public static void SessionSetupResponse( ModelSmb2Status status, SigningModelSessionId sessionId, SigningFlagType signingFlagType, SessionFlags_Values sessionFlag, SigningConfig c) { Condition.IsTrue(State == ModelState.Connected); Condition.IsTrue(Config.IsServerSigningRequired == c.IsServerSigningRequired); SigningModelRequest sessionSetupRequest = ModelHelper.RetrieveOutstandingRequest <SigningModelRequest>(ref Request); if (!VerifySignature(status, sessionSetupRequest)) { State = ModelState.Uninitialized; return; } if (sessionSetupRequest.signingFlagType == SigningFlagType.SignedFlagSet || (!sessionFlag.HasFlag(SessionFlags_Values.SESSION_FLAG_IS_GUEST) && !Session_IsAnonymous && (Connection_ShouldSign || c.IsServerSigningRequired))) { ModelHelper.Log(LogType.Requirement, "3.3.5.5.3: 5. Session.SigningRequired MUST be set to TRUE under the following conditions:"); ModelHelper.Log(LogType.Requirement, "\tIf the SMB2_NEGOTIATE_SIGNING_REQUIRED bit is set in the SecurityMode field of the client request."); ModelHelper.Log(LogType.Requirement, "\tIf the SMB2_SESSION_FLAG_IS_GUEST bit is not set in the SessionFlags field " + "and Session.IsAnonymous is FALSE and either Connection.ShouldSign or global RequireMessageSigning is TRUE."); ModelHelper.Log(LogType.TestInfo, "SMB2_NEGOTIATE_SIGNING_REQUIRED is {0}set.", sessionSetupRequest.signingFlagType == SigningFlagType.SignedFlagSet ? "" : "not "); ModelHelper.Log(LogType.TestInfo, "SMB2_SESSION_FLAG_IS_GUEST bit is {0}set.", sessionFlag.HasFlag(SessionFlags_Values.SESSION_FLAG_IS_GUEST) ? "" : "not "); ModelHelper.Log(LogType.TestInfo, "Session.IsAnonymous is {0}.", Session_IsAnonymous); ModelHelper.Log(LogType.TestInfo, "Connection.ShouldSign is {0}.", Connection_ShouldSign); ModelHelper.Log(LogType.TestInfo, "Global RequireMessageSigning is {0}.", c.IsServerSigningRequired); ModelHelper.Log(LogType.TestInfo, "So Session.SigningRequired is set to TRUE."); Session_SigningRequired = true; } VerifyResponseShouldSign(status, sessionSetupRequest, sessionId, signingFlagType); Condition.IsTrue(status == ModelSmb2Status.STATUS_SUCCESS); Session_IsExisted = true; }
public void SessionSetupRequest(SigningFlagType signingFlagType, SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType, UserType userType) { SigningModelSessionId modelSessionId = SigningModelSessionId.ZeroSessionId; SessionFlags_Values sessionFlag = SessionFlags_Values.NONE; SigningFlagType responseSigningFlagType = SigningFlagType.SignedFlagNotSet; Packet_Header_Flags_Values headerFlags = (signingFlagType == SigningFlagType.SignedFlagSet) ? Packet_Header_Flags_Values.FLAGS_SIGNED : Packet_Header_Flags_Values.NONE; uint status = testClient.SessionSetup( headerFlags, testConfig.DefaultSecurityPackage, testConfig.SutComputerName, GetAccountCredential(userType), true, GetSessionSetupSecurityMode(signingEnabledType, signingRequiredType), checker: (header, response) => { modelSessionId = GetModelSessionId(header.SessionId); responseSigningFlagType = GetSigningFlagType(header.Flags); sessionFlag = response.SessionFlags; }); SessionSetupResponse((ModelSmb2Status)status, modelSessionId, responseSigningFlagType, sessionFlag, signingConfig); }
public static void SessionSetupResponse( ModelSmb2Status status, SigningModelSessionId sessionId, SigningFlagType signingFlagType, SessionFlags_Values sessionFlag, SigningConfig c) { Condition.IsTrue(State == ModelState.Connected); Condition.IsTrue(Config.IsServerSigningRequired == c.IsServerSigningRequired); SigningModelRequest sessionSetupRequest = ModelHelper.RetrieveOutstandingRequest<SigningModelRequest>(ref Request); if (!VerifySignature(status, sessionSetupRequest)) { State = ModelState.Uninitialized; return; } if (sessionSetupRequest.signingFlagType == SigningFlagType.SignedFlagSet || (!sessionFlag.HasFlag(SessionFlags_Values.SESSION_FLAG_IS_GUEST) && !Session_IsAnonymous && (Connection_ShouldSign || c.IsServerSigningRequired))) { ModelHelper.Log(LogType.Requirement, "3.3.5.5.3: 5. Session.SigningRequired MUST be set to TRUE under the following conditions:"); ModelHelper.Log(LogType.Requirement, "\tIf the SMB2_NEGOTIATE_SIGNING_REQUIRED bit is set in the SecurityMode field of the client request."); ModelHelper.Log(LogType.Requirement, "\tIf the SMB2_SESSION_FLAG_IS_GUEST bit is not set in the SessionFlags field " + "and Session.IsAnonymous is FALSE and either Connection.ShouldSign or global RequireMessageSigning is TRUE."); ModelHelper.Log(LogType.TestInfo, "SMB2_NEGOTIATE_SIGNING_REQUIRED is {0}set.", sessionSetupRequest.signingFlagType == SigningFlagType.SignedFlagSet ? "" : "not "); ModelHelper.Log(LogType.TestInfo, "SMB2_SESSION_FLAG_IS_GUEST bit is {0}set.", sessionFlag.HasFlag(SessionFlags_Values.SESSION_FLAG_IS_GUEST) ? "" : "not "); ModelHelper.Log(LogType.TestInfo, "Session.IsAnonymous is {0}.", Session_IsAnonymous); ModelHelper.Log(LogType.TestInfo, "Connection.ShouldSign is {0}.", Connection_ShouldSign); ModelHelper.Log(LogType.TestInfo, "Global RequireMessageSigning is {0}.", c.IsServerSigningRequired); ModelHelper.Log(LogType.TestInfo, "So Session.SigningRequired is set to TRUE."); Session_SigningRequired = true; } VerifyResponseShouldSign(status, sessionSetupRequest, sessionId, signingFlagType); Condition.IsTrue(status == ModelSmb2Status.STATUS_SUCCESS); Session_IsExisted = true; }
public Smb2SessionSetupResponsePacket CreateSessionSetupResponse( Smb2Endpoint endpoint, ulong messageId, ulong sessionId, SessionFlags_Values sessionFlags ) { //This is for re-authenticate. the state is used to indicate user that //the authenticate process in not complete. if (context.globalSessionTable.ContainsKey(sessionId)) { context.globalSessionTable[sessionId].state = SessionState.InProgress; } Smb2SessionSetupResponsePacket packet = new Smb2SessionSetupResponsePacket(); SetHeader(packet, 0, endpoint, messageId); packet.Header.SessionId = sessionId; packet.PayLoad.StructureSize = SESSION_SETUP_Response_StructureSize_Values.V1; packet.PayLoad.SessionFlags = sessionFlags; Smb2SessionSetupRequestPacket requestPacket = context.FindRequestPacket(endpoint.EndpointId, messageId) as Smb2SessionSetupRequestPacket; if (context.connectionList[endpoint.EndpointId].gss == null) { context.connectionList[endpoint.EndpointId].gss = new SspiServerSecurityContext( context.connectionList[endpoint.EndpointId].packageType, context.connectionList[endpoint.EndpointId].credential, null, context.connectionList[endpoint.EndpointId].contextAttribute, SecurityTargetDataRepresentation.SecurityNativeDrep); context.connectionList[endpoint.EndpointId].gss.Accept(requestPacket.PayLoad.Buffer); } else { context.connectionList[endpoint.EndpointId].gss.Accept(requestPacket.PayLoad.Buffer); } if (context.connectionList[endpoint.EndpointId].gss.NeedContinueProcessing) { packet.Header.Status = (uint)Smb2Status.STATUS_MORE_PROCESSING_REQUIRED; } packet.PayLoad.Buffer = context.connectionList[endpoint.EndpointId].gss.Token; packet.PayLoad.SecurityBufferOffset = Smb2Consts.SecurityBufferOffsetInSessionSetup; packet.PayLoad.SecurityBufferLength = (ushort)packet.PayLoad.Buffer.Length; packet.Sign(); return packet; }