OXIESEC PANEL
- Current Dir:
/
/
usr
/
lib
/
python2.7
/
dist-packages
/
samba
/
tests
Server IP: 10.0.0.4
Upload:
Create Dir:
Name
Size
Modified
Perms
📁
..
-
02/03/2022 06:37:41 AM
rwxr-xr-x
📄
__init__.py
14.23 KB
11/15/2017 07:42:13 AM
rw-r--r--
📄
__init__.pyc
17.38 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
auth.py
2.36 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
auth.pyc
2.47 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
auth_log.py
56.47 KB
08/15/2017 07:16:59 AM
rw-r--r--
📄
auth_log.pyc
40.28 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
auth_log_base.py
4.18 KB
08/15/2017 07:16:59 AM
rw-r--r--
📄
auth_log_base.pyc
4.1 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
auth_log_ncalrpc.py
4.07 KB
08/15/2017 07:16:59 AM
rw-r--r--
📄
auth_log_ncalrpc.pyc
3.79 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
auth_log_netlogon.py
5.05 KB
08/15/2017 07:16:59 AM
rw-r--r--
📄
auth_log_netlogon.pyc
4.56 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
auth_log_netlogon_bad_creds.py
7.06 KB
08/15/2017 07:16:59 AM
rw-r--r--
📄
auth_log_netlogon_bad_creds.pyc
6.55 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
auth_log_pass_change.py
12.91 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
auth_log_pass_change.pyc
10.67 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
auth_log_samlogon.py
6.66 KB
08/15/2017 07:16:59 AM
rw-r--r--
📄
auth_log_samlogon.pyc
6.19 KB
02/03/2022 06:37:41 AM
rw-r--r--
📁
blackbox
-
02/03/2022 06:37:41 AM
rwxr-xr-x
📄
common.py
3.04 KB
02/07/2018 08:37:51 AM
rw-r--r--
📄
common.pyc
2.86 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
core.py
2.7 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
core.pyc
3.77 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
credentials.py
19.83 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
credentials.pyc
19.06 KB
02/03/2022 06:37:41 AM
rw-r--r--
📁
dcerpc
-
02/03/2022 06:37:41 AM
rwxr-xr-x
📄
dns.py
51.4 KB
01/25/2022 03:20:03 PM
rw-r--r--
📄
dns.pyc
36.48 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
dns_base.py
13.99 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
dns_base.pyc
13.28 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
dns_forwarder.py
21.23 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
dns_forwarder.pyc
20.21 KB
02/03/2022 06:37:41 AM
rw-r--r--
📁
dns_forwarder_helpers
-
02/03/2022 06:37:41 AM
rwxr-xr-x
📄
dns_packet.py
6.6 KB
01/25/2022 03:20:03 PM
rw-r--r--
📄
dns_packet.pyc
6.97 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
dns_tkey.py
7.24 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
dns_tkey.pyc
6.13 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
dns_wildcard.py
10.9 KB
11/02/2017 11:38:36 AM
rw-r--r--
📄
dns_wildcard.pyc
8.4 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
docs.py
13.95 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
docs.pyc
11.37 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
dsdb.py
18.84 KB
08/15/2017 07:16:59 AM
rw-r--r--
📄
dsdb.pyc
14.93 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
dsdb_schema_attributes.py
7.93 KB
11/02/2017 11:38:36 AM
rw-r--r--
📄
dsdb_schema_attributes.pyc
6.96 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
gensec.py
7.85 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
gensec.pyc
6.61 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
get_opt.py
1.86 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
get_opt.pyc
1.75 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
glue.py
2.59 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
glue.pyc
3.43 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
hostconfig.py
2.15 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
hostconfig.pyc
3.45 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
join.py
6.5 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
join.pyc
5.45 KB
02/03/2022 06:37:41 AM
rw-r--r--
📁
kcc
-
02/03/2022 06:37:41 AM
rwxr-xr-x
📄
libsmb_samba_internal.py
2.38 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
libsmb_samba_internal.pyc
2.71 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
lsa_string.py
2.52 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
lsa_string.pyc
2.21 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
messaging.py
4.97 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
messaging.pyc
5.37 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
net_join.py
2.29 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
net_join.pyc
2.22 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
net_join_no_spnego.py
3.34 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
net_join_no_spnego.pyc
3.15 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
netcmd.py
3 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
netcmd.pyc
3.95 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
netlogonsvc.py
2.43 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
netlogonsvc.pyc
2.14 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
ntacls.py
4.09 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
ntacls.pyc
4.69 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
ntlmauth.py
3 KB
08/29/2017 04:12:36 AM
rw-r--r--
📄
ntlmauth.pyc
2.73 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
pam_winbind.py
1.67 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
pam_winbind.pyc
1.43 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
param.py
3.59 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
param.pyc
4.8 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
password_hash.py
12.44 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
password_hash.pyc
7.84 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
password_hash_fl2003.py
7.38 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
password_hash_fl2003.pyc
5.48 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
password_hash_fl2008.py
7.94 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
password_hash_fl2008.pyc
5.66 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
password_hash_gpgme.py
8.78 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
password_hash_gpgme.pyc
6.41 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
password_hash_ldap.py
4.85 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
password_hash_ldap.pyc
4.63 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
policy.py
1.15 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
policy.pyc
1.03 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
posixacl.py
37.62 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
posixacl.pyc
26.85 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
provision.py
6.22 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
provision.pyc
9.79 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
py_credentials.py
13.71 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
py_credentials.pyc
10.64 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
registry.py
1.73 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
registry.pyc
2.37 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
samba3.py
8.24 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
samba3.pyc
11.54 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
samba3sam.py
48.33 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
samba3sam.pyc
31.65 KB
02/03/2022 06:37:41 AM
rw-r--r--
📁
samba_tool
-
02/03/2022 06:37:41 AM
rwxr-xr-x
📄
samdb.py
3.51 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
samdb.pyc
3.11 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
security.py
5.36 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
security.pyc
7.81 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
source.py
8.06 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
source.pyc
7.48 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
strings.py
4.12 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
strings.pyc
2.96 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
subunitrun.py
2.33 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
subunitrun.pyc
1.84 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
unicodenames.py
1.07 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
unicodenames.pyc
555 bytes
02/03/2022 06:37:41 AM
rw-r--r--
📄
upgrade.py
1.36 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
upgrade.pyc
1.28 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
upgradeprovision.py
6.66 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
upgradeprovision.pyc
6.57 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
upgradeprovisionneeddc.py
7.29 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
upgradeprovisionneeddc.pyc
8.08 KB
02/03/2022 06:37:41 AM
rw-r--r--
📄
xattr.py
4.11 KB
07/04/2017 10:05:25 AM
rw-r--r--
📄
xattr.pyc
4.57 KB
02/03/2022 06:37:41 AM
rw-r--r--
Editing: py_credentials.py
Close
# Integration tests for pycredentials # # Copyright (C) Catalyst IT Ltd. 2017 # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. # from samba.tests import TestCase, delete_force import os import samba from samba.auth import system_session from samba.credentials import ( Credentials, CLI_CRED_NTLMv2_AUTH, CLI_CRED_NTLM_AUTH, DONT_USE_KERBEROS) from samba.dcerpc import netlogon, ntlmssp, srvsvc from samba.dcerpc.netlogon import ( netr_Authenticator, netr_WorkstationInformation, MSV1_0_ALLOW_MSVCHAPV2 ) from samba.dcerpc.misc import SEC_CHAN_WKSTA from samba.dsdb import ( UF_WORKSTATION_TRUST_ACCOUNT, UF_PASSWD_NOTREQD, UF_NORMAL_ACCOUNT) from samba.ndr import ndr_pack from samba.samdb import SamDB from samba import NTSTATUSError, ntstatus import ctypes """ Integration tests for pycredentials """ MACHINE_NAME = "PCTM" USER_NAME = "PCTU" class PyCredentialsTests(TestCase): def setUp(self): super(PyCredentialsTests, self).setUp() self.server = os.environ["SERVER"] self.domain = os.environ["DOMAIN"] self.host = os.environ["SERVER_IP"] self.lp = self.get_loadparm() self.credentials = self.get_credentials() self.session = system_session() self.ldb = SamDB(url="ldap://%s" % self.host, session_info=self.session, credentials=self.credentials, lp=self.lp) self.create_machine_account() self.create_user_account() def tearDown(self): super(PyCredentialsTests, self).tearDown() delete_force(self.ldb, self.machine_dn) delete_force(self.ldb, self.user_dn) # Until a successful netlogon connection has been established there will # not be a valid authenticator associated with the credentials # and new_client_authenticator should throw a ValueError def test_no_netlogon_connection(self): self.assertRaises(ValueError, self.machine_creds.new_client_authenticator) # Once a netlogon connection has been established, # new_client_authenticator should return a value # def test_have_netlogon_connection(self): c = self.get_netlogon_connection() a = self.machine_creds.new_client_authenticator() self.assertIsNotNone(a) # Get an authenticator and use it on a sequence of operations requiring # an authenticator def test_client_authenticator(self): c = self.get_netlogon_connection() (authenticator, subsequent) = self.get_authenticator(c) self.do_NetrLogonSamLogonWithFlags(c, authenticator, subsequent) (authenticator, subsequent) = self.get_authenticator(c) self.do_NetrLogonGetDomainInfo(c, authenticator, subsequent) (authenticator, subsequent) = self.get_authenticator(c) self.do_NetrLogonGetDomainInfo(c, authenticator, subsequent) (authenticator, subsequent) = self.get_authenticator(c) self.do_NetrLogonGetDomainInfo(c, authenticator, subsequent) def test_SamLogonEx(self): c = self.get_netlogon_connection() logon = samlogon_logon_info(self.domain, self.machine_name, self.user_creds) logon_level = netlogon.NetlogonNetworkTransitiveInformation validation_level = netlogon.NetlogonValidationSamInfo4 netr_flags = 0 try: c.netr_LogonSamLogonEx(self.server, self.user_creds.get_workstation(), logon_level, logon, validation_level, netr_flags) except NTSTATUSError as e: enum = ctypes.c_uint32(e[0]).value if enum == ntstatus.NT_STATUS_WRONG_PASSWORD: self.fail("got wrong password error") else: raise def test_SamLogonExNTLM(self): c = self.get_netlogon_connection() logon = samlogon_logon_info(self.domain, self.machine_name, self.user_creds, flags=CLI_CRED_NTLM_AUTH) logon_level = netlogon.NetlogonNetworkTransitiveInformation validation_level = netlogon.NetlogonValidationSamInfo4 netr_flags = 0 try: c.netr_LogonSamLogonEx(self.server, self.user_creds.get_workstation(), logon_level, logon, validation_level, netr_flags) except NTSTATUSError as e: enum = ctypes.c_uint32(e[0]).value if enum == ntstatus.NT_STATUS_WRONG_PASSWORD: self.fail("got wrong password error") else: raise def test_SamLogonExMSCHAPv2(self): c = self.get_netlogon_connection() logon = samlogon_logon_info(self.domain, self.machine_name, self.user_creds, flags=CLI_CRED_NTLM_AUTH) logon.identity_info.parameter_control = MSV1_0_ALLOW_MSVCHAPV2 logon_level = netlogon.NetlogonNetworkTransitiveInformation validation_level = netlogon.NetlogonValidationSamInfo4 netr_flags = 0 try: c.netr_LogonSamLogonEx(self.server, self.user_creds.get_workstation(), logon_level, logon, validation_level, netr_flags) except NTSTATUSError as e: enum = ctypes.c_uint32(e[0]).value if enum == ntstatus.NT_STATUS_WRONG_PASSWORD: self.fail("got wrong password error") else: raise # Test Credentials.encrypt_netr_crypt_password # By performing a NetrServerPasswordSet2 # And the logging on using the new password. def test_encrypt_netr_password(self): # Change the password self.do_Netr_ServerPasswordSet2() # Now use the new password to perform an operation srvsvc.srvsvc("ncacn_np:%s" % (self.server), self.lp, self.machine_creds) # Change the current machine account password with a # netr_ServerPasswordSet2 call. def do_Netr_ServerPasswordSet2(self): c = self.get_netlogon_connection() (authenticator, subsequent) = self.get_authenticator(c) PWD_LEN = 32 DATA_LEN = 512 newpass = samba.generate_random_password(PWD_LEN, PWD_LEN) encoded = newpass.encode('utf-16-le') pwd_len = len(encoded) filler = [ord(x) for x in os.urandom(DATA_LEN-pwd_len)] pwd = netlogon.netr_CryptPassword() pwd.length = pwd_len pwd.data = filler + [ord(x) for x in encoded] self.machine_creds.encrypt_netr_crypt_password(pwd) c.netr_ServerPasswordSet2(self.server, self.machine_creds.get_workstation(), SEC_CHAN_WKSTA, self.machine_name, authenticator, pwd) self.machine_pass = newpass self.machine_creds.set_password(newpass) # Establish sealed schannel netlogon connection over TCP/IP # def get_netlogon_connection(self): return netlogon.netlogon("ncacn_ip_tcp:%s[schannel,seal]" % self.server, self.lp, self.machine_creds) # # Create the machine account def create_machine_account(self): self.machine_pass = samba.generate_random_password(32, 32) self.machine_name = MACHINE_NAME self.machine_dn = "cn=%s,%s" % (self.machine_name, self.ldb.domain_dn()) # remove the account if it exists, this will happen if a previous test # run failed delete_force(self.ldb, self.machine_dn) utf16pw = unicode( '"' + self.machine_pass.encode('utf-8') + '"', 'utf-8' ).encode('utf-16-le') self.ldb.add({ "dn": self.machine_dn, "objectclass": "computer", "sAMAccountName": "%s$" % self.machine_name, "userAccountControl": str(UF_WORKSTATION_TRUST_ACCOUNT | UF_PASSWD_NOTREQD), "unicodePwd": utf16pw}) self.machine_creds = Credentials() self.machine_creds.guess(self.get_loadparm()) self.machine_creds.set_secure_channel_type(SEC_CHAN_WKSTA) self.machine_creds.set_kerberos_state(DONT_USE_KERBEROS) self.machine_creds.set_password(self.machine_pass) self.machine_creds.set_username(self.machine_name + "$") self.machine_creds.set_workstation(self.machine_name) # # Create a test user account def create_user_account(self): self.user_pass = samba.generate_random_password(32, 32) self.user_name = USER_NAME self.user_dn = "cn=%s,%s" % (self.user_name, self.ldb.domain_dn()) # remove the account if it exists, this will happen if a previous test # run failed delete_force(self.ldb, self.user_dn) utf16pw = unicode( '"' + self.user_pass.encode('utf-8') + '"', 'utf-8' ).encode('utf-16-le') self.ldb.add({ "dn": self.user_dn, "objectclass": "user", "sAMAccountName": "%s" % self.user_name, "userAccountControl": str(UF_NORMAL_ACCOUNT), "unicodePwd": utf16pw}) self.user_creds = Credentials() self.user_creds.guess(self.get_loadparm()) self.user_creds.set_password(self.user_pass) self.user_creds.set_username(self.user_name) self.user_creds.set_workstation(self.machine_name) pass # # Get the authenticator from the machine creds. def get_authenticator(self, c): auth = self.machine_creds.new_client_authenticator(); current = netr_Authenticator() current.cred.data = [ord(x) for x in auth["credential"]] current.timestamp = auth["timestamp"] subsequent = netr_Authenticator() return (current, subsequent) def do_NetrLogonSamLogonWithFlags(self, c, current, subsequent): logon = samlogon_logon_info(self.domain, self.machine_name, self.user_creds) logon_level = netlogon.NetlogonNetworkTransitiveInformation validation_level = netlogon.NetlogonValidationSamInfo4 netr_flags = 0 c.netr_LogonSamLogonWithFlags(self.server, self.user_creds.get_workstation(), current, subsequent, logon_level, logon, validation_level, netr_flags) def do_NetrLogonGetDomainInfo(self, c, current, subsequent): query = netr_WorkstationInformation() c.netr_LogonGetDomainInfo(self.server, self.user_creds.get_workstation(), current, subsequent, 2, query) # # Build the logon data required by NetrLogonSamLogonWithFlags def samlogon_logon_info(domain_name, computer_name, creds, flags=CLI_CRED_NTLMv2_AUTH): target_info_blob = samlogon_target(domain_name, computer_name) challenge = b"abcdefgh" # User account under test response = creds.get_ntlm_response(flags=flags, challenge=challenge, target_info=target_info_blob) logon = netlogon.netr_NetworkInfo() logon.challenge = [ord(x) for x in challenge] logon.nt = netlogon.netr_ChallengeResponse() logon.nt.length = len(response["nt_response"]) logon.nt.data = [ord(x) for x in response["nt_response"]] logon.identity_info = netlogon.netr_IdentityInfo() (username, domain) = creds.get_ntlm_username_domain() logon.identity_info.domain_name.string = domain logon.identity_info.account_name.string = username logon.identity_info.workstation.string = creds.get_workstation() return logon # # Build the samlogon target info. def samlogon_target(domain_name, computer_name): target_info = ntlmssp.AV_PAIR_LIST() target_info.count = 3 computername = ntlmssp.AV_PAIR() computername.AvId = ntlmssp.MsvAvNbComputerName computername.Value = computer_name domainname = ntlmssp.AV_PAIR() domainname.AvId = ntlmssp.MsvAvNbDomainName domainname.Value = domain_name eol = ntlmssp.AV_PAIR() eol.AvId = ntlmssp.MsvAvEOL target_info.pair = [domainname, computername, eol] return ndr_pack(target_info)