RubyGems - ruby_smb - Versions diffs - 3.3.18 → 3.3.19 - Mend

ruby_smb 3.3.18 → 3.3.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

checksums.yaml +4 -4
data/lib/ruby_smb/client/authentication.rb +53 -0
data/lib/ruby_smb/client/negotiation.rb +10 -2
data/lib/ruby_smb/client/tree_connect.rb +8 -1
data/lib/ruby_smb/client.rb +16 -5
data/lib/ruby_smb/rap/net_share_enum.rb +166 -0
data/lib/ruby_smb/rap.rb +10 -0
data/lib/ruby_smb/smb1/commands.rb +1 -0
data/lib/ruby_smb/smb1/packet/negotiate_response.rb +11 -0
data/lib/ruby_smb/smb1/packet/open_andx_request.rb +39 -0
data/lib/ruby_smb/smb1/packet/open_andx_response.rb +40 -0
data/lib/ruby_smb/smb1/packet/session_setup_legacy_request.rb +2 -2
data/lib/ruby_smb/smb1/packet/session_setup_legacy_response.rb +11 -0
data/lib/ruby_smb/smb1/packet/trans2/find_first2_response.rb +53 -13
data/lib/ruby_smb/smb1/packet/trans2/find_information_level/find_info_standard.rb +39 -0
data/lib/ruby_smb/smb1/packet/trans2/find_information_level.rb +1 -0
data/lib/ruby_smb/smb1/packet/trans2/win9x_framing.rb +68 -0
data/lib/ruby_smb/smb1/packet/trans2.rb +1 -0
data/lib/ruby_smb/smb1/packet/tree_connect_request.rb +1 -1
data/lib/ruby_smb/smb1/packet/tree_connect_response.rb +10 -1
data/lib/ruby_smb/smb1/packet.rb +2 -0
data/lib/ruby_smb/smb1/pipe.rb +2 -0
data/lib/ruby_smb/smb1/tree.rb +113 -9
data/lib/ruby_smb/version.rb +1 -1
data/lib/ruby_smb.rb +1 -0
data/spec/lib/ruby_smb/client_spec.rb +2 -1
data/spec/lib/ruby_smb/rap/net_share_enum_spec.rb +185 -0
data/spec/lib/ruby_smb/smb1/packet/trans2/win9x_framing_spec.rb +113 -0
data/spec/lib/ruby_smb/smb1/tree_spec.rb +188 -2
metadata +12 -2

data/lib/ruby_smb/smb1/packet/trans2/win9x_framing.rb ADDED Viewed

@@ -0,0 +1,68 @@
+module RubySMB
+  module SMB1
+    module Packet
+      module Trans2
+        # Shared workaround for pre-NT / LAN Manager-era servers (observed on
+        # Windows 9x / ME) that pack `trans2_parameters` directly after
+        # `byte_count` with no 4-byte-alignment pad, and `trans2_data` with
+        # whatever padding they feel like — always smaller than the NT-style
+        # alignment BinData unconditionally assumes via {DataBlock#pad1_length}
+        # and {DataBlock#pad2_length}. When that happens both sections land in
+        # the wrong place and `eos`, `sid`, `last_name_offset`, and every
+        # entry in the data buffer come back garbled.
+        #
+        # Fixing this in BinData itself (by having pad1/pad2 consult
+        # `parameter_block.parameter_offset` / `data_offset`) is the natural
+        # design, but cross-field lookups during field-read callbacks corrupt
+        # BinData's registered-class resolution cache, causing unrelated
+        # Trans2 responses to round-trip their `parameter_block` / `data_block`
+        # through the base classes instead of the concrete subclasses. So
+        # instead we surface the raw response bytes at the call site and let
+        # the response slice both sections from the offsets the server
+        # reported in its `parameter_block`.
+        #
+        # Mix into any {RubySMB::SMB1::Packet::Trans2} response whose caller
+        # holds on to the raw response bytes. The response itself must have
+        # the standard {Trans2::Response::ParameterBlock} shape
+        # (`parameter_offset` / `parameter_count` / `data_offset` /
+        # `data_count`) and a `data_block` with `trans2_parameters` and
+        # `trans2_data.buffer` fields — every concrete Trans2 response does.
+        #
+        # Same slicing pattern as {RubySMB::Rap::NetShareEnum#parse_net_share_enum_response}
+        # uses for the sibling Trans (not Trans2) response type.
+        module Win9xFraming
+          # Returns `[effective_trans2_parameters, effective_trans2_data_bytes]`
+          # when the server's layout differs from BinData's, or `[nil, nil]`
+          # when BinData already read the full buffer (standard NT-era servers).
+          #
+          # When a non-nil pair is returned, callers should prefer the override
+          # values over the BinData-parsed ones:
+          #
+          #   params_ovr, data_ovr = response.win9x_trans2_overrides(raw)
+          #   params = params_ovr || response.data_block.trans2_parameters
+          #   data   = data_ovr   || response.data_block.trans2_data.buffer.to_binary_s
+          #
+          # @param raw_response [String] the raw bytes the response was read from.
+          # @return [Array(BinData::Record, String), Array(nil, nil)]
+          def win9x_trans2_overrides(raw_response)
+            declared_data = parameter_block.data_count.to_i
+            parsed_data   = data_block.trans2_data.buffer.to_binary_s.bytesize
+            return [nil, nil] if declared_data.zero? || parsed_data == declared_data
+            param_offset = parameter_block.parameter_offset.to_i
+            param_count  = parameter_block.parameter_count.to_i
+            data_offset  = parameter_block.data_offset.to_i
+            return [nil, nil] if raw_response.bytesize < data_offset + declared_data
+            return [nil, nil] if raw_response.bytesize < param_offset + param_count
+            params_bytes = raw_response.byteslice(param_offset, param_count)
+            params_class = data_block.trans2_parameters.class
+            params       = params_class.read(params_bytes)
+            data_bytes   = raw_response.byteslice(data_offset, declared_data)
+            [params, data_bytes]
+          end
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/smb1/packet/trans2.rb CHANGED Viewed

@@ -8,6 +8,7 @@ module RubySMB
         require 'ruby_smb/smb1/packet/trans2/query_information_level'
         require 'ruby_smb/smb1/packet/trans2/query_fs_information_level'
         require 'ruby_smb/smb1/packet/trans2/data_block'
+        require 'ruby_smb/smb1/packet/trans2/win9x_framing'
         require 'ruby_smb/smb1/packet/trans2/subcommands'
         require 'ruby_smb/smb1/packet/trans2/request'
         require 'ruby_smb/smb1/packet/trans2/request_secondary'

data/lib/ruby_smb/smb1/packet/tree_connect_request.rb CHANGED Viewed

@@ -15,7 +15,7 @@ module RubySMB
         # The {RubySMB::SMB1::DataBlock} specific to this packet type.
         class DataBlock < RubySMB::SMB1::DataBlock
-          stringz :password, label: 'Password Field', initial_value: '', length: -> { parent.parameter_block.password_length }
+          string :password, label: 'Password Field', initial_value: "\x00", length: -> { parent.parameter_block.password_length }
           choice  :path, selection: -> { parent.smb_header.flags2.unicode } do
             stringz   0
             stringz16 1

data/lib/ruby_smb/smb1/packet/tree_connect_response.rb CHANGED Viewed

@@ -9,15 +9,24 @@ module RubySMB
         # A SMB1 Parameter Block as defined by the {SessionSetupResponse}
         class ParameterBlock < RubySMB::SMB1::ParameterBlock
           and_x_block                :andx_block
-          optional_support           :optional_support
+          optional_support           :optional_support,    onlyif: -> { word_count >= 3 }
           directory_access_mask      :access_rights,       label: 'Maximal Share Access Rights', onlyif: -> { word_count >= 5 }
           directory_access_mask      :guest_access_rights, label: 'Guest Share Access Rights',   onlyif: -> { word_count == 7 }
         end
         # Represents the specific layout of the DataBlock for a {SessionSetupResponse} Packet.
+        # Windows 95/98/ME may return a minimal DataBlock without the native file system.
         class DataBlock < RubySMB::SMB1::DataBlock
           stringz   :service,             label: 'Service Type'
           stringz   :native_file_system,  label: 'Native File System'
+          # Override to handle Win95 responses that may omit native_file_system.
+          def do_read(io)
+            byte_count.do_read(io)
+            return unless byte_count > 0
+            service.do_read(io)
+            native_file_system.do_read(io) if byte_count > service.num_bytes
+          end
         end
         smb_header        :smb_header

data/lib/ruby_smb/smb1/packet.rb CHANGED Viewed

@@ -22,6 +22,8 @@ module RubySMB
       require 'ruby_smb/smb1/packet/trans'
       require 'ruby_smb/smb1/packet/trans2'
       require 'ruby_smb/smb1/packet/nt_trans'
+      require 'ruby_smb/smb1/packet/open_andx_request'
+      require 'ruby_smb/smb1/packet/open_andx_response'
       require 'ruby_smb/smb1/packet/nt_create_andx_request'
       require 'ruby_smb/smb1/packet/nt_create_andx_response'
       require 'ruby_smb/smb1/packet/read_andx_request'

data/lib/ruby_smb/smb1/pipe.rb CHANGED Viewed

@@ -36,6 +36,8 @@ module RubySMB
           extend RubySMB::Dcerpc::Icpr
         when 'efsrpc', '\\efsrpc'
           extend RubySMB::Dcerpc::Efsrpc
+        when 'lanman', 'LANMAN', '\\PIPE\\LANMAN', '\\lanman'
+          extend RubySMB::Rap::NetShareEnum
         end
         super(tree: tree, response: response, name: name)
       end

data/lib/ruby_smb/smb1/tree.rb CHANGED Viewed

@@ -3,6 +3,11 @@ module RubySMB
     # An SMB1 connected remote Tree, as returned by a
     # [RubySMB::SMB1::Packet::TreeConnectRequest]
     class Tree
+      # Exposes #net_share_enum directly on the tree for callers that need
+      # RAP against \PIPE\LANMAN without opening the pipe (Win9x servers do
+      # not permit OPEN_ANDX on it).
+      include RubySMB::Rap::NetShareEnum
       # The client this Tree is connected through
       # @!attribute [rw] client
       #   @return [RubySMB::Client]
@@ -102,9 +107,11 @@ module RubySMB
       # @raise [RubySMB::Error::UnexpectedStatusCode] if the response NTStatus is not STATUS_SUCCESS
       def list(directory: '\\', pattern: '*', unicode: true,
                type: RubySMB::SMB1::Packet::Trans2::FindInformationLevel::FindFileFullDirectoryInfo)
+        info_standard = (type == RubySMB::SMB1::Packet::Trans2::FindInformationLevel::FindInfoStandard)
         find_first_request = RubySMB::SMB1::Packet::Trans2::FindFirst2Request.new
         find_first_request = set_header_fields(find_first_request)
-        find_first_request.smb_header.flags2.unicode  = 1 if unicode
+        find_first_request.smb_header.flags2.unicode  = 1 if unicode && !info_standard
         search_path = directory.dup
         search_path << '\\' unless search_path.end_with?('\\')
@@ -120,7 +127,7 @@ module RubySMB
         t2_params.flags.resume_keys           = 0
         t2_params.information_level           = type::CLASS_LEVEL
         t2_params.filename                    = search_path
-        t2_params.search_count                = 10
+        t2_params.search_count                = info_standard ? 255 : 10
         find_first_request = set_find_params(find_first_request)
@@ -137,13 +144,19 @@ module RubySMB
           raise RubySMB::Error::UnexpectedStatusCode, response.status_code
         end
-        results = response.results(type, unicode: unicode)
+        t2p_override, t2d_override = response.win9x_trans2_overrides(raw_response)
+        results = if t2d_override
+                    response.results(type, unicode: unicode, buffer: t2d_override)
+                  else
+                    response.results(type, unicode: unicode)
+                  end
-        eos   = response.data_block.trans2_parameters.eos
-        sid   = response.data_block.trans2_parameters.sid
-        last  = results.last.file_name
+        effective_params = t2p_override || response.data_block.trans2_parameters
+        eos   = effective_params.eos
+        sid   = effective_params.sid
+        last  = results.last&.file_name
-        while eos.zero?
+        while eos.zero? && last
           find_next_request = RubySMB::SMB1::Packet::Trans2::FindNext2Request.new
           find_next_request = set_header_fields(find_next_request)
           find_next_request.smb_header.flags2.unicode   = 1 if unicode
@@ -171,8 +184,10 @@ module RubySMB
             raise RubySMB::Error::UnexpectedStatusCode, response.status_code
           end
-          results += response.results(type, unicode: unicode)
+          batch = response.results(type, unicode: unicode)
+          break if batch.empty?
+          results += batch
           eos   = response.data_block.trans2_parameters.eos
           last  = results.last.file_name
         end
@@ -195,6 +210,9 @@ module RubySMB
       def _open(filename:, flags: nil, options: nil, disposition: RubySMB::Dispositions::FILE_OPEN,
                 impersonation: RubySMB::ImpersonationLevels::SEC_IMPERSONATE, read: true, write: false, delete: false)
+        unless client.server_supports_nt_smbs
+          return _open_andx(filename: filename, disposition: disposition, read: read, write: write)
+        end
         nt_create_andx_request = RubySMB::SMB1::Packet::NtCreateAndxRequest.new
         nt_create_andx_request = set_header_fields(nt_create_andx_request)
@@ -272,6 +290,91 @@ module RubySMB
         end
       end
+      # Open a file or pipe using SMB_COM_OPEN_ANDX (0x2D), the LAN Manager 1.0
+      # open command used by Windows 95/98/ME and other servers that don't
+      # advertise the NT SMBs capability. Accepts the same NT-style disposition
+      # constants as {#_open} and maps them to the OpenMode encoding defined in
+      # MS-CIFS 2.2.4.41.1.
+      #
+      # @param filename [String] path to the file on the share
+      # @param disposition [Integer] a RubySMB::Dispositions constant
+      # @param read [Boolean] request read access
+      # @param write [Boolean] request write access
+      # @return [RubySMB::SMB1::File, RubySMB::SMB1::Pipe] the opened resource
+      # @raise [RubySMB::Error::InvalidPacket] if the response is not valid
+      # @raise [RubySMB::Error::UnexpectedStatusCode] if the response NTStatus is not STATUS_SUCCESS
+      def _open_andx(filename:, disposition:, read: true, write: false)
+        request = RubySMB::SMB1::Packet::OpenAndxRequest.new
+        request = set_header_fields(request)
+        request.smb_header.flags2.unicode = 0
+        access = 0x0040 # sharing: deny-nothing
+        if read && write
+          access |= 0x02
+        elsif write
+          access |= 0x01
+        end
+        request.parameter_block.access_mode       = access
+        # search_attributes / file_attributes are SMB_FILE_ATTRIBUTES BitField
+        # records, not plain uint16s — assign through #read to avoid BinData's
+        # each_pair-on-Integer NoMethodError when given a literal mask.
+        request.parameter_block.search_attributes.read([0x0016].pack('v'))
+        request.parameter_block.file_attributes.read([(write ? 0x0020 : 0x0000)].pack('v'))
+        request.parameter_block.open_mode         = nt_disposition_to_open_mode(disposition)
+        fname = filename.dup
+        fname.prepend('\\') unless fname.start_with?('\\')
+        request.data_block.file_name = fname
+        raw_response = client.send_recv(request)
+        response = RubySMB::SMB1::Packet::OpenAndxResponse.read(raw_response)
+        unless response.valid?
+          raise RubySMB::Error::InvalidPacket.new(
+            expected_proto: RubySMB::SMB1::SMB_PROTOCOL_ID,
+            expected_cmd:   RubySMB::SMB1::Packet::OpenAndxResponse::COMMAND,
+            packet:         response
+          )
+        end
+        unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
+          raise RubySMB::Error::UnexpectedStatusCode, response.status_code
+        end
+        build_open_andx_handle(filename, response)
+      end
+      # Map an NT-style disposition (RubySMB::Dispositions) to an
+      # SMB_COM_OPEN_ANDX OpenMode word. FileExistsOpts is bits 0-1
+      # (0=fail, 1=open, 2=truncate); CreateFile is bit 4.
+      def nt_disposition_to_open_mode(disposition)
+        case disposition
+        when RubySMB::Dispositions::FILE_OPEN         then 0x0001
+        when RubySMB::Dispositions::FILE_CREATE       then 0x0010
+        when RubySMB::Dispositions::FILE_OPEN_IF      then 0x0011
+        when RubySMB::Dispositions::FILE_OVERWRITE    then 0x0002
+        when RubySMB::Dispositions::FILE_OVERWRITE_IF,
+             RubySMB::Dispositions::FILE_SUPERSEDE    then 0x0012
+        else
+          raise RubySMB::Error::RubySMBError,
+                "Unsupported disposition for SMB_COM_OPEN_ANDX: #{disposition}"
+        end
+      end
+      def build_open_andx_handle(filename, response)
+        unless response.parameter_block.resource_type == RubySMB::SMB1::ResourceType::DISK
+          raise RubySMB::Error::RubySMBError,
+                "SMB_COM_OPEN_ANDX resource type 0x#{response.parameter_block.resource_type.to_s(16)} not supported"
+        end
+        file = RubySMB::SMB1::File.allocate
+        file.tree         = self
+        file.name         = filename
+        file.fid          = response.parameter_block.fid
+        file.size         = response.parameter_block.file_data_size
+        file.size_on_disk = response.parameter_block.file_data_size
+        file.attributes   = response.parameter_block.file_attributes
+        file
+      end
       # Sets ParameterBlock options for FIND_FIRST2 and
       # FIND_NEXT2 requests. In particular we need to do this
       # to tell the server to ignore the Trans2DataBlock as we are
@@ -281,7 +384,8 @@ module RubySMB
         request.parameter_block.data_offset            = 0
         request.parameter_block.total_parameter_count  = request.parameter_block.parameter_count
         request.parameter_block.max_parameter_count    = request.parameter_block.parameter_count
-        request.parameter_block.max_data_count         = 16_384
+        max_data = [16_384, client.server_max_buffer_size].min
+        request.parameter_block.max_data_count         = max_data
         request
       end

data/lib/ruby_smb/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module RubySMB
-  VERSION = '3.3.18'.freeze
+  VERSION = '3.3.19'.freeze
 end

data/lib/ruby_smb.rb CHANGED Viewed

@@ -23,6 +23,7 @@ module RubySMB
   require 'ruby_smb/dispatcher'
   require 'ruby_smb/version'
   require 'ruby_smb/smb2'
+  require 'ruby_smb/rap'
   require 'ruby_smb/smb1'
   require 'ruby_smb/client'
   require 'ruby_smb/crypto'

data/spec/lib/ruby_smb/client_spec.rb CHANGED Viewed

@@ -754,7 +754,7 @@ RSpec.describe RubySMB::Client do
       it 'sets the expected fields of the SessionRequest packet' do
         name         = 'NBNAMESPEC'
         called_name  = 'NBNAMESPEC      '
-        calling_name = "               \x00"
+        calling_name = "WORKSTATION    \x00"
         session_packet = client.session_request_packet(name)
         expect(session_packet).to be_a(RubySMB::Nbss::SessionRequest)
@@ -2438,6 +2438,7 @@ RSpec.describe RubySMB::Client do
           end
         end
       end
     end
   end

data/spec/lib/ruby_smb/rap/net_share_enum_spec.rb ADDED Viewed

@@ -0,0 +1,185 @@
+require 'spec_helper'
+RSpec.describe RubySMB::Rap::NetShareEnum do
+  let(:client) { instance_double(RubySMB::Client) }
+  let(:tree) { instance_double(RubySMB::SMB1::Tree, id: 1, client: client) }
+  let(:pipe) do
+    captured_tree = tree
+    p = RubySMB::SMB1::Pipe.allocate
+    p.instance_variable_set(:@tree, captured_tree)
+    p.define_singleton_method(:tree) { captured_tree }
+    p.extend(described_class)
+    p
+  end
+  def build_rap_response(status:, entries: [])
+    resp = RubySMB::SMB1::Packet::Trans::Response.new
+    params = RubySMB::Rap::NetShareEnum::Response.new(
+      status: status, converter: 0, entry_count: entries.length, available: entries.length
+    )
+    data = entries.map do |e|
+      si = RubySMB::Rap::NetShareEnum::ShareInfo1.new(
+        netname: e[:name], pad1: 0, share_type: e[:type], remark_offset: 0
+      )
+      si.to_binary_s
+    end.join
+    resp.data_block.trans_parameters = params.to_binary_s
+    resp.data_block.trans_data = data
+    resp.to_binary_s
+  end
+  describe '.new request layout' do
+    it 'encodes the RAP NetShareEnum opcode, descriptors, level and buffer size' do
+      bytes = RubySMB::Rap::NetShareEnum::Request.new.to_binary_s
+      expect(bytes[0, 2]).to eq([0].pack('v'))         # opcode
+      expect(bytes[2, 6]).to eq("WrLeh\x00")            # param descriptor
+      expect(bytes[8, 7]).to eq("B13BWz\x00")           # data descriptor
+      expect(bytes[15, 2]).to eq([1].pack('v'))         # info level 1
+      expect(bytes[17, 2]).to eq([0x1000].pack('v'))    # receive buffer size
+    end
+  end
+  describe '#net_share_enum' do
+    it 'returns the parsed share list on RAP status 0' do
+      entries = [
+        { name: 'IPC$', type: 0x0003 }, # STYPE_IPC
+        { name: 'DATA', type: 0x0000 }  # STYPE_DISKTREE
+      ]
+      allow(client).to receive(:send_recv).and_return(build_rap_response(status: 0, entries: entries))
+      expect(pipe.net_share_enum).to eq([
+        { name: 'IPC$', type: 'IPC' },
+        { name: 'DATA', type: 'DISK' }
+      ])
+    end
+    it 'stringifies all MS-RAP 2.5.14 base share types' do
+      entries = [
+        { name: 'DSK',  type: 0x0000 },
+        { name: 'PRN',  type: 0x0001 },
+        { name: 'DEV',  type: 0x0002 },
+        { name: 'IPC$', type: 0x0003 }
+      ]
+      allow(client).to receive(:send_recv).and_return(build_rap_response(status: 0, entries: entries))
+      expect(pipe.net_share_enum.map { |s| s[:type] }).to eq(%w[DISK PRINTER DEVICE IPC])
+    end
+    it 'appends SPECIAL / TEMPORARY modifiers to the base type string' do
+      entries = [
+        { name: 'HIDDEN$', type: 0x0000 | RubySMB::Rap::NetShareEnum::STYPE_SPECIAL },
+        { name: 'TMP',     type: 0x0000 | RubySMB::Rap::NetShareEnum::STYPE_TEMPORARY },
+        { name: 'IPCH$',   type: 0x0003 | RubySMB::Rap::NetShareEnum::STYPE_SPECIAL |
+                                          RubySMB::Rap::NetShareEnum::STYPE_TEMPORARY }
+      ]
+      allow(client).to receive(:send_recv).and_return(build_rap_response(status: 0, entries: entries))
+      expect(pipe.net_share_enum.map { |s| s[:type] }).to eq([
+        'DISK|SPECIAL',
+        'DISK|TEMPORARY',
+        'IPC|SPECIAL|TEMPORARY'
+      ])
+    end
+    it 'formats an unknown base type code as UNKNOWN(0xXXXX)' do
+      entries = [{ name: 'Q', type: 0x0007 }]
+      allow(client).to receive(:send_recv).and_return(build_rap_response(status: 0, entries: entries))
+      expect(pipe.net_share_enum.first[:type]).to eq('UNKNOWN(0x0007)')
+    end
+    it 'sends a Trans request targeting \\PIPE\\LANMAN with the tree id' do
+      allow(client).to receive(:send_recv) do |request|
+        expect(request).to be_a(RubySMB::SMB1::Packet::Trans::Request)
+        expect(request.smb_header.tid).to eq(tree.id)
+        expect(request.smb_header.flags2.unicode).to eq(0)
+        expect(request.data_block.name.to_s).to eq("\\PIPE\\LANMAN".b)
+        expect(request.data_block.trans_parameters.to_s).to eq(RubySMB::Rap::NetShareEnum::Request.new.to_binary_s)
+        build_rap_response(status: 0)
+      end
+      pipe.net_share_enum
+    end
+    it 'raises RubySMBError when the RAP status is non-zero' do
+      allow(client).to receive(:send_recv).and_return(build_rap_response(status: 5))
+      expect {
+        pipe.net_share_enum
+      }.to raise_error(RubySMB::Error::RubySMBError, /RAP NetShareEnum failed with status 0x5/)
+    end
+    it 'raises InvalidPacket when the RAP params are truncated' do
+      resp = RubySMB::SMB1::Packet::Trans::Response.new
+      resp.data_block.trans_parameters = "\x00\x00\x00"
+      resp.data_block.trans_data = ''
+      allow(client).to receive(:send_recv).and_return(resp.to_binary_s)
+      expect {
+        pipe.net_share_enum
+      }.to raise_error(RubySMB::Error::InvalidPacket)
+    end
+    it 'raises UnexpectedStatusCode when the SMB status is not success' do
+      resp = RubySMB::SMB1::Packet::Trans::Response.new
+      resp.smb_header.nt_status = WindowsError::NTStatus::STATUS_ACCESS_DENIED.value
+      resp.data_block.trans_parameters = RubySMB::Rap::NetShareEnum::Response.new(
+        status: 0, converter: 0, entry_count: 0, available: 0
+      ).to_binary_s
+      resp.data_block.trans_data = ''
+      allow(client).to receive(:send_recv).and_return(resp.to_binary_s)
+      expect {
+        pipe.net_share_enum
+      }.to raise_error(RubySMB::Error::UnexpectedStatusCode)
+    end
+  end
+  describe 'Win9x-style response layout (no 4-byte pad before trans_parameters)' do
+    it 'slices trans_parameters using the server-reported parameter_offset' do
+      # Win9x packs parameters at offset 55 (immediately after byte_count)
+      # rather than padding to a 4-byte boundary. Build a response matching
+      # that layout by hand.
+      entry = RubySMB::Rap::NetShareEnum::ShareInfo1.new(
+        netname: 'ABCDEFGHIJKL', pad1: 0, share_type: 0, remark_offset: 0
+      ).to_binary_s
+      params = RubySMB::Rap::NetShareEnum::Response.new(
+        status: 0, converter: 0, entry_count: 1, available: 1
+      ).to_binary_s
+      # 32-byte SMB1 header (command=0x25 SMB_COM_TRANSACTION, status=0).
+      header = "\xffSMB\x25".b + ("\x00".b * 27)
+      parameter_offset = 32 + 1 + 20 + 2                # right after byte_count
+      data_offset      = parameter_offset + params.bytesize
+      parameter_block = [
+        params.bytesize,          # total_parameter_count
+        entry.bytesize,           # total_data_count
+        0,                        # reserved
+        params.bytesize,          # parameter_count
+        parameter_offset,         # parameter_offset (55 - no pad)
+        0,                        # parameter_displacement
+        entry.bytesize,           # data_count
+        data_offset,              # data_offset
+        0                         # data_displacement
+      ].pack('v9') + "\x00\x00".b # setup_count + reserved2
+      byte_count = [params.bytesize + entry.bytesize].pack('v')
+      raw = header + "\x0a".b + parameter_block + byte_count + params + entry
+      # BinData's default Trans::Response#pad1_length forces a 4-byte align
+      # and reads trans_parameters starting 1 byte past what the server sent.
+      # Pad the tail so BinData's (mis-aligned) read doesn't hit EOF before
+      # our parser takes over with the server-reported offsets.
+      raw << "\x00".b * 8
+      allow(client).to receive(:send_recv).and_return(raw)
+      shares = pipe.net_share_enum
+      expect(shares.length).to eq(1)
+      expect(shares[0][:name]).to eq('ABCDEFGHIJKL')
+      expect(shares[0][:type]).to eq('DISK')
+    end
+  end
+  describe 'SMB1::Pipe integration' do
+    it 'extends the pipe with NetShareEnum when opened as \\PIPE\\LANMAN' do
+      # Use a minimal response to drive Pipe#initialize through File#initialize.
+      nt_resp = RubySMB::SMB1::Packet::NtCreateAndxResponse.new
+      nt_resp.parameter_block.fid = 0x1001
+      nt_resp.parameter_block.resource_type = RubySMB::SMB1::ResourceType::BYTE_MODE_PIPE
+      p = RubySMB::SMB1::Pipe.new(tree: tree, response: nt_resp, name: '\\PIPE\\LANMAN')
+      expect(p).to respond_to(:net_share_enum)
+    end
+  end
+end

data/spec/lib/ruby_smb/smb1/packet/trans2/win9x_framing_spec.rb ADDED Viewed

@@ -0,0 +1,113 @@
+require 'spec_helper'
+RSpec.describe RubySMB::SMB1::Packet::Trans2::Win9xFraming do
+  # FindFirst2Response is the first production consumer of the mixin; its
+  # fixture data already covers every code path in #win9x_trans2_overrides
+  # (zero-length buffer, on-wire match, server-reported mismatch, truncated
+  # raw response). Using it here keeps the spec grounded in real field
+  # layouts without standing up an anonymous host class.
+  let(:info_std) do
+    RubySMB::SMB1::Packet::Trans2::FindInformationLevel::FindInfoStandard
+  end
+  # Reusable fixtures: NT-style (with pad1=3) and Win9x-style (pad1=0) raw
+  # FindFirst2Response frames carrying the same single-entry payload so the
+  # overrides helper sees the same server-declared offsets differ from what
+  # BinData positionally reads.
+  let(:single_entry_bytes) do
+    "\x98\x5c\x38\x70\x98\x5c\x00\x00\x98\x5c\x39\x70".b +
+      "\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x01".b + '.'
+  end
+  let(:data_count) { single_entry_bytes.bytesize }
+  def smb_header
+    "\xffSMB\x32".b + "\x00".b * 4 + "\x98".b + "\x03\x60".b + ("\x00".b * 20)
+  end
+  def build_response(parameter_offset:, data_offset:, word_count:, pad1: 0, pad2: 0)
+    # The concrete field layout of FindFirst2Response's parameter_block
+    # changes with word_count: 11 words include a 1-entry setup array;
+    # 10 words (Win9x style) omit it. trans2_parameters itself is a
+    # fixed 10-byte struct (sid, search_count, eos, ea_err_off, last_name_off).
+    trans2_params = [0x0300, 1, 1, 0, 0].pack('v*')
+    pb_values = [10, data_count, 0, 10, parameter_offset, 0,
+                 data_count, data_offset, 0]
+    # word_count=11 → setup_count(1) + reserved2(0) + 1-word setup array
+    # word_count=10 → setup_count(0) + reserved2(0), no setup array
+    pb_tail = word_count == 11 ? "\x01\x00".b + [1].pack('v') : "\x00\x00".b
+    param_block = pb_values.pack('v*') + pb_tail
+    byte_count  = pad1 + 10 + pad2 + data_count
+    smb_header + [word_count].pack('C') + param_block +
+      [byte_count].pack('v') + ("\x00".b * pad1) + trans2_params +
+      ("\x00".b * pad2) + single_entry_bytes
+  end
+  describe '#win9x_trans2_overrides' do
+    context 'when BinData has already read the full buffer (NT-style server)' do
+      it 'returns [nil, nil]' do
+        # NT-era response: word_count=11 with 1-word setup, pad1=3, pad2=2
+        # → trans2_parameters at offset 60, trans2_data at 72. BinData's
+        # Trans2::DataBlock positional read lands exactly on the wire data.
+        raw = build_response(
+          parameter_offset: 60, data_offset: 72,
+          word_count: 11, pad1: 3, pad2: 2
+        )
+        response = RubySMB::SMB1::Packet::Trans2::FindFirst2Response.read(raw)
+        expect(response.win9x_trans2_overrides(raw)).to eq([nil, nil])
+      end
+    end
+    context 'when the server declared no trans2_data (data_count == 0)' do
+      it 'returns [nil, nil]' do
+        raw = build_response(
+          parameter_offset: 60, data_offset: 72,
+          word_count: 11, pad1: 3, pad2: 2
+        )
+        response = RubySMB::SMB1::Packet::Trans2::FindFirst2Response.read(raw)
+        response.parameter_block.data_count = 0
+        expect(response.win9x_trans2_overrides(raw)).to eq([nil, nil])
+      end
+    end
+    context 'when the server used Win9x-era framing (no pad1)' do
+      it 'returns trans2_parameters re-read at the server-reported offset' do
+        raw = build_response(
+          parameter_offset: 55, data_offset: 66,
+          word_count: 10, pad1: 0, pad2: 1
+        )
+        response = RubySMB::SMB1::Packet::Trans2::FindFirst2Response.read(raw)
+        params, = response.win9x_trans2_overrides(raw)
+        expect(params).to be_a(RubySMB::SMB1::Packet::Trans2::FindFirst2ResponseTrans2Parameters)
+        expect(params.sid).to          eq 0x0300
+        expect(params.search_count).to eq 1
+        expect(params.eos).to          eq 1
+      end
+      it 'returns the trans2_data bytes sliced from the server-reported offset' do
+        raw = build_response(
+          parameter_offset: 55, data_offset: 66,
+          word_count: 10, pad1: 0, pad2: 1
+        )
+        response = RubySMB::SMB1::Packet::Trans2::FindFirst2Response.read(raw)
+        _, data_bytes = response.win9x_trans2_overrides(raw)
+        expect(data_bytes).to eq single_entry_bytes
+        # And #results can read entries from it through the buffer: kwarg.
+        entries = response.results(info_std, unicode: false, buffer: data_bytes)
+        expect(entries.length).to             eq 1
+        expect(entries.first.file_name.to_s).to eq '.'
+      end
+    end
+    context 'when the raw response is truncated before the server-reported offsets' do
+      it 'returns [nil, nil] rather than raising' do
+        raw = build_response(
+          parameter_offset: 55, data_offset: 66,
+          word_count: 10, pad1: 0, pad2: 1
+        )
+        response = RubySMB::SMB1::Packet::Trans2::FindFirst2Response.read(raw)
+        truncated = raw.byteslice(0, raw.bytesize - 20)
+        expect(response.win9x_trans2_overrides(truncated)).to eq([nil, nil])
+      end
+    end
+  end
+end