ruby_smb 2.0.9 → 2.0.13

data/spec/lib/ruby_smb/gss/provider/ntlm_spec.rb

@@ -0,0 +1,113 @@
+require 'spec_helper'
+
+RSpec.describe RubySMB::Gss::Provider::NTLM do
+  let(:provider) { described_class.new }
+
+  it { is_expected.to respond_to :allow_anonymous }
+  it { is_expected.to respond_to :default_domain }
+
+  describe '#initialize' do
+    it 'defaults to false for allowing anonymous access' do
+      expect(provider.allow_anonymous).to be false
+    end
+
+    it 'defaults to a default domain of WORKGROUP' do
+      expect(provider.default_domain).to eq 'WORKGROUP'
+    end
+
+    it 'defaults to a random challenge generator' do
+      expect(provider.generate_server_challenge).to_not eq provider.generate_server_challenge
+    end
+  end
+
+  describe '#generate_server_challenge' do
+    it 'generates a valid 8-byte challenge' do
+      challenge = provider.generate_server_challenge
+      expect(challenge).to be_a String
+      expect(challenge.length).to eq 8
+    end
+
+    it 'should take a generator block' do
+      random_challenge = Random.new.bytes(8)
+      provider.generate_server_challenge do
+        random_challenge
+      end
+      expect(provider.generate_server_challenge).to eq random_challenge
+    end
+  end
+
+  describe '#get_account' do
+    let(:username) { 'RubySMB' }
+    let(:password) { 'password' }
+    let(:domain) { 'WORKGROUP' }
+
+    context 'when getting accounts' do
+     before(:each) do
+       provider.put_account(username, password)
+     end
+
+     it 'should return nil for an unknown account' do
+       account = provider.get_account('Spencer')
+       expect(account).to be_nil
+     end
+
+     it 'should work with a case sensitive name' do
+       account = provider.get_account(username)
+       expect(account).to be_a RubySMB::Gss::Provider::NTLM::Account
+       expect(account.username).to eq username
+     end
+
+     it 'should work with a case insensitive name' do
+       account = provider.get_account(username.downcase)
+       expect(account).to be_a RubySMB::Gss::Provider::NTLM::Account
+       expect(account.username).to eq username
+     end
+
+     it 'should work with a case sensitive domain' do
+       account = provider.get_account(username, domain: domain)
+       expect(account).to be_a RubySMB::Gss::Provider::NTLM::Account
+       expect(account.domain).to eq domain
+     end
+
+     it 'should work with a case insensitive domain' do
+       account = provider.get_account(username, domain: domain.downcase)
+       expect(account).to be_a RubySMB::Gss::Provider::NTLM::Account
+       expect(account.domain).to eq domain
+     end
+
+     it 'should work with the special . domain' do
+       account = provider.get_account(username, domain: '.')
+       expect(account).to be_a RubySMB::Gss::Provider::NTLM::Account
+       expect(account.domain).to eq domain
+     end
+
+     # UTF-16LE is optionally used for encoding some Net-NTLM message fields, the #get_account method should handle it
+     # transparently
+     it 'should work with a UTF16-LE name' do
+       account = provider.get_account(username.encode('UTF-16LE'))
+       expect(account).to be_a RubySMB::Gss::Provider::NTLM::Account
+       expect(account.username).to eq username
+     end
+
+     it 'should work with a UTF16-LE domain' do
+       account = provider.get_account(username, domain: domain.encode('UTF-16LE'))
+       expect(account).to be_a RubySMB::Gss::Provider::NTLM::Account
+       expect(account.domain).to eq domain
+     end
+    end
+
+    context 'when putting accounts' do
+     it 'should accept new accounts with the default domain' do
+       provider.put_account(username, password)
+     end
+
+     after(:each) do
+       account = provider.get_account(username, domain: domain)
+       expect(account).to be_a RubySMB::Gss::Provider::NTLM::Account
+       expect(account.username).to eq username
+       expect(account.password).to eq password
+       expect(account.domain).to eq domain
+     end
+    end
+  end
+end

data/spec/lib/ruby_smb/server/server_client_spec.rb

@@ -0,0 +1,156 @@
+RSpec.describe RubySMB::Server::ServerClient do
+  let(:server) { RubySMB::Server.new(server_sock: ::TCPServer.new(0)) }
+  let(:sock) { double('Socket', peeraddr: '192.168.1.5') }
+  let(:dispatcher) { RubySMB::Dispatcher::Socket.new(sock) }
+  subject(:server_client) { described_class.new(server, dispatcher) }
+
+  it { is_expected.to respond_to :dialect }
+  it { is_expected.to respond_to :identity }
+  it { is_expected.to respond_to :state }
+  it { is_expected.to respond_to :session_key }
+
+  describe '#disconnect!' do
+    it 'closes the socket' do
+      expect(dispatcher.tcp_socket).to receive(:close).with(no_args).and_return(nil)
+      server_client.disconnect!
+    end
+  end
+
+  describe '#initialize' do
+    it 'starts in the negotiate state' do
+      expect(server_client.state).to eq :negotiate
+    end
+
+    it 'starts without a dialect' do
+      expect(server_client.dialect).to be_nil
+      expect(server_client.metadialect).to be_nil
+    end
+
+    it 'starts without an identity' do
+      expect(server_client.identity).to be_nil
+    end
+
+    it 'starts without a session_key' do
+      expect(server_client.session_key).to be_nil
+    end
+
+    it 'creates a new authenticator instance' do
+      expect(server.gss_provider).to receive(:new_authenticator).and_call_original
+      described_class.new(server, dispatcher)
+    end
+  end
+
+  describe '#process_gss' do
+    before(:each) do
+      expect(server_client.instance_eval { @gss_authenticator }).to receive(:process).and_call_original
+    end
+
+    it 'should handle an empty GSS buffer' do
+      result = server_client.process_gss
+      expect(result).to be_a RubySMB::Gss::Provider::Result
+      expect(result.nt_status).to eq WindowsError::NTStatus::STATUS_SUCCESS
+      expect(result.buffer).to_not be_empty
+      expect(result.identity).to be_nil
+    end
+  end
+
+  describe '#recv_packet' do
+    it 'receives a new packet from the dispatcher' do
+      expect(dispatcher).to receive(:recv_packet).with(no_args)
+      server_client.recv_packet
+    end
+  end
+
+  describe '#run' do
+    let(:packet) { Random.new.bytes(16) }
+    before(:each) do
+      expect(server_client).to receive(:recv_packet).and_return(packet)
+      # this hook should ensure that the dispatcher loop returns after processing a single request
+      expect(dispatcher.tcp_socket).to receive(:closed?).and_return(true)
+    end
+
+    it 'calls #handle_negotiate when the state is negotiate' do
+      expect(server_client).to receive(:handle_negotiate).with(packet).and_return(nil)
+      server_client.instance_eval { @state = :negotiate }
+      server_client.run
+    end
+
+    it 'calls #handle_session_setup when the state is session_setup' do
+      expect(server_client).to receive(:handle_session_setup).with(packet).and_return(nil)
+      server_client.instance_eval { @state = :session_setup }
+      server_client.run
+    end
+
+    it 'calls #authenticated when the state is authenticated' do
+      expect(server_client).to receive(:handle_authenticated).with(packet).and_return(nil)
+      server_client.instance_eval { @state = :authenticated }
+      server_client.run
+    end
+  end
+
+  describe '#send_packet' do
+    let(:packet) { RubySMB::GenericPacket.new }
+
+    before(:each) do
+      expect(dispatcher).to receive(:send_packet).with(packet).and_return(nil)
+    end
+
+    it 'sends a packet to the dispatcher' do
+      server_client.send_packet(packet)
+    end
+
+    %w{ 0x0202 0x0210 0x0300 0x0302 0x0311 }.each do |dialect|
+      context "when the dialect is #{dialect}" do
+        before(:each) do
+          server_client.instance_eval { @dialect = dialect }
+        end
+
+        context 'and the state is authenticated' do
+          before(:each) do
+            server_client.instance_eval { @state = :authenticated }
+          end
+
+          context 'and the identity is anonymous' do
+            before(:each) do
+              server_client.instance_eval { @identity = RubySMB::Gss::Provider::IDENTITY_ANONYMOUS }
+            end
+
+            it 'does not sign packets' do
+              expect(server_client).to_not receive(:smb2_sign)
+              expect(server_client).to_not receive(:smb3_sign)
+              server_client.send_packet(packet)
+            end
+          end
+
+          context 'and the identity is not anonymous' do
+            before(:each) do
+              server_client.instance_eval { @identity = 'WORKGROUP\RubySMB'; @session_key = Random.new.bytes(16) }
+            end
+
+            it 'does sign packets' do
+              packet = RubySMB::GenericPacket.new
+              dialect_family = RubySMB::Dialect[dialect].family
+              if dialect_family == RubySMB::Dialect::FAMILY_SMB2
+                expect(server_client).to receive(:smb2_sign).with(packet).and_return(packet)
+                expect(server_client).to_not receive(:smb3_sign)
+              elsif dialect_family == RubySMB::Dialect::FAMILY_SMB3
+                expect(server_client).to receive(:smb3_sign).with(packet).and_return(packet)
+                expect(server_client).to_not receive(:smb2_sign)
+              end
+              server_client.send_packet(packet)
+            end
+          end
+        end
+      end
+    end
+  end
+
+  describe '#update_preauth_hash' do
+    it 'raises an EncryptionError exception if the preauth integrity hash algorithm is not known' do
+      expect { server_client.update_preauth_hash('Test') }.to raise_error(
+        RubySMB::Error::EncryptionError,
+        'Cannot compute the Preauth Integrity Hash value: Preauth Integrity Hash Algorithm is nil'
+      )
+    end
+  end
+end

data/spec/lib/ruby_smb/server_spec.rb

@@ -0,0 +1,32 @@
+RSpec.describe RubySMB::Server do
+  before(:each) do
+    allow(::TCPServer).to receive(:new).and_return(::TCPServer.new(0))
+  end
+
+  it { is_expected.to respond_to :dialects }
+  it { is_expected.to respond_to :gss_provider }
+  it { is_expected.to respond_to :guid }
+
+  describe '#initialize' do
+    it 'should bind to TCP port 445 by default' do
+      expect(::TCPServer).to receive(:new).with(445).and_return(::TCPServer.new(0))
+      described_class.new
+    end
+
+    it 'should create a new NTLM GSS provider by default' do
+      expect(RubySMB::Gss::Provider::NTLM).to receive(:new).and_call_original
+      described_class.new
+    end
+
+    it 'should generate a random 16-byte GUID' do
+      server_guid = described_class.new.guid
+      expect(server_guid).to be_a String
+      expect(server_guid.length).to eq 16
+      expect(server_guid).to_not eq described_class.new.guid
+    end
+
+    it 'should support some dialects' do
+      expect(described_class.new.dialects).to_not be_empty
+    end
+  end
+end

data/spec/lib/ruby_smb/smb1/pipe_spec.rb

@@ -140,45 +140,26 @@ RSpec.describe RubySMB::SMB1::Pipe do
       expect(pipe.size_on_disk).to eq(nt_create_andx_response.parameter_block.allocation_size)
     end
 
-    context 'with \'srvsvc\' filename' do
-      it 'extends Srvsvc class' do
-        pipe = described_class.new(tree: tree, response: nt_create_andx_response, name: 'srvsvc')
-        expect(pipe.respond_to?(:net_share_enum_all)).to be true
-      end
-    end
-
-    context 'with \'\\srvsvc\' filename' do
-      it 'extends Srvsvc class' do
-        pipe = described_class.new(tree: tree, response: nt_create_andx_response, name: '\\srvsvc')
-        expect(pipe.respond_to?(:net_share_enum_all)).to be true
-      end
-    end
-
-    context 'with \'winreg\' filename' do
-      it 'extends Winreg class' do
-        pipe = described_class.new(tree: tree, response: nt_create_andx_response, name: 'winreg')
-        expect(pipe.respond_to?(:has_registry_key?)).to be true
-      end
-    end
-
-    context 'with \'\\winreg\' filename' do
-      it 'extends Winreg class' do
-        pipe = described_class.new(tree: tree, response: nt_create_andx_response, name: '\\winreg')
-        expect(pipe.respond_to?(:has_registry_key?)).to be true
-      end
-    end
-
-    context 'with \'svcctl\' filename' do
-      it 'extends svcctl class' do
-        pipe = described_class.new(tree: tree, response: nt_create_andx_response, name: 'svcctl')
-        expect(pipe.respond_to?(:query_service_config)).to be true
+    {
+      netlogon: RubySMB::Dcerpc::Netlogon,
+      srvsvc: RubySMB::Dcerpc::Srvsvc,
+      svcctl: RubySMB::Dcerpc::Svcctl,
+      winreg: RubySMB::Dcerpc::Winreg,
+      samr: RubySMB::Dcerpc::Samr,
+      wkssvc: RubySMB::Dcerpc::Wkssvc
+    }.each do |endpoint, klass|
+      context "with \'#{endpoint}\' filename" do
+        it "extends #{klass} class" do
+          pipe = described_class.new(tree: tree, response: nt_create_andx_response, name: endpoint.to_s)
+          expect(pipe).to be_a klass
+        end
       end
-    end
 
-    context 'with \'\\svcctl\' filename' do
-      it 'extends svcctl class' do
-        pipe = described_class.new(tree: tree, response: nt_create_andx_response, name: '\\svcctl')
-        expect(pipe.respond_to?(:query_service_config)).to be true
+      context "with \'\\#{endpoint}\' filename" do
+        it "extends #{klass} class" do
+          pipe = described_class.new(tree: tree, response: nt_create_andx_response, name: "\\#{endpoint.to_s}")
+          expect(pipe).to be_a klass
+        end
       end
     end
   end

data/spec/lib/ruby_smb/smb1/tree_spec.rb

@@ -501,16 +501,16 @@ RSpec.describe RubySMB::SMB1::Tree do
     it 'calls #open_file with the provided options' do
       opts[:filename] ='\\test'
       expect(tree).to receive(:open_file).with(opts)
-      tree.open_pipe(opts)
+      tree.open_pipe(**opts)
     end
 
     it 'prepends the filename with \\ if needed' do
-      expect(tree).to receive(:open_file).with( { filename: '\\test', write: true } )
-      tree.open_pipe(opts)
+      expect(tree).to receive(:open_file).with(filename: '\\test', write: true)
+      tree.open_pipe(**opts)
     end
 
     it 'does not modify the original option hash' do
-      tree.open_pipe(opts)
+      tree.open_pipe(**opts)
       expect(opts).to eq( { filename: 'test', write: true } )
     end
   end

data/spec/lib/ruby_smb/smb2/negotiate_context_spec.rb

@@ -162,7 +162,7 @@ RSpec.describe RubySMB::SMB2::CompressionCapabilities do
   end
 end
 
-RSpec.describe RubySMB::SMB2::NetnameNegotiateContextId  do
+RSpec.describe RubySMB::SMB2::NetnameNegotiateContextId do
   subject(:capability) { described_class.new }
 
   it { is_expected.to respond_to :net_name }
@@ -173,7 +173,7 @@ RSpec.describe RubySMB::SMB2::NetnameNegotiateContextId  do
 
   describe '#net_name' do
     it 'is a unicode string' do
-      expect(capability.net_name).to be_a RubySMB::Field::Stringz16
+      expect(capability.net_name).to be_a RubySMB::Field::String16
     end
   end
 

data/spec/lib/ruby_smb/smb2/pipe_spec.rb

@@ -146,24 +146,26 @@ RSpec.describe RubySMB::SMB2::Pipe do
       expect(pipe.size_on_disk).to eq(create_response.allocation_size)
     end
 
-    context 'with \'srvsvc\' filename' do
-      it 'extends Srvsvc class' do
-        pipe = described_class.new(tree: tree, response: create_response, name: 'srvsvc')
-        expect(pipe.respond_to?(:net_share_enum_all)).to be true
-      end
-    end
-
-    context 'with \'winreg\' filename' do
-      it 'extends Winreg class' do
-        pipe = described_class.new(tree: tree, response: create_response, name: 'winreg')
-        expect(pipe.respond_to?(:has_registry_key?)).to be true
+    {
+      netlogon: RubySMB::Dcerpc::Netlogon,
+      srvsvc: RubySMB::Dcerpc::Srvsvc,
+      svcctl: RubySMB::Dcerpc::Svcctl,
+      winreg: RubySMB::Dcerpc::Winreg,
+      samr: RubySMB::Dcerpc::Samr,
+      wkssvc: RubySMB::Dcerpc::Wkssvc
+    }.each do |endpoint, klass|
+      context "with \'#{endpoint}\' filename" do
+        it "extends #{klass} class" do
+          pipe = described_class.new(tree: tree, response: create_response, name: endpoint.to_s)
+          expect(pipe).to be_a klass
+        end
       end
-    end
 
-    context 'with \'svcctl\' filename' do
-      it 'extends svcctl class' do
-        pipe = described_class.new(tree: tree, response: create_response, name: 'svcctl')
-        expect(pipe.respond_to?(:query_service_config)).to be true
+      context "with \'\\#{endpoint}\' filename" do
+        it "extends #{klass} class" do
+          pipe = described_class.new(tree: tree, response: create_response, name: "\\#{endpoint.to_s}")
+          expect(pipe).to be_a klass
+        end
       end
     end
   end

data/spec/lib/ruby_smb/smb2/tree_spec.rb

@@ -540,17 +540,17 @@ RSpec.describe RubySMB::SMB2::Tree do
 
     it 'calls #open_file with the provided options' do
       opts[:filename] ='test'
-      expect(tree).to receive(:open_file).with(opts)
-      tree.open_pipe(opts)
+      expect(tree).to receive(:open_file).with(**opts)
+      tree.open_pipe(**opts)
     end
 
     it 'remove the leading \\ from the filename if needed' do
-      expect(tree).to receive(:open_file).with( { filename: 'test', write: true } )
-      tree.open_pipe(opts)
+      expect(tree).to receive(:open_file).with(filename: 'test', write: true)
+      tree.open_pipe(**opts)
     end
 
     it 'does not modify the original option hash' do
-      tree.open_pipe(opts)
+      tree.open_pipe(**opts)
       expect(opts).to eq( { filename: '\\test', write: true } )
     end
   end

data/spec/support/bin_helper.rb

@@ -0,0 +1,9 @@
+class String
+  def hexlify
+    self.b.bytes.map {|c| "%02x" % c.ord}.join
+  end
+
+  def unhexlify
+    self.chars.each_slice(2).map {|c| c.join.to_i(16).chr}.join
+  end
+end

data.tar.gz.sig

@@ -1 +1,2 @@
-v�����򊩟l�Ek�~����HQ��H����XK��`�[����ȆN�p�@�ڎ�jϑ*����
+��B����:��8i��Jis��\���x:�����1��~vk4ܧ�8H�j(�S��M� �����O��iísF�.�i����9qhK-��|.k*�����HdP���W?z��v���M_qk-Ic�����(w�<J����K�|��ۺ��M�v�<�1�o�ZSR_(���R�������0�n��5‰�	�E�l,:\�9�{���6����5�����*sa%U�D�\S7hōu�nx���歒ӛ�6
+:�q�k