ruby_smb 3.0.6 → 3.1.2

data/lib/ruby_smb/fscc/file_information/file_stream_information.rb

@@ -4,7 +4,10 @@ module RubySMB
       # The FileStreamInformation
       # [2.4.43 FileStreamInformation](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-fscc/f8762be6-3ab9-411e-a7d6-5cc68f70c78d)
       class FileStreamInformation < BinData::Record
+        CLASS_LEVEL = Fscc::FileInformation::FILE_STREAM_INFORMATION
+
         endian :little
+
         uint32   :next_entry_offset,      label: 'Next Entry Offset'
         uint32   :stream_name_length,     label: 'Stream Name Length', initial_value: -> { stream_name.do_num_bytes }
         int64    :stream_size,            label: 'Stream Size'

data/lib/ruby_smb/fscc/file_information.rb

@@ -17,10 +17,26 @@ module RubySMB
       # contents of a directory.
       FILE_BOTH_DIRECTORY_INFORMATION    = 0x03
 
+      # Information class used to query or set file information.
+      FILE_BASIC_INFORMATION             = 0x04
+
+      # Information class is used to query file information.
+      FILE_STANDARD_INFORMATION          = 0x05
+
+      # Information class used to query for the file system's 64-bit file ID.
+      FILE_INTERNAL_INFORMATION          = 0x06
+
       # Information class used to query for the size of the extended attributes
       # (EA) for a file.
       FILE_EA_INFORMATION                = 0x07
 
+      # Information class used to query the access rights of a file that were
+      # granted when the file was opened.
+      FILE_ACCESS_INFORMATION            = 0x08
+
+      # Information class is used locally to query the name of a file.
+      FILE_NAME_INFORMATION              = 0x09
+
       # Information class used to rename a file.
       FILE_RENAME_INFORMATION            = 0x0A
 
@@ -31,6 +47,17 @@ module RubySMB
       # Information class used to mark a file for deletion.
       FILE_DISPOSITION_INFORMATION       = 0x0D
 
+      # Information class used to query or set the position of the file pointer
+      # within a file.
+      FILE_POSITION_INFORMATION          = 0x0E
+
+      # Information class used to query or set the mode of the file.
+      FILE_MODE_INFORMATION              = 0x10
+
+      # Information class used to query the buffer alignment required by the
+      # underlying device.
+      FILE_ALIGNMENT_INFORMATION         = 0x11
+
       # Information class used to enumerate the data streams of a file or a
       # directory.
       FILE_STREAM_INFORMATION            = 0x16
@@ -57,6 +84,10 @@ module RubySMB
       FILE_NORMALIZED_NAME_INFORMATION = 0x30
 
 
+      # Information class is used to query a collection of file information
+      # structures.
+      FILE_ALL_INFORMATION = 0x12
+
       # These Information Classes can be used by SMB1 using the pass-through
       # Information Levels when available on the server (CAP_INFOLEVEL_PASSTHRU
       # capability flag in an SMB_COM_NEGOTIATE server response). The constant
@@ -65,12 +96,8 @@ module RubySMB
       # [2.2.2.3.5 Pass-through Information Level Codes](https://msdn.microsoft.com/en-us/library/ff470158.aspx)
       SMB_INFO_PASSTHROUGH               = 0x03e8
 
-      # The FILE_NAME_INFORMATION type as defined in
-      # https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-fscc/20406fb1-605f-4629-ba9a-c67ee25f23d2
-      class FileNameInformation < BinData::Record
-        endian :little
-        uint32           :file_name_length, label: 'File Name Length',  initial_value: -> { file_name.do_num_bytes }
-        string16         :file_name,        label: 'File Name',         read_length: -> { file_name_length }
+      def self.name(value)
+        constants.select { |c| c.upcase == c }.find { |c| const_get(c) == value }
       end
 
       require 'ruby_smb/fscc/file_information/file_directory_information'
@@ -79,11 +106,21 @@ module RubySMB
       require 'ruby_smb/fscc/file_information/file_id_full_directory_information'
       require 'ruby_smb/fscc/file_information/file_both_directory_information'
       require 'ruby_smb/fscc/file_information/file_id_both_directory_information'
+      require 'ruby_smb/fscc/file_information/file_name_information'
       require 'ruby_smb/fscc/file_information/file_names_information'
+      require 'ruby_smb/fscc/file_information/file_normalized_name_information'
       require 'ruby_smb/fscc/file_information/file_rename_information'
       require 'ruby_smb/fscc/file_information/file_network_open_information'
       require 'ruby_smb/fscc/file_information/file_ea_information'
       require 'ruby_smb/fscc/file_information/file_stream_information'
+      require 'ruby_smb/fscc/file_information/file_basic_information'
+      require 'ruby_smb/fscc/file_information/file_standard_information'
+      require 'ruby_smb/fscc/file_information/file_internal_information'
+      require 'ruby_smb/fscc/file_information/file_access_information'
+      require 'ruby_smb/fscc/file_information/file_position_information'
+      require 'ruby_smb/fscc/file_information/file_mode_information'
+      require 'ruby_smb/fscc/file_information/file_alignment_information'
+      require 'ruby_smb/fscc/file_information/file_all_information'
     end
   end
 end

data/lib/ruby_smb/fscc/file_system_information/file_fs_attribute_information.rb

@@ -7,6 +7,7 @@ module RubySMB
         CLASS_LEVEL = FileSystemInformation::FILE_FS_ATTRIBUTE_INFORMATION
 
         endian :little
+
         struct   :file_system_attributes,            label: 'File System Attributes' do
           bit1   :file_supports_reparse_points,      label: 'FS Supports Reparse Points'
           bit1   :file_supports_sparse_files,        label: 'FS Supports Sparse Files'

data/lib/ruby_smb/fscc/file_system_information/file_fs_volume_information.rb

@@ -7,6 +7,7 @@ module RubySMB
         CLASS_LEVEL = FileSystemInformation::FILE_FS_VOLUME_INFORMATION
 
         endian :little
+
         file_time :volume_creation_time, label: 'Volume Creation Time'
         uint32    :volume_serial_number, label: 'Volume Serial Number'
         uint32    :volume_label_length,  label: 'Volume Label Length', initial_value: -> { volume_label.do_num_bytes }

data/lib/ruby_smb/fscc/file_system_information.rb

@@ -15,6 +15,10 @@ module RubySMB
       FILE_FS_VOLUME_FLAGS_INFORMATION = 10
       FILE_FS_SECTOR_SIZE_INFORMATION  = 11
 
+      def self.name(value)
+        constants.select { |c| c.upcase == c }.find { |c| const_get(c) == value }
+      end
+
       require 'ruby_smb/fscc/file_system_information/file_fs_attribute_information'
       require 'ruby_smb/fscc/file_system_information/file_fs_volume_information'
     end

data/lib/ruby_smb/gss/provider/ntlm.rb

@@ -78,6 +78,10 @@ module RubySMB
                 msg.flag |= NTLM::NEGOTIATE_FLAGS.fetch(flag)
               end
 
+              if type1_msg.flag & NTLM::NEGOTIATE_FLAGS[:EXTENDED_SECURITY] == NTLM::NEGOTIATE_FLAGS[:EXTENDED_SECURITY]
+                msg.flag |= NTLM::NEGOTIATE_FLAGS[:EXTENDED_SECURITY]
+              end
+
               @server_challenge = @provider.generate_server_challenge
               msg.challenge = @server_challenge.unpack1('Q<') # 64-bit unsigned, little endian (uint64_t)
               target_info = Net::NTLM::TargetInfo.new('')
@@ -109,6 +113,7 @@ module RubySMB
           def process_ntlm_type3(type3_msg)
             if type3_msg.user == '' && type3_msg.domain == ''
               if @provider.allow_anonymous
+                @session_key = "\x00".b * 16 # see MS-NLMP section 3.4
                 return WindowsError::NTStatus::STATUS_SUCCESS
               end
 
@@ -122,6 +127,12 @@ module RubySMB
               domain: type3_msg.domain
             )
             if account.nil?
+              if @provider.allow_guests
+                logger.info("NTLM authentication request succeeded for #{dbg_string} (guest)")
+                @session_key = "\x00".b * 16 # see MS-NLMP section 3.4
+                return WindowsError::NTStatus::STATUS_SUCCESS
+              end
+
               logger.info("NTLM authentication request failed for #{dbg_string} (no account)")
               return WindowsError::NTStatus::STATUS_LOGON_FAILURE
             end
@@ -229,25 +240,31 @@ module RubySMB
                 domain: type3_msg.domain
               )
               if account.nil?
-                if @provider.allow_anonymous
+                if type3_msg.user == ''
+                  is_guest = false
                   identity = IDENTITY_ANONYMOUS
+                else
+                  is_guest = true
+                  identity = Account.new(type3_msg.user.encode(''.encoding), '', type3_msg.domain.encode(''.encoding)).to_s
                 end
               else
+                is_guest = false
                 identity = account.to_s
               end
             end
 
-            Result.new(buffer, nt_status, identity)
+            Result.new(buffer, nt_status, identity, is_guest)
           end
         end
 
         # @param [Boolean] allow_anonymous whether or not to allow anonymous authentication attempts
         # @param [String] default_domain the default domain to use for authentication, unless specified 'WORKGROUP' will
         #   be used
-        def initialize(allow_anonymous: false, default_domain: 'WORKGROUP')
+        def initialize(allow_anonymous: false, allow_guests: false, default_domain: 'WORKGROUP')
           raise ArgumentError, 'Must specify a default domain' unless default_domain
 
           @allow_anonymous = allow_anonymous
+          @allow_guests = allow_guests
           @default_domain = default_domain
           @accounts = []
           @generate_server_challenge = -> { SecureRandom.bytes(8) }

data/lib/ruby_smb/gss/provider.rb

@@ -7,7 +7,11 @@ module RubySMB
       # A special constant implying that the authenticated user is anonymous.
       IDENTITY_ANONYMOUS = :anonymous
       # The result of a processed GSS request.
-      Result = Struct.new(:buffer, :nt_status, :identity)
+      Result = Struct.new(:buffer, :nt_status, :identity, :is_guest) do
+        def is_anonymous
+          identity == Gss::Provider::IDENTITY_ANONYMOUS
+        end
+      end
 
       #
       # The base class for a GSS authentication provider. This class defines a common interface and is not usable as a
@@ -26,6 +30,11 @@ module RubySMB
         # Whether or not anonymous authentication attempts should be permitted.
         #
         attr_accessor :allow_anonymous
+
+        #
+        # Whether or not unknown users should be allowed to authenticate as guests.
+        #
+        attr_accessor :allow_guests
       end
     end
   end

data/lib/ruby_smb/server/server_client/encryption.rb

@@ -0,0 +1,66 @@
+module RubySMB
+  class Server
+    class ServerClient
+      # Contains the methods for handling encryption / decryption
+      module Encryption
+        def smb3_encrypt(data, session)
+          encryption_algorithm = SMB2::EncryptionCapabilities::ENCRYPTION_ALGORITHM_MAP[@cipher_id]
+          raise RubySMB::Error::EncryptionError.new('The encryption algorithm has not been set') if encryption_algorithm.nil?
+
+          key_bit_len = OpenSSL::Cipher.new(encryption_algorithm).key_len * 8
+
+          case @dialect
+          when '0x0300', '0x0302'
+            server_encryption_key = RubySMB::Crypto::KDF.counter_mode(
+              session.key,
+              "SMB2AESCCM\x00",
+              "ServerOut\x00",
+              length: key_bit_len
+            )
+          when '0x0311'
+            server_encryption_key = RubySMB::Crypto::KDF.counter_mode(
+              session.key,
+              "SMBS2CCipherKey\x00",
+              @preauth_integrity_hash_value,
+              length: key_bit_len
+            )
+          else
+            raise RubySMB::Error::EncryptionError.new('Dialect is incompatible with SMBv3 decryption')
+          end
+
+          th = RubySMB::SMB2::Packet::TransformHeader.new(flags: 1, session_id: session.id)
+          th.encrypt(data, server_encryption_key, algorithm: encryption_algorithm)
+          th
+        end
+
+        def smb3_decrypt(encrypted_request, session)
+          encryption_algorithm = SMB2::EncryptionCapabilities::ENCRYPTION_ALGORITHM_MAP[@cipher_id]
+          raise RubySMB::Error::EncryptionError.new('The encryption algorithm has not been set') if encryption_algorithm.nil?
+
+          key_bit_len = OpenSSL::Cipher.new(encryption_algorithm).key_len * 8
+
+          case @dialect
+          when '0x0300', '0x0302'
+            client_encryption_key = RubySMB::Crypto::KDF.counter_mode(
+              session.key,
+              "SMB2AESCCM\x00",
+              "ServerIn \x00",
+              length: key_bit_len
+            )
+          when '0x0311'
+            client_encryption_key = RubySMB::Crypto::KDF.counter_mode(
+              session.key,
+              "SMBC2SCipherKey\x00",
+              @preauth_integrity_hash_value,
+              length: key_bit_len
+            )
+          else
+            raise RubySMB::Error::EncryptionError.new('Dialect is incompatible with SMBv3 encryption')
+          end
+
+          encrypted_request.decrypt(client_encryption_key, algorithm: encryption_algorithm)
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/server/server_client/negotiation.rb

@@ -119,14 +119,25 @@ module RubySMB
             )
 
             nc = request.find_negotiate_context(SMB2::NegotiateContext::SMB2_ENCRYPTION_CAPABILITIES)
-            cipher = nc&.data&.ciphers&.first
-            cipher = 0 unless SMB2::EncryptionCapabilities::ENCRYPTION_ALGORITHM_MAP.include? cipher
+            ciphers = nc&.data&.ciphers
+            if ciphers
+              cipher = ciphers.find { |cipher| SMB2::EncryptionCapabilities::ENCRYPTION_ALGORITHM_MAP.include?(cipher) }
+              @cipher_id = cipher unless cipher.nil?
+            end
+
             contexts << SMB2::NegotiateContext.new(
               context_type: SMB2::NegotiateContext::SMB2_ENCRYPTION_CAPABILITIES,
               data: {
-                ciphers: [ cipher ]
+                ciphers: [ @cipher_id ]
               }
             )
+          elsif dialect == '0x0300' || dialect == '0x0302'
+            if request.capabilities.encryption == 1
+              response.capabilities.encryption = 1
+              @cipher_id = SMB2::EncryptionCapabilities::AES_128_CCM
+            else
+              response.capabilities = 0
+            end
           end
 
           # the order in which the response is built is important to ensure it is valid

data/lib/ruby_smb/server/server_client/session_setup.rb

@@ -2,7 +2,7 @@ module RubySMB
   class Server
     class ServerClient
       module SessionSetup
-        def do_session_setup_smb1(request, session)
+        def do_session_setup_andx_smb1(request, session)
           session_id = request.smb_header.uid
           if session_id == 0
             session_id = rand(1..0x10000)
@@ -41,6 +41,17 @@ module RubySMB
           response
         end
 
+        alias :do_session_setup_smb1 :do_session_setup_andx_smb1
+
+        def do_logoff_andx_smb1(request, session)
+          # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-cifs/00fc0299-496c-4330-9089-67358994f272
+          @session_table.delete(request.smb_header.uid)
+          session.logoff!
+
+          response = SMB1::Packet::LogoffResponse.new
+          response
+        end
+
         def do_session_setup_smb2(request, session)
           session_id = request.smb2_header.session_id
           if session_id == 0
@@ -67,11 +78,16 @@ module RubySMB
 
           update_preauth_hash(request) if @dialect == '0x0311'
           if gss_result.nt_status == WindowsError::NTStatus::STATUS_SUCCESS
-            response.smb2_header.credits = 32
             session.state = :valid
             session.user_id = gss_result.identity
+            session.is_guest = !!gss_result.is_guest
             session.key = @gss_authenticator.session_key
-            session.signing_required = request.security_mode.signing_required == 1
+            session.signing_required = request.security_mode.signing_required == 1 || (!session.is_guest && !session.is_anonymous)
+
+            response.smb2_header.credits = 32
+            @cipher_id = 0 if session.is_anonymous || session.is_guest # disable encryption for anonymous users and guest users which have a null session key
+            response.session_flags.encrypt_data = 1 unless @cipher_id == 0
+            response.session_flags.guest = session.is_guest
           elsif gss_result.nt_status == WindowsError::NTStatus::STATUS_MORE_PROCESSING_REQUIRED && @dialect == '0x0311'
             update_preauth_hash(response)
           end
@@ -80,7 +96,8 @@ module RubySMB
         end
 
         def do_logoff_smb2(request, session)
-          session = @session_table.delete(session.id)
+          # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/a6fbc502-75a5-42ef-a88c-c67b44817850
+          @session_table.delete(session.id)
           session.logoff!
 
           response = SMB2::Packet::LogoffResponse.new

data/lib/ruby_smb/server/server_client/share_io.rb

@@ -2,6 +2,23 @@ module RubySMB
   class Server
     class ServerClient
       module ShareIO
+        def proxy_share_io_smb1(request, session)
+          share_processor = session.tree_connect_table[request.smb_header.tid]
+          if share_processor.nil?
+            response = SMB1::Packet::EmptyPacket.new
+            response.smb_header.nt_status = WindowsError::NTStatus::STATUS_NETWORK_NAME_DELETED
+            return response
+          end
+
+          logger.debug("Received #{SMB1::Commands.name(request.smb_header.command)} request for share: #{share_processor.provider.name}")
+          share_processor.send(__callee__, request)
+        end
+
+        alias :do_close_smb1          :proxy_share_io_smb1
+        alias :do_nt_create_andx_smb1 :proxy_share_io_smb1
+        alias :do_read_andx_smb1      :proxy_share_io_smb1
+        alias :do_transactions2_smb1  :proxy_share_io_smb1
+
         def proxy_share_io_smb2(request, session)
           # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/9a639360-87be-4d49-a1dd-4c6be0c020bd
           share_processor = session.tree_connect_table[request.smb2_header.tree_id]

data/lib/ruby_smb/server/server_client/tree_connect.rb

@@ -3,6 +3,43 @@ module RubySMB
     class ServerClient
       MAX_TREE_CONNECTIONS = 1000
       module TreeConnect
+        def do_tree_connect_smb1(request, session)
+          # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-cifs/b062f3e3-1b65-4a9a-854a-0ee432499d8f
+          response = RubySMB::SMB1::Packet::TreeConnectResponse.new
+
+          share_name = request.data_block.path.encode('UTF-8').split('\\', 4).last
+          share_provider = @server.shares.transform_keys(&:downcase)[share_name.downcase]
+          if share_provider.nil?
+            logger.warn("Received TREE_CONNECT request for non-existent share: #{share_name}")
+            response.smb_header.nt_status = WindowsError::NTStatus::STATUS_OBJECT_PATH_NOT_FOUND
+            return response
+          end
+          logger.debug("Received TREE_CONNECT request for share: #{share_name}")
+
+          tree_id = rand(1..0xfffe)
+          tree_id = rand(1..0xfffe) while session.tree_connect_table.include?(tree_id)
+
+          response.smb_header.tid = tree_id
+          session.tree_connect_table[tree_id] = share_processor = share_provider.new_processor(self, session)
+          response.parameter_block.access_rights = share_processor.maximal_access
+
+          response
+        end
+
+        def do_tree_disconnect_smb1(request, session)
+          share_processor = session.tree_connect_table.delete(request.smb_header.tid)
+          if share_processor.nil?
+            response = RubySMB::SMB1::Packet::EmptyPacket.new
+            response.smb_header.nt_status = WindowsError::NTStatus::STATUS_NETWORK_NAME_DELETED
+            return response
+          end
+
+          logger.debug("Received TREE_DISCONNECT request for share: #{share_processor.provider.name}")
+          share_processor.disconnect!
+          response = RubySMB::SMB1::Packet::TreeDisconnectResponse.new
+          response
+        end
+
         def do_tree_connect_smb2(request, session)
           response = RubySMB::SMB2::Packet::TreeConnectResponse.new
           response.smb2_header.credits = 1
@@ -13,7 +50,7 @@ module RubySMB
           end
 
           share_name = request.path.encode('UTF-8').split('\\', 4).last
-          share_provider = @server.shares[share_name]
+          share_provider = @server.shares.transform_keys(&:downcase)[share_name.downcase]
 
           if share_provider.nil?
             logger.warn("Received TREE_CONNECT request for non-existent share: #{share_name}")
@@ -31,8 +68,8 @@ module RubySMB
             RubySMB::SMB2::Packet::TreeConnectResponse::SMB2_SHARE_TYPE_PRINT
           end
 
-          tree_id = rand(0xffffffff)
-          tree_id = rand(0xffffffff) while session.tree_connect_table.include?(tree_id)
+          tree_id = rand(1..0xfffffffe)
+          tree_id = rand(1..0xfffffffe) while session.tree_connect_table.include?(tree_id)
 
           response.smb2_header.tree_id = tree_id
           session.tree_connect_table[tree_id] = share_processor = share_provider.new_processor(self, session)