RubyGems - ruby_smb - Versions diffs - 3.0.6 → 3.1.0 - Mend

ruby_smb 3.0.6 → 3.1.0

Files changed (78) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4dd0be012c18ad4e243cbfa2948fc620448766612b2f33be278583981fa2cf90
-  data.tar.gz: '07309ce54e701f2c3654a9cdbc8b3eff9d42d54451321e6e17a49d46ae4ce162'
+  metadata.gz: 582c72fe6559ee4c40aa9e33f77c6644669848ae3452c11095f31fb0b0fce387
+  data.tar.gz: 2791bfa79cb55e6ec6689782a747860287278bc42c38d6ecd03a66396efba200
 SHA512:
-  metadata.gz: ee506f05e67f8fa1a61b0d0f05470b41e20c5972c9c9584e8fe8069352a2cd09704b66d42856fb1330a93def276525b0d50047e93b981479c064c36f35f8298a
-  data.tar.gz: 78c37f1157393e17c51a6de7ff55fb25206e84f68740c958c406c36432ca90bc572716670640b9153a3ff66247dfcbeae8f4305f3c17cd91af64e8a4fc092894
+  metadata.gz: ae54e45927264996fbaed098e38f38d179c0750aa4d82073910364bdc3cb2719c8ec89c9f432554ef44a752b9aef3e4f945b73357b4694c7faa52f7025582efc
+  data.tar.gz: 0cf5036c07e48a2cb6a40bdb63e0ec18f0f20d7110af4938f3fc4067e77d99e084ac5cba0f255980b1b971f93985793cce8211f4496e9ffd6be0bc00ab5e2dd7

checksums.yaml.gz.sig CHANGED Viewed

Binary file

data/lib/ruby_smb/client/encryption.rb CHANGED Viewed

@@ -4,18 +4,24 @@ module RubySMB
     module Encryption
       def smb3_encrypt(data)
         unless @client_encryption_key
+          raise RubySMB::Error::EncryptionError.new('The encryption algorithm has not been set') if @encryption_algorithm.nil?
+          key_bit_len = OpenSSL::Cipher.new(@encryption_algorithm).key_len * 8
           case @dialect
           when '0x0300', '0x0302'
             @client_encryption_key = RubySMB::Crypto::KDF.counter_mode(
               @session_key,
               "SMB2AESCCM\x00",
-              "ServerIn \x00"
+              "ServerIn \x00",
+              length: key_bit_len
             )
           when '0x0311'
             @client_encryption_key = RubySMB::Crypto::KDF.counter_mode(
               @session_key,
               "SMBC2SCipherKey\x00",
-              @preauth_integrity_hash_value
+              @preauth_integrity_hash_value,
+              length: key_bit_len
             )
           else
             raise RubySMB::Error::EncryptionError.new('Dialect is incompatible with SMBv3 encryption')
@@ -33,18 +39,24 @@ module RubySMB
       def smb3_decrypt(th)
         unless @server_encryption_key
+          raise RubySMB::Error::EncryptionError.new('The encryption algorithm has not been set') if @encryption_algorithm.nil?
+          key_bit_len = OpenSSL::Cipher.new(@encryption_algorithm).key_len * 8
           case @dialect
           when '0x0300', '0x0302'
             @server_encryption_key = RubySMB::Crypto::KDF.counter_mode(
               @session_key,
               "SMB2AESCCM\x00",
-              "ServerOut\x00"
+              "ServerOut\x00",
+              length: key_bit_len
             )
           when '0x0311'
             @server_encryption_key = RubySMB::Crypto::KDF.counter_mode(
               @session_key,
               "SMBS2CCipherKey\x00",
-              @preauth_integrity_hash_value
+              @preauth_integrity_hash_value,
+              length: key_bit_len
             )
           else
             raise RubySMB::Error::EncryptionError.new('Dialect is incompatible with SMBv3 decryption')

data/lib/ruby_smb/client/negotiation.rb CHANGED Viewed

@@ -265,8 +265,10 @@ module RubySMB
           nc = RubySMB::SMB2::NegotiateContext.new(
             context_type: RubySMB::SMB2::NegotiateContext::SMB2_ENCRYPTION_CAPABILITIES
           )
-          nc.data.ciphers << RubySMB::SMB2::EncryptionCapabilities::AES_128_CCM
+          nc.data.ciphers << RubySMB::SMB2::EncryptionCapabilities::AES_256_GCM
+          nc.data.ciphers << RubySMB::SMB2::EncryptionCapabilities::AES_256_CCM
           nc.data.ciphers << RubySMB::SMB2::EncryptionCapabilities::AES_128_GCM
+          nc.data.ciphers << RubySMB::SMB2::EncryptionCapabilities::AES_128_CCM
           packet.add_negotiate_context(nc)
           nc = RubySMB::SMB2::NegotiateContext.new(

data/lib/ruby_smb/fscc/file_information.rb CHANGED Viewed

@@ -65,6 +65,10 @@ module RubySMB
       # [2.2.2.3.5 Pass-through Information Level Codes](https://msdn.microsoft.com/en-us/library/ff470158.aspx)
       SMB_INFO_PASSTHROUGH               = 0x03e8
+      def self.name(value)
+        constants.select { |c| c.upcase == c }.find { |c| const_get(c) == value }
+      end
       # The FILE_NAME_INFORMATION type as defined in
       # https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-fscc/20406fb1-605f-4629-ba9a-c67ee25f23d2
       class FileNameInformation < BinData::Record

data/lib/ruby_smb/server/server_client/encryption.rb ADDED Viewed

@@ -0,0 +1,66 @@
+module RubySMB
+  class Server
+    class ServerClient
+      # Contains the methods for handling encryption / decryption
+      module Encryption
+        def smb3_encrypt(data, session)
+          encryption_algorithm = SMB2::EncryptionCapabilities::ENCRYPTION_ALGORITHM_MAP[@cipher_id]
+          raise RubySMB::Error::EncryptionError.new('The encryption algorithm has not been set') if encryption_algorithm.nil?
+          key_bit_len = OpenSSL::Cipher.new(encryption_algorithm).key_len * 8
+          case @dialect
+          when '0x0300', '0x0302'
+            server_encryption_key = RubySMB::Crypto::KDF.counter_mode(
+              session.key,
+              "SMB2AESCCM\x00",
+              "ServerOut\x00",
+              length: key_bit_len
+            )
+          when '0x0311'
+            server_encryption_key = RubySMB::Crypto::KDF.counter_mode(
+              session.key,
+              "SMBS2CCipherKey\x00",
+              @preauth_integrity_hash_value,
+              length: key_bit_len
+            )
+          else
+            raise RubySMB::Error::EncryptionError.new('Dialect is incompatible with SMBv3 decryption')
+          end
+          th = RubySMB::SMB2::Packet::TransformHeader.new(flags: 1, session_id: session.id)
+          th.encrypt(data, server_encryption_key, algorithm: encryption_algorithm)
+          th
+        end
+        def smb3_decrypt(encrypted_request, session)
+          encryption_algorithm = SMB2::EncryptionCapabilities::ENCRYPTION_ALGORITHM_MAP[@cipher_id]
+          raise RubySMB::Error::EncryptionError.new('The encryption algorithm has not been set') if encryption_algorithm.nil?
+          key_bit_len = OpenSSL::Cipher.new(encryption_algorithm).key_len * 8
+          case @dialect
+          when '0x0300', '0x0302'
+            client_encryption_key = RubySMB::Crypto::KDF.counter_mode(
+              session.key,
+              "SMB2AESCCM\x00",
+              "ServerIn \x00",
+              length: key_bit_len
+            )
+          when '0x0311'
+            client_encryption_key = RubySMB::Crypto::KDF.counter_mode(
+              session.key,
+              "SMBC2SCipherKey\x00",
+              @preauth_integrity_hash_value,
+              length: key_bit_len
+            )
+          else
+            raise RubySMB::Error::EncryptionError.new('Dialect is incompatible with SMBv3 encryption')
+          end
+          encrypted_request.decrypt(client_encryption_key, algorithm: encryption_algorithm)
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/server/server_client/negotiation.rb CHANGED Viewed

@@ -119,14 +119,25 @@ module RubySMB
             )
             nc = request.find_negotiate_context(SMB2::NegotiateContext::SMB2_ENCRYPTION_CAPABILITIES)
-            cipher = nc&.data&.ciphers&.first
-            cipher = 0 unless SMB2::EncryptionCapabilities::ENCRYPTION_ALGORITHM_MAP.include? cipher
+            ciphers = nc&.data&.ciphers
+            if ciphers
+              cipher = ciphers.find { |cipher| SMB2::EncryptionCapabilities::ENCRYPTION_ALGORITHM_MAP.include?(cipher) }
+              @cipher_id = cipher unless cipher.nil?
+            end
             contexts << SMB2::NegotiateContext.new(
               context_type: SMB2::NegotiateContext::SMB2_ENCRYPTION_CAPABILITIES,
               data: {
-                ciphers: [ cipher ]
+                ciphers: [ @cipher_id ]
               }
             )
+          elsif dialect == '0x0300' || dialect == '0x0302'
+            if request.capabilities.encryption == 1
+              response.capabilities.encryption = 1
+              @cipher_id = SMB2::EncryptionCapabilities::AES_128_CCM
+            else
+              response.capabilities = 0
+            end
           end
           # the order in which the response is built is important to ensure it is valid

data/lib/ruby_smb/server/server_client/session_setup.rb CHANGED Viewed

@@ -2,7 +2,7 @@ module RubySMB
   class Server
     class ServerClient
       module SessionSetup
-        def do_session_setup_smb1(request, session)
+        def do_session_setup_andx_smb1(request, session)
           session_id = request.smb_header.uid
           if session_id == 0
             session_id = rand(1..0x10000)
@@ -41,6 +41,17 @@ module RubySMB
           response
         end
+        alias :do_session_setup_smb1 :do_session_setup_andx_smb1
+        def do_logoff_andx_smb1(request, session)
+          # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-cifs/00fc0299-496c-4330-9089-67358994f272
+          @session_table.delete(request.smb_header.uid)
+          session.logoff!
+          response = SMB1::Packet::LogoffResponse.new
+          response
+        end
         def do_session_setup_smb2(request, session)
           session_id = request.smb2_header.session_id
           if session_id == 0
@@ -67,11 +78,14 @@ module RubySMB
           update_preauth_hash(request) if @dialect == '0x0311'
           if gss_result.nt_status == WindowsError::NTStatus::STATUS_SUCCESS
-            response.smb2_header.credits = 32
             session.state = :valid
             session.user_id = gss_result.identity
             session.key = @gss_authenticator.session_key
             session.signing_required = request.security_mode.signing_required == 1
+            response.smb2_header.credits = 32
+            @cipher_id = 0 if session.is_anonymous # disable encryption for anonymous users
+            response.session_flags.encrypt_data = 1 unless @cipher_id == 0
           elsif gss_result.nt_status == WindowsError::NTStatus::STATUS_MORE_PROCESSING_REQUIRED && @dialect == '0x0311'
             update_preauth_hash(response)
           end
@@ -80,7 +94,8 @@ module RubySMB
         end
         def do_logoff_smb2(request, session)
-          session = @session_table.delete(session.id)
+          # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/a6fbc502-75a5-42ef-a88c-c67b44817850
+          @session_table.delete(session.id)
           session.logoff!
           response = SMB2::Packet::LogoffResponse.new

data/lib/ruby_smb/server/server_client/share_io.rb CHANGED Viewed

@@ -2,6 +2,23 @@ module RubySMB
   class Server
     class ServerClient
       module ShareIO
+        def proxy_share_io_smb1(request, session)
+          share_processor = session.tree_connect_table[request.smb_header.tid]
+          if share_processor.nil?
+            response = SMB1::Packet::EmptyPacket.new
+            response.smb_header.nt_status = WindowsError::NTStatus::STATUS_NETWORK_NAME_DELETED
+            return response
+          end
+          logger.debug("Received #{SMB1::Commands.name(request.smb_header.command)} request for share: #{share_processor.provider.name}")
+          share_processor.send(__callee__, request)
+        end
+        alias :do_close_smb1          :proxy_share_io_smb1
+        alias :do_nt_create_andx_smb1 :proxy_share_io_smb1
+        alias :do_read_andx_smb1      :proxy_share_io_smb1
+        alias :do_transactions2_smb1  :proxy_share_io_smb1
         def proxy_share_io_smb2(request, session)
           # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/9a639360-87be-4d49-a1dd-4c6be0c020bd
           share_processor = session.tree_connect_table[request.smb2_header.tree_id]

data/lib/ruby_smb/server/server_client/tree_connect.rb CHANGED Viewed

@@ -3,6 +3,43 @@ module RubySMB
     class ServerClient
       MAX_TREE_CONNECTIONS = 1000
       module TreeConnect
+        def do_tree_connect_smb1(request, session)
+          # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-cifs/b062f3e3-1b65-4a9a-854a-0ee432499d8f
+          response = RubySMB::SMB1::Packet::TreeConnectResponse.new
+          share_name = request.data_block.path.encode('UTF-8').split('\\', 4).last
+          share_provider = @server.shares.transform_keys(&:downcase)[share_name.downcase]
+          if share_provider.nil?
+            logger.warn("Received TREE_CONNECT request for non-existent share: #{share_name}")
+            response.smb_header.nt_status = WindowsError::NTStatus::STATUS_OBJECT_PATH_NOT_FOUND
+            return response
+          end
+          logger.debug("Received TREE_CONNECT request for share: #{share_name}")
+          tree_id = rand(1..0xfffe)
+          tree_id = rand(1..0xfffe) while session.tree_connect_table.include?(tree_id)
+          response.smb_header.tid = tree_id
+          session.tree_connect_table[tree_id] = share_processor = share_provider.new_processor(self, session)
+          response.parameter_block.access_rights = share_processor.maximal_access
+          response
+        end
+        def do_tree_disconnect_smb1(request, session)
+          share_processor = session.tree_connect_table.delete(request.smb_header.tid)
+          if share_processor.nil?
+            response = RubySMB::SMB1::Packet::EmptyPacket.new
+            response.smb_header.nt_status = WindowsError::NTStatus::STATUS_NETWORK_NAME_DELETED
+            return response
+          end
+          logger.debug("Received TREE_DISCONNECT request for share: #{share_processor.provider.name}")
+          share_processor.disconnect!
+          response = RubySMB::SMB1::Packet::TreeDisconnectResponse.new
+          response
+        end
         def do_tree_connect_smb2(request, session)
           response = RubySMB::SMB2::Packet::TreeConnectResponse.new
           response.smb2_header.credits = 1
@@ -13,7 +50,7 @@ module RubySMB
           end
           share_name = request.path.encode('UTF-8').split('\\', 4).last
-          share_provider = @server.shares[share_name]
+          share_provider = @server.shares.transform_keys(&:downcase)[share_name.downcase]
           if share_provider.nil?
             logger.warn("Received TREE_CONNECT request for non-existent share: #{share_name}")
@@ -31,8 +68,8 @@ module RubySMB
             RubySMB::SMB2::Packet::TreeConnectResponse::SMB2_SHARE_TYPE_PRINT
           end
-          tree_id = rand(0xffffffff)
-          tree_id = rand(0xffffffff) while session.tree_connect_table.include?(tree_id)
+          tree_id = rand(1..0xfffffffe)
+          tree_id = rand(1..0xfffffffe) while session.tree_connect_table.include?(tree_id)
           response.smb2_header.tree_id = tree_id
           session.tree_connect_table[tree_id] = share_processor = share_provider.new_processor(self, session)

data/lib/ruby_smb/server/server_client.rb CHANGED Viewed

@@ -6,12 +6,14 @@ module RubySMB
       require 'ruby_smb/dialect'
       require 'ruby_smb/signing'
+      require 'ruby_smb/server/server_client/encryption'
       require 'ruby_smb/server/server_client/negotiation'
       require 'ruby_smb/server/server_client/session_setup'
       require 'ruby_smb/server/server_client/share_io'
       require 'ruby_smb/server/server_client/tree_connect'
       include RubySMB::Signing
+      include RubySMB::Server::ServerClient::Encryption
       include RubySMB::Server::ServerClient::Negotiation
       include RubySMB::Server::ServerClient::SessionSetup
       include RubySMB::Server::ServerClient::ShareIO
@@ -25,6 +27,8 @@ module RubySMB
         @server = server
         @dispatcher = dispatcher
         @dialect = nil
+        @sequence_counter = 0
+        @cipher_id = 0
         @gss_authenticator = server.gss_provider.new_authenticator(self)
         @preauth_integrity_hash_algorithm = nil
         @preauth_integrity_hash_value = nil
@@ -75,8 +79,10 @@ module RubySMB
           begin
             response = handle_smb1(raw_request, header)
-          rescue NotImplementedError
-            logger.error("Caught a NotImplementedError while handling a #{SMB1::Commands.name(header.command)} request")
+          rescue NotImplementedError => e
+            message = "Caught a NotImplementedError while handling a #{SMB1::Commands.name(header.command)} request"
+            message << " (#{e.message})" if e.message
+            logger.error(message)
             response = RubySMB::SMB1::Packet::EmptyPacket.new
             response.smb_header.nt_status = WindowsError::NTStatus::STATUS_NOT_SUPPORTED
           end
@@ -86,6 +92,12 @@ module RubySMB
             if response.is_a?(SMB1::Packet::EmptyPacket)
               response.smb_header.command = header.command if response.smb_header.command == 0
               response.smb_header.flags.reply = 1
+              nt_status = response.smb_header.nt_status.to_i
+              message = "Sending an error packet for SMB1 command: #{SMB1::Commands.name(header.command)}, status: 0x#{nt_status.to_s(16).rjust(8, '0')}"
+              if (nt_status_name = WindowsError::NTStatus.find_by_retval(nt_status).first&.name)
+                message << " (#{nt_status_name})"
+              end
+              logger.info(message)
             end
             response.smb_header.pid_high = header.pid_high if response.smb_header.pid_high == 0
@@ -95,33 +107,23 @@ module RubySMB
             response.smb_header.mid = header.mid if response.smb_header.mid == 0
           end
         when RubySMB::SMB2::SMB2_PROTOCOL_ID
+          response = _handle_smb2(raw_request)
+        when RubySMB::SMB2::SMB2_TRANSFORM_PROTOCOL_ID
           begin
-            header = RubySMB::SMB2::SMB2Header.read(raw_request)
+            header = RubySMB::SMB2::Packet::TransformHeader.read(raw_request)
           rescue IOError => e
-            logger.error("Caught a #{e.class} while reading the SMB2 header (#{e.message})")
+            logger.error("Caught a #{e.class} while reading the SMB3 Transform header")
             disconnect!
             return
           end
           begin
-            response = handle_smb2(raw_request, header)
+            response = handle_smb3_transform(raw_request, header)
           rescue NotImplementedError
-            logger.error("Caught a NotImplementedError while handling a #{SMB2::Commands.name(header.command)} request")
+            logger.error("Caught a NotImplementedError while handling a SMB3 Transform request")
             response = SMB2::Packet::ErrorPacket.new
             response.smb2_header.nt_status = WindowsError::NTStatus::STATUS_NOT_SUPPORTED
-          end
-          unless response.nil?
-            # set these header fields if they were not initialized
-            if response.is_a?(SMB2::Packet::ErrorPacket)
-              response.smb2_header.command = header.command if response.smb2_header.command == 0
-              response.smb2_header.flags.reply = 1
-            end
-            response.smb2_header.credits = 1 if response.smb2_header.credits == 0
-            response.smb2_header.message_id = header.message_id if response.smb2_header.message_id == 0
-            response.smb2_header.session_id = header.session_id if response.smb2_header.session_id == 0
-            response.smb2_header.tree_id = header.tree_id if response.smb2_header.tree_id == 0
+            response.smb2_header.session_id = header.session_id
           end
         end
@@ -193,17 +195,8 @@ module RubySMB
         packet = @dispatcher.recv_packet
         if packet && packet.length >= 4 && packet[0...4].unpack1('L>') == RubySMB::SMB2::SMB2_PROTOCOL_ID
-          header = RubySMB::SMB2::SMB2Header.read(packet)
-          unless header.next_command == 0
-            until header.next_command == 0
-              @in_packet_queue.push(packet[0...header.next_command])
-              packet = packet[header.next_command..-1]
-              header = RubySMB::SMB2::SMB2Header.read(packet)
-            end
-            @in_packet_queue.push(packet)
-            packet = @in_packet_queue.shift
-          end
+          @in_packet_queue += split_smb2_chain(packet)
+          packet = @in_packet_queue.shift
         end
         packet
@@ -214,16 +207,24 @@ module RubySMB
       #
       # @param [GenericPacket] packet the packet to send
       def send_packet(packet)
-        case metadialect&.order
-        when Dialect::ORDER_SMB1
+        case metadialect&.family
+        when Dialect::FAMILY_SMB1
           session_id = packet.smb_header.uid
-        when Dialect::ORDER_SMB2
+        when Dialect::FAMILY_SMB2
           session_id = packet.smb2_header.session_id
+        when Dialect::FAMILY_SMB3
+          if packet.is_a?(RubySMB::SMB2::Packet::TransformHeader)
+            session_id = packet.session_id
+          else
+            session_id = packet.smb2_header.session_id
+          end
         end
         session = @session_table[session_id]
-        unless session.nil? || session.is_anonymous || session.key.nil?
+        unless session.nil? || session.is_anonymous || session.key.nil? || packet.is_a?(RubySMB::SMB2::Packet::TransformHeader)
           case metadialect&.family
+          when Dialect::FAMILY_SMB1
+            packet = Signing::smb1_sign(packet, session.key, @sequence_counter)
           when Dialect::FAMILY_SMB2
             packet = Signing::smb2_sign(packet, session.key)
           when Dialect::FAMILY_SMB3
@@ -231,6 +232,7 @@ module RubySMB
           end
         end
+        @sequence_counter += 1
         @dispatcher.send_packet(packet)
       end
@@ -260,12 +262,36 @@ module RubySMB
       # @param [RubySMB::SMB1::SMBHeader] header The request header.
       # @return [RubySMB::GenericPacket]
       def handle_smb1(raw_request, header)
-        # session = @session_table[header.uid]
-        session = nil
+        session = @session_table[header.uid]
+        if session.nil? && !(header.command == SMB1::Commands::SMB_COM_SESSION_SETUP_ANDX && header.uid == 0)
+          response = SMB1::Packet::EmptyPacket.new
+          response.smb_header.nt_status = WindowsError::NTStatus::STATUS_USER_SESSION_DELETED
+          return response
+        end
+        if session&.state == :expired
+          response = SMB1::Packet::EmptyPacket.new
+          response.smb_header.nt_status = WindowsError::NTStatus::STATUS_NETWORK_SESSION_EXPIRED
+          return response
+        end
         case header.command
+        when SMB1::Commands::SMB_COM_CLOSE
+          dispatcher, request_class = :do_close_smb1, SMB1::Packet::CloseRequest
+        when SMB1::Commands::SMB_COM_TREE_DISCONNECT
+          dispatcher, request_class = :do_tree_disconnect_smb1, SMB1::Packet::TreeDisconnectRequest
+        when SMB1::Commands::SMB_COM_LOGOFF_ANDX
+          dispatcher, request_class = :do_logoff_andx_smb1, SMB1::Packet::LogoffRequest
+        when SMB1::Commands::SMB_COM_NT_CREATE_ANDX
+          dispatcher, request_class = :do_nt_create_andx_smb1, SMB1::Packet::NtCreateAndxRequest
+        when SMB1::Commands::SMB_COM_READ_ANDX
+          dispatcher, request_class = :do_read_andx_smb1, SMB1::Packet::ReadAndxRequest
         when SMB1::Commands::SMB_COM_SESSION_SETUP_ANDX
-          dispatcher, request_class = :do_session_setup_smb1, SMB1::Packet::SessionSetupRequest
+          dispatcher, request_class = :do_session_setup_andx_smb1, SMB1::Packet::SessionSetupRequest
+        when SMB1::Commands::SMB_COM_TRANSACTION2
+          dispatcher, request_class = :do_transactions2_smb1, SMB1::Packet::Trans2::Request
+        when SMB1::Commands::SMB_COM_TREE_CONNECT
+          dispatcher, request_class = :do_tree_connect_smb1, SMB1::Packet::TreeConnectRequest
         else
           logger.warn("The SMB1 #{SMB1::Commands.name(header.command)} command is not supported")
           raise NotImplementedError
@@ -276,10 +302,13 @@ module RubySMB
         rescue IOError, RubySMB::Error::InvalidPacket => e
           logger.error("Caught a #{e.class} while reading the SMB1 #{request_class} (#{e.message})")
           response = RubySMB::SMB1::Packet::EmptyPacket.new
+          response.smb_header.nt_status = WindowsError::NTStatus::STATUS_DATA_ERROR
+          return response
         end
         if request.is_a?(SMB1::Packet::EmptyPacket)
           logger.error("Received an error packet for SMB1 command: #{SMB1::Commands.name(header.command)}")
+          response = RubySMB::SMB1::Packet::EmptyPacket.new
           response.smb_header.nt_status = WindowsError::NTStatus::STATUS_DATA_ERROR
           return response
         end
@@ -304,6 +333,11 @@ module RubySMB
           response.smb2_header.nt_status = WindowsError::NTStatus::STATUS_USER_SESSION_DELETED
           return response
         end
+        if session&.state == :expired
+          response = SMB2::Packet::ErrorPacket.new
+          response.smb2_header.nt_status = WindowsError::NTStatus::STATUS_NETWORK_SESSION_EXPIRED
+          return response
+        end
         case header.command
         when SMB2::Commands::CLOSE
@@ -347,6 +381,82 @@ module RubySMB
         logger.debug("Dispatching request to #{dispatcher} (session: #{session.inspect})")
         send(dispatcher, request, session)
       end
+      def _handle_smb2(raw_request)
+        begin
+          header = RubySMB::SMB2::SMB2Header.read(raw_request)
+        rescue IOError => e
+          logger.error("Caught a #{e.class} while reading the SMB2 header (#{e.message})")
+          disconnect!
+          return
+        end
+        begin
+          response = handle_smb2(raw_request, header)
+        rescue NotImplementedError
+          logger.error("Caught a NotImplementedError while handling a #{SMB2::Commands.name(header.command)} request")
+          response = SMB2::Packet::ErrorPacket.new
+          response.smb2_header.nt_status = WindowsError::NTStatus::STATUS_NOT_SUPPORTED
+        end
+        unless response.nil?
+          # set these header fields if they were not initialized
+          if response.is_a?(SMB2::Packet::ErrorPacket)
+            response.smb2_header.command = header.command if response.smb2_header.command == 0
+            response.smb2_header.flags.reply = 1
+            nt_status = response.smb2_header.nt_status.to_i
+            message = "Sending an error packet for SMB2 command: #{SMB2::Commands.name(header.command)}, status: 0x#{nt_status.to_s(16).rjust(8, '0')}"
+            if (nt_status_name = WindowsError::NTStatus.find_by_retval(nt_status).first&.name)
+              message << " (#{nt_status_name})"
+            end
+            logger.info(message)
+          end
+          response.smb2_header.credits = 1 if response.smb2_header.credits == 0
+          response.smb2_header.message_id = header.message_id if response.smb2_header.message_id == 0
+          response.smb2_header.session_id = header.session_id if response.smb2_header.session_id == 0
+          response.smb2_header.tree_id = header.tree_id if response.smb2_header.tree_id == 0
+        end
+        response
+      end
+      def handle_smb3_transform(raw_request, header)
+        session = @session_table[header.session_id]
+        if session.nil?
+          response = SMB2::Packet::ErrorPacket.new
+          response.smb2_header.nt_status = WindowsError::NTStatus::STATUS_USER_SESSION_DELETED
+          return response
+        end
+        chain = split_smb2_chain(smb3_decrypt(header, session))
+        chain[0...-1].each do |pt_raw_request|
+          pt_response = _handle_smb2(pt_raw_request)
+          return if pt_response.nil?
+          send_packet(smb3_encrypt(pt_response, session))
+        end
+        pt_response = _handle_smb2(chain.last)
+        return if pt_response.nil?
+        smb3_encrypt(pt_response, session)
+      end
+      def split_smb2_chain(buffer)
+        chain = []
+        header = RubySMB::SMB2::SMB2Header.read(buffer)
+        unless header.next_command == 0
+          until header.next_command == 0
+            chain << buffer[0...header.next_command]
+            buffer = buffer[header.next_command..-1]
+            header = RubySMB::SMB2::SMB2Header.read(buffer)
+          end
+        end
+        chain << buffer
+        chain
+      end
     end
   end
 end

data/lib/ruby_smb/server/share/provider/disk/file_system.rb ADDED Viewed

@@ -0,0 +1,28 @@
+module RubySMB
+  class Server
+    module Share
+      module Provider
+        class Disk < Base
+          module FileSystem
+            # define attributes of the file system to emulate
+            FileSystem = Struct.new(
+              :name,
+              :max_name_bytes,
+              :case_sensitive_search,
+              :case_preserved_names,
+              :unicode_on_disk
+            )
+            NTFS = FileSystem.new(
+              'NTFS',
+              255,
+              true,
+              true,
+              true
+            )
+          end
+        end
+      end
+    end
+  end
+end