public static void SessionSetupResponse(
ModelSmb2Status status,
SigningModelSessionId sessionId,
SigningFlagType signingFlagType,
SessionFlags_Values sessionFlag,
SigningConfig c)
{
Condition.IsTrue(State == ModelState.Connected);
Condition.IsTrue(Config.IsServerSigningRequired == c.IsServerSigningRequired);
SigningModelRequest sessionSetupRequest = ModelHelper.RetrieveOutstandingRequest <SigningModelRequest>(ref Request);
if (!VerifySignature(status, sessionSetupRequest))
{
State = ModelState.Uninitialized;
return;
}
if (sessionSetupRequest.signingFlagType == SigningFlagType.SignedFlagSet ||
(!sessionFlag.HasFlag(SessionFlags_Values.SESSION_FLAG_IS_GUEST) &&
!Session_IsAnonymous &&
(Connection_ShouldSign || c.IsServerSigningRequired)))
{
ModelHelper.Log(LogType.Requirement,
"3.3.5.5.3: 5. Session.SigningRequired MUST be set to TRUE under the following conditions:");
ModelHelper.Log(LogType.Requirement,
"\tIf the SMB2_NEGOTIATE_SIGNING_REQUIRED bit is set in the SecurityMode field of the client request.");
ModelHelper.Log(LogType.Requirement,
"\tIf the SMB2_SESSION_FLAG_IS_GUEST bit is not set in the SessionFlags field " +
"and Session.IsAnonymous is FALSE and either Connection.ShouldSign or global RequireMessageSigning is TRUE.");
ModelHelper.Log(LogType.TestInfo,
"SMB2_NEGOTIATE_SIGNING_REQUIRED is {0}set.", sessionSetupRequest.signingFlagType == SigningFlagType.SignedFlagSet ? "" : "not ");
ModelHelper.Log(LogType.TestInfo,
"SMB2_SESSION_FLAG_IS_GUEST bit is {0}set.", sessionFlag.HasFlag(SessionFlags_Values.SESSION_FLAG_IS_GUEST) ? "" : "not ");
ModelHelper.Log(LogType.TestInfo, "Session.IsAnonymous is {0}.", Session_IsAnonymous);
ModelHelper.Log(LogType.TestInfo, "Connection.ShouldSign is {0}.", Connection_ShouldSign);
ModelHelper.Log(LogType.TestInfo, "Global RequireMessageSigning is {0}.", c.IsServerSigningRequired);
ModelHelper.Log(LogType.TestInfo, "So Session.SigningRequired is set to TRUE.");
Session_SigningRequired = true;
}
VerifyResponseShouldSign(status, sessionSetupRequest, sessionId, signingFlagType);
Condition.IsTrue(status == ModelSmb2Status.STATUS_SUCCESS);
Session_IsExisted = true;
}
public void SessionSetupRequest(SigningFlagType signingFlagType, SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType, UserType userType)
{
SigningModelSessionId modelSessionId = SigningModelSessionId.ZeroSessionId;
SessionFlags_Values sessionFlag = SessionFlags_Values.NONE;
SigningFlagType responseSigningFlagType = SigningFlagType.SignedFlagNotSet;
Packet_Header_Flags_Values headerFlags = (signingFlagType == SigningFlagType.SignedFlagSet) ? Packet_Header_Flags_Values.FLAGS_SIGNED : Packet_Header_Flags_Values.NONE;
uint status = testClient.SessionSetup(
headerFlags,
testConfig.DefaultSecurityPackage,
testConfig.SutComputerName,
GetAccountCredential(userType),
true,
GetSessionSetupSecurityMode(signingEnabledType, signingRequiredType),
checker: (header, response) =>
{
modelSessionId = GetModelSessionId(header.SessionId);
responseSigningFlagType = GetSigningFlagType(header.Flags);
sessionFlag = response.SessionFlags;
});
SessionSetupResponse((ModelSmb2Status)status, modelSessionId, responseSigningFlagType, sessionFlag, signingConfig);
}
public static void SessionSetupResponse(
ModelSmb2Status status,
SigningModelSessionId sessionId,
SigningFlagType signingFlagType,
SessionFlags_Values sessionFlag,
SigningConfig c)
{
Condition.IsTrue(State == ModelState.Connected);
Condition.IsTrue(Config.IsServerSigningRequired == c.IsServerSigningRequired);
SigningModelRequest sessionSetupRequest = ModelHelper.RetrieveOutstandingRequest<SigningModelRequest>(ref Request);
if (!VerifySignature(status, sessionSetupRequest))
{
State = ModelState.Uninitialized;
return;
}
if (sessionSetupRequest.signingFlagType == SigningFlagType.SignedFlagSet
|| (!sessionFlag.HasFlag(SessionFlags_Values.SESSION_FLAG_IS_GUEST)
&& !Session_IsAnonymous
&& (Connection_ShouldSign || c.IsServerSigningRequired)))
{
ModelHelper.Log(LogType.Requirement,
"3.3.5.5.3: 5. Session.SigningRequired MUST be set to TRUE under the following conditions:");
ModelHelper.Log(LogType.Requirement,
"\tIf the SMB2_NEGOTIATE_SIGNING_REQUIRED bit is set in the SecurityMode field of the client request.");
ModelHelper.Log(LogType.Requirement,
"\tIf the SMB2_SESSION_FLAG_IS_GUEST bit is not set in the SessionFlags field " +
"and Session.IsAnonymous is FALSE and either Connection.ShouldSign or global RequireMessageSigning is TRUE.");
ModelHelper.Log(LogType.TestInfo,
"SMB2_NEGOTIATE_SIGNING_REQUIRED is {0}set.", sessionSetupRequest.signingFlagType == SigningFlagType.SignedFlagSet ? "" : "not ");
ModelHelper.Log(LogType.TestInfo,
"SMB2_SESSION_FLAG_IS_GUEST bit is {0}set.", sessionFlag.HasFlag(SessionFlags_Values.SESSION_FLAG_IS_GUEST) ? "" : "not ");
ModelHelper.Log(LogType.TestInfo, "Session.IsAnonymous is {0}.", Session_IsAnonymous);
ModelHelper.Log(LogType.TestInfo, "Connection.ShouldSign is {0}.", Connection_ShouldSign);
ModelHelper.Log(LogType.TestInfo, "Global RequireMessageSigning is {0}.", c.IsServerSigningRequired);
ModelHelper.Log(LogType.TestInfo, "So Session.SigningRequired is set to TRUE.");
Session_SigningRequired = true;
}
VerifyResponseShouldSign(status, sessionSetupRequest, sessionId, signingFlagType);
Condition.IsTrue(status == ModelSmb2Status.STATUS_SUCCESS);
Session_IsExisted = true;
}
public Smb2SessionSetupResponsePacket CreateSessionSetupResponse(
Smb2Endpoint endpoint,
ulong messageId,
ulong sessionId,
SessionFlags_Values sessionFlags
)
{
//This is for re-authenticate. the state is used to indicate user that
//the authenticate process in not complete.
if (context.globalSessionTable.ContainsKey(sessionId))
{
context.globalSessionTable[sessionId].state = SessionState.InProgress;
}
Smb2SessionSetupResponsePacket packet = new Smb2SessionSetupResponsePacket();
SetHeader(packet, 0, endpoint, messageId);
packet.Header.SessionId = sessionId;
packet.PayLoad.StructureSize = SESSION_SETUP_Response_StructureSize_Values.V1;
packet.PayLoad.SessionFlags = sessionFlags;
Smb2SessionSetupRequestPacket requestPacket = context.FindRequestPacket(endpoint.EndpointId, messageId)
as Smb2SessionSetupRequestPacket;
if (context.connectionList[endpoint.EndpointId].gss == null)
{
context.connectionList[endpoint.EndpointId].gss = new SspiServerSecurityContext(
context.connectionList[endpoint.EndpointId].packageType,
context.connectionList[endpoint.EndpointId].credential,
null,
context.connectionList[endpoint.EndpointId].contextAttribute,
SecurityTargetDataRepresentation.SecurityNativeDrep);
context.connectionList[endpoint.EndpointId].gss.Accept(requestPacket.PayLoad.Buffer);
}
else
{
context.connectionList[endpoint.EndpointId].gss.Accept(requestPacket.PayLoad.Buffer);
}
if (context.connectionList[endpoint.EndpointId].gss.NeedContinueProcessing)
{
packet.Header.Status = (uint)Smb2Status.STATUS_MORE_PROCESSING_REQUIRED;
}
packet.PayLoad.Buffer = context.connectionList[endpoint.EndpointId].gss.Token;
packet.PayLoad.SecurityBufferOffset = Smb2Consts.SecurityBufferOffsetInSessionSetup;
packet.PayLoad.SecurityBufferLength = (ushort)packet.PayLoad.Buffer.Length;
packet.Sign();
return packet;
}
