search

rapid7 / smbj-rpc

Created by Paul Miseiko via the GitHub Connector
Other
55 stars 27 forks source link

Always getting `nca_s_fault_ndr (0x000006F7)` error when trying to call `LocalSecurityAuthorityService::openPolicyHandle` #172

Open grishick opened 1 year ago

grishick commented 1 year ago

Describe the bug I am trying to create a Nifi processor that reads account permissions. I am able to connect and authenticate to SMB service, but I am not able to open a policy handle. This line PolicyHandle handle = service.openPolicyHandle(adServerNameorNull, Integer.parseInt(accessLevel)); always results in nca_s_fault_ndr (0x000006F7) error from Active Directory. According to Microsoft docs this error means RPC_X_BAD_STUB_DATA To Reproduce Steps to reproduce the behavior:

try using LocalSecurityAuthorityService::openPolicyHandle()

Code that reproduces the behavior: This is the code:

        try (Connection connection = smbClient.connect(hostname);
            Session smbSession = connection.authenticate(ac)) {
            final RPCTransport transport = SMBTransportFactories.SRVSVC.getTransport(smbSession);
            long sessionId = smbSession.getSessionId();
            String sessionKey = smbSession.getSessionContext().getSessionKey().toString();
            getLogger().debug("Connected to SMB service. SessionId: {}, SessionKey: {}", new Object[]{sessionId, sessionKey});
            final LocalSecurityAuthorityService service = new LocalSecurityAuthorityService(transport);

            PolicyHandle handle = service.openPolicyHandle(adServerNameorNull, Integer.parseInt(accessLevel));
            String[] accountRights = service.getAccountRights(handle, accountSid);

            // add account rights to incoming flowfile and pass it to success relationship
            if (flowFile != null) {
                flowFile = session.putAttribute(flowFile, "accountRights", String.join(",", accountRights));
                session.transfer(flowFile, REL_SUCCESS);
            }
        } catch (Exception e) {
            getLogger().error("Could not establish smb connection because of error {}", new Object[]{e});
            context.yield();
            smbClient.getServerList().unregister(hostname);
            session.transfer(flowFile, REL_FAILURE);
        }

Expected behavior openPolicyHandle should return PolicyHandle object

Environment (please complete the following information):

jdrews417 commented 11 months ago

Try changing final RPCTransport transport = SMBTransportFactories.SRVSVC.getTransport(smbSession); to final RPCTransport transport = SMBTransportFactories.LSASVC.getTransport(smbSession);

I was able to get the same error (while searching for how to do this - really need some docs), and since this is a LSA service, tried that instead and it worked. Also, is your connection to a DC? IE, is your host you are asking capable of doing the work? I had to point to our AD DC instead of the SMB File Server.