def update_krbtgt_account_password(samdb): """Update (change) the password of the krbtgt account :param samdb: An LDB object related to the sam.ldb file of a given provision""" expression = "samAccountName=krbtgt" res = samdb.search(expression=expression, attrs=[]) assert(len(res) == 1) msg = ldb.Message(res[0].dn) machinepass = samba.generate_random_machine_password(128, 255) mputf16 = machinepass.encode('utf-16-le') msg["clearTextPassword"] = ldb.MessageElement(mputf16, ldb.FLAG_MOD_REPLACE, "clearTextPassword") samdb.modify(msg)
def update_krbtgt_account_password(samdb): """Update (change) the password of the krbtgt account :param samdb: An LDB object related to the sam.ldb file of a given provision""" expression = "samAccountName=krbtgt" res = samdb.search(expression=expression, attrs=[]) assert (len(res) == 1) msg = ldb.Message(res[0].dn) machinepass = samba.generate_random_machine_password(128, 255) mputf16 = machinepass.encode('utf-16-le') msg["clearTextPassword"] = ldb.MessageElement(mputf16, ldb.FLAG_MOD_REPLACE, "clearTextPassword") samdb.modify(msg)
def update_machine_account_password(samdb, secrets_ldb, names): """Update (change) the password of the current DC both in the SAM db and in secret one :param samdb: An LDB object related to the sam.ldb file of a given provision :param secrets_ldb: An LDB object related to the secrets.ldb file of a given provision :param names: List of key provision parameters""" expression = "samAccountName=%s$" % names.netbiosname secrets_msg = secrets_ldb.search(expression=expression, attrs=["secureChannelType"]) if int(secrets_msg[0]["secureChannelType"][0]) == SEC_CHAN_BDC: res = samdb.search(expression=expression, attrs=[]) assert (len(res) == 1) msg = ldb.Message(res[0].dn) machinepass = samba.generate_random_machine_password(128, 255) mputf16 = machinepass.encode('utf-16-le') msg["clearTextPassword"] = ldb.MessageElement(mputf16, ldb.FLAG_MOD_REPLACE, "clearTextPassword") samdb.modify(msg) res = samdb.search(expression=("samAccountName=%s$" % names.netbiosname), attrs=["msDs-keyVersionNumber"]) assert (len(res) == 1) kvno = int(str(res[0]["msDs-keyVersionNumber"])) secChanType = int(secrets_msg[0]["secureChannelType"][0]) secretsdb_self_join(secrets_ldb, domain=names.domain, realm=names.realm, domainsid=names.domainsid, dnsdomain=names.dnsdomain, netbiosname=names.netbiosname, machinepass=machinepass, key_version_number=kvno, secure_channel_type=secChanType) else: raise ProvisioningError("Unable to find a Secure Channel" "of type SEC_CHAN_BDC")
def update_machine_account_password(samdb, secrets_ldb, names): """Update (change) the password of the current DC both in the SAM db and in secret one :param samdb: An LDB object related to the sam.ldb file of a given provision :param secrets_ldb: An LDB object related to the secrets.ldb file of a given provision :param names: List of key provision parameters""" expression = "samAccountName=%s$" % names.netbiosname secrets_msg = secrets_ldb.search(expression=expression, attrs=["secureChannelType"]) if int(secrets_msg[0]["secureChannelType"][0]) == SEC_CHAN_BDC: res = samdb.search(expression=expression, attrs=[]) assert(len(res) == 1) msg = ldb.Message(res[0].dn) machinepass = samba.generate_random_machine_password(128, 255) mputf16 = machinepass.encode('utf-16-le') msg["clearTextPassword"] = ldb.MessageElement(mputf16, ldb.FLAG_MOD_REPLACE, "clearTextPassword") samdb.modify(msg) res = samdb.search(expression=("samAccountName=%s$" % names.netbiosname), attrs=["msDs-keyVersionNumber"]) assert(len(res) == 1) kvno = int(str(res[0]["msDs-keyVersionNumber"])) secChanType = int(secrets_msg[0]["secureChannelType"][0]) secretsdb_self_join(secrets_ldb, domain=names.domain, realm=names.realm, domainsid=names.domainsid, dnsdomain=names.dnsdomain, netbiosname=names.netbiosname, machinepass=machinepass, key_version_number=kvno, secure_channel_type=secChanType) else: raise ProvisioningError("Unable to find a Secure Channel" "of type SEC_CHAN_BDC")