Class: SmbRpc::Lsarpc

Inherits:

Rpc

• Object
• Rpc
• SmbRpc::Lsarpc

Defined in:

lib/smbRpc/lsarpc.rb,
lib/smbRpc/lsarpc/close.rb,
lib/smbRpc/lsarpc/lookupSids.rb,
lib/smbRpc/lsarpc/openPolicy.rb,
lib/smbRpc/lsarpc/lookupNames.rb,
lib/smbRpc/lsarpc/openAccount.rb,
lib/smbRpc/lsarpc/enumerateAccounts.rb,
lib/smbRpc/lsarpc/lookupPrivilegeName.rb,
lib/smbRpc/lsarpc/querySecurityObject.rb,
lib/smbRpc/lsarpc/queryInformationPolicy.rb,
lib/smbRpc/lsarpc/enumeratePrivilegesAccount.rb

Defined Under Namespace

Classes: Ace, Acl, Lsa_translated_sid, Lsapr_account_enum_buffer, Lsapr_luid_and_attributes, Lsapr_object_attributes, Lsapr_policy_dns_domain_info, Lsapr_privilege_set, Lsapr_referenced_domain_list, Lsapr_security_descriptor, Lsapr_translated_name, Lsapr_translated_names, Lsapr_translated_sids, Lsapr_trust_information, LsarCloseReq, LsarCloseRes, LsarEnumerateAccountsReq, LsarEnumerateAccountsRes, LsarEnumeratePrivilegesAccountReq, LsarEnumeratePrivilegesAccountRes, LsarLookupNamesReq, LsarLookupNamesRes, LsarLookupPrivilegeNameReq, LsarLookupPrivilegeNameRes, LsarLookupSidsReq, LsarLookupSidsRes, LsarOpenAccountReq, LsarOpenAccountRes, LsarOpenPolicy2Req, LsarOpenPolicy2Res, LsarQueryInformationPolicy2Req, LsarQueryInformationPolicy2Res, LsarQuerySecurityObjectReq, LsarQuerySecurityObjectRes, Plsapr_sr_security_descriptor, Rpc_sid, Rpc_unicode_string, Sid_element

Instance Attribute Summary

• #accountHandle ⇒ Object

  Returns the value of attribute accountHandle.

• #policyHandle ⇒ Object

  Returns the value of attribute policyHandle.

Attributes inherited from Rpc

#smb

Instance Method Summary

• #close ⇒ Object
• #closeAccount ⇒ Object
• #closePolicy ⇒ Object
• #enumerateAccounts ⇒ Object
• #enumeratePrivilegesAccount ⇒ Object
• #initialize(**argv) ⇒ Lsarpc constructor

  A new instance of Lsarpc.

• #lookupNames(name:) ⇒ Object
• #lookupPrivilegeName(luid:) ⇒ Object
• #lookupSids(sid:) ⇒ Object
• #openAccount(desiredAccess:, sid:) ⇒ Object
• #openPolicy(desiredAccess: LSARPC_ALL_ACCESS_MASK["MAXIMUM_ALLOWED"]) ⇒ Object
• #queryInformationPolicy(informationClass: ) ⇒ Object
• #querySecurityObject(objectHandle:) ⇒ Object

Methods inherited from Rpc

#bind, #connect

Constructor Details

#initialize(**argv) ⇒ Lsarpc

Returns a new instance of Lsarpc.

# File 'lib/smbRpc/lsarpc.rb', line 15

def initialize(**argv)
  super(argv)
  self.connect
  self.bind(pipe:"lsarpc")
end

Instance Attribute Details

#accountHandle ⇒ Object

Returns the value of attribute accountHandle.

# File 'lib/smbRpc/lsarpc/openAccount.rb', line 4

def accountHandle
  @accountHandle
end

#policyHandle ⇒ Object

Returns the value of attribute policyHandle.

# File 'lib/smbRpc/lsarpc/openPolicy.rb', line 5

def policyHandle
  @policyHandle
end

Instance Method Details

#close ⇒ Object

# File 'lib/smbRpc/lsarpc/close.rb', line 42

def close()
  closeAccount()      
  closePolicy()      
  super
end

#closeAccount ⇒ Object

# File 'lib/smbRpc/lsarpc/close.rb', line 33

def closeAccount()
  if !@accountHandle.nil?
    lsarCloseReq = LsarCloseReq.new(handle:@accountHandle)
    lsarCloseRes = @file.ioctl_send_recv(lsarCloseReq).buffer
    lsarCloseRes.raise_not_error_success("closeAccount")
    @accountHandle = nil
  end
end

#closePolicy ⇒ Object

# File 'lib/smbRpc/lsarpc/close.rb', line 24

def closePolicy()
  if !@policyHandle.nil?
    lsarCloseReq = LsarCloseReq.new(handle:@policyHandle)
    lsarCloseRes = @file.ioctl_send_recv(lsarCloseReq).buffer
    lsarCloseRes.raise_not_error_success("closeAccount")
    @policyHandle = nil
  end
end

#enumerateAccounts ⇒ Object

# File 'lib/smbRpc/lsarpc/enumerateAccounts.rb', line 42

def enumerateAccounts()
  lsarEnumerateAccountsReq = LsarEnumerateAccountsReq.new(handle:@policyHandle)
  lsarEnumerateAccountsRes = @file.ioctl_send_recv(lsarEnumerateAccountsReq).buffer
  lsarEnumerateAccountsRes.raise_not_error_success("enumerateAccounts")
  lsarEnumerateAccountsRes = LsarEnumerateAccountsRes.read(lsarEnumerateAccountsRes)
  sids = []
  lsarEnumerateAccountsRes.enumerationBuffer.information.each do |e|
    sids << e.sid.to_s
  end
  return sids
end

#enumeratePrivilegesAccount ⇒ Object

# File 'lib/smbRpc/lsarpc/enumeratePrivilegesAccount.rb', line 40

def enumeratePrivilegesAccount()
  lsarEnumeratePrivilegesAccountReq = LsarEnumeratePrivilegesAccountReq.new(handle:@accountHandle)
  lsarEnumeratePrivilegesAccountRes = @file.ioctl_send_recv(lsarEnumeratePrivilegesAccountReq).buffer
  lsarEnumeratePrivilegesAccountRes.raise_not_error_success("enumeratePrivilegesAccount")
  lsarEnumeratePrivilegesAccountRes = LsarEnumeratePrivilegesAccountRes.read(lsarEnumeratePrivilegesAccountRes)
  return lsarEnumeratePrivilegesAccountRes.privileges.privilege
end

#lookupNames(name:) ⇒ Object

# File 'lib/smbRpc/lsarpc/lookupNames.rb', line 60

def lookupNames(name:)
  lsarLookupNamesReq = LsarLookupNamesReq.new(handle:@policyHandle, accountName:name)
  lsarLookupNamesRes = @file.ioctl_send_recv(lsarLookupNamesReq).buffer
  lsarLookupNamesRes.raise_not_error_success("lookupNames")
  lsarLookupNamesRes = LsarLookupNamesRes.read(lsarLookupNamesRes)
  h = {}
  h[:domain] = lsarLookupNamesRes.domain.name.str.unpack("v*").pack("c*")
  h[:sid] = lsarLookupNamesRes.domain.sid.sid.to_s
  h[:rid] = lsarLookupNamesRes.translatedSids.relativeId.to_i
  h[:type] = lsarLookupNamesRes.translatedSids.use.to_i
  return h
end

#lookupPrivilegeName(luid:) ⇒ Object

# File 'lib/smbRpc/lsarpc/lookupPrivilegeName.rb', line 28

def lookupPrivilegeName(luid:)
  lsarLookupPrivilegeNameReq = LsarLookupPrivilegeNameReq.new(handle:@policyHandle, lu:luid)
  lsarLookupPrivilegeNameRes = @file.ioctl_send_recv(lsarLookupPrivilegeNameReq).buffer
  lsarLookupPrivilegeNameRes.raise_not_error_success("lookupPrivilegeName")
  lsarLookupPrivilegeNameRes = LsarLookupPrivilegeNameRes.read(lsarLookupPrivilegeNameRes)
  return lsarLookupPrivilegeNameRes.nameNdr.str.unpack("v*").pack("c*")
end

#lookupSids(sid:) ⇒ Object

# File 'lib/smbRpc/lsarpc/lookupSids.rb', line 81

def lookupSids(sid:)
  lsarLookupSidsReq = LsarLookupSidsReq.new(handle:@policyHandle, sid:sid)
  lsarLookupSidsRes = @file.ioctl_send_recv(lsarLookupSidsReq).buffer
  lsarLookupSidsRes.raise_not_error_success("lookupSids")
  lsarLookupSidsRes = LsarLookupSidsRes.read(lsarLookupSidsRes)
  result = lsarLookupSidsRes.windowsError
  result == 0? result : (raise "LsaLookupSids Fail, WinError: %i"%[result])
  h = {}
  h[:domain] = lsarLookupSidsRes.domain.name.str.unpack("v*").pack("c*")
  h[:name] = lsarLookupSidsRes.translatedNames.nameNdr[0].str.unpack("v*").pack("c*")
  h[:type] = lsarLookupSidsRes.translatedNames.names[0].use
  return h
end

#openAccount(desiredAccess:, sid:) ⇒ Object

# File 'lib/smbRpc/lsarpc/openAccount.rb', line 39

def openAccount(desiredAccess:, sid:)
  lsarOpenAccountReq = LsarOpenAccountReq.new(handle:@policyHandle, access:desiredAccess, sid:sid)
  lsarOpenAccountRes = @file.ioctl_send_recv(lsarOpenAccountReq).buffer
  lsarOpenAccountRes.raise_not_error_success("openAccount")
  lsarOpenAccountRes = LsarOpenAccountRes.read(lsarOpenAccountRes)
  @accountHandle = lsarOpenAccountRes.accountHandle
  return self
end

#openPolicy(desiredAccess: LSARPC_ALL_ACCESS_MASK["MAXIMUM_ALLOWED"]) ⇒ Object

# File 'lib/smbRpc/lsarpc/openPolicy.rb', line 42

def openPolicy(desiredAccess:LSARPC_ALL_ACCESS_MASK["MAXIMUM_ALLOWED"])
  lsarOpenPolicy2Req = LsarOpenPolicy2Req.new(accessMask:desiredAccess)
  lsarOpenPolicy2Res = @file.ioctl_send_recv(lsarOpenPolicy2Req).buffer
  lsarOpenPolicy2Res.raise_not_error_success("openPolicy")
  lsarOpenPolicy2Res = LsarOpenPolicy2Res.read(lsarOpenPolicy2Res)
  @policyHandle = lsarOpenPolicy2Res.policyHandle
  return self
end

#queryInformationPolicy(informationClass: ) ⇒ Object

# File 'lib/smbRpc/lsarpc/queryInformationPolicy.rb', line 70

def queryInformationPolicy(informationClass:LSARPC_POLICY_INFORMATION_CLASS["PolicyDnsDomainInformation"])
  lsarQueryInformationPolicy2Req = LsarQueryInformationPolicy2Req.new(handle:@policyHandle, infoClass:informationClass)
  response = @file.ioctl_send_recv(lsarQueryInformationPolicy2Req).buffer
  response.raise_not_error_success("queryInformationPolicy")
  lsarQueryInformationPolicy2Res = LsarQueryInformationPolicy2Res.new(infoClass:informationClass)
  lsarQueryInformationPolicy2Res.read(response)
  short = lsarQueryInformationPolicy2Res.policyInformation
  out = {}
  if informationClass == LSARPC_POLICY_INFORMATION_CLASS["PolicyDnsDomainInformation"]
    out[:name] = short.nameNdr.str.unpack("v*").pack("c*") if short.name.len > 0
    out[:dnsDomainName] = short.dnsDomainNameNdr.str.unpack("v*").pack("c*") if short.dnsDomainName.len > 0
    out[:dnsForestName] = short.dnsForestNameNdr.str.unpack("v*").pack("c*") if short.dnsForestName.len > 0
    out[:guid] = short.guid
    out[:sid] = short.sid
  end
  if informationClass == LSARPC_POLICY_INFORMATION_CLASS["PolicyLsaServerRoleInformation"]
    out[:policyServerRole] = short
  end
  return out
end

#querySecurityObject(objectHandle:) ⇒ Object

# File 'lib/smbRpc/lsarpc/querySecurityObject.rb', line 67

def querySecurityObject(objectHandle:)
  lsarQuerySecurityObjectReq = LsarQuerySecurityObjectReq.new(handle:objectHandle)
  lsarQuerySecurityObjectRes = @file.ioctl_send_recv(lsarQuerySecurityObjectReq).buffer
  lsarQuerySecurityObjectRes.raise_not_error_success("querySecurityObject")
  lsarQuerySecurityObjectRes = LsarQuerySecurityObjectRes.read(lsarQuerySecurityObjectRes)
end