ruby_smb 3.1.5 → 3.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4749ae5185070d44e447593cd863ee5ac17a87468b16b14a251f68e0166b7663
-  data.tar.gz: b63378e4367136e0c6dffc35aa02b5c5ce1df450d5b64300eaee060e7938e9ec
+  metadata.gz: 9ce8d4ea99335efaf6bbc1ef003231ffa8a809382760e54dc26be04b76e53529
+  data.tar.gz: f284dabf7fe032ae02933a517abb2371f7c7c37eb641876f1cbf2b8cc0e4c2ac
 SHA512:
-  metadata.gz: f09557d4ba6148796bb6adf2c1169ebad237f021527975fabb179e1eb2099cfb2c17e45d3b57629c7fc61106092317076e41c77d39f8cb3d4335d280a75e144c
-  data.tar.gz: e969cc9f474e64e4cf7ba9bcf39e1dfc30b9e365bf6c758abd1e7ff905a6e9a3a8f3c3b33fc88f3104b7998201406d8b78bca34e746c58cfa4c03353bd94f789
+  metadata.gz: 5cf115ffd4c634f593bceef2bb503d2c0a2b19c5cfa73391887d35ce2691472fabda03e47462b716f8c870d7dedbc5dc815f644887b259d1268658752396ea17
+  data.tar.gz: 46ba6053ca246692ef29c545c8a9682b6675c4bf50d10d3611107bf537470226986aeece854516d59d99afa1642ee2d72fed99f39c1731112292fcbb6d8138d2

data/.github/workflows/verify.yml

@@ -1,5 +1,21 @@
 name: Verify
 
+# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
+permissions:
+  actions: none
+  checks: none
+  contents: none
+  deployments: none
+  id-token: none
+  issues: none
+  discussions: none
+  packages: none
+  pages: none
+  pull-requests: none
+  repository-projects: none
+  security-events: none
+  statuses: none
+
 on:
   push:
     branches:
@@ -10,7 +26,7 @@ on:
 
 jobs:
   test:
-    runs-on: ubuntu-18.04
+    runs-on: ${{ matrix.os }}
     timeout-minutes: 40
 
     strategy:
@@ -19,15 +35,22 @@ jobs:
         ruby:
           - 2.6
           - 2.7
-          - 3.0.3
-          - 3.1.1
+          - 3.0
+          - 3.1
+        os:
+          - ubuntu-18.04
+          - ubuntu-22.04
+        exclude:
+          - { os: ubuntu-22.04, ruby: 2.6 }
+          - { os: ubuntu-22.04, ruby: 2.7 }
+          - { os: ubuntu-22.04, ruby: 3.0 }
         test_cmd:
           - bundle exec rspec
 
     env:
       RAILS_ENV: test
 
-    name: Ruby ${{ matrix.ruby }} - ${{ matrix.test_cmd }}
+    name: ${{ matrix.os }} - Ruby ${{ matrix.ruby }} - ${{ matrix.test_cmd }}
     steps:
       - name: Checkout code
         uses: actions/checkout@v2

data/README.md

@@ -1,7 +1,6 @@
 # RubySMB
 
 [![Code Climate](https://codeclimate.com/github/rapid7/ruby_smb.png)](https://codeclimate.com/github/rapid7/ruby_smb)
-[![Coverage Status](https://coveralls.io/repos/github/rapid7/ruby_smb/badge.svg?branch=master)](https://coveralls.io/github/rapid7/ruby_smb?branch=master)
 
 This is a native Ruby implementation of the SMB Protocol Family. It currently supports:
 
@@ -187,7 +186,7 @@ Example:
 ```
 ### Using the Client
 
-Sitting on top of the packet layer in RubySMB is the RubySMB::Client class. This is the abstraction that most users of RubySMB will interact with. It provides simple conveience methods for performing SMB actions. It handles the creation, sending and receiving of packets for the user, providing reasonable defaults in many cases.
+Sitting on top of the packet layer in RubySMB is the RubySMB::Client class. This is the abstraction that most users of RubySMB will interact with. It provides simple convenience methods for performing SMB actions. It handles the creation, sending and receiving of packets for the user, providing reasonable defaults in many cases.
 
 #### Negotiation
 

data/lib/ruby_smb/client/authentication.rb

@@ -1,7 +1,11 @@
+require 'ruby_smb/peer_info'
+
 module RubySMB
   class Client
     # This module holds all the backend client methods for authentication.
     module Authentication
+      include RubySMB::PeerInfo
+
       # Responsible for handling Authentication and Session Setup for
       # the SMB Client. It returns the final Status code from the authentication
       # exchange.
@@ -356,36 +360,6 @@ module RubySMB
         packet.security_mode.signing_enabled = 1
         packet
       end
-
-      # Extract and store useful information about the peer/server from the
-      # NTLM Type 2 (challenge) TargetInfo fields.
-      #
-      # @param target_info_str [String] the Target Info string
-      def store_target_info(target_info_str)
-        target_info = Net::NTLM::TargetInfo.new(target_info_str)
-        {
-          Net::NTLM::TargetInfo::MSV_AV_NB_COMPUTER_NAME  => :@default_name,
-          Net::NTLM::TargetInfo::MSV_AV_NB_DOMAIN_NAME    => :@default_domain,
-          Net::NTLM::TargetInfo::MSV_AV_DNS_COMPUTER_NAME => :@dns_host_name,
-          Net::NTLM::TargetInfo::MSV_AV_DNS_DOMAIN_NAME   => :@dns_domain_name,
-          Net::NTLM::TargetInfo::MSV_AV_DNS_TREE_NAME     => :@dns_tree_name
-        }.each do |constant, attribute|
-          if target_info.av_pairs[constant]
-            value = target_info.av_pairs[constant].dup
-            value.force_encoding('UTF-16LE')
-            instance_variable_set(attribute, value.encode('UTF-8'))
-          end
-        end
-      end
-
-      # Extract the peer/server version number from the NTLM Type 2 (challenge)
-      # Version field.
-      #
-      # @param version [String] the version number as a binary string
-      # @return [String] the formated version number (<major>.<minor>.<build>)
-      def extract_os_version(version)
-        version.unpack('CCS').join('.')
-      end
     end
   end
 end

data/lib/ruby_smb/dcerpc/client.rb

@@ -8,8 +8,11 @@ module RubySMB
       require 'net/ntlm'
       require 'ruby_smb/dcerpc'
       require 'ruby_smb/gss'
+      require 'ruby_smb/peer_info'
 
+      include Dcerpc
       include Epm
+      include PeerInfo
 
       # The default maximum size of a RPC message that the Client accepts (in bytes)
       MAX_BUFFER_SIZE = 64512
@@ -134,11 +137,11 @@ module RubySMB
       end
 
       # Connect to the RPC endpoint. If a TCP socket was not provided, it takes
-      # care of asking the Enpoint Mapper Interface the port used by the given
+      # care of asking the Endpoint Mapper Interface the port used by the given
       # endpoint provided in #initialize and connect a TCP socket
       #
       # @param port [Integer] An optional port number to connect to. If
-      #   provided, it will not ask the Enpoint Mapper Interface for a port
+      #   provided, it will not ask the Endpoint Mapper Interface for a port
       #   number.
       # @return [TcpSocket] The connected TCP socket
       def connect(port: nil)
@@ -172,218 +175,14 @@ module RubySMB
         @tcp_socket.close if @tcp_socket && !@tcp_socket.closed?
       end
 
-      # Add the authentication verifier to the packet. This includes a sec
-      # trailer and the actual authentication data.
-      #
-      # @param req [BinData::Record] the request to be updated
-      # @param auth [String] the authentication data
-      # @param auth_type [Integer] the authentication type
-      # @param auth_level [Integer] the authentication level
-      def add_auth_verifier(req, auth, auth_type, auth_level)
-        req.sec_trailer = {
-          auth_type: auth_type,
-          auth_level: auth_level,
-          auth_context_id: @ctx_id + @auth_ctx_id_base
-        }
-        req.auth_value = auth
-        req.pdu_header.auth_length = auth.length
-
-        nil
-      end
-
       def process_ntlm_type2(type2_message)
-        ntlmssp_offset = type2_message.index('NTLMSSP')
-        type2_blob = type2_message.slice(ntlmssp_offset..-1)
-        type2_b64_message = [type2_blob].pack('m')
-        type3_message = @ntlm_client.init_context(type2_b64_message)
-        auth3 = type3_message.serialize
-
-        @session_key = @ntlm_client.session_key
+        auth3 = super
         challenge_message = @ntlm_client.session.challenge_message
         store_target_info(challenge_message.target_info) if challenge_message.has_flag?(:TARGET_INFO)
         @os_version = extract_os_version(challenge_message.os_version.to_s) unless challenge_message.os_version.empty?
         auth3
       end
 
-      # Send a rpc_auth3 PDU that ends the authentication handshake.
-      #
-      # @param response [BindAck] the BindAck response packet
-      # @param auth_type [Integer] the authentication type
-      # @param auth_level [Integer] the authentication level
-      # @raise [ArgumentError] if `:auth_type` is unknown
-      # @raise [NotImplementedError] if `:auth_type` is not implemented (yet)
-      def send_auth3(response, auth_type, auth_level)
-        case auth_type
-        when RPC_C_AUTHN_NONE
-        when RPC_C_AUTHN_WINNT, RPC_C_AUTHN_DEFAULT
-          auth3 = process_ntlm_type2(response.auth_value)
-        when RPC_C_AUTHN_NETLOGON, RPC_C_AUTHN_GSS_NEGOTIATE, RPC_C_AUTHN_GSS_SCHANNEL, RPC_C_AUTHN_GSS_KERBEROS
-          # TODO
-          raise NotImplementedError
-        else
-          raise ArgumentError, "Unsupported Auth Type: #{auth_type}"
-        end
-
-        rpc_auth3 = RpcAuth3.new
-        add_auth_verifier(rpc_auth3, auth3, auth_type, auth_level)
-        rpc_auth3.pdu_header.call_id = @call_id
-
-        # The server should not respond
-        send_packet(rpc_auth3)
-        @call_id += 1
-
-        nil
-      end
-
-      # Bind to the remote server interface endpoint. It takes care of adding
-      # the necessary authentication verifier if `:auth_level` is set to
-      # anything different than RPC_C_AUTHN_LEVEL_NONE
-      #
-      # @param endpoint [Module] the endpoint to bind to. This must be a Dcerpc
-      #   class with UUID, VER_MAJOR and VER_MINOR constants defined.
-      # @param auth_level [Integer] the authentication level
-      # @param auth_type [Integer] the authentication type
-      # @return [BindAck] the BindAck response packet
-      # @raise [Error::InvalidPacket] if an invalid packet is received
-      # @raise [Error::BindError] if the response is not a BindAck packet or if the Bind result code is not ACCEPTANCE
-      # @raise [ArgumentError] if `:auth_type` is unknown
-      # @raise [NotImplementedError] if `:auth_type` is not implemented (yet)
-      def bind(endpoint: @endpoint, auth_level: RPC_C_AUTHN_LEVEL_NONE, auth_type: nil)
-        bind_req = Bind.new(endpoint: endpoint)
-        bind_req.pdu_header.call_id = @call_id
-        # TODO: evasion: generate random UUIDs for bogus binds
-
-        if auth_level && auth_level != RPC_C_AUTHN_LEVEL_NONE
-          case auth_type
-          when RPC_C_AUTHN_WINNT, RPC_C_AUTHN_DEFAULT
-            raise ArgumentError, "NTLM Client not initialized. Username and password must be provided" unless @ntlm_client
-            type1_message = @ntlm_client.init_context
-            auth = type1_message.serialize
-          when RPC_C_AUTHN_GSS_KERBEROS, RPC_C_AUTHN_NETLOGON, RPC_C_AUTHN_GSS_NEGOTIATE
-          when RPC_C_AUTHN_GSS_KERBEROS, RPC_C_AUTHN_NETLOGON, RPC_C_AUTHN_GSS_NEGOTIATE, RPC_C_AUTHN_GSS_SCHANNEL
-            # TODO
-            raise NotImplementedError
-          else
-            raise ArgumentError, "Unsupported Auth Type: #{auth_type}"
-          end
-          add_auth_verifier(bind_req, auth, auth_type, auth_level)
-        end
-
-        send_packet(bind_req)
-        bindack_response = recv_struct(BindAck)
-        # TODO: see if BindNack response should be handled too
-
-        res_list = bindack_response.p_result_list
-        if res_list.n_results == 0 ||
-           res_list.p_results[0].result != BindAck::ACCEPTANCE
-          raise Error::BindError,
-            "Bind Failed (Result: #{res_list.p_results[0].result}, Reason: #{res_list.p_results[0].reason})"
-        end
-
-        @max_buffer_size = bindack_response.max_xmit_frag
-        @call_id = bindack_response.pdu_header.call_id
-
-        if auth_level && auth_level != RPC_C_AUTHN_LEVEL_NONE
-           # The number of legs needed to build the security context is defined
-           # by the security provider
-           # (see [2.2.1.1.7 Security Providers](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rpce/d4097450-c62f-484b-872f-ddf59a7a0d36))
-          case auth_type
-          when RPC_C_AUTHN_WINNT
-            send_auth3(bindack_response, auth_type, auth_level)
-          when RPC_C_AUTHN_GSS_KERBEROS, RPC_C_AUTHN_NETLOGON, RPC_C_AUTHN_GSS_NEGOTIATE
-            # TODO
-            raise NotImplementedError
-          end
-        end
-
-        nil
-      end
-
-      # Extract and store useful information about the peer/server from the
-      # NTLM Type 2 (challenge) TargetInfo fields.
-      #
-      # @param target_info_str [String] the Target Info string
-      def store_target_info(target_info_str)
-        target_info = Net::NTLM::TargetInfo.new(target_info_str)
-        {
-          Net::NTLM::TargetInfo::MSV_AV_NB_COMPUTER_NAME  => :@default_name,
-          Net::NTLM::TargetInfo::MSV_AV_NB_DOMAIN_NAME    => :@default_domain,
-          Net::NTLM::TargetInfo::MSV_AV_DNS_COMPUTER_NAME => :@dns_host_name,
-          Net::NTLM::TargetInfo::MSV_AV_DNS_DOMAIN_NAME   => :@dns_domain_name,
-          Net::NTLM::TargetInfo::MSV_AV_DNS_TREE_NAME     => :@dns_tree_name
-        }.each do |constant, attribute|
-          if target_info.av_pairs[constant]
-            value = target_info.av_pairs[constant].dup
-            value.force_encoding('UTF-16LE')
-            instance_variable_set(attribute, value.encode('UTF-8'))
-          end
-        end
-      end
-
-      # Extract the peer/server version number from the NTLM Type 2 (challenge)
-      # Version field.
-      #
-      # @param version [String] the version number as a binary string
-      # @return [String] the formated version number (<major>.<minor>.<build>)
-      def extract_os_version(version)
-        #version.unpack('CCS').join('.')
-        begin
-          os_version = NTLM::OSVersion.read(version)
-        rescue IOError
-          return ''
-        end
-        return "#{os_version.major}.#{os_version.minor}.#{os_version.build}"
-      end
-
-      # Add the authentication verifier to a Request packet. This includes a
-      # sec trailer and the signature of the packet. This also encrypts the
-      # Request stub if privacy is required (`:auth_level` option is
-      # RPC_C_AUTHN_LEVEL_PKT_PRIVACY).
-      #
-      # @param dcerpc_req [Request] the Request packet to be updated
-      # @param opts [Hash] the authenticaiton options: `:auth_type` and `:auth_level`
-      # @raise [NotImplementedError] if `:auth_type` is not implemented (yet)
-      # @raise [ArgumentError] if `:auth_type` is unknown
-      def set_integrity_privacy(dcerpc_req, auth_level:, auth_type:)
-        dcerpc_req.sec_trailer = {
-          auth_type: auth_type,
-          auth_level: auth_level,
-          auth_context_id: @ctx_id + @auth_ctx_id_base
-        }
-        dcerpc_req.auth_value = ' ' * 16
-        dcerpc_req.pdu_header.auth_length = 16
-
-        data_to_sign = plain_stub = dcerpc_req.stub.to_binary_s + dcerpc_req.auth_pad.to_binary_s
-        if @ntlm_client.flags & NTLM::NEGOTIATE_FLAGS[:EXTENDED_SECURITY] != 0
-          data_to_sign = dcerpc_req.to_binary_s[0..-(dcerpc_req.pdu_header.auth_length + 1)]
-        end
-
-        encrypted_stub = ''
-        if auth_level == RPC_C_AUTHN_LEVEL_PKT_PRIVACY
-          case auth_type
-          when RPC_C_AUTHN_NONE
-          when RPC_C_AUTHN_WINNT, RPC_C_AUTHN_DEFAULT
-            encrypted_stub = @ntlm_client.session.seal_message(plain_stub)
-          when RPC_C_AUTHN_NETLOGON, RPC_C_AUTHN_GSS_NEGOTIATE, RPC_C_AUTHN_GSS_SCHANNEL, RPC_C_AUTHN_GSS_KERBEROS
-            # TODO
-            raise NotImplementedError
-          else
-            raise ArgumentError, "Unsupported Auth Type: #{auth_type}"
-          end
-        end
-
-        signature = @ntlm_client.session.sign_message(data_to_sign)
-
-        unless encrypted_stub.empty?
-          pad_length = dcerpc_req.sec_trailer.auth_pad_length.to_i
-          dcerpc_req.enable_encrypted_stub
-          dcerpc_req.stub = encrypted_stub[0..-(pad_length + 1)]
-          dcerpc_req.auth_pad = encrypted_stub[-(pad_length)..-1]
-        end
-        dcerpc_req.auth_value = signature
-        dcerpc_req.pdu_header.auth_length = signature.size
-      end
-
       # Send a DCERPC request with the provided stub packet.
       #
       # @param stub_packet [BinData::Record] the stub packet to be sent as
@@ -482,60 +281,6 @@ module RubySMB
         raise Error::CommunicationError, "An error occurred reading from the Socket: #{e.message}"
       end
 
-      # Process the security context received in a response. It decrypts the
-      # encrypted stub if `:auth_level` is set to anything different than
-      # RPC_C_AUTHN_LEVEL_PKT_PRIVACY. It also checks the packet signature and
-      # raises an InvalidPacket error if it fails. Note that the exception is
-      # disabled by default and can be enabled with the
-      # `:raise_signature_error` option
-      #
-      # @param dcerpc_response [Response] the Response packet
-      #   containing the security context to process
-      # @param opts [Hash] the authenticaiton options: `:auth_type` and
-      #   `:auth_level`. To enable errors when signature check fails, set the
-      #   `:raise_signature_error` option to true
-      # @raise [NotImplementedError] if `:auth_type` is not implemented (yet)
-      # @raise [Error::CommunicationError] if socket-related error occurs
-      def handle_integrity_privacy(dcerpc_response, auth_level:, auth_type:, raise_signature_error: false)
-        decrypted_stub = ''
-        if auth_level == RPC_C_AUTHN_LEVEL_PKT_PRIVACY
-          encrypted_stub = dcerpc_response.stub.to_binary_s + dcerpc_response.auth_pad.to_binary_s
-          case auth_type
-          when RPC_C_AUTHN_NONE
-          when RPC_C_AUTHN_WINNT, RPC_C_AUTHN_DEFAULT
-            decrypted_stub = @ntlm_client.session.unseal_message(encrypted_stub)
-          when RPC_C_AUTHN_NETLOGON, RPC_C_AUTHN_GSS_NEGOTIATE, RPC_C_AUTHN_GSS_SCHANNEL, RPC_C_AUTHN_GSS_KERBEROS
-            # TODO
-            raise NotImplementedError
-          else
-            raise ArgumentError, "Unsupported Auth Type: #{auth_type}"
-          end
-        end
-
-        unless decrypted_stub.empty?
-          pad_length = dcerpc_response.sec_trailer.auth_pad_length.to_i
-          dcerpc_response.stub = decrypted_stub[0..-(pad_length + 1)]
-          dcerpc_response.auth_pad = decrypted_stub[-(pad_length)..-1]
-        end
-
-        signature = dcerpc_response.auth_value
-        data_to_check = dcerpc_response.stub.to_binary_s
-        if @ntlm_client.flags & NTLM::NEGOTIATE_FLAGS[:EXTENDED_SECURITY] != 0
-          data_to_check = dcerpc_response.to_binary_s[0..-(dcerpc_response.pdu_header.auth_length + 1)]
-        end
-        unless @ntlm_client.session.verify_signature(signature, data_to_check)
-          if raise_signature_error
-            raise Error::InvalidPacket.new(
-              "Wrong packet signature received (set `raise_signature_error` to false to ignore)"
-            )
-          end
-        end
-
-        @call_id += 1
-
-        nil
-      end
-
     end
   end
 end

data/lib/ruby_smb/dcerpc/dfsnm/netr_dfs_add_std_root_request.rb

@@ -0,0 +1,24 @@
+module RubySMB
+  module Dcerpc
+    module Dfsnm
+
+      # [3.1.4.4.1 NetrDfsAddStdRoot (Opnum 12)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dfsnm/b18ef17a-7a9c-4e22-b1bf-6a4d07e87b2d)
+      class NetrDfsAddStdRootRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        ndr_conf_var_wide_stringz :server_name
+        ndr_conf_var_wide_stringz :root_share
+        ndr_conf_var_wide_stringz :comment
+        ndr_uint32                :api_flags
+
+        def initialize_instance
+          super
+          @opnum = NETR_DFS_ADD_STD_ROOT
+        end
+      end
+
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/dfsnm/netr_dfs_add_std_root_response.rb

@@ -0,0 +1,21 @@
+module RubySMB
+  module Dcerpc
+    module Dfsnm
+
+      # [3.1.4.4.1 NetrDfsAddStdRoot (Opnum 12)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dfsnm/b18ef17a-7a9c-4e22-b1bf-6a4d07e87b2d)
+      class NetrDfsAddStdRootResponse < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        ndr_uint32 :error_status
+
+        def initialize_instance
+          super
+          @opnum = NETR_DFS_ADD_STD_ROOT
+        end
+      end
+
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/dfsnm/netr_dfs_remove_std_root_request.rb

@@ -0,0 +1,23 @@
+module RubySMB
+  module Dcerpc
+    module Dfsnm
+
+      # [3.1.4.4.2 NetrDfsRemoveStdRoot (Opnum 13)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dfsnm/e9da023d-554a-49bc-837a-69f22d59fd18)
+      class NetrDfsRemoveStdRootRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        ndr_conf_var_wide_stringz :server_name
+        ndr_conf_var_wide_stringz :root_share
+        ndr_uint32                :api_flags
+
+        def initialize_instance
+          super
+          @opnum = NETR_DFS_REMOVE_STD_ROOT
+        end
+      end
+
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/dfsnm/netr_dfs_remove_std_root_response.rb

@@ -0,0 +1,21 @@
+module RubySMB
+  module Dcerpc
+    module Dfsnm
+
+      # [3.1.4.4.2 NetrDfsRemoveStdRoot (Opnum 13)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dfsnm/e9da023d-554a-49bc-837a-69f22d59fd18)
+      class NetrDfsRemoveStdRootResponse < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        ndr_uint32 :error_status
+
+        def initialize_instance
+          super
+          @opnum = NETR_DFS_REMOVE_STD_ROOT
+        end
+      end
+
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/dfsnm.rb

@@ -0,0 +1,84 @@
+module RubySMB
+  module Dcerpc
+    module Dfsnm
+
+      UUID = '4fc742e0-4a10-11cf-8273-00aa004ae673'
+      VER_MAJOR = 3
+      VER_MINOR = 0
+
+      # Operation numbers
+      NETR_DFS_ADD_STD_ROOT    = 0x000c
+      NETR_DFS_REMOVE_STD_ROOT = 0x000d
+
+      require 'ruby_smb/dcerpc/dfsnm/netr_dfs_add_std_root_request'
+      require 'ruby_smb/dcerpc/dfsnm/netr_dfs_add_std_root_response'
+      require 'ruby_smb/dcerpc/dfsnm/netr_dfs_remove_std_root_request'
+      require 'ruby_smb/dcerpc/dfsnm/netr_dfs_remove_std_root_response'
+
+      # Create a new stand-alone DFS namespace.
+      #
+      # @param server_name [String] The host name of the DFS root target.
+      # @param root_share [String] The DFS root target share name.
+      # @param comment [String] A comment associated with the DFS namespace.
+      # @return nothing is returned on success
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a
+      #   NetrDfsAddStdRootResponse packet
+      # @raise [RubySMB::Dcerpc::Error::DfsnmError] if the response error status
+      #   is not ERROR_SUCCESS
+      def netr_dfs_add_std_root(server_name, root_share, comment: '')
+        netr_dfs_add_std_root_request = NetrDfsAddStdRootRequest.new(
+          server_name: server_name,
+          root_share: root_share,
+          comment: comment
+        )
+        response = dcerpc_request(netr_dfs_add_std_root_request)
+        begin
+          netr_dfs_add_std_root_response = NetrDfsAddStdRootResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading NetrDfsAddStdRootResponse'
+        end
+        unless netr_dfs_add_std_root_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+          status_code = WindowsError::Win32.find_by_retval(netr_dfs_add_std_root_response.error_status.value).first
+          raise RubySMB::Dcerpc::Error::DfsnmError.new(
+            "Error returned with netr_dfs_add_std_root: #{status_code}",
+            status_code: status_code
+          )
+        end
+
+        nil
+      end
+
+      # Delete the specified stand-alone DFS namespace.
+      #
+      # @param server_name [String] The host name of the DFS root target.
+      # @param root_share [String] The DFS root target share name.
+      # @return nothing is returned on success
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a
+      #   NetrDfsRemoveStdRootResponse packet
+      # @raise [RubySMB::Dcerpc::Error::DfsnmError] if the response error status
+      #   is not ERROR_SUCCESS
+      def netr_dfs_remove_std_root(server_name, root_share)
+        netr_dfs_remove_std_root_request = NetrDfsRemoveStdRootRequest.new(
+          server_name: server_name,
+          root_share: root_share
+        )
+        response = dcerpc_request(netr_dfs_remove_std_root_request)
+        begin
+          netr_dfs_remove_std_root_response = NetrDfsRemoveStdRootResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading NetrDfsRemoveStdRootResponse'
+        end
+        unless netr_dfs_remove_std_root_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+          status_code = WindowsError::Win32.find_by_retval(netr_dfs_remove_std_root_response.error_status.value).first
+          raise RubySMB::Dcerpc::Error::DfsnmError.new(
+            "Error returned with netr_dfs_remove_std_root: #{status_code}",
+            status_code: status_code
+          )
+        end
+
+        nil
+      end
+
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/error.rb

@@ -46,6 +46,27 @@ module RubySMB
 
       # Raised when an error is returned during a Epm operation
       class EpmError < DcerpcError; end
+
+      # Raised when an error is returned during a Dfsnm operation
+      class DfsnmError < DcerpcError
+        include RubySMB::Error::UnexpectedStatusCode::Mixin
+
+        def initialize(msg, status_code: nil)
+          self.status_code = status_code unless status_code.nil?
+
+          super(msg)
+        end
+      end
+
+      class IcprError < DcerpcError
+        include RubySMB::Error::UnexpectedStatusCode::Mixin
+
+        def initialize(msg, status_code: nil)
+          self.status_code = status_code unless status_code.nil?
+
+          super(msg)
+        end
+      end
     end
   end
 end

data/lib/ruby_smb/dcerpc/icpr/cert_server_request_request.rb

@@ -0,0 +1,27 @@
+require 'ruby_smb/dcerpc/ndr'
+
+module RubySMB
+  module Dcerpc
+    module Icpr
+
+      # [3.2.4.1.1 CertServerRequest (Opnum 0)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-icpr/0c6f150e-3ead-4006-b37f-ebbf9e2cf2e7)
+      class CertServerRequestRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        ndr_uint32           :dw_flags
+        ndr_wide_stringz_ptr :pwsz_authority
+        ndr_uint32           :pdw_request_id
+        cert_trans_blob      :pctb_attribs
+        cert_trans_blob      :pctb_request
+
+        def initialize_instance
+          super
+          @opnum = CERT_SERVER_REQUEST
+        end
+      end
+
+    end
+  end
+end