RubyGems - ruby_smb - Versions diffs - 1.1.0 → 2.0.0 - Mend

ruby_smb 1.1.0 → 2.0.0

Files changed (65) hide show

checksums.yaml +5 -5
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +1 -4
data/.travis.yml +3 -5
data/Gemfile +6 -2
data/examples/negotiate.rb +51 -8
data/examples/read_file_encryption.rb +56 -0
data/lib/ruby_smb.rb +4 -0
data/lib/ruby_smb/client.rb +172 -16
data/lib/ruby_smb/client/authentication.rb +27 -8
data/lib/ruby_smb/client/encryption.rb +62 -0
data/lib/ruby_smb/client/negotiation.rb +133 -12
data/lib/ruby_smb/client/signing.rb +19 -0
data/lib/ruby_smb/client/tree_connect.rb +4 -4
data/lib/ruby_smb/client/utils.rb +8 -7
data/lib/ruby_smb/crypto.rb +30 -0
data/lib/ruby_smb/dispatcher/socket.rb +2 -2
data/lib/ruby_smb/error.rb +28 -1
data/lib/ruby_smb/smb1/commands.rb +1 -1
data/lib/ruby_smb/smb1/file.rb +4 -4
data/lib/ruby_smb/smb1/packet/session_setup_legacy_request.rb +1 -1
data/lib/ruby_smb/smb1/packet/session_setup_legacy_response.rb +2 -2
data/lib/ruby_smb/smb1/packet/session_setup_request.rb +1 -1
data/lib/ruby_smb/smb1/packet/session_setup_response.rb +2 -2
data/lib/ruby_smb/smb1/packet/write_andx_request.rb +1 -1
data/lib/ruby_smb/smb1/pipe.rb +2 -2
data/lib/ruby_smb/smb1/tree.rb +3 -3
data/lib/ruby_smb/smb2/bit_field/session_flags.rb +2 -1
data/lib/ruby_smb/smb2/bit_field/share_flags.rb +6 -4
data/lib/ruby_smb/smb2/file.rb +25 -43
data/lib/ruby_smb/smb2/negotiate_context.rb +108 -0
data/lib/ruby_smb/smb2/packet.rb +2 -0
data/lib/ruby_smb/smb2/packet/compression_transform_header.rb +41 -0
data/lib/ruby_smb/smb2/packet/negotiate_request.rb +51 -14
data/lib/ruby_smb/smb2/packet/negotiate_response.rb +49 -3
data/lib/ruby_smb/smb2/packet/transform_header.rb +84 -0
data/lib/ruby_smb/smb2/packet/tree_connect_request.rb +92 -6
data/lib/ruby_smb/smb2/packet/tree_connect_response.rb +8 -26
data/lib/ruby_smb/smb2/pipe.rb +3 -16
data/lib/ruby_smb/smb2/smb2_header.rb +1 -1
data/lib/ruby_smb/smb2/tree.rb +23 -17
data/lib/ruby_smb/version.rb +1 -1
data/ruby_smb.gemspec +3 -1
data/spec/lib/ruby_smb/client_spec.rb +1256 -57
data/spec/lib/ruby_smb/crypto_spec.rb +25 -0
data/spec/lib/ruby_smb/error_spec.rb +59 -0
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_response_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_response_spec.rb +1 -1
data/spec/lib/ruby_smb/smb2/bit_field/session_flags_spec.rb +9 -0
data/spec/lib/ruby_smb/smb2/bit_field/share_flags_spec.rb +27 -0
data/spec/lib/ruby_smb/smb2/file_spec.rb +86 -62
data/spec/lib/ruby_smb/smb2/negotiate_context_spec.rb +332 -0
data/spec/lib/ruby_smb/smb2/packet/compression_transform_header_spec.rb +108 -0
data/spec/lib/ruby_smb/smb2/packet/negotiate_request_spec.rb +138 -3
data/spec/lib/ruby_smb/smb2/packet/negotiate_response_spec.rb +120 -2
data/spec/lib/ruby_smb/smb2/packet/transform_header_spec.rb +220 -0
data/spec/lib/ruby_smb/smb2/packet/tree_connect_request_spec.rb +339 -9
data/spec/lib/ruby_smb/smb2/packet/tree_connect_response_spec.rb +3 -30
data/spec/lib/ruby_smb/smb2/pipe_spec.rb +0 -40
data/spec/lib/ruby_smb/smb2/smb2_header_spec.rb +2 -2
data/spec/lib/ruby_smb/smb2/tree_spec.rb +53 -8
metadata +124 -75
metadata.gz.sig +0 -0

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 3fe1b1b7bdd2516bd388f86c020a9fa99b70faa0
-  data.tar.gz: aa11ed030f543c0d83b61929d10c35eea20a8455
+SHA256:
+  metadata.gz: c76e06c7e09d56565d9253523f519ac12eccc193201b8f4dcd99a8ed07b37991
+  data.tar.gz: b533650ae3c9c16e75f2c5b987f53055894f0a99e87151dc5838922882d52ade
 SHA512:
-  metadata.gz: 92cc9708588a610104f8bacc8430fedd537f2ba283bb323b791ff45005a43417cf9570ce63f658b7a38c566570c2b651adb17b6750b3b117279552efaf138cab
-  data.tar.gz: 071db1651283d080b2adc728cd1f2225e051d52f86608f9f54dd6d79d39330127c3b5179d143ec9e5e155d132af1e128c4c9ca42744264caec8b249e0b0c86ec
+  metadata.gz: 82cbd9940e99aea529d23046e26b05f92bcfff3e03ee8df852b0c44f7b50ef517e4549f3e46b6890f55f0c5fc34e624821701cea6b807c008d1cbb03f0e4f242
+  data.tar.gz: 7d91fa41048597a8c376af79b32374588ffdb79b114bacfb1b43e482f22298f6439fe92a13753abffeb7b329ba3f09f4131a23bf8e63d62c5f9f85da40c5f5e0

checksums.yaml.gz.sig CHANGED

Binary file

data.tar.gz.sig CHANGED

@@ -1,4 +1 @@
-VQ��kD�fڸZ�
-=���U<�5/�Am�샜(��Ύm���pe�%u}�TQGh�0,�y��/��E#�M���W(A�˛\Y�M��doF�
-�6�T����U��6Ζ��1F�ex@��pg�r�F]W�2WM?�%�z�c# 2��*U.��*
-}�$��h@�uN�q�'�����c�
+Zp����xD�&Ǻ�(�T�q�Q�6Q��h�_࠘4�m��ң��1�Q��S�"B'��M���=�g_|i�ЈJz�����������MN-��s��O��&窓�Ӿ�~��*E�l�a�A<>��F�%�_�?�����n�1R�~��z

data/.travis.yml CHANGED

@@ -1,8 +1,6 @@
 language: ruby
 sudo: false
 rvm:
-  - '2.3.8'
-  - '2.4.5'
-  - '2.5.3'
-  - '2.6.1'
-  - 'jruby-9000'
+  - '2.5.8'
+  - '2.6.6'
+  - '2.7.0'

data/Gemfile CHANGED

@@ -1,11 +1,15 @@
 source 'https://rubygems.org'
 gemspec
-gem 'pry'
+group :development do
+  # for development and testing purposes
+  gem 'pry-byebug'
+  gem 'pry-rescue'
+end
 group :test do
   # simplecov test formatter and uploader for Coveralls.io
-  gem 'coveralls', require: false
+  gem "coveralls", '~>0.8.23', :require => false
   # Testing
   gem 'rspec'
   # Coverage reports

data/examples/negotiate.rb CHANGED

@@ -7,18 +7,61 @@
 require 'bundler/setup'
 require 'ruby_smb'
-def run_negotiation(address, smb1, smb2)
+def run_negotiation(address, smb1, smb2, smb3, opts = {})
   # Create our socket and add it to the dispatcher
   sock = TCPSocket.new address, 445
   dispatcher = RubySMB::Dispatcher::Socket.new(sock)
-  client = RubySMB::Client.new(dispatcher, smb1: smb1, smb2: smb2, username: 'msfadmin', password: 'msfadmin')
+  client = RubySMB::Client.new(dispatcher, smb1: smb1, smb2: smb2, smb3: smb3, username: 'msfadmin', password: 'msfadmin')
   client.negotiate
 end
-# Negotiate with both SMB1 and SMB2 enabled on the client
-run_negotiation(ARGV[0], true, true)
-# Negotiate with only SMB1 enabled
-run_negotiation(ARGV[0], true, false)
-# Negotiate with only SMB2 enabled
-run_negotiation(ARGV[0], false, true)
+begin
+  puts "Negotiate with only SMB1 enabled..."
+  puts "  Negotiated version: #{run_negotiation(ARGV[0], true, false, false)}"
+rescue RubySMB::Error::RubySMBError => e
+  puts "Error: #{e.message}"
+end
+begin
+  puts "Negotiate with only SMB2 enabled..."
+  puts "  Negotiated version: #{run_negotiation(ARGV[0], false, true, false)}"
+rescue RubySMB::Error::RubySMBError => e
+  puts "Error: #{e.message}"
+end
+begin
+  puts "Negotiate with only SMB3 enabled..."
+  puts "  Negotiated version: #{run_negotiation(ARGV[0], false, false, true)}"
+rescue RubySMB::Error::RubySMBError => e
+  puts "Error: #{e.message}"
+end
+begin
+  puts "Negotiate with both SMB1 and SMB2 enabled on the client..."
+  puts "  Negotiated version: #{run_negotiation(ARGV[0], true, true, false)}"
+rescue RubySMB::Error::RubySMBError => e
+  puts "Error: #{e.message}"
+end
+begin
+  puts "Negotiate with both SMB2 and SMB3 enabled on the client..."
+  puts "  Negotiated version: #{run_negotiation(ARGV[0], false, true, true)}"
+rescue RubySMB::Error::RubySMBError => e
+  puts "Error: #{e.message}"
+end
+begin
+  puts "Negotiate with both SMB1 and SMB3 enabled on the client..."
+  puts "  Negotiated version: #{run_negotiation(ARGV[0], true, false, true)}"
+rescue RubySMB::Error::RubySMBError => e
+  puts "Error: #{e.message}"
+end
+begin
+  puts "Negotiate with SMB1, SMB2 and SMB3 enabled on the client..."
+  puts "  Negotiated version: #{run_negotiation(ARGV[0], true, true, true)}"
+rescue RubySMB::Error::RubySMBError => e
+  puts "Error: #{e.message}"
+end

data/examples/read_file_encryption.rb ADDED

@@ -0,0 +1,56 @@
+#!/usr/bin/ruby
+# This example script is used for testing the reading of a file.
+# It will attempt to connect to a specific share and then read a specified file.
+# Example usage: ruby read_file.rb 192.168.172.138 msfadmin msfadmin TEST_SHARE short.txt
+# This will try to connect to \\192.168.172.138\TEST_SHARE with the msfadmin:msfadmin credentials
+# and read the file short.txt
+require 'bundler/setup'
+require 'ruby_smb'
+address  = ARGV[0]
+username = ARGV[1]
+password = ARGV[2]
+share    = ARGV[3]
+filename = ARGV[4]
+path     = "\\\\#{address}\\#{share}"
+sock = TCPSocket.new address, 445
+dispatcher = RubySMB::Dispatcher::Socket.new(sock)
+# To require encryption on the server, run this in an elevated Powershell:
+# C:\> Set-SmbServerConfiguration -EncryptData $true
+# To enable per-share encryption on the server, run this in an elevated Powershell:
+# C:\ Set-SmbServerConfiguration -EncryptData $false
+# C:\ Set-SmbShare -Name <share name> -EncryptData 1
+# For this encryption to work, it has to be SMBv3. By only setting smb3 to true,
+# we make sure the server will negotiate this version, if it supports it
+opts = {
+  smb1: false,
+  smb2: false,
+  smb3: true,
+  username: username,
+  password: password,
+}
+# By default, the client uses encryption even if it is not required by the server. Disable this by setting always_encrypt to false
+#opts[:always_encrypt] = false
+client = RubySMB::Client.new(dispatcher, opts)
+protocol = client.negotiate
+status = client.authenticate
+begin
+  tree = client.tree_connect(path)
+rescue StandardError => e
+  puts "Failed to connect to #{path}: #{e.message}"
+end
+file = tree.open_file(filename: filename)
+data = file.read
+puts data
+file.close

data/lib/ruby_smb.rb CHANGED

@@ -1,6 +1,9 @@
 require 'bindata'
 require 'net/ntlm'
 require 'net/ntlm/client'
+require 'openssl'
+require 'openssl/ccm'
+require 'openssl/cmac'
 require 'windows_error'
 require 'windows_error/nt_status'
 # A packet parsing and manipulation library for the SMB1 and SMB2 protocols
@@ -22,4 +25,5 @@ module RubySMB
   require 'ruby_smb/smb2'
   require 'ruby_smb/smb1'
   require 'ruby_smb/client'
+  require 'ruby_smb/crypto'
 end

data/lib/ruby_smb/client.rb CHANGED

@@ -9,6 +9,7 @@ module RubySMB
     require 'ruby_smb/client/echo'
     require 'ruby_smb/client/utils'
     require 'ruby_smb/client/winreg'
+    require 'ruby_smb/client/encryption'
     include RubySMB::Client::Negotiation
     include RubySMB::Client::Authentication
@@ -17,13 +18,20 @@ module RubySMB
     include RubySMB::Client::Echo
     include RubySMB::Client::Utils
     include RubySMB::Client::Winreg
+    include RubySMB::Client::Encryption
     # The Default SMB1 Dialect string used in an SMB1 Negotiate Request
     SMB1_DIALECT_SMB1_DEFAULT = 'NT LM 0.12'.freeze
     # The Default SMB2 Dialect string used in an SMB1 Negotiate Request
     SMB1_DIALECT_SMB2_DEFAULT = 'SMB 2.002'.freeze
-    # Dialect value for SMB2 Default (Version 2.02)
-    SMB2_DIALECT_DEFAULT = 0x0202
+    # The SMB2 wildcard revision number Dialect string used in an SMB1 Negotiate Request
+    # It indicates that the server implements SMB 2.1 or future dialect revisions
+    # Note that this must be used for SMB3
+    SMB1_DIALECT_SMB2_WILDCARD = 'SMB 2.???'.freeze
+    # Dialect values for SMB2
+    SMB2_DIALECT_DEFAULT = ['0x0202', '0x0210']
+    # Dialect values for SMB3
+    SMB3_DIALECT_DEFAULT = ['0x0300', '0x0302', '0x0311']
     # The default maximum size of a SMB message that the Client accepts (in bytes)
     MAX_BUFFER_SIZE = 64512
     # The default maximum size of a SMB message that the Server accepts (in bytes)
@@ -135,6 +143,11 @@ module RubySMB
     #   @return [Boolean]
     attr_accessor :smb2
+    # Whether or not the Client should support SMB3
+    # @!attribute [rw] smb3
+    #   @return [Boolean]
+    attr_accessor :smb3
     #  Tracks the current SMB2 Message ID that keeps communication in sync
     # @!attribute [rw] smb2_message_id
     #   @return [Integer]
@@ -178,12 +191,61 @@ module RubySMB
     #   @return [Integer]
     attr_accessor :server_max_transact_size
+    # The algorithm to compute the preauthentication integrity hash (SMB 3.1.1).
+    # @!attribute [rw] preauth_integrity_hash_algorithm
+    #   @return [String]
+    attr_accessor :preauth_integrity_hash_algorithm
+    # The preauthentication integrity hash value (SMB 3.1.1).
+    # @!attribute [rw] preauth_integrity_hash_value
+    #   @return [String]
+    attr_accessor :preauth_integrity_hash_value
+    # The algorithm for encryption (SMB 3.x).
+    # @!attribute [rw] encryption_algorithm
+    #   @return [String]
+    attr_accessor :encryption_algorithm
+    # The client encryption key (SMB 3.x).
+    # @!attribute [rw] client_encryption_key
+    #   @return [String]
+    attr_accessor :client_encryption_key
+    # The server encryption key (SMB 3.x).
+    # @!attribute [rw] server_encryption_key
+    #   @return [String]
+    attr_accessor :server_encryption_key
+    # Whether or not encryption is required (SMB 3.x)
+    # @!attribute [rw] encryption_required
+    #   @return [Boolean]
+    attr_accessor :encryption_required
+    # The encryption algorithms supported by the server (SMB 3.x).
+    # @!attribute [rw] server_encryption_algorithms
+    #   @return [Array<Integer>] list of supported encryption algorithms
+    #     (constants defined in RubySMB::SMB2::EncryptionCapabilities)
+    attr_accessor :server_encryption_algorithms
+    # The compression algorithms supported by the server (SMB 3.x).
+    # @!attribute [rw] server_compression_algorithms
+    #   @return [Array<Integer>] list of supported compression algorithms
+    #     (constants defined in RubySMB::SMB2::CompressionCapabilities)
+    attr_accessor :server_compression_algorithms
+    # The SMB version that has been successfully negotiated. This value is only
+    # set after the NEGOTIATE handshake has been performed.
+    # @!attribute [rw] negotiated_smb_version
+    #   @return [Integer] the negotiated SMB version
+    attr_accessor :negotiated_smb_version
     # @param dispatcher [RubySMB::Dispatcher::Socket] the packet dispatcher to use
     # @param smb1 [Boolean] whether or not to enable SMB1 support
     # @param smb2 [Boolean] whether or not to enable SMB2 support
-    def initialize(dispatcher, smb1: true, smb2: true, username:, password:, domain: '.', local_workstation: 'WORKSTATION')
+    # @param smb3 [Boolean] whether or not to enable SMB3 support
+    def initialize(dispatcher, smb1: true, smb2: true, smb3: true, username:, password:, domain: '.', local_workstation: 'WORKSTATION', always_encrypt: true)
       raise ArgumentError, 'No Dispatcher provided' unless dispatcher.is_a? RubySMB::Dispatcher::Base
-      if smb1 == false && smb2 == false
+      if smb1 == false && smb2 == false && smb3 == false
         raise ArgumentError, 'You must enable at least one Protocol'
       end
       @dispatcher        = dispatcher
@@ -196,6 +258,7 @@ module RubySMB
       @signing_required  = false
       @smb1              = smb1
       @smb2              = smb2
+      @smb3              = smb3
       @username          = username.encode('utf-8') || ''.encode('utf-8')
       @max_buffer_size   = MAX_BUFFER_SIZE
       # These sizes will be modifed during negotiation
@@ -204,6 +267,9 @@ module RubySMB
       @server_max_write_size  = RubySMB::SMB2::File::MAX_PACKET_SIZE
       @server_max_transact_size = RubySMB::SMB2::File::MAX_PACKET_SIZE
+      # SMB 3.x options
+      @encryption_required = always_encrypt
       negotiate_version_flag = 0x02000000
       flags = Net::NTLM::Client::DEFAULT_FLAGS |
         Net::NTLM::FLAGS[:TARGET_INFO] |
@@ -243,7 +309,7 @@ module RubySMB
     # @param data [String] the data the server should echo back (ignored in SMB2)
     # @return [WindowsError::ErrorCode] the NTStatus of the last response received
     def echo(count: 1, data: '')
-      response = if smb2
+      response = if smb2 || smb3
                    smb2_echo
                  else
                    smb1_echo(count: count, data: data)
@@ -258,10 +324,8 @@ module RubySMB
     # @param packet [RubySMB::GenericPacket] the packet to set the message id for
     # @return [RubySMB::GenericPacket] the modified packet
     def increment_smb_message_id(packet)
-      if packet.smb2_header.message_id.zero? && smb2_message_id != 0
-        packet.smb2_header.message_id = smb2_message_id
-        self.smb2_message_id += 1
-      end
+      packet.smb2_header.message_id = smb2_message_id
+      self.smb2_message_id += 1
       packet
     end
@@ -301,7 +365,7 @@ module RubySMB
     # @return [WindowsError::ErrorCode] the NTStatus of the response
     # @raise [RubySMB::Error::InvalidPacket] if the response packet is not a LogoffResponse packet
     def logoff!
-      if smb2
+      if smb2 || smb3
         request      = RubySMB::SMB2::Packet::LogoffRequest.new
         raw_response = send_recv(request)
         response     = RubySMB::SMB2::Packet::LogoffResponse.read(raw_response)
@@ -335,8 +399,9 @@ module RubySMB
     #
     # @param packet [RubySMB::GenericPacket] the request to be sent
     # @return [String] the raw response data received
-    def send_recv(packet)
-      case packet.packet_smb_version
+    def send_recv(packet, encrypt: false)
+      version = packet.packet_smb_version
+      case version
       when 'SMB1'
         packet.smb_header.uid = user_id if user_id
         packet = smb1_sign(packet)
@@ -344,25 +409,103 @@ module RubySMB
         packet = increment_smb_message_id(packet)
         packet.smb2_header.session_id = session_id
         unless packet.is_a?(RubySMB::SMB2::Packet::SessionSetupRequest)
-          packet = smb2_sign(packet)
+          if self.smb2
+            packet = smb2_sign(packet)
+          elsif self.smb3
+            packet = smb3_sign(packet)
+          end
         end
       else
         packet = packet
       end
-      dispatcher.send_packet(packet)
-      raw_response = dispatcher.recv_packet
+      if can_be_encrypted?(packet) && encryption_supported? && (@encryption_required || encrypt)
+        send_encrypt(packet)
+        raw_response = recv_encrypt
+        loop do
+          break unless is_status_pending?(raw_response)
+          sleep 1
+          raw_response = recv_encrypt
+        end
+      else
+        dispatcher.send_packet(packet)
+        raw_response = dispatcher.recv_packet
+        loop do
+          break unless is_status_pending?(raw_response)
+          sleep 1
+          raw_response = dispatcher.recv_packet
+        end unless version == 'SMB1'
+      end
       self.sequence_counter += 1 if signing_required && !session_key.empty?
       raw_response
     end
+    # Check if the response is an asynchronous operation with STATUS_PENDING
+    # status code.
+    #
+    # @param raw_response [String] the raw response packet
+    # @return [Boolean] true if it is a status pending operation, false otherwise
+    def is_status_pending?(raw_response)
+      smb2_header = RubySMB::SMB2::SMB2Header.read(raw_response)
+      value = smb2_header.nt_status.value
+      status_code = WindowsError::NTStatus.find_by_retval(value).first
+      status_code == WindowsError::NTStatus::STATUS_PENDING &&
+        smb2_header.flags.async_command == 1
+    end
+    # Check if the request packet can be encrypted. Per the SMB spec,
+    # SessionSetupRequest and NegotiateRequest must not be encrypted.
+    #
+    # @param packet [RubySMB::GenericPacket] the request packet
+    # @return [Boolean] true if the packet can be encrypted
+    def can_be_encrypted?(packet)
+      [RubySMB::SMB2::Packet::SessionSetupRequest, RubySMB::SMB2::Packet::NegotiateRequest].none? do |klass|
+        packet.is_a?(klass)
+      end
+    end
+    # Check if the current dialect support encryption.
+    #
+    # @return [Boolean] true if encryption is supported
+    def encryption_supported?
+      ['0x0300', '0x0302', '0x0311'].include?(@dialect)
+    end
+    # Encrypt and send a packet
+    def send_encrypt(packet)
+      begin
+        transform_request = smb3_encrypt(packet.to_binary_s)
+      rescue RubySMB::Error::RubySMBError => e
+        raise RubySMB::Error::EncryptionError, "Error while encrypting #{packet.class.name} packet (SMB #{@dialect}): #{e}"
+      end
+      dispatcher.send_packet(transform_request)
+    end
+    # Receives the raw response through the Dispatcher and decrypt the packet.
+    #
+    # @return [String] the raw unencrypted packet
+    def recv_encrypt
+      raw_response = dispatcher.recv_packet
+      begin
+        transform_response = RubySMB::SMB2::Packet::TransformHeader.read(raw_response)
+      rescue IOError
+        raise RubySMB::Error::InvalidPacket, 'Not a SMB2 TransformHeader packet'
+      end
+      begin
+        smb3_decrypt(transform_response)
+      rescue RubySMB::Error::RubySMBError => e
+        raise RubySMB::Error::EncryptionError, "Error while decrypting #{transform_response.class.name} packet (SMB #@dialect}): #{e}"
+      end
+    end
     # Connects to the supplied share
     #
     # @param share [String] the path to the share in `\\server\share_name` format
     # @return [RubySMB::SMB1::Tree] if talking over SMB1
     # @return [RubySMB::SMB2::Tree] if talking over SMB2
     def tree_connect(share)
-      connected_tree = if smb2
+      connected_tree = if smb2 || smb3
         smb2_tree_connect(share)
       else
         smb1_tree_connect(share)
@@ -392,6 +535,8 @@ module RubySMB
       self.session_key      = ''
       self.sequence_counter = 0
       self.smb2_message_id  = 0
+      self.client_encryption_key = nil
+      self.server_encryption_key = nil
     end
     # Requests a NetBIOS Session Service using the provided name.
@@ -434,5 +579,16 @@ module RubySMB
       session_request
     end
+    def update_preauth_hash(data)
+      unless @preauth_integrity_hash_algorithm
+        raise RubySMB::Error::EncryptionError.new(
+          'Cannot compute the Preauth Integrity Hash value: Preauth Integrity Hash Algorithm is nil'
+        )
+      end
+      @preauth_integrity_hash_value = OpenSSL::Digest.digest(
+        @preauth_integrity_hash_algorithm,
+        @preauth_integrity_hash_value + data.to_binary_s
+      )
+    end
   end
 end