The branch, master has been updated via 15cdbba s4:repl_cleartext_pwd.py: add optional 'clear_utf16_name' parameter via 5efe29b s4:repl_cleartext_pwd.py: add 'attmode' parameter to convert the attname to utf8 via 9a8b72a s4:repl_cleartext_pwd.py: correctly compare attids as uint32_t values from 103c1cb s3-waf: auth_netlogond depends on tldap.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 15cdbba25469d65fc0b74d1a8ada3f5f35bd7c29 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Jan 10 15:14:08 2012 +0100 s4:repl_cleartext_pwd.py: add optional 'clear_utf16_name' parameter Not all cleartext password (machine passwords) can be converted to utf8, let's export the raw uint16_t array. metze Autobuild-User: Stefan Metzmacher <me...@samba.org> Autobuild-Date: Thu Jan 12 23:58:12 CET 2012 on sn-devel-104 commit 5efe29baed70b0cbe732350a02b24fc23016e552 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Jan 10 15:15:19 2012 +0100 s4:repl_cleartext_pwd.py: add 'attmode' parameter to convert the attname to utf8 metze commit 9a8b72a3180b6aa1beb4b153867d4f9f0df953a1 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Jan 10 15:12:00 2012 +0100 s4:repl_cleartext_pwd.py: correctly compare attids as uint32_t values metze ----------------------------------------------------------------------- Summary of changes: source4/scripting/devel/repl_cleartext_pwd.py | 62 +++++++++++++++++++------ 1 files changed, 47 insertions(+), 15 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/devel/repl_cleartext_pwd.py b/source4/scripting/devel/repl_cleartext_pwd.py index ac650d9..840d281 100755 --- a/source4/scripting/devel/repl_cleartext_pwd.py +++ b/source4/scripting/devel/repl_cleartext_pwd.py @@ -71,30 +71,50 @@ class globals: continue self.global_objs = {} +def attid_equal(a1,a2): + return (a1 & 0xffffffff) == (a2 & 0xffffffff) + ########### main code ########### if __name__ == "__main__": - parser = OptionParser("repl_cleartext_pwd.py [options] server dn cookie_file cleartext_name [attid attname]") + parser = OptionParser("repl_cleartext_pwd.py [options] server dn cookie_file clear_utf8_name [attid attname attmode] [clear_utf16_name") sambaopts = options.SambaOptions(parser) credopts = options.CredentialsOptions(parser) parser.add_option_group(credopts) (opts, args) = parser.parse_args() - if len(args) < 4 or len(args) == 5: - parser.error("more arguments required") + if len(args) == 4: + pass + elif len(args) == 7: + pass + elif len(args) >= 8: + pass + else: + parser.error("more arguments required - given=%d" % (len(args))) server = args[0] dn = args[1] cookie_file = args[2] if len(cookie_file) == 0: cookie_file = None - cleartext_name = args[3] - if len(args) >= 5: - attid = int(args[4]) + clear_utf8_name = args[3] + if len(args) >= 7: + try: + attid = int(args[4], 16) + except: + attid = int(args[4]) attname = args[5] + attmode = args[6] + if attmode not in ["raw", "utf8"]: + parser.error("attmode should be 'raw' or 'utf8'") else: attid = -1 attname = None + attmode = "raw" + if len(args) >= 8: + clear_utf16_name = args[7] + else: + clear_utf16_name = None lp = sambaopts.get_loadparm() creds = credopts.get_credentials(lp) @@ -232,7 +252,7 @@ if __name__ == "__main__": is_deleted = False for i in range(0, obj.attribute_ctr.num_attributes): attr = obj.attribute_ctr.attributes[i] - if attr.attid == drsuapi.DRSUAPI_ATTID_isDeleted: + if attid_equal(attr.attid, drsuapi.DRSUAPI_ATTID_isDeleted): is_deleted = True if is_deleted: obj_item = obj_item.next_object @@ -242,19 +262,27 @@ if __name__ == "__main__": attvals = None for i in range(0, obj.attribute_ctr.num_attributes): attr = obj.attribute_ctr.attributes[i] - if attr.attid == attid: + if attid_equal(attr.attid, attid): attvals = [] for j in range(0, attr.value_ctr.num_values): assert attr.value_ctr.values[j].blob is not None - attvals.append(attr.value_ctr.values[j].blob) - if attr.attid != drsuapi.DRSUAPI_ATTID_supplementalCredentials: + val_raw = attr.value_ctr.values[j].blob + val = None + if attmode == "utf8": + val_unicode = unicode(val_raw, 'utf-16-le') + val = val_unicode.encode('utf-8') + elif attmode == "raw": + val = val_raw + else: + assert False, "attmode[%s]" % attmode + attvals.append(val) + if not attid_equal(attr.attid, drsuapi.DRSUAPI_ATTID_supplementalCredentials): continue assert attr.value_ctr.num_values <= 1 if attr.value_ctr.num_values == 0: break assert attr.value_ctr.values[0].blob is not None spl_crypt = attr.value_ctr.values[0].blob - break if spl_crypt is None: obj_item = obj_item.next_object @@ -291,10 +319,14 @@ if __name__ == "__main__": if cleartext_hex is not None: cleartext_utf16 = binascii.a2b_hex(cleartext_hex) - cleartext_unicode = unicode(cleartext_utf16, 'utf-16-le') - cleartext_utf8 = cleartext_unicode.encode('utf-8') - - gls.add_attr(obj.identifier.dn, cleartext_name, [cleartext_utf8]) + if clear_utf16_name is not None: + gls.add_attr(obj.identifier.dn, clear_utf16_name, [cleartext_utf16]) + try: + cleartext_unicode = unicode(cleartext_utf16, 'utf-16-le') + cleartext_utf8 = cleartext_unicode.encode('utf-8') + gls.add_attr(obj.identifier.dn, clear_utf8_name, [cleartext_utf8]) + except: + pass if attvals is not None: gls.add_attr(obj.identifier.dn, attname, attvals) -- Samba Shared Repository