private uint SessionSetup(
Packet_Header_Flags_Values headerFlags,
SESSION_SETUP_Request_Flags sessionSetupFlags,
SESSION_SETUP_Request_SecurityMode_Values securityMode,
SESSION_SETUP_Request_Capabilities_Values capabilities,
ulong previousSessionId,
SecurityPackageType securityPackageType,
string serverName,
byte[] token,
out byte[] serverGssToken,
ushort creditRequest = 64)
{
Packet_Header header;
SESSION_SETUP_Response sessionSetupResponse;
uint status;
status = client.SessionSetup(
1,
creditRequest,
headerFlags,
messageId++,
sessionId,
sessionSetupFlags,
securityMode,
capabilities,
previousSessionId,
token,
out sessionId,
out serverGssToken,
out header,
out sessionSetupResponse);
return(status);
}
/// <summary>
/// Send an SMB2 SESSION_SETUP request with specified parameters
/// </summary>
/// <param name="headerFlags">A Flags field indicates how to process the operation.</param>
/// <param name="sessionSetupFlags">To bind an existing session to a new connection,set to SMB2_SESSION_FLAG_BINDING to bind; otherwise set it to NONE.</param>
/// <param name="securityMode">The security mode field specifies whether SMB signing is enabled, required at the server, or both</param>
/// <param name="capabilities">Specifies protocol capabilities for the client.</param>
/// <param name="token">Gss token to send</param>
/// <param name="serverToken">GssToken returned from server</param>
/// <param name="isResponseEncryptedSessionFlag">check if SESSION_FLAG_ENCRYPT_DATA returned from server</param>
/// <param name="creditRequest">The number of credits the client is requesting. Default value is 64.</param>
/// <param name="previousSessionId">For reconnect, set it to previous sessionId, otherwise set it to 0. Default value is 0.</param>
/// <returns>The status code for SESSION_SETUP Response.</returns>
public uint SessionSetup(
Packet_Header_Flags_Values headerFlags,
SESSION_SETUP_Request_Flags sessionSetupFlags,
SESSION_SETUP_Request_SecurityMode_Values securityMode,
SESSION_SETUP_Request_Capabilities_Values capabilities,
byte[] token,
out byte[] serverToken,
out bool isResponseEncryptedSessionFlag,
ushort creditRequest = 64,
ulong previousSessionId = 0)
{
Packet_Header header;
SESSION_SETUP_Response sessionSetupResponse;
ulong messageId = generateMessageId(sequenceWindow);
ushort creditCharge = generateCreditCharge(1);
// Need to consume credit from sequence window first according to TD
ConsumeCredit(messageId, creditCharge);
uint status = Smb2Client.SessionSetup(
1,
creditRequest,
headerFlags,
messageId,
sessionId,
sessionSetupFlags,
securityMode,
capabilities,
previousSessionId,
token,
out sessionId,
out serverToken,
out header,
out sessionSetupResponse);
isResponseEncryptedSessionFlag = sessionSetupResponse.SessionFlags.HasFlag(SessionFlags_Values.SESSION_FLAG_ENCRYPT_DATA);
ProduceCredit(messageId, header);
return(status);
}
public void UserLogon(
DetectionInfo info,
Smb2Client client,
out ulong messageId,
out ulong sessionId,
out Guid clientGuid,
out NEGOTIATE_Response negotiateResp,
out bool encryptionRequired)
{
messageId = 1;
sessionId = 0;
logWriter.AddLog(LogLevel.Information, "Client connects to server");
client.ConnectOverTCP(SUTIpAddress);
#region Negotiate
DialectRevision selectedDialect;
byte[] gssToken;
Packet_Header header;
clientGuid = Guid.NewGuid();
logWriter.AddLog(LogLevel.Information, "Client sends multi-protocol Negotiate to server");
MultiProtocolNegotiate(
client,
1,
1,
Packet_Header_Flags_Values.NONE,
messageId++,
info.requestDialect,
SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED,
Capabilities_Values.GLOBAL_CAP_DFS | Capabilities_Values.GLOBAL_CAP_DIRECTORY_LEASING | Capabilities_Values.GLOBAL_CAP_LARGE_MTU
| Capabilities_Values.GLOBAL_CAP_LEASING | Capabilities_Values.GLOBAL_CAP_MULTI_CHANNEL | Capabilities_Values.GLOBAL_CAP_PERSISTENT_HANDLES | Capabilities_Values.GLOBAL_CAP_ENCRYPTION,
clientGuid,
out selectedDialect,
out gssToken,
out header,
out negotiateResp);
if (header.Status != Smb2Status.STATUS_SUCCESS)
{
LogFailedStatus("NEGOTIATE", header.Status);
throw new Exception(string.Format("NEGOTIATE failed with {0}", Smb2Status.GetStatusCode(header.Status)));
}
#endregion
#region Session Setup
SESSION_SETUP_Response sessionSetupResp;
SspiClientSecurityContext sspiClientGss =
new SspiClientSecurityContext(
SecurityPackageType,
Credential,
Smb2Utility.GetCifsServicePrincipalName(SUTName),
ClientSecurityContextAttribute.None,
SecurityTargetDataRepresentation.SecurityNativeDrep);
// Server GSS token is used only for Negotiate authentication when enabled
if (SecurityPackageType == SecurityPackageType.Negotiate)
{
sspiClientGss.Initialize(gssToken);
}
else
{
sspiClientGss.Initialize(null);
}
do
{
logWriter.AddLog(LogLevel.Information, "Client sends SessionSetup to server");
client.SessionSetup(
1,
64,
Packet_Header_Flags_Values.NONE,
messageId++,
sessionId,
SESSION_SETUP_Request_Flags.NONE,
SESSION_SETUP_Request_SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED,
SESSION_SETUP_Request_Capabilities_Values.GLOBAL_CAP_DFS,
0,
sspiClientGss.Token,
out sessionId,
out gssToken,
out header,
out sessionSetupResp);
if ((header.Status == Smb2Status.STATUS_MORE_PROCESSING_REQUIRED || header.Status == Smb2Status.STATUS_SUCCESS) && gssToken != null && gssToken.Length > 0)
{
sspiClientGss.Initialize(gssToken);
}
} while (header.Status == Smb2Status.STATUS_MORE_PROCESSING_REQUIRED);
if (header.Status != Smb2Status.STATUS_SUCCESS)
{
LogFailedStatus("SESSIONSETUP", header.Status);
throw new Exception(string.Format("SESSIONSETUP failed with {0}", Smb2Status.GetStatusCode(header.Status)));
}
byte[] sessionKey;
sessionKey = sspiClientGss.SessionKey;
encryptionRequired = sessionSetupResp.SessionFlags == SessionFlags_Values.SESSION_FLAG_ENCRYPT_DATA;
client.GenerateCryptoKeys(
sessionId,
sessionKey,
info.smb2Info.IsRequireMessageSigning, // Enable signing according to the configuration of SUT
encryptionRequired,
null,
false);
#endregion
}
public void UserLogon(
DetectionInfo info,
Smb2Client client,
out ulong messageId,
out ulong sessionId,
out Guid clientGuid,
out NEGOTIATE_Response negotiateResp,
out bool encryptionRequired)
{
messageId = 1;
sessionId = 0;
logWriter.AddLog(LogLevel.Information, "Client connects to server");
client.ConnectOverTCP(SUTIpAddress);
#region Negotiate
DialectRevision selectedDialect;
byte[] gssToken;
Packet_Header header;
clientGuid = Guid.NewGuid();
logWriter.AddLog(LogLevel.Information, "Client sends multi-protocol Negotiate to server");
MultiProtocolNegotiate(
client,
1,
1,
Packet_Header_Flags_Values.NONE,
messageId++,
info.requestDialect,
SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED,
Capabilities_Values.GLOBAL_CAP_DFS | Capabilities_Values.GLOBAL_CAP_DIRECTORY_LEASING | Capabilities_Values.GLOBAL_CAP_LARGE_MTU
| Capabilities_Values.GLOBAL_CAP_LEASING | Capabilities_Values.GLOBAL_CAP_MULTI_CHANNEL | Capabilities_Values.GLOBAL_CAP_PERSISTENT_HANDLES | Capabilities_Values.GLOBAL_CAP_ENCRYPTION,
clientGuid,
out selectedDialect,
out gssToken,
out header,
out negotiateResp);
if (header.Status != Smb2Status.STATUS_SUCCESS)
{
LogFailedStatus("NEGOTIATE", header.Status);
throw new Exception(string.Format("NEGOTIATE failed with {0}", Smb2Status.GetStatusCode(header.Status)));
}
#endregion
#region Session Setup
SESSION_SETUP_Response sessionSetupResp;
SspiClientSecurityContext sspiClientGss =
new SspiClientSecurityContext(
SecurityPackageType,
Credential,
Smb2Utility.GetCifsServicePrincipalName(SUTName),
ClientSecurityContextAttribute.None,
SecurityTargetDataRepresentation.SecurityNativeDrep);
// Server GSS token is used only for Negotiate authentication when enabled
if (SecurityPackageType == SecurityPackageType.Negotiate)
sspiClientGss.Initialize(gssToken);
else
sspiClientGss.Initialize(null);
do
{
logWriter.AddLog(LogLevel.Information, "Client sends SessionSetup to server");
client.SessionSetup(
1,
64,
Packet_Header_Flags_Values.NONE,
messageId++,
sessionId,
SESSION_SETUP_Request_Flags.NONE,
SESSION_SETUP_Request_SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED,
SESSION_SETUP_Request_Capabilities_Values.GLOBAL_CAP_DFS,
0,
sspiClientGss.Token,
out sessionId,
out gssToken,
out header,
out sessionSetupResp);
if ((header.Status == Smb2Status.STATUS_MORE_PROCESSING_REQUIRED || header.Status == Smb2Status.STATUS_SUCCESS) && gssToken != null && gssToken.Length > 0)
{
sspiClientGss.Initialize(gssToken);
}
} while (header.Status == Smb2Status.STATUS_MORE_PROCESSING_REQUIRED);
if (header.Status != Smb2Status.STATUS_SUCCESS)
{
LogFailedStatus("SESSIONSETUP", header.Status);
throw new Exception(string.Format("SESSIONSETUP failed with {0}", Smb2Status.GetStatusCode(header.Status)));
}
byte[] sessionKey;
sessionKey = sspiClientGss.SessionKey;
encryptionRequired = sessionSetupResp.SessionFlags == SessionFlags_Values.SESSION_FLAG_ENCRYPT_DATA;
client.GenerateCryptoKeys(
sessionId,
sessionKey,
info.smb2Info.IsRequireMessageSigning, // Enable signing according to the configuration of SUT
encryptionRequired,
null,
false);
#endregion
}
public DetectResult CheckIOCTL_ValidateNegotiateInfo(string sharename, ref DetectionInfo info)
{
logWriter.AddLog(LogLevel.Information, "===== Detecting IOCTL ValidateNegotiateInfo =====");
using (Smb2Client client = new Smb2Client(new TimeSpan(0, 0, defaultTimeoutInSeconds)))
{
ulong messageId = 1;
ulong sessionId = 0;
uint treeId;
NEGOTIATE_Response negotiateResponse;
Guid clientGuid;
bool encryptionRequired = false;
DialectRevision[] preferredDialects;
logWriter.AddLog(LogLevel.Information, "Client connects to server");
client.ConnectOverTCP(SUTIpAddress);
if (info.CheckHigherDialect(info.smb2Info.MaxSupportedDialectRevision, DialectRevision.Smb311))
{
// VALIDATE_NEGOTIATE_INFO request is only used in 3.0 and 3.0.2
preferredDialects = Smb2Utility.GetDialects(DialectRevision.Smb302);
}
else
{
preferredDialects = info.requestDialect;
}
#region Negotiate
DialectRevision selectedDialect;
byte[] gssToken;
Packet_Header header;
clientGuid = Guid.NewGuid();
logWriter.AddLog(LogLevel.Information, "Client sends multi-protocol Negotiate to server");
MultiProtocolNegotiate(
client,
1,
1,
Packet_Header_Flags_Values.NONE,
messageId++,
preferredDialects,
SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED,
Capabilities_Values.GLOBAL_CAP_DFS | Capabilities_Values.GLOBAL_CAP_DIRECTORY_LEASING | Capabilities_Values.GLOBAL_CAP_LARGE_MTU
| Capabilities_Values.GLOBAL_CAP_LEASING | Capabilities_Values.GLOBAL_CAP_MULTI_CHANNEL | Capabilities_Values.GLOBAL_CAP_PERSISTENT_HANDLES | Capabilities_Values.GLOBAL_CAP_ENCRYPTION,
clientGuid,
out selectedDialect,
out gssToken,
out header,
out negotiateResponse);
if (header.Status != Smb2Status.STATUS_SUCCESS)
{
LogFailedStatus("NEGOTIATE", header.Status);
throw new Exception(string.Format("NEGOTIATE failed with {0}", Smb2Status.GetStatusCode(header.Status)));
}
#endregion
#region Session Setup
SESSION_SETUP_Response sessionSetupResp;
SspiClientSecurityContext sspiClientGss =
new SspiClientSecurityContext(
SecurityPackageType,
Credential,
Smb2Utility.GetCifsServicePrincipalName(SUTName),
ClientSecurityContextAttribute.None,
SecurityTargetDataRepresentation.SecurityNativeDrep);
// Server GSS token is used only for Negotiate authentication when enabled
if (SecurityPackageType == SecurityPackageType.Negotiate)
sspiClientGss.Initialize(gssToken);
else
sspiClientGss.Initialize(null);
do
{
logWriter.AddLog(LogLevel.Information, "Client sends SessionSetup to server");
client.SessionSetup(
1,
64,
Packet_Header_Flags_Values.NONE,
messageId++,
sessionId,
SESSION_SETUP_Request_Flags.NONE,
SESSION_SETUP_Request_SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED,
SESSION_SETUP_Request_Capabilities_Values.GLOBAL_CAP_DFS,
0,
sspiClientGss.Token,
out sessionId,
out gssToken,
out header,
out sessionSetupResp);
if ((header.Status == Smb2Status.STATUS_MORE_PROCESSING_REQUIRED || header.Status == Smb2Status.STATUS_SUCCESS) && gssToken != null && gssToken.Length > 0)
{
sspiClientGss.Initialize(gssToken);
}
} while (header.Status == Smb2Status.STATUS_MORE_PROCESSING_REQUIRED);
if (header.Status != Smb2Status.STATUS_SUCCESS)
{
LogFailedStatus("SESSIONSETUP", header.Status);
throw new Exception(string.Format("SESSIONSETUP failed with {0}", Smb2Status.GetStatusCode(header.Status)));
}
byte[] sessionKey;
sessionKey = sspiClientGss.SessionKey;
encryptionRequired = sessionSetupResp.SessionFlags == SessionFlags_Values.SESSION_FLAG_ENCRYPT_DATA;
client.GenerateCryptoKeys(
sessionId,
sessionKey,
info.smb2Info.IsRequireMessageSigning, // Enable signing according to the configuration of SUT
encryptionRequired,
null,
false);
#endregion
#region TreeConnect
TREE_CONNECT_Response treeConnectResp;
string uncShare = string.Format(@"\\{0}\{1}", SUTName, sharename);
logWriter.AddLog(LogLevel.Information, "Client sends TreeConnect to server");
client.TreeConnect(
1,
1,
info.smb2Info.IsRequireMessageSigning ? Packet_Header_Flags_Values.FLAGS_SIGNED : Packet_Header_Flags_Values.NONE,
messageId++,
sessionId,
uncShare,
out treeId,
out header,
out treeConnectResp);
if (header.Status != Smb2Status.STATUS_SUCCESS)
{
LogFailedStatus("TREECONNECT", header.Status);
throw new Exception("TREECONNECT failed with " + Smb2Status.GetStatusCode(header.Status));
}
#endregion
TREE_DISCONNECT_Response treeDisconnectResponse;
#region IOCTL FSCTL_VALIDATE_NEGOTIATE_INFO
VALIDATE_NEGOTIATE_INFO_Request validateNegotiateInfoReq;
validateNegotiateInfoReq.Guid = clientGuid;
validateNegotiateInfoReq.Capabilities =
Capabilities_Values.GLOBAL_CAP_DFS | Capabilities_Values.GLOBAL_CAP_DIRECTORY_LEASING | Capabilities_Values.GLOBAL_CAP_LARGE_MTU
| Capabilities_Values.GLOBAL_CAP_LEASING | Capabilities_Values.GLOBAL_CAP_MULTI_CHANNEL | Capabilities_Values.GLOBAL_CAP_PERSISTENT_HANDLES
| Capabilities_Values.GLOBAL_CAP_ENCRYPTION;
validateNegotiateInfoReq.SecurityMode = SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED;
validateNegotiateInfoReq.DialectCount = (ushort)(preferredDialects.Length);
validateNegotiateInfoReq.Dialects = preferredDialects;
byte[] inputBuffer = TypeMarshal.ToBytes<VALIDATE_NEGOTIATE_INFO_Request>(validateNegotiateInfoReq);
byte[] outputBuffer;
VALIDATE_NEGOTIATE_INFO_Response validateNegotiateInfoResp;
IOCTL_Response ioCtlResponse;
byte[] respInput = new byte[1024];
FILEID ioCtlFileId = new FILEID();
ioCtlFileId.Persistent = 0xFFFFFFFFFFFFFFFF;
ioCtlFileId.Volatile = 0xFFFFFFFFFFFFFFFF;
logWriter.AddLog(LogLevel.Information, "Client sends FSCTL_VALIDATE_NEGOTIATE_INFO to server");
client.IoCtl(
1,
1,
info.smb2Info.IsRequireMessageSigning ? Packet_Header_Flags_Values.FLAGS_SIGNED : Packet_Header_Flags_Values.NONE,
messageId++,
sessionId,
treeId,
CtlCode_Values.FSCTL_VALIDATE_NEGOTIATE_INFO,
ioCtlFileId,
0,
inputBuffer,
64 * 1024,
IOCTL_Request_Flags_Values.SMB2_0_IOCTL_IS_FSCTL,
out respInput,
out outputBuffer,
out header,
out ioCtlResponse,
0);
DetectResult result = DetectResult.UnSupported;
if (header.Status != Smb2Status.STATUS_SUCCESS)
{
LogFailedStatus("Validate Negotiate Information", header.Status);
}
else
{
validateNegotiateInfoResp = TypeMarshal.ToStruct<VALIDATE_NEGOTIATE_INFO_Response>(outputBuffer);
if ((Capabilities_Values)negotiateResponse.Capabilities != validateNegotiateInfoResp.Capabilities)
{
logWriter.AddLog(LogLevel.Information, "Capabilities returned in ValidateNegotiateInfo response doesn't eaqual to server capabilities in original Negotiate response");
}
if (negotiateResponse.ServerGuid != validateNegotiateInfoResp.Guid)
{
logWriter.AddLog(LogLevel.Information, "ServerGuid returned in ValidateNegotiateInfo response doesn't eaqual to server ServerGuid in original Negotiate response");
}
if ((SecurityMode_Values)negotiateResponse.SecurityMode != validateNegotiateInfoResp.SecurityMode)
{
logWriter.AddLog(LogLevel.Information, "SecurityMode returned in ValidateNegotiateInfo response doesn't eaqual to server SecurityMode in original Negotiate response");
}
if (negotiateResponse.DialectRevision != validateNegotiateInfoResp.Dialect)
{
logWriter.AddLog(LogLevel.Information, "Validation failed for dialect supported on server");
}
result = DetectResult.Supported;
logWriter.AddLog(LogLevel.Information, "FSCTL_VALIDATE_NEGOTIATE_INFO is supported");
}
#endregion
#region Tree Disconnect
client.TreeDisconnect(
1,
1,
info.smb2Info.IsRequireMessageSigning ? Packet_Header_Flags_Values.FLAGS_SIGNED : Packet_Header_Flags_Values.NONE,
messageId++,
sessionId,
treeId,
out header,
out treeDisconnectResponse);
if (header.Status != Smb2Status.STATUS_SUCCESS)
{
LogFailedStatus("TREEDISCONNECT", header.Status);
}
#endregion
return result;
}
}
/// <summary>
/// Connect to the Server and establish the named pipe transport.
/// </summary>
private void ConnectToServer()
{
smb2Client = new Smb2Client(smb2ClientTimeout);
if (IPAddress.TryParse(serverName, out var serverIp))
{
smb2Client.ConnectOverTCP(serverIp);
}
else
{
var serverHostEntry = Dns.GetHostEntry(serverName);
smb2Client.ConnectOverTCP(serverHostEntry.AddressList[0]);
}
var validDialects = new DialectRevision[]
{
DialectRevision.Smb2002,
DialectRevision.Smb21,
DialectRevision.Smb30,
DialectRevision.Smb302,
DialectRevision.Smb311
};
var preauthIntegrityHashIDs = new PreauthIntegrityHashID[] { PreauthIntegrityHashID.SHA_512 };
var encryptionAlgorithms = new EncryptionAlgorithm[] { EncryptionAlgorithm.ENCRYPTION_AES128_GCM, EncryptionAlgorithm.ENCRYPTION_AES128_CCM };
var status = smb2Client.Negotiate(
creditCharge: 1,
creditRequest: 1,
flags: defaultFlags,
messageId: messageId++,
// Will negotiate highest dialect server supports
dialects: validDialects,
securityMode: SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED,
capabilities: Capabilities_Values.GLOBAL_CAP_DFS | Capabilities_Values.GLOBAL_CAP_ENCRYPTION | Capabilities_Values.GLOBAL_CAP_MULTI_CHANNEL | Capabilities_Values.GLOBAL_CAP_LARGE_MTU,
clientGuid: Guid.NewGuid(),
out var selectedDialect,
out var serverGssToken,
out Packet_Header _,
out var negotiateResponse,
preauthHashAlgs: preauthIntegrityHashIDs,
encryptionAlgs: encryptionAlgorithms);
CheckStatusCode(status, nameof(Smb2Client.Negotiate));
var sessionSiginingRequired = negotiateResponse.SecurityMode.HasFlag(NEGOTIATE_Response_SecurityMode_Values.NEGOTIATE_SIGNING_REQUIRED);
if (sessionSiginingRequired)
{
defaultFlags |= Packet_Header_Flags_Values.FLAGS_SIGNED;
}
var usedSecurityPackageType = (SecurityPackageType)Enum.Parse(typeof(SecurityPackageType), securityPackage);
var sspiClientGss = new SspiClientSecurityContext(
usedSecurityPackageType,
new AccountCredential(domainName, userName, password),
Smb2Utility.GetCifsServicePrincipalName(serverName),
ClientSecurityContextAttribute.None,
SecurityTargetDataRepresentation.SecurityNativeDrep);
if (usedSecurityPackageType == SecurityPackageType.Negotiate && useServerGssToken)
{
sspiClientGss.Initialize(serverGssToken);
}
else
{
sspiClientGss.Initialize(null);
}
do
{
status = smb2Client.SessionSetup(
creditCharge: 1,
creditRequest: 1,
flags: Packet_Header_Flags_Values.NONE,
messageId: messageId++,
sessionId: sessionId,
sessionSetupFlags: SESSION_SETUP_Request_Flags.NONE,
securityMode: SESSION_SETUP_Request_SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED,
capabilities: SESSION_SETUP_Request_Capabilities_Values.GLOBAL_CAP_DFS,
previousSessionId: 0,
clientGssToken: sspiClientGss.Token,
out sessionId,
out serverGssToken,
out _,
out _);
CheckStatusCode(status, nameof(Smb2Client.SessionSetup));
if ((status == Smb2Status.STATUS_MORE_PROCESSING_REQUIRED || status == Smb2Status.STATUS_SUCCESS) &&
serverGssToken != null && serverGssToken.Length > 0)
{
sspiClientGss.Initialize(serverGssToken);
}
} while (status == Smb2Status.STATUS_MORE_PROCESSING_REQUIRED);
var treeConnectSigningRequired = sessionSiginingRequired || (selectedDialect >= DialectRevision.Smb311);
smb2Client.GenerateCryptoKeys(
sessionId,
sspiClientGss.SessionKey,
treeConnectSigningRequired,
false);
status = smb2Client.TreeConnect(
creditCharge: 1,
creditRequest: 1,
flags: treeConnectSigningRequired ? defaultFlags | Packet_Header_Flags_Values.FLAGS_SIGNED : defaultFlags,
messageId: messageId++,
sessionId: sessionId,
$"\\\\{serverName}\\IPC$",
out treeId,
out _,
out _);
CheckStatusCode(status, nameof(Smb2Client.TreeConnect));
smb2Client.EnableSessionSigningAndEncryption(sessionId, sessionSiginingRequired, false);
status = smb2Client.Create(
creditCharge: 1,
creditRequest: 1,
flags: defaultFlags,
messageId: messageId++,
sessionId: sessionId,
treeId: treeId,
path: pipeName,
desiredAccess: AccessMask.GENERIC_READ | AccessMask.GENERIC_WRITE,
shareAccess: ShareAccess_Values.FILE_SHARE_READ,
createOptions: CreateOptions_Values.NONE,
createDispositions: CreateDisposition_Values.FILE_OPEN_IF,
fileAttributes: File_Attributes.NONE,
impersonationLevel: ImpersonationLevel_Values.Impersonation,
securityFlag: SecurityFlags_Values.NONE,
requestedOplockLevel: RequestedOplockLevel_Values.OPLOCK_LEVEL_NONE,
createContexts: null,
out fileId,
out _,
out _,
out _);
CheckStatusCode(status, nameof(Smb2Client.Create));
}
private bool UserLogon(DetectionInfo info, Smb2Client client, out ulong messageId, out ulong sessionId, out Guid clientGuid, out NEGOTIATE_Response negotiateResp)
{
messageId = 0;
sessionId = 0;
client.ConnectOverTCP(Dns.GetHostAddresses(info.ContentServerName)[0]);
#region Negotiate
DialectRevision selectedDialect;
byte[] gssToken;
Packet_Header header;
clientGuid = Guid.NewGuid();
client.Negotiate(
1,
1,
Packet_Header_Flags_Values.NONE,
messageId++,
new DialectRevision[] { DialectRevision.Smb30 },
SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED,
Capabilities_Values.GLOBAL_CAP_DFS | Capabilities_Values.GLOBAL_CAP_DIRECTORY_LEASING | Capabilities_Values.GLOBAL_CAP_LARGE_MTU | Capabilities_Values.GLOBAL_CAP_LEASING | Capabilities_Values.GLOBAL_CAP_MULTI_CHANNEL | Capabilities_Values.GLOBAL_CAP_PERSISTENT_HANDLES,
clientGuid,
out selectedDialect,
out gssToken,
out header,
out negotiateResp);
if (header.Status != Smb2Status.STATUS_SUCCESS)
{
LogFailedStatus("NEGOTIATE", header.Status);
throw new Exception(string.Format("NEGOTIATE failed with {0}", Smb2Status.GetStatusCode(header.Status)));
}
#endregion
#region Session Setup
SESSION_SETUP_Response sessionSetupResp;
SspiClientSecurityContext sspiClientGss =
new SspiClientSecurityContext(
SecurityPackageType,
Credential,
Smb2Utility.GetCifsServicePrincipalName(ContentServerName),
ClientSecurityContextAttribute.None,
SecurityTargetDataRepresentation.SecurityNativeDrep);
// Server GSS token is used only for Negotiate authentication when enabled
if (SecurityPackageType == SecurityPackageType.Negotiate)
{
sspiClientGss.Initialize(gssToken);
}
else
{
sspiClientGss.Initialize(null);
}
do
{
client.SessionSetup(
1,
64,
Packet_Header_Flags_Values.NONE,
messageId++,
sessionId,
SESSION_SETUP_Request_Flags.NONE,
SESSION_SETUP_Request_SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED,
SESSION_SETUP_Request_Capabilities_Values.GLOBAL_CAP_DFS,
0,
sspiClientGss.Token,
out sessionId,
out gssToken,
out header,
out sessionSetupResp);
if ((header.Status == Smb2Status.STATUS_MORE_PROCESSING_REQUIRED || header.Status == Smb2Status.STATUS_SUCCESS) && gssToken != null && gssToken.Length > 0)
{
sspiClientGss.Initialize(gssToken);
}
} while (header.Status == Smb2Status.STATUS_MORE_PROCESSING_REQUIRED);
if (header.Status != Smb2Status.STATUS_SUCCESS)
{
LogFailedStatus("SESSIONSETUP", header.Status);
throw new Exception(string.Format("SESSIONSETUP failed with {0}", Smb2Status.GetStatusCode(header.Status)));
}
byte[] sessionKey;
sessionKey = sspiClientGss.SessionKey;
client.GenerateCryptoKeys(sessionId, sessionKey, true, false, null, false);
#endregion
return(true);
}