def _get_members(_groupname=str(), _sid=str()):
try:
if _groupname:
groups = self.get_netgroup(queried_groupname=_groupname,
queried_domain=queried_domain,
full_data=True)
else:
if _sid:
queried_sid = _sid
else:
with pywerview.functions.misc.Misc(
self._domain_controller, self._domain,
self._user, self._password, self._lmhash,
self._nthash) as misc_requester:
queried_sid = misc_requester.get_domainsid(
queried_domain) + '-512'
groups = self.get_netgroup(queried_sid=queried_sid,
queried_domain=queried_domain,
full_data=True)
except IndexError:
raise ValueError(
'The group {} was not found'.format(_groupname))
final_members = list()
for group in groups:
members = list()
if recurse and use_matching_rule:
group_memberof_filter = '(&(samAccountType=805306368)(memberof:1.2.840.113556.1.4.1941:={}){})'.format(
group.distinguishedname, custom_filter)
members = self.get_netuser(
custom_filter=group_memberof_filter,
queried_domain=queried_domain)
else:
# TODO: range cycling
try:
for member in group.member:
dn_filter = '(distinguishedname={}){}'.format(
member, custom_filter)
members += self.get_netuser(
custom_filter=dn_filter,
queried_domain=queried_domain)
members += self.get_netgroup(
custom_filter=dn_filter,
queried_domain=queried_domain,
full_data=True)
# The group doesn't have any members
except AttributeError:
continue
for member in members:
if full_data:
final_member = member
else:
final_member = adobj.ADObject(list())
member_dn = member.distinguishedname
try:
member_domain = member_dn[member_dn.
index('DC='):].replace(
'DC=',
'').replace(',', '.')
except IndexError:
member_domain = str()
is_group = (member.samaccounttype != '805306368')
attributes = list()
if queried_domain:
attributes.append({
'type': 'groupdomain',
'vals': [queried_domain]
})
else:
attributes.append({
'type': 'groupdomain',
'vals': [self._domain]
})
attributes.append({
'type': 'groupname',
'vals': [group.name]
})
attributes.append({
'type': 'membername',
'vals': [member.samaccountname]
})
attributes.append({
'type': 'memberdomain',
'vals': [member_domain]
})
attributes.append({'type': 'isgroup', 'vals': [is_group]})
attributes.append({
'type': 'memberdn',
'vals': [member_dn]
})
attributes.append({
'type': 'membersid',
'vals': [member.objectsid]
})
final_member.add_attributes(attributes)
final_members.append(final_member)
return final_members
def _get_members(_groupname=str(), _sid=str()):
try:
# `--groupname` option is supplied
if _groupname:
groups = self.get_netgroup(queried_groupname=_groupname,
queried_domain=queried_domain,
full_data=True)
# `--groupname` option is missing, falling back to the "Domain Admins"
else:
if _sid:
queried_sid = _sid
else:
with pywerview.functions.misc.Misc(self._domain_controller,
self._domain, self._user,
self._password, self._lmhash,
self._nthash) as misc_requester:
queried_sid = misc_requester.get_domainsid(queried_domain) + '-512'
groups = self.get_netgroup(queried_sid=queried_sid,
queried_domain=queried_domain,
full_data=True)
except IndexError:
raise ValueError('The group {} was not found'.format(_groupname))
final_members = list()
for group in groups:
members = list()
if recurse and use_matching_rule:
group_memberof_filter = '(&(samAccountType=805306368)(memberof:1.2.840.113556.1.4.1941:={}){})'.format(group.distinguishedname, custom_filter)
members = self.get_netuser(custom_filter=group_memberof_filter,
queried_domain=queried_domain)
else:
# TODO: range cycling
try:
for member in group.member:
# RFC 4515, section 3
member = escape_filter_chars(member, encoding='utf-8')
dn_filter = '(distinguishedname={}){}'.format(member, custom_filter)
members += self.get_netuser(custom_filter=dn_filter, queried_domain=queried_domain)
members += self.get_netgroup(custom_filter=dn_filter, queried_domain=queried_domain, full_data=True)
# The group doesn't have any members
except AttributeError:
continue
for member in members:
if full_data:
final_member = member
else:
final_member = adobj.ADObject(list())
member_dn = member.distinguishedname
try:
member_domain = member_dn[member_dn.index('DC='):].replace('DC=', '').replace(',', '.')
except IndexError:
member_domain = str()
is_group = (member.samaccounttype != '805306368')
attributes = dict()
if queried_domain:
attributes['groupdomain'] = queried_domain
else:
attributes['groupdomain'] = self._domain
attributes['groupname'] = group.name
attributes['membername'] = member.samaccountname
attributes['memberdomain'] = member_domain
attributes['isgroup'] = is_group
attributes['memberdn'] = member_dn
attributes['membersid'] = member.objectsid
final_member.add_attributes(attributes)
final_members.append(final_member)
return final_members
