ruby_smb 0.0.8

data/lib/ruby_smb/generic_packet.rb

@@ -0,0 +1,179 @@
+module RubySMB
+  # Parent class for all SMB Packets.
+  class GenericPacket < BinData::Record
+    # Outputs a nicely formatted string representation
+    # of the Packet's structure.
+    #
+    # @return [String] formatted string representation of the packet structure
+    def self.describe
+      description = ''
+      fields_hashed.each do |field|
+        description << format_field(field)
+      end
+      description
+    end
+
+    def display
+      display_str = ''
+      self.class.fields_hashed.each do |field|
+        display_str << display_field(field)
+      end
+      display_str
+    end
+
+
+    def packet_smb_version
+      class_name = self.class.to_s
+      case class_name
+        when /SMB1/
+          'SMB1'
+        when /SMB2/
+          'SMB2'
+        else
+          ''
+      end
+    end
+
+    def status_code
+      smb_version = packet_smb_version
+      case smb_version
+        when 'SMB1'
+          status_code = WindowsError::NTStatus.find_by_retval(self.smb_header.nt_status.value).first
+        when 'SMB2'
+          status_code = WindowsError::NTStatus.find_by_retval(self.smb2_header.nt_status.value).first
+        else
+          nil
+      end
+    end
+
+    private
+
+    # Returns an array of hashes representing the
+    # fields for this record.
+    #
+    # @return [Array<Hash>] the array of hash representations of the record's fields
+    def self.fields_hashed
+      walk_fields(fields)
+    end
+
+    # Takes a hash representation of a field and spits out a formatted
+    # string representation.
+    #
+    # @param field [Hash] the hash representing the field
+    # @param depth [Fixnum] the recursive depth level to track indentation
+    # @return [String] the formatted string representation of the field
+    def self.format_field(field, depth = 0)
+      name = field[:name].to_s
+      if field[:class].ancestors.include? BinData::Record
+        class_str = ''
+        name.upcase!
+      else
+        class_str = field[:class].to_s.split('::').last
+        class_str = "(#{class_str})"
+        name.capitalize!
+      end
+      formatted_name = "\n" + ("\t" * depth) + name
+      formatted_string = sprintf '%-30s %-10s %s', formatted_name, class_str, field[:label]
+      field[:fields].each do |sub_field|
+        formatted_string << format_field(sub_field, (depth + 1))
+      end
+      formatted_string
+    end
+
+    # Recursively walks through a field, building a hash representation
+    # of that field and all of it's sub-fields.
+    #
+    # @param fields [Array<BinData::SanitizedField>] an array of fields to walk
+    # @return [Array<Hash>] an array of hashes representing the fields
+    def self.walk_fields(fields)
+      field_hashes = []
+      fields.each do |field|
+        field_hash = {}
+        field_hash[:name] = field.name
+        prototype = field.prototype
+        field_hash[:class] = prototype.instance_variable_get(:@obj_class)
+        params = prototype.instance_variable_get(:@obj_params)
+        field_hash[:label] = params[:label]
+        field_hash[:value] = params[:value]
+        sub_fields = params[:fields]
+        field_hash[:fields] = if sub_fields.nil?
+                                []
+                              else
+                                walk_fields(sub_fields)
+                              end
+        field_hashes << field_hash
+      end
+      field_hashes
+    end
+
+    # Takes a hash representation of a field in the packet structure and formats it
+    # into a string representing the contents of that field.
+    #
+    # @param field [Hash] hash representation of the field to display
+    # @param depth [Fixnum] the recursion depth for setting indent levels
+    # @param parents [Array<Symbol>] the name of the parent field, if any, of this field
+    # @return [String] a formatted string representing the field and it's current contents
+    def display_field(field, depth = 0, parents = [])
+      my_parents = parents.dup
+      field_str = ''
+      name = field[:name]
+      if field[:class] == BinData::Array
+        field_str = "\n" + ("\t" * depth) + name.to_s.upcase
+        parent = self
+        my_parents.each do |pfield|
+          parent = parent.send(pfield)
+        end
+        array_field = parent.send(name)
+        field_str << process_array_field(array_field, (depth + 1))
+      else
+        if my_parents.empty?
+          label = "\n" + ("\t" * depth) + name.to_s.upcase
+          if field[:class].ancestors.include? BinData::Record
+            field_str = label
+          else
+            value = self.send(name)
+            field_str = sprintf '%-30s %s', label, value
+          end
+        else
+          parent = self
+          my_parents.each do |pfield|
+            parent = parent.send(pfield)
+          end
+          value = parent.send(name)
+          label = field[:label] || name.to_s.capitalize
+          label = "\n" + ("\t" * depth) + label
+          field_str = sprintf '%-30s %s', label, value
+        end
+      end
+      my_parents << name
+      field[:fields].each do |sub_field|
+        field_str << display_field(sub_field, (depth + 1), my_parents)
+      end
+      field_str
+    end
+
+    # Takes a {BinData::Array} field and processes it to get
+    # the structure elements and values out since they cannot be
+    # evaluated at the class level.
+    #
+    # @param array_field [BinData::Array] the Array field to be processed
+    # @return [String] the formatted string representing the contents of the array
+    def process_array_field(array_field, depth)
+      array_field_str = ''
+      array_field.each do |sub_field|
+        fields = sub_field.class.fields.fields
+        sub_field_hashes = self.class.walk_fields(fields)
+        sub_field_hashes.each do |sub_field_hash|
+          name = sub_field_hash[:name]
+          label = sub_field_hash[:label]
+          value = sub_field.send(name)
+          label ||= name
+          label = "\n" + "\t" * depth + label
+          sub_field_str = sprintf '%-30s %s', label, value
+          array_field_str << sub_field_str
+        end
+      end
+      array_field_str
+    end
+  end
+end

data/lib/ruby_smb/gss.rb

@@ -0,0 +1,109 @@
+module RubySMB
+
+  # module containing methods required for using the [GSS-API](http://www.rfc-editor.org/rfc/rfc2743.txt)
+  # for Secure Protected Negotiation(SPNEGO) in SMB Authentication.
+  module Gss
+
+    # Cargo culted from Rex. Hacked Together ASN1 encoding that works for our GSS purposes
+    # @todo Document these magic numbers
+    def self.asn1encode(str = '')
+      # If the high bit of the first byte is 1, it contains the number of
+      # length bytes that follow
+      case str.length
+        when 0..0x7F
+          encoded_string = [str.length].pack('C') + str
+        when 0x80..0xFF
+          encoded_string = [0x81, str.length].pack('CC') + str
+        when 0x100..0xFFFF
+          encoded_string = [0x82, str.length].pack('Cn') + str
+        when  0x10000..0xffffff
+          encoded_string = [0x83, str.length >> 16, str.length & 0xFFFF].pack('CCn') + str
+        when  0x1000000..0xffffffff
+          encoded_string = [0x84, str.length].pack('CN') + str
+        else
+          raise RubySMB::Error::ASN1Encoding, "Source string is too long. Size is #{str.length}"
+      end
+      encoded_string
+    end
+
+    # Create a GSS Security Blob of an NTLM Type 1 Message.
+    # This code has been cargo culted and needs to be researched
+    # and refactored into something better later.
+    #@todo Refactor this into non-magical code
+    def self.gss_type1(type1)
+      "\x60".force_encoding("binary") + self.asn1encode(
+        "\x06".force_encoding("binary") + self.asn1encode(
+          "\x2b\x06\x01\x05\x05\x02".force_encoding("binary")
+        ) +
+          "\xa0".force_encoding("binary") + self.asn1encode(
+          "\x30".force_encoding("binary") + self.asn1encode(
+            "\xa0".force_encoding("binary") + self.asn1encode(
+              "\x30".force_encoding("binary") + self.asn1encode(
+                "\x06".force_encoding("binary") + self.asn1encode(
+                  "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a".force_encoding("binary")
+                )
+              )
+            ) +
+              "\xa2".force_encoding("binary") + self.asn1encode(
+              "\x04".force_encoding("binary") + self.asn1encode(
+                type1
+              )
+            )
+          )
+        )
+      )
+    end
+
+
+    # Create a GSS Security Blob of an NTLM Type 2 Message.
+    # This code has been cargo culted and needs to be researched
+    # and refactored into something better later.
+    def self.gss_type2(type2)
+
+      blob =
+        "\xa1" + self.asn1encode(
+          "\x30" + self.asn1encode(
+            "\xa0" + self.asn1encode(
+              "\x0a" + self.asn1encode(
+                "\x01"
+              )
+            ) +
+              "\xa1" + self.asn1encode(
+              "\x06" + self.asn1encode(
+                "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"
+              )
+            ) +
+              "\xa2" + self.asn1encode(
+              "\x04" + self.asn1encode(
+                type2
+              )
+            )
+          )
+        )
+
+      return blob
+    end
+
+    # Create a GSS Security Blob of an NTLM Type 3 Message.
+    # This code has been cargo culted and needs to be researched
+    # and refactored into something better later.
+    #@todo Refactor this into non-magical code
+    def self.gss_type3(type3)
+      gss =
+        "\xa1".force_encoding("binary") + self.asn1encode(
+          "\x30".force_encoding("binary") + self.asn1encode(
+            "\xa2".force_encoding("binary") + self.asn1encode(
+              "\x04".force_encoding("binary") + self.asn1encode(
+                type3
+              )
+            )
+          )
+        )
+
+      gss
+    end
+
+
+
+  end
+end

data/lib/ruby_smb/smb1/andx_block.rb

@@ -0,0 +1,13 @@
+module RubySMB
+  module SMB1
+    # Represents the ANDX Block in SMB1 ANDX Command Packets
+    # [2.2.3.4 Batched Messages ("AndX" Messages)](https://msdn.microsoft.com/en-us/library/ee442210.aspx)
+    class AndXBlock < BinData::Record
+      endian :little
+
+      bit8  :andx_command,   label: 'Next Command Code',  initial_value: RubySMB::SMB1::Commands::SMB_COM_NO_ANDX_COMMAND
+      bit8  :andx_reserved,  label: 'AndX Reserved',      initial_value: 0x00
+      bit16 :andx_offset,    label: 'Andx Offset',        initial_value: 0x00
+    end
+  end
+end

data/lib/ruby_smb/smb1/bit_field/capabilities.rb

@@ -0,0 +1,39 @@
+module RubySMB
+  module SMB1
+    module BitField
+      # The Capabilities bit-field for a NegotiateResponse as defined in
+      # [2.2.4.52.2 Response](https://msdn.microsoft.com/en-us/library/ee441946.aspx)
+      class Capabilities < BinData::Record
+        endian :little
+        bit1    :level_2_oplocks,         label: 'Level II OpLocks', initial_value: 1
+        bit1    :nt_status,               label: 'NTStatus Codes', initial_value: 1
+        bit1    :rpc_remote_apis,         label: 'MS-RPC Supported'
+        bit1    :nt_smbs,                 label: 'NT Lan Manager', initial_value: 1
+        bit1    :large_files,             label: '64-bit File offsets'
+        bit1    :unicode,                 label: 'Unicode Strings', initial_value: 1
+        bit1    :mpx_mode,                label: 'Multiplex Mode'
+        bit1    :raw_mode,                label: 'Raw Mode'
+        # Byte Border
+        bit1    :large_writex,            label: 'Large Write Andx'
+        bit1    :large_readx,             label: 'Large Read Andx'
+        bit1    :info_level_passthru,     label: 'Infolevel Passthrough'
+        bit1    :dfs,                     label: 'DFS'
+        bit1    :reserved1,               label: 'Reserved',             initial_value: 0
+        bit1    :bulk_transfer,           label: 'Bulk Transfer',        initial_value: 0
+        bit1    :nt_find,                 label: 'Trans2 Find'
+        bit1    :lock_and_read,           label: 'Lock And Read'
+        # Byte Border
+        bit1    :unix,                    label: 'UNIX Extensions'
+        bit6    :reserved2,               label: 'Reserved', initial_value: 0
+        bit1    :lwio,                    label: 'LWIO IOCTL/FSCTL'
+        # Byte Border
+        bit1    :extended_security,       label: 'Extended Security', initial_value: 1
+        bit1    :reserved3,               label: 'Reserved', initial_value: 0
+        bit1    :dynamic_reauth,          label: 'Dynamic Reauth'
+        bit3    :reserved4,               label: 'Reserved', initial_value: 0
+        bit1    :compressed_data,         label: 'Compressed Data'
+        bit1    :reserved5,               label: 'Reserved', initial_value: 0
+      end
+    end
+  end
+end

data/lib/ruby_smb/smb1/bit_field/header_flags.rb

@@ -0,0 +1,19 @@
+module RubySMB
+  module SMB1
+    module BitField
+      # The Flags bit-field for an SMB1 Header as defined in
+      # [2.2.3.1 SMB Header Extensions](https://msdn.microsoft.com/en-us/library/cc246254.aspx)
+      class HeaderFlags < BinData::Record
+        endian  :little
+        bit1    :reply,                 label: 'Response Packet?'
+        bit1    :opbatch,               label: 'Batch OpLock',               initial_value: 0
+        bit1    :oplock,                label: 'Exclusive Oplock',           initial_value: 0
+        bit1    :canonicalized_paths,   label: 'Canonicalized Pathnames',    initial_value: 1
+        bit1    :case_insensitive,      label: 'Pathnames Case Insensitive', initial_value: 1
+        bit1    :reserved,              label: 'Flags Reserved',             initial_value: 0
+        bit1    :buf_avail,             label: 'Receive Buffer Available',   initial_value: 0
+        bit1    :lock_and_read_ok,      label: 'Lock&Read Supported'
+      end
+    end
+  end
+end

data/lib/ruby_smb/smb1/bit_field/header_flags2.rb

@@ -0,0 +1,27 @@
+module RubySMB
+  module SMB1
+    module BitField
+      # The Flags2 bit-field for an SMB1 Header as defined in
+      # [2.2.3.1 SMB Header Extensions](https://msdn.microsoft.com/en-us/library/cc246254.aspx)
+      class HeaderFlags2 < BinData::Record
+        endian  :little
+        bit1    :reserved1,            label: 'Reserved', initial_value: 0
+        bit1    :is_long_name,         label: 'Long Names Used'
+        bit1    :reserved2,            label: 'Reserved', initial_value: 0
+        bit1    :signature_required,   label: 'Security Signature Required'
+        bit1    :compressed,           label: 'Compressed'
+        bit1    :security_signature,   label: 'Security Signing'
+        bit1    :eas,                  label: 'Extended Attributes'
+        bit1    :long_names,           label: 'Long Names Allowed',         initial_value: 1
+        # Byte Border
+        bit1    :unicode,              label: 'Unicode Strings',            initial_value: 0
+        bit1    :nt_status,            label: 'NTStatus Errors',            initial_value: 1
+        bit1    :paging_io,            label: 'Read if Execute',            initial_value: 1
+        bit1    :dfs,                  label: 'Use DFS'
+        bit1    :extended_security,    label: 'Extended Security',          inital_value: 1
+        bit1    :reparse_path,         label: '@GMT Token Required'
+        resume_byte_alignment
+      end
+    end
+  end
+end

data/lib/ruby_smb/smb1/bit_field/security_mode.rb

@@ -0,0 +1,16 @@
+module RubySMB
+  module SMB1
+    module BitField
+      # The SecurityMode bit-field for a NegotiateResponse as defined in
+      # [2.2.4.52.2 Response](https://msdn.microsoft.com/en-us/library/ee441946.aspx)
+      class SecurityMode < BinData::Record
+        endian :little
+        bit4    :reserved,                      label: 'Reserved'
+        bit1    :security_signatures_required,  label: 'Signatures Required'
+        bit1    :security_signatures_enabled,   label: 'Signatures Enabled'
+        bit1    :encrypt_passwords,             label: 'Encrypted Password', initial_value: 1
+        bit1    :user_security,                 label: 'User Level Access',  initial_value: 1
+      end
+    end
+  end
+end

data/lib/ruby_smb/smb1/bit_field.rb

@@ -0,0 +1,10 @@
+module RubySMB
+  module SMB1
+    module BitField
+      require 'ruby_smb/smb1/bit_field/header_flags'
+      require 'ruby_smb/smb1/bit_field/header_flags2'
+      require 'ruby_smb/smb1/bit_field/security_mode'
+      require 'ruby_smb/smb1/bit_field/capabilities'
+    end
+  end
+end

data/lib/ruby_smb/smb1/commands.rb

@@ -0,0 +1,9 @@
+module RubySMB
+  module SMB1
+    module Commands
+      SMB_COM_NEGOTIATE       = 0x72
+      SMB_COM_SESSION_SETUP   = 0x73
+      SMB_COM_NO_ANDX_COMMAND = 0xFF
+    end
+  end
+end

data/lib/ruby_smb/smb1/data_block.rb

@@ -0,0 +1,42 @@
+module RubySMB
+  module SMB1
+    # Represents the DataBlock portion of an SMB1 Packet. The DataBlock will
+    # always contain a byte_count field that gives the size of the rest of
+    # the data block in bytes.
+    class DataBlock < BinData::Record
+      endian :little
+
+      uint16 :byte_count, label: 'Byte Count', value: -> { calculate_byte_count }
+
+      # Class method to stub byte count calculation during
+      # lazy evaluation.
+      #
+      # @return [Fixnum] will always return 0
+      def self.calculate_byte_count
+        0
+      end
+
+      # Returns the name of all fields, other than byte_count, in
+      # the DataBlock as symbols.
+      #
+      # @return [Array<Symbol>] the names of all other DataBlock fields
+      def self.data_fields
+        fields = self.fields.collect(&:name)
+        fields.reject { |field| field == :byte_count }
+      end
+
+      # Calculates the size of the other fields in the DataBlock
+      # in Bytes.
+      #
+      # @return [Fixnum] The size of the DataBlock in Words
+      def calculate_byte_count
+        total_count = 0
+        self.class.data_fields.each do |field_name|
+          field_value = send(field_name)
+          total_count += field_value.do_num_bytes
+        end
+        total_count
+      end
+    end
+  end
+end

data/lib/ruby_smb/smb1/dialect.rb

@@ -0,0 +1,11 @@
+module RubySMB
+  module SMB1
+    # This class represents the Dialect for a NegotiateRequest.
+    # [2.2.4.52.1](https://msdn.microsoft.com/en-us/library/ee441572.aspx)
+    class Dialect < BinData::Record
+      endian :little
+      bit8 :buffer_format,     label: 'Buffer Format ID', initial_value: 0x2
+      stringz :dialect_string, label: 'Dialect Name'
+    end
+  end
+end

data/lib/ruby_smb/smb1/packet/error_packet.rb

@@ -0,0 +1,14 @@
+module RubySMB
+  module SMB1
+    module Packet
+
+      # This packet rpresent an SMB1 Response Packet when an Error has occured.
+      # The Parameter and Data Blocks will be empty, for reasons.
+      class ErrorPacket < RubySMB::GenericPacket
+        smb_header        :smb_header
+        parameter_block   :parameter_block
+        data_block        :data_block
+      end
+    end
+  end
+end

data/lib/ruby_smb/smb1/packet/negotiate_request.rb

@@ -0,0 +1,52 @@
+module RubySMB
+  module SMB1
+    module Packet
+      # A SMB1 SMB_COM_NEGOTIATE Request Packet as defined in
+      # [2.2.4.52.1](https://msdn.microsoft.com/en-us/library/ee441572.aspx)
+      class NegotiateRequest < RubySMB::GenericPacket
+        # Represents the specific layout of the DataBlock for a NegotiateRequest Packet.
+        class DataBlock < RubySMB::SMB1::DataBlock
+          array :dialects, label: 'Dialects', type: :dialect, read_until: :eof
+        end
+
+        smb_header        :smb_header
+        parameter_block   :parameter_block
+        data_block        :data_block
+
+        def initialize_instance
+          super
+          smb_header.command = RubySMB::SMB1::Commands::SMB_COM_NEGOTIATE
+        end
+
+        # Add an individual Dialect string to the list of
+        # Dialects in the packet.
+        #
+        # @param dialect_string [String] The string representing the Dialect to be negotiated
+        # @return [BinData::Array] A BinData array containing all the currently set dialects.
+        def add_dialect(dialect_string)
+          new_dialect = Dialect.new(dialect_string: dialect_string)
+          data_block.dialects << new_dialect
+        end
+
+        # Returns the Dialects array as a normal Ruby {Array}.
+        #
+        # @return [Array<Hash>] array of the set dialects on the packet
+        def dialects
+          data_block.dialects.to_a
+        end
+
+        # Sets the entire list of dialects for the Negotiate Request.
+        #
+        # @param dialect_array [Array<String>] An array of dialect strings to set on the packet
+        # @return [BinData::Array] A BinData array containing all the currently set dialects.
+        def set_dialects(dialect_array)
+          data_block.dialects.clear
+          dialect_array.each do |dialect_string|
+            add_dialect(dialect_string)
+          end
+          data_block.dialects
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/smb1/packet/negotiate_response.rb

@@ -0,0 +1,46 @@
+module RubySMB
+  module SMB1
+    module Packet
+      # A SMB1 SMB_COM_NEGOTIATE Non-Extended Security Response Packet as defined in
+      # [2.2.4.5.2.2 Non-Extended Security Response](https://msdn.microsoft.com/en-us/library/cc246327.aspx)
+      class NegotiateResponse < RubySMB::GenericPacket
+        # An SMB_Parameters Block as defined by the {NegotiateResponse}.
+        class ParameterBlock < RubySMB::SMB1::ParameterBlock
+          uint16          :dialect_index, label: 'Dialect Index'
+          security_mode   :security_mode
+          uint16          :max_mpx_count,     label: 'Max Multiplex Count'
+          uint16          :max_number_vcs,    label: 'Max Virtual Circuits'
+          uint32          :max_buffer_size,   label: 'Max Buffer Size'
+          uint32          :max_raw_size,      label: 'Max Raw Size'
+          uint32          :session_key,       label: 'Session Key'
+          capabilities    :capabilities
+          file_time       :system_time,       label: 'Server System Time'
+          int16           :server_time_zone,  label: 'Server TimeZone'
+          uint8           :challenge_length,  label: 'Challenge Length', initial_value: 0x08
+        end
+
+        # An SMB_Data Block as defined by the {NegotiateResponse}
+        class DataBlock < RubySMB::SMB1::DataBlock
+          string        :challenge,     label: 'Auth Challenge', length: 8
+          stringz16     :domain_name,   label: 'Primary Domain'
+          stringz16     :server_name,   label: 'Server Name'
+        end
+
+        smb_header        :smb_header
+        parameter_block   :parameter_block
+        data_block        :data_block
+
+        def initialize_instance
+          super
+          header = smb_header
+          header.command = RubySMB::SMB1::Commands::SMB_COM_NEGOTIATE
+          header.flags.reply = 1
+        end
+
+        def valid?
+          smb_header.command == RubySMB::SMB1::Commands::SMB_COM_NEGOTIATE
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/smb1/packet/negotiate_response_extended.rb

@@ -0,0 +1,47 @@
+module RubySMB
+  module SMB1
+    module Packet
+      # A SMB1 SMB_COM_NEGOTIATE Extended Security Response Packet as defined in
+      # [2.2.4.5.2.1 Extended Security Response](https://msdn.microsoft.com/en-us/library/cc246326.aspx)
+      class NegotiateResponseExtended < RubySMB::GenericPacket
+        # An SMB_Parameters Block as defined by the {NegotiateResponseExtended}.
+        class ParameterBlock < RubySMB::SMB1::ParameterBlock
+          uint16          :dialect_index, label: 'Dialect Index'
+          security_mode   :security_mode
+          uint16          :max_mpx_count,     label: 'Max Multiplex Count'
+          uint16          :max_number_vcs,    label: 'Max Virtual Circuits'
+          uint32          :max_buffer_size,   label: 'Max Buffer Size'
+          uint32          :max_raw_size,      label: 'Max Raw Size'
+          uint32          :session_key,       label: 'Session Key'
+          capabilities    :capabilities
+          file_time       :system_time,       label: 'Server System Time'
+          int16           :server_time_zone,  label: 'Server TimeZone'
+          uint8           :challenge_length,  label: 'Challenge Length', initial_value: 0x00
+        end
+
+        # An SMB_Data Block as defined by the {NegotiateResponseExtended}
+        class DataBlock < RubySMB::SMB1::DataBlock
+          string  :server_guid,     label: 'Server GUID', length: 16
+          rest    :security_blob,   label: 'GSS Security BLOB'
+        end
+
+        smb_header        :smb_header
+        parameter_block   :parameter_block
+        data_block        :data_block
+
+        def initialize_instance
+          super
+          header = smb_header
+          header.command = RubySMB::SMB1::Commands::SMB_COM_NEGOTIATE
+          header.flags.reply = 1
+        end
+
+        def valid?
+          return false unless smb_header.command == RubySMB::SMB1::Commands::SMB_COM_NEGOTIATE
+          return false unless parameter_block.capabilities.extended_security == 1
+          true
+        end
+      end
+    end
+  end
+end