/// <summary> /// The server MUST sign the message under the following conditions /// </summary> private static void VerifyResponseShouldSign( ModelSmb2Status status, SigningModelRequest request, SigningModelSessionId sessionId, SigningFlagType signingFlagType) { if (request.signingFlagType == SigningFlagType.SignedFlagSet && sessionId == SigningModelSessionId.NonZeroSessionId && Session_SigningRequired) { ModelHelper.Log(LogType.Requirement, "3.3.4.1.1: The server SHOULD<182> sign the message under the following conditions:"); ModelHelper.Log(LogType.Requirement, "\tIf the request was signed by the client, the response message being sent contains a nonzero SessionId and a zero TreeId in the SMB2 header, " + "and the session identified by SessionId has Session.SigningRequired equal to TRUE."); ModelHelper.Log(LogType.TestInfo, "The condition is met."); Condition.IsTrue(signingFlagType == SigningFlagType.SignedFlagSet); } else if (request.signingFlagType == SigningFlagType.SignedFlagSet) { ModelHelper.Log(LogType.Requirement, "3.3.4.1.1: The server SHOULD<182> sign the message under the following conditions:"); ModelHelper.Log(LogType.Requirement, "\tIf the request was signed by the client, and the response is not an interim response to an asynchronously processed request."); ModelHelper.Log(LogType.TestInfo, "The condition is met."); Condition.IsTrue(signingFlagType == SigningFlagType.SignedFlagSet); } }
public void NegotiateRequest(ModelDialectRevision maxSmbVersionClientSupported, SigningFlagType signingFlagType, SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType) { testClient = new Smb2FunctionalClient(testConfig.Timeout, testConfig, this.Site); testClient.ConnectToServer(testConfig.UnderlyingTransport, testConfig.SutComputerName, testConfig.SutIPAddress); DialectRevision[] dialects = Smb2Utility.GetDialects(ModelUtility.GetDialectRevision(maxSmbVersionClientSupported)); Packet_Header_Flags_Values headerFlags = (signingFlagType == SigningFlagType.SignedFlagSet) ? Packet_Header_Flags_Values.FLAGS_SIGNED : Packet_Header_Flags_Values.NONE; SigningEnabledType resSigningEnabledType = SigningEnabledType.SigningEnabledNotSet; SigningRequiredType resSigningRequiredType = SigningRequiredType.SigningRequiredNotSet; uint status = testClient.Negotiate( headerFlags, dialects, GetNegotiateSecurityMode(signingEnabledType, signingRequiredType), checker: (header, response) => { resSigningEnabledType = response.SecurityMode.HasFlag(NEGOTIATE_Response_SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED) ? SigningEnabledType.SigningEnabledSet : SigningEnabledType.SigningEnabledNotSet; resSigningRequiredType = response.SecurityMode.HasFlag(NEGOTIATE_Response_SecurityMode_Values.NEGOTIATE_SIGNING_REQUIRED) ? SigningRequiredType.SigningRequiredSet : SigningRequiredType.SigningRequiredNotSet; }); NegotiateResponse((ModelSmb2Status)status, resSigningEnabledType, resSigningRequiredType, signingConfig); }
public void TreeConnectRequest(SigningFlagType signingFlagType) { uint treeId; SigningModelSessionId modelSessionId = SigningModelSessionId.ZeroSessionId; SigningFlagType responseSigningFlagType = SigningFlagType.SignedFlagNotSet; string sharePath = Smb2Utility.GetUncPath(testConfig.SutComputerName, testConfig.BasicFileShare); Packet_Header_Flags_Values headerFlags = (signingFlagType == SigningFlagType.SignedFlagSet) ? Packet_Header_Flags_Values.FLAGS_SIGNED : Packet_Header_Flags_Values.NONE; // Inform SDK to disable/enable signing according to SigningFlagType. bool isEnableSigning = !(signingFlagType == SigningFlagType.SignedFlagNotSet); testClient.EnableSessionSigningAndEncryption(enableSigning: isEnableSigning, enableEncryption: false); uint status = testClient.TreeConnect( headerFlags, sharePath, out treeId, checker: (header, response) => { modelSessionId = GetModelSessionId(header.SessionId); responseSigningFlagType = GetSigningFlagType(header.Flags); }); TreeConnectResponse((ModelSmb2Status)status, modelSessionId, responseSigningFlagType); }
public SigningModelRequest( SigningFlagType signingFlagType, SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType) : base(0) { this.signingFlagType = signingFlagType; this.signingEnabledType = signingEnabledType; this.signingRequiredType = signingRequiredType; }
public static void SessionSetupResponse( ModelSmb2Status status, SigningModelSessionId sessionId, SigningFlagType signingFlagType, SessionFlags_Values sessionFlag, SigningConfig c) { Condition.IsTrue(State == ModelState.Connected); Condition.IsTrue(Config.IsServerSigningRequired == c.IsServerSigningRequired); SigningModelRequest sessionSetupRequest = ModelHelper.RetrieveOutstandingRequest <SigningModelRequest>(ref Request); if (!VerifySignature(status, sessionSetupRequest)) { State = ModelState.Uninitialized; return; } if (sessionSetupRequest.signingFlagType == SigningFlagType.SignedFlagSet || (!sessionFlag.HasFlag(SessionFlags_Values.SESSION_FLAG_IS_GUEST) && !Session_IsAnonymous && (Connection_ShouldSign || c.IsServerSigningRequired))) { ModelHelper.Log(LogType.Requirement, "3.3.5.5.3: 5. Session.SigningRequired MUST be set to TRUE under the following conditions:"); ModelHelper.Log(LogType.Requirement, "\tIf the SMB2_NEGOTIATE_SIGNING_REQUIRED bit is set in the SecurityMode field of the client request."); ModelHelper.Log(LogType.Requirement, "\tIf the SMB2_SESSION_FLAG_IS_GUEST bit is not set in the SessionFlags field " + "and Session.IsAnonymous is FALSE and either Connection.ShouldSign or global RequireMessageSigning is TRUE."); ModelHelper.Log(LogType.TestInfo, "SMB2_NEGOTIATE_SIGNING_REQUIRED is {0}set.", sessionSetupRequest.signingFlagType == SigningFlagType.SignedFlagSet ? "" : "not "); ModelHelper.Log(LogType.TestInfo, "SMB2_SESSION_FLAG_IS_GUEST bit is {0}set.", sessionFlag.HasFlag(SessionFlags_Values.SESSION_FLAG_IS_GUEST) ? "" : "not "); ModelHelper.Log(LogType.TestInfo, "Session.IsAnonymous is {0}.", Session_IsAnonymous); ModelHelper.Log(LogType.TestInfo, "Connection.ShouldSign is {0}.", Connection_ShouldSign); ModelHelper.Log(LogType.TestInfo, "Global RequireMessageSigning is {0}.", c.IsServerSigningRequired); ModelHelper.Log(LogType.TestInfo, "So Session.SigningRequired is set to TRUE."); Session_SigningRequired = true; } VerifyResponseShouldSign(status, sessionSetupRequest, sessionId, signingFlagType); Condition.IsTrue(status == ModelSmb2Status.STATUS_SUCCESS); Session_IsExisted = true; }
public static void SessionSetupRequest( SigningFlagType signingFlagType, SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType, UserType userType) { Condition.IsTrue(State == ModelState.Connected); // Add isolate for SigningFlagType to reduce redundant cases: If the signingFlagType is set to SignedFlagSet, server will always return // error code STATUS_USER_SESSION_DELETED while verifying signature, we don't need to cover all the invalid combination with other params. Combination.Isolated(signingFlagType == SigningFlagType.SignedFlagSet); ModelHelper.Log(LogType.Requirement, "3.3.5.5.1: The other values MUST be initialized as follows:"); ModelHelper.Log(LogType.Requirement, "\tSession.SigningRequired is set to FALSE."); Session_SigningRequired = false; Request = new SigningModelRequest(signingFlagType); }
public static void NegotiateRequest( ModelDialectRevision maxSmbVersionClientSupported, SigningFlagType signingFlagType, SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType) { Condition.IsTrue(State == ModelState.Initialized); Condition.IsNull(Request); // Add isolate for SigningFlagType to reduce redundant cases: If the signingFlagType is set to SignedFlagSet, server will always return error // code STATUS_INVALID_PARAMETER, we don't need to cover all the invalid combination with other params. Combination.Isolated(signingFlagType == SigningFlagType.SignedFlagSet); NegotiateDialect = ModelHelper.DetermineNegotiateDialect(maxSmbVersionClientSupported, Config.MaxSmbVersionSupported); Request = new SigningModelRequest(signingFlagType, signingEnabledType, signingRequiredType); State = ModelState.Connected; }
public static void NegotiateRequest( ModelDialectRevision maxSmbVersionClientSupported, SigningFlagType signingFlagType, SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType) { Condition.IsTrue(State == ModelState.Initialized); Condition.IsNull(Request); // Add isolate for SigningFlagType to reduce redundant cases: If the signingFlagType is set to SignedFlagSet, server will always return error // code STATUS_INVALID_PARAMETER, we don't need to cover all the invalid combination with other params. Combination.Isolated(signingFlagType == SigningFlagType.SignedFlagSet); NegotiateDialect = ModelHelper.DetermineNegotiateDialect(maxSmbVersionClientSupported, Config.MaxSmbVersionSupported); Request = new SigningModelRequest(signingFlagType, signingEnabledType, signingRequiredType); State = ModelState.Connected; }
public void SessionSetupRequest(SigningFlagType signingFlagType, SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType, UserType userType) { SigningModelSessionId modelSessionId = SigningModelSessionId.ZeroSessionId; SessionFlags_Values sessionFlag = SessionFlags_Values.NONE; SigningFlagType responseSigningFlagType = SigningFlagType.SignedFlagNotSet; Packet_Header_Flags_Values headerFlags = (signingFlagType == SigningFlagType.SignedFlagSet) ? Packet_Header_Flags_Values.FLAGS_SIGNED : Packet_Header_Flags_Values.NONE; uint status = testClient.SessionSetup( headerFlags, testConfig.DefaultSecurityPackage, testConfig.SutComputerName, GetAccountCredential(userType), true, GetSessionSetupSecurityMode(signingEnabledType, signingRequiredType), checker: (header, response) => { modelSessionId = GetModelSessionId(header.SessionId); responseSigningFlagType = GetSigningFlagType(header.Flags); sessionFlag = response.SessionFlags; }); SessionSetupResponse((ModelSmb2Status)status, modelSessionId, responseSigningFlagType, sessionFlag, signingConfig); }
public void SessionSetupRequest(SigningFlagType signingFlagType, SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType, UserType userType) { SigningModelSessionId modelSessionId = SigningModelSessionId.ZeroSessionId; SessionFlags_Values sessionFlag = SessionFlags_Values.NONE; SigningFlagType responseSigningFlagType = SigningFlagType.SignedFlagNotSet; Packet_Header_Flags_Values headerFlags = (signingFlagType == SigningFlagType.SignedFlagSet) ? Packet_Header_Flags_Values.FLAGS_SIGNED : Packet_Header_Flags_Values.NONE; uint status = testClient.SessionSetup( headerFlags, testConfig.DefaultSecurityPackage, testConfig.SutComputerName, GetAccountCredential(userType), true, GetSessionSetupSecurityMode(signingEnabledType, signingRequiredType), checker: (header, response) => { modelSessionId = GetModelSessionId(header.SessionId); responseSigningFlagType = GetSigningFlagType(header.Flags); sessionFlag = response.SessionFlags; }); SessionSetupResponse((ModelSmb2Status)status, modelSessionId, responseSigningFlagType, sessionFlag, signingConfig); }
public static void SessionSetupRequest( SigningFlagType signingFlagType, SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType, UserType userType) { Condition.IsTrue(State == ModelState.Connected); // Add isolate for SigningFlagType to reduce redundant cases: If the signingFlagType is set to SignedFlagSet, server will always return // error code STATUS_USER_SESSION_DELETED while verifying signature, we don't need to cover all the invalid combination with other params. Combination.Isolated(signingFlagType == SigningFlagType.SignedFlagSet); ModelHelper.Log(LogType.Requirement, "3.3.5.5.1: The other values MUST be initialized as follows:"); ModelHelper.Log(LogType.Requirement, "\tSession.SigningRequired is set to FALSE."); Session_SigningRequired = false; Request = new SigningModelRequest(signingFlagType); }
public void TreeConnectRequest(SigningFlagType signingFlagType) { uint treeId; SigningModelSessionId modelSessionId = SigningModelSessionId.ZeroSessionId; SigningFlagType responseSigningFlagType = SigningFlagType.SignedFlagNotSet; string sharePath = Smb2Utility.GetUncPath(testConfig.SutComputerName, testConfig.BasicFileShare); Packet_Header_Flags_Values headerFlags = (signingFlagType == SigningFlagType.SignedFlagSet) ? Packet_Header_Flags_Values.FLAGS_SIGNED : Packet_Header_Flags_Values.NONE; if (signingFlagType == SigningFlagType.SignedFlagNotSet) { // Inform SDK to disable signning. testClient.EnableSessionSigningAndEncryption(enableSigning: false, enableEncryption: false); } uint status = testClient.TreeConnect( headerFlags, sharePath, out treeId, checker: (header, response) => { modelSessionId = GetModelSessionId(header.SessionId); responseSigningFlagType = GetSigningFlagType(header.Flags); }); TreeConnectResponse((ModelSmb2Status)status, modelSessionId, responseSigningFlagType); }
public static void SessionSetupResponse( ModelSmb2Status status, SigningModelSessionId sessionId, SigningFlagType signingFlagType, SessionFlags_Values sessionFlag, SigningConfig c) { Condition.IsTrue(State == ModelState.Connected); Condition.IsTrue(Config.IsServerSigningRequired == c.IsServerSigningRequired); SigningModelRequest sessionSetupRequest = ModelHelper.RetrieveOutstandingRequest<SigningModelRequest>(ref Request); if (!VerifySignature(status, sessionSetupRequest)) { State = ModelState.Uninitialized; return; } if (sessionSetupRequest.signingFlagType == SigningFlagType.SignedFlagSet || (!sessionFlag.HasFlag(SessionFlags_Values.SESSION_FLAG_IS_GUEST) && !Session_IsAnonymous && (Connection_ShouldSign || c.IsServerSigningRequired))) { ModelHelper.Log(LogType.Requirement, "3.3.5.5.3: 5. Session.SigningRequired MUST be set to TRUE under the following conditions:"); ModelHelper.Log(LogType.Requirement, "\tIf the SMB2_NEGOTIATE_SIGNING_REQUIRED bit is set in the SecurityMode field of the client request."); ModelHelper.Log(LogType.Requirement, "\tIf the SMB2_SESSION_FLAG_IS_GUEST bit is not set in the SessionFlags field " + "and Session.IsAnonymous is FALSE and either Connection.ShouldSign or global RequireMessageSigning is TRUE."); ModelHelper.Log(LogType.TestInfo, "SMB2_NEGOTIATE_SIGNING_REQUIRED is {0}set.", sessionSetupRequest.signingFlagType == SigningFlagType.SignedFlagSet ? "" : "not "); ModelHelper.Log(LogType.TestInfo, "SMB2_SESSION_FLAG_IS_GUEST bit is {0}set.", sessionFlag.HasFlag(SessionFlags_Values.SESSION_FLAG_IS_GUEST) ? "" : "not "); ModelHelper.Log(LogType.TestInfo, "Session.IsAnonymous is {0}.", Session_IsAnonymous); ModelHelper.Log(LogType.TestInfo, "Connection.ShouldSign is {0}.", Connection_ShouldSign); ModelHelper.Log(LogType.TestInfo, "Global RequireMessageSigning is {0}.", c.IsServerSigningRequired); ModelHelper.Log(LogType.TestInfo, "So Session.SigningRequired is set to TRUE."); Session_SigningRequired = true; } VerifyResponseShouldSign(status, sessionSetupRequest, sessionId, signingFlagType); Condition.IsTrue(status == ModelSmb2Status.STATUS_SUCCESS); Session_IsExisted = true; }
public static void TreeConnectRequest(SigningFlagType signingFlagType) { Condition.IsTrue(State == ModelState.Connected); Request = new SigningModelRequest(signingFlagType); }
public SigningModelRequest( SigningFlagType signingFlagType) : base(0) { this.signingFlagType = signingFlagType; }
public void NegotiateRequest(ModelDialectRevision maxSmbVersionClientSupported, SigningFlagType signingFlagType, SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType) { testClient = new Smb2FunctionalClient(testConfig.Timeout, testConfig, this.Site); testClient.ConnectToServer(testConfig.UnderlyingTransport, testConfig.SutComputerName, testConfig.SutIPAddress); DialectRevision[] dialects = Smb2Utility.GetDialects(ModelUtility.GetDialectRevision(maxSmbVersionClientSupported)); Packet_Header_Flags_Values headerFlags = (signingFlagType == SigningFlagType.SignedFlagSet) ? Packet_Header_Flags_Values.FLAGS_SIGNED : Packet_Header_Flags_Values.NONE; SigningEnabledType resSigningEnabledType = SigningEnabledType.SigningEnabledNotSet; SigningRequiredType resSigningRequiredType = SigningRequiredType.SigningRequiredNotSet; uint status = testClient.Negotiate( headerFlags, dialects, GetNegotiateSecurityMode(signingEnabledType, signingRequiredType), checker: (header, response) => { resSigningEnabledType = response.SecurityMode.HasFlag(NEGOTIATE_Response_SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED) ? SigningEnabledType.SigningEnabledSet : SigningEnabledType.SigningEnabledNotSet; resSigningRequiredType = response.SecurityMode.HasFlag(NEGOTIATE_Response_SecurityMode_Values.NEGOTIATE_SIGNING_REQUIRED) ? SigningRequiredType.SigningRequiredSet : SigningRequiredType.SigningRequiredNotSet; }); NegotiateResponse((ModelSmb2Status)status, resSigningEnabledType, resSigningRequiredType, signingConfig); }
/// <summary> /// The server MUST sign the message under the following conditions /// </summary> private static void VerifyResponseShouldSign( ModelSmb2Status status, SigningModelRequest request, SigningModelSessionId sessionId, SigningFlagType signingFlagType) { if (request.signingFlagType == SigningFlagType.SignedFlagSet && sessionId == SigningModelSessionId.NonZeroSessionId && Session_SigningRequired) { ModelHelper.Log(LogType.Requirement, "3.3.4.1.1: The server SHOULD<182> sign the message under the following conditions:"); ModelHelper.Log(LogType.Requirement, "\tIf the request was signed by the client, the response message being sent contains a nonzero SessionId and a zero TreeId in the SMB2 header, " + "and the session identified by SessionId has Session.SigningRequired equal to TRUE."); ModelHelper.Log(LogType.TestInfo, "The condition is met."); Condition.IsTrue(signingFlagType == SigningFlagType.SignedFlagSet); } else if (request.signingFlagType == SigningFlagType.SignedFlagSet) { ModelHelper.Log(LogType.Requirement, "3.3.4.1.1: The server SHOULD<182> sign the message under the following conditions:"); ModelHelper.Log(LogType.Requirement, "\tIf the request was signed by the client, and the response is not an interim response to an asynchronously processed request."); ModelHelper.Log(LogType.TestInfo, "The condition is met."); Condition.IsTrue(signingFlagType == SigningFlagType.SignedFlagSet); } }
public static void TreeConnectResponse(ModelSmb2Status status, SigningModelSessionId sessionId, SigningFlagType signingFlagType) { Condition.IsTrue(State == ModelState.Connected); SigningModelRequest treeConnectRequest = ModelHelper.RetrieveOutstandingRequest<SigningModelRequest>(ref Request); if (!VerifySignature(status, treeConnectRequest)) { return; } VerifyResponseShouldSign(status, treeConnectRequest, sessionId, signingFlagType); Condition.IsTrue(status == ModelSmb2Status.STATUS_SUCCESS); }
public static void TreeConnectRequest(SigningFlagType signingFlagType) { Condition.IsTrue(State == ModelState.Connected); Request = new SigningModelRequest(signingFlagType); }
public static void TreeConnectResponse(ModelSmb2Status status, SigningModelSessionId sessionId, SigningFlagType signingFlagType) { Condition.IsTrue(State == ModelState.Connected); SigningModelRequest treeConnectRequest = ModelHelper.RetrieveOutstandingRequest <SigningModelRequest>(ref Request); if (!VerifySignature(status, treeConnectRequest)) { return; } VerifyResponseShouldSign(status, treeConnectRequest, sessionId, signingFlagType); Condition.IsTrue(status == ModelSmb2Status.STATUS_SUCCESS); }
public SigningModelRequest( SigningFlagType signingFlagType, SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType) : base(0) { this.signingFlagType = signingFlagType; this.signingEnabledType = signingEnabledType; this.signingRequiredType = signingRequiredType; }
public SigningModelRequest( SigningFlagType signingFlagType) : base(0) { this.signingFlagType = signingFlagType; }