[SCM] Samba Shared Repository - branch master updated

Stefan Metzmacher metze at samba.org
Wed Jan 4 14:32:01 MST 2012 

The branch, master has been updated
       via  1b45f2a s4:pyrpc: add 'user_session_key' getter to the connection object
       via  9465b9c s4:pygensec/tests: check that the client and server have the same session key
       via  1d4cc2a s4:pygensec: add session_key() method
      from  6ee6283 LDAP-CLDAP: demonstrate that pdc name is not an unc path

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 1b45f2aed86dda9fda6e6bcf1c9c7cbdc471c18d
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Dec 16 10:55:46 2011 +0100

    s4:pyrpc: add 'user_session_key' getter to the connection object
    
    This gets the session key from gensec for usage in DRSUAPI.
    
    metze
    
    Autobuild-User: Stefan Metzmacher <metze at samba.org>
    Autobuild-Date: Wed Jan  4 22:31:52 CET 2012 on sn-devel-104

commit 9465b9ce6f26d5db0477110a59da1a9306567d7b
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Jan 4 20:49:08 2012 +0100

    s4:pygensec/tests: check that the client and server have the same session key
    
    metze

commit 1d4cc2a64f6c4df84ee708888e0dd587c0987972
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Dec 16 10:37:51 2011 +0100

    s4:pygensec: add session_key() method
    
    metze

-----------------------------------------------------------------------

Summary of changes:
 source4/auth/gensec/pygensec.c                 |   29 +++++++++++++++
 source4/librpc/rpc/pyrpc.c                     |   44 ++++++++++++++++++++++++
 source4/librpc/wscript_build                   |    2 +-
 source4/scripting/python/samba/tests/gensec.py |    5 ++-
 4 files changed, 78 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/pygensec.c
index 858cbe9..a683daf 100644
--- a/source4/auth/gensec/pygensec.c
+++ b/source4/auth/gensec/pygensec.c
@@ -264,6 +264,33 @@ static PyObject *py_gensec_session_info(PyObject *self)
 	return py_session_info;
 }
 
+static PyObject *py_gensec_session_key(PyObject *self)
+{
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+	struct gensec_security *security = pytalloc_get_type(self, struct gensec_security);
+	DATA_BLOB session_key = data_blob_null;
+	static PyObject *session_key_obj = NULL;
+
+	if (security->ops == NULL) {
+		PyErr_SetString(PyExc_RuntimeError, "no mechanism selected");
+		return NULL;
+	}
+	mem_ctx = talloc_new(NULL);
+
+	status = gensec_session_key(security, mem_ctx, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		PyErr_SetNTSTATUS(status);
+		return NULL;
+	}
+
+	session_key_obj = PyString_FromStringAndSize((const char *)session_key.data,
+						     session_key.length);
+	talloc_free(mem_ctx);
+	return session_key_obj;
+}
+
 static PyObject *py_gensec_start_mech_by_name(PyObject *self, PyObject *args)
 {
 	char *name;
@@ -472,6 +499,8 @@ static PyMethodDef py_gensec_security_methods[] = {
 		"S.start_client(credentials)" },
 	{ "session_info", (PyCFunction)py_gensec_session_info, METH_NOARGS,
 	        "S.session_info() -> info" },
+	{ "session_key", (PyCFunction)py_gensec_session_key, METH_NOARGS,
+	        "S.session_key() -> key" },
 	{ "start_mech_by_name", (PyCFunction)py_gensec_start_mech_by_name, METH_VARARGS,
         "S.start_mech_by_name(name)" },
 	{ "start_mech_by_sasl_name", (PyCFunction)py_gensec_start_mech_by_sasl_name, METH_VARARGS,
diff --git a/source4/librpc/rpc/pyrpc.c b/source4/librpc/rpc/pyrpc.c
index 7aa5ff5..23961e7 100644
--- a/source4/librpc/rpc/pyrpc.c
+++ b/source4/librpc/rpc/pyrpc.c
@@ -26,6 +26,7 @@
 #include "librpc/rpc/dcerpc.h"
 #include "librpc/rpc/pyrpc_util.h"
 #include "auth/credentials/pycredentials.h"
+#include "auth/gensec/gensec.h"
 
 void initbase(void);
 
@@ -128,6 +129,47 @@ static PyObject *py_iface_session_key(PyObject *obj, void *closure)
 	return PyString_FromStringAndSize((const char *)session_key.data, session_key.length);
 }
 
+static PyObject *py_iface_user_session_key(PyObject *obj, void *closure)
+{
+	dcerpc_InterfaceObject *iface = (dcerpc_InterfaceObject *)obj;
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+	struct gensec_security *security = NULL;
+	DATA_BLOB session_key = data_blob_null;
+	static PyObject *session_key_obj = NULL;
+
+	if (iface->pipe == NULL) {
+		PyErr_SetNTSTATUS(NT_STATUS_NO_USER_SESSION_KEY);
+		return NULL;
+	}
+
+	if (iface->pipe->conn == NULL) {
+		PyErr_SetNTSTATUS(NT_STATUS_NO_USER_SESSION_KEY);
+		return NULL;
+	}
+
+	if (iface->pipe->conn->security_state.generic_state == NULL) {
+		PyErr_SetNTSTATUS(NT_STATUS_NO_USER_SESSION_KEY);
+		return NULL;
+	}
+
+	security = iface->pipe->conn->security_state.generic_state;
+
+	mem_ctx = talloc_new(NULL);
+
+	status = gensec_session_key(security, mem_ctx, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(mem_ctx);
+		PyErr_SetNTSTATUS(status);
+		return NULL;
+	}
+
+	session_key_obj = PyString_FromStringAndSize((const char *)session_key.data,
+						     session_key.length);
+	talloc_free(mem_ctx);
+	return session_key_obj;
+}
+
 static PyGetSetDef dcerpc_interface_getsetters[] = {
 	{ discard_const_p(char, "server_name"), py_iface_server_name, NULL,
 	  discard_const_p(char, "name of the server, if connected over SMB") },
@@ -137,6 +179,8 @@ static PyGetSetDef dcerpc_interface_getsetters[] = {
  	  discard_const_p(char, "syntax id of the transfersyntax") },
 	{ discard_const_p(char, "session_key"), py_iface_session_key, NULL,
 	  discard_const_p(char, "session key (as used for blob encryption on LSA and SAMR)") },
+	{ discard_const_p(char, "user_session_key"), py_iface_user_session_key, NULL,
+	  discard_const_p(char, "user_session key (as used for blob encryption on DRSUAPI)") },
 	{ NULL }
 };
 
diff --git a/source4/librpc/wscript_build b/source4/librpc/wscript_build
index cb4c530..bf36d1d 100755
--- a/source4/librpc/wscript_build
+++ b/source4/librpc/wscript_build
@@ -165,7 +165,7 @@ bld.SAMBA_SUBSYSTEM('pyrpc_util',
 
 bld.SAMBA_PYTHON('python_dcerpc',
 	source='rpc/pyrpc.c',
-	public_deps='LIBCLI_SMB samba-util samba-hostconfig dcerpc-samr RPC_NDR_LSA DYNCONFIG pyrpc_util',
+	public_deps='LIBCLI_SMB samba-util samba-hostconfig dcerpc-samr RPC_NDR_LSA DYNCONFIG pyrpc_util gensec',
 	realname='samba/dcerpc/base.so'
 	)
 
diff --git a/source4/scripting/python/samba/tests/gensec.py b/source4/scripting/python/samba/tests/gensec.py
index 53e2292..ab38d18 100644
--- a/source4/scripting/python/samba/tests/gensec.py
+++ b/source4/scripting/python/samba/tests/gensec.py
@@ -88,4 +88,7 @@ class GensecTests(samba.tests.TestCase):
         test_wrapped = self.gensec_server.wrap(test_string)
         test_unwrapped = self.gensec_client.unwrap(test_wrapped)
         self.assertEqual(test_string, test_unwrapped)
-        
+
+        client_session_key = self.gensec_client.session_key()
+        server_session_key = self.gensec_server.session_key()
+        self.assertEqual(client_session_key, server_session_key)


-- 
Samba Shared Repository

More information about the samba-cvs mailing list