ruby_smb 0.0.8

data/lib/ruby_smb/client/negotiation.rb

@@ -0,0 +1,126 @@
+module RubySMB
+  class Client
+    # This module holds all of the methods backing the {RubySMB::Client#negotiate} method
+    module Negotiation
+
+      # Handles the entire SMB Multi-Protocol Negotiation from the
+      # Client to the Server. It sets state on the client appropriate
+      # to the protocol and capabilites negotiated during the exchange.
+      #
+      # @return [void]
+      def negotiate
+        raw_response    = negotiate_request
+        response_packet = negotiate_response(raw_response)
+        parse_negotiate_response(response_packet)
+      end
+
+      # Creates and dispatches the first Negotiate Request Packet and
+      # returns the raw response data.
+      #
+      # @return [String] the raw binary string containing the response from the server
+      def negotiate_request
+        if smb1
+          request = smb1_negotiate_request
+        elsif smb2
+          request = smb2_negotiate_request
+        end
+        send_recv(request)
+      end
+
+      # Takes the raw response data from the server and tries
+      # parse it into a valid Response packet object.
+      # This method currently assumes that all SMB1 will use Extended Security.
+      #
+      # @param raw_data [String] the raw binary response from the server
+      # @return [RubySMB::SMB1::Packet::NegotiateResponseExtended] when the response is an SMB1 Extended Security Negotiate Response Packet
+      # @return [RubySMB::SMB2::Packet::NegotiateResponse] when the response is an SMB2 Negotiate Response Packet
+      def negotiate_response(raw_data)
+        response = nil
+        if smb1
+          begin
+            packet = RubySMB::SMB1::Packet::NegotiateResponseExtended.read raw_data
+          rescue Exception => e
+            raise RubySMB::Error::InvalidPacket, "Not a Valid SMB1 Negoitate Response #{e.message}"
+          end
+          if packet.valid?
+            response = packet
+          end
+        end
+        if smb2 && response.nil?
+          begin
+            packet = RubySMB::SMB2::Packet::NegotiateResponse.read raw_data
+          rescue Exception => e
+            raise RubySMB::Error::InvalidPacket, "Not a Valid SMB2 Negoitate Response #{e.message}"
+          end
+          response = packet
+        end
+        if response.nil?
+          raise RubySMB::Error::InvalidPacket, "No Valid Negotiate Response found"
+        end
+        response
+      end
+
+      # Sets the supported SMB Protocol and whether or not
+      # Signing is enabled based on the Negotiate Response Packet.
+      #
+      # @param packet [RubySMB::SMB1::Packet::NegotiateResponseExtended] if SMB1 was negotiated
+      # @param packet [RubySMB::SMB2::Packet::NegotiateResponse] if SMB2 was negotiated
+      # @return [void] This method sets state and does not return a meaningful value
+      def parse_negotiate_response(packet)
+        case packet
+          when RubySMB::SMB1::Packet::NegotiateResponseExtended
+            self.smb1 = true
+            self.smb2 = false
+            if packet.parameter_block.security_mode.security_signatures_required == 1
+              self.signing_required = true
+            else
+              self.signing_required = false
+            end
+            'SMB1'
+          when RubySMB::SMB2::Packet::NegotiateResponse
+            self.smb1 = false
+            self.smb2 = true
+            if packet.security_mode.signing_required == 1
+              self.signing_required = true
+            else
+              self.signing_required = false
+            end
+            'SMB2'
+        end
+      end
+
+
+      # Create a {RubySMB::SMB1::Packet::NegotiateRequest} packet with the
+      # dialects filled in based on the protocol options set on the Client.
+      #
+      # @return [RubySMB::SMB1::Packet::NegotiateRequest] a completed SMB1 Negotiate Request packet
+      def smb1_negotiate_request
+        packet = RubySMB::SMB1::Packet::NegotiateRequest.new
+        # Default to always enabling Extended Security. It simplifies the Negotiation process
+        # while being gauranteed to work with any modern Windows system. We can get more sophisticated
+        # with switching this on and off at a later date if the need arises.
+        packet.smb_header.flags2.extended_security = 1
+        # There is no real good reason to ever send an SMB1 Negotiate packet
+        # to Negotiate strictly SMB2, but the protocol WILL support it
+        packet.add_dialect(SMB1_DIALECT_SMB1_DEFAULT) if smb1
+        packet.add_dialect(SMB1_DIALECT_SMB2_DEFAULT) if smb2
+        packet
+      end
+
+      # Create a {RubySMB::SMB2::Packet::NegotiateRequest} packet with
+      # the default dialect added. This will never be used when we
+      # may want to communicate over SMB1
+      #
+      # @ return [RubySMB::SMB2::Packet::NegotiateRequest] a completed SMB2 Negotiate Request packet
+      def smb2_negotiate_request
+        packet = RubySMB::SMB2::Packet::NegotiateRequest.new
+        packet.smb2_header.message_id = self.smb2_message_id
+        # Increment the message id when doing SMB2
+        self.smb2_message_id += 1
+        packet.security_mode.signing_enabled = 1
+        packet.add_dialect(SMB2_DIALECT_DEFAULT)
+        packet
+      end
+    end
+  end
+end

data/lib/ruby_smb/client/signing.rb

@@ -0,0 +1,48 @@
+module RubySMB
+  class Client
+
+    # Contains the methods for handling packet signing
+    module Signing
+
+      # The NTLM Session Key used for signing
+      # @!attribute [rw] session_key
+      #   @return [String]
+      attr_accessor :session_key
+
+      # Take an SMB1 packet and checks to see if it should be signed.
+      # If signing is enabled and we have a session key already, then
+      # it will sign the packet appropriately.
+      #
+      # @param packet [RubySMB::GenericPacket] the packet to sign
+      # @return [RubySMB::GenericPacket] the packet, signed if needed
+      def smb1_sign(packet)
+        if self.signing_required && !self.session_key.empty?
+          packet.smb_header.security_features = self.sequence_counter
+          signature = OpenSSL::Digest::MD5.digest(self.session_key + packet.to_binary_s)[0,8]
+          packet.smb_header.security_features = signature
+          self.sequence_counter += 1
+          packet
+        else
+          packet
+        end
+      end
+
+      # Take an SMB2 packet and checks to see if it should be signed.
+      # If signing is enabled and we have a session key already, then
+      # it will sign the packet appropriately.
+      #
+      # @param packet [RubySMB::GenericPacket] the packet to sign
+      # @return [RubySMB::GenericPacket] the packet, signed if needed
+      def smb2_sign(packet)
+        if self.signing_required && !self.session_key.empty?
+          hmac = OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, self.session_key, packet.to_binary_s)
+          packet.smb2_header.signature = hmac
+          packet
+        else
+          packet
+        end
+      end
+
+    end
+  end
+end

data/lib/ruby_smb/client.rb

@@ -0,0 +1,164 @@
+module RubySMB
+
+  # Represents an SMB client capable of talking to SMB1 or SMB2 servers and handling
+  # all end-user client functionality.
+  class Client
+    require 'ruby_smb/client/negotiation'
+    require 'ruby_smb/client/authentication'
+    require 'ruby_smb/client/signing'
+
+    include RubySMB::Client::Negotiation
+    include RubySMB::Client::Authentication
+    include RubySMB::Client::Signing
+
+    # The Default SMB1 Dialect string used in an SMB1 Negotiate Request
+    SMB1_DIALECT_SMB1_DEFAULT = "NT LM 0.12"
+    # The Default SMB2 Dialect string used in an SMB1 Negotiate Request
+    SMB1_DIALECT_SMB2_DEFAULT = "SMB 2.002"
+    # Dialect value for SMB2 Default (Version 2.02)
+    SMB2_DIALECT_DEFAULT = 0x0202
+
+
+    # The dispatcher responsible for sending packets
+    # @!attribute [rw] dispatcher
+    #   @return [RubySMB::Dispatcher::Socket]
+    attr_accessor :dispatcher
+
+    # The domain you're trying to authenticate to
+    # @!attribute [rw] domain
+    #   @return [String]
+    attr_accessor :domain
+
+    # The local workstation to pretend to be
+    # @!attribute [rw] local_workstation
+    #   @return [String]
+    attr_accessor :local_workstation
+
+    # The NTLM client used for authentication
+    # @!attribute [rw] ntlm_client
+    #   @return [String]
+    attr_accessor :ntlm_client
+
+    # The password to authenticate with
+    # @!attribute [rw] password
+    #   @return [String]
+    attr_accessor :password
+
+    # The Sequence Counter used for SMB1 Signing.
+    # It tracks the number of packets both sent and received
+    # since the NTLM session was initialized with the Challenge.
+    # @!attribute [rw] sequence_counter
+    #   @return [Integer]
+    attr_accessor :sequence_counter
+
+    # The current Session ID setup by authentication
+    # @!attribute [rw] session_id
+    #   @return [Integer]
+    attr_accessor :session_id
+
+    # Whether or not the Server requires signing
+    # @!attribute [rw] signing_enabled
+    #   @return [Boolean]
+    attr_accessor :signing_required
+
+    # Whether or not the Client should support SMB1
+    # @!attribute [rw] smb1
+    #   @return [Boolean]
+    attr_accessor :smb1
+
+    # Whether or not the Client should support SMB2
+    # @!attribute [rw] smb2
+    #   @return [Boolean]
+    attr_accessor :smb2
+
+    #  Tracks the current SMB2 Message ID that keeps communication in sync
+    # @!attribute [rw] smb2_message_id
+    #   @return [Integer]
+    attr_accessor :smb2_message_id
+
+    # The username to authenticate with
+    # @!attribute [rw] username
+    #   @return [String]
+    attr_accessor :username
+
+    # The UID set in SMB1
+    # @!attribute [rw] user_id
+    #   @return [String]
+    attr_accessor :user_id
+
+    # @param dispatcher [RubySMB::Dispacther::Socket] the packet dispatcher to use
+    # @param smb1 [Boolean] whether or not to enable SMB1 support
+    # @param smb2 [Boolean] whether or not to enable SMB2 support
+    def initialize(dispatcher, smb1: true, smb2: true, username:,password:, domain:'.', local_workstation:'WORKSTATION')
+      raise ArgumentError, 'No Dispatcher provided' unless dispatcher.kind_of? RubySMB::Dispatcher::Base
+      if smb1 == false && smb2 == false
+        raise ArgumentError, 'You must enable at least one Protocol'
+      end
+      @dispatcher        = dispatcher
+      @domain            = domain
+      @local_workstation = local_workstation
+      @password          = password.encode("utf-8")
+      @sequence_counter  = 0
+      @session_id        = 0x00
+      @session_key       = ''
+      @signing_required  = false
+      @smb1              = smb1
+      @smb2              = smb2
+      @username          = username.encode("utf-8")
+
+      @ntlm_client = Net::NTLM::Client.new(
+        @username,
+        @password,
+        workstation: @local_workstation,
+        domain: @domain
+      )
+
+      @smb2_message_id = 0
+    end
+
+    def login(username: self.username, password: self.password, domain: self.domain, local_workstation: self.local_workstation )
+      @domain            = domain
+      @local_workstation = local_workstation
+      @password          = password.encode("utf-8")
+      @username          = username.encode("utf-8")
+
+      @ntlm_client = Net::NTLM::Client.new(
+        @username,
+        @password,
+        workstation: @local_workstation,
+        domain: @domain
+      )
+
+      negotiate
+      authenticate
+    end
+
+    # Sends a packet and receives the raw response through the Dispatcher.
+    # It will also sign the packet if neccessary.
+    #
+    # @param packet [RubySMB::GenericPacket] the request to be sent
+    # @return [String] the raw response data received
+    def send_recv(packet)
+      case packet.packet_smb_version
+        when 'SMB1'
+          packet = smb1_sign(packet)
+        when 'SMB2'
+          packet = smb2_sign(packet)
+        else
+          packet = packet
+      end
+      dispatcher.send_packet(packet)
+      raw_response = dispatcher.recv_packet
+      if self.sequence_counter > 0
+        self.sequence_counter += 1
+      end
+      raw_response
+    end
+
+    private
+
+
+
+
+  end
+end

data/lib/ruby_smb/dispatcher/base.rb

@@ -0,0 +1,18 @@
+# Provides the base class for the packet dispatcher.
+class RubySMB::Dispatcher::Base
+  # @param packet [#length]
+  # @return [Fixnum] NBSS header to go in front of `packet`
+  def nbss(packet)
+    [packet.do_num_bytes].pack('N')
+  end
+
+  # @abstract
+  def send_packet(packet)
+    raise NotImplementedError
+  end
+
+  # @abstract
+  def recv_packet
+    raise NotImplementedError
+  end
+end

data/lib/ruby_smb/dispatcher/socket.rb

@@ -0,0 +1,53 @@
+require 'socket'
+
+# This class provides a wrapper around a Socket for the packet Dispatcher.
+# It allows for dependency injection of different Socket implementations.
+class RubySMB::Dispatcher::Socket < RubySMB::Dispatcher::Base
+  # The underlying socket that we select on
+  # @!attribute [rw] tcp_socket
+  #   @return [IO]
+  attr_accessor :tcp_socket
+
+  # @param tcp_socket [IO]
+  def initialize(tcp_socket)
+    @tcp_socket = tcp_socket
+  end
+
+  # @param host [String] passed to TCPSocket.new
+  # @param port [Fixnum] passed to TCPSocket.new
+  def self.connect(host, port: 445, socket: TCPSocket.new(host, port))
+    new(socket)
+  end
+
+  # @param packet [SMB2::Packet,#to_s]
+  # @return [void]
+  def send_packet(packet)
+    data = nbss(packet) + packet.to_binary_s
+    bytes_written = 0
+    while bytes_written < data.size
+      bytes_written += @tcp_socket.write(data[bytes_written..-1])
+    end
+
+    nil
+  end
+
+  # Read a packet off the wire and parse it into a string
+  # Throw Error::NetBiosSessionService if there's an error reading the first 4 bytes,
+  # which are assumed to be the NetBiosSessionService header.
+  # @return [String]
+  # @todo should return SMB2::Packet
+  def recv_packet
+    IO.select([@tcp_socket])
+    nbss_header = @tcp_socket.read(4) # Length of NBSS header. TODO: remove to a constant
+    if nbss_header.nil?
+      raise ::RubySMB::Error::NetBiosSessionService, 'NBSS Header is missing'
+    else
+      length = nbss_header.unpack('N').first
+    end
+    IO.select([@tcp_socket])
+    data = @tcp_socket.read(length)
+    data << @tcp_socket.read(length - data.length) while data.length < length
+
+    data
+  end
+end

data/lib/ruby_smb/dispatcher.rb

@@ -0,0 +1,4 @@
+module RubySMB::Dispatcher
+  require 'ruby_smb/dispatcher/base'
+  require 'ruby_smb/dispatcher/socket'
+end

data/lib/ruby_smb/error.rb

@@ -0,0 +1,17 @@
+module RubySMB::Error
+  # Raised when there is a length or formatting issue with an ASN1-encoded string
+  # @see https://en.wikipedia.org/wiki/Abstract_Syntax_Notation_One
+  # @todo Find an SMB-specific link for ASN1 above
+  class ASN1Encoding < StandardError; end
+
+  # Raised when there is a problem with communication over NetBios Session Service
+  # @see https://wiki.wireshark.org/NetBIOS/NBSS
+  class NetBiosSessionService < StandardError; end
+
+  # Raised when trying to parse raw binary into a Packet and the data
+  # is invalid.
+  class InvalidPacket < StandardError; end
+
+  # Raised when a response packet has a NTStatus code that was unexpected.
+  class UnexpectedStatusCode < StandardError; end
+end

data/lib/ruby_smb/field/file_time.rb

@@ -0,0 +1,62 @@
+module RubySMB
+  module Field
+    # Represents a Windows FILETIME structure as defined in
+    # [FILETIME structure](https://msdn.microsoft.com/en-us/library/windows/desktop/ms724284(v=vs.85).aspx)
+    class FileTime < BinData::Primitive
+      # Difference between the Windows and Unix epochs, in 100ns intervals
+      EPOCH_DIFF_100NS = 116_444_736_000_000_000
+      NS_MULTIPLIER = 10_000_000
+      endian :little
+      uint64 :val
+
+      # Gets the value of the field
+      #
+      # @return [BinData::Bit64] the 64-bit value of the field
+      def get
+        val
+      end
+
+      # Sets the value of the field from a DateTime,Time,Fixnum, or object
+      # that can be converted to an integer. Datetime and Time objects get
+      # converted to account for the Windows/Unix Epoch difference. Any other
+      # parameter passed in will be assumed to already be correct.
+      #
+      # @param value [DateTime,Time,Fixnum,#to_i] the value to set
+      # @return
+      def set(value)
+        case value
+        when DateTime
+          set(value.to_time)
+        when Time
+          time_int = value.to_i
+          time_int *= NS_MULTIPLIER
+          adjusted_epoch = time_int + EPOCH_DIFF_100NS
+          set(adjusted_epoch)
+        when Fixnum
+          self.val = value
+        else
+          self.val = value.to_i
+        end
+        val
+      end
+
+      # Returns the value of the field as a {DateTime}
+      #
+      # @return [DateTime] the {DateTime} representation of the current value
+      def to_datetime
+        time = to_time
+        time.to_datetime
+      end
+
+      # Returns the value of the field as a {Time}
+      #
+      # @return [Time] the {Time} representation of the current value
+      def to_time
+        windows_int = val
+        adjusted_epoch = windows_int - EPOCH_DIFF_100NS
+        unix_int = adjusted_epoch / NS_MULTIPLIER
+        Time.at unix_int
+      end
+    end
+  end
+end

data/lib/ruby_smb/field/nt_status.rb

@@ -0,0 +1,16 @@
+require 'windows_error/nt_status'
+
+module RubySMB
+  module Field
+    # Represents an NTStatus code as defined in
+    # [2.3.1 NTSTATUS values](https://msdn.microsoft.com/en-us/library/cc704588.aspx)
+    class NtStatus < BinData::Uint32le
+      # Returns a meaningful error code parsed from the numeric value
+      #
+      # @return [WindowsError::ErrorCode] the ErrorCode object for this code
+      def to_nt_status
+        WindowsError::NTStatus.find_by_retval(value).first
+      end
+    end
+  end
+end

data/lib/ruby_smb/field/stringz16.rb

@@ -0,0 +1,55 @@
+module RubySMB
+  module Field
+    # Represents a NULL-Terminated String in UTF-16
+    class Stringz16 < BinData::Stringz
+
+      def assign(val)
+        super(binary_string(val.encode("utf-16le")))
+      end
+
+      def snapshot
+        # override to always remove trailing zero bytes
+        result = _value
+        result
+        result = trim_and_zero_terminate(result)
+        result.chomp("\0\0").force_encoding("utf-16le")
+      end
+
+      private
+
+      def append_zero_byte_if_needed!(str)
+        if str.length == 0 || !(str.end_with?("\0\0"))
+          str << "\0\0"
+        end
+      end
+
+      # Override parent on {BinData::Stringz} to use
+      # a double NULL-byte instead of a single NULL-byte
+      # as a terminator
+      # @see BinData::Stringz
+      def read_and_return_value(io)
+        max_length = eval_parameter(:max_length)
+        str = ''
+        i = 0
+        ch = nil
+
+        # read until double NULL-byte or we have read in the max number of bytes
+        while (ch != "\0\0") && (i != max_length)
+          ch = io.readbytes(2)
+          str << ch
+          i += 2
+        end
+
+        trim_and_zero_terminate(str)
+      end
+
+      # Override parent method of #truncate_after_first_zero_byte! on
+      # {BinData::Stringz} to use two consecutive NULL-bytes as the terimnator
+      # instead of a single NULL-nyte.
+      # @see BinData::Stringz
+      def truncate_after_first_zero_byte!(str)
+        str.sub!(/([^\0]*\0\0\0).*/, '\1')
+      end
+    end
+  end
+end

data/lib/ruby_smb/field.rb

@@ -0,0 +1,7 @@
+module RubySMB
+  module Field
+    require 'ruby_smb/field/file_time'
+    require 'ruby_smb/field/stringz16'
+    require 'ruby_smb/field/nt_status'
+  end
+end