/// <summary> /// The server MUST sign the message under the following conditions /// </summary> private static void VerifyResponseShouldSign( ModelSmb2Status status, SigningModelRequest request, SigningModelSessionId sessionId, SigningFlagType signingFlagType) { if (request.signingFlagType == SigningFlagType.SignedFlagSet && sessionId == SigningModelSessionId.NonZeroSessionId && Session_SigningRequired) { ModelHelper.Log(LogType.Requirement, "3.3.4.1.1: The server SHOULD<182> sign the message under the following conditions:"); ModelHelper.Log(LogType.Requirement, "\tIf the request was signed by the client, the response message being sent contains a nonzero SessionId and a zero TreeId in the SMB2 header, " + "and the session identified by SessionId has Session.SigningRequired equal to TRUE."); ModelHelper.Log(LogType.TestInfo, "The condition is met."); Condition.IsTrue(signingFlagType == SigningFlagType.SignedFlagSet); } else if (request.signingFlagType == SigningFlagType.SignedFlagSet) { ModelHelper.Log(LogType.Requirement, "3.3.4.1.1: The server SHOULD<182> sign the message under the following conditions:"); ModelHelper.Log(LogType.Requirement, "\tIf the request was signed by the client, and the response is not an interim response to an asynchronously processed request."); ModelHelper.Log(LogType.TestInfo, "The condition is met."); Condition.IsTrue(signingFlagType == SigningFlagType.SignedFlagSet); } }
public void TreeConnectRequest(SigningFlagType signingFlagType) { uint treeId; SigningModelSessionId modelSessionId = SigningModelSessionId.ZeroSessionId; SigningFlagType responseSigningFlagType = SigningFlagType.SignedFlagNotSet; string sharePath = Smb2Utility.GetUncPath(testConfig.SutComputerName, testConfig.BasicFileShare); Packet_Header_Flags_Values headerFlags = (signingFlagType == SigningFlagType.SignedFlagSet) ? Packet_Header_Flags_Values.FLAGS_SIGNED : Packet_Header_Flags_Values.NONE; // Inform SDK to disable/enable signing according to SigningFlagType. bool isEnableSigning = !(signingFlagType == SigningFlagType.SignedFlagNotSet); testClient.EnableSessionSigningAndEncryption(enableSigning: isEnableSigning, enableEncryption: false); uint status = testClient.TreeConnect( headerFlags, sharePath, out treeId, checker: (header, response) => { modelSessionId = GetModelSessionId(header.SessionId); responseSigningFlagType = GetSigningFlagType(header.Flags); }); TreeConnectResponse((ModelSmb2Status)status, modelSessionId, responseSigningFlagType); }
public static void SessionSetupResponse( ModelSmb2Status status, SigningModelSessionId sessionId, SigningFlagType signingFlagType, SessionFlags_Values sessionFlag, SigningConfig c) { Condition.IsTrue(State == ModelState.Connected); Condition.IsTrue(Config.IsServerSigningRequired == c.IsServerSigningRequired); SigningModelRequest sessionSetupRequest = ModelHelper.RetrieveOutstandingRequest <SigningModelRequest>(ref Request); if (!VerifySignature(status, sessionSetupRequest)) { State = ModelState.Uninitialized; return; } if (sessionSetupRequest.signingFlagType == SigningFlagType.SignedFlagSet || (!sessionFlag.HasFlag(SessionFlags_Values.SESSION_FLAG_IS_GUEST) && !Session_IsAnonymous && (Connection_ShouldSign || c.IsServerSigningRequired))) { ModelHelper.Log(LogType.Requirement, "3.3.5.5.3: 5. Session.SigningRequired MUST be set to TRUE under the following conditions:"); ModelHelper.Log(LogType.Requirement, "\tIf the SMB2_NEGOTIATE_SIGNING_REQUIRED bit is set in the SecurityMode field of the client request."); ModelHelper.Log(LogType.Requirement, "\tIf the SMB2_SESSION_FLAG_IS_GUEST bit is not set in the SessionFlags field " + "and Session.IsAnonymous is FALSE and either Connection.ShouldSign or global RequireMessageSigning is TRUE."); ModelHelper.Log(LogType.TestInfo, "SMB2_NEGOTIATE_SIGNING_REQUIRED is {0}set.", sessionSetupRequest.signingFlagType == SigningFlagType.SignedFlagSet ? "" : "not "); ModelHelper.Log(LogType.TestInfo, "SMB2_SESSION_FLAG_IS_GUEST bit is {0}set.", sessionFlag.HasFlag(SessionFlags_Values.SESSION_FLAG_IS_GUEST) ? "" : "not "); ModelHelper.Log(LogType.TestInfo, "Session.IsAnonymous is {0}.", Session_IsAnonymous); ModelHelper.Log(LogType.TestInfo, "Connection.ShouldSign is {0}.", Connection_ShouldSign); ModelHelper.Log(LogType.TestInfo, "Global RequireMessageSigning is {0}.", c.IsServerSigningRequired); ModelHelper.Log(LogType.TestInfo, "So Session.SigningRequired is set to TRUE."); Session_SigningRequired = true; } VerifyResponseShouldSign(status, sessionSetupRequest, sessionId, signingFlagType); Condition.IsTrue(status == ModelSmb2Status.STATUS_SUCCESS); Session_IsExisted = true; }
public static void TreeConnectResponse(ModelSmb2Status status, SigningModelSessionId sessionId, SigningFlagType signingFlagType) { Condition.IsTrue(State == ModelState.Connected); SigningModelRequest treeConnectRequest = ModelHelper.RetrieveOutstandingRequest <SigningModelRequest>(ref Request); if (!VerifySignature(status, treeConnectRequest)) { return; } VerifyResponseShouldSign(status, treeConnectRequest, sessionId, signingFlagType); Condition.IsTrue(status == ModelSmb2Status.STATUS_SUCCESS); }
public void SessionSetupRequest(SigningFlagType signingFlagType, SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType, UserType userType) { SigningModelSessionId modelSessionId = SigningModelSessionId.ZeroSessionId; SessionFlags_Values sessionFlag = SessionFlags_Values.NONE; SigningFlagType responseSigningFlagType = SigningFlagType.SignedFlagNotSet; Packet_Header_Flags_Values headerFlags = (signingFlagType == SigningFlagType.SignedFlagSet) ? Packet_Header_Flags_Values.FLAGS_SIGNED : Packet_Header_Flags_Values.NONE; uint status = testClient.SessionSetup( headerFlags, testConfig.DefaultSecurityPackage, testConfig.SutComputerName, GetAccountCredential(userType), true, GetSessionSetupSecurityMode(signingEnabledType, signingRequiredType), checker: (header, response) => { modelSessionId = GetModelSessionId(header.SessionId); responseSigningFlagType = GetSigningFlagType(header.Flags); sessionFlag = response.SessionFlags; }); SessionSetupResponse((ModelSmb2Status)status, modelSessionId, responseSigningFlagType, sessionFlag, signingConfig); }
public static void TreeConnectResponse(ModelSmb2Status status, SigningModelSessionId sessionId, SigningFlagType signingFlagType) { Condition.IsTrue(State == ModelState.Connected); SigningModelRequest treeConnectRequest = ModelHelper.RetrieveOutstandingRequest<SigningModelRequest>(ref Request); if (!VerifySignature(status, treeConnectRequest)) { return; } VerifyResponseShouldSign(status, treeConnectRequest, sessionId, signingFlagType); Condition.IsTrue(status == ModelSmb2Status.STATUS_SUCCESS); }
public static void SessionSetupResponse( ModelSmb2Status status, SigningModelSessionId sessionId, SigningFlagType signingFlagType, SessionFlags_Values sessionFlag, SigningConfig c) { Condition.IsTrue(State == ModelState.Connected); Condition.IsTrue(Config.IsServerSigningRequired == c.IsServerSigningRequired); SigningModelRequest sessionSetupRequest = ModelHelper.RetrieveOutstandingRequest<SigningModelRequest>(ref Request); if (!VerifySignature(status, sessionSetupRequest)) { State = ModelState.Uninitialized; return; } if (sessionSetupRequest.signingFlagType == SigningFlagType.SignedFlagSet || (!sessionFlag.HasFlag(SessionFlags_Values.SESSION_FLAG_IS_GUEST) && !Session_IsAnonymous && (Connection_ShouldSign || c.IsServerSigningRequired))) { ModelHelper.Log(LogType.Requirement, "3.3.5.5.3: 5. Session.SigningRequired MUST be set to TRUE under the following conditions:"); ModelHelper.Log(LogType.Requirement, "\tIf the SMB2_NEGOTIATE_SIGNING_REQUIRED bit is set in the SecurityMode field of the client request."); ModelHelper.Log(LogType.Requirement, "\tIf the SMB2_SESSION_FLAG_IS_GUEST bit is not set in the SessionFlags field " + "and Session.IsAnonymous is FALSE and either Connection.ShouldSign or global RequireMessageSigning is TRUE."); ModelHelper.Log(LogType.TestInfo, "SMB2_NEGOTIATE_SIGNING_REQUIRED is {0}set.", sessionSetupRequest.signingFlagType == SigningFlagType.SignedFlagSet ? "" : "not "); ModelHelper.Log(LogType.TestInfo, "SMB2_SESSION_FLAG_IS_GUEST bit is {0}set.", sessionFlag.HasFlag(SessionFlags_Values.SESSION_FLAG_IS_GUEST) ? "" : "not "); ModelHelper.Log(LogType.TestInfo, "Session.IsAnonymous is {0}.", Session_IsAnonymous); ModelHelper.Log(LogType.TestInfo, "Connection.ShouldSign is {0}.", Connection_ShouldSign); ModelHelper.Log(LogType.TestInfo, "Global RequireMessageSigning is {0}.", c.IsServerSigningRequired); ModelHelper.Log(LogType.TestInfo, "So Session.SigningRequired is set to TRUE."); Session_SigningRequired = true; } VerifyResponseShouldSign(status, sessionSetupRequest, sessionId, signingFlagType); Condition.IsTrue(status == ModelSmb2Status.STATUS_SUCCESS); Session_IsExisted = true; }