def test_LsarSetInformationPolicy2(self):
dce, rpctransport, policyHandle = self.connect()
request = lsad.LsarQueryInformationPolicy2()
request['PolicyHandle'] = policyHandle
request[
'InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation
resp = dce.request(request)
resp.dump()
oldValue = resp['PolicyInformation']['PolicyAuditEventsInfo'][
'AuditingMode']
req = lsad.LsarSetInformationPolicy2()
req['PolicyHandle'] = policyHandle
req['InformationClass'] = request['InformationClass']
req['PolicyInformation'] = resp['PolicyInformation']
req['PolicyInformation']['PolicyAuditEventsInfo']['AuditingMode'] = 0
resp2 = dce.request(req)
resp2.dump()
resp = dce.request(request)
resp.dump()
req['PolicyInformation']['PolicyAuditEventsInfo'][
'AuditingMode'] = oldValue
resp2 = dce.request(req)
resp2.dump()
def test_LsarQueryInformationPolicy2(self):
dce, rpctransport = self.connect()
policyHandle = self.open_policy(dce)
request = lsad.LsarQueryInformationPolicy2()
request['PolicyHandle'] = policyHandle
request[
'InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyAuditLogInformation
resp = dce.request(request)
resp.dump()
request[
'InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation
resp = dce.request(request)
resp.dump()
request[
'InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyPrimaryDomainInformation
resp = dce.request(request)
resp.dump()
request[
'InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyPdAccountInformation
resp = dce.request(request)
resp.dump()
request[
'InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation
resp = dce.request(request)
resp.dump()
request[
'InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyLsaServerRoleInformation
resp = dce.request(request)
resp.dump()
request[
'InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyReplicaSourceInformation
resp = dce.request(request)
resp.dump()
request[
'InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyDnsDomainInformation
resp = dce.request(request)
resp.dump()
request[
'InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyDnsDomainInformationInt
resp = dce.request(request)
resp.dump()
request[
'InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyLocalAccountDomainInformation
resp = dce.request(request)
resp.dump()
def test_LsarAddPrivilegesToAccount_LsarRemovePrivilegesFromAccount(self):
dce, rpctransport = self.connect()
policyHandle = self.open_policy(dce)
request = lsad.LsarQueryInformationPolicy2()
request['PolicyHandle'] = policyHandle
request[
'InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation
resp = dce.request(request)
sid = resp['PolicyInformation']['PolicyAccountDomainInfo'][
'DomainSid'].formatCanonical()
sid = sid + '-9999'
request = lsad.LsarCreateAccount()
request['PolicyHandle'] = policyHandle
request['AccountSid'].fromCanonical(sid)
request[
'DesiredAccess'] = MAXIMUM_ALLOWED | lsad.ACCOUNT_ADJUST_PRIVILEGES
resp = dce.request(request)
resp.dump()
accountHandle = resp['AccountHandle']
request = lsad.LsarAddPrivilegesToAccount()
request['AccountHandle'] = accountHandle
request['Privileges']['PrivilegeCount'] = 1
request['Privileges']['Control'] = 0
attribute = lsad.LSAPR_LUID_AND_ATTRIBUTES()
attribute['Luid']['LowPart'] = 0
attribute['Luid']['HighPart'] = 3
attribute['Attributes'] = 3
request['Privileges']['Privilege'].append(attribute)
try:
resp = dce.request(request)
resp.dump()
except Exception:
request = lsad.LsarDeleteObject()
request['ObjectHandle'] = accountHandle
dce.request(request)
return
request = lsad.LsarRemovePrivilegesFromAccount()
request['AccountHandle'] = accountHandle
request['AllPrivileges'] = 1
request['Privileges'] = NULL
resp = dce.request(request)
resp.dump()
request = lsad.LsarDeleteObject()
request['ObjectHandle'] = accountHandle
resp = dce.request(request)
resp.dump()
def test_LsarCreateAccount_LsarDeleteObject(self):
dce, rpctransport, policyHandle = self.connect()
request = lsad.LsarQueryInformationPolicy2()
request['PolicyHandle'] = policyHandle
request['InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation
resp = dce.request(request)
sid = resp['PolicyInformation']['PolicyAccountDomainInfo']['DomainSid'].formatCanonical()
sid = sid + '-9999'
request = lsad.LsarCreateAccount()
request['PolicyHandle'] = policyHandle
request['AccountSid'].fromCanonical(sid)
request['DesiredAccess'] = MAXIMUM_ALLOWED
resp = dce.request(request)
resp.dump()
request = lsad.LsarDeleteObject()
request['ObjectHandle'] = resp['AccountHandle']
resp = dce.request(request)
resp.dump()
def test_LsarSetInformationPolicy2(self):
dce, rpctransport, policyHandle = self.connect()
request = lsad.LsarQueryInformationPolicy2()
request['PolicyHandle'] = policyHandle
request[
'InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation
resp = dce.request(request)
resp.dump()
oldValue = resp['PolicyInformation']['PolicyAuditEventsInfo'][
'AuditingMode']
req = lsad.LsarSetInformationPolicy2()
req['PolicyHandle'] = policyHandle
req['InformationClass'] = request['InformationClass']
req['PolicyInformation'] = resp['PolicyInformation']
req['PolicyInformation']['PolicyAuditEventsInfo']['AuditingMode'] = 0
resp2 = dce.request(req)
resp2.dump()
resp = dce.request(request)
resp.dump()
req['PolicyInformation']['PolicyAuditEventsInfo'][
'AuditingMode'] = oldValue
resp2 = dce.request(req)
resp2.dump()
################################################################################
request[
'InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyPrimaryDomainInformation
resp = dce.request(request)
resp.dump()
oldValue = resp['PolicyInformation']['PolicyPrimaryDomainInfo']['Name']
req = lsad.LsarSetInformationPolicy2()
req['PolicyHandle'] = policyHandle
req['InformationClass'] = request['InformationClass']
req['PolicyInformation'] = resp['PolicyInformation']
req['PolicyInformation']['PolicyPrimaryDomainInfo']['Name'] = 'BETUS'
resp2 = dce.request(req)
resp2.dump()
resp = dce.request(request)
resp.dump()
self.assertTrue('BETUS' == resp['PolicyInformation']
['PolicyPrimaryDomainInfo']['Name'])
req['PolicyInformation']['PolicyPrimaryDomainInfo']['Name'] = oldValue
resp2 = dce.request(req)
resp2.dump()
################################################################################
request[
'InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation
resp = dce.request(request)
resp.dump()
oldValue = resp['PolicyInformation']['PolicyAccountDomainInfo'][
'DomainName']
req = lsad.LsarSetInformationPolicy2()
req['PolicyHandle'] = policyHandle
req['InformationClass'] = request['InformationClass']
req['PolicyInformation'] = resp['PolicyInformation']
req['PolicyInformation']['PolicyAccountDomainInfo'][
'DomainName'] = 'BETUS'
resp2 = dce.request(req)
resp2.dump()
resp = dce.request(request)
resp.dump()
self.assertTrue('BETUS' == resp['PolicyInformation']
['PolicyAccountDomainInfo']['DomainName'])
req['PolicyInformation']['PolicyAccountDomainInfo'][
'DomainName'] = oldValue
resp2 = dce.request(req)
resp2.dump()
