ruby_smb 2.0.12 → 3.0.2

data/lib/ruby_smb/dcerpc/netlogon/netr_server_authenticate3_request.rb

@@ -11,26 +11,16 @@ module RubySMB
         endian :little
 
         logonsrv_handle              :primary_name
-        string                       :pad1, length: -> { pad_length(self.primary_name) }
-        ndr_string                   :account_name
+        ndr_conf_var_wide_stringz    :account_name
         netlogon_secure_channel_type :secure_channel_type
-        string                       :pad2, length: -> { pad_length(self.secure_channel_type) }
-        ndr_string                   :computer_name
+        ndr_conf_var_wide_stringz    :computer_name
         netlogon_credential          :client_credential
-        string                       :pad3, length: -> { pad_length(self.client_credential) }
-        uint32                       :flags
+        ndr_uint32                   :flags
 
         def initialize_instance
           super
           @opnum = NETR_SERVER_AUTHENTICATE3
         end
-
-        # Determines the correct length for the padding, so that the next
-        # field is 4-byte aligned.
-        def pad_length(prev_element)
-          offset = (prev_element.abs_offset + prev_element.to_binary_s.length) % 4
-          (4 - offset) % 4
-        end
       end
     end
   end

data/lib/ruby_smb/dcerpc/netlogon/netr_server_authenticate3_response.rb

@@ -11,9 +11,9 @@ module RubySMB
         endian :little
 
         netlogon_credential :server_credential
-        uint32              :negotiate_flags
-        uint32              :account_rid
-        uint32              :error_status
+        ndr_uint32          :negotiate_flags
+        ndr_uint32          :account_rid
+        ndr_uint32          :error_status
 
         def initialize_instance
           super

data/lib/ruby_smb/dcerpc/netlogon/netr_server_password_set2_request.rb

@@ -11,26 +11,16 @@ module RubySMB
         endian :little
 
         logonsrv_handle              :primary_name
-        string                       :pad1, length: -> { pad_length(self.primary_name) }
-        ndr_string                   :account_name
+        ndr_conf_var_wide_stringz    :account_name
         netlogon_secure_channel_type :secure_channel_type
-        string                       :pad2, length: -> { pad_length(self.secure_channel_type) }
-        ndr_string                   :computer_name
-        string                       :pad3, length: -> { pad_length(self.computer_name) }
+        ndr_conf_var_wide_stringz    :computer_name
         netlogon_authenticator       :authenticator
-        ndr_fixed_byte_array         :clear_new_password, length: 516 # this is an encrypted NL_TRUST_PASSWORD
+        ndr_fixed_byte_array         :clear_new_password, initial_length: 516 # this is an encrypted NL_TRUST_PASSWORD
 
         def initialize_instance
           super
           @opnum = Netlogon::NETR_SERVER_PASSWORD_SET2
         end
-
-        # Determines the correct length for the padding, so that the next
-        # field is 4-byte aligned.
-        def pad_length(prev_element)
-          offset = (prev_element.abs_offset + prev_element.to_binary_s.length) % 4
-          (4 - offset) % 4
-        end
       end
     end
   end

data/lib/ruby_smb/dcerpc/netlogon/netr_server_password_set2_response.rb

@@ -11,7 +11,7 @@ module RubySMB
         endian :little
 
         netlogon_authenticator :return_authenticator
-        uint32                 :error_status
+        ndr_uint32             :error_status
 
         def initialize_instance
           super

data/lib/ruby_smb/dcerpc/netlogon/netr_server_req_challenge_request.rb

@@ -10,22 +10,14 @@ module RubySMB
 
         endian :little
 
-        logonsrv_handle     :primary_name
-        string              :pad1, length: -> { pad_length(self.primary_name) }
-        ndr_string          :computer_name
-        netlogon_credential :client_challenge
+        logonsrv_handle           :primary_name
+        ndr_conf_var_wide_stringz :computer_name
+        netlogon_credential       :client_challenge
 
         def initialize_instance
           super
           @opnum = NETR_SERVER_REQ_CHALLENGE
         end
-
-        # Determines the correct length for the padding, so that the next
-        # field is 4-byte aligned.
-        def pad_length(prev_element)
-          offset = (prev_element.abs_offset + prev_element.to_binary_s.length) % 4
-          (4 - offset) % 4
-        end
       end
     end
   end

data/lib/ruby_smb/dcerpc/netlogon/netr_server_req_challenge_response.rb

@@ -11,7 +11,7 @@ module RubySMB
         endian :little
 
         netlogon_credential :server_challenge
-        uint32              :error_status
+        ndr_uint32          :error_status
 
         def initialize_instance
           super

data/lib/ruby_smb/dcerpc/netlogon.rb

@@ -13,19 +13,20 @@ module RubySMB
       NETR_SERVER_PASSWORD_SET2 = 30
 
       # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/3b224201-b531-43e2-8c79-b61f6dea8640
-      class LogonsrvHandle < Ndr::NdrLpStr; end
+      class LogonsrvHandle < Ndr::NdrWideStringzPtr; end
 
       # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/d55e2632-7163-4f6c-b662-4b870e8cc1cd
       class NetlogonCredential < Ndr::NdrFixedByteArray
-        default_parameters length: 8
+        default_parameters initial_length: 8
       end
 
       # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/76c93227-942a-4687-ab9d-9d972ffabdab
-      class NetlogonAuthenticator < BinData::Record
+      class NetlogonAuthenticator < Ndr::NdrStruct
+        default_parameter byte_align: 4
         endian :little
 
         netlogon_credential :credential
-        uint32              :timestamp
+        ndr_uint32          :timestamp
       end
 
       # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/4d1235e3-2c96-4e9f-a147-3cb338a0d09f

data/lib/ruby_smb/dcerpc/p_syntax_id_t.rb

@@ -1,11 +1,12 @@
 module RubySMB
   module Dcerpc
-    class PSyntaxIdT < BinData::Record
+    class PSyntaxIdT < Ndr::NdrStruct
+      default_parameter byte_align: 4
       endian :little
 
       uuid   :if_uuid,      initial_value: -> { uuid }
-      uint16 :if_ver_major, initial_value: -> { ver_major }
-      uint16 :if_ver_minor, initial_value: -> { ver_minor }
+      ndr_uint16 :if_ver_major, initial_value: -> { ver_major }
+      ndr_uint16 :if_ver_minor, initial_value: -> { ver_minor }
     end
   end
 end

data/lib/ruby_smb/dcerpc/pdu_header.rb

@@ -10,14 +10,14 @@ module RubySMB
       uint8 :ptype,          label: 'PDU type'
 
       struct :pfc_flags do
-        bit1  :object_uuid,     label: 'Object UUID'
-        bit1  :maybe,           label: 'Maybe call semantics'
+        bit1  :object_uuid, label: 'Object UUID'
+        bit1  :maybe, label: 'Maybe call semantics'
         bit1  :did_not_execute, label: 'Did not execute'
-        bit1  :conc_mpx,        label: 'Concurrent multiplexing'
-        bit1  :reserved_1,      label: 'Reserved'
-        bit1  :pending_cancel,  label: 'Pending cancel'
-        bit1  :last_frag,       label: 'Last fragment',  initial_value: 1
-        bit1  :first_frag,      label: 'First fragment', initial_value: 1
+        bit1  :conc_mpx, label: 'Concurrent multiplexing'
+        bit1  :reserved_1, label: 'Reserved'
+        bit1  :support_header_sign, label: 'Support Header Signing'
+        bit1  :last_frag, label: 'Last fragment',  initial_value: 1
+        bit1  :first_frag, label: 'First fragment', initial_value: 1
       end
 
       uint32 :packed_drep, label: 'NDR data representation format label', initial_value: 0x10

data/lib/ruby_smb/dcerpc/print_system/rpc_add_printer_driver_ex_request.rb

@@ -0,0 +1,22 @@
+module RubySMB
+  module Dcerpc
+    module PrintSystem
+
+      # [3.1.4.4.8 RpcAddPrinterDriverEx (Opnum 89)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rprn/b96cc497-59e5-4510-ab04-5484993b259b)
+      class RpcAddPrinterDriverExRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        ndr_wide_stringz_ptr :p_name
+        driver_container     :p_driver_container
+        ndr_uint32           :dw_file_copy_flags
+
+        def initialize_instance
+          super
+          @opnum = RPC_ADD_PRINTER_DRIVER_EX
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/print_system/rpc_add_printer_driver_ex_response.rb

@@ -0,0 +1,20 @@
+module RubySMB
+  module Dcerpc
+    module PrintSystem
+
+      # [3.1.4.4.8 RpcAddPrinterDriverEx (Opnum 89)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rprn/b96cc497-59e5-4510-ab04-5484993b259b)
+      class RpcAddPrinterDriverExResponse < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        def initialize_instance
+          super
+          @opnum = RPC_ADD_PRINTER_DRIVER_EX
+        end
+
+        ndr_uint32 :error_status
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/print_system/rpc_enum_printer_drivers_request.rb

@@ -0,0 +1,24 @@
+module RubySMB
+  module Dcerpc
+    module PrintSystem
+
+      # [3.1.4.4.2 RpcEnumPrinterDrivers (Opnum 10)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rprn/857d00ac-3682-4a0d-86ca-3d3c372e5e4a)
+      class RpcEnumPrinterDriversRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        def initialize_instance
+          super
+          @opnum = RPC_ENUM_PRINTER_DRIVERS
+        end
+
+        ndr_wide_stringz_ptr :p_name
+        ndr_wide_stringz_ptr :p_environment
+        ndr_uint32           :level
+        rprn_byte_array_ptr  :p_drivers
+        ndr_uint32           :cb_buf
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/print_system/rpc_enum_printer_drivers_response.rb

@@ -0,0 +1,23 @@
+module RubySMB
+  module Dcerpc
+    module PrintSystem
+
+      # [3.1.4.4.2 RpcEnumPrinterDrivers (Opnum 10)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rprn/857d00ac-3682-4a0d-86ca-3d3c372e5e4a)
+      class RpcEnumPrinterDriversResponse < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        def initialize_instance
+          super
+          @opnum = RPC_ENUM_PRINTER_DRIVERS
+        end
+
+        rprn_byte_array_ptr  :p_drivers
+        ndr_uint32           :pcb_needed
+        ndr_uint32           :pc_returned
+        ndr_uint32           :error_status
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/print_system/rpc_get_printer_driver_directory_request.rb

@@ -0,0 +1,24 @@
+module RubySMB
+  module Dcerpc
+    module PrintSystem
+
+      # [3.1.4.4.4 RpcGetPrinterDriverDirectory (Opnum 12)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rprn/9df11cf4-4098-4852-ad72-d1f75a82bffe)
+      class RpcGetPrinterDriverDirectoryRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        def initialize_instance
+          super
+          @opnum = RPC_GET_PRINTER_DRIVER_DIRECTORY
+        end
+
+        ndr_wide_stringz_ptr :p_name
+        ndr_wide_stringz_ptr :p_environment
+        ndr_uint32           :level
+        rprn_byte_array_ptr  :p_driver_directory
+        ndr_uint32           :cb_buf
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/print_system/rpc_get_printer_driver_directory_response.rb

@@ -0,0 +1,22 @@
+module RubySMB
+  module Dcerpc
+    module PrintSystem
+
+      # [3.1.4.4.4 RpcGetPrinterDriverDirectory (Opnum 12)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rprn/9df11cf4-4098-4852-ad72-d1f75a82bffe)
+      class RpcGetPrinterDriverDirectoryResponse < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        def initialize_instance
+          super
+          @opnum = RPC_GET_PRINTER_DRIVER_DIRECTORY
+        end
+
+        rprn_byte_array_ptr :p_driver_directory
+        ndr_uint32          :pcb_needed
+        ndr_uint32          :error_status
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/print_system.rb

@@ -0,0 +1,69 @@
+module RubySMB
+  module Dcerpc
+    module PrintSystem
+
+      # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rprn/848b8334-134a-4d02-aea4-03b673d6c515
+      UUID = '12345678-1234-abcd-ef00-0123456789ab'.freeze
+      VER_MAJOR = 1
+      VER_MINOR = 0
+
+      # Operation numbers
+      RPC_ENUM_PRINTER_DRIVERS = 10
+      RPC_GET_PRINTER_DRIVER_DIRECTORY = 12
+      RPC_ADD_PRINTER_DRIVER_EX = 89
+
+      # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rprn/b96cc497-59e5-4510-ab04-5484993b259b
+      APD_STRICT_UPGRADE = 0x00000001
+      APD_STRICT_DOWNGRADE = 0x00000002
+      APD_COPY_ALL_FILES = 0x00000004
+      APD_COPY_NEW_FILES = 0x00000008
+      APD_COPY_FROM_DIRECTORY = 0x00000010
+      APD_DONT_COPY_FILES_TO_CLUSTER = 0x00001000
+      APD_COPY_TO_ALL_SPOOLERS = 0x00002000
+      APD_INSTALL_WARNED_DRIVER = 0x00008000
+      APD_RETURN_BLOCKING_STATUS_CODE = 0x00010000
+
+      # [2.2.1.5.2 DRIVER_INFO_2](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rprn/39bbfc30-8768-4cd4-9930-434857e2c2a2)
+      class DriverInfo2 < RubySMB::Dcerpc::Ndr::NdrStruct
+        default_parameter byte_align: 4
+        endian :little
+
+        ndr_uint32 :c_version
+        ndr_wide_stringz_ptr :p_name
+        ndr_wide_stringz_ptr :p_environment
+        ndr_wide_stringz_ptr :p_driver_path
+        ndr_wide_stringz_ptr :p_data_file
+        ndr_wide_stringz_ptr :p_config_file
+      end
+
+      class PDriverInfo2 < DriverInfo2
+        extend RubySMB::Dcerpc::Ndr::PointerClassPlugin
+      end
+
+      # [2.2.1.2.3 DRIVER_CONTAINER](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rprn/3a3f9cf7-8ec4-4921-b1f6-86cf8d139bc2)
+      class DriverContainer < RubySMB::Dcerpc::Ndr::NdrStruct
+        default_parameter byte_align: 4
+        endian :little
+
+        ndr_uint32 :level, check_value: -> { [2].include?(value) }
+        ndr_uint32 :tag
+        choice :driver_info, selection: :level, byte_align: 4 do
+          p_driver_info2 2
+        end
+      end
+
+      # for RpcEnumPrinterDrivers and RpcGetPrinterDriverDirectory `BYTE*` fields
+      class RprnByteArrayPtr < RubySMB::Dcerpc::Ndr::NdrConfArray
+        default_parameters type: :ndr_uint8
+        extend RubySMB::Dcerpc::Ndr::PointerClassPlugin
+      end
+
+      require 'ruby_smb/dcerpc/print_system/rpc_add_printer_driver_ex_request'
+      require 'ruby_smb/dcerpc/print_system/rpc_add_printer_driver_ex_response'
+      require 'ruby_smb/dcerpc/print_system/rpc_enum_printer_drivers_request'
+      require 'ruby_smb/dcerpc/print_system/rpc_enum_printer_drivers_response'
+      require 'ruby_smb/dcerpc/print_system/rpc_get_printer_driver_directory_request'
+      require 'ruby_smb/dcerpc/print_system/rpc_get_printer_driver_directory_response'
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/ptypes.rb

@@ -17,6 +17,7 @@ module RubySMB
       BIND_NAK           = 13
       ALTER_CONTEXT      = 14
       ALTER_CONTEXT_RESP = 15
+      RPC_AUTH3          = 16
       SHUTDOWN           = 17
       CO_CANCEL          = 18
       ORPHANED           = 19

data/lib/ruby_smb/dcerpc/request.rb

@@ -3,66 +3,113 @@ module RubySMB
     # The Request PDU as defined in
     # [The request PDU](http://pubs.opengroup.org/onlinepubs/9629399/chap12.htm#tagcjh_17_06_04_09)
     class Request < BinData::Record
+      PTYPE = PTypes::REQUEST
+
       endian :little
 
-      pdu_header :pdu_header, label: 'PDU header'
+      # PDU Header
+      pdu_header :pdu_header, label: 'PDU header common fields'
       uint32     :alloc_hint, label: 'Allocation hint', initial_value: -> { stub.num_bytes }
       uint16     :p_cont_id,  label: 'Presentation context identification'
       uint16     :opnum,      label: 'Operation Number'
       uuid       :object,     label: 'Object UID', onlyif: -> { pdu_header.pfc_flags.object_uuid == 1 }
 
+      # PDU Body
       choice :stub, label: 'Stub', selection: -> { @obj.parent.get_parameter(:endpoint) || '' } do
+        string 'Encrypted'
         choice 'Winreg', selection: -> { opnum } do
-          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKCR, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKCR
-          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKCU, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKCU
-          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKLM, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKLM
-          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKPD, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKPD
-          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKU,  opnum: RubySMB::Dcerpc::Winreg::OPEN_HKU
-          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKCC, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKCC
-          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKPT, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKPT
-          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKPN, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKPN
-          close_key_request      RubySMB::Dcerpc::Winreg::REG_CLOSE_KEY
-          enum_key_request       RubySMB::Dcerpc::Winreg::REG_ENUM_KEY
-          enum_value_request     RubySMB::Dcerpc::Winreg::REG_ENUM_VALUE
-          open_key_request       RubySMB::Dcerpc::Winreg::REG_OPEN_KEY
-          query_info_key_request RubySMB::Dcerpc::Winreg::REG_QUERY_INFO_KEY
-          query_value_request    RubySMB::Dcerpc::Winreg::REG_QUERY_VALUE
-          create_key_request     RubySMB::Dcerpc::Winreg::REG_CREATE_KEY
-          save_key_request       RubySMB::Dcerpc::Winreg::REG_SAVE_KEY
+          open_root_key_request  Winreg::OPEN_HKCR, opnum: Winreg::OPEN_HKCR
+          open_root_key_request  Winreg::OPEN_HKCU, opnum: Winreg::OPEN_HKCU
+          open_root_key_request  Winreg::OPEN_HKLM, opnum: Winreg::OPEN_HKLM
+          open_root_key_request  Winreg::OPEN_HKPD, opnum: Winreg::OPEN_HKPD
+          open_root_key_request  Winreg::OPEN_HKU,  opnum: Winreg::OPEN_HKU
+          open_root_key_request  Winreg::OPEN_HKCC, opnum: Winreg::OPEN_HKCC
+          open_root_key_request  Winreg::OPEN_HKPT, opnum: Winreg::OPEN_HKPT
+          open_root_key_request  Winreg::OPEN_HKPN, opnum: Winreg::OPEN_HKPN
+          close_key_request      Winreg::REG_CLOSE_KEY
+          enum_key_request       Winreg::REG_ENUM_KEY
+          enum_value_request     Winreg::REG_ENUM_VALUE
+          open_key_request       Winreg::REG_OPEN_KEY
+          query_info_key_request Winreg::REG_QUERY_INFO_KEY
+          query_value_request    Winreg::REG_QUERY_VALUE
+          create_key_request     Winreg::REG_CREATE_KEY
+          save_key_request       Winreg::REG_SAVE_KEY
           string                 :default
         end
         choice 'Netlogon', selection: -> { opnum } do
-          netr_server_authenticate3_request RubySMB::Dcerpc::Netlogon::NETR_SERVER_AUTHENTICATE3
-          netr_server_password_set2_request RubySMB::Dcerpc::Netlogon::NETR_SERVER_PASSWORD_SET2
-          netr_server_req_challenge_request RubySMB::Dcerpc::Netlogon::NETR_SERVER_REQ_CHALLENGE
+          netr_server_authenticate3_request Netlogon::NETR_SERVER_AUTHENTICATE3
+          netr_server_password_set2_request Netlogon::NETR_SERVER_PASSWORD_SET2
+          netr_server_req_challenge_request Netlogon::NETR_SERVER_REQ_CHALLENGE
           string                            :default
         end
         choice 'Srvsvc', selection: -> { opnum } do
-          net_share_enum_all RubySMB::Dcerpc::Srvsvc::NET_SHARE_ENUM_ALL, host: -> { host rescue '' }
+          net_share_enum_all_request Srvsvc::NET_SHARE_ENUM_ALL
           string             :default
         end
         choice 'Svcctl', selection: -> { opnum } do
-          open_sc_manager_w_request       RubySMB::Dcerpc::Svcctl::OPEN_SC_MANAGER_W
-          open_service_w_request          RubySMB::Dcerpc::Svcctl::OPEN_SERVICE_W
-          query_service_status_request    RubySMB::Dcerpc::Svcctl::QUERY_SERVICE_STATUS
-          query_service_config_w_request  RubySMB::Dcerpc::Svcctl::QUERY_SERVICE_CONFIG_W
-          change_service_config_w_request RubySMB::Dcerpc::Svcctl::CHANGE_SERVICE_CONFIG_W
-          start_service_w_request         RubySMB::Dcerpc::Svcctl::START_SERVICE_W
-          control_service_request         RubySMB::Dcerpc::Svcctl::CONTROL_SERVICE
-          close_service_handle_request    RubySMB::Dcerpc::Svcctl::CLOSE_SERVICE_HANDLE
+          open_sc_manager_w_request       Svcctl::OPEN_SC_MANAGER_W
+          open_service_w_request          Svcctl::OPEN_SERVICE_W
+          query_service_status_request    Svcctl::QUERY_SERVICE_STATUS
+          query_service_config_w_request  Svcctl::QUERY_SERVICE_CONFIG_W
+          change_service_config_w_request Svcctl::CHANGE_SERVICE_CONFIG_W
+          start_service_w_request         Svcctl::START_SERVICE_W
+          control_service_request         Svcctl::CONTROL_SERVICE
+          close_service_handle_request    Svcctl::CLOSE_SERVICE_HANDLE
           string                          :default
         end
+        choice 'Samr', selection: -> { opnum } do
+          samr_connect_request                     Samr::SAMR_CONNECT
+          samr_lookup_domain_in_sam_server_request Samr::SAMR_LOOKUP_DOMAIN_IN_SAM_SERVER
+          samr_open_domain_request                 Samr::SAMR_OPEN_DOMAIN
+          samr_enumerate_users_in_domain_request   Samr::SAMR_ENUMERATE_USERS_IN_DOMAIN
+          samr_rid_to_sid_request                  Samr::SAMR_RID_TO_SID
+          samr_close_handle_request                Samr::SAMR_CLOSE_HANDLE
+          samr_get_alias_membership_request        Samr::SAMR_GET_ALIAS_MEMBERSHIP
+          samr_open_user_request                   Samr::SAMR_OPEN_USER
+          samr_get_groups_for_user_request         Samr::SAMR_GET_GROUPS_FOR_USER
+          string                                   :default
+        end
+        choice 'Wkssvc', selection: -> { opnum } do
+          netr_wksta_get_info_request Wkssvc::NETR_WKSTA_GET_INFO
+          string                      :default
+        end
+        choice 'Epm', selection: -> { opnum } do
+          epm_ept_map_request RubySMB::Dcerpc::Epm::EPT_MAP
+          string                      :default
+        end
+        choice 'Drsr', selection: -> { opnum } do
+          drs_bind_request                   Drsr::DRS_BIND
+          drs_unbind_request                 Drsr::DRS_UNBIND
+          drs_domain_controller_info_request Drsr::DRS_DOMAIN_CONTROLLER_INFO
+          drs_crack_names_request            Drsr::DRS_CRACK_NAMES
+          drs_get_nc_changes_request         Drsr::DRS_GET_NC_CHANGES
+          string                      :default
+        end
         string :default
       end
+      string      :auth_pad,
+        onlyif: -> { has_auth_verifier? },
+        length: -> { (16 - (stub.num_bytes % 16)) % 16 }
 
-      string :auth_verifier, label: 'Authentication verifier',
-        onlyif:      -> { pdu_header.auth_length > 0 },
+      # Auth Verifier
+      sec_trailer :sec_trailer, onlyif: -> { has_auth_verifier? }
+      string      :auth_value, label: 'Authentication verifier',
+        onlyif:      -> { has_auth_verifier? },
         read_length: -> { pdu_header.auth_length }
 
       def initialize_instance
         super
-        pdu_header.ptype = RubySMB::Dcerpc::PTypes::REQUEST
+        pdu_header.ptype = PTYPE
       end
+
+      def enable_encrypted_stub
+        @params[:endpoint] = 'Encrypted'
+      end
+
+      def has_auth_verifier?
+        self.pdu_header.auth_length > 0
+      end
+
     end
   end
 end

data/lib/ruby_smb/dcerpc/response.rb

@@ -3,24 +3,59 @@ module RubySMB
     # The Response PDU as defined in
     # [The response PDU](http://pubs.opengroup.org/onlinepubs/9629399/chap12.htm#tagcjh_17_06_04_10)
     class Response < BinData::Record
-      endian :little
+      PTYPE = PTypes::RESPONSE
 
-      pdu_header :pdu_header, label: 'PDU header'
+      endian :little
 
-      uint32 :alloc_hint,    label: 'Allocation hint',  initial_value: -> { stub.do_num_bytes }
-      uint16 :p_cont_id,     label: 'Presentation context identification'
-      uint8  :cancel_count,  label: 'Cancel count'
-      uint8  :reserved
+      # PDU Header
+      pdu_header  :pdu_header, label: 'PDU header common fields'
+      uint32      :alloc_hint, label: 'Allocation hint',  initial_value: -> { stub.do_num_bytes }
+      uint16      :p_cont_id, label: 'Presentation context identification'
+      uint8       :cancel_count, label: 'Cancel count'
+      uint8       :reserved
 
-      string :stub,          label: 'Stub', read_length: -> { pdu_header.frag_length - stub.abs_offset - pdu_header.auth_length }
+      # PDU Body
+      string      :stub, label: 'Stub', read_length: -> { stub_length }
+      string      :auth_pad,
+        onlyif: -> { has_auth_verifier? },
+        length: -> { (16 - (stub.num_bytes % 16)) % 16 }
 
-      string :auth_verifier, label: 'Authentication verifier',
-        onlyif: -> { pdu_header.auth_length > 0 },
+      # Auth Verifier
+      sec_trailer :sec_trailer, onlyif: -> { has_auth_verifier? }
+      string      :auth_value, label: 'Authentication verifier',
+        onlyif: -> { has_auth_verifier? },
         read_length: -> { pdu_header.auth_length }
 
       def initialize_instance
         super
-        pdu_header.ptype = RubySMB::Dcerpc::PTypes::RESPONSE
+        pdu_header.ptype = PTYPE
+      end
+
+      def has_auth_verifier?
+        self.pdu_header.auth_length > 0
+      end
+
+      def stub_length
+        stub_length = pdu_header.frag_length - stub.rel_offset
+        if has_auth_verifier?
+          # Note that the resulting stub length includes auth_pad. We will be
+          # able to separate the auth_pad from the stub once the sec_trailer
+          # structure is read.
+          stub_length -= (sec_trailer.num_bytes + pdu_header.auth_length)
+        end
+        stub_length
+      end
+
+      def read(io)
+        super
+        if has_auth_verifier? && sec_trailer.auth_pad_length > 0
+          # At this point, auth_pad is at the end of the stub. We need to move
+          # it to the correct field. It is now possible since we know its
+          # length from the sec_trailer auth_pad_length field.
+          pad = stub[-(sec_trailer.auth_pad_length)..-1]
+          stub.assign(stub[0...-(sec_trailer.auth_pad_length)])
+          auth_pad.assign(pad)
+        end
       end
     end
   end

data/lib/ruby_smb/dcerpc/rpc_auth3.rb

@@ -0,0 +1,28 @@
+module RubySMB
+  module Dcerpc
+
+    # [2.2.2.10 rpc_auth_3 PDU](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rpce/a6b7b03c-4ac5-4c25-8c52-f2bec872ac97)
+    class RpcAuth3 < BinData::Record
+      PTYPE = PTypes::RPC_AUTH3
+
+      endian :little
+
+      # PDU Header
+      pdu_header  :pdu_header
+      uint32      :pad
+
+      # Auth Verifier
+      sec_trailer :sec_trailer, onlyif: -> { pdu_header.auth_length > 0 }
+      string      :auth_value,
+        onlyif: -> { pdu_header.auth_length > 0 },
+        read_length: -> { pdu_header.auth_length }
+
+      def initialize_instance
+        super
+        pdu_header.ptype = PTYPE
+      end
+    end
+  end
+end
+
+