From d06d2c876e3f295715e818fa6869d968e32b3dc4 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 22 Sep 2002 10:30:00 +0000 Subject: Change parsing of policy and privs delta to what Ethereal says. Volker (This used to be commit 8c41b5cd1b8b0c2639def9552bd20b8aca39785c) --- source3/include/rpc_netlogon.h | 93 +++++++++++---------------- source3/rpc_parse/parse_net.c | 136 +++++++++++++++++++--------------------- source3/utils/net_rpc_samsync.c | 4 +- 3 files changed, 104 insertions(+), 129 deletions(-) (limited to 'source3') diff --git a/source3/include/rpc_netlogon.h b/source3/include/rpc_netlogon.h index 500f5fef8a..fb849f8238 100644 --- a/source3/include/rpc_netlogon.h +++ b/source3/include/rpc_netlogon.h @@ -719,45 +719,31 @@ typedef struct sam_alias_mem_info_info /* SAM_DELTA_POLICY (0x0D) */ typedef struct { - uint32 unknown1; /* 0x5000 */ - uint32 unknown2; /* 0 */ - uint32 unknown3; /* 0 */ - uint32 unknown4; /* 0 */ - uint32 count1; - uint32 ptr1; - uint16 count2; - uint16 count3; - uint32 ptr2; - uint32 ptr3; - - uint32 unknown4b; /* 0x02000000 */ - uint32 unknown5; /* 0x00100000 */ - uint32 unknown6; /* 0x00010000 */ - uint32 unknown7; /* 0x0f000000 */ - uint32 unknown8; /* 0 */ - uint32 unknown9; /* 0 */ - uint32 unknown10; /* 0 */ - uint32 unknown11; /* 0x3c*/ - uint32 unknown12; /* 0*/ - - uint32 unknown13; /* a7080110 */ - uint32 unknown14; /* 01bfb0dd */ - uint32 unknown15; /* 0f */ - uint32 unknown16; /* 68 */ - uint32 unknown17; /* 00169000 */ - - uint32 count4; - uint32 unknown18; /* 0 times count4 */ - - uint32 unknown19; /* 8 */ - - uint32 unknown20; /* 0x04 times count1 */ - - uint32 ptr4; - - UNISTR2 domain_name; + uint32 max_log_size; /* 0x5000 */ + UINT64_S audit_retention_period; /* 0 */ + uint32 auditing_mode; /* 0 */ + uint32 num_events; + uint32 ptr_events; + UNIHDR hdr_dom_name; + uint32 sid_ptr; + + uint32 paged_pool_limit; /* 0x02000000 */ + uint32 non_paged_pool_limit; /* 0x00100000 */ + uint32 min_workset_size; /* 0x00010000 */ + uint32 max_workset_size; /* 0x0f000000 */ + uint32 page_file_limit; /* 0 */ + UINT64_S time_limit; /* 0 */ + NTTIME modify_time; /* 0x3c*/ + NTTIME create_time; /* a7080110 */ + BUFHDR2 hdr_sec_desc; + + uint32 num_event_audit_options; + uint32 event_audit_option; + + UNISTR2 domain_name; DOM_SID2 domain_sid; + BUFFER4 buf_sec_desc; } SAM_DELTA_POLICY; /* SAM_DELTA_TRUST_DOMS */ @@ -783,29 +769,24 @@ typedef struct /* SAM_DELTA_PRIVS (0x10) */ typedef struct { - uint32 buf_size; - SEC_DESC *sec_desc; DOM_SID2 sid; uint32 priv_count; - uint32 reserved1; /* 0x0 */ - - uint32 ptr1; - uint32 ptr2; - - uint32 unknown1; - uint32 unknown2; - uint32 unknown3; - uint32 unknown4; - uint32 unknown5; - uint32 unknown6; - uint32 unknown7; - uint32 unknown8; - uint32 unknown9; + uint32 priv_control; + + uint32 priv_attr_ptr; + uint32 priv_name_ptr; + + uint32 paged_pool_limit; /* 0x02000000 */ + uint32 non_paged_pool_limit; /* 0x00100000 */ + uint32 min_workset_size; /* 0x00010000 */ + uint32 max_workset_size; /* 0x0f000000 */ + uint32 page_file_limit; /* 0 */ + UINT64_S time_limit; /* 0 */ + uint32 system_flags; /* 1 */ + BUFHDR2 hdr_sec_desc; uint32 buf_size2; - uint32 ptr3; - uint32 unknown10; /* 48 bytes 0x0*/ uint32 attribute_count; uint32 *attributes; @@ -814,7 +795,7 @@ typedef struct UNIHDR *hdr_privslist; UNISTR2 *uni_privslist; - + BUFFER4 buf_sec_desc; } SAM_DELTA_PRIVS; /* SAM_DELTA_SECRET */ diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c index f1d813c3f0..e0f710b2d7 100644 --- a/source3/rpc_parse/parse_net.c +++ b/source3/rpc_parse/parse_net.c @@ -2357,79 +2357,70 @@ static BOOL net_io_sam_policy_info(char *desc, SAM_DELTA_POLICY *info, prs_struct *ps, int depth) { int i; - prs_debug(ps, depth, desc, "net_io_sam_policy_info"); depth++; if(!prs_align(ps)) return False; - if (!prs_uint32("unknown1", ps, depth, &info->unknown1)) - return False; - if (!prs_uint32("unknown2", ps, depth, &info->unknown2)) + if (!prs_uint32("max_log_size", ps, depth, &info->max_log_size)) return False; - if (!prs_uint32("unknown3", ps, depth, &info->unknown3)) + if (!prs_uint64("audit_retention_period", ps, depth, + &info->audit_retention_period)) return False; - if (!prs_uint32("unknown4", ps, depth, &info->unknown4)) + if (!prs_uint32("auditing_mode", ps, depth, &info->auditing_mode)) return False; - if (!prs_uint32("count1", ps, depth, &info->count1)) + if (!prs_uint32("num_events", ps, depth, &info->num_events)) return False; - if (!prs_uint32("ptr1", ps, depth, &info->ptr1)) + if (!prs_uint32("ptr_events", ps, depth, &info->ptr_events)) return False; - if (!prs_uint16("count2", ps, depth, &info->count2)) - return False; - if (!prs_uint16("count3", ps, depth, &info->count3)) - return False; + if (!smb_io_unihdr("hdr_dom_name", &info->hdr_dom_name, ps, depth)) + return False; - if (!prs_uint32("ptr2", ps, depth, &info->ptr2)) - return False; - if (!prs_uint32("ptr3", ps, depth, &info->ptr3)) + if (!prs_uint32("sid_ptr", ps, depth, &info->sid_ptr)) return False; - if (!prs_uint32("unknown4b", ps, depth, &info->unknown4b)) + if (!prs_uint32("paged_pool_limit", ps, depth, &info->paged_pool_limit)) return False; - if (!prs_uint32("unknown5", ps, depth, &info->unknown5)) + if (!prs_uint32("non_paged_pool_limit", ps, depth, + &info->non_paged_pool_limit)) return False; - if (!prs_uint32("unknown6", ps, depth, &info->unknown6)) + if (!prs_uint32("min_workset_size", ps, depth, &info->min_workset_size)) return False; - if (!prs_uint32("unknown7", ps, depth, &info->unknown7)) + if (!prs_uint32("max_workset_size", ps, depth, &info->max_workset_size)) return False; - if (!prs_uint32("unknown8", ps, depth, &info->unknown8)) + if (!prs_uint32("page_file_limit", ps, depth, &info->page_file_limit)) return False; - if (!prs_uint32("unknown9", ps, depth, &info->unknown9)) + if (!prs_uint64("time_limit", ps, depth, &info->time_limit)) return False; - if (!prs_uint32("unknown10", ps, depth, &info->unknown10)) + if (!smb_io_time("modify_time", &info->modify_time, ps, depth)) return False; - if (!prs_uint32("unknown11", ps, depth, &info->unknown11)) + if (!smb_io_time("create_time", &info->create_time, ps, depth)) return False; - if (!prs_uint32("unknown12", ps, depth, &info->unknown12)) + if (!smb_io_bufhdr2("hdr_sec_desc", &info->hdr_sec_desc, ps, depth)) return False; - if (!prs_uint32("unknown13", ps, depth, &info->unknown13)) - return False; - if (!prs_uint32("unknown14", ps, depth, &info->unknown14)) - return False; - if (!prs_uint32("unknown15", ps, depth, &info->unknown15)) - return False; - if (!prs_uint32("unknown16", ps, depth, &info->unknown16)) - return False; - if (!prs_uint32("unknown17", ps, depth, &info->unknown17)) - return False; + for (i=0; i<4; i++) { + UNIHDR dummy; + if (!smb_io_unihdr("dummy", &dummy, ps, depth)) + return False; + } - for (i=0; icount2; i++) - if (!prs_uint32("unknown18", ps, depth, &info->unknown18)) - return False; + for (i=0; i<4; i++) { + uint32 reserved; + if (!prs_uint32("reserved", ps, depth, &reserved)) + return False; + } - if (!prs_uint32("unknown19", ps, depth, &info->unknown19)) + if (!prs_uint32("num_event_audit_options", ps, depth, + &info->num_event_audit_options)) return False; - for (i=0; icount1; i++) - if (!prs_uint32("unknown20", ps, depth, &info->unknown20)) - return False; - - if (!prs_uint32("ptr4", ps, depth, &info->ptr4)) - return False; + for (i=0; inum_event_audit_options; i++) + if (!prs_uint32("event_audit_option", ps, depth, + &info->event_audit_option)) + return False; if (!smb_io_unistr2("domain_name", &info->domain_name, True, ps, depth)) return False; @@ -2437,6 +2428,11 @@ static BOOL net_io_sam_policy_info(char *desc, SAM_DELTA_POLICY *info, if(!smb_io_dom_sid2("domain_sid", &info->domain_sid, ps, depth)) return False; + if (!smb_io_buffer4("buf_sec_desc", &info->buf_sec_desc, + info->hdr_sec_desc.buffer, ps, depth)) + + return False; + return True; } @@ -2589,52 +2585,48 @@ static BOOL net_io_sam_privs_info(char *desc, SAM_DELTA_PRIVS *info, if(!prs_align(ps)) return False; - if(!prs_uint32("buf_size", ps, depth, &info->buf_size)) - return False; - - if(!sec_io_desc("sec_desc", &info->sec_desc, ps, depth)) - return False; - if(!smb_io_dom_sid2("sid", &info->sid, ps, depth)) return False; if(!prs_uint32("priv_count", ps, depth, &info->priv_count)) return False; - if(!prs_uint32("reserved1", ps, depth, &info->reserved1)) + if(!prs_uint32("priv_control", ps, depth, &info->priv_control)) return False; - if(!prs_uint32("ptr1", ps, depth, &info->ptr1)) + if(!prs_uint32("priv_attr_ptr", ps, depth, &info->priv_attr_ptr)) return False; - if(!prs_uint32("ptr2", ps, depth, &info->ptr2)) + if(!prs_uint32("priv_name_ptr", ps, depth, &info->priv_name_ptr)) return False; - if(!prs_uint32("unknown1", ps, depth, &info->unknown1)) + if (!prs_uint32("paged_pool_limit", ps, depth, &info->paged_pool_limit)) return False; - if(!prs_uint32("unknown2", ps, depth, &info->unknown2)) + if (!prs_uint32("non_paged_pool_limit", ps, depth, + &info->non_paged_pool_limit)) return False; - if(!prs_uint32("unknown3", ps, depth, &info->unknown3)) + if (!prs_uint32("min_workset_size", ps, depth, &info->min_workset_size)) return False; - if(!prs_uint32("unknown4", ps, depth, &info->unknown4)) + if (!prs_uint32("max_workset_size", ps, depth, &info->max_workset_size)) return False; - if(!prs_uint32("unknown5", ps, depth, &info->unknown5)) + if (!prs_uint32("page_file_limit", ps, depth, &info->page_file_limit)) return False; - if(!prs_uint32("unknown6", ps, depth, &info->unknown6)) + if (!prs_uint64("time_limit", ps, depth, &info->time_limit)) return False; - if(!prs_uint32("unknown7", ps, depth, &info->unknown7)) + if (!prs_uint32("system_flags", ps, depth, &info->system_flags)) return False; - if(!prs_uint32("unknown8", ps, depth, &info->unknown8)) - return False; - if(!prs_uint32("unknown9", ps, depth, &info->unknown9)) + if (!smb_io_bufhdr2("hdr_sec_desc", &info->hdr_sec_desc, ps, depth)) return False; - if(!prs_uint32("buf_size2", ps, depth, &info->buf_size2)) - return False; - if(!prs_uint32("ptr3", ps, depth, &info->ptr3)) - return False; + for (i=0; i<4; i++) { + UNIHDR dummy; + if (!smb_io_unihdr("dummy", &dummy, ps, depth)) + return False; + } - for (i=0; i<12; i++) - if(!prs_uint32("unknown10", ps, depth, &info->unknown10)) - return False; + for (i=0; i<4; i++) { + uint32 reserved; + if (!prs_uint32("reserved", ps, depth, &reserved)) + return False; + } if(!prs_uint32("attribute_count", ps, depth, &info->attribute_count)) return False; @@ -2659,6 +2651,10 @@ static BOOL net_io_sam_privs_info(char *desc, SAM_DELTA_PRIVS *info, if (!smb_io_unistr2("uni_privslist", &info->uni_privslist[i], True, ps, depth)) return False; + if (!smb_io_buffer4("buf_sec_desc", &info->buf_sec_desc, + info->hdr_sec_desc.buffer, ps, depth)) + return False; + return True; } diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 6d8b7c672f..9d54a771fc 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -171,9 +171,7 @@ int rpc_samdump(int argc, const char **argv) dump_database(cli, SAM_DATABASE_DOMAIN, &ret_creds); dump_database(cli, SAM_DATABASE_BUILTIN, &ret_creds); - - /* Currently we crash on PRIVS somewhere in unmarshalling */ - /* Dump_database(cli, SAM_DATABASE_PRIVS, &ret_creds); */ + dump_database(cli, SAM_DATABASE_PRIVS, &ret_creds); cli_nt_session_close(cli); -- cgit