def _test_rpc_ncaclrpc(self, authTypes, binding, creds, protection, checkFunction): def isLastExpectedMessage(msg): return (msg["type"] == "Authorization" and msg["Authorization"]["serviceDescription"] == "DCE/RPC" and msg["Authorization"]["authType"] == authTypes[0] and msg["Authorization"]["transportProtection"] == protection) if binding: binding = "[%s]" % binding samr.samr("ncalrpc:%s" % binding, self.get_loadparm(), creds) messages = self.waitForMessages(isLastExpectedMessage) checkFunction(messages, authTypes, protection)
def test_setUserInfo2_Password(self, password='******'): self.conn = samr.samr(self.remote_binding_string, self.get_loadparm(), self.remote_creds) self.open_domain_handle() self.open_user_handle() password='******' level = 24 info = samr.UserInfo24() info.password_expired = 0 info.password = self.init_samr_CryptPassword(password, self.conn.session_key) # If the server is in FIPS mode, it should reject the password change! try: self.conn.SetUserInfo2(self.user_handle, level, info) except samba.NTSTATUSError as e: code = ctypes.c_uint32(e.args[0]).value print(code) if ((code == ntstatus.NT_STATUS_ACCESS_DENIED) and (self.lp.weak_crypto == 'disallowed')): pass else: raise
def __auth_samr(self, lp, credentials): """ SAMR Authentication Keyword arguments: lp -- samba configuration file loaded with param.LoadParm credentials - Credentials object with the username, password, domain and workstation values set TODO: Check if user has Administration credentials. Probably something to do with the uuid """ from samba.dcerpc import samr, security auth_success = False try: pipe = samr.samr("ncalrpc:", lp, credentials) connect_handle = pipe.Connect(None, security.SEC_FLAG_MAXIMUM_ALLOWED) # # TODO Must find a better way! # session["samr_u"] = credentials.get_username() session["samr_p"] = credentials.get_password() except Exception, e: self.__reason = str(e)
def setUp(self): super(UserAccountControlTests, self).setUp() self.admin_creds = creds self.admin_samdb = SamDB(url=ldaphost, session_info=system_session(), credentials=self.admin_creds, lp=lp) self.domain_sid = security.dom_sid(self.admin_samdb.get_domain_sid()) self.base_dn = self.admin_samdb.domain_dn() self.unpriv_user = "******" self.unpriv_user_pw = "samba123@" self.unpriv_creds = self.get_creds(self.unpriv_user, self.unpriv_user_pw) delete_force(self.admin_samdb, "CN=testcomputer-t,OU=test_computer_ou1,%s" % (self.base_dn)) delete_force(self.admin_samdb, "OU=test_computer_ou1,%s" % (self.base_dn)) delete_force(self.admin_samdb, "CN=%s,CN=Users,%s" % (self.unpriv_user, self.base_dn)) self.admin_samdb.newuser(self.unpriv_user, self.unpriv_user_pw) res = self.admin_samdb.search("CN=%s,CN=Users,%s" % (self.unpriv_user, self.admin_samdb.domain_dn()), scope=SCOPE_BASE, attrs=["objectSid"]) self.assertEqual(1, len(res)) self.unpriv_user_sid = ndr_unpack(security.dom_sid, res[0]["objectSid"][0]) self.unpriv_user_dn = res[0].dn self.samdb = SamDB(url=ldaphost, credentials=self.unpriv_creds, lp=lp) self.samr = samr.samr("ncacn_ip_tcp:%s[seal]" % host, lp, self.unpriv_creds) self.samr_handle = self.samr.Connect2(None, security.SEC_FLAG_MAXIMUM_ALLOWED) self.samr_domain = self.samr.OpenDomain(self.samr_handle, security.SEC_FLAG_MAXIMUM_ALLOWED, self.domain_sid) self.sd_utils = sd_utils.SDUtils(self.admin_samdb) self.admin_samdb.create_ou("OU=test_computer_ou1," + self.base_dn) self.unpriv_user_sid = self.sd_utils.get_object_sid(self.unpriv_user_dn) mod = "(OA;;CC;bf967a86-0de6-11d0-a285-00aa003049e2;;%s)" % str(self.unpriv_user_sid) old_sd = self.sd_utils.read_sd_on_dn("OU=test_computer_ou1," + self.base_dn) self.sd_utils.dacl_add_ace("OU=test_computer_ou1," + self.base_dn, mod) self.add_computer_ldap("testcomputer-t") self.sd_utils.modify_sd_on_dn("OU=test_computer_ou1," + self.base_dn, old_sd) self.computernames = ["testcomputer-0"] # Get the SD of the template account, then force it to match # what we expect for SeMachineAccountPrivilege accounts, so we # can confirm we created the accounts correctly self.sd_reference_cc = self.sd_utils.read_sd_on_dn("CN=testcomputer-t,OU=test_computer_ou1,%s" % (self.base_dn)) self.sd_reference_modify = self.sd_utils.read_sd_on_dn("CN=testcomputer-t,OU=test_computer_ou1,%s" % (self.base_dn)) for ace in self.sd_reference_modify.dacl.aces: if ace.type == security.SEC_ACE_TYPE_ACCESS_ALLOWED and ace.trustee == self.unpriv_user_sid: ace.access_mask = ace.access_mask | security.SEC_ADS_SELF_WRITE | security.SEC_ADS_WRITE_PROP # Now reconnect without domain admin rights self.samdb = SamDB(url=ldaphost, credentials=self.unpriv_creds, lp=lp)
def _test_rpc_ncaclrpc(self, authTypes, binding, creds, protection, checkFunction): def isLastExpectedMessage(msg): return ( msg["type"] == "Authorization" and msg["Authorization"]["serviceDescription"] == "DCE/RPC" and msg["Authorization"]["authType"] == authTypes[0] and msg["Authorization"]["transportProtection"] == protection) if binding: binding = "[%s]" % binding samr.samr("ncalrpc:%s" % binding, self.get_loadparm(), creds) messages = self.waitForMessages(isLastExpectedMessage) checkFunction(messages, authTypes, protection)
def get_connection_obj(conf_file): """ Get the SAMR connection for the given conf file, via ncalrpc. Reuse cache where possible. """ if conf_file not in CONNECTIONS: CONNECTIONS[conf_file] = samr.samr('ncalrpc:', conf_file) return CONNECTIONS[conf_file]
def _connect(self): try: self.LdapConn = samba.Ldb("ldap://%s" % self.server_address,lp=self.lp,credentials=self.creds) self.samrpipe = samr.samr("ncalrpc:%s"% self.server_address, self.lp, credentials=self.creds) #self.srvsvcpipe = srvsvc.srvsvc('ncalrpc:%s' % self.server_address,credentials=self.creds) #self.connect_handle = self.samrpipe.Connect(None, security.SEC_FLAG_MAXIMUM_ALLOWED) self.connect_handle = self.samrpipe.Connect2(None, security.SEC_FLAG_MAXIMUM_ALLOWED) except ldb.LdbError, (num, msg): self.SetError(msg,num) return False;
def setUp(self): self.rodc_db = SamDB('ldap://%s' % RODC, credentials=CREDS, session_info=system_session(LP), lp=LP) self.rwdc_db = SamDB('ldap://%s' % RWDC, credentials=CREDS, session_info=system_session(LP), lp=LP) # Define variables for BasePasswordTestCase self.lp = LP self.global_creds = CREDS self.host = RWDC self.host_url = 'ldap://%s' % RWDC self.ldb = SamDB(url='ldap://%s' % RWDC, session_info=system_session(self.lp), credentials=self.global_creds, lp=self.lp) super(RodcRwdcTests, self).setUp() self.host = RODC self.host_url = 'ldap://%s' % RODC self.ldb = SamDB(url='ldap://%s' % RODC, session_info=system_session(self.lp), credentials=self.global_creds, lp=self.lp) self.samr = samr.samr("ncacn_ip_tcp:%s[seal]" % self.host, self.lp, self.global_creds) self.samr_handle = self.samr.Connect2( None, security.SEC_FLAG_MAXIMUM_ALLOWED) self.samr_domain = self.samr.OpenDomain( self.samr_handle, security.SEC_FLAG_MAXIMUM_ALLOWED, self.domain_sid) self.base_dn = self.rwdc_db.domain_dn() root = self.rodc_db.search(base='', scope=ldb.SCOPE_BASE, attrs=['dsServiceName']) self.service = root[0]['dsServiceName'][0] self.tag = uuid.uuid4().hex self.rwdc_dsheuristics = self.rwdc_db.get_dsheuristics() self.rwdc_db.set_dsheuristics("000000001") set_auto_replication(RWDC, False) # make sure DCs are synchronized before the test self.force_replication() self.rwdc_dn = get_server_ref_from_samdb(self.rwdc_db) self.rodc_dn = get_server_ref_from_samdb(self.rodc_db)
def __init__(self,username,password): self.creds = credentials.Credentials() self.creds.set_username(username) self.creds.set_password(password) self.creds.set_domain(self.WorkGroup) self.creds.set_workstation("") self.samdb = SamDB(url='ldap://%s' % self.server_address,session_info=system_session(), credentials=self.creds, lp=self.lp) self.samrpipe = samr.samr("ncalrpc:%s"% self.server_address, self.lp, credentials=self.creds) self.connect_handle = self.samrpipe.Connect2(None, security.SEC_FLAG_MAXIMUM_ALLOWED) self._GetDomainNames() self._SetCurrentDomain(0)
def __init__(self, username, password): self.creds = credentials.Credentials() self.creds.set_username(username) self.creds.set_password(password) self.creds.set_domain(self.WorkGroup) self.creds.set_workstation("") self.samdb = SamDB( url="ldap://%s" % self.server_address, session_info=system_session(), credentials=self.creds, lp=self.lp ) self.samrpipe = samr.samr("ncalrpc:%s" % self.server_address, self.lp, credentials=self.creds) self.connect_handle = self.samrpipe.Connect2(None, security.SEC_FLAG_MAXIMUM_ALLOWED) self._GetDomainNames() self._SetCurrentDomain(0)
def _connect(self): try: self.creds = credentials.Credentials() self.creds.set_username(self.username) self.creds.set_password(self.password) #self.creds.set_domain("SAMDOM") self.creds.set_domain("") self.creds.set_workstation("") self.LdapConn = samba.Ldb("ldap://127.0.0.1",lp=self.lp,credentials=self.creds) self.samrpipe = samr.samr("ncalrpc:", self.lp, self.creds) self.connect_handle = self.samrpipe.Connect(None, security.SEC_FLAG_MAXIMUM_ALLOWED) except ldb.LdbError, (num, msg): self.SetError(msg,num) return False;
def _connect(self): try: self.creds = credentials.Credentials() self.creds.set_username(self.username) self.creds.set_password(self.password) # self.creds.set_domain("SAMDOM") self.creds.set_domain("") self.creds.set_workstation("") self.LdapConn = samba.Ldb("ldap://127.0.0.1", lp=self.lp, credentials=self.creds) self.samrpipe = samr.samr("ncalrpc:", self.lp, self.creds) self.connect_handle = self.samrpipe.Connect(None, security.SEC_FLAG_MAXIMUM_ALLOWED) except ldb.LdbError, (num, msg): self.SetError(msg, num) return False
def test_setUserInfo2_Password_Encrypted(self, password='******'): self.remote_creds.set_smb_encryption(SMB_ENCRYPTION_REQUIRED) self.conn = samr.samr(self.remote_binding_string, self.get_loadparm(), self.remote_creds) self.open_domain_handle() self.open_user_handle() password='******' level = 24 info = samr.UserInfo24() info.password_expired = 0 info.password = self.init_samr_CryptPassword(password, self.conn.session_key) self.conn.SetUserInfo2(self.user_handle, level, info)
def __init__(self, lp): self.user_list = [] self.group_list = [] # # TODO Must find a better way! # creds = credentials.Credentials() creds.set_username(session["samr_u"]) creds.set_password(session["samr_p"]) creds.set_domain("") if request.environ.has_key("REMOTE_HOST"): creds.set_workstation(request.environ.get("REMOTE_HOST")); else: creds.set_workstation("") self.pipe = samr.samr("ncalrpc:", credentials = creds) self.connect_handle = self.pipe.Connect2(None, security.SEC_FLAG_MAXIMUM_ALLOWED)
def __init__(self, lp): self.user_list = [] self.group_list = [] # # TODO Must find a better way! # creds = credentials.Credentials() creds.set_username(session["samr_u"]) creds.set_password(session["samr_p"]) creds.set_domain("") if request.environ.has_key("REMOTE_HOST"): creds.set_workstation(request.environ.get("REMOTE_HOST")) else: creds.set_workstation("") self.pipe = samr.samr("ncalrpc:", credentials=creds) self.connect_handle = self.pipe.Connect2( None, security.SEC_FLAG_MAXIMUM_ALLOWED)
def __init__(self, server_address, transport_type, username, password): self.user_list = [] self.group_list = [] creds = credentials.Credentials() if (username.count("\\") > 0): creds.set_domain(username.split("\\")[0]) creds.set_username(username.split("\\")[1]) elif (username.count("@") > 0): creds.set_domain(username.split("@")[1]) creds.set_username(username.split("@")[0]) else: creds.set_domain("") creds.set_username(username) creds.set_workstation("") creds.set_password(password) binding = ["ncacn_np:%s", "ncacn_ip_tcp:%s", "ncalrpc:%s"][transport_type] self.pipe = samr.samr(binding % (server_address), credentials = creds) self.connect_handle = self.pipe.Connect2(None, security.SEC_FLAG_MAXIMUM_ALLOWED)
def test_samr_change_password(self): self.creds.set_kerberos_state(MUST_USE_KERBEROS) conn = samr.samr("ncacn_np:%s[krb5,seal,smb2]" % os.getenv("SERVER")) # we want to check whether this gets rejected outright because NTLM is # disabled, so we don't actually need to encrypt a valid password here server = lsa.String() server.string = self.server username = lsa.String() username.string = os.getenv("USERNAME") try: conn.ChangePasswordUser2(server, username, None, None, True, None, None) except NTSTATUSError as e: # changing passwords should be rejected when NTLM is disabled enum = ctypes.c_uint32(e[0]).value if enum == ntstatus.NT_STATUS_NTLM_BLOCKED: self.fail("NTLM is disabled on this server") elif enum == ntstatus.NT_STATUS_WRONG_PASSWORD: # expected error case when NTLM is enabled pass else: raise
domains = toArray(samr.EnumDomains(handle, 0, -1)) print "Found %d domains" % len(domains) for idx, domain in domains: print "\t%s (%d)" % (display_lsa_string(domain), idx) for idx, domain in domains: print "Testing domain %s" % display_lsa_string(domain) sid = samr.LookupDomain(handle, domain) dom_handle = test_OpenDomain(samr, handle, sid) test_domain_ops(samr, dom_handle) samr.Close(dom_handle) if len(sys.argv) != 2: print "Usage: samr.js <BINDING>" sys.exit(1) binding = sys.argv[1] print "Connecting to %s" % binding try: samr = samr.samr(binding) except Exception, e: print "Failed to connect to %s: %s" % (binding, e.message) sys.exit(1) handle = test_Connect(samr) test_EnumDomains(samr, handle) samr.Close(handle) print "All OK"
def setUp(self): super(SamrTests, self).setUp() self.conn = samr.samr("ncalrpc:", self.get_loadparm())
def setUp(self): super(BasePasswordTestCase, self).setUp() self.global_creds.set_gensec_features(self.global_creds.get_gensec_features() | gensec.FEATURE_SEAL) self.template_creds = Credentials() self.template_creds.set_username("testuser") self.template_creds.set_password("thatsAcomplPASS1") self.template_creds.set_domain(self.global_creds.get_domain()) self.template_creds.set_realm(self.global_creds.get_realm()) self.template_creds.set_workstation(self.global_creds.get_workstation()) self.template_creds.set_gensec_features(self.global_creds.get_gensec_features()) self.template_creds.set_kerberos_state(self.global_creds.get_kerberos_state()) # Gets back the basedn base_dn = self.ldb.domain_dn() # Gets back the configuration basedn configuration_dn = self.ldb.get_config_basedn().get_linearized() res = self.ldb.search(base_dn, scope=SCOPE_BASE, attrs=["lockoutDuration", "lockOutObservationWindow", "lockoutThreshold"]) if "lockoutDuration" in res[0]: lockoutDuration = res[0]["lockoutDuration"][0] else: lockoutDuration = 0 if "lockoutObservationWindow" in res[0]: lockoutObservationWindow = res[0]["lockoutObservationWindow"][0] else: lockoutObservationWindow = 0 if "lockoutThreshold" in res[0]: lockoutThreshold = res[0]["lockoutThreshold"][0] else: lockoutTreshold = 0 self.addCleanup(self.ldb.modify_ldif, """ dn: """ + base_dn + """ changetype: modify replace: lockoutDuration lockoutDuration: """ + str(lockoutDuration) + """ replace: lockoutObservationWindow lockoutObservationWindow: """ + str(lockoutObservationWindow) + """ replace: lockoutThreshold lockoutThreshold: """ + str(lockoutThreshold) + """ """) self.base_dn = self.ldb.domain_dn() self.account_lockout_duration = 2 self.lockout_observation_window = 2 self.update_lockout_settings(threshold=3, duration=2, observation_window=2) # update DC to allow password changes for the duration of this test self.allow_password_changes() self.domain_sid = security.dom_sid(self.ldb.get_domain_sid()) self.samr = samr.samr("ncacn_ip_tcp:%s[seal]" % self.host, self.lp, self.global_creds) self.samr_handle = self.samr.Connect2(None, security.SEC_FLAG_MAXIMUM_ALLOWED) self.samr_domain = self.samr.OpenDomain(self.samr_handle, security.SEC_FLAG_MAXIMUM_ALLOWED, self.domain_sid) self.addCleanup(self.delete_ldb_connections) # (Re)adds the test user accounts self.lockout1krb5_creds = self.insta_creds(self.template_creds, username="******", userpass="******", kerberos_state=MUST_USE_KERBEROS) self.lockout1krb5_ldb = self._readd_user(self.lockout1krb5_creds) self.lockout1ntlm_creds = self.insta_creds(self.template_creds, username="******", userpass="******", kerberos_state=DONT_USE_KERBEROS) self.lockout1ntlm_ldb = self._readd_user(self.lockout1ntlm_creds)
domains = toArray(samr.EnumDomains(handle, 0, -1)) print "Found {0:d} domains".format(len(domains)) for idx, domain in domains: print "\t{0!s} ({1:d})".format(display_lsa_string(domain), idx) for idx, domain in domains: print "Testing domain {0!s}".format(display_lsa_string(domain)) sid = samr.LookupDomain(handle, domain) dom_handle = test_OpenDomain(samr, handle, sid) test_domain_ops(samr, dom_handle) samr.Close(dom_handle) if len(sys.argv) != 2: print "Usage: samr.js <BINDING>" sys.exit(1) binding = sys.argv[1] print "Connecting to {0!s}".format(binding) try: samr = samr.samr(binding) except Exception, e: print "Failed to connect to {0!s}: {1!s}".format(binding, e.message) sys.exit(1) handle = test_Connect(samr) test_EnumDomains(samr, handle) samr.Close(handle) print "All OK"
def setUp(self): super(BasePasswordTestCase, self).setUp() self.global_creds.set_gensec_features( self.global_creds.get_gensec_features() | gensec.FEATURE_SEAL) self.template_creds = Credentials() self.template_creds.set_username("testuser") self.template_creds.set_password("thatsAcomplPASS1") self.template_creds.set_domain(self.global_creds.get_domain()) self.template_creds.set_realm(self.global_creds.get_realm()) self.template_creds.set_workstation( self.global_creds.get_workstation()) self.template_creds.set_gensec_features( self.global_creds.get_gensec_features()) self.template_creds.set_kerberos_state( self.global_creds.get_kerberos_state()) # Gets back the basedn base_dn = self.ldb.domain_dn() # Gets back the configuration basedn configuration_dn = self.ldb.get_config_basedn().get_linearized() res = self.ldb.search(base_dn, scope=SCOPE_BASE, attrs=[ "lockoutDuration", "lockOutObservationWindow", "lockoutThreshold" ]) if "lockoutDuration" in res[0]: lockoutDuration = res[0]["lockoutDuration"][0] else: lockoutDuration = 0 if "lockoutObservationWindow" in res[0]: lockoutObservationWindow = res[0]["lockoutObservationWindow"][0] else: lockoutObservationWindow = 0 if "lockoutThreshold" in res[0]: lockoutThreshold = res[0]["lockoutThreshold"][0] else: lockoutTreshold = 0 self.addCleanup( self.ldb.modify_ldif, """ dn: """ + base_dn + """ changetype: modify replace: lockoutDuration lockoutDuration: """ + str(lockoutDuration) + """ replace: lockoutObservationWindow lockoutObservationWindow: """ + str(lockoutObservationWindow) + """ replace: lockoutThreshold lockoutThreshold: """ + str(lockoutThreshold) + """ """) self.base_dn = self.ldb.domain_dn() # # Some test cases sleep() for self.account_lockout_duration # so allow it to be controlled via the subclass # if not hasattr(self, 'account_lockout_duration'): self.account_lockout_duration = 3 if not hasattr(self, 'lockout_observation_window'): self.lockout_observation_window = 3 self.update_lockout_settings( threshold=3, duration=self.account_lockout_duration, observation_window=self.lockout_observation_window) # update DC to allow password changes for the duration of this test self.allow_password_changes() self.domain_sid = security.dom_sid(self.ldb.get_domain_sid()) self.samr = samr.samr("ncacn_ip_tcp:%s[seal]" % self.host, self.lp, self.global_creds) self.samr_handle = self.samr.Connect2( None, security.SEC_FLAG_MAXIMUM_ALLOWED) self.samr_domain = self.samr.OpenDomain( self.samr_handle, security.SEC_FLAG_MAXIMUM_ALLOWED, self.domain_sid) self.addCleanup(self.delete_ldb_connections) # (Re)adds the test user accounts self.lockout1krb5_creds = self.insta_creds( self.template_creds, username="******", userpass="******", kerberos_state=MUST_USE_KERBEROS) self.lockout1krb5_ldb = self._readd_user(self.lockout1krb5_creds) self.lockout1ntlm_creds = self.insta_creds( self.template_creds, username="******", userpass="******", kerberos_state=DONT_USE_KERBEROS) self.lockout1ntlm_ldb = self._readd_user(self.lockout1ntlm_creds)
def setUp(self): self.conn = samr.samr("ncalrpc:", self.get_loadparm())
def setUp(self): super(BasePasswordTestCase, self).setUp() self.global_creds.set_gensec_features(self.global_creds.get_gensec_features() | gensec.FEATURE_SEAL) self.template_creds = Credentials() self.template_creds.set_username("testuser") self.template_creds.set_password("thatsAcomplPASS1") self.template_creds.set_domain(self.global_creds.get_domain()) self.template_creds.set_realm(self.global_creds.get_realm()) self.template_creds.set_workstation(self.global_creds.get_workstation()) self.template_creds.set_gensec_features(self.global_creds.get_gensec_features()) self.template_creds.set_kerberos_state(self.global_creds.get_kerberos_state()) # Gets back the basedn base_dn = self.ldb.domain_dn() # Gets back the configuration basedn configuration_dn = self.ldb.get_config_basedn().get_linearized() # Get the old "dSHeuristics" if it was set dsheuristics = self.ldb.get_dsheuristics() # Reset the "dSHeuristics" as they were before self.addCleanup(self.ldb.set_dsheuristics, dsheuristics) res = self.ldb.search(base_dn, scope=SCOPE_BASE, attrs=["lockoutDuration", "lockOutObservationWindow", "lockoutThreshold"]) if "lockoutDuration" in res[0]: lockoutDuration = res[0]["lockoutDuration"][0] else: lockoutDuration = 0 if "lockoutObservationWindow" in res[0]: lockoutObservationWindow = res[0]["lockoutObservationWindow"][0] else: lockoutObservationWindow = 0 if "lockoutThreshold" in res[0]: lockoutThreshold = res[0]["lockoutThreshold"][0] else: lockoutTreshold = 0 self.addCleanup(self.ldb.modify_ldif, """ dn: """ + base_dn + """ changetype: modify replace: lockoutDuration lockoutDuration: """ + str(lockoutDuration) + """ replace: lockoutObservationWindow lockoutObservationWindow: """ + str(lockoutObservationWindow) + """ replace: lockoutThreshold lockoutThreshold: """ + str(lockoutThreshold) + """ """) m = Message() m.dn = Dn(self.ldb, base_dn) self.account_lockout_duration = 2 account_lockout_duration_ticks = -int(self.account_lockout_duration * (1e7)) m["lockoutDuration"] = MessageElement(str(account_lockout_duration_ticks), FLAG_MOD_REPLACE, "lockoutDuration") account_lockout_threshold = 3 m["lockoutThreshold"] = MessageElement(str(account_lockout_threshold), FLAG_MOD_REPLACE, "lockoutThreshold") self.lockout_observation_window = 2 lockout_observation_window_ticks = -int(self.lockout_observation_window * (1e7)) m["lockOutObservationWindow"] = MessageElement(str(lockout_observation_window_ticks), FLAG_MOD_REPLACE, "lockOutObservationWindow") self.ldb.modify(m) # Set the "dSHeuristics" to activate the correct "userPassword" behaviour self.ldb.set_dsheuristics("000000001") # Get the old "minPwdAge" minPwdAge = self.ldb.get_minPwdAge() # Reset the "minPwdAge" as it was before self.addCleanup(self.ldb.set_minPwdAge, minPwdAge) # Set it temporarely to "0" self.ldb.set_minPwdAge("0") self.base_dn = self.ldb.domain_dn() self.domain_sid = security.dom_sid(self.ldb.get_domain_sid()) self.samr = samr.samr("ncacn_ip_tcp:%s[seal]" % self.host, self.lp, self.global_creds) self.samr_handle = self.samr.Connect2(None, security.SEC_FLAG_MAXIMUM_ALLOWED) self.samr_domain = self.samr.OpenDomain(self.samr_handle, security.SEC_FLAG_MAXIMUM_ALLOWED, self.domain_sid) self.addCleanup(self.delete_ldb_connections) # (Re)adds the test user accounts self.lockout1krb5_creds = self.insta_creds(self.template_creds, username="******", userpass="******", kerberos_state=MUST_USE_KERBEROS) self.lockout1krb5_ldb = self._readd_user(self.lockout1krb5_creds) self.lockout1ntlm_creds = self.insta_creds(self.template_creds, username="******", userpass="******", kerberos_state=DONT_USE_KERBEROS) self.lockout1ntlm_ldb = self._readd_user(self.lockout1ntlm_creds)
creds = credopts.get_credentials(lp) realm = lp.get('realm') net = Net(creds) cldap_ret = net.finddc(domain=realm, flags=(nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS | nbt.NBT_SERVER_WRITABLE)) host = cldap_ret.pdc_dns_name ldb = samdb.SamDB(url='ldap://%s' % host, lp=lp, credentials=creds, session_info=system_session()) domain_sid = security.dom_sid(ldb.get_domain_sid()) s = samr.samr("ncacn_ip_tcp:%s[seal]" % host, lp, creds) samr_handle = s.Connect2(None, security.SEC_FLAG_MAXIMUM_ALLOWED) samr_domain = s.OpenDomain(samr_handle, security.SEC_FLAG_MAXIMUM_ALLOWED, domain_sid) try: (rids, _) = s.LookupNames(samr_domain, [lsa.String(opts.name)]) except NTSTATUSError: print('%s not found!' % opts.name) exit(1) samr_user = s.OpenUser(samr_domain, security.SEC_FLAG_MAXIMUM_ALLOWED, rids.ids[0]) flags = samr.UserInfo16() flags.acct_flags = samr.ACB_PWNOEXP | samr.ACB_WSTRUST s.SetUserInfo2(samr_user, 16, flags)
def setUp(self): super(SamrTests, self).setUp() self.conn = samr.samr("ncalrpc:", self.get_loadparm()) self.open_samdb() self.open_domain_handle()
import samba.dcerpc.lsa as lsa import samba.dcerpc.samr as samr import samba.dcerpc.winreg as winreg domname = lsa.String() domname.string = u'DOMAIN' con = samr.samr('ncalrpc:', 'samba/etc/smb.conf') h = con.Connect(0, 0xFFFFFFF) sid = con.LookupDomain(h, domname) print sid con.Close(h) from samba.tests import RpcInterfaceTestCase class WinregTests(RpcInterfaceTestCase): def setUp(self): self.conn = winreg.winreg('ncalrpc:', self.get_loadparm(), self.get_credentials()) def testhklm(self): handle = self.conn.OpenHKLM( None, winreg.KEY_QUERY_VALUE | winreg.KEY_ENUMERATE_SUB_KEYS) self.conn.CloseKey(handle)