RubyGems - ruby_smb - Versions diffs - 3.0.6 → 3.1.0 - Mend

ruby_smb 3.0.6 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (78) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4dd0be012c18ad4e243cbfa2948fc620448766612b2f33be278583981fa2cf90
-  data.tar.gz: '07309ce54e701f2c3654a9cdbc8b3eff9d42d54451321e6e17a49d46ae4ce162'
+  metadata.gz: 582c72fe6559ee4c40aa9e33f77c6644669848ae3452c11095f31fb0b0fce387
+  data.tar.gz: 2791bfa79cb55e6ec6689782a747860287278bc42c38d6ecd03a66396efba200
 SHA512:
-  metadata.gz: ee506f05e67f8fa1a61b0d0f05470b41e20c5972c9c9584e8fe8069352a2cd09704b66d42856fb1330a93def276525b0d50047e93b981479c064c36f35f8298a
-  data.tar.gz: 78c37f1157393e17c51a6de7ff55fb25206e84f68740c958c406c36432ca90bc572716670640b9153a3ff66247dfcbeae8f4305f3c17cd91af64e8a4fc092894
+  metadata.gz: ae54e45927264996fbaed098e38f38d179c0750aa4d82073910364bdc3cb2719c8ec89c9f432554ef44a752b9aef3e4f945b73357b4694c7faa52f7025582efc
+  data.tar.gz: 0cf5036c07e48a2cb6a40bdb63e0ec18f0f20d7110af4938f3fc4067e77d99e084ac5cba0f255980b1b971f93985793cce8211f4496e9ffd6be0bc00ab5e2dd7

checksums.yaml.gz.sig CHANGED Viewed

Binary file

data/lib/ruby_smb/client/encryption.rb CHANGED Viewed

@@ -4,18 +4,24 @@ module RubySMB
     module Encryption
       def smb3_encrypt(data)
         unless @client_encryption_key
+          raise RubySMB::Error::EncryptionError.new('The encryption algorithm has not been set') if @encryption_algorithm.nil?
+          key_bit_len = OpenSSL::Cipher.new(@encryption_algorithm).key_len * 8
           case @dialect
           when '0x0300', '0x0302'
             @client_encryption_key = RubySMB::Crypto::KDF.counter_mode(
               @session_key,
               "SMB2AESCCM\x00",
-              "ServerIn \x00"
+              "ServerIn \x00",
+              length: key_bit_len
             )
           when '0x0311'
             @client_encryption_key = RubySMB::Crypto::KDF.counter_mode(
               @session_key,
               "SMBC2SCipherKey\x00",
-              @preauth_integrity_hash_value
+              @preauth_integrity_hash_value,
+              length: key_bit_len
             )
           else
             raise RubySMB::Error::EncryptionError.new('Dialect is incompatible with SMBv3 encryption')
@@ -33,18 +39,24 @@ module RubySMB
       def smb3_decrypt(th)
         unless @server_encryption_key
+          raise RubySMB::Error::EncryptionError.new('The encryption algorithm has not been set') if @encryption_algorithm.nil?
+          key_bit_len = OpenSSL::Cipher.new(@encryption_algorithm).key_len * 8
           case @dialect
           when '0x0300', '0x0302'
             @server_encryption_key = RubySMB::Crypto::KDF.counter_mode(
               @session_key,
               "SMB2AESCCM\x00",
-              "ServerOut\x00"
+              "ServerOut\x00",
+              length: key_bit_len
             )
           when '0x0311'
             @server_encryption_key = RubySMB::Crypto::KDF.counter_mode(
               @session_key,
               "SMBS2CCipherKey\x00",
-              @preauth_integrity_hash_value
+              @preauth_integrity_hash_value,
+              length: key_bit_len
             )
           else
             raise RubySMB::Error::EncryptionError.new('Dialect is incompatible with SMBv3 decryption')

data/lib/ruby_smb/client/negotiation.rb CHANGED Viewed

@@ -265,8 +265,10 @@ module RubySMB
           nc = RubySMB::SMB2::NegotiateContext.new(
             context_type: RubySMB::SMB2::NegotiateContext::SMB2_ENCRYPTION_CAPABILITIES
           )
-          nc.data.ciphers << RubySMB::SMB2::EncryptionCapabilities::AES_128_CCM
+          nc.data.ciphers << RubySMB::SMB2::EncryptionCapabilities::AES_256_GCM
+          nc.data.ciphers << RubySMB::SMB2::EncryptionCapabilities::AES_256_CCM
           nc.data.ciphers << RubySMB::SMB2::EncryptionCapabilities::AES_128_GCM
+          nc.data.ciphers << RubySMB::SMB2::EncryptionCapabilities::AES_128_CCM
           packet.add_negotiate_context(nc)
           nc = RubySMB::SMB2::NegotiateContext.new(

data/lib/ruby_smb/fscc/file_information.rb CHANGED Viewed

@@ -65,6 +65,10 @@ module RubySMB
       # [2.2.2.3.5 Pass-through Information Level Codes](https://msdn.microsoft.com/en-us/library/ff470158.aspx)
       SMB_INFO_PASSTHROUGH               = 0x03e8
+      def self.name(value)
+        constants.select { |c| c.upcase == c }.find { |c| const_get(c) == value }
+      end
       # The FILE_NAME_INFORMATION type as defined in
       # https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-fscc/20406fb1-605f-4629-ba9a-c67ee25f23d2
       class FileNameInformation < BinData::Record

data/lib/ruby_smb/server/server_client/encryption.rb ADDED Viewed

@@ -0,0 +1,66 @@
+module RubySMB
+  class Server
+    class ServerClient
+      # Contains the methods for handling encryption / decryption
+      module Encryption
+        def smb3_encrypt(data, session)
+          encryption_algorithm = SMB2::EncryptionCapabilities::ENCRYPTION_ALGORITHM_MAP[@cipher_id]
+          raise RubySMB::Error::EncryptionError.new('The encryption algorithm has not been set') if encryption_algorithm.nil?
+          key_bit_len = OpenSSL::Cipher.new(encryption_algorithm).key_len * 8
+          case @dialect
+          when '0x0300', '0x0302'
+            server_encryption_key = RubySMB::Crypto::KDF.counter_mode(
+              session.key,
+              "SMB2AESCCM\x00",
+              "ServerOut\x00",
+              length: key_bit_len
+            )
+          when '0x0311'
+            server_encryption_key = RubySMB::Crypto::KDF.counter_mode(
+              session.key,
+              "SMBS2CCipherKey\x00",
+              @preauth_integrity_hash_value,
+              length: key_bit_len
+            )
+          else
+            raise RubySMB::Error::EncryptionError.new('Dialect is incompatible with SMBv3 decryption')
+          end
+          th = RubySMB::SMB2::Packet::TransformHeader.new(flags: 1, session_id: session.id)
+          th.encrypt(data, server_encryption_key, algorithm: encryption_algorithm)
+          th
+        end
+        def smb3_decrypt(encrypted_request, session)
+          encryption_algorithm = SMB2::EncryptionCapabilities::ENCRYPTION_ALGORITHM_MAP[@cipher_id]
+          raise RubySMB::Error::EncryptionError.new('The encryption algorithm has not been set') if encryption_algorithm.nil?
+          key_bit_len = OpenSSL::Cipher.new(encryption_algorithm).key_len * 8
+          case @dialect
+          when '0x0300', '0x0302'
+            client_encryption_key = RubySMB::Crypto::KDF.counter_mode(
+              session.key,
+              "SMB2AESCCM\x00",
+              "ServerIn \x00",
+              length: key_bit_len
+            )
+          when '0x0311'
+            client_encryption_key = RubySMB::Crypto::KDF.counter_mode(
+              session.key,
+              "SMBC2SCipherKey\x00",
+              @preauth_integrity_hash_value,
+              length: key_bit_len
+            )
+          else
+            raise RubySMB::Error::EncryptionError.new('Dialect is incompatible with SMBv3 encryption')
+          end
+          encrypted_request.decrypt(client_encryption_key, algorithm: encryption_algorithm)
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/server/server_client/negotiation.rb CHANGED Viewed

@@ -119,14 +119,25 @@ module RubySMB
             )
             nc = request.find_negotiate_context(SMB2::NegotiateContext::SMB2_ENCRYPTION_CAPABILITIES)
-            cipher = nc&.data&.ciphers&.first
-            cipher = 0 unless SMB2::EncryptionCapabilities::ENCRYPTION_ALGORITHM_MAP.include? cipher
+            ciphers = nc&.data&.ciphers
+            if ciphers
+              cipher = ciphers.find { |cipher| SMB2::EncryptionCapabilities::ENCRYPTION_ALGORITHM_MAP.include?(cipher) }
+              @cipher_id = cipher unless cipher.nil?
+            end
             contexts << SMB2::NegotiateContext.new(
               context_type: SMB2::NegotiateContext::SMB2_ENCRYPTION_CAPABILITIES,
               data: {
-                ciphers: [ cipher ]
+                ciphers: [ @cipher_id ]
               }
             )
+          elsif dialect == '0x0300' || dialect == '0x0302'
+            if request.capabilities.encryption == 1
+              response.capabilities.encryption = 1
+              @cipher_id = SMB2::EncryptionCapabilities::AES_128_CCM
+            else
+              response.capabilities = 0
+            end
           end
           # the order in which the response is built is important to ensure it is valid

data/lib/ruby_smb/server/server_client/session_setup.rb CHANGED Viewed

@@ -2,7 +2,7 @@ module RubySMB
   class Server
     class ServerClient
       module SessionSetup
-        def do_session_setup_smb1(request, session)
+        def do_session_setup_andx_smb1(request, session)
           session_id = request.smb_header.uid
           if session_id == 0
             session_id = rand(1..0x10000)
@@ -41,6 +41,17 @@ module RubySMB
           response
         end
+        alias :do_session_setup_smb1 :do_session_setup_andx_smb1
+        def do_logoff_andx_smb1(request, session)
+          # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-cifs/00fc0299-496c-4330-9089-67358994f272
+          @session_table.delete(request.smb_header.uid)
+          session.logoff!
+          response = SMB1::Packet::LogoffResponse.new
+          response
+        end
         def do_session_setup_smb2(request, session)
           session_id = request.smb2_header.session_id
           if session_id == 0
@@ -67,11 +78,14 @@ module RubySMB
           update_preauth_hash(request) if @dialect == '0x0311'
           if gss_result.nt_status == WindowsError::NTStatus::STATUS_SUCCESS
-            response.smb2_header.credits = 32
             session.state = :valid
             session.user_id = gss_result.identity
             session.key = @gss_authenticator.session_key
             session.signing_required = request.security_mode.signing_required == 1
+            response.smb2_header.credits = 32
+            @cipher_id = 0 if session.is_anonymous # disable encryption for anonymous users
+            response.session_flags.encrypt_data = 1 unless @cipher_id == 0
           elsif gss_result.nt_status == WindowsError::NTStatus::STATUS_MORE_PROCESSING_REQUIRED && @dialect == '0x0311'
             update_preauth_hash(response)
           end
@@ -80,7 +94,8 @@ module RubySMB
         end
         def do_logoff_smb2(request, session)
-          session = @session_table.delete(session.id)
+          # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/a6fbc502-75a5-42ef-a88c-c67b44817850
+          @session_table.delete(session.id)
           session.logoff!
           response = SMB2::Packet::LogoffResponse.new

data/lib/ruby_smb/server/server_client/share_io.rb CHANGED Viewed

@@ -2,6 +2,23 @@ module RubySMB
   class Server
     class ServerClient
       module ShareIO
+        def proxy_share_io_smb1(request, session)
+          share_processor = session.tree_connect_table[request.smb_header.tid]
+          if share_processor.nil?
+            response = SMB1::Packet::EmptyPacket.new
+            response.smb_header.nt_status = WindowsError::NTStatus::STATUS_NETWORK_NAME_DELETED
+            return response
+          end
+          logger.debug("Received #{SMB1::Commands.name(request.smb_header.command)} request for share: #{share_processor.provider.name}")
+          share_processor.send(__callee__, request)
+        end
+        alias :do_close_smb1          :proxy_share_io_smb1
+        alias :do_nt_create_andx_smb1 :proxy_share_io_smb1
+        alias :do_read_andx_smb1      :proxy_share_io_smb1
+        alias :do_transactions2_smb1  :proxy_share_io_smb1
         def proxy_share_io_smb2(request, session)
           # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/9a639360-87be-4d49-a1dd-4c6be0c020bd
           share_processor = session.tree_connect_table[request.smb2_header.tree_id]

data/lib/ruby_smb/server/server_client/tree_connect.rb CHANGED Viewed

@@ -3,6 +3,43 @@ module RubySMB
     class ServerClient
       MAX_TREE_CONNECTIONS = 1000
       module TreeConnect
+        def do_tree_connect_smb1(request, session)
+          # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-cifs/b062f3e3-1b65-4a9a-854a-0ee432499d8f
+          response = RubySMB::SMB1::Packet::TreeConnectResponse.new
+          share_name = request.data_block.path.encode('UTF-8').split('\\', 4).last
+          share_provider = @server.shares.transform_keys(&:downcase)[share_name.downcase]
+          if share_provider.nil?
+            logger.warn("Received TREE_CONNECT request for non-existent share: #{share_name}")
+            response.smb_header.nt_status = WindowsError::NTStatus::STATUS_OBJECT_PATH_NOT_FOUND
+            return response
+          end
+          logger.debug("Received TREE_CONNECT request for share: #{share_name}")
+          tree_id = rand(1..0xfffe)
+          tree_id = rand(1..0xfffe) while session.tree_connect_table.include?(tree_id)
+          response.smb_header.tid = tree_id
+          session.tree_connect_table[tree_id] = share_processor = share_provider.new_processor(self, session)
+          response.parameter_block.access_rights = share_processor.maximal_access
+          response
+        end
+        def do_tree_disconnect_smb1(request, session)
+          share_processor = session.tree_connect_table.delete(request.smb_header.tid)
+          if share_processor.nil?
+            response = RubySMB::SMB1::Packet::EmptyPacket.new
+            response.smb_header.nt_status = WindowsError::NTStatus::STATUS_NETWORK_NAME_DELETED
+            return response
+          end
+          logger.debug("Received TREE_DISCONNECT request for share: #{share_processor.provider.name}")
+          share_processor.disconnect!
+          response = RubySMB::SMB1::Packet::TreeDisconnectResponse.new
+          response
+        end
         def do_tree_connect_smb2(request, session)
           response = RubySMB::SMB2::Packet::TreeConnectResponse.new
           response.smb2_header.credits = 1
@@ -13,7 +50,7 @@ module RubySMB
           end
           share_name = request.path.encode('UTF-8').split('\\', 4).last
-          share_provider = @server.shares[share_name]
+          share_provider = @server.shares.transform_keys(&:downcase)[share_name.downcase]
           if share_provider.nil?
             logger.warn("Received TREE_CONNECT request for non-existent share: #{share_name}")
@@ -31,8 +68,8 @@ module RubySMB
             RubySMB::SMB2::Packet::TreeConnectResponse::SMB2_SHARE_TYPE_PRINT
           end
-          tree_id = rand(0xffffffff)
-          tree_id = rand(0xffffffff) while session.tree_connect_table.include?(tree_id)
+          tree_id = rand(1..0xfffffffe)
+          tree_id = rand(1..0xfffffffe) while session.tree_connect_table.include?(tree_id)
           response.smb2_header.tree_id = tree_id
           session.tree_connect_table[tree_id] = share_processor = share_provider.new_processor(self, session)

data/lib/ruby_smb/server/server_client.rb CHANGED Viewed

@@ -6,12 +6,14 @@ module RubySMB
       require 'ruby_smb/dialect'
       require 'ruby_smb/signing'
+      require 'ruby_smb/server/server_client/encryption'
       require 'ruby_smb/server/server_client/negotiation'
       require 'ruby_smb/server/server_client/session_setup'
       require 'ruby_smb/server/server_client/share_io'
       require 'ruby_smb/server/server_client/tree_connect'
       include RubySMB::Signing
+      include RubySMB::Server::ServerClient::Encryption
       include RubySMB::Server::ServerClient::Negotiation
       include RubySMB::Server::ServerClient::SessionSetup
       include RubySMB::Server::ServerClient::ShareIO
@@ -25,6 +27,8 @@ module RubySMB
         @server = server
         @dispatcher = dispatcher
         @dialect = nil
+        @sequence_counter = 0
+        @cipher_id = 0
         @gss_authenticator = server.gss_provider.new_authenticator(self)
         @preauth_integrity_hash_algorithm = nil
         @preauth_integrity_hash_value = nil
@@ -75,8 +79,10 @@ module RubySMB
           begin
             response = handle_smb1(raw_request, header)
-          rescue NotImplementedError
-            logger.error("Caught a NotImplementedError while handling a #{SMB1::Commands.name(header.command)} request")
+          rescue NotImplementedError => e
+            message = "Caught a NotImplementedError while handling a #{SMB1::Commands.name(header.command)} request"
+            message << " (#{e.message})" if e.message
+            logger.error(message)
             response = RubySMB::SMB1::Packet::EmptyPacket.new
             response.smb_header.nt_status = WindowsError::NTStatus::STATUS_NOT_SUPPORTED
           end
@@ -86,6 +92,12 @@ module RubySMB
             if response.is_a?(SMB1::Packet::EmptyPacket)
               response.smb_header.command = header.command if response.smb_header.command == 0
               response.smb_header.flags.reply = 1
+              nt_status = response.smb_header.nt_status.to_i
+              message = "Sending an error packet for SMB1 command: #{SMB1::Commands.name(header.command)}, status: 0x#{nt_status.to_s(16).rjust(8, '0')}"
+              if (nt_status_name = WindowsError::NTStatus.find_by_retval(nt_status).first&.name)
+                message << " (#{nt_status_name})"
+              end
+              logger.info(message)
             end
             response.smb_header.pid_high = header.pid_high if response.smb_header.pid_high == 0
@@ -95,33 +107,23 @@ module RubySMB
             response.smb_header.mid = header.mid if response.smb_header.mid == 0
           end
         when RubySMB::SMB2::SMB2_PROTOCOL_ID
+          response = _handle_smb2(raw_request)
+        when RubySMB::SMB2::SMB2_TRANSFORM_PROTOCOL_ID
           begin
-            header = RubySMB::SMB2::SMB2Header.read(raw_request)
+            header = RubySMB::SMB2::Packet::TransformHeader.read(raw_request)
           rescue IOError => e
-            logger.error("Caught a #{e.class} while reading the SMB2 header (#{e.message})")
+            logger.error("Caught a #{e.class} while reading the SMB3 Transform header")
             disconnect!
             return
           end
           begin
-            response = handle_smb2(raw_request, header)
+            response = handle_smb3_transform(raw_request, header)
           rescue NotImplementedError
-            logger.error("Caught a NotImplementedError while handling a #{SMB2::Commands.name(header.command)} request")
+            logger.error("Caught a NotImplementedError while handling a SMB3 Transform request")
             response = SMB2::Packet::ErrorPacket.new
             response.smb2_header.nt_status = WindowsError::NTStatus::STATUS_NOT_SUPPORTED
-          end
-          unless response.nil?
-            # set these header fields if they were not initialized
-            if response.is_a?(SMB2::Packet::ErrorPacket)
-              response.smb2_header.command = header.command if response.smb2_header.command == 0
-              response.smb2_header.flags.reply = 1
-            end
-            response.smb2_header.credits = 1 if response.smb2_header.credits == 0
-            response.smb2_header.message_id = header.message_id if response.smb2_header.message_id == 0
-            response.smb2_header.session_id = header.session_id if response.smb2_header.session_id == 0
-            response.smb2_header.tree_id = header.tree_id if response.smb2_header.tree_id == 0
+            response.smb2_header.session_id = header.session_id
           end
         end
@@ -193,17 +195,8 @@ module RubySMB
         packet = @dispatcher.recv_packet
         if packet && packet.length >= 4 && packet[0...4].unpack1('L>') == RubySMB::SMB2::SMB2_PROTOCOL_ID
-          header = RubySMB::SMB2::SMB2Header.read(packet)
-          unless header.next_command == 0
-            until header.next_command == 0
-              @in_packet_queue.push(packet[0...header.next_command])
-              packet = packet[header.next_command..-1]
-              header = RubySMB::SMB2::SMB2Header.read(packet)
-            end
-            @in_packet_queue.push(packet)
-            packet = @in_packet_queue.shift
-          end
+          @in_packet_queue += split_smb2_chain(packet)
+          packet = @in_packet_queue.shift
         end
         packet
@@ -214,16 +207,24 @@ module RubySMB
       #
       # @param [GenericPacket] packet the packet to send
       def send_packet(packet)
-        case metadialect&.order
-        when Dialect::ORDER_SMB1
+        case metadialect&.family
+        when Dialect::FAMILY_SMB1
           session_id = packet.smb_header.uid
-        when Dialect::ORDER_SMB2
+        when Dialect::FAMILY_SMB2
           session_id = packet.smb2_header.session_id
+        when Dialect::FAMILY_SMB3
+          if packet.is_a?(RubySMB::SMB2::Packet::TransformHeader)
+            session_id = packet.session_id
+          else
+            session_id = packet.smb2_header.session_id
+          end
         end
         session = @session_table[session_id]
-        unless session.nil? || session.is_anonymous || session.key.nil?
+        unless session.nil? || session.is_anonymous || session.key.nil? || packet.is_a?(RubySMB::SMB2::Packet::TransformHeader)
           case metadialect&.family
+          when Dialect::FAMILY_SMB1
+            packet = Signing::smb1_sign(packet, session.key, @sequence_counter)
           when Dialect::FAMILY_SMB2
             packet = Signing::smb2_sign(packet, session.key)
           when Dialect::FAMILY_SMB3
@@ -231,6 +232,7 @@ module RubySMB
           end
         end
+        @sequence_counter += 1
         @dispatcher.send_packet(packet)
       end
@@ -260,12 +262,36 @@ module RubySMB
       # @param [RubySMB::SMB1::SMBHeader] header The request header.
       # @return [RubySMB::GenericPacket]
       def handle_smb1(raw_request, header)
-        # session = @session_table[header.uid]
-        session = nil
+        session = @session_table[header.uid]
+        if session.nil? && !(header.command == SMB1::Commands::SMB_COM_SESSION_SETUP_ANDX && header.uid == 0)
+          response = SMB1::Packet::EmptyPacket.new
+          response.smb_header.nt_status = WindowsError::NTStatus::STATUS_USER_SESSION_DELETED
+          return response
+        end
+        if session&.state == :expired
+          response = SMB1::Packet::EmptyPacket.new
+          response.smb_header.nt_status = WindowsError::NTStatus::STATUS_NETWORK_SESSION_EXPIRED
+          return response
+        end
         case header.command
+        when SMB1::Commands::SMB_COM_CLOSE
+          dispatcher, request_class = :do_close_smb1, SMB1::Packet::CloseRequest
+        when SMB1::Commands::SMB_COM_TREE_DISCONNECT
+          dispatcher, request_class = :do_tree_disconnect_smb1, SMB1::Packet::TreeDisconnectRequest
+        when SMB1::Commands::SMB_COM_LOGOFF_ANDX
+          dispatcher, request_class = :do_logoff_andx_smb1, SMB1::Packet::LogoffRequest
+        when SMB1::Commands::SMB_COM_NT_CREATE_ANDX
+          dispatcher, request_class = :do_nt_create_andx_smb1, SMB1::Packet::NtCreateAndxRequest
+        when SMB1::Commands::SMB_COM_READ_ANDX
+          dispatcher, request_class = :do_read_andx_smb1, SMB1::Packet::ReadAndxRequest
         when SMB1::Commands::SMB_COM_SESSION_SETUP_ANDX
-          dispatcher, request_class = :do_session_setup_smb1, SMB1::Packet::SessionSetupRequest
+          dispatcher, request_class = :do_session_setup_andx_smb1, SMB1::Packet::SessionSetupRequest
+        when SMB1::Commands::SMB_COM_TRANSACTION2
+          dispatcher, request_class = :do_transactions2_smb1, SMB1::Packet::Trans2::Request
+        when SMB1::Commands::SMB_COM_TREE_CONNECT
+          dispatcher, request_class = :do_tree_connect_smb1, SMB1::Packet::TreeConnectRequest
         else
           logger.warn("The SMB1 #{SMB1::Commands.name(header.command)} command is not supported")
           raise NotImplementedError
@@ -276,10 +302,13 @@ module RubySMB
         rescue IOError, RubySMB::Error::InvalidPacket => e
           logger.error("Caught a #{e.class} while reading the SMB1 #{request_class} (#{e.message})")
           response = RubySMB::SMB1::Packet::EmptyPacket.new
+          response.smb_header.nt_status = WindowsError::NTStatus::STATUS_DATA_ERROR
+          return response
         end
         if request.is_a?(SMB1::Packet::EmptyPacket)
           logger.error("Received an error packet for SMB1 command: #{SMB1::Commands.name(header.command)}")
+          response = RubySMB::SMB1::Packet::EmptyPacket.new
           response.smb_header.nt_status = WindowsError::NTStatus::STATUS_DATA_ERROR
           return response
         end
@@ -304,6 +333,11 @@ module RubySMB
           response.smb2_header.nt_status = WindowsError::NTStatus::STATUS_USER_SESSION_DELETED
           return response
         end
+        if session&.state == :expired
+          response = SMB2::Packet::ErrorPacket.new
+          response.smb2_header.nt_status = WindowsError::NTStatus::STATUS_NETWORK_SESSION_EXPIRED
+          return response
+        end
         case header.command
         when SMB2::Commands::CLOSE
@@ -347,6 +381,82 @@ module RubySMB
         logger.debug("Dispatching request to #{dispatcher} (session: #{session.inspect})")
         send(dispatcher, request, session)
       end
+      def _handle_smb2(raw_request)
+        begin
+          header = RubySMB::SMB2::SMB2Header.read(raw_request)
+        rescue IOError => e
+          logger.error("Caught a #{e.class} while reading the SMB2 header (#{e.message})")
+          disconnect!
+          return
+        end
+        begin
+          response = handle_smb2(raw_request, header)
+        rescue NotImplementedError
+          logger.error("Caught a NotImplementedError while handling a #{SMB2::Commands.name(header.command)} request")
+          response = SMB2::Packet::ErrorPacket.new
+          response.smb2_header.nt_status = WindowsError::NTStatus::STATUS_NOT_SUPPORTED
+        end
+        unless response.nil?
+          # set these header fields if they were not initialized
+          if response.is_a?(SMB2::Packet::ErrorPacket)
+            response.smb2_header.command = header.command if response.smb2_header.command == 0
+            response.smb2_header.flags.reply = 1
+            nt_status = response.smb2_header.nt_status.to_i
+            message = "Sending an error packet for SMB2 command: #{SMB2::Commands.name(header.command)}, status: 0x#{nt_status.to_s(16).rjust(8, '0')}"
+            if (nt_status_name = WindowsError::NTStatus.find_by_retval(nt_status).first&.name)
+              message << " (#{nt_status_name})"
+            end
+            logger.info(message)
+          end
+          response.smb2_header.credits = 1 if response.smb2_header.credits == 0
+          response.smb2_header.message_id = header.message_id if response.smb2_header.message_id == 0
+          response.smb2_header.session_id = header.session_id if response.smb2_header.session_id == 0
+          response.smb2_header.tree_id = header.tree_id if response.smb2_header.tree_id == 0
+        end
+        response
+      end
+      def handle_smb3_transform(raw_request, header)
+        session = @session_table[header.session_id]
+        if session.nil?
+          response = SMB2::Packet::ErrorPacket.new
+          response.smb2_header.nt_status = WindowsError::NTStatus::STATUS_USER_SESSION_DELETED
+          return response
+        end
+        chain = split_smb2_chain(smb3_decrypt(header, session))
+        chain[0...-1].each do |pt_raw_request|
+          pt_response = _handle_smb2(pt_raw_request)
+          return if pt_response.nil?
+          send_packet(smb3_encrypt(pt_response, session))
+        end
+        pt_response = _handle_smb2(chain.last)
+        return if pt_response.nil?
+        smb3_encrypt(pt_response, session)
+      end
+      def split_smb2_chain(buffer)
+        chain = []
+        header = RubySMB::SMB2::SMB2Header.read(buffer)
+        unless header.next_command == 0
+          until header.next_command == 0
+            chain << buffer[0...header.next_command]
+            buffer = buffer[header.next_command..-1]
+            header = RubySMB::SMB2::SMB2Header.read(buffer)
+          end
+        end
+        chain << buffer
+        chain
+      end
     end
   end
 end

data/lib/ruby_smb/server/share/provider/disk/file_system.rb ADDED Viewed

@@ -0,0 +1,28 @@
+module RubySMB
+  class Server
+    module Share
+      module Provider
+        class Disk < Base
+          module FileSystem
+            # define attributes of the file system to emulate
+            FileSystem = Struct.new(
+              :name,
+              :max_name_bytes,
+              :case_sensitive_search,
+              :case_preserved_names,
+              :unicode_on_disk
+            )
+            NTFS = FileSystem.new(
+              'NTFS',
+              255,
+              true,
+              true,
+              true
+            )
+          end
+        end
+      end
+    end
+  end
+end