def __retrieve_trusted_domain_gc_list(self, domain):
"""
Retrieves domain information and preferred GC list
Returns dictionary with following keys
name -- NetBIOS name of the trusted domain
dns_domain -- DNS name of the trusted domain
auth -- encrypted credentials for trusted domain account
gc -- array of tuples (server, port) for Global Catalog
"""
if domain in self._info:
return self._info[domain]
if not self._creds:
self._parm = param.LoadParm()
self._parm.load(os.path.join(ipautil.SHARE_DIR, "smb.conf.empty"))
self._parm.set('netbios name', self.flatname)
self._creds = credentials.Credentials()
self._creds.set_kerberos_state(credentials.MUST_USE_KERBEROS)
self._creds.guess(self._parm)
self._creds.set_workstation(self.flatname)
netrc = net.Net(creds=self._creds, lp=self._parm)
finddc_error = None
result = None
try:
result = netrc.finddc(domain=domain,
flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_GC
| nbt.NBT_SERVER_CLOSEST)
except RuntimeError, e:
finddc_error = e
def get_supplemental_creds_drs(self):
binding_str = "ncacn_ip_tcp:%s[seal]" % os.environ["SERVER"]
dn = "cn=" + USER_NAME + ",cn=users," + self.base_dn
drs = drsuapi.drsuapi(binding_str, self.get_loadparm(), self.creds)
(drs_handle, supported_extensions) = drs_utils.drs_DsBind(drs)
req8 = drsuapi.DsGetNCChangesRequest8()
null_guid = misc.GUID()
req8.destination_dsa_guid = null_guid
req8.source_dsa_invocation_id = null_guid
req8.naming_context = drsuapi.DsReplicaObjectIdentifier()
req8.naming_context.dn = unicode(dn)
req8.highwatermark = drsuapi.DsReplicaHighWaterMark()
req8.highwatermark.tmp_highest_usn = 0
req8.highwatermark.reserved_usn = 0
req8.highwatermark.highest_usn = 0
req8.uptodateness_vector = None
req8.replica_flags = (drsuapi.DRSUAPI_DRS_INIT_SYNC |
drsuapi.DRSUAPI_DRS_PER_SYNC |
drsuapi.DRSUAPI_DRS_GET_ANC |
drsuapi.DRSUAPI_DRS_NEVER_SYNCED |
drsuapi.DRSUAPI_DRS_WRIT_REP)
req8.max_object_count = 402
req8.max_ndr_size = 402116
req8.extended_op = drsuapi.DRSUAPI_EXOP_REPL_OBJ
req8.fsmo_info = 0
req8.partial_attribute_set = None
req8.partial_attribute_set_ex = None
req8.mapping_ctr.num_mappings = 0
req8.mapping_ctr.mappings = None
(level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
obj_item = ctr.first_object
obj = obj_item.object
sc_blob = None
for i in range(0, obj.attribute_ctr.num_attributes):
attr = obj.attribute_ctr.attributes[i]
if attid_equal(attr.attid,
drsuapi.DRSUAPI_ATTID_supplementalCredentials):
net_ctx = net.Net(self.creds)
net_ctx.replicate_decrypt(drs, attr, 0)
sc_blob = attr.value_ctr.values[0].blob
sc = ndr_unpack(drsblobs.supplementalCredentialsBlob, sc_blob)
return sc
def retrieve_anonymously(self, remote_host, discover_srv=False):
"""
When retrieving DC information anonymously, we can't get SID of the domain
"""
netrc = net.Net(creds=self.creds, lp=self.parm)
try:
if discover_srv:
result = netrc.finddc(domain=remote_host,
flags=nbt.NBT_SERVER_LDAP
| nbt.NBT_SERVER_DS)
else:
result = netrc.finddc(address=remote_host,
flags=nbt.NBT_SERVER_LDAP
| nbt.NBT_SERVER_DS)
except RuntimeError, e:
raise assess_dcerpc_exception(message=str(e))