public void NegotiateRequest(ModelDialectRevision maxSmbVersionClientSupported, SigningFlagType signingFlagType, SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType) { testClient = new Smb2FunctionalClient(testConfig.Timeout, testConfig, this.Site); testClient.ConnectToServer(testConfig.UnderlyingTransport, testConfig.SutComputerName, testConfig.SutIPAddress); DialectRevision[] dialects = Smb2Utility.GetDialects(ModelUtility.GetDialectRevision(maxSmbVersionClientSupported)); Packet_Header_Flags_Values headerFlags = (signingFlagType == SigningFlagType.SignedFlagSet) ? Packet_Header_Flags_Values.FLAGS_SIGNED : Packet_Header_Flags_Values.NONE; SigningEnabledType resSigningEnabledType = SigningEnabledType.SigningEnabledNotSet; SigningRequiredType resSigningRequiredType = SigningRequiredType.SigningRequiredNotSet; uint status = testClient.Negotiate( headerFlags, dialects, GetNegotiateSecurityMode(signingEnabledType, signingRequiredType), checker: (header, response) => { resSigningEnabledType = response.SecurityMode.HasFlag(NEGOTIATE_Response_SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED) ? SigningEnabledType.SigningEnabledSet : SigningEnabledType.SigningEnabledNotSet; resSigningRequiredType = response.SecurityMode.HasFlag(NEGOTIATE_Response_SecurityMode_Values.NEGOTIATE_SIGNING_REQUIRED) ? SigningRequiredType.SigningRequiredSet : SigningRequiredType.SigningRequiredNotSet; }); NegotiateResponse((ModelSmb2Status)status, resSigningEnabledType, resSigningRequiredType, signingConfig); }
public SigningModelRequest( SigningFlagType signingFlagType, SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType) : base(0) { this.signingFlagType = signingFlagType; this.signingEnabledType = signingEnabledType; this.signingRequiredType = signingRequiredType; }
private SecurityMode_Values GetNegotiateSecurityMode(SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType) { SecurityMode_Values securityMode = SecurityMode_Values.NONE; if (signingEnabledType == SigningEnabledType.SigningEnabledSet) { securityMode |= SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED; } if (signingRequiredType == SigningRequiredType.SigningRequiredSet) { securityMode |= SecurityMode_Values.NEGOTIATE_SIGNING_REQUIRED; } return(securityMode); }
public static void SessionSetupRequest( SigningFlagType signingFlagType, SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType, UserType userType) { Condition.IsTrue(State == ModelState.Connected); // Add isolate for SigningFlagType to reduce redundant cases: If the signingFlagType is set to SignedFlagSet, server will always return // error code STATUS_USER_SESSION_DELETED while verifying signature, we don't need to cover all the invalid combination with other params. Combination.Isolated(signingFlagType == SigningFlagType.SignedFlagSet); ModelHelper.Log(LogType.Requirement, "3.3.5.5.1: The other values MUST be initialized as follows:"); ModelHelper.Log(LogType.Requirement, "\tSession.SigningRequired is set to FALSE."); Session_SigningRequired = false; Request = new SigningModelRequest(signingFlagType); }
public static void NegotiateRequest( ModelDialectRevision maxSmbVersionClientSupported, SigningFlagType signingFlagType, SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType) { Condition.IsTrue(State == ModelState.Initialized); Condition.IsNull(Request); // Add isolate for SigningFlagType to reduce redundant cases: If the signingFlagType is set to SignedFlagSet, server will always return error // code STATUS_INVALID_PARAMETER, we don't need to cover all the invalid combination with other params. Combination.Isolated(signingFlagType == SigningFlagType.SignedFlagSet); NegotiateDialect = ModelHelper.DetermineNegotiateDialect(maxSmbVersionClientSupported, Config.MaxSmbVersionSupported); Request = new SigningModelRequest(signingFlagType, signingEnabledType, signingRequiredType); State = ModelState.Connected; }
public static void NegotiateResponse(ModelSmb2Status status, SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType, SigningConfig c) { Condition.IsTrue(State == ModelState.Connected); SigningModelRequest negotiateRequest = ModelHelper.RetrieveOutstandingRequest <SigningModelRequest>(ref Request); if (negotiateRequest.signingFlagType == SigningFlagType.SignedFlagSet) { ModelHelper.Log(LogType.Requirement, "3.3.5.2.4: If the SMB2 Header of the SMB2 NEGOTIATE request has the SMB2_FLAGS_SIGNED bit set in the Flags field, " + "the server MUST fail the request with STATUS_INVALID_PARAMETER."); ModelHelper.Log(LogType.TestInfo, "SMB2_FLAGS_SIGNED bit in the NEGOTIATE request is set."); ModelHelper.Log(LogType.TestTag, TestTag.UnexpectedFields); Condition.IsTrue(status == ModelSmb2Status.STATUS_INVALID_PARAMETER); State = ModelState.Uninitialized; return; } if (negotiateRequest.signingRequiredType == SigningRequiredType.SigningRequiredSet) { ModelHelper.Log(LogType.Requirement, "3.3.5.4: If SMB2_NEGOTIATE_SIGNING_REQUIRED is set in SecurityMode, the server MUST set Connection.ShouldSign to TRUE."); ModelHelper.Log(LogType.TestInfo, "Connection.ShouldSign is set to TRUE."); Connection_ShouldSign = true; } ModelHelper.Log(LogType.Requirement, "3.3.5.4: SecurityMode MUST have the SMB2_NEGOTIATE_SIGNING_ENABLED bit set."); Condition.IsTrue(signingEnabledType == SigningEnabledType.SigningEnabledSet); Condition.IsTrue(Config.IsServerSigningRequired == c.IsServerSigningRequired); if (Config.IsServerSigningRequired) { ModelHelper.Log(LogType.Requirement, "3.3.5.4: If RequireMessageSigning is TRUE, the server MUST also set SMB2_NEGOTIATE_SIGNING_REQUIRED in the SecurityMode field."); ModelHelper.Log(LogType.TestInfo, "RequireMessageSigning is TRUE."); Condition.IsTrue(signingRequiredType == SigningRequiredType.SigningRequiredSet); } Condition.IsTrue(status == ModelSmb2Status.STATUS_SUCCESS); }
public void SessionSetupRequest(SigningFlagType signingFlagType, SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType, UserType userType) { SigningModelSessionId modelSessionId = SigningModelSessionId.ZeroSessionId; SessionFlags_Values sessionFlag = SessionFlags_Values.NONE; SigningFlagType responseSigningFlagType = SigningFlagType.SignedFlagNotSet; Packet_Header_Flags_Values headerFlags = (signingFlagType == SigningFlagType.SignedFlagSet) ? Packet_Header_Flags_Values.FLAGS_SIGNED : Packet_Header_Flags_Values.NONE; uint status = testClient.SessionSetup( headerFlags, testConfig.DefaultSecurityPackage, testConfig.SutComputerName, GetAccountCredential(userType), true, GetSessionSetupSecurityMode(signingEnabledType, signingRequiredType), checker: (header, response) => { modelSessionId = GetModelSessionId(header.SessionId); responseSigningFlagType = GetSigningFlagType(header.Flags); sessionFlag = response.SessionFlags; }); SessionSetupResponse((ModelSmb2Status)status, modelSessionId, responseSigningFlagType, sessionFlag, signingConfig); }
private SESSION_SETUP_Request_SecurityMode_Values GetSessionSetupSecurityMode(SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType) { SESSION_SETUP_Request_SecurityMode_Values securityMode = SESSION_SETUP_Request_SecurityMode_Values.NONE; if (signingEnabledType == SigningEnabledType.SigningEnabledSet) { securityMode |= SESSION_SETUP_Request_SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED; } if (signingRequiredType == SigningRequiredType.SigningRequiredSet) { securityMode |= SESSION_SETUP_Request_SecurityMode_Values.NEGOTIATE_SIGNING_REQUIRED; } return(securityMode); }
private SESSION_SETUP_Request_SecurityMode_Values GetSessionSetupSecurityMode(SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType) { SESSION_SETUP_Request_SecurityMode_Values securityMode = SESSION_SETUP_Request_SecurityMode_Values.NONE; if (signingEnabledType == SigningEnabledType.SigningEnabledSet) { securityMode |= SESSION_SETUP_Request_SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED; } if (signingRequiredType == SigningRequiredType.SigningRequiredSet) { securityMode |= SESSION_SETUP_Request_SecurityMode_Values.NEGOTIATE_SIGNING_REQUIRED; } return securityMode; }
private SecurityMode_Values GetNegotiateSecurityMode(SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType) { SecurityMode_Values securityMode = SecurityMode_Values.NONE; if (signingEnabledType == SigningEnabledType.SigningEnabledSet) { securityMode |= SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED; } if (signingRequiredType == SigningRequiredType.SigningRequiredSet) { securityMode |= SecurityMode_Values.NEGOTIATE_SIGNING_REQUIRED; } return securityMode; }
public static void NegotiateResponse(ModelSmb2Status status, SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType, SigningConfig c) { Condition.IsTrue(State == ModelState.Connected); SigningModelRequest negotiateRequest = ModelHelper.RetrieveOutstandingRequest<SigningModelRequest>(ref Request); if (negotiateRequest.signingFlagType == SigningFlagType.SignedFlagSet) { ModelHelper.Log(LogType.Requirement, "3.3.5.2.4: If the SMB2 Header of the SMB2 NEGOTIATE request has the SMB2_FLAGS_SIGNED bit set in the Flags field, " + "the server MUST fail the request with STATUS_INVALID_PARAMETER."); ModelHelper.Log(LogType.TestInfo, "SMB2_FLAGS_SIGNED bit in the NEGOTIATE request is set."); ModelHelper.Log(LogType.TestTag, TestTag.UnexpectedFields); Condition.IsTrue(status == ModelSmb2Status.STATUS_INVALID_PARAMETER); State = ModelState.Uninitialized; return; } if (negotiateRequest.signingRequiredType == SigningRequiredType.SigningRequiredSet) { ModelHelper.Log(LogType.Requirement, "3.3.5.4: If SMB2_NEGOTIATE_SIGNING_REQUIRED is set in SecurityMode, the server MUST set Connection.ShouldSign to TRUE."); ModelHelper.Log(LogType.TestInfo, "Connection.ShouldSign is set to TRUE."); Connection_ShouldSign = true; } ModelHelper.Log(LogType.Requirement, "3.3.5.4: SecurityMode MUST have the SMB2_NEGOTIATE_SIGNING_ENABLED bit set."); Condition.IsTrue(signingEnabledType == SigningEnabledType.SigningEnabledSet); Condition.IsTrue(Config.IsServerSigningRequired == c.IsServerSigningRequired); if (Config.IsServerSigningRequired) { ModelHelper.Log(LogType.Requirement, "3.3.5.4: If RequireMessageSigning is TRUE, the server MUST also set SMB2_NEGOTIATE_SIGNING_REQUIRED in the SecurityMode field."); ModelHelper.Log(LogType.TestInfo, "RequireMessageSigning is TRUE."); Condition.IsTrue(signingRequiredType == SigningRequiredType.SigningRequiredSet); } Condition.IsTrue(status == ModelSmb2Status.STATUS_SUCCESS); }