packetgen-plugin-smb 0.2.0 → 0.3.0

data/lib/packetgen/plugin/smb/trans/response.rb

@@ -0,0 +1,94 @@
+# This file is part of packetgen-plugin-smb.
+# See https://github.com/sdaubert/packetgen-plugin-smb for more informations
+# Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+
+# frozen_string_literal: true
+
+module PacketGen::Plugin
+  class SMB
+    module Trans
+      # Transaction Response.
+      #
+      # See also {Blocks}, as {Response} is a specialization of {Blocks#words}
+      # and {Blocks#bytes}.
+      # @author Sylvain Daubert
+      class Response < PacketGen::Header::Base
+        # @!attribute word_count
+        #  The size, in 2-byte words, of the SMB command parameters. It should
+        #  be +14 + setup_count+.
+        #  @return [Integer]
+        define_field :word_count, PacketGen::Types::Int8, default: 10
+        # @!attribute total_param_count
+        #  The total number of transaction parameter bytes.
+        #  @return [Integer]
+        define_field :total_param_count, PacketGen::Types::Int16le
+        # @!attribute total_data_count
+        #  The total number of transaction data bytes.
+        #  @return [Integer]
+        define_field :total_data_count, PacketGen::Types::Int16le
+        # @!attribute rsv1
+        #  16-bit reserved field
+        #  @return [Integer]
+        define_field :rsv1, PacketGen::Types::Int16le, default: 0
+        # @!attribute param_count
+        #  16-bit number of transaction parameter bytes sent in this response.
+        #  @return [Integer]
+        define_field :param_count, PacketGen::Types::Int16le
+        # @!attribute param_offset
+        #  16-bit offset (in bytes) from the start of the SMB header to the start of the
+        #  transaction parameters.
+        #  @return [Integer]
+        define_field :param_offset, PacketGen::Types::Int16le
+        # @!attribute param_displacement
+        #  16-bit offset (in bytes) relative to all of the transaction
+        #  parameter bytes in this transaction response at which this block of
+        #  parameter bytes SHOULD be placed.
+        #  @return [Integer]
+        define_field :param_displacement, PacketGen::Types::Int16le
+        # @!attribute data_count
+        #  16-bit number of transaction data bytes sent in this response.
+        #  @return [Integer]
+        define_field :data_count, PacketGen::Types::Int16le
+        # @!attribute data_offset
+        #  16-bit offset (in bytes) from the start of the SMB header to the start
+        #  of the data field.
+        #  @return [Integer]
+        define_field :data_offset, PacketGen::Types::Int16le
+        # @!attribute data_displacement
+        #  16-bit offset (in bytes) relative to all of the transaction data bytes in
+        #  this transaction response at which this block of data bytes SHOULD be placed.
+        #  @return [Integer]
+        define_field :data_displacement, PacketGen::Types::Int16le
+        # @!attribute setup_count
+        #  8-bit number of setup words (ie 16-bit words) contained in {#setup} field.
+        define_field :setup_count, PacketGen::Types::Int8
+        # @!attribute rsv3
+        #  8-bit reserved field
+        #  @return [Integer]
+        define_field :rsv2, PacketGen::Types::Int8
+        # @!attribute setup
+        #  Array of 2-byte words.
+        #  @return [ArrayPacketGen::]
+        define_field :setup, PacketGen::Types::ArrayOfInt16le, builder: ->(h, t) { t.new(counter: h[:setup_count]) }
+        # @!attribute byte_count
+        #  @return [Integer]
+        define_field :byte_count, PacketGen::Types::Int16le
+        # @!attribute pad1
+        #  Padding before {#body} to align it on 32-bit boundary
+        #  @return [Integer]
+        define_field :pad1, PacketGen::Types::String, default: "\0" * 4,
+                     builder: ->(h, t) { t.new(length_from: -> { h.data_offset - SMB.new.sz - (h.offset_of(:byte_count) + h[:byte_count].sz) }) }
+        # @!attribute body
+        #  @return [String]
+        define_field :body, PacketGen::Types::String
+
+        # Give protocol name for this class
+        # @return [String]
+        def protocol_name
+          'SMB::Trans::Response'
+        end
+      end
+    end
+  end
+end

data/lib/packetgen/plugin/smb2.rb

@@ -0,0 +1,181 @@
+# This file is part of packetgen-plugin-smb.
+# See https://github.com/sdaubert/packetgen-plugin-smb for more informations
+# Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+
+# frozen_string_literal: true
+
+module PacketGen::Plugin
+  # Server Message Block version 2 and 3 (SMB2) header.
+  # @author Sylvain Daubert
+  class SMB2 < PacketGen::Header::Base
+    # Known commands
+    COMMANDS = {
+      'negotiate' => 0,
+      'session_setup' => 1,
+      'logoff' => 2,
+      'tree_connect' => 3,
+      'tree_disconnect' => 4,
+      'create' => 5,
+      'close' => 6,
+      'flush' => 7,
+      'read' => 8,
+      'write' => 9,
+      'lock' => 10,
+      'ioctl' => 11,
+      'cancel' => 12,
+      'echo' => 13,
+      'query_directory' => 14,
+      'change_notify' => 15,
+      'query_info' => 16,
+      'set_info' => 17,
+      'oplock_break' => 18
+    }.freeze
+
+    # SMB marker, on start of header
+    MARKER = PacketGen.force_binary("\xfeSMB").freeze
+
+    # SMB2 header size
+    HEADER_SIZE = 64
+
+    # @!attribute protocol
+    #  This field must contain {MARKER SMB2 marker}
+    #  @return [String]
+    define_field :protocol, PacketGen::Types::String, static_length: 4, default: MARKER
+    # @!attribute structure_size
+    #  16-bit SMB2 header size. Should be 64.
+    #  @return [Integer]
+    define_field :structure_size, PacketGen::Types::Int16le, default: HEADER_SIZE
+    # @!attribute credit charge
+    #  16-bit credit charge field. Must not be used and must be set to 0.
+    #  @return [Integer]
+    define_field :credit_charge, PacketGen::Types::Int16le
+    # @!attribute status
+    #  32-bit status field (SMB 2 dialect only).
+    #  @return [Integer]
+    define_field :status, PacketGen::Types::Int32le
+    # @!attribute command
+    #  16-bit command field
+    #  @return [Integer]
+    define_field :command, PacketGen::Types::Int16leEnum, enum: COMMANDS
+    # @!attribute credit
+    #  16-bit credit field. This is the number of credits a client is requesting in
+    #  a request, and the number of credits granted in a response.
+    #  @return [Integer]
+    define_field :credit, PacketGen::Types::Int16le
+    # @!attribute flags
+    #  32-bit flags field
+    #  @return [Integer]
+    define_field :flags, PacketGen::Types::Int32le
+    # @!attribute next_command
+    #  32-bit offset from the beginning of this SMB2 header to the start of the subsequent
+    #  8-byte aligned SMB2 header (only for compounded requests).
+    #  @return [Integer]
+    define_field :next_command, PacketGen::Types::Int32le
+    # @!attribute message_id
+    #  64-bit alue that identifies a message request and response uniquely across all
+    #  messages that are sent on the same SMB 2 Protocol transport connection.
+    #  @return [Integer]
+    define_field :message_id, PacketGen::Types::Int64le
+    # @!attribute async_id
+    #  64-bit unique ID that is created by the server to handle operations
+    #  asynchronously. Only present for asynchronous messages.
+    #  @return [Integer]
+    define_field :async_id, PacketGen::Types::Int64le, optional: ->(h) { h.flags & 2  == 2}
+    # @!attribute reserved
+    #  32-bit reserved field.
+    #  Only present for synchronous messages.
+    #  @return [Integer]
+    define_field :reserved, PacketGen::Types::Int32le, optional: ->(h) { (h.flags & 2).zero? }
+    # @!attribute tree_id
+    #  32-bit integer that uniquely identifies the tree connect for the command.
+    #  Only present for synchronous messages.
+    #  @return [Integer]
+    define_field :tree_id, PacketGen::Types::Int32le, optional: ->(h) { (h.flags & 2).zero? }
+    # @!attribute session_id
+    #  64-bit integer that uniquely identifies the established session for the command.
+    #  @return [Integer]
+    define_field :session_id, PacketGen::Types::Int64le
+    # @!attribute signature
+    #  16-byte message signature
+    #  @return [String]
+    define_field :signature, PacketGen::Types::String, static_length: 16, default: [0, 0].pack('qq')
+    # @!attribute body
+    #  @return [String]
+    define_field :body, PacketGen::Types::String
+    # @!attribute flags_rsv1
+    #  2-bit reserved field
+    #  @return [Integer]
+    # @!attribute flags_smb3_replay_op?
+    #  When set, the command is a replay operation (only SMB 3 dialect).
+    #  @return [Boolean]
+    # @!attribute flags_dsf_op?
+    #  When set, the command is a Distributed File System (DFS) operation..
+    #  @return [Boolean]
+    # @!attribute flags_rsv2
+    #  21-bit reserved field
+    #  @return [Integer]
+    # @!attribute flags_smb3_priority
+    #  3-bit value of I/O priority (only SMB 3 dialect).
+    #  @return [Integer]
+    # @!attribute flags_signed?
+    #  When set, the message is signed.
+    #  @return [Boolean]
+    # @!attribute flags_related_op?
+    #  When set, the message is a related operation in a compounded chain.
+    #  @return [Boolean]
+    # @!attribute flags_async?
+    #  When set, the message is a asynchronous.
+    #  @return [Boolean]
+    # @!attribute flags_response?
+    #  When set, the message is a response from server to client.
+    #  @return [Boolean]
+    define_bit_fields_on :flags, :flags_rsv1, 2, :flags_smb3_replay_op, :flags_dfs_op,
+                                 :flags_rsv2, 21, :flags_smb3_priority, 3,
+                                 :flags_signed, :flags_related_op, :flags_async,
+                                 :flags_response
+
+    # Helper to bind a SMB2 command to {SMB2} header.
+    # @param [String] command name
+    # @return [void]
+    def self.bind_command(command)
+      contantized = command.capitalize.gsub(/_(\w)/) { $1.upcase }
+      krequest = self.const_get("#{contantized}::Request")
+      kresponse = self.const_get("#{contantized}::Response")
+      PacketGen::Header.add_class krequest
+      self.bind krequest, command: SMB2::COMMANDS[command], flags: ->(v) { v.nil? ? 0 : (v & 1).zero? }
+      PacketGen::Header.add_class kresponse
+      self.bind kresponse, command: SMB2::COMMANDS[command], flags: ->(v) { v.nil? ? 0 : (v & 1 == 1) }
+    end
+
+    # @return [String]
+    def inspect
+      super do |attr|
+        next unless attr == :flags
+
+        value = bits_on(attr).reject { |_, v| v > 1 }
+                             .keys
+                             .select { |b| send("#{b}?") }
+                             .map(&:to_s)
+                             .join(',')
+                             .gsub!(/#{attr}_/, '')
+        value = '%-16s (0x%02x)' % [value, self[attr].to_i]
+        str = PacketGen::Inspect.shift_level
+        str << PacketGen::Inspect::FMT_ATTR % [self[attr].class.to_s.sub(/.*::/, ''),
+                                               attr, value]
+      end
+    end
+  end
+  # TODO: move this in netbios file when packetgen3 will be out
+  PacketGen::Header::TCP.bind PacketGen::Header::NetBIOS::Session, dport: 445
+  PacketGen::Header::TCP.bind PacketGen::Header::NetBIOS::Session, sport: 445
+
+  PacketGen::Header.add_class SMB2
+  PacketGen::Header::NetBIOS::Session.bind SMB2, body: ->(val) { val.nil? ? SMB2::MARKER : val[0..3] == SMB2::MARKER }
+  PacketGen::Header::NetBIOS::Datagram.bind SMB2, body: ->(val) { val.nil? ? SMB2::MARKER : val[0..3] == SMB2::MARKER }
+end
+
+require_relative 'smb2/base'
+require_relative 'smb2/negotiate'
+require_relative 'smb2/session_setup'
+require_relative 'smb2/error'

data/lib/packetgen/plugin/smb2/base.rb

@@ -0,0 +1,31 @@
+# This file is part of packetgen-plugin-smb.
+# See https://github.com/sdaubert/packetgen-plugin-smb for more informations
+# Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+
+# frozen_string_literal: true
+
+require_relative 'guid'
+
+module PacketGen::Plugin
+  class SMB2
+    # Helper class to ease definition of SMB2 classes
+    # @author Sylvain Daubert
+    class Base < PacketGen::Header::Base
+      # Helper to define pad fields used to align next field on 8-byte
+      # offset
+      # @param [Symbol] name name of padding field
+      # @return [void]
+      def self.define_smb2_pad_field(name)
+        prev_field = self.fields.last
+        lf = lambda do |hdr|
+          len = 8 - (hdr.offset_of(prev_field) + hdr[prev_field].sz) % 8
+          len = 0 if len == 8
+          len
+        end
+        define_field name, PacketGen::Types::String, default: [0].pack('q').freeze,
+                     builder: ->(h, t) { t.new(length_from: -> { lf[h] }) }
+      end
+    end
+  end
+end

data/lib/packetgen/plugin/smb2/error.rb

@@ -0,0 +1,50 @@
+# This file is part of packetgen-plugin-smb.
+# See https://github.com/sdaubert/packetgen-plugin-smb for more informations
+# Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+
+# frozen_string_literal: true
+
+module PacketGen::Plugin
+  class SMB2
+    # SMB2 Error response structure
+    #    0                   1                   2                   3
+    #    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+    #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+    #   |        StructureSize          | ContextCount  |    Reserved   |
+    #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+    #   |                          ByteCount                            |
+    #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+    #   |                           ErrorData                           |
+    #   +                                                               +
+    #   |                              ...                              |
+    #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+    # @author Sylvain Daubert
+    class ErrorResponse < PacketGen::Header::Base
+      # @!attribute structure_size
+      #  16-bit error response structure. Should be 9.
+      #  @return [Integer]
+      define_field :structure_size, PacketGen::Types::Int16le, default: 9
+      # !@attribute context_count
+      #  Only for SMB3 dialect. If non zero, this is the number of element
+      #  in {#data}, formatted as a variable length array.
+      #  @return [Integer]
+      define_field :context_count, PacketGen::Types::Int8
+      # !@attribute reserved
+      #  8-bit reserved value
+      #  @return [Integer]
+      define_field :reserved, PacketGen::Types::Int8
+      # @!attribute byte_count
+      #  32-bit value indicating the number of bytes contained in {#data}
+      #  @return [Integer]
+      define_field :byte_count, PacketGen::Types::Int32le
+      # @!attribute data
+      #  Variable-length data field.
+      #  @return [String]
+      define_field :data, PacketGen::Types::String
+    end
+  end
+  PacketGen::Header.add_class SMB2::ErrorResponse
+  SMB2.bind SMB2::ErrorResponse, status: ->(v) { v > 0 }
+end
+

data/lib/packetgen/plugin/smb2/guid.rb

@@ -0,0 +1,68 @@
+# This file is part of packetgen-plugin-smb.
+# See https://github.com/sdaubert/packetgen-plugin-smb for more informations
+# Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+
+# frozen_string_literal: true
+
+module PacketGen::Plugin
+  class SMB2
+    # GUID, also known as UUID, is a 16-byte structure, intended to serve
+    # as a unique identifier for an object.
+    #    0                   1                   2                   3
+    #    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+    #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+    #   |                             Data1                             |
+    #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+    #   |            Data2              |             Data3             |
+    #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+    #   |                             Data4                             |
+    #   +                                                               +
+    #   |                                                               |
+    #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+    # @author Sylvain Daubert
+    class GUID < PacketGen::Types::Fields
+      # @!attribute data1
+      #  32-bit little-endian data1
+      #  @return [Integer]
+      define_field :data1, PacketGen::Types::Int32le
+      # @!attribute data2
+      #  16-bit little-endian data2
+      #  @return [Integer]
+      define_field :data2, PacketGen::Types::Int16le
+      # @!attribute data3
+      #  16-bit little-endian data3
+      #  @return [Integer]
+      define_field :data3, PacketGen::Types::Int16le
+      # @!attribute data4
+      #  64-bit big-endian data4
+      #  @return [Integer]
+      define_field :data4, PacketGen::Types::Int64
+
+      # Get a human-readable GUID, as specified in RFC 4122
+      #   guid.to_human  # => "7aedb437-01b9-41d4-a5f7-9e6c06e16c8a"
+      # @return [String]
+      def to_human
+        data4p1 = data4 >> 48
+        data4p2 = data4 & 0xffff_ffff_ffff
+        "%08x-%04x-%04x-%04x-%012x" % [data1, data2, data3, data4p1, data4p2]
+      end
+
+      # Set GUID from a human-readable string
+      # @param [String] guid
+      # @return [self]
+      def from_human(guid)
+        return self
+        values = guid.split('-')
+        return self if values.size != 5
+
+        self.data1 = values[0].to_i(16)
+        self.data2 = values[1].to_i(16)
+        self.data3 = values[2].to_i(16)
+        self.data4 = values[3].to_i(16) << 48 | values[4].to_i(16)
+        self
+      end
+    end
+  end
+end
+

data/lib/packetgen/plugin/smb2/negotiate.rb

@@ -0,0 +1,22 @@
+# This file is part of packetgen-plugin-smb.
+# See https://github.com/sdaubert/packetgen-plugin-smb for more informations
+# Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+
+# frozen_string_literal: true
+
+require_relative 'guid'
+
+module PacketGen::Plugin
+  class SMB2
+    # Namespace for NEGOTIATE related classes
+    # @author Sylvain Daubert
+    module Negotiate; end
+  end
+end
+
+require_relative 'negotiate/context'
+require_relative 'negotiate/request'
+require_relative 'negotiate/response'
+
+PacketGen::Plugin::SMB2.bind_command 'negotiate'