ruby_smb 0.0.21 → 0.0.22

data/spec/lib/ruby_smb/smb1/packet/trans/transact_nmpipe_request_spec.rb

@@ -0,0 +1,254 @@
+RSpec.describe RubySMB::SMB1::Packet::Trans::TransactNmpipeRequest do
+  subject(:packet) { described_class.new }
+
+  describe '#smb_header' do
+    subject(:header) { packet.smb_header }
+
+    it 'is a standard SMB Header' do
+      expect(header).to be_a RubySMB::SMB1::SMBHeader
+    end
+
+    it 'should have the command set to SMB_COM_TRANSACTION' do
+      expect(header.command).to eq RubySMB::SMB1::Commands::SMB_COM_TRANSACTION
+    end
+
+    it 'should not have the response flag set' do
+      expect(header.flags.reply).to eq 0
+    end
+  end
+
+  describe '#parameter_block' do
+    subject(:parameter_block) { packet.parameter_block }
+
+    it 'is a Packet Trans Request ParameterBlock' do
+      expect(parameter_block).to be_a RubySMB::SMB1::Packet::Trans::Request::ParameterBlock
+    end
+
+    describe '#total_parameter_count' do
+      it 'is set to 0x0000' do
+        expect(parameter_block.total_parameter_count).to eq(0x0000)
+      end
+    end
+
+    describe '#total_data_count' do
+      it 'has a default value equal to #data_count' do
+        parameter_block.data_count = 5
+        expect(parameter_block.total_data_count).to eq 5
+      end
+    end
+
+    describe '#max_parameter_count' do
+      it 'is set to 0x0000' do
+        expect(parameter_block.max_parameter_count).to eq(0x0000)
+      end
+    end
+
+    describe '#max_setup_count' do
+      it 'is set to 0x00' do
+        expect(parameter_block.max_setup_count).to eq(0x00)
+      end
+    end
+
+    describe '#flags' do
+      it 'is set to 0x0000' do
+        expect(parameter_block.flags.to_binary_s.to_i).to eq(0x0000)
+      end
+    end
+
+    describe '#timeout' do
+      it 'is set to 0x00000000' do
+        expect(parameter_block.timeout).to eq 0x00000000
+      end
+    end
+
+    describe '#parameter_count' do
+      it 'is set to 0x0000' do
+        expect(parameter_block.parameter_count).to eq(0x0000)
+      end
+    end
+
+    describe '#data_count' do
+      it 'is set to the number of data bytes to be written to the named pipe' do
+        packet.data_block.trans_data.write_data = "\x00\x01\x02\x03"
+        expect(parameter_block.data_count).to eq 4
+      end
+    end
+
+    describe '#setup_count' do
+      it 'is set to 2' do
+        expect(parameter_block.setup_count).to eq(2)
+      end
+    end
+
+    describe '#setup' do
+      it 'includes the TRANSACT_NMPIPE subcommand code' do
+        expect(parameter_block.setup[0]).to eq(RubySMB::SMB1::Packet::Trans::Subcommands::TRANSACT_NMPIPE)
+      end
+
+      it 'includes the FID set to 0x0000 by default' do
+        expect(parameter_block.setup[1]).to eq(0x0000)
+      end
+    end
+  end
+
+  describe '#data_block' do
+    subject(:data_block) { packet.data_block }
+
+    it 'is a standard DataBlock' do
+      expect(data_block).to be_a RubySMB::SMB1::DataBlock
+    end
+
+    it { is_expected.to respond_to :name }
+    it { is_expected.to respond_to :trans_parameters }
+    it { is_expected.to respond_to :trans_data }
+
+    describe '#pad_name' do
+      context 'when the UNICODE flag is not set in the Flags2 field of the SMB Header' do
+        it 'does not exists' do
+          expect(data_block).to_not be_pad_name
+        end
+      end
+
+      context 'when the UNICODE flag is set in the Flags2 field of the SMB Header' do
+        before :example do
+          packet.smb_header.flags2.unicode = 1
+        end
+
+        it 'exists' do
+          expect(data_block).to be_pad_name
+        end
+
+        it 'is one null byte when #name is not 2-byte aligned' do
+          expect(data_block.pad_name).to eq("\x00")
+        end
+
+        it 'should keep #name 2-byte aligned' do
+          expect(data_block.name.abs_offset % 2).to eq 0
+        end
+      end
+    end
+
+    describe '#name' do
+      context 'when the UNICODE flag is not set in the Flags2 field of the SMB Header' do
+        it 'is a Stringz' do
+          expect(data_block.name.current_choice).to be_a BinData::Stringz
+        end
+
+        it 'is ASCII encoded' do
+          expect(data_block.name.encoding.name).to eq("ASCII-8BIT")
+        end
+
+        it 'is set to "\\PIPE\\\x00" by default' do
+          expect(data_block.name.to_binary_s).to eq("\\PIPE\\\x00")
+        end
+
+        it 'adds a NULL terminator to the string' do
+          str = "test"
+          data_block.name = str
+          expect(data_block.name.to_binary_s).to eq(str + "\x00")
+        end
+      end
+
+      context 'when the UNICODE flag is set in the Flags2 field of the SMB Header' do
+        before :example do
+          packet.smb_header.flags2.unicode = 1
+        end
+
+        it 'is a Stringz16' do
+          expect(data_block.name.current_choice).to be_a RubySMB::Field::Stringz16
+        end
+
+        it 'is UTF-16LE encoded' do
+          expect(data_block.name.encoding.name).to eq("UTF-16LE")
+        end
+
+        it 'is set to the null terminated unicode string "\\PIPE\\" by default' do
+          binary_str = "\\PIPE\\\x00".encode('utf-16le').force_encoding('ASCII')
+          expect(data_block.name.to_binary_s).to eq(binary_str)
+        end
+
+        it 'adds a NULL terminator to the string' do
+          str = "test"
+          data_block.name = str
+          binary_str = (str + "\x00").encode('utf-16le').force_encoding('ASCII')
+          expect(data_block.name.to_binary_s).to eq(binary_str)
+        end
+      end
+
+      context 'when switching from ASCII to UNICODE' do
+        it 'encodes the same string to UNICODE' do
+          packet = RubySMB::SMB1::Packet::Trans::Request.new
+          data_block = packet.data_block
+
+          str = "test"
+          data_block.name = str
+          expect(data_block.name.to_binary_s).to eq(str + "\x00")
+          packet.smb_header.flags2.unicode = 1
+          binary_str = (str + "\x00").encode('utf-16le').force_encoding('ASCII')
+          expect(data_block.name.to_binary_s).to eq(binary_str)
+        end
+      end
+    end
+
+    describe '#trans_parameters' do
+      it 'is a String' do
+        expect(data_block.trans_parameters).to be_a BinData::String
+      end
+
+      it 'reads the number of bytes specified in parameter_block parameter_count field' do
+        packet.parameter_block.parameter_count = 3
+        data_block.trans_parameters.read("ABCDEF")
+        expect(data_block.trans_parameters).to eq("ABC")
+      end
+    end
+
+    describe '#trans_data' do
+      subject(:data) { data_block.trans_data }
+
+      it { is_expected.to respond_to :write_data }
+
+      describe '#write_data' do
+        it 'is a String' do
+          expect(data.write_data).to be_a BinData::String
+        end
+
+        it 'reads the number of bytes specified in parameter_block parameter_count field' do
+          packet.parameter_block.data_count = 3
+          data.write_data.read("ABCDEF")
+          expect(data.write_data).to eq("ABC")
+        end
+      end
+    end
+
+    describe '#pad1' do
+      it 'should keep #trans_parameters 4-byte aligned' do
+        expect(data_block.trans_parameters.abs_offset % 4).to eq 0
+      end
+    end
+
+    describe '#pad2' do
+      it 'should keep #trans_data 4-byte aligned' do
+        data_block.trans_parameters = 'a'
+        expect(data_block.trans_data.abs_offset % 4).to eq 0
+      end
+    end
+  end
+
+  describe '#set_fid' do
+    it 'sets the FID in the parameter_block #setup field' do
+      fid = 0xAABB
+      packet.set_fid(fid)
+      expect(packet.parameter_block.setup[1]).to eq(fid)
+    end
+  end
+
+  it 'reads its own binary representation and output the same packet' do
+    # Adding some data to the ParameterBlock and DataBlock to make sure
+    # paddings and lengths are handled correctly
+    packet.set_fid(0xAABB)
+    packet.data_block.trans_data.write_data = 'a'
+    binary = packet.to_binary_s
+    expect(described_class.read(binary)).to eq(packet)
+  end
+end
+

data/spec/lib/ruby_smb/smb1/packet/trans/transact_nmpipe_response_spec.rb

@@ -0,0 +1,122 @@
+RSpec.describe RubySMB::SMB1::Packet::Trans::TransactNmpipeResponse do
+  subject(:packet) { described_class.new }
+
+  describe '#smb_header' do
+    subject(:header) { packet.smb_header }
+
+    it 'is a standard SMB Header' do
+      expect(header).to be_a RubySMB::SMB1::SMBHeader
+    end
+
+    it 'should have the command set to SMB_COM_TRANSACTION' do
+      expect(header.command).to eq RubySMB::SMB1::Commands::SMB_COM_TRANSACTION
+    end
+
+    it 'should have the response flag set' do
+      expect(header.flags.reply).to eq 1
+    end
+  end
+
+  describe '#parameter_block' do
+    subject(:parameter_block) { packet.parameter_block }
+
+    it 'is a Packet Trans Response ParameterBlock' do
+      expect(parameter_block).to be_a RubySMB::SMB1::Packet::Trans::Response::ParameterBlock
+    end
+
+    describe '#total_parameter_count' do
+      it 'is set to 0x0000' do
+        expect(parameter_block.total_parameter_count).to eq(0x0000)
+      end
+    end
+
+    describe '#total_data_count' do
+      it 'has a default value equal to #data_count' do
+        parameter_block.data_count = 5
+        expect(parameter_block.total_data_count).to eq 5
+      end
+    end
+
+    describe '#parameter_count' do
+      it 'is set to 0x0000' do
+        expect(parameter_block.parameter_count).to eq(0x0000)
+      end
+    end
+
+    describe '#data_count' do
+      it 'is set to the number of data bytes read from the named pipe' do
+        packet.data_block.trans_data.read_data = "\x00\x01\x02\x03"
+        expect(parameter_block.data_count).to eq 4
+      end
+    end
+
+    describe '#setup_count' do
+      it 'is set to 0' do
+        expect(parameter_block.setup_count).to eq(0)
+      end
+    end
+  end
+
+  describe '#data_block' do
+    subject(:data_block) { packet.data_block }
+
+    it 'is a standard DataBlock' do
+      expect(data_block).to be_a RubySMB::SMB1::DataBlock
+    end
+
+    it { is_expected.to respond_to :trans_parameters }
+    it { is_expected.to respond_to :trans_data }
+
+    describe '#trans_parameters' do
+      it 'is a String' do
+        expect(data_block.trans_parameters).to be_a BinData::String
+      end
+
+      it 'reads the number of bytes specified in parameter_block parameter_count field' do
+        packet.parameter_block.parameter_count = 3
+        data_block.trans_parameters.read("ABCDEF")
+        expect(data_block.trans_parameters).to eq("ABC")
+      end
+    end
+
+    describe '#trans_data' do
+      subject(:data) { data_block.trans_data }
+
+      it { is_expected.to respond_to :read_data }
+
+      describe '#read_data' do
+        it 'is a String' do
+          expect(data.read_data).to be_a BinData::String
+        end
+
+        it 'reads the number of bytes specified in parameter_block parameter_count field' do
+          packet.parameter_block.data_count = 3
+          data.read_data.read("ABCDEF")
+          expect(data.read_data).to eq("ABC")
+        end
+      end
+    end
+
+    describe '#pad1' do
+      it 'should keep #trans_parameters 4-byte aligned' do
+        expect(data_block.trans_parameters.abs_offset % 4).to eq 0
+      end
+    end
+
+    describe '#pad2' do
+      it 'should keep #trans_data 4-byte aligned' do
+        data_block.trans_parameters = 'a'
+        expect(data_block.trans_data.abs_offset % 4).to eq 0
+      end
+    end
+  end
+
+  it 'reads its own binary representation and output the same packet' do
+    # Adding some data to the DataBlock to make sure
+    # paddings and lengths are handled correctly
+    packet.data_block.trans_data.read_data = 'a'
+    binary = packet.to_binary_s
+    expect(described_class.read(binary)).to eq(packet)
+  end
+end
+

data/spec/lib/ruby_smb/smb1/packet/trans2/request_spec.rb

@@ -39,8 +39,8 @@ RSpec.describe RubySMB::SMB1::Packet::Trans2::Request do
     it { is_expected.to respond_to :setup_count }
 
     describe 'flags' do
-      it 'is a trans2_flags BitField' do
-        expect(parameter_block.flags).to be_a RubySMB::SMB1::BitField::Trans2Flags
+      it 'is a trans_flags BitField' do
+        expect(parameter_block.flags).to be_a RubySMB::SMB1::BitField::TransFlags
       end
     end
 

data/spec/lib/ruby_smb/smb1/pipe_spec.rb

@@ -62,4 +62,202 @@ RSpec.describe RubySMB::SMB1::Pipe do
     end
   end
 
-end
+  context 'with DCERPC' do
+    describe '#net_share_enum_all' do
+      let(:host) { '1.2.3.4' }
+      let(:dcerpc_response) { RubySMB::Dcerpc::Response.new }
+
+      before :example do
+        allow(pipe).to receive(:bind)
+        allow(pipe).to receive(:request).and_return(dcerpc_response)
+        allow(RubySMB::Dcerpc::Srvsvc::NetShareEnumAll).to receive(:parse_response).and_return([])
+      end
+
+      it 'calls #bind with the expected arguments' do
+        expect(pipe).to receive(:bind).with(endpoint: RubySMB::Dcerpc::Srvsvc)
+        pipe.net_share_enum_all(host)
+      end
+
+      it 'calls #request with the expected arguments' do
+        expect(pipe).to receive(:request).with(RubySMB::Dcerpc::Srvsvc::NET_SHARE_ENUM_ALL, host: host)
+        pipe.net_share_enum_all(host)
+      end
+
+      it 'parse the response with NetShareEnumAll #parse_response method' do
+        stub = 'ABCD'
+        dcerpc_response.alloc_hint = stub.size
+        dcerpc_response.stub = stub
+        expect(RubySMB::Dcerpc::Srvsvc::NetShareEnumAll).to receive(:parse_response).with(stub)
+        pipe.net_share_enum_all(host)
+      end
+
+      it 'returns the remote shares' do
+        shares = [
+          ["C$", "DISK", "Default share"],
+          ["Shared", "DISK", ""],
+          ["IPC$", "IPC", "Remote IPC"],
+          ["ADMIN$", "DISK", "Remote Admin"]
+        ]
+        output = [
+          {:name=>"C$", :type=>"DISK", :comment=>"Default share"},
+          {:name=>"Shared", :type=>"DISK", :comment=>""},
+          {:name=>"IPC$", :type=>"IPC", :comment=>"Remote IPC"},
+          {:name=>"ADMIN$", :type=>"DISK", :comment=>"Remote Admin"},
+        ]
+        allow(RubySMB::Dcerpc::Srvsvc::NetShareEnumAll).to receive(:parse_response).and_return(shares)
+        expect(pipe.net_share_enum_all(host)).to eq(output)
+      end
+    end
+
+    describe '#bind' do
+      let(:options) { { endpoint: RubySMB::Dcerpc::Srvsvc } }
+      let(:bind_packet) { RubySMB::Dcerpc::Bind.new(options) }
+      let(:bind_ack_packet) { RubySMB::Dcerpc::BindAck.new }
+
+      before :example do
+        allow(RubySMB::Dcerpc::Bind).to receive(:new).and_return(bind_packet)
+        allow(pipe).to receive(:write)
+        allow(pipe).to receive(:read)
+        bind_ack_packet.p_result_list.n_results = 1
+        bind_ack_packet.p_result_list.p_results[0].result = RubySMB::Dcerpc::BindAck::ACCEPTANCE
+        allow(RubySMB::Dcerpc::BindAck).to receive(:read).and_return(bind_ack_packet)
+      end
+
+      it 'creates a Bind packet' do
+        expect(RubySMB::Dcerpc::Bind).to receive(:new).with(options).and_return(bind_packet)
+        pipe.bind(options)
+      end
+
+      it 'writes to the named pipe' do
+        expect(pipe).to receive(:write).with(data: bind_packet.to_binary_s)
+        pipe.bind(options)
+      end
+
+      it 'reads the socket' do
+        expect(pipe).to receive(:read)
+        pipe.bind(options)
+      end
+
+      it 'creates a BindAck packet from the response' do
+        raw_response = RubySMB::Dcerpc::BindAck.new.to_binary_s
+        allow(pipe).to receive(:read).and_return(raw_response)
+        expect(RubySMB::Dcerpc::BindAck).to receive(:read).with(raw_response).and_return(bind_ack_packet)
+        pipe.bind(options)
+      end
+
+      it 'raises the expected exception when an invalid packet is received' do
+        allow(RubySMB::Dcerpc::BindAck).to receive(:read).and_raise(IOError)
+        expect { pipe.bind(options) }.to raise_error(RubySMB::Dcerpc::Error::InvalidPacket)
+      end
+
+      it 'raises the expected exception when it is not a BindAck packet' do
+        response = RubySMB::Dcerpc::Bind.new
+        allow(RubySMB::Dcerpc::BindAck).to receive(:read).and_return(response)
+        expect { pipe.bind(options) }.to raise_error(RubySMB::Dcerpc::Error::BindError)
+      end
+
+      it 'raises an exception when no result is returned' do
+        bind_ack_packet.p_result_list.n_results = 0
+        expect { pipe.bind(options) }.to raise_error(RubySMB::Dcerpc::Error::BindError)
+      end
+
+      it 'raises an exception when result is not ACCEPTANCE' do
+        bind_ack_packet.p_result_list.p_results[0].result = RubySMB::Dcerpc::BindAck::USER_REJECTION
+        expect { pipe.bind(options) }.to raise_error(RubySMB::Dcerpc::Error::BindError)
+      end
+
+      it 'returns the expected BindAck packet' do
+        expect(pipe.bind(options)).to eq(bind_ack_packet)
+      end
+    end
+
+    describe '#request' do
+      let(:options) { { host: '1.2.3.4' } }
+      let(:opnum) { RubySMB::Dcerpc::Srvsvc::NET_SHARE_ENUM_ALL }
+      let(:req_packet) { RubySMB::Dcerpc::Request.new({ :opnum => opnum }, options) }
+      let(:nmpipe_packet) { RubySMB::SMB1::Packet::Trans::TransactNmpipeRequest.new(options) }
+      let(:nmpipe_response) { RubySMB::SMB1::Packet::Trans::TransactNmpipeResponse.new }
+      let(:res_packet) { RubySMB::Dcerpc::Response.new }
+
+      before :example do
+        allow(RubySMB::Dcerpc::Request).to receive(:new).and_return(req_packet)
+        allow(RubySMB::SMB1::Packet::Trans::TransactNmpipeRequest).to receive(:new).and_return(nmpipe_packet)
+        allow(client).to receive(:send_recv)
+        allow(RubySMB::SMB1::Packet::Trans::TransactNmpipeResponse).to receive(:read).and_return(nmpipe_response)
+        allow(RubySMB::Dcerpc::Response).to receive(:read).and_return(res_packet)
+      end
+
+      it 'creates a Request packet' do
+        expect(RubySMB::Dcerpc::Request).to receive(:new).and_return(req_packet)
+        pipe.request(opnum, options)
+      end
+
+      it 'creates a Trans TransactNmpipeRequest packet' do
+        expect(RubySMB::SMB1::Packet::Trans::TransactNmpipeRequest).to receive(:new).and_return(nmpipe_packet)
+        pipe.request(opnum, options)
+      end
+
+      it 'calls Tree #set_header_fields' do
+        expect(tree).to receive(:set_header_fields).with(nmpipe_packet)
+        pipe.request(opnum, options)
+      end
+
+      it 'calls TransactNmpipeRequest #set_fid' do
+        expect(nmpipe_packet).to receive(:set_fid).with(pipe.fid)
+        pipe.request(opnum, options)
+      end
+
+      it 'sets the expected data on the request' do
+        expect(client).to receive(:send_recv) do
+          expect(nmpipe_packet.data_block.trans_data.write_data).to eq(req_packet.to_binary_s)
+        end
+        pipe.request(opnum, options)
+      end
+
+      it 'sends the expected request' do
+        expect(client).to receive(:send_recv).with(nmpipe_packet)
+        pipe.request(opnum, options)
+      end
+
+      it 'creates a Trans TransactNmpipeResponse packet from the response' do
+        raw_response = double('Raw response')
+        allow(client).to receive(:send_recv).and_return(raw_response)
+        expect(RubySMB::SMB1::Packet::Trans::TransactNmpipeResponse).to receive(:read).with(raw_response).and_return(nmpipe_response)
+        pipe.request(opnum, options)
+      end
+
+      it 'raises the expected exception when it is not a Trans packet' do
+        response = RubySMB::SMB1::Packet::Trans2::Response.new
+        allow(RubySMB::SMB1::Packet::Trans::TransactNmpipeResponse).to receive(:read).and_return(response)
+        expect { pipe.request(opnum, options) }.to raise_error(RubySMB::Error::InvalidPacket)
+      end
+
+      it 'raises the expected exception when the status code is not STATUS_SUCCESS' do
+        nmpipe_response.smb_header.nt_status = WindowsError::NTStatus::STATUS_INVALID_HANDLE.value
+        expect { pipe.request(opnum, options) }.to raise_error(RubySMB::Error::UnexpectedStatusCode)
+      end
+
+      it 'creates a DCERPC Response packet from the response' do
+        nmpipe_response.data_block.trans_data.read_data = "test"
+        expect(RubySMB::Dcerpc::Response).to receive(:read).with(nmpipe_response.data_block.trans_data.read_data)
+        pipe.request(opnum, options)
+      end
+
+      it 'raises the expected exception when an invalid packet is received' do
+        allow(RubySMB::Dcerpc::Response).to receive(:read).and_raise(IOError)
+        expect { pipe.request(opnum, options) }.to raise_error(RubySMB::Dcerpc::Error::InvalidPacket)
+      end
+
+      it 'raises the expected exception when it is not a Response packet' do
+        response = RubySMB::Dcerpc::Request.new
+        allow(RubySMB::Dcerpc::Response).to receive(:read).and_return(response)
+        expect { pipe.request(opnum, options) }.to raise_error(RubySMB::Dcerpc::Error::InvalidPacket)
+      end
+
+      it 'returns the expected DCERPC Response' do
+        expect(pipe.request(opnum, options)).to eq(res_packet)
+      end
+    end
+  end
+
+end