smbRpc 0.0.3

data/lib/smbRpc/srvsvc.rb

@@ -0,0 +1,12 @@
+require"smbRpc/srvsvc/netShareEnum"
+require"smbRpc/srvsvc/serverGetInfo"
+
+module SmbRpc
+  class Srvsvc < Rpc
+    def initialize(**argv)
+      super(argv)
+      self.connect
+      self.bind(pipe:"srvsvc")
+    end
+end
+end

data/lib/smbRpc/srvsvc/netShareEnum.rb

@@ -0,0 +1,104 @@
+module SmbRpc
+  class Srvsvc < Rpc
+
+    class Share_info_0 < BinData::Record
+      endian :little
+      uint32 :ref_id_shi0_netname, :initial_value => 1
+      uint32 :max_count
+      array :ref_id_array, :type => :uint32, :initial_length => :max_count
+      array :conformantandVaryingStringsArray, :type => :conformantandVaryingStrings, :initial_length => :max_count
+    end
+
+    class Share_info_0_container < BinData::Record
+      endian :little
+      uint32 :entriesRead
+      choice :share_info_entries, :selection => :entriesRead do
+        uint32 0
+        share_info_0 :default
+      end
+    end
+
+    class NetnameRemark < BinData::Record
+      endian :little
+      conformantandVaryingStrings :netname
+      conformantandVaryingStrings :remark
+    end
+
+    class Share_info_1 < BinData::Record
+      endian :little
+      uint32 :ref_id_shi1_netname, :initial_value => 1
+      uint32 :max_count
+      array :ref_id_netname, :type => :uint32, :initial_length => :max_count
+      array :shi1_type, :type => :uint32, :initial_length => :max_count
+      array :ref_id_remark, :type => :uint32, :initial_length => :max_count
+      array :netname_remark, :type => :netnameRemark, :initial_length => :max_count
+    end
+
+    class Share_info_1_container < BinData::Record
+      endian :little
+      uint32 :entriesRead, :initial_value => 0
+      choice :share_info_entries, :selection => :entriesRead do
+        uint32 0
+        share_info_1 :default
+      end
+    end
+
+    class Share_enum_struct < BinData::Record
+      endian :little
+      uint32 :level
+      uint32 :share_enum_union_tag, :initial_value => :level
+      uint32 :ref_id_share_info_container, :initial_value => 1
+      choice :share_info_container, :selection => :level do
+        share_info_0_container 0
+        share_info_1_container 1
+      end
+    end
+
+    class NetShareEnumReq < BinData::Record
+      endian :little
+      request :request
+      uint32 :ref_id_unc, :value => 1
+      conformantandVaryingStrings :serverName
+      share_enum_struct :share_enum_struct
+      uint32 :max_buffer, :initial_value => 0xffffffff
+      uint32 :ref_id_resume, :initial_value => 1    #unique pointer(can have null)
+      uint32 :resume_handle, :initial_value => 0
+
+      def initialize_instance
+        super
+        serverName.str = "\\\\#{get_parameter(:srvName)}\x00".bytes.pack("v*")
+        request.pduHead.frag_length = self.num_bytes
+        request.opnum.value = 15
+        share_enum_struct.level = get_parameter(:shareLevel)
+      end
+    end
+
+    class NetShareEnumRes < BinData::Record
+      endian :little
+      response :response
+      share_enum_struct :share_enum_struct
+      uint32 :totalEntries
+      uint32 :ref_id_resume
+      uint32 :resume_handle
+      uint32 :windowsError
+    end
+
+    def netShareEnum(serverName:@ip)
+      shareEnumReq = NetShareEnumReq.new(:srvName=> serverName, shareLevel:1)
+      shareEnumRes = @file.ioctl_send_recv(shareEnumReq).buffer
+      shares = NetShareEnumRes.read(shareEnumRes)
+      out = []
+      numShare = shares.share_enum_struct.share_info_container.entriesRead
+      shi1_container = shares.share_enum_struct.share_info_container
+      numShare.times do |i|
+        type =  shi1_container.share_info_entries.shi1_type[i]
+        shareName = shi1_container.share_info_entries.netname_remark[i].netname.str.unpack("v*").pack("c*").chop
+        remark = shi1_container.share_info_entries.netname_remark[i].remark.str.unpack("v*").pack("c*").chop
+        out << {shareName:shareName, remark:remark, type:type}
+      end
+      return out
+    end
+
+end
+end
+

data/lib/smbRpc/srvsvc/serverGetInfo.rb

@@ -0,0 +1,57 @@
+module SmbRpc
+  class Srvsvc < Rpc
+
+    class NetrServerGetInfoReq < BinData::Record
+      endian :little
+      request :request
+      uint32 :ref_id_unc, :value => 1
+      conformantandVaryingStrings :serverName
+      uint32 :level, :value => 101
+
+      def initialize_instance
+        super
+        serverName.str = "\\\\#{get_parameter(:srvName)}\x00".bytes.pack("v*")
+        request.pduHead.frag_length = self.num_bytes
+        request.opnum.value = 21	#NetrServerGetInfo
+      end
+    end
+
+    class Server_info_101 < BinData::Record
+      endian :little
+      uint32 :sv101_platform_id
+      uint32 :ref_id_name
+      uint32 :sv101_version_major
+      uint32 :sv101_version_minor
+      uint32 :serverType
+      uint32 :ref_id_comment
+      conformantandVaryingStrings :nameNdr
+      conformantandVaryingStrings :commentNdr
+    end
+
+    class NetrServerGetInfoRes < BinData::Record
+      endian :little
+      response :response
+      uint32 :switch
+      uint32 :ref_id_infoStruct
+      server_info_101 :infoStruct
+      uint32 :windowsError
+    end
+
+    def serverGetInfo(serverName:@ip)
+      netrServerGetInfoReq = NetrServerGetInfoReq.new(:srvName=> serverName)
+      netrServerGetInfoRes = @file.ioctl_send_recv(netrServerGetInfoReq).buffer
+      netrServerGetInfoRes.raise_not_error_success("serverGetInfo")
+      netrServerGetInfoRes = NetrServerGetInfoRes.read(netrServerGetInfoRes)
+      info = netrServerGetInfoRes.infoStruct
+      h = { :platform_id => info.sv101_platform_id,
+            :version_major => info.sv101_version_major,
+            :version_minor => info.sv101_version_minor,
+            :type => info.serverType,
+            :name => info.nameNdr.str.unpack("v*").pack("c*").chop, 
+            :comment => info.commentNdr.str.unpack("v*").pack("c*").chop 
+      }
+      return h
+    end
+end
+end
+

data/lib/smbRpc/svcctl.rb

@@ -0,0 +1,20 @@
+require"smbRpc/svcctl/closeService"
+require"smbRpc/svcctl/controlService"
+require"smbRpc/svcctl/deleteService"
+require"smbRpc/svcctl/openScm"      
+require"smbRpc/svcctl/queryServiceConfig"
+require"smbRpc/svcctl/constants"
+require"smbRpc/svcctl/createService"   
+require"smbRpc/svcctl/enumServicesStatus"  
+require"smbRpc/svcctl/openService"  
+require"smbRpc/svcctl/startService"
+
+module SmbRpc
+  class Svcctl < Rpc
+    def initialize(**argv)
+      super(argv)
+      self.connect
+      self.bind(pipe:"svcctl")
+    end
+end
+end

data/lib/smbRpc/svcctl/closeService.rb

@@ -0,0 +1,48 @@
+module SmbRpc
+  class Svcctl < Rpc
+    class CloseServiceHandleReq < BinData::Record	#use to close BOTH SC and service handle
+      endian :little
+      request :request
+      string :serviceHandle, :length => 20
+
+      def initialize_instance
+        super
+        serviceHandle.value = get_parameter(:handle)
+        request.pduHead.frag_length = self.num_bytes
+        request.opnum.value = 0        			#RCloseServiceHandle
+      end
+    end
+
+    class CloseServiceHandleRes < BinData::Record
+      endian :little
+      request :request
+      string :serviceHandle, :length => 20
+      uint32 :windowsError
+    end
+
+    def closeService()
+      if !@serviceHandle.nil?   #close service handle if exist
+        closeServiceHandleReq = CloseServiceHandleReq.new(handle:@serviceHandle)
+        closeServiceHandleRes = @file.ioctl_send_recv(closeServiceHandleReq).buffer
+        closeServiceHandleRes.raise_not_error_success("closeService")
+        @serviceHandle = nil
+      end
+    end
+
+    def closeScm()
+      if !@scHandle.nil?        #close SC handle if exist
+        closeServiceHandleReq = CloseServiceHandleReq.new(handle:@scHandle)
+        closeServiceHandleRes = @file.ioctl_send_recv(closeServiceHandleReq).buffer
+        closeServiceHandleRes.raise_not_error_success("closeScm")
+        @serviceHandle = nil
+      end
+    end
+
+    def close()
+      closeService()
+      closeScm()
+      super
+    end
+
+end
+end

data/lib/smbRpc/svcctl/constants.rb

@@ -0,0 +1,88 @@
+
+#[MS-SCMR] Specific access types for Service Control Manager object
+SVCCTL_SC_ACCESS_MASK = {
+  "SC_MANAGER_LOCK" => 0x00000008,		#Required to lock the SCM database.
+  "SC_MANAGER_CREATE_SERVICE" => 0x00000002,	#Required for a service to be created
+  "SC_MANAGER_ENUMERATE_SERVICE" => 0x00000004,	#Required to enumerate a service
+  "SC_MANAGER_CONNECT" => 0x00000001,		#Required to connect to the SCM
+  "SC_MANAGER_QUERY_LOCK_STATUS" => 0x00000010,	#Required to query the lock status of the SCM database
+  "SC_MANAGER_MODIFY_BOOT_CONFIG" => 0x0020,	#Required to call the RNotifyBootConfigStatus method
+#https://docs.microsoft.com/en-us/windows/desktop/Services/service-security-and-access-rights
+  "SC_MANAGER_ALL_ACCESS" => 0xF003F
+}
+
+#[MS-SCMR]
+SVCCTL_SERVICE_ACCESS_MASK = {
+  "SERVICE_ALL_ACCESS" => 0x000F01FF,
+  "SERVICE_CHANGE_CONFIG" => 0x00000002,
+  "SERVICE_ENUMERATE_DEPENDENTS" => 0x00000008,
+  "SERVICE_INTERROGATE" => 0x00000080,
+  "SERVICE_PAUSE_CONTINUE" => 0x00000040,
+  "SERVICE_QUERY_CONFIG" => 0x00000001,
+  "SERVICE_QUERY_STATUS" => 0x00000004,
+  "SERVICE_START" => 0x00000010,
+  "SERVICE_STOP" => 0x00000020,
+  "SERVICE_USER_DEFINED_CONTROL" => 0x00000100,
+  "SERVICE_SET_STATUS" => 0x00008000
+}
+#[MS-SCMR] This MUST be one or a combination of the following values
+SVCCTL_SERVICE_TYPE = {
+  "SERVICE_KERNEL_DRIVER" => 0x00000001,
+  "SERVICE_FILE_SYSTEM_DRIVER" => 0x00000002,
+  "SERVICE_WIN32_OWN_PROCESS" => 0x00000010,
+  "SERVICE_WIN32_SHARE_PROCESS" => 0x00000020,
+  "ALL" => 0x33
+}
+#[MS-SCMR] This MUST be one of the following values
+SVCCTL_SERVICE_STATE = {
+  "SERVICE_ACTIVE" => 0x01,	#get ServiceStatus.dwCurrentState = SERVICE_START_PENDING, SERVICE_STOP_PENDING, SERVICE_RUNNING, SERVICE_CONTINUE_PENDING, SERVICE_PAUSE_PENDING, and SERVICE_PAUSED
+  "SERVICE_INACTIVE" => 0x02,	#SERVICE_STOPPED
+  "SERVICE_STATE_ALL" => 0x03	#SERVICE_START_PENDING, SERVICE_STOP_PENDING, SERVICE_RUNNING, SERVICE_CONTINUE_PENDING, SERVICE_PAUSE_PENDING, SERVICE_PAUSED, and SERVICE_STOPPED
+}
+
+#[MS-SCMR] Only SERVICE_WIN32_OWN_PROCESS and SERVICE_INTERACTIVE_PROCESS OR SERVICE_WIN32_SHARE_PROCESS and SERVICE_INTERACTIVE_PROCESS can be combined
+SVCCTL_SERVICE_STATUS_SERVICE_TYPE = {
+  "SERVICE_KERNEL_DRIVER" => 0x00000001,
+  "SERVICE_FILE_SYSTEM_DRIVER" => 0x00000002,
+  "SERVICE_WIN32_OWN_PROCESS" => 0x00000010,
+  "SERVICE_WIN32_SHARE_PROCESS" => 0x00000020,
+  "SERVICE_INTERACTIVE_PROCESS" => 0x00000100,
+  "SERVICE_WIN32_OWN_PROCESS | SERVICE_INTERACTIVE_PROCESS" => 0x00000110,
+  "SERVICE_WIN32_SHARE_PROCESS | SERVICE_INTERACTIVE_PROCESS" => 0x00000120
+}
+
+SVCCTL_SERVICE_STATUS_CURRENT_STATE = {
+  0x00000005 => "SERVICE_CONTINUE_PENDING",
+  0x00000006 => "SERVICE_PAUSE_PENDING",
+  0x00000007 => "SERVICE_PAUSED",
+  0x00000004 => "SERVICE_RUNNING",
+  0x00000002 => "SERVICE_START_PENDING",
+  0x00000003 => "SERVICE_STOP_PENDING",
+  0x00000001 => "SERVICE_STOPPED"
+}
+SVCCTL_SERVICE_START_TYPE = {
+  "SERVICE_BOOT_START" => 0x00000000,
+  "SERVICE_SYSTEM_START" => 0x00000001,
+  "SERVICE_AUTO_START" => 0x00000002,
+  "SERVICE_DEMAND_START" => 0x00000003,
+  "SERVICE_DISABLED" => 0x00000004
+}
+
+SVCCTL_SERVICE_ERROR_CONTROL = {
+  "SERVICE_ERROR_IGNORE" => 0x00000000,
+  "SERVICE_ERROR_NORMAL" => 0x00000001,
+  "SERVICE_ERROR_SEVERE" => 0x00000002,
+  "SERVICE_ERROR_CRITICAL" => 0x00000003
+}
+
+SVCCTL_SERVICE_CONTROL = {
+  "SERVICE_CONTROL_CONTINUE" => 0x00000003,
+  "SERVICE_CONTROL_INTERROGATE" => 0x00000004,
+  "SERVICE_CONTROL_NETBINDADD" => 0x00000007,
+  "SERVICE_CONTROL_NETBINDDISABLE" => 0x0000000A,
+  "SERVICE_CONTROL_NETBINDENABLE" => 0x00000009,
+  "SERVICE_CONTROL_NETBINDREMOVE" => 0x00000008,
+  "SERVICE_CONTROL_PARAMCHANGE" => 0x00000006,
+  "SERVICE_CONTROL_PAUSE" => 0x00000002,
+  "SERVICE_CONTROL_STOP" => 0x00000001,
+}

data/lib/smbRpc/svcctl/controlService.rb

@@ -0,0 +1,48 @@
+module SmbRpc
+  class Svcctl < Rpc
+
+    class ControlServiceReq  < BinData::Record
+      endian :little
+      request :request
+      string :serviceHandle, :length => 20
+      uint32 :control
+
+      def initialize_instance
+        super
+        serviceHandle.value = get_parameter(:handle)
+        control.value = get_parameter(:serviceControl)
+        request.pduHead.frag_length = self.num_bytes
+        request.opnum.value = 1        #RControlService
+      end
+    end
+
+    class ControlServiceRes  < BinData::Record
+      endian :little
+      request :response
+      uint32 :serviceType
+      uint32 :currentState
+      uint32 :controlsAccepted
+      uint32 :win32ExitCode
+      uint32 :serviceSpecificExitCode
+      uint32 :checkPoint
+      uint32 :waitHint
+      uint32 :windowsError
+    end
+
+    def controlService(control:SVCCTL_SERVICE_CONTROL["SERVICE_CONTROL_INTERROGATE"]) #default to do RQueryServiceStatus
+      controlServiceReq = ControlServiceReq.new(handle:@serviceHandle, serviceControl:control)
+      controlServiceRes = @file.ioctl_send_recv(controlServiceReq).buffer
+      controlServiceRes.raise_not_error_success("controlService")
+      controlServiceRes = ControlServiceRes.read(controlServiceRes)
+      return {
+        serviceType:controlServiceRes.serviceType, currentState:controlServiceRes.currentState,
+        controlsAccepted:controlServiceRes.controlsAccepted,
+        win32ExitCode:controlServiceRes.win32ExitCode,
+        serviceSpecificExitCode:controlServiceRes.serviceSpecificExitCode,
+        checkPoint:controlServiceRes.checkPoint,
+        waitHint:controlServiceRes.waitHint
+      }
+    end
+
+end
+end

data/lib/smbRpc/svcctl/createService.rb

@@ -0,0 +1,68 @@
+module SmbRpc
+  class Svcctl < Rpc
+    class CreateServiceReq < BinData::Record
+      endian :little
+      request :request
+      string :scHandle, :length => 20
+      conformantandVaryingStrings :serviceName
+      uint32 :ref_id_displayName, :value => 1, :onlyif => lambda { displayLen > 0 }
+      choice :displayName, :selection => lambda { displayLen } do
+        conformantandVaryingStrings :default
+        uint32 0
+      end
+      uint32 :desiredAccess
+      uint32 :serviceType
+      uint32 :startType
+      uint32 :errorControl
+      conformantandVaryingStrings :binaryPathName
+      uint32 :loadOrderGroup                    #might implement this, tagId, and dependencies later
+      uint32 :tagId
+      uint32 :dependencies
+      uint32 :dependSize
+      uint32 :serviceStartName                  #not going to implement this cause ncacn_np may require password encryption
+      uint32 :password                          #and default service account is LocalSystem anyway      
+      uint32 :pwSize
+
+      def initialize_instance
+        super
+        scHandle.value = get_parameter(:handle)
+        serviceName.str = "#{get_parameter(:name)}\x00".bytes.pack("v*")
+        displayName.str = "#{get_parameter(:display)}\x00".bytes.pack("v*") if displayLen > 0 #if display not empty
+        binaryPathName.str = "#{get_parameter(:path)}\x00".bytes.pack("v*")
+        desiredAccess.value = get_parameter(:access)
+        serviceType.value = get_parameter(:type)
+        startType.value = get_parameter(:start)
+        errorControl.value = get_parameter(:error)
+        request.pduHead.frag_length = self.num_bytes
+        request.opnum.value = 12        #RCreateServiceW
+      end
+
+      def displayLen    		#helper method to get displayname length
+        get_parameter(:display).bytesize
+      end
+    end
+
+    class CreateServiceRes < BinData::Record
+      endian :little
+      request :response
+      uint32 :tagId
+      string :serviceHandle, :length => 20
+      uint32 :windowsError
+    end
+
+    def createService(serviceName:, displayName:"", binaryPathName:,
+      desiredAccess:SVCCTL_SERVICE_ACCESS_MASK["SERVICE_ALL_ACCESS"],
+      serviceType:SVCCTL_SERVICE_STATUS_SERVICE_TYPE["SERVICE_WIN32_OWN_PROCESS"],
+      startType:SVCCTL_SERVICE_START_TYPE["SERVICE_DEMAND_START"],
+      errorControl:SVCCTL_SERVICE_ERROR_CONTROL["SERVICE_ERROR_NORMAL"])
+      createServiceReq = CreateServiceReq.new(handle:@scHandle, name:serviceName, display:displayName, path:binaryPathName,
+                                        access:desiredAccess, type:serviceType, start:startType, error:errorControl)
+      createServiceRes = @file.ioctl_send_recv(createServiceReq).buffer
+      createServiceRes.raise_not_error_success("createService")
+      createServiceRes = CreateServiceRes.read(createServiceRes)
+      @serviceHandle = createServiceRes.serviceHandle
+      return self
+    end
+
+end
+end