ruby_smb 3.3.5 → 3.3.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -73,12 +73,7 @@ RSpec.describe RubySMB::Dcerpc::Winreg do
73
73
  before :example do
74
74
  allow(described_class::OpenKeyRequest).to receive(:new).and_return(openkey_request_packet)
75
75
  allow(openkey_request_packet).to receive(:sam_desired).and_return(regsam)
76
- allow(regsam).to receive_messages(
77
- :read_control= => nil,
78
- :key_query_value= => nil,
79
- :key_enumerate_sub_keys= => nil,
80
- :key_notify= => nil,
81
- )
76
+ allow(regsam).to receive(:maximum_allowed=)
82
77
  allow(winreg).to receive(:dcerpc_request).and_return(response)
83
78
  allow(described_class::OpenKeyResponse).to receive(:read).and_return(open_key_response)
84
79
  allow(open_key_response).to receive_messages(
@@ -94,10 +89,7 @@ RSpec.describe RubySMB::Dcerpc::Winreg do
94
89
 
95
90
  it 'sets the expected user rights on the request packet' do
96
91
  winreg.open_key(handle, sub_key)
97
- expect(regsam).to have_received(:read_control=).with(1)
98
- expect(regsam).to have_received(:key_query_value=).with(1)
99
- expect(regsam).to have_received(:key_enumerate_sub_keys=).with(1)
100
- expect(regsam).to have_received(:key_notify=).with(1)
92
+ expect(regsam).to have_received(:maximum_allowed=).with(1)
101
93
  end
102
94
 
103
95
  it 'sends the expected dcerpc request' do
@@ -132,12 +124,13 @@ RSpec.describe RubySMB::Dcerpc::Winreg do
132
124
  describe '#query_value' do
133
125
  let(:handle) { double('Handle') }
134
126
  let(:value_name) { double('Value Name') }
135
- let(:query_value_request_packet) { double('Query Value Request Packet #1') }
136
- let(:lp_data) { double('LpData #2') }
127
+ let(:query_value_request_packet) { double('Query Value Request Packet #1') }
128
+ let(:lp_data) { double('LpData #2') }
137
129
  let(:response1) { double('Response #1') }
138
130
  let(:response2) { double('Response #2') }
139
131
  let(:query_value_response1) { double('Query Value Response #1') }
140
132
  let(:query_value_response2) { double('Query Value Response #2') }
133
+ let(:lp_type) { double('Type') }
141
134
  let(:data) { double('Data') }
142
135
  let(:lpcb_data) { double('LpcbData') }
143
136
  let(:max_count) { 5 }
@@ -164,8 +157,9 @@ RSpec.describe RubySMB::Dcerpc::Winreg do
164
157
  allow(described_class::QueryValueResponse).to receive(:read).with(response2).and_return(query_value_response2)
165
158
  allow(query_value_response1).to receive(:error_status).and_return(WindowsError::Win32::ERROR_SUCCESS)
166
159
  allow(query_value_response2).to receive_messages(
167
- :error_status => WindowsError::Win32::ERROR_SUCCESS,
168
- :data => data
160
+ error_status: WindowsError::Win32::ERROR_SUCCESS,
161
+ lp_type: lp_type,
162
+ data: data
169
163
  )
170
164
  allow(query_value_response1).to receive(:lpcb_data).and_return(lpcb_data)
171
165
  allow(lpcb_data).to receive(:to_i).and_return(max_count)
@@ -234,8 +228,9 @@ RSpec.describe RubySMB::Dcerpc::Winreg do
234
228
  end
235
229
 
236
230
  it 'returns the expected response data' do
237
- expect(winreg.query_value(handle, value_name)).to eq(data)
231
+ expect(winreg.query_value(handle, value_name)).to eq(RubySMB::Dcerpc::Winreg::RegValue.new(lp_type, data))
238
232
  end
233
+
239
234
  end
240
235
 
241
236
  describe '#close_key' do
@@ -529,13 +524,14 @@ RSpec.describe RubySMB::Dcerpc::Winreg do
529
524
  let(:value_name) { 'registry_value_name' }
530
525
  let(:root_key_handle) { double('Root Key Handle') }
531
526
  let(:subkey_handle) { double('Subkey Handle') }
532
- let(:value) { double('Value') }
527
+ let(:data) { double('Reg value data') }
528
+ let(:reg_value) { RubySMB::Dcerpc::Winreg::RegValue.new(nil, data) }
533
529
  before :example do
534
530
  allow(winreg).to receive_messages(
535
531
  :bind => nil,
536
532
  :open_root_key => root_key_handle,
537
533
  :open_key => subkey_handle,
538
- :query_value => value,
534
+ :query_value => reg_value,
539
535
  :close_key => nil
540
536
  )
541
537
  end
@@ -572,7 +568,7 @@ RSpec.describe RubySMB::Dcerpc::Winreg do
572
568
  end
573
569
 
574
570
  it 'returns expect registry key value' do
575
- expect(winreg.read_registry_key_value(key, value_name)).to eq(value)
571
+ expect(winreg.read_registry_key_value(key, value_name)).to eq(data)
576
572
  end
577
573
  end
578
574
 
@@ -864,4 +860,257 @@ RSpec.describe RubySMB::Dcerpc::Winreg do
864
860
  end
865
861
  end
866
862
  end
863
+
864
+ describe '#get_key_security_descriptor' do
865
+ let(:root_key) { 'HKLM' }
866
+ let(:sub_key) { 'my\\sub\\key\\path' }
867
+ let(:key) { "#{root_key}\\#{sub_key}" }
868
+ let(:root_key_handle) { double('Root Key Handle') }
869
+ let(:subkey_handle) { double('Subkey Handle') }
870
+ before :example do
871
+ allow(winreg).to receive_messages(
872
+ :bind => nil,
873
+ :open_root_key => root_key_handle,
874
+ :open_key => subkey_handle,
875
+ :get_key_security => nil,
876
+ :close_key => nil
877
+ )
878
+ end
879
+
880
+ it 'binds a DCERPC connection to the expected remote endpoint' do
881
+ winreg.get_key_security_descriptor(key)
882
+ expect(winreg).to have_received(:bind).with(endpoint: RubySMB::Dcerpc::Winreg)
883
+ end
884
+
885
+ it 'does not bind a DCERPC connection if #bind argument is false' do
886
+ winreg.get_key_security_descriptor(key, bind: false)
887
+ expect(winreg).to_not have_received(:bind)
888
+ end
889
+
890
+ it 'opens the expected root key' do
891
+ winreg.get_key_security_descriptor(key)
892
+ expect(winreg).to have_received(:open_root_key).with(root_key)
893
+ end
894
+
895
+ it 'opens the expected registry key' do
896
+ winreg.get_key_security_descriptor(key)
897
+ expect(winreg).to have_received(:open_key).with(root_key_handle, sub_key)
898
+ end
899
+
900
+ it 'calls #get_key_security with the expected arguments' do
901
+ winreg.get_key_security_descriptor(key)
902
+ security_information = RubySMB::Field::SecurityDescriptor::OWNER_SECURITY_INFORMATION
903
+ expect(winreg).to have_received(:get_key_security).with(subkey_handle, security_information)
904
+ end
905
+
906
+ context 'with a non-default security informaiton' do
907
+ it 'calls #get_key_security with the expected arguments' do
908
+ security_information = RubySMB::Field::SecurityDescriptor::GROUP_SECURITY_INFORMATION
909
+ winreg.get_key_security_descriptor(key, security_information)
910
+ expect(winreg).to have_received(:get_key_security).with(subkey_handle, security_information)
911
+ end
912
+ end
913
+ end
914
+
915
+ describe '#get_key_security' do
916
+ let(:handle) { double('Handle') }
917
+ let(:get_key_security_request) { double('GetKeySecurity Request') }
918
+ let(:response) {
919
+ '0000020000100000940000000010000000000000940000000100048078000000880000'\
920
+ '0000000000140000000200640004000000000214003f000f0001010000000000051200'\
921
+ '0000000218000000060001020000000000052000000020020000000218000900060001'\
922
+ '0200000000000520000000200200000002180009000600010200000000000520000000'\
923
+ '2002000001020000000000052000000020020000010100000000000512000000000000'\
924
+ '00'.unhexlify
925
+ }
926
+ let(:security_descriptor) {
927
+ '01000480780000008800000000000000140000000200640004000000000214003f000f'\
928
+ '0001010000000000051200000000021800000006000102000000000005200000002002'\
929
+ '0000000218000900060001020000000000052000000020020000000218000900060001'\
930
+ '0200000000000520000000200200000102000000000005200000002002000001010000'\
931
+ '0000000512000000'.unhexlify
932
+ }
933
+ before :example do
934
+ allow(described_class::GetKeySecurityRequest).to receive(:new).and_return(get_key_security_request)
935
+ allow(winreg).to receive(:dcerpc_request).and_return(response)
936
+ end
937
+
938
+ it 'create the expected GetKeySecurityRequest packet with the default options' do
939
+ opts = {
940
+ hkey: handle,
941
+ security_information: RubySMB::Field::SecurityDescriptor::OWNER_SECURITY_INFORMATION,
942
+ prpc_security_descriptor_in: { cb_in_security_descriptor: 4096 }
943
+ }
944
+ winreg.get_key_security(handle)
945
+ expect(described_class::GetKeySecurityRequest).to have_received(:new).with(opts)
946
+ end
947
+
948
+ it 'create the expected SaveKeyRequest packet with custom options' do
949
+ security_information = RubySMB::Field::SecurityDescriptor::GROUP_SECURITY_INFORMATION
950
+ opts = {
951
+ hkey: handle,
952
+ security_information: security_information,
953
+ prpc_security_descriptor_in: { cb_in_security_descriptor: 4096 }
954
+ }
955
+ winreg.get_key_security(handle, security_information)
956
+ expect(described_class::GetKeySecurityRequest).to have_received(:new).with(opts)
957
+ end
958
+
959
+ it 'sends the expected dcerpc request' do
960
+ winreg.get_key_security(handle)
961
+ expect(winreg).to have_received(:dcerpc_request).with(get_key_security_request)
962
+ end
963
+
964
+ it 'creates a GetKeySecurityResponse structure from the expected dcerpc response' do
965
+ expect(described_class::GetKeySecurityResponse).to receive(:read).with(response).and_call_original
966
+ winreg.get_key_security(handle)
967
+ end
968
+
969
+ context 'when an IOError occurs while parsing the response' do
970
+ it 'raises a RubySMB::Dcerpc::Error::InvalidPacket' do
971
+ allow(described_class::GetKeySecurityResponse).to receive(:read).and_raise(IOError)
972
+ expect { winreg.get_key_security(handle) }.to raise_error(RubySMB::Dcerpc::Error::InvalidPacket)
973
+ end
974
+ end
975
+
976
+ context 'when the response error status is not WindowsError::Win32::ERROR_SUCCESS' do
977
+ it 'raises a RubySMB::Dcerpc::Error::WinregError' do
978
+ response[-4..-1] = [WindowsError::Win32::ERROR_INVALID_DATA.value].pack('V')
979
+ expect { winreg.get_key_security(handle) }.to raise_error(RubySMB::Dcerpc::Error::WinregError)
980
+ end
981
+ end
982
+
983
+ it 'returns the expected security descriptor' do
984
+ expect(winreg.get_key_security(handle)).to eq(security_descriptor)
985
+ end
986
+ end
987
+
988
+ describe '#set_key_security_descriptor' do
989
+ let(:root_key) { 'HKLM' }
990
+ let(:sub_key) { 'my\\sub\\key\\path' }
991
+ let(:key) { "#{root_key}\\#{sub_key}" }
992
+ let(:security_descriptor) { 'Security Descriptor' }
993
+ let(:root_key_handle) { double('Root Key Handle') }
994
+ let(:subkey_handle) { double('Subkey Handle') }
995
+ before :example do
996
+ allow(winreg).to receive_messages(
997
+ :bind => nil,
998
+ :open_root_key => root_key_handle,
999
+ :open_key => subkey_handle,
1000
+ :set_key_security => nil,
1001
+ :close_key => nil
1002
+ )
1003
+ end
1004
+
1005
+ it 'binds a DCERPC connection to the expected remote endpoint' do
1006
+ winreg.set_key_security_descriptor(key, security_descriptor)
1007
+ expect(winreg).to have_received(:bind).with(endpoint: RubySMB::Dcerpc::Winreg)
1008
+ end
1009
+
1010
+ it 'does not bind a DCERPC connection if #bind argument is false' do
1011
+ winreg.set_key_security_descriptor(key, security_descriptor, bind: false)
1012
+ expect(winreg).to_not have_received(:bind)
1013
+ end
1014
+
1015
+ it 'opens the expected root key' do
1016
+ winreg.set_key_security_descriptor(key, security_descriptor)
1017
+ expect(winreg).to have_received(:open_root_key).with(root_key)
1018
+ end
1019
+
1020
+ it 'opens the expected registry key' do
1021
+ winreg.set_key_security_descriptor(key, security_descriptor)
1022
+ expect(winreg).to have_received(:open_key).with(root_key_handle, sub_key)
1023
+ end
1024
+
1025
+ it 'calls #set_key_security with the expected arguments' do
1026
+ winreg.set_key_security_descriptor(key, security_descriptor)
1027
+ security_information = RubySMB::Field::SecurityDescriptor::OWNER_SECURITY_INFORMATION
1028
+ expect(winreg).to have_received(:set_key_security).with(subkey_handle, security_descriptor, security_information)
1029
+ end
1030
+
1031
+ context 'with a non-default security informaiton' do
1032
+ it 'calls #get_key_security with the expected arguments' do
1033
+ security_information = RubySMB::Field::SecurityDescriptor::GROUP_SECURITY_INFORMATION
1034
+ winreg.set_key_security_descriptor(key, security_descriptor, security_information)
1035
+ expect(winreg).to have_received(:set_key_security).with(subkey_handle, security_descriptor, security_information)
1036
+ end
1037
+ end
1038
+ end
1039
+
1040
+ describe '#set_key_security' do
1041
+ let(:handle) { double('Handle') }
1042
+ let(:set_key_security_request) { double('GetKeySecurity Request') }
1043
+ let(:response) { '00000000'.unhexlify }
1044
+ let(:security_descriptor) {
1045
+ '0100048014000000240000000000000030000000010200000000000520000000200200'\
1046
+ '0001010000000000051200000002007c0005000000000214003f000f00010100000000'\
1047
+ '0005120000000002180000000600010200000000000520000000200200000002180009'\
1048
+ '0006000102000000000005200000002002000000021800090006000102000000000005'\
1049
+ '2000000020020000000218000900060001020000000000052000000020020000'.unhexlify
1050
+ }
1051
+ before :example do
1052
+ allow(described_class::SetKeySecurityRequest).to receive(:new).and_return(set_key_security_request)
1053
+ allow(winreg).to receive(:dcerpc_request).and_return(response)
1054
+ end
1055
+
1056
+ it 'create the expected SetKeySecurityRequest packet with the default options' do
1057
+ opts = {
1058
+ hkey: handle,
1059
+ security_information: RubySMB::Field::SecurityDescriptor::OWNER_SECURITY_INFORMATION,
1060
+ prpc_security_descriptor: {
1061
+ lp_security_descriptor: security_descriptor.bytes,
1062
+ cb_in_security_descriptor: security_descriptor.size,
1063
+ cb_out_security_descriptor: security_descriptor.size
1064
+ }
1065
+ }
1066
+ winreg.set_key_security(handle, security_descriptor)
1067
+ expect(described_class::SetKeySecurityRequest).to have_received(:new).with(opts)
1068
+ end
1069
+
1070
+ it 'create the expected SaveKeyRequest packet with custom options' do
1071
+ security_information = RubySMB::Field::SecurityDescriptor::GROUP_SECURITY_INFORMATION
1072
+ opts = {
1073
+ hkey: handle,
1074
+ security_information: security_information,
1075
+ prpc_security_descriptor: {
1076
+ lp_security_descriptor: security_descriptor.bytes,
1077
+ cb_in_security_descriptor: security_descriptor.size,
1078
+ cb_out_security_descriptor: security_descriptor.size
1079
+ }
1080
+ }
1081
+ winreg.set_key_security(handle, security_descriptor, security_information)
1082
+ expect(described_class::SetKeySecurityRequest).to have_received(:new).with(opts)
1083
+ end
1084
+
1085
+ it 'sends the expected dcerpc request' do
1086
+ winreg.set_key_security(handle, security_descriptor)
1087
+ expect(winreg).to have_received(:dcerpc_request).with(set_key_security_request)
1088
+ end
1089
+
1090
+ it 'creates a SetKeySecurityResponse structure from the expected dcerpc response' do
1091
+ expect(described_class::SetKeySecurityResponse).to receive(:read).with(response).and_call_original
1092
+ winreg.set_key_security(handle, security_descriptor)
1093
+ end
1094
+
1095
+ context 'when an IOError occurs while parsing the response' do
1096
+ it 'raises a RubySMB::Dcerpc::Error::InvalidPacket' do
1097
+ allow(described_class::SetKeySecurityResponse).to receive(:read).and_raise(IOError)
1098
+ expect { winreg.set_key_security(handle, security_descriptor) }.to raise_error(RubySMB::Dcerpc::Error::InvalidPacket)
1099
+ end
1100
+ end
1101
+
1102
+ context 'when the response error status is not WindowsError::Win32::ERROR_SUCCESS' do
1103
+ it 'raises a RubySMB::Dcerpc::Error::WinregError' do
1104
+ response[-4..-1] = [WindowsError::Win32::ERROR_INVALID_DATA.value].pack('V')
1105
+ expect { winreg.set_key_security(handle, security_descriptor) }.to raise_error(RubySMB::Dcerpc::Error::WinregError)
1106
+ end
1107
+ end
1108
+
1109
+ it 'returns the expected error status' do
1110
+ expect(winreg.set_key_security(handle, security_descriptor)).to eq(WindowsError::Win32::ERROR_SUCCESS)
1111
+ end
1112
+ end
1113
+
1114
+
1115
+
867
1116
  end
data.tar.gz.sig CHANGED
Binary file
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ruby_smb
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.3.5
4
+ version: 3.3.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Metasploit Hackers
@@ -38,7 +38,7 @@ cert_chain:
38
38
  DgscAao7wB3xW2BWEp1KnaDWkf1x9ttgoBEYyuYwU7uatB67kBQG1PKvLt79wHvz
39
39
  Dxs+KOjGbBRfMnPgVGYkORKVrZIwlaboHbDKxcVW5xv+oZc7KYXWGg==
40
40
  -----END CERTIFICATE-----
41
- date: 2024-04-12 00:00:00.000000000 Z
41
+ date: 2024-04-30 00:00:00.000000000 Z
42
42
  dependencies:
43
43
  - !ruby/object:Gem::Dependency
44
44
  name: redcarpet
@@ -219,6 +219,7 @@ files:
219
219
  - examples/read_file.rb
220
220
  - examples/read_file_encryption.rb
221
221
  - examples/read_registry_key_value.rb
222
+ - examples/registry_key_security_descriptor.rb
222
223
  - examples/rename_file.rb
223
224
  - examples/tree_connect.rb
224
225
  - examples/virtual_file_server.rb
@@ -309,6 +310,7 @@ files:
309
310
  - lib/ruby_smb/dcerpc/rrp_rpc_unicode_string.rb
310
311
  - lib/ruby_smb/dcerpc/samr.rb
311
312
  - lib/ruby_smb/dcerpc/samr/rpc_sid.rb
313
+ - lib/ruby_smb/dcerpc/samr/sampr_domain_info_buffer.rb
312
314
  - lib/ruby_smb/dcerpc/samr/samr_close_handle_request.rb
313
315
  - lib/ruby_smb/dcerpc/samr/samr_close_handle_response.rb
314
316
  - lib/ruby_smb/dcerpc/samr/samr_connect_request.rb
@@ -333,6 +335,8 @@ files:
333
335
  - lib/ruby_smb/dcerpc/samr/samr_open_domain_response.rb
334
336
  - lib/ruby_smb/dcerpc/samr/samr_open_user_request.rb
335
337
  - lib/ruby_smb/dcerpc/samr/samr_open_user_response.rb
338
+ - lib/ruby_smb/dcerpc/samr/samr_query_information_domain_request.rb
339
+ - lib/ruby_smb/dcerpc/samr/samr_query_information_domain_response.rb
336
340
  - lib/ruby_smb/dcerpc/samr/samr_rid_to_sid_request.rb
337
341
  - lib/ruby_smb/dcerpc/samr/samr_rid_to_sid_response.rb
338
342
  - lib/ruby_smb/dcerpc/samr/samr_set_information_user2_request.rb
@@ -372,6 +376,8 @@ files:
372
376
  - lib/ruby_smb/dcerpc/winreg/enum_key_response.rb
373
377
  - lib/ruby_smb/dcerpc/winreg/enum_value_request.rb
374
378
  - lib/ruby_smb/dcerpc/winreg/enum_value_response.rb
379
+ - lib/ruby_smb/dcerpc/winreg/get_key_security_request.rb
380
+ - lib/ruby_smb/dcerpc/winreg/get_key_security_response.rb
375
381
  - lib/ruby_smb/dcerpc/winreg/open_key_request.rb
376
382
  - lib/ruby_smb/dcerpc/winreg/open_key_response.rb
377
383
  - lib/ruby_smb/dcerpc/winreg/open_root_key_request.rb
@@ -383,6 +389,8 @@ files:
383
389
  - lib/ruby_smb/dcerpc/winreg/regsam.rb
384
390
  - lib/ruby_smb/dcerpc/winreg/save_key_request.rb
385
391
  - lib/ruby_smb/dcerpc/winreg/save_key_response.rb
392
+ - lib/ruby_smb/dcerpc/winreg/set_key_security_request.rb
393
+ - lib/ruby_smb/dcerpc/winreg/set_key_security_response.rb
386
394
  - lib/ruby_smb/dcerpc/wkssvc.rb
387
395
  - lib/ruby_smb/dcerpc/wkssvc/netr_wksta_get_info_request.rb
388
396
  - lib/ruby_smb/dcerpc/wkssvc/netr_wksta_get_info_response.rb
metadata.gz.sig CHANGED
Binary file