ruby_smb 3.0.6 → 3.1.2

data/lib/ruby_smb/server/server_client.rb

@@ -6,18 +6,20 @@ module RubySMB
 
       require 'ruby_smb/dialect'
       require 'ruby_smb/signing'
+      require 'ruby_smb/server/server_client/encryption'
       require 'ruby_smb/server/server_client/negotiation'
       require 'ruby_smb/server/server_client/session_setup'
       require 'ruby_smb/server/server_client/share_io'
       require 'ruby_smb/server/server_client/tree_connect'
 
       include RubySMB::Signing
+      include RubySMB::Server::ServerClient::Encryption
       include RubySMB::Server::ServerClient::Negotiation
       include RubySMB::Server::ServerClient::SessionSetup
       include RubySMB::Server::ServerClient::ShareIO
       include RubySMB::Server::ServerClient::TreeConnect
 
-      attr_reader :dialect, :session_table
+      attr_reader :dialect, :dispatcher, :session_table
 
       # @param [Server] server the server that accepted this connection
       # @param [Dispatcher::Socket] dispatcher the connection's socket dispatcher
@@ -25,6 +27,8 @@ module RubySMB
         @server = server
         @dispatcher = dispatcher
         @dialect = nil
+        @sequence_counter = 0
+        @cipher_id = 0
         @gss_authenticator = server.gss_provider.new_authenticator(self)
         @preauth_integrity_hash_algorithm = nil
         @preauth_integrity_hash_value = nil
@@ -53,6 +57,14 @@ module RubySMB
         @dispatcher.tcp_socket.getpeername
       end
 
+      def peerhost
+        ::Socket::unpack_sockaddr_in(getpeername)[1]
+      end
+
+      def peerport
+        ::Socket::unpack_sockaddr_in(getpeername)[0]
+      end
+
       #
       # Handle a request after the dialect has been negotiated. This is the main
       # handler for all requests after the connection has been established. If a
@@ -75,8 +87,10 @@ module RubySMB
 
           begin
             response = handle_smb1(raw_request, header)
-          rescue NotImplementedError
-            logger.error("Caught a NotImplementedError while handling a #{SMB1::Commands.name(header.command)} request")
+          rescue NotImplementedError => e
+            message = "Caught a NotImplementedError while handling a #{SMB1::Commands.name(header.command)} request"
+            message << " (#{e.message})" if e.message
+            logger.error(message)
             response = RubySMB::SMB1::Packet::EmptyPacket.new
             response.smb_header.nt_status = WindowsError::NTStatus::STATUS_NOT_SUPPORTED
           end
@@ -86,6 +100,12 @@ module RubySMB
             if response.is_a?(SMB1::Packet::EmptyPacket)
               response.smb_header.command = header.command if response.smb_header.command == 0
               response.smb_header.flags.reply = 1
+              nt_status = response.smb_header.nt_status.to_i
+              message = "Sending an error packet for SMB1 command: #{SMB1::Commands.name(header.command)}, status: 0x#{nt_status.to_s(16).rjust(8, '0')}"
+              if (nt_status_name = WindowsError::NTStatus.find_by_retval(nt_status).first&.name)
+                message << " (#{nt_status_name})"
+              end
+              logger.info(message)
             end
 
             response.smb_header.pid_high = header.pid_high if response.smb_header.pid_high == 0
@@ -95,33 +115,23 @@ module RubySMB
             response.smb_header.mid = header.mid if response.smb_header.mid == 0
           end
         when RubySMB::SMB2::SMB2_PROTOCOL_ID
+          response = _handle_smb2(raw_request)
+        when RubySMB::SMB2::SMB2_TRANSFORM_PROTOCOL_ID
           begin
-            header = RubySMB::SMB2::SMB2Header.read(raw_request)
+            header = RubySMB::SMB2::Packet::TransformHeader.read(raw_request)
           rescue IOError => e
-            logger.error("Caught a #{e.class} while reading the SMB2 header (#{e.message})")
+            logger.error("Caught a #{e.class} while reading the SMB3 Transform header")
             disconnect!
             return
           end
 
           begin
-            response = handle_smb2(raw_request, header)
+            response = handle_smb3_transform(raw_request, header)
           rescue NotImplementedError
-            logger.error("Caught a NotImplementedError while handling a #{SMB2::Commands.name(header.command)} request")
+            logger.error("Caught a NotImplementedError while handling a SMB3 Transform request")
             response = SMB2::Packet::ErrorPacket.new
             response.smb2_header.nt_status = WindowsError::NTStatus::STATUS_NOT_SUPPORTED
-          end
-
-          unless response.nil?
-            # set these header fields if they were not initialized
-            if response.is_a?(SMB2::Packet::ErrorPacket)
-              response.smb2_header.command = header.command if response.smb2_header.command == 0
-              response.smb2_header.flags.reply = 1
-            end
-
-            response.smb2_header.credits = 1 if response.smb2_header.credits == 0
-            response.smb2_header.message_id = header.message_id if response.smb2_header.message_id == 0
-            response.smb2_header.session_id = header.session_id if response.smb2_header.session_id == 0
-            response.smb2_header.tree_id = header.tree_id if response.smb2_header.tree_id == 0
+            response.smb2_header.session_id = header.session_id
           end
         end
 
@@ -193,17 +203,8 @@ module RubySMB
 
         packet = @dispatcher.recv_packet
         if packet && packet.length >= 4 && packet[0...4].unpack1('L>') == RubySMB::SMB2::SMB2_PROTOCOL_ID
-          header = RubySMB::SMB2::SMB2Header.read(packet)
-          unless header.next_command == 0
-            until header.next_command == 0
-              @in_packet_queue.push(packet[0...header.next_command])
-              packet = packet[header.next_command..-1]
-              header = RubySMB::SMB2::SMB2Header.read(packet)
-            end
-
-            @in_packet_queue.push(packet)
-            packet = @in_packet_queue.shift
-          end
+          @in_packet_queue += split_smb2_chain(packet)
+          packet = @in_packet_queue.shift
         end
 
         packet
@@ -214,16 +215,24 @@ module RubySMB
       #
       # @param [GenericPacket] packet the packet to send
       def send_packet(packet)
-        case metadialect&.order
-        when Dialect::ORDER_SMB1
+        case metadialect&.family
+        when Dialect::FAMILY_SMB1
           session_id = packet.smb_header.uid
-        when Dialect::ORDER_SMB2
+        when Dialect::FAMILY_SMB2
           session_id = packet.smb2_header.session_id
+        when Dialect::FAMILY_SMB3
+          if packet.is_a?(RubySMB::SMB2::Packet::TransformHeader)
+            session_id = packet.session_id
+          else
+            session_id = packet.smb2_header.session_id
+          end
         end
         session = @session_table[session_id]
 
-        unless session.nil? || session.is_anonymous || session.key.nil?
+        unless session.nil? || session.is_anonymous || session.key.nil? || packet.is_a?(RubySMB::SMB2::Packet::TransformHeader)
           case metadialect&.family
+          when Dialect::FAMILY_SMB1
+            packet = Signing::smb1_sign(packet, session.key, @sequence_counter)
           when Dialect::FAMILY_SMB2
             packet = Signing::smb2_sign(packet, session.key)
           when Dialect::FAMILY_SMB3
@@ -231,6 +240,7 @@ module RubySMB
           end
         end
 
+        @sequence_counter += 1
         @dispatcher.send_packet(packet)
       end
 
@@ -260,12 +270,36 @@ module RubySMB
       # @param [RubySMB::SMB1::SMBHeader] header The request header.
       # @return [RubySMB::GenericPacket]
       def handle_smb1(raw_request, header)
-        # session = @session_table[header.uid]
-        session = nil
+        session = @session_table[header.uid]
+
+        if session.nil? && !(header.command == SMB1::Commands::SMB_COM_SESSION_SETUP_ANDX && header.uid == 0)
+          response = SMB1::Packet::EmptyPacket.new
+          response.smb_header.nt_status = WindowsError::NTStatus::STATUS_USER_SESSION_DELETED
+          return response
+        end
+        if session&.state == :expired
+          response = SMB1::Packet::EmptyPacket.new
+          response.smb_header.nt_status = WindowsError::NTStatus::STATUS_NETWORK_SESSION_EXPIRED
+          return response
+        end
 
         case header.command
+        when SMB1::Commands::SMB_COM_CLOSE
+          dispatcher, request_class = :do_close_smb1, SMB1::Packet::CloseRequest
+        when SMB1::Commands::SMB_COM_TREE_DISCONNECT
+          dispatcher, request_class = :do_tree_disconnect_smb1, SMB1::Packet::TreeDisconnectRequest
+        when SMB1::Commands::SMB_COM_LOGOFF_ANDX
+          dispatcher, request_class = :do_logoff_andx_smb1, SMB1::Packet::LogoffRequest
+        when SMB1::Commands::SMB_COM_NT_CREATE_ANDX
+          dispatcher, request_class = :do_nt_create_andx_smb1, SMB1::Packet::NtCreateAndxRequest
+        when SMB1::Commands::SMB_COM_READ_ANDX
+          dispatcher, request_class = :do_read_andx_smb1, SMB1::Packet::ReadAndxRequest
         when SMB1::Commands::SMB_COM_SESSION_SETUP_ANDX
-          dispatcher, request_class = :do_session_setup_smb1, SMB1::Packet::SessionSetupRequest
+          dispatcher, request_class = :do_session_setup_andx_smb1, SMB1::Packet::SessionSetupRequest
+        when SMB1::Commands::SMB_COM_TRANSACTION2
+          dispatcher, request_class = :do_transactions2_smb1, SMB1::Packet::Trans2::Request
+        when SMB1::Commands::SMB_COM_TREE_CONNECT
+          dispatcher, request_class = :do_tree_connect_smb1, SMB1::Packet::TreeConnectRequest
         else
           logger.warn("The SMB1 #{SMB1::Commands.name(header.command)} command is not supported")
           raise NotImplementedError
@@ -276,10 +310,13 @@ module RubySMB
         rescue IOError, RubySMB::Error::InvalidPacket => e
           logger.error("Caught a #{e.class} while reading the SMB1 #{request_class} (#{e.message})")
           response = RubySMB::SMB1::Packet::EmptyPacket.new
+          response.smb_header.nt_status = WindowsError::NTStatus::STATUS_DATA_ERROR
+          return response
         end
 
         if request.is_a?(SMB1::Packet::EmptyPacket)
           logger.error("Received an error packet for SMB1 command: #{SMB1::Commands.name(header.command)}")
+          response = RubySMB::SMB1::Packet::EmptyPacket.new
           response.smb_header.nt_status = WindowsError::NTStatus::STATUS_DATA_ERROR
           return response
         end
@@ -304,6 +341,11 @@ module RubySMB
           response.smb2_header.nt_status = WindowsError::NTStatus::STATUS_USER_SESSION_DELETED
           return response
         end
+        if session&.state == :expired
+          response = SMB2::Packet::ErrorPacket.new
+          response.smb2_header.nt_status = WindowsError::NTStatus::STATUS_NETWORK_SESSION_EXPIRED
+          return response
+        end
 
         case header.command
         when SMB2::Commands::CLOSE
@@ -347,6 +389,82 @@ module RubySMB
         logger.debug("Dispatching request to #{dispatcher} (session: #{session.inspect})")
         send(dispatcher, request, session)
       end
+
+      def _handle_smb2(raw_request)
+        begin
+          header = RubySMB::SMB2::SMB2Header.read(raw_request)
+        rescue IOError => e
+          logger.error("Caught a #{e.class} while reading the SMB2 header (#{e.message})")
+          disconnect!
+          return
+        end
+
+        begin
+          response = handle_smb2(raw_request, header)
+        rescue NotImplementedError
+          logger.error("Caught a NotImplementedError while handling a #{SMB2::Commands.name(header.command)} request")
+          response = SMB2::Packet::ErrorPacket.new
+          response.smb2_header.nt_status = WindowsError::NTStatus::STATUS_NOT_SUPPORTED
+        end
+
+        unless response.nil?
+          # set these header fields if they were not initialized
+          if response.is_a?(SMB2::Packet::ErrorPacket)
+            response.smb2_header.command = header.command if response.smb2_header.command == 0
+            response.smb2_header.flags.reply = 1
+            nt_status = response.smb2_header.nt_status.to_i
+            message = "Sending an error packet for SMB2 command: #{SMB2::Commands.name(header.command)}, status: 0x#{nt_status.to_s(16).rjust(8, '0')}"
+            if (nt_status_name = WindowsError::NTStatus.find_by_retval(nt_status).first&.name)
+              message << " (#{nt_status_name})"
+            end
+            logger.info(message)
+          end
+
+          response.smb2_header.credits = 1 if response.smb2_header.credits == 0
+          response.smb2_header.message_id = header.message_id if response.smb2_header.message_id == 0
+          response.smb2_header.session_id = header.session_id if response.smb2_header.session_id == 0
+          response.smb2_header.tree_id = header.tree_id if response.smb2_header.tree_id == 0
+        end
+
+        response
+      end
+
+      def handle_smb3_transform(raw_request, header)
+        session = @session_table[header.session_id]
+        if session.nil?
+          response = SMB2::Packet::ErrorPacket.new
+          response.smb2_header.nt_status = WindowsError::NTStatus::STATUS_USER_SESSION_DELETED
+          return response
+        end
+
+        chain = split_smb2_chain(smb3_decrypt(header, session))
+        chain[0...-1].each do |pt_raw_request|
+          pt_response = _handle_smb2(pt_raw_request)
+          return if pt_response.nil?
+
+          send_packet(smb3_encrypt(pt_response, session))
+        end
+
+        pt_response = _handle_smb2(chain.last)
+        return if pt_response.nil?
+
+        smb3_encrypt(pt_response, session)
+      end
+
+      def split_smb2_chain(buffer)
+        chain = []
+        header = RubySMB::SMB2::SMB2Header.read(buffer)
+        unless header.next_command == 0
+          until header.next_command == 0
+            chain << buffer[0...header.next_command]
+            buffer = buffer[header.next_command..-1]
+            header = RubySMB::SMB2::SMB2Header.read(buffer)
+          end
+        end
+
+        chain << buffer
+        chain
+      end
     end
   end
 end

data/lib/ruby_smb/server/session.rb

@@ -64,7 +64,7 @@ module RubySMB
       attr_accessor :tree_connect_table
 
       # Untyped hash for storing additional arbitrary metadata about the current session
-      # @!attribute [rw] metadaa
+      # @!attribute [rw] metadata
       #   @return [Hash]
       attr_accessor :metadata
 
@@ -72,6 +72,10 @@ module RubySMB
       # @!attribute [r] creation_time
       #   @return [Time]
       attr_reader   :creation_time
+
+      # Whether or not the authenticated user is a guest.
+      # @!attribute [rw] is_guest
+      attr_accessor :is_guest
     end
   end
 end

data/lib/ruby_smb/server/share/provider/disk/file_system.rb

@@ -0,0 +1,28 @@
+module RubySMB
+  class Server
+    module Share
+      module Provider
+        class Disk < Base
+          module FileSystem
+            # define attributes of the file system to emulate
+            FileSystem = Struct.new(
+              :name,
+              :max_name_bytes,
+              :case_sensitive_search,
+              :case_preserved_names,
+              :unicode_on_disk
+            )
+
+            NTFS = FileSystem.new(
+              'NTFS',
+              255,
+              true,
+              true,
+              true
+            )
+          end
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/server/share/provider/disk/processor/close.rb

@@ -0,0 +1,46 @@
+require 'ruby_smb/server/share/provider/processor'
+
+module RubySMB
+  class Server
+    module Share
+      module Provider
+        class Disk < Base
+          class Processor < Provider::Processor::Base
+            module Close
+              def do_close_smb1(request)
+                # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-cifs/99b767e2-8f0e-438b-ace5-4323940f2dc8
+                handle = @handles.delete(request.parameter_block.fid)
+                if handle.nil?
+                  response = RubySMB::SMB1::Packet::EmptyPacket.new
+                  response.smb_header.nt_status = WindowsError::NTStatus::STATUS_INVALID_HANDLE
+                  return response
+                end
+
+                handle.file.close if handle.file
+
+                response = RubySMB::SMB1::Packet::CloseResponse.new
+                response
+              end
+
+              def do_close_smb2(request)
+                handle = @handles.delete(request.file_id.to_binary_s)
+                if handle.nil?
+                  response = RubySMB::SMB2::Packet::ErrorPacket.new
+                  response.smb2_header.nt_status = WindowsError::NTStatus::STATUS_FILE_CLOSED
+                  return response
+                end
+
+                handle.file.close if handle.file
+
+                response = RubySMB::SMB2::Packet::CloseResponse.new
+                set_common_info(response, handle.local_path)
+                response.flags = 1
+                response
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/server/share/provider/disk/processor/create.rb

@@ -0,0 +1,143 @@
+require 'zlib'
+require 'ruby_smb/server/share/provider/processor'
+
+module RubySMB
+  class Server
+    module Share
+      module Provider
+        class Disk < Base
+          class Processor < Provider::Processor::Base
+            module Create
+              def do_nt_create_andx_smb1(request)
+                path = request.data_block.file_name.snapshot
+                path = path.encode.gsub(/\/|\\/, File::SEPARATOR)
+                path = path.delete_prefix(File::SEPARATOR)
+                local_path = get_local_path(path)
+                unless local_path && (local_path.file? || local_path.directory?)
+                  logger.warn("Requested path does not exist: #{local_path}")
+                  response = SMB1::Packet::EmptyPacket.new
+                  response.smb_header.nt_status = WindowsError::NTStatus::STATUS_NO_SUCH_FILE
+                  return response
+                end
+
+                response = SMB1::Packet::NtCreateAndxResponse.new
+                block = response.parameter_block
+                block.fid = rand(0xffff)
+                # fields are slightly different so #set_common_info can't be used :(
+                begin
+                  block.create_time = local_path.birthtime
+                rescue NotImplementedError
+                  logger.warn("The file system does not support #birthtime for #{path}")
+                end
+
+                block.last_access_time = local_path.atime
+                block.last_write_time = local_path.mtime
+                block.last_change_time = local_path.ctime
+                if local_path.file?
+                  block.end_of_file = local_path.size
+                  block.allocation_size = get_allocation_size(local_path)
+                end
+
+                @handles[response.parameter_block.fid] = Handle.new(path, local_path, false, local_path.file? ? local_path.open : nil)
+                response
+              end
+
+              def do_create_smb2(request)
+                unless request.create_disposition == RubySMB::Dispositions::FILE_OPEN
+                  logger.warn("Can not handle CREATE request for disposition: #{request.create_disposition}")
+                  raise NotImplementedError
+                end
+
+                # process the delayed io fields
+                request.name.read_now!
+                unless request.contexts_offset == 0
+                  request.contexts.read_now!
+                  request.contexts.each do |context|
+                    context.name.read_now!
+                    context.data.read_now!
+                  end
+                end
+
+                path = request.name.snapshot
+                local_path = get_local_path(path)
+                unless local_path && (local_path.file? || local_path.directory?)
+                  logger.warn("Requested path does not exist: #{local_path}")
+                  response = RubySMB::SMB2::Packet::ErrorPacket.new
+                  response.smb2_header.nt_status = WindowsError::NTStatus::STATUS_OBJECT_NAME_NOT_FOUND
+                  return response
+                end
+
+                durable = false
+                response = RubySMB::SMB2::Packet::CreateResponse.new
+                response.create_action = RubySMB::CreateActions::FILE_OPENED
+                set_common_info(response, local_path)
+                response.file_id.persistent = Zlib::crc32(path)
+                response.file_id.volatile = rand(0xffffffff)
+
+                request.contexts.each do |req_ctx|
+                  case req_ctx.name
+                  when SMB2::CreateContext::CREATE_DURABLE_HANDLE
+                    # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/9adbc354-5fad-40e7-9a62-4a4b6c1ff8a0
+                    next if request.contexts.any? { |ctx| ctx.name == SMB2::CreateContext::CREATE_DURABLE_HANDLE_RECONNECT }
+
+                    if request.contexts.any? { |ctx| [ SMB2::CreateContext::CREATE_DURABLE_HANDLE_V2, SMB2::CreateContext::CREATE_DURABLE_HANDLE_RECONNECT_v2 ].include?(ctx.name) }
+                      response = RubySMB::SMB2::Packet::ErrorPacket.new
+                      response.smb2_header.nt_status = WindowsError::NTStatus::STATUS_INVALID_PARAMETER
+                      return response
+                    end
+
+                    durable = true
+                    res_ctx = SMB2::CreateContext::CreateDurableHandleResponse.new
+                  when SMB2::CreateContext::CREATE_DURABLE_HANDLE_V2
+                    # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/33e6800a-adf5-4221-af27-7e089b9e81d1
+                    if request.contexts.any? { |ctx| [ SMB2::CreateContext::CREATE_DURABLE_HANDLE, SMB2::CreateContext::CREATE_DURABLE_HANDLE_RECONNECT, SMB2::CreateContext::CREATE_DURABLE_HANDLE_RECONNECT_v2 ].include?(ctx.name) }
+                      response = RubySMB::SMB2::Packet::ErrorPacket.new
+                      response.smb2_header.nt_status = WindowsError::NTStatus::STATUS_INVALID_PARAMETER
+                      return response
+                    end
+
+                    durable = true
+                    res_ctx = SMB2::CreateContext::CreateDurableHandleV2Response.new(
+                      timeout: 1000,
+                      flags: req_ctx.data.flags
+                    )
+                  when SMB2::CreateContext::CREATE_QUERY_MAXIMAL_ACCESS
+                    res_ctx = SMB2::CreateContext::CreateQueryMaximalAccessResponse.new(
+                      maximal_access: maximal_access(path)
+                    )
+                  when SMB2::CreateContext::CREATE_QUERY_ON_DISK_ID
+                    res_ctx = SMB2::CreateContext::CreateQueryOnDiskIdResponse.new(
+                      disk_file_id: local_path.stat.ino,
+                      volume_id: local_path.stat.dev
+                    )
+                  else
+                    logger.warn("Can not handle CREATE context: #{req_ctx.name}")
+                    next
+                  end
+
+                  response.contexts << SMB2::CreateContext::CreateContextResponse.new(name: res_ctx.class::NAME, data: res_ctx)
+                end
+
+                if response.contexts.length > 0
+                  # fixup the offsets
+                  response.contexts[0...-1].each do |ctx|
+                    ctx.next_offset = ctx.num_bytes
+                  end
+                  response.contexts[-1].next_offset = 0
+                  response.contexts_offset = response.buffer.abs_offset
+                  response.contexts_length = response.buffer.num_bytes
+                else
+                  response.contexts_offset = 0
+                  response.contexts_length = 0
+                end
+
+                @handles[response.file_id.to_binary_s] = Handle.new(path, local_path, durable, local_path.file? ? local_path.open : nil)
+                response
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end