Lines 47-53
from samba.ndr import ndr_unpack
|
Link Here
|
---|
|
47 |
from samba.ndr import ndr_print |
47 |
from samba.ndr import ndr_print |
48 |
from datetime import datetime |
48 |
from datetime import datetime |
49 |
|
49 |
|
50 |
context = None |
50 |
krb5_context = None |
|
|
51 |
|
52 |
class Krb5Context(object): |
53 |
def __init__(self): |
54 |
self.ctx = heimdal.context() |
55 |
self.etypes = self.ctx.get_permitted_enctypes() |
56 |
self.etype_ids = [et.toint() for et in self.etypes] |
51 |
|
57 |
|
52 |
keytypes = { |
58 |
keytypes = { |
53 |
1: 'des_crc', |
59 |
1: 'des_crc', |
|
58 |
|
64 |
|
59 |
regEx = re.compile('^([a-zA-Z0-9-]*):?: (.*)') |
65 |
regEx = re.compile('^([a-zA-Z0-9-]*):?: (.*)') |
60 |
|
66 |
|
61 |
|
|
|
62 |
def decode_unicodePwd(value, kvno=0): |
67 |
def decode_unicodePwd(value, kvno=0): |
63 |
global context |
68 |
global krb5_context |
64 |
if not context: |
69 |
if not krb5_context: |
65 |
context = heimdal.context() |
70 |
krb5_context = Krb5Context() |
66 |
up_blob = binascii.a2b_base64(value) |
71 |
up_blob = binascii.a2b_base64(value) |
67 |
keyblock = heimdal.keyblock_raw(context, 23, up_blob) |
72 |
keyblock = heimdal.keyblock_raw(krb5_context.ctx, 23, up_blob) |
68 |
krb5key = heimdal.asn1_encode_key(keyblock, None, kvno) |
73 |
krb5key = heimdal.asn1_encode_key(keyblock, None, kvno) |
69 |
print "# decoded:" |
74 |
print "# decoded:" |
70 |
print "#\tsambaNTPassword:: %s" % binascii.b2a_hex(up_blob).upper().strip() |
75 |
print "#\tsambaNTPassword:: %s" % binascii.b2a_hex(up_blob).upper().strip() |
Lines 74-83
def decode_unicodePwd(value, kvno=0):
|
Link Here
|
---|
|
74 |
|
79 |
|
75 |
|
80 |
|
76 |
def decode_krb5Key(value): |
81 |
def decode_krb5Key(value): |
|
|
82 |
global krb5_context |
83 |
if not krb5_context: |
84 |
krb5_context = Krb5Context() |
77 |
k = binascii.a2b_base64(value) |
85 |
k = binascii.a2b_base64(value) |
78 |
(keyblock, salt, kvno) = heimdal.asn1_decode_key(k) |
86 |
(keyblock, salt, kvno) = heimdal.asn1_decode_key(k) |
79 |
enctype = keyblock.keytype() |
87 |
enctype = keyblock.keytype() |
80 |
enctype_id = enctype.toint() |
88 |
enctype_id = enctype.toint() |
|
|
89 |
if enctype_id not in krb5_context.etype_ids: |
90 |
print "#\tSKIPPING ENC type %s, not support by this Heimdal version" % enctype_id |
91 |
return |
81 |
print "#\tkrb5_keytype: %s (%d)" % (enctype, enctype_id) |
92 |
print "#\tkrb5_keytype: %s (%d)" % (enctype, enctype_id) |
82 |
key_data = keyblock.keyvalue() |
93 |
key_data = keyblock.keyvalue() |
83 |
print "#\tkeyblock: ", binascii.b2a_base64(key_data).strip() |
94 |
print "#\tkeyblock: ", binascii.b2a_base64(key_data).strip() |
Lines 88-96
def decode_krb5Key(value):
|
Link Here
|
---|
|
88 |
|
99 |
|
89 |
|
100 |
|
90 |
def decode_supplementalCredentials(value, kvno=0): |
101 |
def decode_supplementalCredentials(value, kvno=0): |
91 |
global context |
102 |
global krb5_context |
92 |
if not context: |
103 |
if not krb5_context: |
93 |
context = heimdal.context() |
104 |
krb5_context = Krb5Context() |
94 |
object_data = ndr_unpack(drsblobs.supplementalCredentialsBlob, binascii.a2b_base64(value)) |
105 |
object_data = ndr_unpack(drsblobs.supplementalCredentialsBlob, binascii.a2b_base64(value)) |
95 |
print "# supplementalCredentials recoded as krb5key:" |
106 |
print "# supplementalCredentials recoded as krb5key:" |
96 |
# print "%s" % (ndr_print(object_data).strip(),) |
107 |
# print "%s" % (ndr_print(object_data).strip(),) |
Lines 107-117
def decode_supplementalCredentials(value, kvno=0):
|
Link Here
|
---|
|
107 |
keytype = keytypes.get(k.keytype, k.keytype) |
118 |
keytype = keytypes.get(k.keytype, k.keytype) |
108 |
print "#\tkeytype: %s (%d)" % (keytype, k.keytype) |
119 |
print "#\tkeytype: %s (%d)" % (keytype, k.keytype) |
109 |
print "#\tkeyblock:", |
120 |
print "#\tkeyblock:", |
110 |
keyblock = heimdal.keyblock_raw(context, k.keytype, k.value) |
121 |
keyblock = heimdal.keyblock_raw(krb5_context.ctx, k.keytype, k.value) |
111 |
key_data = keyblock.keyvalue() |
122 |
key_data = keyblock.keyvalue() |
112 |
print binascii.b2a_base64(key_data).strip() |
123 |
print binascii.b2a_base64(key_data).strip() |
113 |
print "#\tkrb5SaltObject:", |
124 |
print "#\tkrb5SaltObject:", |
114 |
krb5SaltObject = heimdal.salt_raw(context, krb.ctr.salt.string) |
125 |
krb5SaltObject = heimdal.salt_raw(krb5_context.ctx, krb.ctr.salt.string) |
115 |
print krb5SaltObject.saltvalue() |
126 |
print krb5SaltObject.saltvalue() |
116 |
krb5key = heimdal.asn1_encode_key(keyblock, krb5SaltObject, kvno) |
127 |
krb5key = heimdal.asn1_encode_key(keyblock, krb5SaltObject, kvno) |
117 |
print "#\tkrb5Key:: %s" % binascii.b2a_base64(krb5key).strip() |
128 |
print "#\tkrb5Key:: %s" % binascii.b2a_base64(krb5key).strip() |