Exemplo n.º 1
0
        protected byte[] SendAndRecieveSmb2Ap(FileServer fileServer, byte[] gssApiToken)
        {
            BaseTestSite.Log.Add(LogEntryKind.Comment, "SMB2 AP Exchange.");
            Smb2FunctionalTestClient smb2Client = new Smb2FunctionalTestClient(KerberosConstValue.TIMEOUT_FOR_SMB2AP);

            smb2Client.ConnectToServerOverTCP(System.Net.IPAddress.Parse(fileServer.IPAddress));
            DialectRevision smb2Dialect = (DialectRevision)Enum.Parse(typeof(DialectRevision), fileServer.Smb2Dialect);
            DialectRevision selectedDialect;
            uint            status = smb2Client.Negotiate(
                new DialectRevision[] { smb2Dialect },
                SecurityMode_Values.NONE,
                Capabilities_Values.GLOBAL_CAP_DFS,
                Guid.NewGuid(),
                out selectedDialect);

            BaseTestSite.Assert.AreEqual(Smb2Status.STATUS_SUCCESS, status, "Negotiate failed with error.");

            byte[] repToken;
            status = smb2Client.SessionSetup(
                SESSION_SETUP_Request_SecurityMode_Values.NONE,
                SESSION_SETUP_Request_Capabilities_Values.GLOBAL_CAP_DFS,
                SecurityPackageType.Kerberos,
                fileServer.FQDN,
                gssApiToken,
                out repToken);

            if (status == Smb2Status.STATUS_SUCCESS)
            {
                status = smb2Client.LogOff();
                BaseTestSite.Assert.AreEqual(Smb2Status.STATUS_SUCCESS, status, "Logoff failed with error.");
            }
            smb2Client.Disconnect();

            return(repToken);
        }
Exemplo n.º 2
0
        private void AccessFile(string sharePath, string fileName, FileServer fileServer, byte[] gssApiToken, EncryptionKey subkey, bool expectAccessDeny)
        {
            BaseTestSite.Log.Add(LogEntryKind.Comment, "AccessFile: Create a SMB2 Client and Negotiate");
            Smb2FunctionalTestClient smb2Client = new Smb2FunctionalTestClient(KerberosConstValue.TIMEOUT_FOR_SMB2AP);

            smb2Client.ConnectToServerOverTCP(System.Net.IPAddress.Parse(fileServer.IPAddress));
            DialectRevision smb2Dialect = (DialectRevision)Enum.Parse(typeof(DialectRevision), fileServer.Smb2Dialect);
            DialectRevision selectedDialect;
            uint            status = smb2Client.Negotiate(
                new DialectRevision[] { smb2Dialect },
                SecurityMode_Values.NONE,
                Capabilities_Values.GLOBAL_CAP_DFS,
                Guid.NewGuid(),
                out selectedDialect);

            BaseTestSite.Assert.AreEqual(Smb2Status.STATUS_SUCCESS, status, "Negotiate failed with error: {0}", status);

            byte[] repToken;
            BaseTestSite.Log.Add(LogEntryKind.Comment, "AccessFile: Session Setup");
            status = smb2Client.SessionSetup(
                SESSION_SETUP_Request_SecurityMode_Values.NONE,
                SESSION_SETUP_Request_Capabilities_Values.GLOBAL_CAP_DFS,
                SecurityPackageType.Kerberos,
                fileServer.FQDN,
                gssApiToken,
                out repToken);

            BaseTestSite.Assert.AreEqual(Smb2Status.STATUS_SUCCESS, status, "Session setup failed with error: {0}", status);

            KerberosApResponse apRep = client.GetApResponseFromToken(repToken);


            // Get subkey from AP response, which used for signing in smb2
            apRep.Decrypt(subkey.keyvalue.ByteArrayValue);
            smb2Client.SetSessionSigningAndEncryption(true, false, apRep.ApEncPart.subkey.keyvalue.ByteArrayValue);



            BaseTestSite.Log.Add(LogEntryKind.Comment, "AccessFile: Tree Connect");
            uint   treeId;
            string path = @"\\" + fileServer.FQDN + @"\" + sharePath;

            status = smb2Client.TreeConnect(path, out treeId);
            BaseTestSite.Assert.AreEqual(Smb2Status.STATUS_SUCCESS, status, "TreeConnect failed with error: {0}", status);

            BaseTestSite.Log.Add(LogEntryKind.Comment, "AccessFile: Create");
            Smb2CreateContextResponse[] serverCreateContexts;
            FILEID fileId;

            status = smb2Client.Create(
                treeId,
                fileName,
                CreateOptions_Values.FILE_NON_DIRECTORY_FILE,
                out fileId,
                out serverCreateContexts,
                RequestedOplockLevel_Values.OPLOCK_LEVEL_LEASE,
                new Smb2CreateContextRequest[] {
                new Smb2CreateRequestLeaseV2
                {
                    LeaseKey   = Guid.NewGuid(),
                    LeaseState = LeaseStateValues.SMB2_LEASE_READ_CACHING |
                                 LeaseStateValues.SMB2_LEASE_HANDLE_CACHING |
                                 LeaseStateValues.SMB2_LEASE_WRITE_CACHING,
                }
            },
                checker: SkipResponseCheck);
            if (expectAccessDeny)
            {
                BaseTestSite.Assert.AreEqual(Smb2Status.STATUS_ACCESS_DENIED, status, "Create Operation should fail due to STATUS_ACCESS_DENIED, the received status is: {0}", status);
            }
            else
            {
                // Create success
                BaseTestSite.Assert.AreEqual(Smb2Status.STATUS_SUCCESS, status, "Create failed with error: {0}", status);
                BaseTestSite.Log.Add(LogEntryKind.Comment, "AccessFile: Close");
                status = smb2Client.Close(treeId, fileId);
                BaseTestSite.Assert.AreEqual(Smb2Status.STATUS_SUCCESS, status, "Close failed with error: {0}", status);
            }

            BaseTestSite.Log.Add(LogEntryKind.Comment, "AccessFile: Tree Disconnect");
            status = smb2Client.TreeDisconnect(treeId);
            BaseTestSite.Assert.AreEqual(Smb2Status.STATUS_SUCCESS, status, "Tree Disconnect failed with error: {0}", status);

            BaseTestSite.Log.Add(LogEntryKind.Comment, "AccessFile: Logoff");
            status = smb2Client.LogOff();
            BaseTestSite.Assert.AreEqual(Smb2Status.STATUS_SUCCESS, status, "Logoff failed with error: {0}", status);

            smb2Client.Disconnect();
        }