ruby_smb 1.0.3 → 2.0.1

data/spec/lib/ruby_smb/dcerpc/request_spec.rb

@@ -69,11 +69,51 @@ RSpec.describe RubySMB::Dcerpc::Request do
       expect(packet.stub).to be_a BinData::Choice
     end
 
-    context 'with a NetShareEnumAll stub' do
+    context 'with a Srvsvc endpoint' do
+      let(:host) { '1.2.3.4' }
+      let(:packet) do
+        described_class.new(
+          { :opnum => RubySMB::Dcerpc::Srvsvc::NET_SHARE_ENUM_ALL },
+          { :endpoint => 'Srvsvc', :host => host }
+        )
+      end
+
+      it 'uses endpoint parameter to select a Srvsvc stub packet' do
+        expect(packet.stub.selection).to eq('Srvsvc')
+      end
+
+      it 'selects the expected packet structure' do
+        expect(packet.stub).to eq(RubySMB::Dcerpc::Srvsvc::NetShareEnumAll.new(host: host))
+      end
+    end
+
+    context 'with a Winreg endpoint' do
+      let(:opnum) { RubySMB::Dcerpc::Winreg::OPEN_HKCR }
+      let(:packet) do
+        described_class.new(
+          { :opnum => opnum },
+          { :endpoint => 'Winreg' }
+        )
+      end
 
-      it 'uses opnum as a selector' do
-        packet = described_class.new({ :opnum => RubySMB::Dcerpc::Srvsvc::NET_SHARE_ENUM_ALL }, host: '1.2.3.4')
-        expect(packet.stub.selection).to eq(packet.opnum)
+      it 'uses endpoint parameter to select a Winreg stub packet' do
+        expect(packet.stub.selection).to eq('Winreg')
+      end
+
+      it 'selects the expected packet structure' do
+        expect(packet.stub).to eq(RubySMB::Dcerpc::Winreg::OpenRootKeyRequest.new(opnum: opnum))
+      end
+    end
+
+    context 'with an unknown endpoint' do
+      let(:packet) do
+        described_class.new(
+          { :endpoint => 'Unknown' }
+        )
+      end
+
+      it 'sets #stub to an empty string' do
+        expect(packet.stub).to eq('')
       end
     end
   end
@@ -102,13 +142,16 @@ RSpec.describe RubySMB::Dcerpc::Request do
   end
 
   it 'reads its own binary representation and output the same packet' do
-    packet = described_class.new({ :opnum => RubySMB::Dcerpc::Srvsvc::NET_SHARE_ENUM_ALL }, host: '1.2.3.4')
+    packet = described_class.new(
+      { :opnum => RubySMB::Dcerpc::Srvsvc::NET_SHARE_ENUM_ALL },
+      { :endpoint => 'Srvsvc', :host => '1.2.3.4' }
+    )
     packet.pdu_header.pfc_flags.object_uuid = 1
     packet.object = '8a885d04-1ceb-11c9-9fe8-08002b104860'
     packet.auth_verifier = '123456'
     packet.pdu_header.auth_length = 6
     binary = packet.to_binary_s
-    expect(described_class.read(binary)).to eq(packet)
+    packet2 = described_class.new( { :endpoint => 'Srvsvc' } )
+    expect(packet2.read(binary)).to eq(packet)
   end
 end
-

data/spec/lib/ruby_smb/dcerpc/rrp_unicode_string_spec.rb

@@ -0,0 +1,98 @@
+RSpec.describe RubySMB::Dcerpc::RrpUnicodeString do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :buffer_length }
+  it { is_expected.to respond_to :maximum_length }
+  it { is_expected.to respond_to :buffer }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  describe '#buffer_length' do
+    it 'should be a 16-bit unsigned integer' do
+      expect(packet.buffer_length).to be_a BinData::Uint16le
+    end
+
+    it 'is set to 0 when #buffer in empty' do
+      expect(packet.buffer_length).to eq(0)
+    end
+  end
+
+  describe '#maximum_length' do
+    it 'should be a 16-bit unsigned integer' do
+      expect(packet.maximum_length).to be_a BinData::Uint16le
+    end
+  end
+
+  describe '#buffer' do
+    it 'should be a NdrLpStr' do
+      expect(packet.buffer).to be_a RubySMB::Dcerpc::Ndr::NdrLpStr
+    end
+  end
+
+  describe '#get' do
+    it 'returns #buffer' do
+      packet.buffer = 'spec_test'
+      expect(packet.get).to eq(RubySMB::Dcerpc::Ndr::NdrLpStr.new('spec_test'))
+    end
+  end
+
+  describe '#set' do
+    it 'sets #buffer to the expected value' do
+      packet.set('spec_test')
+      expect(packet.buffer).to eq(RubySMB::Dcerpc::Ndr::NdrLpStr.new('spec_test'))
+    end
+
+    it 'sets #buffer_length to the expected value' do
+      packet.set('spec_test')
+      expect(packet.buffer_length).to eq(('spec_test'.size + 1) * 2)
+    end
+
+    it 'sets #maximum_length to the expected value' do
+      packet.set('spec_test')
+      expect(packet.maximum_length).to eq(('spec_test'.size + 1) * 2)
+    end
+
+    context 'when the value is 0' do
+      it 'sets #buffer_length to 0' do
+        packet.set(0)
+        expect(packet.buffer_length).to eq(0)
+      end
+
+      it 'sets #maximum_length to 0' do
+        packet.set(0)
+        expect(packet.maximum_length).to eq(0)
+      end
+    end
+  end
+end
+
+RSpec.describe RubySMB::Dcerpc::PrrpUnicodeString do
+  it 'is NdrTopLevelFullPointer subclass' do
+    expect(described_class).to be < RubySMB::Dcerpc::Ndr::NdrTopLevelFullPointer
+  end
+
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :referent }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  describe '#referent' do
+    it 'is a RrpUnicodeString' do
+      expect(packet.referent).to be_a RubySMB::Dcerpc::RrpUnicodeString
+    end
+
+    it 'exists if superclass #referent_identifier is not zero' do
+      expect(packet.referent?).to be true
+    end
+
+    it 'does not exist if superclass #referent_identifier is zero' do
+      packet.referent_identifier = 0
+      expect(packet.referent?).to be false
+    end
+  end
+end

data/spec/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all_spec.rb

@@ -15,11 +15,18 @@ RSpec.describe RubySMB::Dcerpc::Srvsvc::NetShareEnumAll do
   it { is_expected.to respond_to :max_buffer }
   it { is_expected.to respond_to :resume_referent_id }
   it { is_expected.to respond_to :resume_handle }
+  it { is_expected.to respond_to :opnum }
 
   it 'is little endian' do
     expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
   end
 
+  context 'when \'host\' parameter is not provided' do
+    it 'raises an ArgumentError' do
+      expect { described_class.new }.to raise_error(ArgumentError)
+    end
+  end
+
   describe '#referent_id' do
     it 'should be a 32-bit unsigned integer' do
       expect(packet.referent_id).to be_a BinData::Uint32le
@@ -156,6 +163,12 @@ RSpec.describe RubySMB::Dcerpc::Srvsvc::NetShareEnumAll do
     end
   end
 
+  describe '#initialize_instance' do
+    it 'sets #opnum to REG_CLOSE_KEY constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Srvsvc::NET_SHARE_ENUM_ALL)
+    end
+  end
+
   describe '#pad_length' do
     it 'returns 0 when #level is already 4-byte aligned' do
       expect(packet.pad_length).to eq 0

data/spec/lib/ruby_smb/dcerpc/srvsvc_spec.rb

@@ -0,0 +1,60 @@
+RSpec.describe RubySMB::Dcerpc::Srvsvc do
+  let(:srvsvc) do
+    RubySMB::SMB1::Pipe.new(
+      tree: double('Tree'),
+      response: RubySMB::SMB1::Packet::NtCreateAndxResponse.new,
+      name: 'srvsvc'
+    )
+  end
+
+  describe '#net_share_enum_all' do
+    let(:host)            { '1.2.3.4' }
+    let(:request_packet)  { double('NetShareEnumAll request packet') }
+    let(:dcerpc_response) { double('DCERPC response') }
+    let(:shares) do
+      [
+        ["C$", "DISK", "Default share"],
+        ["Shared", "DISK", ""],
+        ["IPC$", "IPC", "Remote IPC"],
+        ["ADMIN$", "DISK", "Remote Admin"]
+      ]
+    end
+
+    before :example do
+      allow(srvsvc).to receive(:bind)
+      allow(RubySMB::Dcerpc::Srvsvc::NetShareEnumAll).to receive(:new).and_return(request_packet)
+      allow(srvsvc).to receive(:dcerpc_request).and_return(dcerpc_response)
+      allow(RubySMB::Dcerpc::Srvsvc::NetShareEnumAll).to receive(:parse_response).and_return(shares)
+    end
+
+    it 'calls #bind with the expected arguments' do
+      srvsvc.net_share_enum_all(host)
+      expect(srvsvc).to have_received(:bind).with(endpoint: RubySMB::Dcerpc::Srvsvc)
+    end
+
+    it 'creates the expected NetShareEnumAll packet' do
+      srvsvc.net_share_enum_all(host)
+      expect(RubySMB::Dcerpc::Srvsvc::NetShareEnumAll).to have_received(:new).with(host: host)
+    end
+
+    it 'calls #request with the expected arguments' do
+      srvsvc.net_share_enum_all(host)
+      expect(srvsvc).to have_received(:dcerpc_request).with(request_packet)
+    end
+
+    it 'parse the response with NetShareEnumAll #parse_response method' do
+      srvsvc.net_share_enum_all(host)
+      expect(RubySMB::Dcerpc::Srvsvc::NetShareEnumAll).to have_received(:parse_response).with(dcerpc_response)
+    end
+
+    it 'returns the remote shares' do
+      output = [
+        {:name=>"C$", :type=>"DISK", :comment=>"Default share"},
+        {:name=>"Shared", :type=>"DISK", :comment=>""},
+        {:name=>"IPC$", :type=>"IPC", :comment=>"Remote IPC"},
+        {:name=>"ADMIN$", :type=>"DISK", :comment=>"Remote Admin"},
+      ]
+      expect(srvsvc.net_share_enum_all(host)).to eq(output)
+    end
+  end
+end

data/spec/lib/ruby_smb/dcerpc/winreg/close_key_request_spec.rb

@@ -0,0 +1,28 @@
+RSpec.describe RubySMB::Dcerpc::Winreg::RpcHkey do
+  it 'is NdrContextHandle subclass' do
+    expect(described_class).to be < RubySMB::Dcerpc::Ndr::NdrContextHandle
+  end
+end
+
+RSpec.describe RubySMB::Dcerpc::Winreg::CloseKeyRequest do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :hkey }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  describe '#hkey' do
+    it 'is a RpcHkey structure' do
+      expect(packet.hkey).to be_a RubySMB::Dcerpc::Winreg::RpcHkey
+    end
+  end
+
+  describe '#initialize_instance' do
+    it 'sets #opnum to REG_CLOSE_KEY constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Winreg::REG_CLOSE_KEY)
+    end
+  end
+end

data/spec/lib/ruby_smb/dcerpc/winreg/close_key_response_spec.rb

@@ -0,0 +1,36 @@
+RSpec.describe RubySMB::Dcerpc::Winreg::RpcHkey do
+  it 'is NdrContextHandle subclass' do
+    expect(described_class).to be < RubySMB::Dcerpc::Ndr::NdrContextHandle
+  end
+end
+
+RSpec.describe RubySMB::Dcerpc::Winreg::CloseKeyResponse do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :hkey }
+  it { is_expected.to respond_to :error_status }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  describe '#hkey' do
+    it 'is a RpcHkey structure' do
+      expect(packet.hkey).to be_a RubySMB::Dcerpc::Winreg::RpcHkey
+    end
+  end
+
+  describe '#error_status' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.error_status).to be_a BinData::Uint32le
+    end
+  end
+
+  describe '#initialize_instance' do
+    it 'sets #opnum to REG_CLOSE_KEY constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Winreg::REG_CLOSE_KEY)
+    end
+  end
+end
+

data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_request_spec.rb

@@ -0,0 +1,108 @@
+RSpec.describe RubySMB::Dcerpc::Winreg::RpcHkey do
+  it 'is NdrContextHandle subclass' do
+    expect(described_class).to be < RubySMB::Dcerpc::Ndr::NdrContextHandle
+  end
+end
+
+RSpec.describe RubySMB::Dcerpc::Winreg::EnumKeyRequest do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :hkey }
+  it { is_expected.to respond_to :dw_index }
+  it { is_expected.to respond_to :lp_name }
+  it { is_expected.to respond_to :pad1 }
+  it { is_expected.to respond_to :lp_class }
+  it { is_expected.to respond_to :pad2 }
+  it { is_expected.to respond_to :lpft_last_write_time }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  describe '#hkey' do
+    it 'is a RpcHkey structure' do
+      expect(packet.hkey).to be_a RubySMB::Dcerpc::Winreg::RpcHkey
+    end
+  end
+
+  describe '#dw_index' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.dw_index).to be_a BinData::Uint32le
+    end
+  end
+
+  describe '#lp_name' do
+    it 'is a RrpUnicodeString structure' do
+      expect(packet.lp_name).to be_a RubySMB::Dcerpc::RrpUnicodeString
+    end
+  end
+
+  describe '#pad1' do
+    it 'is a string' do
+      expect(packet.pad1).to be_a BinData::String
+    end
+
+    it 'should keep #lp_class 4-byte aligned' do
+      packet.lp_name = "test"
+      expect(packet.lp_class.abs_offset % 4).to eq 0
+    end
+  end
+
+  describe '#lp_class' do
+    it 'is a PrrpUnicodeString structure' do
+      expect(packet.lp_class).to be_a RubySMB::Dcerpc::PrrpUnicodeString
+    end
+
+    it 'has a initial value of 0' do
+      expect(packet.lp_class).to eq(0)
+    end
+  end
+
+  describe '#pad2' do
+    it 'is a string' do
+      expect(packet.pad2).to be_a BinData::String
+    end
+
+    it 'should keep #lpft_last_write_time 4-byte aligned' do
+      packet.lp_class = "test"
+      expect(packet.lpft_last_write_time.abs_offset % 4).to eq 0
+    end
+  end
+
+  describe '#lpft_last_write_time' do
+    it 'is a NdrLpFileTime structure' do
+      expect(packet.lpft_last_write_time).to be_a RubySMB::Dcerpc::Ndr::NdrLpFileTime
+    end
+  end
+
+  describe '#initialize_instance' do
+    it 'sets #opnum to REG_ENUM_KEY constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Winreg::REG_ENUM_KEY)
+    end
+  end
+
+  describe '#pad_length1' do
+    it 'returns 0 when #lp_class is already 4-byte aligned' do
+      packet.lp_name = 'align'
+      expect(packet.pad_length1).to eq 0
+    end
+
+    it 'returns 2 when #lp_class is only 2-byte aligned' do
+      packet.lp_name = 'align' + 'A'
+      expect(packet.pad_length1).to eq 2
+    end
+  end
+
+  describe '#pad_length2' do
+    it 'returns 0 when #lpft_last_write_time is already 4-byte aligned' do
+      packet.lp_class = 'align'
+      expect(packet.pad_length2).to eq 0
+    end
+
+    it 'returns 2 when #lpft_last_write_time is only 2-byte aligned' do
+      packet.lp_class = 'align' + 'A'
+      expect(packet.pad_length2).to eq 2
+    end
+  end
+end

data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_response_spec.rb

@@ -0,0 +1,97 @@
+RSpec.describe RubySMB::Dcerpc::Winreg::EnumKeyResponse do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :lp_name }
+  it { is_expected.to respond_to :pad1 }
+  it { is_expected.to respond_to :lp_class }
+  it { is_expected.to respond_to :pad2 }
+  it { is_expected.to respond_to :lpft_last_write_time }
+  it { is_expected.to respond_to :error_status }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+
+  describe '#lp_name' do
+    it 'is a RrpUnicodeString structure' do
+      expect(packet.lp_name).to be_a RubySMB::Dcerpc::RrpUnicodeString
+    end
+  end
+
+  describe '#pad1' do
+    it 'is a string' do
+      expect(packet.pad1).to be_a BinData::String
+    end
+
+    it 'should keep #lp_class 4-byte aligned' do
+      packet.lp_name = "test"
+      expect(packet.lp_class.abs_offset % 4).to eq 0
+    end
+  end
+
+  describe '#lp_class' do
+    it 'is a PrrpUnicodeString structure' do
+      expect(packet.lp_class).to be_a RubySMB::Dcerpc::PrrpUnicodeString
+    end
+
+    it 'has a initial value of 0' do
+      expect(packet.lp_class).to eq(0)
+    end
+  end
+
+  describe '#pad2' do
+    it 'is a string' do
+      expect(packet.pad2).to be_a BinData::String
+    end
+
+    it 'should keep #lpft_last_write_time 4-byte aligned' do
+      packet.lp_class = "test"
+      expect(packet.lpft_last_write_time.abs_offset % 4).to eq 0
+    end
+  end
+
+  describe '#lpft_last_write_time' do
+    it 'is a NdrLpFileTime structure' do
+      expect(packet.lpft_last_write_time).to be_a RubySMB::Dcerpc::Ndr::NdrLpFileTime
+    end
+  end
+
+  describe '#error_status' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.error_status).to be_a BinData::Uint32le
+    end
+  end
+
+  describe '#initialize_instance' do
+    it 'sets #opnum to REG_ENUM_KEY constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Winreg::REG_ENUM_KEY)
+    end
+  end
+
+  describe '#pad_length1' do
+    it 'returns 0 when #lp_class is already 4-byte aligned' do
+      packet.lp_name = 'align'
+      expect(packet.pad_length1).to eq 0
+    end
+
+    it 'returns 2 when #lp_class is only 2-byte aligned' do
+      packet.lp_name = 'align' + 'A'
+      expect(packet.pad_length1).to eq 2
+    end
+  end
+
+  describe '#pad_length2' do
+    it 'returns 0 when #lpft_last_write_time is already 4-byte aligned' do
+      packet.lp_class = 'align'
+      expect(packet.pad_length2).to eq 0
+    end
+
+    it 'returns 2 when #lpft_last_write_time is only 2-byte aligned' do
+      packet.lp_class = 'align' + 'A'
+      expect(packet.pad_length2).to eq 2
+    end
+  end
+end
+