packetgen-plugin-smb 0.2.0 → 0.3.0

data/lib/packetgen/plugin/smb/ntcreateandx/response.rb

@@ -0,0 +1,128 @@
+# This file is part of packetgen-plugin-smb.
+# See https://github.com/sdaubert/packetgen-plugin-smb for more informations
+# Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+
+# frozen_string_literal: true
+
+module PacketGen::Plugin
+  class SMB
+    # Namespace for NT_CREATE_ANDX related classes
+    module NtCreateAndX
+      # SMB Command NtCreateAndX response
+      # @author Sylvain Daubert
+      class Response < PacketGen::Header::Base
+        # OpLock levels
+        OP_LOCK_LEVELS = {
+          'none' => 0,
+          'exclusive' => 1,
+          'batch' => 2,
+          'level II' => 3,
+        }.freeze
+
+        # @!attribute word_count
+        #  The size, in 2-byte words, of the SMB parameters.
+        #  @return [Integer]
+        define_field :word_count, PacketGen::Types::Int8, default: 34
+        # @!attribute and_xcommand
+        #  8-bit command code for the next SMB command in the
+        #  packet.
+        #  @return [Integer]
+        define_field :and_xcommand, PacketGen::Types::Int8Enum, enum: Request::COMMANDS
+        # @!attribute rsv1
+        #  8-bit reserved field.
+        #  @return [Integer]
+        define_field :rsv1, PacketGen::Types::Int8, default: 0
+        # @!attribute and_xoffset
+        #  16-bit offset from the start of SMB header to the start of
+        #  the  {#word_count} field in the next SMB command in this
+        #  packet.
+        #  @return [Integer]
+        define_field :and_xoffset, PacketGen::Types::Int16le, default: 0
+        # @!attribute oplock_level
+        #  8-bit OpLock level.
+        #  @return [Integer]
+        define_field :oplock_level, PacketGen::Types::Int8Enum, enum: OP_LOCK_LEVELS
+        # @!attribute fid
+        #  16-bit FID.
+        #  @return [Integer]
+        define_field :fid, PacketGen::Types::Int16le
+        # @!attribute disposition
+        #  32-bit value that represents the action to take if the file
+        #  already exists or if the file is a new file and does not already
+        #  exist.
+        #  @return [Integer]
+        define_field :disposition, PacketGen::Types::Int32le
+        # @!attribute create_time
+        #  64-bit integer representing the time that the file was created.
+        #  @return [Integer]
+        define_field :create_time, SMB::Filetime
+        # @!attribute access_time
+        #  64-bit integer representing the time that the file was last accessed.
+        #  @return [Integer]
+        define_field :access_time, SMB::Filetime
+        # @!attribute write_time
+        #  64-bit integer representing the time that the file was last writen.
+        #  @return [Integer]
+        define_field :write_time, SMB::Filetime
+        # @!attribute change_time
+        #  64-bit integer representing the time that the file was last changed.
+        #  @return [Integer]
+        define_field :change_time, SMB::Filetime
+        # @!attribute attributes
+        #  32-bit extended file attributes.
+        #  @return [Integer]
+        define_field :attributes, PacketGen::Types::Int32le
+        # @!attribute alloc_size
+        #  64-bit integer representing the number of bytes allocated to the file.
+        #  @return [Integer]
+        define_field :alloc_size, PacketGen::Types::Int64le
+        # @!attribute end_of_file
+        #  64-bit integer representing the end of file offset.
+        #  @return [Integer]
+        define_field :end_of_file, PacketGen::Types::Int64le
+        # @!attribute res_type
+        #  16-bit file type.
+        #  @return [Integer]
+        define_field :res_type, PacketGen::Types::Int16le
+        # @!attribute pipe_status
+        #  16-bit field that shows the status of the named pipe (if opened resource
+        #  is a named pipe).
+        #  @return [Integer]
+        define_field :pipe_status, PacketGen::Types::Int16le
+        # @!attribute directory
+        #  8-bit field indicating is the FID represents a directory.
+        #  @return [Integer]
+        define_field :directory, PacketGen::Types::Int8
+        # @!attribute byte_count
+        #  The size, in bytes, of the SMB data. Should be zero.
+        #  @return [Integer]
+        define_field :byte_count, PacketGen::Types::Int16le, default: 0
+
+        # Give protocol name for this class
+        # @return [String]
+        def protocol_name
+          'SMB::NtCreateAndX::Response'
+        end
+
+        # Say if FID is a directory
+        # @return [Boolean]
+        def directory?
+          self.directory > 0
+        end
+
+        # @!method human_create_time
+        #  @return [String]
+        # @!method human_access_time
+        #  @return [String]
+        # @!method human_write_time
+        #  @return [String]
+        # @!method human_change_time
+        #  @return [String]
+        %i[create access write change].each do |type|
+          class_eval "def human_#{type}_time; self[:#{type}_time].to_human; end"
+        end
+      end
+    end
+  end
+end

data/lib/packetgen/plugin/smb/string.rb

@@ -1,6 +1,6 @@
-# This file is part of PacketGen
+# This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
-# Copyright (C) 2016 Sylvain Daubert <sylvain.daubert@laposte.net>
+# Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
 
 # frozen_string_literal: true
@@ -10,10 +10,10 @@ module PacketGen::Plugin
     # SMB strings (UTF-16 little-endian).
     # @author Sylvain Daubert
     class String < PacketGen::Types::CString
-      # @param [Boolean] unicode
+      # @param [Boolean] value
+      # @return [Boolean]
       attr_writer :unicode
 
-      # @param [Boolean, Proc] is string UTF-16 encoded?
       # @param [Hash] options
       # @option options [Integer] :static_length set a static length for this string
       # @option options [Boolean] :unicode If +true+, string is encoded as a UTF-16

data/lib/packetgen/plugin/smb/trans.rb

@@ -1,199 +1,18 @@
-# This file is part of PacketGen
+# This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
-# Copyright (C) 2016 Sylvain Daubert <sylvain.daubert@laposte.net>
+# Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
 
 # frozen_string_literal: true
 
 module PacketGen::Plugin
   class SMB
-    # Transaction Request.
-    #
-    # See also {Blocks}, as {TransRequest} is a specialization of {Blocks#words}
-    # and {Blocks#bytes}.
-    # @author Sylvain Daubert
-    class TransRequest < PacketGen::Header::Base
-      # @!attribute word_count
-      #  The size, in 2-byte words, of the SMB command parameters. It should
-      #  be +14 + setup_count+.
-      #  @return [Integer]
-      define_field :word_count, PacketGen::Types::Int8, default: 14
-      # @!attribute total_param_count
-      #  The total number of transaction parameter bytes.
-      #  @return [Integer]
-      define_field :total_param_count, PacketGen::Types::Int16le
-      # @!attribute total_data_count
-      #  The total number of transaction data bytes.
-      #  @return [Integer]
-      define_field :total_data_count, PacketGen::Types::Int16le
-      # @!attribute max_param_count
-      #  The maximum number of parameter bytes that the client will accept
-      #  in transaction response.
-      #  @return [Integer]
-      define_field :max_param_count, PacketGen::Types::Int16le
-      # @!attribute max_data_count
-      #  The maximum number of data bytes that the client will accept
-      #  in transaction response.
-      #  @return [Integer]
-      define_field :max_data_count, PacketGen::Types::Int16le
-      # @!attribute max_setup_count
-      #  The maximum number of setup bytes that the client will accept
-      #  in transaction response.
-      #  @return [Integer]
-      define_field :max_setup_count, PacketGen::Types::Int8
-      # @!attribute rsv1
-      #  8-bit reserved field
-      #  @return [Integer]
-      define_field :rsv1, PacketGen::Types::Int8, default: 0
-      # @!attribute flags
-      #  16-bit flags
-      #  @return [Integer]
-      define_field :flags, PacketGen::Types::Int16le
-      # @!attribute timeout
-      #  32-bit timeout
-      #  @return [Integer]
-      define_field :timeout, PacketGen::Types::Int32le
-      # @!attribute rsv2
-      #  16-bit reserved field
-      #  @return [Integer]
-      define_field :rsv2, PacketGen::Types::Int16le, default: 0
-      # @!attribute param_count
-      #  16-bit number of transaction parameter bytes that the clients attempts to
-      #  send to the server in this request.
-      #  @return [Integer]
-      define_field :param_count, PacketGen::Types::Int16le
-      # @!attribute param_offset
-      #  16-bit offset (in bytes) from the start of the SMB header to the start of the
-      #  transaction parameters.
-      #  @return [Integer]
-      define_field :param_offset, PacketGen::Types::Int16le
-      # @!attribute data_count
-      #  16-bit number of transaction data bytes that the clients sends to
-      #  the server in this request.
-      #  @return [Integer]
-      define_field :data_count, PacketGen::Types::Int16le
-      # @!attribute data_offset
-      #  16-bit offset (in bytes) from the start of the SMB header to the start
-      #  of the data field.
-      #  @return [Integer]
-      define_field :data_offset, PacketGen::Types::Int16le
-      # @!attribute setup_count
-      #  8-bit number of setup words (ie 16-bit words) contained in {#setup} field.
-      define_field :setup_count, PacketGen::Types::Int8
-      # @!attribute rsv3
-      #  8-bit reserved field
-      #  @return [Integer]
-      define_field :rsv3, PacketGen::Types::Int8
-      # @!attribute setup
-      #  Array of 2-byte words.
-      #  @return [Array]
-      define_field :setup, PacketGen::Types::ArrayOfInt16le, builder: ->(h, t) { t.new(counter: h[:setup_count]) }
-      # @!attribute byte_count
-      #  @return [Integer]
-      define_field :byte_count, PacketGen::Types::Int16le
-      # @!attribute padname
-      #  8-bit optional padding to align {#name} on a 2-byte boundary. Only present
-      #  if {SMB#flags2_unicode?} is +true+.
-      #  @return [Integer]
-      define_field :padname, PacketGen::Types::Int8, optional: ->(h) { h.packet && h.packet.smb.flags2_unicode? }
-      # @!attribute name
-      #  Pathname of the mailslot or named pipe.
-      #  @return [String]
-      define_field :name, SMB::String, builder: ->(h, t) { t.new(unicode: !h.packet || h.packet.smb.flags2_unicode?) }
-      # @!attribute pad1
-      #  Padding to align {#body} on 4-byte boundary.
-      #  @return [String]
-      define_field :pad1, PacketGen::Types::String, default: "\0" * 4,
-                   builder: ->(h, t) { t.new(length_from: -> { h.data_offset - SMB.new.sz - (h.offset_of(:name) + h[:name].sz) }) }
-      define_field :body, PacketGen::Types::String
-
-      # Give protocol name for this class
-      # @return [String]
-      def protocol_name
-        'SMB::TransRequest'
-      end
-    end
-
-    # Transaction Response.
-    #
-    # See also {Blocks}, as {TransResponse} is a specialization of {Blocks#words}
-    # and {Blocks#bytes}.
-    # @author Sylvain Daubert
-    class TransResponse < PacketGen::Header::Base
-      # @!attribute word_count
-      #  The size, in 2-byte words, of the SMB command parameters. It should
-      #  be +14 + setup_count+.
-      #  @return [Integer]
-      define_field :word_count, PacketGen::Types::Int8, default: 10
-      # @!attribute total_param_count
-      #  The total number of transaction parameter bytes.
-      #  @return [Integer]
-      define_field :total_param_count, PacketGen::Types::Int16le
-      # @!attribute total_data_count
-      #  The total number of transaction data bytes.
-      #  @return [Integer]
-      define_field :total_data_count, PacketGen::Types::Int16le
-      # @!attribute rsv1
-      #  16-bit reserved field
-      #  @return [Integer]
-      define_field :rsv1, PacketGen::Types::Int16le, default: 0
-      # @!attribute param_count
-      #  16-bit number of transaction parameter bytes sent in this response.
-      #  @return [Integer]
-      define_field :param_count, PacketGen::Types::Int16le
-      # @!attribute param_offset
-      #  16-bit offset (in bytes) from the start of the SMB header to the start of the
-      #  transaction parameters.
-      #  @return [Integer]
-      define_field :param_offset, PacketGen::Types::Int16le
-      # @!attribute param_displacement
-      #  16-bit offset (in bytes) relative to all of the transaction
-      #  parameter bytes in this transaction response at which this block of
-      #  parameter bytes SHOULD be placed.
-      #  @return [Integer]
-      define_field :param_displacement, PacketGen::Types::Int16le
-      # @!attribute data_count
-      #  16-bit number of transaction data bytes sent in this response.
-      #  @return [Integer]
-      define_field :data_count, PacketGen::Types::Int16le
-      # @!attribute data_offset
-      #  16-bit offset (in bytes) from the start of the SMB header to the start
-      #  of the data field.
-      #  @return [Integer]
-      define_field :data_offset, PacketGen::Types::Int16le
-      # @!attribute data_displacement
-      #  16-bit offset (in bytes) relative to all of the transaction data bytes in
-      #  this transaction response at which this block of data bytes SHOULD be placed.
-      #  @return [Integer]
-      define_field :data_displacement, PacketGen::Types::Int16le
-      # @!attribute setup_count
-      #  8-bit number of setup words (ie 16-bit words) contained in {#setup} field.
-      define_field :setup_count, PacketGen::Types::Int8
-      # @!attribute rsv3
-      #  8-bit reserved field
-      #  @return [Integer]
-      define_field :rsv2, PacketGen::Types::Int8
-      # @!attribute setup
-      #  Array of 2-byte words.
-      #  @return [ArrayPacketGen::]
-      define_field :setup, PacketGen::Types::ArrayOfInt16le, builder: ->(h, t) { t.new(counter: h[:setup_count]) }
-      # @!attribute byte_count
-      #  @return [Integer]
-      define_field :byte_count, PacketGen::Types::Int16le
-      # @!attribute pad1
-      #  Padding before {#body} to align it on 32-bit boundary
-      #  @return [Integer]
-      define_field :pad1, PacketGen::Types::String, default: "\0" * 4,
-                   builder: ->(h, t) { t.new(length_from: -> { h.data_offset - SMB.new.sz - (h.offset_of(:byte_count) + h[:byte_count].sz) }) }
-      define_field :body, PacketGen::Types::String
-
-      # Give protocol name for this class
-      # @return [String]
-      def protocol_name
-        'SMB::TransResponse'
-      end
-    end
-
-    self.bind_command 'trans'
+    # Namespace for TRANS related classes
+    module Trans; end
   end
 end
+
+require_relative 'trans/request'
+require_relative 'trans/response'
+
+PacketGen::Plugin::SMB.bind_command 'trans'

data/lib/packetgen/plugin/smb/trans/request.rb

@@ -0,0 +1,121 @@
+# This file is part of packetgen-plugin-smb.
+# See https://github.com/sdaubert/packetgen-plugin-smb for more informations
+# Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+
+# frozen_string_literal: true
+
+module PacketGen::Plugin
+  class SMB
+    module Trans
+      # Transaction Request.
+      #
+      # See also {Blocks}, as {Trans::Request} is a specialization of {Blocks#words}
+      # and {Blocks#bytes}.
+      # @author Sylvain Daubert
+      class Request < PacketGen::Header::Base
+        # @!attribute word_count
+        #  The size, in 2-byte words, of the SMB command parameters. It should
+        #  be +14 + setup_count+.
+        #  @return [Integer]
+        define_field :word_count, PacketGen::Types::Int8, default: 14
+        # @!attribute total_param_count
+        #  The total number of transaction parameter bytes.
+        #  @return [Integer]
+        define_field :total_param_count, PacketGen::Types::Int16le
+        # @!attribute total_data_count
+        #  The total number of transaction data bytes.
+        #  @return [Integer]
+        define_field :total_data_count, PacketGen::Types::Int16le
+        # @!attribute max_param_count
+        #  The maximum number of parameter bytes that the client will accept
+        #  in transaction response.
+        #  @return [Integer]
+        define_field :max_param_count, PacketGen::Types::Int16le
+        # @!attribute max_data_count
+        #  The maximum number of data bytes that the client will accept
+        #  in transaction response.
+        #  @return [Integer]
+        define_field :max_data_count, PacketGen::Types::Int16le
+        # @!attribute max_setup_count
+        #  The maximum number of setup bytes that the client will accept
+        #  in transaction response.
+        #  @return [Integer]
+        define_field :max_setup_count, PacketGen::Types::Int8
+        # @!attribute rsv1
+        #  8-bit reserved field
+        #  @return [Integer]
+        define_field :rsv1, PacketGen::Types::Int8, default: 0
+        # @!attribute flags
+        #  16-bit flags
+        #  @return [Integer]
+        define_field :flags, PacketGen::Types::Int16le
+        # @!attribute timeout
+        #  32-bit timeout
+        #  @return [Integer]
+        define_field :timeout, PacketGen::Types::Int32le
+        # @!attribute rsv2
+        #  16-bit reserved field
+        #  @return [Integer]
+        define_field :rsv2, PacketGen::Types::Int16le, default: 0
+        # @!attribute param_count
+        #  16-bit number of transaction parameter bytes that the clients attempts to
+        #  send to the server in this request.
+        #  @return [Integer]
+        define_field :param_count, PacketGen::Types::Int16le
+        # @!attribute param_offset
+        #  16-bit offset (in bytes) from the start of the SMB header to the start of the
+        #  transaction parameters.
+        #  @return [Integer]
+        define_field :param_offset, PacketGen::Types::Int16le
+        # @!attribute data_count
+        #  16-bit number of transaction data bytes that the clients sends to
+        #  the server in this request.
+        #  @return [Integer]
+        define_field :data_count, PacketGen::Types::Int16le
+        # @!attribute data_offset
+        #  16-bit offset (in bytes) from the start of the SMB header to the start
+        #  of the data field.
+        #  @return [Integer]
+        define_field :data_offset, PacketGen::Types::Int16le
+        # @!attribute setup_count
+        #  8-bit number of setup words (ie 16-bit words) contained in {#setup} field.
+        define_field :setup_count, PacketGen::Types::Int8
+        # @!attribute rsv3
+        #  8-bit reserved field
+        #  @return [Integer]
+        define_field :rsv3, PacketGen::Types::Int8
+        # @!attribute setup
+        #  Array of 2-byte words.
+        #  @return [Array]
+        define_field :setup, PacketGen::Types::ArrayOfInt16le, builder: ->(h, t) { t.new(counter: h[:setup_count]) }
+        # @!attribute byte_count
+        #  @return [Integer]
+        define_field :byte_count, PacketGen::Types::Int16le
+        # @!attribute padname
+        #  8-bit optional padding to align {#name} on a 2-byte boundary. Only present
+        #  if {SMB#flags2_unicode?} is +true+.
+        #  @return [Integer]
+        define_field :padname, PacketGen::Types::Int8, optional: ->(h) { h.packet && h.packet.smb.flags2_unicode? }
+        # @!attribute name
+        #  Pathname of the mailslot or named pipe.
+        #  @return [String]
+        define_field :name, SMB::String, builder: ->(h, t) { t.new(unicode: !h.packet || h.packet.smb.flags2_unicode?) }
+        # @!attribute pad1
+        #  Padding to align {#body} on 4-byte boundary.
+        #  @return [String]
+        define_field :pad1, PacketGen::Types::String, default: "\0" * 4,
+                     builder: ->(h, t) { t.new(length_from: -> { h.data_offset - SMB.new.sz - (h.offset_of(:name) + h[:name].sz) }) }
+        # @!attribute body
+        #  @return [String]
+        define_field :body, PacketGen::Types::String
+
+        # Give protocol name for this class
+        # @return [String]
+        def protocol_name
+          'SMB::Trans::Request'
+        end
+      end
+    end
+  end
+end