private static bool VerifySession(ModelSmb2Status status, ModelRequestType modelRequestType, EncryptionConfig c) { ModelHelper.Log(LogType.Requirement, "3.3.5.2.9 Verifying the Session"); if (Smb2Utility.IsSmb3xFamily(negotiateDialect) && Session_EncryptData == SessionEncryptDataType.SessionEncryptDataSet && (modelRequestType == ModelRequestType.UnEncryptedRequest) && (config.MaxSmbVersionSupported == ModelDialectRevision.Smb311 || ((config.MaxSmbVersionSupported == ModelDialectRevision.Smb30 || config.MaxSmbVersionSupported == ModelDialectRevision.Smb302) && config.IsGlobalRejectUnencryptedAccessEnabled))) { ModelHelper.Log(LogType.Requirement, "If Connection.Dialect belongs to the SMB 3.x dialect family, and Session.EncryptData is TRUE, " + "the server MUST do the following: \n" + "\tIf the server supports the 3.1.1 dialect, locate the Request in Connection.RequestList for which " + "Request.MessageId matches the MessageId value in the SMB2 header of the request." + "\tOtherwise, if the server supports 3.0 or 3.0.2 dialect, and RejectUnencryptedAccess is TRUE, " + "locate the Request in Connection.RequestList for which Request.MessageId matches the MessageId " + "value in the SMB2 header of the request.\n" + "If Request.IsEncrypted is FALSE, the server MUST fail the request with STATUS_ACCESS_DENIED"); ModelHelper.Log(LogType.TestInfo, "Server supports {0}, RejectUnencryptedAccess is {1}", config.MaxSmbVersionSupported, config.IsGlobalRejectUnencryptedAccessEnabled ? "TRUE" : "FALSE"); ModelHelper.Log(LogType.TestTag, TestTag.Compatibility); Condition.IsTrue(status == ModelSmb2Status.STATUS_ACCESS_DENIED); return(false); } return(true); }
public static void FileOperationVerifyEncryptionRequest(ModelRequestType modelRequestType) { Condition.IsTrue(state == ModelState.Connected); Condition.IsNull(request); request = new ModelFileOperationVerifyEncryptionRequest(modelRequestType); }
public void FileOperationVerifyEncryptionRequest(ModelRequestType modelRequestType) { uint status = 0; if(modelRequestType == ModelRequestType.UnEncryptedRequest) { testClient.EnableSessionSigningAndEncryption(enableSigning: testConfig.SendSignedRequest, enableEncryption: false); } bool isRequestEncrypted = (modelRequestType == ModelRequestType.EncryptedRequest) ? true : false; testClient.SetTreeEncryption(treeId, isRequestEncrypted); try { FILEID fileId; Smb2CreateContextResponse[] serverCreateContexts; // Skip the verification of signature when sending a non-encrypted CREATE request to an encrypted share testClient.Smb2Client.DisableVerifySignature = true; status = testClient.Create( treeId, Guid.NewGuid().ToString(), CreateOptions_Values.FILE_NON_DIRECTORY_FILE | CreateOptions_Values.FILE_DELETE_ON_CLOSE, out fileId, out serverCreateContexts, checker: (header, response) => { }); //TODO: To be implemented after TRANSFORM_HEADER added into Smb2FunctionalClient ModelResponseType modelResponseType = (modelRequestType == ModelRequestType.EncryptedRequest) ? ModelResponseType.EncryptedResponse : ModelResponseType.UnEncryptedResponse; FileOperationVerifyEncryptionResponse((ModelSmb2Status)status, modelResponseType, encryptionConfig); } catch { } }
public static void TreeConnectRequest(ConnectToShareType connectToShareType, ModelRequestType modelRequestType) { Condition.IsTrue(state == ModelState.Connected); Condition.IsNull(request); request = new ModelTreeConnectRequest(connectToShareType, modelRequestType); }
public void FileOperationVerifyEncryptionRequest(ModelRequestType modelRequestType) { uint status = 0; if (modelRequestType == ModelRequestType.UnEncryptedRequest) { testClient.EnableSessionSigningAndEncryption(enableSigning: testConfig.SendSignedRequest, enableEncryption: false); } bool isRequestEncrypted = (modelRequestType == ModelRequestType.EncryptedRequest) ? true : false; testClient.SetTreeEncryption(treeId, isRequestEncrypted); try { FILEID fileId; Smb2CreateContextResponse[] serverCreateContexts; // Skip the verification of signature when sending a non-encrypted CREATE request to an encrypted share testClient.Smb2Client.DisableVerifySignature = true; status = testClient.Create( treeId, Guid.NewGuid().ToString(), CreateOptions_Values.FILE_NON_DIRECTORY_FILE | CreateOptions_Values.FILE_DELETE_ON_CLOSE, out fileId, out serverCreateContexts, checker: (header, response) => { }); //TODO: To be implemented after TRANSFORM_HEADER added into Smb2FunctionalClient ModelResponseType modelResponseType = (modelRequestType == ModelRequestType.EncryptedRequest) ? ModelResponseType.EncryptedResponse : ModelResponseType.UnEncryptedResponse; FileOperationVerifyEncryptionResponse((ModelSmb2Status)status, modelResponseType, encryptionConfig); } catch { } }
public ModelTreeConnectRequest( ConnectToShareType connectToShareType, ModelRequestType modelRequestType) : base(0) { this.connectToShareType = connectToShareType; this.modelRequestType = modelRequestType; }
private static bool VerifySession(ModelSmb2Status status, ModelRequestType modelRequestType) { if (Smb2Utility.IsSmb3xFamily(negotiateDialect) && Session_EncryptData == SessionEncryptDataType.SessionEncryptDataSet && config.IsGlobalRejectUnencryptedAccessEnabled && modelRequestType == ModelRequestType.UnEncryptedRequest) { ModelHelper.Log(LogType.Requirement, "3.3.5.2.9: If Connection.Dialect belongs to the SMB 3.x dialect family, Session.EncryptData is TRUE, " + "and RejectUnencryptedAccess is TRUE, the server MUST locate the Request in Connection.RequestList " + "for which Request.MessageId matches the MessageId value in the SMB2 header of the request. " + "If Request.IsEncrypted is FALSE, the server MUST fail the request with STATUS_ACCESS_DENIED."); ModelHelper.Log(LogType.TestInfo, "All the above conditions are met."); ModelHelper.Log(LogType.TestTag, TestTag.Compatibility); Condition.IsTrue(status == ModelSmb2Status.STATUS_ACCESS_DENIED); return(false); } return(true); }
void ValidateRequestType(ModelRequestType r, int index) { if (r.Id == Guid.Empty) { ModelState.AddModelError("Id" + index, "Id for request #" + index + " is empty or malformed"); } if (string.IsNullOrEmpty(r.Name)) { ModelState.AddModelError("Name" + index, "Name for request #" + index + " is not defined"); } if (string.IsNullOrEmpty(r.CreateRequestUrl)) { ModelState.AddModelError("CreateRequestUrl" + index, "'Create Request' URL for request #" + index + " is not defined"); } if (string.IsNullOrEmpty(r.RetrieveResponseUrl)) { ModelState.AddModelError("RetrieveResponseUrl" + index, "'View Response' URL for request #" + index + " is not defined"); } }
public void TreeConnectRequest(ConnectToShareType connectToShareType, ModelRequestType modelRequestType) { string sharePath = (connectToShareType == ConnectToShareType.ConnectToEncryptedShare) ? Smb2Utility.GetUncPath(testConfig.SutComputerName, testConfig.EncryptedFileShare) : Smb2Utility.GetUncPath(testConfig.SutComputerName, testConfig.BasicFileShare); if (modelRequestType == ModelRequestType.EncryptedRequest) { testClient.EnableSessionSigningAndEncryption(enableSigning: false, enableEncryption: true); } else { testClient.EnableSessionSigningAndEncryption(enableSigning: testConfig.SendSignedRequest, enableEncryption: false); } try { uint status = 0; TREE_CONNECT_Response?treeConnectResponse = null; status = testClient.TreeConnect( sharePath, out treeId, checker: (header, response) => { treeConnectResponse = response; }); ShareEncryptDataType shareEncryptDataType = treeConnectResponse.Value.ShareFlags.HasFlag(ShareFlags_Values.SHAREFLAG_ENCRYPT_DATA) ? ShareEncryptDataType.ShareEncryptDataSet : ShareEncryptDataType.ShareEncryptDataNotSet; //TODO: To be implemented after TRANSFORM_HEADER added into Smb2FunctionalClient ModelResponseType modelResponseType = (modelRequestType == ModelRequestType.EncryptedRequest) ? ModelResponseType.EncryptedResponse : ModelResponseType.UnEncryptedResponse; TreeConnectResponse((ModelSmb2Status)status, shareEncryptDataType, modelResponseType, encryptionConfig); } catch { } }
public ModelFileOperationVerifyEncryptionRequest( ModelRequestType modelRequestType) : base(0) { this.modelRequestType = modelRequestType; }
private static bool VerifyTreeConnect(ModelSmb2Status status, ModelRequestType modelRequestType, EncryptionConfig c) { ModelHelper.Log(LogType.Requirement, "3.3.5.2.11 Verifying the Tree Connect"); if (Encryption_TreeId == EncryptionTreeId.NoTreeId) { ModelHelper.Log(LogType.Requirement, "The server MUST look up the TreeConnect in Session.TreeConnectTable by using the TreeId in the SMB2 header of the request. " + "If no tree connect is found, the request MUST be failed with STATUS_NETWORK_NAME_DELETED."); ModelHelper.Log(LogType.TestInfo, "No tree connect is found."); ModelHelper.Log(LogType.TestTag, TestTag.InvalidIdentifier); Condition.IsTrue(status == ModelSmb2Status.STATUS_NETWORK_NAME_DELETED); return(false); } if (Smb2Utility.IsSmb3xFamily(negotiateDialect)) { ModelHelper.Log(LogType.Requirement, "If the Connection.Dialect belongs to the SMB 3.x dialect family, the server MUST fail the request with STATUS_ACCESS_DENIED in the following cases"); ModelHelper.Log(LogType.TestInfo, "The Connection.Dialect is {0}.", negotiateDialect); // Actually the "EncryptData is true" is redundant since it would failed in verify session step if (Connection_ServerCapabilities_SMB2_GLOBAL_CAP_ENCRYPTION && ((config.MaxSmbVersionSupported == ModelDialectRevision.Smb311 && Encryption_TreeId == EncryptionTreeId.TreeIdToEncryptShare) || ((config.MaxSmbVersionSupported == ModelDialectRevision.Smb30 || config.MaxSmbVersionSupported == ModelDialectRevision.Smb302) && (Encryption_TreeId == EncryptionTreeId.TreeIdToEncryptShare || config.IsGlobalEncryptDataEnabled) && config.IsGlobalRejectUnencryptedAccessEnabled)) && modelRequestType == ModelRequestType.UnEncryptedRequest) { ModelHelper.Log(LogType.Requirement, "\tServer supports the 3.1.1 dialect, TreeConnect.Share.EncryptData is TRUE, " + "Connection.ServerCapabilities includes SMB2_GLOBAL_CAP_ENCRYPTION, and Request.IsEncrypted is FALSE\n" + "\tServer supports the 3.0 or 3.0.2 dialect, EncryptData or TreeConnect.Share.EncryptData is TRUE, " + "Connection.ServerCapabilities includes SMB2_GLOBAL_CAP_ENCRYPTION, RejectUnencryptedAccess is TRUE, " + "and Request.IsEncrypted is FALSE"); ModelHelper.Log(LogType.TestInfo, "Server supports {0}, RejectUnencryptedAccess is {1}", config.MaxSmbVersionSupported, config.IsGlobalRejectUnencryptedAccessEnabled ? "TRUE" : "FALSE"); ModelHelper.Log(LogType.TestTag, TestTag.Compatibility); Condition.IsTrue(status == ModelSmb2Status.STATUS_ACCESS_DENIED); return(false); } if ((config.IsGlobalEncryptDataEnabled || Encryption_TreeId == EncryptionTreeId.TreeIdToEncryptShare || modelRequestType == ModelRequestType.EncryptedRequest) && config.IsGlobalRejectUnencryptedAccessEnabled && !Connection_ServerCapabilities_SMB2_GLOBAL_CAP_ENCRYPTION) { ModelHelper.Log(LogType.Requirement, "\tEncryptData or TreeConnect.Share.EncryptData or Request.IsEncrypted is TRUE, RejectUnencryptedAccess is TRUE, " + "and Connection.ServerCapabilities does not include SMB2_GLOBAL_CAP_ENCRYPTION."); ModelHelper.Log(LogType.TestInfo, "The server implements {0}, EncryptData is {1}, TreeConnect.Share.EncryptData is {2}, " + "Request.IsEncrypted is {3}, RejectUnencryptedAccess is TRUE, " + "and Connection.ServerCapabilities does not include SMB2_GLOBAL_CAP_ENCRYPTION.", config.MaxSmbVersionSupported, config.IsGlobalEncryptDataEnabled, Encryption_TreeId == EncryptionTreeId.TreeIdToEncryptShare ? "TRUE" : "FALSE", modelRequestType == ModelRequestType.EncryptedRequest ? "TRUE" : "FALSE"); ModelHelper.Log(LogType.TestInfo, "The SUT platform is {0}.", config.Platform); ModelHelper.Log(LogType.TestTag, TestTag.Compatibility); Condition.IsTrue(status == ModelSmb2Status.STATUS_ACCESS_DENIED); return(false); } } return(true); }
private static bool VerifyTreeConnect(ModelSmb2Status status, ModelRequestType modelRequestType, EncryptionConfig c) { ModelHelper.Log(LogType.Requirement, "3.3.5.2.11 Verifying the Tree Connect"); if (Encryption_TreeId == EncryptionTreeId.NoTreeId) { ModelHelper.Log(LogType.Requirement, "The server MUST look up the TreeConnect in Session.TreeConnectTable by using the TreeId in the SMB2 header of the request. " + "If no tree connect is found, the request MUST be failed with STATUS_NETWORK_NAME_DELETED."); ModelHelper.Log(LogType.TestInfo, "No tree connect is found."); ModelHelper.Log(LogType.TestTag, TestTag.InvalidIdentifier); Condition.IsTrue(status == ModelSmb2Status.STATUS_NETWORK_NAME_DELETED); return false; } if (ModelUtility.IsSmb3xFamily(config.MaxSmbVersionSupported)) { ModelHelper.Log(LogType.Requirement, "If the server implements the SMB 3.x dialect family, it MUST return STATUS_ACCESS_DENIED for the following cases:"); ModelHelper.Log(LogType.TestInfo, "The server implements {0}.", config.MaxSmbVersionSupported); if (Encryption_TreeId == EncryptionTreeId.TreeIdToEncryptShare && config.IsGlobalRejectUnencryptedAccessEnabled && modelRequestType == ModelRequestType.UnEncryptedRequest) { ModelHelper.Log(LogType.Requirement, "\tIf TreeConnect.Share.EncryptData is TRUE, RejectUnencryptedAccess is TRUE, and Request.IsEncrypted is FALSE."); ModelHelper.Log(LogType.TestInfo, "The above conditions are met."); ModelHelper.Log(LogType.TestTag, TestTag.Compatibility); Condition.IsTrue(status == ModelSmb2Status.STATUS_ACCESS_DENIED); return false; } else if (config.IsGlobalEncryptDataEnabled && config.IsGlobalRejectUnencryptedAccessEnabled && modelRequestType == ModelRequestType.UnEncryptedRequest) { ModelHelper.Log(LogType.Requirement, "\tIf EncryptData is TRUE, RejectUnencryptedAccess is TRUE, and Request.IsEncrypted is FALSE."); ModelHelper.Log(LogType.TestInfo, "The above conditions are met."); ModelHelper.Log(LogType.TestTag, TestTag.Compatibility); Condition.IsTrue(status == ModelSmb2Status.STATUS_ACCESS_DENIED); return false; } } if (ModelUtility.IsSmb3xFamily(config.MaxSmbVersionSupported) && (config.IsGlobalEncryptDataEnabled || Encryption_TreeId == EncryptionTreeId.TreeIdToEncryptShare || modelRequestType == ModelRequestType.EncryptedRequest) && config.IsGlobalRejectUnencryptedAccessEnabled && !Connection_ServerCapabilities_SMB2_GLOBAL_CAP_ENCRYPTION) { ModelHelper.Log(LogType.Requirement, "If the server implements the SMB 3.x dialect family, EncryptData or TreeConnect.Share.EncryptData or Request.IsEncrypted is TRUE, " + "RejectUnencryptedAccess is TRUE, and Connection.ServerCapabilities does not include SMB2_GLOBAL_CAP_ENCRYPTION, " + "the server SHOULD fail the request with STATUS_ACCESS_DENIED."); Condition.IsTrue(config.Platform == c.Platform); ModelHelper.Log(LogType.TestInfo, "The server implements {0}, EncryptData is {1}, TreeConnect.Share.EncryptData is {2}, " + "Request.IsEncrypted is {3}, RejectUnencryptedAccess is TRUE, " + "and Connection.ServerCapabilities does not include SMB2_GLOBAL_CAP_ENCRYPTION.", config.MaxSmbVersionSupported, config.IsGlobalEncryptDataEnabled, Encryption_TreeId == EncryptionTreeId.TreeIdToEncryptShare ? "TRUE" : "FALSE", modelRequestType == ModelRequestType.EncryptedRequest ? "TRUE" : "FALSE"); ModelHelper.Log(LogType.TestInfo, "The SUT platform is {0}.", config.Platform); ModelHelper.Log(LogType.TestTag, TestTag.Compatibility); if (config.Platform == Platform.NonWindows) { Condition.IsTrue(status != ModelSmb2Status.STATUS_SUCCESS); } else { Condition.IsTrue(status == ModelSmb2Status.STATUS_ACCESS_DENIED); } return false; } return true; }
private static bool VerifySession(ModelSmb2Status status, ModelRequestType modelRequestType) { if (Smb2Utility.IsSmb3xFamily(negotiateDialect) && Session_EncryptData == SessionEncryptDataType.SessionEncryptDataSet && config.IsGlobalRejectUnencryptedAccessEnabled && modelRequestType == ModelRequestType.UnEncryptedRequest) { ModelHelper.Log(LogType.Requirement, "3.3.5.2.9: If Connection.Dialect belongs to the SMB 3.x dialect family, Session.EncryptData is TRUE, " + "and RejectUnencryptedAccess is TRUE, the server MUST locate the Request in Connection.RequestList " + "for which Request.MessageId matches the MessageId value in the SMB2 header of the request. " + "If Request.IsEncrypted is FALSE, the server MUST fail the request with STATUS_ACCESS_DENIED."); ModelHelper.Log(LogType.TestInfo, "All the above conditions are met."); ModelHelper.Log(LogType.TestTag, TestTag.Compatibility); Condition.IsTrue(status == ModelSmb2Status.STATUS_ACCESS_DENIED); return false; } return true; }
private static bool VerifyTreeConnect(ModelSmb2Status status, ModelRequestType modelRequestType, EncryptionConfig c) { ModelHelper.Log(LogType.Requirement, "3.3.5.2.11 Verifying the Tree Connect"); if (Encryption_TreeId == EncryptionTreeId.NoTreeId) { ModelHelper.Log(LogType.Requirement, "The server MUST look up the TreeConnect in Session.TreeConnectTable by using the TreeId in the SMB2 header of the request. " + "If no tree connect is found, the request MUST be failed with STATUS_NETWORK_NAME_DELETED."); ModelHelper.Log(LogType.TestInfo, "No tree connect is found."); ModelHelper.Log(LogType.TestTag, TestTag.InvalidIdentifier); Condition.IsTrue(status == ModelSmb2Status.STATUS_NETWORK_NAME_DELETED); return(false); } if (ModelUtility.IsSmb3xFamily(config.MaxSmbVersionSupported)) { ModelHelper.Log(LogType.Requirement, "If the server implements the SMB 3.x dialect family, it MUST return STATUS_ACCESS_DENIED for the following cases:"); ModelHelper.Log(LogType.TestInfo, "The server implements {0}.", config.MaxSmbVersionSupported); if (Encryption_TreeId == EncryptionTreeId.TreeIdToEncryptShare && config.IsGlobalRejectUnencryptedAccessEnabled && modelRequestType == ModelRequestType.UnEncryptedRequest) { ModelHelper.Log(LogType.Requirement, "\tIf TreeConnect.Share.EncryptData is TRUE, RejectUnencryptedAccess is TRUE, and Request.IsEncrypted is FALSE."); ModelHelper.Log(LogType.TestInfo, "The above conditions are met."); ModelHelper.Log(LogType.TestTag, TestTag.Compatibility); Condition.IsTrue(status == ModelSmb2Status.STATUS_ACCESS_DENIED); return(false); } else if (config.IsGlobalEncryptDataEnabled && config.IsGlobalRejectUnencryptedAccessEnabled && modelRequestType == ModelRequestType.UnEncryptedRequest) { ModelHelper.Log(LogType.Requirement, "\tIf EncryptData is TRUE, RejectUnencryptedAccess is TRUE, and Request.IsEncrypted is FALSE."); ModelHelper.Log(LogType.TestInfo, "The above conditions are met."); ModelHelper.Log(LogType.TestTag, TestTag.Compatibility); Condition.IsTrue(status == ModelSmb2Status.STATUS_ACCESS_DENIED); return(false); } } if (ModelUtility.IsSmb3xFamily(config.MaxSmbVersionSupported) && (config.IsGlobalEncryptDataEnabled || Encryption_TreeId == EncryptionTreeId.TreeIdToEncryptShare || modelRequestType == ModelRequestType.EncryptedRequest) && config.IsGlobalRejectUnencryptedAccessEnabled && !Connection_ServerCapabilities_SMB2_GLOBAL_CAP_ENCRYPTION) { ModelHelper.Log(LogType.Requirement, "If the server implements the SMB 3.x dialect family, EncryptData or TreeConnect.Share.EncryptData or Request.IsEncrypted is TRUE, " + "RejectUnencryptedAccess is TRUE, and Connection.ServerCapabilities does not include SMB2_GLOBAL_CAP_ENCRYPTION, " + "the server SHOULD fail the request with STATUS_ACCESS_DENIED."); Condition.IsTrue(config.Platform == c.Platform); ModelHelper.Log(LogType.TestInfo, "The server implements {0}, EncryptData is {1}, TreeConnect.Share.EncryptData is {2}, " + "Request.IsEncrypted is {3}, RejectUnencryptedAccess is TRUE, " + "and Connection.ServerCapabilities does not include SMB2_GLOBAL_CAP_ENCRYPTION.", config.MaxSmbVersionSupported, config.IsGlobalEncryptDataEnabled, Encryption_TreeId == EncryptionTreeId.TreeIdToEncryptShare ? "TRUE" : "FALSE", modelRequestType == ModelRequestType.EncryptedRequest ? "TRUE" : "FALSE"); ModelHelper.Log(LogType.TestInfo, "The SUT platform is {0}.", config.Platform); ModelHelper.Log(LogType.TestTag, TestTag.Compatibility); if (config.Platform == Platform.NonWindows) { Condition.IsTrue(status != ModelSmb2Status.STATUS_SUCCESS); } else { Condition.IsTrue(status == ModelSmb2Status.STATUS_ACCESS_DENIED); } return(false); } return(true); }
public void TreeConnectRequest(ConnectToShareType connectToShareType, ModelRequestType modelRequestType) { string sharePath = (connectToShareType == ConnectToShareType.ConnectToEncryptedShare) ? Smb2Utility.GetUncPath(testConfig.SutComputerName, testConfig.EncryptedFileShare) : Smb2Utility.GetUncPath(testConfig.SutComputerName, testConfig.BasicFileShare); if (modelRequestType == ModelRequestType.EncryptedRequest) { testClient.EnableSessionSigningAndEncryption(enableSigning: false, enableEncryption: true); } else { testClient.EnableSessionSigningAndEncryption(enableSigning: testConfig.SendSignedRequest, enableEncryption: false); } try { uint status = 0; TREE_CONNECT_Response? treeConnectResponse = null; status = testClient.TreeConnect( sharePath, out treeId, checker: (header, response) => { treeConnectResponse = response; }); ShareEncryptDataType shareEncryptDataType = treeConnectResponse.Value.ShareFlags.HasFlag(ShareFlags_Values.SHAREFLAG_ENCRYPT_DATA) ? ShareEncryptDataType.ShareEncryptDataSet : ShareEncryptDataType.ShareEncryptDataNotSet; //TODO: To be implemented after TRANSFORM_HEADER added into Smb2FunctionalClient ModelResponseType modelResponseType = (modelRequestType == ModelRequestType.EncryptedRequest) ? ModelResponseType.EncryptedResponse : ModelResponseType.UnEncryptedResponse; TreeConnectResponse((ModelSmb2Status)status, shareEncryptDataType, modelResponseType, encryptionConfig); } catch { } }