Align variables and add docs references

rapid7 · May 7, 2024 · 019cb82 · 019cb82
1 parent cc11dba
commit 019cb82
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 43 deletions.
diff --git a/lib/ruby_smb/dcerpc/error.rb b/lib/ruby_smb/dcerpc/error.rb
@@ -47,6 +47,9 @@ class CommunicationError < DcerpcError; end
       # Raised when an error is returned during a Epm operation
       class EpmError < DcerpcError; end
 
+      # Raised when an error is returned during an LSARPC operation
+      class LsarpcError < DcerpcError; end
+
       # Raised when an error is returned during a Dfsnm operation
       class DfsnmError < DcerpcError
         include RubySMB::Error::UnexpectedStatusCode::Mixin

diff --git a/lib/ruby_smb/dcerpc/lsarpc.rb b/lib/ruby_smb/dcerpc/lsarpc.rb
@@ -9,7 +9,6 @@ module Lsarpc
 
       # see: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dssp/6f843846-2494-4d49-b715-2f181317dd34
       UUID = '12345778-1234-abcd-ef00-0123456789ab'.freeze
-      # UUID = '3919286a-b10c-11d0-9ba8-00c04fd92ef5'.freeze # DSSETUP
       VER_MAJOR = 0
       VER_MINOR = 0
 
@@ -125,10 +124,10 @@ class LsaprAcl < Ndr::NdrStruct
         default_parameters byte_align: 4
         endian :little
 
-        ndr_uint8       :acl_revision
-        ndr_uint8       :sbz1
+        ndr_uint8      :acl_revision
+        ndr_uint8      :sbz1
         ndr_uint16     :acl_size
-        ndr_conf_array :dummy1, type: :ndr_char#, initial_length: -> { acl_size - 4 }
+        ndr_conf_array :dummy1, type: :ndr_char
       end
 
       class LsaprAclPtr < LsaprAcl
@@ -194,10 +193,10 @@ class SecurityQualityOfService < Ndr::NdrStruct
         default_parameters byte_align: 4
         endian :little
 
-        ndr_uint32                           :len
-        ndr_uint16         :impersonation_level
-        ndr_uint8 :security_context_tracking_mode
-        ndr_uint8                             :effective_only
+        ndr_uint32 :len
+        ndr_uint16 :impersonation_level
+        ndr_uint8  :security_context_tracking_mode
+        ndr_uint8  :effective_only
       end
 
       class SecurityQualityOfServicePtr < SecurityQualityOfService
@@ -209,10 +208,10 @@ class LsaprObjectAttributes < Ndr::NdrStruct
         default_parameters byte_align: 4
         endian :little
 
-        ndr_uint32                  :len
-        ndr_char_ptr                :root_directory # Not used, must be NULL (0). Should this be 32 or 64bit?
-        ndr_wide_stringz_ptr        :object_name
-        ndr_uint32                  :attributes
+        ndr_uint32                      :len
+        ndr_char_ptr                    :root_directory
+        ndr_wide_stringz_ptr            :object_name
+        ndr_uint32                      :attributes
         lsapr_security_descriptor_ptr   :security_descriptor
         security_quality_of_service_ptr :security_quality_of_service
       end
@@ -241,7 +240,7 @@ class LsaprPolicyAuditLogInfo < Ndr::NdrStruct
         ndr_uint32 :audit_log_percent_full
         ndr_uint32 :maximum_log_size
         ndr_uint64 :audit_retention_period
-        ndr_uint8   :audit_log_full_shutdown_in_progress
+        ndr_uint8  :audit_log_full_shutdown_in_progress
         ndr_uint64 :time_to_shutdown
         ndr_uint32 :next_audit_record_id
       end
@@ -255,9 +254,9 @@ class LsaprPolicyAuditEventsInfo < Ndr::NdrStruct
         default_parameters byte_align: 4
         endian :little
 
-        ndr_uint8 :auditing_mode
+        ndr_uint8      :auditing_mode
         ndr_uint32_ptr :event_auditing_options
-        ndr_uint32 :maximum_audit_event_count
+        ndr_uint32     :maximum_audit_event_count
       end
 
       class LsaprPolicyAuditEventsInfoPtr < LsaprPolicyAuditEventsInfo
@@ -269,9 +268,9 @@ class LsaprPolicyPrimaryDomInfo < Ndr::NdrStruct
         default_parameters byte_align: 4
         endian :little
 
-        # rpc_unicode_string :name
+        # TODO: rpc_unicode_string :name
         ndr_wide_string_ptr :name
-        prpc_sid :sid
+        prpc_sid            :sid
       end
 
       class LsaprPolicyPrimaryDomInfoPtr < LsaprPolicyPrimaryDomInfo
@@ -283,8 +282,9 @@ class LsaprPolicyAccountDomInfo < Ndr::NdrStruct
         default_parameters byte_align: 4
         endian :little
 
+        # TODO: rpc_unicode_string :domain_name
         ndr_wide_string_ptr :domain_name
-        prpc_sid :domain_sid
+        prpc_sid            :domain_sid
       end
 
       class LsaprPolicyAccountDomInfoPtr < LsaprPolicyAccountDomInfo
@@ -438,11 +438,11 @@ class LsaprPolicyInformationPtr < LsaprPolicyInformation
         extend Ndr::PointerClassPlugin
       end
 
+      # [2.2.17 LSAPR_SID_INFORMATION](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/f04a771b-c018-4098-81b5-2a819f9b5db8)
       class LsaprSidInformation < Ndr::NdrStruct
         default_parameters byte_align: 4
         endian :little
 
-        # ndr_wide_stringz_ptr :n_name
         prpc_sid :sid
       end
 
@@ -455,51 +455,55 @@ class LsaprSidInformationArrayPtr < Ndr::NdrConfArray
         extend Ndr::PointerClassPlugin
       end
 
+      # [2.2.18 LSAPR_SID_ENUM_BUFFER](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/1ffb61f0-a4fe-4487-858d-fb709d605855)
       class LsaprSidEnumBuffer < Ndr::NdrStruct
         default_parameters byte_align: 4
         endian :little
 
-        ndr_uint32 :num_entries
+        ndr_uint32                      :num_entries
         lsapr_sid_information_array_ptr :sid_info
       end
 
       class LsaprSidEnumBufferPtr < LsaprSidEnumBuffer
         extend Ndr::PointerClassPlugin
       end
 
+      # [2.2.11 LSAPR_TRUST_INFORMATION](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/b0f34b28-b5da-44aa-a607-99c09e6526e1)
       class LsaprTrustInformation < Ndr::NdrStruct
         default_parameters byte_align: 4
         endian :little
 
         rpc_unicode_string :name
-        prpc_sid :sid
+        prpc_sid           :sid
       end
 
       class LsaprTrustInformationArrayPtr < Ndr::NdrConfArray
         default_parameters type: :lsapr_trust_information
         extend Ndr::PointerClassPlugin
       end
 
+      # [2.2.12 LSAPR_REFERENCED_DOMAIN_LIST](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/3a52af31-247a-4b08-91a0-1d46b2cc49b2)
       class LsaprReferencedDomainList < Ndr::NdrStruct
         default_parameters byte_align: 4
         endian :little
 
-        ndr_uint32 :num_entries
+        ndr_uint32                        :num_entries
         lsapr_trust_information_array_ptr :domains
-        ndr_uint32 :max_entries
+        ndr_uint32                        :max_entries
       end
 
       class LsaprReferencedDomainListPtr < LsaprReferencedDomainList
         extend Ndr::PointerClassPlugin
       end
 
+      # [2.2.19 LSAPR_TRANSLATED_NAME](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/52e1ccc1-b57b-4c02-b35f-bd64913ce99b)
       class LsaprTranslatedName < Ndr::NdrStruct
         default_parameters byte_align: 4
         endian :little
 
-        ndr_uint32 :use
+        ndr_uint32         :use
         rpc_unicode_string :name
-        ndr_uint32 :domain_index
+        ndr_uint32         :domain_index
       end
 
       class LsaprTranslatedNameArray < Ndr::NdrConfArray
@@ -511,12 +515,12 @@ class LsaprTranslatedNameArrayPtr < LsaprTranslatedNameArray
         extend Ndr::PointerClassPlugin
       end
 
+      # [2.2.20 LSAPR_TRANSLATED_NAMES](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/ff977eb9-563a-4353-a95f-640e7ee16356)
       class LsaprTranslatedNames < Ndr::NdrStruct
         default_parameters byte_align: 4
         endian :little
 
-        ndr_uint32 :num_entries
-        # Pointer to array of Translated Name
+        ndr_uint32                      :num_entries
         lsapr_translated_name_array_ptr :names
       end
 
@@ -550,8 +554,8 @@ def lsar_open_policy_2(system_name:, object_attributes:, access_mask:)
           raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading LsarOpenPolicy2Response'
         end
         unless lsar_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
-          raise RubySMB::Dcerpc::Error::SamrError,
-                "Error returned while querying domain information: #{lsar_response}"\
+          raise RubySMB::Dcerpc::Error::LsarpcError,
+                "Error returned while opening policy: "\
                   "#{WindowsError::NTStatus.find_by_retval(lsar_response.error_status.value).join(',')}"
         end
         lsar_response.policy_handle
@@ -566,11 +570,11 @@ def lsar_query_information_policy(policy_handle:, information_class:)
         begin
           lsar_response = LsarQueryInformationPolicyResponse.read(response)
         rescue IOError
-          raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading LsarQueryInformationPolicy2Response'
+          raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading LsarQueryInformationPolicyResponse'
         end
         unless lsar_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
-          raise RubySMB::Dcerpc::Error::SamrError,
-                "Error returned while querying domain information: #{lsar_response.inspect}"\
+          raise RubySMB::Dcerpc::Error::LsarpcError,
+                "Error returned while querying domain information: "\
                   "#{WindowsError::NTStatus.find_by_retval(lsar_response.error_status.value).join(',')}"
         end
         lsar_response.policy_information
@@ -588,8 +592,8 @@ def lsar_query_information_policy_2(policy_handle:, information_class:)
           raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading LsarQueryInformationPolicy2Response'
         end
         unless lsar_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
-          raise RubySMB::Dcerpc::Error::SamrError,
-                "Error returned while querying domain information: #{lsar_response.inspect}"\
+          raise RubySMB::Dcerpc::Error::LsarpcError,
+                "Error returned while querying domain information: "\
                   "#{WindowsError::NTStatus.find_by_retval(lsar_response.error_status.value).join(',')}"
         end
         lsar_response.policy_information
@@ -606,8 +610,8 @@ def lsar_close_handle(policy_handle:)
           raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading LsarCloseHandleResponse'
         end
         unless lsar_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
-          raise RubySMB::Dcerpc::Error::SamrError,
-                "Error returned while closing policy handle:"\
+          raise RubySMB::Dcerpc::Error::LsarpcError,
+                "Error returned while closing policy handle: "\
                   "#{WindowsError::NTStatus.find_by_retval(lsar_response.error_status.value).join(',')}"
         end
         lsar_response.policy_handle
@@ -623,19 +627,16 @@ def lsar_lookup_sids(policy_handle:, sid_enum_buffer:, lookup_level:)
         )
         response = dcerpc_request(lsar_request)
         begin
-          require 'pry-byebug'; binding.pry;
-          BinData::trace_reading(STDERR) do
-            lsar_response = LsarLookupSidsResponse.read(response)
-          end
+          lsar_response = LsarLookupSidsResponse.read(response)
         rescue IOError
           raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading LsarLookupSidsResponse'
         end
         unless lsar_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
-          raise RubySMB::Dcerpc::Error::SamrError,
-                "Error returned while Looking up SID: "\
+          raise RubySMB::Dcerpc::Error::LsarpcError,
+                "Error returned while looking up SID: "\
                   "#{WindowsError::NTStatus.find_by_retval(lsar_response.error_status.value).join(',')}"
         end
-        lsar_response.referenced_domains
+        lsar_response.translated_names
       end
 
     end