1import dcerpc 2 3def sid_to_string(sid): 4 """Convert a Python dictionary SID to a string SID.""" 5 6 result = 'S-%d' % sid.sid_rev_num 7 8 result = result + '-%u' % \ 9 (dcerpc.uint8_array_getitem(sid.id_auth, 5) + 10 (dcerpc.uint8_array_getitem(sid.id_auth, 4) << 8) + 11 (dcerpc.uint8_array_getitem(sid.id_auth, 3) << 16) + 12 (dcerpc.uint8_array_getitem(sid.id_auth, 2) << 24)) 13 14 for i in range(0, sid.num_auths): 15 result = result + '-%u' % \ 16 dcerpc.uint32_array_getitem(sid.sub_auths, i) 17 18 return result 19 20def string_to_sid(string): 21 """Convert a string SID to a Python dictionary SID. Throws a 22 ValueError if the SID string was badly formed.""" 23 24 if string[0] != 'S': 25 raise ValueError('Bad SID format') 26 27 string = string[1:] 28 29 import re 30 31 match = re.match('-\d+', string) 32 33 if not match: 34 raise ValueError('Bad SID format') 35 36 try: 37 sid_rev_num = int(string[match.start()+1:match.end()]) 38 except ValueError: 39 raise ValueError('Bad SID format') 40 41 string = string[match.end():] 42 43 match = re.match('-\d+', string) 44 45 if not match: 46 raise ValueError('Bad SID format') 47 48 try: 49 ia = int(string[match.start()+1:match.end()]) 50 except ValueError: 51 raise ValueError('Bad SID format') 52 53 string = string[match.end():] 54 55 id_auth = [0, 0, (ia >> 24) & 0xff, (ia >> 16) & 0xff, 56 (ia >> 8) & 0xff, ia & 0xff] 57 58 num_auths = 0 59 sub_auths = [] 60 61 while len(string): 62 63 match = re.match('-\d+', string) 64 65 if not match: 66 raise ValueError('Bad SID format') 67 68 try: 69 sa = int(string[match.start() + 1 : match.end()]) 70 except ValueError: 71 raise ValueError('Bad SID format') 72 73 num_auths = num_auths + 1 74 sub_auths.append(int(sa)) 75 76 string = string[match.end():] 77 78 sid = dcerpc.dom_sid() 79 sid.sid_rev_num = sid_rev_num 80 sid.id_auth = dcerpc.new_uint8_array(6) 81 for i in range(6): 82 dcerpc.uint8_array_setitem(sid.id_auth, i, id_auth[i]) 83 sid.num_auths = num_auths 84 sid.sub_auths = dcerpc.new_uint32_array(num_auths) 85 for i in range(num_auths): 86 dcerpc.uint32_array_setitem(sid.sub_auths, i, sub_auths[i]) 87 88 return sid 89 90def call_fn(fn, pipe, args): 91 """Wrap up a RPC call and throw an exception is an error was returned.""" 92 93 result = fn(pipe, args); 94 95 if result & 0xc0000000L: 96 raise dcerpc.NTSTATUS(result, dcerpc.nt_errstr(result)); 97 98 return result; 99 100class SamrHandle: 101 102 def __init__(self, pipe, handle): 103 104 self.pipe = pipe 105 self.handle = handle 106 107 def __del__(self): 108 109 if self.handle is not None: 110 self.Close() 111 112 def Close(self): 113 114 r = dcerpc.samr_Close() 115 r.data_in.handle = self.handle 116 117 call_fn(dcerpc.dcerpc_samr_Close, self.pipe, r) 118 119 self.handle = None 120 121 def QuerySecurity(self, sec_info = 7): 122 123 r = dcerpc.samr_QuerySecurity() 124 r.data_in.handle = self.handle 125 r.data_in.sec_info = sec_info 126 127 call_fn(dcerpc.dcerpc_samr_QuerySecurity, self.pipe, r) 128 129 return r.data_out.sdbuf 130 131 def SetSecurity(self, sdbuf, sec_info = 7): 132 133 r = dcerpc.samr_SetSecurity() 134 r.data_in.handle = self.handle 135 r.data_in.sec_info = sec_info 136 r.data_in.sdbuf = sdbuf 137 138 call_fn(dcerpc.dcerpc_samr_SetSecurity, self.pipe, r) 139 140class ConnectHandle(SamrHandle): 141 142 def EnumDomains(self): 143 144 r = dcerpc.samr_EnumDomains() 145 r.data_in.connect_handle = self.handle 146 r.data_in.resume_handle = 0 147 r.data_in.buf_size = -1 148 149 domains = [] 150 151 while 1: 152 153 call_fn(dcerpc.dcerpc_samr_EnumDomains, self.pipe, r) 154 155 for i in range(r.data_out.sam.count): 156 domains.append(dcerpc.samr_SamEntry_array_getitem( 157 r.data_out.sam.entries, i).name.string) 158 159 # TODO: Handle more entries here 160 161 break 162 163 return domains 164 165 def LookupDomain(self, domain_name): 166 167 r = dcerpc.samr_LookupDomain() 168 r.data_in.connect_handle = self.handle 169 r.data_in.domain_name = dcerpc.samr_String() 170 r.data_in.domain_name.string = domain_name 171 172 call_fn(dcerpc.dcerpc_samr_LookupDomain, self.pipe, r) 173 174 return sid_to_string(r.data_out.sid); 175 176 def OpenDomain(self, domain_sid, access_mask = 0x02000000): 177 178 r = dcerpc.samr_OpenDomain() 179 r.data_in.connect_handle = self.handle 180 r.data_in.access_mask = access_mask 181 r.data_in.sid = string_to_sid(domain_sid) 182 183 call_fn(dcerpc.dcerpc_samr_OpenDomain, self.pipe, r) 184 185 return DomainHandle(self.pipe, r.data_out.domain_handle) 186 187 def Shutdown(self): 188 189 r = dcerpc.samr_Shutdown() 190 r.data_in.connect_handle = self.handle 191 192 call_fn(dcerpc.dcerpc_samr_Shutdown, self.pipe, r) 193 194 def GetDomPwInfo(self, domain_name): 195 196 r = dcerpc.samr_GetDomPwInfo() 197 r.data_in.domain_name = dcerpc.samr_String() 198 r.data_in.domain_name.string = domain_name 199 200 call_fn(dcerpc.dcerpc_samr_GetDomPwInfo, self.pipe, r) 201 202 return r.data_out.info 203 204 205 def SetBootKeyInformation(self, unknown1, unknown2, unknown3): 206 207 r = dcerpc.samr_GetBootKeyInformation() 208 r.data_in.connect_handle = self.handle 209 r.data_in.unknown1 = unknown1 210 r.data_in.unknown2 = unknown2 211 r.data_in.unknown3 = unknown3 212 213 call_fn(dcerpc.dcerpc_samr_SetBootKeyInformation, self.pipe, r) 214 215class DomainHandle(SamrHandle): 216 217 def QueryDomainInfo(self, level = 2): 218 219 r = dcerpc.samr_QueryDomainInfo() 220 r.data_in.domain_handle = self.handle 221 r.data_in.level = level 222 223 call_fn(dcerpc.dcerpc_samr_QueryDomainInfo, self.pipe, r) 224 225 return getattr(r.data_out.info, 'info%d' % level) 226 227 def QueryDomainInfo2(self, level = 2): 228 229 r = dcerpc.samr_QueryDomainInfo2() 230 r.data_in.domain_handle = self.handle 231 r.data_in.level = level 232 233 call_fn(dcerpc.dcerpc_samr_QueryDomainInfo2, self.pipe, r) 234 235 return getattr(r.data_out.info, 'info%d' % level) 236 237 def SetDomainInfo(self, level, info): 238 239 r = dcerpc.samr_SetDomainInfo() 240 r.data_in.domain_handle = self.handle 241 r.data_in.level = level 242 r.data_in.info = dcerpc.samr_DomainInfo() 243 setattr(r.data_in.info, 'info%d' % level, info) 244 245 call_fn(dcerpc.dcerpc_samr_SetDomainInfo, self.pipe, r) 246 247 def EnumDomainGroups(self): 248 249 r = dcerpc.samr_EnumDomainGroups() 250 r.data_in.domain_handle = self.handle 251 r.data_in.resume_handle = 0 252 r.data_in.max_size = 1000 253 254 call_fn(dcerpc.dcerpc_samr_EnumDomainGroups, self.pipe, r) 255 256 groups = [] 257 258 if r.data_out.sam.entries: 259 for i in range(r.data_out.sam.count): 260 groups.append(dcerpc.samr_SamEntry_array_getitem( 261 r.data_out.sam.entries, i).name.string) 262 263 return groups 264 265 def EnumDomainAliases(self): 266 267 r = dcerpc.samr_EnumDomainAliases() 268 r.data_in.domain_handle = self.handle 269 r.data_in.resume_handle = 0 270 # acct_flags in SamrEnumerateAliasesInDomain has probably 271 # no meaning so use 0xffffffff like W2K 272 r.data_in.acct_flags = 0xffffffffL 273 274 call_fn(dcerpc.dcerpc_samr_EnumDomainAliases, self.pipe, r) 275 276 aliases = [] 277 278 if r.data_out.sam.entries: 279 for i in range(r.data_out.sam.count): 280 aliases.append(dcerpc.samr_SamEntry_array_getitem( 281 r.data_out.sam.entries, i).name.string) 282 283 return aliases 284 285 def EnumDomainUsers(self, user_account_flags = 16): 286 287 r = dcerpc.samr_EnumDomainUsers() 288 r.data_in.domain_handle = self.handle 289 r.data_in.resume_handle = 0 290 r.data_in.acct_flags = user_account_flags 291 r.data_in.max_size = 1000 292 293 call_fn(dcerpc.dcerpc_samr_EnumDomainUsers, self.pipe, r) 294 295 users = [] 296 297 if r.data_out.sam.entries: 298 for i in range(r.data_out.sam.count): 299 users.append(dcerpc.samr_SamEntry_array_getitem( 300 r.data_out.sam.entries, i).name.string) 301 302 return users 303 304 def CreateUser(self, account_name, access_mask = 0x02000000): 305 306 r = dcerpc.samr_CreateUser() 307 r.data_in.domain_handle = self.handle 308 r.data_in.account_name = dcerpc.samr_String() 309 r.data_in.account_name.string = account_name 310 r.data_in.access_mask = access_mask 311 312 call_fn(dcerpc.dcerpc_samr_CreateUser, self.pipe, r) 313 314 return (r.data_out.user_handle, 315 dcerpc.uint32_array_getitem(r.data_out.rid, 0)) 316 317 def CreateUser2(self, account_name, acct_flags = 0x00000010, 318 access_mask = 0x02000000): 319 320 r = dcerpc.samr_CreateUser2() 321 r.data_in.domain_handle = self.handle 322 r.data_in.account_name = dcerpc.samr_String() 323 r.data_in.account_name.string = account_name 324 r.data_in.acct_flags = acct_flags 325 r.data_in.access_mask = access_mask 326 327 call_fn(dcerpc.dcerpc_samr_CreateUser2, self.pipe, r) 328 329 return (r.data_out.user_handle, 330 dcerpc.uint32_array_getitem(r.data_out.access_granted, 0), 331 dcerpc.uint32_array_getitem(r.data_out.rid, 0)) 332 333 def OpenUser(self, rid, access_mask = 0x02000000): 334 335 r = dcerpc.samr_OpenUser() 336 r.data_in.domain_handle = self.handle 337 r.data_in.access_mask = access_mask 338 r.data_in.rid = rid 339 340 call_fn(dcerpc.dcerpc_samr_OpenUser, self.pipe, r) 341 342 return UserHandle(self.pipe, r.data_out.user_handle) 343 344 def OpenGroup(self, rid, access_mask = 0x02000000): 345 346 r = dcerpc.samr_OpenGroup() 347 r.data_in.domain_handle = self.handle 348 r.data_in.access_mask = access_mask 349 r.data_in.rid = rid 350 351 call_fn(dcerpc.dcerpc_samr_OpenGroup, self.pipe, r) 352 353 return GroupHandle(self.pipe, r.data_out.group_handle) 354 355 def OpenAlias(self, rid, access_mask = 0x02000000): 356 357 r = dcerpc.samr_OpenAlias() 358 r.data_in.domain_handle = self.handle 359 r.data_in.access_mask = access_mask 360 r.data_in.rid = rid 361 362 call_fn(dcerpc.dcerpc_samr_OpenAlias, self.pipe, r) 363 364 return AliasHandle(self.pipe, r.data_out.alias_handle) 365 366 def CreateDomAlias(self, alias_name, access_mask = 0x02000000): 367 368 r = dcerpc.samr_CreateDomAlias() 369 r.data_in.domain_handle = self.handle 370 r.data_in.alias_name = dcerpc.samr_String() 371 r.data_in.alias_name.string = alias_name 372 r.data_in.access_mask = access_mask 373 374 call_fn(dcerpc.dcerpc_samr_CreateDomAlias, self.pipe, r) 375 376 return (AliasHandle(self.pipe, r.data_out.alias_handle), 377 r.data_out.rid) 378 379 def RidToSid(self, rid): 380 381 r = dcerpc.samr_RidToSid() 382 r.data_in.domain_handle = self.handle 383 r.data_in.rid = rid 384 385 call_fn(dcerpc.dcerpc_samr_RidToSid, self.pipe, r) 386 387 return sid_to_string(r.data_out.sid) 388 389 def RemoveMemberFromForeignDomain(self, sid): 390 391 r = dcerpc.samr_RemoveMemberFromForeignDomain() 392 r.data_in.domain_handle = self.handle 393 r.data_in.sid = sid 394 395 call_fn(dcerpc.dcerpc_samr_RemoveMemberFromForeignDomain, self.pipe, r) 396 397 def LookupNames(self, names): 398 399 r = dcerpc.samr_LookupNames() 400 r.data_in.domain_handle = self.handle 401 r.data_in.num_names = len(names) 402 r.data_in.names = dcerpc.new_samr_String_array(len(names)) 403 404 for i in range(len(names)): 405 s = dcerpc.samr_String() 406 s.string = names[i] 407 dcerpc.samr_String_array_setitem(r.data_in.names, i, s) 408 409 call_fn(dcerpc.dcerpc_samr_LookupNames, self.pipe, r) 410 411 return ([dcerpc.uint32_array_getitem(r.data_out.rids.ids, i) 412 for i in range(r.data_out.rids.count)], 413 [dcerpc.uint32_array_getitem(r.data_out.types.ids, i) 414 for i in range(r.data_out.types.count)]) 415 416 def CreateDomainGroup(self, domain_name, access_mask = 0x02000000): 417 418 r = dcerpc.samr_CreateDomainGroup() 419 r.data_in.domain_handle = self.handle 420 r.data_in.name = dcerpc.samr_String() 421 r.data_in.name.string = domain_name 422 r.data_in.access_mask = access_mask 423 424 call_fn(dcerpc.dcerpc_samr_CreateDomainGroup, self.pipe, r) 425 426 def GetAliasMembership(self, sids): 427 428 r = dcerpc.samr_GetAliasMembership() 429 r.data_in.domain_handle = self.handle 430 r.data_in.sids = dcerpc.lsa_SidArray() 431 r.data_in.sids.num_sids = len(sids) 432 r.data_in.sids.sids = dcerpc.new_lsa_SidPtr_array(len(sids)) 433 434 for i in range(len(sids)): 435 s = dcerpc.lsa_SidPtr() 436 s.sid = string_to_sid(sids[i]) 437 dcerpc.lsa_SidPtr_array_setitem(r.data_in.sids.sids, i, s) 438 439 call_fn(dcerpc.dcerpc_samr_GetAliasMembership, self.pipe, r) 440 441 return [r.ids[x] for x in range(r.count)] 442 443 def QueryDisplayInfo(self, level): 444 445 # TODO: Handle more data returns 446 447 r = dcerpc.samr_QueryDisplayInfo() 448 r.data_in.domain_handle = self.handle 449 r.data_in.level = level 450 r.data_in.start_idx = 0 451 r.data_in.max_entries = 1000 452 r.data_in.buf_size = -1 453 454 call_fn(dcerpc.dcerpc_samr_QueryDisplayInfo, self.pipe, r) 455 456 # TODO: Return a mapping of the various samr_DispInfo 457 # structures here. 458 459 return getattr(r.data_out.info, 'info%d' % level) 460 461 def QueryDisplayInfo2(self, level): 462 463 # TODO: Handle more data returns 464 465 r = dcerpc.samr_QueryDisplayInfo2() 466 r.data_in.domain_handle = self.handle 467 r.data_in.level = level 468 r.data_in.start_idx = 0 469 r.data_in.max_entries = 1000 470 r.data_in.buf_size = -1 471 472 call_fn(dcerpc.dcerpc_samr_QueryDisplayInfo2, self.pipe, r) 473 474 # TODO: Return a mapping of the various samr_DispInfo 475 # structures here. 476 477 return getattr(r.data_out.info, 'info%d' % level) 478 479 def QueryDisplayInfo3(self, level): 480 481 # TODO: Handle more data returns 482 483 r = dcerpc.samr_QueryDisplayInfo3() 484 r.data_in.domain_handle = self.handle 485 r.data_in.level = level 486 r.data_in.start_idx = 0 487 r.data_in.max_entries = 1000 488 r.data_in.buf_size = -1 489 490 call_fn(dcerpc.dcerpc_samr_QueryDisplayInfo3, self.pipe, r) 491 492 # TODO: Return a mapping of the various samr_DispInfo 493 # structures here. 494 495 return getattr(r.data_out.info, 'info%d' % level) 496 497 def GetBootKeyInformation(self): 498 499 r = dcerpc.samr_GetBootKeyInformation() 500 r.data_in.domain_handle = self.handle 501 502 call_fn(dcerpc.dcerpc_samr_GetBootKeyInformation, self.pipe, r) 503 504 return r.data_out.unknown 505 506 def SetBootKeyInformation(self): 507 508 r = dcerpc.samr_GetBootKeyInformation() 509 r.data_in.domain_handle = self.handle 510 511 call_fn(dcerpc.dcerpc_samr_GetBootKeyInformation, self.pipe, r) 512 513 def TestPrivateFunctionsDomain(self): 514 515 r = dcerpc.samr_TestPrivateFunctionsDomain() 516 r.data_in.domain_handle = self.handle 517 518 call_fn(dcerpc.dcerpc_samr_TestPrivateFunctionsDomain, self.pipe, r) 519 520class UserHandle(SamrHandle): 521 522 def DeleteUser(self): 523 524 r = dcerpc.samr_DeleteUser() 525 r.data_in.user_handle = self.handle 526 527 call_fn(dcerpc.dcerpc_samr_DeleteUser, self.pipe, r) 528 529 self.handle = None 530 531 def GetUserPwInfo(self): 532 533 r = dcerpc.samr_GetUserPwInfo() 534 r.data_in.user_handle = self.handle 535 536 call_fn(dcerpc.dcerpc_samr_GetUserPwInfo, self.pipe, r) 537 538 return r.data_out.info 539 540 def QueryUserInfo(self, level): 541 542 r = dcerpc.samr_QueryUserInfo() 543 r.data_in.user_handle = self.handle 544 r.data_in.level = level 545 546 call_fn(dcerpc.dcerpc_samr_QueryUserInfo, self.pipe, r) 547 548 return r.data_out.info 549 550 def QueryUserInfo2(self, level): 551 552 r = dcerpc.samr_QueryUserInfo2() 553 r.data_in.user_handle = self.handle 554 r.data_in.level = level 555 556 call_fn(dcerpc.dcerpc_samr_QueryUserInfo2, self.pipe, r) 557 558 return r.data_out.info 559 560 def GetGroupsForUser(self): 561 562 r = dcerpc.samr_GetGroupsForUser() 563 r.data_in.user_handle = self.handle 564 565 call_fn(dcerpc.dcerpc_samr_GetGroupsForUser, self.pipe, r) 566 567 rid_types = [dcerpc.samr_RidType_array_getitem(r.data_out.rids.rid, x) 568 for x in range(r.data_out.rids.count)] 569 570 return [(x.rid, x.type) for x in rid_types] 571 572 def TestPrivateFunctionsUser(self): 573 574 r = dcerpc.samr_TestPrivateFunctionsUser() 575 r.data_in.user_handle = self.handle 576 577 call_fn(dcerpc.dcerpc_samr_TestPrivateFunctionsUser, self.pipe, r) 578 579class GroupHandle(SamrHandle): 580 581 def QueryGroupInfo(self, level): 582 583 r = dcerpc.samr_QueryGroupInfo() 584 r.data_in.group_handle = self.handle 585 r.data_in.level = level 586 587 call_fn(dcerpc.dcerpc_samr_QueryGroupInfo, self.pipe, r) 588 589 return r.data_out.info 590 591 def SetGroupInfo(self, level, info): 592 593 r = dcerpc.samr_SetGroupInfo() 594 r.data_in.group_handle = self.handle 595 r.data_in.level = level 596 r.data_in.info = info 597 598 call_fn(dcerpc.dcerpc_samr_SetGroupInfo, self.pipe, r) 599 600 def QueryGroupMember(self): 601 602 r = dcerpc.samr_QueryGroupMember() 603 r.data_in.group_handle = self.handle 604 605 call_fn(dcerpc.dcerpc_samr_QueryGroupMember, self.pipe, r) 606 607 return [(dcerpc.uint32_array_getitem(r.data_out.rids.rids, x), 608 dcerpc.uint32_array_getitem(r.data_out.rids.unknown, x)) 609 for x in range(r.data_out.rids.count)] 610 611class AliasHandle(SamrHandle): 612 613 def DeleteDomAlias(self): 614 615 r = dcerpc.samr_DeleteDomAlias() 616 r.data_in.alias_handle = self.handle 617 618 call_fn(dcerpc.dcerpc_samr_DeleteDomAlias, self.pipe, r) 619 620 self.handle = None 621 622 def QueryAliasInfo(self, level = 1): 623 624 r = dcerpc.samr_QueryAliasInfo() 625 r.data_in.alias_handle = self.handle 626 r.data_in.level = level 627 628 call_fn(dcerpc.dcerpc_samr_QueryAliasInfo, self.pipe, r) 629 630 return r.data_out.info 631 632 def SetAliasInfo(self, level, info): 633 634 r = dcerpc.samr_SetAliasInfo() 635 r.data_in.alias_handle = self.handle 636 r.data_in.level = level 637 r.data_in.info = info 638 639 call_fn(dcerpc.dcerpc_samr_SetAliasInfo, self.pipe, r) 640 641 def AddAliasMember(self, sid): 642 643 r = dcerpc.samr_AddAliasMember() 644 r.data_in.alias_handle = self.handle 645 r.data_in.sid = string_to_sid(sid) 646 647 call_fn(dcerpc.dcerpc_samr_AddAliasMember, self.pipe, r) 648 649 def AddMultipleMembersToAlias(self, sids): 650 651 r = dcerpc.samr_AddMultipleMembersToAlias() 652 r.data_in.alias_handle = self.handle 653 r.data_in.sids = dcerpc.lsa_SidArray() 654 r.data_in.sids.num_sids = len(sids) 655 r.data_in.sids.sids = dcerpc.new_lsa_SidPtr_array(len(sids)) 656 657 for i in range(len(sids)): 658 s = dcerpc.lsa_SidPtr() 659 s.sid = string_to_sid(sids[i]) 660 dcerpc.lsa_SidPtr_array_setitem(r.data_in.sids.sids, i, s) 661 662 call_fn(dcerpc.dcerpc_samr_AddMultipleMembersToAlias, self.pipe, r) 663 664 def GetMembersInAlias(self): 665 666 r = dcerpc.samr_GetMembersInAlias() 667 r.data_in.alias_handle = self.handle 668 669 call_fn(dcerpc.dcerpc_samr_GetMembersInAlias, self.pipe, r) 670 671 return [ 672 sid_to_string( 673 dcerpc.lsa_SidPtr_array_getitem(r.data_out.sids.sids, x).sid) 674 for x in range(r.data_out.sids.num_sids)] 675 676def Connect(pipe, access_mask = 0x02000000): 677 678 r = dcerpc.samr_Connect() 679 r.data_in.system_name = dcerpc.new_uint16_array(1) 680 dcerpc.uint16_array_setitem(r.data_in.system_name, 0, ord('\\')) 681 r.data_in.access_mask = access_mask 682 683 call_fn(dcerpc.dcerpc_samr_Connect, pipe, r) 684 685 return ConnectHandle(pipe, r.data_out.connect_handle) 686 687def Connect2(pipe, system_name = '', access_mask = 0x02000000): 688 """Connect to the SAMR pipe.""" 689 690 r = dcerpc.samr_Connect2() 691 r.data_in.system_name = system_name 692 r.data_in.access_mask = access_mask 693 694 call_fn(dcerpc.dcerpc_samr_Connect2, pipe, r) 695 696 return ConnectHandle(pipe, r.data_out.connect_handle) 697 698def Connect3(pipe, system_name = '', access_mask = 0x02000000): 699 700 r = dcerpc.samr_Connect3() 701 r.data_in.system_name = system_name 702 r.data_in.unknown = 0 703 r.data_in.access_mask = access_mask 704 705 call_fn(dcerpc.dcerpc_samr_Connect3, pipe, r) 706 707 return ConnectHandle(pipe, r.data_out.connect_handle) 708 709 710def Connect4(pipe, system_name = '', access_mask = 0x02000000): 711 712 r = dcerpc.samr_Connect4() 713 r.data_in.system_name = system_name 714 r.data_in.unknown = 0 715 r.data_in.access_mask = access_mask 716 717 call_fn(dcerpc.dcerpc_samr_Connect4, pipe, r) 718 719 return ConnectHandle(pipe, r.data_out.connect_handle) 720 721def Connect5(pipe, system_name = '', access_mask = 0x02000000): 722 723 r = dcerpc.samr_Connect5() 724 r.data_in.system_name = system_name 725 r.data_in.access_mask = access_mask 726 r.data_in.level = 1 727 r.data_in.info = dcerpc.new_samr_ConnectInfo_array(1) 728 r.data_in.info.unknown1 = 0 729 r.data_in.info.unknown2 = 0 730 731 call_fn(dcerpc.dcerpc_samr_Connect5, pipe, r) 732 733 return ConnectHandle(pipe, r.data_out.connect_handle) 734 735# AddGroupMember 736# DeleteDomainGroup 737# DeleteGroupMember 738# SetMemberAttributesofGroup 739# AddAliasMember 740# DeleteAliasMember 741# GetMembersinAlias 742# SetUserInfo 743# ChangePasswordUser 744# GetDisplayEnumerationIndex 745# RemoveMemberFromForeignDomain 746# GetDisplayEnumerationIndex2 747# RemoveMultipleMembersFromAlias 748# OemChangePasswordUser2 749# ChangePasswordUser2 750# SetUserInfo2 751# ChangePasswordUser3 752# SetDsrmPassword 753# ValidatePassword 754