RubyGems - ruby_smb - Versions diffs - 1.1.0 → 2.0.0 - Mend

ruby_smb 1.1.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (65) hide show

checksums.yaml +5 -5
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +1 -4
data/.travis.yml +3 -5
data/Gemfile +6 -2
data/examples/negotiate.rb +51 -8
data/examples/read_file_encryption.rb +56 -0
data/lib/ruby_smb.rb +4 -0
data/lib/ruby_smb/client.rb +172 -16
data/lib/ruby_smb/client/authentication.rb +27 -8
data/lib/ruby_smb/client/encryption.rb +62 -0
data/lib/ruby_smb/client/negotiation.rb +133 -12
data/lib/ruby_smb/client/signing.rb +19 -0
data/lib/ruby_smb/client/tree_connect.rb +4 -4
data/lib/ruby_smb/client/utils.rb +8 -7
data/lib/ruby_smb/crypto.rb +30 -0
data/lib/ruby_smb/dispatcher/socket.rb +2 -2
data/lib/ruby_smb/error.rb +28 -1
data/lib/ruby_smb/smb1/commands.rb +1 -1
data/lib/ruby_smb/smb1/file.rb +4 -4
data/lib/ruby_smb/smb1/packet/session_setup_legacy_request.rb +1 -1
data/lib/ruby_smb/smb1/packet/session_setup_legacy_response.rb +2 -2
data/lib/ruby_smb/smb1/packet/session_setup_request.rb +1 -1
data/lib/ruby_smb/smb1/packet/session_setup_response.rb +2 -2
data/lib/ruby_smb/smb1/packet/write_andx_request.rb +1 -1
data/lib/ruby_smb/smb1/pipe.rb +2 -2
data/lib/ruby_smb/smb1/tree.rb +3 -3
data/lib/ruby_smb/smb2/bit_field/session_flags.rb +2 -1
data/lib/ruby_smb/smb2/bit_field/share_flags.rb +6 -4
data/lib/ruby_smb/smb2/file.rb +25 -43
data/lib/ruby_smb/smb2/negotiate_context.rb +108 -0
data/lib/ruby_smb/smb2/packet.rb +2 -0
data/lib/ruby_smb/smb2/packet/compression_transform_header.rb +41 -0
data/lib/ruby_smb/smb2/packet/negotiate_request.rb +51 -14
data/lib/ruby_smb/smb2/packet/negotiate_response.rb +49 -3
data/lib/ruby_smb/smb2/packet/transform_header.rb +84 -0
data/lib/ruby_smb/smb2/packet/tree_connect_request.rb +92 -6
data/lib/ruby_smb/smb2/packet/tree_connect_response.rb +8 -26
data/lib/ruby_smb/smb2/pipe.rb +3 -16
data/lib/ruby_smb/smb2/smb2_header.rb +1 -1
data/lib/ruby_smb/smb2/tree.rb +23 -17
data/lib/ruby_smb/version.rb +1 -1
data/ruby_smb.gemspec +3 -1
data/spec/lib/ruby_smb/client_spec.rb +1256 -57
data/spec/lib/ruby_smb/crypto_spec.rb +25 -0
data/spec/lib/ruby_smb/error_spec.rb +59 -0
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_response_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_response_spec.rb +1 -1
data/spec/lib/ruby_smb/smb2/bit_field/session_flags_spec.rb +9 -0
data/spec/lib/ruby_smb/smb2/bit_field/share_flags_spec.rb +27 -0
data/spec/lib/ruby_smb/smb2/file_spec.rb +86 -62
data/spec/lib/ruby_smb/smb2/negotiate_context_spec.rb +332 -0
data/spec/lib/ruby_smb/smb2/packet/compression_transform_header_spec.rb +108 -0
data/spec/lib/ruby_smb/smb2/packet/negotiate_request_spec.rb +138 -3
data/spec/lib/ruby_smb/smb2/packet/negotiate_response_spec.rb +120 -2
data/spec/lib/ruby_smb/smb2/packet/transform_header_spec.rb +220 -0
data/spec/lib/ruby_smb/smb2/packet/tree_connect_request_spec.rb +339 -9
data/spec/lib/ruby_smb/smb2/packet/tree_connect_response_spec.rb +3 -30
data/spec/lib/ruby_smb/smb2/pipe_spec.rb +0 -40
data/spec/lib/ruby_smb/smb2/smb2_header_spec.rb +2 -2
data/spec/lib/ruby_smb/smb2/tree_spec.rb +53 -8
metadata +124 -75
metadata.gz.sig +0 -0

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 3fe1b1b7bdd2516bd388f86c020a9fa99b70faa0
-  data.tar.gz: aa11ed030f543c0d83b61929d10c35eea20a8455
+SHA256:
+  metadata.gz: c76e06c7e09d56565d9253523f519ac12eccc193201b8f4dcd99a8ed07b37991
+  data.tar.gz: b533650ae3c9c16e75f2c5b987f53055894f0a99e87151dc5838922882d52ade
 SHA512:
-  metadata.gz: 92cc9708588a610104f8bacc8430fedd537f2ba283bb323b791ff45005a43417cf9570ce63f658b7a38c566570c2b651adb17b6750b3b117279552efaf138cab
-  data.tar.gz: 071db1651283d080b2adc728cd1f2225e051d52f86608f9f54dd6d79d39330127c3b5179d143ec9e5e155d132af1e128c4c9ca42744264caec8b249e0b0c86ec
+  metadata.gz: 82cbd9940e99aea529d23046e26b05f92bcfff3e03ee8df852b0c44f7b50ef517e4549f3e46b6890f55f0c5fc34e624821701cea6b807c008d1cbb03f0e4f242
+  data.tar.gz: 7d91fa41048597a8c376af79b32374588ffdb79b114bacfb1b43e482f22298f6439fe92a13753abffeb7b329ba3f09f4131a23bf8e63d62c5f9f85da40c5f5e0

checksums.yaml.gz.sig CHANGED

Binary file

data.tar.gz.sig CHANGED

@@ -1,4 +1 @@
-VQ��kD�fڸZ�
-=���U<�5/�Am�샜(��Ύm���pe�%u}�TQGh�0,�y��/��E#�M���W(A�˛\Y�M��doF�
-�6�T����U��6Ζ��1F�ex@��pg�r�F]W�2WM?�%�z�c# 2��*U.��*
-}�$��h@�uN�q�'�����c�
+Zp����xD�&Ǻ�(�T�q�Q�6Q��h�_࠘4�m��ң��1�Q��S�"B'��M���=�g_|i�ЈJz�����������MN-��s��O��&窓�Ӿ�~��*E�l�a�A<>��F�%�_�?�����n�1R�~��z

data/.travis.yml CHANGED

@@ -1,8 +1,6 @@
 language: ruby
 sudo: false
 rvm:
-  - '2.3.8'
-  - '2.4.5'
-  - '2.5.3'
-  - '2.6.1'
-  - 'jruby-9000'
+  - '2.5.8'
+  - '2.6.6'
+  - '2.7.0'

data/Gemfile CHANGED

@@ -1,11 +1,15 @@
 source 'https://rubygems.org'
 gemspec
-gem 'pry'
+group :development do
+  # for development and testing purposes
+  gem 'pry-byebug'
+  gem 'pry-rescue'
+end
 group :test do
   # simplecov test formatter and uploader for Coveralls.io
-  gem 'coveralls', require: false
+  gem "coveralls", '~>0.8.23', :require => false
   # Testing
   gem 'rspec'
   # Coverage reports

data/examples/negotiate.rb CHANGED

@@ -7,18 +7,61 @@
 require 'bundler/setup'
 require 'ruby_smb'
-def run_negotiation(address, smb1, smb2)
+def run_negotiation(address, smb1, smb2, smb3, opts = {})
   # Create our socket and add it to the dispatcher
   sock = TCPSocket.new address, 445
   dispatcher = RubySMB::Dispatcher::Socket.new(sock)
-  client = RubySMB::Client.new(dispatcher, smb1: smb1, smb2: smb2, username: 'msfadmin', password: 'msfadmin')
+  client = RubySMB::Client.new(dispatcher, smb1: smb1, smb2: smb2, smb3: smb3, username: 'msfadmin', password: 'msfadmin')
   client.negotiate
 end
-# Negotiate with both SMB1 and SMB2 enabled on the client
-run_negotiation(ARGV[0], true, true)
-# Negotiate with only SMB1 enabled
-run_negotiation(ARGV[0], true, false)
-# Negotiate with only SMB2 enabled
-run_negotiation(ARGV[0], false, true)
+begin
+  puts "Negotiate with only SMB1 enabled..."
+  puts "  Negotiated version: #{run_negotiation(ARGV[0], true, false, false)}"
+rescue RubySMB::Error::RubySMBError => e
+  puts "Error: #{e.message}"
+end
+begin
+  puts "Negotiate with only SMB2 enabled..."
+  puts "  Negotiated version: #{run_negotiation(ARGV[0], false, true, false)}"
+rescue RubySMB::Error::RubySMBError => e
+  puts "Error: #{e.message}"
+end
+begin
+  puts "Negotiate with only SMB3 enabled..."
+  puts "  Negotiated version: #{run_negotiation(ARGV[0], false, false, true)}"
+rescue RubySMB::Error::RubySMBError => e
+  puts "Error: #{e.message}"
+end
+begin
+  puts "Negotiate with both SMB1 and SMB2 enabled on the client..."
+  puts "  Negotiated version: #{run_negotiation(ARGV[0], true, true, false)}"
+rescue RubySMB::Error::RubySMBError => e
+  puts "Error: #{e.message}"
+end
+begin
+  puts "Negotiate with both SMB2 and SMB3 enabled on the client..."
+  puts "  Negotiated version: #{run_negotiation(ARGV[0], false, true, true)}"
+rescue RubySMB::Error::RubySMBError => e
+  puts "Error: #{e.message}"
+end
+begin
+  puts "Negotiate with both SMB1 and SMB3 enabled on the client..."
+  puts "  Negotiated version: #{run_negotiation(ARGV[0], true, false, true)}"
+rescue RubySMB::Error::RubySMBError => e
+  puts "Error: #{e.message}"
+end
+begin
+  puts "Negotiate with SMB1, SMB2 and SMB3 enabled on the client..."
+  puts "  Negotiated version: #{run_negotiation(ARGV[0], true, true, true)}"
+rescue RubySMB::Error::RubySMBError => e
+  puts "Error: #{e.message}"
+end

data/examples/read_file_encryption.rb ADDED

@@ -0,0 +1,56 @@
+#!/usr/bin/ruby
+# This example script is used for testing the reading of a file.
+# It will attempt to connect to a specific share and then read a specified file.
+# Example usage: ruby read_file.rb 192.168.172.138 msfadmin msfadmin TEST_SHARE short.txt
+# This will try to connect to \\192.168.172.138\TEST_SHARE with the msfadmin:msfadmin credentials
+# and read the file short.txt
+require 'bundler/setup'
+require 'ruby_smb'
+address  = ARGV[0]
+username = ARGV[1]
+password = ARGV[2]
+share    = ARGV[3]
+filename = ARGV[4]
+path     = "\\\\#{address}\\#{share}"
+sock = TCPSocket.new address, 445
+dispatcher = RubySMB::Dispatcher::Socket.new(sock)
+# To require encryption on the server, run this in an elevated Powershell:
+# C:\> Set-SmbServerConfiguration -EncryptData $true
+# To enable per-share encryption on the server, run this in an elevated Powershell:
+# C:\ Set-SmbServerConfiguration -EncryptData $false
+# C:\ Set-SmbShare -Name <share name> -EncryptData 1
+# For this encryption to work, it has to be SMBv3. By only setting smb3 to true,
+# we make sure the server will negotiate this version, if it supports it
+opts = {
+  smb1: false,
+  smb2: false,
+  smb3: true,
+  username: username,
+  password: password,
+}
+# By default, the client uses encryption even if it is not required by the server. Disable this by setting always_encrypt to false
+#opts[:always_encrypt] = false
+client = RubySMB::Client.new(dispatcher, opts)
+protocol = client.negotiate
+status = client.authenticate
+begin
+  tree = client.tree_connect(path)
+rescue StandardError => e
+  puts "Failed to connect to #{path}: #{e.message}"
+end
+file = tree.open_file(filename: filename)
+data = file.read
+puts data
+file.close

data/lib/ruby_smb.rb CHANGED

@@ -1,6 +1,9 @@
 require 'bindata'
 require 'net/ntlm'
 require 'net/ntlm/client'
+require 'openssl'
+require 'openssl/ccm'
+require 'openssl/cmac'
 require 'windows_error'
 require 'windows_error/nt_status'
 # A packet parsing and manipulation library for the SMB1 and SMB2 protocols
@@ -22,4 +25,5 @@ module RubySMB
   require 'ruby_smb/smb2'
   require 'ruby_smb/smb1'
   require 'ruby_smb/client'
+  require 'ruby_smb/crypto'
 end

data/lib/ruby_smb/client.rb CHANGED

@@ -9,6 +9,7 @@ module RubySMB
     require 'ruby_smb/client/echo'
     require 'ruby_smb/client/utils'
     require 'ruby_smb/client/winreg'
+    require 'ruby_smb/client/encryption'
     include RubySMB::Client::Negotiation
     include RubySMB::Client::Authentication
@@ -17,13 +18,20 @@ module RubySMB
     include RubySMB::Client::Echo
     include RubySMB::Client::Utils
     include RubySMB::Client::Winreg
+    include RubySMB::Client::Encryption
     # The Default SMB1 Dialect string used in an SMB1 Negotiate Request
     SMB1_DIALECT_SMB1_DEFAULT = 'NT LM 0.12'.freeze
     # The Default SMB2 Dialect string used in an SMB1 Negotiate Request
     SMB1_DIALECT_SMB2_DEFAULT = 'SMB 2.002'.freeze
-    # Dialect value for SMB2 Default (Version 2.02)
-    SMB2_DIALECT_DEFAULT = 0x0202
+    # The SMB2 wildcard revision number Dialect string used in an SMB1 Negotiate Request
+    # It indicates that the server implements SMB 2.1 or future dialect revisions
+    # Note that this must be used for SMB3
+    SMB1_DIALECT_SMB2_WILDCARD = 'SMB 2.???'.freeze
+    # Dialect values for SMB2
+    SMB2_DIALECT_DEFAULT = ['0x0202', '0x0210']
+    # Dialect values for SMB3
+    SMB3_DIALECT_DEFAULT = ['0x0300', '0x0302', '0x0311']
     # The default maximum size of a SMB message that the Client accepts (in bytes)
     MAX_BUFFER_SIZE = 64512
     # The default maximum size of a SMB message that the Server accepts (in bytes)
@@ -135,6 +143,11 @@ module RubySMB
     #   @return [Boolean]
     attr_accessor :smb2
+    # Whether or not the Client should support SMB3
+    # @!attribute [rw] smb3
+    #   @return [Boolean]
+    attr_accessor :smb3
     #  Tracks the current SMB2 Message ID that keeps communication in sync
     # @!attribute [rw] smb2_message_id
     #   @return [Integer]
@@ -178,12 +191,61 @@ module RubySMB
     #   @return [Integer]
     attr_accessor :server_max_transact_size
+    # The algorithm to compute the preauthentication integrity hash (SMB 3.1.1).
+    # @!attribute [rw] preauth_integrity_hash_algorithm
+    #   @return [String]
+    attr_accessor :preauth_integrity_hash_algorithm
+    # The preauthentication integrity hash value (SMB 3.1.1).
+    # @!attribute [rw] preauth_integrity_hash_value
+    #   @return [String]
+    attr_accessor :preauth_integrity_hash_value
+    # The algorithm for encryption (SMB 3.x).
+    # @!attribute [rw] encryption_algorithm
+    #   @return [String]
+    attr_accessor :encryption_algorithm
+    # The client encryption key (SMB 3.x).
+    # @!attribute [rw] client_encryption_key
+    #   @return [String]
+    attr_accessor :client_encryption_key
+    # The server encryption key (SMB 3.x).
+    # @!attribute [rw] server_encryption_key
+    #   @return [String]
+    attr_accessor :server_encryption_key
+    # Whether or not encryption is required (SMB 3.x)
+    # @!attribute [rw] encryption_required
+    #   @return [Boolean]
+    attr_accessor :encryption_required
+    # The encryption algorithms supported by the server (SMB 3.x).
+    # @!attribute [rw] server_encryption_algorithms
+    #   @return [Array<Integer>] list of supported encryption algorithms
+    #     (constants defined in RubySMB::SMB2::EncryptionCapabilities)
+    attr_accessor :server_encryption_algorithms
+    # The compression algorithms supported by the server (SMB 3.x).
+    # @!attribute [rw] server_compression_algorithms
+    #   @return [Array<Integer>] list of supported compression algorithms
+    #     (constants defined in RubySMB::SMB2::CompressionCapabilities)
+    attr_accessor :server_compression_algorithms
+    # The SMB version that has been successfully negotiated. This value is only
+    # set after the NEGOTIATE handshake has been performed.
+    # @!attribute [rw] negotiated_smb_version
+    #   @return [Integer] the negotiated SMB version
+    attr_accessor :negotiated_smb_version
     # @param dispatcher [RubySMB::Dispatcher::Socket] the packet dispatcher to use
     # @param smb1 [Boolean] whether or not to enable SMB1 support
     # @param smb2 [Boolean] whether or not to enable SMB2 support
-    def initialize(dispatcher, smb1: true, smb2: true, username:, password:, domain: '.', local_workstation: 'WORKSTATION')
+    # @param smb3 [Boolean] whether or not to enable SMB3 support
+    def initialize(dispatcher, smb1: true, smb2: true, smb3: true, username:, password:, domain: '.', local_workstation: 'WORKSTATION', always_encrypt: true)
       raise ArgumentError, 'No Dispatcher provided' unless dispatcher.is_a? RubySMB::Dispatcher::Base
-      if smb1 == false && smb2 == false
+      if smb1 == false && smb2 == false && smb3 == false
         raise ArgumentError, 'You must enable at least one Protocol'
       end
       @dispatcher        = dispatcher
@@ -196,6 +258,7 @@ module RubySMB
       @signing_required  = false
       @smb1              = smb1
       @smb2              = smb2
+      @smb3              = smb3
       @username          = username.encode('utf-8') || ''.encode('utf-8')
       @max_buffer_size   = MAX_BUFFER_SIZE
       # These sizes will be modifed during negotiation
@@ -204,6 +267,9 @@ module RubySMB
       @server_max_write_size  = RubySMB::SMB2::File::MAX_PACKET_SIZE
       @server_max_transact_size = RubySMB::SMB2::File::MAX_PACKET_SIZE
+      # SMB 3.x options
+      @encryption_required = always_encrypt
       negotiate_version_flag = 0x02000000
       flags = Net::NTLM::Client::DEFAULT_FLAGS |
         Net::NTLM::FLAGS[:TARGET_INFO] |
@@ -243,7 +309,7 @@ module RubySMB
     # @param data [String] the data the server should echo back (ignored in SMB2)
     # @return [WindowsError::ErrorCode] the NTStatus of the last response received
     def echo(count: 1, data: '')
-      response = if smb2
+      response = if smb2 || smb3
                    smb2_echo
                  else
                    smb1_echo(count: count, data: data)
@@ -258,10 +324,8 @@ module RubySMB
     # @param packet [RubySMB::GenericPacket] the packet to set the message id for
     # @return [RubySMB::GenericPacket] the modified packet
     def increment_smb_message_id(packet)
-      if packet.smb2_header.message_id.zero? && smb2_message_id != 0
-        packet.smb2_header.message_id = smb2_message_id
-        self.smb2_message_id += 1
-      end
+      packet.smb2_header.message_id = smb2_message_id
+      self.smb2_message_id += 1
       packet
     end
@@ -301,7 +365,7 @@ module RubySMB
     # @return [WindowsError::ErrorCode] the NTStatus of the response
     # @raise [RubySMB::Error::InvalidPacket] if the response packet is not a LogoffResponse packet
     def logoff!
-      if smb2
+      if smb2 || smb3
         request      = RubySMB::SMB2::Packet::LogoffRequest.new
         raw_response = send_recv(request)
         response     = RubySMB::SMB2::Packet::LogoffResponse.read(raw_response)
@@ -335,8 +399,9 @@ module RubySMB
     #
     # @param packet [RubySMB::GenericPacket] the request to be sent
     # @return [String] the raw response data received
-    def send_recv(packet)
-      case packet.packet_smb_version
+    def send_recv(packet, encrypt: false)
+      version = packet.packet_smb_version
+      case version
       when 'SMB1'
         packet.smb_header.uid = user_id if user_id
         packet = smb1_sign(packet)
@@ -344,25 +409,103 @@ module RubySMB
         packet = increment_smb_message_id(packet)
         packet.smb2_header.session_id = session_id
         unless packet.is_a?(RubySMB::SMB2::Packet::SessionSetupRequest)
-          packet = smb2_sign(packet)
+          if self.smb2
+            packet = smb2_sign(packet)
+          elsif self.smb3
+            packet = smb3_sign(packet)
+          end
         end
       else
         packet = packet
       end
-      dispatcher.send_packet(packet)
-      raw_response = dispatcher.recv_packet
+      if can_be_encrypted?(packet) && encryption_supported? && (@encryption_required || encrypt)
+        send_encrypt(packet)
+        raw_response = recv_encrypt
+        loop do
+          break unless is_status_pending?(raw_response)
+          sleep 1
+          raw_response = recv_encrypt
+        end
+      else
+        dispatcher.send_packet(packet)
+        raw_response = dispatcher.recv_packet
+        loop do
+          break unless is_status_pending?(raw_response)
+          sleep 1
+          raw_response = dispatcher.recv_packet
+        end unless version == 'SMB1'
+      end
       self.sequence_counter += 1 if signing_required && !session_key.empty?
       raw_response
     end
+    # Check if the response is an asynchronous operation with STATUS_PENDING
+    # status code.
+    #
+    # @param raw_response [String] the raw response packet
+    # @return [Boolean] true if it is a status pending operation, false otherwise
+    def is_status_pending?(raw_response)
+      smb2_header = RubySMB::SMB2::SMB2Header.read(raw_response)
+      value = smb2_header.nt_status.value
+      status_code = WindowsError::NTStatus.find_by_retval(value).first
+      status_code == WindowsError::NTStatus::STATUS_PENDING &&
+        smb2_header.flags.async_command == 1
+    end
+    # Check if the request packet can be encrypted. Per the SMB spec,
+    # SessionSetupRequest and NegotiateRequest must not be encrypted.
+    #
+    # @param packet [RubySMB::GenericPacket] the request packet
+    # @return [Boolean] true if the packet can be encrypted
+    def can_be_encrypted?(packet)
+      [RubySMB::SMB2::Packet::SessionSetupRequest, RubySMB::SMB2::Packet::NegotiateRequest].none? do |klass|
+        packet.is_a?(klass)
+      end
+    end
+    # Check if the current dialect support encryption.
+    #
+    # @return [Boolean] true if encryption is supported
+    def encryption_supported?
+      ['0x0300', '0x0302', '0x0311'].include?(@dialect)
+    end
+    # Encrypt and send a packet
+    def send_encrypt(packet)
+      begin
+        transform_request = smb3_encrypt(packet.to_binary_s)
+      rescue RubySMB::Error::RubySMBError => e
+        raise RubySMB::Error::EncryptionError, "Error while encrypting #{packet.class.name} packet (SMB #{@dialect}): #{e}"
+      end
+      dispatcher.send_packet(transform_request)
+    end
+    # Receives the raw response through the Dispatcher and decrypt the packet.
+    #
+    # @return [String] the raw unencrypted packet
+    def recv_encrypt
+      raw_response = dispatcher.recv_packet
+      begin
+        transform_response = RubySMB::SMB2::Packet::TransformHeader.read(raw_response)
+      rescue IOError
+        raise RubySMB::Error::InvalidPacket, 'Not a SMB2 TransformHeader packet'
+      end
+      begin
+        smb3_decrypt(transform_response)
+      rescue RubySMB::Error::RubySMBError => e
+        raise RubySMB::Error::EncryptionError, "Error while decrypting #{transform_response.class.name} packet (SMB #@dialect}): #{e}"
+      end
+    end
     # Connects to the supplied share
     #
     # @param share [String] the path to the share in `\\server\share_name` format
     # @return [RubySMB::SMB1::Tree] if talking over SMB1
     # @return [RubySMB::SMB2::Tree] if talking over SMB2
     def tree_connect(share)
-      connected_tree = if smb2
+      connected_tree = if smb2 || smb3
         smb2_tree_connect(share)
       else
         smb1_tree_connect(share)
@@ -392,6 +535,8 @@ module RubySMB
       self.session_key      = ''
       self.sequence_counter = 0
       self.smb2_message_id  = 0
+      self.client_encryption_key = nil
+      self.server_encryption_key = nil
     end
     # Requests a NetBIOS Session Service using the provided name.
@@ -434,5 +579,16 @@ module RubySMB
       session_request
     end
+    def update_preauth_hash(data)
+      unless @preauth_integrity_hash_algorithm
+        raise RubySMB::Error::EncryptionError.new(
+          'Cannot compute the Preauth Integrity Hash value: Preauth Integrity Hash Algorithm is nil'
+        )
+      end
+      @preauth_integrity_hash_value = OpenSSL::Digest.digest(
+        @preauth_integrity_hash_algorithm,
+        @preauth_integrity_hash_value + data.to_binary_s
+      )
+    end
   end
 end