RubyGems - ruby_smb - Versions diffs - 1.0.4 → 2.0.2 - Mend

ruby_smb 1.0.4 → 2.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (130) hide show

checksums.yaml +5 -5
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/.travis.yml +3 -2
data/Gemfile +6 -2
data/README.md +35 -47
data/examples/enum_registry_key.rb +28 -0
data/examples/enum_registry_values.rb +30 -0
data/examples/negotiate.rb +51 -8
data/examples/pipes.rb +2 -1
data/examples/read_file_encryption.rb +56 -0
data/examples/read_registry_key_value.rb +32 -0
data/lib/ruby_smb.rb +4 -1
data/lib/ruby_smb/client.rb +207 -18
data/lib/ruby_smb/client/authentication.rb +27 -8
data/lib/ruby_smb/client/encryption.rb +62 -0
data/lib/ruby_smb/client/negotiation.rb +153 -12
data/lib/ruby_smb/client/signing.rb +19 -0
data/lib/ruby_smb/client/tree_connect.rb +4 -4
data/lib/ruby_smb/client/utils.rb +8 -7
data/lib/ruby_smb/client/winreg.rb +46 -0
data/lib/ruby_smb/crypto.rb +30 -0
data/lib/ruby_smb/dcerpc.rb +38 -0
data/lib/ruby_smb/dcerpc/bind.rb +2 -2
data/lib/ruby_smb/dcerpc/bind_ack.rb +2 -2
data/lib/ruby_smb/dcerpc/error.rb +3 -0
data/lib/ruby_smb/dcerpc/ndr.rb +95 -16
data/lib/ruby_smb/dcerpc/pdu_header.rb +1 -1
data/lib/ruby_smb/dcerpc/request.rb +28 -9
data/lib/ruby_smb/dcerpc/rrp_unicode_string.rb +35 -0
data/lib/ruby_smb/dcerpc/srvsvc.rb +10 -0
data/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all.rb +9 -0
data/lib/ruby_smb/dcerpc/winreg.rb +340 -0
data/lib/ruby_smb/dcerpc/winreg/close_key_request.rb +24 -0
data/lib/ruby_smb/dcerpc/winreg/close_key_response.rb +27 -0
data/lib/ruby_smb/dcerpc/winreg/enum_key_request.rb +45 -0
data/lib/ruby_smb/dcerpc/winreg/enum_key_response.rb +42 -0
data/lib/ruby_smb/dcerpc/winreg/enum_value_request.rb +39 -0
data/lib/ruby_smb/dcerpc/winreg/enum_value_response.rb +36 -0
data/lib/ruby_smb/dcerpc/winreg/open_key_request.rb +34 -0
data/lib/ruby_smb/dcerpc/winreg/open_key_response.rb +25 -0
data/lib/ruby_smb/dcerpc/winreg/open_root_key_request.rb +43 -0
data/lib/ruby_smb/dcerpc/winreg/open_root_key_response.rb +35 -0
data/lib/ruby_smb/dcerpc/winreg/query_info_key_request.rb +27 -0
data/lib/ruby_smb/dcerpc/winreg/query_info_key_response.rb +40 -0
data/lib/ruby_smb/dcerpc/winreg/query_value_request.rb +39 -0
data/lib/ruby_smb/dcerpc/winreg/query_value_response.rb +57 -0
data/lib/ruby_smb/dcerpc/winreg/regsam.rb +40 -0
data/lib/ruby_smb/dispatcher/socket.rb +4 -3
data/lib/ruby_smb/error.rb +28 -1
data/lib/ruby_smb/smb1/commands.rb +1 -1
data/lib/ruby_smb/smb1/file.rb +6 -4
data/lib/ruby_smb/smb1/packet/empty_packet.rb +4 -2
data/lib/ruby_smb/smb1/packet/session_setup_legacy_request.rb +1 -1
data/lib/ruby_smb/smb1/packet/session_setup_legacy_response.rb +2 -2
data/lib/ruby_smb/smb1/packet/session_setup_request.rb +1 -1
data/lib/ruby_smb/smb1/packet/session_setup_response.rb +2 -2
data/lib/ruby_smb/smb1/packet/write_andx_request.rb +1 -1
data/lib/ruby_smb/smb1/pipe.rb +79 -3
data/lib/ruby_smb/smb1/tree.rb +12 -3
data/lib/ruby_smb/smb2/bit_field/session_flags.rb +2 -1
data/lib/ruby_smb/smb2/bit_field/share_flags.rb +6 -4
data/lib/ruby_smb/smb2/file.rb +25 -43
data/lib/ruby_smb/smb2/negotiate_context.rb +108 -0
data/lib/ruby_smb/smb2/packet.rb +2 -0
data/lib/ruby_smb/smb2/packet/compression_transform_header.rb +41 -0
data/lib/ruby_smb/smb2/packet/error_packet.rb +9 -4
data/lib/ruby_smb/smb2/packet/negotiate_request.rb +51 -14
data/lib/ruby_smb/smb2/packet/negotiate_response.rb +50 -4
data/lib/ruby_smb/smb2/packet/transform_header.rb +84 -0
data/lib/ruby_smb/smb2/packet/tree_connect_request.rb +92 -6
data/lib/ruby_smb/smb2/packet/tree_connect_response.rb +8 -26
data/lib/ruby_smb/smb2/pipe.rb +77 -3
data/lib/ruby_smb/smb2/smb2_header.rb +1 -1
data/lib/ruby_smb/smb2/tree.rb +23 -17
data/lib/ruby_smb/version.rb +1 -1
data/ruby_smb.gemspec +5 -3
data/spec/lib/ruby_smb/client_spec.rb +1441 -61
data/spec/lib/ruby_smb/crypto_spec.rb +25 -0
data/spec/lib/ruby_smb/dcerpc/bind_ack_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/bind_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/ndr_spec.rb +410 -0
data/spec/lib/ruby_smb/dcerpc/request_spec.rb +50 -7
data/spec/lib/ruby_smb/dcerpc/rrp_unicode_string_spec.rb +98 -0
data/spec/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all_spec.rb +13 -0
data/spec/lib/ruby_smb/dcerpc/srvsvc_spec.rb +60 -0
data/spec/lib/ruby_smb/dcerpc/winreg/close_key_request_spec.rb +28 -0
data/spec/lib/ruby_smb/dcerpc/winreg/close_key_response_spec.rb +36 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_request_spec.rb +108 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_response_spec.rb +97 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_request_spec.rb +94 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_response_spec.rb +82 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_key_request_spec.rb +74 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_key_response_spec.rb +35 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_request_spec.rb +90 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_request_spec.rb +39 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_response_spec.rb +113 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_request_spec.rb +88 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_response_spec.rb +150 -0
data/spec/lib/ruby_smb/dcerpc/winreg/regsam_spec.rb +32 -0
data/spec/lib/ruby_smb/dcerpc/winreg_spec.rb +710 -0
data/spec/lib/ruby_smb/dcerpc_spec.rb +81 -0
data/spec/lib/ruby_smb/dispatcher/socket_spec.rb +2 -2
data/spec/lib/ruby_smb/error_spec.rb +59 -0
data/spec/lib/ruby_smb/smb1/file_spec.rb +9 -1
data/spec/lib/ruby_smb/smb1/packet/empty_packet_spec.rb +10 -0
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_response_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_response_spec.rb +1 -1
data/spec/lib/ruby_smb/smb1/pipe_spec.rb +210 -148
data/spec/lib/ruby_smb/smb2/bit_field/session_flags_spec.rb +9 -0
data/spec/lib/ruby_smb/smb2/bit_field/share_flags_spec.rb +27 -0
data/spec/lib/ruby_smb/smb2/file_spec.rb +86 -62
data/spec/lib/ruby_smb/smb2/negotiate_context_spec.rb +332 -0
data/spec/lib/ruby_smb/smb2/packet/compression_transform_header_spec.rb +108 -0
data/spec/lib/ruby_smb/smb2/packet/error_packet_spec.rb +29 -2
data/spec/lib/ruby_smb/smb2/packet/negotiate_request_spec.rb +138 -3
data/spec/lib/ruby_smb/smb2/packet/negotiate_response_spec.rb +120 -2
data/spec/lib/ruby_smb/smb2/packet/transform_header_spec.rb +220 -0
data/spec/lib/ruby_smb/smb2/packet/tree_connect_request_spec.rb +339 -9
data/spec/lib/ruby_smb/smb2/packet/tree_connect_response_spec.rb +3 -30
data/spec/lib/ruby_smb/smb2/pipe_spec.rb +220 -149
data/spec/lib/ruby_smb/smb2/smb2_header_spec.rb +2 -2
data/spec/lib/ruby_smb/smb2/tree_spec.rb +53 -8
metadata +187 -81
metadata.gz.sig +0 -0
data/lib/ruby_smb/smb1/dcerpc.rb +0 -72
data/lib/ruby_smb/smb2/dcerpc.rb +0 -75

data/lib/ruby_smb/smb2/bit_field/session_flags.rb CHANGED

@@ -4,7 +4,8 @@ module RubySMB
       # The SessionsFlags bit-field for a {RubySMB::SMB2::Packet::SessionSetupResponse}
       class SessionFlags < BinData::Record
         endian  :little
-        bit6    :reserved3,           label: 'Reserved', initial_value: 0
+        bit5    :reserved3,           label: 'Reserved', initial_value: 0
+        bit1    :encrypt_data,        label: 'Encrypt Data', initial_value: 0
         bit1    :null,                label: 'ASYNC Command', initial_value: 0
         bit1    :guest,               label: 'Is Guest?',     initial_value: 0
         resume_byte_alignment

data/lib/ruby_smb/smb2/bit_field/share_flags.rb CHANGED

@@ -8,7 +8,7 @@ module RubySMB
         bit2    :reserved1,                 label: 'Reserved Space'
         bit1    :vdo_caching,               label: 'VDO Caching'
         bit1    :auto_caching,              label: 'Auto Caching'
-        bit2    :reserved2
+        bit2    :reserved2,                 label: 'Reserved Space'
         bit1    :dfs_root,                  label: 'DFS Root'
         bit1    :dfs,                       label: 'DFS'
         # byte boundary
@@ -20,9 +20,11 @@ module RubySMB
         bit1    :namespace_caching,         label: 'Namespace Caching'
         bit1    :shared_delete,             label: 'Force Shared Delete'
         bit1    :restrict_exclusive_opens,  label: 'Restrict Exclusive Opens'
-        bit8    :reserved3,                 label: 'Reserved Space'
-        bit8    :reserved4,                 label: 'Reserved Space'
+        # byte boundary
+        bit5    :reserved3,                 label: 'Reserved Space'
+        bit1    :identity_remoting,         label: 'Identity Remoting'
+        bit2    :reserved4,                 label: 'Reserved Space'
+        bit8    :reserved5,                 label: 'Reserved Space'
         def caching_type
           if vdo_caching == 1 && auto_caching.zero?

data/lib/ruby_smb/smb2/file.rb CHANGED

@@ -52,7 +52,12 @@ module RubySMB
       #   @return [RubySMB::SMB2::Tree]
       attr_accessor :tree
-      def initialize(tree:, response:, name:)
+      # Whether or not the share associated with this tree connect needs to be encrypted (SMB 3.x)
+      # @!attribute [rw] tree_connect_encrypt_data
+      #   @return [Boolean]
+      attr_accessor :tree_connect_encrypt_data
+      def initialize(tree:, response:, name:, encrypt: false)
         raise ArgumentError, 'No Tree Provided' if tree.nil?
         raise ArgumentError, 'No Response Provided' if response.nil?
@@ -66,6 +71,7 @@ module RubySMB
         @last_write   = response.last_write.to_datetime
         @size         = response.end_of_file
         @size_on_disk = response.allocation_size
+        @tree_connect_encrypt_data = encrypt
       end
       # Appends the supplied data to the end of the file.
@@ -83,7 +89,7 @@ module RubySMB
       # @raise [RubySMB::Error::UnexpectedStatusCode] if the response NTStatus is not STATUS_SUCCESS
       def close
         close_request = set_header_fields(RubySMB::SMB2::Packet::CloseRequest.new)
-        raw_response  = tree.client.send_recv(close_request)
+        raw_response  = tree.client.send_recv(close_request, encrypt: @tree_connect_encrypt_data)
         response = RubySMB::SMB2::Packet::CloseResponse.read(raw_response)
         unless response.valid?
           raise RubySMB::Error::InvalidPacket.new(
@@ -94,7 +100,7 @@ module RubySMB
           )
         end
         unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
-          raise RubySMB::Error::UnexpectedStatusCode, response.status_code.name
+          raise RubySMB::Error::UnexpectedStatusCode, response.status_code
         end
         response.status_code
       end
@@ -116,7 +122,7 @@ module RubySMB
                            end
         read_request = read_packet(read_length: atomic_read_size, offset: offset)
-        raw_response = tree.client.send_recv(read_request)
+        raw_response = tree.client.send_recv(read_request, encrypt: @tree_connect_encrypt_data)
         response     = RubySMB::SMB2::Packet::ReadResponse.read(raw_response)
         unless response.valid?
           raise RubySMB::Error::InvalidPacket.new(
@@ -127,7 +133,7 @@ module RubySMB
           )
         end
         unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
-          raise RubySMB::Error::UnexpectedStatusCode, response.status_code.name
+          raise RubySMB::Error::UnexpectedStatusCode, response.status_code
         end
         data = response.buffer.to_binary_s
@@ -139,7 +145,7 @@ module RubySMB
           atomic_read_size = remaining_bytes if remaining_bytes < tree.client.server_max_read_size
           read_request = read_packet(read_length: atomic_read_size, offset: offset)
-          raw_response = tree.client.send_recv(read_request)
+          raw_response = tree.client.send_recv(read_request, encrypt: @tree_connect_encrypt_data)
           response     = RubySMB::SMB2::Packet::ReadResponse.read(raw_response)
           unless response.valid?
             raise RubySMB::Error::InvalidPacket.new(
@@ -150,7 +156,7 @@ module RubySMB
             )
           end
           unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
-            raise RubySMB::Error::UnexpectedStatusCode, response.status_code.name
+            raise RubySMB::Error::UnexpectedStatusCode, response.status_code
           end
           data << response.buffer.to_binary_s
@@ -170,10 +176,10 @@ module RubySMB
         read_request.offset       = offset
         read_request
       end
       def send_recv_read(read_length: 0, offset: 0)
         read_request = read_packet(read_length: read_length, offset: offset)
-        raw_response = tree.client.send_recv(read_request)
+        raw_response = tree.client.send_recv(read_request, encrypt: @tree_connect_encrypt_data)
         response = RubySMB::SMB2::Packet::ReadResponse.read(raw_response)
         unless response.valid?
           raise RubySMB::Error::InvalidPacket.new(
@@ -183,20 +189,8 @@ module RubySMB
             received_cmd:   response.smb2_header.command
           )
         end
-        if response.status_code == WindowsError::NTStatus::STATUS_PENDING
-          sleep 1
-          raw_response = tree.client.dispatcher.recv_packet
-          response = RubySMB::SMB2::Packet::ReadResponse.read(raw_response)
-          unless response.valid?
-            raise RubySMB::Error::InvalidPacket.new(
-              expected_proto: RubySMB::SMB2::SMB2_PROTOCOL_ID,
-              expected_cmd:   RubySMB::SMB2::Packet::ReadResponse::COMMAND,
-              received_proto: response.smb2_header.protocol,
-              received_cmd:   response.smb2_header.command
-            )
-          end
-        elsif response.status_code != WindowsError::NTStatus::STATUS_SUCCESS
-          raise RubySMB::Error::UnexpectedStatusCode, response.status_code.name
+        unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
+          raise RubySMB::Error::UnexpectedStatusCode, response.status_code
         end
         response.buffer.to_binary_s
       end
@@ -206,7 +200,7 @@ module RubySMB
       # @return [WindowsError::ErrorCode] the NTStatus Response code
       # @raise [RubySMB::Error::InvalidPacket] if the response is not a SetInfoResponse packet
       def delete
-        raw_response = tree.client.send_recv(delete_packet)
+        raw_response = tree.client.send_recv(delete_packet, encrypt: @tree_connect_encrypt_data)
         response = RubySMB::SMB2::Packet::SetInfoResponse.read(raw_response)
         unless response.valid?
           raise RubySMB::Error::InvalidPacket.new(
@@ -256,7 +250,7 @@ module RubySMB
         while buffer.length > 0 do
           write_request = write_packet(data: buffer.slice!(0,atomic_write_size), offset: offset)
-          raw_response  = tree.client.send_recv(write_request)
+          raw_response  = tree.client.send_recv(write_request, encrypt: @tree_connect_encrypt_data)
           response      = RubySMB::SMB2::Packet::WriteResponse.read(raw_response)
           unless response.valid?
             raise RubySMB::Error::InvalidPacket.new(
@@ -286,10 +280,10 @@ module RubySMB
         write_request.buffer        = data
         write_request
       end
       def send_recv_write(data:'', offset: 0)
         pkt = write_packet(data: data, offset: offset)
-        raw_response = tree.client.send_recv(pkt)
+        raw_response = tree.client.send_recv(pkt, encrypt: @tree_connect_encrypt_data)
         response = RubySMB::SMB2::Packet::WriteResponse.read(raw_response)
         unless response.valid?
           raise RubySMB::Error::InvalidPacket.new(
@@ -299,31 +293,19 @@ module RubySMB
             received_cmd:   response.smb2_header.command
           )
         end
-        if response.status_code == WindowsError::NTStatus::STATUS_PENDING
-          sleep 1
-          raw_response = tree.client.dispatcher.recv_packet
-          response = RubySMB::SMB2::Packet::WriteResponse.read(raw_response)
-          unless response.valid?
-            raise RubySMB::Error::InvalidPacket.new(
-              expected_proto: RubySMB::SMB2::SMB2_PROTOCOL_ID,
-              expected_cmd:   RubySMB::SMB2::Packet::WriteResponse::COMMAND,
-              received_proto: response.smb2_header.protocol,
-              received_cmd:   response.smb2_header.command
-            )
-          end
-        elsif response.status_code != WindowsError::NTStatus::STATUS_SUCCESS
-          raise RubySMB::Error::UnexpectedStatusCode, response.status_code.name
+        unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
+          raise RubySMB::Error::UnexpectedStatusCode, response.status_code
         end
         response.write_count
       end
       # Rename a file
       #
       # @param new_file_name [String] the new name
       # @return [WindowsError::ErrorCode] the NTStatus Response code
       # @raise [RubySMB::Error::InvalidPacket] if the response is not a SetInfoResponse packet
       def rename(new_file_name)
-        raw_response = tree.client.send_recv(rename_packet(new_file_name))
+        raw_response = tree.client.send_recv(rename_packet(new_file_name), encrypt: @tree_connect_encrypt_data)
         response = RubySMB::SMB2::Packet::SetInfoResponse.read(raw_response)
         unless response.valid?
           raise RubySMB::Error::InvalidPacket.new(

data/lib/ruby_smb/smb2/negotiate_context.rb ADDED

@@ -0,0 +1,108 @@
+module RubySMB
+  module SMB2
+    # An SMB2 PREAUTH_INTEGRITY_CAPABILITIES context struct as defined in
+    # [2.2.3.1.1 SMB2_PREAUTH_INTEGRITY_CAPABILITIES](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/5a07bd66-4734-4af8-abcf-5a44ff7ee0e5)
+    class PreauthIntegrityCapabilities < BinData::Record
+      SHA_512 = 0x0001
+      HASH_ALGORITM_MAP = {
+        SHA_512 => 'SHA512'
+      }
+      endian  :little
+      uint16 :hash_algorithm_count, label: 'Hash Algorithm Count', initial_value: -> { hash_algorithms.size }
+      uint16 :salt_length,          label: 'Salt Length',          initial_value: -> { salt.num_bytes }
+      array  :hash_algorithms,      label: 'Hash Algorithms',      type: :uint16, initial_length: -> { hash_algorithm_count }
+      string :salt,                 label: 'Salt',                 read_length: -> { salt_length }
+    end
+    # An SMB2 ENCRYPTION_CAPABILITIES context struct as defined in
+    # [2.2.3.1.2 SMB2_ENCRYPTION_CAPABILITIES](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/16693be7-2b27-4d3b-804b-f605bde5bcdd)
+    class EncryptionCapabilities < BinData::Record
+      AES_128_CCM = 0x0001
+      AES_128_GCM = 0x0002
+      ENCRYPTION_ALGORITHM_MAP = {
+        AES_128_CCM => 'AES-128-CCM',
+        AES_128_GCM => 'AES-128-GCM'
+      }
+      endian  :little
+      uint16 :cipher_count, label: 'Cipher Count', initial_value: -> { ciphers.size }
+      array  :ciphers,      label: 'Ciphers',      type: :uint16, initial_length: -> { cipher_count }
+    end
+    # An SMB2 COMPRESSION_CAPABILITIES context struct as defined in
+    # [2.2.3.1.3 SMB2_COMPRESSION_CAPABILITIES](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/78e0c942-ab41-472b-b117-4a95ebe88271)
+    class CompressionCapabilities < BinData::Record
+      # Flags
+      # Chained compression is not supported.
+      SMB2_COMPRESSION_CAPABILITIES_FLAG_NONE    = 0x00000000
+      # Chained compression is supported on this connection.
+      SMB2_COMPRESSION_CAPABILITIES_FLAG_CHAINED = 0x00000001
+      # Compression Algorithms
+      NONE         = 0x0000
+      LZNT1        = 0x0001
+      LZ77         = 0x0002
+      LZ77_Huffman = 0x0003
+      Pattern_V1   = 0x0004
+      COMPRESSION_ALGORITHM_MAP = {
+        NONE         => 'NONE',
+        LZNT1        => 'LZNT1',
+        LZ77         => 'LZ77',
+        LZ77_Huffman => 'LZ77_Huffman',
+        Pattern_V1   => 'Pattern_V1'
+      }
+      endian  :little
+      uint16 :compression_algorithm_count, label: 'Compression Algorithm Count', initial_value: -> { compression_algorithms.size }
+      uint16 :padding,                     label: 'Padding',                     initial_value: 0
+      uint32 :flags,                       label: 'Flags'
+      array  :compression_algorithms,      label: 'Compression Algorithms',      type: :uint16, initial_length: -> { compression_algorithm_count }
+    end
+    # An SMB2 NETNAME_NEGOTIATE_CONTEXT_ID context struct as defined in
+    # [2.2.3.1.4 SMB2_NETNAME_NEGOTIATE_CONTEXT_ID](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/ca6726bd-b9cf-43d9-b0bc-d127d3c993b3)
+    class NetnameNegotiateContextId < BinData::Record
+      endian  :little
+      stringz16 :net_name, label: 'Net Name'
+    end
+    # An SMB2 NEGOTIATE_CONTEXT struct as defined in
+    # [2.2.3.1 SMB2 NEGOTIATE_CONTEXT Request Values](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/15332256-522e-4a53-8cd7-0bd17678a2f7)
+    class NegotiateContext < BinData::Record
+      # The NegotiateContext Data field contains a list of preauthentication integrity hash functions as well as an optional salt value, as specified in section 2.2.3.1.1.
+      SMB2_PREAUTH_INTEGRITY_CAPABILITIES  = 0x0001
+      # The NegotiateContext Data field contains a list of encryption algorithms, as specified in section 2.2.3.1.2.
+      SMB2_ENCRYPTION_CAPABILITIES         = 0x0002
+      # The NegotiateContext Data field contains a list of compression algorithms, as specified in section 2.2.3.1.3.
+      SMB2_COMPRESSION_CAPABILITIES        = 0x0003
+      # The NegotiateContext Data field contains the server name to which the client connects.
+      SMB2_NETNAME_NEGOTIATE_CONTEXT_ID    = 0x0005
+      endian  :little
+      string :pad,          label: 'Padding',     length: -> { pad_length }
+      uint16 :context_type, label: 'Context Type'
+      uint16 :data_length,  label: 'Data Length', initial_value: -> { data.num_bytes }
+      uint32 :reserved,     label: 'Reserved',    initial_value: 0
+      choice :data,         label: 'Data',        selection: -> { context_type } do
+        preauth_integrity_capabilities SMB2_PREAUTH_INTEGRITY_CAPABILITIES, label: 'Preauthentication Integrity Capabilities'
+        encryption_capabilities        SMB2_ENCRYPTION_CAPABILITIES,        label: 'Encryption Capabilities'
+        compression_capabilities       SMB2_COMPRESSION_CAPABILITIES,       label: 'Compression Capabilities'
+        netname_negotiate_context_id   SMB2_NETNAME_NEGOTIATE_CONTEXT_ID,   label: 'Netname Negotiate Context ID'
+      end
+      def pad_length
+        offset = pad.abs_offset % 8
+        (8 - offset) % 8
+      end
+    end
+  end
+end

data/lib/ruby_smb/smb2/packet.rb CHANGED

@@ -30,6 +30,8 @@ module RubySMB
       require 'ruby_smb/smb2/packet/write_response'
       require 'ruby_smb/smb2/packet/ioctl_request'
       require 'ruby_smb/smb2/packet/ioctl_response'
+      require 'ruby_smb/smb2/packet/transform_header'
+      require 'ruby_smb/smb2/packet/compression_transform_header'
     end
   end
 end

data/lib/ruby_smb/smb2/packet/compression_transform_header.rb ADDED

@@ -0,0 +1,41 @@
+module RubySMB
+  module SMB2
+    module Packet
+      # An SMB2 COMPRESSION_TRANSFORM_HEADER Packet as defined in
+      # [2.2.42 SMB2 COMPRESSION_TRANSFORM_HEADER](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/1d435f21-9a21-4f4c-828e-624a176cf2a0)
+      class CompressionTransformHeader < BinData::Record
+        endian :little
+        bit32            :protocol,                         label: 'Protocol ID Field',      initial_value: 0xFC534D42
+        uint32           :original_compressed_segment_size, label: 'Original Compressed Segment Size'
+        uint16           :compression_algorithm,            label: 'Compression Algorithm'
+        uint16           :flags,                            label: 'Flags'
+        uint32           :offset,                           label: 'Offset / Length'
+      end
+      # An SMB2 SMB2_COMPRESSION_TRANSFORM_HEADER_PAYLOAD Packet as defined in
+      # [2.2.42.1 SMB2_COMPRESSION_TRANSFORM_HEADER_PAYLOAD](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/8898e8e7-f1b2-47f5-a525-2ce5bad6db64)
+      class Smb2CompressionPayloadHeader < BinData::Record
+        endian :little
+        hide   :reserved
+        uint16           :algorithm_id,                     label: 'Algorithm ID'
+        uint16           :reserved
+        uint32           :payload_length,                   label: 'Compressed Payload Length'
+      end
+      # An SMB2 SMB2_COMPRESSION_PATTERN_PAYLOAD_V1 Packet as defined in
+      # [2.2.42.2 SMB2_COMPRESSION_PATTERN_PAYLOAD_V1](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/f6859837-395a-4d0a-8971-1fc3919e2d09)
+      class Smb2CompressionPatternPayloadV1 < BinData::Record
+        endian :little
+        hide   :reserved1, :reserved2
+        uint8            :pattern,                          label: 'Pattern'
+        uint8            :reserved1
+        uint16           :reserved2
+        uint32           :repetitions,                      label: 'Repetitions'
+      end
+    end
+  end
+end

data/lib/ruby_smb/smb2/packet/error_packet.rb CHANGED

@@ -1,18 +1,23 @@
 module RubySMB
   module SMB2
     module Packet
-      # An SMB2 Error packet for when an incomplete response comes back
+      # This class represents an SMB2 Error Response Packet as defined in
+      # [2.2.2 SMB2 ERROR Response](https://msdn.microsoft.com/en-us/library/cc246530.aspx)
       class ErrorPacket < RubySMB::GenericPacket
         attr_accessor :original_command
         endian       :little
         smb2_header  :smb2_header
-        uint16       :structure_size, label: 'Structure Size', initial_value: 4
-        uint8        :error_data
+        uint16       :structure_size,      label: 'Structure Size', initial_value: 9
+        uint8        :error_context_count, label: 'ErrorContextCount'
+        uint8        :reserved
+        uint32       :byte_count,          label: 'Byte Count of ErrorData'
+        string       :error_data,          label: 'Error Data', read_length: -> { byte_count }
         def valid?
           return smb2_header.protocol == RubySMB::SMB2::SMB2_PROTOCOL_ID &&
-            smb2_header.command == @original_command
+                 smb2_header.command == @original_command &&
+                 structure_size == 9
         end
       end
     end

data/lib/ruby_smb/smb2/packet/negotiate_request.rb CHANGED

@@ -1,3 +1,5 @@
+require 'ruby_smb/smb2/negotiate_context'
 module RubySMB
   module SMB2
     module Packet
@@ -8,23 +10,30 @@ module RubySMB
         endian              :little
         smb2_header         :smb2_header
-        uint16              :structure_size,      label: 'Structure Size', initial_value: 36
-        uint16              :dialect_count,       label: 'Dialect Count'
-        smb2_security_mode  :security_mode
-        uint16              :reserved1, label: 'Reserved', initial_value: 0
-        smb2_capabilities   :capabilities
-        string              :client_guid,         label: 'Client GUID',        length: 16
-        file_time           :client_start_time,   label: 'Client Start Time',  initial_value: 0
-        array               :dialects,            label: 'Dialects',           type: :uint16, read_until: :eof
-        # Adds a dialect to the Dialects array and increments the dialect count
+        uint16              :structure_size,           label: 'Structure Size', initial_value: 36
+        uint16              :dialect_count,            label: 'Dialect Count', initial_value: -> { dialects.size }
+        smb2_security_mode  :security_mode,            label: 'Security Mode'
+        uint16              :reserved1,                label: 'Reserved', initial_value: 0
+        smb2_capabilities   :capabilities,             label: 'Capabilities'
+        string              :client_guid,              label: 'Client GUID', length: 16
+        struct              :negotiate_context_info,   label: 'Negotiate Context Info', onlyif: -> { has_negotiate_context? } do
+          uint32            :negotiate_context_offset, label: 'Negotiate Context Offset', initial_value: -> { negotiate_context_list.abs_offset }
+          uint16            :negotiate_context_count,  label: 'Negotiate Context Count', initial_value: -> { negotiate_context_list.size }
+          uint16            :reserved2,                label: 'Reserved', initial_value: 0
+        end
+        file_time           :client_start_time,        label: 'Client Start Time', initial_value: 0, onlyif: -> { !has_negotiate_context? }
+        array               :dialects,                 label: 'Dialects', type: :uint16, initial_length: -> { dialect_count }
+        string              :pad,                      label: 'Padding', length: -> { pad_length(self.dialects) }, onlyif: -> { has_negotiate_context? }
+        array               :negotiate_context_list,   label: 'Negotiate Context List', type: :negotiate_context, onlyif: -> { has_negotiate_context? }, read_until: :eof
+        # Adds a dialect to the Dialects array
         #
         # @param [Fixnum] the numeric code for the dialect you wish to add
         # @return [Array<Fixnum>] the array of all currently selected dialects
+        # @raise [ArgumentError] if the dialect is not an Integer
         def add_dialect(dialect)
-          return ArgumentError, 'Must be a number' unless dialect.is_a? Integer
-          self.dialect_count += 1
-          dialects << dialect
+          raise ArgumentError, 'Must be a number' unless dialect.is_a? Integer
+          self.dialects << dialect
         end
         # Takes an array of dialects and sets it on the packet. Also updates
@@ -35,12 +44,40 @@ module RubySMB
         # @return [Array<Fixnum>] the current value of the dialects array
         def set_dialects(add_dialects = [])
           self.dialects = []
-          self.dialect_count = 0
           add_dialects.each do |dialect|
             add_dialect(dialect)
           end
           dialects
         end
+        # Adds a Negotiate Context to the #negotiate_context_list
+        #
+        # @param [NegotiateContext] the Negotiate Context structure you wish to add
+        # @return [Array<Fixnum>] the array of all currently added Negotiate Contexts
+        # @raise [ArgumentError] if the dialect is not a NegotiateContext structure
+        def add_negotiate_context(nc)
+          raise ArgumentError, 'Must be a NegotiateContext' unless nc.is_a? NegotiateContext
+          previous_element = negotiate_context_list.last || negotiate_context_list
+          pad_length = pad_length(previous_element)
+          self.negotiate_context_list << nc
+          self.negotiate_context_list.last.pad = "\x00" * pad_length
+          self.negotiate_context_list
+        end
+        private
+        # Determines the correct length for the padding, so that the next
+        # field is 8-byte aligned.
+        def pad_length(prev_element)
+          offset = (prev_element.abs_offset + prev_element.to_binary_s.length) % 8
+          (8 - offset) % 8
+        end
+        # Return true if the dialect version requires Negotiate Contexts
+        def has_negotiate_context?
+          dialects.any? { |dialect| dialect.to_i == 0x0311 }
+        end
       end
     end
   end