ruby_smb 3.3.6 → 3.3.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/README.md +14 -0
- data/examples/registry_key_security_descriptor.rb +109 -0
- data/lib/ruby_smb/client/winreg.rb +12 -0
- data/lib/ruby_smb/dcerpc/error.rb +3 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_close_handle_request.rb +22 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_close_handle_response.rb +23 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_request.rb +26 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_response.rb +25 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy2_request.rb +24 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy2_response.rb +23 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy_request.rb +24 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy_response.rb +23 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_request.rb +23 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_response.rb +23 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_request.rb +23 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_response.rb +23 -0
- data/lib/ruby_smb/dcerpc/lsarpc.rb +634 -2
- data/lib/ruby_smb/dcerpc/ndr.rb +10 -4
- data/lib/ruby_smb/dcerpc/request.rb +26 -16
- data/lib/ruby_smb/dcerpc/rrp_rpc_unicode_string.rb +1 -1
- data/lib/ruby_smb/dcerpc/samr/rpc_sid.rb +1 -1
- data/lib/ruby_smb/dcerpc/winreg/get_key_security_request.rb +26 -0
- data/lib/ruby_smb/dcerpc/winreg/get_key_security_response.rb +26 -0
- data/lib/ruby_smb/dcerpc/winreg/query_value_response.rb +2 -0
- data/lib/ruby_smb/dcerpc/winreg/set_key_security_request.rb +26 -0
- data/lib/ruby_smb/dcerpc/winreg/set_key_security_response.rb +25 -0
- data/lib/ruby_smb/dcerpc/winreg.rb +121 -9
- data/lib/ruby_smb/field/security_descriptor.rb +17 -0
- data/lib/ruby_smb/version.rb +1 -1
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_close_handle_request_spec.rb +40 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_close_handle_response_spec.rb +46 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_request_spec.rb +69 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_response_spec.rb +56 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy2_request_spec.rb +68 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy2_response_spec.rb +46 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy_request_spec.rb +68 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy_response_spec.rb +45 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_request_spec.rb +47 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_response_spec.rb +54 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_request_spec.rb +46 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_response_spec.rb +53 -0
- data/spec/lib/ruby_smb/dcerpc/ndr_spec.rb +80 -0
- data/spec/lib/ruby_smb/dcerpc/winreg_spec.rb +267 -18
- data.tar.gz.sig +0 -0
- metadata +44 -3
- metadata.gz.sig +0 -0
@@ -1,11 +1,643 @@
|
|
1
|
+
require 'ruby_smb/dcerpc/ndr'
|
2
|
+
require 'ruby_smb/dcerpc/rrp_rpc_unicode_string'
|
3
|
+
require 'ruby_smb/dcerpc/samr/rpc_sid'
|
4
|
+
require 'ruby_smb/dcerpc/uuid'
|
5
|
+
|
1
6
|
module RubySMB
|
2
7
|
module Dcerpc
|
3
8
|
module Lsarpc
|
9
|
+
|
4
10
|
# see: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dssp/6f843846-2494-4d49-b715-2f181317dd34
|
5
|
-
UUID = '
|
6
|
-
VER_MAJOR =
|
11
|
+
UUID = '12345778-1234-abcd-ef00-0123456789ab'.freeze
|
12
|
+
VER_MAJOR = 0
|
7
13
|
VER_MINOR = 0
|
8
14
|
|
15
|
+
# OPNUMS
|
16
|
+
LSAR_CLOSE_HANDLE = 0
|
17
|
+
LSAR_OPEN_POLICY = 6
|
18
|
+
LSAR_QUERY_INFORMATION_POLICY = 7
|
19
|
+
LSAR_LOOKUP_SIDS = 15
|
20
|
+
LSAR_OPEN_POLICY2 = 44
|
21
|
+
LSAR_QUERY_INFORMATION_POLICY2 = 46
|
22
|
+
|
23
|
+
################
|
24
|
+
# ACCESS_MASK Values
|
25
|
+
|
26
|
+
# [2.2.1.1 ACCESS_MASK](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/7aeb7f17-0a6e-4f04-ac7e-7b1363cf9ecf)
|
27
|
+
# [2.4.3 ACCESS_MASK](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/7a53f60e-e730-4dfe-bbe9-b21b62eb790b)
|
28
|
+
DELETE = 0x00010000
|
29
|
+
READ_CONTROL = 0x00020000
|
30
|
+
WRITE_DACL = 0x00040000
|
31
|
+
WRITE_OWNER = 0x00040000
|
32
|
+
SYNCHRONIZE = 0x00100000
|
33
|
+
ACCESS_SYSTEM_SECURITY = 0x01000000
|
34
|
+
MAXIMUM_ALLOWED = 0x02000000
|
35
|
+
GENERIC_ALL = 0x10000000
|
36
|
+
GENERIC_EXECUTE = 0x20000000
|
37
|
+
GENERIC_WRITE = 0x40000000
|
38
|
+
GENERIC_READ = 0x80000000
|
39
|
+
|
40
|
+
################
|
41
|
+
# SECURITY_DESCRIPTOR_CONTROL
|
42
|
+
|
43
|
+
# [SECURITY_DESCRIPTOR_CONTROL](https://learn.microsoft.com/en-us/windows/win32/secauthz/security-descriptor-control)
|
44
|
+
# [SECURITY_DESCRIPTOR_CONTROL](https://learn.microsoft.com/en-us/windows-hardware/drivers/ifs/security-descriptor-control)
|
45
|
+
SE_OWNER_DEFAULTED = 0x0001
|
46
|
+
SE_GROUP_DEFAULTED = 0x0002
|
47
|
+
SE_DACL_PRESENT = 0x0004
|
48
|
+
SE_DACL_DEFAULTED = 0x0008
|
49
|
+
SE_SACL_PRESENT = 0x0010
|
50
|
+
SE_SACL_DEFAULTED = 0x0020
|
51
|
+
SE_DACL_UNTRUSTED = 0x0040
|
52
|
+
SE_SERVER_SECURITY = 0x0080
|
53
|
+
SE_DACL_AUTO_INHERIT_REQ = 0x0100
|
54
|
+
SE_SACL_AUTO_INHERIT_REQ = 0x0200
|
55
|
+
SE_DACL_AUTO_INHERITED = 0x0400
|
56
|
+
SE_SACL_AUTO_INHERITED = 0x0800
|
57
|
+
SE_DACL_PROTECTED = 0x1000
|
58
|
+
SE_SACL_PROTECTED = 0x2000
|
59
|
+
SE_RM_CONTROL_VALID = 0x4000
|
60
|
+
SE_SELF_RELATIVE = 0x8000
|
61
|
+
|
62
|
+
# [2.2.3.5 SECURITY_IMPERSONATION_LEVEL](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/720cea10-cee2-4c45-9084-c6fa7d67d18d)
|
63
|
+
SECURITY_ANONYMOUS = 0x0000
|
64
|
+
SECURITY_IDENTIFICATION = 0x0001
|
65
|
+
SECURITY_IMPERSONATION = 0x0002
|
66
|
+
SECURITY_DELEGATION = 0x0003
|
67
|
+
|
68
|
+
# [2.2.3.6 SECURITY_CONTEXT_TRACKING_MODE](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/6bb42770-b924-41ff-8a57-83e37b8b7797)
|
69
|
+
SECURITY_CONTEXT_CLIENT_SNAPSHOT = 0x00
|
70
|
+
SECURITY_CONTEXT_CONTINUOUS_UPDATES = 0x01
|
71
|
+
|
72
|
+
# [2.2.4.1 POLICY_INFORMATION_CLASS](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/9ce0bb37-fc6c-4230-b109-7e1881660b83)
|
73
|
+
POLICY_AUDIT_LOG_INFORMATION = 1
|
74
|
+
POLICY_AUDIT_EVENTS_INFORMATION = 2
|
75
|
+
POLICY_PRIMARY_DOMAIN_INFORMATION = 3
|
76
|
+
POLICY_PD_ACCOUNT_INFORMATION = 4
|
77
|
+
POLICY_ACCOUNT_DOMAIN_INFORMATION = 5
|
78
|
+
POLICY_LSA_SERVER_ROLE_INFORMATION = 6
|
79
|
+
POLICY_REPLICA_SOURCE_INFORMATION = 7
|
80
|
+
POLICY_INFORMATION_NOT_USED_ON_WIRE = 8
|
81
|
+
POLICY_MODIFICATION_INFORMATION = 9
|
82
|
+
POLICY_AUDIT_FULL_SET_INFORMATION = 10
|
83
|
+
POLICY_AUDIT_FULL_QUERY_INFORMATION = 11
|
84
|
+
POLICY_DNS_DOMAIN_INFORMATION = 12
|
85
|
+
POLICY_DNS_DOMAIN_INFORMATION_INT = 13
|
86
|
+
POLICY_LOCAL_ACCOUNT_DOMAIN_INFORMATION = 14
|
87
|
+
POLICY_MACHINE_ACCOUNT_INFORMATION = 15
|
88
|
+
POLICY_LAST_ENTRY = 16
|
89
|
+
|
90
|
+
# [2.2.4.8 POLICY_LSA_SERVER_ROLE](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/620010b4-b439-4d46-893a-cb67246de5fc)
|
91
|
+
POLICY_SERVER_ROLE_BACKUP = 2
|
92
|
+
POLICY_SERVER_ROLE_PRIMARY = 3
|
93
|
+
|
94
|
+
# [2.2.16 LSAP_LOOKUP_LEVEL](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/9d1166cc-bcfd-4e22-a8ac-f55eae57c99f)
|
95
|
+
LSAP_LOOKUP_WKSTA = 1
|
96
|
+
LSAP_LOOKUP_PDC = 2
|
97
|
+
LSAP_LOOKUP_TDL = 3
|
98
|
+
LSAP_LOOKUP_GC = 4
|
99
|
+
LSAP_LOOKUP_XFOREST_REFERRAL = 5
|
100
|
+
LSAP_LOOKUP_XFOREST_RESOLVE = 6
|
101
|
+
LSAP_LOOKUP_RODC_REFERRAL_TO_FULL_DC = 7
|
102
|
+
|
103
|
+
# [2.2.13 SID_NAME_USE](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/171e9a87-8e01-4bd8-a35e-3468128c8fc4)
|
104
|
+
SID_TYPE_USER = 1
|
105
|
+
SID_TYPE_GROUP = 2
|
106
|
+
SID_TYPE_DOMAIN = 3
|
107
|
+
SID_TYPE_ALIAS = 4
|
108
|
+
SID_TYPE_WELLKNOWN_GROUP = 5
|
109
|
+
SID_TYPE_DELETED_ACCOUNT = 6
|
110
|
+
SID_TYPE_INVALID = 7
|
111
|
+
SID_TYPE_UNKNOWN = 8
|
112
|
+
SID_TYPE_COMPUTER = 9
|
113
|
+
SID_TYPE_LABEL = 10
|
114
|
+
|
115
|
+
# [2.2.2.1 LSAPR_HANDLE](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/0d093105-e8c8-45f7-a79d-182aafd60c6e)
|
116
|
+
class LsaprHandle < Ndr::NdrContextHandle; end
|
117
|
+
|
118
|
+
class LsaprHandlePtr < LsaprHandle
|
119
|
+
extend Ndr::PointerClassPlugin
|
120
|
+
end
|
121
|
+
|
122
|
+
# [2.2.3.2 LSAPR_ACL](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/a9a03a85-5b08-4bb5-81c9-2c68751693ac)
|
123
|
+
class LsaprAcl < Ndr::NdrStruct
|
124
|
+
default_parameters byte_align: 4
|
125
|
+
endian :little
|
126
|
+
|
127
|
+
ndr_uint8 :acl_revision
|
128
|
+
ndr_uint8 :sbz1
|
129
|
+
ndr_uint16 :acl_size
|
130
|
+
ndr_conf_array :dummy1, type: :ndr_char
|
131
|
+
end
|
132
|
+
|
133
|
+
class LsaprAclPtr < LsaprAcl
|
134
|
+
extend Ndr::PointerClassPlugin
|
135
|
+
end
|
136
|
+
|
137
|
+
# [2.2.3.3 SECURITY_DESCRIPTOR_CONTROL](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/c704a67c-9836-41d9-9b18-acd596cc884e)
|
138
|
+
class LsaprSecurityDescriptorControl < Ndr::NdrStruct
|
139
|
+
default_parameters byte_align: 4
|
140
|
+
endian :little
|
141
|
+
|
142
|
+
ndr_uint16 :security_descriptor_control
|
143
|
+
end
|
144
|
+
|
145
|
+
class LsaprSecurityDescriptorControlPtr < LsaprSecurityDescriptorControl
|
146
|
+
extend Ndr::PointerClassPlugin
|
147
|
+
end
|
148
|
+
|
149
|
+
# [2.2.5 LSAPR_SECURITY_DESCRIPTOR](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/8494008f-0bfb-45b8-bb6c-e32dd7f18e3d)
|
150
|
+
class LsaprSecurityDescriptor < Ndr::NdrStruct
|
151
|
+
default_parameters byte_align: 4
|
152
|
+
endian :little
|
153
|
+
|
154
|
+
ndr_uint8 :revision
|
155
|
+
ndr_uint8 :sbz1
|
156
|
+
lsapr_security_descriptor_control :control
|
157
|
+
prpc_sid :owner
|
158
|
+
prpc_sid :group
|
159
|
+
lsapr_acl_ptr :sacl
|
160
|
+
lsapr_acl_ptr :dacl
|
161
|
+
end
|
162
|
+
|
163
|
+
class LsaprSecurityDescriptorPtr < LsaprSecurityDescriptor
|
164
|
+
extend Ndr::PointerClassPlugin
|
165
|
+
end
|
166
|
+
|
167
|
+
# [2.2.3.5 SECURITY_IMPERSONATION_LEVEL](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/720cea10-cee2-4c45-9084-c6fa7d67d18d)
|
168
|
+
class SecurityImpersonationLevel < Ndr::NdrStruct
|
169
|
+
default_parameters byte_align: 4
|
170
|
+
endian :little
|
171
|
+
|
172
|
+
ndr_uint32 :level # This is SECURITY_IMPERSONATION_LEVEL, type 'enum' -> uint32
|
173
|
+
end
|
174
|
+
|
175
|
+
class SecurityImpersonationLevelPtr < SecurityImpersonationLevel
|
176
|
+
extend Ndr::PointerClassPlugin
|
177
|
+
end
|
178
|
+
|
179
|
+
# [2.2.3.6 SECURITY_CONTEXT_TRACKING_MODE](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/6bb42770-b924-41ff-8a57-83e37b8b7797)
|
180
|
+
class LsaprSecurityContextTrackingMode < Ndr::NdrStruct
|
181
|
+
default_parameters byte_align: 4
|
182
|
+
endian :little
|
183
|
+
|
184
|
+
ndr_uint8 :security_context_tracking_mode
|
185
|
+
end
|
186
|
+
|
187
|
+
class LsaprSecurityContextTrackingModePtr < LsaprSecurityContextTrackingMode
|
188
|
+
extend Ndr::PointerClassPlugin
|
189
|
+
end
|
190
|
+
|
191
|
+
# [2.2.3.7 SECURITY_QUALITY_OF_SERVICE](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/0ddf3150-53b5-42a5-b0ec-518bce67738c)
|
192
|
+
class SecurityQualityOfService < Ndr::NdrStruct
|
193
|
+
default_parameters byte_align: 4
|
194
|
+
endian :little
|
195
|
+
|
196
|
+
ndr_uint32 :len, value: -> { 12 }
|
197
|
+
ndr_uint16 :impersonation_level
|
198
|
+
ndr_uint8 :security_context_tracking_mode
|
199
|
+
ndr_uint8 :effective_only
|
200
|
+
end
|
201
|
+
|
202
|
+
class SecurityQualityOfServicePtr < SecurityQualityOfService
|
203
|
+
extend Ndr::PointerClassPlugin
|
204
|
+
end
|
205
|
+
|
206
|
+
# [2.2.2.4 LSAPR_OBJECT_ATTRIBUTES](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/ad9e183d-6474-4641-a6d9-d3796d2d604b)
|
207
|
+
class LsaprObjectAttributes < Ndr::NdrStruct
|
208
|
+
default_parameters byte_align: 4
|
209
|
+
endian :little
|
210
|
+
|
211
|
+
ndr_uint32 :len, value: -> { 24 }
|
212
|
+
ndr_char_ptr :root_directory
|
213
|
+
ndr_wide_stringz_ptr :object_name
|
214
|
+
ndr_uint32 :attributes
|
215
|
+
lsapr_security_descriptor_ptr :security_descriptor
|
216
|
+
security_quality_of_service_ptr :security_quality_of_service
|
217
|
+
end
|
218
|
+
|
219
|
+
class LsaprObjectAttributesPtr < LsaprObjectAttributes
|
220
|
+
extend Ndr::PointerClassPlugin
|
221
|
+
end
|
222
|
+
|
223
|
+
# [2.2.4.1 POLICY_INFORMATION_CLASS](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/9ce0bb37-fc6c-4230-b109-7e1881660b83)
|
224
|
+
class LsaprPolicyInformationClass < Ndr::NdrStruct
|
225
|
+
default_parameters byte_align: 4
|
226
|
+
endian :little
|
227
|
+
|
228
|
+
ndr_uint32 :policy_information_class # This is POLICY_INFORMATION_CLASS, type 'enum' -> uint32
|
229
|
+
end
|
230
|
+
|
231
|
+
class LsaprPolicyInformationClassPtr < LsaprPolicyInformationClass
|
232
|
+
extend Ndr::PointerClassPlugin
|
233
|
+
end
|
234
|
+
|
235
|
+
# [2.2.4.3 POLICY_AUDIT_LOG_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/3fff1c62-e8b1-4bc8-b18a-3ba6458ec622)
|
236
|
+
class LsaprPolicyAuditLogInfo < Ndr::NdrStruct
|
237
|
+
default_parameters byte_align: 4
|
238
|
+
endian :little
|
239
|
+
|
240
|
+
ndr_uint32 :audit_log_percent_full
|
241
|
+
ndr_uint32 :maximum_log_size
|
242
|
+
ndr_uint64 :audit_retention_period
|
243
|
+
ndr_uint8 :audit_log_full_shutdown_in_progress
|
244
|
+
ndr_uint64 :time_to_shutdown
|
245
|
+
ndr_uint32 :next_audit_record_id
|
246
|
+
end
|
247
|
+
|
248
|
+
class LsaprPolicyAuditLogInfoPtr < LsaprPolicyAuditLogInfo
|
249
|
+
extend Ndr::PointerClassPlugin
|
250
|
+
end
|
251
|
+
|
252
|
+
# [2.2.4.4 LSAPR_POLICY_AUDIT_EVENTS_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/d00fc364-577d-4ed0-b3a5-952d78b67695)
|
253
|
+
class LsaprPolicyAuditEventsInfo < Ndr::NdrStruct
|
254
|
+
default_parameters byte_align: 4
|
255
|
+
endian :little
|
256
|
+
|
257
|
+
ndr_uint8 :auditing_mode
|
258
|
+
ndr_uint32_ptr :event_auditing_options
|
259
|
+
ndr_uint32 :maximum_audit_event_count
|
260
|
+
end
|
261
|
+
|
262
|
+
class LsaprPolicyAuditEventsInfoPtr < LsaprPolicyAuditEventsInfo
|
263
|
+
extend Ndr::PointerClassPlugin
|
264
|
+
end
|
265
|
+
|
266
|
+
# [2.2.4.5 LSAPR_POLICY_PRIMARY_DOM_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/0f3f5d3f-66d2-45a0-8c28-ede86f4cd4a8)
|
267
|
+
class LsaprPolicyPrimaryDomInfo < Ndr::NdrStruct
|
268
|
+
default_parameters byte_align: 4
|
269
|
+
endian :little
|
270
|
+
|
271
|
+
ndr_wide_string_ptr :name
|
272
|
+
prpc_sid :sid
|
273
|
+
end
|
274
|
+
|
275
|
+
class LsaprPolicyPrimaryDomInfoPtr < LsaprPolicyPrimaryDomInfo
|
276
|
+
extend Ndr::PointerClassPlugin
|
277
|
+
end
|
278
|
+
|
279
|
+
# [2.2.4.6 LSAPR_POLICY_ACCOUNT_DOM_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/bfad5424-3e20-43bd-87f6-d35b4253792e)
|
280
|
+
class LsaprPolicyAccountDomInfo < Ndr::NdrStruct
|
281
|
+
default_parameters byte_align: 4
|
282
|
+
endian :little
|
283
|
+
|
284
|
+
ndr_wide_string_ptr :domain_name
|
285
|
+
prpc_sid :domain_sid
|
286
|
+
end
|
287
|
+
|
288
|
+
class LsaprPolicyAccountDomInfoPtr < LsaprPolicyAccountDomInfo
|
289
|
+
extend Ndr::PointerClassPlugin
|
290
|
+
end
|
291
|
+
|
292
|
+
# [2.2.4.7 LSAPR_POLICY_PD_ACCOUNT_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/b04175b3-fedf-4dda-9034-f754a10fe64e)
|
293
|
+
class LsaprPolicyPdAccountInfo < Ndr::NdrStruct
|
294
|
+
default_parameters byte_align: 4
|
295
|
+
endian :little
|
296
|
+
|
297
|
+
rpc_unicode_string :name
|
298
|
+
end
|
299
|
+
|
300
|
+
class LsaprPolicyPdAccountInfoPtr < LsaprPolicyPdAccountInfo
|
301
|
+
extend Ndr::PointerClassPlugin
|
302
|
+
end
|
303
|
+
|
304
|
+
# [2.2.4.8 POLICY_LSA_SERVER_ROLE](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/620010b4-b439-4d46-893a-cb67246de5fc)
|
305
|
+
class LsaprPolicyLsaServerRole < Ndr::NdrStruct
|
306
|
+
default_parameters byte_align: 4
|
307
|
+
endian :little
|
308
|
+
|
309
|
+
ndr_uint32 :policy_lsa_server_role # This is POLICY_LSA_SERVER_ROLE, type 'enum' -> uint32
|
310
|
+
end
|
311
|
+
|
312
|
+
class LsaprPolicyLsaServerRolePtr < LsaprPolicyLsaServerRole
|
313
|
+
extend Ndr::PointerClassPlugin
|
314
|
+
end
|
315
|
+
|
316
|
+
# [2.2.4.9 POLICY_LSA_SERVER_ROLE_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/d37dbc65-04f3-4db8-b40a-4e9dd6c12520)
|
317
|
+
class LsaprPolicyLsaServerRoleInfo < Ndr::NdrStruct
|
318
|
+
default_parameters byte_align: 4
|
319
|
+
endian :little
|
320
|
+
|
321
|
+
lsapr_policy_lsa_server_role :lsa_server_role
|
322
|
+
end
|
323
|
+
|
324
|
+
class LsaprPolicyLsaServerRoleInfoPtr < LsaprPolicyLsaServerRoleInfo
|
325
|
+
extend Ndr::PointerClassPlugin
|
326
|
+
end
|
327
|
+
|
328
|
+
# [2.2.4.10 LSAPR_POLICY_REPLICA_SRCE_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/fb7df2bb-99e7-402f-8334-24d47e23ec00)
|
329
|
+
class LsaprPolicyReplicaSrceInfo < Ndr::NdrStruct
|
330
|
+
default_parameters byte_align: 4
|
331
|
+
endian :little
|
332
|
+
|
333
|
+
rpc_unicode_string :replica_source
|
334
|
+
rpc_unicode_string :replica_account_name
|
335
|
+
end
|
336
|
+
|
337
|
+
class LsaprPolicyReplicaSrceInfoPtr < LsaprPolicyReplicaSrceInfo
|
338
|
+
extend Ndr::PointerClassPlugin
|
339
|
+
end
|
340
|
+
|
341
|
+
# [2.2.4.11 POLICY_MODIFICATION_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/c80ae9d5-d0c1-4d5c-a0ae-77eae7bfac25)
|
342
|
+
class PolicyModificationInfo < Ndr::NdrStruct
|
343
|
+
default_parameters byte_align: 4
|
344
|
+
endian :little
|
345
|
+
|
346
|
+
ndr_uint64 :modified_id
|
347
|
+
ndr_uint64 :database_creation_time
|
348
|
+
end
|
349
|
+
|
350
|
+
class PolicyModificationInfoPtr < PolicyModificationInfo
|
351
|
+
extend Ndr::PointerClassPlugin
|
352
|
+
end
|
353
|
+
|
354
|
+
# [2.2.4.12 POLICY_AUDIT_FULL_SET_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/3224400e-3c40-4e64-810a-8b11341ba4c6)
|
355
|
+
class PolicyAuditFullSetInfo < Ndr::NdrStruct
|
356
|
+
default_parameters byte_align: 4
|
357
|
+
endian :little
|
358
|
+
|
359
|
+
ndr_uint8 :shutdown_on_full
|
360
|
+
end
|
361
|
+
|
362
|
+
class PolicyAuditFullSetInfoPtr < PolicyAuditFullSetInfo
|
363
|
+
extend Ndr::PointerClassPlugin
|
364
|
+
end
|
365
|
+
|
366
|
+
# [2.2.4.13 POLICY_AUDIT_FULL_QUERY_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/0ef0845f-f20e-4897-ad29-88c0c07be0f4)
|
367
|
+
class PolicyAuditFullQueryInfo < Ndr::NdrStruct
|
368
|
+
default_parameters byte_align: 4
|
369
|
+
endian :little
|
370
|
+
|
371
|
+
ndr_uint8 :shutdown_on_full
|
372
|
+
ndr_uint8 :log_is_full
|
373
|
+
end
|
374
|
+
|
375
|
+
class PolicyAuditFullQueryInfoPtr < PolicyAuditFullQueryInfo
|
376
|
+
extend Ndr::PointerClassPlugin
|
377
|
+
end
|
378
|
+
|
379
|
+
# [2.2.4.14 LSAPR_POLICY_DNS_DOMAIN_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/3e15a02e-25d3-46aa-9c60-8def03c824d2)
|
380
|
+
class LsaprPolicyDnsDomainInfo < Ndr::NdrStruct
|
381
|
+
default_parameters byte_align: 4
|
382
|
+
endian :little
|
383
|
+
|
384
|
+
rpc_unicode_string :name
|
385
|
+
rpc_unicode_string :dns_domain_name
|
386
|
+
rpc_unicode_string :dns_forest_name
|
387
|
+
uuid :domain_guid
|
388
|
+
prpc_sid :sid
|
389
|
+
end
|
390
|
+
|
391
|
+
class LsaprPolicyDnsDomainInfoPtr < LsaprPolicyDnsDomainInfo
|
392
|
+
extend Ndr::PointerClassPlugin
|
393
|
+
end
|
394
|
+
|
395
|
+
# [2.2.4.21 LSAPR_POLICY_MACHINE_ACCT_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/e05c1489-e8c9-4b6c-8b5e-f95d5dd7b1b2)
|
396
|
+
class LsaprPolicyMachineAcctInfo < Ndr::NdrStruct
|
397
|
+
default_parameters byte_align: 4
|
398
|
+
endian :little
|
399
|
+
|
400
|
+
ndr_uint32 :rid
|
401
|
+
prpc_sid :sid
|
402
|
+
end
|
403
|
+
|
404
|
+
class LsaprPolicyMachineAcctInfoPtr < LsaprPolicyMachineAcctInfo
|
405
|
+
extend Ndr::PointerClassPlugin
|
406
|
+
end
|
407
|
+
|
408
|
+
# [2.2.4.2 LSAPR_POLICY_INFORMATION](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/6e63a2c8-5ddb-411a-a253-9c55afc49834)
|
409
|
+
class LsaprPolicyInformation < Ndr::NdrStruct
|
410
|
+
default_parameters byte_align: 4
|
411
|
+
endian :little
|
412
|
+
|
413
|
+
ndr_uint32 :policy_information_class
|
414
|
+
choice :policy_information, selection: -> { policy_information_class }, byte_align: 4 do
|
415
|
+
lsapr_policy_audit_log_info_ptr POLICY_AUDIT_LOG_INFORMATION
|
416
|
+
lsapr_policy_audit_events_info_ptr POLICY_AUDIT_EVENTS_INFORMATION
|
417
|
+
lsapr_policy_primary_dom_info_ptr POLICY_PRIMARY_DOMAIN_INFORMATION
|
418
|
+
lsapr_policy_pd_account_info_ptr POLICY_PD_ACCOUNT_INFORMATION
|
419
|
+
lsapr_policy_account_dom_info_ptr POLICY_ACCOUNT_DOMAIN_INFORMATION
|
420
|
+
lsapr_policy_lsa_server_role_info_ptr POLICY_LSA_SERVER_ROLE_INFORMATION
|
421
|
+
lsapr_policy_replica_srce_info_ptr POLICY_REPLICA_SOURCE_INFORMATION
|
422
|
+
policy_modification_info_ptr POLICY_MODIFICATION_INFORMATION
|
423
|
+
policy_audit_full_set_info_ptr POLICY_AUDIT_FULL_SET_INFORMATION
|
424
|
+
policy_audit_full_query_info_ptr POLICY_AUDIT_FULL_QUERY_INFORMATION
|
425
|
+
|
426
|
+
#Note: The lines below have the same output for two different inputs.
|
427
|
+
lsapr_policy_dns_domain_info_ptr POLICY_DNS_DOMAIN_INFORMATION
|
428
|
+
lsapr_policy_dns_domain_info_ptr POLICY_DNS_DOMAIN_INFORMATION_INT
|
429
|
+
|
430
|
+
lsapr_policy_account_dom_info_ptr POLICY_LOCAL_ACCOUNT_DOMAIN_INFORMATION
|
431
|
+
lsapr_policy_machine_acct_info_ptr POLICY_MACHINE_ACCOUNT_INFORMATION
|
432
|
+
end
|
433
|
+
end
|
434
|
+
|
435
|
+
class LsaprPolicyInformationPtr < LsaprPolicyInformation
|
436
|
+
extend Ndr::PointerClassPlugin
|
437
|
+
end
|
438
|
+
|
439
|
+
# [2.2.17 LSAPR_SID_INFORMATION](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/f04a771b-c018-4098-81b5-2a819f9b5db8)
|
440
|
+
class LsaprSidInformation < Ndr::NdrStruct
|
441
|
+
default_parameters byte_align: 4
|
442
|
+
endian :little
|
443
|
+
|
444
|
+
prpc_sid :sid
|
445
|
+
end
|
446
|
+
|
447
|
+
class LsaprSidInformationPtr < LsaprSidInformation
|
448
|
+
extend Ndr::PointerClassPlugin
|
449
|
+
end
|
450
|
+
|
451
|
+
class LsaprSidInformationArrayPtr < Ndr::NdrConfArray
|
452
|
+
default_parameters type: :lsapr_sid_information
|
453
|
+
extend Ndr::PointerClassPlugin
|
454
|
+
end
|
455
|
+
|
456
|
+
# [2.2.18 LSAPR_SID_ENUM_BUFFER](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/1ffb61f0-a4fe-4487-858d-fb709d605855)
|
457
|
+
class LsaprSidEnumBuffer < Ndr::NdrStruct
|
458
|
+
default_parameters byte_align: 4
|
459
|
+
endian :little
|
460
|
+
|
461
|
+
ndr_uint32 :num_entries
|
462
|
+
lsapr_sid_information_array_ptr :sid_info
|
463
|
+
end
|
464
|
+
|
465
|
+
class LsaprSidEnumBufferPtr < LsaprSidEnumBuffer
|
466
|
+
extend Ndr::PointerClassPlugin
|
467
|
+
end
|
468
|
+
|
469
|
+
# [2.2.11 LSAPR_TRUST_INFORMATION](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/b0f34b28-b5da-44aa-a607-99c09e6526e1)
|
470
|
+
class LsaprTrustInformation < Ndr::NdrStruct
|
471
|
+
default_parameters byte_align: 4
|
472
|
+
endian :little
|
473
|
+
|
474
|
+
rpc_unicode_string :name
|
475
|
+
prpc_sid :sid
|
476
|
+
end
|
477
|
+
|
478
|
+
class LsaprTrustInformationArrayPtr < Ndr::NdrConfArray
|
479
|
+
default_parameters type: :lsapr_trust_information
|
480
|
+
extend Ndr::PointerClassPlugin
|
481
|
+
end
|
482
|
+
|
483
|
+
# [2.2.12 LSAPR_REFERENCED_DOMAIN_LIST](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/3a52af31-247a-4b08-91a0-1d46b2cc49b2)
|
484
|
+
class LsaprReferencedDomainList < Ndr::NdrStruct
|
485
|
+
default_parameters byte_align: 4
|
486
|
+
endian :little
|
487
|
+
|
488
|
+
ndr_uint32 :num_entries
|
489
|
+
lsapr_trust_information_array_ptr :domains
|
490
|
+
ndr_uint32 :max_entries
|
491
|
+
end
|
492
|
+
|
493
|
+
class LsaprReferencedDomainListPtr < LsaprReferencedDomainList
|
494
|
+
extend Ndr::PointerClassPlugin
|
495
|
+
end
|
496
|
+
|
497
|
+
# [2.2.19 LSAPR_TRANSLATED_NAME](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/52e1ccc1-b57b-4c02-b35f-bd64913ce99b)
|
498
|
+
class LsaprTranslatedName < Ndr::NdrStruct
|
499
|
+
default_parameters byte_align: 4
|
500
|
+
endian :little
|
501
|
+
|
502
|
+
ndr_uint32 :use
|
503
|
+
rpc_unicode_string :name
|
504
|
+
ndr_uint32 :domain_index
|
505
|
+
end
|
506
|
+
|
507
|
+
class LsaprTranslatedNameArray < Ndr::NdrConfArray
|
508
|
+
default_parameters type: :lsapr_translated_name
|
509
|
+
extend Ndr::PointerClassPlugin
|
510
|
+
end
|
511
|
+
|
512
|
+
class LsaprTranslatedNameArrayPtr < LsaprTranslatedNameArray
|
513
|
+
extend Ndr::PointerClassPlugin
|
514
|
+
end
|
515
|
+
|
516
|
+
# [2.2.20 LSAPR_TRANSLATED_NAMES](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/ff977eb9-563a-4353-a95f-640e7ee16356)
|
517
|
+
class LsaprTranslatedNames < Ndr::NdrStruct
|
518
|
+
default_parameters byte_align: 4
|
519
|
+
endian :little
|
520
|
+
|
521
|
+
ndr_uint32 :num_entries
|
522
|
+
lsapr_translated_name_array_ptr :names
|
523
|
+
end
|
524
|
+
|
525
|
+
class LsaprTranslatedNamesPtr < LsaprTranslatedNames
|
526
|
+
extend Ndr::PointerClassPlugin
|
527
|
+
end
|
528
|
+
|
529
|
+
require 'ruby_smb/dcerpc/lsarpc/lsar_open_policy_request'
|
530
|
+
require 'ruby_smb/dcerpc/lsarpc/lsar_open_policy_response'
|
531
|
+
require 'ruby_smb/dcerpc/lsarpc/lsar_open_policy2_request'
|
532
|
+
require 'ruby_smb/dcerpc/lsarpc/lsar_open_policy2_response'
|
533
|
+
require 'ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_request'
|
534
|
+
require 'ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_response'
|
535
|
+
require 'ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_request'
|
536
|
+
require 'ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_response'
|
537
|
+
require 'ruby_smb/dcerpc/lsarpc/lsar_close_handle_request'
|
538
|
+
require 'ruby_smb/dcerpc/lsarpc/lsar_close_handle_response'
|
539
|
+
require 'ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_request'
|
540
|
+
require 'ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_response'
|
541
|
+
|
542
|
+
def lsar_open_policy2(system_name:, object_attributes:, access_mask:)
|
543
|
+
lsar_request = LsarOpenPolicy2Request.new(
|
544
|
+
system_name: system_name,
|
545
|
+
object_attributes: object_attributes,
|
546
|
+
access_mask: access_mask
|
547
|
+
)
|
548
|
+
response = dcerpc_request(lsar_request)
|
549
|
+
begin
|
550
|
+
lsar_response = LsarOpenPolicy2Response.read(response)
|
551
|
+
rescue IOError
|
552
|
+
raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading LsarOpenPolicy2Response'
|
553
|
+
end
|
554
|
+
unless lsar_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
|
555
|
+
raise RubySMB::Dcerpc::Error::LsarpcError,
|
556
|
+
"Error returned while opening policy: "\
|
557
|
+
"#{WindowsError::NTStatus.find_by_retval(lsar_response.error_status.value).join(',')}"
|
558
|
+
end
|
559
|
+
lsar_response.policy_handle
|
560
|
+
end
|
561
|
+
|
562
|
+
def lsar_query_information_policy(policy_handle:, information_class:)
|
563
|
+
lsar_request = LsarQueryInformationPolicyRequest.new(
|
564
|
+
policy_handle: policy_handle,
|
565
|
+
information_class: information_class
|
566
|
+
)
|
567
|
+
response = dcerpc_request(lsar_request)
|
568
|
+
begin
|
569
|
+
lsar_response = LsarQueryInformationPolicyResponse.read(response)
|
570
|
+
rescue IOError
|
571
|
+
raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading LsarQueryInformationPolicyResponse'
|
572
|
+
end
|
573
|
+
unless lsar_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
|
574
|
+
raise RubySMB::Dcerpc::Error::LsarpcError,
|
575
|
+
"Error returned while querying domain information: "\
|
576
|
+
"#{WindowsError::NTStatus.find_by_retval(lsar_response.error_status.value).join(',')}"
|
577
|
+
end
|
578
|
+
lsar_response.policy_information
|
579
|
+
end
|
580
|
+
|
581
|
+
def lsar_query_information_policy2(policy_handle:, information_class:)
|
582
|
+
lsar_request = LsarQueryInformationPolicy2Request.new(
|
583
|
+
policy_handle: policy_handle,
|
584
|
+
information_class: information_class
|
585
|
+
)
|
586
|
+
response = dcerpc_request(lsar_request)
|
587
|
+
begin
|
588
|
+
lsar_response = LsarQueryInformationPolicy2Response.read(response)
|
589
|
+
rescue IOError
|
590
|
+
raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading LsarQueryInformationPolicy2Response'
|
591
|
+
end
|
592
|
+
unless lsar_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
|
593
|
+
raise RubySMB::Dcerpc::Error::LsarpcError,
|
594
|
+
"Error returned while querying domain information: "\
|
595
|
+
"#{WindowsError::NTStatus.find_by_retval(lsar_response.error_status.value).join(',')}"
|
596
|
+
end
|
597
|
+
lsar_response.policy_information
|
598
|
+
end
|
599
|
+
|
600
|
+
def lsar_close_handle(policy_handle:)
|
601
|
+
lsar_request = LsarCloseHandleRequest.new(
|
602
|
+
policy_handle: policy_handle
|
603
|
+
)
|
604
|
+
response = dcerpc_request(lsar_request)
|
605
|
+
begin
|
606
|
+
lsar_response = LsarCloseHandleResponse.read(response)
|
607
|
+
rescue IOError
|
608
|
+
raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading LsarCloseHandleResponse'
|
609
|
+
end
|
610
|
+
unless lsar_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
|
611
|
+
raise RubySMB::Dcerpc::Error::LsarpcError,
|
612
|
+
"Error returned while closing policy handle: "\
|
613
|
+
"#{WindowsError::NTStatus.find_by_retval(lsar_response.error_status.value).join(',')}"
|
614
|
+
end
|
615
|
+
lsar_response.policy_handle
|
616
|
+
end
|
617
|
+
|
618
|
+
def lsar_lookup_sids(policy_handle:, sids:, lookup_level:)
|
619
|
+
sid_enum_buffer = { num_entries: sids.count, sid_info: sids.map { |sid| { sid: sid } } }
|
620
|
+
lsar_request = LsarLookupSidsRequest.new(
|
621
|
+
policy_handle: policy_handle,
|
622
|
+
sid_enum_buffer: sid_enum_buffer,
|
623
|
+
lookup_level: lookup_level
|
624
|
+
)
|
625
|
+
response = dcerpc_request(lsar_request)
|
626
|
+
begin
|
627
|
+
lsar_response = LsarLookupSidsResponse.read(response)
|
628
|
+
rescue IOError
|
629
|
+
raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading LsarLookupSidsResponse'
|
630
|
+
end
|
631
|
+
unless lsar_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
|
632
|
+
raise RubySMB::Dcerpc::Error::LsarpcError,
|
633
|
+
"Error returned while looking up SID: "\
|
634
|
+
"#{WindowsError::NTStatus.find_by_retval(lsar_response.error_status.value).join(',')}"
|
635
|
+
end
|
636
|
+
lsar_response.translated_names[:names].map do |translated_name|
|
637
|
+
{ name: translated_name[:name][:buffer], type: translated_name[:use] }
|
638
|
+
end
|
639
|
+
end
|
640
|
+
|
9
641
|
end
|
10
642
|
end
|
11
643
|
end
|
data/lib/ruby_smb/dcerpc/ndr.rb
CHANGED
@@ -567,8 +567,11 @@ module RubySMB::Dcerpc::Ndr
|
|
567
567
|
def get_max_count(val)
|
568
568
|
if is_a?(BinData::Stringz)
|
569
569
|
max_count = val.to_s.strip.length
|
570
|
-
#
|
571
|
-
|
570
|
+
# Add one to count the terminator. According to
|
571
|
+
# https://pubs.opengroup.org/onlinepubs/9629399/chap14.htm#tagcjh_19_03_04_02,
|
572
|
+
# the NDR String must contain at least one element, the terminator. So,
|
573
|
+
# add one even if it is an empty string.
|
574
|
+
max_count += 1
|
572
575
|
return max_count
|
573
576
|
else
|
574
577
|
return val.to_s.length
|
@@ -622,8 +625,11 @@ module RubySMB::Dcerpc::Ndr
|
|
622
625
|
def update_actual_count(val)
|
623
626
|
if is_a?(BinData::Stringz)
|
624
627
|
@actual_count = val.to_s.strip.length
|
625
|
-
#
|
626
|
-
|
628
|
+
# Add one to count the terminator. According to
|
629
|
+
# https://pubs.opengroup.org/onlinepubs/9629399/chap14.htm#tagcjh_19_03_04,
|
630
|
+
# the NDR String must contain at least one element, the terminator. So,
|
631
|
+
# add one even if it is an empty string.
|
632
|
+
@actual_count += 1
|
627
633
|
else
|
628
634
|
@actual_count = val.to_s.length
|
629
635
|
end
|