public void TreeConnectRequest(SigningFlagType signingFlagType) { uint treeId; SigningModelSessionId modelSessionId = SigningModelSessionId.ZeroSessionId; SigningFlagType responseSigningFlagType = SigningFlagType.SignedFlagNotSet; string sharePath = Smb2Utility.GetUncPath(testConfig.SutComputerName, testConfig.BasicFileShare); Packet_Header_Flags_Values headerFlags = (signingFlagType == SigningFlagType.SignedFlagSet) ? Packet_Header_Flags_Values.FLAGS_SIGNED : Packet_Header_Flags_Values.NONE; // Inform SDK to disable/enable signing according to SigningFlagType. bool isEnableSigning = !(signingFlagType == SigningFlagType.SignedFlagNotSet); testClient.EnableSessionSigningAndEncryption(enableSigning: isEnableSigning, enableEncryption: false); uint status = testClient.TreeConnect( headerFlags, sharePath, out treeId, checker: (header, response) => { modelSessionId = GetModelSessionId(header.SessionId); responseSigningFlagType = GetSigningFlagType(header.Flags); }); TreeConnectResponse((ModelSmb2Status)status, modelSessionId, responseSigningFlagType); }
private void Compound_RelatedRequests(string fileName, bool isEncrypted) { BaseTestSite.Log.Add(LogEntryKind.TestStep, "Initialize the test client."); Smb2FunctionalClient client = new Smb2FunctionalClient(TestConfig.Timeout, TestConfig, BaseTestSite); uint treeId; BaseTestSite.Log.Add(LogEntryKind.TestStep, "Connect to the SMB2 basic share by sending the following requests: NEGOTIATE; SESSION_SETUP; TREE_CONNECT."); ConnectToShare(client, out treeId); BaseTestSite.Log.Add(LogEntryKind.TestStep, "Construct Create packet."); Smb2CreateRequestPacket createPacket = ConstructCreatePacket(client.SessionId, treeId, fileName); BaseTestSite.Log.Add(LogEntryKind.TestStep, "Construct Write packet, flag FLAGS_RELATED_OPERATIONS is set."); Smb2WriteRequestPacket writePacket = ConstructRelatedWritePacket(); BaseTestSite.Log.Add(LogEntryKind.TestStep, "Construct Close packet, flag FLAGS_RELATED_OPERATIONS is set."); Smb2CloseRequestPacket closePacket = ConstructRelatedClosePacket(); BaseTestSite.Log.Add(LogEntryKind.TestStep, "Send {0}compounded Create, Write and Close requests to SUT.", isEncrypted ? "encrypted " : ""); List <Smb2SinglePacket> requestPackets = new List <Smb2SinglePacket>(); requestPackets.Add(createPacket); requestPackets.Add(writePacket); requestPackets.Add(closePacket); if (isEncrypted) { // Enable encryption client.EnableSessionSigningAndEncryption(enableSigning: testConfig.SendSignedRequest, enableEncryption: true); } List <Smb2SinglePacket> responsePackets = client.SendAndReceiveCompoundPacket(requestPackets); BaseTestSite.Log.Add(LogEntryKind.TestStep, "Verify responses to the compounded request."); foreach (var responsePacket in responsePackets) { if (TestConfig.Platform == Platform.WindowsServer2016 && responsePacket.Header.Status != Smb2Status.STATUS_SUCCESS) { } else { BaseTestSite.Assert.AreEqual( Smb2Status.STATUS_SUCCESS, responsePacket.Header.Status, "{0} should succeed, actual status is {1}", responsePacket.Header.Command, Smb2Status.GetStatusCode(responsePacket.Header.Status)); } } client.TreeDisconnect(treeId); client.LogOff(); client.Disconnect(); }
public void TreeConnectRequest(ConnectToShareType connectToShareType, ModelRequestType modelRequestType) { string sharePath = (connectToShareType == ConnectToShareType.ConnectToEncryptedShare) ? Smb2Utility.GetUncPath(testConfig.SutComputerName, testConfig.EncryptedFileShare) : Smb2Utility.GetUncPath(testConfig.SutComputerName, testConfig.BasicFileShare); if (modelRequestType == ModelRequestType.EncryptedRequest) { testClient.EnableSessionSigningAndEncryption(enableSigning: false, enableEncryption: true); } else { testClient.EnableSessionSigningAndEncryption(enableSigning: testConfig.SendSignedRequest, enableEncryption: false); } try { uint status = 0; TREE_CONNECT_Response?treeConnectResponse = null; status = testClient.TreeConnect( sharePath, out treeId, checker: (header, response) => { treeConnectResponse = response; }); ShareEncryptDataType shareEncryptDataType = treeConnectResponse.Value.ShareFlags.HasFlag(ShareFlags_Values.SHAREFLAG_ENCRYPT_DATA) ? ShareEncryptDataType.ShareEncryptDataSet : ShareEncryptDataType.ShareEncryptDataNotSet; //TODO: To be implemented after TRANSFORM_HEADER added into Smb2FunctionalClient ModelResponseType modelResponseType = (modelRequestType == ModelRequestType.EncryptedRequest) ? ModelResponseType.EncryptedResponse : ModelResponseType.UnEncryptedResponse; TreeConnectResponse((ModelSmb2Status)status, shareEncryptDataType, modelResponseType, encryptionConfig); } catch { } }
public void Send_Multiple_Requests() { BaseTestSite.Log.Add(LogEntryKind.TestStep, "Initialize the test client."); Smb2FunctionalClient client = new Smb2FunctionalClient(TestConfig.Timeout, TestConfig, BaseTestSite); uint treeId; BaseTestSite.Log.Add(LogEntryKind.TestStep, "Connect to the SMB2 basic share by sending the following requests: NEGOTIATE; SESSION_SETUP; TREE_CONNECT."); ConnectToShare(client, out treeId); List <Smb2SinglePacket> requestPackets = new List <Smb2SinglePacket>(); for (int i = 1; i <= 10; i++) { BaseTestSite.Log.Add(LogEntryKind.TestStep, "Construct the {0} Create packet.", i); string fileName = string.Format("FileNew_{0}_{1}.txt", i, Guid.NewGuid()); Task <Smb2CreateRequestPacket> t1 = Task <Smb2CreateRequestPacket> .Factory.StartNew(() => ConstructCreatePacket(client.SessionId, treeId, fileName)); requestPackets.Add(t1.Result); } client.EnableSessionSigningAndEncryption(enableSigning: testConfig.SendSignedRequest, enableEncryption: false); Task <List <ulong> > sendRequest = Task <List <ulong> > .Factory.StartNew(() => client.SendCompoundPacket(requestPackets)); List <Smb2SinglePacket> responsePackets = client.ReceiveCompoundPacket(sendRequest.Result); BaseTestSite.Log.Add(LogEntryKind.TestStep, "Verify responses to the compounded request."); foreach (var responsePacket in responsePackets) { if (TestConfig.Platform == Platform.WindowsServer2016 && responsePacket.Header.Status != Smb2Status.STATUS_SUCCESS) { } else { BaseTestSite.Assert.AreEqual( Smb2Status.STATUS_SUCCESS, responsePacket.Header.Status, "{0} should succeed, actual status is {1}", responsePacket.Header.Command, Smb2Status.GetStatusCode(responsePacket.Header.Status)); } } client.TreeDisconnect(treeId); client.LogOff(); client.Disconnect(); }
private void Compound_UnrelatedRequests(string firstFileName, string secondFileName, bool isEncrypted) { BaseTestSite.Log.Add(LogEntryKind.TestStep, "Initialize the test client."); Smb2FunctionalClient client = new Smb2FunctionalClient(TestConfig.Timeout, TestConfig, BaseTestSite); uint treeId; BaseTestSite.Log.Add(LogEntryKind.TestStep, "Connect to the SMB2 basic share by sending the following requests: NEGOTIATE; SESSION_SETUP; TREE_CONNECT."); ConnectToShare(client, out treeId); BaseTestSite.Log.Add(LogEntryKind.TestStep, "Construct the first Create packet."); Smb2CreateRequestPacket firstCreatePacket = ConstructCreatePacket(client.SessionId, treeId, firstFileName); BaseTestSite.Log.Add(LogEntryKind.TestStep, "Construct the second Create packet."); Smb2CreateRequestPacket secondCreatePacket = ConstructCreatePacket(client.SessionId, treeId, secondFileName); BaseTestSite.Log.Add(LogEntryKind.TestStep, "Send the two {0}compounded Create packets to SUT.", isEncrypted ? "encrypted " : ""); List <Smb2SinglePacket> requestPackets = new List <Smb2SinglePacket>(); requestPackets.Add(firstCreatePacket); requestPackets.Add(secondCreatePacket); if (isEncrypted) { // Enable encryption client.EnableSessionSigningAndEncryption(enableSigning: testConfig.SendSignedRequest, enableEncryption: true); } List <Smb2SinglePacket> responsePackets = client.SendAndReceiveCompoundPacket(false, requestPackets); BaseTestSite.Log.Add(LogEntryKind.TestStep, "Verify responses to the compounded request."); foreach (var responsePacket in responsePackets) { BaseTestSite.Assert.AreEqual( Smb2Status.STATUS_SUCCESS, responsePacket.Header.Status, "{0} should succeed, actual status is {1}", responsePacket.Header.Command, Smb2Status.GetStatusCode(responsePacket.Header.Status)); } client.TreeDisconnect(treeId); client.LogOff(); client.Disconnect(); }
public void BVT_TreeMgmt_SMB311_Disconnect_NoSignedNoEncryptedTreeConnect() { #region Check Applicability TestConfig.CheckDialect(DialectRevision.Smb311); if (TestConfig.IsServerSigningRequired) { BaseTestSite.Assert.Inconclusive("Test case is only applicable when security signature is not required by the server " + "because if signing or encryption is required in server, the server will fail the TreeConnect with STATUS_ACCESS_DENIED, which is not the purpose of this case."); } if (TestConfig.IsGlobalEncryptDataEnabled && TestConfig.IsGlobalRejectUnencryptedAccessEnabled) { BaseTestSite.Assert.Inconclusive("Test case is only applicable when encryption is not required by the server " + "because if signing or encryption is required in server, the server will fail the TreeConnect with STATUS_ACCESS_DENIED, which is not the purpose of this case."); } #endregion BaseTestSite.Log.Add(LogEntryKind.TestStep, "Client sends NEGOTIATE request without NEGOTIATE_SIGNING_REQUIRED and GLOBAL_CAP_ENCRYPTION set."); client.Negotiate( TestConfig.RequestDialects, TestConfig.IsSMB1NegotiateEnabled, SecurityMode_Values.NONE, Capabilities_Values.NONE); BaseTestSite.Log.Add(LogEntryKind.TestStep, "Client sends SESSION_SETUP request without NEGOTIATE_SIGNING_REQUIRED flag set."); client.SessionSetup( TestConfig.DefaultSecurityPackage, TestConfig.SutComputerName, TestConfig.AccountCredential, TestConfig.UseServerGssToken, SESSION_SETUP_Request_SecurityMode_Values.NONE); string uncSharepath = Smb2Utility.GetUncPath(TestConfig.SutComputerName, TestConfig.BasicFileShare); uint treeId; BaseTestSite.Log.Add(LogEntryKind.TestStep, "Client sends TREE_CONNECT request which is not signed or not encrypted and expects server disconnects the connection."); try { client.EnableSessionSigningAndEncryption(enableSigning: false, enableEncryption: false); // Trigger Server Disconnect event client.TreeConnect( Packet_Header_Flags_Values.NONE, uncSharepath, out treeId, checker: (Packet_Header header, TREE_CONNECT_Response response) => { BaseTestSite.Assert.AreNotEqual( Smb2Status.STATUS_SUCCESS, header.Status, "TREE_CONNECT should NOT succeed."); }); // Check if server is still responding client.Echo(treeId); } catch { } // Check if server is disconnected BaseTestSite.Assert.IsTrue(client.Smb2Client.IsServerDisconnected, "[MS-SMB2] 3.3.5.7 If Connection.Dialect is \"3.1.1\" and Session.IsAnonymous and Session.IsGuest are set to FALSE" + " and the request is not signed or not encrypted, then the server MUST disconnect the connection. " + "Server did {0}disconnect the connection.", client.Smb2Client.IsServerDisconnected ? "" : "not "); }
/// <summary> /// Operations after Negotiate, from Session Setup to Log off. /// </summary> private void PostNegotiateOperations(EnableEncryptionType enableEncryptionType, bool connectEncryptedShare) { BaseTestSite.Log.Add(LogEntryKind.TestStep, "Client sends SESSION_SETUP request and expects response."); client.SessionSetup( TestConfig.DefaultSecurityPackage, TestConfig.SutComputerName, TestConfig.AccountCredential, TestConfig.UseServerGssToken); if (enableEncryptionType == EnableEncryptionType.EnableEncryptionPerSession) { // After calling this method, client will send encrypted message after session setup BaseTestSite.Log.Add(LogEntryKind.TestStep, "Client enables global encryption."); client.EnableSessionSigningAndEncryption(enableSigning: false, enableEncryption: true); } string uncSharepath = Smb2Utility.GetUncPath(TestConfig.SutComputerName, connectEncryptedShare ? TestConfig.EncryptedFileShare : TestConfig.BasicFileShare); uint treeId; BaseTestSite.Log.Add(LogEntryKind.TestStep, "Client sends TREE_CONNECT to share: {0}", uncSharepath); client.TreeConnect( uncSharepath, out treeId, (Packet_Header header, TREE_CONNECT_Response response) => { BaseTestSite.Assert.AreEqual( Smb2Status.STATUS_SUCCESS, header.Status, "TreeConnect should succeed, actually server returns {0}.", Smb2Status.GetStatusCode(header.Status)); if (connectEncryptedShare) { BaseTestSite.Assert.AreEqual( ShareFlags_Values.SHAREFLAG_ENCRYPT_DATA, ShareFlags_Values.SHAREFLAG_ENCRYPT_DATA & response.ShareFlags, "Server should set SMB2_SHAREFLAG_ENCRYPT_DATA for ShareFlags field in TREE_CONNECT response"); } else { BaseTestSite.Assert.AreNotEqual( ShareFlags_Values.SHAREFLAG_ENCRYPT_DATA, ShareFlags_Values.SHAREFLAG_ENCRYPT_DATA & response.ShareFlags, "Server should not set SMB2_SHAREFLAG_ENCRYPT_DATA for ShareFlags field in TREE_CONNECT response"); } }); if (enableEncryptionType == EnableEncryptionType.EnableEncryptionPerShare) { // After calling this method, client will send encrypted message after tree connect. BaseTestSite.Log.Add(LogEntryKind.TestStep, "Client enables per share encryption: TreeId=0x{0:x}", treeId); client.SetTreeEncryption(treeId, true); } FILEID fileId; Smb2CreateContextResponse[] serverCreateContexts; BaseTestSite.Log.Add(LogEntryKind.TestStep, "Client sends encrypted CREATE request and expects success."); client.Create( treeId, CurrentTestCaseName + "_" + Guid.NewGuid() + ".txt", CreateOptions_Values.FILE_NON_DIRECTORY_FILE | CreateOptions_Values.FILE_DELETE_ON_CLOSE, out fileId, out serverCreateContexts); string content = Smb2Utility.CreateRandomString(TestConfig.WriteBufferLengthInKb); BaseTestSite.Log.Add(LogEntryKind.TestStep, "Client sends encrpyted WRITE request and expects success."); client.Write(treeId, fileId, content); string actualContent; BaseTestSite.Log.Add(LogEntryKind.TestStep, "Client sends encrypted READ request and expects success."); client.Read(treeId, fileId, 0, (uint)content.Length, out actualContent); BaseTestSite.Assert.IsTrue( content.Equals(actualContent), "File content read should be identical to that has been written."); BaseTestSite.Log.Add(LogEntryKind.TestStep, "Tear down the client by sending the following requests: CLOSE; TREE_DISCONNECT; LOG_OFF"); client.Close(treeId, fileId); client.TreeDisconnect(treeId); client.LogOff(); }
private void CreateTestFile(CompressionAlgorithm[] compressionAlgorithms, bool enableEncryption, out uint treeId, out FILEID fileId, bool enableChainedCompression = false) { var capabilities = Capabilities_Values.NONE; if (enableEncryption) { capabilities |= Capabilities_Values.GLOBAL_CAP_ENCRYPTION; } EncryptionAlgorithm[] encryptionAlgorithms = null; if (enableEncryption) { encryptionAlgorithms = new EncryptionAlgorithm[] { EncryptionAlgorithm.ENCRYPTION_AES128_CCM, EncryptionAlgorithm.ENCRYPTION_AES128_GCM }; } BaseTestSite.Log.Add(LogEntryKind.TestStep, "Starts a client by sending the following requests: NEGOTIATE; SESSION_SETUP; TREE_CONNECT."); client = new Smb2FunctionalClient(TestConfig.Timeout, TestConfig, BaseTestSite); client.ConnectToServer(TestConfig.UnderlyingTransport, TestConfig.SutComputerName, TestConfig.SutIPAddress); client.NegotiateWithContexts( Packet_Header_Flags_Values.NONE, TestConfig.RequestDialects, preauthHashAlgs: new PreauthIntegrityHashID[] { PreauthIntegrityHashID.SHA_512 }, encryptionAlgs: encryptionAlgorithms, compressionAlgorithms: compressionAlgorithms, compressionFlags: enableChainedCompression ? SMB2_COMPRESSION_CAPABILITIES_Flags.SMB2_COMPRESSION_CAPABILITIES_FLAG_CHAINED : SMB2_COMPRESSION_CAPABILITIES_Flags.SMB2_COMPRESSION_CAPABILITIES_FLAG_NONE, capabilityValue: capabilities, checker: (Packet_Header header, NEGOTIATE_Response response) => { BaseTestSite.Assert.AreEqual(Smb2Status.STATUS_SUCCESS, header.Status, "SUT MUST return STATUS_SUCCESS if the negotiation finished successfully."); if (TestConfig.IsWindowsPlatform) { CheckCompressionAlgorithmsForWindowsImplementation(compressionAlgorithms); } else { bool isExpectedNonWindowsCompressionContext = Enumerable.SequenceEqual(client.Smb2Client.CompressionInfo.CompressionIds, compressionAlgorithms); { BaseTestSite.Assert.IsTrue(isExpectedNonWindowsCompressionContext, "[MS-SMB2] section 3.3.5.4: Non-Windows implementation MUST set CompressionAlgorithms to the CompressionIds in request if they are all supported by SUT."); } } }); client.SessionSetup( TestConfig.DefaultSecurityPackage, TestConfig.SutComputerName, TestConfig.AccountCredential, TestConfig.UseServerGssToken); if (enableEncryption) { client.EnableSessionSigningAndEncryption(enableSigning: false, enableEncryption: true); } client.TreeConnect(uncSharePath, out treeId); BaseTestSite.Log.Add(LogEntryKind.TestStep, "Client sends CREATE request with desired access set to GENERIC_READ and GENERIC_WRITE to create a file."); Smb2CreateContextResponse[] serverCreateContexts; string fileName = GetTestFileName(uncSharePath); client.Create( treeId, fileName, CreateOptions_Values.FILE_NON_DIRECTORY_FILE, out fileId, out serverCreateContexts, accessMask: AccessMask.GENERIC_READ | AccessMask.GENERIC_WRITE ); }
private void Compound_RelatedRequests(string fileName, bool isEncrypted) { BaseTestSite.Log.Add(LogEntryKind.TestStep, "Initialize the test client."); Smb2FunctionalClient client = new Smb2FunctionalClient(TestConfig.Timeout, TestConfig, BaseTestSite); uint treeId; BaseTestSite.Log.Add(LogEntryKind.TestStep, "Connect to the SMB2 basic share by sending the following requests: NEGOTIATE; SESSION_SETUP; TREE_CONNECT."); ConnectToShare(client, out treeId); BaseTestSite.Log.Add(LogEntryKind.TestStep, "Construct Create packet."); Smb2CreateRequestPacket createPacket = ConstructCreatePacket(client.SessionId, treeId, fileName); BaseTestSite.Log.Add(LogEntryKind.TestStep, "Construct Write packet, flag FLAGS_RELATED_OPERATIONS is set."); Smb2WriteRequestPacket writePacket = ConstructRelatedWritePacket(); BaseTestSite.Log.Add(LogEntryKind.TestStep, "Construct Close packet, flag FLAGS_RELATED_OPERATIONS is set."); Smb2CloseRequestPacket closePacket = ConstructRelatedClosePacket(); BaseTestSite.Log.Add(LogEntryKind.TestStep, "Send {0}compounded Create, Write and Close requests to SUT.", isEncrypted ? "encrypted " : ""); List<Smb2SinglePacket> requestPackets = new List<Smb2SinglePacket>(); requestPackets.Add(createPacket); requestPackets.Add(writePacket); requestPackets.Add(closePacket); if (isEncrypted) { // Enable encryption client.EnableSessionSigningAndEncryption(enableSigning: testConfig.SendSignedRequest, enableEncryption: true); } List<Smb2SinglePacket> responsePackets = client.SendAndReceiveCompoundPacket(requestPackets); BaseTestSite.Log.Add(LogEntryKind.TestStep, "Verify responses to the compounded request."); foreach (var responsePacket in responsePackets) { if (TestConfig.Platform == Platform.WindowsServer2016 && responsePacket.Header.Status != Smb2Status.STATUS_SUCCESS) { } else { BaseTestSite.Assert.AreEqual( Smb2Status.STATUS_SUCCESS, responsePacket.Header.Status, "{0} should succeed, actual status is {1}", responsePacket.Header.Command, Smb2Status.GetStatusCode(responsePacket.Header.Status)); } } client.TreeDisconnect(treeId); client.LogOff(); client.Disconnect(); }