ruby_smb 2.0.3 → 2.0.8

data/lib/ruby_smb/dispatcher/socket.rb

@@ -55,7 +55,7 @@ module RubySMB
 
       # Read a packet off the wire and parse it into a string
       #
-      # @param full_response [Boolean] whether to include the NetBios Session Service header in the repsonse
+      # @param full_response [Boolean] whether to include the NetBios Session Service header in the response
       # @return [String] the raw response (including the NetBios Session Service header if full_response is true)
       # @raise [RubySMB::Error::NetBiosSessionService] if there's an error reading the first 4 bytes,
       #   which are assumed to be the NetBiosSessionService header.

data/lib/ruby_smb/error.rb

@@ -16,23 +16,26 @@ module RubySMB
     # Raised when trying to parse raw binary into a Packet and the data
     # is invalid.
     class InvalidPacket < RubySMBError
+      attr_reader :status_code
       def initialize(args = nil)
         if args.nil?
           super
         elsif args.is_a? String
           super(args)
         elsif args.is_a? Hash
-          expected_proto = args[:expected_proto] ? translate_protocol(args[:expected_proto]) : "???"
-          expected_cmd = args[:expected_cmd] || "???"
-          received_proto = args[:received_proto] ? translate_protocol(args[:received_proto]) : "???"
-          received_cmd = args[:received_cmd] || "???"
+          expected_proto = args[:expected_proto] ? translate_protocol(args[:expected_proto]) : '???'
+          expected_cmd = args[:expected_cmd] || '???'
+          received_proto = args[:packet]&.packet_smb_version || '???'
+          received_cmd = get_cmd(args[:packet]) || '???'
+          @status_code = args[:packet]&.status_code
           super(
             "Expecting #{expected_proto} protocol "\
             "with command=#{expected_cmd}"\
             "#{(" (" + args[:expected_custom] + ")") if args[:expected_custom]}, "\
             "got #{received_proto} protocol "\
             "with command=#{received_cmd}"\
-            "#{(" (" + args[:received_custom] + ")") if args[:received_custom]}"
+            "#{(" (" + args[:received_custom] + ")") if args[:received_custom]}"\
+            "#{(", Status: #{@status_code}") if @status_code}"
           )
         else
           raise ArgumentError, "InvalidPacket expects a String or a Hash, got a #{args.class}"
@@ -50,6 +53,19 @@ module RubySMB
         end
       end
       private :translate_protocol
+
+      def get_cmd(packet)
+        return nil unless packet
+        case packet.packet_smb_version
+        when 'SMB1'
+          packet.smb_header.command
+        when 'SMB2'
+          packet.smb2_header.command
+        else
+          nil
+        end
+      end
+      private :get_cmd
     end
 
     # Raised when a response packet has a NTStatus code that was unexpected.

data/lib/ruby_smb/generic_packet.rb

@@ -49,7 +49,17 @@ module RubySMB
           when /SMB1/
             packet = RubySMB::SMB1::Packet::EmptyPacket.read(val)
           when /SMB2/
-            packet = RubySMB::SMB2::Packet::ErrorPacket.read(val)
+            begin
+              packet = RubySMB::SMB2::Packet::ErrorPacket.read(val)
+            rescue RubySMB::Error::InvalidPacket
+              # Handle the case where an SMB2 error packet is expected, but the
+              # server sent an SMB1 empty packet instead. This behavior has been
+              # observed with older versions of Samba when something goes wrong
+              # on the server side. We just want to give it a chance and try to
+              # parse it as an SMB1 empty packet to keep information and avoid
+              # failing as much as possible.
+              packet = RubySMB::SMB1::Packet::EmptyPacket.read(val)
+            end
           else
             raise RubySMB::Error::InvalidPacket, 'Not a valid SMB packet'
         end

data/lib/ruby_smb/smb1/file.rb

@@ -86,8 +86,7 @@ module RubySMB
           raise RubySMB::Error::InvalidPacket.new(
             expected_proto: RubySMB::SMB1::SMB_PROTOCOL_ID,
             expected_cmd:   RubySMB::SMB1::Packet::CloseResponse::COMMAND,
-            received_proto: response.smb_header.protocol,
-            received_cmd:   response.smb_header.command
+            packet:         response
           )
         end
         unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
@@ -118,8 +117,7 @@ module RubySMB
             raise RubySMB::Error::InvalidPacket.new(
               expected_proto: RubySMB::SMB1::SMB_PROTOCOL_ID,
               expected_cmd:   RubySMB::SMB1::Packet::ReadAndxResponse::COMMAND,
-              received_proto: response.smb_header.protocol,
-              received_cmd:   response.smb_header.command
+              packet:         response
             )
           end
           unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
@@ -167,8 +165,7 @@ module RubySMB
           raise RubySMB::Error::InvalidPacket.new(
             expected_proto: RubySMB::SMB1::SMB_PROTOCOL_ID,
             expected_cmd:   RubySMB::SMB1::Packet::ReadAndxResponse::COMMAND,
-            received_proto: response.smb_header.protocol,
-            received_cmd:   response.smb_header.command
+            packet:         response
           )
         end
         unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
@@ -189,8 +186,7 @@ module RubySMB
           raise RubySMB::Error::InvalidPacket.new(
             expected_proto: RubySMB::SMB1::SMB_PROTOCOL_ID,
             expected_cmd:   RubySMB::SMB1::Packet::Trans2::SetFileInformationResponse::COMMAND,
-            received_proto: response.smb_header.protocol,
-            received_cmd:   response.smb_header.command
+            packet:         response
           )
         end
         response.status_code
@@ -231,8 +227,7 @@ module RubySMB
             raise RubySMB::Error::InvalidPacket.new(
               expected_proto: RubySMB::SMB1::SMB_PROTOCOL_ID,
               expected_cmd:   RubySMB::SMB1::Packet::WriteAndxResponse::COMMAND,
-              received_proto: response.smb_header.protocol,
-              received_cmd:   response.smb_header.command
+              packet:         response
             )
           end
           unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
@@ -271,8 +266,7 @@ module RubySMB
           raise RubySMB::Error::InvalidPacket.new(
             expected_proto: RubySMB::SMB1::SMB_PROTOCOL_ID,
             expected_cmd:   RubySMB::SMB1::Packet::WriteAndxResponse::COMMAND,
-            received_proto: response.smb_header.protocol,
-            received_cmd:   response.smb_header.command
+            packet:         response
           )
         end
         response.parameter_block.count_low
@@ -290,8 +284,7 @@ module RubySMB
           raise RubySMB::Error::InvalidPacket.new(
             expected_proto: RubySMB::SMB1::SMB_PROTOCOL_ID,
             expected_cmd:   RubySMB::SMB1::Packet::Trans2::SetFileInformationResponse::COMMAND,
-            received_proto: response.smb_header.protocol,
-            received_cmd:   response.smb_header.command
+            packet:         response
           )
         end
         response.status_code
@@ -308,7 +301,7 @@ module RubySMB
         passthrough_info_level = RubySMB::Fscc::FileInformation::FILE_RENAME_INFORMATION +
           RubySMB::Fscc::FileInformation::SMB_INFO_PASSTHROUGH
         rename_request.data_block.trans2_parameters.information_level = passthrough_info_level
-        rename_request.data_block.trans2_data.info_level_struct.file_name = new_file_name.encode('utf-16le')
+        rename_request.data_block.trans2_data.info_level_struct.file_name = new_file_name
         set_trans2_params(rename_request)
       end
 

data/lib/ruby_smb/smb1/packet/trans2/find_first2_response.rb

@@ -40,7 +40,6 @@ module RubySMB
 
           # The {RubySMB::SMB1::DataBlock} specific to this packet type.
           class DataBlock < RubySMB::SMB1::Packet::Trans2::DataBlock
-            uint8              :name,               label: 'Name', initial_value: 0x00
             string             :pad1,               length: -> { pad1_length }
             trans2_parameters  :trans2_parameters,  label: 'Trans2 Parameters'
             string             :pad2,               length: -> { pad2_length }

data/lib/ruby_smb/smb1/packet/trans2/find_next2_response.rb

@@ -39,7 +39,6 @@ module RubySMB
 
           # The {RubySMB::SMB1::DataBlock} specific to this packet type.
           class DataBlock < RubySMB::SMB1::Packet::Trans2::DataBlock
-            uint8              :name,               label: 'Name', initial_value: 0x00
             string             :pad1,               length: -> { pad1_length }
             trans2_parameters  :trans2_parameters,  label: 'Trans2 Parameters'
             string             :pad2,               length: -> { pad2_length }

data/lib/ruby_smb/smb1/packet/trans2/open2_response.rb

@@ -44,8 +44,7 @@ module RubySMB
           class DataBlock < RubySMB::SMB1::Packet::Trans2::DataBlock
             string             :pad1,               length: -> { pad1_length }
             trans2_parameters  :trans2_parameters,  label: 'Trans2 Parameters'
-            string             :pad2,               length: -> { pad2_length }
-            string             :trans2_data,        label: 'Trans2 Data', length: 0
+            # trans2_data: No data is sent by this message.
           end
 
           smb_header        :smb_header

data/lib/ruby_smb/smb1/packet/trans2/set_file_information_response.rb

@@ -23,23 +23,11 @@ module RubySMB
             end
           end
 
-          # The Trans2 Data Block for this particular Subcommand
-          class Trans2Data < BinData::Record
-
-            # Returns the length of the Trans2Data struct
-            # in number of bytes
-            def length
-              do_num_bytes
-            end
-          end
-
           # The {RubySMB::SMB1::DataBlock} specific to this packet type.
           class DataBlock < RubySMB::SMB1::Packet::Trans2::DataBlock
-            uint8              :name,               label: 'Name', initial_value: 0x00
             string             :pad1,               length: -> { pad1_length }
             trans2_parameters  :trans2_parameters,  label: 'Trans2 Parameters'
-            string             :pad2,               length: -> { pad2_length }
-            trans2_data        :trans2_data,        label: 'Trans2 Data'
+            # trans2_data: No data is sent by this message.
           end
 
           smb_header        :smb_header

data/lib/ruby_smb/smb1/pipe.rb

@@ -16,12 +16,14 @@ module RubySMB
       def initialize(tree:, response:, name:)
         raise ArgumentError, 'No Name Provided' if name.nil?
         case name
-        when 'srvsvc'
+        when 'netlogon', '\\netlogon'
+          extend RubySMB::Dcerpc::Netlogon
+        when 'srvsvc', '\\srvsvc'
           extend RubySMB::Dcerpc::Srvsvc
-        when 'winreg'
-          extend RubySMB::Dcerpc::Winreg
-        when 'svcctl'
+        when 'svcctl', '\\svcctl'
           extend RubySMB::Dcerpc::Svcctl
+        when 'winreg', '\\winreg'
+          extend RubySMB::Dcerpc::Winreg
         end
         super(tree: tree, response: response, name: name)
       end
@@ -43,8 +45,7 @@ module RubySMB
           raise RubySMB::Error::InvalidPacket.new(
             expected_proto: RubySMB::SMB1::SMB_PROTOCOL_ID,
             expected_cmd:   RubySMB::SMB1::Packet::Trans::PeekNmpipeRequest::COMMAND,
-            received_proto: response.smb_header.protocol,
-            received_cmd:   response.smb_header.command
+            packet:         response
           )
         end
 
@@ -102,8 +103,7 @@ module RubySMB
           raise RubySMB::Error::InvalidPacket.new(
             expected_proto: RubySMB::SMB1::SMB_PROTOCOL_ID,
             expected_cmd:   RubySMB::SMB1::Packet::Trans::TransactNmpipeResponse::COMMAND,
-            received_proto: trans_nmpipe_response.smb_header.protocol,
-            received_cmd:   trans_nmpipe_response.smb_header.command
+            packet:         trans_nmpipe_response
           )
         end
         unless [WindowsError::NTStatus::STATUS_SUCCESS,

data/lib/ruby_smb/smb1/tree.rb

@@ -49,13 +49,20 @@ module RubySMB
           raise RubySMB::Error::InvalidPacket.new(
             expected_proto: RubySMB::SMB1::SMB_PROTOCOL_ID,
             expected_cmd:   RubySMB::SMB1::Packet::TreeDisconnectResponse::COMMAND,
-            received_proto: response.smb_header.protocol,
-            received_cmd:   response.smb_header.command
+            packet:         response
           )
         end
         response.status_code
       end
 
+      def open_pipe(opts)
+        # Make sure we don't modify the caller's hash options
+        opts = opts.dup
+        opts[:filename] = opts[:filename].dup
+        opts[:filename].prepend('\\') unless opts[:filename].start_with?('\\')
+        open_file(opts)
+      end
+
       # Open a file on the remote share.
       #
       # @example
@@ -135,15 +142,14 @@ module RubySMB
           raise RubySMB::Error::InvalidPacket.new(
             expected_proto: RubySMB::SMB1::SMB_PROTOCOL_ID,
             expected_cmd:   RubySMB::SMB1::Packet::NtCreateAndxResponse::COMMAND,
-            received_proto: response.smb_header.protocol,
-            received_cmd:   response.smb_header.command
+            packet:         response
           )
         end
         unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
           raise RubySMB::Error::UnexpectedStatusCode, response.status_code
         end
 
-        case response.parameter_block.resource_type 
+        case response.parameter_block.resource_type
         when RubySMB::SMB1::ResourceType::BYTE_MODE_PIPE, RubySMB::SMB1::ResourceType::MESSAGE_MODE_PIPE
           RubySMB::SMB1::Pipe.new(name: filename, tree: self, response: response)
         when RubySMB::SMB1::ResourceType::DISK
@@ -195,8 +201,7 @@ module RubySMB
           raise RubySMB::Error::InvalidPacket.new(
             expected_proto: RubySMB::SMB1::SMB_PROTOCOL_ID,
             expected_cmd:   RubySMB::SMB1::Packet::Trans2::FindFirst2Response::COMMAND,
-            received_proto: response.smb_header.protocol,
-            received_cmd:   response.smb_header.command
+            packet:         response
           )
         end
         unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
@@ -230,8 +235,7 @@ module RubySMB
             raise RubySMB::Error::InvalidPacket.new(
               expected_proto: RubySMB::SMB1::SMB_PROTOCOL_ID,
               expected_cmd:   RubySMB::SMB1::Packet::Trans2::FindNext2Response::COMMAND,
-              received_proto: response.smb_header.protocol,
-              received_cmd:   response.smb_header.command
+              packet:         response
             )
           end
           unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS

data/lib/ruby_smb/smb2/file.rb

@@ -95,8 +95,7 @@ module RubySMB
           raise RubySMB::Error::InvalidPacket.new(
             expected_proto: RubySMB::SMB2::SMB2_PROTOCOL_ID,
             expected_cmd:   RubySMB::SMB2::Packet::CloseResponse::COMMAND,
-            received_proto: response.smb2_header.protocol,
-            received_cmd:   response.smb2_header.command
+            packet:         response
           )
         end
         unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
@@ -130,8 +129,7 @@ module RubySMB
           raise RubySMB::Error::InvalidPacket.new(
             expected_proto: RubySMB::SMB2::SMB2_PROTOCOL_ID,
             expected_cmd:   RubySMB::SMB2::Packet::ReadResponse::COMMAND,
-            received_proto: response.smb2_header.protocol,
-            received_cmd:   response.smb2_header.command
+            packet:         response
           )
         end
         unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
@@ -153,8 +151,7 @@ module RubySMB
             raise RubySMB::Error::InvalidPacket.new(
               expected_proto: RubySMB::SMB2::SMB2_PROTOCOL_ID,
               expected_cmd:   RubySMB::SMB2::Packet::ReadResponse::COMMAND,
-              received_proto: response.smb2_header.protocol,
-              received_cmd:   response.smb2_header.command
+              packet:         response
             )
           end
           unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
@@ -189,8 +186,7 @@ module RubySMB
           raise RubySMB::Error::InvalidPacket.new(
             expected_proto: RubySMB::SMB2::SMB2_PROTOCOL_ID,
             expected_cmd:   RubySMB::SMB2::Packet::ReadResponse::COMMAND,
-            received_proto: response.smb2_header.protocol,
-            received_cmd:   response.smb2_header.command
+            packet:         response
           )
         end
         unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
@@ -210,8 +206,7 @@ module RubySMB
           raise RubySMB::Error::InvalidPacket.new(
             expected_proto: RubySMB::SMB2::SMB2_PROTOCOL_ID,
             expected_cmd:   RubySMB::SMB2::Packet::SetInfoResponse::COMMAND,
-            received_proto: response.smb2_header.protocol,
-            received_cmd:   response.smb2_header.command
+            packet:         response
           )
         end
         response.smb2_header.nt_status.to_nt_status
@@ -262,8 +257,7 @@ module RubySMB
             raise RubySMB::Error::InvalidPacket.new(
               expected_proto: RubySMB::SMB2::SMB2_PROTOCOL_ID,
               expected_cmd:   RubySMB::SMB2::Packet::WriteResponse::COMMAND,
-              received_proto: response.smb2_header.protocol,
-              received_cmd:   response.smb2_header.command
+              packet:         response
             )
           end
           status        = response.smb2_header.nt_status.to_nt_status
@@ -297,8 +291,7 @@ module RubySMB
           raise RubySMB::Error::InvalidPacket.new(
             expected_proto: RubySMB::SMB2::SMB2_PROTOCOL_ID,
             expected_cmd:   RubySMB::SMB2::Packet::WriteResponse::COMMAND,
-            received_proto: response.smb2_header.protocol,
-            received_cmd:   response.smb2_header.command
+            packet:         response
           )
         end
         unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
@@ -319,8 +312,7 @@ module RubySMB
           raise RubySMB::Error::InvalidPacket.new(
             expected_proto: RubySMB::SMB2::SMB2_PROTOCOL_ID,
             expected_cmd:   RubySMB::SMB2::Packet::SetInfoResponse::COMMAND,
-            received_proto: response.smb2_header.protocol,
-            received_cmd:   response.smb2_header.command
+            packet:         response
           )
         end
         response.smb2_header.nt_status.to_nt_status

data/lib/ruby_smb/smb2/packet/compression_transform_header.rb

@@ -3,6 +3,9 @@ module RubySMB
     module Packet
       # An SMB2 COMPRESSION_TRANSFORM_HEADER Packet as defined in
       # [2.2.42 SMB2 COMPRESSION_TRANSFORM_HEADER](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/1d435f21-9a21-4f4c-828e-624a176cf2a0)
+      # NOTE: On 2021-04-06 the official documentation split the definition of COMPRESSION_TRANSFORM_HEADER into the following two variants:
+      #   * SMB2_COMPRESSION_TRANSFORM_HEADER_CHAINED
+      #   * SMB2_COMPRESSION_TRANSFORM_HEADER_UNCHAINED
       class CompressionTransformHeader < BinData::Record
         endian :little
 
@@ -11,6 +14,7 @@ module RubySMB
         uint16           :compression_algorithm,            label: 'Compression Algorithm'
         uint16           :flags,                            label: 'Flags'
         uint32           :offset,                           label: 'Offset / Length'
+        array            :compressed_data,                  label: 'Compressed Data', type: :uint8, read_until: :eof
       end
 
       # An SMB2 SMB2_COMPRESSION_TRANSFORM_HEADER_PAYLOAD Packet as defined in

data/lib/ruby_smb/smb2/pipe.rb

@@ -13,12 +13,14 @@ module RubySMB
       def initialize(tree:, response:, name:)
         raise ArgumentError, 'No Name Provided' if name.nil?
         case name
-        when 'srvsvc'
+        when 'netlogon', '\\netlogon'
+          extend RubySMB::Dcerpc::Netlogon
+        when 'srvsvc', '\\srvsvc'
           extend RubySMB::Dcerpc::Srvsvc
-        when 'winreg'
-          extend RubySMB::Dcerpc::Winreg
-        when 'svcctl'
+        when 'svcctl', '\\svcctl'
           extend RubySMB::Dcerpc::Svcctl
+        when 'winreg', '\\winreg'
+          extend RubySMB::Dcerpc::Winreg
         end
         super(tree: tree, response: response, name: name)
       end
@@ -42,8 +44,7 @@ module RubySMB
           raise RubySMB::Error::InvalidPacket.new(
             expected_proto: RubySMB::SMB2::SMB2_PROTOCOL_ID,
             expected_cmd:   RubySMB::SMB2::Packet::IoctlResponse::COMMAND,
-            received_proto: response.smb2_header.protocol,
-            received_cmd:   response.smb2_header.command
+            packet:         response
           )
         end
 
@@ -100,8 +101,7 @@ module RubySMB
           raise RubySMB::Error::InvalidPacket.new(
             expected_proto: RubySMB::SMB2::SMB2_PROTOCOL_ID,
             expected_cmd:   RubySMB::SMB2::Packet::IoctlRequest::COMMAND,
-            received_proto: ioctl_response.smb2_header.protocol,
-            received_cmd:   ioctl_response.smb2_header.command
+            packet:         ioctl_response
           )
         end
         unless [WindowsError::NTStatus::STATUS_SUCCESS,