RubyGems - ruby_smb - Versions diffs - 1.0.2 → 2.0.0 - Mend

ruby_smb 1.0.2 → 2.0.0

Files changed (200) hide show

checksums.yaml +5 -5
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/.travis.yml +3 -2
data/Gemfile +6 -2
data/README.md +35 -47
data/examples/enum_registry_key.rb +28 -0
data/examples/enum_registry_values.rb +30 -0
data/examples/negotiate.rb +51 -8
data/examples/pipes.rb +2 -1
data/examples/read_file_encryption.rb +56 -0
data/examples/read_registry_key_value.rb +32 -0
data/lib/ruby_smb.rb +4 -1
data/lib/ruby_smb/client.rb +200 -20
data/lib/ruby_smb/client/authentication.rb +70 -33
data/lib/ruby_smb/client/echo.rb +20 -2
data/lib/ruby_smb/client/encryption.rb +62 -0
data/lib/ruby_smb/client/negotiation.rb +160 -24
data/lib/ruby_smb/client/signing.rb +19 -0
data/lib/ruby_smb/client/tree_connect.rb +24 -18
data/lib/ruby_smb/client/utils.rb +8 -7
data/lib/ruby_smb/client/winreg.rb +46 -0
data/lib/ruby_smb/crypto.rb +30 -0
data/lib/ruby_smb/dcerpc.rb +38 -0
data/lib/ruby_smb/dcerpc/bind.rb +2 -2
data/lib/ruby_smb/dcerpc/bind_ack.rb +2 -2
data/lib/ruby_smb/dcerpc/error.rb +3 -0
data/lib/ruby_smb/dcerpc/ndr.rb +95 -16
data/lib/ruby_smb/dcerpc/pdu_header.rb +1 -1
data/lib/ruby_smb/dcerpc/request.rb +28 -9
data/lib/ruby_smb/dcerpc/rrp_unicode_string.rb +35 -0
data/lib/ruby_smb/dcerpc/srvsvc.rb +10 -0
data/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all.rb +9 -0
data/lib/ruby_smb/dcerpc/winreg.rb +340 -0
data/lib/ruby_smb/dcerpc/winreg/close_key_request.rb +24 -0
data/lib/ruby_smb/dcerpc/winreg/close_key_response.rb +27 -0
data/lib/ruby_smb/dcerpc/winreg/enum_key_request.rb +45 -0
data/lib/ruby_smb/dcerpc/winreg/enum_key_response.rb +42 -0
data/lib/ruby_smb/dcerpc/winreg/enum_value_request.rb +39 -0
data/lib/ruby_smb/dcerpc/winreg/enum_value_response.rb +36 -0
data/lib/ruby_smb/dcerpc/winreg/open_key_request.rb +34 -0
data/lib/ruby_smb/dcerpc/winreg/open_key_response.rb +25 -0
data/lib/ruby_smb/dcerpc/winreg/open_root_key_request.rb +43 -0
data/lib/ruby_smb/dcerpc/winreg/open_root_key_response.rb +35 -0
data/lib/ruby_smb/dcerpc/winreg/query_info_key_request.rb +27 -0
data/lib/ruby_smb/dcerpc/winreg/query_info_key_response.rb +40 -0
data/lib/ruby_smb/dcerpc/winreg/query_value_request.rb +39 -0
data/lib/ruby_smb/dcerpc/winreg/query_value_response.rb +57 -0
data/lib/ruby_smb/dcerpc/winreg/regsam.rb +40 -0
data/lib/ruby_smb/dispatcher/socket.rb +5 -3
data/lib/ruby_smb/error.rb +68 -2
data/lib/ruby_smb/generic_packet.rb +33 -4
data/lib/ruby_smb/smb1/commands.rb +1 -1
data/lib/ruby_smb/smb1/file.rb +66 -15
data/lib/ruby_smb/smb1/packet/close_request.rb +2 -5
data/lib/ruby_smb/smb1/packet/close_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/echo_request.rb +2 -4
data/lib/ruby_smb/smb1/packet/echo_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/empty_packet.rb +10 -1
data/lib/ruby_smb/smb1/packet/logoff_request.rb +2 -4
data/lib/ruby_smb/smb1/packet/logoff_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/negotiate_request.rb +2 -5
data/lib/ruby_smb/smb1/packet/negotiate_response.rb +3 -7
data/lib/ruby_smb/smb1/packet/negotiate_response_extended.rb +4 -4
data/lib/ruby_smb/smb1/packet/nt_create_andx_request.rb +2 -4
data/lib/ruby_smb/smb1/packet/nt_create_andx_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/nt_trans/create_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/nt_trans/create_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/nt_trans/request.rb +2 -4
data/lib/ruby_smb/smb1/packet/nt_trans/response.rb +2 -1
data/lib/ruby_smb/smb1/packet/read_andx_request.rb +2 -5
data/lib/ruby_smb/smb1/packet/read_andx_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/session_setup_legacy_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/session_setup_legacy_response.rb +3 -2
data/lib/ruby_smb/smb1/packet/session_setup_request.rb +2 -5
data/lib/ruby_smb/smb1/packet/session_setup_response.rb +3 -2
data/lib/ruby_smb/smb1/packet/trans/peek_nmpipe_request.rb +0 -1
data/lib/ruby_smb/smb1/packet/trans/peek_nmpipe_response.rb +3 -2
data/lib/ruby_smb/smb1/packet/trans/request.rb +2 -5
data/lib/ruby_smb/smb1/packet/trans/response.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans/transact_nmpipe_request.rb +1 -1
data/lib/ruby_smb/smb1/packet/trans/transact_nmpipe_response.rb +1 -1
data/lib/ruby_smb/smb1/packet/trans2/find_first2_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/find_first2_response.rb +8 -2
data/lib/ruby_smb/smb1/packet/trans2/find_next2_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/find_next2_response.rb +8 -2
data/lib/ruby_smb/smb1/packet/trans2/open2_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/open2_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/request.rb +2 -4
data/lib/ruby_smb/smb1/packet/trans2/request_secondary.rb +2 -4
data/lib/ruby_smb/smb1/packet/trans2/response.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/set_file_information_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/set_file_information_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/tree_connect_request.rb +2 -4
data/lib/ruby_smb/smb1/packet/tree_connect_response.rb +13 -3
data/lib/ruby_smb/smb1/packet/tree_disconnect_request.rb +2 -4
data/lib/ruby_smb/smb1/packet/tree_disconnect_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/write_andx_request.rb +3 -6
data/lib/ruby_smb/smb1/packet/write_andx_response.rb +2 -1
data/lib/ruby_smb/smb1/pipe.rb +87 -6
data/lib/ruby_smb/smb1/tree.rb +41 -3
data/lib/ruby_smb/smb2/bit_field/session_flags.rb +2 -1
data/lib/ruby_smb/smb2/bit_field/share_flags.rb +6 -4
data/lib/ruby_smb/smb2/file.rb +103 -25
data/lib/ruby_smb/smb2/negotiate_context.rb +108 -0
data/lib/ruby_smb/smb2/packet.rb +2 -0
data/lib/ruby_smb/smb2/packet/close_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/close_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/compression_transform_header.rb +41 -0
data/lib/ruby_smb/smb2/packet/create_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/create_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/echo_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/echo_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/error_packet.rb +15 -3
data/lib/ruby_smb/smb2/packet/ioctl_request.rb +2 -5
data/lib/ruby_smb/smb2/packet/ioctl_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/logoff_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/logoff_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/negotiate_request.rb +51 -17
data/lib/ruby_smb/smb2/packet/negotiate_response.rb +51 -4
data/lib/ruby_smb/smb2/packet/query_directory_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/query_directory_response.rb +8 -2
data/lib/ruby_smb/smb2/packet/read_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/read_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/session_setup_request.rb +2 -5
data/lib/ruby_smb/smb2/packet/session_setup_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/set_info_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/set_info_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/transform_header.rb +84 -0
data/lib/ruby_smb/smb2/packet/tree_connect_request.rb +93 -10
data/lib/ruby_smb/smb2/packet/tree_connect_response.rb +10 -22
data/lib/ruby_smb/smb2/packet/tree_disconnect_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/tree_disconnect_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/write_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/write_response.rb +2 -1
data/lib/ruby_smb/smb2/pipe.rb +86 -12
data/lib/ruby_smb/smb2/smb2_header.rb +1 -1
data/lib/ruby_smb/smb2/tree.rb +65 -21
data/lib/ruby_smb/version.rb +1 -1
data/ruby_smb.gemspec +5 -3
data/spec/lib/ruby_smb/client_spec.rb +1563 -104
data/spec/lib/ruby_smb/crypto_spec.rb +25 -0
data/spec/lib/ruby_smb/dcerpc/bind_ack_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/bind_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/ndr_spec.rb +410 -0
data/spec/lib/ruby_smb/dcerpc/request_spec.rb +50 -7
data/spec/lib/ruby_smb/dcerpc/rrp_unicode_string_spec.rb +98 -0
data/spec/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all_spec.rb +13 -0
data/spec/lib/ruby_smb/dcerpc/srvsvc_spec.rb +60 -0
data/spec/lib/ruby_smb/dcerpc/winreg/close_key_request_spec.rb +28 -0
data/spec/lib/ruby_smb/dcerpc/winreg/close_key_response_spec.rb +36 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_request_spec.rb +108 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_response_spec.rb +97 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_request_spec.rb +94 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_response_spec.rb +82 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_key_request_spec.rb +74 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_key_response_spec.rb +35 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_request_spec.rb +90 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_request_spec.rb +39 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_response_spec.rb +113 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_request_spec.rb +88 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_response_spec.rb +150 -0
data/spec/lib/ruby_smb/dcerpc/winreg/regsam_spec.rb +32 -0
data/spec/lib/ruby_smb/dcerpc/winreg_spec.rb +710 -0
data/spec/lib/ruby_smb/dcerpc_spec.rb +81 -0
data/spec/lib/ruby_smb/dispatcher/socket_spec.rb +3 -1
data/spec/lib/ruby_smb/error_spec.rb +59 -0
data/spec/lib/ruby_smb/generic_packet_spec.rb +52 -4
data/spec/lib/ruby_smb/smb1/file_spec.rb +191 -2
data/spec/lib/ruby_smb/smb1/packet/empty_packet_spec.rb +68 -0
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_response_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_response_spec.rb +1 -1
data/spec/lib/ruby_smb/smb1/packet/trans2/find_first2_response_spec.rb +11 -2
data/spec/lib/ruby_smb/smb1/packet/trans2/find_next2_response_spec.rb +11 -2
data/spec/lib/ruby_smb/smb1/packet/tree_connect_response_spec.rb +40 -0
data/spec/lib/ruby_smb/smb1/pipe_spec.rb +272 -149
data/spec/lib/ruby_smb/smb1/tree_spec.rb +44 -7
data/spec/lib/ruby_smb/smb2/bit_field/session_flags_spec.rb +9 -0
data/spec/lib/ruby_smb/smb2/bit_field/share_flags_spec.rb +27 -0
data/spec/lib/ruby_smb/smb2/file_spec.rb +323 -6
data/spec/lib/ruby_smb/smb2/negotiate_context_spec.rb +332 -0
data/spec/lib/ruby_smb/smb2/packet/compression_transform_header_spec.rb +108 -0
data/spec/lib/ruby_smb/smb2/packet/error_packet_spec.rb +78 -0
data/spec/lib/ruby_smb/smb2/packet/negotiate_request_spec.rb +138 -3
data/spec/lib/ruby_smb/smb2/packet/negotiate_response_spec.rb +120 -2
data/spec/lib/ruby_smb/smb2/packet/query_directory_response_spec.rb +8 -0
data/spec/lib/ruby_smb/smb2/packet/transform_header_spec.rb +220 -0
data/spec/lib/ruby_smb/smb2/packet/tree_connect_request_spec.rb +339 -9
data/spec/lib/ruby_smb/smb2/packet/tree_connect_response_spec.rb +3 -22
data/spec/lib/ruby_smb/smb2/pipe_spec.rb +286 -149
data/spec/lib/ruby_smb/smb2/smb2_header_spec.rb +2 -2
data/spec/lib/ruby_smb/smb2/tree_spec.rb +261 -2
metadata +191 -83
metadata.gz.sig +0 -0
data/lib/ruby_smb/smb1/dcerpc.rb +0 -67
data/lib/ruby_smb/smb2/dcerpc.rb +0 -70
data/spec/lib/ruby_smb/smb1/packet/error_packet_spec.rb +0 -37

data/spec/lib/ruby_smb/crypto_spec.rb ADDED

@@ -0,0 +1,25 @@
+require 'spec_helper'
+RSpec.describe RubySMB::Crypto::KDF do
+  describe '.counter_mode' do
+    it 'generates the expected 128-bit key' do
+      expected_key = "\x3c\x5e\x0a\x1b\x0a\xce\xa5\xb2\x64\x3f\xab\x78\xdc\x82\x31\x3b".b
+      expect(described_class.counter_mode('ki', 'label', 'context')).to eq(expected_key)
+    end
+    it 'generates the expected 256-bit key' do
+      expected_key =
+        "\x33\x4d\xa9\x6d\x24\x7e\xcb\x14\xf6\x24\x00\x97\x26\x51\xd5\xb4"\
+        "\x54\x5f\xda\x95\xf0\x5a\xcb\x25\x92\x57\xae\x71\x1c\x37\x20\x5b".b
+      expect(described_class.counter_mode('ki', 'label', 'context', length: 256)).to eq(expected_key)
+    end
+    it 'raises the expected exception when an error occurs' do
+      allow(OpenSSL::Digest).to receive(:new).and_raise(OpenSSL::OpenSSLError)
+      expect { described_class.counter_mode('ki', 'label', 'context') }.to raise_error(
+        RubySMB::Error::EncryptionError,
+        "Crypto::KDF.counter_mode OpenSSL error: OpenSSL::OpenSSLError"
+      )
+    end
+  end
+end

data/spec/lib/ruby_smb/dcerpc/bind_ack_spec.rb CHANGED

@@ -31,7 +31,7 @@ RSpec.describe RubySMB::Dcerpc::BindAck do
     end
     it 'should have a default value of 0xFFFF' do
-      expect(packet.max_xmit_frag).to eq 0xFFFF
+      expect(packet.max_xmit_frag).to eq RubySMB::Dcerpc::MAX_XMIT_FRAG
     end
   end
@@ -41,7 +41,7 @@ RSpec.describe RubySMB::Dcerpc::BindAck do
     end
     it 'should have a default value of 0xFFFF' do
-      expect(packet.max_recv_frag).to eq 0xFFFF
+      expect(packet.max_recv_frag).to eq RubySMB::Dcerpc::MAX_RECV_FRAG
     end
   end

data/spec/lib/ruby_smb/dcerpc/bind_spec.rb CHANGED

@@ -41,7 +41,7 @@ RSpec.describe RubySMB::Dcerpc::Bind do
     end
     it 'should have a default value of 0xFFFF' do
-      expect(packet.max_xmit_frag).to eq 0xFFFF
+      expect(packet.max_xmit_frag).to eq RubySMB::Dcerpc::MAX_XMIT_FRAG
     end
   end
@@ -51,7 +51,7 @@ RSpec.describe RubySMB::Dcerpc::Bind do
     end
     it 'should have a default value of 0xFFFF' do
-      expect(packet.max_recv_frag).to eq 0xFFFF
+      expect(packet.max_recv_frag).to eq RubySMB::Dcerpc::MAX_RECV_FRAG
     end
   end

data/spec/lib/ruby_smb/dcerpc/ndr_spec.rb ADDED

@@ -0,0 +1,410 @@
+RSpec.describe RubySMB::Dcerpc::Ndr::NdrTopLevelFullPointer do
+  subject(:packet) do
+    Class.new(described_class) do
+      endian :little
+      string :referent
+    end.new
+  end
+  it { is_expected.to respond_to :referent_identifier }
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  describe '#referent_identifier' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.referent_identifier).to be_a BinData::Uint32le
+    end
+    it 'has an initial value of 0x00020000' do
+      expect(packet.referent_identifier).to eq(0x00020000)
+    end
+  end
+  describe '#get' do
+    it 'returns 0 when #referent_identifier is 0' do
+      packet.referent_identifier = 0
+      expect(packet.get).to eq(0)
+    end
+    it 'returns #referent when #referent_identifier is greater than 0' do
+      packet.set('spec_test')
+      expect(packet.get).to eq(packet.referent)
+    end
+  end
+  describe '#set' do
+    context 'when the value is 0' do
+      it 'sets #referent_identifier to 0' do
+        packet.set(0)
+        expect(packet.referent_identifier).to eq(0)
+      end
+    end
+    context 'when the value is a string' do
+      it 'sets #referent to the value' do
+        str = 'spec_test'
+        packet.set(str)
+        expect(packet.referent).to eq(str)
+      end
+    end
+  end
+end
+RSpec.describe RubySMB::Dcerpc::Ndr::NdrString do
+  subject(:packet) { described_class.new }
+  it { is_expected.to respond_to :max_count }
+  it { is_expected.to respond_to :offset }
+  it { is_expected.to respond_to :actual_count }
+  it { is_expected.to respond_to :str }
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  describe '#max_count' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.max_count).to be_a BinData::Uint32le
+    end
+  end
+  describe '#offset' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.offset).to be_a BinData::Uint32le
+    end
+    it 'has an initial valu of 0' do
+      expect(packet.offset).to eq(0)
+    end
+  end
+  describe '#actual_count' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.actual_count).to be_a BinData::Uint32le
+    end
+  end
+  describe '#str' do
+    it 'is a RubySMB::Field::Stringz16' do
+      expect(packet.str).to be_a RubySMB::Field::Stringz16
+    end
+    it 'exists if #actual_count is greater than 0' do
+      packet.actual_count = 4
+      expect(packet.str?).to be true
+    end
+    it 'does not exist if #actual_count is 0' do
+      expect(packet.str?).to be false
+    end
+  end
+  describe '#get' do
+    it 'returns 0 when #actual_count is 0' do
+      expect(packet.get).to eq(0)
+    end
+    it 'returns #str when #actual_count is greater than 0' do
+      str = 'spec_test'
+      strz16 = RubySMB::Field::Stringz16.new(str)
+      packet.set(str)
+      expect(packet.get).to eq(strz16)
+    end
+  end
+  describe '#set' do
+    context 'when the value is 0' do
+      it 'sets #actual_count to 0' do
+        packet.set(0)
+        expect(packet.actual_count).to eq(0)
+      end
+    end
+    context 'when the value is a string' do
+      let(:str) { 'spec_test' }
+      it 'sets #str to the value' do
+        packet.set(str)
+        strz16 = RubySMB::Field::Stringz16.new(str)
+        expect(packet.str).to eq(strz16)
+      end
+      it 'sets #max_count and #actual_count to the expected value' do
+        packet.set(str)
+        expect(packet.max_count).to eq(str.length + 1)
+        expect(packet.actual_count).to eq(str.length + 1)
+      end
+    end
+  end
+end
+RSpec.describe RubySMB::Dcerpc::Ndr::NdrLpStr do
+  it 'is NdrTopLevelFullPointer subclass' do
+    expect(described_class).to be < RubySMB::Dcerpc::Ndr::NdrTopLevelFullPointer
+  end
+  subject(:packet) { described_class.new }
+  it { is_expected.to respond_to :referent }
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  describe '#referent' do
+    it 'is a NdrString' do
+      expect(packet.referent).to be_a RubySMB::Dcerpc::Ndr::NdrString
+    end
+    it 'exists if superclass #referent_identifier is not zero' do
+      expect(packet.referent?).to be true
+    end
+    it 'does not exist if superclass #referent_identifier is zero' do
+      packet.referent_identifier = 0
+      expect(packet.referent?).to be false
+    end
+  end
+  describe '#to_s' do
+    it 'returns "\0" when #referent_identifier is 0' do
+      packet.referent_identifier = 0
+      expect(packet.to_s).to eq("\0")
+    end
+    it 'returns #referent when #referent_identifier is greater than 0' do
+      packet.set('spec_test')
+      expect(packet.to_s).to eq(packet.referent)
+    end
+  end
+end
+RSpec.describe RubySMB::Dcerpc::Ndr::NdrContextHandle do
+  let(:uuid) { 'c3bce70d-5155-472b-9f2f-b824e5fc9b60' }
+  let(:attr) { 123 }
+  subject(:packet) { described_class.new }
+  it { is_expected.to respond_to :context_handle_attributes }
+  it { is_expected.to respond_to :context_handle_uuid }
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  describe '#context_handle_attributes' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.context_handle_attributes).to be_a BinData::Uint32le
+    end
+  end
+  describe '#context_handle_uuid' do
+    it 'is a UUID' do
+      expect(packet.context_handle_uuid).to be_a RubySMB::Dcerpc::Uuid
+    end
+  end
+  describe '#get' do
+    it 'returns the expeted hash' do
+      packet.context_handle_attributes = attr
+      packet.context_handle_uuid = uuid
+      expect(packet.get).to eq({context_handle_attributes: attr, context_handle_uuid: uuid})
+    end
+  end
+  describe '#set' do
+    let(:handle) { {context_handle_attributes: attr, context_handle_uuid: uuid} }
+    context 'when the value is a hash' do
+      it 'sets #context_handle_attributes and #context_handle_uuid to the expected values' do
+        packet.set(handle)
+        expect(packet.context_handle_attributes).to eq(attr)
+        expect(packet.context_handle_uuid).to eq(uuid)
+      end
+    end
+    context 'when the value is a NdrContextHandle'do
+      it 'reads the value binary representaion ' do
+        ndr_context_handle = described_class.new(handle)
+        allow(ndr_context_handle).to receive(:to_binary_s).and_call_original
+        packet.set(ndr_context_handle)
+        expect(ndr_context_handle).to have_received(:to_binary_s)
+        expect(packet.get).to eq(ndr_context_handle)
+      end
+    end
+    context 'when the value is a binary string'do
+      it 'reads the value' do
+        ndr_context_handle = described_class.new(handle)
+        packet.set(ndr_context_handle.to_binary_s)
+        expect(packet.get).to eq(ndr_context_handle)
+      end
+    end
+  end
+end
+RSpec.describe RubySMB::Dcerpc::Ndr::NdrLpDword do
+  it 'is NdrTopLevelFullPointer subclass' do
+    expect(described_class).to be < RubySMB::Dcerpc::Ndr::NdrTopLevelFullPointer
+  end
+  subject(:packet) { described_class.new }
+  it { is_expected.to respond_to :referent }
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  describe '#referent' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.referent).to be_a BinData::Uint32le
+    end
+    it 'exists if superclass #referent_identifier is not zero' do
+      expect(packet.referent?).to be true
+    end
+    it 'does not exist if superclass #referent_identifier is zero' do
+      packet.referent_identifier = 0
+      expect(packet.referent?).to be false
+    end
+  end
+end
+RSpec.describe RubySMB::Dcerpc::Ndr::NdrLpByte do
+  subject(:packet) { described_class.new }
+  it { is_expected.to respond_to :referent_identifier }
+  it { is_expected.to respond_to :max_count }
+  it { is_expected.to respond_to :offset }
+  it { is_expected.to respond_to :actual_count }
+  it { is_expected.to respond_to :bytes }
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  describe '#referent_identifier' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.referent_identifier).to be_a BinData::Uint32le
+    end
+    it 'has an initial value of 0x00020000' do
+      expect(packet.referent_identifier).to eq(0x00020000)
+    end
+  end
+  describe '#max_count' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.max_count).to be_a BinData::Uint32le
+    end
+    it 'has an initial value equal to #actual_count' do
+      packet.actual_count = 345
+      expect(packet.max_count).to eq(345)
+    end
+    it 'exists if #referent_identifier is not zero' do
+      expect(packet.max_count?).to be true
+    end
+    it 'does not exist if #referent_identifier is zero' do
+      packet.referent_identifier = 0
+      expect(packet.max_count?).to be false
+    end
+  end
+  describe '#offset' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.offset).to be_a BinData::Uint32le
+    end
+    it 'has an initial value of 0' do
+      expect(packet.offset).to eq(0)
+    end
+    it 'exists if #referent_identifier is not zero' do
+      expect(packet.offset?).to be true
+    end
+    it 'does not exist if #referent_identifier is zero' do
+      packet.referent_identifier = 0
+      expect(packet.offset?).to be false
+    end
+  end
+  describe '#actual_count' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.actual_count).to be_a BinData::Uint32le
+    end
+    it 'has an initial value equal to #bytes size' do
+      packet.bytes << 2 << 3 << 4 << 5
+      expect(packet.actual_count).to eq(4)
+    end
+    it 'exists if #referent_identifier is not zero' do
+      expect(packet.actual_count?).to be true
+    end
+    it 'does not exist if #referent_identifier is zero' do
+      packet.referent_identifier = 0
+      expect(packet.actual_count?).to be false
+    end
+  end
+  describe '#bytes' do
+    it 'is a Bindata::Array' do
+      expect(packet.bytes).to be_a BinData::Array
+    end
+    it 'has an initial length equal to #actual_count' do
+      packet.actual_count = 3
+      expect(packet.bytes.size).to eq(3)
+    end
+    it 'is 8-bit unsigned integer elements' do
+      expect(packet.bytes[0]).to be_a BinData::Uint8
+    end
+    it 'exists if #referent_identifier is not zero' do
+      expect(packet.bytes?).to be true
+    end
+    it 'does not exist if #referent_identifier is zero' do
+      packet.referent_identifier = 0
+      expect(packet.bytes?).to be false
+    end
+  end
+end
+RSpec.describe RubySMB::Dcerpc::Ndr::NdrLpFileTime do
+  it 'is NdrTopLevelFullPointer subclass' do
+    expect(described_class).to be < RubySMB::Dcerpc::Ndr::NdrTopLevelFullPointer
+  end
+  subject(:packet) { described_class.new }
+  it { is_expected.to respond_to :referent }
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  describe '#referent' do
+    it 'is a FileTime' do
+      expect(packet.referent).to be_a RubySMB::Field::FileTime
+    end
+    it 'exists if superclass #referent_identifier is not zero' do
+      expect(packet.referent?).to be true
+    end
+    it 'does not exist if superclass #referent_identifier is zero' do
+      packet.referent_identifier = 0
+      expect(packet.referent?).to be false
+    end
+  end
+end