def generate_AuthInfoInternal(session_key, incoming=None, outgoing=None): confounder = [0] * 512 for i in range(len(confounder)): confounder[i] = random.randint(0, 255) trustpass = drsblobs.trustDomainPasswords() trustpass.confounder = confounder trustpass.outgoing = outgoing trustpass.incoming = incoming trustpass_blob = ndr_pack(trustpass) encrypted_trustpass = arcfour_encrypt(session_key, trustpass_blob) auth_blob = lsa.DATA_BUF2() auth_blob.size = len(encrypted_trustpass) auth_blob.data = string_to_byte_array(encrypted_trustpass) auth_info = lsa.TrustDomainInfoAuthInfoInternal() auth_info.auth_blob = auth_blob return auth_info
def test_byte_array(self): expected = [218, 145, 90, 176, 108, 215, 185, 207, 153] calculated = string_to_byte_array('\xda\x91Z\xb0l\xd7\xb9\xcf\x99') self.assertEquals(expected, calculated)
def test_byte_array(self): expected = [218, 145, 90, 176, 108, 215, 185, 207, 153] calculated = string_to_byte_array('\xda\x91Z\xb0l\xd7\xb9\xcf\x99') self.assertEqual(expected, calculated)
def _create_trust_relax(self, smbencrypt=True): creds = self.get_user_creds() if smbencrypt: creds.set_smb_encryption(SMB_ENCRYPTION_REQUIRED) else: creds.set_smb_encryption(SMB_ENCRYPTION_OFF) lp = self.get_loadparm() binding_string = ("ncacn_np:%s" % (samba.tests.env_get_var_value('SERVER'))) lsa_conn = lsa.lsarpc(binding_string, lp, creds) if smbencrypt: self.assertTrue(lsa_conn.transport_encrypted()) else: self.assertFalse(lsa_conn.transport_encrypted()) objectAttr = lsa.ObjectAttribute() objectAttr.sec_qos = lsa.QosInfo() pol_handle = lsa_conn.OpenPolicy2('', objectAttr, security.SEC_FLAG_MAXIMUM_ALLOWED) self.assertIsNotNone(pol_handle) name = lsa.String() name.string = "tests.samba.example.com" try: info = lsa_conn.QueryTrustedDomainInfoByName( pol_handle, name, lsa.LSA_TRUSTED_DOMAIN_INFO_FULL_INFO) lsa_conn.DeleteTrustedDomain(pol_handle, info.info_ex.sid) except RuntimeError: pass info = lsa.TrustDomainInfoInfoEx() info.domain_name.string = name.string info.netbios_name.string = "createtrustrelax" info.sid = security.dom_sid("S-1-5-21-538490383-3740119673-95748416") info.trust_direction = lsa.LSA_TRUST_DIRECTION_INBOUND | lsa.LSA_TRUST_DIRECTION_OUTBOUND info.trust_type = lsa.LSA_TRUST_TYPE_UPLEVEL info.trust_attributes = lsa.LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE password_blob = samba.string_to_byte_array( "password".encode('utf-16-le')) clear_value = drsblobs.AuthInfoClear() clear_value.size = len(password_blob) clear_value.password = password_blob clear_authentication_information = drsblobs.AuthenticationInformation() clear_authentication_information.LastUpdateTime = 0 clear_authentication_information.AuthType = lsa.TRUST_AUTH_TYPE_CLEAR clear_authentication_information.AuthInfo = clear_value authentication_information_array = drsblobs.AuthenticationInformationArray( ) authentication_information_array.count = 1 authentication_information_array.array = [ clear_authentication_information ] outgoing = drsblobs.trustAuthInOutBlob() outgoing.count = 1 outgoing.current = authentication_information_array trustdom_handle = None try: trustdom_handle = CreateTrustedDomainRelax(lsa_conn, pol_handle, info, security.SEC_STD_DELETE, outgoing, outgoing) except samba.NTSTATUSError as nt: raise AssertionError(nt) except OSError as e: if smbencrypt: raise AssertionError(e) if smbencrypt: self.assertIsNotNone(trustdom_handle) lsa_conn.DeleteTrustedDomain(pol_handle, info.sid) else: self.assertIsNone(trustdom_handle)