Add support of remote shutdown protocol

CONTRIBUTORS

@@ -1 +1,2 @@
 Paul-Andrew Joseph Miseiko <[email protected]>
+Vadim Frolov <[email protected]>

README.md

@@ -2,7 +2,13 @@
 
 DCE-RPC implementation capable of using SMBv2 via SMBJ to invoke remote procedure calls (RPC) over the IPC$ named pipe.
 
-Partial support for the Windows Remote Registry Protocol (MS-RRP) specification (https://msdn.microsoft.com/en-us/library/cc244877.aspx).
+Supports the following protocols (some support is partial):
+* [MS-RSP]: [Remote shutdown protocol](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rsp/43a7d8d6-307d-445c-8678-d209a19926fe).
+* [MS-LSAD]: [Local Security Authority (Domain Policy) Remote Protocol](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/1b5471ef-4c33-4a91-b079-dfcbb82f05cc).
+* [MS-RRP]: [Windows Remote Registry Protocol](https://msdn.microsoft.com/en-us/library/cc244877.aspx).
+* [MS-SAMR]: [Security Account Manager (SAM) Remote Protocol (Client-to-Server)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/4df07fab-1bbc-452f-8e92-7853a3c7e380).
+* [MS-SRVS]: [Server Service Remote Protocol](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-srvs/accf23b0-0f57-441c-9185-43041f1b0ee9).
+* [MS-SCMR]: [Service Control Manager Remote Protocol](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-scmr/705b624a-13de-43cc-b8a2-99573da3635f).
 
 Special thank you to Jeroen van Erp for SMBJ (https://github.com/hierynomus/smbj).
 
@@ -78,6 +84,10 @@ try (final Connection smbConnection = smbClient.connect("aaa.bbb.ccc.ddd")) {
 }
 ```
 
+#### [MS-RSP]: Remote Shutdown Protocol
+
+See file `usage/ShutdownExample.java` inside the project.
+
 # NDR Types
 
 All objects are assigned to a type hierarchy:

pom.xml

@@ -3,7 +3,7 @@
    <groupId>com.rapid7.client</groupId>
    <artifactId>dcerpc</artifactId>
    <packaging>jar</packaging>
-   <version>0.8.3-SNAPSHOT</version>
+   <version>0.8.4-SNAPSHOT</version>
    <name>dcerpc</name>
    <url>https://www.rapid7.com</url>
    <description>DCE-RPC implementation capable of using SMBv2 via SMBJ to invoke remote procedure calls (RPC) over the IPC$ named pipe.</description>
@@ -43,14 +43,14 @@
    </distributionManagement>
 
    <properties>
-      <thirdparty.commons-io.version>2.5</thirdparty.commons-io.version>
-      <thirdparty.commons-lang3.version>3.4</thirdparty.commons-lang3.version>
-      <thirdparty.guava.version>18.0</thirdparty.guava.version>
+      <thirdparty.commons-io.version>2.6</thirdparty.commons-io.version>
+      <thirdparty.commons-lang3.version>3.9</thirdparty.commons-lang3.version>
+      <thirdparty.guava.version>28.2-jre</thirdparty.guava.version>
       <thirdparty.hamcrest.version>1.3</thirdparty.hamcrest.version>
-      <thirdparty.junit.version>4.12</thirdparty.junit.version>
+      <thirdparty.junit.version>4.13</thirdparty.junit.version>
       <thirdparty.mockito.version>1.10.19</thirdparty.mockito.version>
-      <thirdparty.smbj.version>0.8.0</thirdparty.smbj.version>
-      <thirdparty.testng.version>6.11</thirdparty.testng.version>
+      <thirdparty.smbj.version>0.10.0</thirdparty.smbj.version>
+      <thirdparty.testng.version>7.1.0</thirdparty.testng.version>
       <maven.compiler.target>1.7</maven.compiler.target>
       <maven.compiler.source>1.7</maven.compiler.source>
       <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -78,6 +78,11 @@
          <artifactId>smbj</artifactId>
          <version>${thirdparty.smbj.version}</version>
       </dependency>
+      <dependency>
+         <groupId>javax.activation</groupId>
+         <artifactId>activation</artifactId>
+         <version>1.1.1</version>
+      </dependency>
 
       <!-- Test dependencies. -->
       <!-- 3rdparty dependencies. -->
@@ -121,7 +126,7 @@
          <plugin>
             <groupId>org.apache.maven.plugins</groupId>
             <artifactId>maven-surefire-plugin</artifactId>
-            <version>2.20.1</version>
+            <version>3.0.0-M4</version>
          </plugin>
          <plugin>
             <groupId>org.sonatype.plugins</groupId>
@@ -150,7 +155,11 @@
          <plugin>
             <groupId>org.apache.maven.plugins</groupId>
             <artifactId>maven-javadoc-plugin</artifactId>
-            <version>2.9.1</version>
+            <version>3.2.0</version>
+            <configuration>
+               <doclint>none</doclint>
+               <source>8</source>
+            </configuration>
             <executions>
                <execution>
                   <id>attach-javadocs</id>

src/main/java/com/rapid7/client/dcerpc/Interface.java

@@ -24,7 +24,8 @@ public enum Interface {
     LSASVC_V0_0("lsarpc interface", "12345778-1234-ABCD-EF00-0123456789AB:v0.0"),
     SAMSVC_V1_0("samr interface", "12345778-1234-ABCD-EF00-0123456789AC:v1.0"),
     SVCCTL_V2_0("svcctl_interface", "367abb81-9844-35f1-ad32-98f038001003:v2.0"),
-    NDR_32BIT_V2("NDR transfer syntax identifier", "8a885d04-1ceb-11c9-9fe8-08002b104860:v2.0");
+    NDR_32BIT_V2("NDR transfer syntax identifier", "8a885d04-1ceb-11c9-9fe8-08002b104860:v2.0"),
+    INITSHUTDOWN_V1_0("initshutdown interface", "894de0c0-0d55-11d3-a322-00c04fa321a1:v1.0");
 
     private final String name;
     private final String repr;

src/main/java/com/rapid7/client/dcerpc/initshutdown/ShutdownService.java

@@ -0,0 +1,58 @@
+/**
+ * Copyright 2020, Vadim Frolov.
+ *
+ * License: BSD-3-clause
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * * Neither the name of the copyright holder nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ */
+package com.rapid7.client.dcerpc.initshutdown;
+
+import java.io.IOException;
+import java.util.EnumSet;
+import com.rapid7.client.dcerpc.initshutdown.dto.ShutdownReason;
+import com.rapid7.client.dcerpc.initshutdown.messages.BaseAbortShutdown;
+import com.rapid7.client.dcerpc.initshutdown.messages.BaseInitiateShutdownRequest;
+import com.rapid7.client.dcerpc.initshutdown.messages.BaseInitiateShutdownRequestEx;
+import com.rapid7.client.dcerpc.messages.EmptyResponse;
+import com.rapid7.client.dcerpc.objects.RegUnicodeString;
+import com.rapid7.client.dcerpc.service.Service;
+import com.rapid7.client.dcerpc.transport.RPCTransport;
+
+public class ShutdownService extends Service {
+    public ShutdownService(final RPCTransport transport) {
+        super(transport);
+    }
+
+    public int shutdown(final String msg, final int timeout, final boolean forceAppsClosed, final boolean rebootAfterShutdown)
+            throws IOException {
+
+        final BaseInitiateShutdownRequest request = new BaseInitiateShutdownRequest(parseWCharNT(null), RegUnicodeString.NullTerminated.of(msg), timeout, forceAppsClosed, rebootAfterShutdown);
+        final EmptyResponse response = callExpectSuccess(request, "BaseInitiateShutdownRequest");
+        return response.getReturnValue();
+    }
+
+    public int abortShutdown() throws IOException {
+        final BaseAbortShutdown request = new BaseAbortShutdown(parseWCharNT(null));
+        final EmptyResponse response = callExpectSuccess(request, "BaseAbortShutdown");
+        return response.getReturnValue();
+    }
+
+    public int shutdownEx(final String msg, final int timeout, final boolean forceAppsClosed, final boolean rebootAfterShutdown, final EnumSet<ShutdownReason> reasons)
+            throws IOException {
+
+        final BaseInitiateShutdownRequestEx request = new BaseInitiateShutdownRequestEx(parseWCharNT(null), RegUnicodeString.NullTerminated.of(msg), timeout, forceAppsClosed, rebootAfterShutdown, reasons);
+        final EmptyResponse response = callExpectSuccess(request, "BaseInitiateShutdownRequestEx");
+        return response.getReturnValue();
+    }
+}

src/main/java/com/rapid7/client/dcerpc/initshutdown/dto/ShutdownReason.java

@@ -0,0 +1,94 @@
+/**
+ * Copyright 2020, Vadim Frolov.
+ *
+ * License: BSD-3-clause
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * * Neither the name of the copyright holder nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ */
+package com.rapid7.client.dcerpc.initshutdown.dto;
+
+import java.util.EnumSet;
+
+/*
+ * @see <a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rsp/d74aa51d-d481-4dc5-b0a2-750871916106">2.3 Shutdown Reasons</a>
+ * <br>
+ * Usage:<pre>
+ *   EnumSet<ShutdownReason> flags = EnumSet.of(ShutdownReason.SHTDN_REASON_MAJOR_APPLICATION,
+ *           ShutdownReason.SHTDN_REASON_MINOR_BLUESCREEN);
+ *   int reason = ShutdownReason.getReason(flags);
+ *   System.out.printf("0x%08X\n", reason);
+ * </pre>
+ */
+public enum ShutdownReason {
+    SHTDN_REASON_MAJOR_APPLICATION(0x00040000),
+    SHTDN_REASON_MAJOR_HARDWARE(0x00010000),
+    SHTDN_REASON_MAJOR_LEGACY_API(0x00070000),
+    SHTDN_REASON_MAJOR_OPERATINGSYSTEM(0x00020000),
+    SHTDN_REASON_MAJOR_OTHER(0x00000000),
+    SHTDN_REASON_MAJOR_POWER(0x00060000),
+    SHTDN_REASON_MAJOR_SOFTWARE(0x00030000),
+    SHTDN_REASON_MAJOR_SYSTEM(0x00050000),
+
+    SHTDN_REASON_MINOR_BLUESCREEN(0x0000000F),
+    SHTDN_REASON_MINOR_CORDUNPLUGGED(0x0000000b),
+    SHTDN_REASON_MINOR_DISK(0x00000007),
+    SHTDN_REASON_MINOR_ENVIRONMENT(0x0000000c),
+    SHTDN_REASON_MINOR_HARDWARE_DRIVER(0x0000000d),
+    SHTDN_REASON_MINOR_HOTFIX(0x00000011),
+    SHTDN_REASON_MINOR_HOTFIX_UNINSTALL(0x00000017),
+    SHTDN_REASON_MINOR_HUNG(0x00000005),
+    SHTDN_REASON_MINOR_INSTALLATION(0x00000002),
+    SHTDN_REASON_MINOR_MAINTENANCE(0x00000001),
+    SHTDN_REASON_MINOR_MMC(0x00000019),
+    SHTDN_REASON_MINOR_NETWORK_CONNECTIVITY(0x00000014),
+    SHTDN_REASON_MINOR_NETWORKCARD(0x00000009),
+    SHTDN_REASON_MINOR_OTHER(0x00000000),
+    SHTDN_REASON_MINOR_OTHERDRIVER(0x0000000e),
+    SHTDN_REASON_MINOR_POWER_SUPPLY(0x0000000a),
+    SHTDN_REASON_MINOR_PROCESSOR(0x00000008),
+    SHTDN_REASON_MINOR_RECONFIG(0x00000004),
+    SHTDN_REASON_MINOR_SECURITY(0x00000013),
+    SHTDN_REASON_MINOR_SECURITYFIX(0x00000012),
+    SHTDN_REASON_MINOR_SECURITYFIX_UNINSTALL(0x00000018),
+    SHTDN_REASON_MINOR_SERVICEPACK(0x00000010),
+    SHTDN_REASON_MINOR_SERVICEPACK_UNINSTALL(0x00000016),
+    SHTDN_REASON_MINOR_TERMSRV(0x00000020),
+    SHTDN_REASON_MINOR_UNSTABLE(0x00000006),
+    SHTDN_REASON_MINOR_UPGRADE(0x00000003),
+    SHTDN_REASON_MINOR_WMI(0x00000015),
+
+    SHTDN_REASON_FLAG_USER_DEFINED(0x40000000),
+    SHTDN_REASON_FLAG_PLANNED(0x80000000);
+
+    private final int reasonID;
+
+    ShutdownReason(final int reasonID) {
+        this.reasonID = reasonID;
+    }
+
+    public long getReason() {
+        return reasonID;
+    }
+
+    public static int getReason(final EnumSet<ShutdownReason> reasons) {
+        int finalReason = 0;
+        if (reasons == null) {
+            return ShutdownReason.getReason(EnumSet.of(ShutdownReason.SHTDN_REASON_MAJOR_OTHER, ShutdownReason.SHTDN_REASON_MINOR_OTHER));
+        }
+        for (ShutdownReason shReason : reasons) {
+            finalReason |= shReason.getReason();
+        }
+        return finalReason;
+    }
+}

src/main/java/com/rapid7/client/dcerpc/initshutdown/messages/BaseAbortShutdown.java

@@ -0,0 +1,63 @@
+/**
+ * Copyright 2020, Vadim Frolov.
+ *
+ * License: BSD-3-clause
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * * Neither the name of the copyright holder nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ */
+package com.rapid7.client.dcerpc.initshutdown.messages;
+
+import java.io.IOException;
+import com.rapid7.client.dcerpc.io.PacketOutput;
+import com.rapid7.client.dcerpc.messages.EmptyResponse;
+import com.rapid7.client.dcerpc.messages.RequestCall;
+import com.rapid7.client.dcerpc.objects.WChar;
+
+/**
+ * <b>3.2.4.2 BaseAbortShutdown (Opnum 1)</b><br>
+ * <br>
+ * The BaseAbortShutdown method is used to terminate the shutdown of the remote computer within the waiting period.
+ *
+ * <pre>
+ * unsigned long BaseAbortShutdown(
+ *    [in, unique] PREGISTRY_SERVER_NAME ServerName
+ * );
+ * </pre>
+ *
+ * ServerName: The value may be NULL as the actual server name is taken from the request details.
+ * Return Values: The method returns 0 (ERROR_SUCCESS) to indicate success; otherwise, it returns a nonzero error code.
+ *
+ * @see <a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rsp/39d682ec-3072-4b05-90d4-f964dfaa4b06">3.2.4.2 BaseAbortShutdown (Opnum 1)</a>
+ */
+
+public class BaseAbortShutdown extends RequestCall<EmptyResponse> {
+    private final WChar.NullTerminated serverName;
+
+    public BaseAbortShutdown(final WChar.NullTerminated serverName) {
+        super((short) 1);
+        this.serverName = serverName;
+    }
+
+    @Override
+    public EmptyResponse getResponseObject() {
+        return new EmptyResponse();
+    }
+
+    @Override
+    public void marshal(PacketOutput packetOut) throws IOException {
+        if (packetOut.writeReferentID(this.serverName)) {
+            packetOut.writeMarshallable(serverName);
+        }
+    }
+}