private uint SessionSetup(
Packet_Header_Flags_Values headerFlags,
SESSION_SETUP_Request_Flags sessionSetupFlags,
SESSION_SETUP_Request_SecurityMode_Values securityMode,
SESSION_SETUP_Request_Capabilities_Values capabilities,
ulong previousSessionId,
SecurityPackageType securityPackageType,
string serverName,
byte[] token,
out byte[] serverGssToken,
ushort creditRequest = 64)
{
Packet_Header header;
SESSION_SETUP_Response sessionSetupResponse;
uint status;
status = client.SessionSetup(
1,
creditRequest,
headerFlags,
messageId++,
sessionId,
sessionSetupFlags,
securityMode,
capabilities,
previousSessionId,
token,
out sessionId,
out serverGssToken,
out header,
out sessionSetupResponse);
return(status);
}
private SESSION_SETUP_Request_SecurityMode_Values GetSessionSetupSecurityMode(SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType)
{
SESSION_SETUP_Request_SecurityMode_Values securityMode = SESSION_SETUP_Request_SecurityMode_Values.NONE;
if (signingEnabledType == SigningEnabledType.SigningEnabledSet)
{
securityMode |= SESSION_SETUP_Request_SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED;
}
if (signingRequiredType == SigningRequiredType.SigningRequiredSet)
{
securityMode |= SESSION_SETUP_Request_SecurityMode_Values.NEGOTIATE_SIGNING_REQUIRED;
}
return(securityMode);
}
/// <summary>
/// Send an SMB2 SESSION_SETUP request with specified parameters
/// </summary>
/// <param name="headerFlags">A Flags field indicates how to process the operation.</param>
/// <param name="sessionSetupFlags">To bind an existing session to a new connection,set to SMB2_SESSION_FLAG_BINDING to bind; otherwise set it to NONE.</param>
/// <param name="securityMode">The security mode field specifies whether SMB signing is enabled, required at the server, or both</param>
/// <param name="capabilities">Specifies protocol capabilities for the client.</param>
/// <param name="token">Gss token to send</param>
/// <param name="serverToken">GssToken returned from server</param>
/// <param name="isResponseEncryptedSessionFlag">check if SESSION_FLAG_ENCRYPT_DATA returned from server</param>
/// <param name="creditRequest">The number of credits the client is requesting. Default value is 64.</param>
/// <param name="previousSessionId">For reconnect, set it to previous sessionId, otherwise set it to 0. Default value is 0.</param>
/// <returns>The status code for SESSION_SETUP Response.</returns>
public uint SessionSetup(
Packet_Header_Flags_Values headerFlags,
SESSION_SETUP_Request_Flags sessionSetupFlags,
SESSION_SETUP_Request_SecurityMode_Values securityMode,
SESSION_SETUP_Request_Capabilities_Values capabilities,
byte[] token,
out byte[] serverToken,
out bool isResponseEncryptedSessionFlag,
ushort creditRequest = 64,
ulong previousSessionId = 0)
{
Packet_Header header;
SESSION_SETUP_Response sessionSetupResponse;
ulong messageId = generateMessageId(sequenceWindow);
ushort creditCharge = generateCreditCharge(1);
// Need to consume credit from sequence window first according to TD
ConsumeCredit(messageId, creditCharge);
uint status = Smb2Client.SessionSetup(
1,
creditRequest,
headerFlags,
messageId,
sessionId,
sessionSetupFlags,
securityMode,
capabilities,
previousSessionId,
token,
out sessionId,
out serverToken,
out header,
out sessionSetupResponse);
isResponseEncryptedSessionFlag = sessionSetupResponse.SessionFlags.HasFlag(SessionFlags_Values.SESSION_FLAG_ENCRYPT_DATA);
ProduceCredit(messageId, header);
return(status);
}
public uint SessionSetup(
SESSION_SETUP_Request_SecurityMode_Values securityMode,
SESSION_SETUP_Request_Capabilities_Values capabilities,
SecurityPackageType securityPackageType,
string serverName,
byte[] token,
out byte[] serverGssToken,
ushort creditRequest = 64)
{
return(SessionSetup(
Packet_Header_Flags_Values.NONE,
SESSION_SETUP_Request_Flags.NONE,
securityMode,
capabilities,
0,
securityPackageType,
serverName,
token,
out serverGssToken,
creditRequest));
}
/// <summary>
/// Send an SMB2 SESSION_SETUP request with specified parameters
/// </summary>
/// <param name="headerFlags">A Flags field indicates how to process the operation.</param>
/// <param name="sessionSetupFlags">To bind an existing session to a new connection,set to SMB2_SESSION_FLAG_BINDING to bind; otherwise set it to NONE.</param>
/// <param name="securityMode">The security mode field specifies whether SMB signing is enabled, required at the server, or both</param>
/// <param name="capabilities">Specifies protocol capabilities for the client.</param>
/// <param name="token">Gss token to send</param>
/// <param name="serverToken">GssToken returned from server</param>
/// <param name="creditRequest">The number of credits the client is requesting. Default value is 64.</param>
/// <param name="previousSessionId">For reconnect, set it to previous sessionId, otherwise set it to 0. Default value is 0.</param>
/// <returns>The status code for SESSION_SETUP Response.</returns>
public uint SessionSetup(
Packet_Header_Flags_Values headerFlags,
SESSION_SETUP_Request_Flags sessionSetupFlags,
SESSION_SETUP_Request_SecurityMode_Values securityMode,
SESSION_SETUP_Request_Capabilities_Values capabilities,
byte[] token,
out byte[] serverToken,
ushort creditRequest = 64,
ulong previousSessionId = 0)
{
Packet_Header header;
SESSION_SETUP_Response sessionSetupResponse;
ulong messageId = generateMessageId(sequenceWindow);
ushort creditCharge = generateCreditCharge(1);
// Need to consume credit from sequence window first according to TD
ConsumeCredit(messageId, creditCharge);
uint status = Smb2Client.SessionSetup(
1,
creditRequest,
headerFlags,
messageId,
sessionId,
sessionSetupFlags,
securityMode,
capabilities,
previousSessionId,
token,
out sessionId,
out serverToken,
out header,
out sessionSetupResponse);
ProduceCredit(messageId, header);
return status;
}
public uint Smb2AlternativeChannelSessionSetup(
Smb2OverSmbdTestClient mainChannelClient,
string domainName,
string userName,
string password,
string serverName,
SESSION_SETUP_Request_SecurityMode_Values securityMode = SESSION_SETUP_Request_SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED,
SESSION_SETUP_Request_Capabilities_Values capabilities = SESSION_SETUP_Request_Capabilities_Values.GLOBAL_CAP_DFS,
ushort creditRequest = 64)
{
sessionId = mainChannelClient.sessionId;
sessionKey = mainChannelClient.sessionKey;
Smb2SetSessionSigningAndEncryption(true, false);
Packet_Header header;
SESSION_SETUP_Response sessionSetupResponse;
SspiClientSecurityContext sspiClientGss =
new SspiClientSecurityContext(
SecurityPackageType.Negotiate,
new AccountCredential(domainName, userName, password),
Smb2Utility.GetCifsServicePrincipalName(serverName),
ClientSecurityContextAttribute.None,
SecurityTargetDataRepresentation.SecurityNativeDrep
);
// Server GSS token is used only for Negotiate authentication
sspiClientGss.Initialize(gssToken);
uint status;
do
{
status = SessionSetup(
1,
creditRequest,
Packet_Header_Flags_Values.FLAGS_SIGNED,
messageId,
sessionId,
SESSION_SETUP_Request_Flags.SESSION_FLAG_BINDING,
securityMode,
capabilities,
0,
sspiClientGss.Token,
out sessionId,
out gssToken,
out header,
out sessionSetupResponse
);
CalculateSmb2AvailableCredits(1, packetHeader.CreditRequestResponse);
if ((status == Smb2Status.STATUS_MORE_PROCESSING_REQUIRED || status == Smb2Status.STATUS_SUCCESS) &&
gssToken != null && gssToken.Length > 0)
{
sspiClientGss.Initialize(gssToken);
}
} while (status == Smb2Status.STATUS_MORE_PROCESSING_REQUIRED);
if (status == Smb2Status.STATUS_SUCCESS)
{
sessionKey = sspiClientGss.SessionKey;
Smb2SetSessionSigningAndEncryption(true, false, true);
}
return(status);
}
