diff options
author | Jean-François Micouleau <jfm@samba.org> | 2001-12-12 09:43:56 +0000 |
---|---|---|
committer | Jean-François Micouleau <jfm@samba.org> | 2001-12-12 09:43:56 +0000 |
commit | c75d9409aaac374fa4a39470bcdd4c2f273dc656 (patch) | |
tree | e89cce0a828cbf832f3567c6c902cc8b1631dc4b /source3 | |
parent | 60b53b3f6f96c90533264f9dcbfc0edb61f41b7e (diff) | |
download | samba-c75d9409aaac374fa4a39470bcdd4c2f273dc656.tar.gz samba-c75d9409aaac374fa4a39470bcdd4c2f273dc656.tar.bz2 samba-c75d9409aaac374fa4a39470bcdd4c2f273dc656.zip |
a ugly decoder for SAM_DELTA_DOM_INFO (0x0d)
a correct decoder for SAM_PRIVS_INFO (0x10)
this code is totally useless right now, it's just fun to decode those and
will save tpot some time.
J.F.
(This used to be commit 314b675ed9ebacba9db25938c43cfa304462ebe2)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/include/rpc_netlogon.h | 91 | ||||
-rw-r--r-- | source3/rpc_parse/parse_net.c | 242 |
2 files changed, 291 insertions, 42 deletions
diff --git a/source3/include/rpc_netlogon.h b/source3/include/rpc_netlogon.h index e86c5230ed..97bdae2aa0 100644 --- a/source3/include/rpc_netlogon.h +++ b/source3/include/rpc_netlogon.h @@ -50,8 +50,8 @@ #define SAM_DELTA_GROUP_MEM 0x08 /* Group membership */ #define SAM_DELTA_ALIAS_INFO 0x09 /* Local groups */ #define SAM_DELTA_ALIAS_MEM 0x0C /* Local group membership */ -#define SAM_DELTA_UNKNOWN 0x0D /* Privilige stuff */ -#define SAM_DELTA_UNKNOWN2 0x10 /* Privilige stuff */ +#define SAM_DELTA_DOM_INFO 0x0D /* Privilige stuff */ +#define SAM_DELTA_PRIVS_INFO 0x10 /* Privilige stuff */ #define SAM_DELTA_SAM_STAMP 0x16 /* Some kind of journal record? */ /* SAM database types */ @@ -690,6 +690,89 @@ typedef struct sam_alias_mem_info_info } SAM_ALIAS_MEM_INFO; + +/* SAM_DELTA_DOM (0x0D) */ +typedef struct +{ + uint32 unknown1; /* 0x5000 */ + uint32 unknown2; /* 0 */ + uint32 unknown3; /* 0 */ + uint32 unknown4; /* 0 */ + uint32 count1; + uint32 ptr1; + uint16 count2; + uint16 count3; + uint32 ptr2; + uint32 ptr3; + + uint32 unknown4b; /* 0x02000000 */ + uint32 unknown5; /* 0x00100000 */ + uint32 unknown6; /* 0x00010000 */ + uint32 unknown7; /* 0x0f000000 */ + uint32 unknown8; /* 0 */ + uint32 unknown9; /* 0 */ + uint32 unknown10; /* 0 */ + uint32 unknown11; /* 0x3c*/ + uint32 unknown12; /* 0*/ + + uint32 unknown13; /* a7080110 */ + uint32 unknown14; /* 01bfb0dd */ + uint32 unknown15; /* 0f */ + uint32 unknown16; /* 68 */ + uint32 unknown17; /* 00169000 */ + + uint32 count4; + uint32 unknown18; /* 0 times count4 */ + + uint32 unknown19; /* 8 */ + + uint32 unknown20; /* 0x04 times count1 */ + + uint32 ptr4; + + UNISTR2 domain_name; + DOM_SID2 domain_sid; + +} SAM_DELTA_DOM; + + +/* SAM_DELTA_PRIVS (0x10) */ +typedef struct +{ + uint32 buf_size; + SEC_DESC *sec_desc; + DOM_SID2 sid; + + uint32 priv_count; + uint32 reserved1; /* 0x0 */ + + uint32 ptr1; + uint32 ptr2; + + uint32 unknown1; + uint32 unknown2; + uint32 unknown3; + uint32 unknown4; + uint32 unknown5; + uint32 unknown6; + uint32 unknown7; + uint32 unknown8; + uint32 unknown9; + + uint32 buf_size2; + uint32 ptr3; + uint32 unknown10; /* 48 bytes 0x0*/ + + uint32 attribute_count; + uint32 *attributes; + + uint32 privlist_count; + UNIHDR *hdr_privslist; + UNISTR2 *uni_privslist; + + +} SAM_DELTA_PRIVS; + /* SAM_DELTA_STAMP (0x16) */ typedef struct { @@ -706,7 +789,9 @@ typedef union sam_delta_ctr_info SAM_GROUP_MEM_INFO grp_mem_info; SAM_ALIAS_INFO alias_info ; SAM_ALIAS_MEM_INFO als_mem_info; - SAM_DELTA_STAMP stamp; + SAM_DELTA_DOM dom_info; + SAM_DELTA_PRIVS privs_info; + SAM_DELTA_STAMP stamp; } SAM_DELTA_CTR; /* NET_R_SAM_SYNC */ diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c index 926c73f016..3062c5c073 100644 --- a/source3/rpc_parse/parse_net.c +++ b/source3/rpc_parse/parse_net.c @@ -2285,6 +2285,184 @@ static BOOL net_io_sam_alias_mem_info(char *desc, SAM_ALIAS_MEM_INFO * info, /******************************************************************* reads or writes a structure. ********************************************************************/ +static BOOL net_io_sam_dom_info(char *desc, SAM_DELTA_DOM *info, + prs_struct *ps, int depth) +{ + int i; + + prs_debug(ps, depth, desc, "net_io_sam_dom_info"); + depth++; + + if(!prs_align(ps)) + return False; + + if (!prs_uint32("unknown1", ps, depth, &info->unknown1)) + return False; + if (!prs_uint32("unknown2", ps, depth, &info->unknown2)) + return False; + if (!prs_uint32("unknown3", ps, depth, &info->unknown3)) + return False; + if (!prs_uint32("unknown4", ps, depth, &info->unknown4)) + return False; + if (!prs_uint32("count1", ps, depth, &info->count1)) + return False; + if (!prs_uint32("ptr1", ps, depth, &info->ptr1)) + return False; + + if (!prs_uint16("count2", ps, depth, &info->count2)) + return False; + if (!prs_uint16("count3", ps, depth, &info->count3)) + return False; + + if (!prs_uint32("ptr2", ps, depth, &info->ptr2)) + return False; + if (!prs_uint32("ptr3", ps, depth, &info->ptr3)) + return False; + + if (!prs_uint32("unknown4b", ps, depth, &info->unknown4b)) + return False; + if (!prs_uint32("unknown5", ps, depth, &info->unknown5)) + return False; + if (!prs_uint32("unknown6", ps, depth, &info->unknown6)) + return False; + if (!prs_uint32("unknown7", ps, depth, &info->unknown7)) + return False; + if (!prs_uint32("unknown8", ps, depth, &info->unknown8)) + return False; + if (!prs_uint32("unknown9", ps, depth, &info->unknown9)) + return False; + if (!prs_uint32("unknown10", ps, depth, &info->unknown10)) + return False; + if (!prs_uint32("unknown11", ps, depth, &info->unknown11)) + return False; + if (!prs_uint32("unknown12", ps, depth, &info->unknown12)) + return False; + + if (!prs_uint32("unknown13", ps, depth, &info->unknown13)) + return False; + if (!prs_uint32("unknown14", ps, depth, &info->unknown14)) + return False; + if (!prs_uint32("unknown15", ps, depth, &info->unknown15)) + return False; + if (!prs_uint32("unknown16", ps, depth, &info->unknown16)) + return False; + if (!prs_uint32("unknown17", ps, depth, &info->unknown17)) + return False; + + for (i=0; i<info->count2; i++) + if (!prs_uint32("unknown18", ps, depth, &info->unknown18)) + return False; + + if (!prs_uint32("unknown19", ps, depth, &info->unknown19)) + return False; + + for (i=0; i<info->count1; i++) + if (!prs_uint32("unknown20", ps, depth, &info->unknown20)) + return False; + + if (!prs_uint32("ptr4", ps, depth, &info->ptr4)) + return False; + + if (!smb_io_unistr2("domain_name", &info->domain_name, True, ps, depth)) + return False; + + if(!smb_io_dom_sid2("domain_sid", &info->domain_sid, ps, depth)) + return False; + + + return True; +} + +/******************************************************************* +reads or writes a structure. +********************************************************************/ +static BOOL net_io_sam_privs_info(char *desc, SAM_DELTA_PRIVS *info, + prs_struct *ps, int depth) +{ + int i; + + prs_debug(ps, depth, desc, "net_io_sam_privs_info"); + depth++; + + if(!prs_align(ps)) + return False; + + if(!prs_uint32("buf_size", ps, depth, &info->buf_size)) + return False; + + if(!sec_io_desc("sec_desc", &info->sec_desc, ps, depth)) + return False; + + if(!smb_io_dom_sid2("sid", &info->sid, ps, depth)) + return False; + + if(!prs_uint32("priv_count", ps, depth, &info->priv_count)) + return False; + if(!prs_uint32("reserved1", ps, depth, &info->reserved1)) + return False; + + if(!prs_uint32("ptr1", ps, depth, &info->ptr1)) + return False; + if(!prs_uint32("ptr2", ps, depth, &info->ptr2)) + return False; + + if(!prs_uint32("unknown1", ps, depth, &info->unknown1)) + return False; + if(!prs_uint32("unknown2", ps, depth, &info->unknown2)) + return False; + if(!prs_uint32("unknown3", ps, depth, &info->unknown3)) + return False; + if(!prs_uint32("unknown4", ps, depth, &info->unknown4)) + return False; + if(!prs_uint32("unknown5", ps, depth, &info->unknown5)) + return False; + if(!prs_uint32("unknown6", ps, depth, &info->unknown6)) + return False; + if(!prs_uint32("unknown7", ps, depth, &info->unknown7)) + return False; + if(!prs_uint32("unknown8", ps, depth, &info->unknown8)) + return False; + if(!prs_uint32("unknown9", ps, depth, &info->unknown9)) + return False; + + if(!prs_uint32("buf_size2", ps, depth, &info->buf_size2)) + return False; + if(!prs_uint32("ptr3", ps, depth, &info->ptr3)) + return False; + + for (i=0; i<12; i++) + if(!prs_uint32("unknown10", ps, depth, &info->unknown10)) + return False; + + if(!prs_uint32("attribute_count", ps, depth, &info->attribute_count)) + return False; + + info->attributes = talloc(ps->mem_ctx, sizeof(uint32) * info->attribute_count); + + for (i=0; i<info->attribute_count; i++) + if(!prs_uint32("attributes", ps, depth, &info->attributes[i])) + return False; + + if(!prs_uint32("privlist_count", ps, depth, &info->privlist_count)) + return False; + + info->hdr_privslist = talloc(ps->mem_ctx, sizeof(UNIHDR) * info->privlist_count); + info->uni_privslist = talloc(ps->mem_ctx, sizeof(UNISTR2) * info->privlist_count); + + for (i=0; i<info->privlist_count; i++) + if(!smb_io_unihdr("hdr_privslist", &info->hdr_privslist[i], ps, depth)) + return False; + + for (i=0; i<info->privlist_count; i++) + if (!smb_io_unistr2("uni_privslist", &info->uni_privslist[i], True, ps, depth)) + return False; + + return True; +} + +/******************************************************************* +reads or writes a structure. +********************************************************************/ static BOOL net_io_sam_delta_ctr(char *desc, uint8 sess_key[16], SAM_DELTA_CTR * delta, uint16 type, prs_struct *ps, int depth) @@ -2292,70 +2470,56 @@ static BOOL net_io_sam_delta_ctr(char *desc, uint8 sess_key[16], prs_debug(ps, depth, desc, "net_io_sam_delta_ctr"); depth++; - switch (type) - { + switch (type) { /* Seen in sam deltas */ - case SAM_DELTA_SAM_STAMP: - { - if (!net_io_sam_delta_stamp("", &delta->stamp, - ps, depth)) + if (!net_io_sam_delta_stamp("", &delta->stamp, ps, depth)) return False; break; - } case SAM_DELTA_DOMAIN_INFO: - { - if (!net_io_sam_domain_info("", &delta->domain_info, - ps, depth)) + if (!net_io_sam_domain_info("", &delta->domain_info, ps, depth)) return False; break; - } + case SAM_DELTA_GROUP_INFO: - { - if (!net_io_sam_group_info("", &delta->group_info, - ps, depth)) + if (!net_io_sam_group_info("", &delta->group_info, ps, depth)) return False; break; - } + case SAM_DELTA_ACCOUNT_INFO: - { - if (!net_io_sam_account_info("", sess_key, - &delta->account_info, - ps, depth)) + if (!net_io_sam_account_info("", sess_key, &delta->account_info, ps, depth)) return False; break; - } + case SAM_DELTA_GROUP_MEM: - { - if (!net_io_sam_group_mem_info("", - &delta->grp_mem_info, - ps, depth)) + if (!net_io_sam_group_mem_info("", &delta->grp_mem_info, ps, depth)) return False; break; - } + case SAM_DELTA_ALIAS_INFO: - { - if (!net_io_sam_alias_info("", &delta->alias_info, - ps, depth)) + if (!net_io_sam_alias_info("", &delta->alias_info, ps, depth)) return False; break; - } + + case SAM_DELTA_DOM_INFO: + if (!net_io_sam_dom_info("", &delta->dom_info, ps, depth)) + return False; + break; + case SAM_DELTA_ALIAS_MEM: - { - if (!net_io_sam_alias_mem_info("", - &delta->als_mem_info, - ps, depth)) + if (!net_io_sam_alias_mem_info("", &delta->als_mem_info, ps, depth)) return False; break; - } + + case SAM_DELTA_PRIVS_INFO: + if (!net_io_sam_privs_info("", &delta->privs_info, ps, depth)) + return False; + break; + default: - { - DEBUG(0, - ("Replication error: Unknown delta type 0x%x\n", - type)); + DEBUG(0, ("Replication error: Unknown delta type 0x%x\n", type)); break; - } } return True; |