You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
113 lines
3.7 KiB
113 lines
3.7 KiB
#
|
|
# SPDX-FileCopyrightText: 2024 Splunk, Inc.
|
|
# SPDX-License-Identifier: LicenseRef-Splunk-8-2021
|
|
#
|
|
#
|
|
import csv
|
|
import sys
|
|
import log
|
|
import logging
|
|
|
|
# Map for possible property flags
|
|
property_flags = {
|
|
"1": "SCRIPT",
|
|
"2": "ACCOUNTDISABLE",
|
|
"8": "HOMEDIR_REQUIRED",
|
|
"16": "LOCKOUT",
|
|
"32": "PASSWD_NOTREQD",
|
|
"64": "PASSWD_CANT_CHANGE",
|
|
"128": "ENCRYPTED_TEXT_PWD_ALLOWED",
|
|
"256": "TEMP_DUPLICATE_ACCOUNT",
|
|
"512": "NORMAL_ACCOUNT",
|
|
"2048": "INTERDOMAIN_TRUST_ACCOUNT",
|
|
"4096": "WORKSTATION_TRUST_ACCOUNT",
|
|
"8192": "SERVER_TRUST_ACCOUNT",
|
|
"65536": "DONT_EXPIRE_PASSWORD",
|
|
"131072": "MNS_LOGON_ACCOUNT",
|
|
"262144": "SMARTCARD_REQUIRED",
|
|
"524288": "TRUSTED_FOR_DELEGATION",
|
|
"1048576": "NOT_DELEGATED",
|
|
"2097152": "USE_DES_KEY_ONLY",
|
|
"4194304": "DONT_REQ_PREAUTH",
|
|
"8388608": "PASSWORD_EXPIRED",
|
|
"16777216": "TRUSTED_TO_AUTH_FOR_DELEGATION",
|
|
"67108864": "PARTIAL_SECRETS_ACCOUNT",
|
|
}
|
|
|
|
|
|
def main():
|
|
|
|
logger = log.Log().get_logger("user_account_control_property")
|
|
logger.info("Lookup script started executing..")
|
|
|
|
# prints usage of the lookup script if wrong number of arguments provided
|
|
if len(sys.argv) != 3:
|
|
logger.debug(
|
|
"Usage: python user_account_control_property.py [userAccountControl] [userAccountPropertyFlag]"
|
|
)
|
|
logger.debug("Lookup script stopped..")
|
|
sys.exit(1)
|
|
|
|
# Lookup Field names
|
|
userAccountControl = sys.argv[1]
|
|
userAccountPropertyFlag = sys.argv[2]
|
|
|
|
infile = sys.stdin
|
|
outfile = sys.stdout
|
|
|
|
r = csv.DictReader(infile)
|
|
|
|
w = csv.DictWriter(outfile, fieldnames=r.fieldnames)
|
|
|
|
w.writeheader()
|
|
|
|
# Decode flags for every 'userAccountControl' attribute value present in a search result
|
|
for result in r:
|
|
try:
|
|
if result[userAccountControl].isdigit():
|
|
attribute_value = int(result[userAccountControl])
|
|
bit_cnt = 0
|
|
incorrect_result_flag = False
|
|
flags = list()
|
|
|
|
# Prepare flag list by decoding 'userAccountcontrol' decimal value
|
|
# As 'userAccountControl' is decimal value, For each bit set to '1' a property flag can be denoted by using 'property_flags' map given above
|
|
while attribute_value != 0:
|
|
if attribute_value & 1 == 1:
|
|
flags.append(str(1 << bit_cnt))
|
|
attribute_value = attribute_value >> 1
|
|
bit_cnt += 1
|
|
|
|
# If flag not present in 'property_flags' map, The 'userAccountPropertyFlag' won't be populated in search result
|
|
for flag in flags:
|
|
if flag not in list(property_flags.keys()):
|
|
logger.debug(
|
|
"'userAccountControl' attribute can not be decoded for value: {}".format(
|
|
result[userAccountControl]
|
|
)
|
|
)
|
|
incorrect_result_flag = True
|
|
break
|
|
if incorrect_result_flag:
|
|
continue
|
|
else:
|
|
for flag in flags:
|
|
result[userAccountPropertyFlag] = property_flags[flag]
|
|
w.writerow(result)
|
|
else:
|
|
logger.debug(
|
|
"'userAccountControl' attribute can not be decoded for value: {}".format(
|
|
result[userAccountControl]
|
|
)
|
|
)
|
|
except:
|
|
logger.debug(
|
|
"No results for 'userAccountControl' attribute value :{}".format(
|
|
result[userAccountControl]
|
|
)
|
|
)
|
|
|
|
|
|
if __name__ == "__main__":
|
|
main()
|