ruby_smb 2.0.10 → 2.0.11

data/spec/lib/ruby_smb/server_spec.rb

@@ -0,0 +1,32 @@
+RSpec.describe RubySMB::Server do
+  before(:each) do
+    allow(::TCPServer).to receive(:new).and_return(::TCPServer.new(0))
+  end
+
+  it { is_expected.to respond_to :dialects }
+  it { is_expected.to respond_to :gss_provider }
+  it { is_expected.to respond_to :guid }
+
+  describe '#initialize' do
+    it 'should bind to TCP port 445 by default' do
+      expect(::TCPServer).to receive(:new).with(445).and_return(::TCPServer.new(0))
+      described_class.new
+    end
+
+    it 'should create a new NTLM GSS provider by default' do
+      expect(RubySMB::Gss::Provider::NTLM).to receive(:new).and_call_original
+      described_class.new
+    end
+
+    it 'should generate a random 16-byte GUID' do
+      server_guid = described_class.new.guid
+      expect(server_guid).to be_a String
+      expect(server_guid.length).to eq 16
+      expect(server_guid).to_not eq described_class.new.guid
+    end
+
+    it 'should support some dialects' do
+      expect(described_class.new.dialects).to_not be_empty
+    end
+  end
+end

data/spec/lib/ruby_smb/smb2/negotiate_context_spec.rb

@@ -162,7 +162,7 @@ RSpec.describe RubySMB::SMB2::CompressionCapabilities do
   end
 end
 
-RSpec.describe RubySMB::SMB2::NetnameNegotiateContextId  do
+RSpec.describe RubySMB::SMB2::NetnameNegotiateContextId do
   subject(:capability) { described_class.new }
 
   it { is_expected.to respond_to :net_name }
@@ -173,7 +173,7 @@ RSpec.describe RubySMB::SMB2::NetnameNegotiateContextId  do
 
   describe '#net_name' do
     it 'is a unicode string' do
-      expect(capability.net_name).to be_a RubySMB::Field::Stringz16
+      expect(capability.net_name).to be_a RubySMB::Field::String16
     end
   end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ruby_smb
 version: !ruby/object:Gem::Version
-  version: 2.0.10
+  version: 2.0.11
 platform: ruby
 authors:
 - Metasploit Hackers
@@ -97,7 +97,7 @@ cert_chain:
   EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
   9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
   -----END CERTIFICATE-----
-date: 2021-05-28 00:00:00.000000000 Z
+date: 2021-08-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: redcarpet
@@ -258,6 +258,7 @@ files:
 - Rakefile
 - examples/anonymous_auth.rb
 - examples/append_file.rb
+- examples/auth_capture.rb
 - examples/authenticate.rb
 - examples/delete_file.rb
 - examples/enum_registry_key.rb
@@ -280,7 +281,6 @@ files:
 - lib/ruby_smb/client/echo.rb
 - lib/ruby_smb/client/encryption.rb
 - lib/ruby_smb/client/negotiation.rb
-- lib/ruby_smb/client/signing.rb
 - lib/ruby_smb/client/tree_connect.rb
 - lib/ruby_smb/client/utils.rb
 - lib/ruby_smb/client/winreg.rb
@@ -347,6 +347,7 @@ files:
 - lib/ruby_smb/dcerpc/winreg/regsam.rb
 - lib/ruby_smb/dcerpc/winreg/save_key_request.rb
 - lib/ruby_smb/dcerpc/winreg/save_key_response.rb
+- lib/ruby_smb/dialect.rb
 - lib/ruby_smb/dispatcher.rb
 - lib/ruby_smb/dispatcher/base.rb
 - lib/ruby_smb/dispatcher/socket.rb
@@ -381,12 +382,21 @@ files:
 - lib/ruby_smb/fscc/file_information/file_rename_information.rb
 - lib/ruby_smb/generic_packet.rb
 - lib/ruby_smb/gss.rb
+- lib/ruby_smb/gss/provider.rb
+- lib/ruby_smb/gss/provider/authenticator.rb
+- lib/ruby_smb/gss/provider/ntlm.rb
 - lib/ruby_smb/impersonation_levels.rb
 - lib/ruby_smb/nbss.rb
 - lib/ruby_smb/nbss/negative_session_response.rb
 - lib/ruby_smb/nbss/netbios_name.rb
 - lib/ruby_smb/nbss/session_header.rb
 - lib/ruby_smb/nbss/session_request.rb
+- lib/ruby_smb/ntlm.rb
+- lib/ruby_smb/server.rb
+- lib/ruby_smb/server/server_client.rb
+- lib/ruby_smb/server/server_client/negotiation.rb
+- lib/ruby_smb/server/server_client/session_setup.rb
+- lib/ruby_smb/signing.rb
 - lib/ruby_smb/smb1.rb
 - lib/ruby_smb/smb1/andx_block.rb
 - lib/ruby_smb/smb1/bit_field.rb
@@ -613,10 +623,16 @@ files:
 - spec/lib/ruby_smb/fscc/file_information/file_rename_information_spec.rb
 - spec/lib/ruby_smb/fscc/fscc_file_attributes_spec.rb
 - spec/lib/ruby_smb/generic_packet_spec.rb
+- spec/lib/ruby_smb/gss/provider/ntlm/account_spec.rb
+- spec/lib/ruby_smb/gss/provider/ntlm/authenticator_spec.rb
+- spec/lib/ruby_smb/gss/provider/ntlm/os_version_spec.rb
+- spec/lib/ruby_smb/gss/provider/ntlm_spec.rb
 - spec/lib/ruby_smb/nbss/negative_session_response_spec.rb
 - spec/lib/ruby_smb/nbss/netbios_name_spec.rb
 - spec/lib/ruby_smb/nbss/session_header_spec.rb
 - spec/lib/ruby_smb/nbss/session_request_spec.rb
+- spec/lib/ruby_smb/server/server_client_spec.rb
+- spec/lib/ruby_smb/server_spec.rb
 - spec/lib/ruby_smb/smb1/andx_block_spec.rb
 - spec/lib/ruby_smb/smb1/bit_field/capabilities_spec.rb
 - spec/lib/ruby_smb/smb1/bit_field/create_options_spec.rb
@@ -848,10 +864,16 @@ test_files:
 - spec/lib/ruby_smb/fscc/file_information/file_rename_information_spec.rb
 - spec/lib/ruby_smb/fscc/fscc_file_attributes_spec.rb
 - spec/lib/ruby_smb/generic_packet_spec.rb
+- spec/lib/ruby_smb/gss/provider/ntlm/account_spec.rb
+- spec/lib/ruby_smb/gss/provider/ntlm/authenticator_spec.rb
+- spec/lib/ruby_smb/gss/provider/ntlm/os_version_spec.rb
+- spec/lib/ruby_smb/gss/provider/ntlm_spec.rb
 - spec/lib/ruby_smb/nbss/negative_session_response_spec.rb
 - spec/lib/ruby_smb/nbss/netbios_name_spec.rb
 - spec/lib/ruby_smb/nbss/session_header_spec.rb
 - spec/lib/ruby_smb/nbss/session_request_spec.rb
+- spec/lib/ruby_smb/server/server_client_spec.rb
+- spec/lib/ruby_smb/server_spec.rb
 - spec/lib/ruby_smb/smb1/andx_block_spec.rb
 - spec/lib/ruby_smb/smb1/bit_field/capabilities_spec.rb
 - spec/lib/ruby_smb/smb1/bit_field/create_options_spec.rb

data/lib/ruby_smb/client/signing.rb

@@ -1,64 +0,0 @@
-module RubySMB
-  class Client
-    # Contains the methods for handling packet signing
-    module Signing
-      # The NTLM Session Key used for signing
-      # @!attribute [rw] session_key
-      #   @return [String]
-      attr_accessor :session_key
-
-      # Take an SMB1 packet and checks to see if it should be signed.
-      # If signing is enabled and we have a session key already, then
-      # it will sign the packet appropriately.
-      #
-      # @param packet [RubySMB::GenericPacket] the packet to sign
-      # @return [RubySMB::GenericPacket] the packet, signed if needed
-      def smb1_sign(packet)
-        if signing_required && !session_key.empty?
-          # Pack the Sequence counter into a int64le
-          packed_sequence_counter = [sequence_counter].pack('Q<')
-          packet.smb_header.security_features = packed_sequence_counter
-          signature = OpenSSL::Digest::MD5.digest(session_key + packet.to_binary_s)[0, 8]
-          packet.smb_header.security_features = signature
-          self.sequence_counter += 1
-        end
-        packet
-      end
-
-      # Take an SMB2 packet and checks to see if it should be signed.
-      # If signing is enabled and we have a session key already, then
-      # it will sign the packet appropriately.
-      #
-      # @param packet [RubySMB::GenericPacket] the packet to sign
-      # @return [RubySMB::GenericPacket] the packet, signed if needed
-      def smb2_sign(packet)
-        if signing_required && !session_key.empty?
-          packet.smb2_header.flags.signed = 1
-          packet.smb2_header.signature = "\x00" * 16
-          hmac = OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, session_key, packet.to_binary_s)
-          packet.smb2_header.signature = hmac[0, 16]
-        end
-        packet
-      end
-
-      def smb3_sign(packet)
-        if !session_key.empty? && (signing_required || packet.is_a?(RubySMB::SMB2::Packet::TreeConnectRequest))
-          case @dialect
-          when '0x0300', '0x0302'
-            signing_key = RubySMB::Crypto::KDF.counter_mode(@session_key, "SMB2AESCMAC\x00", "SmbSign\x00")
-          when '0x0311'
-            signing_key = RubySMB::Crypto::KDF.counter_mode(@session_key, "SMBSigningKey\x00", @preauth_integrity_hash_value)
-          else
-            raise RubySMB::Error::SigningError.new('Dialect is incompatible with SMBv3 signing')
-          end
-
-          packet.smb2_header.flags.signed = 1
-          packet.smb2_header.signature = "\x00" * 16
-          hmac = OpenSSL::CMAC.digest('AES', signing_key, packet.to_binary_s)
-          packet.smb2_header.signature = hmac[0, 16]
-        end
-        packet
-      end
-    end
-  end
-end