diff --git a/source3/include/rpc_netlogon.h b/source3/include/rpc_netlogon.h index 97bdae2aa04..e221db271f2 100644 --- a/source3/include/rpc_netlogon.h +++ b/source3/include/rpc_netlogon.h @@ -51,7 +51,9 @@ #define SAM_DELTA_ALIAS_INFO 0x09 /* Local groups */ #define SAM_DELTA_ALIAS_MEM 0x0C /* Local group membership */ #define SAM_DELTA_DOM_INFO 0x0D /* Privilige stuff */ +#define SAM_DELTA_UNK0E_INFO 0x0e /* Privilige stuff */ #define SAM_DELTA_PRIVS_INFO 0x10 /* Privilige stuff */ +#define SAM_DELTA_UNK12_INFO 0x12 /* Privilige stuff */ #define SAM_DELTA_SAM_STAMP 0x16 /* Some kind of journal record? */ /* SAM database types */ @@ -735,6 +737,25 @@ typedef struct } SAM_DELTA_DOM; +/* SAM_DELTA_UNK0E (0x0e) */ +typedef struct +{ + uint32 buf_size; + SEC_DESC *sec_desc; + DOM_SID2 sid; + UNIHDR hdr_domain; + + uint32 unknown0; + uint32 unknown1; + uint32 unknown2; + + uint32 buf_size2; + uint32 ptr; + + uint32 unknown3; + UNISTR2 domain; + +} SAM_DELTA_UNK0E; /* SAM_DELTA_PRIVS (0x10) */ typedef struct @@ -773,6 +794,42 @@ typedef struct } SAM_DELTA_PRIVS; +/* SAM_DELTA_UNK12 (0x12) */ +typedef struct +{ + uint32 buf_size; + SEC_DESC *sec_desc; + UNISTR2 secret; + + uint32 count1; + uint32 count2; + uint32 ptr; + NTTIME time1; + uint32 count3; + uint32 count4; + uint32 ptr2; + NTTIME time2; + uint32 unknow1; + + uint32 buf_size2; + uint32 ptr3; + uint32 unknow2; /* 0x0 12 times */ + + uint32 chal_len; + uint32 reserved1; /* 0 */ + uint32 chal_len2; + uint8 chal[16]; + + uint32 key_len; + uint32 reserved2; /* 0 */ + uint32 key_len2; + uint8 key[8]; + + uint32 buf_size3; + SEC_DESC *sec_desc2; + +} SAM_DELTA_UNK12; + /* SAM_DELTA_STAMP (0x16) */ typedef struct { @@ -792,6 +849,8 @@ typedef union sam_delta_ctr_info SAM_DELTA_DOM dom_info; SAM_DELTA_PRIVS privs_info; SAM_DELTA_STAMP stamp; + SAM_DELTA_UNK0E unk0e_info; + SAM_DELTA_UNK12 unk12_info; } SAM_DELTA_CTR; /* NET_R_SAM_SYNC */ diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c index 3062c5c073a..98905275525 100644 --- a/source3/rpc_parse/parse_net.c +++ b/source3/rpc_parse/parse_net.c @@ -2369,6 +2369,140 @@ static BOOL net_io_sam_dom_info(char *desc, SAM_DELTA_DOM *info, if(!smb_io_dom_sid2("domain_sid", &info->domain_sid, ps, depth)) return False; + return True; +} + +/******************************************************************* +reads or writes a structure. +********************************************************************/ +static BOOL net_io_sam_unk0e_info(char *desc, SAM_DELTA_UNK0E *info, + prs_struct *ps, int depth) +{ + int i; + + prs_debug(ps, depth, desc, "net_io_sam_unk0e_info"); + depth++; + + if(!prs_align(ps)) + return False; + + if(!prs_uint32("buf_size", ps, depth, &info->buf_size)) + return False; + + if(!sec_io_desc("sec_desc", &info->sec_desc, ps, depth)) + return False; + + if(!smb_io_dom_sid2("sid", &info->sid, ps, depth)) + return False; + + if(!smb_io_unihdr("hdr_domain", &info->hdr_domain, ps, depth)) + return False; + + if(!prs_uint32("unknown0", ps, depth, &info->unknown0)) + return False; + if(!prs_uint32("unknown1", ps, depth, &info->unknown1)) + return False; + if(!prs_uint32("unknown2", ps, depth, &info->unknown2)) + return False; + + if(!prs_uint32("buf_size2", ps, depth, &info->buf_size2)) + return False; + if(!prs_uint32("ptr", ps, depth, &info->ptr)) + return False; + + for (i=0; i<12; i++) + if(!prs_uint32("unknown3", ps, depth, &info->unknown3)) + return False; + + if (!smb_io_unistr2("domain", &info->domain, True, ps, depth)) + return False; + + return True; +} + +/******************************************************************* +reads or writes a structure. +********************************************************************/ +static BOOL net_io_sam_unk12_info(char *desc, SAM_DELTA_UNK12 *info, + prs_struct *ps, int depth) +{ + int i; + + prs_debug(ps, depth, desc, "net_io_sam_unk12_info"); + depth++; + + if(!prs_align(ps)) + return False; + + if(!prs_uint32("buf_size", ps, depth, &info->buf_size)) + return False; + + if(!sec_io_desc("sec_desc", &info->sec_desc, ps, depth)) + return False; + + if (!smb_io_unistr2("secret", &info->secret, True, ps, depth)) + return False; + + if(!prs_align(ps)) + return False; + + if(!prs_uint32("count1", ps, depth, &info->count1)) + return False; + if(!prs_uint32("count2", ps, depth, &info->count2)) + return False; + if(!prs_uint32("ptr", ps, depth, &info->ptr)) + return False; + + + if(!smb_io_time("time1", &info->time1, ps, depth)) /* logon time */ + return False; + if(!prs_uint32("count3", ps, depth, &info->count3)) + return False; + if(!prs_uint32("count4", ps, depth, &info->count4)) + return False; + if(!prs_uint32("ptr2", ps, depth, &info->ptr2)) + return False; + if(!smb_io_time("time2", &info->time2, ps, depth)) /* logon time */ + return False; + if(!prs_uint32("unknow1", ps, depth, &info->unknow1)) + return False; + + + if(!prs_uint32("buf_size2", ps, depth, &info->buf_size2)) + return False; + if(!prs_uint32("ptr3", ps, depth, &info->ptr3)) + return False; + for(i=0; i<12; i++) + if(!prs_uint32("unknow2", ps, depth, &info->unknow2)) + return False; + + if(!prs_uint32("chal_len", ps, depth, &info->chal_len)) + return False; + if(!prs_uint32("reserved1", ps, depth, &info->reserved1)) + return False; + if(!prs_uint32("chal_len2", ps, depth, &info->chal_len2)) + return False; + + if(!prs_uint8s (False, "chal", ps, depth, info->chal, info->chal_len2)) + return False; + + if(!prs_uint32("key_len", ps, depth, &info->key_len)) + return False; + if(!prs_uint32("reserved2", ps, depth, &info->reserved2)) + return False; + if(!prs_uint32("key_len2", ps, depth, &info->key_len2)) + return False; + + if(!prs_uint8s (False, "key", ps, depth, info->key, info->key_len2)) + return False; + + + if(!prs_uint32("buf_size3", ps, depth, &info->buf_size3)) + return False; + + if(!sec_io_desc("sec_desc2", &info->sec_desc2, ps, depth)) + return False; + return True; } @@ -2517,6 +2651,16 @@ static BOOL net_io_sam_delta_ctr(char *desc, uint8 sess_key[16], return False; break; + case SAM_DELTA_UNK0E_INFO: + if (!net_io_sam_unk0e_info("", &delta->unk0e_info, ps, depth)) + return False; + break; + + case SAM_DELTA_UNK12_INFO: + if (!net_io_sam_unk12_info("", &delta->unk12_info, ps, depth)) + return False; + break; + default: DEBUG(0, ("Replication error: Unknown delta type 0x%x\n", type)); break;