protected byte[] SendAndRecieveSmb2Ap(FileServer fileServer, byte[] gssApiToken)
{
BaseTestSite.Log.Add(LogEntryKind.Comment, "SMB2 AP Exchange.");
Smb2FunctionalTestClient smb2Client = new Smb2FunctionalTestClient(KerberosConstValue.TIMEOUT_FOR_SMB2AP);
smb2Client.ConnectToServerOverTCP(System.Net.IPAddress.Parse(fileServer.IPAddress));
DialectRevision smb2Dialect = (DialectRevision)Enum.Parse(typeof(DialectRevision), fileServer.Smb2Dialect);
DialectRevision selectedDialect;
uint status = smb2Client.Negotiate(
new DialectRevision[] { smb2Dialect },
SecurityMode_Values.NONE,
Capabilities_Values.GLOBAL_CAP_DFS,
Guid.NewGuid(),
out selectedDialect);
BaseTestSite.Assert.AreEqual(Smb2Status.STATUS_SUCCESS, status, "Negotiate failed with error.");
byte[] repToken;
status = smb2Client.SessionSetup(
SESSION_SETUP_Request_SecurityMode_Values.NONE,
SESSION_SETUP_Request_Capabilities_Values.GLOBAL_CAP_DFS,
SecurityPackageType.Kerberos,
fileServer.FQDN,
gssApiToken,
out repToken);
if (status == Smb2Status.STATUS_SUCCESS)
{
status = smb2Client.LogOff();
BaseTestSite.Assert.AreEqual(Smb2Status.STATUS_SUCCESS, status, "Logoff failed with error.");
}
smb2Client.Disconnect();
return(repToken);
}
private void AccessFile(string sharePath, string fileName, FileServer fileServer, byte[] gssApiToken, EncryptionKey subkey, bool expectAccessDeny)
{
BaseTestSite.Log.Add(LogEntryKind.Comment, "AccessFile: Create a SMB2 Client and Negotiate");
Smb2FunctionalTestClient smb2Client = new Smb2FunctionalTestClient(KerberosConstValue.TIMEOUT_FOR_SMB2AP);
smb2Client.ConnectToServerOverTCP(System.Net.IPAddress.Parse(fileServer.IPAddress));
DialectRevision smb2Dialect = (DialectRevision)Enum.Parse(typeof(DialectRevision), fileServer.Smb2Dialect);
DialectRevision selectedDialect;
uint status = smb2Client.Negotiate(
new DialectRevision[] { smb2Dialect },
SecurityMode_Values.NONE,
Capabilities_Values.GLOBAL_CAP_DFS,
Guid.NewGuid(),
out selectedDialect);
BaseTestSite.Assert.AreEqual(Smb2Status.STATUS_SUCCESS, status, "Negotiate failed with error: {0}", status);
byte[] repToken;
BaseTestSite.Log.Add(LogEntryKind.Comment, "AccessFile: Session Setup");
status = smb2Client.SessionSetup(
SESSION_SETUP_Request_SecurityMode_Values.NONE,
SESSION_SETUP_Request_Capabilities_Values.GLOBAL_CAP_DFS,
SecurityPackageType.Kerberos,
fileServer.FQDN,
gssApiToken,
out repToken);
BaseTestSite.Assert.AreEqual(Smb2Status.STATUS_SUCCESS, status, "Session setup failed with error: {0}", status);
KerberosApResponse apRep = client.GetApResponseFromToken(repToken);
// Get subkey from AP response, which used for signing in smb2
apRep.Decrypt(subkey.keyvalue.ByteArrayValue);
smb2Client.SetSessionSigningAndEncryption(true, false, apRep.ApEncPart.subkey.keyvalue.ByteArrayValue);
BaseTestSite.Log.Add(LogEntryKind.Comment, "AccessFile: Tree Connect");
uint treeId;
string path = @"\\" + fileServer.FQDN + @"\" + sharePath;
status = smb2Client.TreeConnect(path, out treeId);
BaseTestSite.Assert.AreEqual(Smb2Status.STATUS_SUCCESS, status, "TreeConnect failed with error: {0}", status);
BaseTestSite.Log.Add(LogEntryKind.Comment, "AccessFile: Create");
Smb2CreateContextResponse[] serverCreateContexts;
FILEID fileId;
status = smb2Client.Create(
treeId,
fileName,
CreateOptions_Values.FILE_NON_DIRECTORY_FILE,
out fileId,
out serverCreateContexts,
RequestedOplockLevel_Values.OPLOCK_LEVEL_LEASE,
new Smb2CreateContextRequest[] {
new Smb2CreateRequestLeaseV2
{
LeaseKey = Guid.NewGuid(),
LeaseState = LeaseStateValues.SMB2_LEASE_READ_CACHING |
LeaseStateValues.SMB2_LEASE_HANDLE_CACHING |
LeaseStateValues.SMB2_LEASE_WRITE_CACHING,
}
},
checker: SkipResponseCheck);
if (expectAccessDeny)
{
BaseTestSite.Assert.AreEqual(Smb2Status.STATUS_ACCESS_DENIED, status, "Create Operation should fail due to STATUS_ACCESS_DENIED, the received status is: {0}", status);
}
else
{
// Create success
BaseTestSite.Assert.AreEqual(Smb2Status.STATUS_SUCCESS, status, "Create failed with error: {0}", status);
BaseTestSite.Log.Add(LogEntryKind.Comment, "AccessFile: Close");
status = smb2Client.Close(treeId, fileId);
BaseTestSite.Assert.AreEqual(Smb2Status.STATUS_SUCCESS, status, "Close failed with error: {0}", status);
}
BaseTestSite.Log.Add(LogEntryKind.Comment, "AccessFile: Tree Disconnect");
status = smb2Client.TreeDisconnect(treeId);
BaseTestSite.Assert.AreEqual(Smb2Status.STATUS_SUCCESS, status, "Tree Disconnect failed with error: {0}", status);
BaseTestSite.Log.Add(LogEntryKind.Comment, "AccessFile: Logoff");
status = smb2Client.LogOff();
BaseTestSite.Assert.AreEqual(Smb2Status.STATUS_SUCCESS, status, "Logoff failed with error: {0}", status);
smb2Client.Disconnect();
}