ruby_smb 2.0.8 → 2.0.12
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/.github/workflows/verify.yml +5 -15
- data/examples/auth_capture.rb +71 -0
- data/lib/ruby_smb/client/negotiation.rb +9 -11
- data/lib/ruby_smb/client.rb +30 -25
- data/lib/ruby_smb/dialect.rb +45 -0
- data/lib/ruby_smb/dispatcher/base.rb +1 -1
- data/lib/ruby_smb/gss/provider/authenticator.rb +42 -0
- data/lib/ruby_smb/gss/provider/ntlm.rb +303 -0
- data/lib/ruby_smb/gss/provider.rb +35 -0
- data/lib/ruby_smb/gss.rb +56 -63
- data/lib/ruby_smb/ntlm.rb +45 -0
- data/lib/ruby_smb/server/server_client/negotiation.rb +156 -0
- data/lib/ruby_smb/server/server_client/session_setup.rb +82 -0
- data/lib/ruby_smb/server/server_client.rb +162 -0
- data/lib/ruby_smb/server.rb +54 -0
- data/lib/ruby_smb/signing.rb +59 -0
- data/lib/ruby_smb/smb1/packet/negotiate_response.rb +11 -11
- data/lib/ruby_smb/smb1/packet/negotiate_response_extended.rb +1 -1
- data/lib/ruby_smb/smb1/packet/session_setup_request.rb +1 -1
- data/lib/ruby_smb/smb1/tree.rb +1 -1
- data/lib/ruby_smb/smb2/negotiate_context.rb +18 -2
- data/lib/ruby_smb/smb2/packet/negotiate_request.rb +9 -0
- data/lib/ruby_smb/smb2/packet/negotiate_response.rb +0 -1
- data/lib/ruby_smb/smb2/packet/session_setup_response.rb +2 -2
- data/lib/ruby_smb/smb2/packet/tree_connect_request.rb +1 -1
- data/lib/ruby_smb/smb2/tree.rb +1 -1
- data/lib/ruby_smb/smb2.rb +3 -1
- data/lib/ruby_smb/version.rb +1 -1
- data/lib/ruby_smb.rb +2 -1
- data/spec/lib/ruby_smb/client_spec.rb +24 -16
- data/spec/lib/ruby_smb/gss/provider/ntlm/account_spec.rb +32 -0
- data/spec/lib/ruby_smb/gss/provider/ntlm/authenticator_spec.rb +101 -0
- data/spec/lib/ruby_smb/gss/provider/ntlm/os_version_spec.rb +32 -0
- data/spec/lib/ruby_smb/gss/provider/ntlm_spec.rb +113 -0
- data/spec/lib/ruby_smb/server/server_client_spec.rb +156 -0
- data/spec/lib/ruby_smb/server_spec.rb +32 -0
- data/spec/lib/ruby_smb/smb1/tree_spec.rb +4 -4
- data/spec/lib/ruby_smb/smb2/negotiate_context_spec.rb +2 -2
- data/spec/lib/ruby_smb/smb2/tree_spec.rb +5 -5
- data.tar.gz.sig +0 -0
- metadata +25 -3
- metadata.gz.sig +0 -0
- data/lib/ruby_smb/client/signing.rb +0 -64
@@ -0,0 +1,32 @@
|
|
1
|
+
RSpec.describe RubySMB::Gss::Provider::NTLM::Account do
|
2
|
+
let(:username) { 'RubySMB' }
|
3
|
+
let(:password) { 'password' }
|
4
|
+
let(:domain) { 'WORKGROUP' }
|
5
|
+
subject(:account) { RubySMB::Gss::Provider::NTLM::Account.new(username, password, domain) }
|
6
|
+
|
7
|
+
it { is_expected.to respond_to :username }
|
8
|
+
it { is_expected.to respond_to :password }
|
9
|
+
it { is_expected.to respond_to :domain }
|
10
|
+
|
11
|
+
it 'sets the username correct' do
|
12
|
+
expect(account.username).to eq username
|
13
|
+
end
|
14
|
+
|
15
|
+
it 'sets the password correctly' do
|
16
|
+
expect(account.password).to eq password
|
17
|
+
end
|
18
|
+
|
19
|
+
it 'sets the domain correctly' do
|
20
|
+
expect(account.domain).to eq domain
|
21
|
+
end
|
22
|
+
|
23
|
+
describe '#to_s' do
|
24
|
+
it 'converts to a string' do
|
25
|
+
expect(account.to_s).to be_a String
|
26
|
+
end
|
27
|
+
|
28
|
+
it 'formats the username and domain correctly' do
|
29
|
+
expect(account.to_s).to eq "#{domain}\\#{username}"
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
@@ -0,0 +1,101 @@
|
|
1
|
+
RSpec.describe RubySMB::Gss::Provider::NTLM::Authenticator do
|
2
|
+
let(:username) { 'RubySMB' }
|
3
|
+
let(:domain) { 'WORKGROUP' }
|
4
|
+
let(:password) { 'password' }
|
5
|
+
let(:provider) { RubySMB::Gss::Provider::NTLM.new.tap { |provider| provider.put_account(username, password, domain: domain) } }
|
6
|
+
let(:authenticator) { described_class.new(provider, nil) }
|
7
|
+
let(:type1_msg) do
|
8
|
+
Net::NTLM::Message::Type1.new.tap do |msg|
|
9
|
+
msg.domain = domain
|
10
|
+
end
|
11
|
+
end
|
12
|
+
let(:type3_msg) do
|
13
|
+
Net::NTLM::Message::Type2.new.response(user: username, password: '', domain: domain)
|
14
|
+
end
|
15
|
+
|
16
|
+
describe '#initialize' do
|
17
|
+
it 'defaults to a null session key' do
|
18
|
+
expect(authenticator.session_key).to be_nil
|
19
|
+
end
|
20
|
+
|
21
|
+
it 'defaults to a null server challenge' do
|
22
|
+
expect(authenticator.server_challenge).to be_nil
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
describe '#process' do
|
27
|
+
it 'should handle an empty GSS buffer' do
|
28
|
+
result = authenticator.process
|
29
|
+
expect(result).to be_a RubySMB::Gss::Provider::Result
|
30
|
+
expect(result.nt_status).to eq WindowsError::NTStatus::STATUS_SUCCESS
|
31
|
+
expect(result.buffer).to_not be_empty
|
32
|
+
expect(result.identity).to be_nil
|
33
|
+
end
|
34
|
+
|
35
|
+
it 'should handle an embedded NTLM type 1 message' do
|
36
|
+
expect(authenticator).to receive(:process_ntlm_type1).and_call_original
|
37
|
+
result = authenticator.process(RubySMB::Gss.gss_type1(type1_msg.serialize))
|
38
|
+
expect(result).to be_a RubySMB::Gss::Provider::Result
|
39
|
+
expect(result.nt_status).to eq WindowsError::NTStatus::STATUS_MORE_PROCESSING_REQUIRED
|
40
|
+
expect(result.buffer).to_not be_empty
|
41
|
+
expect(result.identity).to be_nil
|
42
|
+
expect(authenticator.session_key).to be_nil
|
43
|
+
end
|
44
|
+
|
45
|
+
it 'should handle an embedded NTLM type 3 message' do
|
46
|
+
authenticator.server_challenge = Random.new.bytes(8)
|
47
|
+
expect(authenticator).to receive(:process_ntlm_type3).and_call_original
|
48
|
+
result = authenticator.process(RubySMB::Gss.gss_type3(type3_msg.serialize))
|
49
|
+
expect(result).to be_a RubySMB::Gss::Provider::Result
|
50
|
+
expect(result.nt_status).to eq WindowsError::NTStatus::STATUS_LOGON_FAILURE
|
51
|
+
expect(result.buffer).to be_nil
|
52
|
+
expect(result.identity).to be_nil
|
53
|
+
expect(authenticator.session_key).to be_nil
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
describe '#process_ntlm_type1' do
|
58
|
+
it 'should process a NTLM type 1 message and return a type2 message' do
|
59
|
+
expect(authenticator.process_ntlm_type1(type1_msg)).to be_a Net::NTLM::Message::Type2
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
describe '#process_ntlm_type3' do
|
64
|
+
it 'should process a NTLM type 3 message and return an error code' do
|
65
|
+
expect(authenticator.process_ntlm_type3(type3_msg)).to be_a WindowsError::ErrorCode
|
66
|
+
expect(authenticator.process_ntlm_type3(type3_msg)).to eq WindowsError::NTStatus::STATUS_LOGON_FAILURE
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
describe '#reset!' do
|
71
|
+
it 'should clear the server challenge' do
|
72
|
+
authenticator.instance_variable_set(:@server_challenge, Random.new.bytes(8))
|
73
|
+
authenticator.reset!
|
74
|
+
expect(authenticator.instance_variable_get(:@server_challenge)).to be_nil
|
75
|
+
end
|
76
|
+
|
77
|
+
it 'should clear the session key' do
|
78
|
+
authenticator.instance_variable_set(:@session_key, Random.new.bytes(16))
|
79
|
+
authenticator.reset!
|
80
|
+
expect(authenticator.instance_variable_get(:@session_key)).to be_nil
|
81
|
+
end
|
82
|
+
end
|
83
|
+
|
84
|
+
describe 'a full Net-NTLMv2 authentication exchange' do
|
85
|
+
let(:type2_msg) { authenticator.process_ntlm_type1(type1_msg)}
|
86
|
+
|
87
|
+
it 'should respond to a correct password with STATUS_SUCCESS' do
|
88
|
+
type3_msg = type2_msg.response({user: username, domain: domain, password: password}, ntlmv2: true)
|
89
|
+
type3_msg.user.force_encoding('UTF-16LE')
|
90
|
+
type3_msg.domain.force_encoding('UTF-16LE')
|
91
|
+
expect(authenticator.process_ntlm_type3(type3_msg)).to eq WindowsError::NTStatus::STATUS_SUCCESS
|
92
|
+
end
|
93
|
+
|
94
|
+
it 'should respond to an incorrect password with STATUS_LOGON_FAILURE' do
|
95
|
+
type3_msg = type2_msg.response({user: username, domain: domain, password: password + rand(0x41..0x5b).chr}, ntlmv2: true)
|
96
|
+
type3_msg.user.force_encoding('UTF-16LE')
|
97
|
+
type3_msg.domain.force_encoding('UTF-16LE')
|
98
|
+
expect(authenticator.process_ntlm_type3(type3_msg)).to eq WindowsError::NTStatus::STATUS_LOGON_FAILURE
|
99
|
+
end
|
100
|
+
end
|
101
|
+
end
|
@@ -0,0 +1,32 @@
|
|
1
|
+
RSpec.describe RubySMB::Gss::Provider::NTLM::OSVersion do
|
2
|
+
subject(:os_version) { RubySMB::Gss::Provider::NTLM::OSVersion.new }
|
3
|
+
|
4
|
+
it { is_expected.to respond_to :major }
|
5
|
+
it { is_expected.to respond_to :minor }
|
6
|
+
it { is_expected.to respond_to :build }
|
7
|
+
it { is_expected.to respond_to :ntlm_revision }
|
8
|
+
|
9
|
+
describe '#initialize' do
|
10
|
+
it 'defaults to an NTLM revision of 15' do
|
11
|
+
expect(os_version.ntlm_revision).to eq 15
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
describe '#read' do
|
16
|
+
it 'reads a packed version correctly' do
|
17
|
+
# Version 6.1 (Build 7601); NTLM Current Revision 15
|
18
|
+
os_version = RubySMB::Gss::Provider::NTLM::OSVersion.read("\x06\x01\x1d\xb1\x00\x00\x00\x0f")
|
19
|
+
expect(os_version.major).to eq 6
|
20
|
+
expect(os_version.minor).to eq 1
|
21
|
+
expect(os_version.build).to eq 7601
|
22
|
+
expect(os_version.ntlm_revision).to eq 15
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
describe '#to_s' do
|
27
|
+
it 'creates a string representation of the OS version' do
|
28
|
+
expect(os_version.to_s).to be_a String
|
29
|
+
expect(os_version.to_s).to match /Version \d+\.\d+ \(Build \d+\); NTLM Current Revision \d+/
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
@@ -0,0 +1,113 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
RSpec.describe RubySMB::Gss::Provider::NTLM do
|
4
|
+
let(:provider) { described_class.new }
|
5
|
+
|
6
|
+
it { is_expected.to respond_to :allow_anonymous }
|
7
|
+
it { is_expected.to respond_to :default_domain }
|
8
|
+
|
9
|
+
describe '#initialize' do
|
10
|
+
it 'defaults to false for allowing anonymous access' do
|
11
|
+
expect(provider.allow_anonymous).to be false
|
12
|
+
end
|
13
|
+
|
14
|
+
it 'defaults to a default domain of WORKGROUP' do
|
15
|
+
expect(provider.default_domain).to eq 'WORKGROUP'
|
16
|
+
end
|
17
|
+
|
18
|
+
it 'defaults to a random challenge generator' do
|
19
|
+
expect(provider.generate_server_challenge).to_not eq provider.generate_server_challenge
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
describe '#generate_server_challenge' do
|
24
|
+
it 'generates a valid 8-byte challenge' do
|
25
|
+
challenge = provider.generate_server_challenge
|
26
|
+
expect(challenge).to be_a String
|
27
|
+
expect(challenge.length).to eq 8
|
28
|
+
end
|
29
|
+
|
30
|
+
it 'should take a generator block' do
|
31
|
+
random_challenge = Random.new.bytes(8)
|
32
|
+
provider.generate_server_challenge do
|
33
|
+
random_challenge
|
34
|
+
end
|
35
|
+
expect(provider.generate_server_challenge).to eq random_challenge
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
describe '#get_account' do
|
40
|
+
let(:username) { 'RubySMB' }
|
41
|
+
let(:password) { 'password' }
|
42
|
+
let(:domain) { 'WORKGROUP' }
|
43
|
+
|
44
|
+
context 'when getting accounts' do
|
45
|
+
before(:each) do
|
46
|
+
provider.put_account(username, password)
|
47
|
+
end
|
48
|
+
|
49
|
+
it 'should return nil for an unknown account' do
|
50
|
+
account = provider.get_account('Spencer')
|
51
|
+
expect(account).to be_nil
|
52
|
+
end
|
53
|
+
|
54
|
+
it 'should work with a case sensitive name' do
|
55
|
+
account = provider.get_account(username)
|
56
|
+
expect(account).to be_a RubySMB::Gss::Provider::NTLM::Account
|
57
|
+
expect(account.username).to eq username
|
58
|
+
end
|
59
|
+
|
60
|
+
it 'should work with a case insensitive name' do
|
61
|
+
account = provider.get_account(username.downcase)
|
62
|
+
expect(account).to be_a RubySMB::Gss::Provider::NTLM::Account
|
63
|
+
expect(account.username).to eq username
|
64
|
+
end
|
65
|
+
|
66
|
+
it 'should work with a case sensitive domain' do
|
67
|
+
account = provider.get_account(username, domain: domain)
|
68
|
+
expect(account).to be_a RubySMB::Gss::Provider::NTLM::Account
|
69
|
+
expect(account.domain).to eq domain
|
70
|
+
end
|
71
|
+
|
72
|
+
it 'should work with a case insensitive domain' do
|
73
|
+
account = provider.get_account(username, domain: domain.downcase)
|
74
|
+
expect(account).to be_a RubySMB::Gss::Provider::NTLM::Account
|
75
|
+
expect(account.domain).to eq domain
|
76
|
+
end
|
77
|
+
|
78
|
+
it 'should work with the special . domain' do
|
79
|
+
account = provider.get_account(username, domain: '.')
|
80
|
+
expect(account).to be_a RubySMB::Gss::Provider::NTLM::Account
|
81
|
+
expect(account.domain).to eq domain
|
82
|
+
end
|
83
|
+
|
84
|
+
# UTF-16LE is optionally used for encoding some Net-NTLM message fields, the #get_account method should handle it
|
85
|
+
# transparently
|
86
|
+
it 'should work with a UTF16-LE name' do
|
87
|
+
account = provider.get_account(username.encode('UTF-16LE'))
|
88
|
+
expect(account).to be_a RubySMB::Gss::Provider::NTLM::Account
|
89
|
+
expect(account.username).to eq username
|
90
|
+
end
|
91
|
+
|
92
|
+
it 'should work with a UTF16-LE domain' do
|
93
|
+
account = provider.get_account(username, domain: domain.encode('UTF-16LE'))
|
94
|
+
expect(account).to be_a RubySMB::Gss::Provider::NTLM::Account
|
95
|
+
expect(account.domain).to eq domain
|
96
|
+
end
|
97
|
+
end
|
98
|
+
|
99
|
+
context 'when putting accounts' do
|
100
|
+
it 'should accept new accounts with the default domain' do
|
101
|
+
provider.put_account(username, password)
|
102
|
+
end
|
103
|
+
|
104
|
+
after(:each) do
|
105
|
+
account = provider.get_account(username, domain: domain)
|
106
|
+
expect(account).to be_a RubySMB::Gss::Provider::NTLM::Account
|
107
|
+
expect(account.username).to eq username
|
108
|
+
expect(account.password).to eq password
|
109
|
+
expect(account.domain).to eq domain
|
110
|
+
end
|
111
|
+
end
|
112
|
+
end
|
113
|
+
end
|
@@ -0,0 +1,156 @@
|
|
1
|
+
RSpec.describe RubySMB::Server::ServerClient do
|
2
|
+
let(:server) { RubySMB::Server.new(server_sock: ::TCPServer.new(0)) }
|
3
|
+
let(:sock) { double('Socket', peeraddr: '192.168.1.5') }
|
4
|
+
let(:dispatcher) { RubySMB::Dispatcher::Socket.new(sock) }
|
5
|
+
subject(:server_client) { described_class.new(server, dispatcher) }
|
6
|
+
|
7
|
+
it { is_expected.to respond_to :dialect }
|
8
|
+
it { is_expected.to respond_to :identity }
|
9
|
+
it { is_expected.to respond_to :state }
|
10
|
+
it { is_expected.to respond_to :session_key }
|
11
|
+
|
12
|
+
describe '#disconnect!' do
|
13
|
+
it 'closes the socket' do
|
14
|
+
expect(dispatcher.tcp_socket).to receive(:close).with(no_args).and_return(nil)
|
15
|
+
server_client.disconnect!
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
describe '#initialize' do
|
20
|
+
it 'starts in the negotiate state' do
|
21
|
+
expect(server_client.state).to eq :negotiate
|
22
|
+
end
|
23
|
+
|
24
|
+
it 'starts without a dialect' do
|
25
|
+
expect(server_client.dialect).to be_nil
|
26
|
+
expect(server_client.metadialect).to be_nil
|
27
|
+
end
|
28
|
+
|
29
|
+
it 'starts without an identity' do
|
30
|
+
expect(server_client.identity).to be_nil
|
31
|
+
end
|
32
|
+
|
33
|
+
it 'starts without a session_key' do
|
34
|
+
expect(server_client.session_key).to be_nil
|
35
|
+
end
|
36
|
+
|
37
|
+
it 'creates a new authenticator instance' do
|
38
|
+
expect(server.gss_provider).to receive(:new_authenticator).and_call_original
|
39
|
+
described_class.new(server, dispatcher)
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
describe '#process_gss' do
|
44
|
+
before(:each) do
|
45
|
+
expect(server_client.instance_eval { @gss_authenticator }).to receive(:process).and_call_original
|
46
|
+
end
|
47
|
+
|
48
|
+
it 'should handle an empty GSS buffer' do
|
49
|
+
result = server_client.process_gss
|
50
|
+
expect(result).to be_a RubySMB::Gss::Provider::Result
|
51
|
+
expect(result.nt_status).to eq WindowsError::NTStatus::STATUS_SUCCESS
|
52
|
+
expect(result.buffer).to_not be_empty
|
53
|
+
expect(result.identity).to be_nil
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
describe '#recv_packet' do
|
58
|
+
it 'receives a new packet from the dispatcher' do
|
59
|
+
expect(dispatcher).to receive(:recv_packet).with(no_args)
|
60
|
+
server_client.recv_packet
|
61
|
+
end
|
62
|
+
end
|
63
|
+
|
64
|
+
describe '#run' do
|
65
|
+
let(:packet) { Random.new.bytes(16) }
|
66
|
+
before(:each) do
|
67
|
+
expect(server_client).to receive(:recv_packet).and_return(packet)
|
68
|
+
# this hook should ensure that the dispatcher loop returns after processing a single request
|
69
|
+
expect(dispatcher.tcp_socket).to receive(:closed?).and_return(true)
|
70
|
+
end
|
71
|
+
|
72
|
+
it 'calls #handle_negotiate when the state is negotiate' do
|
73
|
+
expect(server_client).to receive(:handle_negotiate).with(packet).and_return(nil)
|
74
|
+
server_client.instance_eval { @state = :negotiate }
|
75
|
+
server_client.run
|
76
|
+
end
|
77
|
+
|
78
|
+
it 'calls #handle_session_setup when the state is session_setup' do
|
79
|
+
expect(server_client).to receive(:handle_session_setup).with(packet).and_return(nil)
|
80
|
+
server_client.instance_eval { @state = :session_setup }
|
81
|
+
server_client.run
|
82
|
+
end
|
83
|
+
|
84
|
+
it 'calls #authenticated when the state is authenticated' do
|
85
|
+
expect(server_client).to receive(:handle_authenticated).with(packet).and_return(nil)
|
86
|
+
server_client.instance_eval { @state = :authenticated }
|
87
|
+
server_client.run
|
88
|
+
end
|
89
|
+
end
|
90
|
+
|
91
|
+
describe '#send_packet' do
|
92
|
+
let(:packet) { RubySMB::GenericPacket.new }
|
93
|
+
|
94
|
+
before(:each) do
|
95
|
+
expect(dispatcher).to receive(:send_packet).with(packet).and_return(nil)
|
96
|
+
end
|
97
|
+
|
98
|
+
it 'sends a packet to the dispatcher' do
|
99
|
+
server_client.send_packet(packet)
|
100
|
+
end
|
101
|
+
|
102
|
+
%w{ 0x0202 0x0210 0x0300 0x0302 0x0311 }.each do |dialect|
|
103
|
+
context "when the dialect is #{dialect}" do
|
104
|
+
before(:each) do
|
105
|
+
server_client.instance_eval { @dialect = dialect }
|
106
|
+
end
|
107
|
+
|
108
|
+
context 'and the state is authenticated' do
|
109
|
+
before(:each) do
|
110
|
+
server_client.instance_eval { @state = :authenticated }
|
111
|
+
end
|
112
|
+
|
113
|
+
context 'and the identity is anonymous' do
|
114
|
+
before(:each) do
|
115
|
+
server_client.instance_eval { @identity = RubySMB::Gss::Provider::IDENTITY_ANONYMOUS }
|
116
|
+
end
|
117
|
+
|
118
|
+
it 'does not sign packets' do
|
119
|
+
expect(server_client).to_not receive(:smb2_sign)
|
120
|
+
expect(server_client).to_not receive(:smb3_sign)
|
121
|
+
server_client.send_packet(packet)
|
122
|
+
end
|
123
|
+
end
|
124
|
+
|
125
|
+
context 'and the identity is not anonymous' do
|
126
|
+
before(:each) do
|
127
|
+
server_client.instance_eval { @identity = 'WORKGROUP\RubySMB'; @session_key = Random.new.bytes(16) }
|
128
|
+
end
|
129
|
+
|
130
|
+
it 'does sign packets' do
|
131
|
+
packet = RubySMB::GenericPacket.new
|
132
|
+
dialect_family = RubySMB::Dialect[dialect].family
|
133
|
+
if dialect_family == RubySMB::Dialect::FAMILY_SMB2
|
134
|
+
expect(server_client).to receive(:smb2_sign).with(packet).and_return(packet)
|
135
|
+
expect(server_client).to_not receive(:smb3_sign)
|
136
|
+
elsif dialect_family == RubySMB::Dialect::FAMILY_SMB3
|
137
|
+
expect(server_client).to receive(:smb3_sign).with(packet).and_return(packet)
|
138
|
+
expect(server_client).to_not receive(:smb2_sign)
|
139
|
+
end
|
140
|
+
server_client.send_packet(packet)
|
141
|
+
end
|
142
|
+
end
|
143
|
+
end
|
144
|
+
end
|
145
|
+
end
|
146
|
+
end
|
147
|
+
|
148
|
+
describe '#update_preauth_hash' do
|
149
|
+
it 'raises an EncryptionError exception if the preauth integrity hash algorithm is not known' do
|
150
|
+
expect { server_client.update_preauth_hash('Test') }.to raise_error(
|
151
|
+
RubySMB::Error::EncryptionError,
|
152
|
+
'Cannot compute the Preauth Integrity Hash value: Preauth Integrity Hash Algorithm is nil'
|
153
|
+
)
|
154
|
+
end
|
155
|
+
end
|
156
|
+
end
|
@@ -0,0 +1,32 @@
|
|
1
|
+
RSpec.describe RubySMB::Server do
|
2
|
+
before(:each) do
|
3
|
+
allow(::TCPServer).to receive(:new).and_return(::TCPServer.new(0))
|
4
|
+
end
|
5
|
+
|
6
|
+
it { is_expected.to respond_to :dialects }
|
7
|
+
it { is_expected.to respond_to :gss_provider }
|
8
|
+
it { is_expected.to respond_to :guid }
|
9
|
+
|
10
|
+
describe '#initialize' do
|
11
|
+
it 'should bind to TCP port 445 by default' do
|
12
|
+
expect(::TCPServer).to receive(:new).with(445).and_return(::TCPServer.new(0))
|
13
|
+
described_class.new
|
14
|
+
end
|
15
|
+
|
16
|
+
it 'should create a new NTLM GSS provider by default' do
|
17
|
+
expect(RubySMB::Gss::Provider::NTLM).to receive(:new).and_call_original
|
18
|
+
described_class.new
|
19
|
+
end
|
20
|
+
|
21
|
+
it 'should generate a random 16-byte GUID' do
|
22
|
+
server_guid = described_class.new.guid
|
23
|
+
expect(server_guid).to be_a String
|
24
|
+
expect(server_guid.length).to eq 16
|
25
|
+
expect(server_guid).to_not eq described_class.new.guid
|
26
|
+
end
|
27
|
+
|
28
|
+
it 'should support some dialects' do
|
29
|
+
expect(described_class.new.dialects).to_not be_empty
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
@@ -501,16 +501,16 @@ RSpec.describe RubySMB::SMB1::Tree do
|
|
501
501
|
it 'calls #open_file with the provided options' do
|
502
502
|
opts[:filename] ='\\test'
|
503
503
|
expect(tree).to receive(:open_file).with(opts)
|
504
|
-
tree.open_pipe(opts)
|
504
|
+
tree.open_pipe(**opts)
|
505
505
|
end
|
506
506
|
|
507
507
|
it 'prepends the filename with \\ if needed' do
|
508
|
-
expect(tree).to receive(:open_file).with(
|
509
|
-
tree.open_pipe(opts)
|
508
|
+
expect(tree).to receive(:open_file).with(filename: '\\test', write: true)
|
509
|
+
tree.open_pipe(**opts)
|
510
510
|
end
|
511
511
|
|
512
512
|
it 'does not modify the original option hash' do
|
513
|
-
tree.open_pipe(opts)
|
513
|
+
tree.open_pipe(**opts)
|
514
514
|
expect(opts).to eq( { filename: 'test', write: true } )
|
515
515
|
end
|
516
516
|
end
|
@@ -162,7 +162,7 @@ RSpec.describe RubySMB::SMB2::CompressionCapabilities do
|
|
162
162
|
end
|
163
163
|
end
|
164
164
|
|
165
|
-
RSpec.describe RubySMB::SMB2::NetnameNegotiateContextId
|
165
|
+
RSpec.describe RubySMB::SMB2::NetnameNegotiateContextId do
|
166
166
|
subject(:capability) { described_class.new }
|
167
167
|
|
168
168
|
it { is_expected.to respond_to :net_name }
|
@@ -173,7 +173,7 @@ RSpec.describe RubySMB::SMB2::NetnameNegotiateContextId do
|
|
173
173
|
|
174
174
|
describe '#net_name' do
|
175
175
|
it 'is a unicode string' do
|
176
|
-
expect(capability.net_name).to be_a RubySMB::Field::
|
176
|
+
expect(capability.net_name).to be_a RubySMB::Field::String16
|
177
177
|
end
|
178
178
|
end
|
179
179
|
|
@@ -540,17 +540,17 @@ RSpec.describe RubySMB::SMB2::Tree do
|
|
540
540
|
|
541
541
|
it 'calls #open_file with the provided options' do
|
542
542
|
opts[:filename] ='test'
|
543
|
-
expect(tree).to receive(:open_file).with(opts)
|
544
|
-
tree.open_pipe(opts)
|
543
|
+
expect(tree).to receive(:open_file).with(**opts)
|
544
|
+
tree.open_pipe(**opts)
|
545
545
|
end
|
546
546
|
|
547
547
|
it 'remove the leading \\ from the filename if needed' do
|
548
|
-
expect(tree).to receive(:open_file).with(
|
549
|
-
tree.open_pipe(opts)
|
548
|
+
expect(tree).to receive(:open_file).with(filename: 'test', write: true)
|
549
|
+
tree.open_pipe(**opts)
|
550
550
|
end
|
551
551
|
|
552
552
|
it 'does not modify the original option hash' do
|
553
|
-
tree.open_pipe(opts)
|
553
|
+
tree.open_pipe(**opts)
|
554
554
|
expect(opts).to eq( { filename: '\\test', write: true } )
|
555
555
|
end
|
556
556
|
end
|
data.tar.gz.sig
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ruby_smb
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.12
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Metasploit Hackers
|
@@ -97,7 +97,7 @@ cert_chain:
|
|
97
97
|
EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
|
98
98
|
9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
|
99
99
|
-----END CERTIFICATE-----
|
100
|
-
date: 2021-
|
100
|
+
date: 2021-12-01 00:00:00.000000000 Z
|
101
101
|
dependencies:
|
102
102
|
- !ruby/object:Gem::Dependency
|
103
103
|
name: redcarpet
|
@@ -258,6 +258,7 @@ files:
|
|
258
258
|
- Rakefile
|
259
259
|
- examples/anonymous_auth.rb
|
260
260
|
- examples/append_file.rb
|
261
|
+
- examples/auth_capture.rb
|
261
262
|
- examples/authenticate.rb
|
262
263
|
- examples/delete_file.rb
|
263
264
|
- examples/enum_registry_key.rb
|
@@ -280,7 +281,6 @@ files:
|
|
280
281
|
- lib/ruby_smb/client/echo.rb
|
281
282
|
- lib/ruby_smb/client/encryption.rb
|
282
283
|
- lib/ruby_smb/client/negotiation.rb
|
283
|
-
- lib/ruby_smb/client/signing.rb
|
284
284
|
- lib/ruby_smb/client/tree_connect.rb
|
285
285
|
- lib/ruby_smb/client/utils.rb
|
286
286
|
- lib/ruby_smb/client/winreg.rb
|
@@ -347,6 +347,7 @@ files:
|
|
347
347
|
- lib/ruby_smb/dcerpc/winreg/regsam.rb
|
348
348
|
- lib/ruby_smb/dcerpc/winreg/save_key_request.rb
|
349
349
|
- lib/ruby_smb/dcerpc/winreg/save_key_response.rb
|
350
|
+
- lib/ruby_smb/dialect.rb
|
350
351
|
- lib/ruby_smb/dispatcher.rb
|
351
352
|
- lib/ruby_smb/dispatcher/base.rb
|
352
353
|
- lib/ruby_smb/dispatcher/socket.rb
|
@@ -381,12 +382,21 @@ files:
|
|
381
382
|
- lib/ruby_smb/fscc/file_information/file_rename_information.rb
|
382
383
|
- lib/ruby_smb/generic_packet.rb
|
383
384
|
- lib/ruby_smb/gss.rb
|
385
|
+
- lib/ruby_smb/gss/provider.rb
|
386
|
+
- lib/ruby_smb/gss/provider/authenticator.rb
|
387
|
+
- lib/ruby_smb/gss/provider/ntlm.rb
|
384
388
|
- lib/ruby_smb/impersonation_levels.rb
|
385
389
|
- lib/ruby_smb/nbss.rb
|
386
390
|
- lib/ruby_smb/nbss/negative_session_response.rb
|
387
391
|
- lib/ruby_smb/nbss/netbios_name.rb
|
388
392
|
- lib/ruby_smb/nbss/session_header.rb
|
389
393
|
- lib/ruby_smb/nbss/session_request.rb
|
394
|
+
- lib/ruby_smb/ntlm.rb
|
395
|
+
- lib/ruby_smb/server.rb
|
396
|
+
- lib/ruby_smb/server/server_client.rb
|
397
|
+
- lib/ruby_smb/server/server_client/negotiation.rb
|
398
|
+
- lib/ruby_smb/server/server_client/session_setup.rb
|
399
|
+
- lib/ruby_smb/signing.rb
|
390
400
|
- lib/ruby_smb/smb1.rb
|
391
401
|
- lib/ruby_smb/smb1/andx_block.rb
|
392
402
|
- lib/ruby_smb/smb1/bit_field.rb
|
@@ -613,10 +623,16 @@ files:
|
|
613
623
|
- spec/lib/ruby_smb/fscc/file_information/file_rename_information_spec.rb
|
614
624
|
- spec/lib/ruby_smb/fscc/fscc_file_attributes_spec.rb
|
615
625
|
- spec/lib/ruby_smb/generic_packet_spec.rb
|
626
|
+
- spec/lib/ruby_smb/gss/provider/ntlm/account_spec.rb
|
627
|
+
- spec/lib/ruby_smb/gss/provider/ntlm/authenticator_spec.rb
|
628
|
+
- spec/lib/ruby_smb/gss/provider/ntlm/os_version_spec.rb
|
629
|
+
- spec/lib/ruby_smb/gss/provider/ntlm_spec.rb
|
616
630
|
- spec/lib/ruby_smb/nbss/negative_session_response_spec.rb
|
617
631
|
- spec/lib/ruby_smb/nbss/netbios_name_spec.rb
|
618
632
|
- spec/lib/ruby_smb/nbss/session_header_spec.rb
|
619
633
|
- spec/lib/ruby_smb/nbss/session_request_spec.rb
|
634
|
+
- spec/lib/ruby_smb/server/server_client_spec.rb
|
635
|
+
- spec/lib/ruby_smb/server_spec.rb
|
620
636
|
- spec/lib/ruby_smb/smb1/andx_block_spec.rb
|
621
637
|
- spec/lib/ruby_smb/smb1/bit_field/capabilities_spec.rb
|
622
638
|
- spec/lib/ruby_smb/smb1/bit_field/create_options_spec.rb
|
@@ -848,10 +864,16 @@ test_files:
|
|
848
864
|
- spec/lib/ruby_smb/fscc/file_information/file_rename_information_spec.rb
|
849
865
|
- spec/lib/ruby_smb/fscc/fscc_file_attributes_spec.rb
|
850
866
|
- spec/lib/ruby_smb/generic_packet_spec.rb
|
867
|
+
- spec/lib/ruby_smb/gss/provider/ntlm/account_spec.rb
|
868
|
+
- spec/lib/ruby_smb/gss/provider/ntlm/authenticator_spec.rb
|
869
|
+
- spec/lib/ruby_smb/gss/provider/ntlm/os_version_spec.rb
|
870
|
+
- spec/lib/ruby_smb/gss/provider/ntlm_spec.rb
|
851
871
|
- spec/lib/ruby_smb/nbss/negative_session_response_spec.rb
|
852
872
|
- spec/lib/ruby_smb/nbss/netbios_name_spec.rb
|
853
873
|
- spec/lib/ruby_smb/nbss/session_header_spec.rb
|
854
874
|
- spec/lib/ruby_smb/nbss/session_request_spec.rb
|
875
|
+
- spec/lib/ruby_smb/server/server_client_spec.rb
|
876
|
+
- spec/lib/ruby_smb/server_spec.rb
|
855
877
|
- spec/lib/ruby_smb/smb1/andx_block_spec.rb
|
856
878
|
- spec/lib/ruby_smb/smb1/bit_field/capabilities_spec.rb
|
857
879
|
- spec/lib/ruby_smb/smb1/bit_field/create_options_spec.rb
|
metadata.gz.sig
CHANGED
Binary file
|