summaryrefslogtreecommitdiff
path: root/libgpo
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2017-10-24 16:40:02 +1300
committerGarming Sam <garming@samba.org>2017-11-20 21:41:15 +0100
commit0da76af16c6707c82762f029938be83c4ac5cd29 (patch)
tree3751c3514922cfff389d8291deb2cc28685591a5 /libgpo
parent3bc0c1f8ee414454091642eb92238461c083903c (diff)
downloadsamba-0da76af16c6707c82762f029938be83c4ac5cd29.tar.gz
python: Use py_check_dcerpc_type() to safely check for credentials
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Diffstat (limited to 'libgpo')
-rw-r--r--libgpo/pygpo.c17
-rw-r--r--libgpo/wscript_build3
2 files changed, 16 insertions, 4 deletions
diff --git a/libgpo/pygpo.c b/libgpo/pygpo.c
index 757c713b027..09e03af9650 100644
--- a/libgpo/pygpo.c
+++ b/libgpo/pygpo.c
@@ -24,6 +24,7 @@
#include "ads.h"
#include "secrets.h"
#include "../libds/common/flags.h"
+#include "librpc/rpc/pyrpc_util.h"
#include "auth/credentials/pycredentials.h"
#include "libcli/util/pyerrors.h"
@@ -196,17 +197,27 @@ static int py_ads_init(ADS *self, PyObject *args, PyObject *kwds)
const char *realm = NULL;
const char *workgroup = NULL;
const char *ldap_server = NULL;
- PyObject *creds = NULL;
+ PyObject *py_creds = NULL;
PyObject *lp_obj = NULL;
struct loadparm_context *lp_ctx = NULL;
static const char *kwlist[] = {"ldap_server", "loadparm_context", "credentials", NULL};
- if (!PyArg_ParseTupleAndKeywords(args, kwds, "sO|O", discard_const_p(char *, kwlist), &ldap_server, &lp_obj, &creds))
+ if (!PyArg_ParseTupleAndKeywords(args, kwds, "sO|O", discard_const_p(char *, kwlist), &ldap_server, &lp_obj, &py_creds))
return -1;
self->frame = talloc_stackframe();
- if (creds) self->cli_creds = pytalloc_get_type(creds, struct cli_credentials);
+ if (py_creds) {
+ if (!py_check_dcerpc_type(py_creds, "samba.credentials",
+ "Credentials")) {
+ PyErr_Format(PyExc_TypeError,
+ "Expected samba.credentaials "
+ "for credentials argument");
+ return -1;
+ }
+ self->cli_creds
+ = PyCredentials_AsCliCredentials(py_creds);
+ }
if (lp_obj) {
lp_ctx = pytalloc_get_type(lp_obj, struct loadparm_context);
diff --git a/libgpo/wscript_build b/libgpo/wscript_build
index 7d1d32628f0..2ef66f7fa9d 100644
--- a/libgpo/wscript_build
+++ b/libgpo/wscript_build
@@ -8,5 +8,6 @@ bld.SAMBA3_LIBRARY('gpext',
private_library=True)
bld.SAMBA3_PYTHON('python_samba_libgpo', 'pygpo.c',
- deps='pyparam_util gpext talloc ads TOKEN_UTIL auth',
+ deps='''pyparam_util gpext talloc ads TOKEN_UTIL
+ auth pyrpc_util''',
realname='samba/gpo.so')