本文整理汇总了Python中samba.ndr.ndr_unpack函数的典型用法代码示例。如果您正苦于以下问题:Python ndr_unpack函数的具体用法?Python ndr_unpack怎么用?Python ndr_unpack使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了ndr_unpack函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: operation_79
def operation_79(self, op):
if self.update_exists(op):
return
self.raise_if_not_fix(op)
ace = "(OA;CIIO;WP;ea1b7b93-5e48-46d5-bc6c-4df4fda78a35;bf967a86-0de6-11d0-a285-00aa003049e2;PS)"
res = self.samdb.search(expression="(objectClass=samDomain)",
attrs=["nTSecurityDescriptor"],
controls=["search_options:1:2"])
for msg in res:
existing_sd = ndr_unpack(security.descriptor,
msg["nTSecurityDescriptor"][0])
existing_sddl = existing_sd.as_sddl(self.domain_sid)
self.insert_ace_into_dacl(msg.dn, existing_sddl, ace)
res = self.samdb.search(expression="(objectClass=domainDNS)",
attrs=["nTSecurityDescriptor"],
controls=["search_options:1:2"])
for msg in res:
existing_sd = ndr_unpack(security.descriptor,
msg["nTSecurityDescriptor"][0])
existing_sddl = existing_sd.as_sddl(self.domain_sid)
self.insert_ace_into_dacl(msg.dn, existing_sddl, ace)
if self.add_update_container:
self.update_add(op)示例2: operation_81
def operation_81(self, op):
if self.update_exists(op):
return
self.raise_if_not_fix(op)
ace = "(OA;CIOI;RPWP;3f78c3e5-f79a-46bd-a0b8-9d18116ddc79;;PS)"
res = self.samdb.search(expression="(objectClass=samDomain)",
attrs=["nTSecurityDescriptor"],
controls=["search_options:1:2"])
for msg in res:
existing_sd = ndr_unpack(security.descriptor,
msg["nTSecurityDescriptor"][0])
existing_sddl = existing_sd.as_sddl(self.domain_sid)
self.insert_ace_into_dacl(msg.dn, existing_sddl, ace)
res = self.samdb.search(expression="(objectClass=domainDNS)",
attrs=["nTSecurityDescriptor"],
controls=["search_options:1:2"])
for msg in res:
existing_sd = ndr_unpack(security.descriptor,
msg["nTSecurityDescriptor"][0])
existing_sddl = existing_sd.as_sddl(self.domain_sid)
self.insert_ace_into_dacl(msg.dn, existing_sddl, ace)
if self.add_update_container:
self.update_add(op)示例3: test_dirsync_deleted_items
def test_dirsync_deleted_items(self):
"""Check that dirsync returnd deleted objects too"""
# Let's create an OU
ouname="OU=testou3,%s" % self.base_dn
self.ouname = ouname
self.ldb_admin.create_ou(ouname)
res = self.ldb_admin.search(self.base_dn,
expression="(&(objectClass=organizationalUnit)(!(isDeleted=*)))",
controls=["dirsync:1:0:1"])
guid = None
for e in res:
if str(e["name"]) == "testou3":
guid = str(ndr_unpack(misc.GUID,e.get("objectGUID")[0]))
ctl = str(res.controls[0]).split(":")
ctl[1] = "1"
ctl[2] = "0"
ctl[3] = "10000"
control1 = str(":".join(ctl))
# So now delete the object and check that
# we can see the object but deleted when admin
delete_force(self.ldb_admin, ouname)
res = self.ldb_admin.search(self.base_dn,
expression="(objectClass=organizationalUnit)",
controls=[control1])
self.assertEqual(len(res), 1)
guid2 = str(ndr_unpack(misc.GUID,res[0].get("objectGUID")[0]))
self.assertEqual(guid2, guid)
self.assertTrue(res[0].get("isDeleted"))
self.assertTrue(res[0].get("name") != None)示例4: setUp
def setUp(self):
super(DynamicTokenTest, self).setUp()
self.admin_ldb = SamDB(url, credentials=creds, session_info=system_session(lp), lp=lp)
self.base_dn = self.admin_ldb.domain_dn()
self.test_user = "tokengroups_user1"
self.test_user_pass = "[email protected]"
self.admin_ldb.newuser(self.test_user, self.test_user_pass)
self.test_group0 = "tokengroups_group0"
self.admin_ldb.newgroup(self.test_group0, grouptype=dsdb.GTYPE_SECURITY_DOMAIN_LOCAL_GROUP)
res = self.admin_ldb.search(base="cn=%s,cn=users,%s" % (self.test_group0, self.base_dn),
attrs=["objectSid"], scope=ldb.SCOPE_BASE)
self.test_group0_sid = ndr_unpack(samba.dcerpc.security.dom_sid, res[0]["objectSid"][0])
self.admin_ldb.add_remove_group_members(self.test_group0, [self.test_user],
add_members_operation=True)
self.test_group1 = "tokengroups_group1"
self.admin_ldb.newgroup(self.test_group1, grouptype=dsdb.GTYPE_SECURITY_GLOBAL_GROUP)
res = self.admin_ldb.search(base="cn=%s,cn=users,%s" % (self.test_group1, self.base_dn),
attrs=["objectSid"], scope=ldb.SCOPE_BASE)
self.test_group1_sid = ndr_unpack(samba.dcerpc.security.dom_sid, res[0]["objectSid"][0])
self.admin_ldb.add_remove_group_members(self.test_group1, [self.test_user],
add_members_operation=True)
self.test_group2 = "tokengroups_group2"
self.admin_ldb.newgroup(self.test_group2, grouptype=dsdb.GTYPE_SECURITY_UNIVERSAL_GROUP)
res = self.admin_ldb.search(base="cn=%s,cn=users,%s" % (self.test_group2, self.base_dn),
attrs=["objectSid"], scope=ldb.SCOPE_BASE)
self.test_group2_sid = ndr_unpack(samba.dcerpc.security.dom_sid, res[0]["objectSid"][0])
self.admin_ldb.add_remove_group_members(self.test_group2, [self.test_user],
add_members_operation=True)
self.ldb = self.get_ldb_connection(self.test_user, self.test_user_pass)
res = self.ldb.search("", scope=ldb.SCOPE_BASE, attrs=["tokenGroups"])
self.assertEquals(len(res), 1)
self.user_sid_dn = "<SID=%s>" % str(ndr_unpack(samba.dcerpc.security.dom_sid, res[0]["tokenGroups"][0]))
res = self.ldb.search(self.user_sid_dn, scope=ldb.SCOPE_BASE, attrs=[])
self.assertEquals(len(res), 1)
self.test_user_dn = res[0].dn
session_info_flags = ( AUTH_SESSION_INFO_DEFAULT_GROUPS |
AUTH_SESSION_INFO_AUTHENTICATED |
AUTH_SESSION_INFO_SIMPLE_PRIVILEGES)
session = samba.auth.user_session(self.ldb, lp_ctx=lp, dn=self.user_sid_dn,
session_info_flags=session_info_flags)
token = session.security_token
self.user_sids = []
for s in token.sids:
self.user_sids.append(str(s))示例5: _get_identifier
def _get_identifier(self, ldb_conn, dn):
res = ldb_conn.search(dn, scope=ldb.SCOPE_BASE,
attrs=["objectGUID", "objectSid"])
id = drsuapi.DsReplicaObjectIdentifier()
id.guid = ndr_unpack(misc.GUID, res[0]['objectGUID'][0])
if "objectSid" in res[0]:
id.sid = ndr_unpack(security.dom_sid, res[0]['objectSid'][0])
id.dn = str(res[0].dn)
return id示例6: _check_ctr6
def _check_ctr6(self, ctr6, expected_dns=[], expected_links=[],
dn_ordered=True, links_ordered=True,
more_data=False, nc_object_count=0,
nc_linked_attributes_count=0, drs_error=0):
"""
Check that a ctr6 matches the specified parameters.
"""
self.assertEqual(ctr6.object_count, len(expected_dns))
self.assertEqual(ctr6.linked_attributes_count, len(expected_links))
self.assertEqual(ctr6.more_data, more_data)
self.assertEqual(ctr6.nc_object_count, nc_object_count)
self.assertEqual(ctr6.nc_linked_attributes_count, nc_linked_attributes_count)
self.assertEqual(ctr6.drs_error[0], drs_error)
ctr6_dns = []
next_object = ctr6.first_object
for i in range(0, ctr6.object_count):
ctr6_dns.append(next_object.object.identifier.dn)
next_object = next_object.next_object
self.assertEqual(next_object, None)
i = 0
for dn in expected_dns:
# Expect them back in the exact same order as specified.
if dn_ordered:
self.assertNotEqual(ctr6_dns[i], None)
self.assertEqual(ctr6_dns[i], dn)
i = i + 1
# Don't care what order
else:
self.assertTrue(dn in ctr6_dns, "Couldn't find DN '%s' anywhere in ctr6 response." % dn)
ctr6_links = []
expected_links.sort()
lidx = 0
for lidx in range(0, ctr6.linked_attributes_count):
l = ctr6.linked_attributes[lidx]
try:
target = ndr_unpack(drsuapi.DsReplicaObjectIdentifier3,
l.value.blob)
except:
target = ndr_unpack(drsuapi.DsReplicaObjectIdentifier3Binary,
l.value.blob)
al = AbstractLink(l.attid, l.flags,
l.identifier.guid,
target.guid)
ctr6_links.append(al)
lidx = 0
for el in expected_links:
if links_ordered:
self.assertEqual(el, ctr6_links[lidx])
lidx += 1
else:
self.assertTrue(el in ctr6_links, "Couldn't find link '%s' anywhere in ctr6 response." % el)示例7: test_userPassword_cleartext_sha256
def test_userPassword_cleartext_sha256(self):
self.add_user(clear_text=True,
options=[("password hash userPassword schemes",
"CryptSHA256:rounds=100")])
sc = self.get_supplemental_creds()
# Check that we got all the expected supplemental credentials
# And they are in the expected order.
size = len(sc.sub.packages)
self.assertEquals(6, size)
(pos, package) = get_package(sc, "Primary:Kerberos-Newer-Keys")
self.assertEquals(1, pos)
self.assertEquals("Primary:Kerberos-Newer-Keys", package.name)
(pos, package) = get_package(sc, "Primary:Kerberos")
self.assertEquals(2, pos)
self.assertEquals("Primary:Kerberos", package.name)
(pos, wd_package) = get_package(sc, "Primary:WDigest")
self.assertEquals(3, pos)
self.assertEquals("Primary:WDigest", wd_package.name)
(pos, ct_package) = get_package(sc, "Primary:CLEARTEXT")
self.assertEquals(4, pos)
self.assertEquals("Primary:CLEARTEXT", ct_package.name)
(pos, package) = get_package(sc, "Packages")
self.assertEquals(5, pos)
self.assertEquals("Packages", package.name)
(pos, up_package) = get_package(sc, "Primary:userPassword")
self.assertEquals(6, pos)
self.assertEquals("Primary:userPassword", up_package.name)
# Check that the WDigest values are correct.
#
digests = ndr_unpack(drsblobs.package_PrimaryWDigestBlob,
binascii.a2b_hex(wd_package.data))
self.check_wdigests(digests)
# Check the clear text value is correct.
ct = ndr_unpack(drsblobs.package_PrimaryCLEARTEXTBlob,
binascii.a2b_hex(ct_package.data))
self.assertEquals(USER_PASS.encode('utf-16-le'), ct.cleartext)
# Check that the userPassword hashes are computed correctly
#
up = ndr_unpack(drsblobs.package_PrimaryUserPasswordBlob,
binascii.a2b_hex(up_package.data))
self.checkUserPassword(up, [("{CRYPT}", "5",100 )])
self.checkNtHash(USER_PASS, up.current_nt_hash.hash)示例8: test_userPassword_multiple_hashes_rounds_specified
def test_userPassword_multiple_hashes_rounds_specified(self):
self.add_user(options=[(
"password hash userPassword schemes",
"CryptSHA512:rounds=5120 CryptSHA256:rounds=2560 CryptSHA512:rounds=5122")])
sc = self.get_supplemental_creds()
# Check that we got all the expected supplemental credentials
# And they are in the expected order.
size = len(sc.sub.packages)
self.assertEquals(6, size)
(pos, package) = get_package(sc, "Primary:Kerberos-Newer-Keys")
self.assertEquals(1, pos)
self.assertEquals("Primary:Kerberos-Newer-Keys", package.name)
(pos, package) = get_package(sc, "Primary:Kerberos")
self.assertEquals(2, pos)
self.assertEquals("Primary:Kerberos", package.name)
(pos, wp_package) = get_package(sc, "Primary:WDigest")
self.assertEquals(3, pos)
self.assertEquals("Primary:WDigest", wp_package.name)
(pos, up_package) = get_package(sc, "Primary:userPassword")
self.assertEquals(4, pos)
self.assertEquals("Primary:userPassword", up_package.name)
(pos, package) = get_package(sc, "Packages")
self.assertEquals(5, pos)
self.assertEquals("Packages", package.name)
(pos, package) = get_package(sc, "Primary:SambaGPG")
self.assertEquals(6, pos)
self.assertEquals("Primary:SambaGPG", package.name)
# Check that the WDigest values are correct.
#
digests = ndr_unpack(drsblobs.package_PrimaryWDigestBlob,
binascii.a2b_hex(wp_package.data))
self.check_wdigests(digests)
# Check that the userPassword hashes are computed correctly
# Expect three hashes to be calculated
up = ndr_unpack(drsblobs.package_PrimaryUserPasswordBlob,
binascii.a2b_hex(up_package.data))
self.checkUserPassword(up, [
("{CRYPT}", "6", 5120),
("{CRYPT}", "5", 2560),
("{CRYPT}", "6", 5122)
])
self.checkNtHash(USER_PASS, up.current_nt_hash.hash)示例9: setUp
def setUp(self):
super(UserAccountControlTests, self).setUp()
self.admin_creds = creds
self.admin_samdb = SamDB(url=ldaphost,
session_info=system_session(),
credentials=self.admin_creds, lp=lp)
self.domain_sid = security.dom_sid(self.admin_samdb.get_domain_sid())
self.base_dn = self.admin_samdb.domain_dn()
self.unpriv_user = "testuser1"
self.unpriv_user_pw = "[email protected]"
self.unpriv_creds = self.get_creds(self.unpriv_user, self.unpriv_user_pw)
delete_force(self.admin_samdb, "CN=testcomputer-t,OU=test_computer_ou1,%s" % (self.base_dn))
delete_force(self.admin_samdb, "OU=test_computer_ou1,%s" % (self.base_dn))
delete_force(self.admin_samdb, "CN=%s,CN=Users,%s" % (self.unpriv_user, self.base_dn))
self.admin_samdb.newuser(self.unpriv_user, self.unpriv_user_pw)
res = self.admin_samdb.search("CN=%s,CN=Users,%s" % (self.unpriv_user, self.admin_samdb.domain_dn()),
scope=SCOPE_BASE,
attrs=["objectSid"])
self.assertEqual(1, len(res))
self.unpriv_user_sid = ndr_unpack(security.dom_sid, res[0]["objectSid"][0])
self.unpriv_user_dn = res[0].dn
self.samdb = SamDB(url=ldaphost, credentials=self.unpriv_creds, lp=lp)
self.samr = samr.samr("ncacn_ip_tcp:%s[seal]" % host, lp, self.unpriv_creds)
self.samr_handle = self.samr.Connect2(None, security.SEC_FLAG_MAXIMUM_ALLOWED)
self.samr_domain = self.samr.OpenDomain(self.samr_handle, security.SEC_FLAG_MAXIMUM_ALLOWED, self.domain_sid)
self.sd_utils = sd_utils.SDUtils(self.admin_samdb)
self.admin_samdb.create_ou("OU=test_computer_ou1," + self.base_dn)
self.unpriv_user_sid = self.sd_utils.get_object_sid(self.unpriv_user_dn)
mod = "(OA;;CC;bf967a86-0de6-11d0-a285-00aa003049e2;;%s)" % str(self.unpriv_user_sid)
old_sd = self.sd_utils.read_sd_on_dn("OU=test_computer_ou1," + self.base_dn)
self.sd_utils.dacl_add_ace("OU=test_computer_ou1," + self.base_dn, mod)
self.add_computer_ldap("testcomputer-t")
self.sd_utils.modify_sd_on_dn("OU=test_computer_ou1," + self.base_dn, old_sd)
self.computernames = ["testcomputer-0"]
# Get the SD of the template account, then force it to match
# what we expect for SeMachineAccountPrivilege accounts, so we
# can confirm we created the accounts correctly
self.sd_reference_cc = self.sd_utils.read_sd_on_dn("CN=testcomputer-t,OU=test_computer_ou1,%s" % (self.base_dn))
self.sd_reference_modify = self.sd_utils.read_sd_on_dn("CN=testcomputer-t,OU=test_computer_ou1,%s" % (self.base_dn))
for ace in self.sd_reference_modify.dacl.aces:
if ace.type == security.SEC_ACE_TYPE_ACCESS_ALLOWED and ace.trustee == self.unpriv_user_sid:
ace.access_mask = ace.access_mask | security.SEC_ADS_SELF_WRITE | security.SEC_ADS_WRITE_PROP
# Now reconnect without domain admin rights
self.samdb = SamDB(url=ldaphost, credentials=self.unpriv_creds, lp=lp)示例10: _samdb_fetch_pfm_and_schi
def _samdb_fetch_pfm_and_schi(self):
"""Fetch prefixMap and schemaInfo stored in SamDB using LDB connection"""
samdb = self.ldb_dc1
res = samdb.search(base=samdb.get_schema_basedn(), scope=SCOPE_BASE,
attrs=["prefixMap", "schemaInfo"])
pfm = ndr_unpack(drsblobs.prefixMapBlob,
str(res[0]['prefixMap']))
schi = drsuapi.DsReplicaOIDMapping()
schi.id_prefix = 0
if 'schemaInfo' in res[0]:
schi.oid.length = len(map(ord, str(res[0]['schemaInfo'])))
schi.oid.binary_oid = map(ord, str(res[0]['schemaInfo']))
else:
schema_info = drsblobs.schemaInfoBlob()
schema_info.revision = 0
schema_info.marker = 0xFF
schema_info.invocation_id = misc.GUID(samdb.get_invocation_id())
schi.oid.length = len(map(ord, ndr_pack(schema_info)))
schi.oid.binary_oid = map(ord, ndr_pack(schema_info))
pfm.ctr.mappings = pfm.ctr.mappings + [schi]
pfm.ctr.num_mappings += 1
return pfm.ctr示例11: read_descriptor
def read_descriptor(self, samdb, object_dn):
res = samdb.search(base=object_dn, scope=SCOPE_BASE,
attrs=["nTSecurityDescriptor"])
# we should theoretically always have an SD
assert(len(res) == 1)
desc = res[0]["nTSecurityDescriptor"][0]
return ndr_unpack(security.descriptor, desc)示例12: test_double_forwarder_both_slow
def test_double_forwarder_both_slow(self):
if len(dns_servers) < 2:
print "Ignoring test_double_forwarder_both_slow"
return
s1 = self.start_toy_server(dns_servers[0], 53, 'forwarder1')
s2 = self.start_toy_server(dns_servers[1], 53, 'forwarder2')
s1.send('timeout 1.5', 0)
s2.send('timeout 1.5', 0)
ad = contact_real_server(server_ip, 53)
name = "dsfsfds.dsfsdfs"
p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
questions = []
q = self.make_name_question(name, dns.DNS_QTYPE_CNAME,
dns.DNS_QCLASS_IN)
questions.append(q)
self.finish_name_packet(p, questions)
p.operation |= dns.DNS_FLAG_RECURSION_DESIRED
send_packet = ndr.ndr_pack(p)
ad.send(send_packet, 0)
ad.settimeout(timeout)
try:
data = ad.recv(0xffff + 2, 0)
data = ndr.ndr_unpack(dns.name_packet, data)
self.assert_dns_rcode_equals(data, dns.DNS_RCODE_OK)
self.assertEqual('forwarder1', data.answers[0].rdata)
except socket.timeout:
self.fail("DNS server is too slow (timeout %s)" % timeout)示例13: run
def run(self, gpo, H=None, sambaopts=None, credopts=None, versionopts=None):
self.lp = sambaopts.get_loadparm()
self.creds = credopts.get_credentials(self.lp, fallback_machine=True)
self.url = dc_url(self.lp, self.creds, H)
samdb_connect(self)
try:
msg = get_gpo_info(self.samdb, gpo)[0]
except Exception:
raise CommandError("GPO '%s' does not exist" % gpo)
try:
secdesc_ndr = msg['nTSecurityDescriptor'][0]
secdesc = ndr_unpack(security.descriptor, secdesc_ndr)
secdesc_sddl = secdesc.as_sddl()
except Exception:
secdesc_sddl = "<hidden>"
self.outf.write("GPO : %s\n" % msg['name'][0])
self.outf.write("display name : %s\n" % msg['displayName'][0])
self.outf.write("path : %s\n" % msg['gPCFileSysPath'][0])
self.outf.write("dn : %s\n" % msg.dn)
self.outf.write("version : %s\n" % attr_default(msg, 'versionNumber', '0'))
self.outf.write("flags : %s\n" % gpo_flags_string(int(attr_default(msg, 'flags', 0))))
self.outf.write("ACL : %s\n" % secdesc_sddl)
self.outf.write("\n")示例14: get_attribute_replmetadata_version
def get_attribute_replmetadata_version(self, dn, att):
"""Get the version field trom the replPropertyMetaData for
the given field
:param dn: The on which we want to get the version
:param att: The name of the attribute
:return: The value of the version field in the replPropertyMetaData
for the given attribute. None if the attribute is not replicated
"""
res = self.search(expression="distinguishedName=%s" % dn,
scope=ldb.SCOPE_SUBTREE,
controls=["search_options:1:2"],
attrs=["replPropertyMetaData"])
if len(res) == 0:
return None
repl = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
str(res[0]["replPropertyMetaData"]))
ctr = repl.ctr
if len(self.hash_oid_name.keys()) == 0:
self._populate_oid_attid()
for o in ctr.array:
# Search for Description
att_oid = self.get_oid_from_attid(o.attid)
if self.hash_oid_name.has_key(att_oid) and\
att.lower() == self.hash_oid_name[att_oid].lower():
return o.version
return None示例15: check_rootdse
def check_rootdse(self):
'''check the @ROOTDSE special object'''
dn = ldb.Dn(self.samdb, '@ROOTDSE')
if self.verbose:
self.report("Checking object %s" % dn)
res = self.samdb.search(base=dn, scope=ldb.SCOPE_BASE)
if len(res) != 1:
self.report("Object %s disappeared during check" % dn)
return 1
obj = res[0]
error_count = 0
# check that the dsServiceName is in GUID form
if not 'dsServiceName' in obj:
self.report('ERROR: dsServiceName missing in @ROOTDSE')
return error_count+1
if not obj['dsServiceName'][0].startswith('<GUID='):
self.report('ERROR: dsServiceName not in GUID form in @ROOTDSE')
error_count += 1
if not self.confirm('Change dsServiceName to GUID form?'):
return error_count
res = self.samdb.search(base=ldb.Dn(self.samdb, obj['dsServiceName'][0]),
scope=ldb.SCOPE_BASE, attrs=['objectGUID'])
guid_str = str(ndr_unpack(misc.GUID, res[0]['objectGUID'][0]))
m = ldb.Message()
m.dn = dn
m['dsServiceName'] = ldb.MessageElement("<GUID=%s>" % guid_str,
ldb.FLAG_MOD_REPLACE, 'dsServiceName')
if self.do_modify(m, [], "Failed to change dsServiceName to GUID form", validate=False):
self.report("Changed dsServiceName to GUID form")
return error_count