ruby_smb 3.0.2 → 3.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9a0b34939805bf96ca0b83284b946fc2d96c1e5d7b6e63c67c4d0c40b73d257d
-  data.tar.gz: f8c1e25526de8821ec484c820b32734e0cfcefce6e34de2a90b25ce876225e61
+  metadata.gz: e7ce1d9892eb5ccf2881dd78a8e1983926554f69de301560539e7d7da37061b0
+  data.tar.gz: '01692d97a27c63f470b7c2899ad9cfb2828c9e254f0747176a29555d462bbf1d'
 SHA512:
-  metadata.gz: b669ae3cdc6e7c875c92890ac15608ab45b8d223eb064756d340e046a5dd3b4273971ebdf8419a033ae87fc75af8f08d7e7ce5466186e2e531adada3efaedab4
-  data.tar.gz: 052ad0693a7f9ea8b3b767a58ecc710e37f2c9c0ef7c910b8c385b22b9a6eee678596a49de385cb0d0200964e620b171bd667a76b7b393f96a1ebded64e6f5b7
+  metadata.gz: 2fafe3f08b518b285b33832e0809c9b5f4687800457bec2c1945dd33f4c7109466926a5f55a537a3cdf9851f1c0c6b9979aa0f8d75f0004749f8bdd56ba26ab4
+  data.tar.gz: 070550512fe2ffadaecb97ea014e8fa5563b722b0184303c022f901bb60466991979673adf0dedfb411585b910e92d435308f7d900326ee6d8aa8ead5e1cdf0c

data/examples/anonymous_auth.rb

@@ -4,14 +4,15 @@
 # including protocol negotiation and authentication.
 
 require 'bundler/setup'
+require 'optparse'
 require 'ruby_smb'
 
-def run_authentication(address, smb1, smb2, smb3, username, password)
+def run_authentication(address, smb1, smb2, smb3)
   # Create our socket and add it to the dispatcher
   sock = TCPSocket.new address, 445
   dispatcher = RubySMB::Dispatcher::Socket.new(sock)
 
-  client = RubySMB::Client.new(dispatcher, smb1: smb1, smb2: smb2, smb3: smb3, username: username, password: password)
+  client = RubySMB::Client.new(dispatcher, smb1: smb1, smb2: smb2, smb3: smb3, username: '', password: '')
   protocol = client.negotiate
   status = client.authenticate
   puts "#{protocol} : #{status}"
@@ -22,9 +23,31 @@ def run_authentication(address, smb1, smb2, smb3, username, password)
   end
 end
 
-address  = ARGV[0]
-username = ''
-password = ''
+args = ARGV.dup
+options = {
+  smbv1: true,
+  smbv2: true,
+  smbv3: true,
+  target: nil
+}
+options[:target ] = args.pop
+optparser = OptionParser.new do |opts|
+  opts.banner = "Usage: #{File.basename(__FILE__)} [options] target"
+  opts.on("--[no-]smbv1", "Enable or disable SMBv1 (default: #{options[:smbv1] ? 'Enabled' : 'Disabled'})") do |smbv1|
+    options[:smbv1] = smbv1
+  end
+  opts.on("--[no-]smbv2", "Enable or disable SMBv2 (default: #{options[:smbv2] ? 'Enabled' : 'Disabled'})") do |smbv2|
+    options[:smbv2] = smbv2
+  end
+  opts.on("--[no-]smbv3", "Enable or disable SMBv3 (default: #{options[:smbv3] ? 'Enabled' : 'Disabled'})") do |smbv3|
+    options[:smbv3] = smbv3
+  end
+end
+optparser.parse!(args)
+
+if options[:target].nil?
+  abort(optparser.help)
+end
 
 # Negotiate with only SMB1 enabled
-run_authentication(address, true, false, false, username, password)
+run_authentication(options[:target], options[:smbv1], options[:smbv2], options[:smbv3])

data/examples/auth_capture.rb

@@ -15,13 +15,13 @@ options = {
 }
 OptionParser.new do |opts|
   opts.banner = "Usage: #{File.basename(__FILE__)} [options]"
-  opts.on("--[no-]smbv1", "Enabled or disable SMBv1 (default: #{options[:smbv1] ? 'Enabled' : 'Disabled'})") do |smbv1|
+  opts.on("--[no-]smbv1", "Enable or disable SMBv1 (default: #{options[:smbv1] ? 'Enabled' : 'Disabled'})") do |smbv1|
     options[:smbv1] = smbv1
   end
-  opts.on("--[no-]smbv2", "Enabled or disable SMBv2 (default: #{options[:smbv2] ? 'Enabled' : 'Disabled'})") do |smbv2|
+  opts.on("--[no-]smbv2", "Enable or disable SMBv2 (default: #{options[:smbv2] ? 'Enabled' : 'Disabled'})") do |smbv2|
     options[:smbv2] = smbv2
   end
-  opts.on("--[no-]smbv3", "Enabled or disable SMBv3 (default: #{options[:smbv3] ? 'Enabled' : 'Disabled'})") do |smbv3|
+  opts.on("--[no-]smbv3", "Enable or disable SMBv3 (default: #{options[:smbv3] ? 'Enabled' : 'Disabled'})") do |smbv3|
     options[:smbv3] = smbv3
   end
 end.parse!

data/examples/file_server.rb

@@ -30,13 +30,13 @@ OptionParser.new do |opts|
   opts.on("--[no-]anonymous", "Allow anonymous access (default: #{options[:allow_anonymous]})") do |allow_anonymous|
     options[:allow_anonymous] = allow_anonymous
   end
-  opts.on("--[no-]smbv1", "Enabled or disable SMBv1 (default: #{options[:smbv1] ? 'Enabled' : 'Disabled'})") do |smbv1|
+  opts.on("--[no-]smbv1", "Enable or disable SMBv1 (default: #{options[:smbv1] ? 'Enabled' : 'Disabled'})") do |smbv1|
     options[:smbv1] = smbv1
   end
-  opts.on("--[no-]smbv2", "Enabled or disable SMBv2 (default: #{options[:smbv2] ? 'Enabled' : 'Disabled'})") do |smbv2|
+  opts.on("--[no-]smbv2", "Enable or disable SMBv2 (default: #{options[:smbv2] ? 'Enabled' : 'Disabled'})") do |smbv2|
     options[:smbv2] = smbv2
   end
-  opts.on("--[no-]smbv3", "Enabled or disable SMBv3 (default: #{options[:smbv3] ? 'Enabled' : 'Disabled'})") do |smbv3|
+  opts.on("--[no-]smbv3", "Enable or disable SMBv3 (default: #{options[:smbv3] ? 'Enabled' : 'Disabled'})") do |smbv3|
     options[:smbv3] = smbv3
   end
   opts.on("--username USERNAME", "The account's username (default: #{options[:username]})") do |username|

data/examples/read_file.rb

@@ -7,34 +7,75 @@
 # and read the file short.txt
 
 require 'bundler/setup'
+require 'optparse'
 require 'ruby_smb'
 
-address      = ARGV[0]
-username     = ARGV[1]
-password     = ARGV[2]
-share        = ARGV[3]
-file         = ARGV[4]
-smb_versions = ARGV[5]&.split(',') || ['1','2','3']
+args = ARGV.dup
+options = {
+  domain: '.',
+  username: '',
+  password: '',
+  share: nil,
+  smbv1: true,
+  smbv2: true,
+  smbv3: true,
+  target: nil
+}
+options[:file] = args.pop
+options[:share] = args.pop
+options[:target ] = args.pop
+optparser = OptionParser.new do |opts|
+  opts.banner = "Usage: #{File.basename(__FILE__)} [options] target share file"
+  opts.on("--[no-]smbv1", "Enable or disable SMBv1 (default: #{options[:smbv1] ? 'Enabled' : 'Disabled'})") do |smbv1|
+    options[:smbv1] = smbv1
+  end
+  opts.on("--[no-]smbv2", "Enable or disable SMBv2 (default: #{options[:smbv2] ? 'Enabled' : 'Disabled'})") do |smbv2|
+    options[:smbv2] = smbv2
+  end
+  opts.on("--[no-]smbv3", "Enable or disable SMBv3 (default: #{options[:smbv3] ? 'Enabled' : 'Disabled'})") do |smbv3|
+    options[:smbv3] = smbv3
+  end
+  opts.on("--username USERNAME", "The account's username (default: #{options[:username]})") do |username|
+    if username.include?('\\')
+      options[:domain], options[:username] = username.split('\\', 2)
+    else
+      options[:username] = username
+    end
+  end
+  opts.on("--password PASSWORD", "The account's password (default: #{options[:password]})") do |password|
+    options[:password] = password
+  end
+end
+optparser.parse!(args)
+
+if options[:target].nil? || options[:share].nil? || options[:file].nil?
+  abort(optparser.help)
+end
 
-path     = "\\\\#{address}\\#{share}"
+path     = "\\\\#{options[:target]}\\#{options[:share]}"
 
-sock = TCPSocket.new address, 445
+sock = TCPSocket.new options[:target], 445
 dispatcher = RubySMB::Dispatcher::Socket.new(sock)
 
-client = RubySMB::Client.new(dispatcher, smb1: smb_versions.include?('1'), smb2: smb_versions.include?('2'), smb3: smb_versions.include?('3'), username: username, password: password)
+client = RubySMB::Client.new(dispatcher, smb1: options[:smbv1], smb2: options[:smbv2], smb3: options[:smbv3], username: options[:username], password: options[:password], domain: options[:domain])
 protocol = client.negotiate
 status = client.authenticate
 
 puts "#{protocol} : #{status}"
+unless status == WindowsError::NTStatus::STATUS_SUCCESS
+  puts 'Authentication failed!'
+  exit(1)
+end
 
 begin
   tree = client.tree_connect(path)
   puts "Connected to #{path} successfully!"
 rescue StandardError => e
   puts "Failed to connect to #{path}: #{e.message}"
+  exit(1)
 end
 
-file = tree.open_file(filename: file)
+file = tree.open_file(filename: options[:file])
 
 data = file.read
 puts data

data/examples/tree_connect.rb

@@ -6,24 +6,64 @@
 # This will try to connect to \\192.168.172.138\TEST_SHARE with the msfadmin:msfadmin credentials
 
 require 'bundler/setup'
+require 'optparse'
 require 'ruby_smb'
 
-address      = ARGV[0]
-username     = ARGV[1]
-password     = ARGV[2]
-share        = ARGV[3]
-smb_versions = ARGV[4]&.split(',') || ['1','2','3']
+args = ARGV.dup
+options = {
+  domain: '.',
+  username: '',
+  password: '',
+  share: nil,
+  smbv1: true,
+  smbv2: true,
+  smbv3: true,
+  target: nil
+}
+options[:share] = args.pop
+options[:target ] = args.pop
+optparser = OptionParser.new do |opts|
+  opts.banner = "Usage: #{File.basename(__FILE__)} [options] target share"
+  opts.on("--[no-]smbv1", "Enable or disable SMBv1 (default: #{options[:smbv1] ? 'Enabled' : 'Disabled'})") do |smbv1|
+    options[:smbv1] = smbv1
+  end
+  opts.on("--[no-]smbv2", "Enable or disable SMBv2 (default: #{options[:smbv2] ? 'Enabled' : 'Disabled'})") do |smbv2|
+    options[:smbv2] = smbv2
+  end
+  opts.on("--[no-]smbv3", "Enable or disable SMBv3 (default: #{options[:smbv3] ? 'Enabled' : 'Disabled'})") do |smbv3|
+    options[:smbv3] = smbv3
+  end
+  opts.on("--username USERNAME", "The account's username (default: #{options[:username]})") do |username|
+    if username.include?('\\')
+      options[:domain], options[:username] = username.split('\\', 2)
+    else
+      options[:username] = username
+    end
+  end
+  opts.on("--password PASSWORD", "The account's password (default: #{options[:password]})") do |password|
+    options[:password] = password
+  end
+end
+optparser.parse!(args)
+
+if options[:target].nil? || options[:share].nil?
+  abort(optparser.help)
+end
 
-path     = "\\\\#{address}\\#{share}"
+path = "\\\\#{options[:target]}\\#{options[:share]}"
 
-sock = TCPSocket.new address, 445
+sock = TCPSocket.new options[:target], 445
 dispatcher = RubySMB::Dispatcher::Socket.new(sock)
 
-client = RubySMB::Client.new(dispatcher, smb1: smb_versions.include?('1'), smb2: smb_versions.include?('2'), smb3: smb_versions.include?('3'), username: username, password: password)
+client = RubySMB::Client.new(dispatcher, smb1: options[:smbv1], smb2: options[:smbv2], smb3: options[:smbv3], username: options[:username], password: options[:password], domain: options[:domain])
 protocol = client.negotiate
 status = client.authenticate
 
 puts "#{protocol} : #{status}"
+unless status == WindowsError::NTStatus::STATUS_SUCCESS
+  puts 'Authentication failed!'
+  exit(1)
+end
 
 begin
   tree = client.tree_connect(path)
@@ -31,4 +71,5 @@ begin
   tree.disconnect!
 rescue StandardError => e
   puts "Failed to connect to #{path}: #{e.message}"
+  exit(1)
 end

data/lib/ruby_smb/client/authentication.rb

@@ -212,9 +212,17 @@ module RubySMB
 
         raw = smb2_ntlmssp_authenticate(type3_message, @session_id)
         response = smb2_ntlmssp_final_packet(raw)
-
-        if @smb3 && !@session_encrypt_data && response.session_flags.encrypt_data == 1
-          @session_encrypt_data = true
+        @session_is_guest = response.session_flags.guest == 1
+
+        if @smb3
+          if response.session_flags.encrypt_data == 1
+            # if the server indicates that encryption is required, enable it
+            @session_encrypt_data = true
+          elsif (@session_is_guest && password != '') || (username == '' && password == '')
+            # disable encryption when necessary
+            @session_encrypt_data = false
+          end
+          # otherwise, leave encryption to the default value that it was initialized to
         end
         ######
         # DEBUG

data/lib/ruby_smb/client.rb

@@ -292,6 +292,7 @@ module RubySMB
       @sequence_counter  = 0
       @session_id        = 0x00
       @session_key       = ''
+      @session_is_guest  = false
       @signing_required  = false
       @smb1              = smb1
       @smb2              = smb2
@@ -306,6 +307,8 @@ module RubySMB
       @server_supports_multi_credit = false
 
       # SMB 3.x options
+      # this merely initializes the default value for session encryption, it may be changed as necessary when a
+      # session setup response is received
       @session_encrypt_data = always_encrypt
 
       @ntlm_client = Net::NTLM::Client.new(
@@ -444,8 +447,13 @@ module RubySMB
         unless packet.is_a?(RubySMB::SMB2::Packet::SessionSetupRequest) || session_key.empty?
           if self.smb2 && signing_required
             packet = smb2_sign(packet)
-          elsif self.smb3 && (signing_required || packet.is_a?(RubySMB::SMB2::Packet::TreeConnectRequest))
-            packet = smb3_sign(packet)
+          elsif self.smb3
+            # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/652e0c14-5014-4470-999d-b174d7b2da87
+            if @dialect == '0x0311' && (signing_required || (!@session_is_guest && packet.is_a?(RubySMB::SMB2::Packet::TreeConnectRequest)))
+              packet = smb3_sign(packet)
+            elsif signing_required
+              packet = smb3_sign(packet)
+            end
           end
         end
       else
@@ -589,6 +597,7 @@ module RubySMB
       self.session_id       = 0x00
       self.user_id          = 0x00
       self.session_key      = ''
+      self.session_is_guest = false
       self.sequence_counter = 0
       self.smb2_message_id  = 0
       self.client_encryption_key = nil

data/lib/ruby_smb/smb1/tree.rb

@@ -59,8 +59,8 @@ module RubySMB
         # Make sure we don't modify the caller's hash options
         opts = opts.dup
         opts[:filename] = opts[:filename].dup
-        opts[:filename].prepend('\\') unless opts[:filename].start_with?('\\')
-        open_file(**opts)
+        opts[:filename].prepend('\\') unless opts[:filename].start_with?('\\'.encode(opts[:filename].encoding))
+        _open(**opts)
       end
 
       # Open a file on the remote share.
@@ -80,83 +80,12 @@ module RubySMB
       # @return [RubySMB::SMB1::File] handle to the created file
       # @raise [RubySMB::Error::InvalidPacket] if the response command is not SMB_COM_NT_CREATE_ANDX
       # @raise [RubySMB::Error::UnexpectedStatusCode] if the response NTStatus is not STATUS_SUCCESS
-      def open_file(filename:, flags: nil, options: nil, disposition: RubySMB::Dispositions::FILE_OPEN,
-                    impersonation: RubySMB::ImpersonationLevels::SEC_IMPERSONATE, read: true, write: false, delete: false)
-        nt_create_andx_request = RubySMB::SMB1::Packet::NtCreateAndxRequest.new
-        nt_create_andx_request = set_header_fields(nt_create_andx_request)
-
-        nt_create_andx_request.parameter_block.ext_file_attributes.normal = 1
-
-        if flags
-          nt_create_andx_request.parameter_block.flags = flags
-        else
-          nt_create_andx_request.parameter_block.flags.request_extended_response = 1
-        end
-
-        if options
-          nt_create_andx_request.parameter_block.create_options = options
-        else
-          nt_create_andx_request.parameter_block.create_options.directory_file     = 0
-          nt_create_andx_request.parameter_block.create_options.non_directory_file = 1
-        end
-
-        if read
-          nt_create_andx_request.parameter_block.share_access.share_read     = 1
-          nt_create_andx_request.parameter_block.desired_access.read_data    = 1
-          nt_create_andx_request.parameter_block.desired_access.read_ea      = 1
-          nt_create_andx_request.parameter_block.desired_access.read_attr    = 1
-          nt_create_andx_request.parameter_block.desired_access.read_control = 1
-        end
-
-        if write
-          nt_create_andx_request.parameter_block.share_access.share_write   = 1
-          nt_create_andx_request.parameter_block.desired_access.write_data  = 1
-          nt_create_andx_request.parameter_block.desired_access.append_data = 1
-          nt_create_andx_request.parameter_block.desired_access.write_ea    = 1
-          nt_create_andx_request.parameter_block.desired_access.write_attr  = 1
-        end
-
-        if delete
-          nt_create_andx_request.parameter_block.share_access.share_delete    = 1
-          nt_create_andx_request.parameter_block.desired_access.delete_access = 1
-        end
-
-        nt_create_andx_request.parameter_block.impersonation_level = impersonation
-        nt_create_andx_request.parameter_block.create_disposition  = disposition
-
-        unicode_enabled = nt_create_andx_request.smb_header.flags2.unicode == 1
-        nt_create_andx_request.data_block.file_name = add_null_termination(str: filename, unicode: unicode_enabled)
-
-        raw_response = @client.send_recv(nt_create_andx_request)
-        response = RubySMB::SMB1::Packet::NtCreateAndxResponse.read(raw_response)
-        unless response.valid?
-          if response.is_a?(RubySMB::SMB1::Packet::EmptyPacket) &&
-               response.smb_header.protocol == RubySMB::SMB1::SMB_PROTOCOL_ID &&
-               response.smb_header.command == response.original_command
-            raise RubySMB::Error::InvalidPacket.new(
-              'The response seems to be an SMB1 NtCreateAndxResponse but an '\
-              'error occurs while parsing it. It is probably missing the '\
-              'required extended information.'
-            )
-          end
-          raise RubySMB::Error::InvalidPacket.new(
-            expected_proto: RubySMB::SMB1::SMB_PROTOCOL_ID,
-            expected_cmd:   RubySMB::SMB1::Packet::NtCreateAndxResponse::COMMAND,
-            packet:         response
-          )
-        end
-        unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
-          raise RubySMB::Error::UnexpectedStatusCode, response.status_code
-        end
-
-        case response.parameter_block.resource_type
-        when RubySMB::SMB1::ResourceType::BYTE_MODE_PIPE, RubySMB::SMB1::ResourceType::MESSAGE_MODE_PIPE
-          RubySMB::SMB1::Pipe.new(name: filename, tree: self, response: response)
-        when RubySMB::SMB1::ResourceType::DISK
-          RubySMB::SMB1::File.new(name: filename, tree: self, response: response)
-        else
-          raise RubySMB::Error::RubySMBError
-        end
+      def open_file(opts)
+        # Make sure we don't modify the caller's hash options
+        opts = opts.dup
+        opts[:filename] = opts[:filename].dup
+        opts[:filename] = opts[:filename][1..-1] if opts[:filename].start_with?('\\'.encode(opts[:filename].encoding))
+        _open(**opts)
       end
 
       # List `directory` on the remote share.
@@ -264,6 +193,85 @@ module RubySMB
 
       private
 
+      def _open(filename:, flags: nil, options: nil, disposition: RubySMB::Dispositions::FILE_OPEN,
+                impersonation: RubySMB::ImpersonationLevels::SEC_IMPERSONATE, read: true, write: false, delete: false)
+        nt_create_andx_request = RubySMB::SMB1::Packet::NtCreateAndxRequest.new
+        nt_create_andx_request = set_header_fields(nt_create_andx_request)
+
+        nt_create_andx_request.parameter_block.ext_file_attributes.normal = 1
+
+        if flags
+          nt_create_andx_request.parameter_block.flags = flags
+        else
+          nt_create_andx_request.parameter_block.flags.request_extended_response = 1
+        end
+
+        if options
+          nt_create_andx_request.parameter_block.create_options = options
+        else
+          nt_create_andx_request.parameter_block.create_options.directory_file     = 0
+          nt_create_andx_request.parameter_block.create_options.non_directory_file = 1
+        end
+
+        if read
+          nt_create_andx_request.parameter_block.share_access.share_read     = 1
+          nt_create_andx_request.parameter_block.desired_access.read_data    = 1
+          nt_create_andx_request.parameter_block.desired_access.read_ea      = 1
+          nt_create_andx_request.parameter_block.desired_access.read_attr    = 1
+          nt_create_andx_request.parameter_block.desired_access.read_control = 1
+        end
+
+        if write
+          nt_create_andx_request.parameter_block.share_access.share_write   = 1
+          nt_create_andx_request.parameter_block.desired_access.write_data  = 1
+          nt_create_andx_request.parameter_block.desired_access.append_data = 1
+          nt_create_andx_request.parameter_block.desired_access.write_ea    = 1
+          nt_create_andx_request.parameter_block.desired_access.write_attr  = 1
+        end
+
+        if delete
+          nt_create_andx_request.parameter_block.share_access.share_delete    = 1
+          nt_create_andx_request.parameter_block.desired_access.delete_access = 1
+        end
+
+        nt_create_andx_request.parameter_block.impersonation_level = impersonation
+        nt_create_andx_request.parameter_block.create_disposition  = disposition
+
+        unicode_enabled = nt_create_andx_request.smb_header.flags2.unicode == 1
+        nt_create_andx_request.data_block.file_name = add_null_termination(str: filename, unicode: unicode_enabled)
+
+        raw_response = @client.send_recv(nt_create_andx_request)
+        response = RubySMB::SMB1::Packet::NtCreateAndxResponse.read(raw_response)
+        unless response.valid?
+          if response.is_a?(RubySMB::SMB1::Packet::EmptyPacket) &&
+               response.smb_header.protocol == RubySMB::SMB1::SMB_PROTOCOL_ID &&
+               response.smb_header.command == response.original_command
+            raise RubySMB::Error::InvalidPacket.new(
+              'The response seems to be an SMB1 NtCreateAndxResponse but an '\
+              'error occurs while parsing it. It is probably missing the '\
+              'required extended information.'
+            )
+          end
+          raise RubySMB::Error::InvalidPacket.new(
+            expected_proto: RubySMB::SMB1::SMB_PROTOCOL_ID,
+            expected_cmd:   RubySMB::SMB1::Packet::NtCreateAndxResponse::COMMAND,
+            packet:         response
+          )
+        end
+        unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
+          raise RubySMB::Error::UnexpectedStatusCode, response.status_code
+        end
+
+        case response.parameter_block.resource_type
+        when RubySMB::SMB1::ResourceType::BYTE_MODE_PIPE, RubySMB::SMB1::ResourceType::MESSAGE_MODE_PIPE
+          RubySMB::SMB1::Pipe.new(name: filename, tree: self, response: response)
+        when RubySMB::SMB1::ResourceType::DISK
+          RubySMB::SMB1::File.new(name: filename, tree: self, response: response)
+        else
+          raise RubySMB::Error::RubySMBError
+        end
+      end
+
       # Sets ParameterBlock options for FIND_FIRST2 and
       # FIND_NEXT2 requests. In particular we need to do this
       # to tell the server to ignore the Trans2DataBlock as we are

data/lib/ruby_smb/smb2/tree.rb

@@ -60,78 +60,16 @@ module RubySMB
         # Make sure we don't modify the caller's hash options
         opts = opts.dup
         opts[:filename] = opts[:filename].dup
-        opts[:filename] = opts[:filename][1..-1] if opts[:filename].start_with? '\\'
-        open_file(**opts)
+        opts[:filename] = opts[:filename][1..-1] if opts[:filename].start_with?('\\'.encode(opts[:filename].encoding))
+        _open(**opts)
       end
 
-      def open_file(filename:, attributes: nil, options: nil, disposition: RubySMB::Dispositions::FILE_OPEN,
-                    impersonation: RubySMB::ImpersonationLevels::SEC_IMPERSONATE, read: true, write: false, delete: false)
-
-        create_request = RubySMB::SMB2::Packet::CreateRequest.new
-        create_request = set_header_fields(create_request)
-
-        # If the user supplied file attributes, use those, otherwise set some
-        # sane defaults.
-        if attributes
-          create_request.file_attributes = attributes
-        else
-          create_request.file_attributes.directory  = 0
-          create_request.file_attributes.normal     = 1
-        end
-
-        # If the user supplied Create Options, use those, otherwise set some
-        # sane defaults.
-        if options
-          create_request.create_options = options
-        else
-          create_request.create_options.directory_file      = 0
-          create_request.create_options.non_directory_file  = 1
-        end
-
-        if read
-          create_request.share_access.read_access = 1
-          create_request.desired_access.read_data = 1
-        end
-
-        if write
-          create_request.share_access.write_access   = 1
-          create_request.desired_access.write_data   = 1
-          create_request.desired_access.append_data  = 1
-        end
-
-        if delete
-          create_request.share_access.delete_access   = 1
-          create_request.desired_access.delete_access = 1
-        end
-
-        create_request.requested_oplock     = 0xff
-        create_request.impersonation_level  = impersonation
-        create_request.create_disposition   = disposition
-        create_request.name                 = filename
-
-        raw_response  = client.send_recv(create_request, encrypt: @tree_connect_encrypt_data)
-        response      = RubySMB::SMB2::Packet::CreateResponse.read(raw_response)
-        unless response.valid?
-          raise RubySMB::Error::InvalidPacket.new(
-            expected_proto: RubySMB::SMB2::SMB2_PROTOCOL_ID,
-            expected_cmd:   RubySMB::SMB2::Packet::CreateResponse::COMMAND,
-            packet:         response
-          )
-        end
-        unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
-          raise RubySMB::Error::UnexpectedStatusCode, response.status_code
-        end
-
-        case @share_type
-        when RubySMB::SMB2::Packet::TreeConnectResponse::SMB2_SHARE_TYPE_DISK
-          RubySMB::SMB2::File.new(name: filename, tree: self, response: response, encrypt: @tree_connect_encrypt_data)
-        when RubySMB::SMB2::Packet::TreeConnectResponse::SMB2_SHARE_TYPE_PIPE
-          RubySMB::SMB2::Pipe.new(name: filename, tree: self, response: response)
-        # when RubySMB::SMB2::TreeConnectResponse::SMB2_SHARE_TYPE_PRINT
-        #   it's a printer!
-        else
-          raise RubySMB::Error::RubySMBError, 'Unsupported share type'
-        end
+      def open_file(opts)
+        # Make sure we don't modify the caller's hash options
+        opts = opts.dup
+        opts[:filename] = opts[:filename].dup
+        opts[:filename] = opts[:filename][1..-1] if opts[:filename].start_with?('\\'.encode(opts[:filename].encoding))
+        _open(**opts)
       end
 
       # List `directory` on the remote share.
@@ -270,6 +208,78 @@ module RubySMB
         request.smb2_header.credits = 256
         request
       end
+
+      private
+
+      def _open(filename:, attributes: nil, options: nil, disposition: RubySMB::Dispositions::FILE_OPEN,
+                    impersonation: RubySMB::ImpersonationLevels::SEC_IMPERSONATE, read: true, write: false, delete: false)
+
+        create_request = RubySMB::SMB2::Packet::CreateRequest.new
+        create_request = set_header_fields(create_request)
+
+        # If the user supplied file attributes, use those, otherwise set some
+        # sane defaults.
+        if attributes
+          create_request.file_attributes = attributes
+        else
+          create_request.file_attributes.directory  = 0
+          create_request.file_attributes.normal     = 1
+        end
+
+        # If the user supplied Create Options, use those, otherwise set some
+        # sane defaults.
+        if options
+          create_request.create_options = options
+        else
+          create_request.create_options.directory_file      = 0
+          create_request.create_options.non_directory_file  = 1
+        end
+
+        if read
+          create_request.share_access.read_access = 1
+          create_request.desired_access.read_data = 1
+        end
+
+        if write
+          create_request.share_access.write_access   = 1
+          create_request.desired_access.write_data   = 1
+          create_request.desired_access.append_data  = 1
+        end
+
+        if delete
+          create_request.share_access.delete_access   = 1
+          create_request.desired_access.delete_access = 1
+        end
+
+        create_request.requested_oplock     = 0xff
+        create_request.impersonation_level  = impersonation
+        create_request.create_disposition   = disposition
+        create_request.name                 = filename
+
+        raw_response  = client.send_recv(create_request, encrypt: @tree_connect_encrypt_data)
+        response      = RubySMB::SMB2::Packet::CreateResponse.read(raw_response)
+        unless response.valid?
+          raise RubySMB::Error::InvalidPacket.new(
+            expected_proto: RubySMB::SMB2::SMB2_PROTOCOL_ID,
+            expected_cmd:   RubySMB::SMB2::Packet::CreateResponse::COMMAND,
+            packet:         response
+          )
+        end
+        unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
+          raise RubySMB::Error::UnexpectedStatusCode, response.status_code
+        end
+
+        case @share_type
+        when RubySMB::SMB2::Packet::TreeConnectResponse::SMB2_SHARE_TYPE_DISK
+          RubySMB::SMB2::File.new(name: filename, tree: self, response: response, encrypt: @tree_connect_encrypt_data)
+        when RubySMB::SMB2::Packet::TreeConnectResponse::SMB2_SHARE_TYPE_PIPE
+          RubySMB::SMB2::Pipe.new(name: filename, tree: self, response: response)
+        # when RubySMB::SMB2::TreeConnectResponse::SMB2_SHARE_TYPE_PRINT
+        #   it's a printer!
+        else
+          raise RubySMB::Error::RubySMBError, 'Unsupported share type'
+        end
+      end
     end
   end
 end

data/lib/ruby_smb/version.rb

@@ -1,3 +1,3 @@
 module RubySMB
-  VERSION = '3.0.2'.freeze
+  VERSION = '3.0.3'.freeze
 end

data/spec/lib/ruby_smb/smb1/tree_spec.rb

@@ -495,17 +495,17 @@ RSpec.describe RubySMB::SMB1::Tree do
   describe '#open_pipe' do
     let(:opts) { { filename: 'test', write: true } }
     before :example do
-      allow(tree).to receive(:open_file)
+      allow(tree).to receive(:_open)
     end
 
     it 'calls #open_file with the provided options' do
       opts[:filename] ='\\test'
-      expect(tree).to receive(:open_file).with(opts)
+      expect(tree).to receive(:_open).with(opts)
       tree.open_pipe(**opts)
     end
 
     it 'prepends the filename with \\ if needed' do
-      expect(tree).to receive(:open_file).with(filename: '\\test', write: true)
+      expect(tree).to receive(:_open).with(filename: '\\test', write: true)
       tree.open_pipe(**opts)
     end
 

data/spec/lib/ruby_smb/smb2/tree_spec.rb

@@ -535,17 +535,17 @@ RSpec.describe RubySMB::SMB2::Tree do
   describe '#open_pipe' do
     let(:opts) { { filename: '\\test', write: true } }
     before :example do
-      allow(tree).to receive(:open_file)
+      allow(tree).to receive(:_open)
     end
 
     it 'calls #open_file with the provided options' do
       opts[:filename] ='test'
-      expect(tree).to receive(:open_file).with(**opts)
+      expect(tree).to receive(:_open).with(**opts)
       tree.open_pipe(**opts)
     end
 
     it 'remove the leading \\ from the filename if needed' do
-      expect(tree).to receive(:open_file).with(filename: 'test', write: true)
+      expect(tree).to receive(:_open).with(filename: 'test', write: true)
       tree.open_pipe(**opts)
     end
 

data.tar.gz.sig

@@ -1,2 +1,3 @@
-v!�J�a�m.��y�����:;��*]q����鋊K��B�M6$��r=�X��n)��������C~�'��^�k5�;�/38Xr�M�t���L��Q��m�ig6#�Q�A�C�,K�hÀ`#'��톟�������>��j�"$�Ӽ�SdR�Գ���������i�΍ꎈ{�f�8N��\Gx��bO��vh����%�Mx���r[�iM�u���E��Ŀ@�N�hg��
-����l�����ֆ��	`3���
+8z�n:�"bѠny�Lv04���MF�����D3��'�H@�����	f��W}��~x�Y0||�H��f�:�
����m�n�� ���+�hӷ��f�����~
+h
+2ئbJj�����$�]dxGy���]E�^F���0!��#�!��6�UdP�gG�
d+od��X;BVš���� �FU���]����r��7�J^�+r���.�x/:�?�ǒ+9,k�3�&��Bl
�����H�w3Lx+;,�<�

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ruby_smb
 version: !ruby/object:Gem::Version
-  version: 3.0.2
+  version: 3.0.3
 platform: ruby
 authors:
 - Metasploit Hackers
@@ -97,7 +97,7 @@ cert_chain:
   EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
   9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
   -----END CERTIFICATE-----
-date: 2022-02-04 00:00:00.000000000 Z
+date: 2022-02-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: redcarpet