ruby_smb 3.1.0 → 3.1.3

data/lib/ruby_smb/fscc/file_information.rb

@@ -17,10 +17,26 @@ module RubySMB
       # contents of a directory.
       FILE_BOTH_DIRECTORY_INFORMATION    = 0x03
 
+      # Information class used to query or set file information.
+      FILE_BASIC_INFORMATION             = 0x04
+
+      # Information class is used to query file information.
+      FILE_STANDARD_INFORMATION          = 0x05
+
+      # Information class used to query for the file system's 64-bit file ID.
+      FILE_INTERNAL_INFORMATION          = 0x06
+
       # Information class used to query for the size of the extended attributes
       # (EA) for a file.
       FILE_EA_INFORMATION                = 0x07
 
+      # Information class used to query the access rights of a file that were
+      # granted when the file was opened.
+      FILE_ACCESS_INFORMATION            = 0x08
+
+      # Information class is used locally to query the name of a file.
+      FILE_NAME_INFORMATION              = 0x09
+
       # Information class used to rename a file.
       FILE_RENAME_INFORMATION            = 0x0A
 
@@ -31,6 +47,17 @@ module RubySMB
       # Information class used to mark a file for deletion.
       FILE_DISPOSITION_INFORMATION       = 0x0D
 
+      # Information class used to query or set the position of the file pointer
+      # within a file.
+      FILE_POSITION_INFORMATION          = 0x0E
+
+      # Information class used to query or set the mode of the file.
+      FILE_MODE_INFORMATION              = 0x10
+
+      # Information class used to query the buffer alignment required by the
+      # underlying device.
+      FILE_ALIGNMENT_INFORMATION         = 0x11
+
       # Information class used to enumerate the data streams of a file or a
       # directory.
       FILE_STREAM_INFORMATION            = 0x16
@@ -57,6 +84,10 @@ module RubySMB
       FILE_NORMALIZED_NAME_INFORMATION = 0x30
 
 
+      # Information class is used to query a collection of file information
+      # structures.
+      FILE_ALL_INFORMATION = 0x12
+
       # These Information Classes can be used by SMB1 using the pass-through
       # Information Levels when available on the server (CAP_INFOLEVEL_PASSTHRU
       # capability flag in an SMB_COM_NEGOTIATE server response). The constant
@@ -69,25 +100,27 @@ module RubySMB
         constants.select { |c| c.upcase == c }.find { |c| const_get(c) == value }
       end
 
-      # The FILE_NAME_INFORMATION type as defined in
-      # https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-fscc/20406fb1-605f-4629-ba9a-c67ee25f23d2
-      class FileNameInformation < BinData::Record
-        endian :little
-        uint32           :file_name_length, label: 'File Name Length',  initial_value: -> { file_name.do_num_bytes }
-        string16         :file_name,        label: 'File Name',         read_length: -> { file_name_length }
-      end
-
       require 'ruby_smb/fscc/file_information/file_directory_information'
       require 'ruby_smb/fscc/file_information/file_full_directory_information'
       require 'ruby_smb/fscc/file_information/file_disposition_information'
       require 'ruby_smb/fscc/file_information/file_id_full_directory_information'
       require 'ruby_smb/fscc/file_information/file_both_directory_information'
       require 'ruby_smb/fscc/file_information/file_id_both_directory_information'
+      require 'ruby_smb/fscc/file_information/file_name_information'
       require 'ruby_smb/fscc/file_information/file_names_information'
+      require 'ruby_smb/fscc/file_information/file_normalized_name_information'
       require 'ruby_smb/fscc/file_information/file_rename_information'
       require 'ruby_smb/fscc/file_information/file_network_open_information'
       require 'ruby_smb/fscc/file_information/file_ea_information'
       require 'ruby_smb/fscc/file_information/file_stream_information'
+      require 'ruby_smb/fscc/file_information/file_basic_information'
+      require 'ruby_smb/fscc/file_information/file_standard_information'
+      require 'ruby_smb/fscc/file_information/file_internal_information'
+      require 'ruby_smb/fscc/file_information/file_access_information'
+      require 'ruby_smb/fscc/file_information/file_position_information'
+      require 'ruby_smb/fscc/file_information/file_mode_information'
+      require 'ruby_smb/fscc/file_information/file_alignment_information'
+      require 'ruby_smb/fscc/file_information/file_all_information'
     end
   end
 end

data/lib/ruby_smb/fscc/file_system_information/file_fs_attribute_information.rb

@@ -7,6 +7,7 @@ module RubySMB
         CLASS_LEVEL = FileSystemInformation::FILE_FS_ATTRIBUTE_INFORMATION
 
         endian :little
+
         struct   :file_system_attributes,            label: 'File System Attributes' do
           bit1   :file_supports_reparse_points,      label: 'FS Supports Reparse Points'
           bit1   :file_supports_sparse_files,        label: 'FS Supports Sparse Files'

data/lib/ruby_smb/fscc/file_system_information/file_fs_volume_information.rb

@@ -7,6 +7,7 @@ module RubySMB
         CLASS_LEVEL = FileSystemInformation::FILE_FS_VOLUME_INFORMATION
 
         endian :little
+
         file_time :volume_creation_time, label: 'Volume Creation Time'
         uint32    :volume_serial_number, label: 'Volume Serial Number'
         uint32    :volume_label_length,  label: 'Volume Label Length', initial_value: -> { volume_label.do_num_bytes }

data/lib/ruby_smb/fscc/file_system_information.rb

@@ -15,6 +15,10 @@ module RubySMB
       FILE_FS_VOLUME_FLAGS_INFORMATION = 10
       FILE_FS_SECTOR_SIZE_INFORMATION  = 11
 
+      def self.name(value)
+        constants.select { |c| c.upcase == c }.find { |c| const_get(c) == value }
+      end
+
       require 'ruby_smb/fscc/file_system_information/file_fs_attribute_information'
       require 'ruby_smb/fscc/file_system_information/file_fs_volume_information'
     end

data/lib/ruby_smb/gss/provider/ntlm.rb

@@ -78,6 +78,10 @@ module RubySMB
                 msg.flag |= NTLM::NEGOTIATE_FLAGS.fetch(flag)
               end
 
+              if type1_msg.flag & NTLM::NEGOTIATE_FLAGS[:EXTENDED_SECURITY] == NTLM::NEGOTIATE_FLAGS[:EXTENDED_SECURITY]
+                msg.flag |= NTLM::NEGOTIATE_FLAGS[:EXTENDED_SECURITY]
+              end
+
               @server_challenge = @provider.generate_server_challenge
               msg.challenge = @server_challenge.unpack1('Q<') # 64-bit unsigned, little endian (uint64_t)
               target_info = Net::NTLM::TargetInfo.new('')
@@ -109,6 +113,7 @@ module RubySMB
           def process_ntlm_type3(type3_msg)
             if type3_msg.user == '' && type3_msg.domain == ''
               if @provider.allow_anonymous
+                @session_key = "\x00".b * 16 # see MS-NLMP section 3.4
                 return WindowsError::NTStatus::STATUS_SUCCESS
               end
 
@@ -122,6 +127,12 @@ module RubySMB
               domain: type3_msg.domain
             )
             if account.nil?
+              if @provider.allow_guests
+                logger.info("NTLM authentication request succeeded for #{dbg_string} (guest)")
+                @session_key = "\x00".b * 16 # see MS-NLMP section 3.4
+                return WindowsError::NTStatus::STATUS_SUCCESS
+              end
+
               logger.info("NTLM authentication request failed for #{dbg_string} (no account)")
               return WindowsError::NTStatus::STATUS_LOGON_FAILURE
             end
@@ -229,25 +240,31 @@ module RubySMB
                 domain: type3_msg.domain
               )
               if account.nil?
-                if @provider.allow_anonymous
+                if type3_msg.user == ''
+                  is_guest = false
                   identity = IDENTITY_ANONYMOUS
+                else
+                  is_guest = true
+                  identity = Account.new(type3_msg.user.encode(''.encoding), '', type3_msg.domain.encode(''.encoding)).to_s
                 end
               else
+                is_guest = false
                 identity = account.to_s
               end
             end
 
-            Result.new(buffer, nt_status, identity)
+            Result.new(buffer, nt_status, identity, is_guest)
           end
         end
 
         # @param [Boolean] allow_anonymous whether or not to allow anonymous authentication attempts
         # @param [String] default_domain the default domain to use for authentication, unless specified 'WORKGROUP' will
         #   be used
-        def initialize(allow_anonymous: false, default_domain: 'WORKGROUP')
+        def initialize(allow_anonymous: false, allow_guests: false, default_domain: 'WORKGROUP')
           raise ArgumentError, 'Must specify a default domain' unless default_domain
 
           @allow_anonymous = allow_anonymous
+          @allow_guests = allow_guests
           @default_domain = default_domain
           @accounts = []
           @generate_server_challenge = -> { SecureRandom.bytes(8) }

data/lib/ruby_smb/gss/provider.rb

@@ -7,7 +7,11 @@ module RubySMB
       # A special constant implying that the authenticated user is anonymous.
       IDENTITY_ANONYMOUS = :anonymous
       # The result of a processed GSS request.
-      Result = Struct.new(:buffer, :nt_status, :identity)
+      Result = Struct.new(:buffer, :nt_status, :identity, :is_guest) do
+        def is_anonymous
+          identity == Gss::Provider::IDENTITY_ANONYMOUS
+        end
+      end
 
       #
       # The base class for a GSS authentication provider. This class defines a common interface and is not usable as a
@@ -26,6 +30,11 @@ module RubySMB
         # Whether or not anonymous authentication attempts should be permitted.
         #
         attr_accessor :allow_anonymous
+
+        #
+        # Whether or not unknown users should be allowed to authenticate as guests.
+        #
+        attr_accessor :allow_guests
       end
     end
   end

data/lib/ruby_smb/ntlm/client.rb

@@ -0,0 +1,74 @@
+module RubySMB::NTLM
+  module Message
+    def deflag
+      security_buffers.inject(head_size) do |cur, a|
+        a[1].offset = cur
+        cur += a[1].data_size
+        has_flag?(:UNICODE) ? cur + cur % 2 : cur
+      end
+    end
+
+    def serialize
+      deflag
+      @alist.map { |n, f| f.serialize }.join + security_buffers.map { |n, f| f.value + (has_flag?(:UNICODE) ? "\x00".b * (f.value.length % 2) : '') }.join
+    end
+  end
+
+  class Client < Net::NTLM::Client
+    class Session < Net::NTLM::Client::Session
+      def authenticate!
+        calculate_user_session_key!
+        type3_opts = {
+          :lm_response   => is_anonymous? ? "\x00".b : lmv2_resp,
+          :ntlm_response => is_anonymous? ? '' : ntlmv2_resp,
+          :domain        => domain,
+          :user          => username,
+          :workstation   => workstation,
+          :flag          => (challenge_message.flag & client.flags)
+        }
+        t3 = Net::NTLM::Message::Type3.create type3_opts
+        t3.extend(Message)
+        if negotiate_key_exchange?
+          t3.enable(:session_key)
+          rc4 = OpenSSL::Cipher.new("rc4")
+          rc4.encrypt
+          rc4.key = user_session_key
+          sk = rc4.update exported_session_key
+          sk << rc4.final
+          t3.session_key = sk
+        end
+        t3
+      end
+
+      def is_anonymous?
+        username == '' && password == ''
+      end
+
+      private
+
+      def use_oem_strings?
+        # @see https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/99d90ff4-957f-4c8a-80e4-5bfe5a9a9832
+        !challenge_message.has_flag?(:UNICODE) && challenge_message.has_flag?(:OEM)
+      end
+
+      def calculate_user_session_key!
+        if is_anonymous?
+          # see MS-NLMP section 3.4
+          @user_session_key = "\x00".b * 16
+        else
+          @user_session_key = OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, ntlmv2_hash, nt_proof_str)
+        end
+      end
+    end
+
+    def init_context(resp = nil, channel_binding = nil)
+      if resp.nil?
+        @session = nil
+        type1_message
+      else
+        @session = Client::Session.new(self, Net::NTLM::Message.decode64(resp), channel_binding)
+        @session.authenticate!
+      end
+    end
+  end
+end

data/lib/ruby_smb/ntlm.rb

@@ -59,3 +59,4 @@ module RubySMB
   end
 end
 
+require 'ruby_smb/ntlm/client'

data/lib/ruby_smb/server/cli.rb

@@ -0,0 +1,121 @@
+require 'optparse'
+
+module RubySMB
+  class Server
+    module Cli
+      DEFAULT_OPTIONS = {
+        allow_anonymous: true,
+        allow_guests: false,
+        domain: nil,
+        username: 'RubySMB',
+        password: 'password',
+        share_name: 'home',
+        smbv1: true,
+        smbv2: true,
+        smbv3: true
+      }.freeze
+
+      # Parse options from the command line. The resulting option hash is suitable for passing to {build}.
+      #
+      # @yield [options, parser] A block that can be used to update the built option parser.
+      # @yieldparam [Hash<Symbol => >] options The options hash that should be assigned to.
+      # @yieldparam [OptionParser] parser The built option parser.
+      # @param [Hash] defaults Default option values to use.
+      # @return [Hash<Symbol => >] The options hash.
+      #   * :allow_anonymous [Boolean] Whether or not to allow anonymous authentication.
+      #   * :allow_guest [Boolean] Whether or not to allow guest authentication.
+      #   * :username [String] The username of the account to add for authentication.
+      #   * :password [String] The password of the account to add for authentication.
+      #   * :domain [String] The domain of the account to add for authentication.
+      #   * :smbv1 [Boolean] Whether or not to enable SMBv1 dialects.
+      #   * :smbv2 [Boolean] Whether or not to enable SMBv2 dialects.
+      #   * :smbv3 [Boolean] Whether or not to enable SMBv3 dialects.
+      #   * :share_name [String] The name of the share to add.
+      def self.parse(defaults: {}, &block)
+        defaults = DEFAULT_OPTIONS.merge(defaults)
+        options = defaults.clone
+        OptionParser.new do |parser|
+          parser.on("--share-name SHARE_NAME", "The share name (default: #{defaults[:share_name]})") do |share|
+            options[:share_name] = share
+          end
+
+          parser.on("--[no-]anonymous", "Allow anonymous access (default: #{defaults[:allow_anonymous]})") do |allow_anonymous|
+            options[:allow_anonymous] = allow_anonymous
+          end
+
+          parser.on("--[no-]guests", "Allow guest accounts (default: #{defaults[:allow_guests]})") do |allow_guests|
+            options[:allow_guests] = allow_guests
+          end
+
+          parser.on("--[no-]smbv1", "Enable or disable SMBv1 (default: #{defaults[:smbv1] ? 'Enabled' : 'Disabled'})") do |smbv1|
+            options[:smbv1] = smbv1
+          end
+
+          parser.on("--[no-]smbv2", "Enable or disable SMBv2 (default: #{defaults[:smbv2] ? 'Enabled' : 'Disabled'})") do |smbv2|
+            options[:smbv2] = smbv2
+          end
+
+          parser.on("--[no-]smbv3", "Enable or disable SMBv3 (default: #{defaults[:smbv3] ? 'Enabled' : 'Disabled'})") do |smbv3|
+            options[:smbv3] = smbv3
+          end
+
+          parser.on("--username USERNAME", "The account's username (default: #{defaults[:username]})") do |username|
+            if username.include?('\\')
+              options[:domain], options[:username] = username.split('\\', 2)
+            else
+              options[:username] = username
+            end
+          end
+
+          parser.on("--password PASSWORD", "The account's password (default: #{defaults[:password]})") do |password|
+            options[:password] = password
+          end
+
+          block.call(options, parser) if block_given?
+        end.parse!
+
+        options
+      end
+
+      # Build a server instance from the specified options. The NTLM provider will be used for authentication.
+      #
+      # @param [Hash] options the options to use while building the server. See the return value of {parse} for a
+      #   comprehensive list of keys.
+      def self.build(options)
+        ntlm_provider = RubySMB::Gss::Provider::NTLM.new(
+          allow_anonymous: options[:allow_anonymous],
+          allow_guests: options[:allow_guests]
+        )
+        ntlm_provider.put_account(options[:username], options[:password], domain: options[:domain])  # password can also be an NTLM hash
+
+        server = RubySMB::Server.new(
+          gss_provider: ntlm_provider,
+          logger: :stdout
+        )
+        server.dialects.filter! { |dialect| RubySMB::Dialect[dialect].family != RubySMB::Dialect::FAMILY_SMB1 } unless options[:smbv1]
+        server.dialects.filter! { |dialect| RubySMB::Dialect[dialect].family != RubySMB::Dialect::FAMILY_SMB2 } unless options[:smbv2]
+        server.dialects.filter! { |dialect| RubySMB::Dialect[dialect].family != RubySMB::Dialect::FAMILY_SMB3 } unless options[:smbv3]
+
+        server
+      end
+
+      # Run the server forever. At least 1 SMB dialect must be enabled.
+      #
+      # @param [RubySMB::Server] server The server instance to run.
+      # @param [#puts] out The stream to write standard output messages to.
+      # @param [#puts] err The stream to write error messages to.
+      def self.run(server, out: $stdout, err: $stderr)
+        if server.dialects.empty?
+          err.puts 'at least one version must be enabled'
+          return
+        end
+
+        out.puts 'server is running'
+        server.run do |server_client|
+          out.puts 'received connection'
+          true
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/server/server_client/session_setup.rb

@@ -80,12 +80,14 @@ module RubySMB
           if gss_result.nt_status == WindowsError::NTStatus::STATUS_SUCCESS
             session.state = :valid
             session.user_id = gss_result.identity
+            session.is_guest = !!gss_result.is_guest
             session.key = @gss_authenticator.session_key
-            session.signing_required = request.security_mode.signing_required == 1
+            session.signing_required = request.security_mode.signing_required == 1 || (!session.is_guest && !session.is_anonymous)
 
             response.smb2_header.credits = 32
-            @cipher_id = 0 if session.is_anonymous # disable encryption for anonymous users
+            @cipher_id = 0 if session.is_anonymous || session.is_guest # disable encryption for anonymous users and guest users which have a null session key
             response.session_flags.encrypt_data = 1 unless @cipher_id == 0
+            response.session_flags.guest = session.is_guest
           elsif gss_result.nt_status == WindowsError::NTStatus::STATUS_MORE_PROCESSING_REQUIRED && @dialect == '0x0311'
             update_preauth_hash(response)
           end

data/lib/ruby_smb/server/server_client.rb

@@ -19,7 +19,7 @@ module RubySMB
       include RubySMB::Server::ServerClient::ShareIO
       include RubySMB::Server::ServerClient::TreeConnect
 
-      attr_reader :dialect, :session_table
+      attr_reader :dialect, :dispatcher, :session_table
 
       # @param [Server] server the server that accepted this connection
       # @param [Dispatcher::Socket] dispatcher the connection's socket dispatcher
@@ -57,6 +57,14 @@ module RubySMB
         @dispatcher.tcp_socket.getpeername
       end
 
+      def peerhost
+        ::Socket::unpack_sockaddr_in(getpeername)[1]
+      end
+
+      def peerport
+        ::Socket::unpack_sockaddr_in(getpeername)[0]
+      end
+
       #
       # Handle a request after the dialect has been negotiated. This is the main
       # handler for all requests after the connection has been established. If a

data/lib/ruby_smb/server/session.rb

@@ -64,7 +64,7 @@ module RubySMB
       attr_accessor :tree_connect_table
 
       # Untyped hash for storing additional arbitrary metadata about the current session
-      # @!attribute [rw] metadaa
+      # @!attribute [rw] metadata
       #   @return [Hash]
       attr_accessor :metadata
 
@@ -72,6 +72,10 @@ module RubySMB
       # @!attribute [r] creation_time
       #   @return [Time]
       attr_reader   :creation_time
+
+      # Whether or not the authenticated user is a guest.
+      # @!attribute [rw] is_guest
+      attr_accessor :is_guest
     end
   end
 end

data/lib/ruby_smb/server/share/provider/disk/processor/close.rb

@@ -9,27 +9,31 @@ module RubySMB
             module Close
               def do_close_smb1(request)
                 # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-cifs/99b767e2-8f0e-438b-ace5-4323940f2dc8
-                if @handles.delete(request.parameter_block.fid).nil?
+                handle = @handles.delete(request.parameter_block.fid)
+                if handle.nil?
                   response = RubySMB::SMB1::Packet::EmptyPacket.new
                   response.smb_header.nt_status = WindowsError::NTStatus::STATUS_INVALID_HANDLE
                   return response
                 end
 
+                handle.file.close if handle.file
+
                 response = RubySMB::SMB1::Packet::CloseResponse.new
                 response
               end
 
               def do_close_smb2(request)
-                local_path = get_local_path(request.file_id)
-                if local_path.nil?
+                handle = @handles.delete(request.file_id.to_binary_s)
+                if handle.nil?
                   response = RubySMB::SMB2::Packet::ErrorPacket.new
                   response.smb2_header.nt_status = WindowsError::NTStatus::STATUS_FILE_CLOSED
                   return response
                 end
 
-                @handles.delete(request.file_id.to_binary_s)
+                handle.file.close if handle.file
+
                 response = RubySMB::SMB2::Packet::CloseResponse.new
-                set_common_info(response, local_path)
+                set_common_info(response, handle.local_path)
                 response.flags = 1
                 response
               end

data/lib/ruby_smb/server/share/provider/disk/processor/create.rb

@@ -38,7 +38,7 @@ module RubySMB
                   block.allocation_size = get_allocation_size(local_path)
                 end
 
-                @handles[response.parameter_block.fid] = Handle.new(path, local_path, false)
+                @handles[response.parameter_block.fid] = Handle.new(path, local_path, false, local_path.file? ? local_path.open : nil)
                 response
               end
 
@@ -131,7 +131,7 @@ module RubySMB
                   response.contexts_length = 0
                 end
 
-                @handles[response.file_id.to_binary_s] = Handle.new(path, local_path, durable)
+                @handles[response.file_id.to_binary_s] = Handle.new(path, local_path, durable, local_path.file? ? local_path.open : nil)
                 response
               end
             end

data/lib/ruby_smb/server/share/provider/disk/processor/query.rb

@@ -315,7 +315,7 @@ module RubySMB
 
                 case request.file_information_class
                 when Fscc::FileInformation::FILE_NORMALIZED_NAME_INFORMATION
-                  info = Fscc::FileInformation::FileNameInformation.new(file_name: @handles[request.file_id.to_binary_s].remote_path)
+                  info = Fscc::FileInformation::FileNormalizedNameInformation.new(file_name: @handles[request.file_id.to_binary_s].remote_path)
                 else
                   info = build_fscc_file_information(local_path, request.file_information_class)
                 end
@@ -344,7 +344,7 @@ module RubySMB
                     volume_label: provider.name
                   )
                 else
-                  logger.warn("Can not handle QUERY_INFO request for type: #{request.info_type}, class: #{request.file_information_class}")
+                  logger.warn("Can not handle QUERY_INFO request for type: #{request.info_type}, class: #{request.file_information_class} (#{Fscc::FileSystemInformation.name(request.file_information_class)})")
                   raise NotImplementedError
                 end
 

data/lib/ruby_smb/server/share/provider/disk/processor/read.rb

@@ -9,18 +9,16 @@ module RubySMB
             module Read
               def do_read_andx_smb1(request)
                 # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-cifs/bb8fcb6a-3032-46a1-ad4a-c0d7892921f9
-                local_path = get_local_path(request.parameter_block.fid)
+                handle = @handles[request.parameter_block.fid]
 
-                if local_path.nil?
+                if handle.nil? || handle.file.nil?
                   response = SMB1::Packet::EmptyPacket.new
                   response.smb_header.nt_status = WindowsError::NTStatus::STATUS_INVALID_HANDLE
+                  return response
                 end
 
-                buffer = nil
-                local_path.open do |file|
-                  file.seek(request.parameter_block.offset.snapshot)
-                  buffer = file.read(request.parameter_block.max_count_of_bytes_to_return.snapshot)
-                end
+                handle.file.seek(request.parameter_block.offset.snapshot)
+                buffer = handle.file.read(request.parameter_block.max_count_of_bytes_to_return.snapshot)
 
                 response = SMB1::Packet::ReadAndxResponse.new
                 response.parameter_block.available = 0xffff  # this field is only used for named pipes, must be -1 for all others
@@ -33,20 +31,23 @@ module RubySMB
               end
 
               def do_read_smb2(request)
-                local_path = get_local_path(request.file_id)
-                if local_path.nil?
+                handle = @handles[request.file_id.to_binary_s]
+                if handle.nil?
                   response = RubySMB::SMB2::Packet::ErrorPacket.new
                   response.smb2_header.nt_status = WindowsError::NTStatus::STATUS_FILE_CLOSED
                   return response
                 end
 
+                if handle.file.nil?
+                  response = RubySMB::SMB2::Packet::ErrorPacket.new
+                  response.smb2_header.nt_status = WindowsError::NTStatus::STATUS_INVALID_HANDLE
+                  return response
+                end
+
                 raise NotImplementedError unless request.channel == SMB2::SMB2_CHANNEL_NONE
 
-                buffer = nil
-                local_path.open do |file|
-                  file.seek(request.offset.snapshot)
-                  buffer = file.read(request.read_length)
-                end
+                handle.file.seek(request.offset.snapshot)
+                buffer = handle.file.read(request.read_length)
 
                 # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/21e8b343-34e9-4fca-8d93-03dd2d3e961e
                 if buffer.nil? || buffer.length == 0 || buffer.length < request.min_bytes