Пример #1
0
    def setUp(self):
        super(AuthLogTestsNetLogon, self).setUp()
        self.lp = samba.tests.env_loadparm()
        self.creds = Credentials()

        self.session = system_session()
        self.ldb = SamDB(session_info=self.session,
                         credentials=self.creds,
                         lp=self.lp)

        self.domain = os.environ["DOMAIN"]
        self.netbios_name = "NetLogonGood"
        self.machinepass = "******"
        self.remoteAddress = AS_SYSTEM_MAGIC_PATH_TOKEN
        self.base_dn = self.ldb.domain_dn()
        self.dn = ("cn=%s,cn=users,%s" % (self.netbios_name, self.base_dn))

        utf16pw = text_type('"' + self.machinepass + '"').encode('utf-16-le')
        self.ldb.add({
            "dn":
            self.dn,
            "objectclass":
            "computer",
            "sAMAccountName":
            "%s$" % self.netbios_name,
            "userAccountControl":
            str(UF_WORKSTATION_TRUST_ACCOUNT | UF_PASSWD_NOTREQD),
            "unicodePwd":
            utf16pw
        })
Пример #2
0
    def get_supplemental_creds_drs(self):
        binding_str = "ncacn_ip_tcp:%s[seal]" % os.environ["SERVER"]
        dn = "cn=" + USER_NAME + ",cn=users," + self.base_dn
        drs = drsuapi.drsuapi(binding_str, self.get_loadparm(), self.creds)
        (drs_handle, supported_extensions) = drs_utils.drs_DsBind(drs)

        req8 = drsuapi.DsGetNCChangesRequest8()

        null_guid = misc.GUID()
        req8.destination_dsa_guid = null_guid
        req8.source_dsa_invocation_id = null_guid
        req8.naming_context = drsuapi.DsReplicaObjectIdentifier()
        req8.naming_context.dn = text_type(dn)

        req8.highwatermark = drsuapi.DsReplicaHighWaterMark()
        req8.highwatermark.tmp_highest_usn = 0
        req8.highwatermark.reserved_usn = 0
        req8.highwatermark.highest_usn = 0
        req8.uptodateness_vector = None
        req8.replica_flags = (drsuapi.DRSUAPI_DRS_INIT_SYNC
                              | drsuapi.DRSUAPI_DRS_PER_SYNC
                              | drsuapi.DRSUAPI_DRS_GET_ANC
                              | drsuapi.DRSUAPI_DRS_NEVER_SYNCED
                              | drsuapi.DRSUAPI_DRS_WRIT_REP)
        req8.max_object_count = 402
        req8.max_ndr_size = 402116
        req8.extended_op = drsuapi.DRSUAPI_EXOP_REPL_OBJ
        req8.fsmo_info = 0
        req8.partial_attribute_set = None
        req8.partial_attribute_set_ex = None
        req8.mapping_ctr.num_mappings = 0
        req8.mapping_ctr.mappings = None
        (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)

        obj_item = ctr.first_object
        obj = obj_item.object

        sc_blob = None

        for i in range(0, obj.attribute_ctr.num_attributes):
            attr = obj.attribute_ctr.attributes[i]
            if attid_equal(attr.attid,
                           drsuapi.DRSUAPI_ATTID_supplementalCredentials):
                net_ctx = net.Net(self.creds)
                net_ctx.replicate_decrypt(drs, attr, 0)
                sc_blob = attr.value_ctr.values[0].blob

        sc = ndr_unpack(drsblobs.supplementalCredentialsBlob, sc_blob)
        return sc
Пример #3
0
    def setpassword(self,
                    search_filter,
                    password,
                    force_change_at_next_login=False,
                    username=None):
        """Sets the password for a user

        :param search_filter: LDAP filter to find the user (eg
            samccountname=name)
        :param password: Password for the user
        :param force_change_at_next_login: Force password change
        """
        self.transaction_start()
        try:
            res = self.search(base=self.domain_dn(),
                              scope=ldb.SCOPE_SUBTREE,
                              expression=search_filter,
                              attrs=[])
            if len(res) == 0:
                raise Exception('Unable to find user "%s"' %
                                (username or search_filter))
            if len(res) > 1:
                raise Exception('Matched %u multiple users with filter "%s"' %
                                (len(res), search_filter))
            user_dn = res[0].dn
            pw = text_type(b'"' + password.encode('utf-8') + b'"',
                           'utf-8').encode('utf-16-le')
            setpw = """
dn: %s
changetype: modify
replace: unicodePwd
unicodePwd:: %s
""" % (user_dn, base64.b64encode(pw).decode('utf-8'))

            self.modify_ldif(setpw)

            if force_change_at_next_login:
                self.force_password_change_at_next_login(
                    "(distinguishedName=" + str(user_dn) + ")")

            #  modify the userAccountControl to remove the disabled bit
            self.enable_account(search_filter)
        except:
            self.transaction_cancel()
            raise
        else:
            self.transaction_commit()
Пример #4
0
def _drs_fetch_pfm(server, samdb, creds, lp):
    """Fetch prefixMap using DRS interface"""
    binding_str = "ncacn_ip_tcp:%s[print,seal]" % server

    drs = drsuapi.drsuapi(binding_str, lp, creds)
    (drs_handle, supported_extensions) = drs_DsBind(drs)
    print("DRS Handle: %s" % drs_handle)

    req8 = drsuapi.DsGetNCChangesRequest8()

    dest_dsa = misc.GUID("9c637462-5b8c-4467-aef2-bdb1f57bc4ef")
    replica_flags = 0

    req8.destination_dsa_guid = dest_dsa
    req8.source_dsa_invocation_id = misc.GUID(samdb.get_invocation_id())
    req8.naming_context = drsuapi.DsReplicaObjectIdentifier()
    req8.naming_context.dn = text_type(samdb.get_schema_basedn())
    req8.highwatermark = drsuapi.DsReplicaHighWaterMark()
    req8.highwatermark.tmp_highest_usn = 0
    req8.highwatermark.reserved_usn = 0
    req8.highwatermark.highest_usn = 0
    req8.uptodateness_vector = None
    req8.replica_flags = replica_flags
    req8.max_object_count = 0
    req8.max_ndr_size = 402116
    req8.extended_op = 0
    req8.fsmo_info = 0
    req8.partial_attribute_set = None
    req8.partial_attribute_set_ex = None
    req8.mapping_ctr.num_mappings = 0
    req8.mapping_ctr.mappings = None

    (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
    pfm = ctr.mapping_ctr
    # check for schemaInfo element
    pfm_it = pfm.mappings[-1]
    assert pfm_it.id_prefix == 0
    assert pfm_it.oid.length == 21
    s = ''
    for x in pfm_it.oid.binary_oid:
        s += chr(x)
    pfm_schi = ndr_unpack(drsblobs.schemaInfoBlob, s)
    assert pfm_schi.marker == 0xFF
    # remove schemaInfo element
    pfm.num_mappings -= 1
    return (pfm, pfm_schi)
Пример #5
0
    def _test_samlogon(self, binding, creds, checkFunction):

        def isLastExpectedMessage(msg):
            return (
                msg["type"] == "Authentication" and
                msg["Authentication"]["serviceDescription"]  == "SamLogon" and
                msg["Authentication"]["authDescription"]     == "network" and
                msg["Authentication"]["passwordType"]        == "NTLMv2" and
                (msg["Authentication"]["eventId"] ==
                    EVT_ID_SUCCESSFUL_LOGON) and
                (msg["Authentication"]["logonType"] == EVT_LOGON_NETWORK))

        if binding:
            binding = "[schannel,%s]" % binding
        else:
            binding = "[schannel]"

        utf16pw = text_type('"' + self.machinepass + '"').encode('utf-16-le')
        self.ldb.add({
            "dn": self.samlogon_dn,
            "objectclass": "computer",
            "sAMAccountName": "%s$" % self.netbios_name,
            "userAccountControl":
                str(UF_WORKSTATION_TRUST_ACCOUNT | UF_PASSWD_NOTREQD),
            "unicodePwd": utf16pw})

        machine_creds = Credentials()
        machine_creds.guess(self.get_loadparm())
        machine_creds.set_secure_channel_type(SEC_CHAN_WKSTA)
        machine_creds.set_password(self.machinepass)
        machine_creds.set_username(self.netbios_name + "$")

        netlogon_conn = netlogon.netlogon("ncalrpc:%s" % binding,
                                          self.get_loadparm(),
                                          machine_creds)
        challenge = b"abcdefgh"

        target_info = ntlmssp.AV_PAIR_LIST()
        target_info.count = 3

        domainname = ntlmssp.AV_PAIR()
        domainname.AvId = ntlmssp.MsvAvNbDomainName
        domainname.Value = self.domain

        computername = ntlmssp.AV_PAIR()
        computername.AvId = ntlmssp.MsvAvNbComputerName
        computername.Value = self.netbios_name

        eol = ntlmssp.AV_PAIR()
        eol.AvId = ntlmssp.MsvAvEOL
        target_info.pair = [domainname, computername, eol]

        target_info_blob = ndr_pack(target_info)

        response = creds.get_ntlm_response(flags=CLI_CRED_NTLMv2_AUTH,
                                           challenge=challenge,
                                           target_info=target_info_blob)

        netr_flags = 0

        logon_level = netlogon.NetlogonNetworkTransitiveInformation
        logon = samba.dcerpc.netlogon.netr_NetworkInfo()

        logon.challenge = [x if isinstance(x,int) else ord(x) for x in challenge]
        logon.nt = netlogon.netr_ChallengeResponse()
        logon.nt.length = len(response["nt_response"])
        logon.nt.data = [x if isinstance(x,int) else ord(x) for x in response["nt_response"]]
        logon.identity_info = samba.dcerpc.netlogon.netr_IdentityInfo()
        (username, domain) = creds.get_ntlm_username_domain()

        logon.identity_info.domain_name.string = domain
        logon.identity_info.account_name.string = username
        logon.identity_info.workstation.string = creds.get_workstation()

        validation_level = samba.dcerpc.netlogon.NetlogonValidationSamInfo4

        result = netlogon_conn.netr_LogonSamLogonEx(
            os.environ["SERVER"],
            machine_creds.get_workstation(),
            logon_level, logon,
            validation_level, netr_flags)

        (validation, authoritative, netr_flags_out) = result

        messages = self.waitForMessages(isLastExpectedMessage, netlogon_conn)
        checkFunction(messages)