auth:creds: Add python bindings for (get|set)_smb_signing

Signed-off-by: Andreas Schneider <[email protected]> Reviewed-by: Stefan Metzmacher <[email protected]>
httpstorm · Aug 19, 2020 · 098774b · 098774b
1 parent 58e0abc
commit 098774b
Show file tree

Hide file tree

Showing 2 changed files with 69 additions and 0 deletions.
diff --git a/auth/credentials/pycredentials.c b/auth/credentials/pycredentials.c
@@ -34,6 +34,7 @@
 #include "auth/credentials/credentials_internal.h"
 #include "system/kerberos.h"
 #include "auth/kerberos/kerberos.h"
+#include "libcli/smb/smb_constants.h"
 
 void initcredentials(void);
 
@@ -929,6 +930,52 @@ static PyObject *py_creds_encrypt_netr_crypt_password(PyObject *self,
 	Py_RETURN_NONE;
 }
 
+static PyObject *py_creds_get_smb_signing(PyObject *self, PyObject *unused)
+{
+	enum smb_signing_setting signing_state;
+	struct cli_credentials *creds = NULL;
+
+	creds = PyCredentials_AsCliCredentials(self);
+	if (creds == NULL) {
+		PyErr_Format(PyExc_TypeError, "Credentials expected");
+		return NULL;
+	}
+
+	signing_state = cli_credentials_get_smb_signing(creds);
+	return PyLong_FromLong(signing_state);
+}
+
+static PyObject *py_creds_set_smb_signing(PyObject *self, PyObject *args)
+{
+	enum smb_signing_setting signing_state;
+	struct cli_credentials *creds = NULL;
+	enum credentials_obtained obt = CRED_SPECIFIED;
+
+	creds = PyCredentials_AsCliCredentials(self);
+	if (creds == NULL) {
+		PyErr_Format(PyExc_TypeError, "Credentials expected");
+		return NULL;
+	}
+	if (!PyArg_ParseTuple(args, "i|i", &signing_state, &obt)) {
+		return NULL;
+	}
+
+	switch (signing_state) {
+	case SMB_SIGNING_DEFAULT:
+	case SMB_SIGNING_OFF:
+	case SMB_SIGNING_IF_REQUIRED:
+	case SMB_SIGNING_DESIRED:
+	case SMB_SIGNING_REQUIRED:
+		break;
+	default:
+		PyErr_Format(PyExc_TypeError, "Invalid signing state value");
+		return NULL;
+	}
+
+	cli_credentials_set_smb_signing(creds, signing_state, obt);
+	Py_RETURN_NONE;
+}
+
 static PyMethodDef py_creds_methods[] = {
 	{
 		.ml_name  = "get_username",
@@ -1209,6 +1256,16 @@ static PyMethodDef py_creds_methods[] = {
 			    "Encrypt the supplied password using the session key and\n"
 			    "the negotiated encryption algorithm in place\n"
 			    "i.e. it overwrites the original data"},
+	{
+		.ml_name  = "get_smb_signing",
+		.ml_meth  = py_creds_get_smb_signing,
+		.ml_flags = METH_NOARGS,
+	},
+	{
+		.ml_name  = "set_smb_signing",
+		.ml_meth  = py_creds_set_smb_signing,
+		.ml_flags = METH_VARARGS,
+	},
 	{ .ml_name = NULL }
 };
 
@@ -1295,6 +1352,12 @@ MODULE_INIT_FUNC(credentials)
 	PyModule_AddObject(m, "CLI_CRED_NTLM_AUTH", PyLong_FromLong(CLI_CRED_NTLM_AUTH));
 	PyModule_AddObject(m, "CLI_CRED_CLEAR_AUTH", PyLong_FromLong(CLI_CRED_CLEAR_AUTH));
 
+	PyModule_AddObject(m, "SMB_SIGNING_DEFAULT", PyLong_FromLong(SMB_SIGNING_DEFAULT));
+	PyModule_AddObject(m, "SMB_SIGNING_OFF", PyLong_FromLong(SMB_SIGNING_OFF));
+	PyModule_AddObject(m, "SMB_SIGNING_IF_REQUIRED", PyLong_FromLong(SMB_SIGNING_IF_REQUIRED));
+	PyModule_AddObject(m, "SMB_SIGNING_DESIRED", PyLong_FromLong(SMB_SIGNING_DESIRED));
+	PyModule_AddObject(m, "SMB_SIGNING_REQUIRED", PyLong_FromLong(SMB_SIGNING_REQUIRED));
+
 	Py_INCREF(&PyCredentials);
 	PyModule_AddObject(m, "Credentials", (PyObject *)&PyCredentials);
 	Py_INCREF(&PyCredentialCacheContainer);

diff --git a/python/samba/tests/credentials.py b/python/samba/tests/credentials.py
@@ -448,3 +448,9 @@ def test_parse_username_with_realm_pw(self):
         self.assertEqual(creds.get_principal(), "[email protected]")
         self.assertEqual(creds.is_anonymous(), False)
         self.assertEqual(creds.authentication_requested(), True)
+
+    def test_smb_signing(self):
+        creds = credentials.Credentials()
+        self.assertEqual(creds.get_smb_signing(), credentials.SMB_SIGNING_DEFAULT)
+        creds.set_smb_signing(credentials.SMB_SIGNING_REQUIRED)
+        self.assertEqual(creds.get_smb_signing(), credentials.SMB_SIGNING_REQUIRED)