ruby_smb 3.3.6 → 3.3.8

data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy2_request_spec.rb

@@ -0,0 +1,68 @@
+require 'ruby_smb/dcerpc/ndr'
+
+RSpec.describe RubySMB::Dcerpc::Lsarpc::LsarOpenPolicy2Request do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :system_name }
+  it { is_expected.to respond_to :object_attributes }
+  it { is_expected.to respond_to :access_mask }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  it 'is a BinData::Record' do
+    expect(packet).to be_a(BinData::Record)
+  end
+  describe '#system_name' do
+    it 'is an NdrWideStringzPtr structure' do
+      expect(packet.system_name).to be_a RubySMB::Dcerpc::Ndr::NdrWideStringzPtr
+    end
+  end
+  describe '#object_attributes' do
+    it 'is an LsaprObjectAttributes structure' do
+      expect(packet.object_attributes).to be_a RubySMB::Dcerpc::Lsarpc::LsaprObjectAttributes
+    end
+  end
+  describe '#access_mask' do
+    it 'is an NdrUint32 structure' do
+      expect(packet.access_mask).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+  describe '#initialize_instance' do
+    it 'sets #opnum to LSAR_OPEN_POLICY2 constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Lsarpc::LSAR_OPEN_POLICY2)
+    end
+  end
+  it 'reads itself' do
+    new_class = described_class.new(
+      system_name: 'Example_System',
+      object_attributes: {
+        security_quality_of_service: {
+          impersonation_level: 0,
+          security_context_tracking_mode: 0
+        }
+      },
+      access_mask: 0
+    )
+    expect(packet.read(new_class.to_binary_s)).to eq(
+      {
+        system_name: 'Example_System'.encode('UTF-16LE'),
+        object_attributes: {
+          len: 24,
+          root_directory: :null,
+          object_name: :null,
+          attributes: 0,
+          security_descriptor: :null,
+          security_quality_of_service: {
+            len: 12,
+            impersonation_level: 0,
+            security_context_tracking_mode: 0,
+            effective_only: 0
+          }
+        },
+      access_mask: 0
+      }
+    )
+  end
+end

data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy2_response_spec.rb

@@ -0,0 +1,46 @@
+
+RSpec.describe RubySMB::Dcerpc::Lsarpc::LsarOpenPolicy2Response do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :policy_handle }
+  it { is_expected.to respond_to :error_status }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  it 'is a BinData::Record' do
+    expect(packet).to be_a(BinData::Record)
+  end
+  describe '#policy_handle' do
+    it 'is an LsaprHandle structure' do
+      expect(packet.policy_handle).to be_a RubySMB::Dcerpc::Lsarpc::LsaprHandle
+    end
+  end
+  describe '#error_status' do
+    it 'is a NdrUint32' do
+      expect(packet.error_status).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+  describe '#initialize_instance' do
+    it 'sets #opnum to LSAR_OPEN_POLICY2 constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Lsarpc::LSAR_OPEN_POLICY2)
+    end
+  end
+  it 'reads itself' do
+    new_class = described_class.new(
+      policy_handle: {
+        context_handle_attributes: 0,
+        context_handle_uuid: "fc873b90-d9a9-46a4-b9ea-f44bb1c272a7"
+      },
+      error_status: 0
+    )
+    expect(packet.read(new_class.to_binary_s)).to eq(
+      policy_handle: {
+        context_handle_attributes: 0,
+        context_handle_uuid: "fc873b90-d9a9-46a4-b9ea-f44bb1c272a7"
+      },
+      error_status: 0
+    )
+  end
+end

data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy_request_spec.rb

@@ -0,0 +1,68 @@
+require 'ruby_smb/dcerpc/ndr'
+
+RSpec.describe RubySMB::Dcerpc::Lsarpc::LsarOpenPolicyRequest do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :system_name }
+  it { is_expected.to respond_to :object_attributes }
+  it { is_expected.to respond_to :access_mask }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  it 'is a BinData::Record' do
+    expect(packet).to be_a(BinData::Record)
+  end
+  describe '#system_name' do
+    it 'is an NdrWideStringPtr structure' do
+      expect(packet.system_name).to be_a RubySMB::Dcerpc::Ndr::NdrWideStringPtr
+    end
+  end
+  describe '#object_attributes' do
+    it 'is an LsaprObjectAttributes structure' do
+      expect(packet.object_attributes).to be_a RubySMB::Dcerpc::Lsarpc::LsaprObjectAttributes
+    end
+  end
+  describe '#access_mask' do
+    it 'is an NdrUint32 structure' do
+      expect(packet.access_mask).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+  describe '#initialize_instance' do
+    it 'sets #opnum to LSAR_OPEN_POLICY constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Lsarpc::LSAR_OPEN_POLICY)
+    end
+  end
+  it 'reads itself' do
+    new_class = described_class.new(
+      system_name: 'Example_System',
+      object_attributes: {
+        security_quality_of_service: {
+          impersonation_level: 0,
+          security_context_tracking_mode: 0
+        }
+      },
+      access_mask: 0
+    )
+    expect(packet.read(new_class.to_binary_s)).to eq(
+      {
+        system_name: 'Example_System'.encode('UTF-16LE'),
+        object_attributes: {
+          len: 24,
+          root_directory: :null,
+          object_name: :null,
+          attributes: 0,
+          security_descriptor: :null,
+          security_quality_of_service: {
+            len: 12,
+            impersonation_level: 0,
+            security_context_tracking_mode: 0,
+            effective_only: 0
+          }
+        },
+        access_mask: 0
+      }
+    )
+  end
+end

data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy_response_spec.rb

@@ -0,0 +1,45 @@
+
+RSpec.describe RubySMB::Dcerpc::Lsarpc::LsarOpenPolicyResponse do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :policy_handle }
+  it { is_expected.to respond_to :error_status }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  it 'is a BinData::Record' do
+    expect(packet).to be_a(BinData::Record)
+  end
+  describe '#policy_handle' do
+    it 'is an LsaprHandle structure' do
+      expect(packet.policy_handle).to be_a RubySMB::Dcerpc::Lsarpc::LsaprHandle
+    end
+  end
+  describe '#error_status' do
+    it 'is a NdrUint32' do
+      expect(packet.error_status).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+  describe '#initialize_instance' do
+    it 'sets #opnum to LSAR_OPEN_POLICY constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Lsarpc::LSAR_OPEN_POLICY)
+    end
+  end
+  it 'reads itself' do
+    new_class = described_class.new(
+      policy_handle: {
+        context_handle_attributes: 0,
+        context_handle_uuid: "fc873b90-d9a9-46a4-b9ea-f44bb1c272a7"
+      }
+    )
+    expect(packet.read(new_class.to_binary_s)).to eq(
+      policy_handle: {
+        context_handle_attributes: 0,
+        context_handle_uuid: "fc873b90-d9a9-46a4-b9ea-f44bb1c272a7"
+      },
+      error_status: 0
+    )
+  end
+end

data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_request_spec.rb

@@ -0,0 +1,47 @@
+require 'ruby_smb/dcerpc/ndr'
+
+RSpec.describe RubySMB::Dcerpc::Lsarpc::LsarQueryInformationPolicy2Request do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :policy_handle }
+  it { is_expected.to respond_to :information_class }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  it 'is a BinData::Record' do
+    expect(packet).to be_a(BinData::Record)
+  end
+  describe '#policy_handle' do
+    it 'is an LsaprHandle structure' do
+      expect(packet.policy_handle).to be_a RubySMB::Dcerpc::Lsarpc::LsaprHandle
+    end
+  end
+  describe '#information_class' do
+    it 'is an NdrUint32 structure' do
+      expect(packet.information_class).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+  describe '#initialize_instance' do
+    it 'sets #opnum to LSAR_QUERY_INFORMATION_POLICY2 constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Lsarpc::LSAR_QUERY_INFORMATION_POLICY2)
+    end
+  end
+  it 'reads itself' do
+    new_class = described_class.new(
+      policy_handle: {
+        context_handle_attributes: 0,
+        context_handle_uuid: "fc873b90-d9a9-46a4-b9ea-f44bb1c272a7"
+      },
+      information_class: 0
+    )
+    expect(packet.read(new_class.to_binary_s)).to eq(
+      policy_handle: {
+        context_handle_attributes: 0,
+        context_handle_uuid: "fc873b90-d9a9-46a4-b9ea-f44bb1c272a7"
+      },
+      information_class: 0
+    )
+  end
+end

data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_response_spec.rb

@@ -0,0 +1,54 @@
+require 'ruby_smb/dcerpc/ndr'
+require 'ruby_smb/dcerpc/lsarpc'
+
+RSpec.describe RubySMB::Dcerpc::Lsarpc::LsarQueryInformationPolicy2Response do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :policy_information }
+  it { is_expected.to respond_to :error_status }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  it 'is a BinData::Record' do
+    expect(packet).to be_a(BinData::Record)
+  end
+  describe '#policy_information' do
+    it 'is an LsaprPolicyInformationPtr structure' do
+      expect(packet.policy_information).to be_a RubySMB::Dcerpc::Lsarpc::LsaprPolicyInformationPtr
+    end
+  end
+  describe '#error_status' do
+    it 'is an NdrUint32 structure' do
+      expect(packet.error_status).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+  describe '#initialize_instance' do
+    it 'sets #opnum to LSAR_QUERY_INFORMATION_POLICY2 constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Lsarpc::LSAR_QUERY_INFORMATION_POLICY2)
+    end
+  end
+  it 'reads itself' do
+    new_class = described_class.new(
+      policy_information: {
+        policy_information_class: 1,
+        policy_information: {}
+      }
+    )
+    expect(packet.read(new_class.to_binary_s)).to eq(
+      policy_information: {
+        policy_information_class: 1,
+        policy_information: {
+          audit_log_percent_full: 0,
+          maximum_log_size: 0,
+          audit_retention_period: 0,
+          audit_log_full_shutdown_in_progress: 0,
+          time_to_shutdown: 0,
+          next_audit_record_id: 0
+        }
+      },
+      error_status: 0
+    )
+  end
+end

data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_request_spec.rb

@@ -0,0 +1,46 @@
+require 'ruby_smb/dcerpc/ndr'
+
+RSpec.describe RubySMB::Dcerpc::Lsarpc::LsarQueryInformationPolicyRequest do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :policy_handle }
+  it { is_expected.to respond_to :information_class }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  it 'is a BinData::Record' do
+    expect(packet).to be_a(BinData::Record)
+  end
+  describe '#policy_handle' do
+    it 'is an LsaprHandle structure' do
+      expect(packet.policy_handle).to be_a RubySMB::Dcerpc::Lsarpc::LsaprHandle
+    end
+  end
+  describe '#information_class' do
+    it 'is an NdrUint32 structure' do
+      expect(packet.information_class).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+  describe '#initialize_instance' do
+    it 'sets #opnum to LSAR_QUERY_INFORMATION_POLICY constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Lsarpc::LSAR_QUERY_INFORMATION_POLICY)
+    end
+  end
+  it 'reads itself' do
+    new_class = described_class.new(
+      policy_handle: {
+        context_handle_attributes: 0,
+        context_handle_uuid: "fc873b90-d9a9-46a4-b9ea-f44bb1c272a7"
+      }
+    )
+    expect(packet.read(new_class.to_binary_s)).to eq(
+      policy_handle: {
+        context_handle_attributes: 0,
+        context_handle_uuid: "fc873b90-d9a9-46a4-b9ea-f44bb1c272a7"
+      },
+      information_class: 0
+    )
+  end
+end

data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_response_spec.rb

@@ -0,0 +1,53 @@
+require 'ruby_smb/dcerpc/ndr'
+
+RSpec.describe RubySMB::Dcerpc::Lsarpc::LsarQueryInformationPolicyResponse do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :policy_information }
+  it { is_expected.to respond_to :error_status }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  it 'is a BinData::Record' do
+    expect(packet).to be_a(BinData::Record)
+  end
+  describe '#policy_information' do
+    it 'is an LsaprPolicyInformationPtr structure' do
+      expect(packet.policy_information).to be_a RubySMB::Dcerpc::Lsarpc::LsaprPolicyInformationPtr
+    end
+  end
+  describe '#error_status' do
+    it 'is an NdrUint32 structure' do
+      expect(packet.error_status).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+  describe '#initialize_instance' do
+    it 'sets #opnum to LSAR_QUERY_INFORMATION_POLICY constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Lsarpc::LSAR_QUERY_INFORMATION_POLICY)
+    end
+  end
+  it 'reads itself' do
+    new_class = described_class.new(
+      policy_information: {
+        policy_information_class: 1,
+        policy_information: {}
+      }
+    )
+    expect(packet.read(new_class.to_binary_s)).to eq(
+      policy_information: {
+        policy_information_class: 1,
+        policy_information: {
+          audit_log_percent_full: 0,
+          maximum_log_size: 0,
+          audit_retention_period: 0,
+          audit_log_full_shutdown_in_progress: 0,
+          time_to_shutdown: 0,
+          next_audit_record_id: 0
+        }
+      },
+      error_status: 0
+    )
+  end
+end

data/spec/lib/ruby_smb/dcerpc/ndr_spec.rb

@@ -1352,6 +1352,15 @@ RSpec.describe RubySMB::Dcerpc::Ndr::NdrVarString do
     }
     let(:value) { 'ABCD' }
   end
+  context 'with an empty string' do
+    it_behaves_like 'a NDR String', conformant: false, char_size: 1, null_terminated: false do
+      let(:binary_stream) {
+        "\x00\x00\x00\x00"\
+        "\x00\x00\x00\x00".b
+      }
+      let(:value) { '' }
+    end
+  end
 end
 
 RSpec.describe RubySMB::Dcerpc::Ndr::NdrVarStringz do
@@ -1368,6 +1377,16 @@ RSpec.describe RubySMB::Dcerpc::Ndr::NdrVarStringz do
     }
     let(:value) { 'ABCD' }
   end
+  context 'with an empty string' do
+    it_behaves_like 'a NDR String', conformant: false, char_size: 1, null_terminated: true do
+      let(:binary_stream) {
+        "\x00\x00\x00\x00"\
+        "\x01\x00\x00\x00"\
+        "\x00".b
+      }
+      let(:value) { '' }
+    end
+  end
 end
 
 RSpec.describe RubySMB::Dcerpc::Ndr::NdrVarWideString do
@@ -1383,6 +1402,15 @@ RSpec.describe RubySMB::Dcerpc::Ndr::NdrVarWideString do
     }
     let(:value) { 'ABCD'.encode('utf-16le') }
   end
+  context 'with an empty string' do
+    it_behaves_like 'a NDR String', conformant: false, char_size: 2, null_terminated: false do
+      let(:binary_stream) {
+        "\x00\x00\x00\x00"\
+        "\x00\x00\x00\x00".b
+      }
+      let(:value) { '' }
+    end
+  end
 end
 
 RSpec.describe RubySMB::Dcerpc::Ndr::NdrVarWideStringz do
@@ -1398,6 +1426,16 @@ RSpec.describe RubySMB::Dcerpc::Ndr::NdrVarWideStringz do
     }
     let(:value) { 'ABCD'.encode('utf-16le') }
   end
+  context 'with an empty string' do
+    it_behaves_like 'a NDR String', conformant: false, char_size: 2, null_terminated: true do
+      let(:binary_stream) {
+        "\x00\x00\x00\x00"\
+        "\x01\x00\x00\x00"\
+        "\x00\x00".b
+      }
+      let(:value) { '' }
+    end
+  end
 end
 
 RSpec.describe RubySMB::Dcerpc::Ndr::NdrConfVarString do
@@ -1415,6 +1453,16 @@ RSpec.describe RubySMB::Dcerpc::Ndr::NdrConfVarString do
     }
     let(:value) { 'ABCD' }
   end
+  context 'with an empty string' do
+    it_behaves_like 'a NDR String', conformant: true, char_size: 1, null_terminated: false do
+      let(:binary_stream) {
+        "\x00\x00\x00\x00"\
+        "\x00\x00\x00\x00"\
+        "\x00\x00\x00\x00".b
+      }
+      let(:value) { '' }
+    end
+  end
 end
 
 RSpec.describe RubySMB::Dcerpc::Ndr::NdrConfVarStringz do
@@ -1432,6 +1480,17 @@ RSpec.describe RubySMB::Dcerpc::Ndr::NdrConfVarStringz do
     }
     let(:value) { 'ABCD' }
   end
+  context 'with an empty string' do
+    it_behaves_like 'a NDR String', conformant: true, char_size: 1, null_terminated: true do
+      let(:binary_stream) {
+        "\x01\x00\x00\x00"\
+        "\x00\x00\x00\x00"\
+        "\x01\x00\x00\x00"\
+        "\x00".b
+      }
+      let(:value) { '' }
+    end
+  end
 end
 
 RSpec.describe RubySMB::Dcerpc::Ndr::NdrConfVarWideString do
@@ -1448,6 +1507,16 @@ RSpec.describe RubySMB::Dcerpc::Ndr::NdrConfVarWideString do
     }
     let(:value) { 'ABCD'.encode('utf-16le') }
   end
+  context 'with an empty string' do
+    it_behaves_like 'a NDR String', conformant: true, char_size: 2, null_terminated: false do
+      let(:binary_stream) {
+        "\x00\x00\x00\x00"\
+        "\x00\x00\x00\x00"\
+        "\x00\x00\x00\x00".b
+      }
+      let(:value) { '' }
+    end
+  end
 end
 
 RSpec.describe RubySMB::Dcerpc::Ndr::NdrConfVarWideStringz do
@@ -1464,6 +1533,17 @@ RSpec.describe RubySMB::Dcerpc::Ndr::NdrConfVarWideStringz do
     }
     let(:value) { 'ABCD'.encode('utf-16le') }
   end
+  context 'with an empty string' do
+    it_behaves_like 'a NDR String', conformant: true, char_size: 1, null_terminated: true do
+      let(:binary_stream) {
+        "\x01\x00\x00\x00"\
+        "\x00\x00\x00\x00"\
+        "\x01\x00\x00\x00"\
+        "\x00\x00".b
+      }
+      let(:value) { '' }
+    end
+  end
 end