RubyGems - ruby_smb - Versions diffs - 1.0.5 → 2.0.3 - Mend

ruby_smb 1.0.5 → 2.0.3

Files changed (191) hide show

checksums.yaml +5 -5
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/.travis.yml +3 -2
data/Gemfile +6 -2
data/README.md +35 -47
data/examples/anonymous_auth.rb +3 -3
data/examples/append_file.rb +10 -8
data/examples/authenticate.rb +9 -5
data/examples/delete_file.rb +8 -6
data/examples/enum_registry_key.rb +29 -0
data/examples/enum_registry_values.rb +31 -0
data/examples/list_directory.rb +8 -6
data/examples/negotiate.rb +51 -8
data/examples/negotiate_with_netbios_service.rb +9 -5
data/examples/net_share_enum_all.rb +6 -4
data/examples/pipes.rb +13 -13
data/examples/query_service_status.rb +64 -0
data/examples/read_file.rb +8 -6
data/examples/read_file_encryption.rb +56 -0
data/examples/read_registry_key_value.rb +33 -0
data/examples/rename_file.rb +9 -7
data/examples/tree_connect.rb +7 -5
data/examples/write_file.rb +9 -7
data/lib/ruby_smb.rb +4 -1
data/lib/ruby_smb/client.rb +239 -21
data/lib/ruby_smb/client/authentication.rb +27 -8
data/lib/ruby_smb/client/encryption.rb +62 -0
data/lib/ruby_smb/client/negotiation.rb +154 -12
data/lib/ruby_smb/client/signing.rb +19 -0
data/lib/ruby_smb/client/tree_connect.rb +4 -4
data/lib/ruby_smb/client/utils.rb +8 -7
data/lib/ruby_smb/client/winreg.rb +46 -0
data/lib/ruby_smb/crypto.rb +30 -0
data/lib/ruby_smb/dcerpc.rb +40 -0
data/lib/ruby_smb/dcerpc/bind.rb +2 -2
data/lib/ruby_smb/dcerpc/bind_ack.rb +2 -2
data/lib/ruby_smb/dcerpc/error.rb +6 -0
data/lib/ruby_smb/dcerpc/ndr.rb +260 -16
data/lib/ruby_smb/dcerpc/pdu_header.rb +1 -1
data/lib/ruby_smb/dcerpc/request.rb +41 -9
data/lib/ruby_smb/dcerpc/rpc_security_attributes.rb +34 -0
data/lib/ruby_smb/dcerpc/rrp_unicode_string.rb +38 -0
data/lib/ruby_smb/dcerpc/srvsvc.rb +10 -0
data/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all.rb +9 -0
data/lib/ruby_smb/dcerpc/svcctl.rb +479 -0
data/lib/ruby_smb/dcerpc/svcctl/change_service_config_w_request.rb +48 -0
data/lib/ruby_smb/dcerpc/svcctl/change_service_config_w_response.rb +26 -0
data/lib/ruby_smb/dcerpc/svcctl/close_service_handle_request.rb +25 -0
data/lib/ruby_smb/dcerpc/svcctl/close_service_handle_response.rb +26 -0
data/lib/ruby_smb/dcerpc/svcctl/control_service_request.rb +26 -0
data/lib/ruby_smb/dcerpc/svcctl/control_service_response.rb +26 -0
data/lib/ruby_smb/dcerpc/svcctl/open_sc_manager_w_request.rb +35 -0
data/lib/ruby_smb/dcerpc/svcctl/open_sc_manager_w_response.rb +23 -0
data/lib/ruby_smb/dcerpc/svcctl/open_service_w_request.rb +31 -0
data/lib/ruby_smb/dcerpc/svcctl/open_service_w_response.rb +23 -0
data/lib/ruby_smb/dcerpc/svcctl/query_service_config_w_request.rb +25 -0
data/lib/ruby_smb/dcerpc/svcctl/query_service_config_w_response.rb +44 -0
data/lib/ruby_smb/dcerpc/svcctl/query_service_status_request.rb +23 -0
data/lib/ruby_smb/dcerpc/svcctl/query_service_status_response.rb +27 -0
data/lib/ruby_smb/dcerpc/svcctl/service_status.rb +25 -0
data/lib/ruby_smb/dcerpc/svcctl/start_service_w_request.rb +27 -0
data/lib/ruby_smb/dcerpc/svcctl/start_service_w_response.rb +25 -0
data/lib/ruby_smb/dcerpc/winreg.rb +421 -0
data/lib/ruby_smb/dcerpc/winreg/close_key_request.rb +24 -0
data/lib/ruby_smb/dcerpc/winreg/close_key_response.rb +27 -0
data/lib/ruby_smb/dcerpc/winreg/create_key_request.rb +73 -0
data/lib/ruby_smb/dcerpc/winreg/create_key_response.rb +36 -0
data/lib/ruby_smb/dcerpc/winreg/enum_key_request.rb +45 -0
data/lib/ruby_smb/dcerpc/winreg/enum_key_response.rb +42 -0
data/lib/ruby_smb/dcerpc/winreg/enum_value_request.rb +39 -0
data/lib/ruby_smb/dcerpc/winreg/enum_value_response.rb +36 -0
data/lib/ruby_smb/dcerpc/winreg/open_key_request.rb +34 -0
data/lib/ruby_smb/dcerpc/winreg/open_key_response.rb +25 -0
data/lib/ruby_smb/dcerpc/winreg/open_root_key_request.rb +43 -0
data/lib/ruby_smb/dcerpc/winreg/open_root_key_response.rb +35 -0
data/lib/ruby_smb/dcerpc/winreg/query_info_key_request.rb +27 -0
data/lib/ruby_smb/dcerpc/winreg/query_info_key_response.rb +40 -0
data/lib/ruby_smb/dcerpc/winreg/query_value_request.rb +40 -0
data/lib/ruby_smb/dcerpc/winreg/query_value_response.rb +57 -0
data/lib/ruby_smb/dcerpc/winreg/regsam.rb +40 -0
data/lib/ruby_smb/dcerpc/winreg/save_key_request.rb +37 -0
data/lib/ruby_smb/dcerpc/winreg/save_key_response.rb +23 -0
data/lib/ruby_smb/dispatcher/base.rb +1 -1
data/lib/ruby_smb/dispatcher/socket.rb +5 -4
data/lib/ruby_smb/error.rb +28 -1
data/lib/ruby_smb/field/stringz16.rb +17 -1
data/lib/ruby_smb/nbss/session_header.rb +4 -4
data/lib/ruby_smb/smb1/commands.rb +1 -1
data/lib/ruby_smb/smb1/file.rb +8 -14
data/lib/ruby_smb/smb1/packet/session_setup_legacy_request.rb +1 -1
data/lib/ruby_smb/smb1/packet/session_setup_legacy_response.rb +2 -2
data/lib/ruby_smb/smb1/packet/session_setup_request.rb +1 -1
data/lib/ruby_smb/smb1/packet/session_setup_response.rb +2 -2
data/lib/ruby_smb/smb1/packet/write_andx_request.rb +1 -1
data/lib/ruby_smb/smb1/pipe.rb +81 -3
data/lib/ruby_smb/smb1/tree.rb +12 -3
data/lib/ruby_smb/smb2/bit_field/session_flags.rb +2 -1
data/lib/ruby_smb/smb2/bit_field/share_flags.rb +6 -4
data/lib/ruby_smb/smb2/file.rb +51 -61
data/lib/ruby_smb/smb2/negotiate_context.rb +108 -0
data/lib/ruby_smb/smb2/packet.rb +2 -0
data/lib/ruby_smb/smb2/packet/compression_transform_header.rb +41 -0
data/lib/ruby_smb/smb2/packet/error_packet.rb +2 -4
data/lib/ruby_smb/smb2/packet/negotiate_request.rb +51 -14
data/lib/ruby_smb/smb2/packet/negotiate_response.rb +50 -4
data/lib/ruby_smb/smb2/packet/transform_header.rb +84 -0
data/lib/ruby_smb/smb2/packet/tree_connect_request.rb +92 -6
data/lib/ruby_smb/smb2/packet/tree_connect_response.rb +8 -26
data/lib/ruby_smb/smb2/pipe.rb +80 -3
data/lib/ruby_smb/smb2/smb2_header.rb +1 -1
data/lib/ruby_smb/smb2/tree.rb +32 -20
data/lib/ruby_smb/version.rb +1 -1
data/ruby_smb.gemspec +5 -3
data/spec/lib/ruby_smb/client_spec.rb +1583 -102
data/spec/lib/ruby_smb/crypto_spec.rb +25 -0
data/spec/lib/ruby_smb/dcerpc/bind_ack_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/bind_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/ndr_spec.rb +1729 -0
data/spec/lib/ruby_smb/dcerpc/request_spec.rb +50 -7
data/spec/lib/ruby_smb/dcerpc/rpc_security_attributes_spec.rb +161 -0
data/spec/lib/ruby_smb/dcerpc/rrp_unicode_string_spec.rb +135 -0
data/spec/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all_spec.rb +13 -0
data/spec/lib/ruby_smb/dcerpc/srvsvc_spec.rb +60 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/change_service_config_w_request_spec.rb +191 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/change_service_config_w_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/close_service_handle_request_spec.rb +30 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/close_service_handle_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/control_service_request_spec.rb +39 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/control_service_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/open_sc_manager_w_request_spec.rb +78 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/open_sc_manager_w_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/open_service_w_request_spec.rb +59 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/open_service_w_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/query_service_config_w_request_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/query_service_config_w_response_spec.rb +152 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/query_service_status_request_spec.rb +30 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/query_service_status_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/service_status_spec.rb +72 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/start_service_w_request_spec.rb +46 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/start_service_w_response_spec.rb +30 -0
data/spec/lib/ruby_smb/dcerpc/svcctl_spec.rb +512 -0
data/spec/lib/ruby_smb/dcerpc/winreg/close_key_request_spec.rb +28 -0
data/spec/lib/ruby_smb/dcerpc/winreg/close_key_response_spec.rb +36 -0
data/spec/lib/ruby_smb/dcerpc/winreg/create_key_request_spec.rb +110 -0
data/spec/lib/ruby_smb/dcerpc/winreg/create_key_response_spec.rb +44 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_request_spec.rb +104 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_response_spec.rb +97 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_request_spec.rb +94 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_response_spec.rb +82 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_key_request_spec.rb +74 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_key_response_spec.rb +35 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_request_spec.rb +95 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_request_spec.rb +35 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_response_spec.rb +113 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_request_spec.rb +88 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_response_spec.rb +138 -0
data/spec/lib/ruby_smb/dcerpc/winreg/regsam_spec.rb +32 -0
data/spec/lib/ruby_smb/dcerpc/winreg/save_key_request_spec.rb +57 -0
data/spec/lib/ruby_smb/dcerpc/winreg/save_key_response_spec.rb +22 -0
data/spec/lib/ruby_smb/dcerpc/winreg_spec.rb +884 -0
data/spec/lib/ruby_smb/dcerpc_spec.rb +81 -0
data/spec/lib/ruby_smb/dispatcher/socket_spec.rb +12 -12
data/spec/lib/ruby_smb/error_spec.rb +59 -0
data/spec/lib/ruby_smb/field/stringz16_spec.rb +12 -0
data/spec/lib/ruby_smb/nbss/session_header_spec.rb +4 -11
data/spec/lib/ruby_smb/smb1/file_spec.rb +9 -1
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_response_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_response_spec.rb +1 -1
data/spec/lib/ruby_smb/smb1/pipe_spec.rb +216 -147
data/spec/lib/ruby_smb/smb2/bit_field/session_flags_spec.rb +9 -0
data/spec/lib/ruby_smb/smb2/bit_field/share_flags_spec.rb +27 -0
data/spec/lib/ruby_smb/smb2/file_spec.rb +146 -68
data/spec/lib/ruby_smb/smb2/negotiate_context_spec.rb +332 -0
data/spec/lib/ruby_smb/smb2/packet/compression_transform_header_spec.rb +108 -0
data/spec/lib/ruby_smb/smb2/packet/error_packet_spec.rb +3 -24
data/spec/lib/ruby_smb/smb2/packet/negotiate_request_spec.rb +138 -3
data/spec/lib/ruby_smb/smb2/packet/negotiate_response_spec.rb +120 -2
data/spec/lib/ruby_smb/smb2/packet/transform_header_spec.rb +220 -0
data/spec/lib/ruby_smb/smb2/packet/tree_connect_request_spec.rb +339 -9
data/spec/lib/ruby_smb/smb2/packet/tree_connect_response_spec.rb +3 -30
data/spec/lib/ruby_smb/smb2/pipe_spec.rb +226 -148
data/spec/lib/ruby_smb/smb2/smb2_header_spec.rb +2 -2
data/spec/lib/ruby_smb/smb2/tree_spec.rb +88 -9
metadata +257 -81
metadata.gz.sig +0 -0
data/lib/ruby_smb/smb1/dcerpc.rb +0 -72
data/lib/ruby_smb/smb2/dcerpc.rb +0 -75

@@ -8,6 +8,8 @@ module RubySMB
     require 'ruby_smb/client/tree_connect'
     require 'ruby_smb/client/echo'
     require 'ruby_smb/client/utils'
+    require 'ruby_smb/client/winreg'
+    require 'ruby_smb/client/encryption'
     include RubySMB::Client::Negotiation
     include RubySMB::Client::Authentication
@@ -15,13 +17,21 @@ module RubySMB
     include RubySMB::Client::TreeConnect
     include RubySMB::Client::Echo
     include RubySMB::Client::Utils
+    include RubySMB::Client::Winreg
+    include RubySMB::Client::Encryption
     # The Default SMB1 Dialect string used in an SMB1 Negotiate Request
     SMB1_DIALECT_SMB1_DEFAULT = 'NT LM 0.12'.freeze
     # The Default SMB2 Dialect string used in an SMB1 Negotiate Request
     SMB1_DIALECT_SMB2_DEFAULT = 'SMB 2.002'.freeze
-    # Dialect value for SMB2 Default (Version 2.02)
-    SMB2_DIALECT_DEFAULT = 0x0202
+    # The SMB2 wildcard revision number Dialect string used in an SMB1 Negotiate Request
+    # It indicates that the server implements SMB 2.1 or future dialect revisions
+    # Note that this must be used for SMB3
+    SMB1_DIALECT_SMB2_WILDCARD = 'SMB 2.???'.freeze
+    # Dialect values for SMB2
+    SMB2_DIALECT_DEFAULT = ['0x0202', '0x0210']
+    # Dialect values for SMB3
+    SMB3_DIALECT_DEFAULT = ['0x0300', '0x0302', '0x0311']
     # The default maximum size of a SMB message that the Client accepts (in bytes)
     MAX_BUFFER_SIZE = 64512
     # The default maximum size of a SMB message that the Server accepts (in bytes)
@@ -133,6 +143,11 @@ module RubySMB
     #   @return [Boolean]
     attr_accessor :smb2
+    # Whether or not the Client should support SMB3
+    # @!attribute [rw] smb3
+    #   @return [Boolean]
+    attr_accessor :smb3
     #  Tracks the current SMB2 Message ID that keeps communication in sync
     # @!attribute [rw] smb2_message_id
     #   @return [Integer]
@@ -145,9 +160,16 @@ module RubySMB
     # The UID set in SMB1
     # @!attribute [rw] user_id
-    #   @return [String]
+    #   @return [Integer]
     attr_accessor :user_id
+    # The Process ID set in SMB1
+    # It is randomly generated during the client initialization, but can
+    # be modified using the accessor.
+    # @!attribute [rw] pid
+    #   @return [Integer]
+    attr_accessor :pid
     # The maximum size SMB message that the Client accepts (in bytes)
     # The default value is equal to {MAX_BUFFER_SIZE}.
     # @!attribute [rw] max_buffer_size
@@ -176,15 +198,92 @@ module RubySMB
     #   @return [Integer]
     attr_accessor :server_max_transact_size
+    # The algorithm to compute the preauthentication integrity hash (SMB 3.1.1).
+    # @!attribute [rw] preauth_integrity_hash_algorithm
+    #   @return [String]
+    attr_accessor :preauth_integrity_hash_algorithm
+    # The preauthentication integrity hash value (SMB 3.1.1).
+    # @!attribute [rw] preauth_integrity_hash_value
+    #   @return [String]
+    attr_accessor :preauth_integrity_hash_value
+    # The algorithm for encryption (SMB 3.x).
+    # @!attribute [rw] encryption_algorithm
+    #   @return [String]
+    attr_accessor :encryption_algorithm
+    # The client encryption key (SMB 3.x).
+    # @!attribute [rw] client_encryption_key
+    #   @return [String]
+    attr_accessor :client_encryption_key
+    # The server encryption key (SMB 3.x).
+    # @!attribute [rw] server_encryption_key
+    #   @return [String]
+    attr_accessor :server_encryption_key
+    # Whether or not the whole session needs to be encrypted (SMB 3.x)
+    # @!attribute [rw] session_encrypt_data
+    #   @return [Boolean]
+    attr_accessor :session_encrypt_data
+    # The encryption algorithms supported by the server (SMB 3.x).
+    # @!attribute [rw] server_encryption_algorithms
+    #   @return [Array<Integer>] list of supported encryption algorithms
+    #     (constants defined in RubySMB::SMB2::EncryptionCapabilities)
+    attr_accessor :server_encryption_algorithms
+    # The compression algorithms supported by the server (SMB 3.x).
+    # @!attribute [rw] server_compression_algorithms
+    #   @return [Array<Integer>] list of supported compression algorithms
+    #     (constants defined in RubySMB::SMB2::CompressionCapabilities)
+    attr_accessor :server_compression_algorithms
+    # The GUID of the server (SMB 2.x and 3.x).
+    # @!attribute [rw] server_guid
+    #   @return [String]
+    attr_accessor :server_guid
+    # The server's start time if it is reported as part of the negotiation
+    # process (SMB 2.x and 3.x). This value is nil if the server does not report
+    # it (reports a value of 0).
+    # @!attribute [rw] server_start_time
+    #   @return [Time] the time that the server reports that it was started at
+    attr_accessor :server_start_time
+    # The server's current time if it is reported as part of the negotiation
+    # process (SMB 2.x and 3.x). This value is nil if the server does not report
+    # it (reports a value of 0).
+    # @!attribute [rw] server_system_time
+    #   @return [Time] the time that the server reports as current
+    attr_accessor :server_system_time
+    # The SMB version that has been successfully negotiated. This value is only
+    # set after the NEGOTIATE handshake has been performed.
+    # @!attribute [rw] negotiated_smb_version
+    #   @return [Integer] the negotiated SMB version
+    attr_accessor :negotiated_smb_version
+    # Whether or not the server supports multi-credit operations. It is
+    # reported by the LARGE_MTU capabiliy as part of the negotiation process
+    # (SMB 2.x and 3.x).
+    # @!attribute [rw] server_supports_multi_credit
+    #   @return [Boolean] true if the server supports multi-credit operations,
+    #   false otherwise
+    attr_accessor :server_supports_multi_credit
     # @param dispatcher [RubySMB::Dispatcher::Socket] the packet dispatcher to use
     # @param smb1 [Boolean] whether or not to enable SMB1 support
     # @param smb2 [Boolean] whether or not to enable SMB2 support
-    def initialize(dispatcher, smb1: true, smb2: true, username:, password:, domain: '.', local_workstation: 'WORKSTATION')
+    # @param smb3 [Boolean] whether or not to enable SMB3 support
+    def initialize(dispatcher, smb1: true, smb2: true, smb3: true, username:, password:, domain: '.', local_workstation: 'WORKSTATION', always_encrypt: true)
       raise ArgumentError, 'No Dispatcher provided' unless dispatcher.is_a? RubySMB::Dispatcher::Base
-      if smb1 == false && smb2 == false
+      if smb1 == false && smb2 == false && smb3 == false
         raise ArgumentError, 'You must enable at least one Protocol'
       end
       @dispatcher        = dispatcher
+      @pid               = rand(0xFFFF)
       @domain            = domain
       @local_workstation = local_workstation
       @password          = password.encode('utf-8') || ''.encode('utf-8')
@@ -194,6 +293,7 @@ module RubySMB
       @signing_required  = false
       @smb1              = smb1
       @smb2              = smb2
+      @smb3              = smb3
       @username          = username.encode('utf-8') || ''.encode('utf-8')
       @max_buffer_size   = MAX_BUFFER_SIZE
       # These sizes will be modifed during negotiation
@@ -201,11 +301,16 @@ module RubySMB
       @server_max_read_size   = RubySMB::SMB2::File::MAX_PACKET_SIZE
       @server_max_write_size  = RubySMB::SMB2::File::MAX_PACKET_SIZE
       @server_max_transact_size = RubySMB::SMB2::File::MAX_PACKET_SIZE
+      @server_supports_multi_credit = false
+      # SMB 3.x options
+      @session_encrypt_data = always_encrypt
       negotiate_version_flag = 0x02000000
       flags = Net::NTLM::Client::DEFAULT_FLAGS |
         Net::NTLM::FLAGS[:TARGET_INFO] |
-        negotiate_version_flag
+        negotiate_version_flag ^
+        Net::NTLM::FLAGS[:OEM]
       @ntlm_client = Net::NTLM::Client.new(
         @username,
@@ -241,7 +346,7 @@ module RubySMB
     # @param data [String] the data the server should echo back (ignored in SMB2)
     # @return [WindowsError::ErrorCode] the NTStatus of the last response received
     def echo(count: 1, data: '')
-      response = if smb2
+      response = if smb2 || smb3
                    smb2_echo
                  else
                    smb1_echo(count: count, data: data)
@@ -256,10 +361,8 @@ module RubySMB
     # @param packet [RubySMB::GenericPacket] the packet to set the message id for
     # @return [RubySMB::GenericPacket] the modified packet
     def increment_smb_message_id(packet)
-      if packet.smb2_header.message_id.zero? && smb2_message_id != 0
-        packet.smb2_header.message_id = smb2_message_id
-        self.smb2_message_id += 1
-      end
+      packet.smb2_header.message_id = self.smb2_message_id
+      self.smb2_message_id += 1
       packet
     end
@@ -281,7 +384,8 @@ module RubySMB
       negotiate_version_flag = 0x02000000
       flags = Net::NTLM::Client::DEFAULT_FLAGS |
         Net::NTLM::FLAGS[:TARGET_INFO] |
-        negotiate_version_flag
+        negotiate_version_flag ^
+        Net::NTLM::FLAGS[:OEM]
       @ntlm_client = Net::NTLM::Client.new(
           @username,
@@ -299,7 +403,7 @@ module RubySMB
     # @return [WindowsError::ErrorCode] the NTStatus of the response
     # @raise [RubySMB::Error::InvalidPacket] if the response packet is not a LogoffResponse packet
     def logoff!
-      if smb2
+      if smb2 || smb3
         request      = RubySMB::SMB2::Packet::LogoffRequest.new
         raw_response = send_recv(request)
         response     = RubySMB::SMB2::Packet::LogoffResponse.read(raw_response)
@@ -332,25 +436,125 @@ module RubySMB
     # It will also sign the packet if neccessary.
     #
     # @param packet [RubySMB::GenericPacket] the request to be sent
+    # @param encrypt [Boolean] true if encryption has to be enabled for this transaction
+    #   (note that if @session_encrypt_data is set, encryption will be enabled
+    #   regardless of this parameter value)
     # @return [String] the raw response data received
-    def send_recv(packet)
-      case packet.packet_smb_version
+    def send_recv(packet, encrypt: false)
+      version = packet.packet_smb_version
+      case version
       when 'SMB1'
-        packet.smb_header.uid = user_id if user_id
+        packet.smb_header.uid = self.user_id if self.user_id
+        packet.smb_header.pid_low = self.pid if self.pid
         packet = smb1_sign(packet)
       when 'SMB2'
         packet = increment_smb_message_id(packet)
         packet.smb2_header.session_id = session_id
         unless packet.is_a?(RubySMB::SMB2::Packet::SessionSetupRequest)
-          packet = smb2_sign(packet)
+          if self.smb2
+            packet = smb2_sign(packet)
+          elsif self.smb3
+            packet = smb3_sign(packet)
+          end
         end
       else
         packet = packet
       end
-      dispatcher.send_packet(packet)
-      raw_response = dispatcher.recv_packet
+      encrypt_data = false
+      if can_be_encrypted?(packet) && encryption_supported? && (@session_encrypt_data || encrypt)
+        encrypt_data = true
+      end
+      send_packet(packet, encrypt: encrypt_data)
+      raw_response = recv_packet(encrypt: encrypt_data)
+      smb2_header = nil
+      loop do
+        smb2_header = RubySMB::SMB2::SMB2Header.read(raw_response)
+        break unless is_status_pending?(smb2_header)
+        sleep 1
+        raw_response = recv_packet(encrypt: encrypt_data)
+      end unless version == 'SMB1'
       self.sequence_counter += 1 if signing_required && !session_key.empty?
+      # update the SMB2 message ID according to the received Credit Charged
+      self.smb2_message_id += smb2_header.credit_charge - 1 if smb2_header && self.dialect != '0x0202'
+      raw_response
+    end
+    # Check if the response is an asynchronous operation with STATUS_PENDING
+    # status code.
+    #
+    # @param smb2_header [String] the response packet SMB2 header
+    # @return [Boolean] true if it is a status pending operation, false otherwise
+    def is_status_pending?(smb2_header)
+      value = smb2_header.nt_status.value
+      status_code = WindowsError::NTStatus.find_by_retval(value).first
+      status_code == WindowsError::NTStatus::STATUS_PENDING &&
+        smb2_header.flags.async_command == 1
+    end
+    # Check if the request packet can be encrypted. Per the SMB2 spec,
+    # SessionSetupRequest and NegotiateRequest must not be encrypted.
+    #
+    # @param packet [RubySMB::GenericPacket] the request packet
+    # @return [Boolean] true if the packet can be encrypted
+    def can_be_encrypted?(packet)
+      return false if packet.packet_smb_version == 'SMB1'
+      [RubySMB::SMB2::Packet::SessionSetupRequest, RubySMB::SMB2::Packet::NegotiateRequest].none? do |klass|
+        packet.is_a?(klass)
+      end
+    end
+    # Check if the current dialect supports encryption.
+    #
+    # @return [Boolean] true if encryption is supported
+    def encryption_supported?
+      ['0x0300', '0x0302', '0x0311'].include?(@dialect)
+    end
+    # Encrypt (if required) and send a packet.
+    #
+    # @param encrypt [Boolean] true if the packet should be encrypted, false
+    #   otherwise
+    def send_packet(packet, encrypt: false)
+      if encrypt
+        begin
+          packet = smb3_encrypt(packet.to_binary_s)
+        rescue RubySMB::Error::RubySMBError => e
+          raise RubySMB::Error::EncryptionError, "Error while encrypting #{packet.class.name} packet (SMB #{@dialect}): #{e}"
+        end
+      end
+      dispatcher.send_packet(packet)
+    end
+    # Receives the raw response through the Dispatcher and decrypt the packet (if required).
+    #
+    # @param encrypt [Boolean] true if the packet is encrypted, false otherwise
+    # @return [String] the raw unencrypted packet
+    def recv_packet(encrypt: false)
+      begin
+        raw_response = dispatcher.recv_packet
+      rescue RubySMB::Error::CommunicationError => e
+        if encrypt
+          raise RubySMB::Error::EncryptionError, "Communication error with the "\
+            "remote host: #{e.message}. The server supports encryption but was "\
+            "not able to handle the encrypted request."
+        else
+          raise e
+        end
+      end
+      if encrypt
+        begin
+          transform_response = RubySMB::SMB2::Packet::TransformHeader.read(raw_response)
+        rescue IOError
+          raise RubySMB::Error::InvalidPacket, 'Not a SMB2 TransformHeader packet'
+        end
+        begin
+          raw_response = smb3_decrypt(transform_response)
+        rescue RubySMB::Error::RubySMBError => e
+          raise RubySMB::Error::EncryptionError, "Error while decrypting #{transform_response.class.name} packet (SMB #@dialect}): #{e}"
+        end
+      end
       raw_response
     end
@@ -360,7 +564,7 @@ module RubySMB
     # @return [RubySMB::SMB1::Tree] if talking over SMB1
     # @return [RubySMB::SMB2::Tree] if talking over SMB2
     def tree_connect(share)
-      connected_tree = if smb2
+      connected_tree = if smb2 || smb3
         smb2_tree_connect(share)
       else
         smb1_tree_connect(share)
@@ -390,6 +594,9 @@ module RubySMB
       self.session_key      = ''
       self.sequence_counter = 0
       self.smb2_message_id  = 0
+      self.client_encryption_key = nil
+      self.server_encryption_key = nil
+      self.server_supports_multi_credit = false
     end
     # Requests a NetBIOS Session Service using the provided name.
@@ -427,10 +634,21 @@ module RubySMB
       session_request.session_header.session_packet_type = RubySMB::Nbss::SESSION_REQUEST
       session_request.called_name  = called_name
       session_request.calling_name = calling_name
-      session_request.session_header.packet_length =
+      session_request.session_header.stream_protocol_length =
         session_request.num_bytes - session_request.session_header.num_bytes
       session_request
     end
+    def update_preauth_hash(data)
+      unless @preauth_integrity_hash_algorithm
+        raise RubySMB::Error::EncryptionError.new(
+          'Cannot compute the Preauth Integrity Hash value: Preauth Integrity Hash Algorithm is nil'
+        )
+      end
+      @preauth_integrity_hash_value = OpenSSL::Digest.digest(
+        @preauth_integrity_hash_algorithm,
+        @preauth_integrity_hash_value + data.to_binary_s
+      )
+    end
   end
 end

data/lib/ruby_smb/client/authentication.rb CHANGED

@@ -175,7 +175,7 @@ module RubySMB
         status_code = packet.status_code
         unless status_code.name == 'STATUS_MORE_PROCESSING_REQUIRED'
-          raise RubySMB::Error::UnexpectedStatusCode, status_code.to_s
+          raise RubySMB::Error::UnexpectedStatusCode, status_code
         end
         packet
@@ -201,6 +201,9 @@ module RubySMB
       def smb2_authenticate
         response = smb2_ntlmssp_negotiate
         challenge_packet = smb2_ntlmssp_challenge_packet(response)
+        if @dialect == '0x0311'
+          update_preauth_hash(challenge_packet)
+        end
         @session_id = challenge_packet.smb2_header.session_id
         type2_b64_message = smb2_type2_message(challenge_packet)
         type3_message = @ntlm_client.init_context(type2_b64_message)
@@ -213,6 +216,16 @@ module RubySMB
         raw = smb2_ntlmssp_authenticate(type3_message, @session_id)
         response = smb2_ntlmssp_final_packet(raw)
+        if @smb3 && !@session_encrypt_data && response.session_flags.encrypt_data == 1
+          @session_encrypt_data = true
+        end
+        ######
+        # DEBUG
+        #puts "Session ID = #{@session_id.to_binary_s.each_byte.map {|e| '%02x' % e}.join}"
+        #puts "Session key = #{@session_key.each_byte.map {|e| '%02x' % e}.join}"
+        #puts "PreAuthHash = #{@preauth_integrity_hash_value.each_byte.map {|e| '%02x' % e}.join}" if @preauth_integrity_hash_value
+        ######
         response.status_code
       end
@@ -245,7 +258,7 @@ module RubySMB
         status_code = packet.status_code
         unless status_code.name == 'STATUS_MORE_PROCESSING_REQUIRED'
-          raise RubySMB::Error::UnexpectedStatusCode, status_code.to_s
+          raise RubySMB::Error::UnexpectedStatusCode, status_code
         end
         packet
       end
@@ -256,7 +269,11 @@ module RubySMB
       # @return [String] the binary string response from the server
       def smb2_ntlmssp_negotiate
         packet = smb2_ntlmssp_negotiate_packet
-        send_recv(packet)
+        response = send_recv(packet)
+        if @dialect == '0x0311'
+          update_preauth_hash(packet)
+        end
+        response
       end
       # Creates the {RubySMB::SMB2::Packet::SessionSetupRequest} packet
@@ -268,10 +285,7 @@ module RubySMB
         type1_message = ntlm_client.init_context
         packet = RubySMB::SMB2::Packet::SessionSetupRequest.new
         packet.set_type1_blob(type1_message.serialize)
-        # This Message ID should always be 1, but thanks to Multi-Protocol Negotiation
-        # the Message ID can be out of sync at this point so we re-synch it here.
-        packet.smb2_header.message_id = 1
-        self.smb2_message_id = 2
+        packet.security_mode.signing_enabled = 1
         packet
       end
@@ -294,7 +308,11 @@ module RubySMB
       # @return [String] the raw binary response from the server
       def smb2_ntlmssp_authenticate(type3_message, user_id)
         packet = smb2_ntlmssp_auth_packet(type3_message, user_id)
-        send_recv(packet)
+        response = send_recv(packet)
+        if @dialect == '0x0311'
+          update_preauth_hash(packet)
+        end
+        response
       end
       # Generates the {RubySMB::SMB2::Packet::SessionSetupRequest} packet
@@ -307,6 +325,7 @@ module RubySMB
         packet = RubySMB::SMB2::Packet::SessionSetupRequest.new
         packet.smb2_header.session_id = session_id
         packet.set_type3_blob(type3_message.serialize)
+        packet.security_mode.signing_enabled = 1
         packet
       end