ruby_smb 2.0.8 → 2.0.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (45) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data/.github/workflows/verify.yml +5 -15
  4. data/examples/auth_capture.rb +71 -0
  5. data/lib/ruby_smb/client/negotiation.rb +9 -11
  6. data/lib/ruby_smb/client.rb +30 -25
  7. data/lib/ruby_smb/dialect.rb +45 -0
  8. data/lib/ruby_smb/dispatcher/base.rb +1 -1
  9. data/lib/ruby_smb/gss/provider/authenticator.rb +42 -0
  10. data/lib/ruby_smb/gss/provider/ntlm.rb +303 -0
  11. data/lib/ruby_smb/gss/provider.rb +35 -0
  12. data/lib/ruby_smb/gss.rb +56 -63
  13. data/lib/ruby_smb/ntlm.rb +45 -0
  14. data/lib/ruby_smb/server/server_client/negotiation.rb +156 -0
  15. data/lib/ruby_smb/server/server_client/session_setup.rb +82 -0
  16. data/lib/ruby_smb/server/server_client.rb +162 -0
  17. data/lib/ruby_smb/server.rb +54 -0
  18. data/lib/ruby_smb/signing.rb +59 -0
  19. data/lib/ruby_smb/smb1/packet/negotiate_response.rb +11 -11
  20. data/lib/ruby_smb/smb1/packet/negotiate_response_extended.rb +1 -1
  21. data/lib/ruby_smb/smb1/packet/session_setup_request.rb +1 -1
  22. data/lib/ruby_smb/smb1/tree.rb +1 -1
  23. data/lib/ruby_smb/smb2/negotiate_context.rb +18 -2
  24. data/lib/ruby_smb/smb2/packet/negotiate_request.rb +9 -0
  25. data/lib/ruby_smb/smb2/packet/negotiate_response.rb +0 -1
  26. data/lib/ruby_smb/smb2/packet/session_setup_response.rb +2 -2
  27. data/lib/ruby_smb/smb2/packet/tree_connect_request.rb +1 -1
  28. data/lib/ruby_smb/smb2/tree.rb +1 -1
  29. data/lib/ruby_smb/smb2.rb +3 -1
  30. data/lib/ruby_smb/version.rb +1 -1
  31. data/lib/ruby_smb.rb +2 -1
  32. data/spec/lib/ruby_smb/client_spec.rb +24 -16
  33. data/spec/lib/ruby_smb/gss/provider/ntlm/account_spec.rb +32 -0
  34. data/spec/lib/ruby_smb/gss/provider/ntlm/authenticator_spec.rb +101 -0
  35. data/spec/lib/ruby_smb/gss/provider/ntlm/os_version_spec.rb +32 -0
  36. data/spec/lib/ruby_smb/gss/provider/ntlm_spec.rb +113 -0
  37. data/spec/lib/ruby_smb/server/server_client_spec.rb +156 -0
  38. data/spec/lib/ruby_smb/server_spec.rb +32 -0
  39. data/spec/lib/ruby_smb/smb1/tree_spec.rb +4 -4
  40. data/spec/lib/ruby_smb/smb2/negotiate_context_spec.rb +2 -2
  41. data/spec/lib/ruby_smb/smb2/tree_spec.rb +5 -5
  42. data.tar.gz.sig +0 -0
  43. metadata +25 -3
  44. metadata.gz.sig +0 -0
  45. data/lib/ruby_smb/client/signing.rb +0 -64
@@ -1,64 +0,0 @@
1
- module RubySMB
2
- class Client
3
- # Contains the methods for handling packet signing
4
- module Signing
5
- # The NTLM Session Key used for signing
6
- # @!attribute [rw] session_key
7
- # @return [String]
8
- attr_accessor :session_key
9
-
10
- # Take an SMB1 packet and checks to see if it should be signed.
11
- # If signing is enabled and we have a session key already, then
12
- # it will sign the packet appropriately.
13
- #
14
- # @param packet [RubySMB::GenericPacket] the packet to sign
15
- # @return [RubySMB::GenericPacket] the packet, signed if needed
16
- def smb1_sign(packet)
17
- if signing_required && !session_key.empty?
18
- # Pack the Sequence counter into a int64le
19
- packed_sequence_counter = [sequence_counter].pack('Q<')
20
- packet.smb_header.security_features = packed_sequence_counter
21
- signature = OpenSSL::Digest::MD5.digest(session_key + packet.to_binary_s)[0, 8]
22
- packet.smb_header.security_features = signature
23
- self.sequence_counter += 1
24
- end
25
- packet
26
- end
27
-
28
- # Take an SMB2 packet and checks to see if it should be signed.
29
- # If signing is enabled and we have a session key already, then
30
- # it will sign the packet appropriately.
31
- #
32
- # @param packet [RubySMB::GenericPacket] the packet to sign
33
- # @return [RubySMB::GenericPacket] the packet, signed if needed
34
- def smb2_sign(packet)
35
- if signing_required && !session_key.empty?
36
- packet.smb2_header.flags.signed = 1
37
- packet.smb2_header.signature = "\x00" * 16
38
- hmac = OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, session_key, packet.to_binary_s)
39
- packet.smb2_header.signature = hmac[0, 16]
40
- end
41
- packet
42
- end
43
-
44
- def smb3_sign(packet)
45
- if !session_key.empty? && (signing_required || packet.is_a?(RubySMB::SMB2::Packet::TreeConnectRequest))
46
- case @dialect
47
- when '0x0300', '0x0302'
48
- signing_key = RubySMB::Crypto::KDF.counter_mode(@session_key, "SMB2AESCMAC\x00", "SmbSign\x00")
49
- when '0x0311'
50
- signing_key = RubySMB::Crypto::KDF.counter_mode(@session_key, "SMBSigningKey\x00", @preauth_integrity_hash_value)
51
- else
52
- raise RubySMB::Error::SigningError.new('Dialect is incompatible with SMBv3 signing')
53
- end
54
-
55
- packet.smb2_header.flags.signed = 1
56
- packet.smb2_header.signature = "\x00" * 16
57
- hmac = OpenSSL::CMAC.digest('AES', signing_key, packet.to_binary_s)
58
- packet.smb2_header.signature = hmac[0, 16]
59
- end
60
- packet
61
- end
62
- end
63
- end
64
- end