ruby_smb 2.0.9 → 2.0.13

data/lib/ruby_smb/dcerpc/samr/rpc_sid.rb

@@ -0,0 +1,150 @@
+module RubySMB
+  module Dcerpc
+    module Samr
+      WELL_KNOWN_SID_NAME = {
+        [0,0] => 'NULL SID',
+        [1,0] => 'Everyone',
+        [2,0] => 'LOCAL',
+        [2,1] => 'CONSOLE LOGON',
+        [3,0] => 'CREATOR OWNER',
+        [3,1] => 'CREATOR GROUP',
+        [3,2] => 'CREATOR OWNER SERVER',
+        [3,3] => 'CREATOR GROUP SERVER',
+        [3,4] => 'OWNER RIGHTS',
+        [5,1] => 'NT AUTHORITY\\DIALUP',
+        [5,2] => 'NT AUTHORITY\\NETWORK',
+        [5,3] => 'NT AUTHORITY\\BATCH',
+        [5,4] => 'NT AUTHORITY\\INTERACTIVE',
+        [5,6] => 'NT AUTHORITY\\SERVICE',
+        [5,7] => 'NT AUTHORITY\\ANONYMOUS LOGON',
+        [5,8] => 'NT AUTHORITY\\PROXY',
+        [5,9] => 'NT AUTHORITY\\ENTERPRISE DOMAIN CONTROLLERS',
+        [5,10] => 'NT AUTHORITY\\SELF',
+        [5,11] => 'NT AUTHORITY\\Authenticated Users',
+        [5,12] => 'NT AUTHORITY\\RESTRICTED',
+        [5,13] => 'NT AUTHORITY\\TERMINAL SERVER USER',
+        [5,14] => 'NT AUTHORITY\\REMOTE INTERACTIVE LOGON',
+        [5,15] => 'NT AUTHORITY\\This Organization',
+        [5,17] => 'NT AUTHORITY\\IUSR',
+        [5,18] => 'NT AUTHORITY\\SYSTEM',
+        [5,19] => 'NT AUTHORITY\\LOCAL SERVICE',
+        [5,20] => 'NT AUTHORITY\\NETWORK SERVICE',
+        [5,22] => 'NT AUTHORITY\\ENTERPRISE READ-ONLY DOMAIN CONTROLLERS BETA',
+        [5,33] => 'NT AUTHORITY\\WRITE RESTRICTED',
+        [5,32] => 'Builtin Domain'
+      }
+
+      WELL_KNOWN_RID_NAME = {
+        498 => '(domain)\\Enterprise Read-only Domain Controllers',
+        500 => '(domain)\\Administrator',
+        501 => '(domain)\\Guest',
+        502 => '(domain)\\krbtgt',
+        512 => '(domain)\\Domain Admins',
+        513 => '(domain)\\Domain Users',
+        514 => '(domain)\\Domain Guests',
+        515 => '(domain)\\Domain Computers',
+        516 => '(domain)\\Domain Controllers',
+        517 => '(domain)\\Cert Publishers',
+        518 => '(domain)\\Schema Admins',
+        519 => '(domain)\\Enterprise Admins',
+        520 => '(domain)\\Group Policy Creator Owners',
+        521 => '(domain)\\Read-only Domain Controllers',
+        522 => '(domain)\\Cloneable Domain Controllers',
+        544 => 'BUILTIN\\Administrators',
+        545 => 'BUILTIN\\Users',
+        546 => 'BUILTIN\\Guests',
+        548 => 'BUILTIN\\Account Operators',
+        549 => 'BUILTIN\\Server Operators',
+        550 => 'BUILTIN\\Print Operators',
+        551 => 'BUILTIN\\Backup Operators',
+        552 => 'BUILTIN\\Replicator',
+        553 => '(domain)\\RAS and IAS Servers',
+        554 => 'BUILTIN\\Pre-Windows 2000 Compatible Access',
+        555 => 'BUILTIN\\Remote Desktop Users',
+        556 => 'BUILTIN\\Network Configuration Operators',
+        557 => 'BUILTIN\\Incoming Forest Trust Builders',
+        558 => 'BUILTIN\\Performance Monitor Users',
+        559 => 'BUILTIN\\Performance Log Users',
+        560 => 'BUILTIN\\Windows Authorization Access Group',
+        561 => 'BUILTIN\\Terminal Server License Servers',
+        562 => 'BUILTIN\\Distributed COM Users',
+        568 => 'BUILTIN\\IIS_IUSRS',
+        569 => 'BUILTIN\\Cryptographic Operators',
+        571 => '(domain)\\Allowed RODC Password Replication Group',
+        572 => '(domain)\\Denied RODC Password Replication Group',
+        573 => 'BUILTIN\\Event Log Readers',
+        574 => 'BUILTIN\\Certificate Service DCOM Access',
+        575 => 'BUILTIN\\RDS Remote Access Servers',
+        576 => 'BUILTIN\\RDS Endpoint Servers',
+        577 => 'BUILTIN\\RDS Management Servers',
+        578 => 'BUILTIN\\Hyper-V Administrators',
+        579 => 'BUILTIN\\Access Control Assistance Operators',
+        580 => 'BUILTIN\\Remote Management Users'
+      }
+
+      #[2.4.1.1 RPC_SID_IDENTIFIER_AUTHORITY](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/d7e6e5a5-437c-41e5-8ba1-bdfd43e96cbc)
+      class RpcSidIdentifierAuthority < Ndr::NdrFixArray
+        default_parameters type: :ndr_uint8, initial_length: 6, byte_align: 1
+      end
+
+      # [2.4.2.3 RPC_SID](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/5cb97814-a1c2-4215-b7dc-76d1f4bfad01)
+      class RpcSid < Ndr::NdrStruct
+        default_parameters byte_align: 4
+        endian :little
+
+        ndr_uint8                    :revision
+        ndr_uint8                    :sub_authority_count, initial_value: -> { self.sub_authority.size }
+        rpc_sid_identifier_authority :identifier_authority
+        ndr_conf_array               :sub_authority, type: :ndr_uint32
+
+        def snapshot
+          sid = ['S', self.revision.to_s, self.identifier_authority[-1].to_s]
+          self.sub_authority.each { |e| sid << e.to_s }
+          sid.join('-')
+        end
+
+        def assign(val)
+          case val
+          when String
+            elems = val.split('-')
+            raise ArgumentError, "Wrong SID format" unless elems[0].downcase == 's'
+            self.revision = elems[1].to_i
+            self.sub_authority_count = elems[3..-1].size
+            self.identifier_authority = [0, 0, 0, 0, 0, elems[2].to_i]
+            self.sub_authority = elems[3..-1].map(&:to_i)
+          when RpcSid
+            super
+          else
+            raise ArgumentError, "Can only assign String or other RpcSid object (got #{val.class})"
+          end
+          self
+        end
+
+        def name
+          sid = case sub_authority.size
+          when 1
+            WELL_KNOWN_SID_NAME[[identifier_authority[-1].to_i, sub_authority[0].to_i]]
+          when 2
+            if identifier_authority[-1] == 5 && sub_authority[0] == 32
+              WELL_KNOWN_RID_NAME[sub_authority[1]]
+            end
+          when 3
+            if identifier_authority[-1] == 5 && sub_authority[0] == 5
+              "Current Session Logon SID"
+            end
+          else
+            if identifier_authority[-1] == 5
+              WELL_KNOWN_RID_NAME[sub_authority.last]
+            end
+          end
+          sid || "Unknown SID (#{self})"
+        end
+      end
+
+      class PrpcSid < RpcSid
+        extend Ndr::PointerClassPlugin
+      end
+
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/samr/samr_close_handle_request.rb

@@ -0,0 +1,23 @@
+module RubySMB
+  module Dcerpc
+    module Samr
+
+      # [3.1.5.13.1 SamrCloseHandle (Opnum 1)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/55d134df-e257-48ad-8afa-cb2ca45cd3cc)
+      class SamrCloseHandleRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        sampr_handle :sam_handle
+
+        def initialize_instance
+          super
+          @opnum = SAMR_CLOSE_HANDLE
+        end
+      end
+
+    end
+  end
+end
+
+

data/lib/ruby_smb/dcerpc/samr/samr_close_handle_response.rb

@@ -0,0 +1,24 @@
+module RubySMB
+  module Dcerpc
+    module Samr
+
+      # [3.1.5.13.1 SamrCloseHandle (Opnum 1)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/55d134df-e257-48ad-8afa-cb2ca45cd3cc)
+      class SamrCloseHandleResponse < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        sampr_handle :sam_handle
+        ndr_uint32   :error_status
+
+        def initialize_instance
+          super
+          @opnum = SAMR_CLOSE_HANDLE
+        end
+      end
+
+    end
+  end
+end
+
+

data/lib/ruby_smb/dcerpc/samr/samr_connect_request.rb

@@ -0,0 +1,32 @@
+module RubySMB
+  module Dcerpc
+    module Samr
+
+      # [2.2.7.1 PSAMPR_SERVER_NAME](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/7a77f1ce-cc55-4e36-a3c2-87c48f835f86)
+      class PsamprServerName < RubySMB::Field::Stringz16
+        default_parameters referent_byte_align: 2
+        extend Ndr::PointerClassPlugin
+      end
+
+      # [3.1.5.1.4 SamrConnect (Opnum 0)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/defe2091-0a61-4dfa-be9a-2c1206d53a1f)
+      class SamrConnectRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        psampr_server_name :server_name
+        # Access control on a server object: bitwise OR of common ACCESS_MASK
+        # and server ACCESS_MASK values (see lib/ruby_smb/dcerpc/samr.rb)
+        ndr_uint32         :desired_access
+
+        def initialize_instance
+          super
+          @opnum = SAMR_CONNECT
+        end
+      end
+
+    end
+  end
+end
+
+

data/lib/ruby_smb/dcerpc/samr/samr_connect_response.rb

@@ -0,0 +1,23 @@
+module RubySMB
+  module Dcerpc
+    module Samr
+
+      # [3.1.5.1.4 SamrConnect (Opnum 0)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/defe2091-0a61-4dfa-be9a-2c1206d53a1f)
+      class SamrConnectResponse < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        sampr_handle :server_handle
+        ndr_uint32   :error_status
+
+        def initialize_instance
+          super
+          @opnum = SAMR_CONNECT
+        end
+      end
+
+    end
+  end
+end
+

data/lib/ruby_smb/dcerpc/samr/samr_enumerate_users_in_domain_request.rb

@@ -0,0 +1,26 @@
+module RubySMB
+  module Dcerpc
+    module Samr
+
+      # [3.1.5.2.5 SamrEnumerateUsersInDomain (Opnum 13)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/6bdc92c0-c692-4ffb-9de7-65858b68da75)
+      class SamrEnumerateUsersInDomainRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        sampr_handle :domain_handle
+        ndr_uint32   :enumeration_context
+        # UserAccountControl flags are defined in lib/ruby_smb/dcerpc/samr.rb
+        ndr_uint32   :user_account_control
+        ndr_uint32   :prefered_maximum_length
+
+        def initialize_instance
+          super
+          @opnum = SAMR_ENUMERATE_USERS_IN_DOMAIN
+        end
+      end
+
+    end
+  end
+end
+

data/lib/ruby_smb/dcerpc/samr/samr_enumerate_users_in_domain_response.rb

@@ -0,0 +1,55 @@
+module RubySMB
+  module Dcerpc
+    module Samr
+
+      # [2.2.3.9 SAMPR_RID_ENUMERATION](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/5c94a35a-e7f2-4675-af34-741f5a8ee1a2)
+      class SamprRidEnumeration < Ndr::NdrStruct
+        default_parameters byte_align: 4
+        endian :little
+
+        ndr_uint32         :relative_id
+        rpc_unicode_string :name
+      end
+
+      class SamprRidEnumerationArray < Ndr::NdrConfArray
+        default_parameter type: :sampr_rid_enumeration
+      end
+
+      class PsamprRidEnumerationArray < SamprRidEnumerationArray
+        extend Ndr::PointerClassPlugin
+      end
+
+      # [2.2.3.10 SAMPR_ENUMERATION_BUFFER](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/c53161a4-38e8-4a28-a33e-0d378fce03dd)
+      class SamprEnumerationBuffer < Ndr::NdrStruct
+        default_parameters byte_align: 4
+        endian :little
+
+        ndr_uint32                   :entries_read
+        psampr_rid_enumeration_array :buffer
+      end
+
+      class PsamprEnumerationBuffer < SamprEnumerationBuffer
+        extend Ndr::PointerClassPlugin
+      end
+
+      # [3.1.5.2.5 SamrEnumerateUsersInDomain (Opnum 13)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/6bdc92c0-c692-4ffb-9de7-65858b68da75)
+      class SamrEnumerateUsersInDomainResponse < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        ndr_uint32                :enumeration_context
+        psampr_enumeration_buffer :buffer
+        ndr_uint32                :count_returned
+        ndr_uint32                :error_status
+
+        def initialize_instance
+          super
+          @opnum = SAMR_ENUMERATE_USERS_IN_DOMAIN
+        end
+      end
+
+    end
+  end
+end
+

data/lib/ruby_smb/dcerpc/samr/samr_get_alias_membership_request.rb

@@ -0,0 +1,48 @@
+module RubySMB
+  module Dcerpc
+    module Samr
+
+      #[2.2.7.6 SAMPR_SID_INFORMATION](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/0c138399-f663-4039-b4e7-b3c9f82bff65)
+      class SamprSidInformation < Ndr::NdrStruct
+        default_parameter byte_align: 4
+
+        rpc_sid :sid_pointer
+      end
+
+      class PsamprSidInformation < SamprSidInformation
+        extend Ndr::PointerClassPlugin
+      end
+
+      class PsamprSidInformationArray < Ndr::NdrConfArray
+        default_parameter type: :psampr_sid_information
+        extend Ndr::PointerClassPlugin
+      end
+
+      # [2.2.7.5 SAMPR_PSID_ARRAY](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/1d40622e-52e4-4aaa-bc77-aa626089f116)
+      class SamprPsidArray < Ndr::NdrStruct
+        default_parameter byte_align: 4
+
+        ndr_uint32                   :sid_count, initial_value: -> { sids.size }
+        psampr_sid_information_array :sids
+      end
+
+      # [3.1.5.9.2 SamrGetAliasMembership (Opnum 16)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/03184045-2208-4c02-b38b-ef955d6dc3ef)
+      class SamrGetAliasMembershipRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        sampr_handle     :domain_handle
+        sampr_psid_array :sid_array
+
+        def initialize_instance
+          super
+          @opnum = SAMR_GET_ALIAS_MEMBERSHIP
+        end
+      end
+
+    end
+  end
+end
+
+

data/lib/ruby_smb/dcerpc/samr/samr_get_alias_membership_response.rb

@@ -0,0 +1,38 @@
+module RubySMB
+  module Dcerpc
+    module Samr
+
+      class PulongArray < Ndr::NdrConfArray
+        default_parameter type: :ndr_uint32
+        extend Ndr::PointerClassPlugin
+      end
+
+      # [2.2.7.4 SAMPR_ULONG_ARRAY](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/2feb3806-4db2-45b7-90d2-86c8336a31ba)
+      class PsamprUlongArray < Ndr::NdrStruct
+        default_parameter byte_align: 4
+
+        ndr_uint32   :elem_count, initial_value: -> { elements.size }
+        pulong_array :elements
+      end
+
+      # [3.1.5.9.2 SamrGetAliasMembership (Opnum 16)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/03184045-2208-4c02-b38b-ef955d6dc3ef)
+      class SamrGetAliasMembershipResponse < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        psampr_ulong_array :membership
+        ndr_uint32         :error_status
+
+        def initialize_instance
+          super
+          @opnum = SAMR_GET_ALIAS_MEMBERSHIP
+        end
+      end
+
+    end
+  end
+end
+
+
+

data/lib/ruby_smb/dcerpc/samr/samr_get_groups_for_user_request.rb

@@ -0,0 +1,23 @@
+module RubySMB
+  module Dcerpc
+    module Samr
+
+      # [3.1.5.9.1 SamrGetGroupsForUser (Opnum 39)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/a4adbf20-040f-4416-a960-e5b7917fdae7)
+      class SamrGetGroupsForUserRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        sampr_handle :user_handle
+
+        def initialize_instance
+          super
+          @opnum = SAMR_GET_GROUPS_FOR_USER
+        end
+      end
+
+    end
+  end
+end
+
+

data/lib/ruby_smb/dcerpc/samr/samr_get_groups_for_user_response.rb

@@ -0,0 +1,48 @@
+module RubySMB
+  module Dcerpc
+    module Samr
+
+      # [[2.2.7.12 GROUP_MEMBERSHIP](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/dc0d27ac-5218-4709-9d1b-cab6f6d90b10)
+      class GroupMembership < Ndr::NdrStruct
+        default_parameter byte_align: 4
+
+        ndr_uint32 :relative_id
+        ndr_uint32 :attributes
+      end
+
+      class PgroupMembershipArray < Ndr::NdrConfArray
+        default_parameter type: :group_membership
+        extend Ndr::PointerClassPlugin
+      end
+
+      # [2.2.7.13 SAMPR_GET_GROUPS_BUFFER](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/31879676-cc95-4cf1-8f75-c09ddcef8750)
+      class SamprGetGroupsBuffer < Ndr::NdrStruct
+        default_parameter byte_align: 4
+
+        ndr_uint32              :membership_count, initial_value: -> { groups.size }
+        pgroup_membership_array :groups
+      end
+
+      class PsamprGetGroupsBuffer < SamprGetGroupsBuffer
+        extend Ndr::PointerClassPlugin
+      end
+
+      # [3.1.5.9.1 SamrGetGroupsForUser (Opnum 39)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/a4adbf20-040f-4416-a960-e5b7917fdae7)
+      class SamrGetGroupsForUserResponse < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        psampr_get_groups_buffer :groups
+        ndr_uint32               :error_status
+
+        def initialize_instance
+          super
+          @opnum = SAMR_GET_GROUPS_FOR_USER
+        end
+      end
+
+    end
+  end
+end
+

data/lib/ruby_smb/dcerpc/samr/samr_lookup_domain_in_sam_server_request.rb

@@ -0,0 +1,24 @@
+module RubySMB
+  module Dcerpc
+    module Samr
+
+      # [3.1.5.11.1 SamrLookupDomainInSamServer (Opnum 5)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/47492d59-e095-4398-b03e-8a062b989123)
+      class SamrLookupDomainInSamServerRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        sampr_handle        :server_handle
+        rpc_unicode_string  :name
+
+        def initialize_instance
+          super
+          @opnum = SAMR_LOOKUP_DOMAIN_IN_SAM_SERVER
+        end
+      end
+
+    end
+  end
+end
+
+

data/lib/ruby_smb/dcerpc/samr/samr_lookup_domain_in_sam_server_response.rb

@@ -0,0 +1,25 @@
+module RubySMB
+  module Dcerpc
+    module Samr
+
+      # [3.1.5.11.1 SamrLookupDomainInSamServer (Opnum 5)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/47492d59-e095-4398-b03e-8a062b989123)
+      class SamrLookupDomainInSamServerResponse < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        prpc_sid   :domain_id
+        ndr_uint32 :error_status
+
+        def initialize_instance
+          super
+          @opnum = SAMR_LOOKUP_DOMAIN_IN_SAM_SERVER
+        end
+      end
+
+    end
+  end
+end
+
+
+

data/lib/ruby_smb/dcerpc/samr/samr_open_domain_request.rb

@@ -0,0 +1,27 @@
+module RubySMB
+  module Dcerpc
+    module Samr
+
+      # [3.1.5.1.5 SamrOpenDomain (Opnum 7)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/ba710c90-5b12-42f8-9e5a-d4aacc1329fa)
+      class SamrOpenDomainRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        sampr_handle :server_handle
+        # Access control on a server object: bitwise OR of common ACCESS_MASK
+        # and domain ACCESS_MASK values (see lib/ruby_smb/dcerpc/samr.rb)
+        ndr_uint32   :desired_access
+        rpc_sid      :domain_id
+
+        def initialize_instance
+          super
+          @opnum = SAMR_OPEN_DOMAIN
+        end
+      end
+
+    end
+  end
+end
+
+

data/lib/ruby_smb/dcerpc/samr/samr_open_domain_response.rb

@@ -0,0 +1,24 @@
+module RubySMB
+  module Dcerpc
+    module Samr
+
+      # [3.1.5.1.5 SamrOpenDomain (Opnum 7)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/ba710c90-5b12-42f8-9e5a-d4aacc1329fa)
+      class SamrOpenDomainResponse < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        sampr_handle :domain_handle
+        ndr_uint32   :error_status
+
+        def initialize_instance
+          super
+          @opnum = SAMR_OPEN_DOMAIN
+        end
+      end
+
+    end
+  end
+end
+
+

data/lib/ruby_smb/dcerpc/samr/samr_open_user_request.rb

@@ -0,0 +1,26 @@
+module RubySMB
+  module Dcerpc
+    module Samr
+
+      # [3.1.5.1.9 SamrOpenUser (Opnum 34)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/0aee1c31-ec40-4633-bb56-0cf8429093c0)
+      class SamrOpenUserRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        sampr_handle :domain_handle
+        # Access control on a server object: bitwise OR of common ACCESS_MASK
+        # and user ACCESS_MASK values (see lib/ruby_smb/dcerpc/samr.rb)
+        ndr_uint32   :desired_access
+        ndr_uint32   :user_id
+
+        def initialize_instance
+          super
+          @opnum = SAMR_OPEN_USER
+        end
+      end
+
+    end
+  end
+end
+

data/lib/ruby_smb/dcerpc/samr/samr_open_user_response.rb

@@ -0,0 +1,24 @@
+module RubySMB
+  module Dcerpc
+    module Samr
+
+      # [3.1.5.1.9 SamrOpenUser (Opnum 34)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/0aee1c31-ec40-4633-bb56-0cf8429093c0)
+      class SamrOpenUserResponse < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        sampr_handle :user_handle
+        ndr_uint32   :error_status
+
+        def initialize_instance
+          super
+          @opnum = SAMR_OPEN_USER
+        end
+      end
+
+    end
+  end
+end
+
+

data/lib/ruby_smb/dcerpc/samr/samr_rid_to_sid_request.rb

@@ -0,0 +1,23 @@
+module RubySMB
+  module Dcerpc
+    module Samr
+
+      # [3.1.5.13.5 SamrRidToSid (Opnum 65)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/00ff8192-a4f6-45ba-9f65-917e46b6a693)
+      class SamrRidToSidRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        sampr_handle :object_handle
+        ndr_uint32   :rid
+
+        def initialize_instance
+          super
+          @opnum = SAMR_RID_TO_SID
+        end
+      end
+
+    end
+  end
+end
+