ruby_smb 3.1.4 → 3.1.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 587f03eec26c36a6ca67ffde30bb05881a456609dff32873b912e7763d266f25
-  data.tar.gz: 18c3b50b89657fe874d0a13904dad2b36c01c49089f01b5a3821d1733eb07c61
+  metadata.gz: 4749ae5185070d44e447593cd863ee5ac17a87468b16b14a251f68e0166b7663
+  data.tar.gz: b63378e4367136e0c6dffc35aa02b5c5ce1df450d5b64300eaee060e7938e9ec
 SHA512:
-  metadata.gz: cd6f94e4b093ecab453e6e7f2056bfb7b52fbf2cfec51a26eceb2761b98c78bfd0fe273f083b1ec7db69f553ac7b8fb594e4d7c31ea8468e02337611b0bd4541
-  data.tar.gz: 4b5d924834a9168458ad50afcf6b27df5ba9ab50632b4b81db1e226235c7ebe80540e05fdc4aa6a6a608a6365e83f937304e0289a9d8e5689480f3021f6dd07e
+  metadata.gz: f09557d4ba6148796bb6adf2c1169ebad237f021527975fabb179e1eb2099cfb2c17e45d3b57629c7fc61106092317076e41c77d39f8cb3d4335d280a75e144c
+  data.tar.gz: e969cc9f474e64e4cf7ba9bcf39e1dfc30b9e365bf6c758abd1e7ff905a6e9a3a8f3c3b33fc88f3104b7998201406d8b78bca34e746c58cfa4c03353bd94f789

data/lib/ruby_smb/client/authentication.rb

@@ -80,7 +80,7 @@ module RubySMB
         type2_b64_message = smb1_type2_message(challenge_packet)
         type3_message = @ntlm_client.init_context(type2_b64_message)
 
-        @session_key = @ntlm_client.session_key
+        @application_key = @session_key = @ntlm_client.session_key
         challenge_message = @ntlm_client.session.challenge_message
         store_target_info(challenge_message.target_info) if challenge_message.has_flag?(:TARGET_INFO)
         @os_version = extract_os_version(challenge_message.os_version.to_s) unless challenge_message.os_version.empty?
@@ -210,7 +210,7 @@ module RubySMB
         type2_b64_message = smb2_type2_message(challenge_packet)
         type3_message = @ntlm_client.init_context(type2_b64_message)
 
-        @session_key = @ntlm_client.session_key
+        @application_key = @session_key = @ntlm_client.session_key
         challenge_message = ntlm_client.session.challenge_message
         store_target_info(challenge_message.target_info) if challenge_message.has_flag?(:TARGET_INFO)
         @os_version = extract_os_version(challenge_message.os_version.to_s) unless challenge_message.os_version.empty?
@@ -227,6 +227,21 @@ module RubySMB
             # disable encryption when necessary
             @session_encrypt_data = false
           end
+
+          # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/7fd079ca-17e6-4f02-8449-46b606ea289c
+          if @dialect == '0x0300' || @dialect == '0x0302'
+            @application_key = RubySMB::Crypto::KDF.counter_mode(
+              @session_key,
+              "SMB2APP\x00",
+              "SmbRpc\x00"
+            )
+          else
+            @application_key = RubySMB::Crypto::KDF.counter_mode(
+              @session_key,
+              "SMBAppKey\x00",
+              @preauth_integrity_hash_value
+            )
+          end
           # otherwise, leave encryption to the default value that it was initialized to
         end
         ######

data/lib/ruby_smb/client.rb

@@ -54,6 +54,13 @@ module RubySMB
     # The default maximum size of a SMB message that the Server accepts (in bytes)
     SERVER_MAX_BUFFER_SIZE = 4356
 
+    # The application key. After authenticating to the remote server, this value is the session key for dialects less
+    # than version 3 and a unique value for v3 dialects. See:
+    # https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/901ae284-31d3-4ea1-ae8a-766fc8bfe00e
+    # @!attribute [rw] application_key
+    #   @return [String]
+    attr_accessor :application_key
+
     # The dispatcher responsible for sending packets
     # @!attribute [rw] dispatcher
     #   @return [RubySMB::Dispatcher::Socket]
@@ -288,7 +295,7 @@ module RubySMB
     attr_accessor :negotiated_smb_version
 
     # Whether or not the server supports multi-credit operations. It is
-    # reported by the LARGE_MTU capabiliy as part of the negotiation process
+    # reported by the LARGE_MTU capability as part of the negotiation process
     # (SMB 2.x and 3.x).
     # @!attribute [rw] server_supports_multi_credit
     #   @return [Boolean] true if the server supports multi-credit operations,
@@ -319,6 +326,7 @@ module RubySMB
       @sequence_counter  = 0
       @session_id        = 0x00
       @session_key       = ''
+      @application_key   = ''
       @session_is_guest  = false
       @signing_required  = false
       @smb1              = smb1
@@ -623,6 +631,7 @@ module RubySMB
     def wipe_state!
       self.session_id       = 0x00
       self.user_id          = 0x00
+      self.application_key  = ''
       self.session_key      = ''
       self.session_is_guest = false
       self.sequence_counter = 0

data/lib/ruby_smb/dcerpc/error.rb

@@ -13,6 +13,19 @@ module RubySMB
       # Raised when an invalid packet is received
       class InvalidPacket < DcerpcError; end
 
+      # Raised when a fault response is received
+      class FaultError < InvalidPacket
+        attr_reader :status_code
+        def initialize(message=nil, status:)
+          @status_code = status
+          super(message)
+        end
+
+        def status_name
+          RubySMB::Dcerpc::Fault::Status.name(@status_code)
+        end
+      end
+
       # Raised when an error is returned during a Winreg operation
       class WinregError < DcerpcError; end
 

data/lib/ruby_smb/dcerpc/fault.rb

@@ -0,0 +1,83 @@
+module RubySMB::Dcerpc::Fault
+  module Status
+    # DCERPC
+    NCA_S_FAULT_OTHER              = 0x00000001
+    NCA_S_FAULT_ACCESS_DENIED      = 0x00000005
+    NCA_S_FAULT_NDR                = 0x000006F7
+    NCA_S_FAULT_CANT_PERFORM       = 0x000006D8
+    NCA_S_FAULT_INT_DIV_BY_ZERO    = 0x1C000001
+    NCA_S_FAULT_ADDR_ERROR         = 0x1C000002
+    NCA_S_FAULT_FP_DIV_ZERO        = 0x1C000003
+    NCA_S_FAULT_FP_UNDERFLOW       = 0x1C000004
+    NCA_S_FAULT_FP_OVERFLOW        = 0x1C000005
+    NCA_S_FAULT_INVALID_TAG        = 0x1C000006
+    NCA_S_FAULT_INVALID_BOUND      = 0x1C000007
+    NCA_RPC_VERSION_MISMATCH       = 0x1C000008
+    NCA_UNSPEC_REJECT              = 0x1C000009
+    NCA_S_BAD_ACTID                = 0x1C00000A
+    NCA_WHO_ARE_YOU_FAILED         = 0x1C00000B
+    NCA_MANAGER_NOT_ENTERED        = 0x1C00000C
+    NCA_S_FAULT_CANCEL             = 0x1C00000D
+    NCA_S_FAULT_ILL_INST           = 0x1C00000E
+    NCA_S_FAULT_FP_ERROR           = 0x1C00000F
+    NCA_S_FAULT_INT_OVERFLOW       = 0x1C000010
+    NCA_S_FAULT_PIPE_EMPTY         = 0x1C000014
+    NCA_S_FAULT_PIPE_CLOSED        = 0x1C000015
+    NCA_S_FAULT_PIPE_ORDER         = 0x1C000016
+    NCA_S_FAULT_PIPE_DISCIPLINE    = 0x1C000017
+    NCA_S_FAULT_PIPE_COMM_ERROR    = 0x1C000018
+    NCA_S_FAULT_PIPE_MEMORY        = 0x1C000019
+    NCA_S_FAULT_CONTEXT_MISMATCH   = 0x1C00001A
+    NCA_S_FAULT_REMOTE_NO_MEMORY   = 0x1C00001B
+    NCA_INVALID_PRES_CONTEXT_ID    = 0x1C00001C
+    NCA_UNSUPPORTED_AUTHN_LEVEL    = 0x1C00001D
+    NCA_INVALID_CHECKSUM           = 0x1C00001F
+    NCA_INVALID_CRC                = 0x1C000020
+    NCS_S_FAULT_USER_DEFINED       = 0x1C000021
+    NCA_S_FAULT_TX_OPEN_FAILED     = 0x1C000022
+    NCA_S_FAULT_CODESET_CONV_ERROR = 0x1C000023
+    NCA_S_FAULT_OBJECT_NOT_FOUND   = 0x1C000024
+    NCA_S_FAULT_NO_CLIENT_STUB     = 0x1C000025
+    NCA_OP_RNG_ERROR               = 0x1C010002
+    NCA_UNK_IF                     = 0x1C010003
+    NCA_WRONG_BOOT_TIME            = 0x1C010006
+    NCA_S_YOU_CRASHED              = 0x1C010009
+    NCA_PROTO_ERROR                = 0x1C01000B
+    NCA_OUT_ARGS_TOO_BIG           = 0x1C010013
+    NCA_SERVER_TOO_BUSY            = 0x1C010014
+    NCA_UNSUPPORTED_TYPE           = 0x1C010017
+    # Microsoft specific codes
+    E_NOTIMPL                      = 0x80004001
+    E_POINTER                      = 0x80004003
+    E_AOBRT                        = 0x80004004
+    E_UNEXPECTED                   = 0x8000FFFF
+    RPC_E_SERVERFAULT              = 0x80010105
+    RPC_E_DISCONNECTED             = 0x80010108
+    RPC_E_INVALID_IPID             = 0x80010113
+    RPC_E_TIMEOUT                  = 0x8001011F
+    DISP_E_MEMBERNOTFOUND          = 0x80020003
+    DISP_E_UNKNOWNNAME             = 0x80020006
+    DISP_E_BADPARAMCOUNT           = 0x8002000E
+    CBA_E_MALFORMED                = 0x8004CB00
+    CBA_E_UNKNOWNOBJECT            = 0x8004CB01
+    CBA_E_INVALIDID                = 0x8004CB05
+    CBA_E_INVALIDCOOKIE            = 0x8004CB09
+    CBA_E_QOSTYPEUNSUPPORTED       = 0x8004CB0B
+    CBA_E_QOSVALUEUNSUPPORTED      = 0x8004CB0C
+    CBA_E_NOTAPPLICABLE            = 0x8004CB0F
+    CBA_E_LIMITVIOLATION           = 0x8004CB12
+    CBA_E_QOSTYPENOTAPPLICABLE     = 0x8004CB13
+    CBA_E_OUTOFPARTNERACCOS        = 0x8004CB18
+    CBA_E_FLAGUNSUPPORTED          = 0x8004CB1C
+    CBA_E_FRAMECOUNTUNSUPPORTED    = 0x8004CB23
+    CBA_E_MODECHANGE               = 0x8004CB25
+    E_OUTOFMEMORY                  = 0x8007000E
+    E_INVALIDARG                   = 0x80070057
+    RPC_S_PROCNUM_OUT_OF_RANGE     = 0x800706D1
+    OR_INVALID_OXID                = 0x80070776
+
+    def self.name(value)
+      constants.select { |c| c.upcase == c }.find { |c| const_get(c) == value }
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/ndr.rb

@@ -312,29 +312,31 @@ module RubySMB::Dcerpc::Ndr
     def initialize_instance
       @read_until_index = 0
       @max_count = 0
+      @max_count_set = false
       super
     end
 
     def insert(index, *objs)
       obj = super
-      @max_count = length
+      @max_count = length unless @max_count_set
       obj
     end
 
     def slice_index(index)
       obj = super
-      @max_count = length
+      @max_count = length unless @max_count_set
       obj
     end
 
     def []=(index, value)
       obj = super
-      @max_count = length
+      @max_count = length unless @max_count_set
       obj
     end
 
     def set_max_count(val)
       @max_count = @read_until_index = val
+      @max_count_set = true
     end
   end
 
@@ -650,7 +652,7 @@ module RubySMB::Dcerpc::Ndr
     include ConstructedTypePlugin
 
     def should_process_max_count?
-      # According to the NDR defintion for Structures Containing a Conformant
+      # According to the NDR definition for Structures Containing a Conformant
       # Array:
       #
       # "In the NDR representation of a structure that contains a
@@ -761,13 +763,13 @@ module RubySMB::Dcerpc::Ndr
         return (4 - (rel_offset % 4)) % 4
       end
       if obj.is_a?(ConfPlugin)
-        # `max_count` should have been handled at the begining of the structure
+        # `max_count` should have been handled at the beginning of the structure
         # already. We need to fix `rel_offset` since it includes the
         # `max_count` 4 bytes, plus the possible padding bytes needed to align
         # the structure. This is required because BinData Struct is not
-        # aware of `max_count` and considere the first field to be the begining
+        # aware of `max_count` and consider the first field to be the beginning
         # of the structure instead. We have to make sure the alignment is
-        # calculated from the begining of the structure.
+        # calculated from the beginning of the structure.
         align = eval_parameter(:byte_align)
         pad_length = (align - (4 % align)) % align
         rel_offset += (4 + pad_length)
@@ -776,7 +778,7 @@ module RubySMB::Dcerpc::Ndr
         # (not Varying). The size information (max_count) has been place in
         # from of the structure and no other size information is present before
         # the actual elements of the array. Therefore, the alignment must be
-        # done accroding to th rules of the elements. Since a NdrArray has its
+        # done according to the rules of the elements. Since a NdrArray has its
         # default :byte_align value set to 4 (:max_count size), we have to make
         # sure the element size is used instead.
         unless obj.is_a?(VarPlugin)
@@ -838,6 +840,10 @@ module RubySMB::Dcerpc::Ndr
     end
   end
 
+  #
+  # [Unions](https://pubs.opengroup.org/onlinepubs/9629399/chap14.htm#tagcjh_19_03_08)
+  #
+
   # TODO: Unions
   # TODO: Pipes
 
@@ -1207,6 +1213,11 @@ module RubySMB::Dcerpc::Ndr
     extend PointerClassPlugin
   end
 
+  class NdrUint16ArrayPtr < NdrConfVarArray
+    default_parameters type: :ndr_uint16
+    extend PointerClassPlugin
+  end
+
   class NdrFileTimePtr < NdrFileTime
     extend PointerClassPlugin
   end

data/lib/ruby_smb/dcerpc/request.rb

@@ -60,16 +60,21 @@ module RubySMB
           string                          :default
         end
         choice 'Samr', selection: -> { opnum } do
-          samr_connect_request                     Samr::SAMR_CONNECT
-          samr_lookup_domain_in_sam_server_request Samr::SAMR_LOOKUP_DOMAIN_IN_SAM_SERVER
-          samr_open_domain_request                 Samr::SAMR_OPEN_DOMAIN
-          samr_enumerate_users_in_domain_request   Samr::SAMR_ENUMERATE_USERS_IN_DOMAIN
-          samr_rid_to_sid_request                  Samr::SAMR_RID_TO_SID
-          samr_close_handle_request                Samr::SAMR_CLOSE_HANDLE
-          samr_get_alias_membership_request        Samr::SAMR_GET_ALIAS_MEMBERSHIP
-          samr_open_user_request                   Samr::SAMR_OPEN_USER
-          samr_get_groups_for_user_request         Samr::SAMR_GET_GROUPS_FOR_USER
-          string                                   :default
+          samr_connect_request                         Samr::SAMR_CONNECT
+          samr_lookup_domain_in_sam_server_request     Samr::SAMR_LOOKUP_DOMAIN_IN_SAM_SERVER
+          samr_open_domain_request                     Samr::SAMR_OPEN_DOMAIN
+          samr_enumerate_users_in_domain_request       Samr::SAMR_ENUMERATE_USERS_IN_DOMAIN
+          samr_rid_to_sid_request                      Samr::SAMR_RID_TO_SID
+          samr_close_handle_request                    Samr::SAMR_CLOSE_HANDLE
+          samr_get_alias_membership_request            Samr::SAMR_GET_ALIAS_MEMBERSHIP
+          samr_open_user_request                       Samr::SAMR_OPEN_USER
+          samr_get_groups_for_user_request             Samr::SAMR_GET_GROUPS_FOR_USER
+          samr_enumerate_domains_in_sam_server_request Samr::SAMR_ENUMERATE_DOMAINS_IN_SAM_SERVER
+          samr_lookup_names_in_domain_request          Samr::SAMR_LOOKUP_NAMES_IN_DOMAIN
+          samr_create_user2_in_domain_request          Samr::SAMR_CREATE_USER2_IN_DOMAIN
+          samr_set_information_user2_request           Samr::SAMR_SET_INFORMATION_USER2
+          samr_delete_user_request                     Samr::SAMR_DELETE_USER
+          string                                       :default
         end
         choice 'Wkssvc', selection: -> { opnum } do
           netr_wksta_get_info_request Wkssvc::NETR_WKSTA_GET_INFO

data/lib/ruby_smb/dcerpc/rrp_rpc_unicode_string.rb

@@ -109,6 +109,11 @@ module RubySMB
       end
     end
 
+    class RpcUnicodeStringConfVarArray < Ndr::NdrConfVarArray
+      extend Ndr::ArrayClassPlugin
+      default_parameters type: :rpc_unicode_string
+    end
+
     # A pointer to a RPC_UNICODE_STRING structure
     class PrpcUnicodeString < RpcUnicodeString
       extend Ndr::PointerClassPlugin

data/lib/ruby_smb/dcerpc/samr/samr_create_user2_in_domain_request.rb

@@ -0,0 +1,24 @@
+module RubySMB
+  module Dcerpc
+    module Samr
+
+      # [3.1.5.4.4 SamrCreateUser2InDomain (Opnum 50)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/a98d7fbb-1735-4fbf-b41a-ef363c899002)
+      class SamrCreateUser2InDomainRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        sampr_handle         :domain_handle
+        rpc_unicode_string   :name
+        ndr_uint32           :account_type
+        ndr_uint32           :desired_access
+
+        def initialize_instance
+          super
+          @opnum = SAMR_CREATE_USER2_IN_DOMAIN
+        end
+      end
+
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/samr/samr_create_user2_in_domain_response.rb

@@ -0,0 +1,24 @@
+module RubySMB
+  module Dcerpc
+    module Samr
+
+      # [3.1.5.4.4 SamrCreateUser2InDomain (Opnum 50)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/a98d7fbb-1735-4fbf-b41a-ef363c899002)
+      class SamrCreateUser2InDomainResponse < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        sampr_handle         :user_handle
+        ndr_uint32           :granted_access
+        ndr_uint32           :relative_id
+        ndr_uint32           :error_status
+
+        def initialize_instance
+          super
+          @opnum = SAMR_CREATE_USER2_IN_DOMAIN
+        end
+      end
+
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/samr/samr_delete_user_request.rb

@@ -0,0 +1,21 @@
+module RubySMB
+  module Dcerpc
+    module Samr
+
+      # [3.1.5.7.3 SamrDeleteUser (Opnum 35)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/4643a579-56ec-4c66-a1ef-4ab78dd21d73)
+      class SamrDeleteUserRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        sampr_handle :user_handle
+
+        def initialize_instance
+          super
+          @opnum = SAMR_DELETE_USER
+        end
+      end
+
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/samr/samr_delete_user_response.rb

@@ -0,0 +1,22 @@
+module RubySMB
+  module Dcerpc
+    module Samr
+
+      # [3.1.5.7.3 SamrDeleteUser (Opnum 35)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/4643a579-56ec-4c66-a1ef-4ab78dd21d73)
+      class SamrDeleteUserResponse < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        sampr_handle :user_handle
+        ndr_uint32   :error_status
+
+        def initialize_instance
+          super
+          @opnum = SAMR_DELETE_USER
+        end
+      end
+
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/samr/samr_enumerate_domains_in_sam_server_request.rb

@@ -0,0 +1,25 @@
+module RubySMB
+  module Dcerpc
+    module Samr
+
+      # [3.1.5.2.1 SamrEnumerateDomainsInSamServer (Opnum 6)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/2142fd2d-0854-42c1-a9fb-2fe964e381ce)
+      class SamrEnumerateDomainsInSamServerRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        sampr_handle :server_handle
+        ndr_uint32   :enumeration_context
+        ndr_uint32   :prefered_maximum_length
+
+        def initialize_instance
+          super
+          @opnum = SAMR_ENUMERATE_DOMAINS_IN_SAM_SERVER
+        end
+      end
+
+    end
+  end
+end
+
+

data/lib/ruby_smb/dcerpc/samr/samr_enumerate_domains_in_sam_server_response.rb

@@ -0,0 +1,25 @@
+module RubySMB
+  module Dcerpc
+    module Samr
+
+      # [3.1.5.2.1 SamrEnumerateDomainsInSamServer (Opnum 6)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/2142fd2d-0854-42c1-a9fb-2fe964e381ce)
+      class SamrEnumerateDomainsInSamServerResponse < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        ndr_uint32                :enumeration_context
+        psampr_enumeration_buffer :buffer
+        ndr_uint32                :count_returned
+        ndr_uint32                :error_status
+
+        def initialize_instance
+          super
+          @opnum = SAMR_ENUMERATE_DOMAINS_IN_SAM_SERVER
+        end
+      end
+
+    end
+  end
+end
+

data/lib/ruby_smb/dcerpc/samr/samr_enumerate_users_in_domain_response.rb

@@ -2,36 +2,6 @@ module RubySMB
   module Dcerpc
     module Samr
 
-      # [2.2.3.9 SAMPR_RID_ENUMERATION](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/5c94a35a-e7f2-4675-af34-741f5a8ee1a2)
-      class SamprRidEnumeration < Ndr::NdrStruct
-        default_parameters byte_align: 4
-        endian :little
-
-        ndr_uint32         :relative_id
-        rpc_unicode_string :name
-      end
-
-      class SamprRidEnumerationArray < Ndr::NdrConfArray
-        default_parameter type: :sampr_rid_enumeration
-      end
-
-      class PsamprRidEnumerationArray < SamprRidEnumerationArray
-        extend Ndr::PointerClassPlugin
-      end
-
-      # [2.2.3.10 SAMPR_ENUMERATION_BUFFER](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/c53161a4-38e8-4a28-a33e-0d378fce03dd)
-      class SamprEnumerationBuffer < Ndr::NdrStruct
-        default_parameters byte_align: 4
-        endian :little
-
-        ndr_uint32                   :entries_read
-        psampr_rid_enumeration_array :buffer
-      end
-
-      class PsamprEnumerationBuffer < SamprEnumerationBuffer
-        extend Ndr::PointerClassPlugin
-      end
-
       # [3.1.5.2.5 SamrEnumerateUsersInDomain (Opnum 13)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/6bdc92c0-c692-4ffb-9de7-65858b68da75)
       class SamrEnumerateUsersInDomainResponse < BinData::Record
         attr_reader :opnum
@@ -52,4 +22,3 @@ module RubySMB
     end
   end
 end
-

data/lib/ruby_smb/dcerpc/samr/samr_get_alias_membership_response.rb

@@ -2,26 +2,13 @@ module RubySMB
   module Dcerpc
     module Samr
 
-      class PulongArray < Ndr::NdrConfArray
-        default_parameter type: :ndr_uint32
-        extend Ndr::PointerClassPlugin
-      end
-
-      # [2.2.7.4 SAMPR_ULONG_ARRAY](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/2feb3806-4db2-45b7-90d2-86c8336a31ba)
-      class PsamprUlongArray < Ndr::NdrStruct
-        default_parameter byte_align: 4
-
-        ndr_uint32   :elem_count, initial_value: -> { elements.size }
-        pulong_array :elements
-      end
-
       # [3.1.5.9.2 SamrGetAliasMembership (Opnum 16)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/03184045-2208-4c02-b38b-ef955d6dc3ef)
       class SamrGetAliasMembershipResponse < BinData::Record
         attr_reader :opnum
 
         endian :little
 
-        psampr_ulong_array :membership
+        sampr_ulong_array  :membership
         ndr_uint32         :error_status
 
         def initialize_instance

data/lib/ruby_smb/dcerpc/samr/samr_lookup_names_in_domain_request.rb

@@ -0,0 +1,23 @@
+module RubySMB
+  module Dcerpc
+    module Samr
+
+      # [3.1.5.11.2 SamrLookupNamesInDomain (Opnum 17)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/d91271c6-7b2e-4194-9927-8fabfa429f90)
+      class SamrLookupNamesInDomainRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        sampr_handle                      :domain_handle
+        ndr_uint32                        :names_count
+        rpc_unicode_string_conf_var_array :names
+
+        def initialize_instance
+          super
+          @opnum = SAMR_LOOKUP_NAMES_IN_DOMAIN
+        end
+      end
+
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/samr/samr_lookup_names_in_domain_response.rb

@@ -0,0 +1,23 @@
+module RubySMB
+  module Dcerpc
+    module Samr
+
+      # [3.1.5.11.2 SamrLookupNamesInDomain (Opnum 17)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/d91271c6-7b2e-4194-9927-8fabfa429f90)
+      class SamrLookupNamesInDomainResponse < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        sampr_ulong_array  :relative_ids
+        sampr_ulong_array  :use
+        ndr_uint32         :error_status
+
+        def initialize_instance
+          super
+          @opnum = SAMR_LOOKUP_NAMES_IN_DOMAIN
+        end
+      end
+
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/samr/samr_set_information_user2_request.rb

@@ -0,0 +1,23 @@
+module RubySMB
+  module Dcerpc
+    module Samr
+
+      # [3.1.5.6.4 SamrSetInformationUser2 (Opnum 58)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/99ee9f39-43e8-4bba-ac3a-82e0c0e0699e)
+      class SamrSetInformationUser2Request < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        sampr_handle           :user_handle
+        ndr_uint16             :user_information_class, initial_value: -> { buffer.tag }
+        sampr_user_info_buffer :buffer
+
+        def initialize_instance
+          super
+          @opnum = SAMR_SET_INFORMATION_USER2
+        end
+      end
+
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/samr/samr_set_information_user2_response.rb

@@ -0,0 +1,21 @@
+module RubySMB
+  module Dcerpc
+    module Samr
+
+      # [3.1.5.6.4 SamrSetInformationUser2 (Opnum 58)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/99ee9f39-43e8-4bba-ac3a-82e0c0e0699e)
+      class SamrSetInformationUser2Response < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        ndr_uint32 :error_status
+
+        def initialize_instance
+          super
+          @opnum = SAMR_SET_INFORMATION_USER2
+        end
+      end
+
+    end
+  end
+end