[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Wed Jan 4 14:32:01 MST 2012
The branch, master has been updated
via 1b45f2a s4:pyrpc: add 'user_session_key' getter to the connection object
via 9465b9c s4:pygensec/tests: check that the client and server have the same session key
via 1d4cc2a s4:pygensec: add session_key() method
from 6ee6283 LDAP-CLDAP: demonstrate that pdc name is not an unc path
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 1b45f2aed86dda9fda6e6bcf1c9c7cbdc471c18d
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 16 10:55:46 2011 +0100
s4:pyrpc: add 'user_session_key' getter to the connection object
This gets the session key from gensec for usage in DRSUAPI.
metze
Autobuild-User: Stefan Metzmacher <metze at samba.org>
Autobuild-Date: Wed Jan 4 22:31:52 CET 2012 on sn-devel-104
commit 9465b9ce6f26d5db0477110a59da1a9306567d7b
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jan 4 20:49:08 2012 +0100
s4:pygensec/tests: check that the client and server have the same session key
metze
commit 1d4cc2a64f6c4df84ee708888e0dd587c0987972
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 16 10:37:51 2011 +0100
s4:pygensec: add session_key() method
metze
-----------------------------------------------------------------------
Summary of changes:
source4/auth/gensec/pygensec.c | 29 +++++++++++++++
source4/librpc/rpc/pyrpc.c | 44 ++++++++++++++++++++++++
source4/librpc/wscript_build | 2 +-
source4/scripting/python/samba/tests/gensec.py | 5 ++-
4 files changed, 78 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/pygensec.c
index 858cbe9..a683daf 100644
--- a/source4/auth/gensec/pygensec.c
+++ b/source4/auth/gensec/pygensec.c
@@ -264,6 +264,33 @@ static PyObject *py_gensec_session_info(PyObject *self)
return py_session_info;
}
+static PyObject *py_gensec_session_key(PyObject *self)
+{
+ TALLOC_CTX *mem_ctx;
+ NTSTATUS status;
+ struct gensec_security *security = pytalloc_get_type(self, struct gensec_security);
+ DATA_BLOB session_key = data_blob_null;
+ static PyObject *session_key_obj = NULL;
+
+ if (security->ops == NULL) {
+ PyErr_SetString(PyExc_RuntimeError, "no mechanism selected");
+ return NULL;
+ }
+ mem_ctx = talloc_new(NULL);
+
+ status = gensec_session_key(security, mem_ctx, &session_key);
+ if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(mem_ctx);
+ PyErr_SetNTSTATUS(status);
+ return NULL;
+ }
+
+ session_key_obj = PyString_FromStringAndSize((const char *)session_key.data,
+ session_key.length);
+ talloc_free(mem_ctx);
+ return session_key_obj;
+}
+
static PyObject *py_gensec_start_mech_by_name(PyObject *self, PyObject *args)
{
char *name;
@@ -472,6 +499,8 @@ static PyMethodDef py_gensec_security_methods[] = {
"S.start_client(credentials)" },
{ "session_info", (PyCFunction)py_gensec_session_info, METH_NOARGS,
"S.session_info() -> info" },
+ { "session_key", (PyCFunction)py_gensec_session_key, METH_NOARGS,
+ "S.session_key() -> key" },
{ "start_mech_by_name", (PyCFunction)py_gensec_start_mech_by_name, METH_VARARGS,
"S.start_mech_by_name(name)" },
{ "start_mech_by_sasl_name", (PyCFunction)py_gensec_start_mech_by_sasl_name, METH_VARARGS,
diff --git a/source4/librpc/rpc/pyrpc.c b/source4/librpc/rpc/pyrpc.c
index 7aa5ff5..23961e7 100644
--- a/source4/librpc/rpc/pyrpc.c
+++ b/source4/librpc/rpc/pyrpc.c
@@ -26,6 +26,7 @@
#include "librpc/rpc/dcerpc.h"
#include "librpc/rpc/pyrpc_util.h"
#include "auth/credentials/pycredentials.h"
+#include "auth/gensec/gensec.h"
void initbase(void);
@@ -128,6 +129,47 @@ static PyObject *py_iface_session_key(PyObject *obj, void *closure)
return PyString_FromStringAndSize((const char *)session_key.data, session_key.length);
}
+static PyObject *py_iface_user_session_key(PyObject *obj, void *closure)
+{
+ dcerpc_InterfaceObject *iface = (dcerpc_InterfaceObject *)obj;
+ TALLOC_CTX *mem_ctx;
+ NTSTATUS status;
+ struct gensec_security *security = NULL;
+ DATA_BLOB session_key = data_blob_null;
+ static PyObject *session_key_obj = NULL;
+
+ if (iface->pipe == NULL) {
+ PyErr_SetNTSTATUS(NT_STATUS_NO_USER_SESSION_KEY);
+ return NULL;
+ }
+
+ if (iface->pipe->conn == NULL) {
+ PyErr_SetNTSTATUS(NT_STATUS_NO_USER_SESSION_KEY);
+ return NULL;
+ }
+
+ if (iface->pipe->conn->security_state.generic_state == NULL) {
+ PyErr_SetNTSTATUS(NT_STATUS_NO_USER_SESSION_KEY);
+ return NULL;
+ }
+
+ security = iface->pipe->conn->security_state.generic_state;
+
+ mem_ctx = talloc_new(NULL);
+
+ status = gensec_session_key(security, mem_ctx, &session_key);
+ if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(mem_ctx);
+ PyErr_SetNTSTATUS(status);
+ return NULL;
+ }
+
+ session_key_obj = PyString_FromStringAndSize((const char *)session_key.data,
+ session_key.length);
+ talloc_free(mem_ctx);
+ return session_key_obj;
+}
+
static PyGetSetDef dcerpc_interface_getsetters[] = {
{ discard_const_p(char, "server_name"), py_iface_server_name, NULL,
discard_const_p(char, "name of the server, if connected over SMB") },
@@ -137,6 +179,8 @@ static PyGetSetDef dcerpc_interface_getsetters[] = {
discard_const_p(char, "syntax id of the transfersyntax") },
{ discard_const_p(char, "session_key"), py_iface_session_key, NULL,
discard_const_p(char, "session key (as used for blob encryption on LSA and SAMR)") },
+ { discard_const_p(char, "user_session_key"), py_iface_user_session_key, NULL,
+ discard_const_p(char, "user_session key (as used for blob encryption on DRSUAPI)") },
{ NULL }
};
diff --git a/source4/librpc/wscript_build b/source4/librpc/wscript_build
index cb4c530..bf36d1d 100755
--- a/source4/librpc/wscript_build
+++ b/source4/librpc/wscript_build
@@ -165,7 +165,7 @@ bld.SAMBA_SUBSYSTEM('pyrpc_util',
bld.SAMBA_PYTHON('python_dcerpc',
source='rpc/pyrpc.c',
- public_deps='LIBCLI_SMB samba-util samba-hostconfig dcerpc-samr RPC_NDR_LSA DYNCONFIG pyrpc_util',
+ public_deps='LIBCLI_SMB samba-util samba-hostconfig dcerpc-samr RPC_NDR_LSA DYNCONFIG pyrpc_util gensec',
realname='samba/dcerpc/base.so'
)
diff --git a/source4/scripting/python/samba/tests/gensec.py b/source4/scripting/python/samba/tests/gensec.py
index 53e2292..ab38d18 100644
--- a/source4/scripting/python/samba/tests/gensec.py
+++ b/source4/scripting/python/samba/tests/gensec.py
@@ -88,4 +88,7 @@ class GensecTests(samba.tests.TestCase):
test_wrapped = self.gensec_server.wrap(test_string)
test_unwrapped = self.gensec_client.unwrap(test_wrapped)
self.assertEqual(test_string, test_unwrapped)
-
+
+ client_session_key = self.gensec_client.session_key()
+ server_session_key = self.gensec_server.session_key()
+ self.assertEqual(client_session_key, server_session_key)
--
Samba Shared Repository
More information about the samba-cvs
mailing list