diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 17:47:29 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 17:47:29 +0000 |
commit | 4f5791ebd03eaec1c7da0865a383175b05102712 (patch) | |
tree | 8ce7b00f7a76baa386372422adebbe64510812d4 /source4/auth/gensec/pygensec.c | |
parent | Initial commit. (diff) | |
download | samba-upstream.tar.xz samba-upstream.zip |
Adding upstream version 2:4.17.12+dfsg.upstream/2%4.17.12+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'source4/auth/gensec/pygensec.c')
-rw-r--r-- | source4/auth/gensec/pygensec.c | 779 |
1 files changed, 779 insertions, 0 deletions
diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/pygensec.c new file mode 100644 index 0000000..dd63fa5 --- /dev/null +++ b/source4/auth/gensec/pygensec.c @@ -0,0 +1,779 @@ +/* + Unix SMB/CIFS implementation. + Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2009 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include <Python.h> +#include "python/py3compat.h" +#include "includes.h" +#include "python/modules.h" +#include "param/pyparam.h" +#include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_internal.h" /* TODO: remove this */ +#include "auth/credentials/pycredentials.h" +#include "libcli/util/pyerrors.h" +#include "python/modules.h" +#include <pytalloc.h> +#include <tevent.h> +#include "librpc/rpc/pyrpc_util.h" + +static PyObject *py_get_name_by_authtype(PyObject *self, PyObject *args) +{ + int type; + const char *name; + struct gensec_security *security; + + if (!PyArg_ParseTuple(args, "i", &type)) + return NULL; + + security = pytalloc_get_type(self, struct gensec_security); + + name = gensec_get_name_by_authtype(security, type); + if (name == NULL) + Py_RETURN_NONE; + + return PyUnicode_FromString(name); +} + +static struct gensec_settings *settings_from_object(TALLOC_CTX *mem_ctx, PyObject *object) +{ + struct gensec_settings *s; + PyObject *py_hostname, *py_lp_ctx; + + if (!PyDict_Check(object)) { + PyErr_SetString(PyExc_ValueError, "settings should be a dictionary"); + return NULL; + } + + s = talloc_zero(mem_ctx, struct gensec_settings); + if (!s) return NULL; + + py_hostname = PyDict_GetItemString(object, "target_hostname"); + if (!py_hostname) { + PyErr_SetString(PyExc_ValueError, "settings.target_hostname not found"); + return NULL; + } + + py_lp_ctx = PyDict_GetItemString(object, "lp_ctx"); + if (!py_lp_ctx) { + PyErr_SetString(PyExc_ValueError, "settings.lp_ctx not found"); + return NULL; + } + + s->target_hostname = PyUnicode_AsUTF8(py_hostname); + s->lp_ctx = lpcfg_from_py_object(s, py_lp_ctx); + return s; +} + +static PyObject *py_gensec_start_client(PyTypeObject *type, PyObject *args, PyObject *kwargs) +{ + NTSTATUS status; + PyObject *self; + struct gensec_settings *settings; + const char *kwnames[] = { "settings", NULL }; + PyObject *py_settings = Py_None; + struct gensec_security *gensec; + TALLOC_CTX *frame; + + if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|O", discard_const_p(char *, kwnames), &py_settings)) + return NULL; + + frame = talloc_stackframe(); + + if (py_settings != Py_None) { + settings = settings_from_object(frame, py_settings); + if (settings == NULL) { + PyErr_NoMemory(); + TALLOC_FREE(frame); + return NULL; + } + } else { + settings = talloc_zero(frame, struct gensec_settings); + if (settings == NULL) { + PyErr_NoMemory(); + TALLOC_FREE(frame); + return NULL; + } + + settings->lp_ctx = loadparm_init_global(true); + if (settings->lp_ctx == NULL) { + PyErr_NoMemory(); + TALLOC_FREE(frame); + return NULL; + } + } + + status = gensec_init(); + if (!NT_STATUS_IS_OK(status)) { + PyErr_SetNTSTATUS(status); + TALLOC_FREE(frame); + return NULL; + } + + status = gensec_client_start(frame, &gensec, settings); + if (!NT_STATUS_IS_OK(status)) { + PyErr_SetNTSTATUS(status); + TALLOC_FREE(frame); + return NULL; + } + + self = pytalloc_steal(type, gensec); + TALLOC_FREE(frame); + + return (PyObject *)self; +} + +static PyObject *py_gensec_start_server(PyTypeObject *type, PyObject *args, PyObject *kwargs) +{ + NTSTATUS status; + PyObject *self; + struct gensec_settings *settings = NULL; + const char *kwnames[] = { "settings", "auth_context", NULL }; + PyObject *py_settings = Py_None; + PyObject *py_auth_context = Py_None; + struct gensec_security *gensec; + struct auth4_context *auth_context = NULL; + TALLOC_CTX *frame; + + if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|OO", discard_const_p(char *, kwnames), &py_settings, &py_auth_context)) + return NULL; + + frame = talloc_stackframe(); + + if (py_settings != Py_None) { + settings = settings_from_object(frame, py_settings); + if (settings == NULL) { + PyErr_NoMemory(); + TALLOC_FREE(frame); + return NULL; + } + } else { + settings = talloc_zero(frame, struct gensec_settings); + if (settings == NULL) { + PyErr_NoMemory(); + TALLOC_FREE(frame); + return NULL; + } + + settings->lp_ctx = loadparm_init_global(true); + if (settings->lp_ctx == NULL) { + PyErr_NoMemory(); + TALLOC_FREE(frame); + return NULL; + } + } + + if (py_auth_context != Py_None) { + bool ok = py_check_dcerpc_type(py_auth_context, + "samba.auth", + "AuthContext"); + if (!ok) { + return NULL; + } + + auth_context = pytalloc_get_type(py_auth_context, + struct auth4_context); + if (!auth_context) { + PyErr_Format(PyExc_TypeError, + "Expected auth.AuthContext for auth_context argument, got %s", + pytalloc_get_name(py_auth_context)); + return NULL; + } + } + + status = gensec_init(); + if (!NT_STATUS_IS_OK(status)) { + PyErr_SetNTSTATUS(status); + TALLOC_FREE(frame); + return NULL; + } + + status = gensec_server_start(frame, settings, auth_context, &gensec); + if (!NT_STATUS_IS_OK(status)) { + PyErr_SetNTSTATUS(status); + TALLOC_FREE(frame); + return NULL; + } + + self = pytalloc_steal(type, gensec); + TALLOC_FREE(frame); + + return self; +} + +static PyObject *py_gensec_set_target_hostname(PyObject *self, PyObject *args) +{ + struct gensec_security *security = pytalloc_get_type(self, struct gensec_security); + char *target_hostname; + NTSTATUS status; + + if (!PyArg_ParseTuple(args, "s", &target_hostname)) + return NULL; + + status = gensec_set_target_hostname(security, target_hostname); + if (!NT_STATUS_IS_OK(status)) { + PyErr_SetNTSTATUS(status); + return NULL; + } + + Py_RETURN_NONE; +} + +static PyObject *py_gensec_set_target_service(PyObject *self, PyObject *args) +{ + struct gensec_security *security = pytalloc_get_type(self, struct gensec_security); + char *target_service; + NTSTATUS status; + + if (!PyArg_ParseTuple(args, "s", &target_service)) + return NULL; + + status = gensec_set_target_service(security, target_service); + if (!NT_STATUS_IS_OK(status)) { + PyErr_SetNTSTATUS(status); + return NULL; + } + + Py_RETURN_NONE; +} + +static PyObject *py_gensec_set_target_service_description(PyObject *self, PyObject *args) +{ + struct gensec_security *security = pytalloc_get_type(self, struct gensec_security); + char *target_service_description; + NTSTATUS status; + + if (!PyArg_ParseTuple(args, "s", &target_service_description)) + return NULL; + + status = gensec_set_target_service_description(security, + target_service_description); + if (!NT_STATUS_IS_OK(status)) { + PyErr_SetNTSTATUS(status); + return NULL; + } + + Py_RETURN_NONE; +} + +static PyObject *py_gensec_set_credentials(PyObject *self, PyObject *args) +{ + PyObject *py_creds = Py_None; + struct cli_credentials *creds; + struct gensec_security *security = pytalloc_get_type(self, struct gensec_security); + NTSTATUS status; + + if (!PyArg_ParseTuple(args, "O", &py_creds)) + return NULL; + + creds = PyCredentials_AsCliCredentials(py_creds); + if (!creds) { + PyErr_Format( + PyExc_TypeError, + "Expected samba.credentials for credentials argument, " + "got %s", pytalloc_get_name(py_creds)); + return NULL; + } + + status = gensec_set_credentials(security, creds); + if (!NT_STATUS_IS_OK(status)) { + PyErr_SetNTSTATUS(status); + return NULL; + } + + Py_RETURN_NONE; +} + +static PyObject *py_gensec_session_info(PyObject *self, + PyObject *Py_UNUSED(ignored)) +{ + TALLOC_CTX *mem_ctx; + NTSTATUS status; + PyObject *py_session_info; + struct gensec_security *security = pytalloc_get_type(self, struct gensec_security); + struct auth_session_info *info; + if (security->ops == NULL) { + PyErr_SetString(PyExc_RuntimeError, "no mechanism selected"); + return NULL; + } + mem_ctx = talloc_new(NULL); + if (mem_ctx == NULL) { + return PyErr_NoMemory(); + } + + status = gensec_session_info(security, mem_ctx, &info); + if (NT_STATUS_IS_ERR(status)) { + talloc_free(mem_ctx); + PyErr_SetNTSTATUS(status); + return NULL; + } + + py_session_info = py_return_ndr_struct("samba.dcerpc.auth", "session_info", + info, info); + talloc_free(mem_ctx); + return py_session_info; +} + +static PyObject *py_gensec_session_key(PyObject *self, + PyObject *Py_UNUSED(ignored)) +{ + TALLOC_CTX *mem_ctx; + NTSTATUS status; + struct gensec_security *security = pytalloc_get_type(self, struct gensec_security); + DATA_BLOB session_key = data_blob_null; + static PyObject *session_key_obj = NULL; + + if (security->ops == NULL) { + PyErr_SetString(PyExc_RuntimeError, "no mechanism selected"); + return NULL; + } + mem_ctx = talloc_new(NULL); + if (mem_ctx == NULL) { + return PyErr_NoMemory(); + } + + status = gensec_session_key(security, mem_ctx, &session_key); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(mem_ctx); + PyErr_SetNTSTATUS(status); + return NULL; + } + + session_key_obj = PyBytes_FromStringAndSize((const char *)session_key.data, + session_key.length); + talloc_free(mem_ctx); + return session_key_obj; +} + +static PyObject *py_gensec_start_mech_by_name(PyObject *self, PyObject *args) +{ + char *name; + struct gensec_security *security = pytalloc_get_type(self, struct gensec_security); + NTSTATUS status; + + if (!PyArg_ParseTuple(args, "s", &name)) + return NULL; + + status = gensec_start_mech_by_name(security, name); + if (!NT_STATUS_IS_OK(status)) { + PyErr_SetNTSTATUS(status); + return NULL; + } + + Py_RETURN_NONE; +} + +static PyObject *py_gensec_start_mech_by_sasl_name(PyObject *self, PyObject *args) +{ + char *sasl_name; + struct gensec_security *security = pytalloc_get_type(self, struct gensec_security); + NTSTATUS status; + + if (!PyArg_ParseTuple(args, "s", &sasl_name)) + return NULL; + + status = gensec_start_mech_by_sasl_name(security, sasl_name); + if (!NT_STATUS_IS_OK(status)) { + PyErr_SetNTSTATUS(status); + return NULL; + } + + Py_RETURN_NONE; +} + +static PyObject *py_gensec_start_mech_by_authtype(PyObject *self, PyObject *args) +{ + int authtype, level; + struct gensec_security *security = pytalloc_get_type(self, struct gensec_security); + NTSTATUS status; + if (!PyArg_ParseTuple(args, "ii", &authtype, &level)) + return NULL; + + status = gensec_start_mech_by_authtype(security, authtype, level); + if (!NT_STATUS_IS_OK(status)) { + PyErr_SetNTSTATUS(status); + return NULL; + } + + Py_RETURN_NONE; +} + +static PyObject *py_gensec_want_feature(PyObject *self, PyObject *args) +{ + int feature; + struct gensec_security *security = pytalloc_get_type(self, struct gensec_security); + /* This is i (and declared as an int above) by design, as they are handled as an integer in python */ + if (!PyArg_ParseTuple(args, "i", &feature)) + return NULL; + + gensec_want_feature(security, feature); + + Py_RETURN_NONE; +} + +static PyObject *py_gensec_have_feature(PyObject *self, PyObject *args) +{ + int feature; + struct gensec_security *security = pytalloc_get_type(self, struct gensec_security); + /* This is i (and declared as an int above) by design, as they are handled as an integer in python */ + if (!PyArg_ParseTuple(args, "i", &feature)) + return NULL; + + if (gensec_have_feature(security, feature)) { + Py_RETURN_TRUE; + } + Py_RETURN_FALSE; +} + +static PyObject *py_gensec_set_max_update_size(PyObject *self, PyObject *args) +{ + struct gensec_security *security = pytalloc_get_type(self, struct gensec_security); + unsigned int max_update_size = 0; + + if (!PyArg_ParseTuple(args, "I", &max_update_size)) + return NULL; + + gensec_set_max_update_size(security, max_update_size); + + Py_RETURN_NONE; +} + +static PyObject *py_gensec_max_update_size(PyObject *self, + PyObject *Py_UNUSED(ignored)) +{ + struct gensec_security *security = pytalloc_get_type(self, struct gensec_security); + unsigned int max_update_size = gensec_max_update_size(security); + + return PyLong_FromLong(max_update_size); +} + +static PyObject *py_gensec_update(PyObject *self, PyObject *args) +{ + NTSTATUS status; + TALLOC_CTX *mem_ctx; + DATA_BLOB in, out; + PyObject *py_bytes, *result, *py_in; + struct gensec_security *security = pytalloc_get_type(self, struct gensec_security); + PyObject *finished_processing; + char *data = NULL; + Py_ssize_t len; + int err; + + if (!PyArg_ParseTuple(args, "O", &py_in)) + return NULL; + + mem_ctx = talloc_new(NULL); + if (mem_ctx == NULL) { + return PyErr_NoMemory(); + } + + err = PyBytes_AsStringAndSize(py_in, &data, &len); + if (err) { + talloc_free(mem_ctx); + return NULL; + } + + /* + * Make a copy of the input buffer, as gensec_update may modify its + * input argument. + */ + in = data_blob_talloc(mem_ctx, data, len); + if (!in.data) { + talloc_free(mem_ctx); + return PyErr_NoMemory(); + } + + status = gensec_update(security, mem_ctx, in, &out); + + if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) + && !NT_STATUS_IS_OK(status)) { + PyErr_SetNTSTATUS(status); + talloc_free(mem_ctx); + return NULL; + } + py_bytes = PyBytes_FromStringAndSize((const char *)out.data, + out.length); + talloc_free(mem_ctx); + + if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + finished_processing = Py_False; + } else { + finished_processing = Py_True; + } + + result = PyTuple_Pack(2, finished_processing, py_bytes); + Py_XDECREF(py_bytes); + return result; +} + +static PyObject *py_gensec_wrap(PyObject *self, PyObject *args) +{ + NTSTATUS status; + + TALLOC_CTX *mem_ctx; + DATA_BLOB in, out; + PyObject *ret, *py_in; + struct gensec_security *security = pytalloc_get_type(self, struct gensec_security); + + if (!PyArg_ParseTuple(args, "O", &py_in)) + return NULL; + + mem_ctx = talloc_new(NULL); + if (mem_ctx == NULL) { + return PyErr_NoMemory(); + } + + if (!PyBytes_Check(py_in)) { + talloc_free(mem_ctx); + PyErr_Format(PyExc_TypeError, "bytes expected"); + return NULL; + } + in.data = (uint8_t *)PyBytes_AsString(py_in); + in.length = PyBytes_Size(py_in); + + status = gensec_wrap(security, mem_ctx, &in, &out); + + if (!NT_STATUS_IS_OK(status)) { + PyErr_SetNTSTATUS(status); + talloc_free(mem_ctx); + return NULL; + } + + ret = PyBytes_FromStringAndSize((const char *)out.data, out.length); + talloc_free(mem_ctx); + return ret; +} + + +static PyObject *py_gensec_unwrap(PyObject *self, PyObject *args) +{ + NTSTATUS status; + + TALLOC_CTX *mem_ctx; + DATA_BLOB in, out; + PyObject *ret, *py_in; + struct gensec_security *security = pytalloc_get_type(self, struct gensec_security); + char *data = NULL; + Py_ssize_t len; + int err; + + if (!PyArg_ParseTuple(args, "O", &py_in)) + return NULL; + + mem_ctx = talloc_new(NULL); + if (mem_ctx == NULL) { + return PyErr_NoMemory(); + } + + err = PyBytes_AsStringAndSize(py_in, &data, &len); + if (err) { + talloc_free(mem_ctx); + return NULL; + } + + /* + * Make a copy of the input buffer, as gensec_unwrap may modify its + * input argument. + */ + in = data_blob_talloc(mem_ctx, data, len); + if (!in.data) { + talloc_free(mem_ctx); + return PyErr_NoMemory(); + } + + status = gensec_unwrap(security, mem_ctx, &in, &out); + + if (!NT_STATUS_IS_OK(status)) { + PyErr_SetNTSTATUS(status); + talloc_free(mem_ctx); + return NULL; + } + + ret = PyBytes_FromStringAndSize((const char *)out.data, out.length); + talloc_free(mem_ctx); + return ret; +} + +static PyObject *py_gensec_sig_size(PyObject *self, PyObject *args) +{ + struct gensec_security *security = pytalloc_get_type(self, struct gensec_security); + Py_ssize_t data_size = 0; + size_t sig_size = 0; + + if (!PyArg_ParseTuple(args, "n", &data_size)) { + return NULL; + } + + sig_size = gensec_sig_size(security, data_size); + + return PyLong_FromSize_t(sig_size); +} + +static PyObject *py_gensec_sign_packet(PyObject *self, PyObject *args) +{ + NTSTATUS status; + TALLOC_CTX *mem_ctx = NULL; + Py_ssize_t data_length = 0; + Py_ssize_t pdu_length = 0; + DATA_BLOB data, pdu, sig; + PyObject *py_sig; + struct gensec_security *security = pytalloc_get_type(self, struct gensec_security); + + if (!PyArg_ParseTuple(args, "z#z#", &data.data, &data_length, &pdu.data, &pdu_length)) { + return NULL; + } + data.length = data_length; + pdu.length = pdu_length; + + mem_ctx = talloc_new(NULL); + if (mem_ctx == NULL) { + return PyErr_NoMemory(); + } + + status = gensec_sign_packet(security, mem_ctx, + data.data, data.length, + pdu.data, pdu.length, &sig); + if (!NT_STATUS_IS_OK(status)) { + PyErr_SetNTSTATUS(status); + talloc_free(mem_ctx); + return NULL; + } + + py_sig = PyBytes_FromStringAndSize((const char *)sig.data, sig.length); + talloc_free(mem_ctx); + return py_sig; +} + +static PyObject *py_gensec_check_packet(PyObject *self, PyObject *args) +{ + NTSTATUS status; + Py_ssize_t data_length = 0; + Py_ssize_t pdu_length = 0; + Py_ssize_t sig_length = 0; + DATA_BLOB data, pdu, sig; + struct gensec_security *security = pytalloc_get_type(self, struct gensec_security); + + if (!PyArg_ParseTuple(args, "z#z#z#", + &data.data, &data_length, + &pdu.data, &pdu_length, + &sig.data, &sig_length)) { + return NULL; + } + data.length = data_length; + pdu.length = pdu_length; + sig.length = sig_length; + + status = gensec_check_packet(security, + data.data, data.length, + pdu.data, pdu.length, &sig); + if (!NT_STATUS_IS_OK(status)) { + PyErr_SetNTSTATUS(status); + return NULL; + } + + Py_RETURN_NONE; +} + +static PyMethodDef py_gensec_security_methods[] = { + { "start_client", PY_DISCARD_FUNC_SIG(PyCFunction, + py_gensec_start_client), + METH_VARARGS|METH_KEYWORDS|METH_CLASS, + "S.start_client(settings) -> gensec" }, + { "start_server", PY_DISCARD_FUNC_SIG(PyCFunction, + py_gensec_start_server), + METH_VARARGS|METH_KEYWORDS|METH_CLASS, + "S.start_server(auth_ctx, settings) -> gensec" }, + { "set_credentials", (PyCFunction)py_gensec_set_credentials, METH_VARARGS, + "S.set_credentials(credentials)" }, + { "set_target_hostname", (PyCFunction)py_gensec_set_target_hostname, METH_VARARGS, + "S.set_target_hostname(target_hostname) \n This sets the Kerberos target hostname to obtain a ticket for." }, + { "set_target_service", (PyCFunction)py_gensec_set_target_service, METH_VARARGS, + "S.set_target_service(target_service) \n This sets the Kerberos target service to obtain a ticket for. The default value is 'host'" }, + { "set_target_service_description", (PyCFunction)py_gensec_set_target_service_description, METH_VARARGS, + "S.set_target_service_description(target_service_description) \n This description is set server-side and used in authentication and authorization logs. The default value is that provided to set_target_service() or None."}, + { "session_info", (PyCFunction)py_gensec_session_info, METH_NOARGS, + "S.session_info() -> info" }, + { "session_key", (PyCFunction)py_gensec_session_key, METH_NOARGS, + "S.session_key() -> key" }, + { "start_mech_by_name", (PyCFunction)py_gensec_start_mech_by_name, METH_VARARGS, + "S.start_mech_by_name(name)" }, + { "start_mech_by_sasl_name", (PyCFunction)py_gensec_start_mech_by_sasl_name, METH_VARARGS, + "S.start_mech_by_sasl_name(name)" }, + { "start_mech_by_authtype", (PyCFunction)py_gensec_start_mech_by_authtype, METH_VARARGS, + "S.start_mech_by_authtype(authtype, level)" }, + { "get_name_by_authtype", (PyCFunction)py_get_name_by_authtype, METH_VARARGS, + "S.get_name_by_authtype(authtype) -> name\nLookup an auth type." }, + { "want_feature", (PyCFunction)py_gensec_want_feature, METH_VARARGS, + "S.want_feature(feature)\n Request that GENSEC negotiate a particular feature." }, + { "have_feature", (PyCFunction)py_gensec_have_feature, METH_VARARGS, + "S.have_feature()\n Return True if GENSEC negotiated a particular feature." }, + { "set_max_update_size", (PyCFunction)py_gensec_set_max_update_size, METH_VARARGS, + "S.set_max_update_size(max_size) \n Some mechs can fragment update packets, needs to be use before the mech is started." }, + { "max_update_size", (PyCFunction)py_gensec_max_update_size, METH_NOARGS, + "S.max_update_size() \n Return the current max_update_size." }, + { "update", (PyCFunction)py_gensec_update, METH_VARARGS, + "S.update(blob_in) -> (finished, blob_out)\nPerform one step in a GENSEC dance. Repeat with new packets until finished is true or exception." }, + { "wrap", (PyCFunction)py_gensec_wrap, METH_VARARGS, + "S.wrap(blob_in) -> blob_out\nPackage one clear packet into a wrapped GENSEC packet." }, + { "unwrap", (PyCFunction)py_gensec_unwrap, METH_VARARGS, + "S.unwrap(blob_in) -> blob_out\nPerform one wrapped GENSEC packet into a clear packet." }, + { "sig_size", (PyCFunction)py_gensec_sig_size, METH_VARARGS, + "S.sig_size(data_size) -> sig_size\nSize of the DCERPC packet signature" }, + { "sign_packet", (PyCFunction)py_gensec_sign_packet, METH_VARARGS, + "S.sign_packet(data, whole_pdu) -> sig\nSign a DCERPC packet." }, + { "check_packet", (PyCFunction)py_gensec_check_packet, METH_VARARGS, + "S.check_packet(data, whole_pdu, sig)\nCheck a DCERPC packet." }, + {0} +}; + +static struct PyModuleDef moduledef = { + PyModuleDef_HEAD_INIT, + .m_name = "gensec", + .m_doc = "Generic Security Interface.", + .m_size = -1, +}; + +static PyTypeObject Py_Security = { + .tp_name = "gensec.Security", + .tp_flags = Py_TPFLAGS_DEFAULT, + .tp_methods = py_gensec_security_methods, +}; + +MODULE_INIT_FUNC(gensec) +{ + PyObject *m; + + if (pytalloc_BaseObject_PyType_Ready(&Py_Security) < 0) + return NULL; + + m = PyModule_Create(&moduledef); + if (m == NULL) + return NULL; + + PyModule_AddObject(m, "FEATURE_SESSION_KEY", PyLong_FromLong(GENSEC_FEATURE_SESSION_KEY)); + PyModule_AddObject(m, "FEATURE_SIGN", PyLong_FromLong(GENSEC_FEATURE_SIGN)); + PyModule_AddObject(m, "FEATURE_SEAL", PyLong_FromLong(GENSEC_FEATURE_SEAL)); + PyModule_AddObject(m, "FEATURE_DCE_STYLE", PyLong_FromLong(GENSEC_FEATURE_DCE_STYLE)); + PyModule_AddObject(m, "FEATURE_ASYNC_REPLIES", PyLong_FromLong(GENSEC_FEATURE_ASYNC_REPLIES)); + PyModule_AddObject(m, "FEATURE_DATAGRAM_MODE", PyLong_FromLong(GENSEC_FEATURE_DATAGRAM_MODE)); + PyModule_AddObject(m, "FEATURE_SIGN_PKT_HEADER", PyLong_FromLong(GENSEC_FEATURE_SIGN_PKT_HEADER)); + PyModule_AddObject(m, "FEATURE_NEW_SPNEGO", PyLong_FromLong(GENSEC_FEATURE_NEW_SPNEGO)); + + Py_INCREF(&Py_Security); + PyModule_AddObject(m, "Security", (PyObject *)&Py_Security); + + return m; +} |