ruby_smb 0.0.21 → 0.0.22

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 816022485d644911d10d8001578a7eb49206edc3
-  data.tar.gz: bcf4688f01257ffd062adbd8fa2cb94843365687
+  metadata.gz: d4cb624aedd613aa9611d226c2b8c65016407191
+  data.tar.gz: 8e5ccd06364177fb5250ecb18d54b3e10c8f860b
 SHA512:
-  metadata.gz: b53ba46aac705524d9c60b27b4c02f9dc9be9f58c5b516596b05780c962eb527f57a5537bcc17882c016d3e63baff4ea4357360faa7fb7c8004687a4d3fc8e16
-  data.tar.gz: e442a5af8c2e22740f2d1f137677b55953548d30b86d4a32895cb600833c4624ec2895056610e3f3a9f0fa1afae6799907ba98b2d4c168f6b2e6c8cb20239848
+  metadata.gz: 54aa6c64d27071a61c523a9e78e4cf041b9d562b6337f04e7249e6cd13c756dbc2469dfc6dc0fc637d9f71dad83c4c36bcbb422c9c3065790b67ace8e8233384
+  data.tar.gz: 253fc4162a39697d3ffd237d6e4a33b222573df2195973c5c2f5fa3f602a3ee3f98ee20e32dbaa28424ddd923336b3ad37c196888f3b97eaecd36af6ce650e10

data/examples/net_share_enum_all.rb

@@ -16,7 +16,7 @@ path     = "\\\\#{address}\\IPC$"
 sock = TCPSocket.new address, 445
 dispatcher = RubySMB::Dispatcher::Socket.new(sock, read_timeout: 60)
 
-client = RubySMB::Client.new(dispatcher, smb1: false, smb2: true, username: username, password: password)
+client = RubySMB::Client.new(dispatcher, smb1: true, smb2: true, username: username, password: password)
 protocol = client.negotiate
 status = client.authenticate
 
@@ -27,4 +27,7 @@ begin
   puts shares
 rescue => e
   puts "failed to enum shares: #{e.message}, #{e.backtrace_locations}"
-end
+end
+
+client.disconnect!
+

data/lib/ruby_smb.rb

@@ -8,6 +8,7 @@ require 'windows_error/nt_status'
 # [[MS-SMB] Server Mesage Block (SMB) Protocol Version 1](https://msdn.microsoft.com/en-us/library/cc246482.aspx)
 # [[MS-SMB2] Server Mesage Block (SMB) Protocol Versions 2 and 3](https://msdn.microsoft.com/en-us/library/cc246482.aspx)
 module RubySMB
+  require 'ruby_smb/error'
   require 'ruby_smb/dispositions'
   require 'ruby_smb/impersonation_levels'
   require 'ruby_smb/gss'
@@ -17,7 +18,6 @@ module RubySMB
   require 'ruby_smb/dcerpc'
   require 'ruby_smb/generic_packet'
   require 'ruby_smb/dispatcher'
-  require 'ruby_smb/error'
   require 'ruby_smb/version'
   require 'ruby_smb/version'
   require 'ruby_smb/smb2'

data/lib/ruby_smb/client.rb

@@ -357,41 +357,9 @@ module RubySMB
     # @return [Array] of shares
     # @param [String] host
     def net_share_enum_all(host)
-      if smb2
-        smb2_net_share_enum_all(host)
-      else
-        smb1_net_share_enum_all(host)
-      end
-    end
-
-    #
-    # SMB2 Methods
-    #
-
-    # Sends a request to connect to a remote host and returns the Array
-    # of shares
-    #
-    # @return [Array] List of shares
-    # @param [String] host
-    def smb2_net_share_enum_all(host)
-
       tree = tree_connect("\\\\#{host}\\IPC$")
-
-      named_pipe = tree.open_file(filename: "srvsvc",
-                                  write: true,
-                                  read: true,
-                                  disposition: RubySMB::Dispositions::FILE_OPEN_IF)
-
-      handle = Dcerpc::Handle.new(named_pipe)
-
-      handle.bind(endpoint: Dcerpc::Srvsvc)
-      handle.request(
-          opnum: Dcerpc::Srvsvc::NetShareEnumAll::Opnum,
-          stub: Dcerpc::Srvsvc::NetShareEnumAll,
-          options:{host: host}
-      )
-      shares = Dcerpc::Srvsvc::NetShareEnumAll.parse_response(handle.response)
-      shares.map{|s|{name: s[0], type: s[1], comment: s[2]}}
+      named_pipe = tree.open_file(filename: "srvsvc", write: true, read: true)
+      named_pipe.net_share_enum_all(host)
     end
 
     # Resets all of the session state on the client, setting it
@@ -420,7 +388,8 @@ module RubySMB
       session_request.session_header.session_packet_type = RubySMB::Nbss::SESSION_REQUEST
       session_request.called_name  = "\x20#{encoded_called_name}\x00"
       session_request.calling_name = "\x20#{encoded_calling_name}\x00"
-      session_request.session_header.packet_length = session_request.do_num_bytes - session_request.session_header.do_num_bytes
+      session_request.session_header.packet_length =
+        session_request.num_bytes - session_request.session_header.num_bytes
 
       dispatcher.send_packet(session_request, nbss_header: false)
       raw_response = dispatcher.recv_packet(full_response: true)

data/lib/ruby_smb/dcerpc.rb

@@ -1,30 +1,15 @@
 module RubySMB
-  # DCERPC PDU's
-  # http://pubs.opengroup.org/onlinepubs/9629399/
   module Dcerpc
-
-    class PduHeader < BinData::Record
-      endian :little
-
-      #common fields
-      uint8 :rpc_vers # 00:01 RPC version
-      uint8 :rpc_vers_minor # 01:01 minor version
-      uint8 :ptype # 02:01 request PDU
-      uint8 :pfc_flags # 03:01 flags
-
-      uint32 :packed_drep # 04:04 NDR data rep format label
-
-      uint16 :frag_length # 08:02 total length of fragment
-      uint16 :auth_length # 10:02 length of auth_value
-      uint32 :call_id # 12:04 call identifier
-    end
-
+    require 'ruby_smb/dcerpc/error'
     require 'ruby_smb/dcerpc/uuid'
     require 'ruby_smb/dcerpc/ndr'
+    require 'ruby_smb/dcerpc/ptypes'
+    require 'ruby_smb/dcerpc/p_syntax_id_t'
+    require 'ruby_smb/dcerpc/pdu_header'
+    require 'ruby_smb/dcerpc/srvsvc'
     require 'ruby_smb/dcerpc/request'
     require 'ruby_smb/dcerpc/response'
-    require 'ruby_smb/dcerpc/handle'
-    require 'ruby_smb/dcerpc/srvsvc'
     require 'ruby_smb/dcerpc/bind'
+    require 'ruby_smb/dcerpc/bind_ack'
   end
-end
+end

data/lib/ruby_smb/dcerpc/bind.rb

@@ -1,60 +1,54 @@
 module RubySMB
   module Dcerpc
-    # The FileDirectoryInformation Class as defined in
-    # http://pubs.opengroup.org/onlinepubs/9629399/chap12.htm
-
+    # The Bind PDU as defined in
+    # [The bind PDU](http://pubs.opengroup.org/onlinepubs/9629399/chap12.htm#tagcjh_17_06_04_03)
     class PContElemT < BinData::Record
       endian :little
 
-      uint16 :p_cont_id
-      uint8 :n_transfer_syn, initial_value: 1
+      uint16 :p_cont_id,     label: 'Context ID'
+      uint8 :n_transfer_syn, label: 'Number of transfer syntaxes', initial_value: 1
       uint8 :reserved
-      choice :abstract_syntax, selection: -> {endpoint} do
-        srv_svc_syntax Srvsvc
-      end
-      array :transfer_syntaxes, type: :ndr_syntax, initial_length: -> { n_transfer_syn }
+      p_syntax_id_t :abstract_syntax, label: 'Abstract syntax',
+        uuid: ->      { endpoint::UUID },
+        ver_major: -> { endpoint::VER_MAJOR },
+        ver_minor: -> { endpoint::VER_MINOR }
+      array :transfer_syntaxes, label: 'Transfer syntax', type: :p_syntax_id_t,
+        initial_length: -> { n_transfer_syn },
+        uuid: ->      { Ndr::UUID },
+        ver_major: -> { Ndr::VER_MAJOR },
+        ver_minor: -> { Ndr::VER_MINOR }
     end
 
     class PContListT < BinData::Record
       endian :little
 
-      uint8 :n_context_elem, initial_value: -> { 1 }
+      uint8 :n_context_elem, label: 'Number of context elements', initial_value: -> { 1 }
       uint8 :reserved
       uint16 :reserved2
-      array :p_cont_elem, type: :p_cont_elem_t, initial_length: -> {n_context_elem},
-                                                      endpoint: -> {endpoint}
+      array :p_cont_elem, label: 'Presentation context elements', type: :p_cont_elem_t,
+        initial_length: -> {n_context_elem},
+        endpoint: -> {endpoint}
     end
 
     class Bind < BinData::Record
       endian :little
 
-      uint8 :rpc_vers, label: 'RPC version', initial_value: 5
-      uint8 :rpc_vers_minor, label: 'minor version'
-      uint8 :ptype, label: 'bind PDU', initial_value: 11
-      #uint8 :pfc_flags, label: 'flags', initial_value: 0x03
-      struct :pfc_flags do
-        bit1  :object
-        bit1  :maybe
-        bit1  :did_not_execute
-        bit1  :multiplex
-        bit1  :reserved
-        bit1  :cancel
-        bit1  :last_frag,  initial_value: 1
-        bit1  :first_frag, initial_value: 1
-      end
-
-      uint32 :packed_drep, label: 'NDR data rep format label', initial_value: 16
+      pdu_header :pdu_header,        label: 'PDU header'
 
-      uint16 :frag_length, label: 'total length of fragment', initial_value: 72
-      uint16 :auth_length, label: 'length of auth_value'
-      uint32 :call_id, label: 'call identifier', initial_value: 1
+      uint16 :max_xmit_frag,         label: 'max transmit frag size',    initial_value: 0xFFFF
+      uint16 :max_recv_frag,         label: 'max receive  frag size',    initial_value: 0xFFFF
+      uint32 :assoc_group_id,        label: 'ncarnation of client-server assoc group'
 
-      uint16 :max_xmit_frag, label: 'max transmit frag size', initial_value: 65535
-      uint16 :max_recv_frag, label: 'max receive  frag size', initial_value: 65535
-      uint32 :assoc_group_id, label: 'ncarnation of client-server assoc group'
+      p_cont_list_t :p_context_list, label: 'Presentation context list', endpoint: -> { endpoint }
+      string :auth_verifier,         label: 'Authentication verifier',
+        onlyif: -> { pdu_header.auth_length > 0 },
+        read_length: -> { pdu_header.auth_length }
 
-      p_cont_list_t :p_context_elem, endpoint: -> { endpoint }
-      string :auth_verifier_co_t
+      def initialize_instance
+        super
+        pdu_header.ptype = RubySMB::Dcerpc::PTypes::BIND
+      end
     end
   end
 end
+

data/lib/ruby_smb/dcerpc/bind_ack.rb

@@ -0,0 +1,72 @@
+module RubySMB
+  module Dcerpc
+    # The Bind ACK PDU as defined in
+    # [The bind_ack PDU](http://pubs.opengroup.org/onlinepubs/9629399/chap12.htm#tagcjh_17_06_04_04)
+
+    class PResultT < BinData::Record
+      endian :little
+
+      uint16        :result,          label: 'Presentation context negotiation results'
+      uint16        :reason,          label: 'Rejection reason'
+      p_syntax_id_t :transfer_syntax, label: 'Presentation syntax ID',
+        uuid: ->      { Ndr::UUID },
+        ver_major: -> { Ndr::VER_MAJOR },
+        ver_minor: -> { Ndr::VER_MINOR }
+    end
+
+    class PResultListT < BinData::Record
+      endian :little
+
+      uint8  :n_results, label: 'Number of results'
+      uint8  :reserved
+      uint16 :reserved2
+      array  :p_results, label: 'Results', type: :p_result_t, initial_length: -> { n_results }
+    end
+
+    class PortAnyT < BinData::Record
+      endian :little
+
+      uint16  :str_length, label: 'Length', initial_value: -> { port_spec.to_binary_s.size }
+      stringz :port_spec,  label: 'Port string spec'
+    end
+
+    class BindAck < BinData::Record
+      # Presentation context negotiation results
+      ACCEPTANCE         = 0
+      USER_REJECTION     = 1
+      PROVIDER_REJECTION = 2
+
+      # Reasons for rejection of a context element
+      REASON_NOT_SPECIFIED                     = 0
+      ABSTRACT_SYNTAX_NOT_SUPPORTED            = 1
+      PROPOSED_TRANSFER_SYNTAXES_NOT_SUPPORTED = 2
+      LOCAL_LIMIT_EXCEEDED                     = 3
+
+      endian :little
+
+      pdu_header :pdu_header,         label: 'PDU header'
+
+      uint16     :max_xmit_frag,      label: 'Max transmit frag size',  initial_value: 0xFFFF
+      uint16     :max_recv_frag,      label: 'Max receive frag size',   initial_value: 0xFFFF
+      uint32     :assoc_group_id,     label: 'Association group ID'
+      port_any_t :sec_addr,           label: 'Secondary address'
+      string     :pad,                length: -> { pad_length }
+
+      p_result_list_t :p_result_list, label: 'Presentation context result list'
+      string :auth_verifier, label: 'Authentication verifier',
+        onlyif: -> { pdu_header.auth_length > 0 },
+        read_length: -> { pdu_header.auth_length }
+
+      def initialize_instance
+        super
+        pdu_header.ptype = RubySMB::Dcerpc::PTypes::BIND_ACK
+      end
+
+      def pad_length
+        offset = (sec_addr.abs_offset + sec_addr.do_num_bytes) % 4
+        (4 - offset) % 4
+      end
+    end
+  end
+end
+

data/lib/ruby_smb/dcerpc/error.rb

@@ -0,0 +1,15 @@
+module RubySMB
+  # Contains all the DCERPC specific Error classes.
+  module Dcerpc
+    module Error
+      # Base class for DCERPC errors
+      class DcerpcError < RubySMB::Error::RubySMBError; end
+
+      # Raised when The Bind operation fails
+      class BindError < DcerpcError; end
+
+      # Raised when an invalid packet is received
+      class InvalidPacket < DcerpcError; end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/ndr.rb

@@ -1,41 +1,42 @@
 module RubySMB
   module Dcerpc
-
-    class NdrSyntax < BinData::Record
-      endian :little
-      uuid   :if_uuid, initial_value: '8a885d04-1ceb-11c9-9fe8-08002b104860'
-      uint16 :if_ver, initial_value: 2
-      uint16 :if_ver_minor, initial_value: 0
-    end
-
-    class NdrString < BinData::Record
-      endian :little
-
-      uint32    :max_count, initial_value: -> { str.length }
-      uint32    :offset, initial_value: 0
-      uint32    :actual_count, initial_value: -> { str.length }
-      stringz16 :str, read_length: -> { actual_count }
-
-      def assign(v)
-        self.max_count = v.size
-        self.actual_count = v.size
-        self.str = v
+    module Ndr
+
+      # NDR Syntax
+      UUID = '8a885d04-1ceb-11c9-9fe8-08002b104860'
+      VER_MAJOR = 2
+      VER_MINOR = 0
+
+      class NdrString < BinData::Record
+        endian :little
+
+        uint32    :max_count, initial_value: -> { str.length }
+        uint32    :offset, initial_value: 0
+        uint32    :actual_count, initial_value: -> { str.length }
+        stringz16 :str, read_length: -> { actual_count }
+
+        def assign(v)
+          self.max_count = v.size
+          self.actual_count = v.size
+          self.str = v
+        end
       end
-    end
 
-    class NdrLpStr < BinData::Record
-      endian :little
+      class NdrLpStr < BinData::Record
+        endian :little
 
-      uint32     :referent_identifier
-      ndr_string :ndr_str
+        uint32     :referent_identifier
+        ndr_string :ndr_str
 
-      def assign(v)
-        self.ndr_str = v
-      end
+        def assign(v)
+          self.ndr_str = v
+        end
 
-      def to_s
-        self.ndr_str.str
+        def to_s
+          self.ndr_str.str
+        end
       end
     end
   end
+
 end

data/lib/ruby_smb/dcerpc/p_syntax_id_t.rb

@@ -0,0 +1,11 @@
+module RubySMB
+  module Dcerpc
+    class PSyntaxIdT < BinData::Record
+      endian :little
+
+      uuid   :if_uuid,      initial_value: -> { uuid }
+      uint16 :if_ver_major, initial_value: -> { ver_major }
+      uint16 :if_ver_minor, initial_value: -> { ver_minor }
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/pdu_header.rb

@@ -0,0 +1,29 @@
+module RubySMB
+  module Dcerpc
+    # The common header fields for connection-oriented PDU's as defined in
+    # [Connection-oriented PDU Data Types](http://pubs.opengroup.org/onlinepubs/9629399/chap12.htm#tagcjh_17_06_03)
+    class PDUHeader < BinData::Record
+      endian :little
+
+      uint8 :rpc_vers,       label: 'RPC version', initial_value: 5
+      uint8 :rpc_vers_minor, label: 'Minor version'
+      uint8 :ptype,          label: 'PDU type'
+
+      struct :pfc_flags do
+        bit1  :object_uuid,     label: 'Object UUID'
+        bit1  :maybe,           label: 'Maybe call semantics'
+        bit1  :did_not_execute, label: 'Did not execute'
+        bit1  :conc_mpx,        label: 'Concurrent multiplexing'
+        bit1  :reserved_1,      label: 'Reserved'
+        bit1  :pending_cancel,  label: 'Pending cancel'
+        bit1  :last_frag,       label: 'Last fragment',  initial_value: 1
+        bit1  :first_frag,      label: 'First fragment', initial_value: 1
+      end
+
+      uint32 :packed_drep, label: 'NDR data representation format label', initial_value: 0x10
+      uint16 :frag_length, label: 'Total length of fragment',             initial_value: -> { parent.do_num_bytes }
+      uint16 :auth_length, label: 'Length of auth_value'
+      uint32 :call_id,     label: 'Call identifier',                      initial_value: 1
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/ptypes.rb

@@ -0,0 +1,26 @@
+module RubySMB
+  module Dcerpc
+    module PTypes
+      REQUEST            = 0
+      PING               = 1
+      RESPONSE           = 2
+      FAULT              = 3
+      WORKING            = 4
+      NOCALL             = 5
+      REJECT             = 6
+      ACK                = 7
+      CL_CANCEL          = 8
+      FACK               = 9
+      CANCEL_ACK         = 10
+      BIND               = 11
+      BIND_ACK           = 12
+      BIND_NAK           = 13
+      ALTER_CONTEXT      = 14
+      ALTER_CONTEXT_RESP = 15
+      SHUTDOWN           = 17
+      CO_CANCEL          = 18
+      ORPHANED           = 19
+    end
+  end
+end
+