diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index e84878891..f1f634d2c 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -1,5 +1,21 @@ name: Verify +# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions +permissions: + actions: none + checks: none + contents: none + deployments: none + id-token: none + issues: none + discussions: none + packages: none + pages: none + pull-requests: none + repository-projects: none + security-events: none + statuses: none + on: push: branches: @@ -10,7 +26,7 @@ on: jobs: test: - runs-on: ubuntu-18.04 + runs-on: ${{ matrix.os }} timeout-minutes: 40 strategy: @@ -19,15 +35,22 @@ jobs: ruby: - 2.6 - 2.7 - - 3.0.3 - - 3.1.1 + - 3.0 + - 3.1 + os: + - ubuntu-18.04 + - ubuntu-22.04 + exclude: + - { os: ubuntu-22.04, ruby: 2.6 } + - { os: ubuntu-22.04, ruby: 2.7 } + - { os: ubuntu-22.04, ruby: 3.0 } test_cmd: - bundle exec rspec env: RAILS_ENV: test - name: Ruby ${{ matrix.ruby }} - ${{ matrix.test_cmd }} + name: ${{ matrix.os }} - Ruby ${{ matrix.ruby }} - ${{ matrix.test_cmd }} steps: - name: Checkout code uses: actions/checkout@v2 diff --git a/Gemfile b/Gemfile index 6a0cd1f2e..fc3be31ef 100644 --- a/Gemfile +++ b/Gemfile @@ -1,6 +1,9 @@ source 'https://rubygems.org' gemspec +gem 'openssl-ccm', github: 'adfoster-r7/openssl-ccm', branch: 'add-support-openssl-3' +gem 'openssl-cmac', github: 'adfoster-r7/openssl-cmac', branch: 'add-support-for-openssl3' + group :development do # for development and testing purposes gem 'pry-byebug' @@ -8,8 +11,6 @@ group :development do end group :test do - # simplecov test formatter and uploader for Coveralls.io - gem "coveralls", '~>0.8.23', :require => false # Testing gem 'rspec' # Coverage reports diff --git a/README.md b/README.md index b5f76c364..c0e40a7c4 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,6 @@ # RubySMB [![Code Climate](https://codeclimate.com/github/rapid7/ruby_smb.png)](https://codeclimate.com/github/rapid7/ruby_smb) -[![Coverage Status](https://coveralls.io/repos/github/rapid7/ruby_smb/badge.svg?branch=master)](https://coveralls.io/github/rapid7/ruby_smb?branch=master) This is a native Ruby implementation of the SMB Protocol Family. It currently supports: diff --git a/lib/ruby_smb/signing.rb b/lib/ruby_smb/signing.rb index 9c0d737b0..b46a8a302 100644 --- a/lib/ruby_smb/signing.rb +++ b/lib/ruby_smb/signing.rb @@ -12,8 +12,8 @@ module Signing # @param [RubySMB::GenericPacket] packet The packet to sign. # @return [RubySMB::GenericPacket] the signed packet def smb1_sign(packet) - packet = Signing::smb1_sign(packet, @session_key, @sequence_counter) - @sequence_counter += 1 + packet = Signing::smb1_sign(packet, session_key, sequence_counter) + self.sequence_counter += 1 packet end @@ -41,7 +41,7 @@ def self.smb1_sign(packet, session_key, sequence_counter) # @param [RubySMB::GenericPacket] packet The packet to sign. # @return [RubySMB::GenericPacket] the signed packet def smb2_sign(packet) - Signing::smb2_sign(packet, @session_key) + Signing::smb2_sign(packet, session_key) end # Take an SMB2 packet and sign it. This version is a module function that @@ -51,6 +51,8 @@ def smb2_sign(packet) # @param [String] session_key The key to use for signing. # @return [RubySMB::GenericPacket] the signed packet def self.smb2_sign(packet, session_key) + return packet if session_key.nil? || session_key == '' + packet.smb2_header.flags.signed = 1 packet.smb2_header.signature = "\x00" * 16 hmac = OpenSSL::HMAC.digest(OpenSSL::Digest.new('SHA256'), session_key, packet.to_binary_s) diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 8bc4bd002..d47b79e83 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,18 +1,16 @@ +# Enable legacy providers +ENV['OPENSSL_CONF'] = File.expand_path( + File.join(File.dirname(__FILE__), 'support', 'openssl.conf') +) + require 'simplecov' SimpleCov.start unless SimpleCov.running SimpleCov.add_filter '/spec/' -require 'coveralls' require 'ruby_smb' -if ENV['CI'] == 'true' - # don't generate local report as it is inaccessible on travis-ci, which is - # why coveralls is being used. - SimpleCov.formatter = Coveralls::SimpleCov::Formatter -else - SimpleCov.formatter = SimpleCov::Formatter::HTMLFormatter -end +SimpleCov.formatter = SimpleCov::Formatter::HTMLFormatter Dir['./spec/support/**/*.rb'].sort.each { |f| require f } diff --git a/spec/support/openssl.conf b/spec/support/openssl.conf new file mode 100644 index 000000000..adfa225f6 --- /dev/null +++ b/spec/support/openssl.conf @@ -0,0 +1,14 @@ +openssl_conf = openssl_init + +[openssl_init] +providers = provider_sect + +[provider_sect] +default = default_sect +legacy = legacy_sect + +[default_sect] +activate = 1 + +[legacy_sect] +activate = 1