ruby_smb 3.3.4 → 3.3.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 856b8696f918533a035d4ad0019e8d6a32b0bb238117cc93c6f25ee320356465
-  data.tar.gz: 452cf8e8c441ae206ac4b5c030110a6f315e5b9c8a905d96b16d38ee33c1d4b3
+  metadata.gz: b89cb4c288acaa9a8a0b92a92051e3d441f8a0221d4fd07d8e450a100e60c9f3
+  data.tar.gz: '08ea52772ee67282ccc7bc1fd488e6ef7eb486960086c69aa8bff8945c67fe2f'
 SHA512:
-  metadata.gz: '08e4cf420f3ea5700d64e0201bf2a131a47d42fb9c20e144f269a431a4e5a8098a610dfcccbc5ec185ebb9b4ef2cbd0ff70cea9fcec37314ee4aa3b819ad16ac'
-  data.tar.gz: b82a62664bd1d1de60c7726dd422e6e7c48aa76acd45b56b06a6e7f5fde7ab78cf86de50f9936b6aef8e6287eaf043d2e55e40918f850f30aa22e7cdd0d50818
+  metadata.gz: 3051889e91d780f88b08bfca39078bd25b00b9e8ef0eabd61e9e22a1636a2d760add5fc6e57b3316a500072ff0029f4c4f0485f3a3c52db80b9626c0458d5e6e
+  data.tar.gz: 7f212f644989208c3d2d319e90be6bba3796abac64f458d41edcb56423afccf7cca307a88ef2d0eb55ddcd074b9c69d8c1bca2800965644ef01a160ab069c22f

data/lib/ruby_smb/server/server_client/session_setup.rb

@@ -53,10 +53,12 @@ module RubySMB
         end
 
         def do_session_setup_smb2(request, session)
+          @smb2_related_operations_state.delete(:session_id)
+
           session_id = request.smb2_header.session_id
           if session_id == 0
             session_id = rand(1..0xfffffffe)
-            session = @session_table[session_id] = Session.new(session_id)
+            session = Session.new(session_id)
           else
             session = @session_table[session_id]
             if session.nil?
@@ -92,6 +94,10 @@ module RubySMB
             update_preauth_hash(response)
           end
 
+
+          @session_table[session_id] = session
+          @smb2_related_operations_state[:session_id] = session_id
+
           response
         end
 

data/lib/ruby_smb/server/server_client/share_io.rb

@@ -20,16 +20,46 @@ module RubySMB
         alias :do_transactions2_smb1  :proxy_share_io_smb1
 
         def proxy_share_io_smb2(request, session)
-          # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/9a639360-87be-4d49-a1dd-4c6be0c020bd
-          share_processor = session.tree_connect_table[request.smb2_header.tree_id]
+          if request.smb2_header.flags.related_operations == 0
+            # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/9a639360-87be-4d49-a1dd-4c6be0c020bd
+            share_processor = session.tree_connect_table[request.smb2_header.tree_id]
+            @smb2_related_operations_state[:tree_id] = request.smb2_header.tree_id
+          else
+            # see: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/46dd4182-62d3-4e30-9fe5-e2ec124edca1
+            if @smb2_related_operations_state.fetch(:tree_id) == 0
+              response = SMB2::Packet::ErrorPacket.new
+              response.smb2_header.nt_status = WindowsError::NTStatus::STATUS_INVALID_PARAMETER
+              return response
+            end
+            share_processor = session.tree_connect_table[@smb2_related_operations_state[:tree_id]]
+          end
+
           if share_processor.nil?
             response = SMB2::Packet::ErrorPacket.new
             response.smb2_header.nt_status = WindowsError::NTStatus::STATUS_NETWORK_NAME_DELETED
             return response
           end
 
+          if request.field_names.include?(:file_id)
+            if request.smb2_header.flags.related_operations == 0
+              @smb2_related_operations_state[:file_id] = request.file_id
+            elsif @smb2_related_operations_state[:file_id].nil?
+              response = SMB2::Packet::ErrorPacket.new
+              response.smb2_header.nt_status = WindowsError::NTStatus::STATUS_INVALID_HANDLE
+              return response
+            else
+              request.file_id = @smb2_related_operations_state[:file_id]
+            end
+          end
+
           logger.debug("Received #{SMB2::Commands.name(request.smb2_header.command)} request for share: #{share_processor.provider.name}")
-          share_processor.share_io(__callee__, request)
+          response = share_processor.share_io(__callee__, request)
+
+          if response.field_names.include?(:file_id)
+            @smb2_related_operations_state[:file_id] = response.file_id
+          end
+
+          response
         end
 
         alias :do_close_smb2           :proxy_share_io_smb2

data/lib/ruby_smb/server/server_client/tree_connect.rb

@@ -41,6 +41,8 @@ module RubySMB
         end
 
         def do_tree_connect_smb2(request, session)
+          @smb2_related_operations_state.delete(:tree_id)
+
           response = RubySMB::SMB2::Packet::TreeConnectResponse.new
           response.smb2_header.credits = 1
           if session.tree_connect_table.length >= MAX_TREE_CONNECTIONS
@@ -75,6 +77,8 @@ module RubySMB
           session.tree_connect_table[tree_id] = share_processor = share_provider.new_processor(self, session)
           response.maximal_access = share_processor.maximal_access
 
+          @smb2_related_operations_state[:tree_id] = tree_id
+
           response
         end
 

data/lib/ruby_smb/server/server_client.rb

@@ -36,6 +36,7 @@ module RubySMB
 
         # session id => session instance
         @session_table = {}
+        @smb2_related_operations_state = {}
       end
 
       #
@@ -334,9 +335,23 @@ module RubySMB
       # @raise [NotImplementedError] Raised when the requested operation is not
       #   supported.
       def handle_smb2(raw_request, header)
-        session = @session_table[header.session_id]
+        session_required = !(header.command == SMB2::Commands::SESSION_SETUP && header.session_id == 0)
+
+        if header.flags.related_operations == 0
+          @smb2_related_operations_state.clear
+          session = @session_table[header.session_id]
+          @smb2_related_operations_state[:session_id] = header.session_id
+        else
+          # see: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/46dd4182-62d3-4e30-9fe5-e2ec124edca1
+          if @smb2_related_operations_state.fetch(:session_id) == 0 && session_required
+            response = SMB2::Packet::ErrorPacket.new
+            response.smb2_header.nt_status = WindowsError::NTStatus::STATUS_INVALID_PARAMETER
+            return response
+          end
+          session = @session_table[@smb2_related_operations_state[:session_id]]
+        end
 
-        if session.nil? && !(header.command == SMB2::Commands::SESSION_SETUP && header.session_id == 0)
+        if session.nil? && session_required
           response = SMB2::Packet::ErrorPacket.new
           response.smb2_header.nt_status = WindowsError::NTStatus::STATUS_USER_SESSION_DELETED
           return response
@@ -387,7 +402,13 @@ module RubySMB
         end
 
         logger.debug("Dispatching request to #{dispatcher} (session: #{session.inspect})")
-        send(dispatcher, request, session)
+        response = send(dispatcher, request, session)
+
+        if response.is_a?(SMB2::Packet::ErrorPacket)
+          @smb2_related_operations_state.clear
+        end
+
+        response
       end
 
       def _handle_smb2(raw_request)

data/lib/ruby_smb/version.rb

@@ -1,3 +1,3 @@
 module RubySMB
-  VERSION = '3.3.4'.freeze
+  VERSION = '3.3.5'.freeze
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ruby_smb
 version: !ruby/object:Gem::Version
-  version: 3.3.4
+  version: 3.3.5
 platform: ruby
 authors:
 - Metasploit Hackers
@@ -38,7 +38,7 @@ cert_chain:
   DgscAao7wB3xW2BWEp1KnaDWkf1x9ttgoBEYyuYwU7uatB67kBQG1PKvLt79wHvz
   Dxs+KOjGbBRfMnPgVGYkORKVrZIwlaboHbDKxcVW5xv+oZc7KYXWGg==
   -----END CERTIFICATE-----
-date: 2024-03-20 00:00:00.000000000 Z
+date: 2024-04-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: redcarpet