3 # create a domain trust
6 from optparse
import OptionParser
8 sys
.path
.insert(0, "bin/python")
11 import samba
.getopt
as options
12 from samba
.dcerpc
import lsa
, security
, drsblobs
13 from samba
.ndr
import ndr_pack
14 from samba
import arcfour_encrypt
, string_to_byte_array
17 ########### main code ###########
18 if __name__
== "__main__":
19 parser
= OptionParser("createtrust [options] server")
20 sambaopts
= options
.SambaOptions(parser
)
21 credopts
= options
.CredentialsOptionsDouble(parser
)
22 parser
.add_option_group(credopts
)
24 (opts
, args
) = parser
.parse_args()
26 lp
= sambaopts
.get_loadparm()
27 creds
= credopts
.get_credentials(lp
)
30 parser
.error("You must supply a server")
32 if not creds
.authentication_requested():
33 parser
.error("You must supply credentials")
37 binding_str
= "ncacn_np:%s[print]" % server
39 lsaconn
= lsa
.lsarpc(binding_str
, lp
, creds
)
41 objectAttr
= lsa
.ObjectAttribute()
42 objectAttr
.sec_qos
= lsa
.QosInfo()
44 pol_handle
= lsaconn
.OpenPolicy2(''.decode('utf-8'),
45 objectAttr
, security
.SEC_FLAG_MAXIMUM_ALLOWED
)
48 name
.string
= "sub2.win2k3.obed.home.abartlet.net"
50 info
= lsaconn
.QueryTrustedDomainInfoByName(pol_handle
, name
, lsa
.LSA_TRUSTED_DOMAIN_INFO_FULL_INFO
)
52 lsaconn
.DeleteTrustedDomain(pol_handle
, info
.info_ex
.sid
)
56 info
= lsa
.TrustDomainInfoInfoEx()
57 info
.domain_name
.string
= "sub2.win2k3.obed.home.abartlet.net"
58 info
.netbios_name
.string
= "sub2"
59 info
.sid
= security
.dom_sid("S-1-5-21-538090388-3760119675-95745416")
60 info
.trust_direction
= lsa
.LSA_TRUST_DIRECTION_INBOUND | lsa
.LSA_TRUST_DIRECTION_OUTBOUND
61 info
.trust_type
= lsa
.LSA_TRUST_TYPE_UPLEVEL
62 info
.trust_attributes
= lsa
.LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
64 password_blob
= string_to_byte_array("password".encode('utf-16-le'))
66 clear_value
= drsblobs
.AuthInfoClear()
67 clear_value
.size
= len(password_blob
)
68 clear_value
.password
= password_blob
70 clear_authentication_information
= drsblobs
.AuthenticationInformation()
71 clear_authentication_information
.LastUpdateTime
= 0
72 clear_authentication_information
.AuthType
= lsa
.TRUST_AUTH_TYPE_CLEAR
73 clear_authentication_information
.AuthInfo
= clear_value
75 version_value
= drsblobs
.AuthInfoVersion()
76 version_value
.version
= 1
78 version
= drsblobs
.AuthenticationInformation()
79 version
.LastUpdateTime
= 0
80 version
.AuthType
= lsa
.TRUST_AUTH_TYPE_VERSION
81 version
.AuthInfo
= version_value
83 authentication_information_array
= drsblobs
.AuthenticationInformationArray()
84 authentication_information_array
.count
= 2
85 authentication_information_array
.array
= [clear_authentication_information
, version
]
87 outgoing
= drsblobs
.trustAuthInOutBlob()
89 outgoing
.current
= authentication_information_array
91 trustpass
= drsblobs
.trustDomainPasswords()
92 confounder
= [3] * 512
95 confounder
[i
] = random
.randint(0, 255)
97 trustpass
.confounder
= confounder
99 # print "confounder: ", trustpass.confounder
101 trustpass
.outgoing
= outgoing
102 trustpass
.incoming
= outgoing
104 trustpass_blob
= ndr_pack(trustpass
)
106 # print "trustpass_blob: ", list(trustpass_blob)
108 encrypted_trustpass
= arcfour_encrypt(lsaconn
.session_key
, trustpass_blob
)
110 # print "encrypted_trustpass: ", list(encrypted_trustpass)
112 auth_blob
= lsa
.DATA_BUF2()
113 auth_blob
.size
= len(encrypted_trustpass
)
114 auth_blob
.data
= string_to_byte_array(encrypted_trustpass
)
116 auth_info
= lsa
.TrustDomainInfoAuthInfoInternal()
117 auth_info
.auth_blob
= auth_blob
120 # print "auth_info.auth_blob.data: ", auth_info.auth_blob.data
122 trustdom_handle
= lsaconn
.CreateTrustedDomainEx2(pol_handle
,
125 security
.SEC_STD_DELETE
)