/// <summary>
/// Initialize the securityMechContext based on the security package type
/// </summary>
/// <param name="mechType">security mechanism type</param>
/// <param name="inToken">the input security token</param>
/// <exception cref="InvalidOperationException">Thrown if could not find the configuration.</exception>
/// <exception cref="InvalidOperationException">Thrown when security configuration is unknown</exception>
private void InitializeSecurityContext(MechType mechType, byte[] inToken)
{
SpngClientContext clientContext = this.client.Context as SpngClientContext;
SecurityPackageType authType = SpngUtility.ConvertMechType(mechType);
CurrentSecurityConfig = SpngUtility.GetSecurityConfig(this.securityConfigList, authType);
if (CurrentSecurityConfig == null)
{
throw new InvalidOperationException("Missing configuration for " + authType.ToString());
}
if (securityMechContext != null)
{
// re-enter. Nothing need to do
return;
}
if (CurrentSecurityConfig.GetType() == typeof(KerberosClientSecurityConfig))
{
KerberosClientSecurityConfig kileConfig = CurrentSecurityConfig as KerberosClientSecurityConfig;
securityMechContext = new KerberosClientSecurityContext(
kileConfig.ServiceName,
kileConfig.ClientCredential,
KerberosAccountType.User,
kileConfig.KdcIpAddress,
kileConfig.KdcPort,
kileConfig.TransportType,
kileConfig.SecurityAttributes);
}
else if (CurrentSecurityConfig.GetType() == typeof(NlmpClientSecurityConfig))
{
NlmpClientSecurityConfig nlmpConfig = CurrentSecurityConfig as NlmpClientSecurityConfig;
NlmpClientCredential cred = new NlmpClientCredential(
nlmpConfig.TargetName,
nlmpConfig.DomainName,
nlmpConfig.AccountName,
nlmpConfig.Password);
securityMechContext = new NlmpClientSecurityContext(cred, nlmpConfig.SecurityAttributes);
}
else if (CurrentSecurityConfig.GetType() == typeof(SspiClientSecurityConfig))
{
throw new InvalidOperationException("Only support Kerberos security config and NTLM security config");
}
else
{
throw new InvalidOperationException("unknown security config");
}
}
public FSDetector(Logger logger,
string targetSUT,
AccountCredential accountCredential,
SecurityPackageType securityPackageType)
{
SUTName = targetSUT;
Credential = accountCredential;
SecurityPackageType = securityPackageType;
logWriter = logger;
logWriter.AddLog(LogLevel.Information, string.Format("SutName: {0}", SUTName));
logWriter.AddLog(LogLevel.Information, string.Format("DomainName: {0}", Credential.DomainName));
logWriter.AddLog(LogLevel.Information, string.Format("UserName: {0}", Credential.AccountName));
logWriter.AddLog(LogLevel.Information, string.Format("UserPassword: {0}", Credential.Password));
logWriter.AddLog(LogLevel.Information, string.Format("SecurityPackageType: {0}", SecurityPackageType.ToString()));
logWriter.AddLineToLog(LogLevel.Information);
}
public FSDetector
(Logger logger,
string targetSUT,
AccountCredential accountCredential,
SecurityPackageType securityPackageType)
{
sutName = targetSUT;
Credential = accountCredential;
SecurityPackageType = securityPackageType;
logWriter = logger;
logWriter.AddLog(LogLevel.Information, string.Format("SutName: {0}", sutName));
logWriter.AddLog(LogLevel.Information, string.Format("DomainName: {0}", Credential.DomainName));
logWriter.AddLog(LogLevel.Information, string.Format("UserName: {0}", Credential.AccountName));
logWriter.AddLog(LogLevel.Information, string.Format("UserPassword: {0}", Credential.Password));
logWriter.AddLog(LogLevel.Information, string.Format("SecurityPackageType: {0}", SecurityPackageType.ToString()));
logWriter.AddLineToLog(LogLevel.Information);
}
/// <summary>
/// Connect share specified by shareName, this function does not issue tcp or netbios
/// connect, it does Negotiate -> SessionSetup -> TreeConnect
/// </summary>
/// <param name="serverName">The server name</param>
/// <param name="domain">The domain</param>
/// <param name="userName">The user name</param>
/// <param name="password">The password</param>
/// <param name="shareName">The share name</param>
/// <param name="securityPackage">The security package</param>
private void InternalConnectShare(string serverName, string domain,
string userName, string password, string shareName, SecurityPackageType securityPackage)
{
SmbPacket request;
SmbPacket response;
uint status;
// Negotiate:
request = this.smbClient.CreateNegotiateRequest(
defaultSignState, new string[] { DialectNameString.NTLANMAN });
response = this.SendAndExpectSmbPacket(request, internalTimeout, out status);
if (status != 0)
{
throw new InvalidOperationException("Negotiate Failed. ErrorCode: " + status);
}
SecurityModes securityMode = (response as SmbNegotiateResponsePacket).SmbParameters.SecurityMode;
this.isSignRequired = (securityMode & SecurityModes.NEGOTIATE_SECURITY_SIGNATURES_REQUIRED)
== SecurityModes.NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
SmbSecurityPackage secPkg;
switch (securityPackage)
{
case SecurityPackageType.Ntlm:
secPkg = SmbSecurityPackage.NTLM;
break;
case SecurityPackageType.Kerberos:
secPkg = SmbSecurityPackage.Kerberos;
break;
case SecurityPackageType.Negotiate:
secPkg = SmbSecurityPackage.Negotiate;
break;
default:
throw new ArgumentException("Unsupported securityPackage: " + securityPackage.ToString());
}
// Session setup:
request = this.smbClient.CreateFirstSessionSetupRequest(secPkg, serverName, domain, userName,
password);
response = this.SendAndExpectSmbPacket(request, internalTimeout, out status);
while (status != 0)
{
if ((int)status == (int)SmbStatus.STATUS_MORE_PROCESSING_REQUIRED)
{
this.uid = (response as SmbSessionSetupAndxResponsePacket).SmbHeader.Uid;
request = this.smbClient.CreateSecondSessionSetupRequest(this.uid, secPkg);
response = this.SendAndExpectSmbPacket(request, internalTimeout, out status);
}
else
{
throw new InvalidOperationException("Session Setup Failed. ErrorCode: " + status);
}
}
this.uid = (response as SmbSessionSetupAndxResponsePacket).SmbHeader.Uid;
if (isSignRequired)
{
CifsClientPerSession session = this.smbClient.Context.GetSession(
this.smbClient.Context.Connection.ConnectionId, this.uid);
this.sessionKey = session.SessionKey;
}
// Tree connect:
string sharePath = "\\\\" + serverName + '\\' + shareName;
request = this.smbClient.CreateTreeConnectRequest(this.uid, sharePath);
if (this.isSignRequired)
{
request.Sign(this.NextSequenceNumber, this.sessionKey);
}
response = this.SendAndExpectSmbPacket(request, internalTimeout, out status);
if (status != 0)
{
throw new InvalidOperationException("Tree Connect Failed. ErrorCode: " + status);
}
this.treeId = (response as SmbTreeConnectAndxResponsePacket).SmbHeader.Tid;
}
/// <summary>
/// Connect share specified by shareName, this function does not issue tcp or netbios
/// connect, it does Negotiate -> SessionSetup -> TreeConnect
/// </summary>
/// <param name="serverName">The server name</param>
/// <param name="domain">The domain</param>
/// <param name="userName">The user name</param>
/// <param name="password">The password</param>
/// <param name="shareName">The share name</param>
/// <param name="securityPackage">The security package</param>
private void InternalConnectShare(string serverName, string domain,
string userName, string password, string shareName, SecurityPackageType securityPackage)
{
SmbPacket request;
SmbPacket response;
uint status;
// Negotiate:
request = this.smbClient.CreateNegotiateRequest(
defaultSignState, new string[] { DialectNameString.NTLANMAN });
response = this.SendAndExpectSmbPacket(request, internalTimeout, out status);
if (status != 0)
{
throw new InvalidOperationException("Negotiate Failed. ErrorCode: " + status);
}
SecurityModes securityMode = (response as SmbNegotiateResponsePacket).SmbParameters.SecurityMode;
this.isSignRequired = (securityMode & SecurityModes.NEGOTIATE_SECURITY_SIGNATURES_REQUIRED)
== SecurityModes.NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
SmbSecurityPackage secPkg;
switch (securityPackage)
{
case SecurityPackageType.Ntlm:
secPkg = SmbSecurityPackage.NTLM;
break;
case SecurityPackageType.Kerberos:
secPkg = SmbSecurityPackage.Kerberos;
break;
case SecurityPackageType.Negotiate:
secPkg = SmbSecurityPackage.Negotiate;
break;
default:
throw new ArgumentException("Unsupported securityPackage: " + securityPackage.ToString());
}
// Session setup:
request = this.smbClient.CreateFirstSessionSetupRequest(secPkg, serverName, domain, userName,
password);
response = this.SendAndExpectSmbPacket(request, internalTimeout, out status);
while (status != 0)
{
if ((int)status == (int)SmbStatus.STATUS_MORE_PROCESSING_REQUIRED)
{
this.uid = (response as SmbSessionSetupAndxResponsePacket).SmbHeader.Uid;
request = this.smbClient.CreateSecondSessionSetupRequest(this.uid, secPkg);
response = this.SendAndExpectSmbPacket(request, internalTimeout, out status);
}
else
{
throw new InvalidOperationException("Session Setup Failed. ErrorCode: " + status);
}
}
this.uid = (response as SmbSessionSetupAndxResponsePacket).SmbHeader.Uid;
if (isSignRequired)
{
CifsClientPerSession session = this.smbClient.Context.GetSession(
this.smbClient.Context.Connection.ConnectionId, this.uid);
this.sessionKey = session.SessionKey;
}
// Tree connect:
string sharePath = "\\\\" + serverName + '\\' + shareName;
request = this.smbClient.CreateTreeConnectRequest(this.uid, sharePath);
if (this.isSignRequired)
{
request.Sign(this.NextSequenceNumber, this.sessionKey);
}
response = this.SendAndExpectSmbPacket(request, internalTimeout, out status);
if (status != 0)
{
throw new InvalidOperationException("Tree Connect Failed. ErrorCode: " + status);
}
this.treeId = (response as SmbTreeConnectAndxResponsePacket).SmbHeader.Tid;
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="logger">Enable the log</param>
/// <param name="contentServerName">The ContentServer name</param>
/// <param name="hostedCacheServerName">The HostedCacheServer name</param>
/// <param name="accountCredential">Account credential</param>
/// <param name="securityPackageType">security package: NTLM, Negotiate, kerbrose</param>
public BranchCacheDetector(Logger logger, string contentServerName, string hostedCacheServerName, AccountCredential accountCredential, SecurityPackageType securityPackageType = SecurityPackageType.Negotiate)
{
ContentServerName = contentServerName;
HostedCacheServerName = hostedCacheServerName;
Credential = accountCredential;
SecurityPackageType = securityPackageType;
logWriter = logger;
logWriter.AddLog(LogLevel.Information, string.Format("ContentServerName: {0}", ContentServerName));
logWriter.AddLog(LogLevel.Information, string.Format("HostedCacheServerName: {0}", HostedCacheServerName));
logWriter.AddLog(LogLevel.Information, string.Format("DomainName: {0}", Credential.DomainName));
logWriter.AddLog(LogLevel.Information, string.Format("UserName: {0}", Credential.AccountName));
logWriter.AddLog(LogLevel.Information, string.Format("UserPassword: {0}", Credential.Password));
logWriter.AddLog(LogLevel.Information, string.Format("SecurityPackageType: {0}", SecurityPackageType.ToString()));
logWriter.AddLineToLog(LogLevel.Information);
}