source4/scripting/devel/createtrust

   1 #!/usr/bin/env python
   2
   3 # create a domain trust
   4
   5 import sys
   6 from optparse import OptionParser
   7
   8 sys.path.insert(0, "bin/python")
   9
  10 import samba
  11 import samba.getopt as options
  12 from samba.dcerpc import lsa, security, drsblobs
  13 from samba.ndr import ndr_pack
  14 import random
  15
  16 def arcfour_encrypt(key, data):
  17     from Crypto.Cipher import ARC4
  18     c = ARC4.new(key)
  19     return c.encrypt(data)
  20
  21 def string_to_array(string):
  22     blob = [0] * len(string)
  23
  24     for i in range(len(string)):
  25         blob[i] = ord(string[i])
  26
  27     return blob
  28
  29 ########### main code ###########
  30 if __name__ == "__main__":
  31     parser = OptionParser("createtrust [options] server")
  32     sambaopts = options.SambaOptions(parser)
  33     credopts = options.CredentialsOptionsDouble(parser)
  34     parser.add_option_group(credopts)
  35
  36     (opts, args) = parser.parse_args()
  37
  38     lp = sambaopts.get_loadparm()
  39     creds = credopts.get_credentials(lp)
  40
  41     if len(args) != 1:
  42         parser.error("You must supply a server")
  43
  44     if not creds.authentication_requested():
  45         parser.error("You must supply credentials")
  46
  47     server = args[0]
  48
  49     binding_str = "ncacn_np:%s[print]" % server
  50
  51     lsaconn = lsa.lsarpc(binding_str, lp, creds)
  52
  53     objectAttr = lsa.ObjectAttribute()
  54     objectAttr.sec_qos = lsa.QosInfo()
  55
  56     pol_handle = lsaconn.OpenPolicy2(''.decode('utf-8'),
  57                                      objectAttr, security.SEC_FLAG_MAXIMUM_ALLOWED)
  58
  59     name = lsa.String()
  60     name.string = "sub2.win2k3.obed.home.abartlet.net"
  61     try:
  62         info = lsaconn.QueryTrustedDomainInfoByName(pol_handle, name, lsa.LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)
  63
  64         lsaconn.DeleteTrustedDomain(pol_handle, info.info_ex.sid)
  65     except RuntimeError:
  66         pass
  67
  68     info = lsa.TrustDomainInfoInfoEx()
  69     info.domain_name.string = "sub2.win2k3.obed.home.abartlet.net"
  70     info.netbios_name.string = "sub2"
  71     info.sid = security.dom_sid("S-1-5-21-538090388-3760119675-95745416")
  72     info.trust_direction = lsa.LSA_TRUST_DIRECTION_INBOUND | lsa.LSA_TRUST_DIRECTION_OUTBOUND
  73     info.trust_type = lsa.LSA_TRUST_TYPE_UPLEVEL
  74     info.trust_attributes = lsa.LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
  75
  76     password_blob = string_to_array("password".encode('utf-16-le'))
  77
  78     clear_value = drsblobs.AuthInfoClear()
  79     clear_value.size = len(password_blob)
  80     clear_value.password = password_blob
  81
  82     clear_authentication_information = drsblobs.AuthenticationInformation()
  83     clear_authentication_information.LastUpdateTime = 0
  84     clear_authentication_information.AuthType = lsa.TRUST_AUTH_TYPE_CLEAR
  85     clear_authentication_information.AuthInfo = clear_value
  86
  87     version_value = drsblobs.AuthInfoVersion()
  88     version_value.version = 1
  89
  90     version = drsblobs.AuthenticationInformation()
  91     version.LastUpdateTime = 0
  92     version.AuthType = lsa.TRUST_AUTH_TYPE_VERSION
  93     version.AuthInfo = version_value
  94
  95     authentication_information_array = drsblobs.AuthenticationInformationArray()
  96     authentication_information_array.count = 2
  97     authentication_information_array.array = [clear_authentication_information, version]
  98
  99     outgoing = drsblobs.trustAuthInOutBlob()
 100     outgoing.count = 1
 101     outgoing.current = authentication_information_array
 102
 103     trustpass = drsblobs.trustDomainPasswords()
 104     confounder = [3] * 512
 105
 106     for i in range(512):
 107         confounder[i] = random.randint(0, 255)
 108
 109     trustpass.confounder = confounder
 110
 111 #    print "confounder: ", trustpass.confounder
 112
 113     trustpass.outgoing = outgoing
 114     trustpass.incoming = outgoing
 115
 116     trustpass_blob = ndr_pack(trustpass)
 117
 118 #    print "trustpass_blob: ", list(trustpass_blob)
 119
 120     encrypted_trustpass = arcfour_encrypt(lsaconn.session_key, trustpass_blob)
 121
 122 #    print "encrypted_trustpass: ", list(encrypted_trustpass)
 123
 124     auth_blob = lsa.DATA_BUF2()
 125     auth_blob.size = len(encrypted_trustpass)
 126     auth_blob.data = string_to_array(encrypted_trustpass)
 127
 128     auth_info = lsa.TrustDomainInfoAuthInfoInternal()
 129     auth_info.auth_blob = auth_blob
 130
 131
 132 #    print "auth_info.auth_blob.data: ", auth_info.auth_blob.data
 133
 134     trustdom_handle = lsaconn.CreateTrustedDomainEx2(pol_handle,
 135                                                      info,
 136                                                      auth_info,
 137                                                      security.SEC_STD_DELETE)