ruby_smb 3.0.2 → 3.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9a0b34939805bf96ca0b83284b946fc2d96c1e5d7b6e63c67c4d0c40b73d257d
-  data.tar.gz: f8c1e25526de8821ec484c820b32734e0cfcefce6e34de2a90b25ce876225e61
+  metadata.gz: 3a4881649381520e25f5f014f66baac4130dd8a58d4eadd3476198fec3fc9e8d
+  data.tar.gz: 809b581025c19ab7ca1162a7b73d342d63b24edd77835744191a0d7c930425fd
 SHA512:
-  metadata.gz: b669ae3cdc6e7c875c92890ac15608ab45b8d223eb064756d340e046a5dd3b4273971ebdf8419a033ae87fc75af8f08d7e7ce5466186e2e531adada3efaedab4
-  data.tar.gz: 052ad0693a7f9ea8b3b767a58ecc710e37f2c9c0ef7c910b8c385b22b9a6eee678596a49de385cb0d0200964e620b171bd667a76b7b393f96a1ebded64e6f5b7
+  metadata.gz: 4e340189b0ae87ec98e7ca6bde9d4c30c1eb3a0d3e1f69383869e4803bf3d3d9bbc502cef143a83bad9f91dc1de10ca3bcd4132a8d518a1bb2121a7d4490309d
+  data.tar.gz: 0c7198d84416da8b995e50c17f7826abba21affa03cc1c2404e2e2ecaac1322178f76c356d8d026c4a75b7e9d356bd134f1a0df12fe327eca1240b87afaeee0d

data/examples/anonymous_auth.rb

@@ -4,14 +4,15 @@
 # including protocol negotiation and authentication.
 
 require 'bundler/setup'
+require 'optparse'
 require 'ruby_smb'
 
-def run_authentication(address, smb1, smb2, smb3, username, password)
+def run_authentication(address, smb1, smb2, smb3)
   # Create our socket and add it to the dispatcher
   sock = TCPSocket.new address, 445
   dispatcher = RubySMB::Dispatcher::Socket.new(sock)
 
-  client = RubySMB::Client.new(dispatcher, smb1: smb1, smb2: smb2, smb3: smb3, username: username, password: password)
+  client = RubySMB::Client.new(dispatcher, smb1: smb1, smb2: smb2, smb3: smb3, username: '', password: '')
   protocol = client.negotiate
   status = client.authenticate
   puts "#{protocol} : #{status}"
@@ -22,9 +23,31 @@ def run_authentication(address, smb1, smb2, smb3, username, password)
   end
 end
 
-address  = ARGV[0]
-username = ''
-password = ''
+args = ARGV.dup
+options = {
+  smbv1: true,
+  smbv2: true,
+  smbv3: true,
+  target: nil
+}
+options[:target ] = args.pop
+optparser = OptionParser.new do |opts|
+  opts.banner = "Usage: #{File.basename(__FILE__)} [options] target"
+  opts.on("--[no-]smbv1", "Enable or disable SMBv1 (default: #{options[:smbv1] ? 'Enabled' : 'Disabled'})") do |smbv1|
+    options[:smbv1] = smbv1
+  end
+  opts.on("--[no-]smbv2", "Enable or disable SMBv2 (default: #{options[:smbv2] ? 'Enabled' : 'Disabled'})") do |smbv2|
+    options[:smbv2] = smbv2
+  end
+  opts.on("--[no-]smbv3", "Enable or disable SMBv3 (default: #{options[:smbv3] ? 'Enabled' : 'Disabled'})") do |smbv3|
+    options[:smbv3] = smbv3
+  end
+end
+optparser.parse!(args)
+
+if options[:target].nil?
+  abort(optparser.help)
+end
 
 # Negotiate with only SMB1 enabled
-run_authentication(address, true, false, false, username, password)
+run_authentication(options[:target], options[:smbv1], options[:smbv2], options[:smbv3])

data/examples/auth_capture.rb

@@ -15,13 +15,13 @@ options = {
 }
 OptionParser.new do |opts|
   opts.banner = "Usage: #{File.basename(__FILE__)} [options]"
-  opts.on("--[no-]smbv1", "Enabled or disable SMBv1 (default: #{options[:smbv1] ? 'Enabled' : 'Disabled'})") do |smbv1|
+  opts.on("--[no-]smbv1", "Enable or disable SMBv1 (default: #{options[:smbv1] ? 'Enabled' : 'Disabled'})") do |smbv1|
     options[:smbv1] = smbv1
   end
-  opts.on("--[no-]smbv2", "Enabled or disable SMBv2 (default: #{options[:smbv2] ? 'Enabled' : 'Disabled'})") do |smbv2|
+  opts.on("--[no-]smbv2", "Enable or disable SMBv2 (default: #{options[:smbv2] ? 'Enabled' : 'Disabled'})") do |smbv2|
     options[:smbv2] = smbv2
   end
-  opts.on("--[no-]smbv3", "Enabled or disable SMBv3 (default: #{options[:smbv3] ? 'Enabled' : 'Disabled'})") do |smbv3|
+  opts.on("--[no-]smbv3", "Enable or disable SMBv3 (default: #{options[:smbv3] ? 'Enabled' : 'Disabled'})") do |smbv3|
     options[:smbv3] = smbv3
   end
 end.parse!

data/examples/file_server.rb

@@ -30,13 +30,13 @@ OptionParser.new do |opts|
   opts.on("--[no-]anonymous", "Allow anonymous access (default: #{options[:allow_anonymous]})") do |allow_anonymous|
     options[:allow_anonymous] = allow_anonymous
   end
-  opts.on("--[no-]smbv1", "Enabled or disable SMBv1 (default: #{options[:smbv1] ? 'Enabled' : 'Disabled'})") do |smbv1|
+  opts.on("--[no-]smbv1", "Enable or disable SMBv1 (default: #{options[:smbv1] ? 'Enabled' : 'Disabled'})") do |smbv1|
     options[:smbv1] = smbv1
   end
-  opts.on("--[no-]smbv2", "Enabled or disable SMBv2 (default: #{options[:smbv2] ? 'Enabled' : 'Disabled'})") do |smbv2|
+  opts.on("--[no-]smbv2", "Enable or disable SMBv2 (default: #{options[:smbv2] ? 'Enabled' : 'Disabled'})") do |smbv2|
     options[:smbv2] = smbv2
   end
-  opts.on("--[no-]smbv3", "Enabled or disable SMBv3 (default: #{options[:smbv3] ? 'Enabled' : 'Disabled'})") do |smbv3|
+  opts.on("--[no-]smbv3", "Enable or disable SMBv3 (default: #{options[:smbv3] ? 'Enabled' : 'Disabled'})") do |smbv3|
     options[:smbv3] = smbv3
   end
   opts.on("--username USERNAME", "The account's username (default: #{options[:username]})") do |username|

data/examples/read_file.rb

@@ -7,34 +7,75 @@
 # and read the file short.txt
 
 require 'bundler/setup'
+require 'optparse'
 require 'ruby_smb'
 
-address      = ARGV[0]
-username     = ARGV[1]
-password     = ARGV[2]
-share        = ARGV[3]
-file         = ARGV[4]
-smb_versions = ARGV[5]&.split(',') || ['1','2','3']
+args = ARGV.dup
+options = {
+  domain: '.',
+  username: '',
+  password: '',
+  share: nil,
+  smbv1: true,
+  smbv2: true,
+  smbv3: true,
+  target: nil
+}
+options[:file] = args.pop
+options[:share] = args.pop
+options[:target ] = args.pop
+optparser = OptionParser.new do |opts|
+  opts.banner = "Usage: #{File.basename(__FILE__)} [options] target share file"
+  opts.on("--[no-]smbv1", "Enable or disable SMBv1 (default: #{options[:smbv1] ? 'Enabled' : 'Disabled'})") do |smbv1|
+    options[:smbv1] = smbv1
+  end
+  opts.on("--[no-]smbv2", "Enable or disable SMBv2 (default: #{options[:smbv2] ? 'Enabled' : 'Disabled'})") do |smbv2|
+    options[:smbv2] = smbv2
+  end
+  opts.on("--[no-]smbv3", "Enable or disable SMBv3 (default: #{options[:smbv3] ? 'Enabled' : 'Disabled'})") do |smbv3|
+    options[:smbv3] = smbv3
+  end
+  opts.on("--username USERNAME", "The account's username (default: #{options[:username]})") do |username|
+    if username.include?('\\')
+      options[:domain], options[:username] = username.split('\\', 2)
+    else
+      options[:username] = username
+    end
+  end
+  opts.on("--password PASSWORD", "The account's password (default: #{options[:password]})") do |password|
+    options[:password] = password
+  end
+end
+optparser.parse!(args)
+
+if options[:target].nil? || options[:share].nil? || options[:file].nil?
+  abort(optparser.help)
+end
 
-path     = "\\\\#{address}\\#{share}"
+path     = "\\\\#{options[:target]}\\#{options[:share]}"
 
-sock = TCPSocket.new address, 445
+sock = TCPSocket.new options[:target], 445
 dispatcher = RubySMB::Dispatcher::Socket.new(sock)
 
-client = RubySMB::Client.new(dispatcher, smb1: smb_versions.include?('1'), smb2: smb_versions.include?('2'), smb3: smb_versions.include?('3'), username: username, password: password)
+client = RubySMB::Client.new(dispatcher, smb1: options[:smbv1], smb2: options[:smbv2], smb3: options[:smbv3], username: options[:username], password: options[:password], domain: options[:domain])
 protocol = client.negotiate
 status = client.authenticate
 
 puts "#{protocol} : #{status}"
+unless status == WindowsError::NTStatus::STATUS_SUCCESS
+  puts 'Authentication failed!'
+  exit(1)
+end
 
 begin
   tree = client.tree_connect(path)
   puts "Connected to #{path} successfully!"
 rescue StandardError => e
   puts "Failed to connect to #{path}: #{e.message}"
+  exit(1)
 end
 
-file = tree.open_file(filename: file)
+file = tree.open_file(filename: options[:file])
 
 data = file.read
 puts data

data/examples/tree_connect.rb

@@ -6,24 +6,64 @@
 # This will try to connect to \\192.168.172.138\TEST_SHARE with the msfadmin:msfadmin credentials
 
 require 'bundler/setup'
+require 'optparse'
 require 'ruby_smb'
 
-address      = ARGV[0]
-username     = ARGV[1]
-password     = ARGV[2]
-share        = ARGV[3]
-smb_versions = ARGV[4]&.split(',') || ['1','2','3']
+args = ARGV.dup
+options = {
+  domain: '.',
+  username: '',
+  password: '',
+  share: nil,
+  smbv1: true,
+  smbv2: true,
+  smbv3: true,
+  target: nil
+}
+options[:share] = args.pop
+options[:target ] = args.pop
+optparser = OptionParser.new do |opts|
+  opts.banner = "Usage: #{File.basename(__FILE__)} [options] target share"
+  opts.on("--[no-]smbv1", "Enable or disable SMBv1 (default: #{options[:smbv1] ? 'Enabled' : 'Disabled'})") do |smbv1|
+    options[:smbv1] = smbv1
+  end
+  opts.on("--[no-]smbv2", "Enable or disable SMBv2 (default: #{options[:smbv2] ? 'Enabled' : 'Disabled'})") do |smbv2|
+    options[:smbv2] = smbv2
+  end
+  opts.on("--[no-]smbv3", "Enable or disable SMBv3 (default: #{options[:smbv3] ? 'Enabled' : 'Disabled'})") do |smbv3|
+    options[:smbv3] = smbv3
+  end
+  opts.on("--username USERNAME", "The account's username (default: #{options[:username]})") do |username|
+    if username.include?('\\')
+      options[:domain], options[:username] = username.split('\\', 2)
+    else
+      options[:username] = username
+    end
+  end
+  opts.on("--password PASSWORD", "The account's password (default: #{options[:password]})") do |password|
+    options[:password] = password
+  end
+end
+optparser.parse!(args)
+
+if options[:target].nil? || options[:share].nil?
+  abort(optparser.help)
+end
 
-path     = "\\\\#{address}\\#{share}"
+path = "\\\\#{options[:target]}\\#{options[:share]}"
 
-sock = TCPSocket.new address, 445
+sock = TCPSocket.new options[:target], 445
 dispatcher = RubySMB::Dispatcher::Socket.new(sock)
 
-client = RubySMB::Client.new(dispatcher, smb1: smb_versions.include?('1'), smb2: smb_versions.include?('2'), smb3: smb_versions.include?('3'), username: username, password: password)
+client = RubySMB::Client.new(dispatcher, smb1: options[:smbv1], smb2: options[:smbv2], smb3: options[:smbv3], username: options[:username], password: options[:password], domain: options[:domain])
 protocol = client.negotiate
 status = client.authenticate
 
 puts "#{protocol} : #{status}"
+unless status == WindowsError::NTStatus::STATUS_SUCCESS
+  puts 'Authentication failed!'
+  exit(1)
+end
 
 begin
   tree = client.tree_connect(path)
@@ -31,4 +71,5 @@ begin
   tree.disconnect!
 rescue StandardError => e
   puts "Failed to connect to #{path}: #{e.message}"
+  exit(1)
 end

data/lib/ruby_smb/client/authentication.rb

@@ -212,9 +212,17 @@ module RubySMB
 
         raw = smb2_ntlmssp_authenticate(type3_message, @session_id)
         response = smb2_ntlmssp_final_packet(raw)
-
-        if @smb3 && !@session_encrypt_data && response.session_flags.encrypt_data == 1
-          @session_encrypt_data = true
+        @session_is_guest = response.session_flags.guest == 1
+
+        if @smb3
+          if response.session_flags.encrypt_data == 1
+            # if the server indicates that encryption is required, enable it
+            @session_encrypt_data = true
+          elsif (@session_is_guest && password != '') || (username == '' && password == '')
+            # disable encryption when necessary
+            @session_encrypt_data = false
+          end
+          # otherwise, leave encryption to the default value that it was initialized to
         end
         ######
         # DEBUG

data/lib/ruby_smb/client/negotiation.rb

@@ -251,7 +251,7 @@ module RubySMB
           raise ArgumentError, 'Must be an array of strings' unless dialect.is_a? String
           packet.add_dialect(dialect.to_i(16))
         end
-        packet.capabilities.encryption = 1
+        packet.capabilities.encryption = @session_encrypt_data ? 1 : 0
 
         if packet.dialects.include?(0x0311)
           nc = RubySMB::SMB2::NegotiateContext.new(

data/lib/ruby_smb/client.rb

@@ -29,10 +29,26 @@ module RubySMB
     # It indicates that the server implements SMB 2.1 or future dialect revisions
     # Note that this must be used for SMB3
     SMB1_DIALECT_SMB2_WILDCARD = 'SMB 2.???'.freeze
+
+    SMB2_DIALECT_0202 = '0x0202'.freeze
+    SMB2_DIALECT_0210 = '0x0210'.freeze
+    SMB2_DIALECT_0300  = '0x0300'.freeze
+    SMB2_DIALECT_0302  = '0x0302'.freeze
+    SMB2_DIALECT_0311  = '0x0311'.freeze
+
     # Dialect values for SMB2
-    SMB2_DIALECT_DEFAULT = ['0x0202', '0x0210']
+    SMB2_DIALECT_DEFAULT = [
+      SMB2_DIALECT_0202,
+      SMB2_DIALECT_0210,
+    ].freeze
+
     # Dialect values for SMB3
-    SMB3_DIALECT_DEFAULT = ['0x0300', '0x0302', '0x0311']
+    SMB3_DIALECT_DEFAULT = [
+      SMB2_DIALECT_0300,
+      SMB2_DIALECT_0302,
+      SMB2_DIALECT_0311
+    ].freeze
+
     # The default maximum size of a SMB message that the Client accepts (in bytes)
     MAX_BUFFER_SIZE = 64512
     # The default maximum size of a SMB message that the Server accepts (in bytes)
@@ -129,6 +145,11 @@ module RubySMB
     #   @return [Integer]
     attr_accessor :session_id
 
+    # Whether or not the current session has the guest flag set
+    # @!attribute [rw] session_is_guest
+    #   @return [Boolean]
+    attr_accessor :session_is_guest
+
     # Whether or not the Server requires signing
     # @!attribute [rw] signing_enabled
     #   @return [Boolean]
@@ -292,6 +313,7 @@ module RubySMB
       @sequence_counter  = 0
       @session_id        = 0x00
       @session_key       = ''
+      @session_is_guest  = false
       @signing_required  = false
       @smb1              = smb1
       @smb2              = smb2
@@ -306,6 +328,8 @@ module RubySMB
       @server_supports_multi_credit = false
 
       # SMB 3.x options
+      # this merely initializes the default value for session encryption, it may be changed as necessary when a
+      # session setup response is received
       @session_encrypt_data = always_encrypt
 
       @ntlm_client = Net::NTLM::Client.new(
@@ -444,8 +468,13 @@ module RubySMB
         unless packet.is_a?(RubySMB::SMB2::Packet::SessionSetupRequest) || session_key.empty?
           if self.smb2 && signing_required
             packet = smb2_sign(packet)
-          elsif self.smb3 && (signing_required || packet.is_a?(RubySMB::SMB2::Packet::TreeConnectRequest))
-            packet = smb3_sign(packet)
+          elsif self.smb3
+            # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/652e0c14-5014-4470-999d-b174d7b2da87
+            if @dialect == '0x0311' && (signing_required || (!@session_is_guest && packet.is_a?(RubySMB::SMB2::Packet::TreeConnectRequest)))
+              packet = smb3_sign(packet)
+            elsif signing_required
+              packet = smb3_sign(packet)
+            end
           end
         end
       else
@@ -589,6 +618,7 @@ module RubySMB
       self.session_id       = 0x00
       self.user_id          = 0x00
       self.session_key      = ''
+      self.session_is_guest = false
       self.sequence_counter = 0
       self.smb2_message_id  = 0
       self.client_encryption_key = nil

data/lib/ruby_smb/server/session.rb

@@ -13,6 +13,7 @@ module RubySMB
         @user_id = user_id
         @state = state
         @signing_required = false
+        @metadata = {}
         # tree id => provider processor instance
         @tree_connect_table = {}
         @creation_time = Time.now
@@ -62,6 +63,11 @@ module RubySMB
       #   @return [Hash]
       attr_accessor :tree_connect_table
 
+      # Untyped hash for storing additional arbitrary metadata about the current session
+      # @!attribute [rw] metadaa
+      #   @return [Hash]
+      attr_accessor :metadata
+
       # The time at which this session was created.
       # @!attribute [r] creation_time
       #   @return [Time]

data/lib/ruby_smb/smb1/tree.rb

@@ -59,8 +59,8 @@ module RubySMB
         # Make sure we don't modify the caller's hash options
         opts = opts.dup
         opts[:filename] = opts[:filename].dup
-        opts[:filename].prepend('\\') unless opts[:filename].start_with?('\\')
-        open_file(**opts)
+        opts[:filename].prepend('\\') unless opts[:filename].start_with?('\\'.encode(opts[:filename].encoding))
+        _open(**opts)
       end
 
       # Open a file on the remote share.
@@ -80,83 +80,12 @@ module RubySMB
       # @return [RubySMB::SMB1::File] handle to the created file
       # @raise [RubySMB::Error::InvalidPacket] if the response command is not SMB_COM_NT_CREATE_ANDX
       # @raise [RubySMB::Error::UnexpectedStatusCode] if the response NTStatus is not STATUS_SUCCESS
-      def open_file(filename:, flags: nil, options: nil, disposition: RubySMB::Dispositions::FILE_OPEN,
-                    impersonation: RubySMB::ImpersonationLevels::SEC_IMPERSONATE, read: true, write: false, delete: false)
-        nt_create_andx_request = RubySMB::SMB1::Packet::NtCreateAndxRequest.new
-        nt_create_andx_request = set_header_fields(nt_create_andx_request)
-
-        nt_create_andx_request.parameter_block.ext_file_attributes.normal = 1
-
-        if flags
-          nt_create_andx_request.parameter_block.flags = flags
-        else
-          nt_create_andx_request.parameter_block.flags.request_extended_response = 1
-        end
-
-        if options
-          nt_create_andx_request.parameter_block.create_options = options
-        else
-          nt_create_andx_request.parameter_block.create_options.directory_file     = 0
-          nt_create_andx_request.parameter_block.create_options.non_directory_file = 1
-        end
-
-        if read
-          nt_create_andx_request.parameter_block.share_access.share_read     = 1
-          nt_create_andx_request.parameter_block.desired_access.read_data    = 1
-          nt_create_andx_request.parameter_block.desired_access.read_ea      = 1
-          nt_create_andx_request.parameter_block.desired_access.read_attr    = 1
-          nt_create_andx_request.parameter_block.desired_access.read_control = 1
-        end
-
-        if write
-          nt_create_andx_request.parameter_block.share_access.share_write   = 1
-          nt_create_andx_request.parameter_block.desired_access.write_data  = 1
-          nt_create_andx_request.parameter_block.desired_access.append_data = 1
-          nt_create_andx_request.parameter_block.desired_access.write_ea    = 1
-          nt_create_andx_request.parameter_block.desired_access.write_attr  = 1
-        end
-
-        if delete
-          nt_create_andx_request.parameter_block.share_access.share_delete    = 1
-          nt_create_andx_request.parameter_block.desired_access.delete_access = 1
-        end
-
-        nt_create_andx_request.parameter_block.impersonation_level = impersonation
-        nt_create_andx_request.parameter_block.create_disposition  = disposition
-
-        unicode_enabled = nt_create_andx_request.smb_header.flags2.unicode == 1
-        nt_create_andx_request.data_block.file_name = add_null_termination(str: filename, unicode: unicode_enabled)
-
-        raw_response = @client.send_recv(nt_create_andx_request)
-        response = RubySMB::SMB1::Packet::NtCreateAndxResponse.read(raw_response)
-        unless response.valid?
-          if response.is_a?(RubySMB::SMB1::Packet::EmptyPacket) &&
-               response.smb_header.protocol == RubySMB::SMB1::SMB_PROTOCOL_ID &&
-               response.smb_header.command == response.original_command
-            raise RubySMB::Error::InvalidPacket.new(
-              'The response seems to be an SMB1 NtCreateAndxResponse but an '\
-              'error occurs while parsing it. It is probably missing the '\
-              'required extended information.'
-            )
-          end
-          raise RubySMB::Error::InvalidPacket.new(
-            expected_proto: RubySMB::SMB1::SMB_PROTOCOL_ID,
-            expected_cmd:   RubySMB::SMB1::Packet::NtCreateAndxResponse::COMMAND,
-            packet:         response
-          )
-        end
-        unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
-          raise RubySMB::Error::UnexpectedStatusCode, response.status_code
-        end
-
-        case response.parameter_block.resource_type
-        when RubySMB::SMB1::ResourceType::BYTE_MODE_PIPE, RubySMB::SMB1::ResourceType::MESSAGE_MODE_PIPE
-          RubySMB::SMB1::Pipe.new(name: filename, tree: self, response: response)
-        when RubySMB::SMB1::ResourceType::DISK
-          RubySMB::SMB1::File.new(name: filename, tree: self, response: response)
-        else
-          raise RubySMB::Error::RubySMBError
-        end
+      def open_file(opts)
+        # Make sure we don't modify the caller's hash options
+        opts = opts.dup
+        opts[:filename] = opts[:filename].dup
+        opts[:filename] = opts[:filename][1..-1] if opts[:filename].start_with?('\\'.encode(opts[:filename].encoding))
+        _open(**opts)
       end
 
       # List `directory` on the remote share.
@@ -264,6 +193,85 @@ module RubySMB
 
       private
 
+      def _open(filename:, flags: nil, options: nil, disposition: RubySMB::Dispositions::FILE_OPEN,
+                impersonation: RubySMB::ImpersonationLevels::SEC_IMPERSONATE, read: true, write: false, delete: false)
+        nt_create_andx_request = RubySMB::SMB1::Packet::NtCreateAndxRequest.new
+        nt_create_andx_request = set_header_fields(nt_create_andx_request)
+
+        nt_create_andx_request.parameter_block.ext_file_attributes.normal = 1
+
+        if flags
+          nt_create_andx_request.parameter_block.flags = flags
+        else
+          nt_create_andx_request.parameter_block.flags.request_extended_response = 1
+        end
+
+        if options
+          nt_create_andx_request.parameter_block.create_options = options
+        else
+          nt_create_andx_request.parameter_block.create_options.directory_file     = 0
+          nt_create_andx_request.parameter_block.create_options.non_directory_file = 1
+        end
+
+        if read
+          nt_create_andx_request.parameter_block.share_access.share_read     = 1
+          nt_create_andx_request.parameter_block.desired_access.read_data    = 1
+          nt_create_andx_request.parameter_block.desired_access.read_ea      = 1
+          nt_create_andx_request.parameter_block.desired_access.read_attr    = 1
+          nt_create_andx_request.parameter_block.desired_access.read_control = 1
+        end
+
+        if write
+          nt_create_andx_request.parameter_block.share_access.share_write   = 1
+          nt_create_andx_request.parameter_block.desired_access.write_data  = 1
+          nt_create_andx_request.parameter_block.desired_access.append_data = 1
+          nt_create_andx_request.parameter_block.desired_access.write_ea    = 1
+          nt_create_andx_request.parameter_block.desired_access.write_attr  = 1
+        end
+
+        if delete
+          nt_create_andx_request.parameter_block.share_access.share_delete    = 1
+          nt_create_andx_request.parameter_block.desired_access.delete_access = 1
+        end
+
+        nt_create_andx_request.parameter_block.impersonation_level = impersonation
+        nt_create_andx_request.parameter_block.create_disposition  = disposition
+
+        unicode_enabled = nt_create_andx_request.smb_header.flags2.unicode == 1
+        nt_create_andx_request.data_block.file_name = add_null_termination(str: filename, unicode: unicode_enabled)
+
+        raw_response = @client.send_recv(nt_create_andx_request)
+        response = RubySMB::SMB1::Packet::NtCreateAndxResponse.read(raw_response)
+        unless response.valid?
+          if response.is_a?(RubySMB::SMB1::Packet::EmptyPacket) &&
+               response.smb_header.protocol == RubySMB::SMB1::SMB_PROTOCOL_ID &&
+               response.smb_header.command == response.original_command
+            raise RubySMB::Error::InvalidPacket.new(
+              'The response seems to be an SMB1 NtCreateAndxResponse but an '\
+              'error occurs while parsing it. It is probably missing the '\
+              'required extended information.'
+            )
+          end
+          raise RubySMB::Error::InvalidPacket.new(
+            expected_proto: RubySMB::SMB1::SMB_PROTOCOL_ID,
+            expected_cmd:   RubySMB::SMB1::Packet::NtCreateAndxResponse::COMMAND,
+            packet:         response
+          )
+        end
+        unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
+          raise RubySMB::Error::UnexpectedStatusCode, response.status_code
+        end
+
+        case response.parameter_block.resource_type
+        when RubySMB::SMB1::ResourceType::BYTE_MODE_PIPE, RubySMB::SMB1::ResourceType::MESSAGE_MODE_PIPE
+          RubySMB::SMB1::Pipe.new(name: filename, tree: self, response: response)
+        when RubySMB::SMB1::ResourceType::DISK
+          RubySMB::SMB1::File.new(name: filename, tree: self, response: response)
+        else
+          raise RubySMB::Error::RubySMBError
+        end
+      end
+
       # Sets ParameterBlock options for FIND_FIRST2 and
       # FIND_NEXT2 requests. In particular we need to do this
       # to tell the server to ignore the Trans2DataBlock as we are

data/lib/ruby_smb/smb2/packet/session_setup_request.rb

@@ -18,6 +18,17 @@ module RubySMB
         uint64                     :previous_session_id,     label: 'Previous Session ID'
         string                     :buffer,                  label: 'Security Buffer', length: -> { security_buffer_length }
 
+        # Takes the specified security buffer string and inserts it into the {RubySMB::SMB2::Packet::SessionSetupRequest#buffer}
+        # as well as updating the {RubySMB::SMB2::Packet::SessionSetupRequest#security_buffer_length}
+        # This method DOES NOT wrap the security buffer in any way.
+        #
+        # @param buffer [String] the security buffer
+        # @return [void]
+        def set_security_buffer(buffer)
+          self.security_buffer_length = buffer.length
+          self.buffer = buffer
+        end
+
         # Takes a serialized NTLM Type 1 message and wraps it in the GSS ASN1 encoding
         # and inserts it into the {RubySMB::SMB2::Packet::SessionSetupRequest#buffer}
         # as well as updating the {RubySMB::SMB2::Packet::SessionSetupRequest#security_buffer_length}

data/lib/ruby_smb/smb2/tree.rb

@@ -60,78 +60,16 @@ module RubySMB
         # Make sure we don't modify the caller's hash options
         opts = opts.dup
         opts[:filename] = opts[:filename].dup
-        opts[:filename] = opts[:filename][1..-1] if opts[:filename].start_with? '\\'
-        open_file(**opts)
+        opts[:filename] = opts[:filename][1..-1] if opts[:filename].start_with?('\\'.encode(opts[:filename].encoding))
+        _open(**opts)
       end
 
-      def open_file(filename:, attributes: nil, options: nil, disposition: RubySMB::Dispositions::FILE_OPEN,
-                    impersonation: RubySMB::ImpersonationLevels::SEC_IMPERSONATE, read: true, write: false, delete: false)
-
-        create_request = RubySMB::SMB2::Packet::CreateRequest.new
-        create_request = set_header_fields(create_request)
-
-        # If the user supplied file attributes, use those, otherwise set some
-        # sane defaults.
-        if attributes
-          create_request.file_attributes = attributes
-        else
-          create_request.file_attributes.directory  = 0
-          create_request.file_attributes.normal     = 1
-        end
-
-        # If the user supplied Create Options, use those, otherwise set some
-        # sane defaults.
-        if options
-          create_request.create_options = options
-        else
-          create_request.create_options.directory_file      = 0
-          create_request.create_options.non_directory_file  = 1
-        end
-
-        if read
-          create_request.share_access.read_access = 1
-          create_request.desired_access.read_data = 1
-        end
-
-        if write
-          create_request.share_access.write_access   = 1
-          create_request.desired_access.write_data   = 1
-          create_request.desired_access.append_data  = 1
-        end
-
-        if delete
-          create_request.share_access.delete_access   = 1
-          create_request.desired_access.delete_access = 1
-        end
-
-        create_request.requested_oplock     = 0xff
-        create_request.impersonation_level  = impersonation
-        create_request.create_disposition   = disposition
-        create_request.name                 = filename
-
-        raw_response  = client.send_recv(create_request, encrypt: @tree_connect_encrypt_data)
-        response      = RubySMB::SMB2::Packet::CreateResponse.read(raw_response)
-        unless response.valid?
-          raise RubySMB::Error::InvalidPacket.new(
-            expected_proto: RubySMB::SMB2::SMB2_PROTOCOL_ID,
-            expected_cmd:   RubySMB::SMB2::Packet::CreateResponse::COMMAND,
-            packet:         response
-          )
-        end
-        unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
-          raise RubySMB::Error::UnexpectedStatusCode, response.status_code
-        end
-
-        case @share_type
-        when RubySMB::SMB2::Packet::TreeConnectResponse::SMB2_SHARE_TYPE_DISK
-          RubySMB::SMB2::File.new(name: filename, tree: self, response: response, encrypt: @tree_connect_encrypt_data)
-        when RubySMB::SMB2::Packet::TreeConnectResponse::SMB2_SHARE_TYPE_PIPE
-          RubySMB::SMB2::Pipe.new(name: filename, tree: self, response: response)
-        # when RubySMB::SMB2::TreeConnectResponse::SMB2_SHARE_TYPE_PRINT
-        #   it's a printer!
-        else
-          raise RubySMB::Error::RubySMBError, 'Unsupported share type'
-        end
+      def open_file(opts)
+        # Make sure we don't modify the caller's hash options
+        opts = opts.dup
+        opts[:filename] = opts[:filename].dup
+        opts[:filename] = opts[:filename][1..-1] if opts[:filename].start_with?('\\'.encode(opts[:filename].encoding))
+        _open(**opts)
       end
 
       # List `directory` on the remote share.
@@ -270,6 +208,78 @@ module RubySMB
         request.smb2_header.credits = 256
         request
       end
+
+      private
+
+      def _open(filename:, attributes: nil, options: nil, disposition: RubySMB::Dispositions::FILE_OPEN,
+                    impersonation: RubySMB::ImpersonationLevels::SEC_IMPERSONATE, read: true, write: false, delete: false)
+
+        create_request = RubySMB::SMB2::Packet::CreateRequest.new
+        create_request = set_header_fields(create_request)
+
+        # If the user supplied file attributes, use those, otherwise set some
+        # sane defaults.
+        if attributes
+          create_request.file_attributes = attributes
+        else
+          create_request.file_attributes.directory  = 0
+          create_request.file_attributes.normal     = 1
+        end
+
+        # If the user supplied Create Options, use those, otherwise set some
+        # sane defaults.
+        if options
+          create_request.create_options = options
+        else
+          create_request.create_options.directory_file      = 0
+          create_request.create_options.non_directory_file  = 1
+        end
+
+        if read
+          create_request.share_access.read_access = 1
+          create_request.desired_access.read_data = 1
+        end
+
+        if write
+          create_request.share_access.write_access   = 1
+          create_request.desired_access.write_data   = 1
+          create_request.desired_access.append_data  = 1
+        end
+
+        if delete
+          create_request.share_access.delete_access   = 1
+          create_request.desired_access.delete_access = 1
+        end
+
+        create_request.requested_oplock     = 0xff
+        create_request.impersonation_level  = impersonation
+        create_request.create_disposition   = disposition
+        create_request.name                 = filename
+
+        raw_response  = client.send_recv(create_request, encrypt: @tree_connect_encrypt_data)
+        response      = RubySMB::SMB2::Packet::CreateResponse.read(raw_response)
+        unless response.valid?
+          raise RubySMB::Error::InvalidPacket.new(
+            expected_proto: RubySMB::SMB2::SMB2_PROTOCOL_ID,
+            expected_cmd:   RubySMB::SMB2::Packet::CreateResponse::COMMAND,
+            packet:         response
+          )
+        end
+        unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
+          raise RubySMB::Error::UnexpectedStatusCode, response.status_code
+        end
+
+        case @share_type
+        when RubySMB::SMB2::Packet::TreeConnectResponse::SMB2_SHARE_TYPE_DISK
+          RubySMB::SMB2::File.new(name: filename, tree: self, response: response, encrypt: @tree_connect_encrypt_data)
+        when RubySMB::SMB2::Packet::TreeConnectResponse::SMB2_SHARE_TYPE_PIPE
+          RubySMB::SMB2::Pipe.new(name: filename, tree: self, response: response)
+        # when RubySMB::SMB2::TreeConnectResponse::SMB2_SHARE_TYPE_PRINT
+        #   it's a printer!
+        else
+          raise RubySMB::Error::RubySMBError, 'Unsupported share type'
+        end
+      end
     end
   end
 end

data/lib/ruby_smb/version.rb

@@ -1,3 +1,3 @@
 module RubySMB
-  VERSION = '3.0.2'.freeze
+  VERSION = '3.0.5'.freeze
 end

data/spec/lib/ruby_smb/client_spec.rb

@@ -557,6 +557,16 @@ RSpec.describe RubySMB::Client do
     end
   end
 
+  describe '#wipe_state!' do
+    context 'with SMB1' do
+      it { expect { smb1_client.wipe_state! }.to_not raise_error }
+    end
+
+    context 'with SMB2' do
+      it { expect { smb2_client.wipe_state! }.to_not raise_error }
+    end
+  end
+
   describe '#logoff!' do
     context 'with SMB1' do
       let(:raw_response) { double('Raw response') }

data/spec/lib/ruby_smb/smb1/tree_spec.rb

@@ -118,6 +118,11 @@ RSpec.describe RubySMB::SMB1::Tree do
         end
         tree.open_file(filename: unicode_filename.chop)
       end
+
+      it 'removes the leading \\ from the filename if needed' do
+        expect(tree).to receive(:_open).with(filename: filename)
+        tree.open_file(filename: '\\' + filename)
+      end
     end
 
     describe 'flags' do
@@ -495,17 +500,17 @@ RSpec.describe RubySMB::SMB1::Tree do
   describe '#open_pipe' do
     let(:opts) { { filename: 'test', write: true } }
     before :example do
-      allow(tree).to receive(:open_file)
+      allow(tree).to receive(:_open)
     end
 
     it 'calls #open_file with the provided options' do
       opts[:filename] ='\\test'
-      expect(tree).to receive(:open_file).with(opts)
+      expect(tree).to receive(:_open).with(opts)
       tree.open_pipe(**opts)
     end
 
     it 'prepends the filename with \\ if needed' do
-      expect(tree).to receive(:open_file).with(filename: '\\test', write: true)
+      expect(tree).to receive(:_open).with(filename: '\\test', write: true)
       tree.open_pipe(**opts)
     end
 

data/spec/lib/ruby_smb/smb2/tree_spec.rb

@@ -348,6 +348,11 @@ RSpec.describe RubySMB::SMB2::Tree do
         end
         tree.open_file(filename: filename)
       end
+
+       it 'removes the leading \\ from the filename if needed' do
+        expect(tree).to receive(:_open).with(filename: filename)
+        tree.open_file(filename: "\\".encode('UTF-16LE') + filename)
+      end
     end
 
     describe 'attributes' do
@@ -535,17 +540,17 @@ RSpec.describe RubySMB::SMB2::Tree do
   describe '#open_pipe' do
     let(:opts) { { filename: '\\test', write: true } }
     before :example do
-      allow(tree).to receive(:open_file)
+      allow(tree).to receive(:_open)
     end
 
     it 'calls #open_file with the provided options' do
       opts[:filename] ='test'
-      expect(tree).to receive(:open_file).with(**opts)
+      expect(tree).to receive(:_open).with(**opts)
       tree.open_pipe(**opts)
     end
 
-    it 'remove the leading \\ from the filename if needed' do
-      expect(tree).to receive(:open_file).with(filename: 'test', write: true)
+    it 'removes the leading \\ from the filename if needed' do
+      expect(tree).to receive(:_open).with(filename: 'test', write: true)
       tree.open_pipe(**opts)
     end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ruby_smb
 version: !ruby/object:Gem::Version
-  version: 3.0.2
+  version: 3.0.5
 platform: ruby
 authors:
 - Metasploit Hackers
@@ -97,7 +97,7 @@ cert_chain:
   EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
   9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
   -----END CERTIFICATE-----
-date: 2022-02-04 00:00:00.000000000 Z
+date: 2022-03-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: redcarpet