Module: RubySMB::Dcerpc::Samr

Defined in:
lib/ruby_smb/dcerpc/samr.rb,
lib/ruby_smb/dcerpc/samr/rpc_sid.rb,
lib/ruby_smb/dcerpc/samr/samr_connect_request.rb,
lib/ruby_smb/dcerpc/samr/samr_connect_response.rb,
lib/ruby_smb/dcerpc/samr/samr_open_user_request.rb,
lib/ruby_smb/dcerpc/samr/samr_open_user_response.rb,
lib/ruby_smb/dcerpc/samr/samr_rid_to_sid_request.rb,
lib/ruby_smb/dcerpc/samr/samr_open_domain_request.rb,
lib/ruby_smb/dcerpc/samr/samr_rid_to_sid_response.rb,
lib/ruby_smb/dcerpc/samr/samr_close_handle_request.rb,
lib/ruby_smb/dcerpc/samr/samr_open_domain_response.rb,
lib/ruby_smb/dcerpc/samr/samr_close_handle_response.rb,
lib/ruby_smb/dcerpc/samr/samr_get_groups_for_user_request.rb,
lib/ruby_smb/dcerpc/samr/samr_get_alias_membership_request.rb,
lib/ruby_smb/dcerpc/samr/samr_get_groups_for_user_response.rb,
lib/ruby_smb/dcerpc/samr/samr_get_alias_membership_response.rb,
lib/ruby_smb/dcerpc/samr/samr_enumerate_users_in_domain_request.rb,
lib/ruby_smb/dcerpc/samr/samr_enumerate_users_in_domain_response.rb,
lib/ruby_smb/dcerpc/samr/samr_lookup_domain_in_sam_server_request.rb,
lib/ruby_smb/dcerpc/samr/samr_lookup_domain_in_sam_server_response.rb

Defined Under Namespace

Classes: GroupMembership, KerbKeyDataNew, KerbStoredCredentialNew, PgroupMembershipArray, PrpcSid, PsamprEnumerationBuffer, PsamprGetGroupsBuffer, PsamprRidEnumerationArray, PsamprServerName, PsamprSidInformation, PsamprSidInformationArray, PsamprUlongArray, PulongArray, RpcSid, RpcSidIdentifierAuthority, SamprEnumerationBuffer, SamprGetGroupsBuffer, SamprHandle, SamprPsidArray, SamprRidEnumeration, SamprRidEnumerationArray, SamprSidInformation, SamrCloseHandleRequest, SamrCloseHandleResponse, SamrConnectRequest, SamrConnectResponse, SamrEnumerateUsersInDomainRequest, SamrEnumerateUsersInDomainResponse, SamrGetAliasMembershipRequest, SamrGetAliasMembershipResponse, SamrGetGroupsForUserRequest, SamrGetGroupsForUserResponse, SamrLookupDomainInSamServerRequest, SamrLookupDomainInSamServerResponse, SamrOpenDomainRequest, SamrOpenDomainResponse, SamrOpenUserRequest, SamrOpenUserResponse, SamrRidToSidRequest, SamrRidToSidResponse, UserProperties, UserProperty

Constant Summary collapse

UUID = 
'12345778-1234-abcd-ef00-0123456789ac'
VER_MAJOR = 
1
VER_MINOR = 
0
SAMR_CONNECT =

Operation numbers

0x0000
SAMR_CLOSE_HANDLE = 
0x0001
SAMR_LOOKUP_DOMAIN_IN_SAM_SERVER = 
0x0005
SAMR_OPEN_DOMAIN = 
0x0007
SAMR_ENUMERATE_USERS_IN_DOMAIN = 
0x000D
SAMR_GET_ALIAS_MEMBERSHIP = 
0x0010
SAMR_OPEN_USER = 
0x0022
SAMR_GET_GROUPS_FOR_USER = 
0x0027
SAMR_RID_TO_SID = 
0x0041
DELETE =

2.2.1.1 Common ACCESS_MASK Values

0x00010000
READ_CONTROL = 
0x00020000
WRITE_DAC = 
0x00040000
WRITE_OWNER = 
0x00080000
ACCESS_SYSTEM_SECURITY = 
0x01000000
MAXIMUM_ALLOWED = 
0x02000000
SAM_SERVER_CONNECT =

2.2.1.3 Server ACCESS_MASK Values

0x00000001
SAM_SERVER_SHUTDOWN = 
0x00000002
SAM_SERVER_INITIALIZE = 
0x00000004
SAM_SERVER_CREATE_DOMAIN = 
0x00000008
SAM_SERVER_ENUMERATE_DOMAINS = 
0x00000010
SAM_SERVER_LOOKUP_DOMAIN = 
0x00000020
SAM_SERVER_ALL_ACCESS = 
0x000F003F
SAM_SERVER_READ = 
0x00020010
SAM_SERVER_WRITE = 
0x0002000E
SAM_SERVER_EXECUTE = 
0x00020021
DOMAIN_READ_PASSWORD_PARAMETERS =

2.2.1.4 Domain ACCESS_MASK Values

0x00000001
DOMAIN_WRITE_PASSWORD_PARAMS = 
0x00000002
DOMAIN_READ_OTHER_PARAMETERS = 
0x00000004
DOMAIN_WRITE_OTHER_PARAMETERS = 
0x00000008
DOMAIN_CREATE_USER = 
0x00000010
DOMAIN_CREATE_GROUP = 
0x00000020
DOMAIN_CREATE_ALIAS = 
0x00000040
DOMAIN_GET_ALIAS_MEMBERSHIP = 
0x00000080
DOMAIN_LIST_ACCOUNTS = 
0x00000100
DOMAIN_LOOKUP = 
0x00000200
DOMAIN_ADMINISTER_SERVER = 
0x00000400
DOMAIN_ALL_ACCESS = 
0x000F07FF
DOMAIN_READ = 
0x00020084
DOMAIN_WRITE = 
0x0002047A
DOMAIN_EXECUTE = 
0x00020301
GROUP_READ_INFORMATION =

2.2.1.5 Group ACCESS_MASK Values

0x00000001
GROUP_WRITE_ACCOUNT = 
0x00000002
GROUP_ADD_MEMBER = 
0x00000004
GROUP_REMOVE_MEMBER = 
0x00000008
GROUP_LIST_MEMBERS = 
0x00000010
GROUP_ALL_ACCESS = 
0x000F001F
GROUP_READ = 
0x00020010
GROUP_WRITE = 
0x0002000E
GROUP_EXECUTE = 
0x00020001
ALIAS_ADD_MEMBER =

2.2.1.6 Alias ACCESS_MASK Values

0x00000001
ALIAS_REMOVE_MEMBER = 
0x00000002
ALIAS_LIST_MEMBERS = 
0x00000004
ALIAS_READ_INFORMATION = 
0x00000008
ALIAS_WRITE_ACCOUNT = 
0x00000010
ALIAS_ALL_ACCESS = 
0x000F001F
ALIAS_READ = 
0x00020004
ALIAS_WRITE = 
0x00020013
ALIAS_EXECUTE = 
0x00020008
USER_READ_GENERAL =

2.2.1.7 User ACCESS_MASK Values

0x00000001
USER_READ_PREFERENCES = 
0x00000002
USER_WRITE_PREFERENCES = 
0x00000004
USER_READ_LOGON = 
0x00000008
USER_READ_ACCOUNT = 
0x00000010
USER_WRITE_ACCOUNT = 
0x00000020
USER_CHANGE_PASSWORD = 
0x00000040
USER_FORCE_PASSWORD_CHANGE = 
0x00000080
USER_LIST_GROUPS = 
0x00000100
USER_READ_GROUP_INFORMATION = 
0x00000200
USER_WRITE_GROUP_INFORMATION = 
0x00000400
USER_ALL_ACCESS = 
0x000F07FF
USER_READ = 
0x0002031A
USER_WRITE = 
0x00020044
USER_EXECUTE = 
0x00020041
USER_ALL_USERNAME =

2.2.1.8 USER_ALL Values

0x00000001
USER_ALL_FULLNAME = 
0x00000002
USER_ALL_USERID = 
0x00000004
USER_ALL_PRIMARYGROUPID = 
0x00000008
USER_ALL_ADMINCOMMENT = 
0x00000010
USER_ALL_USERCOMMENT = 
0x00000020
USER_ALL_HOMEDIRECTORY = 
0x00000040
USER_ALL_HOMEDIRECTORYDRIVE = 
0x00000080
USER_ALL_SCRIPTPATH = 
0x00000100
USER_ALL_PROFILEPATH = 
0x00000200
USER_ALL_WORKSTATIONS = 
0x00000400
USER_ALL_LASTLOGON = 
0x00000800
USER_ALL_LASTLOGOFF = 
0x00001000
USER_ALL_LOGONHOURS = 
0x00002000
USER_ALL_BADPASSWORDCOUNT = 
0x00004000
USER_ALL_LOGONCOUNT = 
0x00008000
USER_ALL_PASSWORDCANCHANGE = 
0x00010000
USER_ALL_PASSWORDMUSTCHANGE = 
0x00020000
USER_ALL_PASSWORDLASTSET = 
0x00040000
USER_ALL_ACCOUNTEXPIRES = 
0x00080000
USER_ALL_USERACCOUNTCONTROL = 
0x00100000
USER_ALL_PARAMETERS = 
0x00200000
USER_ALL_COUNTRYCODE = 
0x00400000
USER_ALL_CODEPAGE = 
0x00800000
USER_ALL_NTPASSWORDPRESENT = 
0x01000000
USER_ALL_LMPASSWORDPRESENT = 
0x02000000
USER_ALL_PRIVATEDATA = 
0x04000000
USER_ALL_PASSWORDEXPIRED = 
0x08000000
USER_ALL_SECURITYDESCRIPTOR = 
0x10000000
USER_ALL_UNDEFINED_MASK = 
0xC0000000
SAM_DOMAIN_OBJECT =

2.2.1.9 ACCOUNT_TYPE Values

0x00000000
SAM_GROUP_OBJECT = 
0x10000000
SAM_NON_SECURITY_GROUP_OBJECT = 
0x10000001
SAM_ALIAS_OBJECT = 
0x20000000
SAM_NON_SECURITY_ALIAS_OBJECT = 
0x20000001
SAM_USER_OBJECT = 
0x30000000
SAM_MACHINE_ACCOUNT = 
0x30000001
SAM_TRUST_ACCOUNT = 
0x30000002
SAM_APP_BASIC_GROUP = 
0x40000000
SAM_APP_QUERY_GROUP = 
0x40000001
SE_GROUP_MANDATORY =

2.2.1.10 SE_GROUP Attributes

0x00000001
SE_GROUP_ENABLED_BY_DEFAULT = 
0x00000002
SE_GROUP_ENABLED = 
0x00000004
GROUP_TYPE_ACCOUNT_GROUP =

2.2.1.11 GROUP_TYPE Codes

0x00000002
GROUP_TYPE_RESOURCE_GROUP = 
0x00000004
GROUP_TYPE_UNIVERSAL_GROUP = 
0x00000008
GROUP_TYPE_SECURITY_ENABLED = 
0x80000000
GROUP_TYPE_SECURITY_ACCOUNT = 
0x80000002
GROUP_TYPE_SECURITY_RESOURCE = 
0x80000004
GROUP_TYPE_SECURITY_UNIVERSAL = 
0x80000008
USER_ACCOUNT_DISABLED =

2.2.1.12 USER_ACCOUNT Codes

0x00000001
USER_HOME_DIRECTORY_REQUIRED = 
0x00000002
USER_PASSWORD_NOT_REQUIRED = 
0x00000004
USER_TEMP_DUPLICATE_ACCOUNT = 
0x00000008
USER_NORMAL_ACCOUNT = 
0x00000010
USER_MNS_LOGON_ACCOUNT = 
0x00000020
USER_INTERDOMAIN_TRUST_ACCOUNT = 
0x00000040
USER_WORKSTATION_TRUST_ACCOUNT = 
0x00000080
USER_SERVER_TRUST_ACCOUNT = 
0x00000100
USER_DONT_EXPIRE_PASSWORD = 
0x00000200
USER_ACCOUNT_AUTO_LOCKED = 
0x00000400
USER_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 
0x00000800
USER_SMARTCARD_REQUIRED = 
0x00001000
USER_TRUSTED_FOR_DELEGATION = 
0x00002000
USER_NOT_DELEGATED = 
0x00004000
USER_USE_DES_KEY_ONLY = 
0x00008000
USER_DONT_REQUIRE_PREAUTH = 
0x00010000
USER_PASSWORD_EXPIRED = 
0x00020000
USER_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 
0x00040000
USER_NO_AUTH_DATA_REQUIRED = 
0x00080000
USER_PARTIAL_SECRETS_ACCOUNT = 
0x00100000
USER_USE_AES_KEYS = 
0x00200000
UF_SCRIPT =

2.2.1.13 UF_FLAG Codes

0x00000001
UF_ACCOUNTDISABLE = 
0x00000002
UF_HOMEDIR_REQUIRED = 
0x00000008
UF_LOCKOUT = 
0x00000010
UF_PASSWD_NOTREQD = 
0x00000020
UF_PASSWD_CANT_CHANGE = 
0x00000040
UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 
0x00000080
UF_TEMP_DUPLICATE_ACCOUNT = 
0x00000100
UF_NORMAL_ACCOUNT = 
0x00000200
UF_INTERDOMAIN_TRUST_ACCOUNT = 
0x00000800
UF_WORKSTATION_TRUST_ACCOUNT = 
0x00001000
UF_SERVER_TRUST_ACCOUNT = 
0x00002000
UF_DONT_EXPIRE_PASSWD = 
0x00010000
UF_MNS_LOGON_ACCOUNT = 
0x00020000
UF_SMARTCARD_REQUIRED = 
0x00040000
UF_TRUSTED_FOR_DELEGATION = 
0x00080000
UF_NOT_DELEGATED = 
0x00100000
UF_USE_DES_KEY_ONLY = 
0x00200000
UF_DONT_REQUIRE_PREAUTH = 
0x00400000
UF_PASSWORD_EXPIRED = 
0x00800000
UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 
0x01000000
UF_NO_AUTH_DATA_REQUIRED = 
0x02000000
UF_PARTIAL_SECRETS_ACCOUNT = 
0x04000000
UF_USE_AES_KEYS = 
0x08000000
DOMAIN_USER_RID_ADMIN =

2.2.1.14 Predefined RIDs

0x000001F4
DOMAIN_USER_RID_GUEST = 
0x000001F5
DOMAIN_USER_RID_KRBTGT = 
0x000001F6
DOMAIN_GROUP_RID_ADMINS = 
0x00000200
DOMAIN_GROUP_RID_USERS = 
0x00000201
DOMAIN_GROUP_RID_COMPUTERS = 
0x00000203
DOMAIN_GROUP_RID_CONTROLLERS = 
0x00000204
DOMAIN_ALIAS_RID_ADMINS = 
0x00000220
DOMAIN_GROUP_RID_READONLY_CONTROLLERS = 
0x00000209
KERBEROS_TYPE =

2.2.10.8 Kerberos Encryption Algorithm Identifiers

{
  1          => 'dec-cbc-crc',
  3          => 'des-cbc-md5',
  17         => 'aes128-cts-hmac-sha1-96',
  18         => 'aes256-cts-hmac-sha1-96',
  0xffffff74 => 'rc4_hmac'
}
WELL_KNOWN_SID_NAME = 
{
  [0,0] => 'NULL SID',
  [1,0] => 'Everyone',
  [2,0] => 'LOCAL',
  [2,1] => 'CONSOLE LOGON',
  [3,0] => 'CREATOR OWNER',
  [3,1] => 'CREATOR GROUP',
  [3,2] => 'CREATOR OWNER SERVER',
  [3,3] => 'CREATOR GROUP SERVER',
  [3,4] => 'OWNER RIGHTS',
  [5,1] => 'NT AUTHORITY\\DIALUP',
  [5,2] => 'NT AUTHORITY\\NETWORK',
  [5,3] => 'NT AUTHORITY\\BATCH',
  [5,4] => 'NT AUTHORITY\\INTERACTIVE',
  [5,6] => 'NT AUTHORITY\\SERVICE',
  [5,7] => 'NT AUTHORITY\\ANONYMOUS LOGON',
  [5,8] => 'NT AUTHORITY\\PROXY',
  [5,9] => 'NT AUTHORITY\\ENTERPRISE DOMAIN CONTROLLERS',
  [5,10] => 'NT AUTHORITY\\SELF',
  [5,11] => 'NT AUTHORITY\\Authenticated Users',
  [5,12] => 'NT AUTHORITY\\RESTRICTED',
  [5,13] => 'NT AUTHORITY\\TERMINAL SERVER USER',
  [5,14] => 'NT AUTHORITY\\REMOTE INTERACTIVE LOGON',
  [5,15] => 'NT AUTHORITY\\This Organization',
  [5,17] => 'NT AUTHORITY\\IUSR',
  [5,18] => 'NT AUTHORITY\\SYSTEM',
  [5,19] => 'NT AUTHORITY\\LOCAL SERVICE',
  [5,20] => 'NT AUTHORITY\\NETWORK SERVICE',
  [5,22] => 'NT AUTHORITY\\ENTERPRISE READ-ONLY DOMAIN CONTROLLERS BETA',
  [5,33] => 'NT AUTHORITY\\WRITE RESTRICTED',
  [5,32] => 'Builtin Domain'
}
WELL_KNOWN_RID_NAME = 
{
  498 => '(domain)\\Enterprise Read-only Domain Controllers',
  500 => '(domain)\\Administrator',
  501 => '(domain)\\Guest',
  502 => '(domain)\\krbtgt',
  512 => '(domain)\\Domain Admins',
  513 => '(domain)\\Domain Users',
  514 => '(domain)\\Domain Guests',
  515 => '(domain)\\Domain Computers',
  516 => '(domain)\\Domain Controllers',
  517 => '(domain)\\Cert Publishers',
  518 => '(domain)\\Schema Admins',
  519 => '(domain)\\Enterprise Admins',
  520 => '(domain)\\Group Policy Creator Owners',
  521 => '(domain)\\Read-only Domain Controllers',
  522 => '(domain)\\Cloneable Domain Controllers',
  544 => 'BUILTIN\\Administrators',
  545 => 'BUILTIN\\Users',
  546 => 'BUILTIN\\Guests',
  548 => 'BUILTIN\\Account Operators',
  549 => 'BUILTIN\\Server Operators',
  550 => 'BUILTIN\\Print Operators',
  551 => 'BUILTIN\\Backup Operators',
  552 => 'BUILTIN\\Replicator',
  553 => '(domain)\\RAS and IAS Servers',
  554 => 'BUILTIN\\Pre-Windows 2000 Compatible Access',
  555 => 'BUILTIN\\Remote Desktop Users',
  556 => 'BUILTIN\\Network Configuration Operators',
  557 => 'BUILTIN\\Incoming Forest Trust Builders',
  558 => 'BUILTIN\\Performance Monitor Users',
  559 => 'BUILTIN\\Performance Log Users',
  560 => 'BUILTIN\\Windows Authorization Access Group',
  561 => 'BUILTIN\\Terminal Server License Servers',
  562 => 'BUILTIN\\Distributed COM Users',
  568 => 'BUILTIN\\IIS_IUSRS',
  569 => 'BUILTIN\\Cryptographic Operators',
  571 => '(domain)\\Allowed RODC Password Replication Group',
  572 => '(domain)\\Denied RODC Password Replication Group',
  573 => 'BUILTIN\\Event Log Readers',
  574 => 'BUILTIN\\Certificate Service DCOM Access',
  575 => 'BUILTIN\\RDS Remote Access Servers',
  576 => 'BUILTIN\\RDS Endpoint Servers',
  577 => 'BUILTIN\\RDS Management Servers',
  578 => 'BUILTIN\\Hyper-V Administrators',
  579 => 'BUILTIN\\Access Control Assistance Operators',
  580 => 'BUILTIN\\Remote Management Users'
}

Instance Method Summary collapse

Instance Method Details

#close_handle(sam_handle) ⇒ RubySMB::Dcerpc::Samr::SamprHandle

Closes (that is, releases server-side resources used by) any context handle obtained from this RPC interface

Parameters:

Returns:

Raises:



499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
 
# File 'lib/ruby_smb/dcerpc/samr.rb', line 499

def close_handle(sam_handle)
  samr_close_handle_request = SamrCloseHandleRequest.new(sam_handle: sam_handle)
  response = dcerpc_request(samr_close_handle_request)
  begin
    samr_close_handle_response = SamrCloseHandleResponse.read(response)
  rescue IOError
    raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading SamrCloseHandleResponse'
  end
  unless samr_close_handle_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
    raise RubySMB::Dcerpc::Error::SamrError,
      "Error returned with samr_connect: "\
      "#{WindowsError::NTStatus.find_by_retval(samr_close_handle_response.error_status.value).join(',')}"
  end
  samr_close_handle_response.sam_handle
end

#samr_connect(server_name: '', access: MAXIMUM_ALLOWED) ⇒ RubySMB::Dcerpc::Samr::SamprHandle

Returns a handle to a server object.

Parameters:

  • server_name (Char) (defaults to: '')

    the first character of the NETBIOS name of the server (optional)

  • access (Numeric) (defaults to: MAXIMUM_ALLOWED)

    access requested for ServerHandle upon output: bitwise OR of common and server ACCESS_MASK values (defined in lib/ruby_smb/dcerpc/samr.rb).

Returns:

Raises:



336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
 
# File 'lib/ruby_smb/dcerpc/samr.rb', line 336

def samr_connect(server_name: '', access: MAXIMUM_ALLOWED)
  samr_connect_request = SamrConnectRequest.new(
    server_name: server_name,
    desired_access: access
  )
  response = dcerpc_request(samr_connect_request)
  begin
    samr_connect_response = SamrConnectResponse.read(response)
  rescue IOError
    raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading SamrConnectResponse'
  end
  unless samr_connect_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
    raise RubySMB::Dcerpc::Error::SamrError,
      "Error returned with samr_connect: "\
      "#{WindowsError::NTStatus.find_by_retval(samr_connect_response.error_status.value).join(',')}"
  end
  samr_connect_response.server_handle
end

#samr_enumerate_users_in_domain(domain_handle:, enumeration_context: 0, user_account_control: USER_NORMAL_ACCOUNT | USER_WORKSTATION_TRUST_ACCOUNT | USER_SERVER_TRUST_ACCOUNT | USER_INTERDOMAIN_TRUST_ACCOUNT) ⇒ Hash

Enumerates all users in the specified domain.

Parameters:

Returns:

  • (Hash)

    hash mapping RID and username

Raises:



427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
 
# File 'lib/ruby_smb/dcerpc/samr.rb', line 427

def samr_enumerate_users_in_domain(domain_handle:,
                                   enumeration_context: 0,
                                   user_account_control: USER_NORMAL_ACCOUNT |
                                                         USER_WORKSTATION_TRUST_ACCOUNT |
                                                         USER_SERVER_TRUST_ACCOUNT |
                                                         USER_INTERDOMAIN_TRUST_ACCOUNT)
  samr_enum_users_request = SamrEnumerateUsersInDomainRequest.new(
    domain_handle: domain_handle,
    user_account_control: ,
    prefered_maximum_length: 0xFFFFFFFF
  )
  res = {}
  loop do
    samr_enum_users_request.enumeration_context = enumeration_context
    response = dcerpc_request(samr_enum_users_request)
    begin
      samr_enum_users_reponse= SamrEnumerateUsersInDomainResponse.read(response)
    rescue IOError
      raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading SamrEnumerateUsersInDomainResponse'
    end
    unless samr_enum_users_reponse.error_status == WindowsError::NTStatus::STATUS_SUCCESS ||
           samr_enum_users_reponse.error_status == WindowsError::NTStatus::STATUS_MORE_ENTRIES
      raise RubySMB::Dcerpc::Error::SamrError,
        "Error returned during users enumeration in SAM server: "\
        "#{WindowsError::NTStatus.find_by_retval(samr_enum_users_reponse.error_status.value).join(',')}"
    end
    samr_enum_users_reponse.buffer.buffer.each_with_object(res) do |entry, hash|
      hash[entry.relative_id] = entry.name.buffer
    end
    break unless samr_enum_users_reponse.error_status == WindowsError::NTStatus::STATUS_MORE_ENTRIES
    enumeration_context = samr_enum_users_reponse.enumeration_context
  end
  res
end

#samr_get_alias_membership(domain_handle:, sids:) ⇒ Array<RubySMB::Dcerpc::Ndr::NdrUint32>

Returns the union of all aliases that a given set of SIDs is a member of.

Parameters:

Returns:

  • (Array<RubySMB::Dcerpc::Ndr::NdrUint32>)

    The union of all aliases represented by RID's

Raises:



525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
 
# File 'lib/ruby_smb/dcerpc/samr.rb', line 525

def samr_get_alias_membership(domain_handle:, sids:)
  sids = [sids] unless sids.is_a?(::Array)
  samr_get_alias_membership_request = SamrGetAliasMembershipRequest.new(
    domain_handle: domain_handle
  )
  sids.each do |sid|
    samr_get_alias_membership_request.sid_array.sids << {sid_pointer: sid}
  end
  response = dcerpc_request(samr_get_alias_membership_request)
  begin
    samr_get_alias_membership_reponse= SamrGetAliasMembershipResponse.read(response)
  rescue IOError
    raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading SamrGetAliasMembershipResponse'
  end
  unless samr_get_alias_membership_reponse.error_status == WindowsError::NTStatus::STATUS_SUCCESS
    raise RubySMB::Dcerpc::Error::SamrError,
      "Error returned while getting alias membership: "\
      "#{WindowsError::NTStatus.find_by_retval(samr_get_alias_membership_reponse.error_status.value).join(',')}"
  end
  return [] if samr_get_alias_membership_reponse.membership.elem_count == 0
  samr_get_alias_membership_reponse.membership.elements.to_ary
end

#samr_get_group_for_user(user_handle:) ⇒ Array<RubySMB::Dcerpc::Samr::GroupMembership>

Returns a listing of groups that a user is a member of

Parameters:

Returns:

Raises:



592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
 
# File 'lib/ruby_smb/dcerpc/samr.rb', line 592

def samr_get_group_for_user(user_handle:)
  samr_get_groups_for_user_request = SamrGetGroupsForUserRequest.new(
    user_handle: user_handle
  )
  response = dcerpc_request(samr_get_groups_for_user_request)
  begin
    samr_get_groups_for_user_reponse= SamrGetGroupsForUserResponse.read(response)
  rescue IOError
    raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading SamrGetGroupsForUserResponse'
  end
  unless samr_get_groups_for_user_reponse.error_status == WindowsError::NTStatus::STATUS_SUCCESS
    raise RubySMB::Dcerpc::Error::SamrError,
      "Error returned while getting user groups: "\
      "#{WindowsError::NTStatus.find_by_retval(samr_get_groups_for_user_reponse.error_status.value).join(',')}"
  end
  samr_get_groups_for_user_reponse.groups.groups.to_ary
end

#samr_lookup_domain(server_handle:, name:) ⇒ RubySMB::Dcerpc::RpcSid

Obtains the SID of a domain object

Parameters:

Returns:

  • (RubySMB::Dcerpc::RpcSid)

    SID value of a domain that corresponds to the Name passed in

Raises:



366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
 
# File 'lib/ruby_smb/dcerpc/samr.rb', line 366

def samr_lookup_domain(server_handle:, name:)
  samr_lookup_domain_in_sam_server_request = SamrLookupDomainInSamServerRequest.new(
    server_handle: server_handle,
    name: name
  )
  response = dcerpc_request(samr_lookup_domain_in_sam_server_request)
  begin
    samr_lookup_domain_in_sam_server_response = SamrLookupDomainInSamServerResponse.read(response)
  rescue IOError
    raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading SamrLookupDomainInSamServerResponse'
  end
  unless samr_lookup_domain_in_sam_server_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
    raise RubySMB::Dcerpc::Error::SamrError,
      "Error returned during domain lookup in SAM server: "\
      "#{WindowsError::NTStatus.find_by_retval(samr_lookup_domain_in_sam_server_response.error_status.value).join(',')}"
  end
  samr_lookup_domain_in_sam_server_response.domain_id
end

#samr_open_domain(server_handle:, access: MAXIMUM_ALLOWED, domain_id:) ⇒ RubySMB::Dcerpc::Samr::SamprHandle

Returns a handle to a domain object.

Parameters:

  • server_handle (RubySMB::Dcerpc::Samr::SamprHandle)

    RPC context handle representing the server object

  • access (Numeric) (defaults to: MAXIMUM_ALLOWED)

    access requested for ServerHandle upon output: bitwise OR of common and server ACCESS_MASK values (defined in lib/ruby_smb/dcerpc/samr.rb).

  • domain_id (RubySMB::Dcerpc::RpcSid)

    SID value of a domain

Returns:

Raises:



398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
 
# File 'lib/ruby_smb/dcerpc/samr.rb', line 398

def samr_open_domain(server_handle:, access: MAXIMUM_ALLOWED, domain_id:)
  samr_open_domain_request = SamrOpenDomainRequest.new(
    server_handle: server_handle,
    desired_access: access,
    domain_id: domain_id
  )
  response = dcerpc_request(samr_open_domain_request)
  begin
    samr_open_domain_response = SamrOpenDomainResponse.read(response)
  rescue IOError
    raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading SamrLookupDomainInSamServerResponse'
  end
  unless samr_open_domain_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
    raise RubySMB::Dcerpc::Error::SamrError,
      "Error returned during domain lookup in SAM server: "\
      "#{WindowsError::NTStatus.find_by_retval(samr_open_domain_response.error_status.value).join(',')}"
  end
  samr_open_domain_response.domain_handle
end

#samr_open_user(domain_handle:, access: MAXIMUM_ALLOWED, user_id:) ⇒ RubySMB::Dcerpc::Samr::SamprHandle

Returns a handle to a user, given a RID

Parameters:

  • domain_handle (RubySMB::Dcerpc::Samr::SamprHandle)

    An RPC context representing a domain object

  • access (Integer) (defaults to: MAXIMUM_ALLOWED)

    An access control that indicates the requested access for the returned handle. It is a bitwise OR of common ACCESS_MASK and user ACCESS_MASK values (see lib/ruby_smb/dcerpc/samr.rb)

  • user_id (Integer)

    RID of a user account

Returns:

Raises:



562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
 
# File 'lib/ruby_smb/dcerpc/samr.rb', line 562

def samr_open_user(domain_handle:, access: MAXIMUM_ALLOWED, user_id:)
  samr_open_user_request = SamrOpenUserRequest.new(
    domain_handle: domain_handle,
    desired_access: access,
    user_id: user_id
  )
  response = dcerpc_request(samr_open_user_request)
  begin
    samr_open_user_response = SamrOpenUserResponse.read(response)
  rescue IOError
    raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading SamrOpenUserResponse'
  end
  unless samr_open_user_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
    raise RubySMB::Dcerpc::Error::SamrError,
      "Error returned when getting a handle to user #{user_id}: "\
      "#{WindowsError::NTStatus.find_by_retval(samr_open_user_response.error_status.value).join(',')}"
  end
  samr_open_user_response.user_handle
end

#samr_rid_to_sid(object_handle:, rid:) ⇒ String

Returns the SID of an account, given a RID.

Parameters:

  • rid (Numeric)

    the RID

Returns:

  • (String)

    The SID of the account referenced by RID

Raises:



470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
 
# File 'lib/ruby_smb/dcerpc/samr.rb', line 470

def samr_rid_to_sid(object_handle:, rid:)
  samr_rid_to_sid_request = SamrRidToSidRequest.new(
    object_handle: object_handle,
    rid: rid
  )
  response = dcerpc_request(samr_rid_to_sid_request)
  begin
    samr_rid_to_sid_response = SamrRidToSidResponse.read(response)
  rescue IOError
    raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading SamrRidToSidResponse'
  end
  unless samr_rid_to_sid_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
    raise RubySMB::Dcerpc::Error::SamrError,
      "Error returned during SID lookup in SAM server: "\
      "#{WindowsError::NTStatus.find_by_retval(samr_rid_to_sid_response.error_status.value).join(',')}"
  end
  samr_rid_to_sid_response.sid
end