RubyGems - ruby_smb - Versions diffs - 1.0.3 → 2.0.1 - Mend

ruby_smb 1.0.3 → 2.0.1

Files changed (200) hide show

checksums.yaml +5 -5
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/.travis.yml +3 -2
data/Gemfile +6 -2
data/README.md +35 -47
data/examples/enum_registry_key.rb +28 -0
data/examples/enum_registry_values.rb +30 -0
data/examples/negotiate.rb +51 -8
data/examples/pipes.rb +2 -1
data/examples/read_file_encryption.rb +56 -0
data/examples/read_registry_key_value.rb +32 -0
data/lib/ruby_smb.rb +4 -1
data/lib/ruby_smb/client.rb +233 -22
data/lib/ruby_smb/client/authentication.rb +70 -33
data/lib/ruby_smb/client/echo.rb +20 -2
data/lib/ruby_smb/client/encryption.rb +62 -0
data/lib/ruby_smb/client/negotiation.rb +172 -24
data/lib/ruby_smb/client/signing.rb +19 -0
data/lib/ruby_smb/client/tree_connect.rb +24 -18
data/lib/ruby_smb/client/utils.rb +8 -7
data/lib/ruby_smb/client/winreg.rb +46 -0
data/lib/ruby_smb/crypto.rb +30 -0
data/lib/ruby_smb/dcerpc.rb +38 -0
data/lib/ruby_smb/dcerpc/bind.rb +2 -2
data/lib/ruby_smb/dcerpc/bind_ack.rb +2 -2
data/lib/ruby_smb/dcerpc/error.rb +3 -0
data/lib/ruby_smb/dcerpc/ndr.rb +95 -16
data/lib/ruby_smb/dcerpc/pdu_header.rb +1 -1
data/lib/ruby_smb/dcerpc/request.rb +28 -9
data/lib/ruby_smb/dcerpc/rrp_unicode_string.rb +35 -0
data/lib/ruby_smb/dcerpc/srvsvc.rb +10 -0
data/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all.rb +9 -0
data/lib/ruby_smb/dcerpc/winreg.rb +340 -0
data/lib/ruby_smb/dcerpc/winreg/close_key_request.rb +24 -0
data/lib/ruby_smb/dcerpc/winreg/close_key_response.rb +27 -0
data/lib/ruby_smb/dcerpc/winreg/enum_key_request.rb +45 -0
data/lib/ruby_smb/dcerpc/winreg/enum_key_response.rb +42 -0
data/lib/ruby_smb/dcerpc/winreg/enum_value_request.rb +39 -0
data/lib/ruby_smb/dcerpc/winreg/enum_value_response.rb +36 -0
data/lib/ruby_smb/dcerpc/winreg/open_key_request.rb +34 -0
data/lib/ruby_smb/dcerpc/winreg/open_key_response.rb +25 -0
data/lib/ruby_smb/dcerpc/winreg/open_root_key_request.rb +43 -0
data/lib/ruby_smb/dcerpc/winreg/open_root_key_response.rb +35 -0
data/lib/ruby_smb/dcerpc/winreg/query_info_key_request.rb +27 -0
data/lib/ruby_smb/dcerpc/winreg/query_info_key_response.rb +40 -0
data/lib/ruby_smb/dcerpc/winreg/query_value_request.rb +39 -0
data/lib/ruby_smb/dcerpc/winreg/query_value_response.rb +57 -0
data/lib/ruby_smb/dcerpc/winreg/regsam.rb +40 -0
data/lib/ruby_smb/dispatcher/socket.rb +4 -3
data/lib/ruby_smb/error.rb +68 -2
data/lib/ruby_smb/generic_packet.rb +33 -4
data/lib/ruby_smb/smb1/commands.rb +1 -1
data/lib/ruby_smb/smb1/file.rb +66 -15
data/lib/ruby_smb/smb1/packet/close_request.rb +2 -5
data/lib/ruby_smb/smb1/packet/close_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/echo_request.rb +2 -4
data/lib/ruby_smb/smb1/packet/echo_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/empty_packet.rb +10 -1
data/lib/ruby_smb/smb1/packet/logoff_request.rb +2 -4
data/lib/ruby_smb/smb1/packet/logoff_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/negotiate_request.rb +2 -5
data/lib/ruby_smb/smb1/packet/negotiate_response.rb +3 -7
data/lib/ruby_smb/smb1/packet/negotiate_response_extended.rb +4 -4
data/lib/ruby_smb/smb1/packet/nt_create_andx_request.rb +2 -4
data/lib/ruby_smb/smb1/packet/nt_create_andx_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/nt_trans/create_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/nt_trans/create_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/nt_trans/request.rb +2 -4
data/lib/ruby_smb/smb1/packet/nt_trans/response.rb +2 -1
data/lib/ruby_smb/smb1/packet/read_andx_request.rb +2 -5
data/lib/ruby_smb/smb1/packet/read_andx_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/session_setup_legacy_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/session_setup_legacy_response.rb +3 -2
data/lib/ruby_smb/smb1/packet/session_setup_request.rb +2 -5
data/lib/ruby_smb/smb1/packet/session_setup_response.rb +3 -2
data/lib/ruby_smb/smb1/packet/trans/peek_nmpipe_request.rb +0 -1
data/lib/ruby_smb/smb1/packet/trans/peek_nmpipe_response.rb +3 -2
data/lib/ruby_smb/smb1/packet/trans/request.rb +2 -5
data/lib/ruby_smb/smb1/packet/trans/response.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans/transact_nmpipe_request.rb +1 -1
data/lib/ruby_smb/smb1/packet/trans/transact_nmpipe_response.rb +1 -1
data/lib/ruby_smb/smb1/packet/trans2/find_first2_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/find_first2_response.rb +8 -2
data/lib/ruby_smb/smb1/packet/trans2/find_next2_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/find_next2_response.rb +8 -2
data/lib/ruby_smb/smb1/packet/trans2/open2_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/open2_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/request.rb +2 -4
data/lib/ruby_smb/smb1/packet/trans2/request_secondary.rb +2 -4
data/lib/ruby_smb/smb1/packet/trans2/response.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/set_file_information_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/set_file_information_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/tree_connect_request.rb +2 -4
data/lib/ruby_smb/smb1/packet/tree_connect_response.rb +13 -3
data/lib/ruby_smb/smb1/packet/tree_disconnect_request.rb +2 -4
data/lib/ruby_smb/smb1/packet/tree_disconnect_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/write_andx_request.rb +3 -6
data/lib/ruby_smb/smb1/packet/write_andx_response.rb +2 -1
data/lib/ruby_smb/smb1/pipe.rb +87 -6
data/lib/ruby_smb/smb1/tree.rb +50 -3
data/lib/ruby_smb/smb2/bit_field/session_flags.rb +2 -1
data/lib/ruby_smb/smb2/bit_field/share_flags.rb +6 -4
data/lib/ruby_smb/smb2/file.rb +103 -25
data/lib/ruby_smb/smb2/negotiate_context.rb +108 -0
data/lib/ruby_smb/smb2/packet.rb +2 -0
data/lib/ruby_smb/smb2/packet/close_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/close_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/compression_transform_header.rb +41 -0
data/lib/ruby_smb/smb2/packet/create_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/create_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/echo_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/echo_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/error_packet.rb +15 -3
data/lib/ruby_smb/smb2/packet/ioctl_request.rb +2 -5
data/lib/ruby_smb/smb2/packet/ioctl_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/logoff_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/logoff_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/negotiate_request.rb +51 -17
data/lib/ruby_smb/smb2/packet/negotiate_response.rb +52 -5
data/lib/ruby_smb/smb2/packet/query_directory_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/query_directory_response.rb +8 -2
data/lib/ruby_smb/smb2/packet/read_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/read_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/session_setup_request.rb +2 -5
data/lib/ruby_smb/smb2/packet/session_setup_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/set_info_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/set_info_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/transform_header.rb +84 -0
data/lib/ruby_smb/smb2/packet/tree_connect_request.rb +93 -10
data/lib/ruby_smb/smb2/packet/tree_connect_response.rb +10 -22
data/lib/ruby_smb/smb2/packet/tree_disconnect_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/tree_disconnect_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/write_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/write_response.rb +2 -1
data/lib/ruby_smb/smb2/pipe.rb +86 -12
data/lib/ruby_smb/smb2/smb2_header.rb +1 -1
data/lib/ruby_smb/smb2/tree.rb +65 -21
data/lib/ruby_smb/version.rb +1 -1
data/ruby_smb.gemspec +5 -3
data/spec/lib/ruby_smb/client_spec.rb +1612 -108
data/spec/lib/ruby_smb/crypto_spec.rb +25 -0
data/spec/lib/ruby_smb/dcerpc/bind_ack_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/bind_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/ndr_spec.rb +410 -0
data/spec/lib/ruby_smb/dcerpc/request_spec.rb +50 -7
data/spec/lib/ruby_smb/dcerpc/rrp_unicode_string_spec.rb +98 -0
data/spec/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all_spec.rb +13 -0
data/spec/lib/ruby_smb/dcerpc/srvsvc_spec.rb +60 -0
data/spec/lib/ruby_smb/dcerpc/winreg/close_key_request_spec.rb +28 -0
data/spec/lib/ruby_smb/dcerpc/winreg/close_key_response_spec.rb +36 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_request_spec.rb +108 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_response_spec.rb +97 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_request_spec.rb +94 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_response_spec.rb +82 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_key_request_spec.rb +74 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_key_response_spec.rb +35 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_request_spec.rb +90 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_request_spec.rb +39 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_response_spec.rb +113 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_request_spec.rb +88 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_response_spec.rb +150 -0
data/spec/lib/ruby_smb/dcerpc/winreg/regsam_spec.rb +32 -0
data/spec/lib/ruby_smb/dcerpc/winreg_spec.rb +710 -0
data/spec/lib/ruby_smb/dcerpc_spec.rb +81 -0
data/spec/lib/ruby_smb/dispatcher/socket_spec.rb +2 -2
data/spec/lib/ruby_smb/error_spec.rb +59 -0
data/spec/lib/ruby_smb/generic_packet_spec.rb +52 -4
data/spec/lib/ruby_smb/smb1/file_spec.rb +191 -2
data/spec/lib/ruby_smb/smb1/packet/empty_packet_spec.rb +68 -0
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_response_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_response_spec.rb +1 -1
data/spec/lib/ruby_smb/smb1/packet/trans2/find_first2_response_spec.rb +11 -2
data/spec/lib/ruby_smb/smb1/packet/trans2/find_next2_response_spec.rb +11 -2
data/spec/lib/ruby_smb/smb1/packet/tree_connect_response_spec.rb +40 -0
data/spec/lib/ruby_smb/smb1/pipe_spec.rb +272 -149
data/spec/lib/ruby_smb/smb1/tree_spec.rb +44 -7
data/spec/lib/ruby_smb/smb2/bit_field/session_flags_spec.rb +9 -0
data/spec/lib/ruby_smb/smb2/bit_field/share_flags_spec.rb +27 -0
data/spec/lib/ruby_smb/smb2/file_spec.rb +323 -6
data/spec/lib/ruby_smb/smb2/negotiate_context_spec.rb +332 -0
data/spec/lib/ruby_smb/smb2/packet/compression_transform_header_spec.rb +108 -0
data/spec/lib/ruby_smb/smb2/packet/error_packet_spec.rb +78 -0
data/spec/lib/ruby_smb/smb2/packet/negotiate_request_spec.rb +138 -3
data/spec/lib/ruby_smb/smb2/packet/negotiate_response_spec.rb +120 -2
data/spec/lib/ruby_smb/smb2/packet/query_directory_response_spec.rb +8 -0
data/spec/lib/ruby_smb/smb2/packet/transform_header_spec.rb +220 -0
data/spec/lib/ruby_smb/smb2/packet/tree_connect_request_spec.rb +339 -9
data/spec/lib/ruby_smb/smb2/packet/tree_connect_response_spec.rb +3 -22
data/spec/lib/ruby_smb/smb2/pipe_spec.rb +286 -149
data/spec/lib/ruby_smb/smb2/smb2_header_spec.rb +2 -2
data/spec/lib/ruby_smb/smb2/tree_spec.rb +261 -2
metadata +191 -83
metadata.gz.sig +0 -0
data/lib/ruby_smb/smb1/dcerpc.rb +0 -67
data/lib/ruby_smb/smb2/dcerpc.rb +0 -70
data/spec/lib/ruby_smb/smb1/packet/error_packet_spec.rb +0 -37

data/lib/ruby_smb/client/utils.rb CHANGED

@@ -40,27 +40,28 @@ module RubySMB
       end
       #Writes data to an open file handle
-      def write(file_id, offset = 0, data = '', do_recv = true)
+      def write(file_id = last_file_id, offset = 0, data = '', do_recv = true)
         @open_files[file_id].send_recv_write(data: data, offset: offset)
       end
-      def read(file_id, offset = 0, length = last_file.size)
+      def read(file_id = last_file_id, offset = 0, length = last_file.size, do_recv = true)
         data = @open_files[file_id].send_recv_read(read_length: length, offset: offset)
         data.bytes
       end
-      def delete(path)
-        file = last_tree.open_file(filename: path.sub(/^\\/, ''), delete: true)
+      def delete(path, tree_id = last_tree_id, do_recv = true)
+        tree = @tree_connects.detect{ |tree| tree.id == tree_id }
+        file = tree.open_file(filename: path.sub(/^\\/, ''), delete: true)
         file.delete
         file.close
       end
-      def close(file_id, tree_id)
+      def close(file_id = last_file_id, tree_id = last_tree_id, do_recv = true)
        @open_files[file_id].close
       end
-      def tree_disconnect(share)
-       @tree_connects.detect{|tree| tree.id == share }.disconnect!
+      def tree_disconnect(tree_id = last_tree_id, do_recv = true)
+       @tree_connects.detect{|tree| tree.id == tree_id }.disconnect!
       end
       def native_os

data/lib/ruby_smb/client/winreg.rb ADDED

@@ -0,0 +1,46 @@
+module RubySMB
+  class Client
+    module Winreg
+      def connect_to_winreg(host)
+        share = "\\\\#{host}\\IPC$"
+        tree = @tree_connects.find {|tree| tree.share == share}
+        tree = tree_connect(share) unless tree
+        named_pipe = tree.open_file(filename: "winreg", write: true, read: true)
+        if block_given?
+          res = yield named_pipe
+          named_pipe.close
+          res
+        else
+          named_pipe
+        end
+      end
+      def has_registry_key?(host, key)
+        connect_to_winreg(host) do |named_pipe|
+          named_pipe.has_registry_key?(key)
+        end
+      end
+      def read_registry_key_value(host, key, value_name)
+        connect_to_winreg(host) do |named_pipe|
+          named_pipe.read_registry_key_value(key, value_name)
+        end
+      end
+      def enum_registry_key(host, key)
+        connect_to_winreg(host) do |named_pipe|
+          named_pipe.enum_registry_key(key)
+        end
+      end
+      def enum_registry_values(host, key)
+        connect_to_winreg(host) do |named_pipe|
+          named_pipe.enum_registry_values(key)
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/crypto.rb ADDED

@@ -0,0 +1,30 @@
+module RubySMB
+  module Crypto
+    module KDF
+      def self.counter_mode(ki, label, context, length: 128)
+        digest = OpenSSL::Digest.new('SHA256')
+        r = 32
+        n = length / 256
+        n = 1 if n == 0
+        raise ArgumentError if n > 2**r - 1
+        result = ""
+        n.times do |i|
+          input = [i + 1].pack('L>')
+          input << label
+          input << "\x00"
+          input << context
+          input << [length].pack('L>')
+          k = OpenSSL::HMAC.digest(digest, ki, input)
+          result << k
+        end
+        return result[0...(length / 8)]
+      rescue OpenSSL::OpenSSLError => e
+        raise RubySMB::Error::EncryptionError, "Crypto::KDF.counter_mode OpenSSL error: #{e.message}"
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc.rb CHANGED

@@ -1,15 +1,53 @@
 module RubySMB
   module Dcerpc
+    MAX_XMIT_FRAG = 4280
+    MAX_RECV_FRAG = 4280
+    require 'windows_error/win32'
     require 'ruby_smb/dcerpc/error'
     require 'ruby_smb/dcerpc/uuid'
     require 'ruby_smb/dcerpc/ndr'
     require 'ruby_smb/dcerpc/ptypes'
     require 'ruby_smb/dcerpc/p_syntax_id_t'
+    require 'ruby_smb/dcerpc/rrp_unicode_string'
     require 'ruby_smb/dcerpc/pdu_header'
     require 'ruby_smb/dcerpc/srvsvc'
+    require 'ruby_smb/dcerpc/winreg'
     require 'ruby_smb/dcerpc/request'
     require 'ruby_smb/dcerpc/response'
     require 'ruby_smb/dcerpc/bind'
     require 'ruby_smb/dcerpc/bind_ack'
+    # Bind to the remote server interface endpoint.
+    #
+    # @param options [Hash] the options to pass to the Bind request packet. At least, :endpoint must but provided with an existing Dcerpc class
+    # @return [RubySMB::Dcerpc::BindAck] the BindAck response packet
+    # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if an invalid packet is received
+    # @raise [RubySMB::Dcerpc::Error::BindError] if the response is not a BindAck packet or if the Bind result code is not ACCEPTANCE
+    def bind(options={})
+      bind_req = RubySMB::Dcerpc::Bind.new(options)
+      write(data: bind_req.to_binary_s)
+      @size = 1024
+      dcerpc_raw_response = read()
+      begin
+        dcerpc_response = RubySMB::Dcerpc::BindAck.read(dcerpc_raw_response)
+      rescue IOError
+        raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the DCERPC response"
+      end
+      unless dcerpc_response.pdu_header.ptype == RubySMB::Dcerpc::PTypes::BIND_ACK
+        raise RubySMB::Dcerpc::Error::BindError, "Not a BindAck packet"
+      end
+      res_list = dcerpc_response.p_result_list
+      if res_list.n_results == 0 ||
+         res_list.p_results[0].result != RubySMB::Dcerpc::BindAck::ACCEPTANCE
+        raise RubySMB::Dcerpc::Error::BindError,
+          "Bind Failed (Result: #{res_list.p_results[0].result}, Reason: #{res_list.p_results[0].reason})"
+      end
+      @tree.client.max_buffer_size = dcerpc_response.max_xmit_frag
+      dcerpc_response
+    end
   end
 end

data/lib/ruby_smb/dcerpc/bind.rb CHANGED

@@ -35,8 +35,8 @@ module RubySMB
       pdu_header :pdu_header,        label: 'PDU header'
-      uint16 :max_xmit_frag,         label: 'max transmit frag size',    initial_value: 0xFFFF
-      uint16 :max_recv_frag,         label: 'max receive  frag size',    initial_value: 0xFFFF
+      uint16 :max_xmit_frag,         label: 'max transmit frag size',    initial_value: RubySMB::Dcerpc::MAX_XMIT_FRAG
+      uint16 :max_recv_frag,         label: 'max receive  frag size',    initial_value: RubySMB::Dcerpc::MAX_RECV_FRAG
       uint32 :assoc_group_id,        label: 'ncarnation of client-server assoc group'
       p_cont_list_t :p_context_list, label: 'Presentation context list', endpoint: -> { endpoint }

data/lib/ruby_smb/dcerpc/bind_ack.rb CHANGED

@@ -46,8 +46,8 @@ module RubySMB
       pdu_header :pdu_header,         label: 'PDU header'
-      uint16     :max_xmit_frag,      label: 'Max transmit frag size',  initial_value: 0xFFFF
-      uint16     :max_recv_frag,      label: 'Max receive frag size',   initial_value: 0xFFFF
+      uint16     :max_xmit_frag,      label: 'Max transmit frag size',  initial_value: RubySMB::Dcerpc::MAX_XMIT_FRAG
+      uint16     :max_recv_frag,      label: 'Max receive frag size',   initial_value: RubySMB::Dcerpc::MAX_RECV_FRAG
       uint32     :assoc_group_id,     label: 'Association group ID'
       port_any_t :sec_addr,           label: 'Secondary address'
       string     :pad,                length: -> { pad_length }

data/lib/ruby_smb/dcerpc/error.rb CHANGED

@@ -10,6 +10,9 @@ module RubySMB
       # Raised when an invalid packet is received
       class InvalidPacket < DcerpcError; end
+      # Raised when an error is returned during a Winreg operation
+      class WinregError < DcerpcError; end
     end
   end
 end

data/lib/ruby_smb/dcerpc/ndr.rb CHANGED

@@ -7,36 +7,115 @@ module RubySMB
       VER_MAJOR = 2
       VER_MINOR = 0
-      class NdrString < BinData::Record
+      # An NDR Top-level Full Pointers representation as defined in
+      # [Transfer Syntax NDR - Top-level Full Pointers](http://pubs.opengroup.org/onlinepubs/9629399/chap14.htm#tagcjh_19_03_11_01)
+      # This class must be inherited and the subclass must have a #referent protperty
+      class NdrTopLevelFullPointer < BinData::Primitive
         endian :little
-        uint32    :max_count, initial_value: -> { str.length }
-        uint32    :offset, initial_value: 0
-        uint32    :actual_count, initial_value: -> { str.length }
-        stringz16 :str, read_length: -> { actual_count }
+        uint32 :referent_identifier, initial_value: 0x00020000
-        def assign(v)
-          self.max_count = v.size
-          self.actual_count = v.size
-          self.str = v
+        def get
+          is_a_null_pointer? ? 0 : self.referent
+        end
+        def set(v)
+          if v.is_a?(Integer) && v == 0
+            self.referent_identifier = 0
+          else
+            self.referent = v
+          end
+        end
+        def is_a_null_pointer?
+          self.referent_identifier == 0
         end
       end
-      class NdrLpStr < BinData::Record
+      # An NDR Conformant and Varying String representation as defined in
+      # [Transfer Syntax NDR - Conformant and Varying Strings](http://pubs.opengroup.org/onlinepubs/9629399/chap14.htm#tagcjh_19_03_04_02)
+      # The string elements are Stringz16 (unicode)
+      class NdrString < BinData::Primitive
         endian :little
-        uint32     :referent_identifier
-        ndr_string :ndr_str
+        uint32    :max_count
+        uint32    :offset,     initial_value: 0
+        uint32    :actual_count
+        stringz16 :str,        read_length: -> { actual_count }, onlyif: -> { actual_count > 0 }
-        def assign(v)
-          self.ndr_str = v
+        def get
+          self.actual_count == 0 ? 0 : self.str
         end
+        def set(v)
+          if v.is_a?(Integer) && v == 0
+            self.actual_count = 0
+          else
+            self.str = v
+            self.max_count = self.actual_count = str.to_binary_s.size / 2
+          end
+        end
+      end
+      # A pointer to a NdrString structure
+      class NdrLpStr < NdrTopLevelFullPointer
+        endian :little
+        ndr_string :referent, onlyif: -> { !is_a_null_pointer? }
         def to_s
-          self.ndr_str.str
+          is_a_null_pointer? ? "\0" : self.referent
+        end
+      end
+      # An NDR Context Handle representation as defined in
+      # [IDL Data Type Declarations - Basic Type Declarations](http://pubs.opengroup.org/onlinepubs/9629399/apdxn.htm#tagcjh_34_01)
+      class NdrContextHandle < BinData::Primitive
+        endian :little
+        uint32 :context_handle_attributes
+        uuid   :context_handle_uuid
+        def get
+          {:context_handle_attributes => context_handle_attributes, :context_handle_uuid => context_handle_uuid}
         end
+        def set(handle)
+          if handle.is_a?(Hash)
+            self.context_handle_attributes = handle[:context_handle_attributes]
+            self.context_handle_uuid = handle[:context_handle_uuid]
+          elsif handle.is_a?(NdrContextHandle)
+            read(handle.to_binary_s)
+          else
+            read(handle.to_s)
+          end
+        end
+      end
+      # A pointer to a DWORD
+      class NdrLpDword < NdrTopLevelFullPointer
+        endian :little
+        uint32 :referent, onlyif: -> { !is_a_null_pointer? }
+      end
+      # An NDR Uni-dimensional Conformant-varying Arrays representation as defined in:
+      # [Transfer Syntax NDR - NDR Constructed Types](http://pubs.opengroup.org/onlinepubs/9629399/chap14.htm#tagcjh_19_03_03_04)
+      class NdrLpByte < BinData::Record
+        endian :little
+        uint32 :referent_identifier, initial_value: 0x00020000
+        uint32 :max_count,           initial_value: -> { actual_count }, onlyif: -> { referent_identifier != 0 }
+        uint32 :offset,              initial_value: 0,                   onlyif: -> { referent_identifier != 0 }
+        uint32 :actual_count,        initial_value: -> { bytes.size },   onlyif: -> { referent_identifier != 0 }
+        array  :bytes, :type => :uint8, initial_length: -> { actual_count }, onlyif: -> { referent_identifier != 0 }
+      end
+      # A pointer to a Windows FILETIME structure
+      class NdrLpFileTime < NdrTopLevelFullPointer
+        endian :little
+        file_time :referent, onlyif: -> { !is_a_null_pointer? }
       end
     end
   end
 end

data/lib/ruby_smb/dcerpc/pdu_header.rb CHANGED

@@ -21,7 +21,7 @@ module RubySMB
       end
       uint32 :packed_drep, label: 'NDR data representation format label', initial_value: 0x10
-      uint16 :frag_length, label: 'Total length of fragment',             initial_value: -> { parent.do_num_bytes }
+      uint16 :frag_length, label: 'Total length of fragment',             initial_value: -> { parent.num_bytes }
       uint16 :auth_length, label: 'Length of auth_value'
       uint32 :call_id,     label: 'Call identifier',                      initial_value: 1
     end

data/lib/ruby_smb/dcerpc/request.rb CHANGED

@@ -6,19 +6,38 @@ module RubySMB
       endian :little
       pdu_header :pdu_header, label: 'PDU header'
+      uint32     :alloc_hint, label: 'Allocation hint', initial_value: -> { stub.num_bytes }
+      uint16     :p_cont_id,  label: 'Presentation context identification'
+      uint16     :opnum,      label: 'Operation Number'
+      uuid       :object,     label: 'Object UID', onlyif: -> { pdu_header.pfc_flags.object_uuid == 1 }
-      uint32 :alloc_hint,     label: 'Allocation hint',  initial_value: -> { stub.do_num_bytes }
-      uint16 :p_cont_id,      label: 'Presentation context identification'
-      uint16 :opnum,          label: 'Operation Number'
-      uuid   :object,         label: 'Object UID',      onlyif: -> { pdu_header.pfc_flags.object_uuid == 1 }
-      choice :stub, label: 'Stub', selection: -> { opnum } do
-        net_share_enum_all RubySMB::Dcerpc::Srvsvc::NET_SHARE_ENUM_ALL, host: -> { host }
+      choice :stub, label: 'Stub', selection: -> { @obj.parent.get_parameter(:endpoint) || '' } do
+        choice 'Winreg', selection: -> { opnum } do
+          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKCR, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKCR
+          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKCU, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKCU
+          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKLM, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKLM
+          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKPD, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKPD
+          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKU,  opnum: RubySMB::Dcerpc::Winreg::OPEN_HKU
+          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKCC, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKCC
+          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKPT, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKPT
+          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKPN, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKPN
+          close_key_request      RubySMB::Dcerpc::Winreg::REG_CLOSE_KEY
+          enum_key_request       RubySMB::Dcerpc::Winreg::REG_ENUM_KEY
+          enum_value_request     RubySMB::Dcerpc::Winreg::REG_ENUM_VALUE
+          open_key_request       RubySMB::Dcerpc::Winreg::REG_OPEN_KEY
+          query_info_key_request RubySMB::Dcerpc::Winreg::REG_QUERY_INFO_KEY
+          query_value_request    RubySMB::Dcerpc::Winreg::REG_QUERY_VALUE
+          string                 :default
+        end
+        choice 'Srvsvc', selection: -> { opnum } do
+          net_share_enum_all RubySMB::Dcerpc::Srvsvc::NET_SHARE_ENUM_ALL, host: -> { host rescue '' }
+          string             :default
+        end
+        string :default
       end
       string :auth_verifier, label: 'Authentication verifier',
-        onlyif: -> { pdu_header.auth_length > 0 },
+        onlyif:      -> { pdu_header.auth_length > 0 },
         read_length: -> { pdu_header.auth_length }
       def initialize_instance

data/lib/ruby_smb/dcerpc/rrp_unicode_string.rb ADDED

@@ -0,0 +1,35 @@
+require 'ruby_smb/dcerpc/ndr'
+module RubySMB
+  module Dcerpc
+    # A RRP_UNICODE_STRING structure as defined in
+    # [2.2.4 RRP_UNICODE_STRING](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/c0c90f11-a4c4-496a-ac09-8a8a3697ceef)
+    class RrpUnicodeString < BinData::Primitive
+      endian :little
+      uint16     :buffer_length,  initial_value: -> { buffer.to_s == "\0" ? 0 : buffer.actual_count * 2 }
+      uint16     :maximum_length, initial_value: -> { buffer.to_s == "\0" ? 0 : buffer.max_count * 2 }
+      ndr_lp_str :buffer
+      def get
+        self.buffer
+      end
+      def set(buf)
+        self.buffer = buf
+        self.buffer_length = self.buffer.to_s == "\0" ? 0 : self.buffer.actual_count * 2
+        self.maximum_length = self.buffer.to_s == "\0" ? 0 : self.buffer.max_count * 2
+      end
+    end
+    # A pointer to a RRP_UNICODE_STRING structure
+    class PrrpUnicodeString < Ndr::NdrTopLevelFullPointer
+      endian :little
+      rrp_unicode_string :referent, onlyif: -> { !is_a_null_pointer? }
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/srvsvc.rb CHANGED

@@ -10,6 +10,16 @@ module RubySMB
       NET_SHARE_ENUM_ALL = 0xF
       require 'ruby_smb/dcerpc/srvsvc/net_share_enum_all'
+      def net_share_enum_all(host)
+        bind(endpoint: RubySMB::Dcerpc::Srvsvc)
+        net_share_enum_all_request_packet = RubySMB::Dcerpc::Srvsvc::NetShareEnumAll.new(host: host)
+        response = dcerpc_request(net_share_enum_all_request_packet)
+        shares = RubySMB::Dcerpc::Srvsvc::NetShareEnumAll.parse_response(response)
+        shares.map{|s|{name: s[0], type: s[1], comment: s[2]}}
+      end
     end
   end
 end