search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4:librpc/rpc: don't do async requests if gensec doesn't support async replies (bug...
[Samba/gebeck_regimport.git] / source4 / scripting / devel / repl_cleartext_pwd.py
blob5eebc8689de59a284b929af279cb53981c062cea
1 #!/usr/bin/env python
2 #
3 # Copyright Stefan Metzmacher 2011-2012
4 #
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
9 #
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
14 #
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
17 #
18 # This is useful to sync passwords from an AD domain.
19 #
20 # $
21 # $ source4/scripting/devel/repl_cleartext_pwd.py \
22 # -Uadministrator%A1b2C3d4 \
23 # 172.31.9.219 DC=bla,DC=base /tmp/cookie cleartext_utf8 131085 displayName
24 # # starting at usn[0]
25 # dn: CN=Test User1,CN=Users,DC=bla,DC=base
26 # cleartext_utf8: A1b2C3d4
27 # displayName:: VABlAHMAdAAgAFUAcwBlAHIAMQA=
28 #
29 # # up to usn[16449]
30 # $
31 # $ source4/scripting/devel/repl_cleartext_pwd.py \
32 # -Uadministrator%A1b2C3d4
33 # 172.31.9.219 DC=bla,DC=base cookie_file cleartext_utf8 131085 displayName
34 # # starting at usn[16449]
35 # # up to usn[16449]
36 # $
37 #
38
39 import sys
40
41 # Find right direction when running from source tree
42 sys.path.insert(0, "bin/python")
43
44 import samba.getopt as options
45 from optparse import OptionParser
46
47 from samba.dcerpc import drsuapi, drsblobs, misc
48 from samba.ndr import ndr_pack, ndr_unpack, ndr_print
49
50 import binascii
51 import hashlib
52 import Crypto.Cipher.ARC4
53 import struct
54 import os
55
56 from ldif import LDIFWriter
57
58 class globals:
59 def __init__(self):
60 self.global_objs = {}
61 self.ldif = LDIFWriter(sys.stdout)
62
63 def add_attr(self, dn, attname, vals):
64 if dn not in self.global_objs:
65 self.global_objs[dn] = {}
66 self.global_objs[dn][attname] = vals
67
68 def print_all(self):
69 for dn, obj in self.global_objs.items():
70 self.ldif.unparse(dn, obj)
71 continue
72 self.global_objs = {}
73
74 def attid_equal(a1,a2):
75 return (a1 & 0xffffffff) == (a2 & 0xffffffff)
76
77 ########### main code ###########
78 if __name__ == "__main__":
79 parser = OptionParser("repl_cleartext_pwd.py [options] server dn cookie_file clear_utf8_name [attid attname attmode] [clear_utf16_name")
80 sambaopts = options.SambaOptions(parser)
81 credopts = options.CredentialsOptions(parser)
82 parser.add_option_group(credopts)
83
84 (opts, args) = parser.parse_args()
85
86 if len(args) == 4:
87 pass
88 elif len(args) == 7:
89 pass
90 elif len(args) >= 8:
91 pass
92 else:
93 parser.error("more arguments required - given=%d" % (len(args)))
94
95 server = args[0]
96 dn = args[1]
97 cookie_file = args[2]
98 if len(cookie_file) == 0:
99 cookie_file = None
100 clear_utf8_name = args[3]
101 if len(args) >= 7:
102 try:
103 attid = int(args[4], 16)
104 except Exception:
105 attid = int(args[4])
106 attname = args[5]
107 attmode = args[6]
108 if attmode not in ["raw", "utf8"]:
109 parser.error("attmode should be 'raw' or 'utf8'")
110 else:
111 attid = -1
112 attname = None
113 attmode = "raw"
114 if len(args) >= 8:
115 clear_utf16_name = args[7]
116 else:
117 clear_utf16_name = None
118
119 lp = sambaopts.get_loadparm()
120 creds = credopts.get_credentials(lp)
121
122 if not creds.authentication_requested():
123 parser.error("You must supply credentials")
124
125 gls = globals()
126 try:
127 f = open(cookie_file, 'r')
128 store_blob = f.read()
129 f.close()
130
131 store_hdr = store_blob[0:28]
132 (store_version, \
133 store_dn_len, store_dn_ofs, \
134 store_hwm_len, store_hwm_ofs, \
135 store_utdv_len, store_utdv_ofs) = \
136 struct.unpack("<LLLLLLL", store_hdr)
137
138 store_dn = store_blob[store_dn_ofs:store_dn_ofs+store_dn_len]
139 store_hwm_blob = store_blob[store_hwm_ofs:store_hwm_ofs+store_hwm_len]
140 store_utdv_blob = store_blob[store_utdv_ofs:store_utdv_ofs+store_utdv_len]
141
142 store_hwm = ndr_unpack(drsuapi.DsReplicaHighWaterMark, store_hwm_blob)
143 store_utdv = ndr_unpack(drsblobs.replUpToDateVectorBlob, store_utdv_blob)
144
145 assert store_dn == dn
146 #print "%s" % ndr_print(store_hwm)
147 #print "%s" % ndr_print(store_utdv)
148 except Exception:
149 store_dn = dn
150 store_hwm = drsuapi.DsReplicaHighWaterMark()
151 store_hwm.tmp_highest_usn = 0
152 store_hwm.reserved_usn = 0
153 store_hwm.highest_usn = 0
154 store_utdv = None
155
156 binding_str = "ncacn_ip_tcp:%s[spnego,seal]" % server
157
158 drs_conn = drsuapi.drsuapi(binding_str, lp, creds)
159
160 bind_info = drsuapi.DsBindInfoCtr()
161 bind_info.length = 28
162 bind_info.info = drsuapi.DsBindInfo28()
163 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_BASE
164 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
165 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
166 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
167 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
168 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
169 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
170 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
171 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
172 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
173 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
174 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
175 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
176 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
177 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
178 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
179 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
180 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
181 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
182 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
183 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
184 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
185 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
186 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
187 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
188 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
189 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
190 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
191 (info, drs_handle) = drs_conn.DsBind(misc.GUID(drsuapi.DRSUAPI_DS_BIND_GUID), bind_info)
192
193 null_guid = misc.GUID()
194
195 naming_context = drsuapi.DsReplicaObjectIdentifier()
196 naming_context.dn = dn
197 highwatermark = store_hwm
198 uptodateness_vector = None
199 if store_utdv is not None:
200 uptodateness_vector = drsuapi.DsReplicaCursorCtrEx()
201 if store_utdv.version == 1:
202 uptodateness_vector.cursors = store_utdv.cursors
203 elif store_utdv.version == 2:
204 cursors = []
205 for i in range(0, store_utdv.ctr.count):
206 cursor = drsuapi.DsReplicaCursor()
207 cursor.source_dsa_invocation_id = store_utdv.ctr.cursors[i].source_dsa_invocation_id
208 cursor.highest_usn = store_utdv.ctr.cursors[i].highest_usn
209 cursors.append(cursor)
210 uptodateness_vector.cursors = cursors
211
212 req8 = drsuapi.DsGetNCChangesRequest8()
213
214 req8.destination_dsa_guid = null_guid
215 req8.source_dsa_invocation_id = null_guid
216 req8.naming_context = naming_context
217 req8.highwatermark = highwatermark
218 req8.uptodateness_vector = uptodateness_vector
219 req8.replica_flags = (drsuapi.DRSUAPI_DRS_INIT_SYNC |
220 drsuapi.DRSUAPI_DRS_PER_SYNC |
221 drsuapi.DRSUAPI_DRS_GET_ANC |
222 drsuapi.DRSUAPI_DRS_NEVER_SYNCED |
223 drsuapi.DRSUAPI_DRS_WRIT_REP)
224 req8.max_object_count = 402
225 req8.max_ndr_size = 402116
226 req8.extended_op = 0
227 req8.fsmo_info = 0
228 req8.partial_attribute_set = None
229 req8.partial_attribute_set_ex = None
230 req8.mapping_ctr.num_mappings = 0
231 req8.mapping_ctr.mappings = None
232
233 user_session_key = drs_conn.user_session_key
234
235 print "# starting at usn[%d]" % (highwatermark.highest_usn)
236
237 while True:
238 (level, ctr) = drs_conn.DsGetNCChanges(drs_handle, 8, req8)
239 if ctr.first_object == None and ctr.object_count != 0:
240 raise RuntimeError("DsGetNCChanges: NULL first_object with object_count=%u" % (ctr.object_count))
241
242 obj_item = ctr.first_object
243 while obj_item is not None:
244 obj = obj_item.object
245
246 if obj.identifier is None:
247 obj_item = obj_item.next_object
248 continue
249
250 #print '%s' % obj.identifier.dn
251
252 is_deleted = False
253 for i in range(0, obj.attribute_ctr.num_attributes):
254 attr = obj.attribute_ctr.attributes[i]
255 if attid_equal(attr.attid, drsuapi.DRSUAPI_ATTID_isDeleted):
256 is_deleted = True
257 if is_deleted:
258 obj_item = obj_item.next_object
259 continue
260
261 spl_crypt = None
262 attvals = None
263 for i in range(0, obj.attribute_ctr.num_attributes):
264 attr = obj.attribute_ctr.attributes[i]
265 if attid_equal(attr.attid, attid):
266 attvals = []
267 for j in range(0, attr.value_ctr.num_values):
268 assert attr.value_ctr.values[j].blob is not None
269 val_raw = attr.value_ctr.values[j].blob
270 val = None
271 if attmode == "utf8":
272 val_unicode = unicode(val_raw, 'utf-16-le')
273 val = val_unicode.encode('utf-8')
274 elif attmode == "raw":
275 val = val_raw
276 else:
277 assert False, "attmode[%s]" % attmode
278 attvals.append(val)
279 if not attid_equal(attr.attid, drsuapi.DRSUAPI_ATTID_supplementalCredentials):
280 continue
281 assert attr.value_ctr.num_values <= 1
282 if attr.value_ctr.num_values == 0:
283 break
284 assert attr.value_ctr.values[0].blob is not None
285 spl_crypt = attr.value_ctr.values[0].blob
286
287 if spl_crypt is None:
288 obj_item = obj_item.next_object
289 continue
290
291 assert len(spl_crypt) >= 20
292 confounder = spl_crypt[0:16]
293 enc_buffer = spl_crypt[16:]
294
295 m5 = hashlib.md5()
296 m5.update(user_session_key)
297 m5.update(confounder)
298 enc_key = m5.digest()
299
300 rc4 = Crypto.Cipher.ARC4.new(enc_key)
301 plain_buffer = rc4.decrypt(enc_buffer)
302
303 (crc32_v) = struct.unpack("<L", plain_buffer[0:4])
304 attr_val = plain_buffer[4:]
305 crc32_c = binascii.crc32(attr_val) & 0xffffffff
306 assert int(crc32_v[0]) == int(crc32_c), "CRC32 0x%08X != 0x%08X" % (crc32_v[0], crc32_c)
307
308 spl = ndr_unpack(drsblobs.supplementalCredentialsBlob, attr_val)
309
310 #print '%s' % ndr_print(spl)
311
312 cleartext_hex = None
313
314 for i in range(0, spl.sub.num_packages):
315 pkg = spl.sub.packages[i]
316 if pkg.name != "Primary:CLEARTEXT":
317 continue
318 cleartext_hex = pkg.data
319
320 if cleartext_hex is not None:
321 cleartext_utf16 = binascii.a2b_hex(cleartext_hex)
322 if clear_utf16_name is not None:
323 gls.add_attr(obj.identifier.dn, clear_utf16_name, [cleartext_utf16])
324 try:
325 cleartext_unicode = unicode(cleartext_utf16, 'utf-16-le')
326 cleartext_utf8 = cleartext_unicode.encode('utf-8')
327 gls.add_attr(obj.identifier.dn, clear_utf8_name, [cleartext_utf8])
328 except Exception:
329 pass
330
331 if attvals is not None:
332 gls.add_attr(obj.identifier.dn, attname, attvals)
333
334 krb5_old_hex = None
335
336 for i in range(0, spl.sub.num_packages):
337 pkg = spl.sub.packages[i]
338 if pkg.name != "Primary:Kerberos":
339 continue
340 krb5_old_hex = pkg.data
341
342 if krb5_old_hex is not None:
343 krb5_old_raw = binascii.a2b_hex(krb5_old_hex)
344 krb5_old = ndr_unpack(drsblobs.package_PrimaryKerberosBlob, krb5_old_raw, allow_remaining=True)
345
346 #print '%s' % ndr_print(krb5_old)
347
348 krb5_new_hex = None
349
350 for i in range(0, spl.sub.num_packages):
351 pkg = spl.sub.packages[i]
352 if pkg.name != "Primary:Kerberos-Newer-Keys":
353 continue
354 krb5_new_hex = pkg.data
355
356 if krb5_new_hex is not None:
357 krb5_new_raw = binascii.a2b_hex(krb5_new_hex)
358 krb5_new = ndr_unpack(drsblobs.package_PrimaryKerberosBlob, krb5_new_raw, allow_remaining=True)
359
360 #print '%s' % ndr_print(krb5_new)
361
362 obj_item = obj_item.next_object
363
364 gls.print_all()
365
366 if ctr.more_data == 0:
367 store_hwm = ctr.new_highwatermark
368
369 store_utdv = drsblobs.replUpToDateVectorBlob()
370 store_utdv.version = ctr.uptodateness_vector.version
371 store_utdv_ctr = store_utdv.ctr
372 store_utdv_ctr.count = ctr.uptodateness_vector.count
373 store_utdv_ctr.cursors = ctr.uptodateness_vector.cursors
374 store_utdv.ctr = store_utdv_ctr
375
376 #print "%s" % ndr_print(store_hwm)
377 #print "%s" % ndr_print(store_utdv)
378
379 store_hwm_blob = ndr_pack(store_hwm)
380 store_utdv_blob = ndr_pack(store_utdv)
381
382 #
383 # uint32_t version '1'
384 # uint32_t dn_str_len
385 # uint32_t dn_str_ofs
386 # uint32_t hwm_blob_len
387 # uint32_t hwm_blob_ofs
388 # uint32_t utdv_blob_len
389 # uint32_t utdv_blob_ofs
390 store_hdr_len = 7 * 4
391 dn_ofs = store_hdr_len
392 hwm_ofs = dn_ofs + len(dn)
393 utdv_ofs = hwm_ofs + len(store_hwm_blob)
394 store_blob = struct.pack("<LLLLLLL", 1, \
395 len(dn), dn_ofs,
396 len(store_hwm_blob), hwm_ofs, \
397 len(store_utdv_blob), utdv_ofs) + \
398 dn + store_hwm_blob + store_utdv_blob
399
400 tmp_file = "%s.tmp" % cookie_file
401 f = open(tmp_file, 'wb')
402 f.write(store_blob)
403 f.close()
404 os.rename(tmp_file, cookie_file)
405
406 print "# up to usn[%d]" % (ctr.new_highwatermark.highest_usn)
407 break
408 print "# up to tmp_usn[%d]" % (ctr.new_highwatermark.highest_usn)
409 req8.highwatermark.tmp_highest_usn = ctr.new_highwatermark.tmp_highest_usn
reg import