RubyGems - ruby_smb - Versions diffs - 1.0.4 → 2.0.2 - Mend

ruby_smb 1.0.4 → 2.0.2

Files changed (130) hide show

checksums.yaml +5 -5
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/.travis.yml +3 -2
data/Gemfile +6 -2
data/README.md +35 -47
data/examples/enum_registry_key.rb +28 -0
data/examples/enum_registry_values.rb +30 -0
data/examples/negotiate.rb +51 -8
data/examples/pipes.rb +2 -1
data/examples/read_file_encryption.rb +56 -0
data/examples/read_registry_key_value.rb +32 -0
data/lib/ruby_smb.rb +4 -1
data/lib/ruby_smb/client.rb +207 -18
data/lib/ruby_smb/client/authentication.rb +27 -8
data/lib/ruby_smb/client/encryption.rb +62 -0
data/lib/ruby_smb/client/negotiation.rb +153 -12
data/lib/ruby_smb/client/signing.rb +19 -0
data/lib/ruby_smb/client/tree_connect.rb +4 -4
data/lib/ruby_smb/client/utils.rb +8 -7
data/lib/ruby_smb/client/winreg.rb +46 -0
data/lib/ruby_smb/crypto.rb +30 -0
data/lib/ruby_smb/dcerpc.rb +38 -0
data/lib/ruby_smb/dcerpc/bind.rb +2 -2
data/lib/ruby_smb/dcerpc/bind_ack.rb +2 -2
data/lib/ruby_smb/dcerpc/error.rb +3 -0
data/lib/ruby_smb/dcerpc/ndr.rb +95 -16
data/lib/ruby_smb/dcerpc/pdu_header.rb +1 -1
data/lib/ruby_smb/dcerpc/request.rb +28 -9
data/lib/ruby_smb/dcerpc/rrp_unicode_string.rb +35 -0
data/lib/ruby_smb/dcerpc/srvsvc.rb +10 -0
data/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all.rb +9 -0
data/lib/ruby_smb/dcerpc/winreg.rb +340 -0
data/lib/ruby_smb/dcerpc/winreg/close_key_request.rb +24 -0
data/lib/ruby_smb/dcerpc/winreg/close_key_response.rb +27 -0
data/lib/ruby_smb/dcerpc/winreg/enum_key_request.rb +45 -0
data/lib/ruby_smb/dcerpc/winreg/enum_key_response.rb +42 -0
data/lib/ruby_smb/dcerpc/winreg/enum_value_request.rb +39 -0
data/lib/ruby_smb/dcerpc/winreg/enum_value_response.rb +36 -0
data/lib/ruby_smb/dcerpc/winreg/open_key_request.rb +34 -0
data/lib/ruby_smb/dcerpc/winreg/open_key_response.rb +25 -0
data/lib/ruby_smb/dcerpc/winreg/open_root_key_request.rb +43 -0
data/lib/ruby_smb/dcerpc/winreg/open_root_key_response.rb +35 -0
data/lib/ruby_smb/dcerpc/winreg/query_info_key_request.rb +27 -0
data/lib/ruby_smb/dcerpc/winreg/query_info_key_response.rb +40 -0
data/lib/ruby_smb/dcerpc/winreg/query_value_request.rb +39 -0
data/lib/ruby_smb/dcerpc/winreg/query_value_response.rb +57 -0
data/lib/ruby_smb/dcerpc/winreg/regsam.rb +40 -0
data/lib/ruby_smb/dispatcher/socket.rb +4 -3
data/lib/ruby_smb/error.rb +28 -1
data/lib/ruby_smb/smb1/commands.rb +1 -1
data/lib/ruby_smb/smb1/file.rb +6 -4
data/lib/ruby_smb/smb1/packet/empty_packet.rb +4 -2
data/lib/ruby_smb/smb1/packet/session_setup_legacy_request.rb +1 -1
data/lib/ruby_smb/smb1/packet/session_setup_legacy_response.rb +2 -2
data/lib/ruby_smb/smb1/packet/session_setup_request.rb +1 -1
data/lib/ruby_smb/smb1/packet/session_setup_response.rb +2 -2
data/lib/ruby_smb/smb1/packet/write_andx_request.rb +1 -1
data/lib/ruby_smb/smb1/pipe.rb +79 -3
data/lib/ruby_smb/smb1/tree.rb +12 -3
data/lib/ruby_smb/smb2/bit_field/session_flags.rb +2 -1
data/lib/ruby_smb/smb2/bit_field/share_flags.rb +6 -4
data/lib/ruby_smb/smb2/file.rb +25 -43
data/lib/ruby_smb/smb2/negotiate_context.rb +108 -0
data/lib/ruby_smb/smb2/packet.rb +2 -0
data/lib/ruby_smb/smb2/packet/compression_transform_header.rb +41 -0
data/lib/ruby_smb/smb2/packet/error_packet.rb +9 -4
data/lib/ruby_smb/smb2/packet/negotiate_request.rb +51 -14
data/lib/ruby_smb/smb2/packet/negotiate_response.rb +50 -4
data/lib/ruby_smb/smb2/packet/transform_header.rb +84 -0
data/lib/ruby_smb/smb2/packet/tree_connect_request.rb +92 -6
data/lib/ruby_smb/smb2/packet/tree_connect_response.rb +8 -26
data/lib/ruby_smb/smb2/pipe.rb +77 -3
data/lib/ruby_smb/smb2/smb2_header.rb +1 -1
data/lib/ruby_smb/smb2/tree.rb +23 -17
data/lib/ruby_smb/version.rb +1 -1
data/ruby_smb.gemspec +5 -3
data/spec/lib/ruby_smb/client_spec.rb +1441 -61
data/spec/lib/ruby_smb/crypto_spec.rb +25 -0
data/spec/lib/ruby_smb/dcerpc/bind_ack_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/bind_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/ndr_spec.rb +410 -0
data/spec/lib/ruby_smb/dcerpc/request_spec.rb +50 -7
data/spec/lib/ruby_smb/dcerpc/rrp_unicode_string_spec.rb +98 -0
data/spec/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all_spec.rb +13 -0
data/spec/lib/ruby_smb/dcerpc/srvsvc_spec.rb +60 -0
data/spec/lib/ruby_smb/dcerpc/winreg/close_key_request_spec.rb +28 -0
data/spec/lib/ruby_smb/dcerpc/winreg/close_key_response_spec.rb +36 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_request_spec.rb +108 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_response_spec.rb +97 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_request_spec.rb +94 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_response_spec.rb +82 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_key_request_spec.rb +74 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_key_response_spec.rb +35 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_request_spec.rb +90 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_request_spec.rb +39 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_response_spec.rb +113 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_request_spec.rb +88 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_response_spec.rb +150 -0
data/spec/lib/ruby_smb/dcerpc/winreg/regsam_spec.rb +32 -0
data/spec/lib/ruby_smb/dcerpc/winreg_spec.rb +710 -0
data/spec/lib/ruby_smb/dcerpc_spec.rb +81 -0
data/spec/lib/ruby_smb/dispatcher/socket_spec.rb +2 -2
data/spec/lib/ruby_smb/error_spec.rb +59 -0
data/spec/lib/ruby_smb/smb1/file_spec.rb +9 -1
data/spec/lib/ruby_smb/smb1/packet/empty_packet_spec.rb +10 -0
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_response_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_response_spec.rb +1 -1
data/spec/lib/ruby_smb/smb1/pipe_spec.rb +210 -148
data/spec/lib/ruby_smb/smb2/bit_field/session_flags_spec.rb +9 -0
data/spec/lib/ruby_smb/smb2/bit_field/share_flags_spec.rb +27 -0
data/spec/lib/ruby_smb/smb2/file_spec.rb +86 -62
data/spec/lib/ruby_smb/smb2/negotiate_context_spec.rb +332 -0
data/spec/lib/ruby_smb/smb2/packet/compression_transform_header_spec.rb +108 -0
data/spec/lib/ruby_smb/smb2/packet/error_packet_spec.rb +29 -2
data/spec/lib/ruby_smb/smb2/packet/negotiate_request_spec.rb +138 -3
data/spec/lib/ruby_smb/smb2/packet/negotiate_response_spec.rb +120 -2
data/spec/lib/ruby_smb/smb2/packet/transform_header_spec.rb +220 -0
data/spec/lib/ruby_smb/smb2/packet/tree_connect_request_spec.rb +339 -9
data/spec/lib/ruby_smb/smb2/packet/tree_connect_response_spec.rb +3 -30
data/spec/lib/ruby_smb/smb2/pipe_spec.rb +220 -149
data/spec/lib/ruby_smb/smb2/smb2_header_spec.rb +2 -2
data/spec/lib/ruby_smb/smb2/tree_spec.rb +53 -8
metadata +187 -81
metadata.gz.sig +0 -0
data/lib/ruby_smb/smb1/dcerpc.rb +0 -72
data/lib/ruby_smb/smb2/dcerpc.rb +0 -75

data/lib/ruby_smb/dcerpc/winreg/query_value_response.rb ADDED

@@ -0,0 +1,57 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      # This class represents a BaseRegQueryValue Response Packet as defined in
+      # [3.1.5.17 BaseRegQueryValue (Opnum 17)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/8bc10aa3-2f91-44e8-aa33-b3263c49ab9d)
+      class QueryValueResponse < BinData::Record
+        attr_reader :opnum
+        endian :little
+        ndr_lp_dword :lp_type
+        ndr_lp_byte  :lp_data
+        string       :pad, length: -> { pad_length }
+        ndr_lp_dword :lpcb_data
+        ndr_lp_dword :lpcb_len
+        uint32       :error_status
+        def initialize_instance
+          super
+          @opnum = REG_QUERY_VALUE
+        end
+        # Determines the correct length for the padding in front of
+        # #lpcb_data. It should always force a 4-byte alignment.
+        def pad_length
+          offset = (lp_data.abs_offset + lp_data.to_binary_s.length) % 4
+          (4 - offset) % 4
+        end
+        # Returns the data portion of the registry value formatted according to its type:
+        # [3.1.1.5 Values](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/3d64dbea-f016-4373-8cac-e43bf343837d)
+        def data
+          bytes = lp_data.bytes.to_a.pack('C*')
+          case lp_type
+          when 1,2
+            bytes.force_encoding('utf-16le').strip
+          when 3
+            bytes
+          when 4
+            bytes.unpack('V').first
+          when 5
+            bytes.unpack('N').first
+          when 7
+            str = bytes.force_encoding('utf-16le')
+            str.split("\0".encode('utf-16le'))
+          when 11
+            bytes.unpack('Q<').first
+          else
+            ""
+          end
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg/regsam.rb ADDED

@@ -0,0 +1,40 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      # This class represents a REGSAM structure as defined in
+      # [2.2.3 REGSAM](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/fefbc801-b141-4bb1-9dcb-bf366da3ae7e)
+      # [2.4.3 ACCESS_MASK](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/7a53f60e-e730-4dfe-bbe9-b21b62eb790b)
+      class Regsam < BinData::Record
+        endian  :little
+        bit2    :reserved,               label: 'Reserved Space'
+        bit1    :key_create_link,        label: 'Key Create Link'
+        bit1    :key_notify,             label: 'Key Notify'
+        bit1    :key_enumerate_sub_keys, label: 'Key Enumerate Sub Keys'
+        bit1    :key_create_sub_key,     label: 'Key Create Sub Key'
+        bit1    :key_set_value,          label: 'Key Set Value'
+        bit1    :key_query_value,        label: 'Key Query Value'
+        # byte boundary
+        bit6    :reserved2,              label: 'Reserved Space'
+        bit1    :key_wow64_32key,        label: 'Key Wow64 32key'
+        bit1    :key_wow64_64key,        label: 'Key Wow64 64key'
+        # byte boundary
+        bit3    :reserved3,              label: 'Reserved Space'
+        bit1    :synchronize,            label: 'Synchronize'
+        bit1    :write_owner,            label: 'Write Owner'
+        bit1    :write_dac,              label: 'Write DAC'
+        bit1    :read_control,           label: 'Read Control'
+        bit1    :delete_access,          label: 'Delete'
+        # byte boundary
+        bit1    :generic_read,           label: 'Generic Read'
+        bit1    :generic_write,          label: 'Generic Write'
+        bit1    :generic_execute,        label: 'Generic Execute'
+        bit1    :generic_all,            label: 'Generic All'
+        bit2    :reserved4,              label: 'Reserved Space'
+        bit1    :maximum,                label: 'Maximum Allowed'
+        bit1    :system_security,        label: 'System Security'
+      end
+    end
+  end
+end

data/lib/ruby_smb/dispatcher/socket.rb CHANGED

@@ -48,7 +48,7 @@ module RubySMB
           end
         rescue IOError, Errno::ECONNABORTED, Errno::ECONNRESET => e
-          raise RubySMB::Error::CommunicationError, "An error occured writing to the Socket: #{e.message}"
+          raise RubySMB::Error::CommunicationError, "An error occurred writing to the Socket: #{e.message}"
         end
         nil
       end
@@ -61,13 +61,14 @@ module RubySMB
       #   which are assumed to be the NetBiosSessionService header.
       # @raise [RubySMB::Error::CommunicationError] if the read timeout expires or an error occurs when reading the socket
       def recv_packet(full_response: false)
+        raise RubySMB::Error::CommunicationError, 'Connection has already been closed' if @tcp_socket.closed?
         if IO.select([@tcp_socket], nil, nil, @read_timeout).nil?
           raise RubySMB::Error::CommunicationError, "Read timeout expired when reading from the Socket (timeout=#{@read_timeout})"
         end
         begin
           nbss_data = @tcp_socket.read(4)
-          raise IOError if nbss_data.nil?
+          raise RubySMB::Error::CommunicationError, 'Socket read returned nil' if nbss_data.nil?
           nbss_header = RubySMB::Nbss::SessionHeader.read(nbss_data)
         rescue IOError
           raise ::RubySMB::Error::NetBiosSessionService, 'NBSS Header is missing'
@@ -84,7 +85,7 @@ module RubySMB
         end
         data
       rescue Errno::EINVAL, Errno::ECONNABORTED, Errno::ECONNRESET, TypeError, NoMethodError => e
-        raise RubySMB::Error::CommunicationError, "An error occured reading from the Socket #{e.message}"
+        raise RubySMB::Error::CommunicationError, "An error occurred reading from the Socket #{e.message}"
       end
     end
   end

data/lib/ruby_smb/error.rb CHANGED

@@ -53,7 +53,28 @@ module RubySMB
     end
     # Raised when a response packet has a NTStatus code that was unexpected.
-    class UnexpectedStatusCode < RubySMBError; end
+    class UnexpectedStatusCode < RubySMBError
+      attr_reader :status_code
+      def initialize(status_code)
+        case status_code
+        when WindowsError::ErrorCode
+          @status_code = status_code
+        when Integer
+          @status_code = WindowsError::NTStatus.find_by_retval(status_code).first
+          if @status_code.nil?
+            @status_code = WindowsError::ErrorCode.new("0x#{status_code.to_s(16)}", status_code, "Unknown 0x#{status_code.to_s(16)}")
+          end
+        else
+          raise ArgumentError, "Status code must be a WindowsError::ErrorCode or an Integer, got #{status_code.class}"
+        end
+        super
+      end
+      def to_s
+        "The server responded with an unexpected status code: #{status_code.name}"
+      end
+    end
     # Raised when an error occurs with the underlying socket.
     class CommunicationError < RubySMBError; end
@@ -65,5 +86,11 @@ module RubySMB
     # Raised when trying to parse raw binary into a BitField and the data
     # is invalid.
     class InvalidBitField < RubySMBError; end
+    # Raised when an encryption operation fails
+    class EncryptionError < RubySMBError; end
+    # Raised when an signing operation fails
+    class SigningError < RubySMBError; end
   end
 end

data/lib/ruby_smb/smb1/commands.rb CHANGED

@@ -10,7 +10,7 @@ module RubySMB
       SMB_COM_TRANSACTION2_SECONDARY  = 0x33
       SMB_COM_TREE_DISCONNECT         = 0x71
       SMB_COM_NEGOTIATE               = 0x72
-      SMB_COM_SESSION_SETUP           = 0x73
+      SMB_COM_SESSION_SETUP_ANDX      = 0x73
       SMB_COM_LOGOFF                  = 0x74
       SMB_COM_TREE_CONNECT            = 0x75
       SMB_COM_NT_TRANSACT             = 0xA0

data/lib/ruby_smb/smb1/file.rb CHANGED

@@ -91,7 +91,7 @@ module RubySMB
           )
         end
         unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
-          raise RubySMB::Error::UnexpectedStatusCode, response.status_code.name
+          raise RubySMB::Error::UnexpectedStatusCode, response.status_code
         end
         response.status_code
       end
@@ -127,7 +127,7 @@ module RubySMB
             )
           end
           unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
-            raise RubySMB::Error::UnexpectedStatusCode, response.status_code.name
+            raise RubySMB::Error::UnexpectedStatusCode, response.status_code
           end
           if response.is_a?(RubySMB::SMB1::Packet::ReadAndxResponse)
@@ -156,6 +156,8 @@ module RubySMB
       def read_packet(read_length: 0, offset: 0)
         read_request = set_header_fields(RubySMB::SMB1::Packet::ReadAndxRequest.new)
         read_request.parameter_block.max_count_of_bytes_to_return = read_length
+        read_request.parameter_block.min_count_of_bytes_to_return = read_length
+        read_request.parameter_block.remaining = read_length
         read_request.parameter_block.offset = offset
         read_request
       end
@@ -174,7 +176,7 @@ module RubySMB
           )
         end
         unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
-          raise RubySMB::Error::UnexpectedStatusCode, response.status_code.name
+          raise RubySMB::Error::UnexpectedStatusCode, response.status_code
         end
         response.data_block.data.to_binary_s
@@ -242,7 +244,7 @@ module RubySMB
             )
           end
           unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
-            raise RubySMB::Error::UnexpectedStatusCode, response.status_code.name
+            raise RubySMB::Error::UnexpectedStatusCode, response.status_code
           end
           bytes_written = response.parameter_block.count_low + (response.parameter_block.count_high << 16)
           total_bytes_written += bytes_written

data/lib/ruby_smb/smb1/packet/empty_packet.rb CHANGED

@@ -1,7 +1,7 @@
 module RubySMB
   module SMB1
     module Packet
-      # This packet represent an SMB1 Response Packet when the parameter and
+      # This packet represent an SMB1 Error Response Packet when the parameter and
       # data blocks will be empty.
       class EmptyPacket < RubySMB::GenericPacket
         attr_accessor :original_command
@@ -12,7 +12,9 @@ module RubySMB
         def valid?
           return smb_header.protocol == RubySMB::SMB1::SMB_PROTOCOL_ID &&
-            smb_header.command == @original_command
+                 smb_header.command == @original_command &&
+                 parameter_block.word_count == 0 &&
+                 data_block.byte_count == 0
         end
       end
     end

data/lib/ruby_smb/smb1/packet/session_setup_legacy_request.rb CHANGED

@@ -4,7 +4,7 @@ module RubySMB
       # A SMB1 SMB_COM_SESSION_SETUP_ANDX Request Packet, without NTLMSSP as defined in
       # [2.2.4.53.1 Request](https://msdn.microsoft.com/en-us/library/ee441849.aspx)
       class SessionSetupLegacyRequest < RubySMB::GenericPacket
-        COMMAND = RubySMB::SMB1::Commands::SMB_COM_SESSION_SETUP
+        COMMAND = RubySMB::SMB1::Commands::SMB_COM_SESSION_SETUP_ANDX
         # A SMB1 Parameter Block as defined by the {SessionSetupRequest}
         class ParameterBlock < RubySMB::SMB1::ParameterBlock

data/lib/ruby_smb/smb1/packet/session_setup_legacy_response.rb CHANGED

@@ -1,10 +1,10 @@
 module RubySMB
   module SMB1
     module Packet
-      # A SMB1 SMB_COM_SESSION_SETUP Legacy Response Packet as defined in
+      # A SMB1 SMB_COM_SESSION_SETUP_ANDX Legacy Response Packet as defined in
       # [2.2.4.53.2 Response](https://msdn.microsoft.com/en-us/library/ee442143.aspx)
       class SessionSetupLegacyResponse < RubySMB::GenericPacket
-        COMMAND = RubySMB::SMB1::Commands::SMB_COM_SESSION_SETUP
+        COMMAND = RubySMB::SMB1::Commands::SMB_COM_SESSION_SETUP_ANDX
         # A SMB1 Parameter Block as defined by the {SessionSetupResponse}
         class ParameterBlock < RubySMB::SMB1::ParameterBlock

data/lib/ruby_smb/smb1/packet/session_setup_request.rb CHANGED

@@ -4,7 +4,7 @@ module RubySMB
       # A SMB1 SMB_COM_SESSION_SETUP_ANDX Request Packet as defined in
       # [2.2.4.6.1](https://msdn.microsoft.com/en-us/library/cc246328.aspx)
       class SessionSetupRequest < RubySMB::GenericPacket
-        COMMAND = RubySMB::SMB1::Commands::SMB_COM_SESSION_SETUP
+        COMMAND = RubySMB::SMB1::Commands::SMB_COM_SESSION_SETUP_ANDX
         # A SMB1 Parameter Block as defined by the {SessionSetupRequest}
         class ParameterBlock < RubySMB::SMB1::ParameterBlock

data/lib/ruby_smb/smb1/packet/session_setup_response.rb CHANGED

@@ -1,10 +1,10 @@
 module RubySMB
   module SMB1
     module Packet
-      # A SMB1 SMB_COM_SESSION_SETUP Response Packet as defined in
+      # A SMB1 SMB_COM_SESSION_SETUP_ANDX Response Packet as defined in
       # [2.2.4.6.2](https://msdn.microsoft.com/en-us/library/cc246329.aspx)
       class SessionSetupResponse < RubySMB::GenericPacket
-        COMMAND = RubySMB::SMB1::Commands::SMB_COM_SESSION_SETUP
+        COMMAND = RubySMB::SMB1::Commands::SMB_COM_SESSION_SETUP_ANDX
         # A SMB1 Parameter Block as defined by the {SessionSetupResponse}
         class ParameterBlock < RubySMB::SMB1::ParameterBlock

data/lib/ruby_smb/smb1/packet/write_andx_request.rb CHANGED

@@ -43,7 +43,7 @@ module RubySMB
         # Represents the specific layout of the DataBlock for a {WriteAndxRequest} Packet.
         class DataBlock < RubySMB::SMB1::DataBlock
-          uint8  :pad,  label: 'Pad'
+          string :pad,  label: 'Pad', length: 1
           string :data, label: 'Data'
         end

data/lib/ruby_smb/smb1/pipe.rb CHANGED

@@ -3,9 +3,9 @@ module RubySMB
     # Represents a pipe on the Remote server that we can perform
     # various I/O operations on.
     class Pipe < File
-      require 'ruby_smb/smb1/dcerpc'
+      require 'ruby_smb/dcerpc'
-      include RubySMB::SMB1::Dcerpc
+      include RubySMB::Dcerpc
       # Reference: https://msdn.microsoft.com/en-us/library/ee441883.aspx
       STATUS_DISCONNECTED = 0x0001
@@ -13,6 +13,17 @@ module RubySMB
       STATUS_OK           = 0x0003
       STATUS_CLOSED       = 0x0004
+      def initialize(tree:, response:, name:)
+        raise ArgumentError, 'No Name Provided' if name.nil?
+        case name
+        when 'srvsvc'
+          extend RubySMB::Dcerpc::Srvsvc
+        when 'winreg'
+          extend RubySMB::Dcerpc::Winreg
+        end
+        super(tree: tree, response: response, name: name)
+      end
       # Performs a peek operation on the named pipe
       #
       # @param peek_size [Integer] Amount of data to peek
@@ -36,7 +47,7 @@ module RubySMB
         end
         unless response.status_code == WindowsError::NTStatus::STATUS_BUFFER_OVERFLOW or response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
-          raise RubySMB::Error::UnexpectedStatusCode, response.status_code.name
+          raise RubySMB::Error::UnexpectedStatusCode, response.status_code
         end
         response
@@ -68,6 +79,71 @@ module RubySMB
         state == STATUS_OK
       end
+      # Send a DCERPC request with the provided stub packet.
+      #
+      # @params stub_packet [#opnum] the stub packet to add to the DCERPC request
+      # @return [String] the raw DCERPC response stub
+      # @raise [RubySMB::Error::InvalidPacket] if the response is not valid
+      # @raise [RubySMB::Error::UnexpectedStatusCode] if the response status code is different than STATUS_SUCCESS or STATUS_BUFFER_OVERFLOW
+      def dcerpc_request(stub_packet, options={})
+        options.merge!(endpoint: stub_packet.class.name.split('::').at(-2))
+        dcerpc_request = RubySMB::Dcerpc::Request.new({ opnum: stub_packet.opnum }, options)
+        dcerpc_request.stub.read(stub_packet.to_binary_s)
+        trans_nmpipe_request = RubySMB::SMB1::Packet::Trans::TransactNmpipeRequest.new(options)
+        @tree.set_header_fields(trans_nmpipe_request)
+        trans_nmpipe_request.set_fid(@fid)
+        trans_nmpipe_request.data_block.trans_data.write_data = dcerpc_request.to_binary_s
+        trans_nmpipe_raw_response = @tree.client.send_recv(trans_nmpipe_request)
+        trans_nmpipe_response = RubySMB::SMB1::Packet::Trans::TransactNmpipeResponse.read(trans_nmpipe_raw_response)
+        unless trans_nmpipe_response.valid?
+          raise RubySMB::Error::InvalidPacket.new(
+            expected_proto: RubySMB::SMB1::SMB_PROTOCOL_ID,
+            expected_cmd:   RubySMB::SMB1::Packet::Trans::TransactNmpipeResponse::COMMAND,
+            received_proto: trans_nmpipe_response.smb_header.protocol,
+            received_cmd:   trans_nmpipe_response.smb_header.command
+          )
+        end
+        unless [WindowsError::NTStatus::STATUS_SUCCESS,
+                WindowsError::NTStatus::STATUS_BUFFER_OVERFLOW].include?(trans_nmpipe_response.status_code)
+          raise RubySMB::Error::UnexpectedStatusCode, trans_nmpipe_response.status_code
+        end
+        raw_data = trans_nmpipe_response.data_block.trans_data.read_data.to_binary_s
+        if trans_nmpipe_response.status_code == WindowsError::NTStatus::STATUS_BUFFER_OVERFLOW
+          raw_data << read(bytes: @tree.client.max_buffer_size - trans_nmpipe_response.parameter_block.data_count)
+          dcerpc_response = dcerpc_response_from_raw_response(raw_data)
+          unless dcerpc_response.pdu_header.pfc_flags.first_frag == 1
+            raise RubySMB::Dcerpc::Error::InvalidPacket, "Not the first fragment"
+          end
+          stub_data = dcerpc_response.stub.to_s
+          loop do
+            break if dcerpc_response.pdu_header.pfc_flags.last_frag == 1
+            raw_data = read(bytes: @tree.client.max_buffer_size)
+            dcerpc_response = dcerpc_response_from_raw_response(raw_data)
+            stub_data << dcerpc_response.stub.to_s
+          end
+          stub_data
+        else
+          dcerpc_response = dcerpc_response_from_raw_response(raw_data)
+          dcerpc_response.stub.to_s
+        end
+      end
+      private
+      def dcerpc_response_from_raw_response(raw_data)
+        dcerpc_response = RubySMB::Dcerpc::Response.read(raw_data)
+        unless dcerpc_response.pdu_header.ptype == RubySMB::Dcerpc::PTypes::RESPONSE
+          raise RubySMB::Dcerpc::Error::InvalidPacket, "Not a Response packet"
+        end
+        dcerpc_response
+      rescue IOError
+        raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the DCERPC response"
+      end
     end
   end
 end

data/lib/ruby_smb/smb1/tree.rb CHANGED

@@ -123,6 +123,15 @@ module RubySMB
         raw_response = @client.send_recv(nt_create_andx_request)
         response = RubySMB::SMB1::Packet::NtCreateAndxResponse.read(raw_response)
         unless response.valid?
+          if response.is_a?(RubySMB::SMB1::Packet::EmptyPacket) &&
+               response.smb_header.protocol == RubySMB::SMB1::SMB_PROTOCOL_ID &&
+               response.smb_header.command == response.original_command
+            raise RubySMB::Error::InvalidPacket.new(
+              'The response seems to be an SMB1 NtCreateAndxResponse but an '\
+              'error occurs while parsing it. It is probably missing the '\
+              'required extended information.'
+            )
+          end
           raise RubySMB::Error::InvalidPacket.new(
             expected_proto: RubySMB::SMB1::SMB_PROTOCOL_ID,
             expected_cmd:   RubySMB::SMB1::Packet::NtCreateAndxResponse::COMMAND,
@@ -131,7 +140,7 @@ module RubySMB
           )
         end
         unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
-          raise RubySMB::Error::UnexpectedStatusCode, response.status_code.name
+          raise RubySMB::Error::UnexpectedStatusCode, response.status_code
         end
         case response.parameter_block.resource_type
@@ -191,7 +200,7 @@ module RubySMB
           )
         end
         unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
-          raise RubySMB::Error::UnexpectedStatusCode, response.status_code.name
+          raise RubySMB::Error::UnexpectedStatusCode, response.status_code
         end
         results = response.results(type, unicode: unicode)
@@ -226,7 +235,7 @@ module RubySMB
             )
           end
           unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
-            raise RubySMB::Error::UnexpectedStatusCode, response.status_code.name
+            raise RubySMB::Error::UnexpectedStatusCode, response.status_code
           end
           results += response.results(type, unicode: unicode)