Skip to content

Commit

Permalink
LookupSids request working again
Browse files Browse the repository at this point in the history
  • Loading branch information
@sjanusz-r7
sjanusz-r7 committed May 2, 2024
1 parent 37d1df0 commit e519c7b
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 8 deletions.
15 changes: 10 additions & 5 deletions lib/ruby_smb/dcerpc/lsarpc.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -442,7 +442,7 @@ class LsaprSidInformation < Ndr::NdrStruct
default_parameters byte_align: 4
endian :little

ndr_wide_stringz_ptr :n_name
# ndr_wide_stringz_ptr :n_name
prpc_sid :sid
end

Expand Down Expand Up @@ -498,7 +498,7 @@ class LsaprTranslatedName < Ndr::NdrStruct
endian :little

ndr_uint32 :use
ndr_wide_stringz_ptr :name
ndr_wide_string_ptr :name
ndr_uint32 :domain_index
end

Expand All @@ -507,12 +507,17 @@ class LsaprTranslatedNameArray < Ndr::NdrConfArray
extend Ndr::PointerClassPlugin
end

class LsaprTranslatedNameArrayPtr < LsaprTranslatedNameArray
extend Ndr::PointerClassPlugin
end

class LsaprTranslatedNames < Ndr::NdrStruct
default_parameters byte_align: 4
endian :little

ndr_uint32 :num_entries
lsapr_translated_name_array :names
# Pointer to array of Translated Name
lsapr_translated_name_array_ptr :names
end

class LsaprTranslatedNamesPtr < LsaprTranslatedNames
Expand Down Expand Up @@ -615,14 +620,14 @@ def lsar_lookup_sids(policy_handle:, sid_enum_buffer:, lookup_level:)
sid_enum_buffer: sid_enum_buffer,
translated_names: { num_entries: 0, names: nil },
lookup_level: lookup_level,
mapped_count: nil
mapped_count: 0
)
response = dcerpc_request(lsar_request)
begin
require 'pry-byebug'; binding.pry;
lsar_response = LsarLookupSidsResponse.read(response)
rescue IOError
raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading LsarCloseHandleResponse'
raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading LsarLookupSidsResponse'
end
unless lsar_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
raise RubySMB::Dcerpc::Error::SamrError,
Expand Down
4 changes: 2 additions & 2 deletions lib/ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_request.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,9 @@ class LsarLookupSidsRequest < BinData::Record

lsapr_handle :policy_handle
lsapr_sid_enum_buffer :sid_enum_buffer
lsapr_translated_names_ptr :translated_names
lsapr_translated_names :translated_names
ndr_uint16 :lookup_level
ndr_uint32_ptr :mapped_count
ndr_uint32 :mapped_count

def initialize_instance
super
Expand Down
2 changes: 1 addition & 1 deletion lib/ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_response.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ class LsarLookupSidsResponse < BinData::Record
endian :little

lsapr_referenced_domain_list_ptr :referenced_domains
# lsapr_translated_names :translated_names
lsapr_translated_names :translated_names
ndr_uint32 :mapped_count
ndr_uint32 :error_status

Expand Down

0 comments on commit e519c7b

Please sign in to comment.