ruby_smb 2.0.4 → 2.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 43f9f98936e870ad767348eb90c66f17eaf5e56c62b7792e13502c860bf8c4f1
-  data.tar.gz: b57d0bdee72f2fde7ee700771f85cd0f442f3ca5be70b4564b1598df05474860
+  metadata.gz: 896580b7c9baf63e5028f31462f29555a8db4e74e85d5e16b451f41336d3be62
+  data.tar.gz: 534d7f287cd36e68e1a385f5f639ade86a6f1b8b2ca308417ce8f5a66239743e
 SHA512:
-  metadata.gz: '08c1bea7f46add92b4bf6746ec3794a7845a0d0dccb8a8d338d7b3fd07133b670b5509bfd1a71fa10dcc11059bcd01b38a0da664c9fe7b86aa8d58738d0215e8'
-  data.tar.gz: 69efcb218b522cd233a593ccd281786732f76c717349f44c776a1a7f9790a697b46ccc63b60ab01b31b58ab38487c2d0c3ff3db7c99f55dd7fda469c1ecc5d90
+  metadata.gz: 656efd29de839b2eb6ef4cc79aa098ca2570d13795510987ccb9b30a6d0e5ec3d052626c17dcb9a879aab6ca9a9993e0361912dffde303a254f72c0c5e504abc
+  data.tar.gz: 9c88d2a160ed0dfa16ec3a953f3b91a74b380b4c132e3d681d36bcf2fbd4a6a78f8ac7aa5f29920e739f41dacb74b661b5cbf81750ea78359b893ec044139a80

data/lib/ruby_smb/dcerpc.rb

@@ -13,14 +13,16 @@ module RubySMB
     require 'ruby_smb/dcerpc/rpc_security_attributes'
     require 'ruby_smb/dcerpc/pdu_header'
     require 'ruby_smb/dcerpc/srvsvc'
-    require 'ruby_smb/dcerpc/winreg'
     require 'ruby_smb/dcerpc/svcctl'
+    require 'ruby_smb/dcerpc/winreg'
+    require 'ruby_smb/dcerpc/netlogon'
     require 'ruby_smb/dcerpc/request'
     require 'ruby_smb/dcerpc/response'
     require 'ruby_smb/dcerpc/bind'
     require 'ruby_smb/dcerpc/bind_ack'
 
 
+
     # Bind to the remote server interface endpoint.
     #
     # @param options [Hash] the options to pass to the Bind request packet. At least, :endpoint must but provided with an existing Dcerpc class

data/lib/ruby_smb/dcerpc/ndr.rb

@@ -7,6 +7,9 @@ module RubySMB
       VER_MAJOR = 2
       VER_MINOR = 0
 
+      # An NDR Enum type as defined in
+      # [Transfer Syntax NDR - Enumerated Types](https://pubs.opengroup.org/onlinepubs/9629399/chap14.htm#tagcjh_19_02_05_01)
+      class NdrEnum < BinData::Int16le; end
 
       # An NDR Conformant and Varying String representation as defined in
       # [Transfer Syntax NDR - Conformant and Varying Strings](http://pubs.opengroup.org/onlinepubs/9629399/chap14.htm#tagcjh_19_03_04_02)
@@ -92,6 +95,100 @@ module RubySMB
         end
       end
 
+      # An NDR Uni-dimensional Fixed Array of bytes representation as defined in:
+      # [Transfer Syntax NDR - NDR Constructed Types](https://pubs.opengroup.org/onlinepubs/9629399/chap14.htm#tagcjh_19_03_03_01)
+      class NdrFixedByteArray < BinData::BasePrimitive
+        optional_parameters :read_length, :length, :pad_byte, :pad_front
+        default_parameters pad_byte: 0
+        mutually_exclusive_parameters :length, :value
+
+        def initialize_shared_instance
+          if (has_parameter?(:value) || has_parameter?(:asserted_value)) && !has_parameter?(:read_length)
+            extend WarnNoReadLengthPlugin
+          end
+          super
+        end
+
+        def assign(val)
+          super(fixed_byte_array(val))
+        end
+
+        def snapshot
+          clamp_to_length(super)
+        end
+
+        class << self
+          def arg_processor
+            NdrFixedByteArrayArgProcessor.new
+          end
+        end
+
+        private
+
+        def clamp_to_length(val)
+          val = fixed_byte_array(val)
+          len = eval_parameter(:length) || val.length
+          if val.length > len
+            val = val.first(len)
+          elsif val.length < len
+            pad = eval_parameter(:pad_byte)
+            if get_parameter(:pad_front)
+              val = val.insert(0, *Array.new(len - val.length, pad))
+            else
+              val = val.fill(pad, val.length...len)
+            end
+          end
+
+          val
+        end
+
+        def fixed_byte_array(val)
+          val = val.bytes if val.is_a? String
+          val.to_ary
+        end
+
+        def read_and_return_value(io)
+          len = eval_parameter(:read_length) || eval_parameter(:length) || 0
+          io.readbytes(len)
+        end
+
+        def sensible_default
+          [ ]
+        end
+
+        def value_to_binary_string(val)
+          clamp_to_length(val).pack('C*')
+        end
+
+        class NdrFixedByteArrayArgProcessor < BinData::BaseArgProcessor
+          def sanitize_parameters!(obj_class, obj_params)
+            obj_params.must_be_integer(:length, :pad_byte)
+            obj_params.sanitize(:pad_byte) { |byte| sanitized_pad_byte(byte) }
+          end
+
+          private
+
+          def sanitized_pad_byte(byte)
+            if byte.is_a?(String)
+              raise ArgumentError, ':pad_byte must not contain more than 1 byte' if byte.bytesize > 1
+
+              byte = byte.ord
+            end
+            raise ArgumentError, ':pad_byte must be within the range of 0 - 255' unless ((byte >= 0) && (byte <= 255))
+
+            byte
+          end
+        end
+
+        # Warns when reading if :value && no :read_length
+        module WarnNoReadLengthPlugin
+          def read_and_return_value(io)
+            warn "#{debug_name} does not have a :read_length parameter - returning empty array"
+            ""
+          end
+        end
+      end
+
       # An NDR Context Handle representation as defined in
       # [IDL Data Type Declarations - Basic Type Declarations](http://pubs.opengroup.org/onlinepubs/9629399/apdxn.htm#tagcjh_34_01)
       class NdrContextHandle < BinData::Primitive

data/lib/ruby_smb/dcerpc/netlogon.rb

@@ -0,0 +1,101 @@
+module RubySMB
+  module Dcerpc
+    module Netlogon
+
+      # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/592edbc8-f6f1-40c0-9ab3-fe6725ac6d7e
+      UUID = '12345678-1234-abcd-ef00-01234567cffb'
+      VER_MAJOR = 1
+      VER_MINOR = 0
+
+      # Operation numbers
+      NETR_SERVER_REQ_CHALLENGE = 4
+      NETR_SERVER_AUTHENTICATE3 = 26
+      NETR_SERVER_PASSWORD_SET2 = 30
+
+      # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/3b224201-b531-43e2-8c79-b61f6dea8640
+      class LogonsrvHandle < Ndr::NdrLpStr; end
+
+      # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/d55e2632-7163-4f6c-b662-4b870e8cc1cd
+      class NetlogonCredential < Ndr::NdrFixedByteArray
+        default_parameters length: 8
+      end
+
+      # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/76c93227-942a-4687-ab9d-9d972ffabdab
+      class NetlogonAuthenticator < BinData::Record
+        endian :little
+
+        netlogon_credential :credential
+        uint32              :timestamp
+      end
+
+      # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/4d1235e3-2c96-4e9f-a147-3cb338a0d09f
+      class NetlogonSecureChannelType < Ndr::NdrEnum
+        # enum example from dmendel/bindata#38 https://github.com/dmendel/bindata/issues/38#issuecomment-46397163
+        ALL = {
+          0 => :NullSecureChannel,
+          1 => :MsvApSecureChannel,
+          2 => :WorkstationSecureChannel,
+          3 => :TrustedDnsDomainSecureChannel,
+          4 => :TrustedDomainSecureChannel,
+          5 => :UasServerSecureChannel,
+          6 => :ServerSecureChannel,
+          7 => :CdcServerSecureChannel
+        }
+        ALL.each_pair { |val,sym| const_set(sym.to_s.gsub(/([a-z])([A-Z])/, '\1_\2').upcase, val) }
+        default_parameter assert: -> { ALL.keys.include? value }
+
+        def as_enum
+          ALL[value]
+        end
+
+        def assign(val)
+          if val.is_a? Symbol
+            val = ALL.key(val)
+            raise ArgumentError, 'invalid value name' if val.nil?
+          end
+
+          super
+        end
+      end
+
+      require 'ruby_smb/dcerpc/netlogon/netr_server_authenticate3_request'
+      require 'ruby_smb/dcerpc/netlogon/netr_server_authenticate3_response'
+      require 'ruby_smb/dcerpc/netlogon/netr_server_password_set2_request'
+      require 'ruby_smb/dcerpc/netlogon/netr_server_password_set2_response'
+      require 'ruby_smb/dcerpc/netlogon/netr_server_req_challenge_request'
+      require 'ruby_smb/dcerpc/netlogon/netr_server_req_challenge_response'
+
+      # Calculate the netlogon session key from the provided shared secret and
+      # challenges. The shared secret is an NTLM hash.
+      #
+      # @param shared_secret [String] the share secret between the client and the server
+      # @param client_challenge [String] the client challenge portion of the negotiation
+      # @param server_challenge [String] the server challenge portion of the negotiation
+      # @return [String] the session key for encryption
+      def self.calculate_session_key(shared_secret, client_challenge, server_challenge)
+        client_challenge = client_challenge.to_binary_s if client_challenge.is_a? NetlogonCredential
+        server_challenge = server_challenge.to_binary_s if server_challenge.is_a? NetlogonCredential
+
+        hmac = OpenSSL::HMAC.new(shared_secret, OpenSSL::Digest::SHA256.new)
+        hmac << client_challenge
+        hmac << server_challenge
+        hmac.digest.first(16)
+      end
+
+      # Encrypt the input data using the specified session key. This is used for
+      # certain Netlogon service operations including the authentication
+      # process. Per the specification, this uses AES-128-CFB8 with an all zero
+      # initialization vector.
+      #
+      # @param session_key [String] the session key to use for encryption (must be 16 bytes long)
+      # @param input_data [String] the data to encrypt
+      # @return [String] the encrypted data
+      def self.encrypt_credential(session_key, input_data)
+        cipher = OpenSSL::Cipher.new('AES-128-CFB8').encrypt
+        cipher.iv = "\x00" * 16
+        cipher.key = session_key
+        cipher.update(input_data) + cipher.final
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/netlogon/netr_server_authenticate3_request.rb

@@ -0,0 +1,28 @@
+require 'ruby_smb/dcerpc/ndr'
+
+module RubySMB
+  module Dcerpc
+    module Netlogon
+
+      # [3.5.4.4.2 NetrServerAuthenticate3 (Opnum 26)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/3a9ed16f-8014-45ae-80af-c0ecb06e2db9)
+      class NetrServerAuthenticate3Request < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        logonsrv_handle              :primary_name
+        ndr_string                   :account_name
+        netlogon_secure_channel_type :secure_channel_type
+        ndr_string                   :computer_name
+        netlogon_credential          :client_credential
+        uint32                       :flags
+
+        def initialize_instance
+          super
+          @opnum = NETR_SERVER_AUTHENTICATE3
+        end
+
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/netlogon/netr_server_authenticate3_response.rb

@@ -0,0 +1,26 @@
+require 'ruby_smb/dcerpc/ndr'
+
+module RubySMB
+  module Dcerpc
+    module Netlogon
+
+      # [3.5.4.4.2 NetrServerAuthenticate3 (Opnum 26)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/3a9ed16f-8014-45ae-80af-c0ecb06e2db9)
+      class NetrServerAuthenticate3Response < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        netlogon_credential :server_credential
+        uint32              :negotiate_flags
+        uint32              :account_rid
+        uint32              :error_status
+
+        def initialize_instance
+          super
+          @opnum = NETR_SERVER_AUTHENTICATE3
+        end
+
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/netlogon/netr_server_password_set2_request.rb

@@ -0,0 +1,27 @@
+require 'ruby_smb/dcerpc/ndr'
+
+module RubySMB
+  module Dcerpc
+    module Netlogon
+
+      # [3.5.4.4.5 NetrServerPasswordSet2 (Opnum 30)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/14b020a8-0bcf-4af5-ab72-cc92bc6b1d81)
+      class NetrServerPasswordSet2Request < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        logonsrv_handle              :primary_name
+        ndr_string                   :account_name
+        netlogon_secure_channel_type :secure_channel_type
+        ndr_string                   :computer_name
+        netlogon_authenticator       :authenticator
+        ndr_fixed_byte_array         :clear_new_password, length: 516 # this is an encrypted NL_TRUST_PASSWORD
+
+        def initialize_instance
+          super
+          @opnum = Netlogon::NETR_SERVER_PASSWORD_SET2
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/netlogon/netr_server_password_set2_response.rb

@@ -0,0 +1,23 @@
+require 'ruby_smb/dcerpc/ndr'
+
+module RubySMB
+  module Dcerpc
+    module Netlogon
+
+      # [3.5.4.4.5 NetrServerPasswordSet2 (Opnum 30)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/14b020a8-0bcf-4af5-ab72-cc92bc6b1d81)
+      class NetrServerPasswordSet2Response < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        netlogon_authenticator :return_authenticator
+        uint32                 :error_status
+
+        def initialize_instance
+          super
+          @opnum = Netlogon::NETR_SERVER_PASSWORD_SET2
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/netlogon/netr_server_req_challenge_request.rb

@@ -0,0 +1,25 @@
+require 'ruby_smb/dcerpc/ndr'
+
+module RubySMB
+  module Dcerpc
+    module Netlogon
+
+      # [3.5.4.4.1 NetrServerReqChallenge (Opnum 4)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/5ad9db9f-7441-4ce5-8c7b-7b771e243d32)
+      class NetrServerReqChallengeRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        logonsrv_handle     :primary_name
+        ndr_string          :computer_name
+        netlogon_credential :client_challenge
+
+        def initialize_instance
+          super
+          @opnum = NETR_SERVER_REQ_CHALLENGE
+        end
+
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/netlogon/netr_server_req_challenge_response.rb

@@ -0,0 +1,24 @@
+require 'ruby_smb/dcerpc/ndr'
+
+module RubySMB
+  module Dcerpc
+    module Netlogon
+
+      # [3.5.4.4.1 NetrServerReqChallenge (Opnum 4)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/5ad9db9f-7441-4ce5-8c7b-7b771e243d32)
+      class NetrServerReqChallengeResponse < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        netlogon_credential :server_challenge
+        uint32              :error_status
+
+        def initialize_instance
+          super
+          @opnum = NETR_SERVER_REQ_CHALLENGE
+        end
+
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/request.rb

@@ -31,6 +31,12 @@ module RubySMB
           save_key_request       RubySMB::Dcerpc::Winreg::REG_SAVE_KEY
           string                 :default
         end
+        choice 'Netlogon', selection: -> { opnum } do
+          netr_server_authenticate3_request RubySMB::Dcerpc::Netlogon::NETR_SERVER_AUTHENTICATE3
+          netr_server_password_set2_request RubySMB::Dcerpc::Netlogon::NETR_SERVER_PASSWORD_SET2
+          netr_server_req_challenge_request RubySMB::Dcerpc::Netlogon::NETR_SERVER_REQ_CHALLENGE
+          string                            :default
+        end
         choice 'Srvsvc', selection: -> { opnum } do
           net_share_enum_all RubySMB::Dcerpc::Srvsvc::NET_SHARE_ENUM_ALL, host: -> { host rescue '' }
           string             :default

data/lib/ruby_smb/smb1/pipe.rb

@@ -16,12 +16,14 @@ module RubySMB
       def initialize(tree:, response:, name:)
         raise ArgumentError, 'No Name Provided' if name.nil?
         case name
+        when 'netlogon', '\\netlogon'
+          extend RubySMB::Dcerpc::Netlogon
         when 'srvsvc', '\\srvsvc'
           extend RubySMB::Dcerpc::Srvsvc
-        when 'winreg', '\\winreg'
-          extend RubySMB::Dcerpc::Winreg
         when 'svcctl', '\\svcctl'
           extend RubySMB::Dcerpc::Svcctl
+        when 'winreg', '\\winreg'
+          extend RubySMB::Dcerpc::Winreg
         end
         super(tree: tree, response: response, name: name)
       end

data/lib/ruby_smb/smb2/pipe.rb

@@ -13,12 +13,14 @@ module RubySMB
       def initialize(tree:, response:, name:)
         raise ArgumentError, 'No Name Provided' if name.nil?
         case name
-        when 'srvsvc'
+        when 'netlogon', '\\netlogon'
+          extend RubySMB::Dcerpc::Netlogon
+        when 'srvsvc', '\\srvsvc'
           extend RubySMB::Dcerpc::Srvsvc
-        when 'winreg'
-          extend RubySMB::Dcerpc::Winreg
-        when 'svcctl'
+        when 'svcctl', '\\svcctl'
           extend RubySMB::Dcerpc::Svcctl
+        when 'winreg', '\\winreg'
+          extend RubySMB::Dcerpc::Winreg
         end
         super(tree: tree, response: response, name: name)
       end

data/lib/ruby_smb/version.rb

@@ -1,3 +1,3 @@
 module RubySMB
-  VERSION = '2.0.4'.freeze
+  VERSION = '2.0.5'.freeze
 end

data/spec/lib/ruby_smb/dcerpc/netlogon/netr_server_authenticate3_request_spec.rb

@@ -0,0 +1,69 @@
+RSpec.describe RubySMB::Dcerpc::Netlogon::NetrServerAuthenticate3Request do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :primary_name }
+  it { is_expected.to respond_to :account_name }
+  it { is_expected.to respond_to :secure_channel_type }
+  it { is_expected.to respond_to :computer_name }
+  it { is_expected.to respond_to :client_credential }
+  it { is_expected.to respond_to :flags }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  describe '#primary_name' do
+    it 'is a LogonsrvHandle structure' do
+      expect(packet.primary_name).to be_a RubySMB::Dcerpc::Netlogon::LogonsrvHandle
+    end
+  end
+
+  describe '#account_name' do
+    it 'is a NdrString structure' do
+      expect(packet.account_name).to be_a RubySMB::Dcerpc::Ndr::NdrString
+    end
+  end
+
+  describe '#secure_channel_type' do
+    it 'is a NetlogonSecureChannelType enum' do
+      expect(packet.secure_channel_type).to be_a RubySMB::Dcerpc::Netlogon::NetlogonSecureChannelType
+    end
+  end
+
+  describe '#computer_name' do
+    it 'is a NdrString structure' do
+      expect(packet.computer_name).to be_a RubySMB::Dcerpc::Ndr::NdrString
+    end
+  end
+
+  describe '#client_credential' do
+    it 'is a NetlogonCredential structure' do
+      expect(packet.client_credential).to be_a RubySMB::Dcerpc::Netlogon::NetlogonCredential
+    end
+  end
+
+  describe '#flags' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.flags).to be_a BinData::Uint32le
+    end
+  end
+
+  describe '#initialize_instance' do
+    it 'sets #opnum to NETR_SERVER_AUTHENTICATE3 constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Netlogon::NETR_SERVER_AUTHENTICATE3)
+    end
+  end
+
+  it 'reads its own binary representation and outputs the same packet' do
+    packet = described_class.new(
+      primary_name: 'primary_name',
+      account_name: 'account_name',
+      secure_channel_type: 0,
+      computer_name: 'computer_name',
+      client_credential: "\x00" * 8,
+      flags: rand(0xffffffff)
+    )
+    binary = packet.to_binary_s
+    expect(described_class.read(binary)).to eq(packet)
+  end
+end

data/spec/lib/ruby_smb/dcerpc/netlogon/netr_server_authenticate3_response_spec.rb

@@ -0,0 +1,53 @@
+RSpec.describe RubySMB::Dcerpc::Netlogon::NetrServerAuthenticate3Response do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :server_credential }
+  it { is_expected.to respond_to :negotiate_flags }
+  it { is_expected.to respond_to :account_rid }
+  it { is_expected.to respond_to :error_status }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  describe '#server_credential' do
+    it 'is a NetlogonCredential structure' do
+      expect(packet.server_credential).to be_a RubySMB::Dcerpc::Netlogon::NetlogonCredential
+    end
+  end
+
+  describe '#negotiate_flags' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.negotiate_flags).to be_a BinData::Uint32le
+    end
+  end
+
+  describe '#account_rid' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.account_rid).to be_a BinData::Uint32le
+    end
+  end
+
+  describe '#error_status' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.error_status).to be_a BinData::Uint32le
+    end
+  end
+
+  describe '#initialize_instance' do
+    it 'sets #opnum to NETR_SERVER_AUTHENTICATE3 constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Netlogon::NETR_SERVER_AUTHENTICATE3)
+    end
+  end
+
+  it 'reads its own binary representation and outputs the same packet' do
+    packet = described_class.new(
+      server_credential: "\x00" * 8,
+      negotiate_flags: rand(0xffffffff),
+      account_rid: rand(0xffffffff),
+      error_status: rand(0xffffffff)
+    )
+    binary = packet.to_binary_s
+    expect(described_class.read(binary)).to eq(packet)
+  end
+end

data/spec/lib/ruby_smb/dcerpc/netlogon/netr_server_password_set2_request_spec.rb

@@ -0,0 +1,69 @@
+RSpec.describe RubySMB::Dcerpc::Netlogon::NetrServerPasswordSet2Request do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :primary_name }
+  it { is_expected.to respond_to :account_name }
+  it { is_expected.to respond_to :secure_channel_type }
+  it { is_expected.to respond_to :computer_name }
+  it { is_expected.to respond_to :authenticator }
+  it { is_expected.to respond_to :clear_new_password }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  describe '#primary_name' do
+    it 'is a LogonsrvHandle structure' do
+      expect(packet.primary_name).to be_a RubySMB::Dcerpc::Netlogon::LogonsrvHandle
+    end
+  end
+
+  describe '#account_name' do
+    it 'is a NdrString structure' do
+      expect(packet.account_name).to be_a RubySMB::Dcerpc::Ndr::NdrString
+    end
+  end
+
+  describe '#secure_channel_type' do
+    it 'is a NetlogonSecureChannelType enum' do
+      expect(packet.secure_channel_type).to be_a RubySMB::Dcerpc::Netlogon::NetlogonSecureChannelType
+    end
+  end
+
+  describe '#computer_name' do
+    it 'is a NdrString structure' do
+      expect(packet.computer_name).to be_a RubySMB::Dcerpc::Ndr::NdrString
+    end
+  end
+
+  describe '#authenticator' do
+    it 'is a NetlogonAuthenticator structure' do
+      expect(packet.authenticator).to be_a RubySMB::Dcerpc::Netlogon::NetlogonAuthenticator
+    end
+  end
+
+  describe '#clear_new_password' do
+    it 'is a NdrFixedByteArray structure' do
+      expect(packet.clear_new_password).to be_a RubySMB::Dcerpc::Ndr::NdrFixedByteArray
+    end
+  end
+
+  describe '#initialize_instance' do
+    it 'sets #opnum to NETR_SERVER_PASSWORD_SET2 constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Netlogon::NETR_SERVER_PASSWORD_SET2)
+    end
+  end
+
+  it 'reads its own binary representation and outputs the same packet' do
+    packet = described_class.new(
+      primary_name: 'primary_name',
+      account_name: 'account_name',
+      secure_channel_type: 0,
+      computer_name: 'computer_name',
+      authenticator: RubySMB::Dcerpc::Netlogon::NetlogonAuthenticator.new,
+      clear_new_password: "\x00" * 516
+    )
+    binary = packet.to_binary_s
+    expect(described_class.read(binary)).to eq(packet)
+  end
+end

data/spec/lib/ruby_smb/dcerpc/netlogon/netr_server_password_set2_response_spec.rb

@@ -0,0 +1,37 @@
+RSpec.describe RubySMB::Dcerpc::Netlogon::NetrServerPasswordSet2Response do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :return_authenticator }
+  it { is_expected.to respond_to :error_status }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  describe '#return_authenticator' do
+    it 'is a NetlogonAuthenticator structure' do
+      expect(packet.return_authenticator).to be_a RubySMB::Dcerpc::Netlogon::NetlogonAuthenticator
+    end
+  end
+
+  describe '#error_status' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.error_status).to be_a BinData::Uint32le
+    end
+  end
+
+  describe '#initialize_instance' do
+    it 'sets #opnum to NETR_SERVER_PASSWORD_SET2 constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Netlogon::NETR_SERVER_PASSWORD_SET2)
+    end
+  end
+
+  it 'reads its own binary representation and outputs the same packet' do
+    packet = described_class.new(
+      return_authenticator: RubySMB::Dcerpc::Netlogon::NetlogonAuthenticator.new,
+      error_status: rand(0xffffffff)
+    )
+    binary = packet.to_binary_s
+    expect(described_class.read(binary)).to eq(packet)
+  end
+end

data/spec/lib/ruby_smb/dcerpc/netlogon/netr_server_req_challenge_request_spec.rb

@@ -0,0 +1,45 @@
+RSpec.describe RubySMB::Dcerpc::Netlogon::NetrServerReqChallengeRequest do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :primary_name }
+  it { is_expected.to respond_to :computer_name }
+  it { is_expected.to respond_to :client_challenge }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  describe '#primary_name' do
+    it 'is a LogonsrvHandle structure' do
+      expect(packet.primary_name).to be_a RubySMB::Dcerpc::Netlogon::LogonsrvHandle
+    end
+  end
+
+  describe '#computer_name' do
+    it 'is a NdrString structure' do
+      expect(packet.computer_name).to be_a RubySMB::Dcerpc::Ndr::NdrString
+    end
+  end
+
+  describe '#client_challenge' do
+    it 'is a NetlogonCredential structure' do
+      expect(packet.client_challenge).to be_a RubySMB::Dcerpc::Netlogon::NetlogonCredential
+    end
+  end
+
+  describe '#initialize_instance' do
+    it 'sets #opnum to NETR_SERVER_REQ_CHALLENGE constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Netlogon::NETR_SERVER_REQ_CHALLENGE)
+    end
+  end
+
+  it 'reads its own binary representation and outputs the same packet' do
+    packet = described_class.new(
+      primary_name: 'primary_name',
+      computer_name: 'computer_name',
+      client_challenge: "\x00" * 8,
+    )
+    binary = packet.to_binary_s
+    expect(described_class.read(binary)).to eq(packet)
+  end
+end

data/spec/lib/ruby_smb/dcerpc/netlogon/netr_server_req_challenge_response_spec.rb

@@ -0,0 +1,37 @@
+RSpec.describe RubySMB::Dcerpc::Netlogon::NetrServerReqChallengeResponse do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :server_challenge }
+  it { is_expected.to respond_to :error_status }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+
+  describe '#server_challenge' do
+    it 'is a NetlogonCredential structure' do
+      expect(packet.server_challenge).to be_a RubySMB::Dcerpc::Netlogon::NetlogonCredential
+    end
+  end
+
+  describe '#error_status' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.error_status).to be_a BinData::Uint32le
+    end
+  end
+
+  describe '#initialize_instance' do
+    it 'sets #opnum to NETR_SERVER_REQ_CHALLENGE constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Netlogon::NETR_SERVER_REQ_CHALLENGE)
+    end
+  end
+
+  it 'reads its own binary representation and outputs the same packet' do
+    packet = described_class.new(
+      server_challenge: "\x00" * 8,
+      error_status: rand(0xffffffff)
+    )
+    binary = packet.to_binary_s
+    expect(described_class.read(binary)).to eq(packet)
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ruby_smb
 version: !ruby/object:Gem::Version
-  version: 2.0.4
+  version: 2.0.5
 platform: ruby
 authors:
 - Metasploit Hackers
@@ -97,7 +97,7 @@ cert_chain:
   JI/W23RbIRksG2pioMhd4dCXq3FLLlkOV1YfCwWixNB+iIhQPPZVaPNfgPhCn4Dt
   DeGjje/qA4fkLtRmOtb9PUBq3ToRDE4=
   -----END CERTIFICATE-----
-date: 2020-08-28 00:00:00.000000000 Z
+date: 2020-09-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: redcarpet
@@ -290,6 +290,13 @@ files:
 - lib/ruby_smb/dcerpc/bind_ack.rb
 - lib/ruby_smb/dcerpc/error.rb
 - lib/ruby_smb/dcerpc/ndr.rb
+- lib/ruby_smb/dcerpc/netlogon.rb
+- lib/ruby_smb/dcerpc/netlogon/netr_server_authenticate3_request.rb
+- lib/ruby_smb/dcerpc/netlogon/netr_server_authenticate3_response.rb
+- lib/ruby_smb/dcerpc/netlogon/netr_server_password_set2_request.rb
+- lib/ruby_smb/dcerpc/netlogon/netr_server_password_set2_response.rb
+- lib/ruby_smb/dcerpc/netlogon/netr_server_req_challenge_request.rb
+- lib/ruby_smb/dcerpc/netlogon/netr_server_req_challenge_response.rb
 - lib/ruby_smb/dcerpc/p_syntax_id_t.rb
 - lib/ruby_smb/dcerpc/pdu_header.rb
 - lib/ruby_smb/dcerpc/ptypes.rb
@@ -523,6 +530,12 @@ files:
 - spec/lib/ruby_smb/dcerpc/bind_ack_spec.rb
 - spec/lib/ruby_smb/dcerpc/bind_spec.rb
 - spec/lib/ruby_smb/dcerpc/ndr_spec.rb
+- spec/lib/ruby_smb/dcerpc/netlogon/netr_server_authenticate3_request_spec.rb
+- spec/lib/ruby_smb/dcerpc/netlogon/netr_server_authenticate3_response_spec.rb
+- spec/lib/ruby_smb/dcerpc/netlogon/netr_server_password_set2_request_spec.rb
+- spec/lib/ruby_smb/dcerpc/netlogon/netr_server_password_set2_response_spec.rb
+- spec/lib/ruby_smb/dcerpc/netlogon/netr_server_req_challenge_request_spec.rb
+- spec/lib/ruby_smb/dcerpc/netlogon/netr_server_req_challenge_response_spec.rb
 - spec/lib/ruby_smb/dcerpc/p_syntax_id_t_spec.rb
 - spec/lib/ruby_smb/dcerpc/pdu_header_spec.rb
 - spec/lib/ruby_smb/dcerpc/request_spec.rb
@@ -751,6 +764,12 @@ test_files:
 - spec/lib/ruby_smb/dcerpc/bind_ack_spec.rb
 - spec/lib/ruby_smb/dcerpc/bind_spec.rb
 - spec/lib/ruby_smb/dcerpc/ndr_spec.rb
+- spec/lib/ruby_smb/dcerpc/netlogon/netr_server_authenticate3_request_spec.rb
+- spec/lib/ruby_smb/dcerpc/netlogon/netr_server_authenticate3_response_spec.rb
+- spec/lib/ruby_smb/dcerpc/netlogon/netr_server_password_set2_request_spec.rb
+- spec/lib/ruby_smb/dcerpc/netlogon/netr_server_password_set2_response_spec.rb
+- spec/lib/ruby_smb/dcerpc/netlogon/netr_server_req_challenge_request_spec.rb
+- spec/lib/ruby_smb/dcerpc/netlogon/netr_server_req_challenge_response_spec.rb
 - spec/lib/ruby_smb/dcerpc/p_syntax_id_t_spec.rb
 - spec/lib/ruby_smb/dcerpc/pdu_header_spec.rb
 - spec/lib/ruby_smb/dcerpc/request_spec.rb

metadata.gz.sig

@@ -1,2 +1 @@
-CpfDǵ�&K��:�Sm
�h�t	���HI��Ă)!����A
-�\ҝ�1��-�ق*��D��o��i����a=�h�o�df�E���`GLU�W&O�~�*'�d'UU�%�M2�
c[�YG���@2>�M�<�n6��Χm�qg3"n(��\�O�� �5��w�c�<rf�f�[�!��_�����I����S
�,�bf�9��R�U��UZ3�<(mj(��uN7E�����0�������0�Z
+
&���^����S��L�Q��� cdr���~�x��y����