ruby_smb 2.0.8 → 2.0.12

Sign up to get free protection for your applications and to get access to all the features.
Files changed (45) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data/.github/workflows/verify.yml +5 -15
  4. data/examples/auth_capture.rb +71 -0
  5. data/lib/ruby_smb/client/negotiation.rb +9 -11
  6. data/lib/ruby_smb/client.rb +30 -25
  7. data/lib/ruby_smb/dialect.rb +45 -0
  8. data/lib/ruby_smb/dispatcher/base.rb +1 -1
  9. data/lib/ruby_smb/gss/provider/authenticator.rb +42 -0
  10. data/lib/ruby_smb/gss/provider/ntlm.rb +303 -0
  11. data/lib/ruby_smb/gss/provider.rb +35 -0
  12. data/lib/ruby_smb/gss.rb +56 -63
  13. data/lib/ruby_smb/ntlm.rb +45 -0
  14. data/lib/ruby_smb/server/server_client/negotiation.rb +156 -0
  15. data/lib/ruby_smb/server/server_client/session_setup.rb +82 -0
  16. data/lib/ruby_smb/server/server_client.rb +162 -0
  17. data/lib/ruby_smb/server.rb +54 -0
  18. data/lib/ruby_smb/signing.rb +59 -0
  19. data/lib/ruby_smb/smb1/packet/negotiate_response.rb +11 -11
  20. data/lib/ruby_smb/smb1/packet/negotiate_response_extended.rb +1 -1
  21. data/lib/ruby_smb/smb1/packet/session_setup_request.rb +1 -1
  22. data/lib/ruby_smb/smb1/tree.rb +1 -1
  23. data/lib/ruby_smb/smb2/negotiate_context.rb +18 -2
  24. data/lib/ruby_smb/smb2/packet/negotiate_request.rb +9 -0
  25. data/lib/ruby_smb/smb2/packet/negotiate_response.rb +0 -1
  26. data/lib/ruby_smb/smb2/packet/session_setup_response.rb +2 -2
  27. data/lib/ruby_smb/smb2/packet/tree_connect_request.rb +1 -1
  28. data/lib/ruby_smb/smb2/tree.rb +1 -1
  29. data/lib/ruby_smb/smb2.rb +3 -1
  30. data/lib/ruby_smb/version.rb +1 -1
  31. data/lib/ruby_smb.rb +2 -1
  32. data/spec/lib/ruby_smb/client_spec.rb +24 -16
  33. data/spec/lib/ruby_smb/gss/provider/ntlm/account_spec.rb +32 -0
  34. data/spec/lib/ruby_smb/gss/provider/ntlm/authenticator_spec.rb +101 -0
  35. data/spec/lib/ruby_smb/gss/provider/ntlm/os_version_spec.rb +32 -0
  36. data/spec/lib/ruby_smb/gss/provider/ntlm_spec.rb +113 -0
  37. data/spec/lib/ruby_smb/server/server_client_spec.rb +156 -0
  38. data/spec/lib/ruby_smb/server_spec.rb +32 -0
  39. data/spec/lib/ruby_smb/smb1/tree_spec.rb +4 -4
  40. data/spec/lib/ruby_smb/smb2/negotiate_context_spec.rb +2 -2
  41. data/spec/lib/ruby_smb/smb2/tree_spec.rb +5 -5
  42. data.tar.gz.sig +0 -0
  43. metadata +25 -3
  44. metadata.gz.sig +0 -0
  45. data/lib/ruby_smb/client/signing.rb +0 -64
data/lib/ruby_smb/client/signing.rb DELETED
@@ -1,64 +0,0 @@
1
- module RubySMB
2
- class Client
3
- # Contains the methods for handling packet signing
4
- module Signing
5
- # The NTLM Session Key used for signing
6
- # @!attribute [rw] session_key
7
- # @return [String]
8
- attr_accessor :session_key
9
-
10
- # Take an SMB1 packet and checks to see if it should be signed.
11
- # If signing is enabled and we have a session key already, then
12
- # it will sign the packet appropriately.
13
- #
14
- # @param packet [RubySMB::GenericPacket] the packet to sign
15
- # @return [RubySMB::GenericPacket] the packet, signed if needed
16
- def smb1_sign(packet)
17
- if signing_required && !session_key.empty?
18
- # Pack the Sequence counter into a int64le
19
- packed_sequence_counter = [sequence_counter].pack('Q<')
20
- packet.smb_header.security_features = packed_sequence_counter
21
- signature = OpenSSL::Digest::MD5.digest(session_key + packet.to_binary_s)[0, 8]
22
- packet.smb_header.security_features = signature
23
- self.sequence_counter += 1
24
- end
25
- packet
26
- end
27
-
28
- # Take an SMB2 packet and checks to see if it should be signed.
29
- # If signing is enabled and we have a session key already, then
30
- # it will sign the packet appropriately.
31
- #
32
- # @param packet [RubySMB::GenericPacket] the packet to sign
33
- # @return [RubySMB::GenericPacket] the packet, signed if needed
34
- def smb2_sign(packet)
35
- if signing_required && !session_key.empty?
36
- packet.smb2_header.flags.signed = 1
37
- packet.smb2_header.signature = "\x00" * 16
38
- hmac = OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, session_key, packet.to_binary_s)
39
- packet.smb2_header.signature = hmac[0, 16]
40
- end
41
- packet
42
- end
43
-
44
- def smb3_sign(packet)
45
- if !session_key.empty? && (signing_required || packet.is_a?(RubySMB::SMB2::Packet::TreeConnectRequest))
46
- case @dialect
47
- when '0x0300', '0x0302'
48
- signing_key = RubySMB::Crypto::KDF.counter_mode(@session_key, "SMB2AESCMAC\x00", "SmbSign\x00")
49
- when '0x0311'
50
- signing_key = RubySMB::Crypto::KDF.counter_mode(@session_key, "SMBSigningKey\x00", @preauth_integrity_hash_value)
51
- else
52
- raise RubySMB::Error::SigningError.new('Dialect is incompatible with SMBv3 signing')
53
- end
54
-
55
- packet.smb2_header.flags.signed = 1
56
- packet.smb2_header.signature = "\x00" * 16
57
- hmac = OpenSSL::CMAC.digest('AES', signing_key, packet.to_binary_s)
58
- packet.smb2_header.signature = hmac[0, 16]
59
- end
60
- packet
61
- end
62
- end
63
- end
64
- end