source: vendor/current/source4/scripting/devel/createtrust

Last change on this file was 988, checked in by Silvan Scherrer, 9 years ago

Samba Server: update vendor to version 4.4.3
File size: 4.0 KB
Line 
1#!/usr/bin/env python
2
3# create a domain trust
4
5import sys
6from optparse import OptionParser
7
8sys.path.insert(0, "bin/python")
9
10import samba
11import samba.getopt as options
12from samba.dcerpc import lsa, security, drsblobs
13from samba.ndr import ndr_pack
14from samba import arcfour_encrypt, string_to_byte_array
15import random
16
17########### main code ###########
18if __name__ == "__main__":
19 parser = OptionParser("createtrust [options] server")
20 sambaopts = options.SambaOptions(parser)
21 credopts = options.CredentialsOptionsDouble(parser)
22 parser.add_option_group(credopts)
23
24 (opts, args) = parser.parse_args()
25
26 lp = sambaopts.get_loadparm()
27 creds = credopts.get_credentials(lp)
28
29 if len(args) != 1:
30 parser.error("You must supply a server")
31
32 if not creds.authentication_requested():
33 parser.error("You must supply credentials")
34
35 server = args[0]
36
37 binding_str = "ncacn_np:%s[print]" % server
38
39 lsaconn = lsa.lsarpc(binding_str, lp, creds)
40
41 objectAttr = lsa.ObjectAttribute()
42 objectAttr.sec_qos = lsa.QosInfo()
43
44 pol_handle = lsaconn.OpenPolicy2(''.decode('utf-8'),
45 objectAttr, security.SEC_FLAG_MAXIMUM_ALLOWED)
46
47 name = lsa.String()
48 name.string = "sub2.win2k3.obed.home.abartlet.net"
49 try:
50 info = lsaconn.QueryTrustedDomainInfoByName(pol_handle, name, lsa.LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)
51
52 lsaconn.DeleteTrustedDomain(pol_handle, info.info_ex.sid)
53 except RuntimeError:
54 pass
55
56 info = lsa.TrustDomainInfoInfoEx()
57 info.domain_name.string = "sub2.win2k3.obed.home.abartlet.net"
58 info.netbios_name.string = "sub2"
59 info.sid = security.dom_sid("S-1-5-21-538090388-3760119675-95745416")
60 info.trust_direction = lsa.LSA_TRUST_DIRECTION_INBOUND | lsa.LSA_TRUST_DIRECTION_OUTBOUND
61 info.trust_type = lsa.LSA_TRUST_TYPE_UPLEVEL
62 info.trust_attributes = lsa.LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
63
64 password_blob = string_to_byte_array("password".encode('utf-16-le'))
65
66 clear_value = drsblobs.AuthInfoClear()
67 clear_value.size = len(password_blob)
68 clear_value.password = password_blob
69
70 clear_authentication_information = drsblobs.AuthenticationInformation()
71 clear_authentication_information.LastUpdateTime = 0
72 clear_authentication_information.AuthType = lsa.TRUST_AUTH_TYPE_CLEAR
73 clear_authentication_information.AuthInfo = clear_value
74
75 version_value = drsblobs.AuthInfoVersion()
76 version_value.version = 1
77
78 version = drsblobs.AuthenticationInformation()
79 version.LastUpdateTime = 0
80 version.AuthType = lsa.TRUST_AUTH_TYPE_VERSION
81 version.AuthInfo = version_value
82
83 authentication_information_array = drsblobs.AuthenticationInformationArray()
84 authentication_information_array.count = 2
85 authentication_information_array.array = [clear_authentication_information, version]
86
87 outgoing = drsblobs.trustAuthInOutBlob()
88 outgoing.count = 1
89 outgoing.current = authentication_information_array
90
91 trustpass = drsblobs.trustDomainPasswords()
92 confounder = [3] * 512
93
94 for i in range(512):
95 confounder[i] = random.randint(0, 255)
96
97 trustpass.confounder = confounder
98
99# print "confounder: ", trustpass.confounder
100
101 trustpass.outgoing = outgoing
102 trustpass.incoming = outgoing
103
104 trustpass_blob = ndr_pack(trustpass)
105
106# print "trustpass_blob: ", list(trustpass_blob)
107
108 encrypted_trustpass = arcfour_encrypt(lsaconn.session_key, trustpass_blob)
109
110# print "encrypted_trustpass: ", list(encrypted_trustpass)
111
112 auth_blob = lsa.DATA_BUF2()
113 auth_blob.size = len(encrypted_trustpass)
114 auth_blob.data = string_to_byte_array(encrypted_trustpass)
115
116 auth_info = lsa.TrustDomainInfoAuthInfoInternal()
117 auth_info.auth_blob = auth_blob
118
119
120# print "auth_info.auth_blob.data: ", auth_info.auth_blob.data
121
122 trustdom_handle = lsaconn.CreateTrustedDomainEx2(pol_handle,
123 info,
124 auth_info,
125 security.SEC_STD_DELETE)
Note: See TracBrowser for help on using the repository browser.