packetgen-plugin-smb 0.5.0 → 0.6.3

data/lib/packetgen/plugin/ntlm.rb

@@ -0,0 +1,211 @@
+# frozen_string_literal: true
+
+# This file is part of packetgen-plugin-smb.
+# See https://github.com/sdaubert/packetgen-plugin-smb for more informations
+# Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+
+module PacketGen::Plugin
+  # Base class for NTLM authentication protocol.
+  # @author Sylvain Daubert
+  class NTLM < PacketGen::Types::Fields
+    # NTLM message types
+    TYPES = {
+      'negotiate' => 1,
+      'challenge' => 2,
+      'authenticate' => 3
+    }.freeze
+
+    # NTLM signature
+    SIGNATURE = "NTLMSSP\0"
+
+    # void version
+    VOID_VERSION = [0].pack('q').freeze
+    VOID_CHALLENGE = VOID_VERSION
+
+    # @!attribute signature
+    #  8-byte NTLM signature
+    #  @return [String]
+    define_field :signature, PacketGen::Types::String, static_length: 8, default: SIGNATURE
+    # @!attribute type
+    #  4-byte message type
+    #  @return [Integer]
+    define_field :type, PacketGen::Types::Int32leEnum, enum: TYPES
+    # @!attribute payload
+    #  @return [String]
+    define_field :payload, PacketGen::Types::String
+
+    class <<self
+      # @api private
+      # Return fields defined in payload one.
+      # @return [Hash]
+      attr_accessor :payload_fields
+
+      # Create a NTLM object from a binary string
+      # @param [String] str
+      # @return [NTLM]
+      def read(str)
+        ntlm = self.new.read(str)
+        type = TYPES.key(ntlm.type)
+        return ntlm if type.nil?
+
+        klass = NTLM.const_get(type.capitalize)
+        klass.new.read(str)
+      end
+
+      # Define a flags field.
+      # @return [void]
+      def define_negotiate_flags
+        define_field_before :payload, :flags, PacketGen::Types::Int32le
+        define_bit_fields_on :flags, :flags_w, :flags_v, :flags_u, :flags_r13, 3,
+                             :flags_t, :flags_r4, :flags_s, :flags_r,
+                             :flags_r5, :flags_q, :flags_p, :flags_r6,
+                             :flags_o, :flags_n, :flags_m, :flags_r7,
+                             :flags_l, :flags_k, :flags_j, :flags_r8,
+                             :flags_h, :flags_r9, :flags_g, :flags_f,
+                             :flags_e, :flags_d, :flags_r10, :flags_c,
+                             :flags_b, :flags_a
+        alias_method :nego56?, :flags_w?
+        alias_method :key_exch?, :flags_v?
+        alias_method :nego128?, :flags_u?
+        alias_method :version?, :flags_t?
+        alias_method :target_info?, :flags_s?
+        alias_method :non_nt_session_key?, :flags_r?
+        alias_method :identify?, :flags_q?
+        alias_method :ext_session_security?, :flags_p?
+        alias_method :target_type_server?, :flags_o?
+        alias_method :target_type_domain?, :flags_n?
+        alias_method :always_sign?, :flags_m?
+        alias_method :oem_workstation_supplied?, :flags_l?
+        alias_method :oem_domain_supplied?, :flags_k?
+        alias_method :anonymous?, :flags_j?
+        alias_method :ntlm?, :flags_h?
+        alias_method :lm_key?, :flags_g?
+        alias_method :datagram?, :flags_f?
+        alias_method :seal?, :flags_e?
+        alias_method :sign?, :flags_d?
+        alias_method :request_target?, :flags_c?
+        alias_method :oem?, :flags_b?
+        alias_method :unicode?, :flags_a?
+        alias_method :old_flags_a=, :flags_a=
+        alias_method :old_flags=, :flags=
+
+        class_eval do
+          def flags_a=(value)
+            self.old_flags_a = value
+            self.class.payload_fields.each do |name, _|
+              attr = send(name)
+              attr.unicode = value if attr.respond_to?(:unicode=)
+            end
+
+            value
+          end
+
+          def flags=(value)
+            self.old_flags = value
+            self.flags_a = value & 1
+          end
+        end
+      end
+
+      # Define a field in payload. Also add +name_len+, +name_maxlen+ and
+      # +name_offset+ fields.
+      # @param [Symbol] name name of field.
+      # @param [Class,nil] type type of +name+ field.
+      # @param [Hash] options type's options needed at build time
+      # @return [void]
+      def define_in_payload(name, type=SMB::String, options={})
+        @payload_fields ||= {}
+        @payload_fields[name] = [type, options]
+
+        define_field_before :payload, :"#{name}_len", PacketGen::Types::Int16le
+        define_field_before :payload, :"#{name}_maxlen", PacketGen::Types::Int16le
+        define_field_before :payload, :"#{name}_offset", PacketGen::Types::Int32le
+
+        attr_accessor name
+      end
+    end
+
+    # @abstract This method is meaningful for {NTLM} subclasses only.
+    def initialize(options={})
+      super
+      return if self.class.payload_fields.nil?
+
+      self.class.payload_fields.each do |name, type_and_opt|
+        type, options = type_and_opt
+        content = if type.new.respond_to?(:unicode?)
+                    type.new(options.merge(unicode: unicode?))
+                  else
+                    type.new(options)
+                  end
+        send(:"#{name}=", content)
+      end
+    end
+
+    # @abstract This class is meaningful for {NTLM} subclasses only.
+    # Populate object from a binary string
+    # @param [String] str
+    # @return [self]
+    def read(str)
+      super
+      return self if self.class.payload_fields.nil?
+
+      self.class.payload_fields.each do |name, type_and_opt|
+        type, options = type_and_opt
+        offset_in_payload = send(:"#{name}_offset") - offset_of(:payload)
+        length = send(:"#{name}_len")
+        content = if type.new.respond_to?(:unicode?)
+                    type.new(options.merge(unicode: unicode?))
+                  else
+                    type.new(options)
+                  end
+        content.read(payload[offset_in_payload, length]) if length.positive?
+        send(:"#{name}=", content)
+      end
+
+      self
+    end
+
+    # @abstract This class is meaningful for {NTLM} subclasses only.
+    # Calculate and set +len+, +maxlen+ and +offset+ fields defined for
+    # fields in {#payload}.
+    # @return [void]
+    def calc_length
+      return self if self.class.payload_fields.nil?
+
+      previous_len = 0
+      self.class.payload_fields.each do |name, _type_and_opt|
+        send(:"#{name}_len=", 0)
+        send(:"#{name}_offset=", offset_of(:payload) + previous_len)
+
+        field = send(name)
+        next unless field && !field.empty?
+
+        length = field.respond_to?(:sz) ? field.sz : field.size
+        send(:"#{name}_len=", length)
+        send(:"#{name}_maxlen=", length)
+        previous_len = length
+      end
+    end
+
+    # @abstract This class is meaningful for {NTLM} subclasses only.
+    # @return [String]
+    def to_s
+      s = super
+      return s if self.class.payload_fields.nil?
+
+      self.class.payload_fields.each do |name, _type_and_opt|
+        attr = send(name)
+        attr.unicode = unicode? if attr.respond_to?(:unicode=)
+        s << attr.to_s unless attr.nil? || send("#{name}_len").zero?
+      end
+      s
+    end
+  end
+end
+
+require_relative 'ntlm/av_pair'
+require_relative 'ntlm/ntlmv2_response'
+require_relative 'ntlm/negotiate'
+require_relative 'ntlm/challenge'
+require_relative 'ntlm/authenticate'

data/lib/packetgen/plugin/smb/blocks.rb

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
+
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
 
-# frozen_string_literal: true
-
 module PacketGen::Plugin
   class SMB
     # Common blocks used for unsupported SMB messages.

data/lib/packetgen/plugin/smb/browser/domain_announcement.rb

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
+
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
 
-# frozen_string_literal: true
-
 module PacketGen::Plugin
   class SMB
     class Browser

data/lib/packetgen/plugin/smb/browser/host_announcement.rb

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
+
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
 
-# frozen_string_literal: true
-
 module PacketGen::Plugin
   class SMB
     class Browser

data/lib/packetgen/plugin/smb/browser/local_master_announcement.rb

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
+
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
 
-# frozen_string_literal: true
-
 module PacketGen::Plugin
   class SMB
     class Browser

data/lib/packetgen/plugin/smb/browser.rb

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
+
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
 
-# frozen_string_literal: true
-
 module PacketGen::Plugin
   class SMB
     # Browser Trans sub-protocol.

data/lib/packetgen/plugin/smb/close/request.rb

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
+
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
 
-# frozen_string_literal: true
-
 module PacketGen::Plugin
   class SMB
     module Close

data/lib/packetgen/plugin/smb/close/response.rb

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
+
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
 
-# frozen_string_literal: true
-
 module PacketGen::Plugin
   class SMB
     module Close

data/lib/packetgen/plugin/smb/close.rb

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
+
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
 
-# frozen_string_literal: true
-
 module PacketGen::Plugin
   class SMB
     # Namespace for CLOSE related classes

data/lib/packetgen/plugin/smb/filetime.rb

@@ -1,15 +1,17 @@
+# frozen_string_literal: true
+
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
 
-# frozen_string_literal: true
-
 module PacketGen::Plugin
   class SMB
     # SMB FILETIME.
     # @author Sylvain Daubert
     class Filetime
+      include PacketGen::Types::Fieldable
+
       # Base time for SMB FILETIME.
       # This value also indicate no time.
       NO_TIME = Time.utc(1601).freeze
@@ -22,6 +24,12 @@ module PacketGen::Plugin
       # String to parse time
       PARSE_TIME_STR = '%Y-%m-%d %H:%M:%S.%N %Z'
 
+      # Return a new Filetime object initialized to current time.
+      # @return [Filetime]
+      def self.now
+        new(time: Time.now.utc)
+      end
+
       # @param [Hash] options
       # @option options [Integer] :filetime
       # @option options [Time] :time

data/lib/packetgen/plugin/smb/negotiate/dialect.rb

@@ -1,3 +1,10 @@
+# frozen_string_literal: true
+
+# This file is part of packetgen-plugin-smb.
+# See https://github.com/sdaubert/packetgen-plugin-smb for more informations
+# Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+
 module PacketGen::Plugin
   class SMB
     module Negotiate

data/lib/packetgen/plugin/smb/negotiate/request.rb

@@ -1,3 +1,10 @@
+# frozen_string_literal: true
+
+# This file is part of packetgen-plugin-smb.
+# See https://github.com/sdaubert/packetgen-plugin-smb for more informations
+# Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+
 module PacketGen::Plugin
   class SMB
     module Negotiate

data/lib/packetgen/plugin/smb/negotiate/response.rb

@@ -1,13 +1,19 @@
+# frozen_string_literal: true
+
+# This file is part of packetgen-plugin-smb.
+# See https://github.com/sdaubert/packetgen-plugin-smb for more informations
+# Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+
 module PacketGen::Plugin
   class SMB
     module Negotiate
       # SMB Negotiation Response header.
       #
-      # See also {Blocks}, as {Negotiate::Rersponse} is a specialization of {Blocks#words}
+      # See also {Blocks}, as {Negotiate::Response} is a specialization of {Blocks#words}
       # and {Blocks#bytes}.
       # @author Sylvain Daubert
       class Response < Blocks
-
         # Get index of the dialect selected by the server from the list presented in the request.
         # @return [Integer]
         def dialect_index
@@ -20,4 +26,4 @@ module PacketGen::Plugin
       end
     end
   end
-end
+end

data/lib/packetgen/plugin/smb/negotiate.rb

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
+
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
 
-# frozen_string_literal: true
-
 module PacketGen::Plugin
   class SMB
     # Namespace for NEGOTIATE related classes

data/lib/packetgen/plugin/smb/nt_create_and_x.rb

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
+
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
 
-# frozen_string_literal: true
-
 module PacketGen::Plugin
   class SMB
     # Namespace for NT_CREATE_ANDX related classes

data/lib/packetgen/plugin/smb/ntcreateandx/request.rb

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
+
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
 
-# frozen_string_literal: true
-
 module PacketGen::Plugin
   class SMB
     # Namespace for NT_CREATE_ANDX related classes
@@ -128,7 +128,7 @@ module PacketGen::Plugin
         #  Padding before {#filename} to align it on 16-bit boundary. Only present
         #  if {SMB#flags2_unicode?} is +true+.
         #  @return [Integer]
-        define_field :pad1, PacketGen::Types::Int8, optional: ->(h) { h.packet && h.packet.smb.flags2_unicode? }
+        define_field :pad1, PacketGen::Types::Int8, optional: ->(h) { h&.packet&.smb&.flags2_unicode? }
         # @!attribute filename
         #  A string that represents the fully qualified name of the file
         #  relative to the supplied TID
@@ -154,6 +154,6 @@ module PacketGen::Plugin
           self.byte_count = bcount
         end
       end
-      end
+    end
   end
 end

data/lib/packetgen/plugin/smb/ntcreateandx/response.rb

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
+
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
 
-# frozen_string_literal: true
-
 module PacketGen::Plugin
   class SMB
     # Namespace for NT_CREATE_ANDX related classes

data/lib/packetgen/plugin/smb/string.rb

@@ -1,28 +1,39 @@
+# frozen_string_literal: true
+
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
 
-# frozen_string_literal: true
+require 'forwardable'
 
 module PacketGen::Plugin
   class SMB
-    # SMB strings (UTF-16 little-endian).
+    # SMB strings (UTF-16 little-endian or OEM).
     # @author Sylvain Daubert
-    class String < PacketGen::Types::CString
-      # @param [Boolean] value
+    class String
+      extend Forwardable
+      include PacketGen::Types::Fieldable
+
+      def_delegators :@string, :[], :length, :size, :inspect, :==, :<<,
+                     :unpack, :force_encoding, :encoding, :index, :empty?,
+                     :encode
+
+      # @return [::String]
+      attr_reader :string
+      # @param [Boolean] null_terminated
       # @return [Boolean]
-      attr_writer :unicode
+      attr_writer :null_terminated
 
       # @param [Hash] options
-      # @option options [Integer] :static_length set a static length for this string
       # @option options [Boolean] :unicode If +true+, string is encoded as a UTF-16
       #    unicode string. If +false+, string is encode in ASCII. Defaults to +true+.
+      # @option options [Boolean] :null_terminated If +true+, string is null-terminated.
+      #    If +false+, string is not null-terminated. Defaults to +true+.
       def initialize(options={})
-        super
         @unicode = options.key?(:unicode) ? options[:unicode] : true
-        self.encode!('UTF-16LE') if @unicode
-        self.encode!('ASCII-8BIT') unless @unicode
+        @null_terminated = options.key?(:null_terminated) ? options[:null_terminated] : true
+        @string = +''.encode(self_encoding)
       end
 
       # @return [Boolean]
@@ -30,6 +41,19 @@ module PacketGen::Plugin
         @unicode
       end
 
+      # @param [Boolean] bool
+      # @return [Boolean]
+      def unicode=(bool)
+        @unicode = bool
+        @string.force_encoding(self_encoding)
+        bool
+      end
+
+      # @return [Boolean]
+      def null_terminated?
+        @null_terminated
+      end
+
       # @param [::String] str
       # @return [String] self
       def read(str)
@@ -37,34 +61,47 @@ module PacketGen::Plugin
 
         str2 = case str.encoding
                when Encoding::BINARY
-                 binidx = nil
-                 0.step(to: str.size, by: 2) do |i|
-                   binidx = i if str[i, 2] == binary_terminator
-                 end
-                 s = if binidx.nil?
-                       str
-                     else
-                       str[0, binidx]
-                     end
-                 s.force_encoding(self_encoding)
+                 str.dup.force_encoding(self_encoding)
                else
                  str.encode(self_encoding)
                end
-        str2 = str2[0, @static_length / 2] if @static_length.is_a? Integer
         idx = str2.index(+"\x00".encode(self_encoding))
         str2 = str2[0, idx] unless idx.nil?
-        self.replace str2
+        @string = str2
         self
       end
 
+      # @return [String]
+      def to_s
+        str = string.dup.force_encoding('BINARY')
+        return str unless null_terminated?
+
+        str << binary_terminator.force_encoding('BINARY')
+      end
+
+      # Populate String from a human readable (ie UTF-8) string
+      # @param [String] str
+      # @return [self]
+      def from_human(str)
+        return self if str.nil?
+
+        @string = str.encode(self_encoding)
+        self
+      end
+
+      # @return [String]
+      def to_human
+        string.encode('UTF-8')
+      end
+
       private
 
       def self_encoding
-        @unicode ? Encoding::UTF_16LE : Encoding:: ASCII_8BIT
+        @unicode ? Encoding::UTF_16LE : Encoding::ASCII_8BIT
       end
 
       def binary_terminator
-        @unicode ? "\x00\x00" : "\x00"
+        [0].pack('C').encode(self_encoding)
       end
     end
   end

data/lib/packetgen/plugin/smb/trans/request.rb

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
+
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
 
-# frozen_string_literal: true
-
 module PacketGen::Plugin
   class SMB
     module Trans
@@ -96,7 +96,7 @@ module PacketGen::Plugin
         #  8-bit optional padding to align {#name} on a 2-byte boundary. Only present
         #  if {SMB#flags2_unicode?} is +true+.
         #  @return [Integer]
-        define_field :padname, PacketGen::Types::Int8, optional: ->(h) { h.packet && h.packet.smb.flags2_unicode? }
+        define_field :padname, PacketGen::Types::Int8, optional: ->(h) { h&.packet&.smb&.flags2_unicode? }
         # @!attribute name
         #  Pathname of the mailslot or named pipe.
         #  @return [String]

data/lib/packetgen/plugin/smb/trans/response.rb

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
+
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
 
-# frozen_string_literal: true
-
 module PacketGen::Plugin
   class SMB
     module Trans

data/lib/packetgen/plugin/smb/trans.rb

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
+
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
 
-# frozen_string_literal: true
-
 module PacketGen::Plugin
   class SMB
     # Namespace for TRANS related classes