ruby_smb 3.3.8 → 3.3.10

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 25bedacb57d3950d1ee6f3bbf731007c4e1f0bd2b8e3f38582679a5cd867793f
-  data.tar.gz: 1369c85136ad8336371ee55c1f8d90f0e85001b2c0d9e01e46b87e9b382ded16
+  metadata.gz: 07f6abd7129c406c8b1c008c686eef226b8fa385fa06be6eec900b95b4f97a32
+  data.tar.gz: 4ddc7ee9c516a1649faa15ad4316e36149aa4304c4dc176dfd5234f46f9218be
 SHA512:
-  metadata.gz: 66d3566b68b64d0dc2ff8f58b373d8b6026b4980fcccb4b24c6263f59376373dadbc0b52c531ba5c212b255937d34dd281ce827eec111d0e7ef0b1a6dd5973f1
-  data.tar.gz: 8cee7210c06f8e603342b69706c2779f3e9fef2d46146505154b00bc91d6cc7dbad37735e5e6ae4ac6fac256b0ba6eaf3dda15185c161e992a12bab3b3a91bb1
+  metadata.gz: e948d03583b517435a912b4ea07086ee0bff1fc07c0f65f0ea89e51ec10ee4ab2074d33a82c4f774656909c938331a7080fb521e5e65989bb301e10cd80d1bf5
+  data.tar.gz: 2f964acae7e74b25cb49e3d47ea125d4f4669f3f8868b9e895bb2f63be9e465e3fc1021e6695a1b837616a0f92419708ff4af6cb894b630d0b6292c95e3b4599

checksums.yaml.gz.sig

@@ -1,3 +1,2 @@
-�vn9�x��=4�"s�C���[+Z)m�{��G�nv���M58Ӽ���E$�N�F��#2�Ζ���&�~�*�3=��Ԣ�.{j�%η0(NI��;�������oSx�=��#Egl�􏒅bDۺ�u�\9��ËOTH;Ua��Z���)�N"[t.�!t�?�'���#[�mo��!����jK�����v�N����K�lj�m��C�;�)ɼ~�S�
-�)Co8���D:�v"�f~�����+|��W�tȔF�1�g�s�l�4��&N��S�4�߿.P%"L�
⠺���
-ގ�?�jU"#8<�.��N����orp΄�s�Su��+�-I_>�3�j9*!��Ґ��^�o�C&���ȇ1q�t��6
+g;j̢����2�Dy�o��@}A�!��Y�,Y��R�J��㮿�W�;6)�/�t��z}���$L�"�9�I&�V@�#8��5<�-6�b����"�ڟ��X&��,vATܰt�[��x�'\?�1�� ��k�%��c��'(�3���u�l𥧥������P��P�K�����(��uJ�U዗�'>xt��cVD�v�$��R��l�3��X��2�=@�5GOT8�{U�;�P����9ܨoZɀ��"��>5�ӫ.������:垍?ί\�(x��Aj*�ۣ�1�a�H7�!Q��%�Ǘ����.�:[��4V�Tu�%p�6‰:��{�Kc�?x� Z�II�{��
+��Z���^w�VMo�����

data/lib/ruby_smb/dcerpc/netlogon/domain_controller_infow.rb

@@ -0,0 +1,28 @@
+require 'ruby_smb/dcerpc/ndr'
+
+module RubySMB
+  module Dcerpc
+    module Netlogon
+
+      # [2.2.1.2.1 DOMAIN_CONTROLLER_INFOW](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/9b85a7a4-8d34-4b9e-9500-bf8644ebfc06)
+      class DomainControllerInfoW < Ndr::NdrStruct
+        default_parameters byte_align: 4
+        endian :little
+
+        ndr_wide_stringz_ptr :domain_controller_name
+        ndr_wide_stringz_ptr :domain_controller_address
+        ndr_uint32           :domain_controller_address_type
+        uuid                 :domain_guid
+        ndr_wide_stringz_ptr :domain_name
+        ndr_wide_stringz_ptr :dns_forest_name
+        ndr_uint32           :flags
+        ndr_wide_stringz_ptr :dc_site_name
+        ndr_wide_stringz_ptr :client_site_name
+      end
+
+      class DomainControllerInfoWPtr < DomainControllerInfoW
+        extend Ndr::PointerClassPlugin
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_request.rb

@@ -0,0 +1,28 @@
+require 'ruby_smb/dcerpc/ndr'
+
+module RubySMB
+  module Dcerpc
+    module Netlogon
+
+      # [3.5.4.3.1 DsrGetDcNameEx2 (Opnum 34)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/fb8e1146-a045-4c31-98d1-c68507ad5620)
+      class DsrGetDcNameEx2Request < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        logonsrv_handle       :computer_name
+        ndr_wide_stringz_ptr  :account_name
+        ndr_uint32            :allowable_account_control_bits
+        ndr_wide_stringz_ptr  :domain_name
+        uuid_ptr              :domain_guid
+        ndr_wide_stringz_ptr  :site_name
+        ndr_uint32            :flags
+
+        def initialize_instance
+          super
+          @opnum = DSR_GET_DC_NAME_EX2
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_response.rb

@@ -0,0 +1,24 @@
+require 'ruby_smb/dcerpc/ndr'
+require 'ruby_smb/dcerpc/netlogon/domain_controller_infow'
+
+module RubySMB
+  module Dcerpc
+    module Netlogon
+
+      # [3.5.4.3.1 DsrGetDcNameEx2 (Opnum 34)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/fb8e1146-a045-4c31-98d1-c68507ad5620)
+      class DsrGetDcNameEx2Response < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        domain_controller_info_w_ptr  :domain_controller_info
+        ndr_uint32                    :error_status
+
+        def initialize_instance
+          super
+          @opnum = DSR_GET_DC_NAME_EX2
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/netlogon.rb

@@ -11,6 +11,7 @@ module RubySMB
       NETR_SERVER_REQ_CHALLENGE = 4
       NETR_SERVER_AUTHENTICATE3 = 26
       NETR_SERVER_PASSWORD_SET2 = 30
+      DSR_GET_DC_NAME_EX2 = 34
 
       # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/3b224201-b531-43e2-8c79-b61f6dea8640
       class LogonsrvHandle < Ndr::NdrWideStringzPtr; end
@@ -65,6 +66,8 @@ module RubySMB
       require 'ruby_smb/dcerpc/netlogon/netr_server_password_set2_response'
       require 'ruby_smb/dcerpc/netlogon/netr_server_req_challenge_request'
       require 'ruby_smb/dcerpc/netlogon/netr_server_req_challenge_response'
+      require 'ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_request'
+      require 'ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_response'
 
       # Calculate the netlogon session key from the provided shared secret and
       # challenges. The shared secret is an NTLM hash.

data/lib/ruby_smb/dcerpc/request.rb

@@ -80,7 +80,8 @@ module RubySMB
           string                                       :default
         end
         choice 'Wkssvc', selection: -> { opnum } do
-          netr_wksta_get_info_request Wkssvc::NETR_WKSTA_GET_INFO
+          netr_wksta_get_info_request  Wkssvc::NETR_WKSTA_GET_INFO
+          netr_wksta_user_enum_request Wkssvc::NETR_WKSTA_USER_ENUM
           string                      :default
         end
         choice 'Epm', selection: -> { opnum } do

data/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_get_info_request.rb

@@ -2,9 +2,6 @@ module RubySMB
   module Dcerpc
     module Wkssvc
 
-      # [2.2.2.1 WKSSVC_IDENTIFY_HANDLE](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-wkst/9ef94a11-0e5c-49d7-9ac7-68d6f03565de)
-      class WkssvcIdentifyHandle < Ndr::NdrWideStringPtr; end
-
       # [3.2.4.1 NetrWkstaGetInfo (Opnum 0)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-wkst/4af41d6f-b800-4de1-af5b-0b15a85f8e04)
       class NetrWkstaGetInfoRequest < BinData::Record
         attr_reader :opnum

data/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_user_enum_request.rb

@@ -0,0 +1,25 @@
+module RubySMB
+  module Dcerpc
+    module Wkssvc
+
+      # [3.2.4.3 NetrWkstaUserEnum (Opnum 2)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-wkst/4af41d6f-b800-4de1-af5b-0b15a85f8e04)
+      class NetrWkstaUserEnumRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        wkssvc_identify_handle       :server_name
+        wksta_user_enum_structure    :user_info
+        ndr_uint32                   :preferred_max_length, initial_value: 0xFFFFFFFF
+        ndr_uint32_ptr               :result_handle, initial_value: 0
+
+        def initialize_instance
+          super
+          @opnum = NETR_WKSTA_USER_ENUM
+        end
+      end
+
+    end
+  end
+end
+

data/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_user_enum_response.rb

@@ -0,0 +1,25 @@
+module RubySMB
+  module Dcerpc
+    module Wkssvc
+
+      # [3.2.4.3 NetrWkstaUserEnum (Opnum 2)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-wkst/4af41d6f-b800-4de1-af5b-0b15a85f8e04)
+      class NetrWkstaUserEnumResponse < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        wksta_user_enum_structure    :user_info
+        ndr_uint32_ptr               :total_entries
+        ndr_uint32_ptr               :result_handle
+        ndr_uint32                   :error_status
+
+        def initialize_instance
+          super
+          @opnum = NETR_WKSTA_USER_ENUM
+        end
+      end
+
+    end
+  end
+end
+

data/lib/ruby_smb/dcerpc/wkssvc.rb

@@ -7,7 +7,8 @@ module RubySMB
       VER_MINOR = 0
 
       # Operation numbers
-      NETR_WKSTA_GET_INFO = 0x0000
+      NETR_WKSTA_GET_INFO  = 0x0000
+      NETR_WKSTA_USER_ENUM = 0x0002
 
       PLATFORM_ID = {
         0x0000012C => "DOS",
@@ -23,9 +24,85 @@ module RubySMB
       WKSTA_INFO_102 = 0x00000066
       #TODO: WKSTA_INFO_502 = 0x000001F6
 
+      # User Enum Information Level
+      WKSTA_USER_INFO_0 = 0x00000000
+      WKSTA_USER_INFO_1 = 0x00000001
+
+      # [2.2.2.1 WKSSVC_IDENTIFY_HANDLE](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-wkst/9ef94a11-0e5c-49d7-9ac7-68d6f03565de)
+      class WkssvcIdentifyHandle < Ndr::NdrWideStringzPtr; end
+
+      # [2.2.5.9 WKSTA_USER_INFO_0](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-wkst/b7c53c6f-8b92-4e5d-9a2e-6462cb4ef1ac)
+      class WkstaUserInfo0 < Ndr::NdrStruct
+        default_parameter byte_align: 4
+        endian :little
+
+        ndr_wide_stringz_ptr :wkui0_username
+      end
+
+      class WkstaUserInfo0ArrayPtr < Ndr::NdrConfArray
+        default_parameter type: :wksta_user_info0
+        extend Ndr::PointerClassPlugin
+      end
+
+      # [2.2.5.12 WKSTA_USER_INFO_0_CONTAINER](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-wkst/0b0cff8f-09bc-43a8-b0d3-88f0bf7e3664)
+      class WkstaUserInfo0Container < Ndr::NdrStruct
+        default_parameter byte_align: 4
+        endian :little
+
+        ndr_uint32                 :wkui0_entries_read
+        wksta_user_info0_array_ptr :wkui0_buffer
+      end
+
+      class PwkstaUserInfo0Container < WkstaUserInfo0Container
+        extend Ndr::PointerClassPlugin
+      end
+
+      # [2.2.5.10 WKSTA_USER_INFO_1](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-wkst/c37b9606-866f-40ac-9490-57b8334968e2)
+      class WkstaUserInfo1 < Ndr::NdrStruct
+        default_parameter byte_align: 4
+        endian :little
+
+        ndr_wide_stringz_ptr :wkui1_username
+        ndr_wide_stringz_ptr :wkui1_logon_domain
+        ndr_wide_stringz_ptr :wkui1_oth_domains
+        ndr_wide_stringz_ptr :wkui1_logon_server
+      end
+
+      class WkstaUserInfo1ArrayPtr < Ndr::NdrConfArray
+        default_parameter type: :wksta_user_info1
+        extend Ndr::PointerClassPlugin
+      end
+
+      # [2.2.5.13 WKSTA_USER_INFO_1_CONTAINER](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-wkst/22a813e4-fc7d-4fe3-a6d6-78debfd2c0c9)
+      class WkstaUserInfo1Container < Ndr::NdrStruct
+        default_parameter byte_align: 4
+        endian :little
+
+        ndr_uint32                 :wkui1_entries_read
+        wksta_user_info1_array_ptr :wkui1_buffer
+      end
+
+      class PwkstaUserInfo1Container < WkstaUserInfo1Container
+        extend Ndr::PointerClassPlugin
+      end
+
+      # [2.2.5.14 WKSTA_USER_ENUM_STRUCT](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-wkst/4041455a-52be-4389-a4fc-82fea3cb3160)
+      class WkstaUserEnumStructure < Ndr::NdrStruct
+        default_parameter byte_align: 4
+        endian :little
+
+        ndr_uint32 :level
+        ndr_uint32 :tag, value: -> { self.level }
+        choice     :info, selection: :level, byte_align: 4 do
+          pwksta_user_info0_container WKSTA_USER_INFO_0
+          pwksta_user_info1_container WKSTA_USER_INFO_1
+        end
+      end
 
       require 'ruby_smb/dcerpc/wkssvc/netr_wksta_get_info_request'
       require 'ruby_smb/dcerpc/wkssvc/netr_wksta_get_info_response'
+      require 'ruby_smb/dcerpc/wkssvc/netr_wksta_user_enum_request'
+      require 'ruby_smb/dcerpc/wkssvc/netr_wksta_user_enum_response'
 
       # Returns details about a computer environment, including
       # platform-specific information, the names of the domain and local
@@ -33,14 +110,14 @@ module RubySMB
       #
       # @param server_name [optional, String] String that identifies the server (optional
       #   since it is ignored by the server)
-      # @param server_name [optional, Integer] The information level of the data (default: WKSTA_INFO_100)
+      # @param level [optional, Integer] The information level of the data (default: WKSTA_INFO_100)
       # @return [RubySMB::Dcerpc::Wkssvc::WkstaInfo100, RubySMB::Dcerpc::Wkssvc::WkstaInfo101,
       #   RubySMB::Dcerpc::Wkssvc::WkstaInfo102] The structure containing the requested information
       # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a
       #   NetrWkstaGetInfoResponse packet
       # @raise [RubySMB::Dcerpc::Error::WkssvcError] if the response error status
       #   is not STATUS_SUCCESS
-      def netr_wksta_get_info(server_name: "\x00", level: WKSTA_INFO_100)
+      def netr_wksta_get_info(server_name: '', level: WKSTA_INFO_100)
         wkst_netr_wksta_get_info_request = NetrWkstaGetInfoRequest.new(
           server_name: server_name,
           level: level
@@ -59,6 +136,44 @@ module RubySMB
         wkst_netr_wksta_get_info_response.wksta_info.info
       end
 
+      # Returns details about users who are currently active on a remote computer.
+      #
+      # @param server_name [optional, String] String that identifies the server (optional
+      #   since it is ignored by the server)
+      # @param level [optional, Integer] The information level of the data (default: WKSTA_USER_INFO_0)
+      # @return [RubySMB::Dcerpc::Wkssvc::WkstaUserInfo0, RubySMB::Dcerpc::Wkssvc::WkstaUserInfo1]
+      # The structure containing the requested information
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a
+      #   NetrWkstaGetInfoResponse packet
+      # @raise [RubySMB::Dcerpc::Error::WkssvcError] if the response error status
+      #   is not STATUS_SUCCESS
+      def netr_wksta_user_enum(server_name: '', level: WKSTA_USER_INFO_0)
+        wkst_netr_wksta_enum_user_request = NetrWkstaUserEnumRequest.new(
+          server_name: server_name,
+          user_info: {
+            level: level,
+            tag: level,
+            info: {
+              wkui0_entries_read: 0,
+            },
+          },
+          preferred_max_length: 0xFFFFFFFF,
+          result_handle: 0
+        )
+        response = dcerpc_request(wkst_netr_wksta_enum_user_request)
+        begin
+          wkst_netr_wksta_enum_user_response = NetrWkstaUserEnumResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading WkstNetrWkstaUserEnumResponse'
+        end
+        unless wkst_netr_wksta_enum_user_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
+          raise RubySMB::Dcerpc::Error::WkssvcError,
+            "Error returned with netr_wksta_enum_user: #{wkst_netr_wksta_enum_user_response.error_status.value} - "\
+            "#{WindowsError::NTStatus.find_by_retval(wkst_netr_wksta_enum_user_response.error_status.value).join(',')}"
+        end
+        wkst_netr_wksta_enum_user_response.user_info.info
+      end
+
     end
   end
 end

data/lib/ruby_smb/gss/provider/ntlm.rb

@@ -155,9 +155,9 @@ module RubySMB
               their_blob = type3_msg.ntlm_response[digest.digest_length..-1]
 
               ntlmv2_hash = Net::NTLM.ntlmv2_hash(
-                RubySMB::Utils.safe_encode(account.username, 'UTF-16LE'),
-                RubySMB::Utils.safe_encode(account.password, 'UTF-16LE'),
-                RubySMB::Utils.safe_encode(type3_msg.domain, 'UTF-16LE'),  # don't use the account domain because of the special '.' value
+                Net::NTLM::EncodeUtil.encode_utf16le(account.username),
+                Net::NTLM::EncodeUtil.encode_utf16le(account.password),
+                type3_msg.domain.force_encoding('ASCII-8BIT'),  # don't use the account domain because of the special '.' value
                 {client_challenge: their_blob[16...24], unicode: true}
               )
 

data/lib/ruby_smb/version.rb

@@ -1,3 +1,3 @@
 module RubySMB
-  VERSION = '3.3.8'.freeze
+  VERSION = '3.3.10'.freeze
 end

data/spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_get_info_request_spec.rb

@@ -1,11 +1,3 @@
-RSpec.describe RubySMB::Dcerpc::Wkssvc::WkssvcIdentifyHandle do
-  subject(:packet) { described_class.new }
-
-  it 'is a Ndr::NdrWideStringPtr' do
-    expect(packet).to be_a(RubySMB::Dcerpc::Ndr::NdrWideStringPtr)
-  end
-end
-
 RSpec.describe RubySMB::Dcerpc::Wkssvc::NetrWkstaGetInfoRequest do
   subject(:packet) { described_class.new }
 

data/spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_get_info_response_spec.rb

@@ -305,7 +305,7 @@ RSpec.describe RubySMB::Dcerpc::Wkssvc::LpwkstaInfo do
   it 'is little endian' do
     expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
   end
-  it 'it is a Ndr::NdrStruct' do
+  it 'is a Ndr::NdrStruct' do
     expect(described_class).to be < RubySMB::Dcerpc::Ndr::NdrStruct
   end
   describe '#level' do

data/spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_identity_handle.rb

@@ -0,0 +1,7 @@
+RSpec.describe RubySMB::Dcerpc::Wkssvc::WkssvcIdentifyHandle do
+  subject(:packet) { described_class.new }
+
+  it 'is a Ndr::NdrWideStringPtr' do
+    expect(packet).to be_a(RubySMB::Dcerpc::Ndr::NdrWideStringPtr)
+  end
+end

data/spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_user_enum_request_spec.rb

@@ -0,0 +1,71 @@
+RSpec.describe RubySMB::Dcerpc::Wkssvc::NetrWkstaUserEnumRequest do
+  subject(:packet) { described_class.new }
+
+  def random_str(nb = 8)
+    nb.times.map { rand('a'.ord..'z'.ord).chr }.join
+  end
+
+  it { is_expected.to respond_to :server_name }
+  it { is_expected.to respond_to :user_info }
+  it { is_expected.to respond_to :preferred_max_length }
+  it { is_expected.to respond_to :result_handle }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  it 'is a BinData::Record' do
+    expect(packet).to be_a(BinData::Record)
+  end
+  describe '#server_name' do
+    it 'is a WkssvcIdentifyHandle structure' do
+      expect(packet.server_name).to be_a RubySMB::Dcerpc::Wkssvc::WkssvcIdentifyHandle
+    end
+  end
+  describe '#user_info' do
+    it 'is a WkstaUserEnumStructure structure' do
+      expect(packet.user_info).to be_a RubySMB::Dcerpc::Wkssvc::WkstaUserEnumStructure
+    end
+  end
+  describe '#preferred_max_length' do
+    it 'is a NdrUint32 structure' do
+      expect(packet.preferred_max_length).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+
+    it 'has a default value of 0xFFFFFFFF' do
+      expect(packet.preferred_max_length).to eq(0xFFFFFFFF)
+    end
+  end
+  describe '#result_handle' do
+    it 'is a NdrUint32Ptr structure' do
+      expect(packet.result_handle).to be_a RubySMB::Dcerpc::Ndr::NdrUint32Ptr
+    end
+
+    it 'has a default value of 0' do
+      expect(packet.result_handle).to eq(0)
+    end
+  end
+  describe '#initialize_instance' do
+    it 'sets #opnum to NETR_WKSTA_USER_ENUM constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Wkssvc::NETR_WKSTA_USER_ENUM)
+    end
+  end
+  it 'reads itself' do
+    packet = described_class.new(
+      server_name: 'TestServer',
+      user_info: {
+        level: RubySMB::Dcerpc::Wkssvc::WKSTA_USER_INFO_0,
+        info: {
+          wkui0_entries_read: 1,
+          wkui0_buffer: [{
+            wkui0_username: random_str
+          }],
+        },
+      },
+      preferred_max_length: 0xFFFFFFFF,
+      result_handle: 0
+    )
+    binary = packet.to_binary_s
+    expect(described_class.read(binary)).to eq(packet)
+  end
+end

data/spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_user_enum_response_spec.rb

@@ -0,0 +1,65 @@
+RSpec.describe RubySMB::Dcerpc::Wkssvc::NetrWkstaUserEnumResponse do
+  subject(:packet) { described_class.new }
+
+  def random_str(nb = 8)
+    nb.times.map { rand('a'.ord..'z'.ord).chr }.join
+  end
+
+  it { is_expected.to respond_to :user_info }
+  it { is_expected.to respond_to :total_entries }
+  it { is_expected.to respond_to :result_handle }
+  it { is_expected.to respond_to :error_status }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  it 'is a BinData::Record' do
+    expect(packet).to be_a(BinData::Record)
+  end
+  describe '#user_info' do
+    it 'is a WkstaUserEnumStructure structure' do
+      expect(packet.user_info).to be_a RubySMB::Dcerpc::Wkssvc::WkstaUserEnumStructure
+    end
+  end
+  describe '#total_entries' do
+    it 'is a NdrUint32Ptr structure' do
+      expect(packet.total_entries).to be_a RubySMB::Dcerpc::Ndr::NdrUint32Ptr
+    end
+  end
+  describe '#result_handle' do
+    it 'is a NdrUint32Ptr structure' do
+      expect(packet.result_handle).to be_a RubySMB::Dcerpc::Ndr::NdrUint32Ptr
+    end
+  end
+  describe '#error_status' do
+    it 'is a NdrUint32 structure' do
+      expect(packet.error_status).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+  describe '#initialize_instance' do
+    it 'sets #opnum to NETR_WKSTA_USER_ENUM constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Wkssvc::NETR_WKSTA_USER_ENUM)
+    end
+  end
+  it 'reads itself' do
+    packet = described_class.new(
+      user_info: {
+        level: RubySMB::Dcerpc::Wkssvc::WKSTA_USER_INFO_1,
+        info: {
+          wkui1_entries_read: 1,
+          wkui1_buffer: [{
+            wkui1_username: random_str,
+            wkui1_logon_domain: random_str,
+            wkui1_oth_domains: random_str,
+            wkui1_logon_server: random_str
+          }],
+        },
+      },
+      total_entries: 1,
+      result_handle: 0,
+      error_status: 0
+    )
+    binary = packet.to_binary_s
+    expect(described_class.read(binary)).to eq(packet)
+  end
+end

data/spec/lib/ruby_smb/dcerpc/wkssvc_spec.rb

@@ -1,3 +1,11 @@
+RSpec.describe RubySMB::Dcerpc::Wkssvc::WkssvcIdentifyHandle do
+  subject(:packet) { described_class.new }
+
+  it 'is a Ndr::NdrWideStringzPtr' do
+    expect(packet).to be_a(RubySMB::Dcerpc::Ndr::NdrWideStringzPtr)
+  end
+end
+
 RSpec.describe RubySMB::Dcerpc::Wkssvc do
   let(:wkssvc) do
     RubySMB::SMB1::Pipe.new(
@@ -23,7 +31,7 @@ RSpec.describe RubySMB::Dcerpc::Wkssvc do
     it 'sets the request with the expected values' do
       wkssvc.netr_wksta_get_info
       expect(described_class::NetrWkstaGetInfoRequest).to have_received(:new).with(
-        server_name: "\x00",
+        server_name: '',
         level: described_class::WKSTA_INFO_100
       )
     end
@@ -67,4 +75,53 @@ RSpec.describe RubySMB::Dcerpc::Wkssvc do
       end
     end
   end
+
+  describe '#netr_wksta_user_enum' do
+    let(:wkst_netr_wksta_user_enum_request) { double('NetrWkstaUserEnumRequest') }
+    let(:response) { double('Response') }
+    let(:wkst_netr_wksta_user_enum_response) { double('NetrWkstaUserEnumResponse') }
+    let(:info) { double('info') }
+    before :example do
+      allow(described_class::NetrWkstaUserEnumRequest).to receive(:new).and_return(wkst_netr_wksta_user_enum_request)
+      allow(wkssvc).to receive(:dcerpc_request).and_return(response)
+      allow(described_class::NetrWkstaUserEnumResponse).to receive(:read).and_return(wkst_netr_wksta_user_enum_response)
+      allow(wkst_netr_wksta_user_enum_response).to receive(:error_status).and_return(WindowsError::Win32::ERROR_SUCCESS)
+      allow(wkst_netr_wksta_user_enum_response).to receive_message_chain(:user_info, :info => info)
+    end
+
+    it 'sets the request with the expected values' do
+      wkssvc.netr_wksta_user_enum
+      expect(described_class::NetrWkstaUserEnumRequest).to have_received(:new).with(
+        server_name: '',
+        user_info: {
+          level: described_class::WKSTA_USER_INFO_0,
+          tag: described_class::WKSTA_USER_INFO_0,
+          info: {
+            wkui0_entries_read: 0,
+          },
+        },
+        preferred_max_length: 0xFFFFFFFF,
+        result_handle: 0
+      )
+    end
+    it 'send the expected request structure' do
+      wkssvc.netr_wksta_user_enum
+      expect(wkssvc).to have_received(:dcerpc_request).with(wkst_netr_wksta_user_enum_request)
+    end
+    context 'when an IOError occurs while parsing the response' do
+      it 'raises a RubySMB::Dcerpc::Error::InvalidPacket' do
+        allow(described_class::NetrWkstaUserEnumResponse).to receive(:read).and_raise(IOError)
+        expect { wkssvc.netr_wksta_user_enum }.to raise_error(RubySMB::Dcerpc::Error::InvalidPacket)
+      end
+    end
+    context 'when the response error status is not WindowsError::Win32::ERROR_SUCCESS' do
+      it 'raises a RubySMB::Dcerpc::Error::WinregError' do
+        allow(wkst_netr_wksta_user_enum_response).to receive(:error_status).and_return(WindowsError::Win32::ERROR_INVALID_DATA)
+        expect { wkssvc.netr_wksta_user_enum }.to raise_error(RubySMB::Dcerpc::Error::WkssvcError)
+      end
+    end
+    it 'returns the expected handler' do
+      expect(wkssvc.netr_wksta_user_enum).to eq(info)
+    end
+  end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ruby_smb
 version: !ruby/object:Gem::Version
-  version: 3.3.8
+  version: 3.3.10
 platform: ruby
 authors:
 - Metasploit Hackers
@@ -38,7 +38,7 @@ cert_chain:
   DgscAao7wB3xW2BWEp1KnaDWkf1x9ttgoBEYyuYwU7uatB67kBQG1PKvLt79wHvz
   Dxs+KOjGbBRfMnPgVGYkORKVrZIwlaboHbDKxcVW5xv+oZc7KYXWGg==
   -----END CERTIFICATE-----
-date: 2024-05-16 00:00:00.000000000 Z
+date: 2024-09-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: redcarpet
@@ -295,6 +295,9 @@ files:
 - lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_response.rb
 - lib/ruby_smb/dcerpc/ndr.rb
 - lib/ruby_smb/dcerpc/netlogon.rb
+- lib/ruby_smb/dcerpc/netlogon/domain_controller_infow.rb
+- lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_request.rb
+- lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_response.rb
 - lib/ruby_smb/dcerpc/netlogon/netr_server_authenticate3_request.rb
 - lib/ruby_smb/dcerpc/netlogon/netr_server_authenticate3_response.rb
 - lib/ruby_smb/dcerpc/netlogon/netr_server_password_set2_request.rb
@@ -406,6 +409,8 @@ files:
 - lib/ruby_smb/dcerpc/wkssvc.rb
 - lib/ruby_smb/dcerpc/wkssvc/netr_wksta_get_info_request.rb
 - lib/ruby_smb/dcerpc/wkssvc/netr_wksta_get_info_response.rb
+- lib/ruby_smb/dcerpc/wkssvc/netr_wksta_user_enum_request.rb
+- lib/ruby_smb/dcerpc/wkssvc/netr_wksta_user_enum_response.rb
 - lib/ruby_smb/dialect.rb
 - lib/ruby_smb/dispatcher.rb
 - lib/ruby_smb/dispatcher/base.rb
@@ -776,6 +781,9 @@ files:
 - spec/lib/ruby_smb/dcerpc/winreg_spec.rb
 - spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_get_info_request_spec.rb
 - spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_get_info_response_spec.rb
+- spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_identity_handle.rb
+- spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_user_enum_request_spec.rb
+- spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_user_enum_response_spec.rb
 - spec/lib/ruby_smb/dcerpc/wkssvc_spec.rb
 - spec/lib/ruby_smb/dcerpc_spec.rb
 - spec/lib/ruby_smb/dispatcher/base_spec.rb
@@ -1117,6 +1125,9 @@ test_files:
 - spec/lib/ruby_smb/dcerpc/winreg_spec.rb
 - spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_get_info_request_spec.rb
 - spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_get_info_response_spec.rb
+- spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_identity_handle.rb
+- spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_user_enum_request_spec.rb
+- spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_user_enum_response_spec.rb
 - spec/lib/ruby_smb/dcerpc/wkssvc_spec.rb
 - spec/lib/ruby_smb/dcerpc_spec.rb
 - spec/lib/ruby_smb/dispatcher/base_spec.rb