RubyGems - ruby_smb - Versions diffs - 1.0.4 → 2.0.2 - Mend

ruby_smb 1.0.4 → 2.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (130) hide show

checksums.yaml +5 -5
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/.travis.yml +3 -2
data/Gemfile +6 -2
data/README.md +35 -47
data/examples/enum_registry_key.rb +28 -0
data/examples/enum_registry_values.rb +30 -0
data/examples/negotiate.rb +51 -8
data/examples/pipes.rb +2 -1
data/examples/read_file_encryption.rb +56 -0
data/examples/read_registry_key_value.rb +32 -0
data/lib/ruby_smb.rb +4 -1
data/lib/ruby_smb/client.rb +207 -18
data/lib/ruby_smb/client/authentication.rb +27 -8
data/lib/ruby_smb/client/encryption.rb +62 -0
data/lib/ruby_smb/client/negotiation.rb +153 -12
data/lib/ruby_smb/client/signing.rb +19 -0
data/lib/ruby_smb/client/tree_connect.rb +4 -4
data/lib/ruby_smb/client/utils.rb +8 -7
data/lib/ruby_smb/client/winreg.rb +46 -0
data/lib/ruby_smb/crypto.rb +30 -0
data/lib/ruby_smb/dcerpc.rb +38 -0
data/lib/ruby_smb/dcerpc/bind.rb +2 -2
data/lib/ruby_smb/dcerpc/bind_ack.rb +2 -2
data/lib/ruby_smb/dcerpc/error.rb +3 -0
data/lib/ruby_smb/dcerpc/ndr.rb +95 -16
data/lib/ruby_smb/dcerpc/pdu_header.rb +1 -1
data/lib/ruby_smb/dcerpc/request.rb +28 -9
data/lib/ruby_smb/dcerpc/rrp_unicode_string.rb +35 -0
data/lib/ruby_smb/dcerpc/srvsvc.rb +10 -0
data/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all.rb +9 -0
data/lib/ruby_smb/dcerpc/winreg.rb +340 -0
data/lib/ruby_smb/dcerpc/winreg/close_key_request.rb +24 -0
data/lib/ruby_smb/dcerpc/winreg/close_key_response.rb +27 -0
data/lib/ruby_smb/dcerpc/winreg/enum_key_request.rb +45 -0
data/lib/ruby_smb/dcerpc/winreg/enum_key_response.rb +42 -0
data/lib/ruby_smb/dcerpc/winreg/enum_value_request.rb +39 -0
data/lib/ruby_smb/dcerpc/winreg/enum_value_response.rb +36 -0
data/lib/ruby_smb/dcerpc/winreg/open_key_request.rb +34 -0
data/lib/ruby_smb/dcerpc/winreg/open_key_response.rb +25 -0
data/lib/ruby_smb/dcerpc/winreg/open_root_key_request.rb +43 -0
data/lib/ruby_smb/dcerpc/winreg/open_root_key_response.rb +35 -0
data/lib/ruby_smb/dcerpc/winreg/query_info_key_request.rb +27 -0
data/lib/ruby_smb/dcerpc/winreg/query_info_key_response.rb +40 -0
data/lib/ruby_smb/dcerpc/winreg/query_value_request.rb +39 -0
data/lib/ruby_smb/dcerpc/winreg/query_value_response.rb +57 -0
data/lib/ruby_smb/dcerpc/winreg/regsam.rb +40 -0
data/lib/ruby_smb/dispatcher/socket.rb +4 -3
data/lib/ruby_smb/error.rb +28 -1
data/lib/ruby_smb/smb1/commands.rb +1 -1
data/lib/ruby_smb/smb1/file.rb +6 -4
data/lib/ruby_smb/smb1/packet/empty_packet.rb +4 -2
data/lib/ruby_smb/smb1/packet/session_setup_legacy_request.rb +1 -1
data/lib/ruby_smb/smb1/packet/session_setup_legacy_response.rb +2 -2
data/lib/ruby_smb/smb1/packet/session_setup_request.rb +1 -1
data/lib/ruby_smb/smb1/packet/session_setup_response.rb +2 -2
data/lib/ruby_smb/smb1/packet/write_andx_request.rb +1 -1
data/lib/ruby_smb/smb1/pipe.rb +79 -3
data/lib/ruby_smb/smb1/tree.rb +12 -3
data/lib/ruby_smb/smb2/bit_field/session_flags.rb +2 -1
data/lib/ruby_smb/smb2/bit_field/share_flags.rb +6 -4
data/lib/ruby_smb/smb2/file.rb +25 -43
data/lib/ruby_smb/smb2/negotiate_context.rb +108 -0
data/lib/ruby_smb/smb2/packet.rb +2 -0
data/lib/ruby_smb/smb2/packet/compression_transform_header.rb +41 -0
data/lib/ruby_smb/smb2/packet/error_packet.rb +9 -4
data/lib/ruby_smb/smb2/packet/negotiate_request.rb +51 -14
data/lib/ruby_smb/smb2/packet/negotiate_response.rb +50 -4
data/lib/ruby_smb/smb2/packet/transform_header.rb +84 -0
data/lib/ruby_smb/smb2/packet/tree_connect_request.rb +92 -6
data/lib/ruby_smb/smb2/packet/tree_connect_response.rb +8 -26
data/lib/ruby_smb/smb2/pipe.rb +77 -3
data/lib/ruby_smb/smb2/smb2_header.rb +1 -1
data/lib/ruby_smb/smb2/tree.rb +23 -17
data/lib/ruby_smb/version.rb +1 -1
data/ruby_smb.gemspec +5 -3
data/spec/lib/ruby_smb/client_spec.rb +1441 -61
data/spec/lib/ruby_smb/crypto_spec.rb +25 -0
data/spec/lib/ruby_smb/dcerpc/bind_ack_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/bind_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/ndr_spec.rb +410 -0
data/spec/lib/ruby_smb/dcerpc/request_spec.rb +50 -7
data/spec/lib/ruby_smb/dcerpc/rrp_unicode_string_spec.rb +98 -0
data/spec/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all_spec.rb +13 -0
data/spec/lib/ruby_smb/dcerpc/srvsvc_spec.rb +60 -0
data/spec/lib/ruby_smb/dcerpc/winreg/close_key_request_spec.rb +28 -0
data/spec/lib/ruby_smb/dcerpc/winreg/close_key_response_spec.rb +36 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_request_spec.rb +108 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_response_spec.rb +97 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_request_spec.rb +94 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_response_spec.rb +82 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_key_request_spec.rb +74 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_key_response_spec.rb +35 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_request_spec.rb +90 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_request_spec.rb +39 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_response_spec.rb +113 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_request_spec.rb +88 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_response_spec.rb +150 -0
data/spec/lib/ruby_smb/dcerpc/winreg/regsam_spec.rb +32 -0
data/spec/lib/ruby_smb/dcerpc/winreg_spec.rb +710 -0
data/spec/lib/ruby_smb/dcerpc_spec.rb +81 -0
data/spec/lib/ruby_smb/dispatcher/socket_spec.rb +2 -2
data/spec/lib/ruby_smb/error_spec.rb +59 -0
data/spec/lib/ruby_smb/smb1/file_spec.rb +9 -1
data/spec/lib/ruby_smb/smb1/packet/empty_packet_spec.rb +10 -0
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_response_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_response_spec.rb +1 -1
data/spec/lib/ruby_smb/smb1/pipe_spec.rb +210 -148
data/spec/lib/ruby_smb/smb2/bit_field/session_flags_spec.rb +9 -0
data/spec/lib/ruby_smb/smb2/bit_field/share_flags_spec.rb +27 -0
data/spec/lib/ruby_smb/smb2/file_spec.rb +86 -62
data/spec/lib/ruby_smb/smb2/negotiate_context_spec.rb +332 -0
data/spec/lib/ruby_smb/smb2/packet/compression_transform_header_spec.rb +108 -0
data/spec/lib/ruby_smb/smb2/packet/error_packet_spec.rb +29 -2
data/spec/lib/ruby_smb/smb2/packet/negotiate_request_spec.rb +138 -3
data/spec/lib/ruby_smb/smb2/packet/negotiate_response_spec.rb +120 -2
data/spec/lib/ruby_smb/smb2/packet/transform_header_spec.rb +220 -0
data/spec/lib/ruby_smb/smb2/packet/tree_connect_request_spec.rb +339 -9
data/spec/lib/ruby_smb/smb2/packet/tree_connect_response_spec.rb +3 -30
data/spec/lib/ruby_smb/smb2/pipe_spec.rb +220 -149
data/spec/lib/ruby_smb/smb2/smb2_header_spec.rb +2 -2
data/spec/lib/ruby_smb/smb2/tree_spec.rb +53 -8
metadata +187 -81
metadata.gz.sig +0 -0
data/lib/ruby_smb/smb1/dcerpc.rb +0 -72
data/lib/ruby_smb/smb2/dcerpc.rb +0 -75

data/lib/ruby_smb/dcerpc/winreg/query_value_response.rb ADDED

@@ -0,0 +1,57 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      # This class represents a BaseRegQueryValue Response Packet as defined in
+      # [3.1.5.17 BaseRegQueryValue (Opnum 17)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/8bc10aa3-2f91-44e8-aa33-b3263c49ab9d)
+      class QueryValueResponse < BinData::Record
+        attr_reader :opnum
+        endian :little
+        ndr_lp_dword :lp_type
+        ndr_lp_byte  :lp_data
+        string       :pad, length: -> { pad_length }
+        ndr_lp_dword :lpcb_data
+        ndr_lp_dword :lpcb_len
+        uint32       :error_status
+        def initialize_instance
+          super
+          @opnum = REG_QUERY_VALUE
+        end
+        # Determines the correct length for the padding in front of
+        # #lpcb_data. It should always force a 4-byte alignment.
+        def pad_length
+          offset = (lp_data.abs_offset + lp_data.to_binary_s.length) % 4
+          (4 - offset) % 4
+        end
+        # Returns the data portion of the registry value formatted according to its type:
+        # [3.1.1.5 Values](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/3d64dbea-f016-4373-8cac-e43bf343837d)
+        def data
+          bytes = lp_data.bytes.to_a.pack('C*')
+          case lp_type
+          when 1,2
+            bytes.force_encoding('utf-16le').strip
+          when 3
+            bytes
+          when 4
+            bytes.unpack('V').first
+          when 5
+            bytes.unpack('N').first
+          when 7
+            str = bytes.force_encoding('utf-16le')
+            str.split("\0".encode('utf-16le'))
+          when 11
+            bytes.unpack('Q<').first
+          else
+            ""
+          end
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg/regsam.rb ADDED

@@ -0,0 +1,40 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      # This class represents a REGSAM structure as defined in
+      # [2.2.3 REGSAM](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/fefbc801-b141-4bb1-9dcb-bf366da3ae7e)
+      # [2.4.3 ACCESS_MASK](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/7a53f60e-e730-4dfe-bbe9-b21b62eb790b)
+      class Regsam < BinData::Record
+        endian  :little
+        bit2    :reserved,               label: 'Reserved Space'
+        bit1    :key_create_link,        label: 'Key Create Link'
+        bit1    :key_notify,             label: 'Key Notify'
+        bit1    :key_enumerate_sub_keys, label: 'Key Enumerate Sub Keys'
+        bit1    :key_create_sub_key,     label: 'Key Create Sub Key'
+        bit1    :key_set_value,          label: 'Key Set Value'
+        bit1    :key_query_value,        label: 'Key Query Value'
+        # byte boundary
+        bit6    :reserved2,              label: 'Reserved Space'
+        bit1    :key_wow64_32key,        label: 'Key Wow64 32key'
+        bit1    :key_wow64_64key,        label: 'Key Wow64 64key'
+        # byte boundary
+        bit3    :reserved3,              label: 'Reserved Space'
+        bit1    :synchronize,            label: 'Synchronize'
+        bit1    :write_owner,            label: 'Write Owner'
+        bit1    :write_dac,              label: 'Write DAC'
+        bit1    :read_control,           label: 'Read Control'
+        bit1    :delete_access,          label: 'Delete'
+        # byte boundary
+        bit1    :generic_read,           label: 'Generic Read'
+        bit1    :generic_write,          label: 'Generic Write'
+        bit1    :generic_execute,        label: 'Generic Execute'
+        bit1    :generic_all,            label: 'Generic All'
+        bit2    :reserved4,              label: 'Reserved Space'
+        bit1    :maximum,                label: 'Maximum Allowed'
+        bit1    :system_security,        label: 'System Security'
+      end
+    end
+  end
+end

data/lib/ruby_smb/dispatcher/socket.rb CHANGED

@@ -48,7 +48,7 @@ module RubySMB
           end
         rescue IOError, Errno::ECONNABORTED, Errno::ECONNRESET => e
-          raise RubySMB::Error::CommunicationError, "An error occured writing to the Socket: #{e.message}"
+          raise RubySMB::Error::CommunicationError, "An error occurred writing to the Socket: #{e.message}"
         end
         nil
       end
@@ -61,13 +61,14 @@ module RubySMB
       #   which are assumed to be the NetBiosSessionService header.
       # @raise [RubySMB::Error::CommunicationError] if the read timeout expires or an error occurs when reading the socket
       def recv_packet(full_response: false)
+        raise RubySMB::Error::CommunicationError, 'Connection has already been closed' if @tcp_socket.closed?
         if IO.select([@tcp_socket], nil, nil, @read_timeout).nil?
           raise RubySMB::Error::CommunicationError, "Read timeout expired when reading from the Socket (timeout=#{@read_timeout})"
         end
         begin
           nbss_data = @tcp_socket.read(4)
-          raise IOError if nbss_data.nil?
+          raise RubySMB::Error::CommunicationError, 'Socket read returned nil' if nbss_data.nil?
           nbss_header = RubySMB::Nbss::SessionHeader.read(nbss_data)
         rescue IOError
           raise ::RubySMB::Error::NetBiosSessionService, 'NBSS Header is missing'
@@ -84,7 +85,7 @@ module RubySMB
         end
         data
       rescue Errno::EINVAL, Errno::ECONNABORTED, Errno::ECONNRESET, TypeError, NoMethodError => e
-        raise RubySMB::Error::CommunicationError, "An error occured reading from the Socket #{e.message}"
+        raise RubySMB::Error::CommunicationError, "An error occurred reading from the Socket #{e.message}"
       end
     end
   end

data/lib/ruby_smb/error.rb CHANGED

@@ -53,7 +53,28 @@ module RubySMB
     end
     # Raised when a response packet has a NTStatus code that was unexpected.
-    class UnexpectedStatusCode < RubySMBError; end
+    class UnexpectedStatusCode < RubySMBError
+      attr_reader :status_code
+      def initialize(status_code)
+        case status_code
+        when WindowsError::ErrorCode
+          @status_code = status_code
+        when Integer
+          @status_code = WindowsError::NTStatus.find_by_retval(status_code).first
+          if @status_code.nil?
+            @status_code = WindowsError::ErrorCode.new("0x#{status_code.to_s(16)}", status_code, "Unknown 0x#{status_code.to_s(16)}")
+          end
+        else
+          raise ArgumentError, "Status code must be a WindowsError::ErrorCode or an Integer, got #{status_code.class}"
+        end
+        super
+      end
+      def to_s
+        "The server responded with an unexpected status code: #{status_code.name}"
+      end
+    end
     # Raised when an error occurs with the underlying socket.
     class CommunicationError < RubySMBError; end
@@ -65,5 +86,11 @@ module RubySMB
     # Raised when trying to parse raw binary into a BitField and the data
     # is invalid.
     class InvalidBitField < RubySMBError; end
+    # Raised when an encryption operation fails
+    class EncryptionError < RubySMBError; end
+    # Raised when an signing operation fails
+    class SigningError < RubySMBError; end
   end
 end

data/lib/ruby_smb/smb1/commands.rb CHANGED

@@ -10,7 +10,7 @@ module RubySMB
       SMB_COM_TRANSACTION2_SECONDARY  = 0x33
       SMB_COM_TREE_DISCONNECT         = 0x71
       SMB_COM_NEGOTIATE               = 0x72
-      SMB_COM_SESSION_SETUP           = 0x73
+      SMB_COM_SESSION_SETUP_ANDX      = 0x73
       SMB_COM_LOGOFF                  = 0x74
       SMB_COM_TREE_CONNECT            = 0x75
       SMB_COM_NT_TRANSACT             = 0xA0

data/lib/ruby_smb/smb1/file.rb CHANGED

@@ -91,7 +91,7 @@ module RubySMB
           )
         end
         unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
-          raise RubySMB::Error::UnexpectedStatusCode, response.status_code.name
+          raise RubySMB::Error::UnexpectedStatusCode, response.status_code
         end
         response.status_code
       end
@@ -127,7 +127,7 @@ module RubySMB
             )
           end
           unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
-            raise RubySMB::Error::UnexpectedStatusCode, response.status_code.name
+            raise RubySMB::Error::UnexpectedStatusCode, response.status_code
           end
           if response.is_a?(RubySMB::SMB1::Packet::ReadAndxResponse)
@@ -156,6 +156,8 @@ module RubySMB
       def read_packet(read_length: 0, offset: 0)
         read_request = set_header_fields(RubySMB::SMB1::Packet::ReadAndxRequest.new)
         read_request.parameter_block.max_count_of_bytes_to_return = read_length
+        read_request.parameter_block.min_count_of_bytes_to_return = read_length
+        read_request.parameter_block.remaining = read_length
         read_request.parameter_block.offset = offset
         read_request
       end
@@ -174,7 +176,7 @@ module RubySMB
           )
         end
         unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
-          raise RubySMB::Error::UnexpectedStatusCode, response.status_code.name
+          raise RubySMB::Error::UnexpectedStatusCode, response.status_code
         end
         response.data_block.data.to_binary_s
@@ -242,7 +244,7 @@ module RubySMB
             )
           end
           unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
-            raise RubySMB::Error::UnexpectedStatusCode, response.status_code.name
+            raise RubySMB::Error::UnexpectedStatusCode, response.status_code
           end
           bytes_written = response.parameter_block.count_low + (response.parameter_block.count_high << 16)
           total_bytes_written += bytes_written

data/lib/ruby_smb/smb1/packet/empty_packet.rb CHANGED

@@ -1,7 +1,7 @@
 module RubySMB
   module SMB1
     module Packet
-      # This packet represent an SMB1 Response Packet when the parameter and
+      # This packet represent an SMB1 Error Response Packet when the parameter and
       # data blocks will be empty.
       class EmptyPacket < RubySMB::GenericPacket
         attr_accessor :original_command
@@ -12,7 +12,9 @@ module RubySMB
         def valid?
           return smb_header.protocol == RubySMB::SMB1::SMB_PROTOCOL_ID &&
-            smb_header.command == @original_command
+                 smb_header.command == @original_command &&
+                 parameter_block.word_count == 0 &&
+                 data_block.byte_count == 0
         end
       end
     end

data/lib/ruby_smb/smb1/packet/session_setup_legacy_request.rb CHANGED

@@ -4,7 +4,7 @@ module RubySMB
       # A SMB1 SMB_COM_SESSION_SETUP_ANDX Request Packet, without NTLMSSP as defined in
       # [2.2.4.53.1 Request](https://msdn.microsoft.com/en-us/library/ee441849.aspx)
       class SessionSetupLegacyRequest < RubySMB::GenericPacket
-        COMMAND = RubySMB::SMB1::Commands::SMB_COM_SESSION_SETUP
+        COMMAND = RubySMB::SMB1::Commands::SMB_COM_SESSION_SETUP_ANDX
         # A SMB1 Parameter Block as defined by the {SessionSetupRequest}
         class ParameterBlock < RubySMB::SMB1::ParameterBlock

data/lib/ruby_smb/smb1/packet/session_setup_legacy_response.rb CHANGED

@@ -1,10 +1,10 @@
 module RubySMB
   module SMB1
     module Packet
-      # A SMB1 SMB_COM_SESSION_SETUP Legacy Response Packet as defined in
+      # A SMB1 SMB_COM_SESSION_SETUP_ANDX Legacy Response Packet as defined in
       # [2.2.4.53.2 Response](https://msdn.microsoft.com/en-us/library/ee442143.aspx)
       class SessionSetupLegacyResponse < RubySMB::GenericPacket
-        COMMAND = RubySMB::SMB1::Commands::SMB_COM_SESSION_SETUP
+        COMMAND = RubySMB::SMB1::Commands::SMB_COM_SESSION_SETUP_ANDX
         # A SMB1 Parameter Block as defined by the {SessionSetupResponse}
         class ParameterBlock < RubySMB::SMB1::ParameterBlock

data/lib/ruby_smb/smb1/packet/session_setup_request.rb CHANGED

@@ -4,7 +4,7 @@ module RubySMB
       # A SMB1 SMB_COM_SESSION_SETUP_ANDX Request Packet as defined in
       # [2.2.4.6.1](https://msdn.microsoft.com/en-us/library/cc246328.aspx)
       class SessionSetupRequest < RubySMB::GenericPacket
-        COMMAND = RubySMB::SMB1::Commands::SMB_COM_SESSION_SETUP
+        COMMAND = RubySMB::SMB1::Commands::SMB_COM_SESSION_SETUP_ANDX
         # A SMB1 Parameter Block as defined by the {SessionSetupRequest}
         class ParameterBlock < RubySMB::SMB1::ParameterBlock

data/lib/ruby_smb/smb1/packet/session_setup_response.rb CHANGED

@@ -1,10 +1,10 @@
 module RubySMB
   module SMB1
     module Packet
-      # A SMB1 SMB_COM_SESSION_SETUP Response Packet as defined in
+      # A SMB1 SMB_COM_SESSION_SETUP_ANDX Response Packet as defined in
       # [2.2.4.6.2](https://msdn.microsoft.com/en-us/library/cc246329.aspx)
       class SessionSetupResponse < RubySMB::GenericPacket
-        COMMAND = RubySMB::SMB1::Commands::SMB_COM_SESSION_SETUP
+        COMMAND = RubySMB::SMB1::Commands::SMB_COM_SESSION_SETUP_ANDX
         # A SMB1 Parameter Block as defined by the {SessionSetupResponse}
         class ParameterBlock < RubySMB::SMB1::ParameterBlock

data/lib/ruby_smb/smb1/packet/write_andx_request.rb CHANGED

@@ -43,7 +43,7 @@ module RubySMB
         # Represents the specific layout of the DataBlock for a {WriteAndxRequest} Packet.
         class DataBlock < RubySMB::SMB1::DataBlock
-          uint8  :pad,  label: 'Pad'
+          string :pad,  label: 'Pad', length: 1
           string :data, label: 'Data'
         end

data/lib/ruby_smb/smb1/pipe.rb CHANGED

@@ -3,9 +3,9 @@ module RubySMB
     # Represents a pipe on the Remote server that we can perform
     # various I/O operations on.
     class Pipe < File
-      require 'ruby_smb/smb1/dcerpc'
+      require 'ruby_smb/dcerpc'
-      include RubySMB::SMB1::Dcerpc
+      include RubySMB::Dcerpc
       # Reference: https://msdn.microsoft.com/en-us/library/ee441883.aspx
       STATUS_DISCONNECTED = 0x0001
@@ -13,6 +13,17 @@ module RubySMB
       STATUS_OK           = 0x0003
       STATUS_CLOSED       = 0x0004
+      def initialize(tree:, response:, name:)
+        raise ArgumentError, 'No Name Provided' if name.nil?
+        case name
+        when 'srvsvc'
+          extend RubySMB::Dcerpc::Srvsvc
+        when 'winreg'
+          extend RubySMB::Dcerpc::Winreg
+        end
+        super(tree: tree, response: response, name: name)
+      end
       # Performs a peek operation on the named pipe
       #
       # @param peek_size [Integer] Amount of data to peek
@@ -36,7 +47,7 @@ module RubySMB
         end
         unless response.status_code == WindowsError::NTStatus::STATUS_BUFFER_OVERFLOW or response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
-          raise RubySMB::Error::UnexpectedStatusCode, response.status_code.name
+          raise RubySMB::Error::UnexpectedStatusCode, response.status_code
         end
         response
@@ -68,6 +79,71 @@ module RubySMB
         state == STATUS_OK
       end
+      # Send a DCERPC request with the provided stub packet.
+      #
+      # @params stub_packet [#opnum] the stub packet to add to the DCERPC request
+      # @return [String] the raw DCERPC response stub
+      # @raise [RubySMB::Error::InvalidPacket] if the response is not valid
+      # @raise [RubySMB::Error::UnexpectedStatusCode] if the response status code is different than STATUS_SUCCESS or STATUS_BUFFER_OVERFLOW
+      def dcerpc_request(stub_packet, options={})
+        options.merge!(endpoint: stub_packet.class.name.split('::').at(-2))
+        dcerpc_request = RubySMB::Dcerpc::Request.new({ opnum: stub_packet.opnum }, options)
+        dcerpc_request.stub.read(stub_packet.to_binary_s)
+        trans_nmpipe_request = RubySMB::SMB1::Packet::Trans::TransactNmpipeRequest.new(options)
+        @tree.set_header_fields(trans_nmpipe_request)
+        trans_nmpipe_request.set_fid(@fid)
+        trans_nmpipe_request.data_block.trans_data.write_data = dcerpc_request.to_binary_s
+        trans_nmpipe_raw_response = @tree.client.send_recv(trans_nmpipe_request)
+        trans_nmpipe_response = RubySMB::SMB1::Packet::Trans::TransactNmpipeResponse.read(trans_nmpipe_raw_response)
+        unless trans_nmpipe_response.valid?
+          raise RubySMB::Error::InvalidPacket.new(
+            expected_proto: RubySMB::SMB1::SMB_PROTOCOL_ID,
+            expected_cmd:   RubySMB::SMB1::Packet::Trans::TransactNmpipeResponse::COMMAND,
+            received_proto: trans_nmpipe_response.smb_header.protocol,
+            received_cmd:   trans_nmpipe_response.smb_header.command
+          )
+        end
+        unless [WindowsError::NTStatus::STATUS_SUCCESS,
+                WindowsError::NTStatus::STATUS_BUFFER_OVERFLOW].include?(trans_nmpipe_response.status_code)
+          raise RubySMB::Error::UnexpectedStatusCode, trans_nmpipe_response.status_code
+        end
+        raw_data = trans_nmpipe_response.data_block.trans_data.read_data.to_binary_s
+        if trans_nmpipe_response.status_code == WindowsError::NTStatus::STATUS_BUFFER_OVERFLOW
+          raw_data << read(bytes: @tree.client.max_buffer_size - trans_nmpipe_response.parameter_block.data_count)
+          dcerpc_response = dcerpc_response_from_raw_response(raw_data)
+          unless dcerpc_response.pdu_header.pfc_flags.first_frag == 1
+            raise RubySMB::Dcerpc::Error::InvalidPacket, "Not the first fragment"
+          end
+          stub_data = dcerpc_response.stub.to_s
+          loop do
+            break if dcerpc_response.pdu_header.pfc_flags.last_frag == 1
+            raw_data = read(bytes: @tree.client.max_buffer_size)
+            dcerpc_response = dcerpc_response_from_raw_response(raw_data)
+            stub_data << dcerpc_response.stub.to_s
+          end
+          stub_data
+        else
+          dcerpc_response = dcerpc_response_from_raw_response(raw_data)
+          dcerpc_response.stub.to_s
+        end
+      end
+      private
+      def dcerpc_response_from_raw_response(raw_data)
+        dcerpc_response = RubySMB::Dcerpc::Response.read(raw_data)
+        unless dcerpc_response.pdu_header.ptype == RubySMB::Dcerpc::PTypes::RESPONSE
+          raise RubySMB::Dcerpc::Error::InvalidPacket, "Not a Response packet"
+        end
+        dcerpc_response
+      rescue IOError
+        raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the DCERPC response"
+      end
     end
   end
 end

data/lib/ruby_smb/smb1/tree.rb CHANGED

@@ -123,6 +123,15 @@ module RubySMB
         raw_response = @client.send_recv(nt_create_andx_request)
         response = RubySMB::SMB1::Packet::NtCreateAndxResponse.read(raw_response)
         unless response.valid?
+          if response.is_a?(RubySMB::SMB1::Packet::EmptyPacket) &&
+               response.smb_header.protocol == RubySMB::SMB1::SMB_PROTOCOL_ID &&
+               response.smb_header.command == response.original_command
+            raise RubySMB::Error::InvalidPacket.new(
+              'The response seems to be an SMB1 NtCreateAndxResponse but an '\
+              'error occurs while parsing it. It is probably missing the '\
+              'required extended information.'
+            )
+          end
           raise RubySMB::Error::InvalidPacket.new(
             expected_proto: RubySMB::SMB1::SMB_PROTOCOL_ID,
             expected_cmd:   RubySMB::SMB1::Packet::NtCreateAndxResponse::COMMAND,
@@ -131,7 +140,7 @@ module RubySMB
           )
         end
         unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
-          raise RubySMB::Error::UnexpectedStatusCode, response.status_code.name
+          raise RubySMB::Error::UnexpectedStatusCode, response.status_code
         end
         case response.parameter_block.resource_type
@@ -191,7 +200,7 @@ module RubySMB
           )
         end
         unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
-          raise RubySMB::Error::UnexpectedStatusCode, response.status_code.name
+          raise RubySMB::Error::UnexpectedStatusCode, response.status_code
         end
         results = response.results(type, unicode: unicode)
@@ -226,7 +235,7 @@ module RubySMB
             )
           end
           unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
-            raise RubySMB::Error::UnexpectedStatusCode, response.status_code.name
+            raise RubySMB::Error::UnexpectedStatusCode, response.status_code
           end
           results += response.results(type, unicode: unicode)