ruby_smb 3.3.7 → 3.3.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/README.md +14 -0
- data/lib/ruby_smb/dcerpc/error.rb +3 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_close_handle_request.rb +22 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_close_handle_response.rb +23 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_request.rb +26 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_response.rb +25 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy2_request.rb +24 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy2_response.rb +23 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy_request.rb +24 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy_response.rb +23 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_request.rb +23 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_response.rb +23 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_request.rb +23 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_response.rb +23 -0
- data/lib/ruby_smb/dcerpc/lsarpc.rb +634 -2
- data/lib/ruby_smb/dcerpc/netlogon/domain_controller_infow.rb +28 -0
- data/lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_request.rb +28 -0
- data/lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_response.rb +24 -0
- data/lib/ruby_smb/dcerpc/netlogon.rb +3 -0
- data/lib/ruby_smb/dcerpc/request.rb +8 -0
- data/lib/ruby_smb/dcerpc/samr/rpc_sid.rb +1 -1
- data/lib/ruby_smb/version.rb +1 -1
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_close_handle_request_spec.rb +40 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_close_handle_response_spec.rb +46 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_request_spec.rb +69 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_response_spec.rb +56 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy2_request_spec.rb +68 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy2_response_spec.rb +46 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy_request_spec.rb +68 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy_response_spec.rb +45 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_request_spec.rb +47 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_response_spec.rb +54 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_request_spec.rb +46 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_response_spec.rb +53 -0
- data.tar.gz.sig +0 -0
- metadata +42 -3
- metadata.gz.sig +0 -0
@@ -1,11 +1,643 @@
|
|
1
|
+
require 'ruby_smb/dcerpc/ndr'
|
2
|
+
require 'ruby_smb/dcerpc/rrp_rpc_unicode_string'
|
3
|
+
require 'ruby_smb/dcerpc/samr/rpc_sid'
|
4
|
+
require 'ruby_smb/dcerpc/uuid'
|
5
|
+
|
1
6
|
module RubySMB
|
2
7
|
module Dcerpc
|
3
8
|
module Lsarpc
|
9
|
+
|
4
10
|
# see: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dssp/6f843846-2494-4d49-b715-2f181317dd34
|
5
|
-
UUID = '
|
6
|
-
VER_MAJOR =
|
11
|
+
UUID = '12345778-1234-abcd-ef00-0123456789ab'.freeze
|
12
|
+
VER_MAJOR = 0
|
7
13
|
VER_MINOR = 0
|
8
14
|
|
15
|
+
# OPNUMS
|
16
|
+
LSAR_CLOSE_HANDLE = 0
|
17
|
+
LSAR_OPEN_POLICY = 6
|
18
|
+
LSAR_QUERY_INFORMATION_POLICY = 7
|
19
|
+
LSAR_LOOKUP_SIDS = 15
|
20
|
+
LSAR_OPEN_POLICY2 = 44
|
21
|
+
LSAR_QUERY_INFORMATION_POLICY2 = 46
|
22
|
+
|
23
|
+
################
|
24
|
+
# ACCESS_MASK Values
|
25
|
+
|
26
|
+
# [2.2.1.1 ACCESS_MASK](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/7aeb7f17-0a6e-4f04-ac7e-7b1363cf9ecf)
|
27
|
+
# [2.4.3 ACCESS_MASK](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/7a53f60e-e730-4dfe-bbe9-b21b62eb790b)
|
28
|
+
DELETE = 0x00010000
|
29
|
+
READ_CONTROL = 0x00020000
|
30
|
+
WRITE_DACL = 0x00040000
|
31
|
+
WRITE_OWNER = 0x00040000
|
32
|
+
SYNCHRONIZE = 0x00100000
|
33
|
+
ACCESS_SYSTEM_SECURITY = 0x01000000
|
34
|
+
MAXIMUM_ALLOWED = 0x02000000
|
35
|
+
GENERIC_ALL = 0x10000000
|
36
|
+
GENERIC_EXECUTE = 0x20000000
|
37
|
+
GENERIC_WRITE = 0x40000000
|
38
|
+
GENERIC_READ = 0x80000000
|
39
|
+
|
40
|
+
################
|
41
|
+
# SECURITY_DESCRIPTOR_CONTROL
|
42
|
+
|
43
|
+
# [SECURITY_DESCRIPTOR_CONTROL](https://learn.microsoft.com/en-us/windows/win32/secauthz/security-descriptor-control)
|
44
|
+
# [SECURITY_DESCRIPTOR_CONTROL](https://learn.microsoft.com/en-us/windows-hardware/drivers/ifs/security-descriptor-control)
|
45
|
+
SE_OWNER_DEFAULTED = 0x0001
|
46
|
+
SE_GROUP_DEFAULTED = 0x0002
|
47
|
+
SE_DACL_PRESENT = 0x0004
|
48
|
+
SE_DACL_DEFAULTED = 0x0008
|
49
|
+
SE_SACL_PRESENT = 0x0010
|
50
|
+
SE_SACL_DEFAULTED = 0x0020
|
51
|
+
SE_DACL_UNTRUSTED = 0x0040
|
52
|
+
SE_SERVER_SECURITY = 0x0080
|
53
|
+
SE_DACL_AUTO_INHERIT_REQ = 0x0100
|
54
|
+
SE_SACL_AUTO_INHERIT_REQ = 0x0200
|
55
|
+
SE_DACL_AUTO_INHERITED = 0x0400
|
56
|
+
SE_SACL_AUTO_INHERITED = 0x0800
|
57
|
+
SE_DACL_PROTECTED = 0x1000
|
58
|
+
SE_SACL_PROTECTED = 0x2000
|
59
|
+
SE_RM_CONTROL_VALID = 0x4000
|
60
|
+
SE_SELF_RELATIVE = 0x8000
|
61
|
+
|
62
|
+
# [2.2.3.5 SECURITY_IMPERSONATION_LEVEL](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/720cea10-cee2-4c45-9084-c6fa7d67d18d)
|
63
|
+
SECURITY_ANONYMOUS = 0x0000
|
64
|
+
SECURITY_IDENTIFICATION = 0x0001
|
65
|
+
SECURITY_IMPERSONATION = 0x0002
|
66
|
+
SECURITY_DELEGATION = 0x0003
|
67
|
+
|
68
|
+
# [2.2.3.6 SECURITY_CONTEXT_TRACKING_MODE](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/6bb42770-b924-41ff-8a57-83e37b8b7797)
|
69
|
+
SECURITY_CONTEXT_CLIENT_SNAPSHOT = 0x00
|
70
|
+
SECURITY_CONTEXT_CONTINUOUS_UPDATES = 0x01
|
71
|
+
|
72
|
+
# [2.2.4.1 POLICY_INFORMATION_CLASS](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/9ce0bb37-fc6c-4230-b109-7e1881660b83)
|
73
|
+
POLICY_AUDIT_LOG_INFORMATION = 1
|
74
|
+
POLICY_AUDIT_EVENTS_INFORMATION = 2
|
75
|
+
POLICY_PRIMARY_DOMAIN_INFORMATION = 3
|
76
|
+
POLICY_PD_ACCOUNT_INFORMATION = 4
|
77
|
+
POLICY_ACCOUNT_DOMAIN_INFORMATION = 5
|
78
|
+
POLICY_LSA_SERVER_ROLE_INFORMATION = 6
|
79
|
+
POLICY_REPLICA_SOURCE_INFORMATION = 7
|
80
|
+
POLICY_INFORMATION_NOT_USED_ON_WIRE = 8
|
81
|
+
POLICY_MODIFICATION_INFORMATION = 9
|
82
|
+
POLICY_AUDIT_FULL_SET_INFORMATION = 10
|
83
|
+
POLICY_AUDIT_FULL_QUERY_INFORMATION = 11
|
84
|
+
POLICY_DNS_DOMAIN_INFORMATION = 12
|
85
|
+
POLICY_DNS_DOMAIN_INFORMATION_INT = 13
|
86
|
+
POLICY_LOCAL_ACCOUNT_DOMAIN_INFORMATION = 14
|
87
|
+
POLICY_MACHINE_ACCOUNT_INFORMATION = 15
|
88
|
+
POLICY_LAST_ENTRY = 16
|
89
|
+
|
90
|
+
# [2.2.4.8 POLICY_LSA_SERVER_ROLE](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/620010b4-b439-4d46-893a-cb67246de5fc)
|
91
|
+
POLICY_SERVER_ROLE_BACKUP = 2
|
92
|
+
POLICY_SERVER_ROLE_PRIMARY = 3
|
93
|
+
|
94
|
+
# [2.2.16 LSAP_LOOKUP_LEVEL](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/9d1166cc-bcfd-4e22-a8ac-f55eae57c99f)
|
95
|
+
LSAP_LOOKUP_WKSTA = 1
|
96
|
+
LSAP_LOOKUP_PDC = 2
|
97
|
+
LSAP_LOOKUP_TDL = 3
|
98
|
+
LSAP_LOOKUP_GC = 4
|
99
|
+
LSAP_LOOKUP_XFOREST_REFERRAL = 5
|
100
|
+
LSAP_LOOKUP_XFOREST_RESOLVE = 6
|
101
|
+
LSAP_LOOKUP_RODC_REFERRAL_TO_FULL_DC = 7
|
102
|
+
|
103
|
+
# [2.2.13 SID_NAME_USE](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/171e9a87-8e01-4bd8-a35e-3468128c8fc4)
|
104
|
+
SID_TYPE_USER = 1
|
105
|
+
SID_TYPE_GROUP = 2
|
106
|
+
SID_TYPE_DOMAIN = 3
|
107
|
+
SID_TYPE_ALIAS = 4
|
108
|
+
SID_TYPE_WELLKNOWN_GROUP = 5
|
109
|
+
SID_TYPE_DELETED_ACCOUNT = 6
|
110
|
+
SID_TYPE_INVALID = 7
|
111
|
+
SID_TYPE_UNKNOWN = 8
|
112
|
+
SID_TYPE_COMPUTER = 9
|
113
|
+
SID_TYPE_LABEL = 10
|
114
|
+
|
115
|
+
# [2.2.2.1 LSAPR_HANDLE](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/0d093105-e8c8-45f7-a79d-182aafd60c6e)
|
116
|
+
class LsaprHandle < Ndr::NdrContextHandle; end
|
117
|
+
|
118
|
+
class LsaprHandlePtr < LsaprHandle
|
119
|
+
extend Ndr::PointerClassPlugin
|
120
|
+
end
|
121
|
+
|
122
|
+
# [2.2.3.2 LSAPR_ACL](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/a9a03a85-5b08-4bb5-81c9-2c68751693ac)
|
123
|
+
class LsaprAcl < Ndr::NdrStruct
|
124
|
+
default_parameters byte_align: 4
|
125
|
+
endian :little
|
126
|
+
|
127
|
+
ndr_uint8 :acl_revision
|
128
|
+
ndr_uint8 :sbz1
|
129
|
+
ndr_uint16 :acl_size
|
130
|
+
ndr_conf_array :dummy1, type: :ndr_char
|
131
|
+
end
|
132
|
+
|
133
|
+
class LsaprAclPtr < LsaprAcl
|
134
|
+
extend Ndr::PointerClassPlugin
|
135
|
+
end
|
136
|
+
|
137
|
+
# [2.2.3.3 SECURITY_DESCRIPTOR_CONTROL](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/c704a67c-9836-41d9-9b18-acd596cc884e)
|
138
|
+
class LsaprSecurityDescriptorControl < Ndr::NdrStruct
|
139
|
+
default_parameters byte_align: 4
|
140
|
+
endian :little
|
141
|
+
|
142
|
+
ndr_uint16 :security_descriptor_control
|
143
|
+
end
|
144
|
+
|
145
|
+
class LsaprSecurityDescriptorControlPtr < LsaprSecurityDescriptorControl
|
146
|
+
extend Ndr::PointerClassPlugin
|
147
|
+
end
|
148
|
+
|
149
|
+
# [2.2.5 LSAPR_SECURITY_DESCRIPTOR](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/8494008f-0bfb-45b8-bb6c-e32dd7f18e3d)
|
150
|
+
class LsaprSecurityDescriptor < Ndr::NdrStruct
|
151
|
+
default_parameters byte_align: 4
|
152
|
+
endian :little
|
153
|
+
|
154
|
+
ndr_uint8 :revision
|
155
|
+
ndr_uint8 :sbz1
|
156
|
+
lsapr_security_descriptor_control :control
|
157
|
+
prpc_sid :owner
|
158
|
+
prpc_sid :group
|
159
|
+
lsapr_acl_ptr :sacl
|
160
|
+
lsapr_acl_ptr :dacl
|
161
|
+
end
|
162
|
+
|
163
|
+
class LsaprSecurityDescriptorPtr < LsaprSecurityDescriptor
|
164
|
+
extend Ndr::PointerClassPlugin
|
165
|
+
end
|
166
|
+
|
167
|
+
# [2.2.3.5 SECURITY_IMPERSONATION_LEVEL](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/720cea10-cee2-4c45-9084-c6fa7d67d18d)
|
168
|
+
class SecurityImpersonationLevel < Ndr::NdrStruct
|
169
|
+
default_parameters byte_align: 4
|
170
|
+
endian :little
|
171
|
+
|
172
|
+
ndr_uint32 :level # This is SECURITY_IMPERSONATION_LEVEL, type 'enum' -> uint32
|
173
|
+
end
|
174
|
+
|
175
|
+
class SecurityImpersonationLevelPtr < SecurityImpersonationLevel
|
176
|
+
extend Ndr::PointerClassPlugin
|
177
|
+
end
|
178
|
+
|
179
|
+
# [2.2.3.6 SECURITY_CONTEXT_TRACKING_MODE](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/6bb42770-b924-41ff-8a57-83e37b8b7797)
|
180
|
+
class LsaprSecurityContextTrackingMode < Ndr::NdrStruct
|
181
|
+
default_parameters byte_align: 4
|
182
|
+
endian :little
|
183
|
+
|
184
|
+
ndr_uint8 :security_context_tracking_mode
|
185
|
+
end
|
186
|
+
|
187
|
+
class LsaprSecurityContextTrackingModePtr < LsaprSecurityContextTrackingMode
|
188
|
+
extend Ndr::PointerClassPlugin
|
189
|
+
end
|
190
|
+
|
191
|
+
# [2.2.3.7 SECURITY_QUALITY_OF_SERVICE](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/0ddf3150-53b5-42a5-b0ec-518bce67738c)
|
192
|
+
class SecurityQualityOfService < Ndr::NdrStruct
|
193
|
+
default_parameters byte_align: 4
|
194
|
+
endian :little
|
195
|
+
|
196
|
+
ndr_uint32 :len, value: -> { 12 }
|
197
|
+
ndr_uint16 :impersonation_level
|
198
|
+
ndr_uint8 :security_context_tracking_mode
|
199
|
+
ndr_uint8 :effective_only
|
200
|
+
end
|
201
|
+
|
202
|
+
class SecurityQualityOfServicePtr < SecurityQualityOfService
|
203
|
+
extend Ndr::PointerClassPlugin
|
204
|
+
end
|
205
|
+
|
206
|
+
# [2.2.2.4 LSAPR_OBJECT_ATTRIBUTES](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/ad9e183d-6474-4641-a6d9-d3796d2d604b)
|
207
|
+
class LsaprObjectAttributes < Ndr::NdrStruct
|
208
|
+
default_parameters byte_align: 4
|
209
|
+
endian :little
|
210
|
+
|
211
|
+
ndr_uint32 :len, value: -> { 24 }
|
212
|
+
ndr_char_ptr :root_directory
|
213
|
+
ndr_wide_stringz_ptr :object_name
|
214
|
+
ndr_uint32 :attributes
|
215
|
+
lsapr_security_descriptor_ptr :security_descriptor
|
216
|
+
security_quality_of_service_ptr :security_quality_of_service
|
217
|
+
end
|
218
|
+
|
219
|
+
class LsaprObjectAttributesPtr < LsaprObjectAttributes
|
220
|
+
extend Ndr::PointerClassPlugin
|
221
|
+
end
|
222
|
+
|
223
|
+
# [2.2.4.1 POLICY_INFORMATION_CLASS](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/9ce0bb37-fc6c-4230-b109-7e1881660b83)
|
224
|
+
class LsaprPolicyInformationClass < Ndr::NdrStruct
|
225
|
+
default_parameters byte_align: 4
|
226
|
+
endian :little
|
227
|
+
|
228
|
+
ndr_uint32 :policy_information_class # This is POLICY_INFORMATION_CLASS, type 'enum' -> uint32
|
229
|
+
end
|
230
|
+
|
231
|
+
class LsaprPolicyInformationClassPtr < LsaprPolicyInformationClass
|
232
|
+
extend Ndr::PointerClassPlugin
|
233
|
+
end
|
234
|
+
|
235
|
+
# [2.2.4.3 POLICY_AUDIT_LOG_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/3fff1c62-e8b1-4bc8-b18a-3ba6458ec622)
|
236
|
+
class LsaprPolicyAuditLogInfo < Ndr::NdrStruct
|
237
|
+
default_parameters byte_align: 4
|
238
|
+
endian :little
|
239
|
+
|
240
|
+
ndr_uint32 :audit_log_percent_full
|
241
|
+
ndr_uint32 :maximum_log_size
|
242
|
+
ndr_uint64 :audit_retention_period
|
243
|
+
ndr_uint8 :audit_log_full_shutdown_in_progress
|
244
|
+
ndr_uint64 :time_to_shutdown
|
245
|
+
ndr_uint32 :next_audit_record_id
|
246
|
+
end
|
247
|
+
|
248
|
+
class LsaprPolicyAuditLogInfoPtr < LsaprPolicyAuditLogInfo
|
249
|
+
extend Ndr::PointerClassPlugin
|
250
|
+
end
|
251
|
+
|
252
|
+
# [2.2.4.4 LSAPR_POLICY_AUDIT_EVENTS_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/d00fc364-577d-4ed0-b3a5-952d78b67695)
|
253
|
+
class LsaprPolicyAuditEventsInfo < Ndr::NdrStruct
|
254
|
+
default_parameters byte_align: 4
|
255
|
+
endian :little
|
256
|
+
|
257
|
+
ndr_uint8 :auditing_mode
|
258
|
+
ndr_uint32_ptr :event_auditing_options
|
259
|
+
ndr_uint32 :maximum_audit_event_count
|
260
|
+
end
|
261
|
+
|
262
|
+
class LsaprPolicyAuditEventsInfoPtr < LsaprPolicyAuditEventsInfo
|
263
|
+
extend Ndr::PointerClassPlugin
|
264
|
+
end
|
265
|
+
|
266
|
+
# [2.2.4.5 LSAPR_POLICY_PRIMARY_DOM_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/0f3f5d3f-66d2-45a0-8c28-ede86f4cd4a8)
|
267
|
+
class LsaprPolicyPrimaryDomInfo < Ndr::NdrStruct
|
268
|
+
default_parameters byte_align: 4
|
269
|
+
endian :little
|
270
|
+
|
271
|
+
ndr_wide_string_ptr :name
|
272
|
+
prpc_sid :sid
|
273
|
+
end
|
274
|
+
|
275
|
+
class LsaprPolicyPrimaryDomInfoPtr < LsaprPolicyPrimaryDomInfo
|
276
|
+
extend Ndr::PointerClassPlugin
|
277
|
+
end
|
278
|
+
|
279
|
+
# [2.2.4.6 LSAPR_POLICY_ACCOUNT_DOM_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/bfad5424-3e20-43bd-87f6-d35b4253792e)
|
280
|
+
class LsaprPolicyAccountDomInfo < Ndr::NdrStruct
|
281
|
+
default_parameters byte_align: 4
|
282
|
+
endian :little
|
283
|
+
|
284
|
+
ndr_wide_string_ptr :domain_name
|
285
|
+
prpc_sid :domain_sid
|
286
|
+
end
|
287
|
+
|
288
|
+
class LsaprPolicyAccountDomInfoPtr < LsaprPolicyAccountDomInfo
|
289
|
+
extend Ndr::PointerClassPlugin
|
290
|
+
end
|
291
|
+
|
292
|
+
# [2.2.4.7 LSAPR_POLICY_PD_ACCOUNT_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/b04175b3-fedf-4dda-9034-f754a10fe64e)
|
293
|
+
class LsaprPolicyPdAccountInfo < Ndr::NdrStruct
|
294
|
+
default_parameters byte_align: 4
|
295
|
+
endian :little
|
296
|
+
|
297
|
+
rpc_unicode_string :name
|
298
|
+
end
|
299
|
+
|
300
|
+
class LsaprPolicyPdAccountInfoPtr < LsaprPolicyPdAccountInfo
|
301
|
+
extend Ndr::PointerClassPlugin
|
302
|
+
end
|
303
|
+
|
304
|
+
# [2.2.4.8 POLICY_LSA_SERVER_ROLE](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/620010b4-b439-4d46-893a-cb67246de5fc)
|
305
|
+
class LsaprPolicyLsaServerRole < Ndr::NdrStruct
|
306
|
+
default_parameters byte_align: 4
|
307
|
+
endian :little
|
308
|
+
|
309
|
+
ndr_uint32 :policy_lsa_server_role # This is POLICY_LSA_SERVER_ROLE, type 'enum' -> uint32
|
310
|
+
end
|
311
|
+
|
312
|
+
class LsaprPolicyLsaServerRolePtr < LsaprPolicyLsaServerRole
|
313
|
+
extend Ndr::PointerClassPlugin
|
314
|
+
end
|
315
|
+
|
316
|
+
# [2.2.4.9 POLICY_LSA_SERVER_ROLE_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/d37dbc65-04f3-4db8-b40a-4e9dd6c12520)
|
317
|
+
class LsaprPolicyLsaServerRoleInfo < Ndr::NdrStruct
|
318
|
+
default_parameters byte_align: 4
|
319
|
+
endian :little
|
320
|
+
|
321
|
+
lsapr_policy_lsa_server_role :lsa_server_role
|
322
|
+
end
|
323
|
+
|
324
|
+
class LsaprPolicyLsaServerRoleInfoPtr < LsaprPolicyLsaServerRoleInfo
|
325
|
+
extend Ndr::PointerClassPlugin
|
326
|
+
end
|
327
|
+
|
328
|
+
# [2.2.4.10 LSAPR_POLICY_REPLICA_SRCE_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/fb7df2bb-99e7-402f-8334-24d47e23ec00)
|
329
|
+
class LsaprPolicyReplicaSrceInfo < Ndr::NdrStruct
|
330
|
+
default_parameters byte_align: 4
|
331
|
+
endian :little
|
332
|
+
|
333
|
+
rpc_unicode_string :replica_source
|
334
|
+
rpc_unicode_string :replica_account_name
|
335
|
+
end
|
336
|
+
|
337
|
+
class LsaprPolicyReplicaSrceInfoPtr < LsaprPolicyReplicaSrceInfo
|
338
|
+
extend Ndr::PointerClassPlugin
|
339
|
+
end
|
340
|
+
|
341
|
+
# [2.2.4.11 POLICY_MODIFICATION_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/c80ae9d5-d0c1-4d5c-a0ae-77eae7bfac25)
|
342
|
+
class PolicyModificationInfo < Ndr::NdrStruct
|
343
|
+
default_parameters byte_align: 4
|
344
|
+
endian :little
|
345
|
+
|
346
|
+
ndr_uint64 :modified_id
|
347
|
+
ndr_uint64 :database_creation_time
|
348
|
+
end
|
349
|
+
|
350
|
+
class PolicyModificationInfoPtr < PolicyModificationInfo
|
351
|
+
extend Ndr::PointerClassPlugin
|
352
|
+
end
|
353
|
+
|
354
|
+
# [2.2.4.12 POLICY_AUDIT_FULL_SET_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/3224400e-3c40-4e64-810a-8b11341ba4c6)
|
355
|
+
class PolicyAuditFullSetInfo < Ndr::NdrStruct
|
356
|
+
default_parameters byte_align: 4
|
357
|
+
endian :little
|
358
|
+
|
359
|
+
ndr_uint8 :shutdown_on_full
|
360
|
+
end
|
361
|
+
|
362
|
+
class PolicyAuditFullSetInfoPtr < PolicyAuditFullSetInfo
|
363
|
+
extend Ndr::PointerClassPlugin
|
364
|
+
end
|
365
|
+
|
366
|
+
# [2.2.4.13 POLICY_AUDIT_FULL_QUERY_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/0ef0845f-f20e-4897-ad29-88c0c07be0f4)
|
367
|
+
class PolicyAuditFullQueryInfo < Ndr::NdrStruct
|
368
|
+
default_parameters byte_align: 4
|
369
|
+
endian :little
|
370
|
+
|
371
|
+
ndr_uint8 :shutdown_on_full
|
372
|
+
ndr_uint8 :log_is_full
|
373
|
+
end
|
374
|
+
|
375
|
+
class PolicyAuditFullQueryInfoPtr < PolicyAuditFullQueryInfo
|
376
|
+
extend Ndr::PointerClassPlugin
|
377
|
+
end
|
378
|
+
|
379
|
+
# [2.2.4.14 LSAPR_POLICY_DNS_DOMAIN_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/3e15a02e-25d3-46aa-9c60-8def03c824d2)
|
380
|
+
class LsaprPolicyDnsDomainInfo < Ndr::NdrStruct
|
381
|
+
default_parameters byte_align: 4
|
382
|
+
endian :little
|
383
|
+
|
384
|
+
rpc_unicode_string :name
|
385
|
+
rpc_unicode_string :dns_domain_name
|
386
|
+
rpc_unicode_string :dns_forest_name
|
387
|
+
uuid :domain_guid
|
388
|
+
prpc_sid :sid
|
389
|
+
end
|
390
|
+
|
391
|
+
class LsaprPolicyDnsDomainInfoPtr < LsaprPolicyDnsDomainInfo
|
392
|
+
extend Ndr::PointerClassPlugin
|
393
|
+
end
|
394
|
+
|
395
|
+
# [2.2.4.21 LSAPR_POLICY_MACHINE_ACCT_INFO](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/e05c1489-e8c9-4b6c-8b5e-f95d5dd7b1b2)
|
396
|
+
class LsaprPolicyMachineAcctInfo < Ndr::NdrStruct
|
397
|
+
default_parameters byte_align: 4
|
398
|
+
endian :little
|
399
|
+
|
400
|
+
ndr_uint32 :rid
|
401
|
+
prpc_sid :sid
|
402
|
+
end
|
403
|
+
|
404
|
+
class LsaprPolicyMachineAcctInfoPtr < LsaprPolicyMachineAcctInfo
|
405
|
+
extend Ndr::PointerClassPlugin
|
406
|
+
end
|
407
|
+
|
408
|
+
# [2.2.4.2 LSAPR_POLICY_INFORMATION](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/6e63a2c8-5ddb-411a-a253-9c55afc49834)
|
409
|
+
class LsaprPolicyInformation < Ndr::NdrStruct
|
410
|
+
default_parameters byte_align: 4
|
411
|
+
endian :little
|
412
|
+
|
413
|
+
ndr_uint32 :policy_information_class
|
414
|
+
choice :policy_information, selection: -> { policy_information_class }, byte_align: 4 do
|
415
|
+
lsapr_policy_audit_log_info_ptr POLICY_AUDIT_LOG_INFORMATION
|
416
|
+
lsapr_policy_audit_events_info_ptr POLICY_AUDIT_EVENTS_INFORMATION
|
417
|
+
lsapr_policy_primary_dom_info_ptr POLICY_PRIMARY_DOMAIN_INFORMATION
|
418
|
+
lsapr_policy_pd_account_info_ptr POLICY_PD_ACCOUNT_INFORMATION
|
419
|
+
lsapr_policy_account_dom_info_ptr POLICY_ACCOUNT_DOMAIN_INFORMATION
|
420
|
+
lsapr_policy_lsa_server_role_info_ptr POLICY_LSA_SERVER_ROLE_INFORMATION
|
421
|
+
lsapr_policy_replica_srce_info_ptr POLICY_REPLICA_SOURCE_INFORMATION
|
422
|
+
policy_modification_info_ptr POLICY_MODIFICATION_INFORMATION
|
423
|
+
policy_audit_full_set_info_ptr POLICY_AUDIT_FULL_SET_INFORMATION
|
424
|
+
policy_audit_full_query_info_ptr POLICY_AUDIT_FULL_QUERY_INFORMATION
|
425
|
+
|
426
|
+
#Note: The lines below have the same output for two different inputs.
|
427
|
+
lsapr_policy_dns_domain_info_ptr POLICY_DNS_DOMAIN_INFORMATION
|
428
|
+
lsapr_policy_dns_domain_info_ptr POLICY_DNS_DOMAIN_INFORMATION_INT
|
429
|
+
|
430
|
+
lsapr_policy_account_dom_info_ptr POLICY_LOCAL_ACCOUNT_DOMAIN_INFORMATION
|
431
|
+
lsapr_policy_machine_acct_info_ptr POLICY_MACHINE_ACCOUNT_INFORMATION
|
432
|
+
end
|
433
|
+
end
|
434
|
+
|
435
|
+
class LsaprPolicyInformationPtr < LsaprPolicyInformation
|
436
|
+
extend Ndr::PointerClassPlugin
|
437
|
+
end
|
438
|
+
|
439
|
+
# [2.2.17 LSAPR_SID_INFORMATION](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/f04a771b-c018-4098-81b5-2a819f9b5db8)
|
440
|
+
class LsaprSidInformation < Ndr::NdrStruct
|
441
|
+
default_parameters byte_align: 4
|
442
|
+
endian :little
|
443
|
+
|
444
|
+
prpc_sid :sid
|
445
|
+
end
|
446
|
+
|
447
|
+
class LsaprSidInformationPtr < LsaprSidInformation
|
448
|
+
extend Ndr::PointerClassPlugin
|
449
|
+
end
|
450
|
+
|
451
|
+
class LsaprSidInformationArrayPtr < Ndr::NdrConfArray
|
452
|
+
default_parameters type: :lsapr_sid_information
|
453
|
+
extend Ndr::PointerClassPlugin
|
454
|
+
end
|
455
|
+
|
456
|
+
# [2.2.18 LSAPR_SID_ENUM_BUFFER](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/1ffb61f0-a4fe-4487-858d-fb709d605855)
|
457
|
+
class LsaprSidEnumBuffer < Ndr::NdrStruct
|
458
|
+
default_parameters byte_align: 4
|
459
|
+
endian :little
|
460
|
+
|
461
|
+
ndr_uint32 :num_entries
|
462
|
+
lsapr_sid_information_array_ptr :sid_info
|
463
|
+
end
|
464
|
+
|
465
|
+
class LsaprSidEnumBufferPtr < LsaprSidEnumBuffer
|
466
|
+
extend Ndr::PointerClassPlugin
|
467
|
+
end
|
468
|
+
|
469
|
+
# [2.2.11 LSAPR_TRUST_INFORMATION](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/b0f34b28-b5da-44aa-a607-99c09e6526e1)
|
470
|
+
class LsaprTrustInformation < Ndr::NdrStruct
|
471
|
+
default_parameters byte_align: 4
|
472
|
+
endian :little
|
473
|
+
|
474
|
+
rpc_unicode_string :name
|
475
|
+
prpc_sid :sid
|
476
|
+
end
|
477
|
+
|
478
|
+
class LsaprTrustInformationArrayPtr < Ndr::NdrConfArray
|
479
|
+
default_parameters type: :lsapr_trust_information
|
480
|
+
extend Ndr::PointerClassPlugin
|
481
|
+
end
|
482
|
+
|
483
|
+
# [2.2.12 LSAPR_REFERENCED_DOMAIN_LIST](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/3a52af31-247a-4b08-91a0-1d46b2cc49b2)
|
484
|
+
class LsaprReferencedDomainList < Ndr::NdrStruct
|
485
|
+
default_parameters byte_align: 4
|
486
|
+
endian :little
|
487
|
+
|
488
|
+
ndr_uint32 :num_entries
|
489
|
+
lsapr_trust_information_array_ptr :domains
|
490
|
+
ndr_uint32 :max_entries
|
491
|
+
end
|
492
|
+
|
493
|
+
class LsaprReferencedDomainListPtr < LsaprReferencedDomainList
|
494
|
+
extend Ndr::PointerClassPlugin
|
495
|
+
end
|
496
|
+
|
497
|
+
# [2.2.19 LSAPR_TRANSLATED_NAME](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/52e1ccc1-b57b-4c02-b35f-bd64913ce99b)
|
498
|
+
class LsaprTranslatedName < Ndr::NdrStruct
|
499
|
+
default_parameters byte_align: 4
|
500
|
+
endian :little
|
501
|
+
|
502
|
+
ndr_uint32 :use
|
503
|
+
rpc_unicode_string :name
|
504
|
+
ndr_uint32 :domain_index
|
505
|
+
end
|
506
|
+
|
507
|
+
class LsaprTranslatedNameArray < Ndr::NdrConfArray
|
508
|
+
default_parameters type: :lsapr_translated_name
|
509
|
+
extend Ndr::PointerClassPlugin
|
510
|
+
end
|
511
|
+
|
512
|
+
class LsaprTranslatedNameArrayPtr < LsaprTranslatedNameArray
|
513
|
+
extend Ndr::PointerClassPlugin
|
514
|
+
end
|
515
|
+
|
516
|
+
# [2.2.20 LSAPR_TRANSLATED_NAMES](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/ff977eb9-563a-4353-a95f-640e7ee16356)
|
517
|
+
class LsaprTranslatedNames < Ndr::NdrStruct
|
518
|
+
default_parameters byte_align: 4
|
519
|
+
endian :little
|
520
|
+
|
521
|
+
ndr_uint32 :num_entries
|
522
|
+
lsapr_translated_name_array_ptr :names
|
523
|
+
end
|
524
|
+
|
525
|
+
class LsaprTranslatedNamesPtr < LsaprTranslatedNames
|
526
|
+
extend Ndr::PointerClassPlugin
|
527
|
+
end
|
528
|
+
|
529
|
+
require 'ruby_smb/dcerpc/lsarpc/lsar_open_policy_request'
|
530
|
+
require 'ruby_smb/dcerpc/lsarpc/lsar_open_policy_response'
|
531
|
+
require 'ruby_smb/dcerpc/lsarpc/lsar_open_policy2_request'
|
532
|
+
require 'ruby_smb/dcerpc/lsarpc/lsar_open_policy2_response'
|
533
|
+
require 'ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_request'
|
534
|
+
require 'ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_response'
|
535
|
+
require 'ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_request'
|
536
|
+
require 'ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_response'
|
537
|
+
require 'ruby_smb/dcerpc/lsarpc/lsar_close_handle_request'
|
538
|
+
require 'ruby_smb/dcerpc/lsarpc/lsar_close_handle_response'
|
539
|
+
require 'ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_request'
|
540
|
+
require 'ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_response'
|
541
|
+
|
542
|
+
def lsar_open_policy2(system_name:, object_attributes:, access_mask:)
|
543
|
+
lsar_request = LsarOpenPolicy2Request.new(
|
544
|
+
system_name: system_name,
|
545
|
+
object_attributes: object_attributes,
|
546
|
+
access_mask: access_mask
|
547
|
+
)
|
548
|
+
response = dcerpc_request(lsar_request)
|
549
|
+
begin
|
550
|
+
lsar_response = LsarOpenPolicy2Response.read(response)
|
551
|
+
rescue IOError
|
552
|
+
raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading LsarOpenPolicy2Response'
|
553
|
+
end
|
554
|
+
unless lsar_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
|
555
|
+
raise RubySMB::Dcerpc::Error::LsarpcError,
|
556
|
+
"Error returned while opening policy: "\
|
557
|
+
"#{WindowsError::NTStatus.find_by_retval(lsar_response.error_status.value).join(',')}"
|
558
|
+
end
|
559
|
+
lsar_response.policy_handle
|
560
|
+
end
|
561
|
+
|
562
|
+
def lsar_query_information_policy(policy_handle:, information_class:)
|
563
|
+
lsar_request = LsarQueryInformationPolicyRequest.new(
|
564
|
+
policy_handle: policy_handle,
|
565
|
+
information_class: information_class
|
566
|
+
)
|
567
|
+
response = dcerpc_request(lsar_request)
|
568
|
+
begin
|
569
|
+
lsar_response = LsarQueryInformationPolicyResponse.read(response)
|
570
|
+
rescue IOError
|
571
|
+
raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading LsarQueryInformationPolicyResponse'
|
572
|
+
end
|
573
|
+
unless lsar_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
|
574
|
+
raise RubySMB::Dcerpc::Error::LsarpcError,
|
575
|
+
"Error returned while querying domain information: "\
|
576
|
+
"#{WindowsError::NTStatus.find_by_retval(lsar_response.error_status.value).join(',')}"
|
577
|
+
end
|
578
|
+
lsar_response.policy_information
|
579
|
+
end
|
580
|
+
|
581
|
+
def lsar_query_information_policy2(policy_handle:, information_class:)
|
582
|
+
lsar_request = LsarQueryInformationPolicy2Request.new(
|
583
|
+
policy_handle: policy_handle,
|
584
|
+
information_class: information_class
|
585
|
+
)
|
586
|
+
response = dcerpc_request(lsar_request)
|
587
|
+
begin
|
588
|
+
lsar_response = LsarQueryInformationPolicy2Response.read(response)
|
589
|
+
rescue IOError
|
590
|
+
raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading LsarQueryInformationPolicy2Response'
|
591
|
+
end
|
592
|
+
unless lsar_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
|
593
|
+
raise RubySMB::Dcerpc::Error::LsarpcError,
|
594
|
+
"Error returned while querying domain information: "\
|
595
|
+
"#{WindowsError::NTStatus.find_by_retval(lsar_response.error_status.value).join(',')}"
|
596
|
+
end
|
597
|
+
lsar_response.policy_information
|
598
|
+
end
|
599
|
+
|
600
|
+
def lsar_close_handle(policy_handle:)
|
601
|
+
lsar_request = LsarCloseHandleRequest.new(
|
602
|
+
policy_handle: policy_handle
|
603
|
+
)
|
604
|
+
response = dcerpc_request(lsar_request)
|
605
|
+
begin
|
606
|
+
lsar_response = LsarCloseHandleResponse.read(response)
|
607
|
+
rescue IOError
|
608
|
+
raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading LsarCloseHandleResponse'
|
609
|
+
end
|
610
|
+
unless lsar_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
|
611
|
+
raise RubySMB::Dcerpc::Error::LsarpcError,
|
612
|
+
"Error returned while closing policy handle: "\
|
613
|
+
"#{WindowsError::NTStatus.find_by_retval(lsar_response.error_status.value).join(',')}"
|
614
|
+
end
|
615
|
+
lsar_response.policy_handle
|
616
|
+
end
|
617
|
+
|
618
|
+
def lsar_lookup_sids(policy_handle:, sids:, lookup_level:)
|
619
|
+
sid_enum_buffer = { num_entries: sids.count, sid_info: sids.map { |sid| { sid: sid } } }
|
620
|
+
lsar_request = LsarLookupSidsRequest.new(
|
621
|
+
policy_handle: policy_handle,
|
622
|
+
sid_enum_buffer: sid_enum_buffer,
|
623
|
+
lookup_level: lookup_level
|
624
|
+
)
|
625
|
+
response = dcerpc_request(lsar_request)
|
626
|
+
begin
|
627
|
+
lsar_response = LsarLookupSidsResponse.read(response)
|
628
|
+
rescue IOError
|
629
|
+
raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading LsarLookupSidsResponse'
|
630
|
+
end
|
631
|
+
unless lsar_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
|
632
|
+
raise RubySMB::Dcerpc::Error::LsarpcError,
|
633
|
+
"Error returned while looking up SID: "\
|
634
|
+
"#{WindowsError::NTStatus.find_by_retval(lsar_response.error_status.value).join(',')}"
|
635
|
+
end
|
636
|
+
lsar_response.translated_names[:names].map do |translated_name|
|
637
|
+
{ name: translated_name[:name][:buffer], type: translated_name[:use] }
|
638
|
+
end
|
639
|
+
end
|
640
|
+
|
9
641
|
end
|
10
642
|
end
|
11
643
|
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
require 'ruby_smb/dcerpc/ndr'
|
2
|
+
|
3
|
+
module RubySMB
|
4
|
+
module Dcerpc
|
5
|
+
module Netlogon
|
6
|
+
|
7
|
+
# [2.2.1.2.1 DOMAIN_CONTROLLER_INFOW](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/9b85a7a4-8d34-4b9e-9500-bf8644ebfc06)
|
8
|
+
class DomainControllerInfoW < Ndr::NdrStruct
|
9
|
+
default_parameters byte_align: 4
|
10
|
+
endian :little
|
11
|
+
|
12
|
+
ndr_wide_stringz_ptr :domain_controller_name
|
13
|
+
ndr_wide_stringz_ptr :domain_controller_address
|
14
|
+
ndr_uint32 :domain_controller_address_type
|
15
|
+
uuid :domain_guid
|
16
|
+
ndr_wide_stringz_ptr :domain_name
|
17
|
+
ndr_wide_stringz_ptr :dns_forest_name
|
18
|
+
ndr_uint32 :flags
|
19
|
+
ndr_wide_stringz_ptr :dc_site_name
|
20
|
+
ndr_wide_stringz_ptr :client_site_name
|
21
|
+
end
|
22
|
+
|
23
|
+
class DomainControllerInfoWPtr < DomainControllerInfoW
|
24
|
+
extend Ndr::PointerClassPlugin
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|