RubyGems - ruby_smb - Versions diffs - 2.0.9 → 2.0.13 - Mend

ruby_smb 2.0.9 → 2.0.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (228) hide show

data/lib/ruby_smb/smb2/pipe.rb CHANGED Viewed

@@ -21,6 +21,10 @@ module RubySMB
           extend RubySMB::Dcerpc::Svcctl
         when 'winreg', '\\winreg'
           extend RubySMB::Dcerpc::Winreg
+        when 'samr', '\\samr'
+          extend RubySMB::Dcerpc::Samr
+        when 'wkssvc', '\\wkssvc'
+          extend RubySMB::Dcerpc::Wkssvc
         end
         super(tree: tree, response: response, name: name)
       end

data/lib/ruby_smb/smb2/tree.rb CHANGED Viewed

@@ -61,7 +61,7 @@ module RubySMB
         opts = opts.dup
         opts[:filename] = opts[:filename].dup
         opts[:filename] = opts[:filename][1..-1] if opts[:filename].start_with? '\\'
-        open_file(opts)
+        open_file(**opts)
       end
       def open_file(filename:, attributes: nil, options: nil, disposition: RubySMB::Dispositions::FILE_OPEN,

data/lib/ruby_smb/smb2.rb CHANGED Viewed

@@ -1,10 +1,12 @@
 module RubySMB
   # A packet parsing and manipulation library for the SMB2 protocol
   #
-  # [[MS-SMB2] Server Mesage Block (SMB) Protocol Versions 2 and 3](https://msdn.microsoft.com/en-us/library/cc246482.aspx)
+  # [[MS-SMB2] Server Message Block (SMB) Protocol Versions 2 and 3](https://msdn.microsoft.com/en-us/library/cc246482.aspx)
   module SMB2
     # Protocol ID value. Translates to \xFESMB
     SMB2_PROTOCOL_ID = 0xFE534D42
+    # Wildcard revision, see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/63abf97c-0d09-47e2-88d6-6bfa552949a5
+    SMB2_WILDCARD_REVISION = 0x02ff
     require 'ruby_smb/smb2/info_type'
     require 'ruby_smb/smb2/commands'

data/lib/ruby_smb/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module RubySMB
-  VERSION = '2.0.9'.freeze
+  VERSION = '2.0.13'.freeze
 end

data/lib/ruby_smb.rb CHANGED Viewed

@@ -21,10 +21,11 @@ module RubySMB
   require 'ruby_smb/generic_packet'
   require 'ruby_smb/dispatcher'
   require 'ruby_smb/version'
-  require 'ruby_smb/version'
   require 'ruby_smb/smb2'
   require 'ruby_smb/smb1'
   require 'ruby_smb/client'
   require 'ruby_smb/crypto'
   require 'ruby_smb/compression'
+  require 'ruby_smb/server'
+  require 'ruby_smb/dialect'
 end

data/spec/lib/ruby_smb/client_spec.rb CHANGED Viewed

@@ -126,8 +126,7 @@ RSpec.describe RubySMB::Client do
         expect(password).to eq(password)
         expect(opt[:workstation]).to eq(local_workstation)
         expect(opt[:domain]).to eq(domain)
-        flags = Net::NTLM::Client::DEFAULT_FLAGS |
-          Net::NTLM::FLAGS[:TARGET_INFO] | 0x02000000 ^ Net::NTLM::FLAGS[:OEM]
+        flags = RubySMB::NTLM::DEFAULT_CLIENT_FLAGS
         expect(opt[:flags]).to eq(flags)
       end
@@ -209,6 +208,8 @@ RSpec.describe RubySMB::Client do
     context 'when signing' do
       it 'calls #smb1_sign if it is an SMB1 packet' do
+        allow(client).to receive(:signing_required).and_return(true)
+        allow(client).to receive(:session_key).and_return(Random.new.bytes(16))
         expect(client).to receive(:smb1_sign).with(smb1_request).and_call_original
         client.send_recv(smb1_request)
       end
@@ -223,15 +224,11 @@ RSpec.describe RubySMB::Client do
         it 'calls #smb2_sign if it is an SMB2 client' do
           allow(smb2_client).to receive(:is_status_pending?).and_return(false)
+          allow(smb2_client).to receive(:signing_required).and_return(true)
+          allow(smb2_client).to receive(:session_key).and_return(Random.new.bytes(16))
           expect(smb2_client).to receive(:smb2_sign).with(smb2_request).and_call_original
           smb2_client.send_recv(smb2_request)
         end
-        it 'calls #smb3_sign if it is an SMB3 client' do
-          allow(smb3_client).to receive(:is_status_pending?).and_return(false)
-          expect(smb3_client).to receive(:smb3_sign).with(smb2_request).and_call_original
-          smb3_client.send_recv(smb2_request)
-        end
       end
     end
@@ -2087,7 +2084,7 @@ RSpec.describe RubySMB::Client do
         it 'generates the HMAC based on the packet and the NTLM session key and signs the packet with it' do
           smb2_client.session_key = 'foo'
           smb2_client.signing_required = true
-          expect(OpenSSL::HMAC).to receive(:digest).with(instance_of(OpenSSL::Digest::SHA256), smb2_client.session_key, request1.to_binary_s).and_return(fake_hmac)
+          expect(OpenSSL::HMAC).to receive(:digest).with(instance_of(OpenSSL::Digest), smb2_client.session_key, request1.to_binary_s).and_return(fake_hmac)
           expect(smb2_client.smb2_sign(request1).smb2_header.signature).to eq fake_hmac
         end
       end
@@ -2187,7 +2184,7 @@ RSpec.describe RubySMB::Client do
             smb3_client.dialect = '0x0202'
             expect { smb3_client.smb3_sign(request) }.to raise_error(
               RubySMB::Error::SigningError,
-              'Dialect is incompatible with SMBv3 signing'
+              'Dialect "0x0202" is incompatible with SMBv3 signing'
             )
           end
         end
@@ -2237,7 +2234,7 @@ RSpec.describe RubySMB::Client do
             smb3_client.dialect = '0x0202'
             expect { smb3_client.smb3_sign(request) }.to raise_error(
               RubySMB::Error::SigningError,
-              'Dialect is incompatible with SMBv3 signing'
+              'Dialect "0x0202" is incompatible with SMBv3 signing'
             )
           end
         end

data/spec/lib/ruby_smb/dcerpc/bind_ack_spec.rb CHANGED Viewed

@@ -7,7 +7,8 @@ RSpec.describe RubySMB::Dcerpc::BindAck do
   it { is_expected.to respond_to :assoc_group_id }
   it { is_expected.to respond_to :sec_addr }
   it { is_expected.to respond_to :p_result_list }
-  it { is_expected.to respond_to :auth_verifier }
+  it { is_expected.to respond_to :sec_trailer }
+  it { is_expected.to respond_to :auth_value }
   it 'is little endian' do
     expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
@@ -26,8 +27,8 @@ RSpec.describe RubySMB::Dcerpc::BindAck do
   end
   describe '#max_xmit_frag' do
-    it 'should be a 16-bit unsigned integer' do
-      expect(packet.max_xmit_frag).to be_a BinData::Uint16le
+    it 'should be a NdrUint16' do
+      expect(packet.max_xmit_frag).to be_a RubySMB::Dcerpc::Ndr::NdrUint16
     end
     it 'should have a default value of 0xFFFF' do
@@ -36,8 +37,8 @@ RSpec.describe RubySMB::Dcerpc::BindAck do
   end
   describe '#max_recv_frag' do
-    it 'should be a 16-bit unsigned integer' do
-      expect(packet.max_recv_frag).to be_a BinData::Uint16le
+    it 'should be a NdrUint16' do
+      expect(packet.max_recv_frag).to be_a RubySMB::Dcerpc::Ndr::NdrUint16
     end
     it 'should have a default value of 0xFFFF' do
@@ -46,15 +47,8 @@ RSpec.describe RubySMB::Dcerpc::BindAck do
   end
   describe '#assoc_group_id' do
-    it 'should be a 32-bit unsigned integer' do
-      expect(packet.assoc_group_id).to be_a BinData::Uint32le
-    end
-  end
-  describe '#pad' do
-    it 'should keep #p_result_list 4-byte aligned' do
-      packet.sec_addr.port_spec = "test"
-      expect(packet.p_result_list.abs_offset % 4).to eq 0
+    it 'should be a NdrUint32' do
+      expect(packet.assoc_group_id).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
     end
   end
@@ -64,45 +58,49 @@ RSpec.describe RubySMB::Dcerpc::BindAck do
     end
   end
-  describe '#auth_verifier' do
-    it 'should be a string' do
-      expect(packet.auth_verifier).to be_a BinData::String
+  describe '#sec_trailer' do
+    it 'should be a SecTrailer structure' do
+      expect(packet.sec_trailer).to be_a RubySMB::Dcerpc::SecTrailer
     end
     it 'should not exist if the #auth_length PDU header field is 0' do
       packet.pdu_header.auth_length = 0
-      expect(packet.auth_verifier?).to be false
+      expect(packet.sec_trailer?).to be false
     end
     it 'should exist only if the #auth_length PDU header field is greater than 0' do
       packet.pdu_header.auth_length = 10
-      expect(packet.auth_verifier?).to be true
+      expect(packet.sec_trailer?).to be true
     end
+  end
-    it 'reads #auth_length bytes' do
-      auth_verifier = '12345678'
-      packet.pdu_header.auth_length = 6
-      packet.auth_verifier.read(auth_verifier)
-      expect(packet.auth_verifier).to eq(auth_verifier[0,6])
+  describe '#auth_value' do
+    it 'should be a string' do
+      expect(packet.auth_value).to be_a BinData::String
     end
-  end
-  describe '#pad_length' do
-    it 'returns 0 when #p_result_list is already 4-byte aligned' do
-      packet.sec_addr.port_spec = 'align'
-      expect(packet.pad_length).to eq 0
+    it 'should not exist if the #auth_length PDU header field is 0' do
+      packet.pdu_header.auth_length = 0
+      expect(packet.auth_value?).to be false
     end
-    it 'returns 2 when #p_result_list is only 2-byte aligned' do
-      packet.sec_addr.port_spec = 'align' + 'AA'
-      expect(packet.pad_length).to eq 2
+    it 'should exist only if the #auth_length PDU header field is greater than 0' do
+      packet.pdu_header.auth_length = 10
+      expect(packet.auth_value?).to be true
+    end
+    it 'reads #auth_length bytes' do
+      auth_value = '12345678'
+      packet.pdu_header.auth_length = 6
+      packet.auth_value.read(auth_value)
+      expect(packet.auth_value).to eq(auth_value[0,6])
     end
   end
   it 'reads its own binary representation and output the same packet' do
     packet.sec_addr.port_spec = "port spec"
     packet.p_result_list.n_results = 2
-    packet.auth_verifier = '123456'
+    packet.auth_value = '123456'
     packet.pdu_header.auth_length = 6
     binary = packet.to_binary_s
     expect(described_class.read(binary)).to eq(packet)
@@ -119,9 +117,13 @@ RSpec.describe RubySMB::Dcerpc::PortAnyT do
     expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
   end
+  it 'has a default alignment of 2 bytes' do
+    expect(described_class.default_parameters[:byte_align]).to eq 2
+  end
   describe '#str_length' do
-    it 'should be a 16-bit unsigned integer' do
-      expect(packet.str_length).to be_a BinData::Uint16le
+    it 'should be a NdrUint16' do
+      expect(packet.str_length).to be_a RubySMB::Dcerpc::Ndr::NdrUint16
     end
     it 'should be the size of #port_spec string, including the NULL terminator' do
@@ -148,15 +150,33 @@ RSpec.describe RubySMB::Dcerpc::PResultListT do
   subject(:packet) { described_class.new }
   it { is_expected.to respond_to :n_results }
+  it { is_expected.to respond_to :reserved }
+  it { is_expected.to respond_to :reserved2 }
   it { is_expected.to respond_to :p_results }
   it 'is little endian' do
     expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
   end
+  it 'has a default alignment of 4 bytes' do
+    expect(described_class.default_parameters[:byte_align]).to eq 4
+  end
   describe '#n_results' do
-    it 'should be a 8-bit unsigned integer' do
-      expect(packet.n_results).to be_a BinData::Uint8
+    it 'should be a NdrUint8' do
+      expect(packet.n_results).to be_a RubySMB::Dcerpc::Ndr::NdrUint8
+    end
+  end
+  describe '#reserved' do
+    it 'should be a NdrUint8' do
+      expect(packet.reserved).to be_a RubySMB::Dcerpc::Ndr::NdrUint8
+    end
+  end
+  describe '#reserved2' do
+    it 'should be a NdrUint16' do
+      expect(packet.reserved2).to be_a RubySMB::Dcerpc::Ndr::NdrUint16
     end
   end
@@ -172,6 +192,10 @@ RSpec.describe RubySMB::Dcerpc::PResultListT do
       packet.n_results = n_elements
       expect(packet.p_results.size).to eq n_elements
     end
+    it 'has a default alignment of 4 bytes' do
+      expect(packet.p_results.get_parameter(:byte_align)).to eq 4
+    end
   end
   it 'reads its own binary representation and output the same packet' do
@@ -192,15 +216,19 @@ RSpec.describe RubySMB::Dcerpc::PResultT do
     expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
   end
+  it 'has a default alignment of 4 bytes' do
+    expect(described_class.default_parameters[:byte_align]).to eq 4
+  end
   describe '#result' do
-    it 'should be a 16-bit unsigned integer' do
-      expect(packet.result).to be_a BinData::Uint16le
+    it 'should be a NdrUint16' do
+      expect(packet.result).to be_a RubySMB::Dcerpc::Ndr::NdrUint16
     end
   end
   describe '#reason' do
-    it 'should be a 16-bit unsigned integer' do
-      expect(packet.reason).to be_a BinData::Uint16le
+    it 'should be a NdrUint16' do
+      expect(packet.reason).to be_a RubySMB::Dcerpc::Ndr::NdrUint16
     end
   end

data/spec/lib/ruby_smb/dcerpc/bind_spec.rb CHANGED Viewed

@@ -17,7 +17,8 @@ RSpec.describe RubySMB::Dcerpc::Bind do
   it { is_expected.to respond_to :max_recv_frag }
   it { is_expected.to respond_to :assoc_group_id }
   it { is_expected.to respond_to :p_context_list }
-  it { is_expected.to respond_to :auth_verifier }
+  it { is_expected.to respond_to :sec_trailer }
+  it { is_expected.to respond_to :auth_value }
   it 'is little endian' do
     expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
@@ -36,8 +37,8 @@ RSpec.describe RubySMB::Dcerpc::Bind do
   end
   describe '#max_xmit_frag' do
-    it 'should be a 16-bit unsigned integer' do
-      expect(packet.max_xmit_frag).to be_a BinData::Uint16le
+    it 'should be NdrUint16' do
+      expect(packet.max_xmit_frag).to be_a RubySMB::Dcerpc::Ndr::NdrUint16
     end
     it 'should have a default value of 0xFFFF' do
@@ -46,8 +47,8 @@ RSpec.describe RubySMB::Dcerpc::Bind do
   end
   describe '#max_recv_frag' do
-    it 'should be a 16-bit unsigned integer' do
-      expect(packet.max_recv_frag).to be_a BinData::Uint16le
+    it 'should be NdrUint16' do
+      expect(packet.max_recv_frag).to be_a RubySMB::Dcerpc::Ndr::NdrUint16
     end
     it 'should have a default value of 0xFFFF' do
@@ -56,8 +57,8 @@ RSpec.describe RubySMB::Dcerpc::Bind do
   end
   describe '#assoc_group_id' do
-    it 'should be a 32-bit unsigned integer' do
-      expect(packet.assoc_group_id).to be_a BinData::Uint32le
+    it 'should be NdrUint32' do
+      expect(packet.assoc_group_id).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
     end
   end
@@ -71,32 +72,48 @@ RSpec.describe RubySMB::Dcerpc::Bind do
     end
   end
-  describe '#auth_verifier' do
+  describe '#sec_trailer' do
+    it 'should be SecTrailer structure' do
+      expect(packet.sec_trailer).to be_a RubySMB::Dcerpc::SecTrailer
+    end
+    it 'should not exist if the #auth_length PDU header field is 0' do
+      packet.pdu_header.auth_length = 0
+      expect(packet.sec_trailer?).to be false
+    end
+    it 'should exist only if the #auth_length PDU header field is greater than 0' do
+      packet.pdu_header.auth_length = 10
+      expect(packet.sec_trailer?).to be true
+    end
+  end
+  describe '#auth_value' do
     it 'should be a string' do
-      expect(packet.auth_verifier).to be_a BinData::String
+      expect(packet.auth_value).to be_a BinData::String
     end
     it 'should not exist if the #auth_length PDU header field is 0' do
       packet.pdu_header.auth_length = 0
-      expect(packet.auth_verifier?).to be false
+      expect(packet.auth_value?).to be false
     end
     it 'should exist only if the #auth_length PDU header field is greater than 0' do
       packet.pdu_header.auth_length = 10
-      expect(packet.auth_verifier?).to be true
+      expect(packet.auth_value?).to be true
     end
     it 'reads #auth_length bytes' do
-      auth_verifier = '12345678'
+      auth_value = '12345678'
       packet.pdu_header.auth_length = 6
-      packet.auth_verifier.read(auth_verifier)
-      expect(packet.auth_verifier).to eq(auth_verifier[0,6])
+      packet.auth_value.read(auth_value)
+      expect(packet.auth_value).to eq(auth_value[0,6])
     end
   end
   it 'reads its own binary representation and output the same packet' do
     packet = described_class.new(endpoint: endpoint)
-    packet.auth_verifier = '123456'
+    packet.auth_value = '123456'
     packet.pdu_header.auth_length = 6
     binary = packet.to_binary_s
     expect(described_class.read(binary)).to eq(packet)
@@ -118,15 +135,21 @@ RSpec.describe RubySMB::Dcerpc::PContListT do
   subject(:packet) { described_class.new }
   it { is_expected.to respond_to :n_context_elem }
+  it { is_expected.to respond_to :reserved }
+  it { is_expected.to respond_to :reserved2 }
   it { is_expected.to respond_to :p_cont_elem }
   it 'is little endian' do
     expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
   end
+  it 'has a default alignment of 4 bytes' do
+    expect(described_class.default_parameters[:byte_align]).to eq 4
+  end
   describe '#n_context_elem' do
-    it 'should be a 8-bit unsigned integer' do
-      expect(packet.n_context_elem).to be_a BinData::Uint8
+    it 'should be NdrUint8' do
+      expect(packet.n_context_elem).to be_a RubySMB::Dcerpc::Ndr::NdrUint8
     end
     it 'should have the default value 1' do
@@ -134,6 +157,18 @@ RSpec.describe RubySMB::Dcerpc::PContListT do
     end
   end
+  describe '#reserved' do
+    it 'should be NdrUint8' do
+      expect(packet.reserved).to be_a RubySMB::Dcerpc::Ndr::NdrUint8
+    end
+  end
+  describe '#reserved2' do
+    it 'should be NdrUint16' do
+      expect(packet.reserved2).to be_a RubySMB::Dcerpc::Ndr::NdrUint16
+    end
+  end
   describe '#p_cont_elem' do
     it 'should be an array of type PContElemT' do
       expect(packet.p_cont_elem).to be_a BinData::Array
@@ -150,6 +185,10 @@ RSpec.describe RubySMB::Dcerpc::PContListT do
     it 'should have an #endpoint parameter' do
       expect(packet.p_cont_elem.has_parameter?(:endpoint)).to be true
     end
+    it 'has a default alignment of 4 bytes' do
+      expect(packet.p_cont_elem.get_parameter(:byte_align)).to eq 4
+    end
   end
   it 'reads its own binary representation and output the same packet' do
@@ -175,6 +214,7 @@ RSpec.describe RubySMB::Dcerpc::PContElemT do
   it { is_expected.to respond_to :p_cont_id }
   it { is_expected.to respond_to :n_transfer_syn }
+  it { is_expected.to respond_to :reserved }
   it { is_expected.to respond_to :abstract_syntax }
   it { is_expected.to respond_to :transfer_syntaxes }
@@ -182,15 +222,19 @@ RSpec.describe RubySMB::Dcerpc::PContElemT do
     expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
   end
+  it 'has a default alignment of 4 bytes' do
+    expect(described_class.default_parameters[:byte_align]).to eq 4
+  end
   describe '#p_cont_id' do
-    it 'should be a 16-bit unsigned integer' do
-      expect(packet.p_cont_id).to be_a BinData::Uint16le
+    it 'should be NdrUint16' do
+      expect(packet.p_cont_id).to be_a RubySMB::Dcerpc::Ndr::NdrUint16
     end
   end
   describe '#n_transfer_syn' do
-    it 'should be a 8-bit unsigned integer' do
-      expect(packet.n_transfer_syn).to be_a BinData::Uint8
+    it 'should be NdrUint8' do
+      expect(packet.n_transfer_syn).to be_a RubySMB::Dcerpc::Ndr::NdrUint8
     end
     it 'should have the default value 1' do
@@ -198,6 +242,12 @@ RSpec.describe RubySMB::Dcerpc::PContElemT do
     end
   end
+  describe '#reserved' do
+    it 'should be NdrUint8' do
+      expect(packet.reserved).to be_a RubySMB::Dcerpc::Ndr::NdrUint8
+    end
+  end
   describe '#abstract_syntax' do
     it 'should be a PSyntaxIdT structure' do
       expect(packet.abstract_syntax).to be_a RubySMB::Dcerpc::PSyntaxIdT
@@ -251,6 +301,10 @@ RSpec.describe RubySMB::Dcerpc::PContElemT do
       expect(packet.transfer_syntaxes[0].if_ver_major).to eq RubySMB::Dcerpc::Ndr::VER_MAJOR
       expect(packet.transfer_syntaxes[0].if_ver_minor).to eq RubySMB::Dcerpc::Ndr::VER_MINOR
     end
+    it 'has a default alignment of 4 bytes' do
+      expect(packet.transfer_syntaxes.get_parameter(:byte_align)).to eq 4
+    end
   end
   it 'reads its own binary representation and output the same packet' do