diff options
author | Andreas Schneider <asn@samba.org> | 2020-06-03 11:56:01 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2020-08-19 16:22:40 +0000 |
commit | 098774b2441679ef77d5eb29d638d07f7987c7c3 (patch) | |
tree | 8134d492b555a891d125c7726e5e7c7758cc4efd | |
parent | 58e0abc58f77fdfc8cee3616eac44ed6c0c0523f (diff) | |
download | samba-098774b2441679ef77d5eb29d638d07f7987c7c3.tar.gz |
auth:creds: Add python bindings for (get|set)_smb_signing
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r-- | auth/credentials/pycredentials.c | 63 | ||||
-rw-r--r-- | python/samba/tests/credentials.py | 6 |
2 files changed, 69 insertions, 0 deletions
diff --git a/auth/credentials/pycredentials.c b/auth/credentials/pycredentials.c index 68edc282741..846c418419f 100644 --- a/auth/credentials/pycredentials.c +++ b/auth/credentials/pycredentials.c @@ -34,6 +34,7 @@ #include "auth/credentials/credentials_internal.h" #include "system/kerberos.h" #include "auth/kerberos/kerberos.h" +#include "libcli/smb/smb_constants.h" void initcredentials(void); @@ -929,6 +930,52 @@ static PyObject *py_creds_encrypt_netr_crypt_password(PyObject *self, Py_RETURN_NONE; } +static PyObject *py_creds_get_smb_signing(PyObject *self, PyObject *unused) +{ + enum smb_signing_setting signing_state; + struct cli_credentials *creds = NULL; + + creds = PyCredentials_AsCliCredentials(self); + if (creds == NULL) { + PyErr_Format(PyExc_TypeError, "Credentials expected"); + return NULL; + } + + signing_state = cli_credentials_get_smb_signing(creds); + return PyLong_FromLong(signing_state); +} + +static PyObject *py_creds_set_smb_signing(PyObject *self, PyObject *args) +{ + enum smb_signing_setting signing_state; + struct cli_credentials *creds = NULL; + enum credentials_obtained obt = CRED_SPECIFIED; + + creds = PyCredentials_AsCliCredentials(self); + if (creds == NULL) { + PyErr_Format(PyExc_TypeError, "Credentials expected"); + return NULL; + } + if (!PyArg_ParseTuple(args, "i|i", &signing_state, &obt)) { + return NULL; + } + + switch (signing_state) { + case SMB_SIGNING_DEFAULT: + case SMB_SIGNING_OFF: + case SMB_SIGNING_IF_REQUIRED: + case SMB_SIGNING_DESIRED: + case SMB_SIGNING_REQUIRED: + break; + default: + PyErr_Format(PyExc_TypeError, "Invalid signing state value"); + return NULL; + } + + cli_credentials_set_smb_signing(creds, signing_state, obt); + Py_RETURN_NONE; +} + static PyMethodDef py_creds_methods[] = { { .ml_name = "get_username", @@ -1209,6 +1256,16 @@ static PyMethodDef py_creds_methods[] = { "Encrypt the supplied password using the session key and\n" "the negotiated encryption algorithm in place\n" "i.e. it overwrites the original data"}, + { + .ml_name = "get_smb_signing", + .ml_meth = py_creds_get_smb_signing, + .ml_flags = METH_NOARGS, + }, + { + .ml_name = "set_smb_signing", + .ml_meth = py_creds_set_smb_signing, + .ml_flags = METH_VARARGS, + }, { .ml_name = NULL } }; @@ -1295,6 +1352,12 @@ MODULE_INIT_FUNC(credentials) PyModule_AddObject(m, "CLI_CRED_NTLM_AUTH", PyLong_FromLong(CLI_CRED_NTLM_AUTH)); PyModule_AddObject(m, "CLI_CRED_CLEAR_AUTH", PyLong_FromLong(CLI_CRED_CLEAR_AUTH)); + PyModule_AddObject(m, "SMB_SIGNING_DEFAULT", PyLong_FromLong(SMB_SIGNING_DEFAULT)); + PyModule_AddObject(m, "SMB_SIGNING_OFF", PyLong_FromLong(SMB_SIGNING_OFF)); + PyModule_AddObject(m, "SMB_SIGNING_IF_REQUIRED", PyLong_FromLong(SMB_SIGNING_IF_REQUIRED)); + PyModule_AddObject(m, "SMB_SIGNING_DESIRED", PyLong_FromLong(SMB_SIGNING_DESIRED)); + PyModule_AddObject(m, "SMB_SIGNING_REQUIRED", PyLong_FromLong(SMB_SIGNING_REQUIRED)); + Py_INCREF(&PyCredentials); PyModule_AddObject(m, "Credentials", (PyObject *)&PyCredentials); Py_INCREF(&PyCredentialCacheContainer); diff --git a/python/samba/tests/credentials.py b/python/samba/tests/credentials.py index 3dac57651a3..0ddb0867a81 100644 --- a/python/samba/tests/credentials.py +++ b/python/samba/tests/credentials.py @@ -448,3 +448,9 @@ class CredentialsTests(samba.tests.TestCaseInTempDir): self.assertEqual(creds.get_principal(), "user@samba.org") self.assertEqual(creds.is_anonymous(), False) self.assertEqual(creds.authentication_requested(), True) + + def test_smb_signing(self): + creds = credentials.Credentials() + self.assertEqual(creds.get_smb_signing(), credentials.SMB_SIGNING_DEFAULT) + creds.set_smb_signing(credentials.SMB_SIGNING_REQUIRED) + self.assertEqual(creds.get_smb_signing(), credentials.SMB_SIGNING_REQUIRED) |