ruby_smb 3.2.5 → 3.2.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 94370417b66a804dd7d24a57070fe9e5accf48f042baf4cbc56ead2227b92bd5
-  data.tar.gz: 5f130535d6ccf03dd60c9fc879b0bb050d328c4906f40a702260370c24ac52a3
+  metadata.gz: 6220ba1edc47882a9d30dd1937d877c22094ebaf9c2a72cb806489a65598e1ce
+  data.tar.gz: 1b650bfdd2b6ba8323e9d3e7f4e161c7a659dddbffc7fa21a03d4a2e538f7297
 SHA512:
-  metadata.gz: fcc08f98211ef0970ab0cedd56f5955d9ca3f52235b2751a84972036b67f3b2f2c3fd07c22919e8522d4ad1876d43ca3099a1286140abedece7f399f0dc871bf
-  data.tar.gz: a4fe143def77e9e85fb40e44dfb5f33be4fb8499c4aff196ded4ad1710f84f278be70752fd9a4827cbc66e1afe299716f80854a74492998fb26c5cd6f6572a7d
+  metadata.gz: 9e49bc0af1cd4ad61cba01ec70aecead1adbe3b4d58d6127593878596bdbc7f64c8d50b9aaa396004ffc3a3b5e8cf1806053d0825d44322aa4d4584bdddeced7
+  data.tar.gz: 36ca2d7c9e6256a0faabac441e89ea86d43ccd8d2de342dba4965679d2e2c4fafa541fbc09c4457d656a2cccef1af53fe5ab487245800914ad8b9a6431679088

data/cortex.yaml

@@ -0,0 +1,15 @@
+---
+info:
+  title: Ruby Smb
+  description: A native Ruby implementation of the SMB Protocol Family
+  x-cortex-git:
+    github:
+      alias: r7org
+      repository: rapid7/ruby_smb
+  x-cortex-tag: ruby-smb
+  x-cortex-type: service
+  x-cortex-domain-parents:
+  - tag: metasploit
+openapi: 3.0.1
+servers:
+- url: "/"

data/examples/dump_secrets_from_sid.rb

@@ -60,7 +60,7 @@ dc_infos.each do |dc_info|
     puts "Decrypting hash for user: #{dn}"
 
     entinf_struct = user_record.pmsg_out.msg_getchg.p_objects.entinf
-    object_sid = rid = entinf_struct.p_name.sid[-4..-1].unpack('<L').first
+    object_sid = rid = entinf_struct.p_name.sid[-4..-1].unpack('L<').first
     lm_hash = Net::NTLM.lm_hash('')
     nt_hash = Net::NTLM.ntlm_hash('')
     disabled = nil

data/lib/ruby_smb/dcerpc/alter_context.rb

@@ -0,0 +1,30 @@
+module RubySMB
+  module Dcerpc
+    # The Alter context PDU as defined in
+    # [The alter_context PDU](https://pubs.opengroup.org/onlinepubs/9629399/chap12.htm#tagcjh_17_06_04_01)
+    class AlterContext < BinData::Record
+      PTYPE = PTypes::ALTER_CONTEXT
+
+      endian :little
+
+      # PDU Header
+      pdu_header    :pdu_header, label: 'PDU header'
+      ndr_uint16    :max_xmit_frag, label: 'Max transmit frag size', initial_value: RubySMB::Dcerpc::MAX_XMIT_FRAG
+      ndr_uint16    :max_recv_frag, label: 'Max receive frag size', initial_value: RubySMB::Dcerpc::MAX_RECV_FRAG
+      ndr_uint32    :assoc_group_id, label: 'Incarnation of client-server assoc group'
+      p_cont_list_t :p_context_list, label: 'Presentation context list', endpoint: -> { endpoint }
+
+      # Auth Verifier
+      sec_trailer   :sec_trailer, onlyif: -> { pdu_header.auth_length > 0 }
+      string        :auth_value,
+        onlyif: -> { pdu_header.auth_length > 0 },
+        read_length: -> { pdu_header.auth_length }
+
+      def initialize_instance
+        super
+        pdu_header.ptype = PTYPE
+      end
+    end
+  end
+end
+

data/lib/ruby_smb/dcerpc/alter_context_resp.rb

@@ -0,0 +1,42 @@
+module RubySMB
+  module Dcerpc
+    # The Alter context resp PDU as defined in
+    # [The alter_context_resp PDU](https://pubs.opengroup.org/onlinepubs/9629399/chap12.htm#tagcjh_17_06_04_02)
+
+    class AlterContextResp < BinData::Record
+      PTYPE = PTypes::ALTER_CONTEXT_RESP
+
+      # Presentation context negotiation results
+      ACCEPTANCE         = 0
+      USER_REJECTION     = 1
+      PROVIDER_REJECTION = 2
+
+      # Reasons for rejection of a context element
+      REASON_NOT_SPECIFIED                     = 0
+      ABSTRACT_SYNTAX_NOT_SUPPORTED            = 1
+      PROPOSED_TRANSFER_SYNTAXES_NOT_SUPPORTED = 2
+      LOCAL_LIMIT_EXCEEDED                     = 3
+
+      endian :little
+
+      # PDU Header
+      pdu_header      :pdu_header, label: 'PDU header'
+      ndr_uint16      :max_xmit_frag, label: 'Max transmit frag size', initial_value: RubySMB::Dcerpc::MAX_XMIT_FRAG
+      ndr_uint16      :max_recv_frag, label: 'Max receive frag size', initial_value: RubySMB::Dcerpc::MAX_RECV_FRAG
+      ndr_uint32      :assoc_group_id, label: 'Association group ID'
+      port_any_t      :sec_addr, label: 'Secondary address'
+      p_result_list_t :p_result_list, label: 'Presentation context result list'
+
+      # Auth Verifier
+      sec_trailer     :sec_trailer, onlyif: -> { pdu_header.auth_length > 0 }
+      string          :auth_value,
+        onlyif: -> { pdu_header.auth_length > 0 },
+        read_length: -> { pdu_header.auth_length }
+
+      def initialize_instance
+        super
+        pdu_header.ptype = PTYPE
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/bind.rb

@@ -2,38 +2,6 @@ module RubySMB
   module Dcerpc
     # The Bind PDU as defined in
     # [The bind PDU](http://pubs.opengroup.org/onlinepubs/9629399/chap12.htm#tagcjh_17_06_04_03)
-    class PContElemT < Ndr::NdrStruct
-      default_parameter byte_align: 4
-      endian :little
-
-      ndr_uint16    :p_cont_id, label: 'Context ID'
-      ndr_uint8     :n_transfer_syn, label: 'Number of transfer syntaxes', initial_value: 1
-      ndr_uint8     :reserved
-      p_syntax_id_t :abstract_syntax, label: 'Abstract syntax',
-        uuid: ->      { endpoint::UUID },
-        ver_major: -> { endpoint::VER_MAJOR },
-        ver_minor: -> { endpoint::VER_MINOR }
-      array         :transfer_syntaxes, label: 'Transfer syntax', type: :p_syntax_id_t,
-        initial_length: -> { n_transfer_syn },
-        uuid: ->      { Ndr::UUID },
-        ver_major: -> { Ndr::VER_MAJOR },
-        ver_minor: -> { Ndr::VER_MINOR },
-        byte_align: 4
-    end
-
-    class PContListT < Ndr::NdrStruct
-      default_parameter byte_align: 4
-      endian :little
-
-      ndr_uint8  :n_context_elem, label: 'Number of context elements', initial_value: -> { 1 }
-      ndr_uint8  :reserved
-      ndr_uint16 :reserved2
-      array      :p_cont_elem, label: 'Presentation context elements', type: :p_cont_elem_t,
-        initial_length: -> {n_context_elem},
-        endpoint: -> {endpoint},
-        byte_align: 4
-    end
-
     class Bind < BinData::Record
       PTYPE = PTypes::BIND
 
@@ -41,9 +9,9 @@ module RubySMB
 
       # PDU Header
       pdu_header    :pdu_header, label: 'PDU header'
-      ndr_uint16    :max_xmit_frag, label: 'max transmit frag size', initial_value: RubySMB::Dcerpc::MAX_XMIT_FRAG
-      ndr_uint16    :max_recv_frag, label: 'max receive frag size', initial_value: RubySMB::Dcerpc::MAX_RECV_FRAG
-      ndr_uint32    :assoc_group_id, label: 'incarnation of client-server assoc group'
+      ndr_uint16    :max_xmit_frag, label: 'Max transmit frag size', initial_value: RubySMB::Dcerpc::MAX_XMIT_FRAG
+      ndr_uint16    :max_recv_frag, label: 'Max receive frag size', initial_value: RubySMB::Dcerpc::MAX_RECV_FRAG
+      ndr_uint32    :assoc_group_id, label: 'Incarnation of client-server assoc group'
       p_cont_list_t :p_context_list, label: 'Presentation context list', endpoint: -> { endpoint }
 
       # Auth Verifier

data/lib/ruby_smb/dcerpc/bind_ack.rb

@@ -2,37 +2,6 @@ module RubySMB
   module Dcerpc
     # The Bind ACK PDU as defined in
     # [The bind_ack PDU](http://pubs.opengroup.org/onlinepubs/9629399/chap12.htm#tagcjh_17_06_04_04)
-
-    class PResultT < Ndr::NdrStruct
-      default_parameter byte_align: 4
-      endian :little
-
-      ndr_uint16        :result,          label: 'Presentation context negotiation results'
-      ndr_uint16        :reason,          label: 'Rejection reason'
-      p_syntax_id_t     :transfer_syntax, label: 'Presentation syntax ID',
-        uuid:      -> { Ndr::UUID },
-        ver_major: -> { Ndr::VER_MAJOR },
-        ver_minor: -> { Ndr::VER_MINOR }
-    end
-
-    class PResultListT < Ndr::NdrStruct
-      default_parameter byte_align: 4
-      endian :little
-
-      ndr_uint8  :n_results, label: 'Number of results', initial_value: -> { p_results.size }
-      ndr_uint8  :reserved
-      ndr_uint16 :reserved2
-      array      :p_results, label: 'Results', type: :p_result_t, initial_length: -> { n_results }, byte_align: 4
-    end
-
-    class PortAnyT < Ndr::NdrStruct
-      default_parameter byte_align: 2
-      endian :little
-
-      ndr_uint16  :str_length, label: 'Length', initial_value: -> { port_spec.to_binary_s.size }
-      stringz     :port_spec, label: 'Port string spec', byte_align: 2
-    end
-
     class BindAck < BinData::Record
       PTYPE = PTypes::BIND_ACK
 

data/lib/ruby_smb/dcerpc/client.rb

@@ -209,6 +209,10 @@ module RubySMB
         if auth_level &&
            [RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, RPC_C_AUTHN_LEVEL_PKT_PRIVACY].include?(auth_level)
           set_integrity_privacy(dcerpc_req, auth_level: auth_level, auth_type: auth_type)
+          # Per the spec (MS_RPCE 2.2.2.11): start of the trailer should be a multiple of 16 bytes offset from the start of the stub
+          valid_offset = (((dcerpc_req.sec_trailer.abs_offset - dcerpc_req.stub.abs_offset) % 16))
+          valid_auth_pad = (dcerpc_req.sec_trailer.auth_pad_length == dcerpc_req.auth_pad.length)
+          raise Error::InvalidPacket unless valid_offset == 0 && valid_auth_pad
         end
 
         send_packet(dcerpc_req)

data/lib/ruby_smb/dcerpc/drsr.rb

@@ -613,8 +613,8 @@ module RubySMB
         drs_bind_request = DrsBindRequest.new(pext_client: drs_extensions_int)
         response = dcerpc_request(
           drs_bind_request,
-          auth_level: RubySMB::Dcerpc::RPC_C_AUTHN_LEVEL_PKT_PRIVACY,
-          auth_type: RubySMB::Dcerpc::RPC_C_AUTHN_WINNT
+          auth_level: @auth_level,
+          auth_type: @auth_type
         )
         begin
           drs_bind_response = DrsBindResponse.read(response)
@@ -640,8 +640,8 @@ module RubySMB
           drs_bind_request.pext_client.assign(drs_extensions_int)
           response = dcerpc_request(
             drs_bind_request,
-            auth_level: RubySMB::Dcerpc::RPC_C_AUTHN_LEVEL_PKT_PRIVACY,
-            auth_type: RubySMB::Dcerpc::RPC_C_AUTHN_WINNT
+            auth_level: @auth_level,
+            auth_type: @auth_type
           )
           begin
             drs_bind_response = DrsBindResponse.read(response)
@@ -668,8 +668,8 @@ module RubySMB
         drs_unbind_request = DrsUnbindRequest.new(ph_drs: ph_drs)
         response = dcerpc_request(
           drs_unbind_request,
-          auth_level: RubySMB::Dcerpc::RPC_C_AUTHN_LEVEL_PKT_PRIVACY,
-          auth_type: RubySMB::Dcerpc::RPC_C_AUTHN_WINNT
+            auth_level: @auth_level,
+            auth_type: @auth_type
         )
         begin
           drs_unbind_response = DrsUnbindResponse.read(response)
@@ -709,8 +709,8 @@ module RubySMB
         )
         response = dcerpc_request(
           drs_domain_controller_info_request,
-          auth_level: RubySMB::Dcerpc::RPC_C_AUTHN_LEVEL_PKT_PRIVACY,
-          auth_type: RubySMB::Dcerpc::RPC_C_AUTHN_WINNT
+          auth_level: @auth_level,
+          auth_type: @auth_type
         )
         begin
           drs_domain_controller_info_response = DrsDomainControllerInfoResponse.read(response)
@@ -759,8 +759,8 @@ module RubySMB
         )
         response = dcerpc_request(
           drs_crack_names_request,
-          auth_level: RubySMB::Dcerpc::RPC_C_AUTHN_LEVEL_PKT_PRIVACY,
-          auth_type: RubySMB::Dcerpc::RPC_C_AUTHN_WINNT
+          auth_level: @auth_level,
+          auth_type: @auth_type
         )
         begin
           drs_crack_names_response = DrsCrackNamesResponse.read(response)
@@ -790,8 +790,8 @@ module RubySMB
         unless @session_key
           raise RubySMB::Error::EncryptionError, 'Unable to decrypt attribute value: session key is empty'
         end
-        encrypted_payload = EncryptedPayload.read(attribute)
 
+        encrypted_payload = EncryptedPayload.read(attribute)
         signature = OpenSSL::Digest::MD5.digest(@session_key + encrypted_payload.salt.to_binary_s)
         rc4 = OpenSSL::Cipher.new('rc4')
         rc4.decrypt
@@ -886,8 +886,8 @@ module RubySMB
 
         response = dcerpc_request(
           drs_get_nc_changes_request,
-          auth_level: RubySMB::Dcerpc::RPC_C_AUTHN_LEVEL_PKT_PRIVACY,
-          auth_type: RubySMB::Dcerpc::RPC_C_AUTHN_WINNT
+          auth_level: @auth_level,
+          auth_type: @auth_type
         )
         begin
           drs_get_nc_changes_response = DrsGetNcChangesResponse.read(response)

data/lib/ruby_smb/dcerpc/p_cont_list_t.rb

@@ -0,0 +1,37 @@
+module RubySMB
+  module Dcerpc
+    # The presentation context list and its element as defined in
+    # [Connection-oriented PDU Data Types - Declarations](https://pubs.opengroup.org/onlinepubs/9629399/chap12.htm#tagcjh_17_06_03_01)
+    class PContElemT < Ndr::NdrStruct
+      default_parameter byte_align: 4
+      endian :little
+
+      ndr_uint16    :p_cont_id, label: 'Context ID'
+      ndr_uint8     :n_transfer_syn, label: 'Number of transfer syntaxes', initial_value: 1
+      ndr_uint8     :reserved
+      p_syntax_id_t :abstract_syntax, label: 'Abstract syntax',
+        uuid: ->      { endpoint::UUID },
+        ver_major: -> { endpoint::VER_MAJOR },
+        ver_minor: -> { endpoint::VER_MINOR }
+      array         :transfer_syntaxes, label: 'Transfer syntax', type: :p_syntax_id_t,
+        initial_length: -> { n_transfer_syn },
+        uuid: ->      { Ndr::UUID },
+        ver_major: -> { Ndr::VER_MAJOR },
+        ver_minor: -> { Ndr::VER_MINOR },
+        byte_align: 4
+    end
+
+    class PContListT < Ndr::NdrStruct
+      default_parameter byte_align: 4
+      endian :little
+
+      ndr_uint8  :n_context_elem, label: 'Number of context elements', initial_value: -> { 1 }
+      ndr_uint8  :reserved
+      ndr_uint16 :reserved2
+      array      :p_cont_elem, label: 'Presentation context elements', type: :p_cont_elem_t,
+        initial_length: -> {n_context_elem},
+        endpoint: -> {endpoint},
+        byte_align: 4
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/p_result_list_t.rb

@@ -0,0 +1,13 @@
+module RubySMB
+  module Dcerpc
+    class PResultListT < Ndr::NdrStruct
+      default_parameter byte_align: 4
+      endian :little
+
+      ndr_uint8  :n_results, label: 'Number of results', initial_value: -> { p_results.size }
+      ndr_uint8  :reserved
+      ndr_uint16 :reserved2
+      array      :p_results, label: 'Results', type: :p_result_t, initial_length: -> { n_results }, byte_align: 4
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/p_result_t.rb

@@ -0,0 +1,15 @@
+module RubySMB
+  module Dcerpc
+    class PResultT < Ndr::NdrStruct
+      default_parameter byte_align: 4
+      endian :little
+
+      ndr_uint16        :result,          label: 'Presentation context negotiation results'
+      ndr_uint16        :reason,          label: 'Rejection reason'
+      p_syntax_id_t     :transfer_syntax, label: 'Presentation syntax ID',
+        uuid:      -> { Ndr::UUID },
+        ver_major: -> { Ndr::VER_MAJOR },
+        ver_minor: -> { Ndr::VER_MINOR }
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/port_any_t.rb

@@ -0,0 +1,11 @@
+module RubySMB
+  module Dcerpc
+    class PortAnyT < Ndr::NdrStruct
+      default_parameter byte_align: 2
+      endian :little
+
+      ndr_uint16  :str_length, label: 'Length', initial_value: -> { port_spec.to_binary_s.size }
+      stringz     :port_spec, label: 'Port string spec', byte_align: 2, onlyif: -> { str_length > 0 }
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/request.rb

@@ -103,9 +103,10 @@ module RubySMB
         end
         string :default
       end
-      string      :auth_pad,
+
+      string    :auth_pad,
         onlyif: -> { has_auth_verifier? },
-        length: -> { (16 - (stub.num_bytes % 16)) % 16 }
+        length: -> { calculate_padding_size }
 
       # Auth Verifier
       sec_trailer :sec_trailer, onlyif: -> { has_auth_verifier? }
@@ -113,6 +114,11 @@ module RubySMB
         onlyif:      -> { has_auth_verifier? },
         read_length: -> { pdu_header.auth_length }
 
+      # Per the spec (MS_RPCE 2.2.2.11): start of the trailer should be a multiple of 16 bytes offset from the start of the stub
+      def calculate_padding_size
+        (16 - (stub.num_bytes % 16)) % 16
+      end
+
       def initialize_instance
         super
         pdu_header.ptype = PTYPE
@@ -125,7 +131,6 @@ module RubySMB
       def has_auth_verifier?
         self.pdu_header.auth_length > 0
       end
-
     end
   end
 end

data/lib/ruby_smb/dcerpc/response.rb

@@ -18,7 +18,7 @@ module RubySMB
       string      :stub, label: 'Stub', read_length: -> { stub_length }
       string      :auth_pad,
         onlyif: -> { has_auth_verifier? },
-        length: -> { (16 - (stub.num_bytes % 16)) % 16 }
+        length: -> { calculate_padding_size }
 
       # Auth Verifier
       sec_trailer :sec_trailer, onlyif: -> { has_auth_verifier? }
@@ -26,6 +26,11 @@ module RubySMB
         onlyif: -> { has_auth_verifier? },
         read_length: -> { pdu_header.auth_length }
 
+      # Per the spec (MS_RPCE 2.2.2.11): start of the trailer should be a multiple of 16 bytes offset from the start of the stub
+      def calculate_padding_size
+        (16 - (stub.num_bytes % 16)) % 16
+      end
+
       def initialize_instance
         super
         pdu_header.ptype = PTYPE

data/lib/ruby_smb/dcerpc.rb

@@ -51,11 +51,128 @@ module RubySMB
     require 'ruby_smb/dcerpc/request'
     require 'ruby_smb/dcerpc/response'
     require 'ruby_smb/dcerpc/rpc_auth3'
+    require 'ruby_smb/dcerpc/port_any_t'
+    require 'ruby_smb/dcerpc/p_cont_list_t'
+    require 'ruby_smb/dcerpc/p_result_t'
+    require 'ruby_smb/dcerpc/p_result_list_t'
+    require 'ruby_smb/dcerpc/alter_context'
     require 'ruby_smb/dcerpc/bind'
     require 'ruby_smb/dcerpc/bind_ack'
+    require 'ruby_smb/dcerpc/alter_context_resp'
     require 'ruby_smb/dcerpc/print_system'
     require 'ruby_smb/dcerpc/encrypting_file_system'
 
+    # Initialize the auth provider using NTLM. This function should be overriden for other providers (e.g. Kerberos, etc.)
+    # @raise ArgumentError If @ntlm_client isn't initialized with a username and password.
+    # @return Serialized message for initializing the auth provider (NTLM, unless this class is extended/overridden)
+    def auth_provider_init
+      raise ArgumentError, "NTLM Client not initialized. Username and password must be provided" unless @ntlm_client
+      type1_message = @ntlm_client.init_context
+
+      type1_message.serialize
+    end
+
+    # Encrypt the value in dcerpc_req.stub, and add a valid signature to the request.
+    # This function modifies the request object in-place, and does not return anything.
+    # This function should be overriden for other providers (e.g. Kerberos, etc.)
+    # @param dcerpc_req [Request] The Request object to be encrypted and signed in-place
+    def auth_provider_encrypt_and_sign(dcerpc_req)
+      auth_type = dcerpc_req.sec_trailer.auth_type
+      auth_level = dcerpc_req.sec_trailer.auth_level
+      unless [RPC_C_AUTHN_WINNT, RPC_C_AUTHN_DEFAULT].include?(auth_type)
+        raise ArgumentError, "Unsupported Auth Type: #{auth_type}"
+      end
+      plaintext = dcerpc_req.stub.to_binary_s
+      pad_length = get_auth_padding_length(plaintext.length)
+      dcerpc_req.auth_pad = "\x00" * pad_length
+      data_to_sign = plain_stub_with_padding = dcerpc_req.stub.to_binary_s + dcerpc_req.auth_pad.to_binary_s
+      dcerpc_req.sec_trailer.auth_pad_length = pad_length
+      if @ntlm_client.flags & NTLM::NEGOTIATE_FLAGS[:EXTENDED_SECURITY] != 0
+        data_to_sign = dcerpc_req.to_binary_s[0..-(dcerpc_req.pdu_header.auth_length + 1)]
+      end
+
+      if auth_level == RPC_C_AUTHN_LEVEL_PKT_PRIVACY
+        encrypted = @ntlm_client.session.seal_message(plain_stub_with_padding)
+        set_encrypted_packet(dcerpc_req, encrypted, pad_length)
+      end
+      signature = @ntlm_client.session.sign_message(data_to_sign)
+
+      set_signature_on_packet(dcerpc_req, signature)
+    end
+
+    # Get the response's full stub value (which will include the auth-pad)
+    # @param dcerpc_response [Response] The Response object to extract from
+    # @return [String] The full stub, including auth_pad
+    def get_response_full_stub(dcerpc_response)
+      dcerpc_response.stub.to_binary_s + dcerpc_response.auth_pad.to_binary_s
+    end
+
+    # Decrypt the value in dcerpc_req.stub, and validate its signature.
+    # This function modifies the request object in-place, and returns whether the signature was valid.
+    # This function should be overriden for other providers (e.g. Kerberos, etc.)
+    # @param dcerpc_response [Response] The Response packet to decrypt and verify in-place
+    # @raise ArgumentError If the auth type is not NTLM
+    # @return [Boolean] Is the packet's signature valid?
+    def auth_provider_decrypt_and_verify(dcerpc_response)
+      auth_type = dcerpc_response.sec_trailer.auth_type
+      auth_level = dcerpc_response.sec_trailer.auth_level
+      unless [RPC_C_AUTHN_WINNT, RPC_C_AUTHN_DEFAULT].include?(auth_type)
+        raise ArgumentError, "Unsupported Auth Type: #{auth_type}"
+      end
+      signature = dcerpc_response.auth_value
+      if auth_level == RPC_C_AUTHN_LEVEL_PKT_PRIVACY
+        encrypted_stub = get_response_full_stub(dcerpc_response)
+        plaintext = @ntlm_client.session.unseal_message(encrypted_stub)
+        set_decrypted_packet(dcerpc_response, plaintext)
+      end
+      data_to_check = dcerpc_response.stub.to_binary_s
+      if @ntlm_client.flags & NTLM::NEGOTIATE_FLAGS[:EXTENDED_SECURITY] != 0
+        data_to_check = dcerpc_response.to_binary_s[0..-(dcerpc_response.pdu_header.auth_length + 1)]
+      end
+
+      @ntlm_client.session.verify_signature(signature, data_to_check)
+    end
+
+    # Completes local initialisation of @ntlm_client using the server's response
+    #
+    # @param type2_message [String] NTLM type 2 message sent from server
+    # @return [String] Type 3 message to be sent to the server to complete the NTLM handshake
+    def process_ntlm_type2(type2_message)
+      ntlmssp_offset = type2_message.index('NTLMSSP')
+      type2_blob = type2_message.slice(ntlmssp_offset..-1)
+      type2_b64_message = [type2_blob].pack('m')
+      type3_message = @ntlm_client.init_context(type2_b64_message)
+      auth3 = type3_message.serialize
+
+      @session_key = @ntlm_client.session_key
+      auth3
+    end
+
+    # Send a rpc_auth3 PDU that ends the authentication handshake.
+    # This function should be overriden for other providers (e.g. Kerberos, etc.)
+    #
+    # @param response [BindAck] the BindAck response packet
+    # @param options [Hash] Unused by the NTLM auth provider
+    def auth_provider_complete_handshake(response, options)
+      auth3 = process_ntlm_type2(response.auth_value)
+
+      rpc_auth3 = RpcAuth3.new
+      add_auth_verifier(rpc_auth3, auth3)
+      rpc_auth3.pdu_header.call_id = @call_id
+
+      # The server should not respond
+      send_packet(rpc_auth3)
+      @call_id += 1
+
+      nil
+    end
+
+    def force_set_auth_params(auth_type, auth_level)
+      @auth_type = auth_type
+      @auth_level = auth_level
+    end
+
+
     # Bind to the remote server interface endpoint. It takes care of adding
     # the necessary authentication verifier if `:auth_level` is set to
     # anything different than RPC_C_AUTHN_LEVEL_NONE
@@ -74,23 +191,16 @@ module RubySMB
       @call_id ||= 1
       bind_req = Bind.new(options)
       bind_req.pdu_header.call_id = @call_id
+      auth_type = options.fetch(:auth_type) { RPC_C_AUTHN_WINNT }
+      auth_level = options.fetch(:auth_level) { RPC_C_AUTHN_LEVEL_NONE }
 
-      if options[:auth_level] && options[:auth_level] != RPC_C_AUTHN_LEVEL_NONE
-        case options[:auth_type]
-        when RPC_C_AUTHN_WINNT, RPC_C_AUTHN_DEFAULT
-          @ctx_id            = 0
-          @auth_ctx_id_base  = rand(0xFFFFFFFF)
-          raise ArgumentError, "NTLM Client not initialized. Username and password must be provided" unless @ntlm_client
-          type1_message = @ntlm_client.init_context
-          auth = type1_message.serialize
-        when RPC_C_AUTHN_GSS_KERBEROS, RPC_C_AUTHN_NETLOGON, RPC_C_AUTHN_GSS_NEGOTIATE
-        when RPC_C_AUTHN_GSS_KERBEROS, RPC_C_AUTHN_NETLOGON, RPC_C_AUTHN_GSS_NEGOTIATE, RPC_C_AUTHN_GSS_SCHANNEL
-          # TODO
-          raise NotImplementedError
-        else
-          raise ArgumentError, "Unsupported Auth Type: #{options[:auth_type]}"
-        end
-        add_auth_verifier(bind_req, auth, options[:auth_type], options[:auth_level])
+      force_set_auth_params(auth_type, auth_level)
+
+      if @auth_level != RPC_C_AUTHN_LEVEL_NONE
+        @ctx_id            = 0
+        @auth_ctx_id_base  = rand(0xFFFFFFFF)
+        auth = auth_provider_init
+        add_auth_verifier(bind_req, auth)
       end
 
       send_packet(bind_req)
@@ -110,17 +220,11 @@ module RubySMB
       self.max_buffer_size = dcerpc_response.max_xmit_frag
       @call_id = dcerpc_response.pdu_header.call_id
 
-      if options[:auth_level] && options[:auth_level] != RPC_C_AUTHN_LEVEL_NONE
+      if auth_level != RPC_C_AUTHN_LEVEL_NONE
         # The number of legs needed to build the security context is defined
         # by the security provider
-        # (see [2.2.1.1.7 Security Providers](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rpce/d4097450-c62f-484b-872f-ddf59a7a0d36))
-        case options[:auth_type]
-        when RPC_C_AUTHN_WINNT
-          send_auth3(dcerpc_response, options[:auth_type], options[:auth_level])
-        when RPC_C_AUTHN_GSS_KERBEROS, RPC_C_AUTHN_NETLOGON, RPC_C_AUTHN_GSS_NEGOTIATE
-          # TODO
-          raise NotImplementedError
-        end
+        # (see [2.2.1.1.7 Security Providers](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rpce/d4097450-c62f-484b-872f-ddf59a7a0d36))
+        auth_provider_complete_handshake(dcerpc_response, options)
       end
 
       dcerpc_response
@@ -156,16 +260,24 @@ module RubySMB
       nil
     end
 
+    def get_auth_padding_length(plaintext_len)
+      (16 - (plaintext_len % 16)) % 16
+    end
+
     # Add the authentication verifier to a Request packet. This includes a
     # sec trailer and the signature of the packet. This also encrypts the
     # Request stub if privacy is required (`:auth_level` option is
     # RPC_C_AUTHN_LEVEL_PKT_PRIVACY).
     #
     # @param dcerpc_req [Request] the Request packet to be updated
-    # @param opts [Hash] the authenticaiton options: `:auth_type` and `:auth_level`
+    # @param opts [Hash] the authentication options: `:auth_type` and `:auth_level`
     # @raise [NotImplementedError] if `:auth_type` is not implemented (yet)
     # @raise [ArgumentError] if `:auth_type` is unknown
     def set_integrity_privacy(dcerpc_req, auth_level:, auth_type:)
+      unless [RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, RPC_C_AUTHN_LEVEL_PKT_PRIVACY].include?(auth_level)
+        raise ArgumentError, "Unsupported Auth Type: #{auth_type}"
+      end
+
       dcerpc_req.sec_trailer = {
         auth_type: auth_type,
         auth_level: auth_level,
@@ -174,35 +286,30 @@ module RubySMB
       dcerpc_req.auth_value = ' ' * 16
       dcerpc_req.pdu_header.auth_length = 16
 
-      data_to_sign = plain_stub = dcerpc_req.stub.to_binary_s + dcerpc_req.auth_pad.to_binary_s
-      if @ntlm_client.flags & NTLM::NEGOTIATE_FLAGS[:EXTENDED_SECURITY] != 0
-        data_to_sign = dcerpc_req.to_binary_s[0..-(dcerpc_req.pdu_header.auth_length + 1)]
-      end
-
-      encrypted_stub = ''
-      if auth_level == RPC_C_AUTHN_LEVEL_PKT_PRIVACY
-        case auth_type
-        when RPC_C_AUTHN_NONE
-        when RPC_C_AUTHN_WINNT, RPC_C_AUTHN_DEFAULT
-          encrypted_stub = @ntlm_client.session.seal_message(plain_stub)
-        when RPC_C_AUTHN_NETLOGON, RPC_C_AUTHN_GSS_NEGOTIATE, RPC_C_AUTHN_GSS_SCHANNEL, RPC_C_AUTHN_GSS_KERBEROS
-          # TODO
-          raise NotImplementedError
-        else
-          raise ArgumentError, "Unsupported Auth Type: #{auth_type}"
-        end
-      end
+      auth_provider_encrypt_and_sign(dcerpc_req)
+    end
 
-      signature = @ntlm_client.session.sign_message(data_to_sign)
+    def set_signature_on_packet(dcerpc_req, signature)
+      dcerpc_req.auth_value = signature
+      dcerpc_req.pdu_header.auth_length = signature.size
+    end
 
+    def set_encrypted_packet(dcerpc_req, encrypted_stub, pad_length)
       unless encrypted_stub.empty?
-        pad_length = dcerpc_req.sec_trailer.auth_pad_length.to_i
         dcerpc_req.enable_encrypted_stub
-        dcerpc_req.stub = encrypted_stub[0..-(pad_length + 1)]
-        dcerpc_req.auth_pad = encrypted_stub[-(pad_length)..-1]
+        dcerpc_req.stub = encrypted_stub[0..-(pad_length+1)]
+        if pad_length != 0
+          dcerpc_req.auth_pad = encrypted_stub[-(pad_length)..-1]
+        end
+      end
+    end
+
+    def set_decrypted_packet(dcerpc_response, decrypted_stub)
+      unless decrypted_stub.empty?
+        pad_length = dcerpc_response.sec_trailer.auth_pad_length.to_i
+        dcerpc_response.stub = decrypted_stub[0..-(pad_length + 1)]
+        dcerpc_response.auth_pad = decrypted_stub[-(pad_length + 1)..-1]
       end
-      dcerpc_req.auth_value = signature
-      dcerpc_req.pdu_header.auth_length = signature.size
     end
 
     # Process the security context received in a response. It decrypts the
@@ -214,39 +321,18 @@ module RubySMB
     #
     # @param dcerpc_response [Response] the Response packet
     #   containing the security context to process
-    # @param opts [Hash] the authenticaiton options: `:auth_type` and
+    # @param opts [Hash] the authentication options: `:auth_type` and
     #   `:auth_level`. To enable errors when signature check fails, set the
     #   `:raise_signature_error` option to true
     # @raise [NotImplementedError] if `:auth_type` is not implemented (yet)
     # @raise [Error::CommunicationError] if socket-related error occurs
     def handle_integrity_privacy(dcerpc_response, auth_level:, auth_type:, raise_signature_error: false)
-      decrypted_stub = ''
-      if auth_level == RPC_C_AUTHN_LEVEL_PKT_PRIVACY
-        encrypted_stub = dcerpc_response.stub.to_binary_s + dcerpc_response.auth_pad.to_binary_s
-        case auth_type
-        when RPC_C_AUTHN_NONE
-        when RPC_C_AUTHN_WINNT, RPC_C_AUTHN_DEFAULT
-          decrypted_stub = @ntlm_client.session.unseal_message(encrypted_stub)
-        when RPC_C_AUTHN_NETLOGON, RPC_C_AUTHN_GSS_NEGOTIATE, RPC_C_AUTHN_GSS_SCHANNEL, RPC_C_AUTHN_GSS_KERBEROS
-          # TODO
-          raise NotImplementedError
-        else
-          raise ArgumentError, "Unsupported Auth Type: #{auth_type}"
-        end
-      end
-
-      unless decrypted_stub.empty?
-        pad_length = dcerpc_response.sec_trailer.auth_pad_length.to_i
-        dcerpc_response.stub = decrypted_stub[0..-(pad_length + 1)]
-        dcerpc_response.auth_pad = decrypted_stub[-(pad_length)..-1]
+      unless [RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, RPC_C_AUTHN_LEVEL_PKT_PRIVACY].include?(auth_level)
+        raise ArgumentError, "Unsupported Auth Type: #{auth_type}"
       end
+      signature_valid = auth_provider_decrypt_and_verify(dcerpc_response)
 
-      signature = dcerpc_response.auth_value
-      data_to_check = dcerpc_response.stub.to_binary_s
-      if @ntlm_client.flags & NTLM::NEGOTIATE_FLAGS[:EXTENDED_SECURITY] != 0
-        data_to_check = dcerpc_response.to_binary_s[0..-(dcerpc_response.pdu_header.auth_length + 1)]
-      end
-      unless @ntlm_client.session.verify_signature(signature, data_to_check)
+      unless signature_valid
         if raise_signature_error
           raise Error::InvalidPacket.new(
             "Wrong packet signature received (set `raise_signature_error` to false to ignore)"
@@ -264,12 +350,10 @@ module RubySMB
     #
     # @param req [BinData::Record] the request to be updated
     # @param auth [String] the authentication data
-    # @param auth_type [Integer] the authentication type
-    # @param auth_level [Integer] the authentication level
-    def add_auth_verifier(req, auth, auth_type, auth_level)
+    def add_auth_verifier(req, auth)
       req.sec_trailer = {
-        auth_type: auth_type,
-        auth_level: auth_level,
+        auth_type: @auth_type,
+        auth_level: @auth_level,
         auth_context_id: @ctx_id + @auth_ctx_id_base
       }
       req.auth_value = auth
@@ -277,46 +361,5 @@ module RubySMB
 
       nil
     end
-
-    def process_ntlm_type2(type2_message)
-      ntlmssp_offset = type2_message.index('NTLMSSP')
-      type2_blob = type2_message.slice(ntlmssp_offset..-1)
-      type2_b64_message = [type2_blob].pack('m')
-      type3_message = @ntlm_client.init_context(type2_b64_message)
-      auth3 = type3_message.serialize
-
-      @session_key = @ntlm_client.session_key
-      auth3
-    end
-
-    # Send a rpc_auth3 PDU that ends the authentication handshake.
-    #
-    # @param response [BindAck] the BindAck response packet
-    # @param auth_type [Integer] the authentication type
-    # @param auth_level [Integer] the authentication level
-    # @raise [ArgumentError] if `:auth_type` is unknown
-    # @raise [NotImplementedError] if `:auth_type` is not implemented (yet)
-    def send_auth3(response, auth_type, auth_level)
-      case auth_type
-      when RPC_C_AUTHN_NONE
-      when RPC_C_AUTHN_WINNT, RPC_C_AUTHN_DEFAULT
-        auth3 = process_ntlm_type2(response.auth_value)
-      when RPC_C_AUTHN_NETLOGON, RPC_C_AUTHN_GSS_NEGOTIATE, RPC_C_AUTHN_GSS_SCHANNEL, RPC_C_AUTHN_GSS_KERBEROS
-        # TODO
-        raise NotImplementedError
-      else
-        raise ArgumentError, "Unsupported Auth Type: #{auth_type}"
-      end
-
-      rpc_auth3 = RpcAuth3.new
-      add_auth_verifier(rpc_auth3, auth3, auth_type, auth_level)
-      rpc_auth3.pdu_header.call_id = @call_id
-
-      # The server should not respond
-      send_packet(rpc_auth3)
-      @call_id += 1
-
-      nil
-    end
   end
 end

data/lib/ruby_smb/version.rb

@@ -1,3 +1,3 @@
 module RubySMB
-  VERSION = '3.2.5'.freeze
+  VERSION = '3.2.6'.freeze
 end

data/spec/lib/ruby_smb/dcerpc/client_spec.rb

@@ -9,7 +9,12 @@ RSpec.describe RubySMB::Dcerpc::Client do
   let(:endpoint) { RubySMB::Dcerpc::Samr }
 
   subject(:client) { described_class.new(host, endpoint) }
-  subject(:auth_client) { described_class.new(host, endpoint, username: 'testuser', password: '1234') }
+  subject(:auth_client) do
+    result = described_class.new(host, endpoint, username: 'testuser', password: '1234')
+    result.force_set_auth_params(RubySMB::Dcerpc::RPC_C_AUTHN_WINNT, RubySMB::Dcerpc::RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
+   
+    result
+  end
 
   it { is_expected.to respond_to :domain }
   it { is_expected.to respond_to :local_workstation }
@@ -135,21 +140,21 @@ RSpec.describe RubySMB::Dcerpc::Client do
     describe '#add_auth_verifier' do
       let(:req) { RubySMB::Dcerpc::Bind.new }
       let(:auth_type) { RubySMB::Dcerpc::RPC_C_AUTHN_WINNT }
-      let(:auth_level) { 0 }
+      let(:auth_level) { RubySMB::Dcerpc::RPC_C_AUTHN_LEVEL_PKT_PRIVACY }
       let(:auth) { 'serialized auth value' }
 
       it 'sets #auth_value field to the expected value' do
-        auth_client.add_auth_verifier(req, auth, auth_type, auth_level)
+        auth_client.add_auth_verifier(req, auth)
         expect(req.auth_value).to eq(auth)
       end
 
       it 'sets PDUHeader #auth_length field to the expected value' do
-        auth_client.add_auth_verifier(req, auth, auth_type, auth_level)
+        auth_client.add_auth_verifier(req, auth)
         expect(req.pdu_header.auth_length).to eq(auth.length)
       end
 
       it 'sets #sec_trailer field to the expected value' do
-        auth_client.add_auth_verifier(req, auth, auth_type, auth_level)
+        auth_client.add_auth_verifier(req, auth)
         expect(req.sec_trailer.auth_type).to eq(auth_type)
         expect(req.sec_trailer.auth_level).to eq(auth_level)
         expect(req.sec_trailer.auth_context_id).to eq(auth_client.instance_variable_get(:@auth_ctx_id_base))
@@ -202,29 +207,29 @@ RSpec.describe RubySMB::Dcerpc::Client do
       end
 
       it 'add an auth verifier to the RpcAuth3 packet' do
-        auth_client.send_auth3(bindack, auth_type, auth_level)
-        expect(auth_client).to have_received(:add_auth_verifier).with(rpc_auth3, auth3, auth_type, auth_level)
+        auth_client.auth_provider_complete_handshake(bindack, auth_type: auth_type, auth_level: auth_level)
+        expect(auth_client).to have_received(:add_auth_verifier).with(rpc_auth3, auth3)
       end
 
       it 'sets the PDUHeader #call_id to the expected value' do
         auth_client.instance_variable_set(:@call_id, 56)
-        auth_client.send_auth3(bindack, auth_type, auth_level)
+        auth_client.auth_provider_complete_handshake(bindack, auth_type: auth_type, auth_level: auth_level)
         expect(rpc_auth3.pdu_header.call_id).to eq(56)
       end
 
       it 'sends the RpcAuth3 packet' do
-        auth_client.send_auth3(bindack, auth_type, auth_level)
+        auth_client.auth_provider_complete_handshake(bindack, auth_type: auth_type, auth_level: auth_level)
         expect(auth_client).to have_received(:send_packet).with(rpc_auth3)
       end
 
       it 'increments #call_id' do
-        auth_client.send_auth3(bindack, auth_type, auth_level)
+        auth_client.auth_provider_complete_handshake(bindack, auth_type: auth_type, auth_level: auth_level)
         expect(auth_client.instance_variable_get(:@call_id)).to eq(2)
       end
 
       context 'with RPC_C_AUTHN_WINNT auth_type' do
         it 'processes NTLM type2 message' do
-          auth_client.send_auth3(bindack, auth_type, auth_level)
+          auth_client.auth_provider_complete_handshake(bindack, auth_type: auth_type, auth_level: auth_level)
           expect(auth_client).to have_received(:process_ntlm_type2).with(auth)
         end
       end
@@ -300,7 +305,7 @@ RSpec.describe RubySMB::Dcerpc::Client do
 
       context 'with RPC_C_AUTHN_WINNT auth_type' do
         let(:kwargs) do {
-            auth_level: RubySMB::Dcerpc::RPC_C_AUTHN_LEVEL_DEFAULT,
+            auth_level: RubySMB::Dcerpc::RPC_C_AUTHN_LEVEL_PKT_PRIVACY,
             auth_type: RubySMB::Dcerpc::RPC_C_AUTHN_WINNT
           }
         end
@@ -310,7 +315,7 @@ RSpec.describe RubySMB::Dcerpc::Client do
           allow(client.ntlm_client).to receive(:init_context).and_return(type1_message)
           allow(type1_message).to receive(:serialize).and_return(auth)
           allow(client).to receive(:add_auth_verifier)
-          allow(client).to receive(:send_auth3)
+          allow(client).to receive(:auth_provider_complete_handshake)
         end
 
         it 'raises an exception if the NTLM client is not initialized' do
@@ -320,12 +325,12 @@ RSpec.describe RubySMB::Dcerpc::Client do
 
         it 'adds the auth verifier with a NTLM type1 message' do
           client.bind(**kwargs)
-          expect(client).to have_received(:add_auth_verifier).with(bind_req, auth, kwargs[:auth_type], kwargs[:auth_level])
+          expect(client).to have_received(:add_auth_verifier).with(bind_req, auth)
         end
 
         it 'sends an auth3 request' do
           client.bind(**kwargs)
-          expect(client).to have_received(:send_auth3).with(bindack_response, kwargs[:auth_type], kwargs[:auth_level])
+          expect(client).to have_received(:auth_provider_complete_handshake).with(bindack_response, auth_type: kwargs[:auth_type], auth_level: kwargs[:auth_level])
         end
       end
     end
@@ -372,10 +377,14 @@ RSpec.describe RubySMB::Dcerpc::Client do
 
   describe '#set_integrity_privacy' do
     let(:dcerpc_req) do
-      RubySMB::Dcerpc::Request.new(
+      req = RubySMB::Dcerpc::Request.new(
         { opnum: RubySMB::Dcerpc::Winreg::REG_ENUM_KEY },
         { endpoint: 'Winreg' }
       )
+      req.sec_trailer.auth_pad_length = 8
+      req.auth_pad = "\x00" * 8
+
+      req
     end
     let(:auth_level) { RubySMB::Dcerpc::RPC_C_AUTHN_LEVEL_PKT_PRIVACY }
     let(:auth_type) { RubySMB::Dcerpc::RPC_C_AUTHN_WINNT }
@@ -656,6 +665,8 @@ RSpec.describe RubySMB::Dcerpc::Client do
       # Make sure the encrypted stub includes the correct pad to make sure sec_trailer is 16-bytes aligned
       allow(session).to receive(:unseal_message).and_return(decrypted_stub + auth_pad)
       allow(session).to receive(:verify_signature).and_return true
+      dcerpc_res.sec_trailer.auth_type = auth_type
+      dcerpc_res.sec_trailer.auth_level = auth_level
     end
 
     it 'verifies the signature' do
@@ -698,6 +709,8 @@ RSpec.describe RubySMB::Dcerpc::Client do
     context 'without RPC_C_AUTHN_LEVEL_PKT_PRIVACY auth_level' do
       it 'does not encrypt the stub' do
         plain_stub = dcerpc_res.stub.to_binary_s
+        dcerpc_res.sec_trailer.auth_level = RubySMB::Dcerpc::RPC_C_AUTHN_LEVEL_PKT_INTEGRITY
+        dcerpc_res.sec_trailer.auth_type = RubySMB::Dcerpc::RPC_C_AUTHN_WINNT
         auth_client.handle_integrity_privacy(dcerpc_res, auth_level: RubySMB::Dcerpc::RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, auth_type: auth_type)
         expect(dcerpc_res.stub).to eq(plain_stub)
         expect(session).to_not have_received(:unseal_message)
@@ -706,6 +719,8 @@ RSpec.describe RubySMB::Dcerpc::Client do
 
     context 'with an unsupported auth_level' do
       it 'raises an Argument exception' do
+        dcerpc_res.sec_trailer.auth_level = RubySMB::Dcerpc::RPC_C_AUTHN_LEVEL_PKT_INTEGRITY
+        dcerpc_res.sec_trailer.auth_type = 88
         expect { auth_client.handle_integrity_privacy(dcerpc_res, auth_level: auth_level, auth_type: 88) }.to raise_error(ArgumentError)
       end
     end

data/spec/lib/ruby_smb/dcerpc/drsr_spec.rb

@@ -6,7 +6,10 @@ RSpec.describe RubySMB::Dcerpc::Drsr do
   end
 
   let(:drsr) do
-    RubySMB::Dcerpc::Client.new('1.2.3.4', RubySMB::Dcerpc::Drsr)
+    drsr = RubySMB::Dcerpc::Client.new('1.2.3.4', RubySMB::Dcerpc::Drsr)
+    drsr.force_set_auth_params(RubySMB::Dcerpc::RPC_C_AUTHN_WINNT, RubySMB::Dcerpc::RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
+
+    drsr
   end
 
   describe described_class::DrsHandle do

data/spec/lib/ruby_smb/dcerpc/request_spec.rb

@@ -134,12 +134,6 @@ RSpec.describe RubySMB::Dcerpc::Request do
       packet.pdu_header.auth_length = 10
       expect(packet.auth_pad?).to be true
     end
-
-    it 'makes sure #sec_trailer is 16-bytes aligned with the begining of the PDU body (stub)' do
-      packet.pdu_header.auth_length = 6
-      packet.stub = 'A' * rand(0xFF)
-      expect((packet.sec_trailer.abs_offset - packet.stub.abs_offset) % 16).to eq(0)
-    end
   end
 
   describe '#sec_trailer' do

data/spec/lib/ruby_smb/dcerpc/response_spec.rb

@@ -77,12 +77,6 @@ RSpec.describe RubySMB::Dcerpc::Response do
       packet.pdu_header.auth_length = 10
       expect(packet.auth_pad?).to be true
     end
-
-    it 'makes sure #sec_trailer is 16-bytes aligned with the begining of the PDU body (stub)' do
-      packet.pdu_header.auth_length = 6
-      packet.stub = 'A' * rand(0xFF)
-      expect((packet.sec_trailer.abs_offset - packet.stub.abs_offset) % 16).to eq(0)
-    end
   end
 
   describe '#sec_trailer' do

data/spec/lib/ruby_smb/dcerpc/sec_trailer_spec.rb

@@ -36,20 +36,6 @@ RSpec.describe RubySMB::Dcerpc::SecTrailer do
       expect(packet.auth_pad_length).to eq(0)
     end
 
-    context 'when the parent structure has an #auth_pad field' do
-      let(:pad) { 'A' * rand(0xFF) }
-      let(:packet_with_parent) do
-        Class.new(BinData::Record) do
-          string      :auth_pad
-          sec_trailer :sec_trailer
-        end.new(auth_pad: pad)
-      end
-
-      it 'has a value equal to the size of the #auth_pad field' do
-        expect(packet_with_parent.sec_trailer.auth_pad_length).to eq(pad.size)
-      end
-    end
-
     context 'when the parent structure does not have an #auth_pad field' do
       let(:pad) { 'A' * rand(0xFF) }
       let(:packet_with_parent) do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ruby_smb
 version: !ruby/object:Gem::Version
-  version: 3.2.5
+  version: 3.2.6
 platform: ruby
 authors:
 - Metasploit Hackers
@@ -97,7 +97,7 @@ cert_chain:
   EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
   9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
   -----END CERTIFICATE-----
-date: 2023-03-09 00:00:00.000000000 Z
+date: 2023-10-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: redcarpet
@@ -256,6 +256,7 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
+- cortex.yaml
 - examples/anonymous_auth.rb
 - examples/append_file.rb
 - examples/auth_capture.rb
@@ -295,6 +296,8 @@ files:
 - lib/ruby_smb/create_actions.rb
 - lib/ruby_smb/crypto.rb
 - lib/ruby_smb/dcerpc.rb
+- lib/ruby_smb/dcerpc/alter_context.rb
+- lib/ruby_smb/dcerpc/alter_context_resp.rb
 - lib/ruby_smb/dcerpc/bind.rb
 - lib/ruby_smb/dcerpc/bind_ack.rb
 - lib/ruby_smb/dcerpc/client.rb
@@ -343,8 +346,12 @@ files:
 - lib/ruby_smb/dcerpc/netlogon/netr_server_password_set2_response.rb
 - lib/ruby_smb/dcerpc/netlogon/netr_server_req_challenge_request.rb
 - lib/ruby_smb/dcerpc/netlogon/netr_server_req_challenge_response.rb
+- lib/ruby_smb/dcerpc/p_cont_list_t.rb
+- lib/ruby_smb/dcerpc/p_result_list_t.rb
+- lib/ruby_smb/dcerpc/p_result_t.rb
 - lib/ruby_smb/dcerpc/p_syntax_id_t.rb
 - lib/ruby_smb/dcerpc/pdu_header.rb
+- lib/ruby_smb/dcerpc/port_any_t.rb
 - lib/ruby_smb/dcerpc/print_system.rb
 - lib/ruby_smb/dcerpc/print_system/rpc_add_printer_driver_ex_request.rb
 - lib/ruby_smb/dcerpc/print_system/rpc_add_printer_driver_ex_response.rb