ruby_smb 2.0.4 → 2.0.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 43f9f98936e870ad767348eb90c66f17eaf5e56c62b7792e13502c860bf8c4f1
-  data.tar.gz: b57d0bdee72f2fde7ee700771f85cd0f442f3ca5be70b4564b1598df05474860
+  metadata.gz: 6c56b48b8782a1622a0d9586244a82a4527868e20519a5ab7339a4b679909288
+  data.tar.gz: b5aef9f1775e56661b9248567f5a2d254a7b64e67b7252cc742a66b392ab45a4
 SHA512:
-  metadata.gz: '08c1bea7f46add92b4bf6746ec3794a7845a0d0dccb8a8d338d7b3fd07133b670b5509bfd1a71fa10dcc11059bcd01b38a0da664c9fe7b86aa8d58738d0215e8'
-  data.tar.gz: 69efcb218b522cd233a593ccd281786732f76c717349f44c776a1a7f9790a697b46ccc63b60ab01b31b58ab38487c2d0c3ff3db7c99f55dd7fda469c1ecc5d90
+  metadata.gz: 1cf475d6429f701a37557668a1baba47ff241109c99c5a133e3f0c89dbdfc6eda8658952485b8e71eed8a6815541a2d729a093b96230907e2c58f9a63170851d
+  data.tar.gz: d5189ce906e257765049e08a6c60d360c5c6bbc389c40d51a3d18c882e68375578cadf74b5b1b892a2b8bee72d3b2ffdc3384259ce0d4213f6d98d076cfcd21e

data/.github/workflows/verify.yml

@@ -0,0 +1,56 @@
+name: Verify
+
+on:
+  push:
+    branches:
+      - '*'
+  pull_request:
+    branches:
+      - '*'
+
+jobs:
+  test:
+    runs-on: ubuntu-16.04
+    timeout-minutes: 40
+
+    strategy:
+      fail-fast: true
+      matrix:
+        ruby:
+          - 2.5
+          - 2.6
+          - 2.7
+        test_cmd:
+          - bundle exec rspec
+
+    env:
+      RAILS_ENV: test
+
+    name: Ruby ${{ matrix.ruby }} - ${{ matrix.test_cmd }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - uses: actions/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+
+      - name: Setup bundler
+        run: |
+          gem install bundler
+      - uses: actions/cache@v2
+        with:
+          path: vendor/bundle
+          key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-gems-
+      - name: Bundle install
+        run: |
+          bundle config path vendor/bundle
+          bundle install --jobs 4 --retry 3
+      - name: ${{ matrix.test_cmd }}
+        run: |
+          echo "${CMD}"
+          bash -c "${CMD}"
+        env:
+          CMD: ${{ matrix.test_cmd }}

data/README.md

@@ -1,6 +1,5 @@
 # RubySMB
 
-[![Build Status](https://travis-ci.org/rapid7/ruby_smb.svg?branch=master)](https://travis-ci.org/rapid7/ruby_smb)
 [![Code Climate](https://codeclimate.com/github/rapid7/ruby_smb.png)](https://codeclimate.com/github/rapid7/ruby_smb)
 [![Coverage Status](https://coveralls.io/repos/github/rapid7/ruby_smb/badge.svg?branch=master)](https://coveralls.io/github/rapid7/ruby_smb?branch=master)
 

data/lib/ruby_smb.rb

@@ -8,8 +8,8 @@ require 'windows_error'
 require 'windows_error/nt_status'
 # A packet parsing and manipulation library for the SMB1 and SMB2 protocols
 #
-# [[MS-SMB] Server Mesage Block (SMB) Protocol Version 1](https://msdn.microsoft.com/en-us/library/cc246482.aspx)
-# [[MS-SMB2] Server Mesage Block (SMB) Protocol Versions 2 and 3](https://msdn.microsoft.com/en-us/library/cc246482.aspx)
+# [[MS-SMB] Server Message Block (SMB) Protocol Version 1](https://msdn.microsoft.com/en-us/library/cc246482.aspx)
+# [[MS-SMB2] Server Message Block (SMB) Protocol Versions 2 and 3](https://msdn.microsoft.com/en-us/library/cc246482.aspx)
 module RubySMB
   require 'ruby_smb/error'
   require 'ruby_smb/dispositions'
@@ -26,4 +26,5 @@ module RubySMB
   require 'ruby_smb/smb1'
   require 'ruby_smb/client'
   require 'ruby_smb/crypto'
+  require 'ruby_smb/compression'
 end

data/lib/ruby_smb/client.rb

@@ -277,7 +277,8 @@ module RubySMB
     # @param smb1 [Boolean] whether or not to enable SMB1 support
     # @param smb2 [Boolean] whether or not to enable SMB2 support
     # @param smb3 [Boolean] whether or not to enable SMB3 support
-    def initialize(dispatcher, smb1: true, smb2: true, smb3: true, username:, password:, domain: '.', local_workstation: 'WORKSTATION', always_encrypt: true)
+    def initialize(dispatcher, smb1: true, smb2: true, smb3: true, username:, password:, domain: '.',
+                   local_workstation: 'WORKSTATION', always_encrypt: true, ntlm_flags: default_flags)
       raise ArgumentError, 'No Dispatcher provided' unless dispatcher.is_a? RubySMB::Dispatcher::Base
       if smb1 == false && smb2 == false && smb3 == false
         raise ArgumentError, 'You must enable at least one Protocol'
@@ -296,7 +297,7 @@ module RubySMB
       @smb3              = smb3
       @username          = username.encode('utf-8') || ''.encode('utf-8')
       @max_buffer_size   = MAX_BUFFER_SIZE
-      # These sizes will be modifed during negotiation
+      # These sizes will be modified during negotiation
       @server_max_buffer_size = SERVER_MAX_BUFFER_SIZE
       @server_max_read_size   = RubySMB::SMB2::File::MAX_PACKET_SIZE
       @server_max_write_size  = RubySMB::SMB2::File::MAX_PACKET_SIZE
@@ -306,18 +307,12 @@ module RubySMB
       # SMB 3.x options
       @session_encrypt_data = always_encrypt
 
-      negotiate_version_flag = 0x02000000
-      flags = Net::NTLM::Client::DEFAULT_FLAGS |
-        Net::NTLM::FLAGS[:TARGET_INFO] |
-        negotiate_version_flag ^
-        Net::NTLM::FLAGS[:OEM]
-
       @ntlm_client = Net::NTLM::Client.new(
         @username,
         @password,
         workstation: @local_workstation,
         domain: @domain,
-        flags: flags
+        flags: ntlm_flags
       )
 
       @tree_connects = []
@@ -368,31 +363,28 @@ module RubySMB
 
     # Performs protocol negotiation and session setup. It defaults to using
     # the credentials supplied during initialization, but can take a new set of credentials if needed.
-    def login(username: self.username, password: self.password, domain: self.domain, local_workstation: self.local_workstation)
+    def login(username: self.username, password: self.password,
+              domain: self.domain, local_workstation: self.local_workstation,
+              ntlm_flags: default_flags)
       negotiate
-      session_setup(username, password, domain, true,
-                    local_workstation: local_workstation)
+      session_setup(username, password, domain,
+                    local_workstation: local_workstation,
+                    ntlm_flags: ntlm_flags)
     end
 
     def session_setup(user, pass, domain, do_recv=true,
-                      local_workstation: self.local_workstation)
+                      local_workstation: self.local_workstation, ntlm_flags: default_flags)
       @domain            = domain
       @local_workstation = local_workstation
       @password          = pass.encode('utf-8') || ''.encode('utf-8')
       @username          = user.encode('utf-8') || ''.encode('utf-8')
 
-      negotiate_version_flag = 0x02000000
-      flags = Net::NTLM::Client::DEFAULT_FLAGS |
-        Net::NTLM::FLAGS[:TARGET_INFO] |
-        negotiate_version_flag ^
-        Net::NTLM::FLAGS[:OEM]
-
       @ntlm_client = Net::NTLM::Client.new(
           @username,
           @password,
           workstation: @local_workstation,
           domain: @domain,
-          flags: flags
+          flags: ntlm_flags
       )
 
       authenticate
@@ -431,7 +423,7 @@ module RubySMB
     end
 
     # Sends a packet and receives the raw response through the Dispatcher.
-    # It will also sign the packet if neccessary.
+    # It will also sign the packet if necessary.
     #
     # @param packet [RubySMB::GenericPacket] the request to be sent
     # @param encrypt [Boolean] true if encryption has to be enabled for this transaction
@@ -654,5 +646,17 @@ module RubySMB
         @preauth_integrity_hash_value + data.to_binary_s
       )
     end
+
+    private
+
+    def default_flags
+      negotiate_version_flag = 0x02000000
+      flags = Net::NTLM::Client::DEFAULT_FLAGS |
+        Net::NTLM::FLAGS[:TARGET_INFO] |
+        negotiate_version_flag ^
+        Net::NTLM::FLAGS[:OEM]
+
+      flags
+    end
   end
 end

data/lib/ruby_smb/client/negotiation.rb

@@ -57,15 +57,20 @@ module RubySMB
 
       # Takes the raw response data from the server and tries
       # parse it into a valid Response packet object.
-      # This method currently assumes that all SMB1 will use Extended Security.
       #
       # @param raw_data [String] the raw binary response from the server
       # @return [RubySMB::SMB1::Packet::NegotiateResponseExtended] when the response is an SMB1 Extended Security Negotiate Response Packet
+      # @return [RubySMB::SMB1::Packet::NegotiateResponse] when the response is an SMB1 Negotiate Response Packet
       # @return [RubySMB::SMB2::Packet::NegotiateResponse] when the response is an SMB2 Negotiate Response Packet
       def negotiate_response(raw_data)
         response = nil
         if smb1
           packet = RubySMB::SMB1::Packet::NegotiateResponseExtended.read raw_data
+
+          unless packet.valid?
+            packet = RubySMB::SMB1::Packet::NegotiateResponse.read raw_data
+          end
+
           response = packet if packet.valid?
         end
         if (smb2 || smb3) && response.nil?
@@ -74,17 +79,10 @@ module RubySMB
         end
         if response.nil?
           if packet.packet_smb_version == 'SMB1'
-            extended_security = if packet.is_a? RubySMB::SMB1::Packet::NegotiateResponseExtended
-              packet.parameter_block.capabilities.extended_security
-            else
-              "n/a"
-            end
             raise RubySMB::Error::InvalidPacket.new(
               expected_proto:  RubySMB::SMB1::SMB_PROTOCOL_ID,
-              expected_cmd:    RubySMB::SMB1::Packet::NegotiateResponseExtended::COMMAND,
-              expected_custom: "extended_security=1",
-              packet:          packet,
-              received_custom: "extended_security=#{extended_security}"
+              expected_cmd:    RubySMB::SMB1::Packet::NegotiateResponse::COMMAND,
+              packet:          packet
             )
           elsif packet.packet_smb_version == 'SMB2'
             raise RubySMB::Error::InvalidPacket.new(
@@ -275,8 +273,8 @@ module RubySMB
             context_type: RubySMB::SMB2::NegotiateContext::SMB2_COMPRESSION_CAPABILITIES
           )
           # Adding all possible compression algorithm even if we don't support
-          # them yet. This will force the server to disclose the support
-          # algorithms in the repsonse.
+          # them yet. This will force the server to disclose the supported
+          # algorithms in the response.
           nc.data.compression_algorithms << RubySMB::SMB2::CompressionCapabilities::LZNT1
           nc.data.compression_algorithms << RubySMB::SMB2::CompressionCapabilities::LZ77
           nc.data.compression_algorithms << RubySMB::SMB2::CompressionCapabilities::LZ77_Huffman

data/lib/ruby_smb/compression.rb

@@ -0,0 +1,7 @@
+module RubySMB
+  module Compression
+
+    require 'ruby_smb/compression/lznt1'
+
+  end
+end

data/lib/ruby_smb/compression/lznt1.rb

@@ -0,0 +1,164 @@
+module RubySMB
+  module Compression
+    module LZNT1
+      def self.compress(buf, chunk_size: 0x1000)
+        out = ''
+        until buf.empty?
+          chunk = buf[0...chunk_size]
+          compressed = compress_chunk(chunk)
+          # chunk is compressed
+          if compressed.length < chunk.length
+            out << [0xb000 | (compressed.length - 1)].pack('v')
+            out << compressed
+          else
+            out << [0x3000 | (chunk.length - 1)].pack('v')
+            out << chunk
+          end
+          buf = buf[chunk_size..-1]
+          break if buf.nil?
+        end
+
+        out
+      end
+
+      def self.compress_chunk(chunk)
+        blob = chunk
+        out = ''
+        pow2 = 0x10
+        l_mask3 = 0x1002
+        o_shift = 12
+        until blob.empty?
+          bits = 0
+          tmp = ''
+          i = -1
+          loop do
+            i += 1
+            bits >>= 1
+            while pow2 < (chunk.length - blob.length)
+              pow2 <<= 1
+              l_mask3 = (l_mask3 >> 1) + 1
+              o_shift -= 1
+            end
+
+            max_len = [blob.length, l_mask3].min
+            offset, length = find(chunk[0...(chunk.length - blob.length)], blob, max_len)
+
+            # try to find more compressed pattern
+            _offset2, length2 = find(chunk[0...chunk.length - blob.length + 1], blob[1..-1], max_len)
+
+            length = 0 if length < length2
+
+            if length > 0
+              symbol = ((offset - 1) << o_shift) | (length - 3)
+              tmp << [symbol].pack('v')
+              # set the highest bit
+              bits |= 0x80
+              blob = blob[length..-1]
+            else
+              tmp += blob[0]
+              blob = blob[1..-1]
+            end
+
+            break if blob.empty? || i == 7
+          end
+
+          out << [bits >> (7 - i)].pack('C')
+          out << tmp
+        end
+
+        out
+      end
+
+      def self.decompress(buf, length_check: true)
+        out = ''
+        until buf.empty?
+          header = buf.unpack1('v')
+          length = (header & 0xfff) + 1
+          raise EncodingError, 'invalid chunk length' if length_check && length > (buf.length - 2)
+
+          chunk = buf[2...length + 2]
+          out << if header & 0x8000 == 0
+                   chunk
+                 else
+                   decompress_chunk(chunk)
+                 end
+          buf = buf[length + 2..-1]
+        end
+
+        out
+      end
+
+      def self.decompress_chunk(chunk)
+        out = ''
+        until chunk.empty?
+          flags = chunk[0].unpack1('C')
+          chunk = chunk[1..-1]
+          8.times do |i|
+            if (flags >> i & 1) == 0
+              out << chunk[0]
+              chunk = chunk[1..-1]
+            else
+              flag = chunk.unpack1('v')
+              pos = out.length - 1
+              l_mask = 0xfff
+              o_shift = 12
+              while pos >= 0x10
+                l_mask >>= 1
+                o_shift -= 1
+                pos >>= 1
+              end
+
+              length = (flag & l_mask) + 3
+              offset = (flag >> o_shift) + 1
+
+              if length >= offset
+                out_offset = out[-offset..-1]
+                tmp = out_offset * (0xfff / out_offset.length + 1)
+                out << tmp[0...length]
+              else
+                out << out[-offset..-offset + length - 1]
+              end
+              chunk = chunk[2..-1]
+            end
+            break if chunk.empty?
+          end
+        end
+
+        out
+      end
+
+      class << self
+        private
+
+        def find(src, target, max_len)
+          result_offset = 0
+          result_length = 0
+          1.upto(max_len - 1) do |i|
+            offset = src.rindex(target[0...i])
+            next if offset.nil?
+
+            tmp_offset = src.length - offset
+            tmp_length = i
+            if tmp_offset == tmp_length
+              src_offset = src[offset..-1]
+              tmp = src_offset * (0xfff / src_offset.length + 1)
+              i.upto(max_len) do |j|
+                offset = tmp.rindex(target[0...j])
+                break if offset.nil?
+
+                tmp_length = j
+              end
+            end
+
+            if tmp_length > result_length
+              result_offset = tmp_offset
+              result_length = tmp_length
+            end
+          end
+
+          result_length < 3 ? [0, 0] : [result_offset, result_length]
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc.rb

@@ -13,14 +13,16 @@ module RubySMB
     require 'ruby_smb/dcerpc/rpc_security_attributes'
     require 'ruby_smb/dcerpc/pdu_header'
     require 'ruby_smb/dcerpc/srvsvc'
-    require 'ruby_smb/dcerpc/winreg'
     require 'ruby_smb/dcerpc/svcctl'
+    require 'ruby_smb/dcerpc/winreg'
+    require 'ruby_smb/dcerpc/netlogon'
     require 'ruby_smb/dcerpc/request'
     require 'ruby_smb/dcerpc/response'
     require 'ruby_smb/dcerpc/bind'
     require 'ruby_smb/dcerpc/bind_ack'
 
 
+
     # Bind to the remote server interface endpoint.
     #
     # @param options [Hash] the options to pass to the Bind request packet. At least, :endpoint must but provided with an existing Dcerpc class