ruby_smb 3.1.2 → 3.1.5

data/lib/ruby_smb/ntlm/client.rb

@@ -0,0 +1,74 @@
+module RubySMB::NTLM
+  module Message
+    def deflag
+      security_buffers.inject(head_size) do |cur, a|
+        a[1].offset = cur
+        cur += a[1].data_size
+        has_flag?(:UNICODE) ? cur + cur % 2 : cur
+      end
+    end
+
+    def serialize
+      deflag
+      @alist.map { |n, f| f.serialize }.join + security_buffers.map { |n, f| f.value + (has_flag?(:UNICODE) ? "\x00".b * (f.value.length % 2) : '') }.join
+    end
+  end
+
+  class Client < Net::NTLM::Client
+    class Session < Net::NTLM::Client::Session
+      def authenticate!
+        calculate_user_session_key!
+        type3_opts = {
+          :lm_response   => is_anonymous? ? "\x00".b : lmv2_resp,
+          :ntlm_response => is_anonymous? ? '' : ntlmv2_resp,
+          :domain        => domain,
+          :user          => username,
+          :workstation   => workstation,
+          :flag          => (challenge_message.flag & client.flags)
+        }
+        t3 = Net::NTLM::Message::Type3.create type3_opts
+        t3.extend(Message)
+        if negotiate_key_exchange?
+          t3.enable(:session_key)
+          rc4 = OpenSSL::Cipher.new("rc4")
+          rc4.encrypt
+          rc4.key = user_session_key
+          sk = rc4.update exported_session_key
+          sk << rc4.final
+          t3.session_key = sk
+        end
+        t3
+      end
+
+      def is_anonymous?
+        username == '' && password == ''
+      end
+
+      private
+
+      def use_oem_strings?
+        # @see https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/99d90ff4-957f-4c8a-80e4-5bfe5a9a9832
+        !challenge_message.has_flag?(:UNICODE) && challenge_message.has_flag?(:OEM)
+      end
+
+      def calculate_user_session_key!
+        if is_anonymous?
+          # see MS-NLMP section 3.4
+          @user_session_key = "\x00".b * 16
+        else
+          @user_session_key = OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, ntlmv2_hash, nt_proof_str)
+        end
+      end
+    end
+
+    def init_context(resp = nil, channel_binding = nil)
+      if resp.nil?
+        @session = nil
+        type1_message
+      else
+        @session = Client::Session.new(self, Net::NTLM::Message.decode64(resp), channel_binding)
+        @session.authenticate!
+      end
+    end
+  end
+end

data/lib/ruby_smb/ntlm.rb

@@ -59,3 +59,4 @@ module RubySMB
   end
 end
 
+require 'ruby_smb/ntlm/client'

data/lib/ruby_smb/server/cli.rb

@@ -0,0 +1,121 @@
+require 'optparse'
+
+module RubySMB
+  class Server
+    module Cli
+      DEFAULT_OPTIONS = {
+        allow_anonymous: true,
+        allow_guests: false,
+        domain: nil,
+        username: 'RubySMB',
+        password: 'password',
+        share_name: 'home',
+        smbv1: true,
+        smbv2: true,
+        smbv3: true
+      }.freeze
+
+      # Parse options from the command line. The resulting option hash is suitable for passing to {build}.
+      #
+      # @yield [options, parser] A block that can be used to update the built option parser.
+      # @yieldparam [Hash<Symbol => >] options The options hash that should be assigned to.
+      # @yieldparam [OptionParser] parser The built option parser.
+      # @param [Hash] defaults Default option values to use.
+      # @return [Hash<Symbol => >] The options hash.
+      #   * :allow_anonymous [Boolean] Whether or not to allow anonymous authentication.
+      #   * :allow_guest [Boolean] Whether or not to allow guest authentication.
+      #   * :username [String] The username of the account to add for authentication.
+      #   * :password [String] The password of the account to add for authentication.
+      #   * :domain [String] The domain of the account to add for authentication.
+      #   * :smbv1 [Boolean] Whether or not to enable SMBv1 dialects.
+      #   * :smbv2 [Boolean] Whether or not to enable SMBv2 dialects.
+      #   * :smbv3 [Boolean] Whether or not to enable SMBv3 dialects.
+      #   * :share_name [String] The name of the share to add.
+      def self.parse(defaults: {}, &block)
+        defaults = DEFAULT_OPTIONS.merge(defaults)
+        options = defaults.clone
+        OptionParser.new do |parser|
+          parser.on("--share-name SHARE_NAME", "The share name (default: #{defaults[:share_name]})") do |share|
+            options[:share_name] = share
+          end
+
+          parser.on("--[no-]anonymous", "Allow anonymous access (default: #{defaults[:allow_anonymous]})") do |allow_anonymous|
+            options[:allow_anonymous] = allow_anonymous
+          end
+
+          parser.on("--[no-]guests", "Allow guest accounts (default: #{defaults[:allow_guests]})") do |allow_guests|
+            options[:allow_guests] = allow_guests
+          end
+
+          parser.on("--[no-]smbv1", "Enable or disable SMBv1 (default: #{defaults[:smbv1] ? 'Enabled' : 'Disabled'})") do |smbv1|
+            options[:smbv1] = smbv1
+          end
+
+          parser.on("--[no-]smbv2", "Enable or disable SMBv2 (default: #{defaults[:smbv2] ? 'Enabled' : 'Disabled'})") do |smbv2|
+            options[:smbv2] = smbv2
+          end
+
+          parser.on("--[no-]smbv3", "Enable or disable SMBv3 (default: #{defaults[:smbv3] ? 'Enabled' : 'Disabled'})") do |smbv3|
+            options[:smbv3] = smbv3
+          end
+
+          parser.on("--username USERNAME", "The account's username (default: #{defaults[:username]})") do |username|
+            if username.include?('\\')
+              options[:domain], options[:username] = username.split('\\', 2)
+            else
+              options[:username] = username
+            end
+          end
+
+          parser.on("--password PASSWORD", "The account's password (default: #{defaults[:password]})") do |password|
+            options[:password] = password
+          end
+
+          block.call(options, parser) if block_given?
+        end.parse!
+
+        options
+      end
+
+      # Build a server instance from the specified options. The NTLM provider will be used for authentication.
+      #
+      # @param [Hash] options the options to use while building the server. See the return value of {parse} for a
+      #   comprehensive list of keys.
+      def self.build(options)
+        ntlm_provider = RubySMB::Gss::Provider::NTLM.new(
+          allow_anonymous: options[:allow_anonymous],
+          allow_guests: options[:allow_guests]
+        )
+        ntlm_provider.put_account(options[:username], options[:password], domain: options[:domain])  # password can also be an NTLM hash
+
+        server = RubySMB::Server.new(
+          gss_provider: ntlm_provider,
+          logger: :stdout
+        )
+        server.dialects.filter! { |dialect| RubySMB::Dialect[dialect].family != RubySMB::Dialect::FAMILY_SMB1 } unless options[:smbv1]
+        server.dialects.filter! { |dialect| RubySMB::Dialect[dialect].family != RubySMB::Dialect::FAMILY_SMB2 } unless options[:smbv2]
+        server.dialects.filter! { |dialect| RubySMB::Dialect[dialect].family != RubySMB::Dialect::FAMILY_SMB3 } unless options[:smbv3]
+
+        server
+      end
+
+      # Run the server forever. At least 1 SMB dialect must be enabled.
+      #
+      # @param [RubySMB::Server] server The server instance to run.
+      # @param [#puts] out The stream to write standard output messages to.
+      # @param [#puts] err The stream to write error messages to.
+      def self.run(server, out: $stdout, err: $stderr)
+        if server.dialects.empty?
+          err.puts 'at least one version must be enabled'
+          return
+        end
+
+        out.puts 'server is running'
+        server.run do |server_client|
+          out.puts 'received connection'
+          true
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/server.rb

@@ -6,6 +6,7 @@ module RubySMB
   # Currently, the server only supports negotiating and authenticating requests. No other server functionality is
   # available at this time. The negotiating and authentication is supported for SMB versions 1 through 3.1.1.
   class Server
+    require 'ruby_smb/server/cli'
     require 'ruby_smb/server/server_client'
     require 'ruby_smb/server/session'
     require 'ruby_smb/server/share'

data/lib/ruby_smb/smb1/packet/session_setup_request.rb

@@ -40,6 +40,17 @@ module RubySMB
         parameter_block   :parameter_block
         data_block        :data_block
 
+        # Takes the specified security buffer string and sets it in the {RubySMB::SMB1::Packet::SessionSetupRequest::DataBlock#security_blob}
+        # field. It also automatically sets the length in
+        # {RubySMB::SMB1::Packet::SessionSetupRequest::ParameterBlock#security_blob_length}
+        #
+        # @param buffer [String] the security buffer
+        # @return [void]
+        def set_security_buffer(buffer)
+          parameter_block.security_blob_length = buffer.length
+          data_block.security_blob = buffer
+        end
+
         # Takes an NTLM Type 1 Message and creates the GSS Security Blob
         # for it and sets it in the {RubySMB::SMB1::Packet::SessionSetupRequest::DataBlock#security_blob}
         # field. It also automatically sets the length in

data/lib/ruby_smb/smb1/pipe.rb

@@ -142,7 +142,10 @@ module RubySMB
 
       def dcerpc_response_from_raw_response(raw_data)
         dcerpc_response = RubySMB::Dcerpc::Response.read(raw_data)
-        unless dcerpc_response.pdu_header.ptype == RubySMB::Dcerpc::PTypes::RESPONSE
+        if dcerpc_response.pdu_header.ptype == RubySMB::Dcerpc::PTypes::FAULT
+          status = dcerpc_response.stub.unpack('V').first
+          raise RubySMB::Dcerpc::Error::FaultError.new('A fault occurred', status: status)
+        elsif dcerpc_response.pdu_header.ptype != RubySMB::Dcerpc::PTypes::RESPONSE
           raise RubySMB::Dcerpc::Error::InvalidPacket, "Not a Response packet"
         end
         dcerpc_response

data/lib/ruby_smb/smb2/pipe.rb

@@ -135,12 +135,14 @@ module RubySMB
         end
       end
 
-
       private
 
       def dcerpc_response_from_raw_response(raw_data)
         dcerpc_response = RubySMB::Dcerpc::Response.read(raw_data)
-        unless dcerpc_response.pdu_header.ptype == RubySMB::Dcerpc::PTypes::RESPONSE
+        if dcerpc_response.pdu_header.ptype == RubySMB::Dcerpc::PTypes::FAULT
+          status = dcerpc_response.stub.unpack('V').first
+          raise RubySMB::Dcerpc::Error::FaultError.new('A fault occurred', status: status)
+        elsif dcerpc_response.pdu_header.ptype != RubySMB::Dcerpc::PTypes::RESPONSE
           raise RubySMB::Dcerpc::Error::InvalidPacket, "Not a Response packet"
         end
         dcerpc_response

data/lib/ruby_smb/version.rb

@@ -1,3 +1,3 @@
 module RubySMB
-  VERSION = '3.1.2'.freeze
+  VERSION = '3.1.5'.freeze
 end

data/spec/lib/ruby_smb/client_spec.rb

@@ -1881,6 +1881,7 @@ RSpec.describe RubySMB::Client do
           before :example do
             smb2_client.smb3 = true
             smb2_client.session_encrypt_data = false
+            smb2_client.preauth_integrity_hash_value = ''
           end
 
           it 'sets the session_encrypt_data parameter to true if the server requires encryption' do

data/spec/lib/ruby_smb/dcerpc/samr/samr_create_user2_in_domain_request_spec.rb

@@ -0,0 +1,69 @@
+RSpec.describe RubySMB::Dcerpc::Samr::SamrCreateUser2InDomainRequest do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :domain_handle }
+  it { is_expected.to respond_to :name }
+  it { is_expected.to respond_to :account_type }
+  it { is_expected.to respond_to :desired_access }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  it 'is a BinData::Record' do
+    expect(packet).to be_a(BinData::Record)
+  end
+
+  describe '#domain_handle' do
+    it 'is a SamprHandle structure' do
+      expect(packet.domain_handle).to be_a RubySMB::Dcerpc::Samr::SamprHandle
+    end
+  end
+
+  describe '#name' do
+    it 'is a RpcUnicodeString' do
+      expect(packet.name).to be_a RubySMB::Dcerpc::RpcUnicodeString
+    end
+  end
+
+  describe '#account_type' do
+    it 'is a NdrUint32 structure' do
+      expect(packet.account_type).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+
+  describe '#desired_access' do
+    it 'is a NdrUint32 structure' do
+      expect(packet.desired_access).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+
+  describe '#initialize_instance' do
+    it 'sets #opnum to SAMR_CREATE_USER2_IN_DOMAIN constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Samr::SAMR_CREATE_USER2_IN_DOMAIN)
+    end
+  end
+
+  it 'reads itself' do
+    new_packet = described_class.new({
+      domain_handle: {
+        context_handle_attributes: 0,
+        context_handle_uuid: "fc873b90-d9a9-46a4-b9ea-f44bb1c272a7"
+      },
+      name: 'test',
+      account_type: 1,
+      desired_access: 2
+    })
+    expected_output = {
+      domain_handle: {
+        context_handle_attributes: 0,
+        context_handle_uuid: "fc873b90-d9a9-46a4-b9ea-f44bb1c272a7"
+      },
+      name: {:buffer=>"test".encode('utf-16le'), :buffer_length=>8, :maximum_length=>8},
+      account_type: 1,
+      desired_access: 2
+    }
+    expect(packet.read(new_packet.to_binary_s)).to eq(expected_output)
+  end
+end

data/spec/lib/ruby_smb/dcerpc/samr/samr_create_user2_in_domain_response_spec.rb

@@ -0,0 +1,69 @@
+RSpec.describe RubySMB::Dcerpc::Samr::SamrCreateUser2InDomainResponse do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :user_handle }
+  it { is_expected.to respond_to :granted_access }
+  it { is_expected.to respond_to :relative_id }
+  it { is_expected.to respond_to :error_status }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  it 'is a BinData::Record' do
+    expect(packet).to be_a(BinData::Record)
+  end
+
+  describe '#user_handle' do
+    it 'is a SamprHandle structure' do
+      expect(packet.user_handle).to be_a RubySMB::Dcerpc::Samr::SamprHandle
+    end
+  end
+
+  describe '#granted_access' do
+    it 'is a NdrUint32' do
+      expect(packet.granted_access).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+
+  describe '#relative_id' do
+    it 'is a NdrUint32 structure' do
+      expect(packet.relative_id).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+
+  describe '#error_status' do
+    it 'is a NdrUint32 structure' do
+      expect(packet.error_status).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+
+  describe '#initialize_instance' do
+    it 'sets #opnum to SAMR_CREATE_USER2_IN_DOMAIN constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Samr::SAMR_CREATE_USER2_IN_DOMAIN)
+    end
+  end
+
+  it 'reads itself' do
+    new_packet = described_class.new({
+      user_handle: {
+        context_handle_attributes: 0,
+        context_handle_uuid: "fc873b90-d9a9-46a4-b9ea-f44bb1c272a7"
+      },
+      granted_access: 1,
+      relative_id: 2,
+      error_status: 0x11223344
+    })
+    expected_output = {
+      user_handle: {
+        context_handle_attributes: 0,
+        context_handle_uuid: "fc873b90-d9a9-46a4-b9ea-f44bb1c272a7"
+      },
+      granted_access: 1,
+      relative_id: 2,
+      error_status: 0x11223344
+    }
+    expect(packet.read(new_packet.to_binary_s)).to eq(expected_output)
+  end
+end

data/spec/lib/ruby_smb/dcerpc/samr/samr_delete_user_request_spec.rb

@@ -0,0 +1,42 @@
+RSpec.describe RubySMB::Dcerpc::Samr::SamrDeleteUserRequest do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :user_handle }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  it 'is a BinData::Record' do
+    expect(packet).to be_a(BinData::Record)
+  end
+
+  describe '#user_handle' do
+    it 'is a SamprHandle structure' do
+      expect(packet.user_handle).to be_a RubySMB::Dcerpc::Samr::SamprHandle
+    end
+  end
+
+  describe '#initialize_instance' do
+    it 'sets #opnum to SAMR_DELETE_USER constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Samr::SAMR_DELETE_USER)
+    end
+  end
+
+  it 'reads itself' do
+    new_packet = described_class.new({
+      user_handle: {
+        context_handle_attributes: 0,
+        context_handle_uuid: "fc873b90-d9a9-46a4-b9ea-f44bb1c272a7"
+      }
+    })
+    expected_output = {
+      user_handle: {
+        context_handle_attributes: 0,
+        context_handle_uuid: "fc873b90-d9a9-46a4-b9ea-f44bb1c272a7"
+      }
+    }
+    expect(packet.read(new_packet.to_binary_s)).to eq(expected_output)
+  end
+end

data/spec/lib/ruby_smb/dcerpc/samr/samr_delete_user_response_spec.rb

@@ -0,0 +1,51 @@
+RSpec.describe RubySMB::Dcerpc::Samr::SamrDeleteUserResponse do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :user_handle }
+  it { is_expected.to respond_to :error_status }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  it 'is a BinData::Record' do
+    expect(packet).to be_a(BinData::Record)
+  end
+
+  describe '#user_handle' do
+    it 'is a SamprHandle structure' do
+      expect(packet.user_handle).to be_a RubySMB::Dcerpc::Samr::SamprHandle
+    end
+  end
+
+  describe '#error_status' do
+    it 'is a NdrUint32 structure' do
+      expect(packet.error_status).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+
+  describe '#initialize_instance' do
+    it 'sets #opnum to SAMR_DELETE_USER constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Samr::SAMR_DELETE_USER)
+    end
+  end
+
+  it 'reads itself' do
+    new_packet = described_class.new({
+      user_handle: {
+        context_handle_attributes: 0,
+        context_handle_uuid: "fc873b90-d9a9-46a4-b9ea-f44bb1c272a7"
+      },
+      error_status: 0x11223344
+    })
+    expected_output = {
+      user_handle: {
+        context_handle_attributes: 0,
+        context_handle_uuid: "fc873b90-d9a9-46a4-b9ea-f44bb1c272a7"
+      },
+      error_status: 0x11223344
+    }
+    expect(packet.read(new_packet.to_binary_s)).to eq(expected_output)
+  end
+end

data/spec/lib/ruby_smb/dcerpc/samr/samr_enumerate_domains_in_sam_server_request_spec.rb

@@ -0,0 +1,60 @@
+RSpec.describe RubySMB::Dcerpc::Samr::SamrEnumerateDomainsInSamServerRequest do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :server_handle }
+  it { is_expected.to respond_to :enumeration_context }
+  it { is_expected.to respond_to :prefered_maximum_length }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  it 'is a BinData::Record' do
+    expect(packet).to be_a(BinData::Record)
+  end
+
+  describe '#server_handle' do
+    it 'is a SamprHandle structure' do
+      expect(packet.server_handle).to be_a RubySMB::Dcerpc::Samr::SamprHandle
+    end
+  end
+
+  describe '#enumeration_context' do
+    it 'is a NdrUint32 structure' do
+      expect(packet.enumeration_context).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+
+  describe '#prefered_maximum_length' do
+    it 'is a NdrUint32 structure' do
+      expect(packet.prefered_maximum_length).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+
+  describe '#initialize_instance' do
+    it 'sets #opnum to SAMR_ENUMERATE_DOMAINS_IN_SAM_SERVER constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Samr::SAMR_ENUMERATE_DOMAINS_IN_SAM_SERVER)
+    end
+  end
+
+  it 'reads itself' do
+    new_packet = described_class.new({
+      server_handle: {
+        context_handle_attributes: 0,
+        context_handle_uuid: "fc873b90-d9a9-46a4-b9ea-f44bb1c272a7"
+      },
+      enumeration_context: 1,
+      prefered_maximum_length: 2
+    })
+    expected_output = {
+      server_handle: {
+        context_handle_attributes: 0,
+        context_handle_uuid: "fc873b90-d9a9-46a4-b9ea-f44bb1c272a7"
+      },
+      enumeration_context: 1,
+      prefered_maximum_length: 2
+    }
+    expect(packet.read(new_packet.to_binary_s)).to eq(expected_output)
+  end
+end

data/spec/lib/ruby_smb/dcerpc/samr/samr_enumerate_domains_in_sam_server_response_spec.rb

@@ -0,0 +1,75 @@
+RSpec.describe RubySMB::Dcerpc::Samr::SamrEnumerateDomainsInSamServerResponse do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :enumeration_context }
+  it { is_expected.to respond_to :buffer }
+  it { is_expected.to respond_to :count_returned }
+  it { is_expected.to respond_to :error_status }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  it 'is a BinData::Record' do
+    expect(packet).to be_a(BinData::Record)
+  end
+
+  describe '#enumeration_context' do
+    it 'is a NdrUint32 structure' do
+      expect(packet.enumeration_context).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+
+  describe '#buffer' do
+    it 'is a PsamprEnumerationBuffer structure' do
+      expect(packet.buffer).to be_a RubySMB::Dcerpc::Samr::PsamprEnumerationBuffer
+    end
+  end
+
+  describe '#count_returned' do
+    it 'is a NdrUint32 structure' do
+      expect(packet.count_returned).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+
+  describe '#error_status' do
+    it 'is a NdrUint32 structure' do
+      expect(packet.error_status).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+
+  describe '#initialize_instance' do
+    it 'sets #opnum to SAMR_ENUMERATE_DOMAINS_IN_SAM_SERVER constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Samr::SAMR_ENUMERATE_DOMAINS_IN_SAM_SERVER)
+    end
+  end
+
+  it 'reads itself' do
+    new_packet = described_class.new({
+      enumeration_context: 1,
+      buffer: {
+        entries_read: 2,
+        buffer: [
+          {relative_id: 500, name: { buffer_length: 26, maximum_length: 26, buffer: "Builtin".encode('utf-16le') }},
+          {relative_id: 501, name: { buffer_length: 10, maximum_length: 10, buffer: "RUBYSMB".encode('utf-16le') }},
+        ]
+      },
+      count_returned: 2,
+      error_status: 0x11223344
+    })
+    expected_output = {
+      enumeration_context: 1,
+      buffer: {
+        entries_read: 2,
+        buffer: [
+          {relative_id: 500, name: { buffer_length: 26, maximum_length: 26, buffer: "Builtin".encode('utf-16le') }},
+          {relative_id: 501, name: { buffer_length: 10, maximum_length: 10, buffer: "RUBYSMB".encode('utf-16le') }},
+        ]
+      },
+      count_returned: 2,
+      error_status: 0x11223344
+    }
+    expect(packet.read(new_packet.to_binary_s)).to eq(expected_output)
+  end
+end