/*
Authors:
Jakub Hrozek <jhrozek@redhat.com>
Copyright (C) 2009 Red Hat
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "config.h"
#include <Python.h>
#include <structmember.h>
#include <talloc.h>
#include <pwd.h>
#include <grp.h>
#include "util/sss_python.h"
#include "tools/tools_util.h"
#include "tools/sss_sync_ops.h"
#include "util/crypto/sss_crypto.h"
/*
* function taken from samba sources tree as of Aug 20 2009,
*/
const char *paramname)
{
char **ret;
int i;
for (i = 0; i < PyList_Size(list); i++) {
char *itemstr;
#ifdef IS_PY3K
if (!PyUnicode_Check(item)) {
#else
if (!PyString_Check(item)) {
#endif
return NULL;
}
#ifdef IS_PY3K
#else
#endif
}
return ret;
}
/* ======================= sysdb python wrappers ==========================*/
/*
* The sss.password object
*/
typedef struct {
int lock;
int unlock;
/*
* Error reporting
*/
{
}
{
}
/*
* Common init of all methods
*/
{
return NULL;
}
/* tctx->nctx is NULL here, which is OK since we don't parse domains
* in the python bindings (yet?) */
return NULL;
}
return tctx;
}
/*
* Add a user
*/
"Add a user named ``username``.\n\n"
":param username: name of the user\n\n"
":param kwargs: Keyword arguments that customize the operation\n\n"
"* useradd can be customized further with keyword arguments:\n"
" * ``uid``: The UID of the user\n"
" * ``gid``: The GID of the user\n"
" * ``gecos``: The comment string\n"
" * ``homedir``: Home directory\n"
" * ``shell``: Login shell\n"
" * ``skel``: Specify an alternative skeleton directory\n"
" * ``create_home``: (bool) Force creation of home directory on or off\n"
" * ``groups``: List of groups the user is member of\n");
{
unsigned long uid = 0;
unsigned long gid = 0;
int ret;
"homedir", "shell", "skel",
int create_home = 0;
bool in_transaction = false;
/* parse arguments */
discard_const_p(char, "s|kkssssO!O!"),
discard_const_p(char *, kwlist),
&username,
&uid,
&gid,
&gecos,
&home,
&shell,
&skel,
&py_groups)) {
goto fail;
}
if (!tctx) {
return NULL;
}
return NULL;
}
}
/* user-wise the parameter is only bool - do or don't,
* however we must have a third state - undecided, pick default */
if (py_create_home == Py_True) {
} else if (py_create_home == Py_False) {
}
/* fill in defaults */
skel);
goto fail;
}
/* Add the user within a transaction */
goto fail;
}
in_transaction = true;
/* useradd */
goto fail;
}
goto fail;
}
in_transaction = false;
/* We need to know the UID and GID of the user, if
* sysdb did assign it automatically, do a lookup */
goto fail;
}
}
goto fail;
}
/* failure here should not be fatal */
}
fail:
if (in_transaction) {
/* We do not handle return value of sysdb_transaction_cancel()
* because we don't want to overwrite previous error code.
*/
}
return NULL;
}
/*
* Delete a user
*/
"Remove the user named ``username``.\n\n"
":param username: Name of user being removed\n"
":param kwargs: Keyword arguments that customize the operation\n\n"
"* userdel can be customized further with keyword arguments:\n"
" * ``force``: (bool) Force removal of files not owned by the user\n"
" * ``remove``: (bool) Toggle removing home directory and mail spool\n");
{
int ret;
int remove_home = 0;
discard_const_p(char, "s|O!O!"),
discard_const_p(char *, kwlist),
&username,
&py_force)) {
goto fail;
}
if (!tctx) {
return NULL;
}
}
/*
* Fills in defaults for ops_ctx user did not specify.
*/
goto fail;
}
goto fail;
}
goto fail;
}
}
/* Delete the user */
goto fail;
}
goto fail;
}
}
fail:
return NULL;
}
/*
* Modify a user
*/
"Modify a user.\n\n"
":param username: Name of user being modified\n\n"
":param kwargs: Keyword arguments that customize the operation\n\n"
"* usermod can be customized further with keyword arguments:\n"
" * ``uid``: The UID of the user\n"
" * ``gid``: The GID of the user\n"
" * ``gecos``: The comment string\n"
" * ``homedir``: Home directory\n"
" * ``shell``: Login shell\n"
" * ``addgroups``: List of groups to add the user to\n"
" * ``rmgroups``: List of groups to remove the user from\n"
" * ``lock``: Lock or unlock the account\n");
{
unsigned long uid = 0;
unsigned long gid = 0;
unsigned long lock = 0;
"gecos", "homedir", "shell",
bool in_transaction = false;
/* parse arguments */
discard_const_p(char, "s|kkksssO!O!"),
discard_const_p(char *, kwlist),
&username,
&uid,
&gid,
&lock,
&gecos,
&home,
&shell,
&py_rmgroups)) {
goto fail;
}
if (!tctx) {
return NULL;
}
"Unknown value for lock parameter");
goto fail;
}
if (py_addgroups != Py_None) {
"addgroups");
return NULL;
}
}
if (py_rmgroups != Py_None) {
"rmgroups");
return NULL;
}
}
/* Modify the user within a transaction */
goto fail;
}
in_transaction = true;
/* usermod */
goto fail;
}
goto fail;
}
in_transaction = false;
fail:
if (in_transaction) {
/* We do not handle return value of sysdb_transaction_cancel()
* because we don't want to overwrite previous error code.
*/
}
return NULL;
}
/*
* Add a group
*/
"Add a group.\n\n"
":param groupname: Name of group being added\n\n"
":param kwargs: Keyword arguments ro customize the operation\n\n"
"* groupmod can be customized further with keyword arguments:\n"
" * ``gid``: The GID of the group\n");
{
char *groupname;
unsigned long gid = 0;
bool in_transaction = false;
/* parse arguments */
discard_const_p(char, "s|k"),
discard_const_p(char *, kwlist),
&gid)) {
goto fail;
}
if (!tctx) {
return NULL;
}
/* Add the group within a transaction */
goto fail;
}
in_transaction = true;
/* groupadd */
goto fail;
}
goto fail;
}
in_transaction = false;
fail:
if (in_transaction) {
/* We do not handle return value of sysdb_transaction_cancel()
* because we don't want to overwrite previous error code.
*/
}
return NULL;
}
/*
* Delete a group
*/
"Remove a group.\n\n"
":param groupname: Name of group being removed\n");
{
int ret;
goto fail;
}
if (!tctx) {
return NULL;
}
/* Remove the group */
goto fail;
}
fail:
return NULL;
}
/*
* Modify a group
*/
"Modify a group.\n\n"
":param groupname: Name of group being modified\n\n"
":param kwargs: Keyword arguments ro customize the operation\n\n"
"* groupmod can be customized further with keyword arguments:\n"
" * ``gid``: The GID of the group\n\n"
" * ``addgroups``: Groups to add the group to\n\n"
" * ``rmgroups``: Groups to remove the group from\n\n");
{
unsigned long gid = 0;
"rmgroups", NULL };
bool in_transaction = false;
/* parse arguments */
discard_const_p(char, "s|kO!O!"),
discard_const_p(char *, kwlist),
&gid,
&py_rmgroups)) {
goto fail;
}
if (!tctx) {
return NULL;
}
if (py_addgroups != Py_None) {
"addgroups");
return NULL;
}
}
if (py_rmgroups != Py_None) {
"rmgroups");
return NULL;
}
}
/* Modify the group within a transaction */
goto fail;
}
in_transaction = true;
/* groupmod */
goto fail;
}
goto fail;
}
in_transaction = false;
fail:
if (in_transaction) {
/* We do not handle return value of sysdb_transaction_cancel()
* because we don't want to overwrite previous error code.
*/
}
return NULL;
}
/*
* Get list of groups user belongs to
*/
"Get list of groups user belongs to.\n\n"
"NOTE: The interface uses the system NSS calls and is not limited to "
"users served by the SSSD!\n"
":param username: name of user to get list for\n");
{
int ngroups;
int ret;
goto fail;
}
goto fail;
}
ngroups = 32;
goto fail;
}
do {
if (tmp_groups == NULL) {
goto fail;
}
groups = tmp_groups;
}
if (groups_tuple == NULL) {
goto fail;
}
/* Populate a tuple with names of groups
* In unlikely case of group not being able to resolve, skip it
* We also need to resize resulting tuple to avoid empty elements there */
idx = 0;
for (i = 0; i < ngroups; i++) {
if (gr) {
#ifdef IS_PY3K
#else
#endif
);
idx++;
}
}
if (i != idx) {
}
return groups_tuple;
fail:
return NULL;
}
/*** python plumbing begins here ***/
/*
* The sss.local destructor
*/
{
}
/*
* The sss.local constructor
*/
{
char *confdb_path;
int ret;
return NULL;
}
return NULL;
}
if (confdb_path == NULL) {
goto fail;
}
/* Connect to the conf db */
"Could not initialize connection to the confdb\n");
goto fail;
}
"Could not initialize connection to the sysdb\n");
goto fail;
}
fail:
return NULL;
}
/*
* sss.local object methods
*/
},
},
},
},
},
},
};
};
/*
* sss.local object properties
*/
.tp_basicsize = sizeof(PySssLocalObject),
};
/* ==================== obfuscation python wrappers ========================*/
/*
* The sss.local object
*/
typedef struct {
int aes_256;
"Obfuscate a password\n\n"
":param password: The password to obfuscate\n\n"
":param method: The obfuscation method\n\n");
{
int ret;
int mode;
/* parse arguments */
return NULL;
}
if (!tctx) {
return NULL;
}
goto fail;
}
goto fail;
}
fail:
return retval;
}
#if 0
"Deobfuscate a password\n\n"
":param obfpwd: The password to convert back to clear text\n\n");
{
int ret;
/* parse arguments */
&obfpwd)) {
return NULL;
}
if (!tctx) {
return NULL;
}
goto fail;
}
goto fail;
}
fail:
return retval;
}
#endif
/*
* The sss.password destructor
*/
{
}
/*
* The sss.password constructor
*/
{
return NULL;
}
}
/*
* sss.password object methods
*/
},
#if 0
},
#endif
};
/*
* sss.password object members
*/
};
/*
* sss.password object properties
*/
.tp_basicsize = sizeof(PySssPasswordObject),
};
/* ==================== the sss module initialization =======================*/
/*
* Module methods
*/
};
/*
* Module initialization
*/
#ifdef IS_PY3K
"pysss",
NULL,
-1,
NULL,
NULL,
NULL,
};
PyInit_pysss(void)
#else
initpysss(void)
#endif
{
PyObject *m;
if (PyType_Ready(&pysss_local_type) < 0)
if (PyType_Ready(&pysss_password_type) < 0)
#ifdef IS_PY3K
m = PyModule_Create(&pysssdef);
#else
#endif
if (m == NULL)
#ifdef IS_PY3K
return m;
#endif
}