Class: RubySMB::Server::ServerClient

Inherits:

Object

• Object
• RubySMB::Server::ServerClient

Includes:

Encryption, Negotiation, SessionSetup, ShareIO, TreeConnect, RubySMB::Signing

Defined in:

lib/ruby_smb/server/server_client.rb,
lib/ruby_smb/server/server_client/share_io.rb,
lib/ruby_smb/server/server_client/encryption.rb,
lib/ruby_smb/server/server_client/negotiation.rb,
lib/ruby_smb/server/server_client/tree_connect.rb,
lib/ruby_smb/server/server_client/session_setup.rb

Overview

This class represents a single connected client to the server. It stores and processes connection specific related information.

Defined Under Namespace

Modules: Encryption, Negotiation, SessionSetup, ShareIO, TreeConnect

Constant Summary

MAX_TREE_CONNECTIONS =

1000

Instance Attribute Summary

• #dialect ⇒ Object readonly

  Returns the value of attribute dialect.

• #dispatcher ⇒ Object readonly

  Returns the value of attribute dispatcher.

• #session_table ⇒ Object readonly

  Returns the value of attribute session_table.

Attributes included from RubySMB::Signing

#session_key

Instance Method Summary

• #disconnect! ⇒ Object

  Disconnect the remote client.

• #getpeername ⇒ String

  The peername of the connected socket.

• #handle_smb(raw_request) ⇒ Object

  Handle a request after the dialect has been negotiated.

• #initialize(server, dispatcher) ⇒ ServerClient constructor

  A new instance of ServerClient.

• #logger ⇒ Logger

  The logger object associated with this instance.

• #metadialect ⇒ Dialect::Definition

  The dialects metadata definition.

• #peerhost ⇒ Object
• #peerport ⇒ Object
• #process_gss(buffer = nil) ⇒ Gss::Provider::Result

  Process a GSS authentication buffer.

• #recv_packet ⇒ String

  Receive a single SMB packet from the dispatcher.

• #run ⇒ Object

  Run the processing loop to receive and handle requests.

• #send_packet(packet) ⇒ Object

  Send a single SMB packet using the dispatcher.

• #update_preauth_hash(data) ⇒ Object

  Update the preauth integrity hash as used by dialect 3.1.1 for various cryptographic operations.

Methods included from TreeConnect

#do_tree_connect_smb1, #do_tree_connect_smb2, #do_tree_disconnect_smb1, #do_tree_disconnect_smb2

Methods included from ShareIO

#proxy_share_io_smb1, #proxy_share_io_smb2

Methods included from SessionSetup

#do_logoff_andx_smb1, #do_logoff_smb2, #do_session_setup_andx_smb1, #do_session_setup_smb2

Methods included from Negotiation

#do_negotiate_smb1, #do_negotiate_smb2, #handle_negotiate

Methods included from Encryption

#smb3_decrypt, #smb3_encrypt

Methods included from RubySMB::Signing

#smb1_sign, smb1_sign, #smb2_sign, smb2_sign, #smb3_sign, smb3_sign

Constructor Details

#initialize(server, dispatcher) ⇒ ServerClient

Returns a new instance of ServerClient.

Parameters:

• server (Server) —

  the server that accepted this connection

• dispatcher (Dispatcher::Socket) —

  the connection's socket dispatcher

# File 'lib/ruby_smb/server/server_client.rb', line 26

def initialize(server, dispatcher)
  @server = server
  @dispatcher = dispatcher
  @dialect = nil
  @sequence_counter = 0
  @cipher_id = 0
  @gss_authenticator = server.gss_provider.new_authenticator(self)
  @preauth_integrity_hash_algorithm = nil
  @preauth_integrity_hash_value = nil
  @in_packet_queue = []

  # session id => session instance
  @session_table = {}
  @smb2_related_operations_state = {}
end

Instance Attribute Details

#dialect ⇒ Object (readonly)

Returns the value of attribute dialect.

# File 'lib/ruby_smb/server/server_client.rb', line 22

def dialect
  @dialect
end

#dispatcher ⇒ Object (readonly)

Returns the value of attribute dispatcher.

# File 'lib/ruby_smb/server/server_client.rb', line 22

def dispatcher
  @dispatcher
end

#session_table ⇒ Object (readonly)

Returns the value of attribute session_table.

# File 'lib/ruby_smb/server/server_client.rb', line 22

def session_table
  @session_table
end

Instance Method Details

#disconnect! ⇒ Object

Disconnect the remote client.

# File 'lib/ruby_smb/server/server_client.rb', line 185

def disconnect!
  @dialect = nil
  @dispatcher.tcp_socket.close unless @dispatcher.tcp_socket.closed?
end

#getpeername ⇒ String

The peername of the connected socket. This is a combination of the IPv4 or IPv6 address and port number.

Examples:

Parse the value into an IP address

::Socket::unpack_sockaddr_in(server_client.getpeername)

Returns:

• (String)

# File 'lib/ruby_smb/server/server_client.rb', line 57

def getpeername
  @dispatcher.tcp_socket.getpeername
end

#handle_smb(raw_request) ⇒ Object

Handle a request after the dialect has been negotiated. This is the main handler for all requests after the connection has been established. If a request handler raises NotImplementedError, the server will respond to the client with NT Status STATUS_NOT_SUPPORTED.

Parameters:

• raw_request (String) —

  the request that should be handled

# File 'lib/ruby_smb/server/server_client.rb', line 76

def handle_smb(raw_request)
  response = nil

  case raw_request[0...4].unpack1('L>')
  when RubySMB::SMB1::SMB_PROTOCOL_ID
    begin
      header = RubySMB::SMB1::SMBHeader.read(raw_request)
    rescue IOError => e
      logger.error("Caught a #{e.class} while reading the SMB1 header (#{e.message})")
      disconnect!
      return
    end

    begin
      response = handle_smb1(raw_request, header)
    rescue NotImplementedError => e
      message = "Caught a NotImplementedError while handling a #{SMB1::Commands.name(header.command)} request"
      message << " (#{e.message})" if e.message
      logger.error(message)
      response = RubySMB::SMB1::Packet::EmptyPacket.new
      response.smb_header.nt_status = WindowsError::NTStatus::STATUS_NOT_SUPPORTED
    end

    unless response.nil?
      # set these header fields if they were not initialized
      if response.is_a?(SMB1::Packet::EmptyPacket)
        response.smb_header.command = header.command if response.smb_header.command == 0
        response.smb_header.flags.reply = 1
        nt_status = response.smb_header.nt_status.to_i
        message = "Sending an error packet for SMB1 command: #{SMB1::Commands.name(header.command)}, status: 0x#{nt_status.to_s(16).rjust(8, '0')}"
        if (nt_status_name = WindowsError::NTStatus.find_by_retval(nt_status).first&.name)
          message << " (#{nt_status_name})"
        end
        logger.info(message)
      end

      response.smb_header.pid_high = header.pid_high if response.smb_header.pid_high == 0
      response.smb_header.tid = header.tid if response.smb_header.tid == 0
      response.smb_header.pid_low = header.pid_low if response.smb_header.pid_low == 0
      response.smb_header.uid = header.uid if response.smb_header.uid == 0
      response.smb_header.mid = header.mid if response.smb_header.mid == 0
    end
  when RubySMB::SMB2::SMB2_PROTOCOL_ID
    response = _handle_smb2(raw_request)
  when RubySMB::SMB2::SMB2_TRANSFORM_PROTOCOL_ID
    begin
      header = RubySMB::SMB2::Packet::TransformHeader.read(raw_request)
    rescue IOError => e
      logger.error("Caught a #{e.class} while reading the SMB3 Transform header")
      disconnect!
      return
    end

    begin
      response = handle_smb3_transform(raw_request, header)
    rescue NotImplementedError
      logger.error("Caught a NotImplementedError while handling a SMB3 Transform request")
      response = SMB2::Packet::ErrorPacket.new
      response.smb2_header.nt_status = WindowsError::NTStatus::STATUS_NOT_SUPPORTED
      response.smb2_header.session_id = header.session_id
    end
  end

  if response.nil?
    disconnect!
    return
  end

  send_packet(response)
end

#logger ⇒ Logger

The logger object associated with this instance.

Returns:

• (Logger)

# File 'lib/ruby_smb/server/server_client.rb', line 194

def logger
  @server.logger
end

#metadialect ⇒ Dialect::Definition

The dialects metadata definition.

Returns:

• (Dialect::Definition)

# File 'lib/ruby_smb/server/server_client.rb', line 46

def metadialect
  Dialect::ALL[@dialect]
end

#peerhost ⇒ Object

# File 'lib/ruby_smb/server/server_client.rb', line 61

def peerhost
  ::Socket::unpack_sockaddr_in(getpeername)[1]
end

#peerport ⇒ Object

# File 'lib/ruby_smb/server/server_client.rb', line 65

def peerport
  ::Socket::unpack_sockaddr_in(getpeername)[0]
end

#process_gss(buffer = nil) ⇒ Gss::Provider::Result

Process a GSS authentication buffer. If no buffer is specified, the request is assumed to be the first in the negotiation sequence.

Parameters:

• buffer (String, nil) (defaults to: nil) —

  the request GSS request buffer that should be processed

Returns:

• (Gss::Provider::Result) —

  the result of the processed GSS request

# File 'lib/ruby_smb/server/server_client.rb', line 153

def process_gss(buffer=nil)
  @gss_authenticator.process(buffer)
end

#recv_packet ⇒ String

Receive a single SMB packet from the dispatcher.

Returns:

• (String) —

  the raw packet

# File 'lib/ruby_smb/server/server_client.rb', line 202

def recv_packet
  return @in_packet_queue.shift if @in_packet_queue.length > 0

  packet = @dispatcher.recv_packet
  if packet && packet.length >= 4 && packet[0...4].unpack1('L>') == RubySMB::SMB2::SMB2_PROTOCOL_ID
    @in_packet_queue += split_smb2_chain(packet)
    packet = @in_packet_queue.shift
  end

  packet
end

#run ⇒ Object

Run the processing loop to receive and handle requests. This loop runs until an exception occurs or the dispatcher socket is closed.

# File 'lib/ruby_smb/server/server_client.rb', line 161

def run
  loop do
    begin
      raw_request = recv_packet
    rescue RubySMB::Error::CommunicationError
      break
    end

    if @dialect.nil?
      handle_negotiate(raw_request)
      logger.info("Negotiated dialect: #{RubySMB::Dialect[@dialect].full_name}") unless @dialect.nil?
    else
      handle_smb(raw_request)
    end

    break if @dispatcher.tcp_socket.closed?
  end

  disconnect!
end

#send_packet(packet) ⇒ Object

Send a single SMB packet using the dispatcher. If necessary, the packet will be signed.

Parameters:

• packet (GenericPacket) —

  the packet to send

# File 'lib/ruby_smb/server/server_client.rb', line 218

def send_packet(packet)
  case metadialect&.family
  when Dialect::FAMILY_SMB1
    session_id = packet.smb_header.uid
  when Dialect::FAMILY_SMB2
    session_id = packet.smb2_header.session_id
  when Dialect::FAMILY_SMB3
    if packet.is_a?(RubySMB::SMB2::Packet::TransformHeader)
      session_id = packet.session_id
    else
      session_id = packet.smb2_header.session_id
    end
  end
  session = @session_table[session_id]

  unless session.nil? || session.is_anonymous || session.key.nil? || packet.is_a?(RubySMB::SMB2::Packet::TransformHeader)
    case metadialect&.family
    when Dialect::FAMILY_SMB1
      packet = Signing::smb1_sign(packet, session.key, @sequence_counter)
    when Dialect::FAMILY_SMB2
      packet = Signing::smb2_sign(packet, session.key)
    when Dialect::FAMILY_SMB3
      packet = Signing::smb3_sign(packet, session.key, @dialect, @preauth_integrity_hash_value)
    end
  end

  @sequence_counter += 1
  @dispatcher.send_packet(packet)
end

#update_preauth_hash(data) ⇒ Object

Update the preauth integrity hash as used by dialect 3.1.1 for various cryptographic operations. The algorithm and hash values must have been initialized prior to calling this.

Parameters:

• data (String) —

  the data with which to update the preauth integrity hash

# File 'lib/ruby_smb/server/server_client.rb', line 253

def update_preauth_hash(data)
  unless @preauth_integrity_hash_algorithm
    raise RubySMB::Error::EncryptionError.new(
      'Cannot compute the Preauth Integrity Hash value: Preauth Integrity Hash Algorithm is nil'
    )
  end
  @preauth_integrity_hash_value = OpenSSL::Digest.digest(
    @preauth_integrity_hash_algorithm,
    @preauth_integrity_hash_value + data.to_binary_s
  )
end