ruby_smb 1.0.5 → 2.0.3

data/spec/lib/ruby_smb/dcerpc/request_spec.rb

@@ -69,11 +69,51 @@ RSpec.describe RubySMB::Dcerpc::Request do
       expect(packet.stub).to be_a BinData::Choice
     end
 
-    context 'with a NetShareEnumAll stub' do
+    context 'with a Srvsvc endpoint' do
+      let(:host) { '1.2.3.4' }
+      let(:packet) do
+        described_class.new(
+          { :opnum => RubySMB::Dcerpc::Srvsvc::NET_SHARE_ENUM_ALL },
+          { :endpoint => 'Srvsvc', :host => host }
+        )
+      end
+
+      it 'uses endpoint parameter to select a Srvsvc stub packet' do
+        expect(packet.stub.selection).to eq('Srvsvc')
+      end
+
+      it 'selects the expected packet structure' do
+        expect(packet.stub).to eq(RubySMB::Dcerpc::Srvsvc::NetShareEnumAll.new(host: host))
+      end
+    end
+
+    context 'with a Winreg endpoint' do
+      let(:opnum) { RubySMB::Dcerpc::Winreg::OPEN_HKCR }
+      let(:packet) do
+        described_class.new(
+          { :opnum => opnum },
+          { :endpoint => 'Winreg' }
+        )
+      end
 
-      it 'uses opnum as a selector' do
-        packet = described_class.new({ :opnum => RubySMB::Dcerpc::Srvsvc::NET_SHARE_ENUM_ALL }, host: '1.2.3.4')
-        expect(packet.stub.selection).to eq(packet.opnum)
+      it 'uses endpoint parameter to select a Winreg stub packet' do
+        expect(packet.stub.selection).to eq('Winreg')
+      end
+
+      it 'selects the expected packet structure' do
+        expect(packet.stub).to eq(RubySMB::Dcerpc::Winreg::OpenRootKeyRequest.new(opnum: opnum))
+      end
+    end
+
+    context 'with an unknown endpoint' do
+      let(:packet) do
+        described_class.new(
+          { :endpoint => 'Unknown' }
+        )
+      end
+
+      it 'sets #stub to an empty string' do
+        expect(packet.stub).to eq('')
       end
     end
   end
@@ -102,13 +142,16 @@ RSpec.describe RubySMB::Dcerpc::Request do
   end
 
   it 'reads its own binary representation and output the same packet' do
-    packet = described_class.new({ :opnum => RubySMB::Dcerpc::Srvsvc::NET_SHARE_ENUM_ALL }, host: '1.2.3.4')
+    packet = described_class.new(
+      { :opnum => RubySMB::Dcerpc::Srvsvc::NET_SHARE_ENUM_ALL },
+      { :endpoint => 'Srvsvc', :host => '1.2.3.4' }
+    )
     packet.pdu_header.pfc_flags.object_uuid = 1
     packet.object = '8a885d04-1ceb-11c9-9fe8-08002b104860'
     packet.auth_verifier = '123456'
     packet.pdu_header.auth_length = 6
     binary = packet.to_binary_s
-    expect(described_class.read(binary)).to eq(packet)
+    packet2 = described_class.new( { :endpoint => 'Srvsvc' } )
+    expect(packet2.read(binary)).to eq(packet)
   end
 end
-

data/spec/lib/ruby_smb/dcerpc/rpc_security_attributes_spec.rb

@@ -0,0 +1,161 @@
+RSpec.describe RubySMB::Dcerpc::RpcSecurityDescriptor do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :lp_security_descriptor }
+  it { is_expected.to respond_to :cb_in_security_descriptor }
+  it { is_expected.to respond_to :cb_out_security_descriptor }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  describe '#lp_security_descriptor' do
+    it 'should be a NdrLpByteArray structure' do
+      expect(packet.lp_security_descriptor).to be_a RubySMB::Dcerpc::Ndr::NdrLpByteArray
+    end
+  end
+
+  describe '#cb_in_security_descriptor' do
+    it 'should be a 32-bit unsigned integer' do
+      expect(packet.cb_in_security_descriptor).to be_a BinData::Uint32le
+    end
+  end
+
+  describe '#cb_out_security_descriptor' do
+    it 'should be a 32-bit unsigned integer' do
+      expect(packet.cb_out_security_descriptor).to be_a BinData::Uint32le
+    end
+  end
+
+  describe '#read' do
+    context 'with a null pointer' do
+      it 'reads its own binary representation' do
+        raw = packet.to_binary_s
+        expect(described_class.read(raw)).to eq(packet)
+        expect(described_class.read(raw).to_binary_s).to eq(raw)
+      end
+    end
+
+    context 'with a normal RpcSecurityAttributes structure' do
+      it 'reads its own binary representation' do
+        packet.lp_security_descriptor = RubySMB::Dcerpc::Ndr::NdrLpByteArray.new([1, 2, 3])
+        packet.cb_in_security_descriptor = 90
+        packet.cb_out_security_descriptor = 33
+        raw = packet.to_binary_s
+        expect(described_class.read(raw)).to eq(packet)
+        expect(described_class.read(raw).to_binary_s).to eq(raw)
+      end
+    end
+  end
+end
+
+RSpec.describe RubySMB::Dcerpc::RpcSecurityAttributes do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :n_length }
+  it { is_expected.to respond_to :rpc_security_descriptor }
+  it { is_expected.to respond_to :b_inheritHandle }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  describe '#n_length' do
+    it 'should be a 32-bit unsigned integer' do
+      expect(packet.n_length).to be_a BinData::Uint32le
+    end
+  end
+
+  describe '#rpc_security_descriptor' do
+    it 'should be a RpcSecurityDescriptor structure' do
+      expect(packet.rpc_security_descriptor).to be_a RubySMB::Dcerpc::RpcSecurityDescriptor
+    end
+  end
+
+  describe '#b_inheritHandle' do
+    it 'should be a 8-bit unsigned integer' do
+      expect(packet.b_inheritHandle).to be_a BinData::Uint8
+    end
+  end
+
+  describe '#read' do
+    context 'with a null pointer' do
+      it 'reads its own binary representation' do
+        raw = packet.to_binary_s
+        expect(described_class.read(raw)).to eq(packet)
+        expect(described_class.read(raw).to_binary_s).to eq(raw)
+      end
+    end
+
+    context 'with a normal RpcSecurityAttributes structure' do
+      it 'reads its own binary representation' do
+        packet.n_length = 3
+        packet.rpc_security_descriptor = RubySMB::Dcerpc::RpcSecurityDescriptor.new
+        packet.rpc_security_descriptor.lp_security_descriptor = [1, 2, 3]
+        packet.rpc_security_descriptor.cb_in_security_descriptor = 33
+        packet.rpc_security_descriptor.cb_out_security_descriptor = 22
+        packet.b_inheritHandle = 90
+        raw = packet.to_binary_s
+        expect(described_class.read(raw)).to eq(packet)
+        expect(described_class.read(raw).to_binary_s).to eq(raw)
+      end
+    end
+  end
+end
+
+RSpec.describe RubySMB::Dcerpc::PrpcSecurityAttributes do
+  it 'is NdrPointer subclass' do
+    expect(described_class).to be < RubySMB::Dcerpc::Ndr::NdrPointer
+  end
+
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :referent }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  describe '#referent' do
+    it 'should be a RpcSecurityAttributes structure' do
+      expect(packet.referent).to be_a RubySMB::Dcerpc::RpcSecurityAttributes
+    end
+
+    it 'exists if superclass #referent_id is not zero' do
+      packet.referent_id = 0xCCCC
+      expect(packet.referent?).to be true
+    end
+
+    it 'does not exist if superclass #referent_id is zero' do
+      packet.referent_id = 0
+      expect(packet.referent?).to be false
+    end
+  end
+
+  describe '#read' do
+    context 'with a null pointer' do
+      it 'reads its own binary representation' do
+        raw = packet.to_binary_s
+        expect(described_class.read(raw)).to eq(packet)
+        expect(described_class.read(raw).to_binary_s).to eq(raw)
+      end
+    end
+
+    context 'with a normal RpcSecurityAttributes structure' do
+      it 'reads its own binary representation' do
+        struct = RubySMB::Dcerpc::RpcSecurityAttributes.new
+        struct.n_length = 5
+        struct.rpc_security_descriptor = RubySMB::Dcerpc::RpcSecurityDescriptor.new
+        struct.rpc_security_descriptor.lp_security_descriptor = [1, 2, 3]
+        struct.rpc_security_descriptor.cb_in_security_descriptor = 33
+        struct.rpc_security_descriptor.cb_out_security_descriptor = 22
+        struct.b_inheritHandle = 4
+        packet.set(struct)
+        raw = packet.to_binary_s
+        expect(described_class.read(raw)).to eq(packet)
+        expect(described_class.read(raw).to_binary_s).to eq(raw)
+      end
+    end
+  end
+end
+

data/spec/lib/ruby_smb/dcerpc/rrp_unicode_string_spec.rb

@@ -0,0 +1,135 @@
+RSpec.describe RubySMB::Dcerpc::RrpUnicodeString do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :buffer_length }
+  it { is_expected.to respond_to :maximum_length }
+  it { is_expected.to respond_to :buffer }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  describe '#buffer_length' do
+    it 'should be a 16-bit unsigned integer' do
+      expect(packet.buffer_length).to be_a BinData::Uint16le
+    end
+  end
+
+  describe '#maximum_length' do
+    it 'should be a 16-bit unsigned integer' do
+      expect(packet.maximum_length).to be_a BinData::Uint16le
+    end
+  end
+
+  describe '#buffer' do
+    it 'should be a NdrLpStr' do
+      expect(packet.buffer).to be_a RubySMB::Dcerpc::Ndr::NdrLpStr
+    end
+  end
+
+  describe '#get' do
+    it 'returns #buffer' do
+      packet.buffer = 'spec_test'
+      expect(packet.get).to eq(RubySMB::Dcerpc::Ndr::NdrLpStr.new('spec_test'))
+    end
+  end
+
+  describe '#set' do
+    it 'sets #buffer to the expected value' do
+      packet.set('spec_test')
+      expect(packet.buffer).to eq(RubySMB::Dcerpc::Ndr::NdrLpStr.new('spec_test'))
+    end
+
+    it 'sets #buffer_length to the expected value' do
+      packet.set('spec_test')
+      expect(packet.buffer_length).to eq(('spec_test'.size + 1) * 2)
+    end
+
+    it 'sets #maximum_length to the expected value' do
+      packet.set('spec_test')
+      expect(packet.maximum_length).to eq(('spec_test'.size + 1) * 2)
+    end
+
+    context 'when the value is :null' do
+      it 'sets #buffer_length to 0' do
+        packet.buffer_length = 33
+        packet.set(:null)
+        expect(packet.buffer_length).to eq(0)
+      end
+
+      it 'does not set #maximum_length if it has already been set' do
+        packet.maximum_length = 33
+        packet.set(:null)
+        expect(packet.maximum_length).to eq(33)
+      end
+    end
+  end
+
+  describe '#read' do
+    context 'with a null pointer' do
+      it 'reads its own binary representation' do
+        raw = packet.to_binary_s
+        expect(described_class.read(raw)).to eq(packet)
+        expect(described_class.read(raw).to_binary_s).to eq(raw)
+      end
+    end
+
+    context 'with a normal string' do
+      it 'reads its own binary representation' do
+        packet.assign('my_test')
+        raw = packet.to_binary_s
+        expect(described_class.read(raw)).to eq(packet)
+        expect(described_class.read(raw).to_binary_s).to eq(raw)
+      end
+    end
+  end
+end
+
+RSpec.describe RubySMB::Dcerpc::PrrpUnicodeString do
+  it 'is NdrPointer subclass' do
+    expect(described_class).to be < RubySMB::Dcerpc::Ndr::NdrPointer
+  end
+
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :referent }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  describe '#referent' do
+    it 'is a RrpUnicodeString' do
+      expect(packet.referent).to be_a RubySMB::Dcerpc::RrpUnicodeString
+    end
+
+    it 'exists if superclass #referent_identifier is not zero' do
+      packet.referent_id = 0xCCCC
+      expect(packet.referent?).to be true
+    end
+
+    it 'does not exist if superclass #referent_identifier is zero' do
+      packet.referent_id = 0
+      expect(packet.referent?).to be false
+    end
+  end
+
+  describe '#read' do
+    context 'with a null pointer' do
+      it 'reads its own binary representation' do
+        raw = packet.to_binary_s
+        expect(described_class.read(raw)).to eq(packet)
+        expect(described_class.read(raw).to_binary_s).to eq(raw)
+      end
+    end
+
+    context 'with a normal string' do
+      it 'reads its own binary representation' do
+        packet.assign('my_test')
+        raw = packet.to_binary_s
+        expect(described_class.read(raw)).to eq(packet)
+        expect(described_class.read(raw).to_binary_s).to eq(raw)
+      end
+    end
+  end
+end

data/spec/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all_spec.rb

@@ -15,11 +15,18 @@ RSpec.describe RubySMB::Dcerpc::Srvsvc::NetShareEnumAll do
   it { is_expected.to respond_to :max_buffer }
   it { is_expected.to respond_to :resume_referent_id }
   it { is_expected.to respond_to :resume_handle }
+  it { is_expected.to respond_to :opnum }
 
   it 'is little endian' do
     expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
   end
 
+  context 'when \'host\' parameter is not provided' do
+    it 'raises an ArgumentError' do
+      expect { described_class.new }.to raise_error(ArgumentError)
+    end
+  end
+
   describe '#referent_id' do
     it 'should be a 32-bit unsigned integer' do
       expect(packet.referent_id).to be_a BinData::Uint32le
@@ -156,6 +163,12 @@ RSpec.describe RubySMB::Dcerpc::Srvsvc::NetShareEnumAll do
     end
   end
 
+  describe '#initialize_instance' do
+    it 'sets #opnum to REG_CLOSE_KEY constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Srvsvc::NET_SHARE_ENUM_ALL)
+    end
+  end
+
   describe '#pad_length' do
     it 'returns 0 when #level is already 4-byte aligned' do
       expect(packet.pad_length).to eq 0

data/spec/lib/ruby_smb/dcerpc/srvsvc_spec.rb

@@ -0,0 +1,60 @@
+RSpec.describe RubySMB::Dcerpc::Srvsvc do
+  let(:srvsvc) do
+    RubySMB::SMB1::Pipe.new(
+      tree: double('Tree'),
+      response: RubySMB::SMB1::Packet::NtCreateAndxResponse.new,
+      name: 'srvsvc'
+    )
+  end
+
+  describe '#net_share_enum_all' do
+    let(:host)            { '1.2.3.4' }
+    let(:request_packet)  { double('NetShareEnumAll request packet') }
+    let(:dcerpc_response) { double('DCERPC response') }
+    let(:shares) do
+      [
+        ["C$", "DISK", "Default share"],
+        ["Shared", "DISK", ""],
+        ["IPC$", "IPC", "Remote IPC"],
+        ["ADMIN$", "DISK", "Remote Admin"]
+      ]
+    end
+
+    before :example do
+      allow(srvsvc).to receive(:bind)
+      allow(RubySMB::Dcerpc::Srvsvc::NetShareEnumAll).to receive(:new).and_return(request_packet)
+      allow(srvsvc).to receive(:dcerpc_request).and_return(dcerpc_response)
+      allow(RubySMB::Dcerpc::Srvsvc::NetShareEnumAll).to receive(:parse_response).and_return(shares)
+    end
+
+    it 'calls #bind with the expected arguments' do
+      srvsvc.net_share_enum_all(host)
+      expect(srvsvc).to have_received(:bind).with(endpoint: RubySMB::Dcerpc::Srvsvc)
+    end
+
+    it 'creates the expected NetShareEnumAll packet' do
+      srvsvc.net_share_enum_all(host)
+      expect(RubySMB::Dcerpc::Srvsvc::NetShareEnumAll).to have_received(:new).with(host: host)
+    end
+
+    it 'calls #request with the expected arguments' do
+      srvsvc.net_share_enum_all(host)
+      expect(srvsvc).to have_received(:dcerpc_request).with(request_packet)
+    end
+
+    it 'parse the response with NetShareEnumAll #parse_response method' do
+      srvsvc.net_share_enum_all(host)
+      expect(RubySMB::Dcerpc::Srvsvc::NetShareEnumAll).to have_received(:parse_response).with(dcerpc_response)
+    end
+
+    it 'returns the remote shares' do
+      output = [
+        {:name=>"C$", :type=>"DISK", :comment=>"Default share"},
+        {:name=>"Shared", :type=>"DISK", :comment=>""},
+        {:name=>"IPC$", :type=>"IPC", :comment=>"Remote IPC"},
+        {:name=>"ADMIN$", :type=>"DISK", :comment=>"Remote Admin"},
+      ]
+      expect(srvsvc.net_share_enum_all(host)).to eq(output)
+    end
+  end
+end