ruby_smb 3.3.6 → 3.3.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data/README.md +14 -0
  4. data/examples/registry_key_security_descriptor.rb +109 -0
  5. data/lib/ruby_smb/client/winreg.rb +12 -0
  6. data/lib/ruby_smb/dcerpc/error.rb +3 -0
  7. data/lib/ruby_smb/dcerpc/lsarpc/lsar_close_handle_request.rb +22 -0
  8. data/lib/ruby_smb/dcerpc/lsarpc/lsar_close_handle_response.rb +23 -0
  9. data/lib/ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_request.rb +26 -0
  10. data/lib/ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_response.rb +25 -0
  11. data/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy2_request.rb +24 -0
  12. data/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy2_response.rb +23 -0
  13. data/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy_request.rb +24 -0
  14. data/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy_response.rb +23 -0
  15. data/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_request.rb +23 -0
  16. data/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_response.rb +23 -0
  17. data/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_request.rb +23 -0
  18. data/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_response.rb +23 -0
  19. data/lib/ruby_smb/dcerpc/lsarpc.rb +634 -2
  20. data/lib/ruby_smb/dcerpc/ndr.rb +10 -4
  21. data/lib/ruby_smb/dcerpc/request.rb +26 -16
  22. data/lib/ruby_smb/dcerpc/rrp_rpc_unicode_string.rb +1 -1
  23. data/lib/ruby_smb/dcerpc/samr/rpc_sid.rb +1 -1
  24. data/lib/ruby_smb/dcerpc/winreg/get_key_security_request.rb +26 -0
  25. data/lib/ruby_smb/dcerpc/winreg/get_key_security_response.rb +26 -0
  26. data/lib/ruby_smb/dcerpc/winreg/query_value_response.rb +2 -0
  27. data/lib/ruby_smb/dcerpc/winreg/set_key_security_request.rb +26 -0
  28. data/lib/ruby_smb/dcerpc/winreg/set_key_security_response.rb +25 -0
  29. data/lib/ruby_smb/dcerpc/winreg.rb +121 -9
  30. data/lib/ruby_smb/field/security_descriptor.rb +17 -0
  31. data/lib/ruby_smb/version.rb +1 -1
  32. data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_close_handle_request_spec.rb +40 -0
  33. data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_close_handle_response_spec.rb +46 -0
  34. data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_request_spec.rb +69 -0
  35. data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_response_spec.rb +56 -0
  36. data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy2_request_spec.rb +68 -0
  37. data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy2_response_spec.rb +46 -0
  38. data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy_request_spec.rb +68 -0
  39. data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy_response_spec.rb +45 -0
  40. data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_request_spec.rb +47 -0
  41. data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_response_spec.rb +54 -0
  42. data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_request_spec.rb +46 -0
  43. data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_response_spec.rb +53 -0
  44. data/spec/lib/ruby_smb/dcerpc/ndr_spec.rb +80 -0
  45. data/spec/lib/ruby_smb/dcerpc/winreg_spec.rb +267 -18
  46. data.tar.gz.sig +0 -0
  47. metadata +44 -3
  48. metadata.gz.sig +0 -0
@@ -1,11 +1,643 @@
1
+ require 'ruby_smb/dcerpc/ndr'
2
+ require 'ruby_smb/dcerpc/rrp_rpc_unicode_string'
3
+ require 'ruby_smb/dcerpc/samr/rpc_sid'
4
+ require 'ruby_smb/dcerpc/uuid'
5
+
1
6
  module RubySMB
2
7
  module Dcerpc
3
8
  module Lsarpc
9
+
4
10
  # see: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dssp/6f843846-2494-4d49-b715-2f181317dd34
5
- UUID = 'c681d488-d850-11d0-8c52-00c04fd90f7e'.freeze
6
- VER_MAJOR = 1
11
+ UUID = '12345778-1234-abcd-ef00-0123456789ab'.freeze
12
+ VER_MAJOR = 0
7
13
  VER_MINOR = 0
8
14
 
15
+ # OPNUMS
16
+ LSAR_CLOSE_HANDLE = 0
17
+ LSAR_OPEN_POLICY = 6
18
+ LSAR_QUERY_INFORMATION_POLICY = 7
19
+ LSAR_LOOKUP_SIDS = 15
20
+ LSAR_OPEN_POLICY2 = 44
21
+ LSAR_QUERY_INFORMATION_POLICY2 = 46
22
+
23
+ ################
24
+ # ACCESS_MASK Values
25
+
26
+ # [2.2.1.1 ACCESS_MASK](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/7aeb7f17-0a6e-4f04-ac7e-7b1363cf9ecf)
27
+ # [2.4.3 ACCESS_MASK](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/7a53f60e-e730-4dfe-bbe9-b21b62eb790b)
28
+ DELETE = 0x00010000
29
+ READ_CONTROL = 0x00020000
30
+ WRITE_DACL = 0x00040000
31
+ WRITE_OWNER = 0x00040000
32
+ SYNCHRONIZE = 0x00100000
33
+ ACCESS_SYSTEM_SECURITY = 0x01000000
34
+ MAXIMUM_ALLOWED = 0x02000000
35
+ GENERIC_ALL = 0x10000000
36
+ GENERIC_EXECUTE = 0x20000000
37
+ GENERIC_WRITE = 0x40000000
38
+ GENERIC_READ = 0x80000000
39
+
40
+ ################
41
+ # SECURITY_DESCRIPTOR_CONTROL
42
+
43
+ # [SECURITY_DESCRIPTOR_CONTROL](https://learn.microsoft.com/en-us/windows/win32/secauthz/security-descriptor-control)
44
+ # [SECURITY_DESCRIPTOR_CONTROL](https://learn.microsoft.com/en-us/windows-hardware/drivers/ifs/security-descriptor-control)
45
+ SE_OWNER_DEFAULTED = 0x0001
46
+ SE_GROUP_DEFAULTED = 0x0002
47
+ SE_DACL_PRESENT = 0x0004
48
+ SE_DACL_DEFAULTED = 0x0008
49
+ SE_SACL_PRESENT = 0x0010
50
+ SE_SACL_DEFAULTED = 0x0020
51
+ SE_DACL_UNTRUSTED = 0x0040
52
+ SE_SERVER_SECURITY = 0x0080
53
+ SE_DACL_AUTO_INHERIT_REQ = 0x0100
54
+ SE_SACL_AUTO_INHERIT_REQ = 0x0200
55
+ SE_DACL_AUTO_INHERITED = 0x0400
56
+ SE_SACL_AUTO_INHERITED = 0x0800
57
+ SE_DACL_PROTECTED = 0x1000
58
+ SE_SACL_PROTECTED = 0x2000
59
+ SE_RM_CONTROL_VALID = 0x4000
60
+ SE_SELF_RELATIVE = 0x8000
61
+
62
+ # [2.2.3.5 SECURITY_IMPERSONATION_LEVEL](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/720cea10-cee2-4c45-9084-c6fa7d67d18d)
63
+ SECURITY_ANONYMOUS = 0x0000
64
+ SECURITY_IDENTIFICATION = 0x0001
65
+ SECURITY_IMPERSONATION = 0x0002
66
+ SECURITY_DELEGATION = 0x0003
67
+
68
+ # [2.2.3.6 SECURITY_CONTEXT_TRACKING_MODE](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/6bb42770-b924-41ff-8a57-83e37b8b7797)
69
+ SECURITY_CONTEXT_CLIENT_SNAPSHOT = 0x00
70
+ SECURITY_CONTEXT_CONTINUOUS_UPDATES = 0x01
71
+
72
+ # [2.2.4.1 POLICY_INFORMATION_CLASS](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/9ce0bb37-fc6c-4230-b109-7e1881660b83)
73
+ POLICY_AUDIT_LOG_INFORMATION = 1
74
+ POLICY_AUDIT_EVENTS_INFORMATION = 2
75
+ POLICY_PRIMARY_DOMAIN_INFORMATION = 3
76
+ POLICY_PD_ACCOUNT_INFORMATION = 4
77
+ POLICY_ACCOUNT_DOMAIN_INFORMATION = 5
78
+ POLICY_LSA_SERVER_ROLE_INFORMATION = 6
79
+ POLICY_REPLICA_SOURCE_INFORMATION = 7
80
+ POLICY_INFORMATION_NOT_USED_ON_WIRE = 8
81
+ POLICY_MODIFICATION_INFORMATION = 9
82
+ POLICY_AUDIT_FULL_SET_INFORMATION = 10
83
+ POLICY_AUDIT_FULL_QUERY_INFORMATION = 11
84
+ POLICY_DNS_DOMAIN_INFORMATION = 12
85
+ POLICY_DNS_DOMAIN_INFORMATION_INT = 13
86
+ POLICY_LOCAL_ACCOUNT_DOMAIN_INFORMATION = 14
87
+ POLICY_MACHINE_ACCOUNT_INFORMATION = 15
88
+ POLICY_LAST_ENTRY = 16
89
+
90
+ # [2.2.4.8 POLICY_LSA_SERVER_ROLE](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/620010b4-b439-4d46-893a-cb67246de5fc)
91
+ POLICY_SERVER_ROLE_BACKUP = 2
92
+ POLICY_SERVER_ROLE_PRIMARY = 3
93
+
94
+ # [2.2.16 LSAP_LOOKUP_LEVEL](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/9d1166cc-bcfd-4e22-a8ac-f55eae57c99f)
95
+ LSAP_LOOKUP_WKSTA = 1
96
+ LSAP_LOOKUP_PDC = 2
97
+ LSAP_LOOKUP_TDL = 3
98
+ LSAP_LOOKUP_GC = 4
99
+ LSAP_LOOKUP_XFOREST_REFERRAL = 5
100
+ LSAP_LOOKUP_XFOREST_RESOLVE = 6
101
+ LSAP_LOOKUP_RODC_REFERRAL_TO_FULL_DC = 7
102
+
103
+ # [2.2.13 SID_NAME_USE](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/171e9a87-8e01-4bd8-a35e-3468128c8fc4)
104
+ SID_TYPE_USER = 1
105
+ SID_TYPE_GROUP = 2
106
+ SID_TYPE_DOMAIN = 3
107
+ SID_TYPE_ALIAS = 4
108
+ SID_TYPE_WELLKNOWN_GROUP = 5
109
+ SID_TYPE_DELETED_ACCOUNT = 6
110
+ SID_TYPE_INVALID = 7
111
+ SID_TYPE_UNKNOWN = 8
112
+ SID_TYPE_COMPUTER = 9
113
+ SID_TYPE_LABEL = 10
114
+
115
+ # [2.2.2.1 LSAPR_HANDLE](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/0d093105-e8c8-45f7-a79d-182aafd60c6e)
116
+ class LsaprHandle < Ndr::NdrContextHandle; end
117
+
118
+ class LsaprHandlePtr < LsaprHandle
119
+ extend Ndr::PointerClassPlugin
120
+ end
121
+
122
+ # [2.2.3.2 LSAPR_ACL](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/a9a03a85-5b08-4bb5-81c9-2c68751693ac)
123
+ class LsaprAcl < Ndr::NdrStruct
124
+ default_parameters byte_align: 4
125
+ endian :little
126
+
127
+ ndr_uint8 :acl_revision
128
+ ndr_uint8 :sbz1
129
+ ndr_uint16 :acl_size
130
+ ndr_conf_array :dummy1, type: :ndr_char
131
+ end
132
+
133
+ class LsaprAclPtr < LsaprAcl
134
+ extend Ndr::PointerClassPlugin
135
+ end
136
+
137
+ # [2.2.3.3 SECURITY_DESCRIPTOR_CONTROL](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/c704a67c-9836-41d9-9b18-acd596cc884e)
138
+ class LsaprSecurityDescriptorControl < Ndr::NdrStruct
139
+ default_parameters byte_align: 4
140
+ endian :little
141
+
142
+ ndr_uint16 :security_descriptor_control
143
+ end
144
+
145
+ class LsaprSecurityDescriptorControlPtr < LsaprSecurityDescriptorControl
146
+ extend Ndr::PointerClassPlugin
147
+ end
148
+
149
+ # [2.2.5 LSAPR_SECURITY_DESCRIPTOR](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/8494008f-0bfb-45b8-bb6c-e32dd7f18e3d)
150
+ class LsaprSecurityDescriptor < Ndr::NdrStruct
151
+ default_parameters byte_align: 4
152
+ endian :little
153
+
154
+ ndr_uint8 :revision
155
+ ndr_uint8 :sbz1
156
+ lsapr_security_descriptor_control :control
157
+ prpc_sid :owner
158
+ prpc_sid :group
159
+ lsapr_acl_ptr :sacl
160
+ lsapr_acl_ptr :dacl
161
+ end
162
+
163
+ class LsaprSecurityDescriptorPtr < LsaprSecurityDescriptor
164
+ extend Ndr::PointerClassPlugin
165
+ end
166
+
167
+ # [2.2.3.5 SECURITY_IMPERSONATION_LEVEL](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/720cea10-cee2-4c45-9084-c6fa7d67d18d)
168
+ class SecurityImpersonationLevel < Ndr::NdrStruct
169
+ default_parameters byte_align: 4
170
+ endian :little
171
+
172
+ ndr_uint32 :level # This is SECURITY_IMPERSONATION_LEVEL, type 'enum' -> uint32
173
+ end
174
+
175
+ class SecurityImpersonationLevelPtr < SecurityImpersonationLevel
176
+ extend Ndr::PointerClassPlugin
177
+ end
178
+
179
+ # [2.2.3.6 SECURITY_CONTEXT_TRACKING_MODE](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/6bb42770-b924-41ff-8a57-83e37b8b7797)
180
+ class LsaprSecurityContextTrackingMode < Ndr::NdrStruct
181
+ default_parameters byte_align: 4
182
+ endian :little
183
+
184
+ ndr_uint8 :security_context_tracking_mode
185
+ end
186
+
187
+ class LsaprSecurityContextTrackingModePtr < LsaprSecurityContextTrackingMode
188
+ extend Ndr::PointerClassPlugin
189
+ end
190
+
191
+ # [2.2.3.7 SECURITY_QUALITY_OF_SERVICE](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/0ddf3150-53b5-42a5-b0ec-518bce67738c)
192
+ class SecurityQualityOfService < Ndr::NdrStruct
193
+ default_parameters byte_align: 4
194
+ endian :little
195
+
196
+ ndr_uint32 :len, value: -> { 12 }
197
+ ndr_uint16 :impersonation_level
198
+ ndr_uint8 :security_context_tracking_mode
199
+ ndr_uint8 :effective_only
200
+ end
201
+
202
+ class SecurityQualityOfServicePtr < SecurityQualityOfService
203
+ extend Ndr::PointerClassPlugin
204
+ end
205
+
206
+ # [2.2.2.4 LSAPR_OBJECT_ATTRIBUTES](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/ad9e183d-6474-4641-a6d9-d3796d2d604b)
207
+ class LsaprObjectAttributes < Ndr::NdrStruct
208
+ default_parameters byte_align: 4
209
+ endian :little
210
+
211
+ ndr_uint32 :len, value: -> { 24 }
212
+ ndr_char_ptr :root_directory
213
+ ndr_wide_stringz_ptr :object_name
214
+ ndr_uint32 :attributes
215
+ lsapr_security_descriptor_ptr :security_descriptor
216
+ security_quality_of_service_ptr :security_quality_of_service
217
+ end
218
+
219
+ class LsaprObjectAttributesPtr < LsaprObjectAttributes
220
+ extend Ndr::PointerClassPlugin
221
+ end
222
+
223
+ # [2.2.4.1 POLICY_INFORMATION_CLASS](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/9ce0bb37-fc6c-4230-b109-7e1881660b83)
224
+ class LsaprPolicyInformationClass < Ndr::NdrStruct
225
+ default_parameters byte_align: 4
226
+ endian :little
227
+
228
+ ndr_uint32 :policy_information_class # This is POLICY_INFORMATION_CLASS, type 'enum' -> uint32
229
+ end
230
+
231
+ class LsaprPolicyInformationClassPtr < LsaprPolicyInformationClass
232
+ extend Ndr::PointerClassPlugin
233
+ end
234
+
235
+ # [2.2.4.3 POLICY_AUDIT_LOG_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/3fff1c62-e8b1-4bc8-b18a-3ba6458ec622)
236
+ class LsaprPolicyAuditLogInfo < Ndr::NdrStruct
237
+ default_parameters byte_align: 4
238
+ endian :little
239
+
240
+ ndr_uint32 :audit_log_percent_full
241
+ ndr_uint32 :maximum_log_size
242
+ ndr_uint64 :audit_retention_period
243
+ ndr_uint8 :audit_log_full_shutdown_in_progress
244
+ ndr_uint64 :time_to_shutdown
245
+ ndr_uint32 :next_audit_record_id
246
+ end
247
+
248
+ class LsaprPolicyAuditLogInfoPtr < LsaprPolicyAuditLogInfo
249
+ extend Ndr::PointerClassPlugin
250
+ end
251
+
252
+ # [2.2.4.4 LSAPR_POLICY_AUDIT_EVENTS_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/d00fc364-577d-4ed0-b3a5-952d78b67695)
253
+ class LsaprPolicyAuditEventsInfo < Ndr::NdrStruct
254
+ default_parameters byte_align: 4
255
+ endian :little
256
+
257
+ ndr_uint8 :auditing_mode
258
+ ndr_uint32_ptr :event_auditing_options
259
+ ndr_uint32 :maximum_audit_event_count
260
+ end
261
+
262
+ class LsaprPolicyAuditEventsInfoPtr < LsaprPolicyAuditEventsInfo
263
+ extend Ndr::PointerClassPlugin
264
+ end
265
+
266
+ # [2.2.4.5 LSAPR_POLICY_PRIMARY_DOM_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/0f3f5d3f-66d2-45a0-8c28-ede86f4cd4a8)
267
+ class LsaprPolicyPrimaryDomInfo < Ndr::NdrStruct
268
+ default_parameters byte_align: 4
269
+ endian :little
270
+
271
+ ndr_wide_string_ptr :name
272
+ prpc_sid :sid
273
+ end
274
+
275
+ class LsaprPolicyPrimaryDomInfoPtr < LsaprPolicyPrimaryDomInfo
276
+ extend Ndr::PointerClassPlugin
277
+ end
278
+
279
+ # [2.2.4.6 LSAPR_POLICY_ACCOUNT_DOM_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/bfad5424-3e20-43bd-87f6-d35b4253792e)
280
+ class LsaprPolicyAccountDomInfo < Ndr::NdrStruct
281
+ default_parameters byte_align: 4
282
+ endian :little
283
+
284
+ ndr_wide_string_ptr :domain_name
285
+ prpc_sid :domain_sid
286
+ end
287
+
288
+ class LsaprPolicyAccountDomInfoPtr < LsaprPolicyAccountDomInfo
289
+ extend Ndr::PointerClassPlugin
290
+ end
291
+
292
+ # [2.2.4.7 LSAPR_POLICY_PD_ACCOUNT_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/b04175b3-fedf-4dda-9034-f754a10fe64e)
293
+ class LsaprPolicyPdAccountInfo < Ndr::NdrStruct
294
+ default_parameters byte_align: 4
295
+ endian :little
296
+
297
+ rpc_unicode_string :name
298
+ end
299
+
300
+ class LsaprPolicyPdAccountInfoPtr < LsaprPolicyPdAccountInfo
301
+ extend Ndr::PointerClassPlugin
302
+ end
303
+
304
+ # [2.2.4.8 POLICY_LSA_SERVER_ROLE](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/620010b4-b439-4d46-893a-cb67246de5fc)
305
+ class LsaprPolicyLsaServerRole < Ndr::NdrStruct
306
+ default_parameters byte_align: 4
307
+ endian :little
308
+
309
+ ndr_uint32 :policy_lsa_server_role # This is POLICY_LSA_SERVER_ROLE, type 'enum' -> uint32
310
+ end
311
+
312
+ class LsaprPolicyLsaServerRolePtr < LsaprPolicyLsaServerRole
313
+ extend Ndr::PointerClassPlugin
314
+ end
315
+
316
+ # [2.2.4.9 POLICY_LSA_SERVER_ROLE_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/d37dbc65-04f3-4db8-b40a-4e9dd6c12520)
317
+ class LsaprPolicyLsaServerRoleInfo < Ndr::NdrStruct
318
+ default_parameters byte_align: 4
319
+ endian :little
320
+
321
+ lsapr_policy_lsa_server_role :lsa_server_role
322
+ end
323
+
324
+ class LsaprPolicyLsaServerRoleInfoPtr < LsaprPolicyLsaServerRoleInfo
325
+ extend Ndr::PointerClassPlugin
326
+ end
327
+
328
+ # [2.2.4.10 LSAPR_POLICY_REPLICA_SRCE_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/fb7df2bb-99e7-402f-8334-24d47e23ec00)
329
+ class LsaprPolicyReplicaSrceInfo < Ndr::NdrStruct
330
+ default_parameters byte_align: 4
331
+ endian :little
332
+
333
+ rpc_unicode_string :replica_source
334
+ rpc_unicode_string :replica_account_name
335
+ end
336
+
337
+ class LsaprPolicyReplicaSrceInfoPtr < LsaprPolicyReplicaSrceInfo
338
+ extend Ndr::PointerClassPlugin
339
+ end
340
+
341
+ # [2.2.4.11 POLICY_MODIFICATION_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/c80ae9d5-d0c1-4d5c-a0ae-77eae7bfac25)
342
+ class PolicyModificationInfo < Ndr::NdrStruct
343
+ default_parameters byte_align: 4
344
+ endian :little
345
+
346
+ ndr_uint64 :modified_id
347
+ ndr_uint64 :database_creation_time
348
+ end
349
+
350
+ class PolicyModificationInfoPtr < PolicyModificationInfo
351
+ extend Ndr::PointerClassPlugin
352
+ end
353
+
354
+ # [2.2.4.12 POLICY_AUDIT_FULL_SET_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/3224400e-3c40-4e64-810a-8b11341ba4c6)
355
+ class PolicyAuditFullSetInfo < Ndr::NdrStruct
356
+ default_parameters byte_align: 4
357
+ endian :little
358
+
359
+ ndr_uint8 :shutdown_on_full
360
+ end
361
+
362
+ class PolicyAuditFullSetInfoPtr < PolicyAuditFullSetInfo
363
+ extend Ndr::PointerClassPlugin
364
+ end
365
+
366
+ # [2.2.4.13 POLICY_AUDIT_FULL_QUERY_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/0ef0845f-f20e-4897-ad29-88c0c07be0f4)
367
+ class PolicyAuditFullQueryInfo < Ndr::NdrStruct
368
+ default_parameters byte_align: 4
369
+ endian :little
370
+
371
+ ndr_uint8 :shutdown_on_full
372
+ ndr_uint8 :log_is_full
373
+ end
374
+
375
+ class PolicyAuditFullQueryInfoPtr < PolicyAuditFullQueryInfo
376
+ extend Ndr::PointerClassPlugin
377
+ end
378
+
379
+ # [2.2.4.14 LSAPR_POLICY_DNS_DOMAIN_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/3e15a02e-25d3-46aa-9c60-8def03c824d2)
380
+ class LsaprPolicyDnsDomainInfo < Ndr::NdrStruct
381
+ default_parameters byte_align: 4
382
+ endian :little
383
+
384
+ rpc_unicode_string :name
385
+ rpc_unicode_string :dns_domain_name
386
+ rpc_unicode_string :dns_forest_name
387
+ uuid :domain_guid
388
+ prpc_sid :sid
389
+ end
390
+
391
+ class LsaprPolicyDnsDomainInfoPtr < LsaprPolicyDnsDomainInfo
392
+ extend Ndr::PointerClassPlugin
393
+ end
394
+
395
+ # [2.2.4.21 LSAPR_POLICY_MACHINE_ACCT_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/e05c1489-e8c9-4b6c-8b5e-f95d5dd7b1b2)
396
+ class LsaprPolicyMachineAcctInfo < Ndr::NdrStruct
397
+ default_parameters byte_align: 4
398
+ endian :little
399
+
400
+ ndr_uint32 :rid
401
+ prpc_sid :sid
402
+ end
403
+
404
+ class LsaprPolicyMachineAcctInfoPtr < LsaprPolicyMachineAcctInfo
405
+ extend Ndr::PointerClassPlugin
406
+ end
407
+
408
+ # [2.2.4.2 LSAPR_POLICY_INFORMATION](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/6e63a2c8-5ddb-411a-a253-9c55afc49834)
409
+ class LsaprPolicyInformation < Ndr::NdrStruct
410
+ default_parameters byte_align: 4
411
+ endian :little
412
+
413
+ ndr_uint32 :policy_information_class
414
+ choice :policy_information, selection: -> { policy_information_class }, byte_align: 4 do
415
+ lsapr_policy_audit_log_info_ptr POLICY_AUDIT_LOG_INFORMATION
416
+ lsapr_policy_audit_events_info_ptr POLICY_AUDIT_EVENTS_INFORMATION
417
+ lsapr_policy_primary_dom_info_ptr POLICY_PRIMARY_DOMAIN_INFORMATION
418
+ lsapr_policy_pd_account_info_ptr POLICY_PD_ACCOUNT_INFORMATION
419
+ lsapr_policy_account_dom_info_ptr POLICY_ACCOUNT_DOMAIN_INFORMATION
420
+ lsapr_policy_lsa_server_role_info_ptr POLICY_LSA_SERVER_ROLE_INFORMATION
421
+ lsapr_policy_replica_srce_info_ptr POLICY_REPLICA_SOURCE_INFORMATION
422
+ policy_modification_info_ptr POLICY_MODIFICATION_INFORMATION
423
+ policy_audit_full_set_info_ptr POLICY_AUDIT_FULL_SET_INFORMATION
424
+ policy_audit_full_query_info_ptr POLICY_AUDIT_FULL_QUERY_INFORMATION
425
+
426
+ #Note: The lines below have the same output for two different inputs.
427
+ lsapr_policy_dns_domain_info_ptr POLICY_DNS_DOMAIN_INFORMATION
428
+ lsapr_policy_dns_domain_info_ptr POLICY_DNS_DOMAIN_INFORMATION_INT
429
+
430
+ lsapr_policy_account_dom_info_ptr POLICY_LOCAL_ACCOUNT_DOMAIN_INFORMATION
431
+ lsapr_policy_machine_acct_info_ptr POLICY_MACHINE_ACCOUNT_INFORMATION
432
+ end
433
+ end
434
+
435
+ class LsaprPolicyInformationPtr < LsaprPolicyInformation
436
+ extend Ndr::PointerClassPlugin
437
+ end
438
+
439
+ # [2.2.17 LSAPR_SID_INFORMATION](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/f04a771b-c018-4098-81b5-2a819f9b5db8)
440
+ class LsaprSidInformation < Ndr::NdrStruct
441
+ default_parameters byte_align: 4
442
+ endian :little
443
+
444
+ prpc_sid :sid
445
+ end
446
+
447
+ class LsaprSidInformationPtr < LsaprSidInformation
448
+ extend Ndr::PointerClassPlugin
449
+ end
450
+
451
+ class LsaprSidInformationArrayPtr < Ndr::NdrConfArray
452
+ default_parameters type: :lsapr_sid_information
453
+ extend Ndr::PointerClassPlugin
454
+ end
455
+
456
+ # [2.2.18 LSAPR_SID_ENUM_BUFFER](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/1ffb61f0-a4fe-4487-858d-fb709d605855)
457
+ class LsaprSidEnumBuffer < Ndr::NdrStruct
458
+ default_parameters byte_align: 4
459
+ endian :little
460
+
461
+ ndr_uint32 :num_entries
462
+ lsapr_sid_information_array_ptr :sid_info
463
+ end
464
+
465
+ class LsaprSidEnumBufferPtr < LsaprSidEnumBuffer
466
+ extend Ndr::PointerClassPlugin
467
+ end
468
+
469
+ # [2.2.11 LSAPR_TRUST_INFORMATION](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/b0f34b28-b5da-44aa-a607-99c09e6526e1)
470
+ class LsaprTrustInformation < Ndr::NdrStruct
471
+ default_parameters byte_align: 4
472
+ endian :little
473
+
474
+ rpc_unicode_string :name
475
+ prpc_sid :sid
476
+ end
477
+
478
+ class LsaprTrustInformationArrayPtr < Ndr::NdrConfArray
479
+ default_parameters type: :lsapr_trust_information
480
+ extend Ndr::PointerClassPlugin
481
+ end
482
+
483
+ # [2.2.12 LSAPR_REFERENCED_DOMAIN_LIST](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/3a52af31-247a-4b08-91a0-1d46b2cc49b2)
484
+ class LsaprReferencedDomainList < Ndr::NdrStruct
485
+ default_parameters byte_align: 4
486
+ endian :little
487
+
488
+ ndr_uint32 :num_entries
489
+ lsapr_trust_information_array_ptr :domains
490
+ ndr_uint32 :max_entries
491
+ end
492
+
493
+ class LsaprReferencedDomainListPtr < LsaprReferencedDomainList
494
+ extend Ndr::PointerClassPlugin
495
+ end
496
+
497
+ # [2.2.19 LSAPR_TRANSLATED_NAME](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/52e1ccc1-b57b-4c02-b35f-bd64913ce99b)
498
+ class LsaprTranslatedName < Ndr::NdrStruct
499
+ default_parameters byte_align: 4
500
+ endian :little
501
+
502
+ ndr_uint32 :use
503
+ rpc_unicode_string :name
504
+ ndr_uint32 :domain_index
505
+ end
506
+
507
+ class LsaprTranslatedNameArray < Ndr::NdrConfArray
508
+ default_parameters type: :lsapr_translated_name
509
+ extend Ndr::PointerClassPlugin
510
+ end
511
+
512
+ class LsaprTranslatedNameArrayPtr < LsaprTranslatedNameArray
513
+ extend Ndr::PointerClassPlugin
514
+ end
515
+
516
+ # [2.2.20 LSAPR_TRANSLATED_NAMES](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/ff977eb9-563a-4353-a95f-640e7ee16356)
517
+ class LsaprTranslatedNames < Ndr::NdrStruct
518
+ default_parameters byte_align: 4
519
+ endian :little
520
+
521
+ ndr_uint32 :num_entries
522
+ lsapr_translated_name_array_ptr :names
523
+ end
524
+
525
+ class LsaprTranslatedNamesPtr < LsaprTranslatedNames
526
+ extend Ndr::PointerClassPlugin
527
+ end
528
+
529
+ require 'ruby_smb/dcerpc/lsarpc/lsar_open_policy_request'
530
+ require 'ruby_smb/dcerpc/lsarpc/lsar_open_policy_response'
531
+ require 'ruby_smb/dcerpc/lsarpc/lsar_open_policy2_request'
532
+ require 'ruby_smb/dcerpc/lsarpc/lsar_open_policy2_response'
533
+ require 'ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_request'
534
+ require 'ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_response'
535
+ require 'ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_request'
536
+ require 'ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_response'
537
+ require 'ruby_smb/dcerpc/lsarpc/lsar_close_handle_request'
538
+ require 'ruby_smb/dcerpc/lsarpc/lsar_close_handle_response'
539
+ require 'ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_request'
540
+ require 'ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_response'
541
+
542
+ def lsar_open_policy2(system_name:, object_attributes:, access_mask:)
543
+ lsar_request = LsarOpenPolicy2Request.new(
544
+ system_name: system_name,
545
+ object_attributes: object_attributes,
546
+ access_mask: access_mask
547
+ )
548
+ response = dcerpc_request(lsar_request)
549
+ begin
550
+ lsar_response = LsarOpenPolicy2Response.read(response)
551
+ rescue IOError
552
+ raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading LsarOpenPolicy2Response'
553
+ end
554
+ unless lsar_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
555
+ raise RubySMB::Dcerpc::Error::LsarpcError,
556
+ "Error returned while opening policy: "\
557
+ "#{WindowsError::NTStatus.find_by_retval(lsar_response.error_status.value).join(',')}"
558
+ end
559
+ lsar_response.policy_handle
560
+ end
561
+
562
+ def lsar_query_information_policy(policy_handle:, information_class:)
563
+ lsar_request = LsarQueryInformationPolicyRequest.new(
564
+ policy_handle: policy_handle,
565
+ information_class: information_class
566
+ )
567
+ response = dcerpc_request(lsar_request)
568
+ begin
569
+ lsar_response = LsarQueryInformationPolicyResponse.read(response)
570
+ rescue IOError
571
+ raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading LsarQueryInformationPolicyResponse'
572
+ end
573
+ unless lsar_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
574
+ raise RubySMB::Dcerpc::Error::LsarpcError,
575
+ "Error returned while querying domain information: "\
576
+ "#{WindowsError::NTStatus.find_by_retval(lsar_response.error_status.value).join(',')}"
577
+ end
578
+ lsar_response.policy_information
579
+ end
580
+
581
+ def lsar_query_information_policy2(policy_handle:, information_class:)
582
+ lsar_request = LsarQueryInformationPolicy2Request.new(
583
+ policy_handle: policy_handle,
584
+ information_class: information_class
585
+ )
586
+ response = dcerpc_request(lsar_request)
587
+ begin
588
+ lsar_response = LsarQueryInformationPolicy2Response.read(response)
589
+ rescue IOError
590
+ raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading LsarQueryInformationPolicy2Response'
591
+ end
592
+ unless lsar_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
593
+ raise RubySMB::Dcerpc::Error::LsarpcError,
594
+ "Error returned while querying domain information: "\
595
+ "#{WindowsError::NTStatus.find_by_retval(lsar_response.error_status.value).join(',')}"
596
+ end
597
+ lsar_response.policy_information
598
+ end
599
+
600
+ def lsar_close_handle(policy_handle:)
601
+ lsar_request = LsarCloseHandleRequest.new(
602
+ policy_handle: policy_handle
603
+ )
604
+ response = dcerpc_request(lsar_request)
605
+ begin
606
+ lsar_response = LsarCloseHandleResponse.read(response)
607
+ rescue IOError
608
+ raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading LsarCloseHandleResponse'
609
+ end
610
+ unless lsar_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
611
+ raise RubySMB::Dcerpc::Error::LsarpcError,
612
+ "Error returned while closing policy handle: "\
613
+ "#{WindowsError::NTStatus.find_by_retval(lsar_response.error_status.value).join(',')}"
614
+ end
615
+ lsar_response.policy_handle
616
+ end
617
+
618
+ def lsar_lookup_sids(policy_handle:, sids:, lookup_level:)
619
+ sid_enum_buffer = { num_entries: sids.count, sid_info: sids.map { |sid| { sid: sid } } }
620
+ lsar_request = LsarLookupSidsRequest.new(
621
+ policy_handle: policy_handle,
622
+ sid_enum_buffer: sid_enum_buffer,
623
+ lookup_level: lookup_level
624
+ )
625
+ response = dcerpc_request(lsar_request)
626
+ begin
627
+ lsar_response = LsarLookupSidsResponse.read(response)
628
+ rescue IOError
629
+ raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading LsarLookupSidsResponse'
630
+ end
631
+ unless lsar_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
632
+ raise RubySMB::Dcerpc::Error::LsarpcError,
633
+ "Error returned while looking up SID: "\
634
+ "#{WindowsError::NTStatus.find_by_retval(lsar_response.error_status.value).join(',')}"
635
+ end
636
+ lsar_response.translated_names[:names].map do |translated_name|
637
+ { name: translated_name[:name][:buffer], type: translated_name[:use] }
638
+ end
639
+ end
640
+
9
641
  end
10
642
  end
11
643
  end
@@ -567,8 +567,11 @@ module RubySMB::Dcerpc::Ndr
567
567
  def get_max_count(val)
568
568
  if is_a?(BinData::Stringz)
569
569
  max_count = val.to_s.strip.length
570
- # Only count the terminating NULL byte if the string is not empty
571
- max_count += 1 if max_count > 0
570
+ # Add one to count the terminator. According to
571
+ # https://pubs.opengroup.org/onlinepubs/9629399/chap14.htm#tagcjh_19_03_04_02,
572
+ # the NDR String must contain at least one element, the terminator. So,
573
+ # add one even if it is an empty string.
574
+ max_count += 1
572
575
  return max_count
573
576
  else
574
577
  return val.to_s.length
@@ -622,8 +625,11 @@ module RubySMB::Dcerpc::Ndr
622
625
  def update_actual_count(val)
623
626
  if is_a?(BinData::Stringz)
624
627
  @actual_count = val.to_s.strip.length
625
- # Only count the terminating NULL byte if the string is not empty
626
- @actual_count += 1 if @actual_count > 0
628
+ # Add one to count the terminator. According to
629
+ # https://pubs.opengroup.org/onlinepubs/9629399/chap14.htm#tagcjh_19_03_04,
630
+ # the NDR String must contain at least one element, the terminator. So,
631
+ # add one even if it is an empty string.
632
+ @actual_count += 1
627
633
  else
628
634
  @actual_count = val.to_s.length
629
635
  end