smbRpc 0.0.3

data/lib/smbRpc/samr/openAlias.rb

@@ -0,0 +1,39 @@
+module SmbRpc
+  class Samr < Rpc
+
+    class SamrOpenAliasReq < BinData::Record
+      endian :little
+      request :request
+      string :domainHandle, :length => 20
+      uint32 :desiredAccess
+      uint32 :aliasId
+
+      def initialize_instance
+        super
+        domainHandle.value = get_parameter(:handle)
+        desiredAccess.value = get_parameter(:access)
+        aliasId.value = get_parameter(:aid)
+        request.pduHead.frag_length = self.num_bytes
+        request.opnum.value = 27        #SamrOpenAlias
+      end
+    end
+
+    class SamrOpenAliasRes < BinData::Record
+      endian :little
+      request :request
+      string :aliasHandle, :length => 20
+      uint32 :windowsError
+    end
+
+    def openAlias(aliasId:, desiredAccess:SAMR_COMMON_ACCESS_MASK["MAXIMUM_ALLOWED"])
+      samrOpenAliasReq = SamrOpenAliasReq.new(aid:aliasId, access:desiredAccess, handle:@domainHandle)
+      samrOpenAliasRes = @file.ioctl_send_recv(samrOpenAliasReq).buffer
+      samrOpenAliasRes.raise_not_error_success("openAlias")
+      samrOpenAliasRes = SamrOpenAliasRes.read(samrOpenAliasRes)
+      @aliasHandle = samrOpenAliasRes.aliasHandle
+      return self
+    end
+
+end
+end
+

data/lib/smbRpc/samr/openDomain.rb

@@ -0,0 +1,48 @@
+module SmbRpc
+  class Samr < Rpc
+
+    class SamrOpenDomainReq < BinData::Record
+      endian :little
+      request :request
+      string :serverHandle, :length => 20
+      uint32 :desiredAccess
+      sid_element :domainId		#declared in lsarpc/lsaEnumerateAccounts.rb
+
+      def initialize_instance
+        super
+        serverHandle.value = get_parameter(:handle)
+        desiredAccess.value = get_parameter(:access)
+        sid = get_parameter(:sid)
+        sidArray = sid.split("-")
+        subAuthorityCount = sidArray.size - 3
+        domainId.sub_auth.value = subAuthorityCount
+        domainId.sid.revision.value = sidArray[1].to_i
+        domainId.sid.subAuthorityCount.value = subAuthorityCount
+        domainId.sid.identifierAuthority.value = [sidArray[2].to_i].pack("N").rjust(6, "\x00")
+        subAuthorityCount.times do |i|
+          domainId.sid.subAuthority[i] = sidArray[i + 3].to_i
+        end
+        request.pduHead.frag_length = self.num_bytes
+        request.opnum.value = 7        #SamrOpenDomain
+      end
+    end
+
+    class SamrOpenDomainRes < BinData::Record
+      endian :little
+      request :request
+      string :domainHandle, :length => 20
+      uint32 :windowsError
+    end
+
+    def openDomain(domainSid:, desiredAccess:SAMR_COMMON_ACCESS_MASK["MAXIMUM_ALLOWED"])
+      samrOpenDomainReq = SamrOpenDomainReq.new(sid:domainSid, access:desiredAccess, handle:@serverHandle)
+      samrOpenDomainRes = @file.ioctl_send_recv(samrOpenDomainReq).buffer
+      samrOpenDomainRes.raise_not_error_success("openDomain")
+      samrOpenDomainRes = SamrOpenDomainRes.read(samrOpenDomainRes)
+      @domainHandle = samrOpenDomainRes.domainHandle
+      return self
+    end
+
+end
+end
+

data/lib/smbRpc/samr/openGroup.rb

@@ -0,0 +1,39 @@
+module SmbRpc
+  class Samr < Rpc
+
+    class SamrOpenGroupReq < BinData::Record
+      endian :little
+      request :request
+      string :domainHandle, :length => 20
+      uint32 :desiredAccess
+      uint32 :groupId
+
+      def initialize_instance
+        super
+        domainHandle.value = get_parameter(:handle)
+        desiredAccess.value = get_parameter(:access)
+        groupId.value = get_parameter(:gid)
+        request.pduHead.frag_length = self.num_bytes
+        request.opnum.value = 19        #SamrOpenGroup
+      end
+    end
+
+    class SamrOpenGroupRes < BinData::Record
+      endian :little
+      request :request
+      string :groupHandle, :length => 20
+      uint32 :windowsError
+    end
+
+    def openGroup(groupId:, desiredAccess:SAMR_COMMON_ACCESS_MASK["MAXIMUM_ALLOWED"])
+      samrOpenGroupReq = SamrOpenGroupReq.new(gid:groupId, access:desiredAccess, handle:@domainHandle)
+      samrOpenGroupRes = @file.ioctl_send_recv(samrOpenGroupReq).buffer
+      samrOpenGroupRes.raise_not_error_success("openGroup")
+      samrOpenGroupRes = SamrOpenGroupRes.read(samrOpenGroupRes)
+      @groupHandle = samrOpenGroupRes.groupHandle
+      return self
+    end
+
+end
+end
+

data/lib/smbRpc/samr/openUser.rb

@@ -0,0 +1,39 @@
+module SmbRpc
+  class Samr < Rpc
+
+    class SamrOpenUserReq < BinData::Record
+      endian :little
+      request :request
+      string :domainHandle, :length => 20
+      uint32 :desiredAccess
+      uint32 :userId
+
+      def initialize_instance
+        super
+        domainHandle.value = get_parameter(:handle)
+        desiredAccess.value = get_parameter(:access)
+        userId.value = get_parameter(:uid)
+        request.pduHead.frag_length = self.num_bytes
+        request.opnum.value = 34        #SamrOpenUser
+      end
+    end
+
+    class SamrOpenUserRes < BinData::Record
+      endian :little
+      request :request
+      string :userHandle, :length => 20
+      uint32 :windowsError
+    end
+
+    def openUser(userId:, desiredAccess:SAMR_COMMON_ACCESS_MASK["MAXIMUM_ALLOWED"])
+      samrOpenUserReq = SamrOpenUserReq.new(uid:userId, access:desiredAccess, handle:@domainHandle)
+      samrOpenUserRes = @file.ioctl_send_recv(samrOpenUserReq).buffer
+      samrOpenUserRes.raise_not_error_success("openUser")
+      samrOpenUserRes = SamrOpenUserRes.read(samrOpenUserRes)
+      @userHandle = samrOpenUserRes.userHandle
+      return self
+    end
+
+end
+end
+

data/lib/smbRpc/samr/queryInformationUser.rb

@@ -0,0 +1,182 @@
+module SmbRpc
+  class Samr < Rpc
+
+    class SamrQueryInformationUser2Req < BinData::Record
+      endian :little
+      request :request
+      string :userHandle, :length => 20
+      uint16 :userInformationClass, :value => 21	#18, 23, 24, 25, 26 will return STATUS_INVALID_INFO_CLASS
+							#21 works but not returning passwords related fileds.  Others are just sub set of 21
+      def initialize_instance
+        super
+        userHandle.value = get_parameter(:handle)
+        request.pduHead.frag_length = self.num_bytes
+        request.opnum.value = 47        		#SamrQueryInformationUser2
+      end
+    end
+
+    #MS-SAMR 2.2.7.5 SAMPR_LOGON_HOURS
+    class Sampr_logon_hours < BinData::Record
+      endian :little
+      uint32 :unitsPerWeek
+      uint32 :ref_id_logonHours
+    end
+
+    #MS-SAMR 2.2.7.6 SAMPR_USER_ALL_INFORMATION
+    class Sampr_user_all_information < BinData::Record
+      endian :little
+
+      uint64 :lastLogon
+      uint64 :lastLogoff
+      uint64 :passwordLastSet
+      uint64 :accountExpires
+      uint64 :passwordCanChange
+      uint64 :passwordMustChange 
+
+      rpc_unicode_string :userName
+      rpc_unicode_string :fullName
+      rpc_unicode_string :homeDirectory
+      rpc_unicode_string :homeDirectoryDrive
+      rpc_unicode_string :scriptPath
+      rpc_unicode_string :profilePath
+      rpc_unicode_string :adminComment
+      rpc_unicode_string :workStations
+      rpc_unicode_string :userComment
+      rpc_unicode_string :parameters
+      rpc_unicode_string :lmOwfPassword
+      rpc_unicode_string :ntOwfPassword
+      rpc_unicode_string :privateData
+
+      uint32 :numberOfsecurityDescriptor	#not used
+      uint32 :securityDescriptor		#not used
+
+      uint32 :userId
+      uint32 :primaryGroupId
+      uint32 :userAccountControl
+
+#      uint32 :whichFields			#control which which filed to ignire (aka Ndr field) see MS-SAMR 2.2.1.8 USER_ALL Values
+      struct :whichFields do
+        endian :little
+
+        #reverse bit order in each byte to maintain little endian
+         bit1 :homeDirectoryDrive
+         bit1 :homeDirectory
+         bit1 :userComment
+         bit1 :adminComment
+
+         bit1 :primaryGroupid
+         bit1 :userId
+         bit1 :fullName
+         bit1 :userName
+         #
+         bit1 :logonCount
+         bit1 :badPasswordCount
+         bit1 :logonHours
+         bit1 :lastLogoff
+         
+         bit1 :lastLogon
+         bit1 :workStations
+         bit1 :profilePath
+         bit1 :scriptPath
+         #
+         bit1 :codePage
+         bit1 :countryCode
+         bit1 :parameters
+         bit1 :userAccountControl
+
+         bit1 :accountExpires
+         bit1 :passwordLastSet
+         bit1 :passwordMustChange
+         bit1 :passwordCanChange
+         #
+         bit3 :undefined
+         bit1 :securityDescriptor
+         bit1 :passwordExpired
+         bit1 :privateData
+         bit1 :lmPasswordPresent		#not set -> ignore lmPasswordPresent filed
+         bit1 :ntPasswordPresent		#not set -> ignore ntPasswordPresent filed
+      end
+
+      sampr_logon_hours :logonHours
+      uint16 :badPasswordCount
+      uint16 :logonCount
+      uint16 :countryCode
+      uint16 :codePage
+
+      uint8 :lmPasswordPresent			#0 if ignore lmOwfPassword
+      uint8 :ntPasswordPresent			#0 if ignore ntOwfPassword
+      uint8 :passwordExpired
+      uint8 :privateDataSensitive		#not used
+#Ndr
+      conformantandVaryingStrings :userNameNdr, :onlyif => lambda { userName.ref_id_buffer > 0 }	#if ref pointer is not null, then Ndr should be present
+      conformantandVaryingStrings :fullNameNdr, :onlyif => lambda { fullName.ref_id_buffer > 0 }	#just because the filed is ignored according to whichFileds, 
+													#doesn't mean Ndr doesnt exist
+      conformantandVaryingStrings :homeDirectoryNdr, :onlyif => lambda { homeDirectory.ref_id_buffer > 0 }
+      conformantandVaryingStrings :homeDirectoryDriveNdr, :onlyif => lambda { homeDirectoryDrive.ref_id_buffer > 0 }
+      conformantandVaryingStrings :scriptPathNdr, :onlyif => lambda { scriptPath.ref_id_buffer > 0 }
+      conformantandVaryingStrings :profilePathNdr, :onlyif => lambda { profilePath.ref_id_buffer > 0 }
+      conformantandVaryingStrings :adminCommentNdr, :onlyif => lambda { adminComment.ref_id_buffer > 0 }
+      conformantandVaryingStrings :workStationsNdr, :onlyif => lambda { workStations.ref_id_buffer > 0 }
+      conformantandVaryingStrings :userCommentNdr, :onlyif => lambda { userComment.ref_id_buffer > 0 }
+      conformantandVaryingStrings :parametersNdr, :onlyif => lambda { parameters.ref_id_buffer > 0 }
+      conformantandVaryingStrings :lmOwfPasswordNdr, :onlyif => lambda { lmOwfPassword.ref_id_buffer > 0 }
+      conformantandVaryingStrings :ntOwfPasswordNdr, :onlyif => lambda { ntOwfPassword.ref_id_buffer > 0 } 
+      conformantandVaryingStrings :privateDataNdr, :onlyif => lambda { privateData.ref_id_buffer > 0 }
+      conformantandVaryingStringsAscii :logonHoursNdr, :onlyif => lambda { logonHours.ref_id_logonHours > 0 }
+    end
+
+    class SamrQueryInformationUser2Res < BinData::Record
+      endian :little
+      request :request
+      uint32 :ref_id_buffer
+      uint32 :switch
+      sampr_user_all_information :buffer
+      uint32 :windowsError
+    end
+
+    def queryInformationUser
+      samrQueryInformationUser2Req = SamrQueryInformationUser2Req.new(handle:@userHandle)
+      samrQueryInformationUser2Res = @file.ioctl_send_recv(samrQueryInformationUser2Req).buffer
+      samrQueryInformationUser2Res.raise_not_error_success("QueryInformationUser")
+      samrQueryInformationUser2Res = SamrQueryInformationUser2Res.read(samrQueryInformationUser2Res)
+      buffer = samrQueryInformationUser2Res.buffer
+      h = {
+        :rid => buffer.userId,
+        :gid => buffer.primaryGroupId,
+        :lastLogon => buffer.lastLogon,
+        :lastLogoff => buffer.lastLogoff,
+        :unitsPerWeek => buffer.logonHours.unitsPerWeek,
+        :badPasswordCount => buffer.badPasswordCount,
+        :logonCount => buffer.logonCount,
+        :passwordLastSet => buffer.passwordLastSet,
+        :passwordCanChange => buffer.passwordCanChange,
+        :passwordMustChange => buffer.passwordMustChange,
+        :accountExpires => buffer.accountExpires,
+        :userAccountControl => buffer.userAccountControl,
+        :whichFields => buffer.whichFields,
+        :countryCode => buffer.countryCode,
+        :codePage => buffer.codePage,
+        :lmPasswordPresent => buffer.lmPasswordPresent,
+        :ntPasswordPresent => buffer.ntPasswordPresent,
+        :passwordExpired => buffer.passwordExpired
+      }
+      h[:userName] = buffer.userNameNdr.str.unpack("v*").pack("c*") if buffer.userName.ref_id_buffer > 0
+      h[:fullName] = buffer.fullNameNdr.str.unpack("v*").pack("c*") if buffer.fullName.ref_id_buffer > 0
+      h[:homeDirectory] = buffer.homeDirectoryNdr.str.unpack("v*").pack("c*") if buffer.homeDirectory.ref_id_buffer > 0
+      h[:homeDirectoryDrive] = buffer.homeDirectoryDriveNdr.str.unpack("v*").pack("c*") if buffer.homeDirectoryDrive.ref_id_buffer > 0
+      h[:scriptPath] = buffer.scriptPathNdr.str.unpack("v*").pack("c*") if buffer.scriptPath.ref_id_buffer > 0
+      h[:profilePath] = buffer.profilePathNdr.str.unpack("v*").pack("c*") if buffer.profilePath.ref_id_buffer > 0
+      h[:adminComment] = buffer.adminCommentNdr.str.unpack("v*").pack("c*") if buffer.adminComment.ref_id_buffer > 0
+      h[:userComment] = buffer.userCommentNdr.str.unpack("v*").pack("c*") if buffer.userComment.ref_id_buffer > 0 
+      h[:workStations] = buffer.workStationsNdr.str.unpack("v*").pack("c*") if buffer.workStations.ref_id_buffer > 0
+      h[:parameters] = buffer.parametersNdr.str.unpack("v*").pack("c*") if buffer.parameters.ref_id_buffer > 0
+      h[:logonHours] = buffer.logonHoursNdr.str if buffer.logonHours.ref_id_logonHours > 0
+      h[:privateData] = buffer.privateDataNdr.str if buffer.privateData.ref_id_buffer > 0
+      h[:lmOwfPassword] = buffer.lmOwfPasswordNdr.str if buffer.lmOwfPassword.ref_id_buffer > 0 
+      h[:ntOwfPassword] = buffer.ntOwfPasswordNdr.str if buffer.ntOwfPassword.ref_id_buffer > 0
+      return h
+    end
+
+end
+end
+

data/lib/smbRpc/samr/removeMemberFromAlias.rb

@@ -0,0 +1,43 @@
+module SmbRpc
+  class Samr < Rpc
+
+    class SamrRemoveMemberFromAliasReq < BinData::Record
+      endian :little
+      request :request
+      string :aliasHandle, :length => 20
+      sid_element :memberId
+
+      def initialize_instance
+        super
+        aliasHandle.value = get_parameter(:handle)
+        sid = get_parameter(:sid)
+        sidArray = sid.split("-")
+        subAuthorityCount = sidArray.size - 3
+        memberId.sub_auth.value = subAuthorityCount
+        memberId.sid.revision.value = sidArray[1].to_i
+        memberId.sid.subAuthorityCount.value = subAuthorityCount
+        memberId.sid.identifierAuthority.value = [sidArray[2].to_i].pack("N").rjust(6, "\x00")
+        subAuthorityCount.times do |i|
+          memberId.sid.subAuthority[i] = sidArray[i + 3].to_i
+        end
+        request.pduHead.frag_length = self.num_bytes
+        request.opnum.value = 32        #SamrRemoveMemberFromAlias
+      end
+    end
+
+    class SamrRemoveMemberFromAliasRes < BinData::Record
+      endian :little
+      response :response
+      uint32 :windowsError
+    end
+
+    def removeMemberFromAlias(memberId:)
+      samrRemoveMemberFromAliasReq = SamrRemoveMemberFromAliasReq.new(handle:@aliasHandle, sid:memberId)
+      samrRemoveMemberFromAliasRes = @file.ioctl_send_recv(samrRemoveMemberFromAliasReq).buffer
+      samrRemoveMemberFromAliasRes.raise_not_error_success("removeMemberFromAlias")
+      return self
+    end
+
+end
+end
+

data/lib/smbRpc/samr/removeMemberFromGroup.rb

@@ -0,0 +1,34 @@
+module SmbRpc
+  class Samr < Rpc
+
+    class SamrRemoveMemberFromGroupReq < BinData::Record
+      endian :little
+      request :request
+      string :groupHandle, :length => 20
+      uint32 :memberId			#what happen to consistency MS?(removeMemberFromAlias)
+
+      def initialize_instance
+        super
+        groupHandle.value = get_parameter(:handle)
+        memberId.value = get_parameter(:rid)
+        request.pduHead.frag_length = self.num_bytes
+        request.opnum.value = 24        #SamrRemoveMemberFromGroup
+      end
+    end
+
+    class SamrRemoveMemberFromGroupRes < BinData::Record
+      endian :little
+      response :response
+      uint32 :windowsError
+    end
+
+    def removeMemberFromGroup(memberId:)
+      samrRemoveMemberFromGroupReq = SamrRemoveMemberFromGroupReq.new(handle:@groupHandle, rid:memberId)
+      samrRemoveMemberFromGroupRes = @file.ioctl_send_recv(samrRemoveMemberFromGroupReq).buffer
+      samrRemoveMemberFromGroupRes.raise_not_error_success("removeMemberFromGroup")
+      return self
+    end
+
+end
+end
+

data/lib/smbRpc/samr/setInformationUser.rb

@@ -0,0 +1,53 @@
+
+module SmbRpc
+  class Samr < Rpc
+
+    class SamrSetInformationUser2Req < BinData::Record
+      endian :little
+      request :request
+      string :userHandle, :length => 20
+      uint16 :userInformationClass, :value => 21	#UserAllInformation
+      uint16 :switch, :value => :userInformationClass	#declared in samr/queryInformationUser.rb
+      sampr_user_all_information :buffer
+
+      def initialize_instance
+        super
+        userHandle.value = get_parameter(:handle)
+        session_key = get_parameter(:session_key)
+        password = get_parameter(:pass)
+
+        if password.bytesize > 0
+          buffer.ntOwfPassword.len = 16
+          buffer.ntOwfPassword.maximumLength = 16
+          buffer.ntPasswordPresent.value = 1
+          buffer.whichFields.ntPasswordPresent.value = 1
+          buffer.lmOwfPassword.len = 16
+          buffer.lmOwfPassword.maximumLength = 16
+          buffer.lmPasswordPresent.value = 1
+          buffer.whichFields.lmPasswordPresent.value = 1
+          buffer.ntOwfPasswordNdr.str = [Smbhash.ntlm_hash(password)].pack("H*").to_des_ecb_lm(session_key)
+          buffer.lmOwfPasswordNdr.str = [Smbhash.lm_hash(password)].pack("H*").to_des_ecb_lm(session_key)
+        end
+
+        buffer.userAccountControl.value = get_parameter(:accControl)
+        buffer.whichFields.userAccountControl.value = 1 if buffer.userAccountControl.value > 0
+        request.pduHead.frag_length = self.num_bytes
+        request.opnum.value = 58        		#SamrSetInformationUser2
+      end
+    end
+
+    class SamrSetInformationUser2Res < BinData::Record
+      endian :little
+      request :request
+      uint32 :windowsError
+    end
+
+    def setInformationUser(password:"", userAccountControl:0)
+      samrSetInformationUser2Req = SamrSetInformationUser2Req.new(handle:@userHandle, session_key:self.smb.session_key, pass:password, accControl:userAccountControl)
+      samrSetInformationUser2Res = @file.ioctl_send_recv(samrSetInformationUser2Req).buffer
+      samrSetInformationUser2Res.raise_not_error_success("setInformationUser")
+      return self
+    end
+
+end
+end