    1761        7520 :         PyModule_AddObject(m, "SMB_ENCRYPTION_REQUIRED", PyLong_FromLong(SMB_ENCRYPTION_REQUIRED));
    1762             : 
    1763        6271 :         Py_INCREF(&PyCredentials);
    1764        7520 :         PyModule_AddObject(m, "Credentials", (PyObject *)&PyCredentials);
    1765        6271 :         Py_INCREF(&PyCredentialCacheContainer);
    1766        7520 :         PyModule_AddObject(m, "CredentialCacheContainer", (PyObject *)&PyCredentialCacheContainer);
    1767        7520 :         return m;
    1768             : }

Generated by: LCOV version 1.14