/// <summary>
        /// This method will send ComNegotiate request before sending a Negotiate request to simulate windows client behaviour.
        /// If ComNegotiate failed, the Negotiate request will still be sent.
        /// </summary>
        public uint MultiProtocolNegotiate(
            Smb2Client client,
            ushort creditCharge,
            ushort creditRequest,
            Packet_Header_Flags_Values flags,
            ulong messageId,
            DialectRevision[] dialects,
            SecurityMode_Values securityMode,
            Capabilities_Values capabilities,
            Guid clientGuid,
            out DialectRevision selectedDialect,
            out byte[] gssToken,
            out Packet_Header responseHeader,
            out NEGOTIATE_Response responsePayload)
        {
            uint status = client.MultiProtocolNegotiate(
                new string[] { "SMB 2.002", "SMB 2.???" },
                out selectedDialect,
                out gssToken,
                out responseHeader,
                out responsePayload);

            if (responseHeader.Status != Smb2Status.STATUS_SUCCESS)
            {
                LogFailedStatus("ComNegotiate", responseHeader.Status);
            }


            PreauthIntegrityHashID[] preauthHashAlgs = null;
            EncryptionAlgorithm[]    encryptionAlgs  = null;

            // For back compatibility, if dialects contains SMB 3.11, preauthentication integrity context should be present.
            if (Array.IndexOf(dialects, DialectRevision.Smb311) >= 0)
            {
                preauthHashAlgs = new PreauthIntegrityHashID[] { PreauthIntegrityHashID.SHA_512 };
                encryptionAlgs  = new EncryptionAlgorithm[] {
                    EncryptionAlgorithm.ENCRYPTION_AES128_GCM,
                    EncryptionAlgorithm.ENCRYPTION_AES128_CCM
                };
            }

            status = client.Negotiate(
                creditCharge,
                creditRequest,
                flags,
                messageId,
                dialects,
                securityMode,
                capabilities,
                clientGuid,
                out selectedDialect,
                out gssToken,
                out responseHeader,
                out responsePayload,
                0,
                preauthHashAlgs,
                encryptionAlgs);

            return(status);
        }
Beispiel #2
0
        private void FetchSmb2CompressionInfo(Smb2Info smb2Info)
        {
            if (smb2Info.MaxSupportedDialectRevision < DialectRevision.Smb311)
            {
                logWriter.AddLog(LogLevel.Information, "SMB dialect less than 3.1.1 does not support compression.");
                smb2Info.SupportedCompressionAlgorithms = new CompressionAlgorithm[0];
                return;
            }

            var possibleCompressionAlogrithms = new CompressionAlgorithm[] { CompressionAlgorithm.LZ77, CompressionAlgorithm.LZ77Huffman, CompressionAlgorithm.LZNT1 };

            // Iterate all possible compression algorithm for Windows will only return only one supported compression algorithm in response.
            var result = possibleCompressionAlogrithms.Where(compressionAlgorithm =>
            {
                using (var client = new Smb2Client(new TimeSpan(0, 0, defaultTimeoutInSeconds)))
                {
                    client.ConnectOverTCP(SUTIpAddress);

                    DialectRevision selectedDialect;
                    byte[] gssToken;
                    Packet_Header responseHeader;
                    NEGOTIATE_Response responsePayload;

                    uint status = client.Negotiate(
                        0,
                        1,
                        Packet_Header_Flags_Values.NONE,
                        0,
                        new DialectRevision[] { DialectRevision.Smb311 },
                        SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED,
                        Capabilities_Values.NONE,
                        Guid.NewGuid(),
                        out selectedDialect,
                        out gssToken,
                        out responseHeader,
                        out responsePayload,
                        preauthHashAlgs: new PreauthIntegrityHashID[] { PreauthIntegrityHashID.SHA_512 },
                        compressionAlgorithms: new CompressionAlgorithm[] { compressionAlgorithm }
                        );

                    if (status == Smb2Status.STATUS_SUCCESS && client.CompressionInfo.CompressionIds.Length == 1 && client.CompressionInfo.CompressionIds[0] == compressionAlgorithm)
                    {
                        logWriter.AddLog(LogLevel.Information, $"Compression algorithm: {compressionAlgorithm} is supported by SUT.");
                        return(true);
                    }
                    else
                    {
                        logWriter.AddLog(LogLevel.Information, $"Compression algorithm: {compressionAlgorithm} is not supported by SUT.");
                        return(false);
                    }
                }
            });

            smb2Info.SupportedCompressionAlgorithms = result.ToArray();
        }
Beispiel #3
0
        public void NegotiateRequest(Sequence <DialectRevision> dialects)
        {
            Packet_Header      responseHeader  = new Packet_Header();
            DialectRevision    selectedDialect = DialectRevision.Smb2Unknown;
            NEGOTIATE_Response responsePayload = new NEGOTIATE_Response();

            byte[]          smb2ClientGssToken;
            ModelSmb2Status status = ModelSmb2Status.STATUS_SUCCESS;

            try
            {
                status = (ModelSmb2Status)smb2Client.Negotiate(0, 1, Packet_Header_Flags_Values.NONE, messageId++, dialects.ToArray(), SecurityMode_Values.NONE, Capabilities_Values.NONE, Guid.NewGuid(),
                                                               out selectedDialect, out smb2ClientGssToken, out responseHeader, out responsePayload);
                if (status != ModelSmb2Status.STATUS_SUCCESS)
                {
                    selectedDialect = DialectRevision.Smb2Unknown;
                }
                this.NegotiateResponse(status, selectedDialect);
            }
            catch
            {
            }
        }
        public uint Negotiate(DialectRevision[] dialects, SecurityMode_Values securityMode, Capabilities_Values capabilityValue, Guid clientGuid, out DialectRevision selectedDialect, ushort creditRequest = 1)
        {
            Packet_Header      header;
            NEGOTIATE_Response negotiateResponse;

            uint status = client.Negotiate(
                0,
                creditRequest,
                Packet_Header_Flags_Values.NONE,
                messageId++,
                dialects,
                securityMode,
                capabilityValue,
                clientGuid,
                out selectedDialect,
                out serverGssToken,
                out header,
                out negotiateResponse);

            grantedCredit = header.CreditRequestResponse;

            return(status);
        }
        public void NegotiateRequest(List <DialectRevision> dialects)
        {
            Smb2NegotiateRequestPacket  negotiateRequest;
            Smb2NegotiateResponsePacket negotiateResponse;
            DialectRevision             selectedDialect = DialectRevision.Smb2Unknown;

            byte[]          smb2ClientGssToken;
            ModelSmb2Status status = ModelSmb2Status.STATUS_SUCCESS;

            try
            {
                status = (ModelSmb2Status)smb2Client.Negotiate(0, 1, Packet_Header_Flags_Values.NONE, messageId++, dialects.ToArray(), SecurityMode_Values.NONE, Capabilities_Values.NONE, Guid.NewGuid(),
                                                               out selectedDialect, out smb2ClientGssToken, out negotiateRequest, out negotiateResponse);
                if (status != ModelSmb2Status.STATUS_SUCCESS)
                {
                    selectedDialect = DialectRevision.Smb2Unknown;
                }
                this.NegotiateResponse(status, selectedDialect);
                testConfig.CheckNegotiateContext(negotiateRequest, negotiateResponse);
            }
            catch
            {
            }
        }
        /// <summary>
        /// This method will send ComNegotiate request before sending a Negotiate request to simulate windows client behaviour.
        /// If ComNegotiate failed, the Negotiate request will still be sent.      
        /// </summary>
        public uint MultiProtocolNegotiate(
            Smb2Client client,
            ushort creditCharge,
            ushort creditRequest,
            Packet_Header_Flags_Values flags,
            ulong messageId,
            DialectRevision[] dialects,
            SecurityMode_Values securityMode,
            Capabilities_Values capabilities,
            Guid clientGuid,
            out DialectRevision selectedDialect,
            out byte[] gssToken,
            out Packet_Header responseHeader,
            out NEGOTIATE_Response responsePayload)
        {
            uint status = client.MultiProtocolNegotiate(
                    new string[] { "SMB 2.002", "SMB 2.???" },
                    out selectedDialect,
                    out gssToken,
                    out responseHeader,
                    out responsePayload);

            if (responseHeader.Status != Smb2Status.STATUS_SUCCESS)
            {
                LogFailedStatus("ComNegotiate", responseHeader.Status);
            }

            // If server only supports Smb2002, no further SMB2 negotiate needed
            if (selectedDialect == DialectRevision.Smb2002)
            {
                return status;
            }

            PreauthIntegrityHashID[] preauthHashAlgs = null;
            EncryptionAlgorithm[] encryptionAlgs = null;

            // For back compatibility, if dialects contains SMB 3.11, preauthentication integrity context should be present.
            if (Array.IndexOf(dialects, DialectRevision.Smb311) >= 0)
            {
                preauthHashAlgs = new PreauthIntegrityHashID[] { PreauthIntegrityHashID.SHA_512 };
                encryptionAlgs = new EncryptionAlgorithm[] {
                EncryptionAlgorithm.ENCRYPTION_AES128_GCM,
                EncryptionAlgorithm.ENCRYPTION_AES128_CCM };
            }

            status = client.Negotiate(
                creditCharge,
                creditRequest,
                flags,
                messageId,
                dialects,
                securityMode,
                capabilities,
                clientGuid,
                out selectedDialect,
                out gssToken,
                out responseHeader,
                out responsePayload,
                0,
                preauthHashAlgs,
                encryptionAlgs);

            return status;
        }
Beispiel #7
0
        private void FetchSmb2CompressionInfo(Smb2Info smb2Info)
        {
            if (smb2Info.MaxSupportedDialectRevision < DialectRevision.Smb311)
            {
                logWriter.AddLog(LogLevel.Information, "SMB dialect less than 3.1.1 does not support compression.");
                smb2Info.SupportedCompressionAlgorithms = new CompressionAlgorithm[0];
                smb2Info.IsChainedCompressionSupported  = false;
                return;
            }

            var allCompressionAlogrithms = Enum.GetValues(typeof(CompressionAlgorithm)).Cast <CompressionAlgorithm>().ToArray();

            var possibleCompressionAlogrithms = Smb2Utility.GetSupportedPatternScanningAlgorithms(allCompressionAlogrithms).Concat(Smb2Utility.GetSupportedCompressionAlgorithms(allCompressionAlogrithms));

            // Iterate all possible compression algorithm for Windows will only return only one supported compression algorithm in response.
            var result = possibleCompressionAlogrithms.Where(compressionAlgorithm =>
            {
                using (var client = new Smb2Client(new TimeSpan(0, 0, defaultTimeoutInSeconds)))
                {
                    client.ConnectOverTCP(SUTIpAddress);

                    DialectRevision selectedDialect;
                    byte[] gssToken;
                    Packet_Header responseHeader;
                    NEGOTIATE_Response responsePayload;

                    uint status = client.Negotiate(
                        0,
                        1,
                        Packet_Header_Flags_Values.NONE,
                        0,
                        new DialectRevision[] { DialectRevision.Smb311 },
                        SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED,
                        Capabilities_Values.NONE,
                        Guid.NewGuid(),
                        out selectedDialect,
                        out gssToken,
                        out responseHeader,
                        out responsePayload,
                        preauthHashAlgs: new PreauthIntegrityHashID[] { PreauthIntegrityHashID.SHA_512 },
                        compressionAlgorithms: new CompressionAlgorithm[] { compressionAlgorithm }
                        );

                    if (status == Smb2Status.STATUS_SUCCESS && client.CompressionInfo.CompressionIds.Length == 1 && client.CompressionInfo.CompressionIds[0] == compressionAlgorithm)
                    {
                        logWriter.AddLog(LogLevel.Information, $"Compression algorithm: {compressionAlgorithm} is supported by SUT.");
                        return(true);
                    }
                    else
                    {
                        logWriter.AddLog(LogLevel.Information, $"Compression algorithm: {compressionAlgorithm} is not supported by SUT.");
                        return(false);
                    }
                }
            });

            smb2Info.SupportedCompressionAlgorithms = result.ToArray();

            // Check for chained compression support
            using (var client = new Smb2Client(new TimeSpan(0, 0, defaultTimeoutInSeconds)))
            {
                client.ConnectOverTCP(SUTIpAddress);

                DialectRevision    selectedDialect;
                byte[]             gssToken;
                Packet_Header      responseHeader;
                NEGOTIATE_Response responsePayload;

                uint status = client.Negotiate(
                    0,
                    1,
                    Packet_Header_Flags_Values.NONE,
                    0,
                    new DialectRevision[] { DialectRevision.Smb311 },
                    SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED,
                    Capabilities_Values.NONE,
                    Guid.NewGuid(),
                    out selectedDialect,
                    out gssToken,
                    out responseHeader,
                    out responsePayload,
                    preauthHashAlgs: new PreauthIntegrityHashID[] { PreauthIntegrityHashID.SHA_512 },
                    compressionAlgorithms: possibleCompressionAlogrithms.ToArray(),
                    compressionFlags: SMB2_COMPRESSION_CAPABILITIES_Flags.SMB2_COMPRESSION_CAPABILITIES_FLAG_CHAINED
                    );

                if (status == Smb2Status.STATUS_SUCCESS && client.CompressionInfo.SupportChainedCompression)
                {
                    logWriter.AddLog(LogLevel.Information, "Chained compression is supported by SUT.");

                    smb2Info.IsChainedCompressionSupported = true;
                }
                else
                {
                    logWriter.AddLog(LogLevel.Information, "Chained compression is not supported by SUT.");

                    smb2Info.IsChainedCompressionSupported = false;
                }
            }
        }
        private bool DetectAP(DomainInfo domain, Server ap, KerberosDetector detector)
        {
            logWriter.AddLog(string.Format("===== Detect Application Server in Domain {0} =====", domain.Name), LogLevel.Normal);

            string hostname = ap.FQDN;
            IPAddress ip = IPAddress.Loopback;
            try
            {
                var hostentry = Dns.GetHostEntry(hostname);
                ip = hostentry.AddressList[0];
                ap.IPv4 = ip.ToString();
                string computerName = hostentry.HostName;
                string machineName = computerName.Split('.')[0];
                ap.FQDN = ServerHelper.GetAccountAttribute(machineName, "Computers", "dNSHostName", domain.Name, domain.Admin, domain.AdminPassword);
                ap.IsWindows = detector.FetchPlatformInfo(computerName);
            }
            catch
            {
                logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed);
                logWriter.AddLineToLog(LogLevel.Advanced);
                return false;
            }

            if (ap.FQDN == null)
            {
                logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed);
                logWriter.AddLineToLog(LogLevel.Advanced);
                return false;
            }

            string[] tempArray = ap.FQDN.Split('.');
            ap.ComputerName = tempArray[0];

            try
            {
                ap.NetBIOS = ServerHelper.GetAccountAttribute(ap.ComputerName, "Computers", "sAMAccountName", domain.Name, domain.Admin, domain.AdminPassword);//DC01$: NetBIOS name
                ap.DefaultServiceName = "host/" + ap.FQDN.ToLower();
                ap.ServiceSalt = domain.Name.ToUpper() + "host" + ap.FQDN.ToLower();
                ap.smb2Service.SMB2ServiceName = "cifs/" + ap.FQDN.ToLower();
            }
            catch
            {
                logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed);
                logWriter.AddLineToLog(LogLevel.Advanced);
                return false;
            }

            try
            {
                if (detectionInfo.HasSmbServer)
                {
                    //get smb dialect
                    Smb2Client clientForInitialOpen = new Smb2Client(new TimeSpan(0, 0, 15));
                    byte[] gssToken;
                    Packet_Header header;
                    try
                    {
                        clientForInitialOpen.ConnectOverTCP(ip);

                        NEGOTIATE_Response negotiateResp;
                        DialectRevision connection_Dialect = DialectRevision.Smb2Unknown;
                        DialectRevision[] requestDialect = new DialectRevision[] { DialectRevision.Smb2002, DialectRevision.Smb21, DialectRevision.Smb30, DialectRevision.Smb302 };
                        ulong messageId = 0;

                        uint status = clientForInitialOpen.Negotiate(
                            1,
                            1,
                            Packet_Header_Flags_Values.NONE,
                            messageId++,
                            requestDialect,
                            SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED,
                            Capabilities_Values.GLOBAL_CAP_DFS | Capabilities_Values.GLOBAL_CAP_LEASING | Capabilities_Values.GLOBAL_CAP_LARGE_MTU,
                            Guid.NewGuid(),
                            out connection_Dialect,
                            out gssToken,
                            out header,
                            out negotiateResp);

                        if (header.Status != Smb2Status.STATUS_SUCCESS)
                        {
                            logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed);
                            logWriter.AddLineToLog(LogLevel.Advanced);
                            return false;
                        }
                        else
                        {
                            ap.smb2Service.SMB2Dialect = connection_Dialect.ToString();
                        }

                    }
                    catch
                    {
                        logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed);
                        logWriter.AddLineToLog(LogLevel.Advanced);
                        return false;
                    }

                    //detect smb share

                    string[] shareList = ServerHelper.EnumShares(ap.IPv4, domain.Admin, domain.Name, domain.AdminPassword);
                    if (shareList.Length > 0)
                    {
                        //only get the first one as default value
                        //can ptftool support add more choices?
                        for (int i = 0; i < shareList.Length; i++)
                        {
                            if (shareList[i].Substring(shareList[i].Length - 1, 1) != "$")
                            {
                                ap.smb2Service.DACShare = shareList[i];
                                ap.smb2Service.CBACShare = shareList[i];
                                break;
                            }
                        }

                    }
                    else
                    {
                        ap.smb2Service.DACShare = string.Empty;
                        ap.smb2Service.CBACShare = string.Empty;
                    }
                }
                if (detectionInfo.HasHttpServer)
                {
                    //detect http server
                    ap.httpService.HttpServiceName = "http/" + ap.FQDN.ToLower();

                    try
                    {
                        HttpWebRequest request = (HttpWebRequest)WebRequest.Create("http://" + ap.FQDN);
                        request.Credentials = new NetworkCredential(domain.Admin + "@" + domain.Name, domain.AdminPassword);
                        WebResponse response = request.GetResponse();

                        ap.httpService.Uri = response.ResponseUri.OriginalString;
                    }
                    catch
                    {
                        ap.httpService.Uri = string.Empty;
                    }
                }

            }
            catch
            {
                logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed);
                logWriter.AddLineToLog(LogLevel.Advanced);
                return false;
            }

            logWriter.AddLog("Success", LogLevel.Normal, false, LogStyle.StepPassed);
            logWriter.AddLineToLog(LogLevel.Advanced);
            return true;
        }
        private void FetchSmb2EncryptionInfo(Smb2Info smb2Info)
        {
            EncryptionAlgorithm[] excludedEncryptionAlogrithms;
            if (smb2Info.MaxSupportedDialectRevision < DialectRevision.Smb311)
            {
                excludedEncryptionAlogrithms = new EncryptionAlgorithm[]
                {
                    EncryptionAlgorithm.ENCRYPTION_NONE,
                    EncryptionAlgorithm.ENCRYPTION_INVALID,
                    EncryptionAlgorithm.ENCRYPTION_AES256_CCM,
                    EncryptionAlgorithm.ENCRYPTION_AES256_GCM
                };
            }
            else
            {
                excludedEncryptionAlogrithms = new EncryptionAlgorithm[]
                {
                    EncryptionAlgorithm.ENCRYPTION_NONE,
                    EncryptionAlgorithm.ENCRYPTION_INVALID
                };
            }

            var possibleEncryptionAlogrithms = Enum.GetValues(typeof(EncryptionAlgorithm)).Cast <EncryptionAlgorithm>().Except(excludedEncryptionAlogrithms);

            logWriter.AddLog(DetectLogLevel.Information, $"Available EncryptionAlgorithms ==> {String.Join(";", possibleEncryptionAlogrithms.Select(encryptionAlgorithm => encryptionAlgorithm.ToString()))}");

            // Iterate all the possible encryption algorithms since we get back only one encryption algorithm in response.
            var result = possibleEncryptionAlogrithms.Where(encryptionAlgorithm =>
            {
                using (var client = new Smb2Client(new TimeSpan(0, 0, defaultTimeoutInSeconds)))
                {
                    client.ConnectOverTCP(SUTIpAddress);

                    DialectRevision selectedDialect;
                    byte[] gssToken;
                    Packet_Header responseHeader;
                    NEGOTIATE_Response responsePayload;

                    uint status = client.Negotiate(
                        0,
                        1,
                        Packet_Header_Flags_Values.NONE,
                        0,
                        new DialectRevision[] { DialectRevision.Smb311 },
                        SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED,
                        Capabilities_Values.NONE,
                        Guid.NewGuid(),
                        out selectedDialect,
                        out gssToken,
                        out responseHeader,
                        out responsePayload,
                        preauthHashAlgs: new PreauthIntegrityHashID[] { PreauthIntegrityHashID.SHA_512 },
                        encryptionAlgs: new EncryptionAlgorithm[] { encryptionAlgorithm }
                        );

                    if (status == Smb2Status.STATUS_SUCCESS && client.SelectedCipherID == encryptionAlgorithm)
                    {
                        logWriter.AddLog(DetectLogLevel.Information, $"Encryption algorithm: {encryptionAlgorithm} is supported by SUT.");
                        return(true);
                    }
                    else
                    {
                        logWriter.AddLog(DetectLogLevel.Information, $"Encryption algorithm: {encryptionAlgorithm} is not supported by SUT.");
                        return(false);
                    }
                }
            });

            smb2Info.SutSupportedEncryptionAlgorithms = result.ToArray();
        }
Beispiel #10
0
        private bool UserLogon(DetectionInfo info, Smb2Client client, out ulong messageId, out ulong sessionId, out Guid clientGuid, out NEGOTIATE_Response negotiateResp)
        {
            messageId = 0;
            sessionId = 0;
            client.ConnectOverTCP(Dns.GetHostAddresses(info.ContentServerName)[0]);

            #region Negotiate

            DialectRevision selectedDialect;
            byte[]          gssToken;
            Packet_Header   header;
            clientGuid = Guid.NewGuid();

            client.Negotiate(
                1,
                1,
                Packet_Header_Flags_Values.NONE,
                messageId++,
                new DialectRevision[] { DialectRevision.Smb30 },
                SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED,
                Capabilities_Values.GLOBAL_CAP_DFS | Capabilities_Values.GLOBAL_CAP_DIRECTORY_LEASING | Capabilities_Values.GLOBAL_CAP_LARGE_MTU | Capabilities_Values.GLOBAL_CAP_LEASING | Capabilities_Values.GLOBAL_CAP_MULTI_CHANNEL | Capabilities_Values.GLOBAL_CAP_PERSISTENT_HANDLES,
                clientGuid,
                out selectedDialect,
                out gssToken,
                out header,
                out negotiateResp);

            if (header.Status != Smb2Status.STATUS_SUCCESS)
            {
                LogFailedStatus("NEGOTIATE", header.Status);
                throw new Exception(string.Format("NEGOTIATE failed with {0}", Smb2Status.GetStatusCode(header.Status)));
            }

            #endregion

            #region Session Setup

            SESSION_SETUP_Response    sessionSetupResp;
            SspiClientSecurityContext sspiClientGss =
                new SspiClientSecurityContext(
                    SecurityPackageType,
                    Credential,
                    Smb2Utility.GetCifsServicePrincipalName(ContentServerName),
                    ClientSecurityContextAttribute.None,
                    SecurityTargetDataRepresentation.SecurityNativeDrep);

            // Server GSS token is used only for Negotiate authentication when enabled
            if (SecurityPackageType == SecurityPackageType.Negotiate)
            {
                sspiClientGss.Initialize(gssToken);
            }
            else
            {
                sspiClientGss.Initialize(null);
            }

            do
            {
                client.SessionSetup(
                    1,
                    64,
                    Packet_Header_Flags_Values.NONE,
                    messageId++,
                    sessionId,
                    SESSION_SETUP_Request_Flags.NONE,
                    SESSION_SETUP_Request_SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED,
                    SESSION_SETUP_Request_Capabilities_Values.GLOBAL_CAP_DFS,
                    0,
                    sspiClientGss.Token,
                    out sessionId,
                    out gssToken,
                    out header,
                    out sessionSetupResp);

                if ((header.Status == Smb2Status.STATUS_MORE_PROCESSING_REQUIRED || header.Status == Smb2Status.STATUS_SUCCESS) && gssToken != null && gssToken.Length > 0)
                {
                    sspiClientGss.Initialize(gssToken);
                }
            } while (header.Status == Smb2Status.STATUS_MORE_PROCESSING_REQUIRED);

            if (header.Status != Smb2Status.STATUS_SUCCESS)
            {
                LogFailedStatus("SESSIONSETUP", header.Status);
                throw new Exception(string.Format("SESSIONSETUP failed with {0}", Smb2Status.GetStatusCode(header.Status)));
            }

            byte[] sessionKey;
            sessionKey = sspiClientGss.SessionKey;
            client.GenerateCryptoKeys(sessionId, sessionKey, true, false, null, false);

            #endregion

            return(true);
        }