Module: RubySMB::Dcerpc::Lsarpc
- Defined in:
- lib/ruby_smb/dcerpc/lsarpc.rb,
lib/ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_request.rb,
lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy_request.rb,
lib/ruby_smb/dcerpc/lsarpc/lsar_close_handle_request.rb,
lib/ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_response.rb,
lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy2_request.rb,
lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy_response.rb,
lib/ruby_smb/dcerpc/lsarpc/lsar_close_handle_response.rb,
lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy2_response.rb,
lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_request.rb,
lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_request.rb,
lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_response.rb,
lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_response.rb
Defined Under Namespace
Classes: LsaprAcl, LsaprAclPtr, LsaprHandle, LsaprHandlePtr, LsaprObjectAttributes, LsaprObjectAttributesPtr, LsaprPolicyAccountDomInfo, LsaprPolicyAccountDomInfoPtr, LsaprPolicyAuditEventsInfo, LsaprPolicyAuditEventsInfoPtr, LsaprPolicyAuditLogInfo, LsaprPolicyAuditLogInfoPtr, LsaprPolicyDnsDomainInfo, LsaprPolicyDnsDomainInfoPtr, LsaprPolicyInformation, LsaprPolicyInformationClass, LsaprPolicyInformationClassPtr, LsaprPolicyInformationPtr, LsaprPolicyLsaServerRole, LsaprPolicyLsaServerRoleInfo, LsaprPolicyLsaServerRoleInfoPtr, LsaprPolicyLsaServerRolePtr, LsaprPolicyMachineAcctInfo, LsaprPolicyMachineAcctInfoPtr, LsaprPolicyPdAccountInfo, LsaprPolicyPdAccountInfoPtr, LsaprPolicyPrimaryDomInfo, LsaprPolicyPrimaryDomInfoPtr, LsaprPolicyReplicaSrceInfo, LsaprPolicyReplicaSrceInfoPtr, LsaprReferencedDomainList, LsaprReferencedDomainListPtr, LsaprSecurityContextTrackingMode, LsaprSecurityContextTrackingModePtr, LsaprSecurityDescriptor, LsaprSecurityDescriptorControl, LsaprSecurityDescriptorControlPtr, LsaprSecurityDescriptorPtr, LsaprSidEnumBuffer, LsaprSidEnumBufferPtr, LsaprSidInformation, LsaprSidInformationArrayPtr, LsaprSidInformationPtr, LsaprTranslatedName, LsaprTranslatedNameArray, LsaprTranslatedNameArrayPtr, LsaprTranslatedNames, LsaprTranslatedNamesPtr, LsaprTrustInformation, LsaprTrustInformationArrayPtr, LsarCloseHandleRequest, LsarCloseHandleResponse, LsarLookupSidsRequest, LsarLookupSidsResponse, LsarOpenPolicy2Request, LsarOpenPolicy2Response, LsarOpenPolicyRequest, LsarOpenPolicyResponse, LsarQueryInformationPolicy2Request, LsarQueryInformationPolicy2Response, LsarQueryInformationPolicyRequest, LsarQueryInformationPolicyResponse, PolicyAuditFullQueryInfo, PolicyAuditFullQueryInfoPtr, PolicyAuditFullSetInfo, PolicyAuditFullSetInfoPtr, PolicyModificationInfo, PolicyModificationInfoPtr, SecurityImpersonationLevel, SecurityImpersonationLevelPtr, SecurityQualityOfService, SecurityQualityOfServicePtr
Constant Summary
collapse
- UUID =
'12345778-1234-abcd-ef00-0123456789ab'.freeze
- VER_MAJOR =
0
- VER_MINOR =
0
- LSAR_CLOSE_HANDLE =
0
- LSAR_OPEN_POLICY =
6
- LSAR_QUERY_INFORMATION_POLICY =
7
- LSAR_LOOKUP_SIDS =
15
- LSAR_OPEN_POLICY2 =
44
- LSAR_QUERY_INFORMATION_POLICY2 =
46
- DELETE =
0x00010000
- READ_CONTROL =
0x00020000
- WRITE_DACL =
0x00040000
- WRITE_OWNER =
0x00040000
- SYNCHRONIZE =
0x00100000
- ACCESS_SYSTEM_SECURITY =
0x01000000
- MAXIMUM_ALLOWED =
0x02000000
- GENERIC_ALL =
0x10000000
- GENERIC_EXECUTE =
0x20000000
- GENERIC_WRITE =
0x40000000
- GENERIC_READ =
0x80000000
- SE_OWNER_DEFAULTED =
0x0001
- SE_GROUP_DEFAULTED =
0x0002
- SE_DACL_PRESENT =
0x0004
- SE_DACL_DEFAULTED =
0x0008
- SE_SACL_PRESENT =
0x0010
- SE_SACL_DEFAULTED =
0x0020
- SE_DACL_UNTRUSTED =
0x0040
- SE_SERVER_SECURITY =
0x0080
- SE_DACL_AUTO_INHERIT_REQ =
0x0100
- SE_SACL_AUTO_INHERIT_REQ =
0x0200
- SE_DACL_AUTO_INHERITED =
0x0400
- SE_SACL_AUTO_INHERITED =
0x0800
- SE_DACL_PROTECTED =
0x1000
- SE_SACL_PROTECTED =
0x2000
- SE_RM_CONTROL_VALID =
0x4000
- SE_SELF_RELATIVE =
0x8000
- SECURITY_ANONYMOUS =
0x0000
- SECURITY_IDENTIFICATION =
0x0001
- SECURITY_IMPERSONATION =
0x0002
- SECURITY_DELEGATION =
0x0003
- SECURITY_CONTEXT_CLIENT_SNAPSHOT =
0x00
- SECURITY_CONTEXT_CONTINUOUS_UPDATES =
0x01
- POLICY_AUDIT_LOG_INFORMATION =
1
- POLICY_AUDIT_EVENTS_INFORMATION =
2
- POLICY_PRIMARY_DOMAIN_INFORMATION =
3
- POLICY_PD_ACCOUNT_INFORMATION =
4
- POLICY_ACCOUNT_DOMAIN_INFORMATION =
5
- POLICY_LSA_SERVER_ROLE_INFORMATION =
6
- POLICY_REPLICA_SOURCE_INFORMATION =
7
- POLICY_INFORMATION_NOT_USED_ON_WIRE =
8
- POLICY_MODIFICATION_INFORMATION =
9
- POLICY_AUDIT_FULL_SET_INFORMATION =
10
- POLICY_AUDIT_FULL_QUERY_INFORMATION =
11
- POLICY_DNS_DOMAIN_INFORMATION =
12
- POLICY_DNS_DOMAIN_INFORMATION_INT =
13
- POLICY_LOCAL_ACCOUNT_DOMAIN_INFORMATION =
14
- POLICY_MACHINE_ACCOUNT_INFORMATION =
15
- POLICY_LAST_ENTRY =
16
- POLICY_SERVER_ROLE_BACKUP =
2
- POLICY_SERVER_ROLE_PRIMARY =
3
- LSAP_LOOKUP_WKSTA =
1
- LSAP_LOOKUP_PDC =
2
- LSAP_LOOKUP_TDL =
3
- LSAP_LOOKUP_GC =
4
- LSAP_LOOKUP_XFOREST_REFERRAL =
5
- LSAP_LOOKUP_XFOREST_RESOLVE =
6
- LSAP_LOOKUP_RODC_REFERRAL_TO_FULL_DC =
7
- SID_TYPE_USER =
1
- SID_TYPE_GROUP =
2
- SID_TYPE_DOMAIN =
3
- SID_TYPE_ALIAS =
4
- SID_TYPE_WELLKNOWN_GROUP =
5
- SID_TYPE_DELETED_ACCOUNT =
6
- SID_TYPE_INVALID =
7
- SID_TYPE_UNKNOWN =
8
- SID_TYPE_COMPUTER =
9
- SID_TYPE_LABEL =
10
Instance Method Summary
collapse
Instance Method Details
#lsar_close_handle(policy_handle:) ⇒ Object
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
|
# File 'lib/ruby_smb/dcerpc/lsarpc.rb', line 600
def lsar_close_handle(policy_handle:)
lsar_request = LsarCloseHandleRequest.new(
policy_handle: policy_handle
)
response = dcerpc_request(lsar_request)
begin
lsar_response = LsarCloseHandleResponse.read(response)
rescue IOError
raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading LsarCloseHandleResponse'
end
unless lsar_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
raise RubySMB::Dcerpc::Error::LsarpcError,
"Error returned while closing policy handle: "\
"#{WindowsError::NTStatus.find_by_retval(lsar_response.error_status.value).join(',')}"
end
lsar_response.policy_handle
end
|
#lsar_lookup_sids(policy_handle:, sids:, lookup_level:) ⇒ Object
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
|
# File 'lib/ruby_smb/dcerpc/lsarpc.rb', line 618
def lsar_lookup_sids(policy_handle:, sids:, lookup_level:)
sid_enum_buffer = { num_entries: sids.count, sid_info: sids.map { |sid| { sid: sid } } }
lsar_request = LsarLookupSidsRequest.new(
policy_handle: policy_handle,
sid_enum_buffer: sid_enum_buffer,
lookup_level: lookup_level
)
response = dcerpc_request(lsar_request)
begin
lsar_response = LsarLookupSidsResponse.read(response)
rescue IOError
raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading LsarLookupSidsResponse'
end
unless lsar_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
raise RubySMB::Dcerpc::Error::LsarpcError,
"Error returned while looking up SID: "\
"#{WindowsError::NTStatus.find_by_retval(lsar_response.error_status.value).join(',')}"
end
lsar_response.translated_names[:names].map do |translated_name|
{ name: translated_name[:name][:buffer], type: translated_name[:use] }
end
end
|
#lsar_open_policy2(system_name:, object_attributes:, access_mask:) ⇒ Object
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
|
# File 'lib/ruby_smb/dcerpc/lsarpc.rb', line 542
def lsar_open_policy2(system_name:, object_attributes:, access_mask:)
lsar_request = LsarOpenPolicy2Request.new(
system_name: system_name,
object_attributes: object_attributes,
access_mask: access_mask
)
response = dcerpc_request(lsar_request)
begin
lsar_response = LsarOpenPolicy2Response.read(response)
rescue IOError
raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading LsarOpenPolicy2Response'
end
unless lsar_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
raise RubySMB::Dcerpc::Error::LsarpcError,
"Error returned while opening policy: "\
"#{WindowsError::NTStatus.find_by_retval(lsar_response.error_status.value).join(',')}"
end
lsar_response.policy_handle
end
|
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
|
# File 'lib/ruby_smb/dcerpc/lsarpc.rb', line 562
def lsar_query_information_policy(policy_handle:, information_class:)
lsar_request = LsarQueryInformationPolicyRequest.new(
policy_handle: policy_handle,
information_class: information_class
)
response = dcerpc_request(lsar_request)
begin
lsar_response = LsarQueryInformationPolicyResponse.read(response)
rescue IOError
raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading LsarQueryInformationPolicyResponse'
end
unless lsar_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
raise RubySMB::Dcerpc::Error::LsarpcError,
"Error returned while querying domain information: "\
"#{WindowsError::NTStatus.find_by_retval(lsar_response.error_status.value).join(',')}"
end
lsar_response.policy_information
end
|
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
|
# File 'lib/ruby_smb/dcerpc/lsarpc.rb', line 581
def lsar_query_information_policy2(policy_handle:, information_class:)
lsar_request = LsarQueryInformationPolicy2Request.new(
policy_handle: policy_handle,
information_class: information_class
)
response = dcerpc_request(lsar_request)
begin
lsar_response = LsarQueryInformationPolicy2Response.read(response)
rescue IOError
raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading LsarQueryInformationPolicy2Response'
end
unless lsar_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
raise RubySMB::Dcerpc::Error::LsarpcError,
"Error returned while querying domain information: "\
"#{WindowsError::NTStatus.find_by_retval(lsar_response.error_status.value).join(',')}"
end
lsar_response.policy_information
end
|