ruby_smb 1.0.5 → 1.1.0

data/spec/lib/ruby_smb/dcerpc/bind_ack_spec.rb

@@ -31,7 +31,7 @@ RSpec.describe RubySMB::Dcerpc::BindAck do
     end
 
     it 'should have a default value of 0xFFFF' do
-      expect(packet.max_xmit_frag).to eq 0xFFFF
+      expect(packet.max_xmit_frag).to eq RubySMB::Dcerpc::MAX_XMIT_FRAG
     end
   end
 
@@ -41,7 +41,7 @@ RSpec.describe RubySMB::Dcerpc::BindAck do
     end
 
     it 'should have a default value of 0xFFFF' do
-      expect(packet.max_recv_frag).to eq 0xFFFF
+      expect(packet.max_recv_frag).to eq RubySMB::Dcerpc::MAX_RECV_FRAG
     end
   end
 

data/spec/lib/ruby_smb/dcerpc/bind_spec.rb

@@ -41,7 +41,7 @@ RSpec.describe RubySMB::Dcerpc::Bind do
     end
 
     it 'should have a default value of 0xFFFF' do
-      expect(packet.max_xmit_frag).to eq 0xFFFF
+      expect(packet.max_xmit_frag).to eq RubySMB::Dcerpc::MAX_XMIT_FRAG
     end
   end
 
@@ -51,7 +51,7 @@ RSpec.describe RubySMB::Dcerpc::Bind do
     end
 
     it 'should have a default value of 0xFFFF' do
-      expect(packet.max_recv_frag).to eq 0xFFFF
+      expect(packet.max_recv_frag).to eq RubySMB::Dcerpc::MAX_RECV_FRAG
     end
   end
 

data/spec/lib/ruby_smb/dcerpc/ndr_spec.rb

@@ -0,0 +1,410 @@
+RSpec.describe RubySMB::Dcerpc::Ndr::NdrTopLevelFullPointer do
+  subject(:packet) do
+    Class.new(described_class) do
+      endian :little
+      string :referent
+    end.new
+  end
+
+  it { is_expected.to respond_to :referent_identifier }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  describe '#referent_identifier' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.referent_identifier).to be_a BinData::Uint32le
+    end
+
+    it 'has an initial value of 0x00020000' do
+      expect(packet.referent_identifier).to eq(0x00020000)
+    end
+  end
+
+  describe '#get' do
+    it 'returns 0 when #referent_identifier is 0' do
+      packet.referent_identifier = 0
+      expect(packet.get).to eq(0)
+    end
+
+    it 'returns #referent when #referent_identifier is greater than 0' do
+      packet.set('spec_test')
+      expect(packet.get).to eq(packet.referent)
+    end
+  end
+
+  describe '#set' do
+    context 'when the value is 0' do
+      it 'sets #referent_identifier to 0' do
+        packet.set(0)
+        expect(packet.referent_identifier).to eq(0)
+      end
+    end
+
+    context 'when the value is a string' do
+      it 'sets #referent to the value' do
+        str = 'spec_test'
+        packet.set(str)
+        expect(packet.referent).to eq(str)
+      end
+    end
+  end
+end
+
+RSpec.describe RubySMB::Dcerpc::Ndr::NdrString do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :max_count }
+  it { is_expected.to respond_to :offset }
+  it { is_expected.to respond_to :actual_count }
+  it { is_expected.to respond_to :str }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  describe '#max_count' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.max_count).to be_a BinData::Uint32le
+    end
+  end
+
+  describe '#offset' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.offset).to be_a BinData::Uint32le
+    end
+
+    it 'has an initial valu of 0' do
+      expect(packet.offset).to eq(0)
+    end
+  end
+
+  describe '#actual_count' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.actual_count).to be_a BinData::Uint32le
+    end
+  end
+
+  describe '#str' do
+    it 'is a RubySMB::Field::Stringz16' do
+      expect(packet.str).to be_a RubySMB::Field::Stringz16
+    end
+
+    it 'exists if #actual_count is greater than 0' do
+      packet.actual_count = 4
+      expect(packet.str?).to be true
+    end
+
+    it 'does not exist if #actual_count is 0' do
+      expect(packet.str?).to be false
+    end
+  end
+
+  describe '#get' do
+    it 'returns 0 when #actual_count is 0' do
+      expect(packet.get).to eq(0)
+    end
+
+    it 'returns #str when #actual_count is greater than 0' do
+      str = 'spec_test'
+      strz16 = RubySMB::Field::Stringz16.new(str)
+      packet.set(str)
+      expect(packet.get).to eq(strz16)
+    end
+  end
+
+  describe '#set' do
+    context 'when the value is 0' do
+      it 'sets #actual_count to 0' do
+        packet.set(0)
+        expect(packet.actual_count).to eq(0)
+      end
+    end
+
+    context 'when the value is a string' do
+      let(:str) { 'spec_test' }
+
+      it 'sets #str to the value' do
+        packet.set(str)
+        strz16 = RubySMB::Field::Stringz16.new(str)
+        expect(packet.str).to eq(strz16)
+      end
+
+      it 'sets #max_count and #actual_count to the expected value' do
+        packet.set(str)
+        expect(packet.max_count).to eq(str.length + 1)
+        expect(packet.actual_count).to eq(str.length + 1)
+      end
+    end
+  end
+end
+
+RSpec.describe RubySMB::Dcerpc::Ndr::NdrLpStr do
+  it 'is NdrTopLevelFullPointer subclass' do
+    expect(described_class).to be < RubySMB::Dcerpc::Ndr::NdrTopLevelFullPointer
+  end
+
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :referent }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  describe '#referent' do
+    it 'is a NdrString' do
+      expect(packet.referent).to be_a RubySMB::Dcerpc::Ndr::NdrString
+    end
+
+    it 'exists if superclass #referent_identifier is not zero' do
+      expect(packet.referent?).to be true
+    end
+
+    it 'does not exist if superclass #referent_identifier is zero' do
+      packet.referent_identifier = 0
+      expect(packet.referent?).to be false
+    end
+  end
+
+  describe '#to_s' do
+    it 'returns "\0" when #referent_identifier is 0' do
+      packet.referent_identifier = 0
+      expect(packet.to_s).to eq("\0")
+    end
+
+    it 'returns #referent when #referent_identifier is greater than 0' do
+      packet.set('spec_test')
+      expect(packet.to_s).to eq(packet.referent)
+    end
+  end
+end
+
+RSpec.describe RubySMB::Dcerpc::Ndr::NdrContextHandle do
+  let(:uuid) { 'c3bce70d-5155-472b-9f2f-b824e5fc9b60' }
+  let(:attr) { 123 }
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :context_handle_attributes }
+  it { is_expected.to respond_to :context_handle_uuid }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  describe '#context_handle_attributes' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.context_handle_attributes).to be_a BinData::Uint32le
+    end
+  end
+
+  describe '#context_handle_uuid' do
+    it 'is a UUID' do
+      expect(packet.context_handle_uuid).to be_a RubySMB::Dcerpc::Uuid
+    end
+  end
+
+  describe '#get' do
+    it 'returns the expeted hash' do
+      packet.context_handle_attributes = attr
+      packet.context_handle_uuid = uuid
+      expect(packet.get).to eq({context_handle_attributes: attr, context_handle_uuid: uuid})
+    end
+  end
+
+  describe '#set' do
+    let(:handle) { {context_handle_attributes: attr, context_handle_uuid: uuid} }
+
+    context 'when the value is a hash' do
+      it 'sets #context_handle_attributes and #context_handle_uuid to the expected values' do
+        packet.set(handle)
+        expect(packet.context_handle_attributes).to eq(attr)
+        expect(packet.context_handle_uuid).to eq(uuid)
+      end
+    end
+
+    context 'when the value is a NdrContextHandle'do
+      it 'reads the value binary representaion ' do
+        ndr_context_handle = described_class.new(handle)
+        allow(ndr_context_handle).to receive(:to_binary_s).and_call_original
+        packet.set(ndr_context_handle)
+        expect(ndr_context_handle).to have_received(:to_binary_s)
+        expect(packet.get).to eq(ndr_context_handle)
+      end
+    end
+
+    context 'when the value is a binary string'do
+      it 'reads the value' do
+        ndr_context_handle = described_class.new(handle)
+        packet.set(ndr_context_handle.to_binary_s)
+        expect(packet.get).to eq(ndr_context_handle)
+      end
+    end
+  end
+end
+
+RSpec.describe RubySMB::Dcerpc::Ndr::NdrLpDword do
+  it 'is NdrTopLevelFullPointer subclass' do
+    expect(described_class).to be < RubySMB::Dcerpc::Ndr::NdrTopLevelFullPointer
+  end
+
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :referent }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  describe '#referent' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.referent).to be_a BinData::Uint32le
+    end
+
+    it 'exists if superclass #referent_identifier is not zero' do
+      expect(packet.referent?).to be true
+    end
+
+    it 'does not exist if superclass #referent_identifier is zero' do
+      packet.referent_identifier = 0
+      expect(packet.referent?).to be false
+    end
+  end
+end
+
+RSpec.describe RubySMB::Dcerpc::Ndr::NdrLpByte do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :referent_identifier }
+  it { is_expected.to respond_to :max_count }
+  it { is_expected.to respond_to :offset }
+  it { is_expected.to respond_to :actual_count }
+  it { is_expected.to respond_to :bytes }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  describe '#referent_identifier' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.referent_identifier).to be_a BinData::Uint32le
+    end
+
+    it 'has an initial value of 0x00020000' do
+      expect(packet.referent_identifier).to eq(0x00020000)
+    end
+  end
+
+  describe '#max_count' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.max_count).to be_a BinData::Uint32le
+    end
+
+    it 'has an initial value equal to #actual_count' do
+      packet.actual_count = 345
+      expect(packet.max_count).to eq(345)
+    end
+
+    it 'exists if #referent_identifier is not zero' do
+      expect(packet.max_count?).to be true
+    end
+
+    it 'does not exist if #referent_identifier is zero' do
+      packet.referent_identifier = 0
+      expect(packet.max_count?).to be false
+    end
+  end
+
+  describe '#offset' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.offset).to be_a BinData::Uint32le
+    end
+
+    it 'has an initial value of 0' do
+      expect(packet.offset).to eq(0)
+    end
+
+    it 'exists if #referent_identifier is not zero' do
+      expect(packet.offset?).to be true
+    end
+
+    it 'does not exist if #referent_identifier is zero' do
+      packet.referent_identifier = 0
+      expect(packet.offset?).to be false
+    end
+  end
+
+  describe '#actual_count' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.actual_count).to be_a BinData::Uint32le
+    end
+
+    it 'has an initial value equal to #bytes size' do
+      packet.bytes << 2 << 3 << 4 << 5
+      expect(packet.actual_count).to eq(4)
+    end
+
+    it 'exists if #referent_identifier is not zero' do
+      expect(packet.actual_count?).to be true
+    end
+
+    it 'does not exist if #referent_identifier is zero' do
+      packet.referent_identifier = 0
+      expect(packet.actual_count?).to be false
+    end
+  end
+
+  describe '#bytes' do
+    it 'is a Bindata::Array' do
+      expect(packet.bytes).to be_a BinData::Array
+    end
+
+    it 'has an initial length equal to #actual_count' do
+      packet.actual_count = 3
+      expect(packet.bytes.size).to eq(3)
+    end
+
+    it 'is 8-bit unsigned integer elements' do
+      expect(packet.bytes[0]).to be_a BinData::Uint8
+    end
+
+    it 'exists if #referent_identifier is not zero' do
+      expect(packet.bytes?).to be true
+    end
+
+    it 'does not exist if #referent_identifier is zero' do
+      packet.referent_identifier = 0
+      expect(packet.bytes?).to be false
+    end
+  end
+end
+
+RSpec.describe RubySMB::Dcerpc::Ndr::NdrLpFileTime do
+  it 'is NdrTopLevelFullPointer subclass' do
+    expect(described_class).to be < RubySMB::Dcerpc::Ndr::NdrTopLevelFullPointer
+  end
+
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :referent }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  describe '#referent' do
+    it 'is a FileTime' do
+      expect(packet.referent).to be_a RubySMB::Field::FileTime
+    end
+
+    it 'exists if superclass #referent_identifier is not zero' do
+      expect(packet.referent?).to be true
+    end
+
+    it 'does not exist if superclass #referent_identifier is zero' do
+      packet.referent_identifier = 0
+      expect(packet.referent?).to be false
+    end
+  end
+end

data/spec/lib/ruby_smb/dcerpc/request_spec.rb

@@ -69,11 +69,51 @@ RSpec.describe RubySMB::Dcerpc::Request do
       expect(packet.stub).to be_a BinData::Choice
     end
 
-    context 'with a NetShareEnumAll stub' do
+    context 'with a Srvsvc endpoint' do
+      let(:host) { '1.2.3.4' }
+      let(:packet) do
+        described_class.new(
+          { :opnum => RubySMB::Dcerpc::Srvsvc::NET_SHARE_ENUM_ALL },
+          { :endpoint => 'Srvsvc', :host => host }
+        )
+      end
+
+      it 'uses endpoint parameter to select a Srvsvc stub packet' do
+        expect(packet.stub.selection).to eq('Srvsvc')
+      end
+
+      it 'selects the expected packet structure' do
+        expect(packet.stub).to eq(RubySMB::Dcerpc::Srvsvc::NetShareEnumAll.new(host: host))
+      end
+    end
+
+    context 'with a Winreg endpoint' do
+      let(:opnum) { RubySMB::Dcerpc::Winreg::OPEN_HKCR }
+      let(:packet) do
+        described_class.new(
+          { :opnum => opnum },
+          { :endpoint => 'Winreg' }
+        )
+      end
 
-      it 'uses opnum as a selector' do
-        packet = described_class.new({ :opnum => RubySMB::Dcerpc::Srvsvc::NET_SHARE_ENUM_ALL }, host: '1.2.3.4')
-        expect(packet.stub.selection).to eq(packet.opnum)
+      it 'uses endpoint parameter to select a Winreg stub packet' do
+        expect(packet.stub.selection).to eq('Winreg')
+      end
+
+      it 'selects the expected packet structure' do
+        expect(packet.stub).to eq(RubySMB::Dcerpc::Winreg::OpenRootKeyRequest.new(opnum: opnum))
+      end
+    end
+
+    context 'with an unknown endpoint' do
+      let(:packet) do
+        described_class.new(
+          { :endpoint => 'Unknown' }
+        )
+      end
+
+      it 'sets #stub to an empty string' do
+        expect(packet.stub).to eq('')
       end
     end
   end
@@ -102,13 +142,16 @@ RSpec.describe RubySMB::Dcerpc::Request do
   end
 
   it 'reads its own binary representation and output the same packet' do
-    packet = described_class.new({ :opnum => RubySMB::Dcerpc::Srvsvc::NET_SHARE_ENUM_ALL }, host: '1.2.3.4')
+    packet = described_class.new(
+      { :opnum => RubySMB::Dcerpc::Srvsvc::NET_SHARE_ENUM_ALL },
+      { :endpoint => 'Srvsvc', :host => '1.2.3.4' }
+    )
     packet.pdu_header.pfc_flags.object_uuid = 1
     packet.object = '8a885d04-1ceb-11c9-9fe8-08002b104860'
     packet.auth_verifier = '123456'
     packet.pdu_header.auth_length = 6
     binary = packet.to_binary_s
-    expect(described_class.read(binary)).to eq(packet)
+    packet2 = described_class.new( { :endpoint => 'Srvsvc' } )
+    expect(packet2.read(binary)).to eq(packet)
   end
 end
-