Univention Bugzilla – Attachment 7494 Details for
Bug 40745
replace windows password service with python samba drsuapi.DsGetNCChangesRequest8/samr.SetUserInfo
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
set-ad-password.py
set-ad-password.py (text/x-python), 2.84 KB, created by
Felix Botner
on 2016-02-22 15:13:35 CET
(
hide
)
Description:
set-ad-password.py
Filename:
MIME Type:
Creator:
Felix Botner
Created:
2016-02-22 15:13:35 CET
Size:
2.84 KB
patch
obsolete
>from samba.credentials import Credentials, DONT_USE_KERBEROS >from samba.param import LoadParm >import samba.dcerpc.samr >from samba.dcerpc import security >from samba.dcerpc import lsa >import univention.admin.password >import binascii > >from Crypto.Cipher import DES, AES, ARC4 > >admin_user = "Administrator" >admin_pass = "Univention.98" >domain = "w2k12" >server = "10.200.7.132" > >user_name = "win1" >new_user_password = "univention" > >def transformKey(InputKey): > # Section 5.1.3 > OutputKey = [] > OutputKey.append( chr(ord(InputKey[0]) >> 0x01) ) > OutputKey.append( chr(((ord(InputKey[0])&0x01)<<6) | (ord(InputKey[1])>>2)) ) > OutputKey.append( chr(((ord(InputKey[1])&0x03)<<5) | (ord(InputKey[2])>>3)) ) > OutputKey.append( chr(((ord(InputKey[2])&0x07)<<4) | (ord(InputKey[3])>>4)) ) > OutputKey.append( chr(((ord(InputKey[3])&0x0F)<<3) | (ord(InputKey[4])>>5)) ) > OutputKey.append( chr(((ord(InputKey[4])&0x1F)<<2) | (ord(InputKey[5])>>6)) ) > OutputKey.append( chr(((ord(InputKey[5])&0x3F)<<1) | (ord(InputKey[6])>>7)) ) > OutputKey.append( chr(ord(InputKey[6]) & 0x7F) ) > for i in range(8): > OutputKey[i] = chr((ord(OutputKey[i]) << 1) & 0xfe) > return "".join(OutputKey) > >def mySamEncryptNTLMHash(hash, key): > # [MS-SAMR] Section 2.2.11.1.1 > Block1 = hash[:8] > Block2 = hash[8:] > Key1 = key[:7] > Key1 = transformKey(Key1) > Key2 = key[7:14] > Key2 = transformKey(Key2) > Crypt1 = DES.new(Key1, DES.MODE_ECB) > Crypt2 = DES.new(Key2, DES.MODE_ECB) > plain1 = Crypt1.encrypt(Block1) > plain2 = Crypt2.encrypt(Block2) > return plain1 + plain2 > >lp = LoadParm() >lp.load('/etc/samba/smb.conf') > >creds = Credentials() >creds.guess(lp) >creds.set_kerberos_state(DONT_USE_KERBEROS) >creds.set_username(admin_user) >creds.set_password(admin_pass) > >binding_options = "\pipe\samr" >binding= "ncacn_np:%s[%s]" % (server, binding_options) > >samr = samba.dcerpc.samr.samr(binding, lp, creds) >handle = samr.Connect2(None, security.SEC_FLAG_MAXIMUM_ALLOWED) ># print "Static Session Key: %s" % (samr.session_key,) > >sam_domain = lsa.String() >sam_domain.string = domain >sid = samr.LookupDomain(handle, sam_domain) >dom_handle = samr.OpenDomain(handle, security.SEC_FLAG_MAXIMUM_ALLOWED, sid) > >samaccountname = lsa.String() >samaccountname.string = user_name >(rids, types) = samr.LookupNames(dom_handle, [samaccountname,]) > >rid=rids.ids[0] >user_handle = samr.OpenUser(dom_handle, security.SEC_FLAG_MAXIMUM_ALLOWED, rid) > >new_password = new_user_password >(hex_nt_hash, hex_lm_hash) = univention.admin.password.ntlm(new_password) >userinfo18 = samba.dcerpc.samr.UserInfo18() >bin_hash = binascii.a2b_hex(hex_nt_hash) >enc_hash = mySamEncryptNTLMHash(bin_hash, samr.session_key) > >samr_Password = samba.dcerpc.samr.Password() >samr_Password.hash = map(ord, enc_hash) > >userinfo18.nt_pwd = samr_Password >userinfo18.nt_pwd_active = 1 >userinfo18.password_expired = 0 >info = samr.SetUserInfo(user_handle, 18, userinfo18)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=7494">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 40745
:
7493
| 7494