ruby_smb 3.0.0 → 3.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fb07e11fb5720a38ab9c1c1ba57b47ff291c048bb4b0ca404aad9c4bf05273d8
-  data.tar.gz: bd0512b6e64200103ea611d5bc0616dc939beaf5a10cd15f2219ffcd1ee131e6
+  metadata.gz: a5143b8e8c62f4e51a00da4db3379ee8060a6f650bc91c0b5476f7587df3a513
+  data.tar.gz: 5005cf21af243f8925ddd7fc221b39589ec036df3b57a03af8e26a29cf8bf03a
 SHA512:
-  metadata.gz: c12456264fc7eb9fe49b8a62e083e01adf62521ffb39c5a0748904800cd6e2c99d594c259043dcdf4d967edbb52ccaa0fed0255125d8f85df803156e344aa0c1
-  data.tar.gz: 17781d318b042e2b0a76af4fc11b1430f42a224bd775696a882a19009303efe02f2b9285477475d10db8dd29272894ad87312281f125ce76382966ec6806941e
+  metadata.gz: a69b666d6a0199e0efa5df505ef03c312a9701cec10cc0774b4bed4e006c2c63ff461c1a0472060191dea0737ed483229bd7e78057f950d40c81fa02a5754683
+  data.tar.gz: cb87a7b4cef92975dac1ddc4e9edc72e170b6066a30f2cd9c321ef0f3e25557eae862dd2fe46b147a1ecd8c192ee81782f024858625e0a064c9ab9156084b715

data/examples/anonymous_auth.rb

@@ -4,14 +4,15 @@
 # including protocol negotiation and authentication.
 
 require 'bundler/setup'
+require 'optparse'
 require 'ruby_smb'
 
-def run_authentication(address, smb1, smb2, smb3, username, password)
+def run_authentication(address, smb1, smb2, smb3)
   # Create our socket and add it to the dispatcher
   sock = TCPSocket.new address, 445
   dispatcher = RubySMB::Dispatcher::Socket.new(sock)
 
-  client = RubySMB::Client.new(dispatcher, smb1: smb1, smb2: smb2, smb3: smb3, username: username, password: password)
+  client = RubySMB::Client.new(dispatcher, smb1: smb1, smb2: smb2, smb3: smb3, username: '', password: '')
   protocol = client.negotiate
   status = client.authenticate
   puts "#{protocol} : #{status}"
@@ -22,9 +23,31 @@ def run_authentication(address, smb1, smb2, smb3, username, password)
   end
 end
 
-address  = ARGV[0]
-username = ''
-password = ''
+args = ARGV.dup
+options = {
+  smbv1: true,
+  smbv2: true,
+  smbv3: true,
+  target: nil
+}
+options[:target ] = args.pop
+optparser = OptionParser.new do |opts|
+  opts.banner = "Usage: #{File.basename(__FILE__)} [options] target"
+  opts.on("--[no-]smbv1", "Enable or disable SMBv1 (default: #{options[:smbv1] ? 'Enabled' : 'Disabled'})") do |smbv1|
+    options[:smbv1] = smbv1
+  end
+  opts.on("--[no-]smbv2", "Enable or disable SMBv2 (default: #{options[:smbv2] ? 'Enabled' : 'Disabled'})") do |smbv2|
+    options[:smbv2] = smbv2
+  end
+  opts.on("--[no-]smbv3", "Enable or disable SMBv3 (default: #{options[:smbv3] ? 'Enabled' : 'Disabled'})") do |smbv3|
+    options[:smbv3] = smbv3
+  end
+end
+optparser.parse!(args)
+
+if options[:target].nil?
+  abort(optparser.help)
+end
 
 # Negotiate with only SMB1 enabled
-run_authentication(address, true, false, false, username, password)
+run_authentication(options[:target], options[:smbv1], options[:smbv2], options[:smbv3])

data/examples/auth_capture.rb

@@ -1,12 +1,31 @@
 #!/usr/bin/ruby
 
 require 'bundler/setup'
+require 'optparse'
 require 'ruby_smb'
 require 'ruby_smb/gss/provider/ntlm'
 
 # we just need *a* default encoding to handle the strings from the NTLM messages
 Encoding.default_internal = 'UTF-8' if Encoding.default_internal.nil?
 
+options = {
+  smbv1: true,
+  smbv2: true,
+  smbv3: true
+}
+OptionParser.new do |opts|
+  opts.banner = "Usage: #{File.basename(__FILE__)} [options]"
+  opts.on("--[no-]smbv1", "Enable or disable SMBv1 (default: #{options[:smbv1] ? 'Enabled' : 'Disabled'})") do |smbv1|
+    options[:smbv1] = smbv1
+  end
+  opts.on("--[no-]smbv2", "Enable or disable SMBv2 (default: #{options[:smbv2] ? 'Enabled' : 'Disabled'})") do |smbv2|
+    options[:smbv2] = smbv2
+  end
+  opts.on("--[no-]smbv3", "Enable or disable SMBv3 (default: #{options[:smbv3] ? 'Enabled' : 'Disabled'})") do |smbv3|
+    options[:smbv3] = smbv3
+  end
+end.parse!
+
 def bin_to_hex(s)
   s.each_byte.map { |b| b.to_s(16).rjust(2, '0') }.join
 end
@@ -63,6 +82,15 @@ end
 server = RubySMB::Server.new(
   gss_provider: HaxorNTLMProvider.new
 )
+server.dialects.select! { |dialect| RubySMB::Dialect[dialect].family != RubySMB::Dialect::FAMILY_SMB1 } unless options[:smbv1]
+server.dialects.select! { |dialect| RubySMB::Dialect[dialect].family != RubySMB::Dialect::FAMILY_SMB2 } unless options[:smbv2]
+server.dialects.select! { |dialect| RubySMB::Dialect[dialect].family != RubySMB::Dialect::FAMILY_SMB3 } unless options[:smbv3]
+
+if server.dialects.empty?
+  puts "at least one version must be enabled"
+  exit false
+end
+
 puts "server is running"
 server.run do
   puts "received connection"

data/examples/file_server.rb

@@ -0,0 +1,76 @@
+#!/usr/bin/ruby
+
+require 'bundler/setup'
+require 'optparse'
+require 'ruby_smb'
+require 'ruby_smb/gss/provider/ntlm'
+
+# we just need *a* default encoding to handle the strings from the NTLM messages
+Encoding.default_internal = 'UTF-8' if Encoding.default_internal.nil?
+
+options = {
+  allow_anonymous: true,
+  domain: nil,
+  username: 'RubySMB',
+  password: 'password',
+  share_name: 'home',
+  share_path: '.',
+  smbv1: true,
+  smbv2: true,
+  smbv3: true
+}
+OptionParser.new do |opts|
+  opts.banner = "Usage: #{File.basename(__FILE__)} [options]"
+  opts.on("--path PATH", "The path to share (default: #{options[:share_path]})") do |path|
+    options[:share_path] = path
+  end
+  opts.on("--share SHARE", "The share name (default: #{options[:share_name]})") do |share|
+    options[:share_name] = share
+  end
+  opts.on("--[no-]anonymous", "Allow anonymous access (default: #{options[:allow_anonymous]})") do |allow_anonymous|
+    options[:allow_anonymous] = allow_anonymous
+  end
+  opts.on("--[no-]smbv1", "Enable or disable SMBv1 (default: #{options[:smbv1] ? 'Enabled' : 'Disabled'})") do |smbv1|
+    options[:smbv1] = smbv1
+  end
+  opts.on("--[no-]smbv2", "Enable or disable SMBv2 (default: #{options[:smbv2] ? 'Enabled' : 'Disabled'})") do |smbv2|
+    options[:smbv2] = smbv2
+  end
+  opts.on("--[no-]smbv3", "Enable or disable SMBv3 (default: #{options[:smbv3] ? 'Enabled' : 'Disabled'})") do |smbv3|
+    options[:smbv3] = smbv3
+  end
+  opts.on("--username USERNAME", "The account's username (default: #{options[:username]})") do |username|
+    if username.include?('\\')
+      options[:domain], options[:username] = username.split('\\', 2)
+    else
+      options[:username] = username
+    end
+  end
+  opts.on("--password PASSWORD", "The account's password (default: #{options[:password]})") do |password|
+    options[:password] = password
+  end
+end.parse!
+
+ntlm_provider = RubySMB::Gss::Provider::NTLM.new(allow_anonymous: options[:allow_anonymous])
+ntlm_provider.put_account(options[:username], options[:password], domain: options[:domain])  # password can also be an NTLM hash
+
+server = RubySMB::Server.new(
+  gss_provider: ntlm_provider,
+  logger: :stdout
+)
+server.dialects.select! { |dialect| RubySMB::Dialect[dialect].family != RubySMB::Dialect::FAMILY_SMB1 } unless options[:smbv1]
+server.dialects.select! { |dialect| RubySMB::Dialect[dialect].family != RubySMB::Dialect::FAMILY_SMB2 } unless options[:smbv2]
+server.dialects.select! { |dialect| RubySMB::Dialect[dialect].family != RubySMB::Dialect::FAMILY_SMB3 } unless options[:smbv3]
+
+if server.dialects.empty?
+  puts "at least one version must be enabled"
+  exit false
+end
+
+server.add_share(RubySMB::Server::Share::Provider::Disk.new(options[:share_name], options[:share_path]))
+puts "server is running"
+server.run do
+  puts "received connection"
+  true
+end
+

data/examples/read_file.rb

@@ -7,34 +7,75 @@
 # and read the file short.txt
 
 require 'bundler/setup'
+require 'optparse'
 require 'ruby_smb'
 
-address      = ARGV[0]
-username     = ARGV[1]
-password     = ARGV[2]
-share        = ARGV[3]
-file         = ARGV[4]
-smb_versions = ARGV[5]&.split(',') || ['1','2','3']
+args = ARGV.dup
+options = {
+  domain: '.',
+  username: '',
+  password: '',
+  share: nil,
+  smbv1: true,
+  smbv2: true,
+  smbv3: true,
+  target: nil
+}
+options[:file] = args.pop
+options[:share] = args.pop
+options[:target ] = args.pop
+optparser = OptionParser.new do |opts|
+  opts.banner = "Usage: #{File.basename(__FILE__)} [options] target share file"
+  opts.on("--[no-]smbv1", "Enable or disable SMBv1 (default: #{options[:smbv1] ? 'Enabled' : 'Disabled'})") do |smbv1|
+    options[:smbv1] = smbv1
+  end
+  opts.on("--[no-]smbv2", "Enable or disable SMBv2 (default: #{options[:smbv2] ? 'Enabled' : 'Disabled'})") do |smbv2|
+    options[:smbv2] = smbv2
+  end
+  opts.on("--[no-]smbv3", "Enable or disable SMBv3 (default: #{options[:smbv3] ? 'Enabled' : 'Disabled'})") do |smbv3|
+    options[:smbv3] = smbv3
+  end
+  opts.on("--username USERNAME", "The account's username (default: #{options[:username]})") do |username|
+    if username.include?('\\')
+      options[:domain], options[:username] = username.split('\\', 2)
+    else
+      options[:username] = username
+    end
+  end
+  opts.on("--password PASSWORD", "The account's password (default: #{options[:password]})") do |password|
+    options[:password] = password
+  end
+end
+optparser.parse!(args)
+
+if options[:target].nil? || options[:share].nil? || options[:file].nil?
+  abort(optparser.help)
+end
 
-path     = "\\\\#{address}\\#{share}"
+path     = "\\\\#{options[:target]}\\#{options[:share]}"
 
-sock = TCPSocket.new address, 445
+sock = TCPSocket.new options[:target], 445
 dispatcher = RubySMB::Dispatcher::Socket.new(sock)
 
-client = RubySMB::Client.new(dispatcher, smb1: smb_versions.include?('1'), smb2: smb_versions.include?('2'), smb3: smb_versions.include?('3'), username: username, password: password)
+client = RubySMB::Client.new(dispatcher, smb1: options[:smbv1], smb2: options[:smbv2], smb3: options[:smbv3], username: options[:username], password: options[:password], domain: options[:domain])
 protocol = client.negotiate
 status = client.authenticate
 
 puts "#{protocol} : #{status}"
+unless status == WindowsError::NTStatus::STATUS_SUCCESS
+  puts 'Authentication failed!'
+  exit(1)
+end
 
 begin
   tree = client.tree_connect(path)
   puts "Connected to #{path} successfully!"
 rescue StandardError => e
   puts "Failed to connect to #{path}: #{e.message}"
+  exit(1)
 end
 
-file = tree.open_file(filename: file)
+file = tree.open_file(filename: options[:file])
 
 data = file.read
 puts data

data/examples/tree_connect.rb

@@ -6,24 +6,64 @@
 # This will try to connect to \\192.168.172.138\TEST_SHARE with the msfadmin:msfadmin credentials
 
 require 'bundler/setup'
+require 'optparse'
 require 'ruby_smb'
 
-address      = ARGV[0]
-username     = ARGV[1]
-password     = ARGV[2]
-share        = ARGV[3]
-smb_versions = ARGV[4]&.split(',') || ['1','2','3']
+args = ARGV.dup
+options = {
+  domain: '.',
+  username: '',
+  password: '',
+  share: nil,
+  smbv1: true,
+  smbv2: true,
+  smbv3: true,
+  target: nil
+}
+options[:share] = args.pop
+options[:target ] = args.pop
+optparser = OptionParser.new do |opts|
+  opts.banner = "Usage: #{File.basename(__FILE__)} [options] target share"
+  opts.on("--[no-]smbv1", "Enable or disable SMBv1 (default: #{options[:smbv1] ? 'Enabled' : 'Disabled'})") do |smbv1|
+    options[:smbv1] = smbv1
+  end
+  opts.on("--[no-]smbv2", "Enable or disable SMBv2 (default: #{options[:smbv2] ? 'Enabled' : 'Disabled'})") do |smbv2|
+    options[:smbv2] = smbv2
+  end
+  opts.on("--[no-]smbv3", "Enable or disable SMBv3 (default: #{options[:smbv3] ? 'Enabled' : 'Disabled'})") do |smbv3|
+    options[:smbv3] = smbv3
+  end
+  opts.on("--username USERNAME", "The account's username (default: #{options[:username]})") do |username|
+    if username.include?('\\')
+      options[:domain], options[:username] = username.split('\\', 2)
+    else
+      options[:username] = username
+    end
+  end
+  opts.on("--password PASSWORD", "The account's password (default: #{options[:password]})") do |password|
+    options[:password] = password
+  end
+end
+optparser.parse!(args)
+
+if options[:target].nil? || options[:share].nil?
+  abort(optparser.help)
+end
 
-path     = "\\\\#{address}\\#{share}"
+path = "\\\\#{options[:target]}\\#{options[:share]}"
 
-sock = TCPSocket.new address, 445
+sock = TCPSocket.new options[:target], 445
 dispatcher = RubySMB::Dispatcher::Socket.new(sock)
 
-client = RubySMB::Client.new(dispatcher, smb1: smb_versions.include?('1'), smb2: smb_versions.include?('2'), smb3: smb_versions.include?('3'), username: username, password: password)
+client = RubySMB::Client.new(dispatcher, smb1: options[:smbv1], smb2: options[:smbv2], smb3: options[:smbv3], username: options[:username], password: options[:password], domain: options[:domain])
 protocol = client.negotiate
 status = client.authenticate
 
 puts "#{protocol} : #{status}"
+unless status == WindowsError::NTStatus::STATUS_SUCCESS
+  puts 'Authentication failed!'
+  exit(1)
+end
 
 begin
   tree = client.tree_connect(path)
@@ -31,4 +71,5 @@ begin
   tree.disconnect!
 rescue StandardError => e
   puts "Failed to connect to #{path}: #{e.message}"
+  exit(1)
 end

data/lib/ruby_smb/client/authentication.rb

@@ -212,9 +212,17 @@ module RubySMB
 
         raw = smb2_ntlmssp_authenticate(type3_message, @session_id)
         response = smb2_ntlmssp_final_packet(raw)
-
-        if @smb3 && !@session_encrypt_data && response.session_flags.encrypt_data == 1
-          @session_encrypt_data = true
+        @session_is_guest = response.session_flags.guest == 1
+
+        if @smb3
+          if response.session_flags.encrypt_data == 1
+            # if the server indicates that encryption is required, enable it
+            @session_encrypt_data = true
+          elsif (@session_is_guest && password != '') || (username == '' && password == '')
+            # disable encryption when necessary
+            @session_encrypt_data = false
+          end
+          # otherwise, leave encryption to the default value that it was initialized to
         end
         ######
         # DEBUG

data/lib/ruby_smb/client.rb

@@ -129,6 +129,11 @@ module RubySMB
     #   @return [Integer]
     attr_accessor :session_id
 
+    # Whether or not the current session has the guest flag set
+    # @!attribute [rw] session_is_guest
+    #   @return [Boolean]
+    attr_accessor :session_is_guest
+
     # Whether or not the Server requires signing
     # @!attribute [rw] signing_enabled
     #   @return [Boolean]
@@ -292,6 +297,7 @@ module RubySMB
       @sequence_counter  = 0
       @session_id        = 0x00
       @session_key       = ''
+      @session_is_guest  = false
       @signing_required  = false
       @smb1              = smb1
       @smb2              = smb2
@@ -306,6 +312,8 @@ module RubySMB
       @server_supports_multi_credit = false
 
       # SMB 3.x options
+      # this merely initializes the default value for session encryption, it may be changed as necessary when a
+      # session setup response is received
       @session_encrypt_data = always_encrypt
 
       @ntlm_client = Net::NTLM::Client.new(
@@ -444,8 +452,13 @@ module RubySMB
         unless packet.is_a?(RubySMB::SMB2::Packet::SessionSetupRequest) || session_key.empty?
           if self.smb2 && signing_required
             packet = smb2_sign(packet)
-          elsif self.smb3 && (signing_required || packet.is_a?(RubySMB::SMB2::Packet::TreeConnectRequest))
-            packet = smb3_sign(packet)
+          elsif self.smb3
+            # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/652e0c14-5014-4470-999d-b174d7b2da87
+            if @dialect == '0x0311' && (signing_required || (!@session_is_guest && packet.is_a?(RubySMB::SMB2::Packet::TreeConnectRequest)))
+              packet = smb3_sign(packet)
+            elsif signing_required
+              packet = smb3_sign(packet)
+            end
           end
         end
       else
@@ -589,6 +602,7 @@ module RubySMB
       self.session_id       = 0x00
       self.user_id          = 0x00
       self.session_key      = ''
+      self.session_is_guest = false
       self.sequence_counter = 0
       self.smb2_message_id  = 0
       self.client_encryption_key = nil

data/lib/ruby_smb/create_actions.rb

@@ -0,0 +1,21 @@
+module RubySMB
+  # This module holds the Create Actions used in NT_TRANSACT_CREATE,
+  # SMB_COM_NT_CREATE_ANDX, and SMB2_CREATE responses. The definitions for these
+  # values can be found at
+  # [2.2.7.1.2 Response](https://msdn.microsoft.com/en-us/library/ee441961.aspx)
+  # and
+  # [2.2.14 SMB2 CREATE Response](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/d166aa9e-0b53-410e-b35e-3933d8131927)
+  module CreateActions
+    # An existing file was deleted and a new file was created in its place.
+    FILE_SUPERSEDED = 0x00000000
+
+    # An existing file was opened.
+    FILE_OPENED = 0x00000001
+
+    # A new file was created.
+    FILE_CREATED = 0x00000002
+
+    # An existing file was overwritten.
+    FILE_OVERWRITTEN = 0x00000003
+  end
+end

data/lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_encrypt_file_srv_request.rb

@@ -0,0 +1,20 @@
+module RubySMB
+  module Dcerpc
+    module EncryptingFileSystem
+
+      # [3.1.4.2.5 EfsRpcEncryptFileSrv (Opnum 4)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/0d599976-758c-4dbd-ac8c-c9db2a922d76)
+      class EfsRpcEncryptFileSrvRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        ndr_conf_var_wide_stringz :file_name
+
+        def initialize_instance
+          super
+          @opnum = EFS_RPC_ENCRYPT_FILE_SRV
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_encrypt_file_srv_response.rb

@@ -0,0 +1,20 @@
+module RubySMB
+  module Dcerpc
+    module EncryptingFileSystem
+
+      # [3.1.4.2.5 EfsRpcEncryptFileSrv (Opnum 4)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/0d599976-758c-4dbd-ac8c-c9db2a922d76)
+      class EfsRpcEncryptFileSrvResponse < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        ndr_uint32         :error_status
+
+        def initialize_instance
+          super
+          @opnum = EFS_RPC_ENCRYPT_FILE_SRV
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_open_file_raw_request.rb

@@ -0,0 +1,21 @@
+module RubySMB
+  module Dcerpc
+    module EncryptingFileSystem
+
+      # [3.1.4.2.1 EfsRpcOpenFileRaw (Opnum 0)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/ccc4fb75-1c86-41d7-bbc4-b278ec13bfb8)
+      class EfsRpcOpenFileRawRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        ndr_conf_var_wide_stringz :file_name
+        ndr_uint32                :flags
+
+        def initialize_instance
+          super
+          @opnum = EFS_RPC_OPEN_FILE_RAW
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_open_file_raw_response.rb

@@ -0,0 +1,21 @@
+module RubySMB
+  module Dcerpc
+    module EncryptingFileSystem
+
+      # [3.1.4.2.1 EfsRpcOpenFileRaw (Opnum 0)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/ccc4fb75-1c86-41d7-bbc4-b278ec13bfb8)
+      class EfsRpcOpenFileRawResponse < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        ndr_context_handle :h_context
+        ndr_uint32         :error_status
+
+        def initialize_instance
+          super
+          @opnum = EFS_RPC_OPEN_FILE_RAW
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/encrypting_file_system.rb

@@ -0,0 +1,44 @@
+module RubySMB
+  module Dcerpc
+    module EncryptingFileSystem
+      # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/403c7ae0-1a3a-4e96-8efc-54e79a2cc451
+      UUID = EFSRPC_UUID = 'df1941c5-fe89-4e79-bf10-463657acf44d'.freeze
+      LSARPC_UUID = 'c681d488-d850-11d0-8c52-00c04fd90f7e'.freeze
+      VER_MAJOR = 1
+      VER_MINOR = 0
+
+      # Operation numbers
+      EFS_RPC_OPEN_FILE_RAW = 0
+      EFS_RPC_WRITE_FILE_RAW = 1
+      EFS_RPC_CLOSE_RAW = 3
+      EFS_RPC_ENCRYPT_FILE_SRV = 4
+      EFS_RPC_DECRYPT_FILE_SRV = 5
+      EFS_RPC_QUERY_USERS_ON_FILE = 6
+      EFS_RPC_QUERY_RECOVERY_AGENTS = 7
+      EFS_RPC_REMOVE_USERS_FROM_FILE = 8
+      EFS_RPC_ADD_USERS_TO_FILE = 9
+      EFS_RPC_NOT_SUPPORTED = 11
+      EFS_RPC_FILE_KEY_INFO = 12
+      EFS_RPC_DUPLICATE_ENCRYPTION_INFO_FILE = 13
+      EFS_RPC_ADD_USERS_TO_FILE_EX = 15
+      EFS_RPC_FILE_KEY_INFO_EX = 16
+      EFS_RPC_GET_ENCRYPTED_FILE_METADATA = 18
+      EFS_RPC_SET_ENCRYPTED_FILE_METADATA = 19
+      EFS_RPC_FLUSH_EFS_CACHE = 20
+      EFS_RPC_ENCRYPT_FILE_EX_SRV = 21
+      EFS_RPC_QUERY_PROTECTORS = 22
+
+      # EfsRpcOpenFileRaw flags,
+      # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/ccc4fb75-1c86-41d7-bbc4-b278ec13bfb8
+      CREATE_FOR_IMPORT = 0x00000001
+      CREATE_FOR_DIR = 0x00000002
+      OVERWRITE_HIDDEN = 0x00000004
+      EFS_DROP_ALTERNATE_STREAMS = 0x00000010
+
+      require 'ruby_smb/dcerpc/encrypting_file_system/efs_rpc_encrypt_file_srv_request'
+      require 'ruby_smb/dcerpc/encrypting_file_system/efs_rpc_encrypt_file_srv_response'
+      require 'ruby_smb/dcerpc/encrypting_file_system/efs_rpc_open_file_raw_request'
+      require 'ruby_smb/dcerpc/encrypting_file_system/efs_rpc_open_file_raw_response'
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/print_system/rpc_add_printer_driver_ex_request.rb

@@ -0,0 +1,22 @@
+module RubySMB
+  module Dcerpc
+    module PrintSystem
+
+      # [3.1.4.4.8 RpcAddPrinterDriverEx (Opnum 89)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rprn/b96cc497-59e5-4510-ab04-5484993b259b)
+      class RpcAddPrinterDriverExRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        ndr_wide_stringz_ptr :p_name
+        driver_container     :p_driver_container
+        ndr_uint32           :dw_file_copy_flags
+
+        def initialize_instance
+          super
+          @opnum = RPC_ADD_PRINTER_DRIVER_EX
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/print_system/rpc_add_printer_driver_ex_response.rb

@@ -0,0 +1,20 @@
+module RubySMB
+  module Dcerpc
+    module PrintSystem
+
+      # [3.1.4.4.8 RpcAddPrinterDriverEx (Opnum 89)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rprn/b96cc497-59e5-4510-ab04-5484993b259b)
+      class RpcAddPrinterDriverExResponse < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        def initialize_instance
+          super
+          @opnum = RPC_ADD_PRINTER_DRIVER_EX
+        end
+
+        ndr_uint32 :error_status
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/print_system/rpc_enum_printer_drivers_request.rb

@@ -0,0 +1,24 @@
+module RubySMB
+  module Dcerpc
+    module PrintSystem
+
+      # [3.1.4.4.2 RpcEnumPrinterDrivers (Opnum 10)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rprn/857d00ac-3682-4a0d-86ca-3d3c372e5e4a)
+      class RpcEnumPrinterDriversRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        def initialize_instance
+          super
+          @opnum = RPC_ENUM_PRINTER_DRIVERS
+        end
+
+        ndr_wide_stringz_ptr :p_name
+        ndr_wide_stringz_ptr :p_environment
+        ndr_uint32           :level
+        rprn_byte_array_ptr  :p_drivers
+        ndr_uint32           :cb_buf
+      end
+    end
+  end
+end