ruby_smb 2.0.0 → 2.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c76e06c7e09d56565d9253523f519ac12eccc193201b8f4dcd99a8ed07b37991
-  data.tar.gz: b533650ae3c9c16e75f2c5b987f53055894f0a99e87151dc5838922882d52ade
+  metadata.gz: a683fe9443f70b1f4e7dc98d02d7f4deaf785ae94097752696c516977bc3a36a
+  data.tar.gz: 5e74a2b2daaedb9b2f096ef05fcd5465a9caa1b9672af6e42d13f18b70e47110
 SHA512:
-  metadata.gz: 82cbd9940e99aea529d23046e26b05f92bcfff3e03ee8df852b0c44f7b50ef517e4549f3e46b6890f55f0c5fc34e624821701cea6b807c008d1cbb03f0e4f242
-  data.tar.gz: 7d91fa41048597a8c376af79b32374588ffdb79b114bacfb1b43e482f22298f6439fe92a13753abffeb7b329ba3f09f4131a23bf8e63d62c5f9f85da40c5f5e0
+  metadata.gz: efaaf45fb9fb49bd37a3f45681800f26437efdd76bd6b06ee763768c3674292fe3e7bc35946a489300a3d696a7f060cad2802335aabfd766dd6bc8dd9f503fdd
+  data.tar.gz: cef65fae806b5b6bce656ef799f5ca4376a0cc71e1ad5746ddaf44898652580ce990d728960b2a4767898d1e7ebcb8e12d997919123b4cbc4a2d113c7db57822

data.tar.gz.sig

@@ -1 +1 @@
-Zp����xD�&Ǻ�(�T�q�Q�6Q��h�_࠘4�m��ң��1�Q��S�"B'��M���=�g_|i�ЈJz�����������MN-��s��
O��&窓�Ӿ�~��*E�l�a�A<>��F�%�_�?�����n�1R�~��
z
+���}�T�e�X��*|�#VȕH�A�p��&n������I�u�rRႠ��� ��8�c��`鏐K���y�(�{Y��K9…9��†�6�J���_*����� ���G�"�Y�&3="��}<�P��ݘf����L�d�U�Rڨ^O�@����Ab��Մ�Lӊ�������<������o�ǿ�_��q���Ɩ])�����=>z?��\h8�բz�V�����ߨ����~

data/lib/ruby_smb/client.rb

@@ -216,10 +216,10 @@ module RubySMB
     #   @return [String]
     attr_accessor :server_encryption_key
 
-    # Whether or not encryption is required (SMB 3.x)
-    # @!attribute [rw] encryption_required
+    # Whether or not the whole session needs to be encrypted (SMB 3.x)
+    # @!attribute [rw] session_encrypt_data
     #   @return [Boolean]
-    attr_accessor :encryption_required
+    attr_accessor :session_encrypt_data
 
     # The encryption algorithms supported by the server (SMB 3.x).
     # @!attribute [rw] server_encryption_algorithms
@@ -233,6 +233,25 @@ module RubySMB
     #     (constants defined in RubySMB::SMB2::CompressionCapabilities)
     attr_accessor :server_compression_algorithms
 
+    # The GUID of the server (SMB 2.x and 3.x).
+    # @!attribute [rw] server_guid
+    #   @return [String]
+    attr_accessor :server_guid
+
+    # The server's start time if it is reported as part of the negotiation
+    # process (SMB 2.x and 3.x). This value is nil if the server does not report
+    # it (reports a value of 0).
+    # @!attribute [rw] server_start_time
+    #   @return [Time] the time that the server reports that it was started at
+    attr_accessor :server_start_time
+
+    # The server's current time if it is reported as part of the negotiation
+    # process (SMB 2.x and 3.x). This value is nil if the server does not report
+    # it (reports a value of 0).
+    # @!attribute [rw] server_system_time
+    #   @return [Time] the time that the server reports as current
+    attr_accessor :server_system_time
+
     # The SMB version that has been successfully negotiated. This value is only
     # set after the NEGOTIATE handshake has been performed.
     # @!attribute [rw] negotiated_smb_version
@@ -268,12 +287,13 @@ module RubySMB
       @server_max_transact_size = RubySMB::SMB2::File::MAX_PACKET_SIZE
 
       # SMB 3.x options
-      @encryption_required = always_encrypt
+      @session_encrypt_data = always_encrypt
 
       negotiate_version_flag = 0x02000000
       flags = Net::NTLM::Client::DEFAULT_FLAGS |
         Net::NTLM::FLAGS[:TARGET_INFO] |
-        negotiate_version_flag
+        negotiate_version_flag ^
+        Net::NTLM::FLAGS[:OEM]
 
       @ntlm_client = Net::NTLM::Client.new(
         @username,
@@ -347,7 +367,8 @@ module RubySMB
       negotiate_version_flag = 0x02000000
       flags = Net::NTLM::Client::DEFAULT_FLAGS |
         Net::NTLM::FLAGS[:TARGET_INFO] |
-        negotiate_version_flag
+        negotiate_version_flag ^
+        Net::NTLM::FLAGS[:OEM]
 
       @ntlm_client = Net::NTLM::Client.new(
           @username,
@@ -398,6 +419,9 @@ module RubySMB
     # It will also sign the packet if neccessary.
     #
     # @param packet [RubySMB::GenericPacket] the request to be sent
+    # @param encrypt [Boolean] true if encryption has to be enabled for this transaction
+    #   (note that if @session_encrypt_data is set, encryption will be enabled
+    #   regardless of this parameter value)
     # @return [String] the raw response data received
     def send_recv(packet, encrypt: false)
       version = packet.packet_smb_version
@@ -419,7 +443,7 @@ module RubySMB
         packet = packet
       end
 
-      if can_be_encrypted?(packet) && encryption_supported? && (@encryption_required || encrypt)
+      if can_be_encrypted?(packet) && encryption_supported? && (@session_encrypt_data || encrypt)
         send_encrypt(packet)
         raw_response = recv_encrypt
         loop do
@@ -454,18 +478,19 @@ module RubySMB
         smb2_header.flags.async_command == 1
     end
 
-    # Check if the request packet can be encrypted. Per the SMB spec,
+    # Check if the request packet can be encrypted. Per the SMB2 spec,
     # SessionSetupRequest and NegotiateRequest must not be encrypted.
     #
     # @param packet [RubySMB::GenericPacket] the request packet
     # @return [Boolean] true if the packet can be encrypted
     def can_be_encrypted?(packet)
+      return false if packet.packet_smb_version == 'SMB1'
       [RubySMB::SMB2::Packet::SessionSetupRequest, RubySMB::SMB2::Packet::NegotiateRequest].none? do |klass|
         packet.is_a?(klass)
       end
     end
 
-    # Check if the current dialect support encryption.
+    # Check if the current dialect supports encryption.
     #
     # @return [Boolean] true if encryption is supported
     def encryption_supported?
@@ -486,7 +511,13 @@ module RubySMB
     #
     # @return [String] the raw unencrypted packet
     def recv_encrypt
-      raw_response = dispatcher.recv_packet
+      begin
+        raw_response = dispatcher.recv_packet
+      rescue RubySMB::Error::CommunicationError => e
+        raise RubySMB::Error::EncryptionError, "Communication error with the "\
+          "remote host: #{e.message}. The server supports encryption but was "\
+          "not able to handle the encrypted request."
+      end
       begin
         transform_response = RubySMB::SMB2::Packet::TransformHeader.read(raw_response)
       rescue IOError

data/lib/ruby_smb/client/authentication.rb

@@ -216,8 +216,8 @@ module RubySMB
         raw = smb2_ntlmssp_authenticate(type3_message, @session_id)
         response = smb2_ntlmssp_final_packet(raw)
 
-        if @smb3 && !@encryption_required && response.session_flags.encrypt_data == 1
-          @encryption_required = true
+        if @smb3 && !@session_encrypt_data && response.session_flags.encrypt_data == 1
+          @session_encrypt_data = true
         end
         ######
         # DEBUG

data/lib/ruby_smb/client/negotiation.rb

@@ -24,6 +24,7 @@ module RubySMB
         when '0x0311'
           parse_smb3_encryption_data(request_packet, response_packet)
         end
+
         # If the response contains the SMB2 wildcard revision number dialect;
         # it indicates that the server implements SMB 2.1 or future dialect
         # revisions and expects the client to send a subsequent SMB2 Negotiate
@@ -128,6 +129,8 @@ module RubySMB
           unless packet.dialect_revision.to_i == 0x02ff
             self.smb2 = packet.dialect_revision.to_i >= 0x0200 && packet.dialect_revision.to_i < 0x0300
             self.smb3 = packet.dialect_revision.to_i >= 0x0300 && packet.dialect_revision.to_i < 0x0400
+            # Only enable session encryption if the server supports it
+            @session_encrypt_data = self.smb3 && @session_encrypt_data && packet.capabilities.encryption == 1
           end
           self.signing_required = packet.security_mode.signing_required == 1 if self.smb2 || self.smb3
           self.dialect = "0x%04x" % packet.dialect_revision
@@ -137,6 +140,9 @@ module RubySMB
           # This value is used in SMB1 only but calculate a valid value anyway
           self.server_max_buffer_size = [self.server_max_read_size, self.server_max_write_size, self.server_max_transact_size].min
           self.negotiated_smb_version = self.smb2 ? 2 : 3
+          self.server_guid = packet.server_guid
+          self.server_start_time = packet.server_start_time.to_time if packet.server_start_time != 0
+          self.server_system_time = packet.system_time.to_time if packet.system_time != 0
           return "SMB#{self.negotiated_smb_version}"
         else
           error = 'Unable to negotiate with remote host'
@@ -198,6 +204,12 @@ module RubySMB
         # while being guaranteed to work with any modern Windows system. We can get more sophisticated
         # with switching this on and off at a later date if the need arises.
         packet.smb_header.flags2.extended_security = 1
+        # Recent Mac OS X requires the unicode flag to be set on the Negotiate
+        # SMB Header request, even if this packet does not contain string fields
+        # (see Flags2 SMB_FLAGS2_UNICODE definition in "2.2.3.1 The SMB Header"
+        # documentation:
+        # https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-cifs/69a29f73-de0c-45a6-a1aa-8ceeea42217f
+        packet.smb_header.flags2.unicode = 1
         # There is no real good reason to ever send an SMB1 Negotiate packet
         # to Negotiate strictly SMB2, but the protocol WILL support it
         packet.add_dialect(SMB1_DIALECT_SMB1_DEFAULT) if smb1

data/lib/ruby_smb/dispatcher/socket.rb

@@ -61,13 +61,14 @@ module RubySMB
       #   which are assumed to be the NetBiosSessionService header.
       # @raise [RubySMB::Error::CommunicationError] if the read timeout expires or an error occurs when reading the socket
       def recv_packet(full_response: false)
+        raise RubySMB::Error::CommunicationError, 'Connection has already been closed' if @tcp_socket.closed?
         if IO.select([@tcp_socket], nil, nil, @read_timeout).nil?
           raise RubySMB::Error::CommunicationError, "Read timeout expired when reading from the Socket (timeout=#{@read_timeout})"
         end
 
         begin
           nbss_data = @tcp_socket.read(4)
-          raise IOError if nbss_data.nil?
+          raise RubySMB::Error::CommunicationError, 'Socket read returned nil' if nbss_data.nil?
           nbss_header = RubySMB::Nbss::SessionHeader.read(nbss_data)
         rescue IOError
           raise ::RubySMB::Error::NetBiosSessionService, 'NBSS Header is missing'

data/lib/ruby_smb/smb1/tree.rb

@@ -123,6 +123,15 @@ module RubySMB
         raw_response = @client.send_recv(nt_create_andx_request)
         response = RubySMB::SMB1::Packet::NtCreateAndxResponse.read(raw_response)
         unless response.valid?
+          if response.is_a?(RubySMB::SMB1::Packet::EmptyPacket) &&
+               response.smb_header.protocol == RubySMB::SMB1::SMB_PROTOCOL_ID &&
+               response.smb_header.command == response.original_command
+            raise RubySMB::Error::InvalidPacket.new(
+              'The response seems to be an SMB1 NtCreateAndxResponse but an '\
+              'error occurs while parsing it. It is probably missing the '\
+              'required extended information.'
+            )
+          end
           raise RubySMB::Error::InvalidPacket.new(
             expected_proto: RubySMB::SMB1::SMB_PROTOCOL_ID,
             expected_cmd:   RubySMB::SMB1::Packet::NtCreateAndxResponse::COMMAND,

data/lib/ruby_smb/smb2/file.rb

@@ -52,10 +52,10 @@ module RubySMB
       #   @return [RubySMB::SMB2::Tree]
       attr_accessor :tree
 
-      # Whether or not encryption is required (SMB 3.x)
-      # @!attribute [rw] encryption_required
+      # Whether or not the share associated with this tree connect needs to be encrypted (SMB 3.x)
+      # @!attribute [rw] tree_connect_encrypt_data
       #   @return [Boolean]
-      attr_accessor :encryption_required
+      attr_accessor :tree_connect_encrypt_data
 
       def initialize(tree:, response:, name:, encrypt: false)
         raise ArgumentError, 'No Tree Provided' if tree.nil?
@@ -71,7 +71,7 @@ module RubySMB
         @last_write   = response.last_write.to_datetime
         @size         = response.end_of_file
         @size_on_disk = response.allocation_size
-        @encryption_required = encrypt
+        @tree_connect_encrypt_data = encrypt
       end
 
       # Appends the supplied data to the end of the file.
@@ -89,7 +89,7 @@ module RubySMB
       # @raise [RubySMB::Error::UnexpectedStatusCode] if the response NTStatus is not STATUS_SUCCESS
       def close
         close_request = set_header_fields(RubySMB::SMB2::Packet::CloseRequest.new)
-        raw_response  = tree.client.send_recv(close_request, encrypt: @encryption_required)
+        raw_response  = tree.client.send_recv(close_request, encrypt: @tree_connect_encrypt_data)
         response = RubySMB::SMB2::Packet::CloseResponse.read(raw_response)
         unless response.valid?
           raise RubySMB::Error::InvalidPacket.new(
@@ -122,7 +122,7 @@ module RubySMB
                            end
 
         read_request = read_packet(read_length: atomic_read_size, offset: offset)
-        raw_response = tree.client.send_recv(read_request, encrypt: @encryption_required)
+        raw_response = tree.client.send_recv(read_request, encrypt: @tree_connect_encrypt_data)
         response     = RubySMB::SMB2::Packet::ReadResponse.read(raw_response)
         unless response.valid?
           raise RubySMB::Error::InvalidPacket.new(
@@ -145,7 +145,7 @@ module RubySMB
           atomic_read_size = remaining_bytes if remaining_bytes < tree.client.server_max_read_size
 
           read_request = read_packet(read_length: atomic_read_size, offset: offset)
-          raw_response = tree.client.send_recv(read_request, encrypt: @encryption_required)
+          raw_response = tree.client.send_recv(read_request, encrypt: @tree_connect_encrypt_data)
           response     = RubySMB::SMB2::Packet::ReadResponse.read(raw_response)
           unless response.valid?
             raise RubySMB::Error::InvalidPacket.new(
@@ -179,7 +179,7 @@ module RubySMB
 
       def send_recv_read(read_length: 0, offset: 0)
         read_request = read_packet(read_length: read_length, offset: offset)
-        raw_response = tree.client.send_recv(read_request, encrypt: @encryption_required)
+        raw_response = tree.client.send_recv(read_request, encrypt: @tree_connect_encrypt_data)
         response = RubySMB::SMB2::Packet::ReadResponse.read(raw_response)
         unless response.valid?
           raise RubySMB::Error::InvalidPacket.new(
@@ -200,7 +200,7 @@ module RubySMB
       # @return [WindowsError::ErrorCode] the NTStatus Response code
       # @raise [RubySMB::Error::InvalidPacket] if the response is not a SetInfoResponse packet
       def delete
-        raw_response = tree.client.send_recv(delete_packet, encrypt: @encryption_required)
+        raw_response = tree.client.send_recv(delete_packet, encrypt: @tree_connect_encrypt_data)
         response = RubySMB::SMB2::Packet::SetInfoResponse.read(raw_response)
         unless response.valid?
           raise RubySMB::Error::InvalidPacket.new(
@@ -250,7 +250,7 @@ module RubySMB
 
         while buffer.length > 0 do
           write_request = write_packet(data: buffer.slice!(0,atomic_write_size), offset: offset)
-          raw_response  = tree.client.send_recv(write_request, encrypt: @encryption_required)
+          raw_response  = tree.client.send_recv(write_request, encrypt: @tree_connect_encrypt_data)
           response      = RubySMB::SMB2::Packet::WriteResponse.read(raw_response)
           unless response.valid?
             raise RubySMB::Error::InvalidPacket.new(
@@ -283,7 +283,7 @@ module RubySMB
 
       def send_recv_write(data:'', offset: 0)
         pkt = write_packet(data: data, offset: offset)
-        raw_response = tree.client.send_recv(pkt, encrypt: @encryption_required)
+        raw_response = tree.client.send_recv(pkt, encrypt: @tree_connect_encrypt_data)
         response = RubySMB::SMB2::Packet::WriteResponse.read(raw_response)
         unless response.valid?
           raise RubySMB::Error::InvalidPacket.new(
@@ -305,7 +305,7 @@ module RubySMB
       # @return [WindowsError::ErrorCode] the NTStatus Response code
       # @raise [RubySMB::Error::InvalidPacket] if the response is not a SetInfoResponse packet
       def rename(new_file_name)
-        raw_response = tree.client.send_recv(rename_packet(new_file_name), encrypt: @encryption_required)
+        raw_response = tree.client.send_recv(rename_packet(new_file_name), encrypt: @tree_connect_encrypt_data)
         response = RubySMB::SMB2::Packet::SetInfoResponse.read(raw_response)
         unless response.valid?
           raise RubySMB::Error::InvalidPacket.new(

data/lib/ruby_smb/smb2/packet/negotiate_response.rb

@@ -15,7 +15,7 @@ module RubySMB
         uint16              :dialect_revision,          label: 'Dialect Revision'
         uint16              :negotiate_context_count,   label: 'Negotiate Context Count', initial_value: -> { negotiate_context_list.size }, onlyif: -> { has_negotiate_context? }
         uint16              :reserved1,                 label: 'Reserved', initial_value: 0, onlyif: -> { !has_negotiate_context? }
-        string              :server_guid,               label: 'Server GUID',                  length: 16
+        string              :server_guid,               label: 'Server GUID', length: 16
         smb2_capabilities   :capabilities
         uint32              :max_transact_size,         label: 'Max Transaction Size'
         uint32              :max_read_size,             label: 'Max Read Size'

data/lib/ruby_smb/smb2/tree.rb

@@ -23,10 +23,10 @@ module RubySMB
       #   @return [Integer]
       attr_accessor :id
 
-      # Whether or not encryption is required (SMB 3.x)
-      # @!attribute [rw] encryption_required
+      # Whether or not the share associated with this tree connect needs to be encrypted (SMB 3.x)
+      # @!attribute [rw] tree_connect_encrypt_data
       #   @return [Boolean]
-      attr_accessor :encryption_required
+      attr_accessor :tree_connect_encrypt_data
 
       def initialize(client:, share:, response:, encrypt: false)
         @client              = client
@@ -34,7 +34,7 @@ module RubySMB
         @id                  = response.smb2_header.tree_id
         @permissions         = response.maximal_access
         @share_type          = response.share_type
-        @encryption_required = encrypt
+        @tree_connect_encrypt_data = encrypt
       end
 
       # Disconnects this Tree from the current session
@@ -44,7 +44,7 @@ module RubySMB
       def disconnect!
         request = RubySMB::SMB2::Packet::TreeDisconnectRequest.new
         request = set_header_fields(request)
-        raw_response = client.send_recv(request, encrypt: @encryption_required)
+        raw_response = client.send_recv(request, encrypt: @tree_connect_encrypt_data)
         response = RubySMB::SMB2::Packet::TreeDisconnectResponse.read(raw_response)
         unless response.valid?
           raise RubySMB::Error::InvalidPacket.new(
@@ -102,7 +102,7 @@ module RubySMB
         create_request.create_disposition   = disposition
         create_request.name                 = filename
 
-        raw_response  = client.send_recv(create_request, encrypt: @encryption_required)
+        raw_response  = client.send_recv(create_request, encrypt: @tree_connect_encrypt_data)
         response      = RubySMB::SMB2::Packet::CreateResponse.read(raw_response)
         unless response.valid?
           raise RubySMB::Error::InvalidPacket.new(
@@ -118,7 +118,7 @@ module RubySMB
 
         case @share_type
         when RubySMB::SMB2::Packet::TreeConnectResponse::SMB2_SHARE_TYPE_DISK
-          RubySMB::SMB2::File.new(name: filename, tree: self, response: response, encrypt: @encryption_required)
+          RubySMB::SMB2::File.new(name: filename, tree: self, response: response, encrypt: @tree_connect_encrypt_data)
         when RubySMB::SMB2::Packet::TreeConnectResponse::SMB2_SHARE_TYPE_PIPE
           RubySMB::SMB2::Pipe.new(name: filename, tree: self, response: response)
         # when RubySMB::SMB2::TreeConnectResponse::SMB2_SHARE_TYPE_PRINT
@@ -154,7 +154,7 @@ module RubySMB
         files = []
 
         loop do
-          response            = client.send_recv(directory_request, encrypt: @encryption_required)
+          response            = client.send_recv(directory_request, encrypt: @tree_connect_encrypt_data)
           directory_response  = RubySMB::SMB2::Packet::QueryDirectoryResponse.read(response)
           unless directory_response.valid?
             raise RubySMB::Error::InvalidPacket.new(
@@ -199,7 +199,7 @@ module RubySMB
 
         create_request  = open_directory_packet(directory: directory, disposition: disposition,
                                                 impersonation: impersonation, read: read, write: write, delete: delete)
-        raw_response    = client.send_recv(create_request, encrypt: @encryption_required)
+        raw_response    = client.send_recv(create_request, encrypt: @tree_connect_encrypt_data)
         response = RubySMB::SMB2::Packet::CreateResponse.read(raw_response)
         unless response.valid?
           raise RubySMB::Error::InvalidPacket.new(

data/lib/ruby_smb/version.rb

@@ -1,3 +1,3 @@
 module RubySMB
-  VERSION = '2.0.0'.freeze
+  VERSION = '2.0.1'.freeze
 end

data/spec/lib/ruby_smb/client_spec.rb

@@ -46,7 +46,7 @@ RSpec.describe RubySMB::Client do
   it { is_expected.to respond_to :encryption_algorithm }
   it { is_expected.to respond_to :client_encryption_key }
   it { is_expected.to respond_to :server_encryption_key }
-  it { is_expected.to respond_to :encryption_required }
+  it { is_expected.to respond_to :session_encrypt_data }
   it { is_expected.to respond_to :server_encryption_algorithms }
   it { is_expected.to respond_to :server_compression_algorithms }
   it { is_expected.to respond_to :negotiated_smb_version }
@@ -106,9 +106,9 @@ RSpec.describe RubySMB::Client do
       expect(client.password).to eq password
     end
 
-    it 'sets the encryption_required attribute' do
+    it 'sets the session_encrypt_data attribute' do
       client =  described_class.new(dispatcher, username: username, password: password, always_encrypt: true)
-      expect(client.encryption_required).to eq true
+      expect(client.session_encrypt_data).to eq true
     end
 
     it 'creates an NTLM client' do
@@ -125,7 +125,7 @@ RSpec.describe RubySMB::Client do
         expect(opt[:workstation]).to eq(local_workstation)
         expect(opt[:domain]).to eq(domain)
         flags = Net::NTLM::Client::DEFAULT_FLAGS |
-          Net::NTLM::FLAGS[:TARGET_INFO] | 0x02000000
+          Net::NTLM::FLAGS[:TARGET_INFO] | 0x02000000 ^ Net::NTLM::FLAGS[:OEM]
         expect(opt[:flags]).to eq(flags)
       end
 
@@ -191,11 +191,6 @@ RSpec.describe RubySMB::Client do
       allow(dispatcher).to receive(:recv_packet).and_return('A')
     end
 
-    it 'checks the packet version' do
-      expect(smb1_request).to receive(:packet_smb_version).and_call_original
-      client.send_recv(smb1_request)
-    end
-
     context 'when signing' do
       it 'calls #smb1_sign if it is an SMB1 packet' do
         expect(client).to receive(:smb1_sign).with(smb1_request).and_call_original
@@ -322,6 +317,11 @@ RSpec.describe RubySMB::Client do
       expect(client.can_be_encrypted?(packet)).to be true
     end
 
+    it 'returns false if it is an SMB1 packet' do
+      packet = RubySMB::SMB1::Packet::LogoffRequest.new
+      expect(client.can_be_encrypted?(packet)).to be false
+    end
+
     [RubySMB::SMB2::Packet::SessionSetupRequest, RubySMB::SMB2::Packet::NegotiateRequest].each do |klass|
       it "returns false if the packet is a #{klass}" do
         packet = klass.new
@@ -385,6 +385,15 @@ RSpec.describe RubySMB::Client do
       expect(dispatcher).to have_received(:recv_packet)
     end
 
+    it 'raises an EncryptionError exception if an error occurs while receiving the response' do
+      allow(dispatcher).to receive(:recv_packet).and_raise(RubySMB::Error::CommunicationError)
+      expect { client.recv_encrypt }.to raise_error(
+        RubySMB::Error::EncryptionError,
+        'Communication error with the remote host: RubySMB::Error::CommunicationError. '\
+        'The server supports encryption but was not able to handle the encrypted request.'
+      )
+    end
+
     it 'parses the response as a Transform response packet' do
       expect(RubySMB::SMB2::Packet::TransformHeader).to receive(:read).with(packet.to_binary_s)
       client.recv_encrypt
@@ -392,7 +401,7 @@ RSpec.describe RubySMB::Client do
 
     it 'raises an InvalidPacket exception if an error occurs while parsing the response' do
       allow(RubySMB::SMB2::Packet::TransformHeader).to receive(:read).and_raise(IOError)
-      expect { client.recv_encrypt}.to raise_error(RubySMB::Error::InvalidPacket, 'Not a SMB2 TransformHeader packet')
+      expect { client.recv_encrypt }.to raise_error(RubySMB::Error::InvalidPacket, 'Not a SMB2 TransformHeader packet')
     end
 
     it 'decrypts the Transform response packet' do
@@ -403,10 +412,10 @@ RSpec.describe RubySMB::Client do
     end
 
     it 'raises an EncryptionError exception if an error occurs while decrypting' do
-      allow(client).to receive(:smb3_decrypt).and_raise(RubySMB::Error::RubySMBError )
-      expect { client.recv_encrypt}.to raise_error(
+      allow(client).to receive(:smb3_decrypt).and_raise(RubySMB::Error::RubySMBError)
+      expect { client.recv_encrypt }.to raise_error(
         RubySMB::Error::EncryptionError,
-        "Error while decrypting RubySMB::SMB2::Packet::TransformHeader packet (SMB 0x0300}): RubySMB::Error::RubySMBError"
+        'Error while decrypting RubySMB::SMB2::Packet::TransformHeader packet (SMB 0x0300}): RubySMB::Error::RubySMBError'
       )
     end
   end
@@ -1050,6 +1059,42 @@ RSpec.describe RubySMB::Client do
         it 'returns the string \'SMB2\'' do
           expect(client.parse_negotiate_response(smb3_response)).to eq ('SMB3')
         end
+
+        context 'when the server supports encryption' do
+          before :example do
+            smb3_response.capabilities.encryption = 1
+          end
+
+          it 'keeps session encryption enabled if it was already' do
+            client.session_encrypt_data = true
+            client.parse_negotiate_response(smb3_response)
+            expect(client.session_encrypt_data).to be true
+          end
+
+          it 'keeps session encryption disabled if it was already' do
+            client.session_encrypt_data = false
+            client.parse_negotiate_response(smb3_response)
+            expect(client.session_encrypt_data).to be false
+          end
+        end
+
+        context 'when the server does not support encryption' do
+          before :example do
+            smb3_response.capabilities.encryption = 0
+          end
+
+          it 'disables session encryption if it was already enabled' do
+            client.session_encrypt_data = true
+            client.parse_negotiate_response(smb3_response)
+            expect(client.session_encrypt_data).to be false
+          end
+
+          it 'keeps session encryption disabled if it was already' do
+            client.session_encrypt_data = false
+            client.parse_negotiate_response(smb3_response)
+            expect(client.session_encrypt_data).to be false
+          end
+        end
       end
 
       context 'when the response contains the SMB2 wildcard revision number dialect' do
@@ -1710,22 +1755,22 @@ RSpec.describe RubySMB::Client do
           smb2_client.smb2_authenticate
         end
 
-        context 'when setting the encryption_required parameter' do
+        context 'when setting the session_encrypt_data parameter' do
           before :example do
             smb2_client.smb3 = true
-            smb2_client.encryption_required = false
+            smb2_client.session_encrypt_data = false
           end
 
-          it 'sets the encryption_required parameter to true if the server requires encryption' do
+          it 'sets the session_encrypt_data parameter to true if the server requires encryption' do
             final_response_packet.session_flags.encrypt_data = 1
             smb2_client.smb2_authenticate
-            expect(smb2_client.encryption_required).to be true
+            expect(smb2_client.session_encrypt_data).to be true
           end
 
-          it 'does not set the encryption_required parameter if the server does not require encryption' do
+          it 'does not set the session_encrypt_data parameter if the server does not require encryption' do
             final_response_packet.session_flags.encrypt_data = 0
             smb2_client.smb2_authenticate
-            expect(smb2_client.encryption_required).to be false
+            expect(smb2_client.session_encrypt_data).to be false
           end
         end
       end

data/spec/lib/ruby_smb/dispatcher/socket_spec.rb

@@ -51,9 +51,9 @@ RSpec.describe RubySMB::Dispatcher::Socket do
     let(:session_header)  { RubySMB::Nbss::SessionHeader.new }
 
     context 'when reading from the socket results in a nil value' do
-      it 'should raise Error::NetBiosSessionService' do
+      it 'should raise Error::CommunicationError' do
         smb_socket.tcp_socket = blank_socket
-        expect { smb_socket.recv_packet }.to raise_error(::RubySMB::Error::NetBiosSessionService)
+        expect { smb_socket.recv_packet }.to raise_error(::RubySMB::Error::CommunicationError)
       end
     end
 

data/spec/lib/ruby_smb/smb2/file_spec.rb

@@ -43,7 +43,7 @@ RSpec.describe RubySMB::SMB2::File do
   it { is_expected.to respond_to :size }
   it { is_expected.to respond_to :size_on_disk }
   it { is_expected.to respond_to :tree }
-  it { is_expected.to respond_to :encryption_required }
+  it { is_expected.to respond_to :tree_connect_encrypt_data }
 
   it 'pulls the attributes from the response packet' do
     expect(file.attributes).to eq create_response.file_attributes
@@ -73,8 +73,8 @@ RSpec.describe RubySMB::SMB2::File do
     expect(file.size_on_disk).to eq create_response.allocation_size
   end
 
-  it 'sets the encryption_required flag to false by default' do
-    expect(file.encryption_required).to be false
+  it 'sets the tree_connect_encrypt_data flag to false by default' do
+    expect(file.tree_connect_encrypt_data).to be false
   end
 
   describe '#set_header_fields' do
@@ -132,7 +132,7 @@ RSpec.describe RubySMB::SMB2::File do
       end
 
       it 'calls Client #send_recv with encryption set if required' do
-        file.encryption_required = true
+        file.tree_connect_encrypt_data = true
         expect(client).to receive(:send_recv).with(small_read, encrypt: true)
         file.read
       end
@@ -177,7 +177,7 @@ RSpec.describe RubySMB::SMB2::File do
       it 'calls Client #send_recv with encryption set if required' do
         read_request = double('Read Request')
         allow(file).to receive(:read_packet).and_return(read_request)
-        file.encryption_required = true
+        file.tree_connect_encrypt_data = true
         expect(client).to receive(:send_recv).twice.with(read_request, encrypt: true)
         file.read(bytes: (described_class::MAX_PACKET_SIZE * 2))
       end
@@ -235,7 +235,7 @@ RSpec.describe RubySMB::SMB2::File do
       it 'calls Client #send_recv with encryption set if required' do
         write_request = double('Write Request')
         allow(file).to receive(:write_packet).and_return(write_request)
-        file.encryption_required = true
+        file.tree_connect_encrypt_data = true
         expect(client).to receive(:send_recv).once.with(write_request, encrypt: true).and_return(write_response.to_binary_s)
         file.write(data: 'test')
       end
@@ -250,7 +250,7 @@ RSpec.describe RubySMB::SMB2::File do
       it 'calls Client #send_recv with encryption set if required' do
         write_request = double('Write Request')
         allow(file).to receive(:write_packet).and_return(write_request)
-        file.encryption_required = true
+        file.tree_connect_encrypt_data = true
         expect(client).to receive(:send_recv).twice.with(write_request, encrypt: true).and_return(write_response.to_binary_s)
         file.write(data: SecureRandom.random_bytes(described_class::MAX_PACKET_SIZE + 1))
       end
@@ -307,7 +307,7 @@ RSpec.describe RubySMB::SMB2::File do
       it 'calls Client #send_recv with encryption set if required' do
         allow(file).to receive(:delete_packet)
         allow(RubySMB::SMB2::Packet::SetInfoResponse).to receive(:read).and_return(small_response)
-        file.encryption_required = true
+        file.tree_connect_encrypt_data = true
         expect(client).to receive(:send_recv).with(small_delete, encrypt: true)
         file.delete
       end
@@ -349,7 +349,7 @@ RSpec.describe RubySMB::SMB2::File do
 
       it 'calls Client #send_recv with encryption set if required' do
         allow(RubySMB::SMB2::Packet::SetInfoResponse).to receive(:read).and_return(small_response)
-        file.encryption_required = true
+        file.tree_connect_encrypt_data = true
         expect(client).to receive(:send_recv).with(small_rename, encrypt: true)
         file.rename('new_file.txt')
       end
@@ -393,7 +393,7 @@ RSpec.describe RubySMB::SMB2::File do
     end
 
     it 'calls Client #send_recv with encryption set if required' do
-      file.encryption_required = true
+      file.tree_connect_encrypt_data = true
       expect(client).to receive(:send_recv).with(request, encrypt: true)
       file.close
     end
@@ -465,7 +465,7 @@ RSpec.describe RubySMB::SMB2::File do
     it 'calls Client #send_recv with encryption set if required' do
       request = double('Request')
       allow(file).to receive(:read_packet).and_return(request)
-      file.encryption_required = true
+      file.tree_connect_encrypt_data = true
       expect(client).to receive(:send_recv).with(request, encrypt: true)
       file.send_recv_read
     end
@@ -528,7 +528,7 @@ RSpec.describe RubySMB::SMB2::File do
     end
 
     it 'calls Client #send_recv with encryption set if required' do
-      file.encryption_required = true
+      file.tree_connect_encrypt_data = true
       expect(client).to receive(:send_recv).with(request, encrypt: true)
       file.send_recv_write
     end

data/spec/lib/ruby_smb/smb2/tree_spec.rb

@@ -26,7 +26,7 @@ RSpec.describe RubySMB::SMB2::Tree do
   it { is_expected.to respond_to :permissions }
   it { is_expected.to respond_to :share }
   it { is_expected.to respond_to :id }
-  it { is_expected.to respond_to :encryption_required }
+  it { is_expected.to respond_to :tree_connect_encrypt_data }
 
   it 'inherits the client that spawned it' do
     expect(tree.client).to eq client
@@ -51,7 +51,7 @@ RSpec.describe RubySMB::SMB2::Tree do
 
     it 'calls Client #send_recv with encryption set if required' do
       allow(tree).to receive(:set_header_fields).and_return(disco_req)
-      tree.encryption_required = true
+      tree.tree_connect_encrypt_data = true
       expect(client).to receive(:send_recv).with(disco_req, encrypt: true).and_return(disco_resp.to_binary_s)
       tree.disconnect!
     end
@@ -147,7 +147,7 @@ RSpec.describe RubySMB::SMB2::Tree do
 
     it 'calls Client #send_recv with encryption set if required' do
       allow(tree).to receive(:open_directory_packet).and_return(create_req)
-      tree.encryption_required = true
+      tree.tree_connect_encrypt_data = true
       expect(client).to receive(:send_recv).with(create_req, encrypt: true).and_return(create_response.to_binary_s)
       tree.open_directory
     end
@@ -229,7 +229,7 @@ RSpec.describe RubySMB::SMB2::Tree do
 
     it 'calls Client #send_recv with encryption set if required' do
       allow(tree).to receive(:set_header_fields).and_return(query_dir_req)
-      tree.encryption_required = true
+      tree.tree_connect_encrypt_data = true
       expect(client).to receive(:send_recv).with(query_dir_req, encrypt: true)
       tree.list
     end
@@ -437,7 +437,7 @@ RSpec.describe RubySMB::SMB2::Tree do
     end
 
     it 'calls Client #send_recv with encryption set if required' do
-      tree.encryption_required = true
+      tree.tree_connect_encrypt_data = true
       expect(client).to receive(:send_recv).with(create_request, encrypt: true).and_return(create_response.to_binary_s)
       tree.open_file(filename: filename)
     end
@@ -459,7 +459,7 @@ RSpec.describe RubySMB::SMB2::Tree do
         context 'when encryption is required' do
           it 'returns the expected RubySMB::SMB2::File object' do
             file_obj = RubySMB::SMB2::File.new(name: filename, tree: tree, response: create_response, encrypt: true)
-            tree.encryption_required = true
+            tree.tree_connect_encrypt_data = true
             expect(RubySMB::SMB2::File).to receive(:new).with(name: filename, tree: tree, response: create_response, encrypt: true).and_return(file_obj)
             expect(tree.open_file(filename: filename)).to eq(file_obj)
           end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ruby_smb
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.0.1
 platform: ruby
 authors:
 - Metasploit Hackers
@@ -97,7 +97,7 @@ cert_chain:
   JI/W23RbIRksG2pioMhd4dCXq3FLLlkOV1YfCwWixNB+iIhQPPZVaPNfgPhCn4Dt
   DeGjje/qA4fkLtRmOtb9PUBq3ToRDE4=
   -----END CERTIFICATE-----
-date: 2020-06-09 00:00:00.000000000 Z
+date: 2020-06-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: redcarpet