public void NegotiateRequest(ModelDialectRevision maxSmbVersionClientSupported, SigningFlagType signingFlagType, SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType)
{
testClient = new Smb2FunctionalClient(testConfig.Timeout, testConfig, this.Site);
testClient.ConnectToServer(testConfig.UnderlyingTransport, testConfig.SutComputerName, testConfig.SutIPAddress);
DialectRevision[] dialects = Smb2Utility.GetDialects(ModelUtility.GetDialectRevision(maxSmbVersionClientSupported));
Packet_Header_Flags_Values headerFlags = (signingFlagType == SigningFlagType.SignedFlagSet) ? Packet_Header_Flags_Values.FLAGS_SIGNED : Packet_Header_Flags_Values.NONE;
SigningEnabledType resSigningEnabledType = SigningEnabledType.SigningEnabledNotSet;
SigningRequiredType resSigningRequiredType = SigningRequiredType.SigningRequiredNotSet;
uint status = testClient.Negotiate(
headerFlags,
dialects,
GetNegotiateSecurityMode(signingEnabledType, signingRequiredType),
checker: (header, response) =>
{
resSigningEnabledType =
response.SecurityMode.HasFlag(NEGOTIATE_Response_SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED) ?
SigningEnabledType.SigningEnabledSet : SigningEnabledType.SigningEnabledNotSet;
resSigningRequiredType =
response.SecurityMode.HasFlag(NEGOTIATE_Response_SecurityMode_Values.NEGOTIATE_SIGNING_REQUIRED) ?
SigningRequiredType.SigningRequiredSet : SigningRequiredType.SigningRequiredNotSet;
});
NegotiateResponse((ModelSmb2Status)status, resSigningEnabledType, resSigningRequiredType, signingConfig);
}
public void NegotiateRequest(ModelDialectRevision maxSmbVersionClientSupported, SigningFlagType signingFlagType, SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType)
{
testClient = new Smb2FunctionalClient(testConfig.Timeout, testConfig, this.Site);
testClient.ConnectToServer(testConfig.UnderlyingTransport, testConfig.SutComputerName, testConfig.SutIPAddress);
DialectRevision[] dialects = Smb2Utility.GetDialects(ModelUtility.GetDialectRevision(maxSmbVersionClientSupported));
Packet_Header_Flags_Values headerFlags = (signingFlagType == SigningFlagType.SignedFlagSet) ? Packet_Header_Flags_Values.FLAGS_SIGNED : Packet_Header_Flags_Values.NONE;
SigningEnabledType resSigningEnabledType = SigningEnabledType.SigningEnabledNotSet;
SigningRequiredType resSigningRequiredType = SigningRequiredType.SigningRequiredNotSet;
uint status = testClient.Negotiate(
headerFlags,
dialects,
GetNegotiateSecurityMode(signingEnabledType, signingRequiredType),
checker: (header, response) =>
{
resSigningEnabledType =
response.SecurityMode.HasFlag(NEGOTIATE_Response_SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED) ?
SigningEnabledType.SigningEnabledSet : SigningEnabledType.SigningEnabledNotSet;
resSigningRequiredType =
response.SecurityMode.HasFlag(NEGOTIATE_Response_SecurityMode_Values.NEGOTIATE_SIGNING_REQUIRED) ?
SigningRequiredType.SigningRequiredSet : SigningRequiredType.SigningRequiredNotSet;
});
NegotiateResponse((ModelSmb2Status)status, resSigningEnabledType, resSigningRequiredType, signingConfig);
}
public SigningModelRequest(
SigningFlagType signingFlagType,
SigningEnabledType signingEnabledType,
SigningRequiredType signingRequiredType)
: base(0)
{
this.signingFlagType = signingFlagType;
this.signingEnabledType = signingEnabledType;
this.signingRequiredType = signingRequiredType;
}
private SecurityMode_Values GetNegotiateSecurityMode(SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType)
{
SecurityMode_Values securityMode = SecurityMode_Values.NONE;
if (signingEnabledType == SigningEnabledType.SigningEnabledSet)
{
securityMode |= SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED;
}
if (signingRequiredType == SigningRequiredType.SigningRequiredSet)
{
securityMode |= SecurityMode_Values.NEGOTIATE_SIGNING_REQUIRED;
}
return(securityMode);
}
public static void SessionSetupRequest(
SigningFlagType signingFlagType,
SigningEnabledType signingEnabledType,
SigningRequiredType signingRequiredType,
UserType userType)
{
Condition.IsTrue(State == ModelState.Connected);
// Add isolate for SigningFlagType to reduce redundant cases: If the signingFlagType is set to SignedFlagSet, server will always return
// error code STATUS_USER_SESSION_DELETED while verifying signature, we don't need to cover all the invalid combination with other params.
Combination.Isolated(signingFlagType == SigningFlagType.SignedFlagSet);
ModelHelper.Log(LogType.Requirement, "3.3.5.5.1: The other values MUST be initialized as follows:");
ModelHelper.Log(LogType.Requirement, "\tSession.SigningRequired is set to FALSE.");
Session_SigningRequired = false;
Request = new SigningModelRequest(signingFlagType);
}
public static void NegotiateRequest(
ModelDialectRevision maxSmbVersionClientSupported,
SigningFlagType signingFlagType,
SigningEnabledType signingEnabledType,
SigningRequiredType signingRequiredType)
{
Condition.IsTrue(State == ModelState.Initialized);
Condition.IsNull(Request);
// Add isolate for SigningFlagType to reduce redundant cases: If the signingFlagType is set to SignedFlagSet, server will always return error
// code STATUS_INVALID_PARAMETER, we don't need to cover all the invalid combination with other params.
Combination.Isolated(signingFlagType == SigningFlagType.SignedFlagSet);
NegotiateDialect = ModelHelper.DetermineNegotiateDialect(maxSmbVersionClientSupported, Config.MaxSmbVersionSupported);
Request = new SigningModelRequest(signingFlagType, signingEnabledType, signingRequiredType);
State = ModelState.Connected;
}
public static void NegotiateRequest(
ModelDialectRevision maxSmbVersionClientSupported,
SigningFlagType signingFlagType,
SigningEnabledType signingEnabledType,
SigningRequiredType signingRequiredType)
{
Condition.IsTrue(State == ModelState.Initialized);
Condition.IsNull(Request);
// Add isolate for SigningFlagType to reduce redundant cases: If the signingFlagType is set to SignedFlagSet, server will always return error
// code STATUS_INVALID_PARAMETER, we don't need to cover all the invalid combination with other params.
Combination.Isolated(signingFlagType == SigningFlagType.SignedFlagSet);
NegotiateDialect = ModelHelper.DetermineNegotiateDialect(maxSmbVersionClientSupported, Config.MaxSmbVersionSupported);
Request = new SigningModelRequest(signingFlagType, signingEnabledType, signingRequiredType);
State = ModelState.Connected;
}
public static void NegotiateResponse(ModelSmb2Status status, SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType, SigningConfig c)
{
Condition.IsTrue(State == ModelState.Connected);
SigningModelRequest negotiateRequest = ModelHelper.RetrieveOutstandingRequest <SigningModelRequest>(ref Request);
if (negotiateRequest.signingFlagType == SigningFlagType.SignedFlagSet)
{
ModelHelper.Log(LogType.Requirement,
"3.3.5.2.4: If the SMB2 Header of the SMB2 NEGOTIATE request has the SMB2_FLAGS_SIGNED bit set in the Flags field, " +
"the server MUST fail the request with STATUS_INVALID_PARAMETER.");
ModelHelper.Log(LogType.TestInfo, "SMB2_FLAGS_SIGNED bit in the NEGOTIATE request is set.");
ModelHelper.Log(LogType.TestTag, TestTag.UnexpectedFields);
Condition.IsTrue(status == ModelSmb2Status.STATUS_INVALID_PARAMETER);
State = ModelState.Uninitialized;
return;
}
if (negotiateRequest.signingRequiredType == SigningRequiredType.SigningRequiredSet)
{
ModelHelper.Log(LogType.Requirement,
"3.3.5.4: If SMB2_NEGOTIATE_SIGNING_REQUIRED is set in SecurityMode, the server MUST set Connection.ShouldSign to TRUE.");
ModelHelper.Log(LogType.TestInfo, "Connection.ShouldSign is set to TRUE.");
Connection_ShouldSign = true;
}
ModelHelper.Log(LogType.Requirement, "3.3.5.4: SecurityMode MUST have the SMB2_NEGOTIATE_SIGNING_ENABLED bit set.");
Condition.IsTrue(signingEnabledType == SigningEnabledType.SigningEnabledSet);
Condition.IsTrue(Config.IsServerSigningRequired == c.IsServerSigningRequired);
if (Config.IsServerSigningRequired)
{
ModelHelper.Log(LogType.Requirement,
"3.3.5.4: If RequireMessageSigning is TRUE, the server MUST also set SMB2_NEGOTIATE_SIGNING_REQUIRED in the SecurityMode field.");
ModelHelper.Log(LogType.TestInfo, "RequireMessageSigning is TRUE.");
Condition.IsTrue(signingRequiredType == SigningRequiredType.SigningRequiredSet);
}
Condition.IsTrue(status == ModelSmb2Status.STATUS_SUCCESS);
}
public void SessionSetupRequest(SigningFlagType signingFlagType, SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType, UserType userType)
{
SigningModelSessionId modelSessionId = SigningModelSessionId.ZeroSessionId;
SessionFlags_Values sessionFlag = SessionFlags_Values.NONE;
SigningFlagType responseSigningFlagType = SigningFlagType.SignedFlagNotSet;
Packet_Header_Flags_Values headerFlags = (signingFlagType == SigningFlagType.SignedFlagSet) ? Packet_Header_Flags_Values.FLAGS_SIGNED : Packet_Header_Flags_Values.NONE;
uint status = testClient.SessionSetup(
headerFlags,
testConfig.DefaultSecurityPackage,
testConfig.SutComputerName,
GetAccountCredential(userType),
true,
GetSessionSetupSecurityMode(signingEnabledType, signingRequiredType),
checker: (header, response) =>
{
modelSessionId = GetModelSessionId(header.SessionId);
responseSigningFlagType = GetSigningFlagType(header.Flags);
sessionFlag = response.SessionFlags;
});
SessionSetupResponse((ModelSmb2Status)status, modelSessionId, responseSigningFlagType, sessionFlag, signingConfig);
}
public SigningModelRequest(
SigningFlagType signingFlagType,
SigningEnabledType signingEnabledType,
SigningRequiredType signingRequiredType)
: base(0)
{
this.signingFlagType = signingFlagType;
this.signingEnabledType = signingEnabledType;
this.signingRequiredType = signingRequiredType;
}
private SESSION_SETUP_Request_SecurityMode_Values GetSessionSetupSecurityMode(SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType)
{
SESSION_SETUP_Request_SecurityMode_Values securityMode = SESSION_SETUP_Request_SecurityMode_Values.NONE;
if (signingEnabledType == SigningEnabledType.SigningEnabledSet)
{
securityMode |= SESSION_SETUP_Request_SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED;
}
if (signingRequiredType == SigningRequiredType.SigningRequiredSet)
{
securityMode |= SESSION_SETUP_Request_SecurityMode_Values.NEGOTIATE_SIGNING_REQUIRED;
}
return(securityMode);
}
public void SessionSetupRequest(SigningFlagType signingFlagType, SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType, UserType userType)
{
SigningModelSessionId modelSessionId = SigningModelSessionId.ZeroSessionId;
SessionFlags_Values sessionFlag = SessionFlags_Values.NONE;
SigningFlagType responseSigningFlagType = SigningFlagType.SignedFlagNotSet;
Packet_Header_Flags_Values headerFlags = (signingFlagType == SigningFlagType.SignedFlagSet) ? Packet_Header_Flags_Values.FLAGS_SIGNED : Packet_Header_Flags_Values.NONE;
uint status = testClient.SessionSetup(
headerFlags,
testConfig.DefaultSecurityPackage,
testConfig.SutComputerName,
GetAccountCredential(userType),
true,
GetSessionSetupSecurityMode(signingEnabledType, signingRequiredType),
checker: (header, response) =>
{
modelSessionId = GetModelSessionId(header.SessionId);
responseSigningFlagType = GetSigningFlagType(header.Flags);
sessionFlag = response.SessionFlags;
});
SessionSetupResponse((ModelSmb2Status)status, modelSessionId, responseSigningFlagType, sessionFlag, signingConfig);
}
private SESSION_SETUP_Request_SecurityMode_Values GetSessionSetupSecurityMode(SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType)
{
SESSION_SETUP_Request_SecurityMode_Values securityMode = SESSION_SETUP_Request_SecurityMode_Values.NONE;
if (signingEnabledType == SigningEnabledType.SigningEnabledSet)
{
securityMode |= SESSION_SETUP_Request_SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED;
}
if (signingRequiredType == SigningRequiredType.SigningRequiredSet)
{
securityMode |= SESSION_SETUP_Request_SecurityMode_Values.NEGOTIATE_SIGNING_REQUIRED;
}
return securityMode;
}
private SecurityMode_Values GetNegotiateSecurityMode(SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType)
{
SecurityMode_Values securityMode = SecurityMode_Values.NONE;
if (signingEnabledType == SigningEnabledType.SigningEnabledSet)
{
securityMode |= SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED;
}
if (signingRequiredType == SigningRequiredType.SigningRequiredSet)
{
securityMode |= SecurityMode_Values.NEGOTIATE_SIGNING_REQUIRED;
}
return securityMode;
}
public static void SessionSetupRequest(
SigningFlagType signingFlagType,
SigningEnabledType signingEnabledType,
SigningRequiredType signingRequiredType,
UserType userType)
{
Condition.IsTrue(State == ModelState.Connected);
// Add isolate for SigningFlagType to reduce redundant cases: If the signingFlagType is set to SignedFlagSet, server will always return
// error code STATUS_USER_SESSION_DELETED while verifying signature, we don't need to cover all the invalid combination with other params.
Combination.Isolated(signingFlagType == SigningFlagType.SignedFlagSet);
ModelHelper.Log(LogType.Requirement, "3.3.5.5.1: The other values MUST be initialized as follows:");
ModelHelper.Log(LogType.Requirement, "\tSession.SigningRequired is set to FALSE.");
Session_SigningRequired = false;
Request = new SigningModelRequest(signingFlagType);
}
public static void NegotiateResponse(ModelSmb2Status status, SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType, SigningConfig c)
{
Condition.IsTrue(State == ModelState.Connected);
SigningModelRequest negotiateRequest = ModelHelper.RetrieveOutstandingRequest<SigningModelRequest>(ref Request);
if (negotiateRequest.signingFlagType == SigningFlagType.SignedFlagSet)
{
ModelHelper.Log(LogType.Requirement,
"3.3.5.2.4: If the SMB2 Header of the SMB2 NEGOTIATE request has the SMB2_FLAGS_SIGNED bit set in the Flags field, " +
"the server MUST fail the request with STATUS_INVALID_PARAMETER.");
ModelHelper.Log(LogType.TestInfo, "SMB2_FLAGS_SIGNED bit in the NEGOTIATE request is set.");
ModelHelper.Log(LogType.TestTag, TestTag.UnexpectedFields);
Condition.IsTrue(status == ModelSmb2Status.STATUS_INVALID_PARAMETER);
State = ModelState.Uninitialized;
return;
}
if (negotiateRequest.signingRequiredType == SigningRequiredType.SigningRequiredSet)
{
ModelHelper.Log(LogType.Requirement,
"3.3.5.4: If SMB2_NEGOTIATE_SIGNING_REQUIRED is set in SecurityMode, the server MUST set Connection.ShouldSign to TRUE.");
ModelHelper.Log(LogType.TestInfo, "Connection.ShouldSign is set to TRUE.");
Connection_ShouldSign = true;
}
ModelHelper.Log(LogType.Requirement, "3.3.5.4: SecurityMode MUST have the SMB2_NEGOTIATE_SIGNING_ENABLED bit set.");
Condition.IsTrue(signingEnabledType == SigningEnabledType.SigningEnabledSet);
Condition.IsTrue(Config.IsServerSigningRequired == c.IsServerSigningRequired);
if (Config.IsServerSigningRequired)
{
ModelHelper.Log(LogType.Requirement,
"3.3.5.4: If RequireMessageSigning is TRUE, the server MUST also set SMB2_NEGOTIATE_SIGNING_REQUIRED in the SecurityMode field.");
ModelHelper.Log(LogType.TestInfo, "RequireMessageSigning is TRUE.");
Condition.IsTrue(signingRequiredType == SigningRequiredType.SigningRequiredSet);
}
Condition.IsTrue(status == ModelSmb2Status.STATUS_SUCCESS);
}
