RubyGems - ruby_smb - Versions diffs - 2.0.11 → 3.0.1 - Mend

ruby_smb 2.0.11 → 3.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (255) hide show

data/lib/ruby_smb/server/server_client.rb CHANGED Viewed

@@ -8,28 +8,30 @@ module RubySMB
       require 'ruby_smb/signing'
       require 'ruby_smb/server/server_client/negotiation'
       require 'ruby_smb/server/server_client/session_setup'
+      require 'ruby_smb/server/server_client/share_io'
+      require 'ruby_smb/server/server_client/tree_connect'
       include RubySMB::Signing
       include RubySMB::Server::ServerClient::Negotiation
       include RubySMB::Server::ServerClient::SessionSetup
+      include RubySMB::Server::ServerClient::ShareIO
+      include RubySMB::Server::ServerClient::TreeConnect
-      attr_reader :dialect, :identity, :state, :session_key
+      attr_reader :dialect, :session_table
       # @param [Server] server the server that accepted this connection
       # @param [Dispatcher::Socket] dispatcher the connection's socket dispatcher
       def initialize(server, dispatcher)
         @server = server
         @dispatcher = dispatcher
-        @state = :negotiate
         @dialect = nil
-        @message_id = 0
-        @session_id = nil
-        @session_key = nil
         @gss_authenticator = server.gss_provider.new_authenticator(self)
-        @identity = nil
-        @tree_connections = {}
         @preauth_integrity_hash_algorithm = nil
         @preauth_integrity_hash_value = nil
+        @in_packet_queue = []
+        # session id => session instance
+        @session_table = {}
       end
       #
@@ -52,18 +54,75 @@ module RubySMB
       end
       #
-      # Handle an authenticated request. This is the main handler for all requests after the connection has been
-      # authenticated.
+      # Handle a request after the dialect has been negotiated. This is the main
+      # handler for all requests after the connection has been established. If a
+      # request handler raises NotImplementedError, the server will respond to
+      # the client with NT Status STATUS_NOT_SUPPORTED.
       #
       # @param [String] raw_request the request that should be handled
-      def handle_authenticated(raw_request)
+      def handle_smb(raw_request)
         response = nil
         case raw_request[0...4].unpack1('L>')
         when RubySMB::SMB1::SMB_PROTOCOL_ID
-          raise NotImplementedError
+          begin
+            header = RubySMB::SMB1::SMBHeader.read(raw_request)
+          rescue IOError => e
+            logger.error("Caught a #{e.class} while reading the SMB1 header (#{e.message})")
+            disconnect!
+            return
+          end
+          begin
+            response = handle_smb1(raw_request, header)
+          rescue NotImplementedError
+            logger.error("Caught a NotImplementedError while handling a #{SMB1::Commands.name(header.command)} request")
+            response = RubySMB::SMB1::Packet::EmptyPacket.new
+            response.smb_header.nt_status = WindowsError::NTStatus::STATUS_NOT_SUPPORTED
+          end
+          unless response.nil?
+            # set these header fields if they were not initialized
+            if response.is_a?(SMB1::Packet::EmptyPacket)
+              response.smb_header.command = header.command if response.smb_header.command == 0
+              response.smb_header.flags.reply = 1
+            end
+            response.smb_header.pid_high = header.pid_high if response.smb_header.pid_high == 0
+            response.smb_header.tid = header.tid if response.smb_header.tid == 0
+            response.smb_header.pid_low = header.pid_low if response.smb_header.pid_low == 0
+            response.smb_header.uid = header.uid if response.smb_header.uid == 0
+            response.smb_header.mid = header.mid if response.smb_header.mid == 0
+          end
         when RubySMB::SMB2::SMB2_PROTOCOL_ID
-          raise NotImplementedError
+          begin
+            header = RubySMB::SMB2::SMB2Header.read(raw_request)
+          rescue IOError => e
+            logger.error("Caught a #{e.class} while reading the SMB2 header (#{e.message})")
+            disconnect!
+            return
+          end
+          begin
+            response = handle_smb2(raw_request, header)
+          rescue NotImplementedError
+            logger.error("Caught a NotImplementedError while handling a #{SMB2::Commands.name(header.command)} request")
+            response = SMB2::Packet::ErrorPacket.new
+            response.smb2_header.nt_status = WindowsError::NTStatus::STATUS_NOT_SUPPORTED
+          end
+          unless response.nil?
+            # set these header fields if they were not initialized
+            if response.is_a?(SMB2::Packet::ErrorPacket)
+              response.smb2_header.command = header.command if response.smb2_header.command == 0
+              response.smb2_header.flags.reply = 1
+            end
+            response.smb2_header.credits = 1 if response.smb2_header.credits == 0
+            response.smb2_header.message_id = header.message_id if response.smb2_header.message_id == 0
+            response.smb2_header.session_id = header.session_id if response.smb2_header.session_id == 0
+            response.smb2_header.tree_id = header.tree_id if response.smb2_header.tree_id == 0
+          end
         end
         if response.nil?
@@ -96,25 +155,33 @@ module RubySMB
             break
           end
-          case @state
-          when :negotiate
+          if @dialect.nil?
             handle_negotiate(raw_request)
-          when :session_setup
-            handle_session_setup(raw_request)
-          when :authenticated
-            handle_authenticated(raw_request)
+            logger.info("Negotiated dialect: #{RubySMB::Dialect[@dialect].full_name}") unless @dialect.nil?
+          else
+            handle_smb(raw_request)
           end
           break if @dispatcher.tcp_socket.closed?
         end
+        disconnect!
       end
       #
       # Disconnect the remote client.
       #
       def disconnect!
-        @state = nil
-        @dispatcher.tcp_socket.close
+        @dialect = nil
+        @dispatcher.tcp_socket.close unless @dispatcher.tcp_socket.closed?
+      end
+      #
+      # The logger object associated with this instance.
+      #
+      # @return [Logger]
+      def logger
+        @server.logger
       end
       #
@@ -122,7 +189,24 @@ module RubySMB
       #
       # @return [String] the raw packet
       def recv_packet
-        @dispatcher.recv_packet
+        return @in_packet_queue.shift if @in_packet_queue.length > 0
+        packet = @dispatcher.recv_packet
+        if packet && packet.length >= 4 && packet[0...4].unpack1('L>') == RubySMB::SMB2::SMB2_PROTOCOL_ID
+          header = RubySMB::SMB2::SMB2Header.read(packet)
+          unless header.next_command == 0
+            until header.next_command == 0
+              @in_packet_queue.push(packet[0...header.next_command])
+              packet = packet[header.next_command..-1]
+              header = RubySMB::SMB2::SMB2Header.read(packet)
+            end
+            @in_packet_queue.push(packet)
+            packet = @in_packet_queue.shift
+          end
+        end
+        packet
       end
       #
@@ -130,12 +214,20 @@ module RubySMB
       #
       # @param [GenericPacket] packet the packet to send
       def send_packet(packet)
-        if @state == :authenticated && @identity != Gss::Provider::IDENTITY_ANONYMOUS && !@session_key.nil?
-          case metadialect.family
+        case metadialect&.order
+        when Dialect::ORDER_SMB1
+          session_id = packet.smb_header.uid
+        when Dialect::ORDER_SMB2
+          session_id = packet.smb2_header.session_id
+        end
+        session = @session_table[session_id]
+        unless session.nil? || session.is_anonymous || session.key.nil?
+          case metadialect&.family
           when Dialect::FAMILY_SMB2
-            packet = smb2_sign(packet)
+            packet = Signing::smb2_sign(packet, session.key)
           when Dialect::FAMILY_SMB3
-            packet = smb3_sign(packet)
+            packet = Signing::smb3_sign(packet, session.key, @dialect, @preauth_integrity_hash_value)
           end
         end
@@ -158,6 +250,103 @@ module RubySMB
           @preauth_integrity_hash_value + data.to_binary_s
         )
       end
+      private
+      #
+      # Handle an SMB version 1 message.
+      #
+      # @param [String] raw_request The bytes of the entire SMB request.
+      # @param [RubySMB::SMB1::SMBHeader] header The request header.
+      # @return [RubySMB::GenericPacket]
+      def handle_smb1(raw_request, header)
+        # session = @session_table[header.uid]
+        session = nil
+        case header.command
+        when SMB1::Commands::SMB_COM_SESSION_SETUP_ANDX
+          dispatcher, request_class = :do_session_setup_smb1, SMB1::Packet::SessionSetupRequest
+        else
+          logger.warn("The SMB1 #{SMB1::Commands.name(header.command)} command is not supported")
+          raise NotImplementedError
+        end
+        begin
+          request = request_class.read(raw_request)
+        rescue IOError, RubySMB::Error::InvalidPacket => e
+          logger.error("Caught a #{e.class} while reading the SMB1 #{request_class} (#{e.message})")
+          response = RubySMB::SMB1::Packet::EmptyPacket.new
+        end
+        if request.is_a?(SMB1::Packet::EmptyPacket)
+          logger.error("Received an error packet for SMB1 command: #{SMB1::Commands.name(header.command)}")
+          response.smb_header.nt_status = WindowsError::NTStatus::STATUS_DATA_ERROR
+          return response
+        end
+        logger.debug("Dispatching request to #{dispatcher} (session: #{session.inspect})")
+        send(dispatcher, request, session)
+      end
+      #
+      # Handle an SMB version 2 or 3 message.
+      #
+      # @param [String] raw_request The bytes of the entire SMB request.
+      # @param [RubySMB::SMB2::SMB2Header] header The request header.
+      # @return [RubySMB::GenericPacket]
+      # @raise [NotImplementedError] Raised when the requested operation is not
+      #   supported.
+      def handle_smb2(raw_request, header)
+        session = @session_table[header.session_id]
+        if session.nil? && !(header.command == SMB2::Commands::SESSION_SETUP && header.session_id == 0)
+          response = SMB2::Packet::ErrorPacket.new
+          response.smb2_header.nt_status = WindowsError::NTStatus::STATUS_USER_SESSION_DELETED
+          return response
+        end
+        case header.command
+        when SMB2::Commands::CLOSE
+          dispatcher, request_class = :do_close_smb2, SMB2::Packet::CloseRequest
+        when SMB2::Commands::CREATE
+          dispatcher, request_class = :do_create_smb2, SMB2::Packet::CreateRequest
+        when SMB2::Commands::IOCTL
+          dispatcher, request_class = :do_ioctl_smb2, SMB2::Packet::IoctlRequest
+        when SMB2::Commands::LOGOFF
+          dispatcher, request_class = :do_logoff_smb2, SMB2::Packet::LogoffRequest
+        when SMB2::Commands::QUERY_DIRECTORY
+          dispatcher, request_class = :do_query_directory_smb2, SMB2::Packet::QueryDirectoryRequest
+        when SMB2::Commands::QUERY_INFO
+          dispatcher, request_class = :do_query_info_smb2, SMB2::Packet::QueryInfoRequest
+        when SMB2::Commands::READ
+          dispatcher, request_class = :do_read_smb2, SMB2::Packet::ReadRequest
+        when SMB2::Commands::SESSION_SETUP
+          dispatcher, request_class = :do_session_setup_smb2, SMB2::Packet::SessionSetupRequest
+        when SMB2::Commands::TREE_CONNECT
+          dispatcher, request_class = :do_tree_connect_smb2, SMB2::Packet::TreeConnectRequest
+        when SMB2::Commands::TREE_DISCONNECT
+          dispatcher, request_class = :do_tree_disconnect_smb2, SMB2::Packet::TreeDisconnectRequest
+        else
+          logger.warn("The SMB2 #{SMB2::Commands.name(header.command)} command is not supported")
+          raise NotImplementedError
+        end
+        begin
+          request = request_class.read(raw_request)
+        rescue IOError, RubySMB::Error::InvalidPacket => e
+          logger.error("Caught a #{e.class} while reading the SMB2 #{request_class} (#{e.message})")
+          response = RubySMB::SMB2::Packet::ErrorPacket.new
+        end
+        if request.is_a?(SMB2::Packet::ErrorPacket)
+          logger.error("Received an error packet for SMB2 command: #{SMB2::Commands.name(header.command)}")
+          response.smb_header.nt_status = WindowsError::NTStatus::STATUS_DATA_ERROR
+          return response
+        end
+        logger.debug("Dispatching request to #{dispatcher} (session: #{session.inspect})")
+        send(dispatcher, request, session)
+      end
     end
   end
 end

data/lib/ruby_smb/server/session.rb ADDED Viewed

@@ -0,0 +1,71 @@
+module RubySMB
+  class Server
+    # The object representing a single anonymous, guest or authenticated session.
+    # @see https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/ea10b7ae-b053-4e4c-ab31-a48f7d0a79af
+    class Session
+      # @param [Integer] id This session's unique identifier.
+      # @param [String] key This session's key.
+      # @param [Symbol] state The state that this session is in.
+      # @param user_id The identity of the user associated with this session.
+      def initialize(id, key: nil, state: :in_progress, user_id: nil)
+        @id = id
+        @key = key
+        @user_id = user_id
+        @state = state
+        @signing_required = false
+        # tree id => provider processor instance
+        @tree_connect_table = {}
+        @creation_time = Time.now
+      end
+      def inspect
+        "#<Session id: #{@id.inspect}, user_id: #{@user_id.inspect}, state: #{@state.inspect}>"
+      end
+      # Whether or not this session is anonymous.
+      # @return [Boolean]
+      def is_anonymous
+        @user_id == Gss::Provider::IDENTITY_ANONYMOUS
+      end
+      def logoff!
+        @tree_connect_table.values.each { |share_processor| share_processor.disconnect! }
+        @tree_connect_table.clear
+      end
+      # This session's unique identifier.
+      # @!attribute [rw] id
+      #   @return [Integer]
+      attr_accessor :id
+      # This session's key.
+      # @!attribute [rw] key
+      #   @return [String]
+      attr_accessor :key
+      # The identity of the authenticated user.
+      # @!attribute [rw] user_id
+      attr_accessor :user_id
+      # The state that the session is in, (:expired, :in_progress, :valid, etc.).
+      # @!attribute [rw] state
+      #   @return [Symbol]
+      attr_accessor :state
+      # Whether or not this session requires messages to be signed.
+      # @!attribute [rw] signing_required
+      #   @return [Boolean]
+      attr_accessor :signing_required
+      # The table of tree/share connections in use by this session.
+      # @!attribute [rw] tree_connect_table
+      #   @return [Hash]
+      attr_accessor :tree_connect_table
+      # The time at which this session was created.
+      # @!attribute [r] creation_time
+      #   @return [Time]
+      attr_reader   :creation_time
+    end
+  end
+end