ruby_smb 2.0.8 → 2.0.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/.github/workflows/verify.yml +5 -15
- data/examples/auth_capture.rb +71 -0
- data/lib/ruby_smb/client/negotiation.rb +9 -11
- data/lib/ruby_smb/client.rb +30 -25
- data/lib/ruby_smb/dialect.rb +45 -0
- data/lib/ruby_smb/dispatcher/base.rb +1 -1
- data/lib/ruby_smb/gss/provider/authenticator.rb +42 -0
- data/lib/ruby_smb/gss/provider/ntlm.rb +303 -0
- data/lib/ruby_smb/gss/provider.rb +35 -0
- data/lib/ruby_smb/gss.rb +56 -63
- data/lib/ruby_smb/ntlm.rb +45 -0
- data/lib/ruby_smb/server/server_client/negotiation.rb +156 -0
- data/lib/ruby_smb/server/server_client/session_setup.rb +82 -0
- data/lib/ruby_smb/server/server_client.rb +162 -0
- data/lib/ruby_smb/server.rb +54 -0
- data/lib/ruby_smb/signing.rb +59 -0
- data/lib/ruby_smb/smb1/packet/negotiate_response.rb +11 -11
- data/lib/ruby_smb/smb1/packet/negotiate_response_extended.rb +1 -1
- data/lib/ruby_smb/smb1/packet/session_setup_request.rb +1 -1
- data/lib/ruby_smb/smb1/tree.rb +1 -1
- data/lib/ruby_smb/smb2/negotiate_context.rb +18 -2
- data/lib/ruby_smb/smb2/packet/negotiate_request.rb +9 -0
- data/lib/ruby_smb/smb2/packet/negotiate_response.rb +0 -1
- data/lib/ruby_smb/smb2/packet/session_setup_response.rb +2 -2
- data/lib/ruby_smb/smb2/packet/tree_connect_request.rb +1 -1
- data/lib/ruby_smb/smb2/tree.rb +1 -1
- data/lib/ruby_smb/smb2.rb +3 -1
- data/lib/ruby_smb/version.rb +1 -1
- data/lib/ruby_smb.rb +2 -1
- data/spec/lib/ruby_smb/client_spec.rb +24 -16
- data/spec/lib/ruby_smb/gss/provider/ntlm/account_spec.rb +32 -0
- data/spec/lib/ruby_smb/gss/provider/ntlm/authenticator_spec.rb +101 -0
- data/spec/lib/ruby_smb/gss/provider/ntlm/os_version_spec.rb +32 -0
- data/spec/lib/ruby_smb/gss/provider/ntlm_spec.rb +113 -0
- data/spec/lib/ruby_smb/server/server_client_spec.rb +156 -0
- data/spec/lib/ruby_smb/server_spec.rb +32 -0
- data/spec/lib/ruby_smb/smb1/tree_spec.rb +4 -4
- data/spec/lib/ruby_smb/smb2/negotiate_context_spec.rb +2 -2
- data/spec/lib/ruby_smb/smb2/tree_spec.rb +5 -5
- data.tar.gz.sig +0 -0
- metadata +25 -3
- metadata.gz.sig +0 -0
- data/lib/ruby_smb/client/signing.rb +0 -64
|
@@ -1,64 +0,0 @@
|
|
|
1
|
-
module RubySMB
|
|
2
|
-
class Client
|
|
3
|
-
# Contains the methods for handling packet signing
|
|
4
|
-
module Signing
|
|
5
|
-
# The NTLM Session Key used for signing
|
|
6
|
-
# @!attribute [rw] session_key
|
|
7
|
-
# @return [String]
|
|
8
|
-
attr_accessor :session_key
|
|
9
|
-
|
|
10
|
-
# Take an SMB1 packet and checks to see if it should be signed.
|
|
11
|
-
# If signing is enabled and we have a session key already, then
|
|
12
|
-
# it will sign the packet appropriately.
|
|
13
|
-
#
|
|
14
|
-
# @param packet [RubySMB::GenericPacket] the packet to sign
|
|
15
|
-
# @return [RubySMB::GenericPacket] the packet, signed if needed
|
|
16
|
-
def smb1_sign(packet)
|
|
17
|
-
if signing_required && !session_key.empty?
|
|
18
|
-
# Pack the Sequence counter into a int64le
|
|
19
|
-
packed_sequence_counter = [sequence_counter].pack('Q<')
|
|
20
|
-
packet.smb_header.security_features = packed_sequence_counter
|
|
21
|
-
signature = OpenSSL::Digest::MD5.digest(session_key + packet.to_binary_s)[0, 8]
|
|
22
|
-
packet.smb_header.security_features = signature
|
|
23
|
-
self.sequence_counter += 1
|
|
24
|
-
end
|
|
25
|
-
packet
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
# Take an SMB2 packet and checks to see if it should be signed.
|
|
29
|
-
# If signing is enabled and we have a session key already, then
|
|
30
|
-
# it will sign the packet appropriately.
|
|
31
|
-
#
|
|
32
|
-
# @param packet [RubySMB::GenericPacket] the packet to sign
|
|
33
|
-
# @return [RubySMB::GenericPacket] the packet, signed if needed
|
|
34
|
-
def smb2_sign(packet)
|
|
35
|
-
if signing_required && !session_key.empty?
|
|
36
|
-
packet.smb2_header.flags.signed = 1
|
|
37
|
-
packet.smb2_header.signature = "\x00" * 16
|
|
38
|
-
hmac = OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, session_key, packet.to_binary_s)
|
|
39
|
-
packet.smb2_header.signature = hmac[0, 16]
|
|
40
|
-
end
|
|
41
|
-
packet
|
|
42
|
-
end
|
|
43
|
-
|
|
44
|
-
def smb3_sign(packet)
|
|
45
|
-
if !session_key.empty? && (signing_required || packet.is_a?(RubySMB::SMB2::Packet::TreeConnectRequest))
|
|
46
|
-
case @dialect
|
|
47
|
-
when '0x0300', '0x0302'
|
|
48
|
-
signing_key = RubySMB::Crypto::KDF.counter_mode(@session_key, "SMB2AESCMAC\x00", "SmbSign\x00")
|
|
49
|
-
when '0x0311'
|
|
50
|
-
signing_key = RubySMB::Crypto::KDF.counter_mode(@session_key, "SMBSigningKey\x00", @preauth_integrity_hash_value)
|
|
51
|
-
else
|
|
52
|
-
raise RubySMB::Error::SigningError.new('Dialect is incompatible with SMBv3 signing')
|
|
53
|
-
end
|
|
54
|
-
|
|
55
|
-
packet.smb2_header.flags.signed = 1
|
|
56
|
-
packet.smb2_header.signature = "\x00" * 16
|
|
57
|
-
hmac = OpenSSL::CMAC.digest('AES', signing_key, packet.to_binary_s)
|
|
58
|
-
packet.smb2_header.signature = hmac[0, 16]
|
|
59
|
-
end
|
|
60
|
-
packet
|
|
61
|
-
end
|
|
62
|
-
end
|
|
63
|
-
end
|
|
64
|
-
end
|