[Samba] Samba 4 LDAP NTLM password nightly injection

Luc Lalonde luc.lalonde at polymtl.ca
Thu Mar 28 11:33:36 MDT 2013 

Hello Andrew,

Would this work:

###############################################################
def HexToByte( hexStr ):
##
## Taken from ActiveState Code recipes:
## http://code.activestate.com/recipes/510399-byte-to-hex-and-hex-to-byte-string-conversion

    bytes = []

    hexStr = ''.join( hexStr.split(" ") )

    for i in range(0, len(hexStr), 2):
        bytes.append( chr( int (hexStr[i:i+2], 16 ) ) )

return ''.join( bytes )

# Connect to samba4 backend
s4_passdb = passdb.PDB("samba4")

# Change foo-user password
admin_userdata = s4_passdb.getsampwnam("foo-user")
admin_userdata.nt_passwd = HextoByte("878D8014606CDA29677A44EFA1353FC7")
admin_userdata.lanman_passwd = HextoByte("552902031BEDE9EFAAD3B435B51404EE")
s4_passdb.update_sam_account(admin_userdata)
###############################################################

I'm trying to figure out how to connect to the local Samba4 database... What I have above 's4_passdb = passdb.PDB("samba4")' doesn't work.  I tried 'ldb', 'samba_dsdb', and 'samba4' without success.

Any hints please?

Thanks!

----- Original Message -----
From: "Andrew Bartlett" <abartlet at samba.org>
To: "Luc Lalonde" <luc.lalonde at polymtl.ca>
Cc: samba at lists.samba.org
Sent: Wednesday, March 27, 2013 6:18:15 PM GMT -05:00 US/Canada Eastern
Subject: Re: [Samba] Samba 4 LDAP NTLM password nightly injection

On Tue, 2013-03-26 at 11:10 -0400, Luc Lalonde wrote:
> Hello Andrew,
> 
> I'm finally diving into this project...
> 
> First off, my sysadmin stuff is mostly in Perl.  So my Python is rudimentary at best.
> 
> Here we go anyway...  I've looked at the 'upgrade.py' but I can't seem to figure out how to connect to the Samba4 passwd database.
> 
> In the script I see these lines:
> 
> #######################################################
> # Connect to samba4 backend
> s4_passdb = passdb.PDB(new_lp_ctx.get("passdb backend"))
> ########################################################
> 
> I would appreciate a hint on how to connect to the database please.  Where is the 'passdb' object referenced from?
> 
> Once that's done, from what I understand, I should be able to change the passwords directly:
> 
> #######################################################
> # Change foo-user password
> admin_userdata = s4_passdb.getsampwnam("foo-user")
> admin_userdata.nt_passwd = "878D8014606CDA29677A44EFA1353FC7"
> admin_userdata.lanman_passwd = "552902031BEDE9EFAAD3B435B51404EE"
> s4_passdb.update_sam_account(admin_userdata)
> #######################################################

Sort of.  Those values are not base16 strings, but raw bytes, but
otherwise that looks pretty much right at a first glance. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org



-- 
Luc Lalonde, analyste
---------------------------------------------------------------------
Département de génie informatique:
École polytechnique de Montréal
(514) 340-4711 x5049
Luc.Lalonde at polymtl.ca
---------------------------------------------------------------------

More information about the samba mailing list