RubyGems - ruby_smb - Versions diffs - 1.0.3 → 2.0.1 - Mend

ruby_smb 1.0.3 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (200) hide show

checksums.yaml +5 -5
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/.travis.yml +3 -2
data/Gemfile +6 -2
data/README.md +35 -47
data/examples/enum_registry_key.rb +28 -0
data/examples/enum_registry_values.rb +30 -0
data/examples/negotiate.rb +51 -8
data/examples/pipes.rb +2 -1
data/examples/read_file_encryption.rb +56 -0
data/examples/read_registry_key_value.rb +32 -0
data/lib/ruby_smb.rb +4 -1
data/lib/ruby_smb/client.rb +233 -22
data/lib/ruby_smb/client/authentication.rb +70 -33
data/lib/ruby_smb/client/echo.rb +20 -2
data/lib/ruby_smb/client/encryption.rb +62 -0
data/lib/ruby_smb/client/negotiation.rb +172 -24
data/lib/ruby_smb/client/signing.rb +19 -0
data/lib/ruby_smb/client/tree_connect.rb +24 -18
data/lib/ruby_smb/client/utils.rb +8 -7
data/lib/ruby_smb/client/winreg.rb +46 -0
data/lib/ruby_smb/crypto.rb +30 -0
data/lib/ruby_smb/dcerpc.rb +38 -0
data/lib/ruby_smb/dcerpc/bind.rb +2 -2
data/lib/ruby_smb/dcerpc/bind_ack.rb +2 -2
data/lib/ruby_smb/dcerpc/error.rb +3 -0
data/lib/ruby_smb/dcerpc/ndr.rb +95 -16
data/lib/ruby_smb/dcerpc/pdu_header.rb +1 -1
data/lib/ruby_smb/dcerpc/request.rb +28 -9
data/lib/ruby_smb/dcerpc/rrp_unicode_string.rb +35 -0
data/lib/ruby_smb/dcerpc/srvsvc.rb +10 -0
data/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all.rb +9 -0
data/lib/ruby_smb/dcerpc/winreg.rb +340 -0
data/lib/ruby_smb/dcerpc/winreg/close_key_request.rb +24 -0
data/lib/ruby_smb/dcerpc/winreg/close_key_response.rb +27 -0
data/lib/ruby_smb/dcerpc/winreg/enum_key_request.rb +45 -0
data/lib/ruby_smb/dcerpc/winreg/enum_key_response.rb +42 -0
data/lib/ruby_smb/dcerpc/winreg/enum_value_request.rb +39 -0
data/lib/ruby_smb/dcerpc/winreg/enum_value_response.rb +36 -0
data/lib/ruby_smb/dcerpc/winreg/open_key_request.rb +34 -0
data/lib/ruby_smb/dcerpc/winreg/open_key_response.rb +25 -0
data/lib/ruby_smb/dcerpc/winreg/open_root_key_request.rb +43 -0
data/lib/ruby_smb/dcerpc/winreg/open_root_key_response.rb +35 -0
data/lib/ruby_smb/dcerpc/winreg/query_info_key_request.rb +27 -0
data/lib/ruby_smb/dcerpc/winreg/query_info_key_response.rb +40 -0
data/lib/ruby_smb/dcerpc/winreg/query_value_request.rb +39 -0
data/lib/ruby_smb/dcerpc/winreg/query_value_response.rb +57 -0
data/lib/ruby_smb/dcerpc/winreg/regsam.rb +40 -0
data/lib/ruby_smb/dispatcher/socket.rb +4 -3
data/lib/ruby_smb/error.rb +68 -2
data/lib/ruby_smb/generic_packet.rb +33 -4
data/lib/ruby_smb/smb1/commands.rb +1 -1
data/lib/ruby_smb/smb1/file.rb +66 -15
data/lib/ruby_smb/smb1/packet/close_request.rb +2 -5
data/lib/ruby_smb/smb1/packet/close_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/echo_request.rb +2 -4
data/lib/ruby_smb/smb1/packet/echo_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/empty_packet.rb +10 -1
data/lib/ruby_smb/smb1/packet/logoff_request.rb +2 -4
data/lib/ruby_smb/smb1/packet/logoff_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/negotiate_request.rb +2 -5
data/lib/ruby_smb/smb1/packet/negotiate_response.rb +3 -7
data/lib/ruby_smb/smb1/packet/negotiate_response_extended.rb +4 -4
data/lib/ruby_smb/smb1/packet/nt_create_andx_request.rb +2 -4
data/lib/ruby_smb/smb1/packet/nt_create_andx_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/nt_trans/create_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/nt_trans/create_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/nt_trans/request.rb +2 -4
data/lib/ruby_smb/smb1/packet/nt_trans/response.rb +2 -1
data/lib/ruby_smb/smb1/packet/read_andx_request.rb +2 -5
data/lib/ruby_smb/smb1/packet/read_andx_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/session_setup_legacy_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/session_setup_legacy_response.rb +3 -2
data/lib/ruby_smb/smb1/packet/session_setup_request.rb +2 -5
data/lib/ruby_smb/smb1/packet/session_setup_response.rb +3 -2
data/lib/ruby_smb/smb1/packet/trans/peek_nmpipe_request.rb +0 -1
data/lib/ruby_smb/smb1/packet/trans/peek_nmpipe_response.rb +3 -2
data/lib/ruby_smb/smb1/packet/trans/request.rb +2 -5
data/lib/ruby_smb/smb1/packet/trans/response.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans/transact_nmpipe_request.rb +1 -1
data/lib/ruby_smb/smb1/packet/trans/transact_nmpipe_response.rb +1 -1
data/lib/ruby_smb/smb1/packet/trans2/find_first2_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/find_first2_response.rb +8 -2
data/lib/ruby_smb/smb1/packet/trans2/find_next2_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/find_next2_response.rb +8 -2
data/lib/ruby_smb/smb1/packet/trans2/open2_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/open2_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/request.rb +2 -4
data/lib/ruby_smb/smb1/packet/trans2/request_secondary.rb +2 -4
data/lib/ruby_smb/smb1/packet/trans2/response.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/set_file_information_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/set_file_information_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/tree_connect_request.rb +2 -4
data/lib/ruby_smb/smb1/packet/tree_connect_response.rb +13 -3
data/lib/ruby_smb/smb1/packet/tree_disconnect_request.rb +2 -4
data/lib/ruby_smb/smb1/packet/tree_disconnect_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/write_andx_request.rb +3 -6
data/lib/ruby_smb/smb1/packet/write_andx_response.rb +2 -1
data/lib/ruby_smb/smb1/pipe.rb +87 -6
data/lib/ruby_smb/smb1/tree.rb +50 -3
data/lib/ruby_smb/smb2/bit_field/session_flags.rb +2 -1
data/lib/ruby_smb/smb2/bit_field/share_flags.rb +6 -4
data/lib/ruby_smb/smb2/file.rb +103 -25
data/lib/ruby_smb/smb2/negotiate_context.rb +108 -0
data/lib/ruby_smb/smb2/packet.rb +2 -0
data/lib/ruby_smb/smb2/packet/close_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/close_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/compression_transform_header.rb +41 -0
data/lib/ruby_smb/smb2/packet/create_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/create_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/echo_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/echo_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/error_packet.rb +15 -3
data/lib/ruby_smb/smb2/packet/ioctl_request.rb +2 -5
data/lib/ruby_smb/smb2/packet/ioctl_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/logoff_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/logoff_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/negotiate_request.rb +51 -17
data/lib/ruby_smb/smb2/packet/negotiate_response.rb +52 -5
data/lib/ruby_smb/smb2/packet/query_directory_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/query_directory_response.rb +8 -2
data/lib/ruby_smb/smb2/packet/read_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/read_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/session_setup_request.rb +2 -5
data/lib/ruby_smb/smb2/packet/session_setup_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/set_info_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/set_info_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/transform_header.rb +84 -0
data/lib/ruby_smb/smb2/packet/tree_connect_request.rb +93 -10
data/lib/ruby_smb/smb2/packet/tree_connect_response.rb +10 -22
data/lib/ruby_smb/smb2/packet/tree_disconnect_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/tree_disconnect_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/write_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/write_response.rb +2 -1
data/lib/ruby_smb/smb2/pipe.rb +86 -12
data/lib/ruby_smb/smb2/smb2_header.rb +1 -1
data/lib/ruby_smb/smb2/tree.rb +65 -21
data/lib/ruby_smb/version.rb +1 -1
data/ruby_smb.gemspec +5 -3
data/spec/lib/ruby_smb/client_spec.rb +1612 -108
data/spec/lib/ruby_smb/crypto_spec.rb +25 -0
data/spec/lib/ruby_smb/dcerpc/bind_ack_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/bind_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/ndr_spec.rb +410 -0
data/spec/lib/ruby_smb/dcerpc/request_spec.rb +50 -7
data/spec/lib/ruby_smb/dcerpc/rrp_unicode_string_spec.rb +98 -0
data/spec/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all_spec.rb +13 -0
data/spec/lib/ruby_smb/dcerpc/srvsvc_spec.rb +60 -0
data/spec/lib/ruby_smb/dcerpc/winreg/close_key_request_spec.rb +28 -0
data/spec/lib/ruby_smb/dcerpc/winreg/close_key_response_spec.rb +36 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_request_spec.rb +108 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_response_spec.rb +97 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_request_spec.rb +94 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_response_spec.rb +82 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_key_request_spec.rb +74 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_key_response_spec.rb +35 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_request_spec.rb +90 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_request_spec.rb +39 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_response_spec.rb +113 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_request_spec.rb +88 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_response_spec.rb +150 -0
data/spec/lib/ruby_smb/dcerpc/winreg/regsam_spec.rb +32 -0
data/spec/lib/ruby_smb/dcerpc/winreg_spec.rb +710 -0
data/spec/lib/ruby_smb/dcerpc_spec.rb +81 -0
data/spec/lib/ruby_smb/dispatcher/socket_spec.rb +2 -2
data/spec/lib/ruby_smb/error_spec.rb +59 -0
data/spec/lib/ruby_smb/generic_packet_spec.rb +52 -4
data/spec/lib/ruby_smb/smb1/file_spec.rb +191 -2
data/spec/lib/ruby_smb/smb1/packet/empty_packet_spec.rb +68 -0
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_response_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_response_spec.rb +1 -1
data/spec/lib/ruby_smb/smb1/packet/trans2/find_first2_response_spec.rb +11 -2
data/spec/lib/ruby_smb/smb1/packet/trans2/find_next2_response_spec.rb +11 -2
data/spec/lib/ruby_smb/smb1/packet/tree_connect_response_spec.rb +40 -0
data/spec/lib/ruby_smb/smb1/pipe_spec.rb +272 -149
data/spec/lib/ruby_smb/smb1/tree_spec.rb +44 -7
data/spec/lib/ruby_smb/smb2/bit_field/session_flags_spec.rb +9 -0
data/spec/lib/ruby_smb/smb2/bit_field/share_flags_spec.rb +27 -0
data/spec/lib/ruby_smb/smb2/file_spec.rb +323 -6
data/spec/lib/ruby_smb/smb2/negotiate_context_spec.rb +332 -0
data/spec/lib/ruby_smb/smb2/packet/compression_transform_header_spec.rb +108 -0
data/spec/lib/ruby_smb/smb2/packet/error_packet_spec.rb +78 -0
data/spec/lib/ruby_smb/smb2/packet/negotiate_request_spec.rb +138 -3
data/spec/lib/ruby_smb/smb2/packet/negotiate_response_spec.rb +120 -2
data/spec/lib/ruby_smb/smb2/packet/query_directory_response_spec.rb +8 -0
data/spec/lib/ruby_smb/smb2/packet/transform_header_spec.rb +220 -0
data/spec/lib/ruby_smb/smb2/packet/tree_connect_request_spec.rb +339 -9
data/spec/lib/ruby_smb/smb2/packet/tree_connect_response_spec.rb +3 -22
data/spec/lib/ruby_smb/smb2/pipe_spec.rb +286 -149
data/spec/lib/ruby_smb/smb2/smb2_header_spec.rb +2 -2
data/spec/lib/ruby_smb/smb2/tree_spec.rb +261 -2
metadata +191 -83
metadata.gz.sig +0 -0
data/lib/ruby_smb/smb1/dcerpc.rb +0 -67
data/lib/ruby_smb/smb2/dcerpc.rb +0 -70
data/spec/lib/ruby_smb/smb1/packet/error_packet_spec.rb +0 -37

data/lib/ruby_smb/client/utils.rb CHANGED

@@ -40,27 +40,28 @@ module RubySMB
       end
       #Writes data to an open file handle
-      def write(file_id, offset = 0, data = '', do_recv = true)
+      def write(file_id = last_file_id, offset = 0, data = '', do_recv = true)
         @open_files[file_id].send_recv_write(data: data, offset: offset)
       end
-      def read(file_id, offset = 0, length = last_file.size)
+      def read(file_id = last_file_id, offset = 0, length = last_file.size, do_recv = true)
         data = @open_files[file_id].send_recv_read(read_length: length, offset: offset)
         data.bytes
       end
-      def delete(path)
-        file = last_tree.open_file(filename: path.sub(/^\\/, ''), delete: true)
+      def delete(path, tree_id = last_tree_id, do_recv = true)
+        tree = @tree_connects.detect{ |tree| tree.id == tree_id }
+        file = tree.open_file(filename: path.sub(/^\\/, ''), delete: true)
         file.delete
         file.close
       end
-      def close(file_id, tree_id)
+      def close(file_id = last_file_id, tree_id = last_tree_id, do_recv = true)
        @open_files[file_id].close
       end
-      def tree_disconnect(share)
-       @tree_connects.detect{|tree| tree.id == share }.disconnect!
+      def tree_disconnect(tree_id = last_tree_id, do_recv = true)
+       @tree_connects.detect{|tree| tree.id == tree_id }.disconnect!
       end
       def native_os

data/lib/ruby_smb/client/winreg.rb ADDED

@@ -0,0 +1,46 @@
+module RubySMB
+  class Client
+    module Winreg
+      def connect_to_winreg(host)
+        share = "\\\\#{host}\\IPC$"
+        tree = @tree_connects.find {|tree| tree.share == share}
+        tree = tree_connect(share) unless tree
+        named_pipe = tree.open_file(filename: "winreg", write: true, read: true)
+        if block_given?
+          res = yield named_pipe
+          named_pipe.close
+          res
+        else
+          named_pipe
+        end
+      end
+      def has_registry_key?(host, key)
+        connect_to_winreg(host) do |named_pipe|
+          named_pipe.has_registry_key?(key)
+        end
+      end
+      def read_registry_key_value(host, key, value_name)
+        connect_to_winreg(host) do |named_pipe|
+          named_pipe.read_registry_key_value(key, value_name)
+        end
+      end
+      def enum_registry_key(host, key)
+        connect_to_winreg(host) do |named_pipe|
+          named_pipe.enum_registry_key(key)
+        end
+      end
+      def enum_registry_values(host, key)
+        connect_to_winreg(host) do |named_pipe|
+          named_pipe.enum_registry_values(key)
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/crypto.rb ADDED

@@ -0,0 +1,30 @@
+module RubySMB
+  module Crypto
+    module KDF
+      def self.counter_mode(ki, label, context, length: 128)
+        digest = OpenSSL::Digest.new('SHA256')
+        r = 32
+        n = length / 256
+        n = 1 if n == 0
+        raise ArgumentError if n > 2**r - 1
+        result = ""
+        n.times do |i|
+          input = [i + 1].pack('L>')
+          input << label
+          input << "\x00"
+          input << context
+          input << [length].pack('L>')
+          k = OpenSSL::HMAC.digest(digest, ki, input)
+          result << k
+        end
+        return result[0...(length / 8)]
+      rescue OpenSSL::OpenSSLError => e
+        raise RubySMB::Error::EncryptionError, "Crypto::KDF.counter_mode OpenSSL error: #{e.message}"
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc.rb CHANGED

@@ -1,15 +1,53 @@
 module RubySMB
   module Dcerpc
+    MAX_XMIT_FRAG = 4280
+    MAX_RECV_FRAG = 4280
+    require 'windows_error/win32'
     require 'ruby_smb/dcerpc/error'
     require 'ruby_smb/dcerpc/uuid'
     require 'ruby_smb/dcerpc/ndr'
     require 'ruby_smb/dcerpc/ptypes'
     require 'ruby_smb/dcerpc/p_syntax_id_t'
+    require 'ruby_smb/dcerpc/rrp_unicode_string'
     require 'ruby_smb/dcerpc/pdu_header'
     require 'ruby_smb/dcerpc/srvsvc'
+    require 'ruby_smb/dcerpc/winreg'
     require 'ruby_smb/dcerpc/request'
     require 'ruby_smb/dcerpc/response'
     require 'ruby_smb/dcerpc/bind'
     require 'ruby_smb/dcerpc/bind_ack'
+    # Bind to the remote server interface endpoint.
+    #
+    # @param options [Hash] the options to pass to the Bind request packet. At least, :endpoint must but provided with an existing Dcerpc class
+    # @return [RubySMB::Dcerpc::BindAck] the BindAck response packet
+    # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if an invalid packet is received
+    # @raise [RubySMB::Dcerpc::Error::BindError] if the response is not a BindAck packet or if the Bind result code is not ACCEPTANCE
+    def bind(options={})
+      bind_req = RubySMB::Dcerpc::Bind.new(options)
+      write(data: bind_req.to_binary_s)
+      @size = 1024
+      dcerpc_raw_response = read()
+      begin
+        dcerpc_response = RubySMB::Dcerpc::BindAck.read(dcerpc_raw_response)
+      rescue IOError
+        raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the DCERPC response"
+      end
+      unless dcerpc_response.pdu_header.ptype == RubySMB::Dcerpc::PTypes::BIND_ACK
+        raise RubySMB::Dcerpc::Error::BindError, "Not a BindAck packet"
+      end
+      res_list = dcerpc_response.p_result_list
+      if res_list.n_results == 0 ||
+         res_list.p_results[0].result != RubySMB::Dcerpc::BindAck::ACCEPTANCE
+        raise RubySMB::Dcerpc::Error::BindError,
+          "Bind Failed (Result: #{res_list.p_results[0].result}, Reason: #{res_list.p_results[0].reason})"
+      end
+      @tree.client.max_buffer_size = dcerpc_response.max_xmit_frag
+      dcerpc_response
+    end
   end
 end

data/lib/ruby_smb/dcerpc/bind.rb CHANGED

@@ -35,8 +35,8 @@ module RubySMB
       pdu_header :pdu_header,        label: 'PDU header'
-      uint16 :max_xmit_frag,         label: 'max transmit frag size',    initial_value: 0xFFFF
-      uint16 :max_recv_frag,         label: 'max receive  frag size',    initial_value: 0xFFFF
+      uint16 :max_xmit_frag,         label: 'max transmit frag size',    initial_value: RubySMB::Dcerpc::MAX_XMIT_FRAG
+      uint16 :max_recv_frag,         label: 'max receive  frag size',    initial_value: RubySMB::Dcerpc::MAX_RECV_FRAG
       uint32 :assoc_group_id,        label: 'ncarnation of client-server assoc group'
       p_cont_list_t :p_context_list, label: 'Presentation context list', endpoint: -> { endpoint }

data/lib/ruby_smb/dcerpc/bind_ack.rb CHANGED

@@ -46,8 +46,8 @@ module RubySMB
       pdu_header :pdu_header,         label: 'PDU header'
-      uint16     :max_xmit_frag,      label: 'Max transmit frag size',  initial_value: 0xFFFF
-      uint16     :max_recv_frag,      label: 'Max receive frag size',   initial_value: 0xFFFF
+      uint16     :max_xmit_frag,      label: 'Max transmit frag size',  initial_value: RubySMB::Dcerpc::MAX_XMIT_FRAG
+      uint16     :max_recv_frag,      label: 'Max receive frag size',   initial_value: RubySMB::Dcerpc::MAX_RECV_FRAG
       uint32     :assoc_group_id,     label: 'Association group ID'
       port_any_t :sec_addr,           label: 'Secondary address'
       string     :pad,                length: -> { pad_length }

data/lib/ruby_smb/dcerpc/error.rb CHANGED

@@ -10,6 +10,9 @@ module RubySMB
       # Raised when an invalid packet is received
       class InvalidPacket < DcerpcError; end
+      # Raised when an error is returned during a Winreg operation
+      class WinregError < DcerpcError; end
     end
   end
 end

data/lib/ruby_smb/dcerpc/ndr.rb CHANGED

@@ -7,36 +7,115 @@ module RubySMB
       VER_MAJOR = 2
       VER_MINOR = 0
-      class NdrString < BinData::Record
+      # An NDR Top-level Full Pointers representation as defined in
+      # [Transfer Syntax NDR - Top-level Full Pointers](http://pubs.opengroup.org/onlinepubs/9629399/chap14.htm#tagcjh_19_03_11_01)
+      # This class must be inherited and the subclass must have a #referent protperty
+      class NdrTopLevelFullPointer < BinData::Primitive
         endian :little
-        uint32    :max_count, initial_value: -> { str.length }
-        uint32    :offset, initial_value: 0
-        uint32    :actual_count, initial_value: -> { str.length }
-        stringz16 :str, read_length: -> { actual_count }
+        uint32 :referent_identifier, initial_value: 0x00020000
-        def assign(v)
-          self.max_count = v.size
-          self.actual_count = v.size
-          self.str = v
+        def get
+          is_a_null_pointer? ? 0 : self.referent
+        end
+        def set(v)
+          if v.is_a?(Integer) && v == 0
+            self.referent_identifier = 0
+          else
+            self.referent = v
+          end
+        end
+        def is_a_null_pointer?
+          self.referent_identifier == 0
         end
       end
-      class NdrLpStr < BinData::Record
+      # An NDR Conformant and Varying String representation as defined in
+      # [Transfer Syntax NDR - Conformant and Varying Strings](http://pubs.opengroup.org/onlinepubs/9629399/chap14.htm#tagcjh_19_03_04_02)
+      # The string elements are Stringz16 (unicode)
+      class NdrString < BinData::Primitive
         endian :little
-        uint32     :referent_identifier
-        ndr_string :ndr_str
+        uint32    :max_count
+        uint32    :offset,     initial_value: 0
+        uint32    :actual_count
+        stringz16 :str,        read_length: -> { actual_count }, onlyif: -> { actual_count > 0 }
-        def assign(v)
-          self.ndr_str = v
+        def get
+          self.actual_count == 0 ? 0 : self.str
         end
+        def set(v)
+          if v.is_a?(Integer) && v == 0
+            self.actual_count = 0
+          else
+            self.str = v
+            self.max_count = self.actual_count = str.to_binary_s.size / 2
+          end
+        end
+      end
+      # A pointer to a NdrString structure
+      class NdrLpStr < NdrTopLevelFullPointer
+        endian :little
+        ndr_string :referent, onlyif: -> { !is_a_null_pointer? }
         def to_s
-          self.ndr_str.str
+          is_a_null_pointer? ? "\0" : self.referent
+        end
+      end
+      # An NDR Context Handle representation as defined in
+      # [IDL Data Type Declarations - Basic Type Declarations](http://pubs.opengroup.org/onlinepubs/9629399/apdxn.htm#tagcjh_34_01)
+      class NdrContextHandle < BinData::Primitive
+        endian :little
+        uint32 :context_handle_attributes
+        uuid   :context_handle_uuid
+        def get
+          {:context_handle_attributes => context_handle_attributes, :context_handle_uuid => context_handle_uuid}
         end
+        def set(handle)
+          if handle.is_a?(Hash)
+            self.context_handle_attributes = handle[:context_handle_attributes]
+            self.context_handle_uuid = handle[:context_handle_uuid]
+          elsif handle.is_a?(NdrContextHandle)
+            read(handle.to_binary_s)
+          else
+            read(handle.to_s)
+          end
+        end
+      end
+      # A pointer to a DWORD
+      class NdrLpDword < NdrTopLevelFullPointer
+        endian :little
+        uint32 :referent, onlyif: -> { !is_a_null_pointer? }
+      end
+      # An NDR Uni-dimensional Conformant-varying Arrays representation as defined in:
+      # [Transfer Syntax NDR - NDR Constructed Types](http://pubs.opengroup.org/onlinepubs/9629399/chap14.htm#tagcjh_19_03_03_04)
+      class NdrLpByte < BinData::Record
+        endian :little
+        uint32 :referent_identifier, initial_value: 0x00020000
+        uint32 :max_count,           initial_value: -> { actual_count }, onlyif: -> { referent_identifier != 0 }
+        uint32 :offset,              initial_value: 0,                   onlyif: -> { referent_identifier != 0 }
+        uint32 :actual_count,        initial_value: -> { bytes.size },   onlyif: -> { referent_identifier != 0 }
+        array  :bytes, :type => :uint8, initial_length: -> { actual_count }, onlyif: -> { referent_identifier != 0 }
+      end
+      # A pointer to a Windows FILETIME structure
+      class NdrLpFileTime < NdrTopLevelFullPointer
+        endian :little
+        file_time :referent, onlyif: -> { !is_a_null_pointer? }
       end
     end
   end
 end

data/lib/ruby_smb/dcerpc/pdu_header.rb CHANGED

@@ -21,7 +21,7 @@ module RubySMB
       end
       uint32 :packed_drep, label: 'NDR data representation format label', initial_value: 0x10
-      uint16 :frag_length, label: 'Total length of fragment',             initial_value: -> { parent.do_num_bytes }
+      uint16 :frag_length, label: 'Total length of fragment',             initial_value: -> { parent.num_bytes }
       uint16 :auth_length, label: 'Length of auth_value'
       uint32 :call_id,     label: 'Call identifier',                      initial_value: 1
     end

data/lib/ruby_smb/dcerpc/request.rb CHANGED

@@ -6,19 +6,38 @@ module RubySMB
       endian :little
       pdu_header :pdu_header, label: 'PDU header'
+      uint32     :alloc_hint, label: 'Allocation hint', initial_value: -> { stub.num_bytes }
+      uint16     :p_cont_id,  label: 'Presentation context identification'
+      uint16     :opnum,      label: 'Operation Number'
+      uuid       :object,     label: 'Object UID', onlyif: -> { pdu_header.pfc_flags.object_uuid == 1 }
-      uint32 :alloc_hint,     label: 'Allocation hint',  initial_value: -> { stub.do_num_bytes }
-      uint16 :p_cont_id,      label: 'Presentation context identification'
-      uint16 :opnum,          label: 'Operation Number'
-      uuid   :object,         label: 'Object UID',      onlyif: -> { pdu_header.pfc_flags.object_uuid == 1 }
-      choice :stub, label: 'Stub', selection: -> { opnum } do
-        net_share_enum_all RubySMB::Dcerpc::Srvsvc::NET_SHARE_ENUM_ALL, host: -> { host }
+      choice :stub, label: 'Stub', selection: -> { @obj.parent.get_parameter(:endpoint) || '' } do
+        choice 'Winreg', selection: -> { opnum } do
+          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKCR, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKCR
+          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKCU, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKCU
+          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKLM, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKLM
+          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKPD, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKPD
+          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKU,  opnum: RubySMB::Dcerpc::Winreg::OPEN_HKU
+          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKCC, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKCC
+          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKPT, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKPT
+          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKPN, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKPN
+          close_key_request      RubySMB::Dcerpc::Winreg::REG_CLOSE_KEY
+          enum_key_request       RubySMB::Dcerpc::Winreg::REG_ENUM_KEY
+          enum_value_request     RubySMB::Dcerpc::Winreg::REG_ENUM_VALUE
+          open_key_request       RubySMB::Dcerpc::Winreg::REG_OPEN_KEY
+          query_info_key_request RubySMB::Dcerpc::Winreg::REG_QUERY_INFO_KEY
+          query_value_request    RubySMB::Dcerpc::Winreg::REG_QUERY_VALUE
+          string                 :default
+        end
+        choice 'Srvsvc', selection: -> { opnum } do
+          net_share_enum_all RubySMB::Dcerpc::Srvsvc::NET_SHARE_ENUM_ALL, host: -> { host rescue '' }
+          string             :default
+        end
+        string :default
       end
       string :auth_verifier, label: 'Authentication verifier',
-        onlyif: -> { pdu_header.auth_length > 0 },
+        onlyif:      -> { pdu_header.auth_length > 0 },
         read_length: -> { pdu_header.auth_length }
       def initialize_instance

data/lib/ruby_smb/dcerpc/rrp_unicode_string.rb ADDED

@@ -0,0 +1,35 @@
+require 'ruby_smb/dcerpc/ndr'
+module RubySMB
+  module Dcerpc
+    # A RRP_UNICODE_STRING structure as defined in
+    # [2.2.4 RRP_UNICODE_STRING](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/c0c90f11-a4c4-496a-ac09-8a8a3697ceef)
+    class RrpUnicodeString < BinData::Primitive
+      endian :little
+      uint16     :buffer_length,  initial_value: -> { buffer.to_s == "\0" ? 0 : buffer.actual_count * 2 }
+      uint16     :maximum_length, initial_value: -> { buffer.to_s == "\0" ? 0 : buffer.max_count * 2 }
+      ndr_lp_str :buffer
+      def get
+        self.buffer
+      end
+      def set(buf)
+        self.buffer = buf
+        self.buffer_length = self.buffer.to_s == "\0" ? 0 : self.buffer.actual_count * 2
+        self.maximum_length = self.buffer.to_s == "\0" ? 0 : self.buffer.max_count * 2
+      end
+    end
+    # A pointer to a RRP_UNICODE_STRING structure
+    class PrrpUnicodeString < Ndr::NdrTopLevelFullPointer
+      endian :little
+      rrp_unicode_string :referent, onlyif: -> { !is_a_null_pointer? }
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/srvsvc.rb CHANGED

@@ -10,6 +10,16 @@ module RubySMB
       NET_SHARE_ENUM_ALL = 0xF
       require 'ruby_smb/dcerpc/srvsvc/net_share_enum_all'
+      def net_share_enum_all(host)
+        bind(endpoint: RubySMB::Dcerpc::Srvsvc)
+        net_share_enum_all_request_packet = RubySMB::Dcerpc::Srvsvc::NetShareEnumAll.new(host: host)
+        response = dcerpc_request(net_share_enum_all_request_packet)
+        shares = RubySMB::Dcerpc::Srvsvc::NetShareEnumAll.parse_response(response)
+        shares.map{|s|{name: s[0], type: s[1], comment: s[2]}}
+      end
     end
   end
 end