internal static SMB1Command GetRenameResponse(SMB1Header header, RenameRequest request, ISMBShare share, SMB1ConnectionState state)
{
SMB1Session session = state.GetSession(header.UID);
if (share is FileSystemShare)
{
if (!((FileSystemShare)share).HasWriteAccess(session.SecurityContext, request.OldFileName))
{
state.LogToServer(Severity.Verbose, "Rename '{0}{1}' to '{0}{2}' failed. User '{3}' was denied access.", share.Name, request.OldFileName, request.NewFileName, session.UserName);
header.Status = NTStatus.STATUS_ACCESS_DENIED;
return(new ErrorResponse(request.CommandName));
}
if (!((FileSystemShare)share).HasWriteAccess(session.SecurityContext, request.NewFileName))
{
state.LogToServer(Severity.Verbose, "Rename '{0}{1}' to '{0}{2}' failed. User '{3}' was denied access.", share.Name, request.OldFileName, request.NewFileName, session.UserName);
header.Status = NTStatus.STATUS_ACCESS_DENIED;
return(new ErrorResponse(request.CommandName));
}
}
header.Status = SMB1FileStoreHelper.Rename(share.FileStore, request.OldFileName, request.NewFileName, request.SearchAttributes, session.SecurityContext);
if (header.Status != NTStatus.STATUS_SUCCESS)
{
state.LogToServer(Severity.Verbose, "Rename '{0}{1}' to '{0}{2}' failed. NTStatus: {3}.", share.Name, request.OldFileName, request.NewFileName, header.Status);
return(new ErrorResponse(request.CommandName));
}
state.LogToServer(Severity.Verbose, "Rename: User '{0}' renamed '{1}{2}' to '{1}{3}'.", session.UserName, share.Name, request.OldFileName, request.NewFileName);
return(new RenameResponse());
}
internal static SMB1Command GetSetInformation2Response(SMB1Header header, SetInformation2Request request, ISMBShare share, SMB1ConnectionState state)
{
SMB1Session session = state.GetSession(header.UID);
OpenFileObject openFile = session.GetOpenFileObject(request.FID);
if (openFile == null)
{
state.LogToServer(Severity.Verbose, "Set Information 2 failed. Invalid FID. (UID: {0}, TID: {1}, FID: {2})", header.UID, header.TID, request.FID);
header.Status = NTStatus.STATUS_SMB_BAD_FID;
return(new ErrorResponse(request.CommandName));
}
if (share is FileSystemShare)
{
if (!((FileSystemShare)share).HasWriteAccess(session.SecurityContext, openFile.Path))
{
state.LogToServer(Severity.Verbose, "Set Information 2 on '{0}{1}' failed. User '{2}' was denied access.", share.Name, openFile.Path, session.UserName);
header.Status = NTStatus.STATUS_ACCESS_DENIED;
return(new ErrorResponse(request.CommandName));
}
}
header.Status = SMB1FileStoreHelper.SetInformation2(share.FileStore, openFile.Handle, request.CreationDateTime, request.LastAccessDateTime, request.LastWriteDateTime);
if (header.Status != NTStatus.STATUS_SUCCESS)
{
state.LogToServer(Severity.Verbose, "Set Information 2 on '{0}{1}' failed. NTStatus: {2}", share.Name, openFile.Path, header.Status);
return(new ErrorResponse(request.CommandName));
}
state.LogToServer(Severity.Verbose, "Set Information 2 on '{0}{1}' succeeded.", share.Name, openFile.Path);
return(new SetInformation2Response());
}
internal static SMB1Command GetQueryInformationResponse(SMB1Header header, QueryInformationRequest request, ISMBShare share, SMB1ConnectionState state)
{
SMB1Session session = state.GetSession(header.UID);
string path = request.FileName;
if (!path.StartsWith(@"\"))
{
path = @"\" + path;
}
if (share is FileSystemShare)
{
if (!((FileSystemShare)share).HasReadAccess(session.SecurityContext, path))
{
state.LogToServer(Severity.Verbose, "Query Information on '{0}{1}' failed. User '{2}' was denied access.", share.Name, path, session.UserName);
header.Status = NTStatus.STATUS_ACCESS_DENIED;
return(new ErrorResponse(request.CommandName));
}
}
FileNetworkOpenInformation fileInfo;
header.Status = SMB1FileStoreHelper.QueryInformation(out fileInfo, share.FileStore, path, session.SecurityContext);
if (header.Status != NTStatus.STATUS_SUCCESS)
{
return(new ErrorResponse(request.CommandName));
}
QueryInformationResponse response = new QueryInformationResponse();
response.FileAttributes = SMB1FileStoreHelper.GetFileAttributes(fileInfo.FileAttributes);
response.LastWriteTime = fileInfo.LastWriteTime;
response.FileSize = (uint)Math.Min(UInt32.MaxValue, fileInfo.EndOfFile);
return(response);
}
internal static SMB1Command GetCheckDirectoryResponse(SMB1Header header, CheckDirectoryRequest request, ISMBShare share, SMB1ConnectionState state)
{
SMB1Session session = state.GetSession(header.UID);
string path = request.DirectoryName;
if (!path.StartsWith(@"\"))
{
path = @"\" + path;
}
if (share is FileSystemShare)
{
if (!((FileSystemShare)share).HasReadAccess(session.SecurityContext, path))
{
state.LogToServer(Severity.Verbose, "Check Directory '{0}{1}' failed. User '{2}' was denied access.", share.Name, path, session.UserName);
header.Status = NTStatus.STATUS_ACCESS_DENIED;
return(new ErrorResponse(request.CommandName));
}
}
header.Status = SMB1FileStoreHelper.CheckDirectory(share.FileStore, path, session.SecurityContext);
if (header.Status != NTStatus.STATUS_SUCCESS)
{
return(new ErrorResponse(request.CommandName));
}
return(new CheckDirectoryResponse());
}
/// <summary>
/// There are no secondary response messages.
/// The client MUST send as many secondary requests as are needed to complete the transfer of the transaction request.
/// </summary>
internal static List <SMB1Command> GetNTTransactResponse(SMB1Header header, NTTransactSecondaryRequest request, ISMBShare share, SMB1ConnectionState state)
{
ProcessStateObject processState = state.GetProcessState(header.PID);
if (processState == null)
{
throw new InvalidDataException();
}
ByteWriter.WriteBytes(processState.TransactionParameters, (int)request.ParameterDisplacement, request.TransParameters);
ByteWriter.WriteBytes(processState.TransactionData, (int)request.DataDisplacement, request.TransData);
processState.TransactionParametersReceived += request.TransParameters.Length;
processState.TransactionDataReceived += request.TransData.Length;
if (processState.TransactionParametersReceived < processState.TransactionParameters.Length ||
processState.TransactionDataReceived < processState.TransactionData.Length)
{
return(new List <SMB1Command>());
}
else
{
// We have a complete command
state.RemoveProcessState(header.PID);
return(GetCompleteNTTransactResponse(header, processState.MaxParameterCount, processState.MaxDataCount, (NTTransactSubcommandName)processState.SubcommandID, processState.TransactionSetup, processState.TransactionParameters, processState.TransactionData, share, state));
}
}
/// <summary>
/// The client MUST send as many secondary requests as are needed to complete the transfer of the transaction request.
/// </summary>
internal static List <SMB1Command> GetNTTransactResponse(SMB1Header header, NTTransactRequest request, ISMBShare share, SMB1ConnectionState state)
{
if (request.TransParameters.Length < request.TotalParameterCount ||
request.TransData.Length < request.TotalDataCount)
{
// A secondary transaction request is pending
ProcessStateObject processState = state.CreateProcessState(header.PID);
processState.SubcommandID = (ushort)request.Function;
processState.MaxParameterCount = request.MaxParameterCount;
processState.MaxDataCount = request.MaxDataCount;
processState.TransactionSetup = request.Setup;
processState.TransactionParameters = new byte[request.TotalParameterCount];
processState.TransactionData = new byte[request.TotalDataCount];
ByteWriter.WriteBytes(processState.TransactionParameters, 0, request.TransParameters);
ByteWriter.WriteBytes(processState.TransactionData, 0, request.TransData);
processState.TransactionParametersReceived += request.TransParameters.Length;
processState.TransactionDataReceived += request.TransData.Length;
return(new NTTransactInterimResponse());
}
else
{
// We have a complete command
return(GetCompleteNTTransactResponse(header, request.MaxParameterCount, request.MaxDataCount, request.Function, request.Setup, request.TransParameters, request.TransData, share, state));
}
}
internal static SMB1Command GetFindClose2Response(SMB1Header header, FindClose2Request request, SMB1ConnectionState state)
{
SMB1Session session = state.GetSession(header.UID);
session.RemoveOpenSearch(request.SearchHandle);
return(new FindClose2Response());
}
internal static void ProcessSubcommand(SMB1Header header, uint timeout, string name, TransactionWaitNamedPipeRequest subcommand, ISMBShare share, SMB1ConnectionState state)
{
if (!name.StartsWith(@"\PIPE\", StringComparison.OrdinalIgnoreCase))
{
// [MS-CIFS] The name field MUST be set to the name of the pipe being waited for, in the format \PIPE\<pipename>
state.LogToServer(Severity.Verbose, "TransactWaitNamedPipe failed. Invalid pipe name: {0}.", name);
header.Status = NTStatus.STATUS_INVALID_SMB;
}
string pipeName = name.Substring(6);
PipeWaitRequest pipeWaitRequest = new PipeWaitRequest();
pipeWaitRequest.Timeout = timeout;
pipeWaitRequest.TimeSpecified = true;
pipeWaitRequest.Name = pipeName;
byte[] input = pipeWaitRequest.GetBytes();
byte[] output;
header.Status = share.FileStore.DeviceIOControl(null, (uint)IoControlCode.FSCTL_PIPE_WAIT, input, out output, 0);
if (header.Status != NTStatus.STATUS_SUCCESS)
{
state.LogToServer(Severity.Verbose, "TransactWaitNamedPipe failed. Pipe name: {0}. NTStatus: {1}.", pipeName, header.Status);
}
else
{
state.LogToServer(Severity.Verbose, "TransactWaitNamedPipe succeeded. Pipe name: {0}.", pipeName);
}
}
private static void PrepareResponseHeader(SMB1Header responseHeader, SMB1Header requestHeader)
{
responseHeader.Status = NTStatus.STATUS_SUCCESS;
responseHeader.Flags = HeaderFlags.CaseInsensitive | HeaderFlags.CanonicalizedPaths | HeaderFlags.Reply;
responseHeader.Flags2 = HeaderFlags2.NTStatusCode;
if ((requestHeader.Flags2 & HeaderFlags2.LongNamesAllowed) > 0)
{
responseHeader.Flags2 |= HeaderFlags2.LongNamesAllowed | HeaderFlags2.LongNameUsed;
}
if ((requestHeader.Flags2 & HeaderFlags2.ExtendedAttributes) > 0)
{
responseHeader.Flags2 |= HeaderFlags2.ExtendedAttributes;
}
if ((requestHeader.Flags2 & HeaderFlags2.ExtendedSecurity) > 0)
{
responseHeader.Flags2 |= HeaderFlags2.ExtendedSecurity;
}
if ((requestHeader.Flags2 & HeaderFlags2.Unicode) > 0)
{
responseHeader.Flags2 |= HeaderFlags2.Unicode;
}
responseHeader.MID = requestHeader.MID;
responseHeader.PID = requestHeader.PID;
responseHeader.UID = requestHeader.UID;
responseHeader.TID = requestHeader.TID;
}
internal static SMB1Command GetWriteResponse(SMB1Header header, WriteRequest request, ISMBShare share, SMB1ConnectionState state)
{
SMB1Session session = state.GetSession(header.UID);
OpenFileObject openFile = session.GetOpenFileObject(request.FID);
if (openFile == null)
{
state.LogToServer(Severity.Verbose, "Write failed. Invalid FID. (UID: {0}, TID: {1}, FID: {2})", header.UID, header.TID, request.FID);
header.Status = NTStatus.STATUS_INVALID_HANDLE;
return(new ErrorResponse(request.CommandName));
}
if (share is FileSystemShare)
{
if (!((FileSystemShare)share).HasWriteAccess(session.SecurityContext, openFile.Path))
{
state.LogToServer(Severity.Verbose, "Write to '{0}{1}' failed. User '{2}' was denied access.", share.Name, openFile.Path, session.UserName);
header.Status = NTStatus.STATUS_ACCESS_DENIED;
return(new ErrorResponse(request.CommandName));
}
}
int numberOfBytesWritten;
header.Status = share.FileStore.WriteFile(out numberOfBytesWritten, openFile.Handle, request.WriteOffsetInBytes, request.Data);
if (header.Status != NTStatus.STATUS_SUCCESS)
{
state.LogToServer(Severity.Verbose, "Write to '{0}{1}' failed. NTStatus: {2}. (FID: {3})", share.Name, openFile.Path, header.Status, request.FID);
return(new ErrorResponse(request.CommandName));
}
WriteResponse response = new WriteResponse();
response.CountOfBytesWritten = (ushort)numberOfBytesWritten;
return(response);
}
internal static TransactionTransactNamedPipeResponse GetSubcommandResponse(SMB1Header header, uint maxDataCount, TransactionTransactNamedPipeRequest subcommand, ISMBShare share, SMB1ConnectionState state)
{
SMB1Session session = state.GetSession(header.UID);
OpenFileObject openFile = session.GetOpenFileObject(subcommand.FID);
if (openFile == null)
{
state.LogToServer(Severity.Verbose, "TransactNamedPipe failed. Invalid FID. (UID: {0}, TID: {1}, FID: {2})", header.UID, header.TID, subcommand.FID);
header.Status = NTStatus.STATUS_INVALID_HANDLE;
return(null);
}
int maxOutputLength = (int)maxDataCount;
byte[] output;
header.Status = share.FileStore.DeviceIOControl(openFile.Handle, (uint)IoControlCode.FSCTL_PIPE_TRANSCEIVE, subcommand.WriteData, out output, maxOutputLength);
if (header.Status != NTStatus.STATUS_SUCCESS && header.Status != NTStatus.STATUS_BUFFER_OVERFLOW)
{
state.LogToServer(Severity.Verbose, "TransactNamedPipe failed. NTStatus: {0}.", header.Status);
return(null);
}
TransactionTransactNamedPipeResponse response = new TransactionTransactNamedPipeResponse();
response.ReadData = output;
return(response);
}
internal static SMB1Command GetFlushResponse(SMB1Header header, FlushRequest request, ISMBShare share, SMB1ConnectionState state)
{
SMB1Session session = state.GetSession(header.UID);
if (request.FID == 0xFFFF)
{
// [MS-CIFS] If the FID is 0xFFFF, the Server.Connection.FileOpenTable MUST be scanned for
// all files that were opened by the PID listed in the request header.
// The server MUST attempt to flush each Server.Open so listed.
return(new FlushResponse());
}
OpenFileObject openFile = session.GetOpenFileObject(request.FID);
if (openFile == null)
{
state.LogToServer(Severity.Verbose, "Flush failed. Invalid FID. (UID: {0}, TID: {1}, FID: {2})", header.UID, header.TID, request.FID);
header.Status = NTStatus.STATUS_INVALID_HANDLE;
return(new ErrorResponse(request.CommandName));
}
header.Status = share.FileStore.FlushFileBuffers(openFile.Handle);
if (header.Status != NTStatus.STATUS_SUCCESS)
{
state.LogToServer(Severity.Verbose, "Flush '{0}{1}' failed. NTStatus: {2}. (FID: {3})", share.Name, openFile.Path, header.Status, request.FID);
return(new ErrorResponse(request.CommandName));
}
return(new FlushResponse());
}
internal static SMB1Command GetReadResponse(SMB1Header header, ReadRequest request, ISMBShare share, SMB1ConnectionState state)
{
SMB1Session session = state.GetSession(header.UID);
OpenFileObject openFile = session.GetOpenFileObject(request.FID);
if (openFile == null)
{
header.Status = NTStatus.STATUS_INVALID_HANDLE;
return(null);
}
if (share is FileSystemShare)
{
if (!((FileSystemShare)share).HasReadAccess(session.SecurityContext, openFile.Path))
{
state.LogToServer(Severity.Verbose, "Read from '{0}{1}' failed. User '{2}' was denied access.", share.Name, openFile.Path, session.UserName);
header.Status = NTStatus.STATUS_ACCESS_DENIED;
return(new ErrorResponse(request.CommandName));
}
}
byte[] data;
header.Status = share.FileStore.ReadFile(out data, openFile.Handle, request.ReadOffsetInBytes, request.CountOfBytesToRead);
if (header.Status != NTStatus.STATUS_SUCCESS)
{
return(new ErrorResponse(request.CommandName));
}
ReadResponse response = new ReadResponse();
response.Bytes = data;
response.CountOfBytesReturned = (ushort)data.Length;
return(response);
}
internal static NegotiateResponse GetNegotiateResponse(SMB1Header header, NegotiateRequest request, GSSProvider securityProvider, ConnectionState state)
{
NegotiateResponse response = new NegotiateResponse();
response.DialectIndex = (ushort)request.Dialects.IndexOf(SMBServer.NTLanManagerDialect);
response.SecurityMode = SecurityMode.UserSecurityMode | SecurityMode.EncryptPasswords;
response.MaxMpxCount = 50;
response.MaxNumberVcs = 1;
response.MaxBufferSize = 16644;
response.MaxRawSize = 65536;
response.Capabilities = ServerCapabilities.Unicode |
ServerCapabilities.LargeFiles |
ServerCapabilities.NTSMB |
ServerCapabilities.NTStatusCode |
ServerCapabilities.NTFind |
ServerCapabilities.LargeRead |
ServerCapabilities.LargeWrite;
response.SystemTime = DateTime.UtcNow;
response.ServerTimeZone = (short)-TimeZone.CurrentTimeZone.GetUtcOffset(DateTime.Now).TotalMinutes;
NegotiateMessage negotiateMessage = CreateNegotiateMessage();
ChallengeMessage challengeMessage;
NTStatus status = securityProvider.GetNTLMChallengeMessage(out state.AuthenticationContext, negotiateMessage, out challengeMessage);
if (status == NTStatus.SEC_I_CONTINUE_NEEDED)
{
response.Challenge = challengeMessage.ServerChallenge;
}
response.DomainName = String.Empty;
response.ServerName = String.Empty;
return(response);
}
/// <summary>
/// There are no secondary response messages.
/// The client MUST send as many secondary requests as are needed to complete the transfer of the transaction request.
/// The server MUST respond to the transaction request as a whole.
/// </summary>
internal static List <SMB1Command> GetTransactionResponse(SMB1Header header, TransactionSecondaryRequest request, ISMBShare share, SMB1ConnectionState state)
{
ProcessStateObject processState = state.GetProcessState(header.PID);
if (processState == null)
{
throw new InvalidRequestException();
}
ByteWriter.WriteBytes(processState.TransactionParameters, request.ParameterDisplacement, request.TransParameters);
ByteWriter.WriteBytes(processState.TransactionData, request.DataDisplacement, request.TransData);
processState.TransactionParametersReceived += request.TransParameters.Length;
processState.TransactionDataReceived += request.TransData.Length;
if (processState.TransactionParametersReceived < processState.TransactionParameters.Length ||
processState.TransactionDataReceived < processState.TransactionData.Length)
{
return(new List <SMB1Command>());
}
else
{
// We have a complete command
if (request is Transaction2SecondaryRequest)
{
return(GetCompleteTransaction2Response(header, processState.TransactionSetup, processState.TransactionParameters, processState.TransactionData, share, state));
}
else
{
return(GetCompleteTransactionResponse(header, processState.Name, processState.TransactionSetup, processState.TransactionParameters, processState.TransactionData, share, state));
}
}
}
private static NTTransactIOCTLResponse GetSubcommandResponse(SMB1Header header, NTTransactIOCTLRequest subcommand, ISMBShare share, SMB1ConnectionState state)
{
SMB1Session session = state.GetSession(header.UID);
NTTransactIOCTLResponse response = new NTTransactIOCTLResponse();
if (subcommand.IsFsctl)
{
OpenFileObject openFile = session.GetOpenFileObject(subcommand.FID);
if (openFile == null)
{
header.Status = NTStatus.STATUS_INVALID_HANDLE;
return(null);
}
int maxOutputLength = UInt16.MaxValue;
byte[] output;
header.Status = share.FileStore.DeviceIOControl(openFile.Handle, subcommand.FunctionCode, subcommand.Data, out output, maxOutputLength);
if (header.Status != NTStatus.STATUS_SUCCESS)
{
return(null);
}
response.Data = output;
return(response);
}
else
{
// [MS-SMB] If the IsFsctl field is set to zero, the server SHOULD fail the request with STATUS_NOT_SUPPORTED
header.Status = NTStatus.STATUS_NOT_SUPPORTED;
return(null);
}
}
internal static List <SMB1Command> GetLockingAndXResponse(SMB1Header header, LockingAndXRequest request, ISMBShare share, SMB1ConnectionState state)
{
SMB1Session session = state.GetSession(header.UID);
OpenFileObject openFile = session.GetOpenFileObject(request.FID);
if (openFile == null)
{
state.LogToServer(Severity.Verbose, "Locking failed. Invalid FID. (UID: {0}, TID: {1}, FID: {2})", header.UID, header.TID, request.FID);
header.Status = NTStatus.STATUS_INVALID_HANDLE;
return(new ErrorResponse(request.CommandName));
}
if ((request.TypeOfLock & LockType.CHANGE_LOCKTYPE) > 0)
{
// [MS-CIFS] Windows NT Server does not support the CHANGE_LOCKTYPE flag of TypeOfLock.
state.LogToServer(Severity.Verbose, "Locking failed. CHANGE_LOCKTYPE is not supported.");
header.Status = NTStatus.STATUS_NOT_IMPLEMENTED;
return(new ErrorResponse(request.CommandName));
}
if (request.Unlocks.Count == 0 && request.Locks.Count == 0)
{
// [MS-CIFS] If NumberOfRequestedUnlocks and NumberOfRequestedLocks are both zero [..] the server MUST NOT send an SMB_COM_LOCKING_ANDX Response.
return(new List <SMB1Command>());
}
// [MS-CIFS] If the CANCEL_LOCK bit is set, Windows NT servers cancel only the first lock request range listed in the lock array.
for (int lockIndex = 0; lockIndex < request.Unlocks.Count; lockIndex++)
{
LockingRange lockingRange = request.Unlocks[lockIndex];
header.Status = share.FileStore.UnlockFile(openFile.Handle, (long)lockingRange.ByteOffset, (long)lockingRange.LengthInBytes);
if (header.Status != NTStatus.STATUS_SUCCESS)
{
state.LogToServer(Severity.Verbose, "Locking: Unlocking '{0}{1}' failed. Offset: {2}, Length: {3}. NTStatus: {4}.", share.Name, openFile.Path, lockingRange.ByteOffset, lockingRange.LengthInBytes, header.Status);
return(new ErrorResponse(request.CommandName));
}
state.LogToServer(Severity.Verbose, "Locking: Unlocking '{0}{1}' succeeded. Offset: {2}, Length: {3}.", share.Name, openFile.Path, lockingRange.ByteOffset, lockingRange.LengthInBytes);
}
for (int lockIndex = 0; lockIndex < request.Locks.Count; lockIndex++)
{
LockingRange lockingRange = request.Locks[lockIndex];
bool exclusiveLock = (request.TypeOfLock & LockType.SHARED_LOCK) == 0;
header.Status = share.FileStore.LockFile(openFile.Handle, (long)lockingRange.ByteOffset, (long)lockingRange.LengthInBytes, exclusiveLock);
if (header.Status != NTStatus.STATUS_SUCCESS)
{
state.LogToServer(Severity.Verbose, "Locking: Locking '{0}{1}' failed. Offset: {2}, Length: {3}. NTStatus: {4}.", share.Name, openFile.Path, lockingRange.ByteOffset, lockingRange.LengthInBytes, header.Status);
// [MS-CIFS] This client request is atomic. If the area to be locked is already locked or the
// lock request otherwise fails, no other ranges specified in the client request are locked.
for (int index = 0; index < lockIndex; index++)
{
share.FileStore.UnlockFile(openFile.Handle, (long)request.Locks[index].ByteOffset, (long)request.Locks[index].LengthInBytes);
}
return(new ErrorResponse(request.CommandName));
}
state.LogToServer(Severity.Verbose, "Locking: Locking '{0}{1}' succeeded. Offset: {2}, Length: {3}.", share.Name, openFile.Path, lockingRange.ByteOffset, lockingRange.LengthInBytes);
}
return(new LockingAndXResponse());
}
internal static Transaction2QueryFSInformationResponse GetSubcommandResponse(SMB1Header header, Transaction2QueryFSInformationRequest subcommand, ISMBShare share, SMB1ConnectionState state)
{
SMB1Session session = state.GetSession(header.UID);
if (share is FileSystemShare)
{
if (!((FileSystemShare)share).HasReadAccess(session.SecurityContext, @"\"))
{
state.LogToServer(Severity.Verbose, "QueryFileSystemInformation on '{0}' failed. User '{1}' was denied access.", share.Name, session.UserName);
header.Status = NTStatus.STATUS_ACCESS_DENIED;
return(null);
}
}
Transaction2QueryFSInformationResponse response = new Transaction2QueryFSInformationResponse();
QueryFSInformation queryFSInformation;
NTStatus queryStatus = SMB1FileStoreHelper.GetFileSystemInformation(out queryFSInformation, share.FileStore, subcommand.InformationLevel);
if (queryStatus != NTStatus.STATUS_SUCCESS)
{
state.LogToServer(Severity.Verbose, "GetFileSystemInformation on '{0}' failed. Information level: {1}, NTStatus: {2}", share.Name, subcommand.InformationLevel, queryStatus);
header.Status = queryStatus;
return(null);
}
state.LogToServer(Severity.Information, "GetFileSystemInformation on '{0}' succeeded. Information level: {1}", share.Name, subcommand.InformationLevel);
response.SetQueryFSInformation(queryFSInformation, header.UnicodeFlag);
return(response);
}
internal static SMB1Command GetTreeDisconnectResponse(SMB1Header header, TreeDisconnectRequest request, ISMBShare share, SMB1ConnectionState state)
{
SMB1Session session = state.GetSession(header.UID);
session.DisconnectTree(header.TID);
state.LogToServer(Severity.Information, "Tree Disconnect: User '{0}' disconnected from '{1}' (UID: {2}, TID: {3})", session.UserName, share.Name, header.UID, header.TID);
return(new TreeDisconnectResponse());
}
internal static List <SMB1Command> GetCompleteNTTransactResponse(SMB1Header header, uint maxParameterCount, uint maxDataCount, NTTransactSubcommandName subcommandName, byte[] requestSetup, byte[] requestParameters, byte[] requestData, ISMBShare share, SMB1ConnectionState state)
{
NTTransactSubcommand subcommand;
try
{
subcommand = NTTransactSubcommand.GetSubcommandRequest(subcommandName, requestSetup, requestParameters, requestData, header.UnicodeFlag);
}
catch
{
// [MS-CIFS] If the Function code is not defined, the server MUST return STATUS_INVALID_SMB.
header.Status = NTStatus.STATUS_INVALID_SMB;
return(new ErrorResponse(CommandName.SMB_COM_NT_TRANSACT));
}
state.LogToServer(Severity.Verbose, "Received complete SMB_COM_NT_TRANSACT subcommand: {0}", subcommand.SubcommandName);
NTTransactSubcommand subcommandResponse = null;
if (subcommand is NTTransactCreateRequest)
{
header.Status = NTStatus.STATUS_NOT_IMPLEMENTED;
}
else if (subcommand is NTTransactIOCTLRequest)
{
subcommandResponse = GetSubcommandResponse(header, maxDataCount, (NTTransactIOCTLRequest)subcommand, share, state);
}
else if (subcommand is NTTransactSetSecurityDescriptorRequest)
{
subcommandResponse = GetSubcommandResponse(header, (NTTransactSetSecurityDescriptorRequest)subcommand, share, state);
}
else if (subcommand is NTTransactNotifyChangeRequest)
{
NotifyChangeHelper.ProcessNTTransactNotifyChangeRequest(header, maxParameterCount, (NTTransactNotifyChangeRequest)subcommand, share, state);
if (header.Status == NTStatus.STATUS_PENDING)
{
return(new List <SMB1Command>());
}
}
else if (subcommand is NTTransactQuerySecurityDescriptorRequest)
{
subcommandResponse = GetSubcommandResponse(header, maxDataCount, (NTTransactQuerySecurityDescriptorRequest)subcommand, share, state);
}
else
{
// [MS-CIFS] If the Function code is defined but not implemented, the server MUST return STATUS_SMB_BAD_COMMAND.
header.Status = NTStatus.STATUS_SMB_BAD_COMMAND;
}
if (subcommandResponse == null)
{
return(new ErrorResponse(CommandName.SMB_COM_NT_TRANSACT));
}
byte[] responseSetup = subcommandResponse.GetSetup();
byte[] responseParameters = subcommandResponse.GetParameters(header.UnicodeFlag);
byte[] responseData = subcommandResponse.GetData();
return(GetNTTransactResponse(responseSetup, responseParameters, responseData, state.MaxBufferSize));
}
internal static SMB1Command GetSessionSetupResponse(SMB1Header header, SessionSetupAndXRequest request, GSSProvider securityProvider, SMB1ConnectionState state)
{
SessionSetupAndXResponse response = new SessionSetupAndXResponse();
// The PrimaryDomain field in the request is used to determine with domain controller should authenticate the user credentials,
// However, the domain controller itself does not use this field.
// See: http://msdn.microsoft.com/en-us/library/windows/desktop/aa378749%28v=vs.85%29.aspx
AuthenticateMessage message = CreateAuthenticateMessage(request.AccountName, request.OEMPassword, request.UnicodePassword);
header.Status = securityProvider.NTLMAuthenticate(state.AuthenticationContext, message);
if (header.Status != NTStatus.STATUS_SUCCESS)
{
state.LogToServer(Severity.Information, "Session Setup: User '{0}' failed authentication (Domain: '{1}', OS: '{2}'), NTStatus: {3}", request.AccountName, request.PrimaryDomain, request.NativeOS, header.Status);
return(new ErrorResponse(request.CommandName));
}
string osVersion = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.OSVersion) as string;
byte[] sessionKey = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.SessionKey) as byte[];
object accessToken = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.AccessToken);
bool? isGuest = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.IsGuest) as bool?;
SMB1Session session;
if (!isGuest.HasValue || !isGuest.Value)
{
state.LogToServer(Severity.Information, "Session Setup: User '{0}' authenticated successfully (Domain: '{1}', Workstation: '{2}', OS version: '{3}').", message.UserName, message.DomainName, message.WorkStation, osVersion);
session = state.CreateSession(message.UserName, message.WorkStation, sessionKey, accessToken);
}
else
{
state.LogToServer(Severity.Information, "Session Setup: User '{0}' failed authentication (Domain: '{1}', Workstation: '{2}', OS version: '{3}'), logged in as guest.", message.UserName, message.DomainName, message.WorkStation, osVersion);
session = state.CreateSession("Guest", message.WorkStation, sessionKey, accessToken);
response.Action = SessionSetupAction.SetupGuest;
}
if (session == null)
{
header.Status = NTStatus.STATUS_TOO_MANY_SESSIONS;
return(new ErrorResponse(request.CommandName));
}
header.UID = session.UserID;
response.PrimaryDomain = request.PrimaryDomain;
if ((request.Capabilities & ServerCapabilities.LargeRead) > 0)
{
state.LargeRead = true;
}
if ((request.Capabilities & ServerCapabilities.LargeWrite) > 0)
{
state.LargeWrite = true;
}
response.NativeOS = String.Empty; // "Windows Server 2003 3790 Service Pack 2"
response.NativeLanMan = String.Empty; // "Windows Server 2003 5.2"
return(response);
}
internal static SMB1Command GetReadResponse(SMB1Header header, ReadAndXRequest request, ISMBShare share, SMB1ConnectionState state)
{
SMB1Session session = state.GetSession(header.UID);
OpenFileObject openFile = session.GetOpenFileObject(request.FID);
if (openFile == null)
{
state.LogToServer(Severity.Verbose, "Read failed. Invalid FID. (UID: {0}, TID: {1}, FID: {2})", header.UID, header.TID, request.FID);
header.Status = NTStatus.STATUS_INVALID_HANDLE;
return(new ErrorResponse(request.CommandName));
}
if (share is FileSystemShare)
{
if (!((FileSystemShare)share).HasReadAccess(session.SecurityContext, openFile.Path))
{
state.LogToServer(Severity.Verbose, "Read from '{0}{1}' failed. User '{2}' was denied access.", share.Name, openFile.Path, session.UserName);
header.Status = NTStatus.STATUS_ACCESS_DENIED;
return(new ErrorResponse(request.CommandName));
}
}
uint maxCount = request.MaxCount;
if ((share is FileSystemShare) && state.LargeRead)
{
maxCount = request.MaxCountLarge;
}
byte[] data;
header.Status = share.FileStore.ReadFile(out data, openFile.Handle, (long)request.Offset, (int)maxCount);
if (header.Status == NTStatus.STATUS_END_OF_FILE)
{
// [MS-CIFS] Windows servers set the DataLength field to 0x0000 and return STATUS_SUCCESS.
// JCIFS expects the same response.
data = new byte[0];
header.Status = NTStatus.STATUS_SUCCESS;
}
else if (header.Status != NTStatus.STATUS_SUCCESS)
{
state.LogToServer(Severity.Verbose, "Read from '{0}{1}' failed. NTStatus: {2}. (FID: {3})", share.Name, openFile.Path, header.Status, request.FID);
return(new ErrorResponse(request.CommandName));
}
ReadAndXResponse response = new ReadAndXResponse();
if (share is FileSystemShare)
{
// If the client reads from a disk file, this field MUST be set to -1 (0xFFFF)
response.Available = 0xFFFF;
}
response.Data = data;
return(response);
}
internal static Transaction2SetFileInformationResponse GetSubcommandResponse(SMB1Header header, Transaction2SetFileInformationRequest subcommand, ISMBShare share, SMB1ConnectionState state)
{
SMB1Session session = state.GetSession(header.UID);
OpenFileObject openFile = session.GetOpenFileObject(subcommand.FID);
if (openFile == null)
{
header.Status = NTStatus.STATUS_INVALID_HANDLE;
return(null);
}
if (share is FileSystemShare)
{
if (!((FileSystemShare)share).HasWriteAccess(session.SecurityContext, openFile.Path))
{
state.LogToServer(Severity.Verbose, "SetFileInformation on '{0}{1}' failed. User '{2}' was denied access.", share.Name, openFile.Path, session.UserName);
header.Status = NTStatus.STATUS_ACCESS_DENIED;
return(null);
}
}
SetInformation information;
try
{
information = SetInformation.GetSetInformation(subcommand.InformationBytes, subcommand.InformationLevel);
}
catch (UnsupportedInformationLevelException)
{
state.LogToServer(Severity.Verbose, "SetFileInformation on '{0}{1}' failed. Information level: {2}, NTStatus: STATUS_OS2_INVALID_LEVEL", share.Name, openFile.Path, subcommand.InformationLevel);
header.Status = NTStatus.STATUS_OS2_INVALID_LEVEL;
return(null);
}
catch (Exception)
{
state.LogToServer(Severity.Verbose, "SetFileInformation on '{0}{1}' failed. Information level: {2}, NTStatus: STATUS_INVALID_PARAMETER", share.Name, openFile.Path, subcommand.InformationLevel);
header.Status = NTStatus.STATUS_INVALID_PARAMETER;
return(null);
}
NTStatus status = SMB1FileStoreHelper.SetFileInformation(share.FileStore, openFile.Handle, information);
if (status != NTStatus.STATUS_SUCCESS)
{
state.LogToServer(Severity.Verbose, "SetFileInformation on '{0}{1}' failed. Information level: {2}, NTStatus: {3}", share.Name, openFile.Path, subcommand.InformationLevel, status);
header.Status = status;
return(null);
}
state.LogToServer(Severity.Information, "SetFileInformation on '{0}{1}' succeeded. Information level: {2}", share.Name, openFile.Path, subcommand.InformationLevel);
Transaction2SetFileInformationResponse response = new Transaction2SetFileInformationResponse();
return(response);
}
private void ProcessSMB1Message(SMB1Message message, ref ConnectionState state)
{
SMB1Header header = new SMB1Header();
PrepareResponseHeader(header, message.Header);
List <SMB1Command> responses = new List <SMB1Command>();
bool isBatchedRequest = (message.Commands.Count > 1);
foreach (SMB1Command command in message.Commands)
{
List <SMB1Command> commandResponses = ProcessSMB1Command(header, command, ref state);
responses.AddRange(commandResponses);
if (header.Status != NTStatus.STATUS_SUCCESS)
{
break;
}
}
if (isBatchedRequest)
{
if (responses.Count > 0)
{
// The server MUST batch the response into an AndX Response chain.
SMB1Message reply = new SMB1Message();
reply.Header = header;
for (int index = 0; index < responses.Count; index++)
{
if (reply.Commands.Count == 0 ||
reply.Commands[reply.Commands.Count - 1] is SMBAndXCommand)
{
reply.Commands.Add(responses[index]);
responses.RemoveAt(index);
index--;
}
else
{
break;
}
}
EnqueueMessage(state, reply);
}
}
foreach (SMB1Command response in responses)
{
SMB1Message reply = new SMB1Message();
reply.Header = header;
reply.Commands.Add(response);
EnqueueMessage(state, reply);
}
}
internal static Transaction2SetFSInformationResponse GetSubcommandResponse(SMB1Header header, Transaction2SetFSInformationRequest subcommand, ISMBShare share, SMB1ConnectionState state)
{
SMB1Session session = state.GetSession(header.UID);
if (share is FileSystemShare)
{
if (!((FileSystemShare)share).HasWriteAccess(session.SecurityContext, @"\"))
{
state.LogToServer(Severity.Verbose, "SetFileSystemInformation on '{0}' failed. User '{1}' was denied access.", share.Name, session.UserName);
header.Status = NTStatus.STATUS_ACCESS_DENIED;
return(null);
}
}
if (!subcommand.IsPassthroughInformationLevel)
{
state.LogToServer(Severity.Verbose, "SetFileSystemInformation on '{0}' failed. Not a pass-through information level.", share.Name);
header.Status = NTStatus.STATUS_NOT_SUPPORTED;
return(null);
}
FileSystemInformation fileSystemInfo;
try
{
fileSystemInfo = FileSystemInformation.GetFileSystemInformation(subcommand.InformationBytes, 0, subcommand.FileSystemInformationClass);
}
catch (UnsupportedInformationLevelException)
{
state.LogToServer(Severity.Verbose, "SetFileSystemInformation on '{0}' failed. Information class: {1}, NTStatus: STATUS_OS2_INVALID_LEVEL.", share.Name, subcommand.FileSystemInformationClass);
header.Status = NTStatus.STATUS_OS2_INVALID_LEVEL;
return(null);
}
catch (Exception)
{
state.LogToServer(Severity.Verbose, "SetFileSystemInformation on '{0}' failed. Information class: {1}, NTStatus: STATUS_INVALID_PARAMETER.", share.Name, subcommand.FileSystemInformationClass);
header.Status = NTStatus.STATUS_INVALID_PARAMETER;
return(null);
}
NTStatus status = share.FileStore.SetFileSystemInformation(fileSystemInfo);
if (status != NTStatus.STATUS_SUCCESS)
{
state.LogToServer(Severity.Verbose, "SetFileSystemInformation on '{0}' failed. Information class: {1}, NTStatus: {2}.", share.Name, subcommand.FileSystemInformationClass, status);
header.Status = status;
return(null);
}
state.LogToServer(Severity.Verbose, "SetFileSystemInformation on '{0}' succeeded. Information class: {1}.", share.Name, subcommand.FileSystemInformationClass);
return(new Transaction2SetFSInformationResponse());
}
internal static SMB1Command GetTreeConnectResponse(SMB1Header header, TreeConnectAndXRequest request, SMB1ConnectionState state, NamedPipeShare services, SMBShareCollection shares)
{
SMB1Session session = state.GetSession(header.UID);
bool isExtended = (request.Flags & TreeConnectFlags.ExtendedResponse) > 0;
string shareName = ServerPathUtils.GetShareName(request.Path);
ISMBShare share;
ServiceName serviceName;
OptionalSupportFlags supportFlags;
if (String.Equals(shareName, NamedPipeShare.NamedPipeShareName, StringComparison.InvariantCultureIgnoreCase))
{
share = services;
serviceName = ServiceName.NamedPipe;
supportFlags = OptionalSupportFlags.SMB_SUPPORT_SEARCH_BITS | OptionalSupportFlags.SMB_CSC_NO_CACHING;
}
else
{
share = shares.GetShareFromName(shareName);
serviceName = ServiceName.DiskShare;
supportFlags = OptionalSupportFlags.SMB_SUPPORT_SEARCH_BITS | OptionalSupportFlags.SMB_CSC_CACHE_MANUAL_REINT;
if (share == null)
{
header.Status = NTStatus.STATUS_OBJECT_PATH_NOT_FOUND;
return(new ErrorResponse(request.CommandName));
}
if (!((FileSystemShare)share).HasReadAccess(session.SecurityContext, @"\"))
{
state.LogToServer(Severity.Verbose, "Tree Connect to '{0}' failed. User '{1}' was denied access.", share.Name, session.UserName);
header.Status = NTStatus.STATUS_ACCESS_DENIED;
return(new ErrorResponse(request.CommandName));
}
}
ushort?treeID = session.AddConnectedTree(share);
if (!treeID.HasValue)
{
header.Status = NTStatus.STATUS_INSUFF_SERVER_RESOURCES;
return(new ErrorResponse(request.CommandName));
}
state.LogToServer(Severity.Information, "Tree Connect: User '{0}' connected to '{1}'", session.UserName, share.Name);
header.TID = treeID.Value;
if (isExtended)
{
return(CreateTreeConnectResponseExtended(serviceName, supportFlags));
}
else
{
return(CreateTreeConnectResponse(serviceName, supportFlags));
}
}
internal static Transaction2QueryFSInformationResponse GetSubcommandResponse(SMB1Header header, uint maxDataCount, Transaction2QueryFSInformationRequest subcommand, ISMBShare share, SMB1ConnectionState state)
{
SMB1Session session = state.GetSession(header.UID);
if (share is FileSystemShare)
{
if (!((FileSystemShare)share).HasReadAccess(session.SecurityContext, @"\"))
{
state.LogToServer(Severity.Verbose, "QueryFileSystemInformation on '{0}' failed. User '{1}' was denied access.", share.Name, session.UserName);
header.Status = NTStatus.STATUS_ACCESS_DENIED;
return(null);
}
}
Transaction2QueryFSInformationResponse response = new Transaction2QueryFSInformationResponse();
if (subcommand.IsPassthroughInformationLevel)
{
FileSystemInformation fileSystemInfo;
NTStatus status = share.FileStore.GetFileSystemInformation(out fileSystemInfo, subcommand.FileSystemInformationClass);
if (status != NTStatus.STATUS_SUCCESS)
{
state.LogToServer(Severity.Verbose, "GetFileSystemInformation on '{0}' failed. Information class: {1}, NTStatus: {2}", share.Name, subcommand.FileSystemInformationClass, status);
header.Status = status;
return(null);
}
state.LogToServer(Severity.Information, "GetFileSystemInformation on '{0}' succeeded. Information class: {1}", share.Name, subcommand.FileSystemInformationClass);
response.SetFileSystemInformation(fileSystemInfo);
}
else
{
QueryFSInformation queryFSInformation;
NTStatus status = SMB1FileStoreHelper.GetFileSystemInformation(out queryFSInformation, share.FileStore, subcommand.QueryFSInformationLevel);
if (status != NTStatus.STATUS_SUCCESS)
{
state.LogToServer(Severity.Verbose, "GetFileSystemInformation on '{0}' failed. Information level: {1}, NTStatus: {2}", share.Name, subcommand.QueryFSInformationLevel, status);
header.Status = status;
return(null);
}
state.LogToServer(Severity.Information, "GetFileSystemInformation on '{0}' succeeded. Information level: {1}", share.Name, subcommand.QueryFSInformationLevel);
response.SetQueryFSInformation(queryFSInformation, header.UnicodeFlag);
}
if (response.InformationBytes.Length > maxDataCount)
{
header.Status = NTStatus.STATUS_BUFFER_OVERFLOW;
response.InformationBytes = ByteReader.ReadBytes(response.InformationBytes, 0, (int)maxDataCount);
}
return(response);
}
/// <summary>
/// May return an empty list
/// </summary>
private List <SMB1Command> ProcessSMB1Command(SMB1Header header, SMB1Command command, ref ConnectionState state)
{
if (state.Dialect == SMBDialect.NotSet)
{
if (command is NegotiateRequest)
{
NegotiateRequest request = (NegotiateRequest)command;
if (request.Dialects.Contains(SMBServer.NTLanManagerDialect))
{
state = new SMB1ConnectionState(state);
state.Dialect = SMBDialect.NTLM012;
m_connectionManager.AddConnection(state);
if (EnableExtendedSecurity && header.ExtendedSecurityFlag)
{
return(NegotiateHelper.GetNegotiateResponseExtended(request, m_serverGuid));
}
else
{
return(NegotiateHelper.GetNegotiateResponse(header, request, m_securityProvider, state));
}
}
else
{
return(new NegotiateResponseNotSupported());
}
}
else
{
// [MS-CIFS] An SMB_COM_NEGOTIATE exchange MUST be completed before any other SMB messages are sent to the server
header.Status = NTStatus.STATUS_INVALID_SMB;
return(new ErrorResponse(command.CommandName));
}
}
else if (command is NegotiateRequest)
{
// There MUST be only one SMB_COM_NEGOTIATE exchange per SMB connection.
// Subsequent SMB_COM_NEGOTIATE requests received by the server MUST be rejected with error responses.
header.Status = NTStatus.STATUS_INVALID_SMB;
return(new ErrorResponse(command.CommandName));
}
else
{
return(ProcessSMB1Command(header, command, (SMB1ConnectionState)state));
}
}
internal static SMB1Command GetReadResponse(SMB1Header header, ReadAndXRequest request, ISMBShare share, SMB1ConnectionState state)
{
SMB1Session session = state.GetSession(header.UID);
OpenFileObject openFile = session.GetOpenFileObject(request.FID);
if (openFile == null)
{
header.Status = NTStatus.STATUS_INVALID_HANDLE;
return(null);
}
if (share is FileSystemShare)
{
if (!((FileSystemShare)share).HasReadAccess(session.SecurityContext, openFile.Path))
{
state.LogToServer(Severity.Verbose, "ReadAndX from '{0}{1}' failed. User '{2}' was denied access.", share.Name, openFile.Path, session.UserName);
header.Status = NTStatus.STATUS_ACCESS_DENIED;
return(new ErrorResponse(request.CommandName));
}
}
uint maxCount = request.MaxCount;
if ((share is FileSystemShare) && state.LargeRead)
{
maxCount = request.MaxCountLarge;
}
byte[] data;
header.Status = share.FileStore.ReadFile(out data, openFile.Handle, (long)request.Offset, (int)maxCount);
if (header.Status != NTStatus.STATUS_SUCCESS)
{
return(new ErrorResponse(request.CommandName));
}
ReadAndXResponse response = new ReadAndXResponse();
if (share is FileSystemShare)
{
// If the client reads from a disk file, this field MUST be set to -1 (0xFFFF)
response.Available = 0xFFFF;
}
response.Data = data;
return(response);
}
internal static void ProcessNTCancelRequest(SMB1Header header, NTCancelRequest request, ISMBShare share, SMB1ConnectionState state)
{
SMB1Session session = state.GetSession(header.UID);
SMB1AsyncContext context = state.GetAsyncContext(header.UID, header.TID, header.PID, header.MID);
if (context != null)
{
NTStatus status = share.FileStore.Cancel(context.IORequest);
OpenFileObject openFile = session.GetOpenFileObject(context.FileID);
if (openFile != null)
{
state.LogToServer(Severity.Information, "Cancel: Requested cancel on '{0}{1}', NTStatus: {2}. PID: {3}. MID: {4}.", share.Name, openFile.Path, status, context.PID, context.MID);
}
if (status == NTStatus.STATUS_SUCCESS || status == NTStatus.STATUS_CANCELLED)
{
state.RemoveAsyncContext(context);
}
}
}
