ruby_smb 3.2.3 → 3.2.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f79e8799ee1ce9b9e57a49e662df1db3afff956330d5a2649033fae5073e6716
-  data.tar.gz: 316e8f6d266e3f909e00a5083ce06411a33e9c2185e437d4dac553742035d1cd
+  metadata.gz: 94370417b66a804dd7d24a57070fe9e5accf48f042baf4cbc56ead2227b92bd5
+  data.tar.gz: 5f130535d6ccf03dd60c9fc879b0bb050d328c4906f40a702260370c24ac52a3
 SHA512:
-  metadata.gz: 85f66e2314297543555b22e9ada529342caef50d6361e31afa1ba2d777c6b752b51260f6c0161b2788fe1816f04dcd330af61b2074908a08caa462f0e72b5754
-  data.tar.gz: 76417e3878c285b0f67808027b6fde0f8d0e5a6c1849db49bdcec4d2b6a86eb3f95607b8cacf76cfbfc1b8f9d49624c278aa30cfe9eb4bb7d12dd6b5abc947a5
+  metadata.gz: fcc08f98211ef0970ab0cedd56f5955d9ca3f52235b2751a84972036b67f3b2f2c3fd07c22919e8522d4ad1876d43ca3099a1286140abedece7f399f0dc871bf
+  data.tar.gz: a4fe143def77e9e85fb40e44dfb5f33be4fb8499c4aff196ded4ad1710f84f278be70752fd9a4827cbc66e1afe299716f80854a74492998fb26c5cd6f6572a7d

data/examples/dump_secrets_from_sid.rb

@@ -26,6 +26,7 @@ client = RubySMB::Dcerpc::Client.new(
 client.connect
 puts('Binding to DRSR...')
 client.bind(
+  endpoint: RubySMB::Dcerpc::Drsr,
   auth_level: RubySMB::Dcerpc::RPC_C_AUTHN_LEVEL_PKT_PRIVACY,
   auth_type: RubySMB::Dcerpc::RPC_C_AUTHN_WINNT
 )

data/lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_decrypt_file_srv_request.rb

@@ -0,0 +1,22 @@
+module RubySMB
+  module Dcerpc
+    module EncryptingFileSystem
+
+      # [3.1.4.2.6 Receiving an EfsRpcDecryptFileSrv Message (Opnum 5)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/043715de-caee-402a-a61b-921743337e78)
+      class EfsRpcDecryptFileSrvRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        ndr_conf_var_wide_stringz :file_name
+        ndr_uint32                :open_flag
+
+        def initialize_instance
+          super
+          @opnum = EFS_RPC_DECRYPT_FILE_SRV
+        end
+      end
+
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_decrypt_file_srv_response.rb

@@ -0,0 +1,21 @@
+module RubySMB
+  module Dcerpc
+    module EncryptingFileSystem
+
+      # [3.1.4.2.6 Receiving an EfsRpcDecryptFileSrv Message (Opnum 5)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/043715de-caee-402a-a61b-921743337e78)
+      class EfsRpcDecryptFileSrvResponse < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        ndr_uint32         :error_status
+
+        def initialize_instance
+          super
+          @opnum = EFS_RPC_DECRYPT_FILE_SRV
+        end
+      end
+
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_query_recover_agents_request.rb

@@ -0,0 +1,20 @@
+module RubySMB
+  module Dcerpc
+    module EncryptingFileSystem
+
+      # [3.1.4.2.8 Receiving an EfsRpcQueryRecoveryAgents Message (Opnum 7)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/cf759c00-1b90-4c33-9ace-f51c20149cea)
+      class EfsRpcQueryRecoveryAgentsRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        ndr_conf_var_wide_stringz :file_name
+
+        def initialize_instance
+          super
+          @opnum = EFS_RPC_QUERY_RECOVERY_AGENTS
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_query_recover_agents_response.rb

@@ -0,0 +1,21 @@
+module RubySMB
+  module Dcerpc
+    module EncryptingFileSystem
+
+      # [3.1.4.2.8 Receiving an EfsRpcQueryRecoveryAgents Message (Opnum 7)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/cf759c00-1b90-4c33-9ace-f51c20149cea)
+      class EfsRpcQueryRecoveryAgentsResponse < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        encryption_certificate_hash_list_ptr :recover_agents
+        ndr_uint32                           :error_status
+
+        def initialize_instance
+          super
+          @opnum = EFS_RPC_QUERY_RECOVERY_AGENTS
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_query_users_on_file_request.rb

@@ -0,0 +1,20 @@
+module RubySMB
+  module Dcerpc
+    module EncryptingFileSystem
+
+      # [3.1.4.2.7 Receiving an EfsRpcQueryUsersOnFile Message (Opnum 6)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/a058dc6c-bb7e-491c-9143-a5cb1f7e7cea)
+      class EfsRpcQueryUsersOnFileRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        ndr_conf_var_wide_stringz :file_name
+
+        def initialize_instance
+          super
+          @opnum = EFS_RPC_QUERY_USERS_ON_FILE
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_query_users_on_file_response.rb

@@ -0,0 +1,21 @@
+module RubySMB
+  module Dcerpc
+    module EncryptingFileSystem
+
+      # [3.1.4.2.7 Receiving an EfsRpcQueryUsersOnFile Message (Opnum 6)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/a058dc6c-bb7e-491c-9143-a5cb1f7e7cea)
+      class EfsRpcQueryUsersOnFileResponse < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        encryption_certificate_hash_list_ptr :users
+        ndr_uint32                           :error_status
+
+        def initialize_instance
+          super
+          @opnum = EFS_RPC_QUERY_USERS_ON_FILE
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/encrypting_file_system.rb

@@ -35,10 +35,62 @@ module RubySMB
       OVERWRITE_HIDDEN = 0x00000004
       EFS_DROP_ALTERNATE_STREAMS = 0x00000010
 
+      # [2.2.7 EFS_HASH_BLOB](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/242d857f-ac8e-4cc8-b5e4-9314a942f45e)
+      class EfsHashBlob < Ndr::NdrStruct
+        endian :little
+        default_parameter byte_align: 4
+
+        ndr_uint32   :cb_data
+        ndr_byte_conf_array_ptr :b_data
+      end
+
+      class EfsHashBlobPtr < EfsHashBlob
+        extend Ndr::PointerClassPlugin
+      end
+
+      # [2.2.10 ENCRYPTION_CERTIFICATE_HASH](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/3a7e7151-edcb-4b32-a119-35cdce1584c0)
+      class EncryptionCertificateHash < Ndr::NdrStruct
+        endian :little
+        default_parameter byte_align: 4
+
+        ndr_uint32                :cb_total_length
+        prpc_sid                  :user_sid
+        efs_hash_blob_ptr         :certificate_hash
+        ndr_wide_stringz_ptr      :lp_display_information
+      end
+
+      class EncryptionCertificateHashPtr < EncryptionCertificateHash
+        extend Ndr::PointerClassPlugin
+      end
+
+      class EncryptionCertificateHashPtrArrayPtr < Ndr::NdrConfArray
+        default_parameter type: :encryption_certificate_hash_ptr
+        extend Ndr::PointerClassPlugin
+      end
+
+      # [2.2.11 ENCRYPTION_CERTIFICATE_HASH_LIST](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/2718804c-6ab9-45fd-98cf-541bc3b6bc75)
+      class EncryptionCertificateHashList < BinData::Record
+        endian :little
+        default_parameter byte_align: 4
+
+        uint32                                    :ncert_hash
+        encryption_certificate_hash_ptr_array_ptr :users
+      end
+
+      class EncryptionCertificateHashListPtr < EncryptionCertificateHashList
+        extend Ndr::PointerClassPlugin
+      end
+
+      require 'ruby_smb/dcerpc/encrypting_file_system/efs_rpc_decrypt_file_srv_request'
+      require 'ruby_smb/dcerpc/encrypting_file_system/efs_rpc_decrypt_file_srv_response'
       require 'ruby_smb/dcerpc/encrypting_file_system/efs_rpc_encrypt_file_srv_request'
       require 'ruby_smb/dcerpc/encrypting_file_system/efs_rpc_encrypt_file_srv_response'
       require 'ruby_smb/dcerpc/encrypting_file_system/efs_rpc_open_file_raw_request'
       require 'ruby_smb/dcerpc/encrypting_file_system/efs_rpc_open_file_raw_response'
+      require 'ruby_smb/dcerpc/encrypting_file_system/efs_rpc_query_recover_agents_request'
+      require 'ruby_smb/dcerpc/encrypting_file_system/efs_rpc_query_recover_agents_response'
+      require 'ruby_smb/dcerpc/encrypting_file_system/efs_rpc_query_users_on_file_request'
+      require 'ruby_smb/dcerpc/encrypting_file_system/efs_rpc_query_users_on_file_response'
     end
   end
 end

data/lib/ruby_smb/dcerpc/ndr.rb

@@ -1315,5 +1315,123 @@ module RubySMB::Dcerpc::Ndr
     end
   end
 
+  # (IDL/NDR) Pickles as defined in
+  # [(IDL/NDR) # Pickles](https://pubs.opengroup.org/onlinepubs/9668899/chap2.htm#tagcjh_05_01_07)
+  # and
+  # [2.2.6 Type Serialization Version # 1](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rpce/9a1d0f97-eac0-49ab-a197-f1a581c2d6a0)
+
+  # [2.2.6.1 Common Type Header for the Serialization Stream](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rpce/6d75d40e-e2d2-4420-b9e9-8508a726a9ae)
+  class TypeSerialization1CommonTypeHeader < BinData::Record
+    default_parameter byte_align: 8
+    endian :little
+
+    uint8  :version, initial_value: 1
+    uint8  :endianness, initial_value: 0x10
+    uint16 :common_header_length, initial_value: 8
+    uint32 :filler, initial_value: 0xCCCCCCCC
+  end
+
+  # [2.2.6.2 Private Header for Constructed Type](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rpce/63949ba8-bc88-4c0c-9377-23f14b197827)
+  class TypeSerialization1PrivateHeader < BinData::Record
+    default_parameter byte_align: 8
+    endian :little
+
+    uint32 :object_buffer_length, initial_value: -> { buffer_length(@obj) }
+    uint32 :filler, initial_value: 0x00000000
+
+    def buffer_length(obj)
+      parent.respond_to?(:field_length) ? parent.field_length(obj.parent) : 0
+    end
+  end
+
+  # [2.2.6 Type Serialization Version 1](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rpce/9a1d0f97-eac0-49ab-a197-f1a581c2d6a0)
+  #
+  # This structure is not meant to be instantiated directly. Instead, the
+  # structure with the fields to be serialized needs to inherit from
+  # TypeSerialization1. This class will take care of adding the
+  # TypeSerialization1PrivateHeader fields in front of any NDR constructed type
+  # structures and setting the buffer length field (:object_buffer_length) to
+  # the correct value.
+  #
+  # Example:
+  #
+  # class TestStruct < RubySMB::Dcerpc::Ndr::NdrStruct
+  #   default_parameters byte_align: 8
+  #   endian :little
+
+  #   rpc_unicode_string :full_name
+  #   ndr_uint32 :user_id
+  # end
+
+  # class TestTypeSerialization1 < RubySMB::Dcerpc::Ndr::TypeSerialization1
+  #   default_parameter byte_align: 8
+  #   endian :little
+  #
+  #   test_struct :data1
+  #   uint32 :value1, initial_value: 5
+  #   uint32 :value2, initial_value: 6
+  #   test_struct :data2
+  #   uint32 :value3, initial_value: 7
+  #   test_struct :data3
+  # end
+  #
+  # This will result in the following structure:
+  # {
+  #   :common_header => {:version=>1, :endianness=>16, :common_header_length=>8, :filler=>3435973836},
+  #   :private_header1 => {:object_buffer_length=>12, :filler=>0},
+  #   :data1 => {:full_name=>{:buffer_length=>0, :maximum_length=>0, :buffer=>:null}, :user_id=>0},
+  #   :value1 => 5,
+  #   :value2 => 6,
+  #   :private_header2 => {:object_buffer_length=>12, :filler=>0},
+  #   :data2 => {:full_name=>{:buffer_length=>0, :maximum_length=>0, :buffer=>:null}, :user_id=>0},
+  #   :value3 => 7,
+  #   :private_header3 => {:object_buffer_length=>12, :filler=>0},
+  #   :data3 => {:full_name=>{:buffer_length=>0, :maximum_length=>0, :buffer=>:null}, :user_id=>0}
+  # }
+  #
+  class TypeSerialization1 < BinData::Record
+    PRIVATE_HEADER_BASE_NAME = 'private_header'.freeze
+
+    default_parameter byte_align: 8
+    endian :little
+    search_prefix :type_serialization1
+
+    common_type_header :common_header
+
+    def field_length(obj)
+      length = 0
+      index = find_index_of(obj)
+      if index
+        each_pair {|n, o| length = o.num_bytes if n == field_names[index + 1]}
+      end
+      length
+    end
+
+    def self.method_missing(symbol, *args, &block)
+      return super if dsl_parser.respond_to?(symbol)
+
+      klass = BinData::RegisteredClasses.lookup(symbol, {endian: dsl_parser.endian, search_prefix: dsl_parser.search_prefix})
+      if klass.new.is_a?(ConstructedTypePlugin)
+        # We cannot have two fields with the same name. So, here we look for
+        # existing TypeSerialization1PrivateHeader fields and just increment
+        # the ending number of the last TypeSerialization1PrivateHeader field
+        # to make the new name unique.
+        names = dsl_parser.fields.find_all do |field|
+          field.prototype.instance_variable_get(:@obj_class) == TypeSerialization1PrivateHeader
+        end.map(&:name).sort
+        if names.empty?
+          new_name = "#{PRIVATE_HEADER_BASE_NAME}1"
+        else
+          num = names.last.match(/#{PRIVATE_HEADER_BASE_NAME}(\d)$/)[1].to_i
+          new_name = "#{PRIVATE_HEADER_BASE_NAME}#{num + 1}"
+        end
+
+        super(:private_header, new_name.to_sym)
+      end
+
+      super
+    end
+  end
+
 end
 

data/lib/ruby_smb/dcerpc/samr.rb

@@ -259,6 +259,8 @@ module RubySMB
         3          => 'des-cbc-md5',
         17         => 'aes128-cts-hmac-sha1-96',
         18         => 'aes256-cts-hmac-sha1-96',
+        # Windows Server 2008 and later DC includes a KeyType of -140. Not present when the domain functional level is raised to DS_BEHAVIOR_WIN2008 or greater
+        # [Appendix_A_24](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/fa61e5fc-f8fb-4d5b-9695-c724af0c3829#Appendix_A_24)
         0xffffff74 => 'rc4_hmac'
       }
 

data/lib/ruby_smb/ntlm/custom/string_encoder.rb

@@ -0,0 +1,22 @@
+require 'net/ntlm'
+
+module RubySMB
+  module NTLM
+    module Custom
+      module StringEncoder
+
+        def self.prepended(base)
+          base.singleton_class.send(:prepend, ClassMethods)
+        end
+
+        module ClassMethods
+          def encode_utf16le(str)
+            str.dup.force_encoding('UTF-8').encode(Encoding::UTF_16LE, Encoding::UTF_8).force_encoding('ASCII-8BIT')
+          end
+        end
+      end
+    end
+  end
+end
+
+Net::NTLM::EncodeUtil.send(:prepend, RubySMB::NTLM::Custom::StringEncoder)

data/lib/ruby_smb/ntlm.rb

@@ -1,4 +1,4 @@
-require 'ruby_smb/ntlm/custom/ntlm'
+require 'ruby_smb/ntlm/custom/string_encoder'
 
 module RubySMB
   module NTLM

data/lib/ruby_smb/version.rb

@@ -1,3 +1,3 @@
 module RubySMB
-  VERSION = '3.2.3'.freeze
+  VERSION = '3.2.5'.freeze
 end

data/lib/ruby_smb.rb

@@ -6,7 +6,7 @@ require 'openssl/ccm'
 require 'openssl/cmac'
 require 'windows_error'
 require 'windows_error/nt_status'
-require 'ruby_smb/ntlm/custom/ntlm'
+require 'ruby_smb/ntlm/custom/string_encoder'
 # A packet parsing and manipulation library for the SMB1 and SMB2 protocols
 #
 # [[MS-SMB] Server Message Block (SMB) Protocol Version 1](https://msdn.microsoft.com/en-us/library/cc246482.aspx)

data/spec/lib/ruby_smb/dcerpc/ndr_spec.rb

@@ -4146,3 +4146,201 @@ RSpec.describe 'Alignment' do
     end
   end
 end
+
+RSpec.describe RubySMB::Dcerpc::Ndr::TypeSerialization1CommonTypeHeader do
+  it 'is a BinData::Record class' do
+    expect(described_class).to be < BinData::Record
+  end
+  it 'has :byte_align parameter set to the expected value' do
+    expect(described_class.default_parameters[:byte_align]).to eq(8)
+  end
+
+  subject { described_class.new }
+
+  it { is_expected.to respond_to :version }
+  it { is_expected.to respond_to :endianness }
+  it { is_expected.to respond_to :common_header_length }
+  it { is_expected.to respond_to :filler }
+
+  context 'with #version' do
+    it 'is a BinData::Uint8' do
+      expect(subject.version).to be_a BinData::Uint8
+    end
+    it 'returns 1 by default' do
+      expect(subject.version).to eq(1)
+    end
+  end
+
+  context 'with #endianness' do
+    it 'is a BinData::Uint8' do
+      expect(subject.endianness).to be_a BinData::Uint8
+    end
+    it 'returns 0x10 by default' do
+      expect(subject.endianness).to eq(0x10)
+    end
+  end
+
+  context 'with #common_header_length' do
+    it 'is a BinData::Uint16le' do
+      expect(subject.common_header_length).to be_a BinData::Uint16le
+    end
+    it 'returns 8 by default' do
+      expect(subject.common_header_length).to eq(8)
+    end
+  end
+
+  context 'with #filler' do
+    it 'is a BinData::Uint32le' do
+      expect(subject.filler).to be_a BinData::Uint32le
+    end
+    it 'returns 0xCCCCCCCC by default' do
+      expect(subject.filler).to eq(0xCCCCCCCC)
+    end
+  end
+
+  it 'reads itself' do
+    values = {version: 4, endianness: 0x33, common_header_length: 44, filler: 0xFFFFFFFF}
+    struct_instance = described_class.new(values)
+    expect(described_class.read(struct_instance.to_binary_s)).to eq(values)
+  end
+end
+
+RSpec.describe RubySMB::Dcerpc::Ndr::TypeSerialization1PrivateHeader do
+  it 'is a BinData::Record class' do
+    expect(described_class).to be < BinData::Record
+  end
+  it 'has :byte_align parameter set to the expected value' do
+    expect(described_class.default_parameters[:byte_align]).to eq(8)
+  end
+
+  subject { described_class.new }
+
+  it { is_expected.to respond_to :object_buffer_length }
+  it { is_expected.to respond_to :filler }
+
+  context 'with #object_buffer_length' do
+    it 'is a BinData::Uint32le' do
+      expect(subject.object_buffer_length).to be_a BinData::Uint32le
+    end
+    it 'calls its parent\'s #field_length method to set its default value' do
+      test_struct = Class.new(BinData::Record) do
+        endian :little
+        type_serialization1_private_header :header
+
+        def field_length(obj);end
+      end.new
+      expect(test_struct).to receive(:field_length).and_return(4)
+      expect(test_struct.header.object_buffer_length).to eq(4)
+    end
+    it 'sets the default value to 0 when its parent doesn\'t implemet #field_length' do
+      expect(subject.object_buffer_length).to eq(0)
+    end
+  end
+
+  context 'with #filler' do
+    it 'is a BinData::Uint32le' do
+      expect(subject.filler).to be_a BinData::Uint32le
+    end
+    it 'returns 0x00000000 by default' do
+      expect(subject.filler).to eq(0x00000000)
+    end
+  end
+
+  it 'reads itself' do
+    values = {object_buffer_length: 4, filler: 0xFFFFFFFF}
+    struct_instance = described_class.new(values)
+    expect(described_class.read(struct_instance.to_binary_s)).to eq(values)
+  end
+end
+
+RSpec.describe RubySMB::Dcerpc::Ndr::TypeSerialization1 do
+  it 'is a BinData::Record class' do
+    expect(described_class).to be < BinData::Record
+  end
+  it 'has :byte_align parameter set to the expected value' do
+    expect(described_class.default_parameters[:byte_align]).to eq(8)
+  end
+
+  subject { described_class.new }
+
+  it { is_expected.to respond_to :common_header }
+
+  context 'with #common_header' do
+    it 'is a TypeSerialization1CommonTypeHeader structure' do
+      expect(subject.common_header).to be_a RubySMB::Dcerpc::Ndr::TypeSerialization1CommonTypeHeader
+    end
+  end
+
+  it 'reads itself' do
+    values = {
+      common_header: {version: 4, endianness: 0x33, common_header_length: 44, filler: 0xFFFFFFFF}
+    }
+    struct_instance = described_class.new(values)
+    expect(described_class.read(struct_instance.to_binary_s)).to eq(values)
+  end
+
+  context 'when inherited' do
+    let(:test_struct) do
+      Class.new(RubySMB::Dcerpc::Ndr::NdrStruct) do
+        default_parameters byte_align: 8
+        endian :little
+
+        rpc_unicode_string :full_name
+        ndr_uint32 :user_id
+      end
+    end
+    before :example do
+      BinData::RegisteredClasses.register('test_struct', test_struct)
+    end
+    after :example do
+      BinData::RegisteredClasses.unregister('test_struct')
+    end
+
+    subject do
+      Class.new(described_class) do
+        default_parameter byte_align: 8
+        endian :little
+
+        test_struct :data1
+        uint32 :value1, initial_value: 5
+        uint32 :value2, initial_value: 6
+        test_struct :data2
+        uint32 :value3, initial_value: 7
+        test_struct :data3
+      end.new
+    end
+
+    it { is_expected.to respond_to :common_header }
+    it { is_expected.to respond_to :private_header1 }
+    it { is_expected.to respond_to :data1 }
+    it { is_expected.to respond_to :value1 }
+    it { is_expected.to respond_to :value2 }
+    it { is_expected.to respond_to :private_header2 }
+    it { is_expected.to respond_to :data2 }
+    it { is_expected.to respond_to :value3 }
+    it { is_expected.to respond_to :private_header3 }
+    it { is_expected.to respond_to :data3 }
+
+    it 'sets the expected default values' do
+      data_obj = test_struct.new
+      expect(subject.data1).to eq(data_obj)
+      expect(subject.value1).to eq(5)
+      expect(subject.value2).to eq(6)
+      expect(subject.data2).to eq(data_obj)
+      expect(subject.value3).to eq(7)
+      expect(subject.data3).to eq(data_obj)
+    end
+
+    it 'sets the correct private header\'s object_buffer_length field value' do
+      data1 = test_struct.new(full_name: 'test string')
+      subject.data1 = data1
+      expect(subject.private_header1.object_buffer_length).to eq(data1.num_bytes)
+      data2 = test_struct.new(full_name: 'another test string')
+      subject.data2 = data2
+      expect(subject.private_header2.object_buffer_length).to eq(data2.num_bytes)
+      data3 = test_struct.new(full_name: 'more string!!!')
+      subject.data3 = data3
+      expect(subject.private_header3.object_buffer_length).to eq(data3.num_bytes)
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ruby_smb
 version: !ruby/object:Gem::Version
-  version: 3.2.3
+  version: 3.2.5
 platform: ruby
 authors:
 - Metasploit Hackers
@@ -97,7 +97,7 @@ cert_chain:
   EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
   9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
   -----END CERTIFICATE-----
-date: 2023-01-26 00:00:00.000000000 Z
+date: 2023-03-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: redcarpet
@@ -316,10 +316,16 @@ files:
 - lib/ruby_smb/dcerpc/drsr/drs_unbind_request.rb
 - lib/ruby_smb/dcerpc/drsr/drs_unbind_response.rb
 - lib/ruby_smb/dcerpc/encrypting_file_system.rb
+- lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_decrypt_file_srv_request.rb
+- lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_decrypt_file_srv_response.rb
 - lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_encrypt_file_srv_request.rb
 - lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_encrypt_file_srv_response.rb
 - lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_open_file_raw_request.rb
 - lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_open_file_raw_response.rb
+- lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_query_recover_agents_request.rb
+- lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_query_recover_agents_response.rb
+- lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_query_users_on_file_request.rb
+- lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_query_users_on_file_response.rb
 - lib/ruby_smb/dcerpc/epm.rb
 - lib/ruby_smb/dcerpc/epm/epm_ept_map_request.rb
 - lib/ruby_smb/dcerpc/epm/epm_ept_map_response.rb
@@ -493,7 +499,7 @@ files:
 - lib/ruby_smb/nbss/session_request.rb
 - lib/ruby_smb/ntlm.rb
 - lib/ruby_smb/ntlm/client.rb
-- lib/ruby_smb/ntlm/custom/ntlm.rb
+- lib/ruby_smb/ntlm/custom/string_encoder.rb
 - lib/ruby_smb/peer_info.rb
 - lib/ruby_smb/server.rb
 - lib/ruby_smb/server/cli.rb

data/lib/ruby_smb/ntlm/custom/ntlm.rb

@@ -1,19 +0,0 @@
-require 'net/ntlm'
-
-module Custom
-  module NTLM
-
-    def self.prepended(base)
-      base.singleton_class.send(:prepend, ClassMethods)
-    end
-
-    module ClassMethods
-      def encode_utf16le(str)
-        str.dup.force_encoding('UTF-8').encode(Encoding::UTF_16LE, Encoding::UTF_8).force_encoding('ASCII-8BIT')
-      end
-    end
-
-  end
-end
-
-Net::NTLM::EncodeUtil.send(:prepend, Custom::NTLM)