From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 24 Oct 2017 03:40:02 +0000 (+1300)
Subject: python: Use py_check_dcerpc_type() to safely check for credentials
X-Git-Tag: talloc-2.1.11~443
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0da76af16c6707c82762f029938be83c4ac5cd29;p=thirdparty%2Fsamba.git

python: Use py_check_dcerpc_type() to safely check for credentials

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
---

diff --git a/libgpo/pygpo.c b/libgpo/pygpo.c
index 757c713b027..09e03af9650 100644
--- a/libgpo/pygpo.c
+++ b/libgpo/pygpo.c
@@ -24,6 +24,7 @@
 #include "ads.h"
 #include "secrets.h"
 #include "../libds/common/flags.h"
+#include "librpc/rpc/pyrpc_util.h"
 #include "auth/credentials/pycredentials.h"
 #include "libcli/util/pyerrors.h"
 
@@ -196,17 +197,27 @@ static int py_ads_init(ADS *self, PyObject *args, PyObject *kwds)
 	const char *realm = NULL;
 	const char *workgroup = NULL;
 	const char *ldap_server = NULL;
-	PyObject *creds = NULL;
+	PyObject *py_creds = NULL;
 	PyObject *lp_obj = NULL;
 	struct loadparm_context *lp_ctx = NULL;
 
 	static const char *kwlist[] = {"ldap_server", "loadparm_context", "credentials", NULL};
-	if (!PyArg_ParseTupleAndKeywords(args, kwds, "sO|O", discard_const_p(char *, kwlist), &ldap_server, &lp_obj, &creds))
+	if (!PyArg_ParseTupleAndKeywords(args, kwds, "sO|O", discard_const_p(char *, kwlist), &ldap_server, &lp_obj, &py_creds))
 		return -1;
 
 	self->frame = talloc_stackframe();
 
-	if (creds) self->cli_creds = pytalloc_get_type(creds, struct cli_credentials);
+	if (py_creds) {
+		if (!py_check_dcerpc_type(py_creds, "samba.credentials",
+					  "Credentials")) {
+			PyErr_Format(PyExc_TypeError,
+				     "Expected samba.credentaials "
+				     "for credentials argument");
+			return -1;
+		}
+		self->cli_creds
+			= PyCredentials_AsCliCredentials(py_creds);
+	}
 
 	if (lp_obj) {
 		lp_ctx = pytalloc_get_type(lp_obj, struct loadparm_context);
diff --git a/libgpo/wscript_build b/libgpo/wscript_build
index 7d1d32628f0..2ef66f7fa9d 100644
--- a/libgpo/wscript_build
+++ b/libgpo/wscript_build
@@ -8,5 +8,6 @@ bld.SAMBA3_LIBRARY('gpext',
                    private_library=True)
 
 bld.SAMBA3_PYTHON('python_samba_libgpo', 'pygpo.c',
-                 deps='pyparam_util gpext talloc ads TOKEN_UTIL auth',
+                 deps='''pyparam_util gpext talloc ads TOKEN_UTIL
+                 auth pyrpc_util''',
                  realname='samba/gpo.so')