public void ReadConfig(out EncryptionConfig c) { if (!testConfig.IsEncryptionSupported) { Site.Assert.Inconclusive("This test case is not applicable due to Encryption is not supported"); } c = new EncryptionConfig { MaxSmbVersionSupported = ModelUtility.GetModelDialectRevision(testConfig.MaxSmbVersionSupported), IsGlobalEncryptDataEnabled = testConfig.IsGlobalEncryptDataEnabled, IsGlobalRejectUnencryptedAccessEnabled = testConfig.IsGlobalRejectUnencryptedAccessEnabled, Platform = testConfig.Platform == Platform.WindowsServer2016 ? Platform.WindowsServer2012R2 : testConfig.Platform }; encryptionConfig = c; Site.Log.Add(LogEntryKind.Debug, encryptionConfig.ToString()); }
private static bool VerifyTreeConnect(ModelSmb2Status status, ModelRequestType modelRequestType, EncryptionConfig c) { ModelHelper.Log(LogType.Requirement, "3.3.5.2.11 Verifying the Tree Connect"); if (Encryption_TreeId == EncryptionTreeId.NoTreeId) { ModelHelper.Log(LogType.Requirement, "The server MUST look up the TreeConnect in Session.TreeConnectTable by using the TreeId in the SMB2 header of the request. " + "If no tree connect is found, the request MUST be failed with STATUS_NETWORK_NAME_DELETED."); ModelHelper.Log(LogType.TestInfo, "No tree connect is found."); ModelHelper.Log(LogType.TestTag, TestTag.InvalidIdentifier); Condition.IsTrue(status == ModelSmb2Status.STATUS_NETWORK_NAME_DELETED); return false; } if (ModelUtility.IsSmb3xFamily(config.MaxSmbVersionSupported)) { ModelHelper.Log(LogType.Requirement, "If the server implements the SMB 3.x dialect family, it MUST return STATUS_ACCESS_DENIED for the following cases:"); ModelHelper.Log(LogType.TestInfo, "The server implements {0}.", config.MaxSmbVersionSupported); if (Encryption_TreeId == EncryptionTreeId.TreeIdToEncryptShare && config.IsGlobalRejectUnencryptedAccessEnabled && modelRequestType == ModelRequestType.UnEncryptedRequest) { ModelHelper.Log(LogType.Requirement, "\tIf TreeConnect.Share.EncryptData is TRUE, RejectUnencryptedAccess is TRUE, and Request.IsEncrypted is FALSE."); ModelHelper.Log(LogType.TestInfo, "The above conditions are met."); ModelHelper.Log(LogType.TestTag, TestTag.Compatibility); Condition.IsTrue(status == ModelSmb2Status.STATUS_ACCESS_DENIED); return false; } else if (config.IsGlobalEncryptDataEnabled && config.IsGlobalRejectUnencryptedAccessEnabled && modelRequestType == ModelRequestType.UnEncryptedRequest) { ModelHelper.Log(LogType.Requirement, "\tIf EncryptData is TRUE, RejectUnencryptedAccess is TRUE, and Request.IsEncrypted is FALSE."); ModelHelper.Log(LogType.TestInfo, "The above conditions are met."); ModelHelper.Log(LogType.TestTag, TestTag.Compatibility); Condition.IsTrue(status == ModelSmb2Status.STATUS_ACCESS_DENIED); return false; } } if (ModelUtility.IsSmb3xFamily(config.MaxSmbVersionSupported) && (config.IsGlobalEncryptDataEnabled || Encryption_TreeId == EncryptionTreeId.TreeIdToEncryptShare || modelRequestType == ModelRequestType.EncryptedRequest) && config.IsGlobalRejectUnencryptedAccessEnabled && !Connection_ServerCapabilities_SMB2_GLOBAL_CAP_ENCRYPTION) { ModelHelper.Log(LogType.Requirement, "If the server implements the SMB 3.x dialect family, EncryptData or TreeConnect.Share.EncryptData or Request.IsEncrypted is TRUE, " + "RejectUnencryptedAccess is TRUE, and Connection.ServerCapabilities does not include SMB2_GLOBAL_CAP_ENCRYPTION, " + "the server SHOULD fail the request with STATUS_ACCESS_DENIED."); Condition.IsTrue(config.Platform == c.Platform); ModelHelper.Log(LogType.TestInfo, "The server implements {0}, EncryptData is {1}, TreeConnect.Share.EncryptData is {2}, " + "Request.IsEncrypted is {3}, RejectUnencryptedAccess is TRUE, " + "and Connection.ServerCapabilities does not include SMB2_GLOBAL_CAP_ENCRYPTION.", config.MaxSmbVersionSupported, config.IsGlobalEncryptDataEnabled, Encryption_TreeId == EncryptionTreeId.TreeIdToEncryptShare ? "TRUE" : "FALSE", modelRequestType == ModelRequestType.EncryptedRequest ? "TRUE" : "FALSE"); ModelHelper.Log(LogType.TestInfo, "The SUT platform is {0}.", config.Platform); ModelHelper.Log(LogType.TestTag, TestTag.Compatibility); if (config.Platform == Platform.NonWindows) { Condition.IsTrue(status != ModelSmb2Status.STATUS_SUCCESS); } else { Condition.IsTrue(status == ModelSmb2Status.STATUS_ACCESS_DENIED); } return false; } return true; }
public static void TreeConnectResponse( ModelSmb2Status status, ShareEncryptDataType shareEncryptDataType, ModelResponseType modelResponseType, EncryptionConfig c) { Condition.IsTrue(state == ModelState.Connected); Condition.IsTrue(config.IsGlobalRejectUnencryptedAccessEnabled == c.IsGlobalRejectUnencryptedAccessEnabled); ModelTreeConnectRequest treeConnectRequest = ModelHelper.RetrieveOutstandingRequest<ModelTreeConnectRequest>(ref request); if (!VerifySession(status, treeConnectRequest.modelRequestType)) { return; } if (ModelUtility.IsSmb3xFamily(config.MaxSmbVersionSupported) && (config.IsGlobalEncryptDataEnabled || treeConnectRequest.connectToShareType == ConnectToShareType.ConnectToEncryptedShare) && config.IsGlobalRejectUnencryptedAccessEnabled && !Connection_ServerCapabilities_SMB2_GLOBAL_CAP_ENCRYPTION) { ModelHelper.Log(LogType.Requirement, "3.3.5.7: If the server implements the SMB 3.x dialect family, EncryptData or Share.EncryptData is TRUE, " + "RejectUnencryptedAccess is TRUE, and Connection.ServerCapabilities does not include SMB2_GLOBAL_CAP_ENCRYPTION, " + "the server SHOULD fail the request with STATUS_ACCESS_DENIED."); Condition.IsTrue(config.Platform == c.Platform); ModelHelper.Log(LogType.TestInfo, "The server implements {0}, EncryptData is {1}, Share.EncryptData is {2}, RejectUnencryptedAccess is TRUE, " + "Connection.ServerCapabilities does not include SMB2_GLOBAL_CAP_ENCRYPTION.", config.MaxSmbVersionSupported, config.IsGlobalEncryptDataEnabled, treeConnectRequest.connectToShareType == ConnectToShareType.ConnectToEncryptedShare ? "TRUE" : "FALSE"); ModelHelper.Log(LogType.TestInfo, "The SUT platform is {0}.", config.Platform); ModelHelper.Log(LogType.TestTag, TestTag.Compatibility); if (config.Platform == Platform.NonWindows) { Condition.IsTrue(status != ModelSmb2Status.STATUS_SUCCESS); } else { Condition.IsTrue(status == ModelSmb2Status.STATUS_ACCESS_DENIED); } return; } if (Smb2Utility.IsSmb3xFamily(negotiateDialect) && treeConnectRequest.connectToShareType == ConnectToShareType.ConnectToEncryptedShare) { ModelHelper.Log(LogType.Requirement, "3.3.5.7: If Connection.Dialect belongs to the SMB 3.x dialect family, " + "and Share.EncryptData is TRUE, the server MUST do the following:"); ModelHelper.Log(LogType.Requirement, "\tSet the SMB2_SHAREFLAG_ENCRYPT_DATA bit."); ModelHelper.Log(LogType.TestInfo, "Connection.Dialect is {0}, and Share.EncryptData is TRUE.", negotiateDialect); Condition.IsTrue(shareEncryptDataType== ShareEncryptDataType.ShareEncryptDataSet); } //TODO: To be implemented after TRANSFORM_HEADER added into Smb2FunctionalClient if (treeConnectRequest.modelRequestType == ModelRequestType.EncryptedRequest) { Condition.IsTrue(modelResponseType == ModelResponseType.EncryptedResponse); } else { Condition.IsTrue(modelResponseType == ModelResponseType.UnEncryptedResponse); } Condition.IsTrue(status == ModelSmb2Status.STATUS_SUCCESS); Encryption_TreeId = (treeConnectRequest.connectToShareType == ConnectToShareType.ConnectToEncryptedShare) ? EncryptionTreeId.TreeIdToEncryptShare : EncryptionTreeId.TreeIdToUnEncryptShare; }
public static void SessionSetupResponse(ModelSmb2Status status, SessionEncryptDataType sessionEncryptDataType, EncryptionConfig c) { Condition.IsTrue(state == ModelState.Connected); Condition.IsTrue(config.IsGlobalEncryptDataEnabled == c.IsGlobalEncryptDataEnabled); Condition.IsTrue(config.IsGlobalRejectUnencryptedAccessEnabled == c.IsGlobalRejectUnencryptedAccessEnabled); if (ModelUtility.IsSmb3xFamily(config.MaxSmbVersionSupported) && !Smb2Utility.IsSmb3xFamily(negotiateDialect) && config.IsGlobalEncryptDataEnabled && config.IsGlobalRejectUnencryptedAccessEnabled) { ModelHelper.Log(LogType.Requirement, "3.3.5.5: 1. If the server implements the SMB 3.x dialect family, " + "Connection.Dialect does not belong to the SMB 3.x dialect family, EncryptData is TRUE, " + "and RejectUnencryptedAccess is TRUE, the server MUST fail the request with STATUS_ACCESS_DENIED."); ModelHelper.Log(LogType.TestInfo, "The server implements {0}, Connection.Dialect is {1}, EncryptData is TRUE and RejectUnencryptedAccess is TRUE", config.MaxSmbVersionSupported, negotiateDialect); ModelHelper.Log(LogType.TestTag, TestTag.Compatibility); Condition.IsTrue(status == ModelSmb2Status.STATUS_ACCESS_DENIED); return; } if (Smb2Utility.IsSmb3xFamily(negotiateDialect) && config.IsGlobalEncryptDataEnabled && config.IsGlobalRejectUnencryptedAccessEnabled && !Connection_ClientCapabilities_SMB2_GLOBAL_CAP_ENCRYPTION) { ModelHelper.Log(LogType.Requirement, "3.3.5.5: 2. If Connection.Dialect belongs to the SMB 3.x dialect family, " + "EncryptData is TRUE, RejectUnencryptedAccess is TRUE, " + "and Connection.ClientCapabilities does not include the SMB2_GLOBAL_CAP_ENCRYPTION bit, " + "the server MUST fail the request with STATUS_ACCESS_DENIED."); ModelHelper.Log(LogType.TestInfo, "Connection.Dialect is {0}, EncryptData is TRUE, RejectUnencryptedAccess is TRUE, " + "and Connection.ClientCapabilities does not include the SMB2_GLOBAL_CAP_ENCRYPTION bit.", negotiateDialect); ModelHelper.Log(LogType.TestTag, TestTag.Compatibility); Condition.IsTrue(status == ModelSmb2Status.STATUS_ACCESS_DENIED); return; } if (Smb2Utility.IsSmb3xFamily(negotiateDialect) && config.IsGlobalEncryptDataEnabled && Connection_ClientCapabilities_SMB2_GLOBAL_CAP_ENCRYPTION) { ModelHelper.Log(LogType.Requirement, "3.3.5.5.3: 10. If Connection.Dialect belongs to the SMB 3.x dialect family, global EncryptData is TRUE, " + "and Connection.ClientCapabilities includes the SMB2_GLOBAL_CAP_ENCRYPTION bit, the server MUST do the following:"); ModelHelper.Log(LogType.TestInfo, "Connection.Dialect is {0}, global EncryptData is TRUE, " + "and Connection.ClientCapabilities includes the SMB2_GLOBAL_CAP_ENCRYPTION bit", negotiateDialect); ModelHelper.Log(LogType.Requirement, "\tSet the SMB2_SESSION_FLAG_ENCRYPT_DATA flag in the SessionFlags field of the SMB2 SESSION_SETUP Response."); ModelHelper.Log(LogType.TestInfo, "SMB2_SESSION_FLAG_ENCRYPT_DATA flag is set in SESSION_SETUP Response."); Condition.IsTrue(sessionEncryptDataType == SessionEncryptDataType.SessionEncryptDataSet); Session_EncryptData = SessionEncryptDataType.SessionEncryptDataSet; } Condition.IsTrue(status == Smb2Status.STATUS_SUCCESS); }
public static void ReadConfigReturn(EncryptionConfig c) { Condition.IsTrue(state == ModelState.Uninitialized); Condition.IsNotNull(c); negotiateDialect = DialectRevision.Smb2Unknown; // Force SE to expand Config.MaxSmbVersionServerSupported Condition.IsTrue(c.MaxSmbVersionSupported == ModelDialectRevision.Smb2002 || c.MaxSmbVersionSupported == ModelDialectRevision.Smb21 || c.MaxSmbVersionSupported == ModelDialectRevision.Smb30 || c.MaxSmbVersionSupported == ModelDialectRevision.Smb302); config = c; request = null; state = ModelState.Initialized; }
public static void FileOperationVerifyEncryptionResponse(ModelSmb2Status status, ModelResponseType modelResponseType, EncryptionConfig c) { Condition.IsTrue(state == ModelState.Connected); Condition.IsTrue(config.IsGlobalRejectUnencryptedAccessEnabled == c.IsGlobalRejectUnencryptedAccessEnabled); ModelFileOperationVerifyEncryptionRequest createFileRequest = ModelHelper.RetrieveOutstandingRequest<ModelFileOperationVerifyEncryptionRequest>(ref request); if (!VerifySession(status, createFileRequest.modelRequestType)) { return; } if (!VerifyTreeConnect(status, createFileRequest.modelRequestType, c)) { return; } //TODO: To be implemented after TRANSFORM_HEADER added into Smb2FunctionalClient if (createFileRequest.modelRequestType == ModelRequestType.EncryptedRequest) { Condition.IsTrue(modelResponseType == ModelResponseType.EncryptedResponse); } else { Condition.IsTrue(modelResponseType == ModelResponseType.UnEncryptedResponse); } Condition.IsTrue(status == Smb2Status.STATUS_SUCCESS); }
public void ReadConfig(out EncryptionConfig c) { if (!testConfig.IsEncryptionSupported) { Site.Assert.Inconclusive("This test case is not applicable due to Encryption is not supported"); } c = new EncryptionConfig { MaxSmbVersionSupported = ModelUtility.GetModelDialectRevision(testConfig.MaxSmbVersionSupported), IsGlobalEncryptDataEnabled = testConfig.IsGlobalEncryptDataEnabled, IsGlobalRejectUnencryptedAccessEnabled = testConfig.IsGlobalRejectUnencryptedAccessEnabled, Platform = testConfig.Platform == Platform.WindowsServer2016 ? Platform.WindowsServer2012R2 : testConfig.Platform }; encryptionConfig = c; Site.Log.Add(LogEntryKind.Debug, encryptionConfig.ToString()); }