ruby_smb 3.0.4 → 3.1.0

data/lib/ruby_smb/smb2/packet/transform_header.rb

@@ -8,7 +8,7 @@ module RubySMB
         hide   :reserved0
 
         endian           :little
-        bit32            :protocol,              label: 'Protocol ID Field',      initial_value: 0xFD534D42
+        bit32            :protocol,              label: 'Protocol ID Field',      initial_value: RubySMB::SMB2::SMB2_TRANSFORM_PROTOCOL_ID
         string           :signature,             label: 'Signature', length: 16
         string           :nonce,                 label: 'Nonce',     length: 16
         uint32           :original_message_size, label: 'Original Message Size'
@@ -22,13 +22,13 @@ module RubySMB
           encrypted_data = self.encrypted_data.to_ary.pack('C*')
 
           case algorithm
-          when 'AES-128-CCM'
+          when 'AES-128-CCM', 'AES-256-CCM'
             cipher = OpenSSL::CCM.new('AES', key, 16)
             unencrypted_data = cipher.decrypt(encrypted_data + self.signature, self.nonce[0...11], auth_data)
             unless unencrypted_data.length > 0
               raise OpenSSL::Cipher::CipherError  # raised for consistency with GCM mode
             end
-          when 'AES-128-GCM'
+          when 'AES-128-GCM', 'AES-256-GCM'
             cipher = OpenSSL::Cipher.new(algorithm).decrypt
             cipher.key = key
             cipher.iv = self.nonce[0...12]
@@ -37,7 +37,7 @@ module RubySMB
             unencrypted_data = cipher.update(encrypted_data)
             cipher.final # raises OpenSSL::Cipher::CipherError on signature failure
           else
-            raise ArgumentError.new('Invalid algorithm, must be either AES-128-CCM or AES-128-GCM')
+            raise ArgumentError.new('Invalid algorithm, must be one of AES-128-CCM, AES-128-GCM, AES-256-CCM, or AES-256-GCM')
           end
 
           unencrypted_data[0...self.original_message_size]
@@ -53,14 +53,14 @@ module RubySMB
           self.original_message_size.assign(unencrypted_data.length)
 
           case algorithm
-          when 'AES-128-CCM'
+          when 'AES-128-CCM', 'AES-256-CCM'
             cipher = OpenSSL::CCM.new('AES', key, 16)
             random_iv = OpenSSL::Random.random_bytes(11)
             self.nonce.assign(random_iv)
             result = cipher.encrypt(unencrypted_data, random_iv, self.to_binary_s[20...52])
             encrypted_data = result[0...-16]
             auth_tag = result[-16..-1]
-          when 'AES-128-GCM'
+          when 'AES-128-GCM', 'AES-256-GCM'
             cipher = OpenSSL::Cipher.new(algorithm).encrypt
             cipher.iv_len = 12
             cipher.key = key
@@ -69,7 +69,7 @@ module RubySMB
             encrypted_data = cipher.update(unencrypted_data) + cipher.final
             auth_tag = cipher.auth_tag
           else
-            raise ArgumentError.new('Invalid algorithm, must be either AES-128-CCM or AES-128-GCM')
+            raise ArgumentError.new('Invalid algorithm, must be one of AES-128-CCM, AES-128-GCM, AES-256-CCM, or AES-256-GCM')
           end
 
           self.encrypted_data.assign(encrypted_data.bytes)

data/lib/ruby_smb/smb2.rb

@@ -5,6 +5,7 @@ module RubySMB
   module SMB2
     # Protocol ID value. Translates to \xFESMB
     SMB2_PROTOCOL_ID = 0xFE534D42
+    SMB2_TRANSFORM_PROTOCOL_ID = 0xFD534D42
     # Wildcard revision, see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/63abf97c-0d09-47e2-88d6-6bfa552949a5
     SMB2_WILDCARD_REVISION = 0x02ff
 

data/lib/ruby_smb/version.rb

@@ -1,3 +1,3 @@
 module RubySMB
-  VERSION = '3.0.4'.freeze
+  VERSION = '3.1.0'.freeze
 end

data/ruby_smb.gemspec

@@ -34,7 +34,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'yard'
 
   spec.add_runtime_dependency 'rubyntlm'
-  spec.add_runtime_dependency 'windows_error', '>= 0.1.3'
+  spec.add_runtime_dependency 'windows_error', '>= 0.1.4'
   spec.add_runtime_dependency 'bindata'
   spec.add_runtime_dependency 'openssl-ccm'
   spec.add_runtime_dependency 'openssl-cmac'

data/spec/lib/ruby_smb/client_spec.rb

@@ -962,8 +962,10 @@ RSpec.describe RubySMB::Client do
           expect(nc.length).to eq(1)
           expect(nc.first.data.ciphers).to eq(
             [
-              RubySMB::SMB2::EncryptionCapabilities::AES_128_CCM,
-              RubySMB::SMB2::EncryptionCapabilities::AES_128_GCM
+              RubySMB::SMB2::EncryptionCapabilities::AES_256_GCM,
+              RubySMB::SMB2::EncryptionCapabilities::AES_256_CCM,
+              RubySMB::SMB2::EncryptionCapabilities::AES_128_GCM,
+              RubySMB::SMB2::EncryptionCapabilities::AES_128_CCM
             ]
           )
         end
@@ -2681,13 +2683,15 @@ RSpec.describe RubySMB::Client do
         context "with #{dialect} dialect" do
           before :example do
             client.dialect = dialect
+            client.encryption_algorithm = 'AES-128-CCM'
           end
 
           it 'generates the client encryption key with the expected parameters' do
             expect(RubySMB::Crypto::KDF).to receive(:counter_mode).with(
               session_key,
               "SMB2AESCCM\x00",
-              "ServerIn \x00"
+              "ServerIn \x00",
+              {length: 128}
             ).and_call_original
             client.smb3_encrypt(data)
           end
@@ -2698,10 +2702,12 @@ RSpec.describe RubySMB::Client do
         it 'generates the client encryption key with the expected parameters' do
           client.preauth_integrity_hash_value = ''
           client.dialect = '0x0311'
+          client.encryption_algorithm = 'AES-128-CCM'
           expect(RubySMB::Crypto::KDF).to receive(:counter_mode).with(
             session_key,
             "SMBC2SCipherKey\x00",
-            ''
+            '',
+            {length: 128}
           ).and_call_original
           client.smb3_encrypt(data)
         end
@@ -2723,6 +2729,7 @@ RSpec.describe RubySMB::Client do
 
       it 'generates the expected client encryption key with 0x0302 dialect' do
         client.dialect = '0x0302'
+        client.encryption_algorithm = 'AES-128-CCM'
         expected_enc_key =
           "\xa4\xfa\x23\xc1\xb0\x65\x84\xce\x47\x08\x5b\xe0\x64\x98\xd7\x87".b
         client.smb3_encrypt(data)
@@ -2731,6 +2738,7 @@ RSpec.describe RubySMB::Client do
 
       it 'generates the expected client encryption key with 0x0311 dialect' do
         client.dialect = '0x0311'
+        client.encryption_algorithm = 'AES-128-CCM'
         client.session_key =
           "\x5c\x00\x4a\x3b\xf0\xa2\x4f\x75\x4c\xb2\x74\x0a\xcf\xc4\x8e\x1a".b
         client.preauth_integrity_hash_value =
@@ -2765,13 +2773,15 @@ RSpec.describe RubySMB::Client do
         context "with #{dialect} dialect" do
           before :example do
             client.dialect = dialect
+            client.encryption_algorithm = 'AES-128-CCM'
           end
 
           it 'generates the client encryption key with the expected parameters' do
             expect(RubySMB::Crypto::KDF).to receive(:counter_mode).with(
               session_key,
               "SMB2AESCCM\x00",
-              "ServerOut\x00"
+              "ServerOut\x00",
+              {length: 128}
             ).and_call_original
             client.smb3_decrypt(transform_packet)
           end
@@ -2782,10 +2792,12 @@ RSpec.describe RubySMB::Client do
         it 'generates the client encryption key with the expected parameters' do
           client.preauth_integrity_hash_value = ''
           client.dialect = '0x0311'
+          client.encryption_algorithm = 'AES-128-CCM'
           expect(RubySMB::Crypto::KDF).to receive(:counter_mode).with(
             session_key,
             "SMBS2CCipherKey\x00",
-            ''
+            '',
+            {length: 128}
           ).and_call_original
           client.smb3_decrypt(transform_packet)
         end
@@ -2806,6 +2818,7 @@ RSpec.describe RubySMB::Client do
 
       it 'generates the expected server encryption key with 0x0302 dialect' do
         client.dialect = '0x0302'
+        client.encryption_algorithm = 'AES-128-CCM'
         expected_enc_key =
           "\x65\x21\xd3\x6d\xe9\xe3\x5a\x66\x09\x61\xae\x3e\xc6\x49\x6b\xdf".b
         client.smb3_decrypt(transform_packet)
@@ -2814,6 +2827,7 @@ RSpec.describe RubySMB::Client do
 
       it 'generates the expected server encryption key with 0x0311 dialect' do
         client.dialect = '0x0311'
+        client.encryption_algorithm = 'AES-128-CCM'
         client.session_key =
           "\x5c\x00\x4a\x3b\xf0\xa2\x4f\x75\x4c\xb2\x74\x0a\xcf\xc4\x8e\x1a".b
         client.preauth_integrity_hash_value =

data/spec/lib/ruby_smb/dcerpc/svcctl/create_service_w_request_spec.rb

@@ -0,0 +1,143 @@
+RSpec.describe RubySMB::Dcerpc::Svcctl::CreateServiceWRequest do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :h_sc_object }
+  it { is_expected.to respond_to :lp_service_name }
+  it { is_expected.to respond_to :lp_display_name }
+  it { is_expected.to respond_to :dw_desired_access }
+  it { is_expected.to respond_to :dw_service_type }
+  it { is_expected.to respond_to :dw_start_type }
+  it { is_expected.to respond_to :dw_error_control }
+  it { is_expected.to respond_to :lp_binary_path_name }
+  it { is_expected.to respond_to :lp_load_order_group }
+  it { is_expected.to respond_to :lp_dw_tag_id }
+  it { is_expected.to respond_to :lp_dependencies }
+  it { is_expected.to respond_to :dw_depend_size }
+  it { is_expected.to respond_to :lp_service_start_name }
+  it { is_expected.to respond_to :lp_password }
+  it { is_expected.to respond_to :dw_pw_size }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+
+  describe '#h_sc_object' do
+    it 'is a ScRpcHandle structure' do
+      expect(packet.h_sc_object).to be_a RubySMB::Dcerpc::Svcctl::ScRpcHandle
+    end
+  end
+
+  describe '#lp_service_name' do
+    it 'is a NdrConfVarWideStringz structure' do
+      expect(packet.lp_service_name).to be_a RubySMB::Dcerpc::Ndr::NdrConfVarWideStringz
+    end
+  end
+
+  describe '#lp_display_name' do
+    it 'is a NdrWideStringzPtr structure' do
+      expect(packet.lp_display_name).to be_a RubySMB::Dcerpc::Ndr::NdrWideStringzPtr
+    end
+  end
+
+  describe '#dw_desired_access' do
+    it 'is a NdrUint32' do
+      expect(packet.dw_desired_access).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+
+  describe '#dw_service_type' do
+    it 'is a NdrUint32' do
+      expect(packet.dw_service_type).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+
+  describe '#dw_start_type' do
+    it 'is a NdrUint32' do
+      expect(packet.dw_start_type).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+
+  describe '#dw_error_control' do
+    it 'is a NdrUint32' do
+      expect(packet.dw_error_control).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+
+  describe '#lp_binary_path_name' do
+    it 'is a NdrConfVarWideStringz structure' do
+      expect(packet.lp_binary_path_name).to be_a RubySMB::Dcerpc::Ndr::NdrConfVarWideStringz
+    end
+  end
+
+  describe '#lp_load_order_group' do
+    it 'is a NdrWideStringzPtr structure' do
+      expect(packet.lp_load_order_group).to be_a RubySMB::Dcerpc::Ndr::NdrWideStringzPtr
+    end
+  end
+
+  describe '#lp_dw_tag_id' do
+    it 'is a NdrUint32Ptr' do
+      expect(packet.lp_dw_tag_id).to be_a RubySMB::Dcerpc::Ndr::NdrUint32Ptr
+    end
+  end
+
+  describe '#lp_dependencies' do
+    it 'is a SvcctlByteArrayPtr structure' do
+      expect(packet.lp_dependencies).to be_a RubySMB::Dcerpc::Svcctl::SvcctlByteArrayPtr
+    end
+  end
+
+  describe '#dw_depend_size' do
+    it 'is a NdrUint32' do
+      expect(packet.dw_depend_size).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+
+  describe '#lp_service_start_name' do
+    it 'is a NdrWideStringzPtr structure' do
+      expect(packet.lp_service_start_name).to be_a RubySMB::Dcerpc::Ndr::NdrWideStringzPtr
+    end
+  end
+
+  describe '#lp_password' do
+    it 'is a SvcctlByteArrayPtr structure' do
+      expect(packet.lp_password).to be_a RubySMB::Dcerpc::Svcctl::SvcctlByteArrayPtr
+    end
+  end
+
+  describe '#dw_pw_size' do
+    it 'is a NdrUint32' do
+      expect(packet.dw_pw_size).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+
+  it 'should keep #dw_desired_access 4-byte aligned' do
+    5.times do |i1|
+      5.times do |i2|
+        packet.lp_service_name = "A" * i1
+        packet.lp_display_name = "B" * i2
+        expect(packet.dw_desired_access.abs_offset % 4).to eq 0
+      end
+    end
+  end
+
+  describe '#initialize_instance' do
+    it 'sets #opnum to CREATE_SERVICE_W constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Svcctl::CREATE_SERVICE_W)
+    end
+  end
+
+  it 'reads its own binary representation and outputs the same packet' do
+    packet = described_class.new(
+      h_sc_object: {context_handle_attributes: 0, context_handle_uuid: '367abb81-9844-35f1-ad32-98f038001003'},
+      lp_service_name: 'test',
+      lp_display_name: 'Test',
+      dw_desired_access: 3,
+      lp_binary_path_name: 'test',
+      lp_password: 'test'.bytes
+    )
+    binary = packet.to_binary_s
+    expect(described_class.read(binary)).to eq(packet)
+  end
+end

data/spec/lib/ruby_smb/dcerpc/svcctl/create_service_w_response_spec.rb

@@ -0,0 +1,45 @@
+RSpec.describe RubySMB::Dcerpc::Svcctl::CreateServiceWResponse do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :lp_dw_tag_id }
+  it { is_expected.to respond_to :lp_sc_handle }
+  it { is_expected.to respond_to :error_status }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  describe '#lp_dw_tag_id' do
+    it 'is a NdrUint32Ptr' do
+      expect(packet.lp_dw_tag_id).to be_a RubySMB::Dcerpc::Ndr::NdrUint32Ptr
+    end
+  end
+
+  describe '#lp_sc_handle' do
+    it 'is a ScRpcHandle structure' do
+      expect(packet.lp_sc_handle).to be_a RubySMB::Dcerpc::Svcctl::ScRpcHandle
+    end
+  end
+
+  describe '#error_status' do
+    it 'is a NdrUint32' do
+      expect(packet.error_status).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+
+  describe '#initialize_instance' do
+    it 'sets #opnum to CREATE_SERVICE_W constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Svcctl::CREATE_SERVICE_W)
+    end
+  end
+
+  it 'reads its own binary representation and outputs the same packet' do
+    packet = described_class.new(
+      lp_dw_tag_id: 3,
+      lp_sc_handle: {context_handle_attributes: 0, context_handle_uuid: '367abb81-9844-35f1-ad32-98f038001003'},
+      error_status: 3
+    )
+    binary = packet.to_binary_s
+    expect(described_class.read(binary)).to eq(packet)
+  end
+end

data/spec/lib/ruby_smb/dcerpc/svcctl/delete_service_request_spec.rb

@@ -0,0 +1,29 @@
+RSpec.describe RubySMB::Dcerpc::Svcctl::DeleteServiceRequest do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :lp_sc_handle }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  describe '#lp_sc_handle' do
+    it 'is a ScRpcHandle structure' do
+      expect(packet.lp_sc_handle).to be_a RubySMB::Dcerpc::Svcctl::ScRpcHandle
+    end
+  end
+
+  describe '#initialize_instance' do
+    it 'sets #opnum to DELETE_SERVICE constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Svcctl::DELETE_SERVICE)
+    end
+  end
+
+  it 'reads its own binary representation and outputs the same packet' do
+    packet = described_class.new(
+      lp_sc_handle: {context_handle_attributes: 0, context_handle_uuid: '367abb81-9844-35f1-ad32-98f038001003'}
+    )
+    binary = packet.to_binary_s
+    expect(described_class.read(binary)).to eq(packet)
+  end
+end

data/spec/lib/ruby_smb/dcerpc/svcctl/delete_service_response_spec.rb

@@ -0,0 +1,29 @@
+RSpec.describe RubySMB::Dcerpc::Svcctl::DeleteServiceResponse do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :error_status }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  describe '#error_status' do
+    it 'is a NdrUint32' do
+      expect(packet.error_status).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+
+  describe '#initialize_instance' do
+    it 'sets #opnum to DELETE_SERVICE constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Svcctl::DELETE_SERVICE)
+    end
+  end
+
+  it 'reads its own binary representation and outputs the same packet' do
+    packet = described_class.new(
+      error_status: 3
+    )
+    binary = packet.to_binary_s
+    expect(described_class.read(binary)).to eq(packet)
+  end
+end

data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_request_spec.rb

@@ -57,30 +57,30 @@ RSpec.describe RubySMB::Dcerpc::Winreg::OpenRootKeyRequest do
     end
 
     context 'when #opnum is not OPEN_HKPD, OPEN_HKPT or OPEN_HKPN' do
-      it 'sets the #sam_desired.maximum flag' do
+      it 'sets the #sam_desired.maximum_allowed flag' do
         packet = described_class.new(opnum: RubySMB::Dcerpc::Winreg::OPEN_HKCR)
-        expect(packet.sam_desired.maximum).to eq(1)
+        expect(packet.sam_desired.maximum_allowed).to eq(1)
       end
     end
 
     context 'when #opnum is OPEN_HKPD' do
-      it 'does not set the #sam_desired.maximum flag' do
+      it 'does not set the #sam_desired.maximum_allowed flag' do
         packet = described_class.new(opnum: RubySMB::Dcerpc::Winreg::OPEN_HKPD)
-        expect(packet.sam_desired.maximum).to eq(0)
+        expect(packet.sam_desired.maximum_allowed).to eq(0)
       end
     end
 
     context 'when #opnum is OPEN_HKPT' do
-      it 'does not set the #sam_desired.maximum flag' do
+      it 'does not set the #sam_desired.maximum_allowed flag' do
         packet = described_class.new(opnum: RubySMB::Dcerpc::Winreg::OPEN_HKPT)
-        expect(packet.sam_desired.maximum).to eq(0)
+        expect(packet.sam_desired.maximum_allowed).to eq(0)
       end
     end
 
     context 'when #opnum is OPEN_HKPN' do
-      it 'does not set the #sam_desired.maximum flag' do
+      it 'does not set the #sam_desired.maximum_allowed flag' do
         packet = described_class.new(opnum: RubySMB::Dcerpc::Winreg::OPEN_HKPN)
-        expect(packet.sam_desired.maximum).to eq(0)
+        expect(packet.sam_desired.maximum_allowed).to eq(0)
       end
     end
   end

data/spec/lib/ruby_smb/dcerpc/winreg/regsam_spec.rb

@@ -22,7 +22,7 @@ RSpec.describe RubySMB::Dcerpc::Winreg::Regsam do
   it { is_expected.to respond_to :generic_execute }
   it { is_expected.to respond_to :generic_all }
   it { is_expected.to respond_to :reserved4 }
-  it { is_expected.to respond_to :maximum }
+  it { is_expected.to respond_to :maximum_allowed }
   it { is_expected.to respond_to :system_security }
 
 

data/spec/lib/ruby_smb/dcerpc/winreg_spec.rb

@@ -755,7 +755,7 @@ RSpec.describe RubySMB::Dcerpc::Winreg do
         lp_sub_key:             sub_key,
         lp_class:               :null,
         dw_options:             RubySMB::Dcerpc::Winreg::CreateKeyRequest::REG_KEY_TYPE_VOLATILE,
-        sam_desired:            RubySMB::Dcerpc::Winreg::Regsam.new(maximum: 1),
+        sam_desired:            RubySMB::Dcerpc::Winreg::Regsam.new(maximum_allowed: 1),
         lp_security_attributes: RubySMB::Dcerpc::RpcSecurityAttributes.new,
         lpdw_disposition:       RubySMB::Dcerpc::Winreg::CreateKeyRequest::REG_CREATED_NEW_KEY
       }

data/spec/lib/ruby_smb/smb1/bit_field/directory_access_mask_spec.rb

@@ -19,7 +19,7 @@ RSpec.describe RubySMB::SMB1::BitField::DirectoryAccessMask do
   it { is_expected.to respond_to :generic_write }
   it { is_expected.to respond_to :generic_execute }
   it { is_expected.to respond_to :generic_all }
-  it { is_expected.to respond_to :maximum }
+  it { is_expected.to respond_to :maximum_allowed }
   it { is_expected.to respond_to :system_security }
 
   it 'is little endian' do
@@ -146,12 +146,12 @@ RSpec.describe RubySMB::SMB1::BitField::DirectoryAccessMask do
     it_behaves_like 'bit field with one flag set', :system_security, 'V', 0x01000000
   end
 
-  describe '#maximum' do
+  describe '#maximum_allowed' do
     it 'should be a 1-bit field per the SMB spec' do
-      expect(flags.maximum).to be_a BinData::Bit1
+      expect(flags.maximum_allowed).to be_a BinData::Bit1
     end
 
-    it_behaves_like 'bit field with one flag set', :maximum, 'V', 0x02000000
+    it_behaves_like 'bit field with one flag set', :maximum_allowed, 'V', 0x02000000
   end
 
   describe '#generic_all' do

data/spec/lib/ruby_smb/smb1/bit_field/file_access_mask_spec.rb

@@ -19,7 +19,7 @@ RSpec.describe RubySMB::SMB1::BitField::FileAccessMask do
   it { is_expected.to respond_to :generic_write }
   it { is_expected.to respond_to :generic_execute }
   it { is_expected.to respond_to :generic_all }
-  it { is_expected.to respond_to :maximum }
+  it { is_expected.to respond_to :maximum_allowed }
   it { is_expected.to respond_to :system_security }
 
   it 'is little endian' do
@@ -146,12 +146,12 @@ RSpec.describe RubySMB::SMB1::BitField::FileAccessMask do
     it_behaves_like 'bit field with one flag set', :system_security, 'V', 0x01000000
   end
 
-  describe '#maximum' do
+  describe '#maximum_allowed' do
     it 'should be a 1-bit field per the SMB spec' do
-      expect(flags.maximum).to be_a BinData::Bit1
+      expect(flags.maximum_allowed).to be_a BinData::Bit1
     end
 
-    it_behaves_like 'bit field with one flag set', :maximum, 'V', 0x02000000
+    it_behaves_like 'bit field with one flag set', :maximum_allowed, 'V', 0x02000000
   end
 
   describe '#generic_all' do

data/spec/lib/ruby_smb/smb1/packet/trans2/find_first2_request_spec.rb

@@ -26,7 +26,7 @@ RSpec.describe RubySMB::SMB1::Packet::Trans2::FindFirst2Request do
       expect(parameter_block).to be_a RubySMB::SMB1::Packet::Trans2::Request::ParameterBlock
     end
 
-    it 'should have the setup set to the OPEN2 subcommand' do
+    it 'should have the setup set to the FIND_FIRST2 subcommand' do
       expect(parameter_block.setup).to include RubySMB::SMB1::Packet::Trans2::Subcommands::FIND_FIRST2
     end
   end
@@ -47,7 +47,7 @@ RSpec.describe RubySMB::SMB1::Packet::Trans2::FindFirst2Request do
     end
 
     it 'should keep #trans2_data 4-byte aligned' do
-      expect(data_block.trans2_data.abs_offset % 4).to eq 0
+      expect(data_block.trans2_data.abs_offset % 4).to eq 0 if data_block.trans2_data.num_bytes != 0
     end
 
     describe '#trans2_parameters' do

data/spec/lib/ruby_smb/smb1/packet/trans2/find_first2_response_spec.rb

@@ -24,7 +24,7 @@ RSpec.describe RubySMB::SMB1::Packet::Trans2::FindFirst2Response do
   describe '#parameter_block' do
     subject(:parameter_block) { packet.parameter_block }
 
-    it 'should have the setup set to the OPEN2 subcommand' do
+    it 'should have the setup set to the FIND_FIRST2 subcommand' do
       expect(parameter_block.setup).to include RubySMB::SMB1::Packet::Trans2::Subcommands::FIND_FIRST2
     end
   end
@@ -40,7 +40,7 @@ RSpec.describe RubySMB::SMB1::Packet::Trans2::FindFirst2Response do
     end
 
     it 'should keep #trans2_data 4-byte aligned' do
-      expect(data_block.trans2_data.abs_offset % 4).to eq 0
+      expect(data_block.trans2_data.abs_offset % 4).to eq 0 if data_block.trans2_data.num_bytes != 0
     end
 
     describe '#trans2_parameters' do
@@ -57,6 +57,40 @@ RSpec.describe RubySMB::SMB1::Packet::Trans2::FindFirst2Response do
       subject(:data) { data_block.trans2_data }
 
       it { is_expected.to respond_to :buffer }
+
+      describe '#buffer' do
+        it 'is a String field' do
+          expect(data.buffer).to be_a BinData::String
+        end
+      end
+
+      context 'when the buffer is empty' do
+        before :each do
+          data.buffer = ''
+        end
+
+        it 'should not be padded' do
+          expect(data_block.pad2.num_bytes).to eq 0
+        end
+
+        it 'should read its own binary representation' do
+          expect(packet.class.read(packet.to_binary_s).data_block.trans2_data.buffer).to eq ''
+        end
+      end
+
+      context 'when the buffer is not empty' do
+        before :each do
+          data.buffer = 'test'
+        end
+
+        it 'should be padded to a 4-byte boundary' do
+          expect(data_block.trans2_data.abs_offset % 4).to eq 0
+        end
+
+        it 'should read its own binary representation' do
+          expect(packet.class.read(packet.to_binary_s).data_block.trans2_data.buffer).to eq 'test'
+        end
+      end
     end
   end
 

data/spec/lib/ruby_smb/smb1/packet/trans2/find_next2_request_spec.rb

@@ -26,7 +26,7 @@ RSpec.describe RubySMB::SMB1::Packet::Trans2::FindNext2Request do
       expect(parameter_block).to be_a RubySMB::SMB1::Packet::Trans2::Request::ParameterBlock
     end
 
-    it 'should have the setup set to the OPEN2 subcommand' do
+    it 'should have the setup set to the FIND_NEXT2 subcommand' do
       expect(parameter_block.setup).to include RubySMB::SMB1::Packet::Trans2::Subcommands::FIND_NEXT2
     end
   end
@@ -47,7 +47,7 @@ RSpec.describe RubySMB::SMB1::Packet::Trans2::FindNext2Request do
     end
 
     it 'should keep #trans2_data 4-byte aligned' do
-      expect(data_block.trans2_data.abs_offset % 4).to eq 0
+      expect(data_block.trans2_data.abs_offset % 4).to eq 0 if data_block.trans2_data.num_bytes != 0
     end
 
     describe '#trans2_parameters' do