(self, line)
| 90 | return nace |
| 91 | |
| 92 | def do_write_gpo_dacl(self, line): |
| 93 | args = shlex.split(line) |
| 94 | print ("Adding %s to GPO with GUID %s" % (args[0], args[1])) |
| 95 | if len(args) != 2: |
| 96 | raise Exception("A samaccountname and GPO sid are required.") |
| 97 | |
| 98 | tgtUser = args[0] |
| 99 | gposid = args[1] |
| 100 | self.client.search(self.domain_dumper.root, '(&(objectclass=person)(sAMAccountName=%s))' % tgtUser, attributes=['objectSid']) |
| 101 | if len( self.client.entries) <= 0: |
| 102 | raise Exception("Didnt find the given user") |
| 103 | |
| 104 | user = self.client.entries[0] |
| 105 | |
| 106 | controls = security_descriptor_control(sdflags=0x04) |
| 107 | self.client.search(self.domain_dumper.root, '(&(objectclass=groupPolicyContainer)(name=%s))' % gposid, attributes=['objectSid','nTSecurityDescriptor'], controls=controls) |
| 108 | |
| 109 | if len( self.client.entries) <= 0: |
| 110 | raise Exception("Didnt find the given gpo") |
| 111 | gpo = self.client.entries[0] |
| 112 | |
| 113 | secDescData = gpo['nTSecurityDescriptor'].raw_values[0] |
| 114 | secDesc = ldaptypes.SR_SECURITY_DESCRIPTOR(data=secDescData) |
| 115 | newace = self.create_allow_ace(str(user['objectSid'])) |
| 116 | secDesc['Dacl']['Data'].append(newace) |
| 117 | data = secDesc.getData() |
| 118 | |
| 119 | self.client.modify(gpo.entry_dn, {'nTSecurityDescriptor':(ldap3.MODIFY_REPLACE, [data])}, controls=controls) |
| 120 | if self.client.result["result"] == 0: |
| 121 | print('LDAP server claims to have taken the secdescriptor. Have fun') |
| 122 | else: |
| 123 | raise Exception("Something wasnt right: %s" %str(self.client.result['description'])) |
| 124 | |
| 125 | def do_add_computer(self, line): |
| 126 | args = shlex.split(line) |
nothing calls this directly
no test coverage detected