탐색 도움말
로그인
coder
/
SMBLibrary-Fork
1
0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
브렌치: Mod-1
브랜치 태그
SMBLibrary-F...
/
SMBLibrary
/
Client
/
SMB1Client.cs

SMB1Client.cs 27 KB
고유링크 히스토리 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692 
  1. /* Copyright (C) 2014-2020 Tal Aloni <tal.aloni.il@gmail.com>. All rights reserved.
    2. 

  2.  * 
    3. 

  3.  * You can redistribute this program and/or modify it under the terms of
    4. 

  4.  * the GNU Lesser Public License as published by the Free Software Foundation,
    5. 

  5.  * either version 3 of the License, or (at your option) any later version.
    6. 

  6.  */
    7. 

  7. using System;
    8. 

  8. using System.Collections.Generic;
    9. 

  9. using System.Diagnostics;
    10. 

  10. using System.Net;
    11. 

  11. using System.Net.Sockets;
    12. 

  12. using System.Threading;
    13. 

  13. using SMBLibrary.Authentication.NTLM;
    14. 

  14. using SMBLibrary.NetBios;
    15. 

  15. using SMBLibrary.Services;
    16. 

  16. using SMBLibrary.SMB1;
    17. 

  17. using Utilities;
    18. 

  18. 

  19. namespace SMBLibrary.Client
    20. 

  20. {
    21. 

  21.     public class SMB1Client : ISMBClient
    22. 

  22.     {
    23. 

  23.         private const string NTLanManagerDialect = "NT LM 0.12";
    24. 

  24.         
    25. 

  25.         public static readonly int NetBiosOverTCPPort = 139;
    26. 

  26.         public static readonly int DirectTCPPort = 445;
    27. 

  27. 

  28.         private static readonly ushort ClientMaxBufferSize = 65535; // Valid range: 512 - 65535
    29. 

  29.         private static readonly ushort ClientMaxMpxCount = 1;
    30. 

  30. 

  31.         private SMBTransportType m_transport;
    32. 

  32.         private bool m_isConnected;
    33. 

  33.         private bool m_isLoggedIn;
    34. 

  34.         private Socket m_clientSocket;
    35. 

  35.         private bool m_forceExtendedSecurity;
    36. 

  36.         private bool m_unicode;
    37. 

  37.         private bool m_largeFiles;
    38. 

  38.         private bool m_infoLevelPassthrough;
    39. 

  39.         private bool m_largeRead;
    40. 

  40.         private bool m_largeWrite;
    41. 

  41.         private uint m_serverMaxBufferSize;
    42. 

  42.         private ushort m_maxMpxCount;
    43. 

  43. 

  44.         private object m_incomingQueueLock = new object();
    45. 

  45.         private List<SMB1Message> m_incomingQueue = new List<SMB1Message>();
    46. 

  46.         private EventWaitHandle m_incomingQueueEventHandle = new EventWaitHandle(false, EventResetMode.AutoReset);
    47. 

  47. 

  48.         private SessionPacket m_sessionResponsePacket;
    49. 

  49.         private EventWaitHandle m_sessionResponseEventHandle = new EventWaitHandle(false, EventResetMode.AutoReset);
    50. 

  50. 

  51.         private ushort m_userID;
    52. 

  52.         private byte[] m_serverChallenge;
    53. 

  53.         private byte[] m_securityBlob;
    54. 

  54.         private byte[] m_sessionKey;
    55. 

  55. 

  56.         public SMB1Client()
    57. 

  57.         {
    58. 

  58.         }
    59. 

  59. 

  60.         public bool Connect(IPAddress serverAddress, SMBTransportType transport)
    61. 

  61.         {
    62. 

  62.             return Connect(serverAddress, transport, true);
    63. 

  63.         }
    64. 

  64. 

  65.         public bool Connect(IPAddress serverAddress, SMBTransportType transport, bool forceExtendedSecurity)
    66. 

  66.         {
    67. 

  67.             m_transport = transport;
    68. 

  68.             if (!m_isConnected)
    69. 

  69.             {
    70. 

  70.                 m_forceExtendedSecurity = forceExtendedSecurity;
    71. 

  71.                 int port;
    72. 

  72.                 if (transport == SMBTransportType.NetBiosOverTCP)
    73. 

  73.                 {
    74. 

  74.                     port = NetBiosOverTCPPort;
    75. 

  75.                 }
    76. 

  76.                 else
    77. 

  77.                 {
    78. 

  78.                     port = DirectTCPPort;
    79. 

  79.                 }
    80. 

  80. 

  81.                 if (!ConnectSocket(serverAddress, port))
    82. 

  82.                 {
    83. 

  83.                     return false;
    84. 

  84.                 }
    85. 

  85.                 
    86. 

  86.                 if (transport == SMBTransportType.NetBiosOverTCP)
    87. 

  87.                 {
    88. 

  88.                     SessionRequestPacket sessionRequest = new SessionRequestPacket();
    89. 

  89.                     sessionRequest.CalledName = NetBiosUtils.GetMSNetBiosName("*SMBSERVER", NetBiosSuffix.FileServiceService);
    90. 

  90.                     sessionRequest.CallingName = NetBiosUtils.GetMSNetBiosName(Environment.MachineName, NetBiosSuffix.WorkstationService);
    91. 

  91.                     TrySendPacket(m_clientSocket, sessionRequest);
    92. 

  92. 

  93.                     SessionPacket sessionResponsePacket = WaitForSessionResponsePacket();
    94. 

  94.                     if (!(sessionResponsePacket is PositiveSessionResponsePacket))
    95. 

  95.                     {
    96. 

  96.                         m_clientSocket.Disconnect(false);
    97. 

  97.                         if (!ConnectSocket(serverAddress, port))
    98. 

  98.                         {
    99. 

  99.                             return false;
    100. 

  100.                         }
    101. 

  101. 

  102.                         NameServiceClient nameServiceClient = new NameServiceClient(serverAddress);
    103. 

  103.                         string serverName = nameServiceClient.GetServerName();
    104. 

  104.                         if (serverName == null)
    105. 

  105.                         {
    106. 

  106.                             return false;
    107. 

  107.                         }
    108. 

  108. 

  109.                         sessionRequest.CalledName = serverName;
    110. 

  110.                         TrySendPacket(m_clientSocket, sessionRequest);
    111. 

  111. 

  112.                         sessionResponsePacket = WaitForSessionResponsePacket();
    113. 

  113.                         if (!(sessionResponsePacket is PositiveSessionResponsePacket))
    114. 

  114.                         {
    115. 

  115.                             return false;
    116. 

  116.                         }
    117. 

  117.                     }
    118. 

  118.                 }
    119. 

  119. 

  120.                 bool supportsDialect = NegotiateDialect(m_forceExtendedSecurity);
    121. 

  121.                 if (!supportsDialect)
    122. 

  122.                 {
    123. 

  123.                     m_clientSocket.Close();
    124. 

  124.                 }
    125. 

  125.                 else
    126. 

  126.                 {
    127. 

  127.                     m_isConnected = true;
    128. 

  128.                 }
    129. 

  129.             }
    130. 

  130.             return m_isConnected;
    131. 

  131.         }
    132. 

  132. 

  133.         private bool ConnectSocket(IPAddress serverAddress, int port)
    134. 

  134.         {
    135. 

  135.             m_clientSocket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
    136. 

  136.             
    137. 

  137.             try
    138. 

  138.             {
    139. 

  139.                 m_clientSocket.Connect(serverAddress, port);
    140. 

  140.             }
    141. 

  141.             catch (SocketException)
    142. 

  142.             {
    143. 

  143.                 return false;
    144. 

  144.             }
    145. 

  145. 

  146.             ConnectionState state = new ConnectionState(m_clientSocket);
    147. 

  147.             NBTConnectionReceiveBuffer buffer = state.ReceiveBuffer;
    148. 

  148.             m_clientSocket.BeginReceive(buffer.Buffer, buffer.WriteOffset, buffer.AvailableLength, SocketFlags.None, new AsyncCallback(OnClientSocketReceive), state);
    149. 

  149.             return true;
    150. 

  150.         }
    151. 

  151. 

  152.         public void Disconnect()
    153. 

  153.         {
    154. 

  154.             if (m_isConnected)
    155. 

  155.             {
    156. 

  156.                 m_clientSocket.Disconnect(false);
    157. 

  157.                 m_isConnected = false;
    158. 

  158.             }
    159. 

  159.         }
    160. 

  160. 

  161.         private bool NegotiateDialect(bool forceExtendedSecurity)
    162. 

  162.         {
    163. 

  163.             NegotiateRequest request = new NegotiateRequest();
    164. 

  164.             request.Dialects.Add(NTLanManagerDialect);
    165. 

  165. 

  166.             TrySendMessage(request);
    167. 

  167.             SMB1Message reply = WaitForMessage(CommandName.SMB_COM_NEGOTIATE);
    168. 

  168.             if (reply == null)
    169. 

  169.             {
    170. 

  170.                 return false;
    171. 

  171.             }
    172. 

  172. 

  173.             if (reply.Commands[0] is NegotiateResponse && !forceExtendedSecurity)
    174. 

  174.             {
    175. 

  175.                 NegotiateResponse response = (NegotiateResponse)reply.Commands[0];
    176. 

  176.                 m_unicode = ((response.Capabilities & Capabilities.Unicode) > 0);
    177. 

  177.                 m_largeFiles = ((response.Capabilities & Capabilities.LargeFiles) > 0);
    178. 

  178.                 bool ntSMB = ((response.Capabilities & Capabilities.NTSMB) > 0);
    179. 

  179.                 bool rpc = ((response.Capabilities & Capabilities.RpcRemoteApi) > 0);
    180. 

  180.                 bool ntStatusCode = ((response.Capabilities & Capabilities.NTStatusCode) > 0);
    181. 

  181.                 m_infoLevelPassthrough = ((response.Capabilities & Capabilities.InfoLevelPassthrough) > 0);
    182. 

  182.                 m_largeRead = ((response.Capabilities & Capabilities.LargeRead) > 0);
    183. 

  183.                 m_largeWrite = ((response.Capabilities & Capabilities.LargeWrite) > 0);
    184. 

  184.                 m_serverMaxBufferSize = response.MaxBufferSize;
    185. 

  185.                 m_maxMpxCount = Math.Min(response.MaxMpxCount, ClientMaxMpxCount);
    186. 

  186.                 m_serverChallenge = response.Challenge;
    187. 

  187.                 return ntSMB && rpc && ntStatusCode;
    188. 

  188.             }
    189. 

  189.             else if (reply.Commands[0] is NegotiateResponseExtended)
    190. 

  190.             {
    191. 

  191.                 NegotiateResponseExtended response = (NegotiateResponseExtended)reply.Commands[0];
    192. 

  192.                 m_unicode = ((response.Capabilities & Capabilities.Unicode) > 0);
    193. 

  193.                 m_largeFiles = ((response.Capabilities & Capabilities.LargeFiles) > 0);
    194. 

  194.                 bool ntSMB = ((response.Capabilities & Capabilities.NTSMB) > 0);
    195. 

  195.                 bool rpc = ((response.Capabilities & Capabilities.RpcRemoteApi) > 0);
    196. 

  196.                 bool ntStatusCode = ((response.Capabilities & Capabilities.NTStatusCode) > 0);
    197. 

  197.                 m_infoLevelPassthrough = ((response.Capabilities & Capabilities.InfoLevelPassthrough) > 0);
    198. 

  198.                 m_largeRead = ((response.Capabilities & Capabilities.LargeRead) > 0);
    199. 

  199.                 m_largeWrite = ((response.Capabilities & Capabilities.LargeWrite) > 0);
    200. 

  200.                 m_serverMaxBufferSize = response.MaxBufferSize;
    201. 

  201.                 m_maxMpxCount = Math.Min(response.MaxMpxCount, ClientMaxMpxCount);
    202. 

  202.                 m_securityBlob = response.SecurityBlob;
    203. 

  203.                 return ntSMB && rpc && ntStatusCode;
    204. 

  204.             }
    205. 

  205.             else
    206. 

  206.             {
    207. 

  207.                 return false;
    208. 

  208.             }
    209. 

  209.         }
    210. 

  210. 

  211.         public NTStatus Login(string domainName, string userName, string password)
    212. 

  212.         {
    213. 

  213.             return Login(domainName, userName, password, AuthenticationMethod.NTLMv2);
    214. 

  214.         }
    215. 

  215. 

  216.         public NTStatus Login(string domainName, string userName, string password, AuthenticationMethod authenticationMethod)
    217. 

  217.         {
    218. 

  218.             if (!m_isConnected)
    219. 

  219.             {
    220. 

  220.                 throw new InvalidOperationException("A connection must be successfully established before attempting login");
    221. 

  221.             }
    222. 

  222. 

  223.             Capabilities clientCapabilities = Capabilities.NTSMB | Capabilities.RpcRemoteApi | Capabilities.NTStatusCode | Capabilities.NTFind;
    224. 

  224.             if (m_unicode)
    225. 

  225.             {
    226. 

  226.                 clientCapabilities |= Capabilities.Unicode;
    227. 

  227.             }
    228. 

  228.             if (m_largeFiles)
    229. 

  229.             {
    230. 

  230.                 clientCapabilities |= Capabilities.LargeFiles;
    231. 

  231.             }
    232. 

  232.             if (m_largeRead)
    233. 

  233.             {
    234. 

  234.                 clientCapabilities |= Capabilities.LargeRead;
    235. 

  235.             }
    236. 

  236. 

  237.             if (m_serverChallenge != null)
    238. 

  238.             {
    239. 

  239.                 SessionSetupAndXRequest request = new SessionSetupAndXRequest();
    240. 

  240.                 request.MaxBufferSize = ClientMaxBufferSize;
    241. 

  241.                 request.MaxMpxCount = m_maxMpxCount;
    242. 

  242.                 request.Capabilities = clientCapabilities;
    243. 

  243.                 request.AccountName = userName;
    244. 

  244.                 request.PrimaryDomain = domainName;
    245. 

  245.                 byte[] clientChallenge = new byte[8];
    246. 

  246.                 new Random().NextBytes(clientChallenge);
    247. 

  247.                 if (authenticationMethod == AuthenticationMethod.NTLMv1)
    248. 

  248.                 {
    249. 

  249.                     request.OEMPassword = NTLMCryptography.ComputeLMv1Response(m_serverChallenge, password);
    250. 

  250.                     request.UnicodePassword = NTLMCryptography.ComputeNTLMv1Response(m_serverChallenge, password);
    251. 

  251.                 }
    252. 

  252.                 else if (authenticationMethod == AuthenticationMethod.NTLMv1ExtendedSessionSecurity)
    253. 

  253.                 {
    254. 

  254.                     // [MS-CIFS] CIFS does not support Extended Session Security because there is no mechanism in CIFS to negotiate Extended Session Security
    255. 

  255.                     throw new ArgumentException("SMB Extended Security must be negotiated in order for NTLMv1 Extended Session Security to be used");
    256. 

  256.                 }
    257. 

  257.                 else // NTLMv2
    258. 

  258.                 {
    259. 

  259.                     // Note: NTLMv2 over non-extended security session setup is not supported under Windows Vista and later which will return STATUS_INVALID_PARAMETER.
    260. 

  260.                     // https://msdn.microsoft.com/en-us/library/ee441701.aspx
    261. 

  261.                     // https://msdn.microsoft.com/en-us/library/cc236700.aspx
    262. 

  262.                     request.OEMPassword = NTLMCryptography.ComputeLMv2Response(m_serverChallenge, clientChallenge, password, userName, domainName);
    263. 

  263.                     NTLMv2ClientChallenge clientChallengeStructure = new NTLMv2ClientChallenge(DateTime.UtcNow, clientChallenge, AVPairUtils.GetAVPairSequence(domainName, Environment.MachineName));
    264. 

  264.                     byte[] temp = clientChallengeStructure.GetBytesPadded();
    265. 

  265.                     byte[] proofStr = NTLMCryptography.ComputeNTLMv2Proof(m_serverChallenge, temp, password, userName, domainName);
    266. 

  266.                     request.UnicodePassword = ByteUtils.Concatenate(proofStr, temp);
    267. 

  267.                 }
    268. 

  268.                 
    269. 

  269.                 TrySendMessage(request);
    270. 

  270. 

  271.                 SMB1Message reply = WaitForMessage(CommandName.SMB_COM_SESSION_SETUP_ANDX);
    272. 

  272.                 if (reply != null)
    273. 

  273.                 {
    274. 

  274.                     m_isLoggedIn = (reply.Header.Status == NTStatus.STATUS_SUCCESS);
    275. 

  275.                     return reply.Header.Status;
    276. 

  276.                 }
    277. 

  277.                 return NTStatus.STATUS_INVALID_SMB;
    278. 

  278.             }
    279. 

  279.             else // m_securityBlob != null
    280. 

  280.             {
    281. 

  281.                 byte[] negotiateMessage = NTLMAuthenticationHelper.GetNegotiateMessage(m_securityBlob, domainName, authenticationMethod);
    282. 

  282.                 if (negotiateMessage == null)
    283. 

  283.                 {
    284. 

  284.                     return NTStatus.SEC_E_INVALID_TOKEN;
    285. 

  285.                 }
    286. 

  286. 

  287.                 SessionSetupAndXRequestExtended request = new SessionSetupAndXRequestExtended();
    288. 

  288.                 request.MaxBufferSize = ClientMaxBufferSize;
    289. 

  289.                 request.MaxMpxCount = m_maxMpxCount;
    290. 

  290.                 request.Capabilities = clientCapabilities;
    291. 

  291.                 request.SecurityBlob = negotiateMessage;
    292. 

  292.                 TrySendMessage(request);
    293. 

  293.                 
    294. 

  294.                 SMB1Message reply = WaitForMessage(CommandName.SMB_COM_SESSION_SETUP_ANDX);
    295. 

  295.                 if (reply != null)
    296. 

  296.                 {
    297. 

  297.                     if (reply.Header.Status == NTStatus.STATUS_MORE_PROCESSING_REQUIRED && reply.Commands[0] is SessionSetupAndXResponseExtended)
    298. 

  298.                     {
    299. 

  299.                         SessionSetupAndXResponseExtended response = (SessionSetupAndXResponseExtended)reply.Commands[0];
    300. 

  300.                         byte[] authenticateMessage = NTLMAuthenticationHelper.GetAuthenticateMessage(response.SecurityBlob, domainName, userName, password, authenticationMethod, out m_sessionKey);
    301. 

  301.                         if (authenticateMessage == null)
    302. 

  302.                         {
    303. 

  303.                             return NTStatus.SEC_E_INVALID_TOKEN;
    304. 

  304.                         }
    305. 

  305. 

  306.                         m_userID = reply.Header.UID;
    307. 

  307.                         request = new SessionSetupAndXRequestExtended();
    308. 

  308.                         request.MaxBufferSize = ClientMaxBufferSize;
    309. 

  309.                         request.MaxMpxCount = m_maxMpxCount;
    310. 

  310.                         request.Capabilities = clientCapabilities;
    311. 

  311.                         request.SecurityBlob = authenticateMessage;
    312. 

  312.                         TrySendMessage(request);
    313. 

  313. 

  314.                         reply = WaitForMessage(CommandName.SMB_COM_SESSION_SETUP_ANDX);
    315. 

  315.                         if (reply != null)
    316. 

  316.                         {
    317. 

  317.                             m_isLoggedIn = (reply.Header.Status == NTStatus.STATUS_SUCCESS);
    318. 

  318.                             return reply.Header.Status;
    319. 

  319.                         }
    320. 

  320.                     }
    321. 

  321.                     else
    322. 

  322.                     {
    323. 

  323.                         return reply.Header.Status;
    324. 

  324.                     }
    325. 

  325.                 }
    326. 

  326.                 return NTStatus.STATUS_INVALID_SMB;
    327. 

  327.             }
    328. 

  328.         }
    329. 

  329. 

  330.         public NTStatus Logoff()
    331. 

  331.         {
    332. 

  332.             if (!m_isConnected)
    333. 

  333.             {
    334. 

  334.                 throw new InvalidOperationException("A login session must be successfully established before attempting logoff");
    335. 

  335.             }
    336. 

  336. 

  337.             LogoffAndXRequest request = new LogoffAndXRequest();
    338. 

  338.             TrySendMessage(request);
    339. 

  339. 

  340.             SMB1Message reply = WaitForMessage(CommandName.SMB_COM_LOGOFF_ANDX);
    341. 

  341.             if (reply != null)
    342. 

  342.             {
    343. 

  343.                 m_isLoggedIn = (reply.Header.Status != NTStatus.STATUS_SUCCESS);
    344. 

  344.                 return reply.Header.Status;
    345. 

  345.             }
    346. 

  346.             return NTStatus.STATUS_INVALID_SMB;
    347. 

  347.         }
    348. 

  348. 

  349.         public List<string> ListShares(out NTStatus status)
    350. 

  350.         {
    351. 

  351.             if (!m_isConnected || !m_isLoggedIn)
    352. 

  352.             {
    353. 

  353.                 throw new InvalidOperationException("A login session must be successfully established before retrieving share list");
    354. 

  354.             }
    355. 

  355. 

  356.             SMB1FileStore namedPipeShare = TreeConnect("IPC$", ServiceName.NamedPipe, out status);
    357. 

  357.             if (namedPipeShare == null)
    358. 

  358.             {
    359. 

  359.                 return null;
    360. 

  360.             }
    361. 

  361. 

  362.             List<string> shares = ServerServiceHelper.ListShares(namedPipeShare, ShareType.DiskDrive, out status);
    363. 

  363.             namedPipeShare.Disconnect();
    364. 

  364.             return shares;
    365. 

  365.         }
    366. 

  366. 

  367.         public ISMBFileStore TreeConnect(string shareName, out NTStatus status)
    368. 

  368.         {
    369. 

  369.             return TreeConnect(shareName, ServiceName.AnyType, out status);
    370. 

  370.         }
    371. 

  371. 

  372.         public SMB1FileStore TreeConnect(string shareName, ServiceName serviceName, out NTStatus status)
    373. 

  373.         {
    374. 

  374.             if (!m_isConnected || !m_isLoggedIn)
    375. 

  375.             {
    376. 

  376.                 throw new InvalidOperationException("A login session must be successfully established before connecting to a share");
    377. 

  377.             }
    378. 

  378. 

  379.             TreeConnectAndXRequest request = new TreeConnectAndXRequest();
    380. 

  380.             request.Path = shareName;
    381. 

  381.             request.Service = serviceName;
    382. 

  382.             TrySendMessage(request);
    383. 

  383.             SMB1Message reply = WaitForMessage(CommandName.SMB_COM_TREE_CONNECT_ANDX);
    384. 

  384.             if (reply != null)
    385. 

  385.             {
    386. 

  386.                 status = reply.Header.Status;
    387. 

  387.                 if (reply.Header.Status == NTStatus.STATUS_SUCCESS && reply.Commands[0] is TreeConnectAndXResponse)
    388. 

  388.                 {
    389. 

  389.                     TreeConnectAndXResponse response = (TreeConnectAndXResponse)reply.Commands[0];
    390. 

  390.                     return new SMB1FileStore(this, reply.Header.TID);
    391. 

  391.                 }
    392. 

  392.             }
    393. 

  393.             else
    394. 

  394.             {
    395. 

  395.                 status = NTStatus.STATUS_INVALID_SMB;
    396. 

  396.             }
    397. 

  397.             return null;
    398. 

  398.         }
    399. 

  399. 

  400.         private void OnClientSocketReceive(IAsyncResult ar)
    401. 

  401.         {
    402. 

  402.             ConnectionState state = (ConnectionState)ar.AsyncState;
    403. 

  403.             Socket clientSocket = state.ClientSocket;
    404. 

  404. 

  405.             if (!clientSocket.Connected)
    406. 

  406.             {
    407. 

  407.                 return;
    408. 

  408.             }
    409. 

  409. 

  410.             int numberOfBytesReceived = 0;
    411. 

  411.             try
    412. 

  412.             {
    413. 

  413.                 numberOfBytesReceived = clientSocket.EndReceive(ar);
    414. 

  414.             }
    415. 

  415.             catch (ArgumentException) // The IAsyncResult object was not returned from the corresponding synchronous method on this class.
    416. 

  416.             {
    417. 

  417.                 return;
    418. 

  418.             }
    419. 

  419.             catch (ObjectDisposedException)
    420. 

  420.             {
    421. 

  421.                 Log("[ReceiveCallback] EndReceive ObjectDisposedException");
    422. 

  422.                 return;
    423. 

  423.             }
    424. 

  424.             catch (SocketException ex)
    425. 

  425.             {
    426. 

  426.                 Log("[ReceiveCallback] EndReceive SocketException: " + ex.Message);
    427. 

  427.                 return;
    428. 

  428.             }
    429. 

  429. 

  430.             if (numberOfBytesReceived == 0)
    431. 

  431.             {
    432. 

  432.                 m_isConnected = false;
    433. 

  433.             }
    434. 

  434.             else
    435. 

  435.             {
    436. 

  436.                 NBTConnectionReceiveBuffer buffer = state.ReceiveBuffer;
    437. 

  437.                 buffer.SetNumberOfBytesReceived(numberOfBytesReceived);
    438. 

  438.                 ProcessConnectionBuffer(state);
    439. 

  439. 

  440.                 try
    441. 

  441.                 {
    442. 

  442.                     clientSocket.BeginReceive(buffer.Buffer, buffer.WriteOffset, buffer.AvailableLength, SocketFlags.None, new AsyncCallback(OnClientSocketReceive), state);
    443. 

  443.                 }
    444. 

  444.                 catch (ObjectDisposedException)
    445. 

  445.                 {
    446. 

  446.                     m_isConnected = false;
    447. 

  447.                     Log("[ReceiveCallback] BeginReceive ObjectDisposedException");
    448. 

  448.                 }
    449. 

  449.                 catch (SocketException ex)
    450. 

  450.                 {
    451. 

  451.                     m_isConnected = false;
    452. 

  452.                     Log("[ReceiveCallback] BeginReceive SocketException: " + ex.Message);
    453. 

  453.                 }
    454. 

  454.             }
    455. 

  455.         }
    456. 

  456. 

  457.         private void ProcessConnectionBuffer(ConnectionState state)
    458. 

  458.         {
    459. 

  459.             NBTConnectionReceiveBuffer receiveBuffer = state.ReceiveBuffer;
    460. 

  460.             while (receiveBuffer.HasCompletePacket())
    461. 

  461.             {
    462. 

  462.                 SessionPacket packet = null;
    463. 

  463.                 try
    464. 

  464.                 {
    465. 

  465.                     packet = receiveBuffer.DequeuePacket();
    466. 

  466.                 }
    467. 

  467.                 catch (Exception)
    468. 

  468.                 {
    469. 

  469.                     state.ClientSocket.Close();
    470. 

  470.                     break;
    471. 

  471.                 }
    472. 

  472. 

  473.                 if (packet != null)
    474. 

  474.                 {
    475. 

  475.                     ProcessPacket(packet, state);
    476. 

  476.                 }
    477. 

  477.             }
    478. 

  478.         }
    479. 

  479. 

  480.         private void ProcessPacket(SessionPacket packet, ConnectionState state)
    481. 

  481.         {
    482. 

  482.             if (packet is SessionMessagePacket)
    483. 

  483.             {
    484. 

  484.                 SMB1Message message;
    485. 

  485.                 try
    486. 

  486.                 {
    487. 

  487.                     message = SMB1Message.GetSMB1Message(packet.Trailer);
    488. 

  488.                 }
    489. 

  489.                 catch (Exception ex)
    490. 

  490.                 {
    491. 

  491.                     Log("Invalid SMB1 message: " + ex.Message);
    492. 

  492.                     state.ClientSocket.Close();
    493. 

  493.                     m_isConnected = false;
    494. 

  494.                     return;
    495. 

  495.                 }
    496. 

  496. 

  497.                 // [MS-CIFS] 3.2.5.1 - If the MID value is the reserved value 0xFFFF, the message can be an OpLock break
    498. 

  498.                 // sent by the server. Otherwise, if the PID and MID values of the received message are not found in the
    499. 

  499.                 // Client.Connection.PIDMIDList, the message MUST be discarded.
    500. 

  500.                 if ((message.Header.MID == 0xFFFF && message.Header.Command == CommandName.SMB_COM_LOCKING_ANDX) ||
    501. 

  501.                     (message.Header.PID == 0 && message.Header.MID == 0))
    502. 

  502.                 {
    503. 

  503.                     lock (m_incomingQueueLock)
    504. 

  504.                     {
    505. 

  505.                         m_incomingQueue.Add(message);
    506. 

  506.                         m_incomingQueueEventHandle.Set();
    507. 

  507.                     }
    508. 

  508.                 }
    509. 

  509.             }
    510. 

  510.             else if ((packet is PositiveSessionResponsePacket || packet is NegativeSessionResponsePacket) && m_transport == SMBTransportType.NetBiosOverTCP)
    511. 

  511.             {
    512. 

  512.                 m_sessionResponsePacket = packet;
    513. 

  513.                 m_sessionResponseEventHandle.Set();
    514. 

  514.             }
    515. 

  515.             else if (packet is SessionKeepAlivePacket && m_transport == SMBTransportType.NetBiosOverTCP)
    516. 

  516.             {
    517. 

  517.                 // [RFC 1001] NetBIOS session keep alives do not require a response from the NetBIOS peer
    518. 

  518.             }
    519. 

  519.             else
    520. 

  520.             {
    521. 

  521.                 Log("Inappropriate NetBIOS session packet");
    522. 

  522.                 state.ClientSocket.Close();
    523. 

  523.             }
    524. 

  524.         }
    525. 

  525. 

  526.         internal SMB1Message WaitForMessage(CommandName commandName)
    527. 

  527.         {
    528. 

  528.             const int TimeOut = 5000;
    529. 

  529.             Stopwatch stopwatch = new Stopwatch();
    530. 

  530.             stopwatch.Start();
    531. 

  531.             while (stopwatch.ElapsedMilliseconds < TimeOut)
    532. 

  532.             {
    533. 

  533.                 lock (m_incomingQueueLock)
    534. 

  534.                 {
    535. 

  535.                     for (int index = 0; index < m_incomingQueue.Count; index++)
    536. 

  536.                     {
    537. 

  537.                         SMB1Message message = m_incomingQueue[index];
    538. 

  538. 

  539.                         if (message.Commands[0].CommandName == commandName)
    540. 

  540.                         {
    541. 

  541.                             m_incomingQueue.RemoveAt(index);
    542. 

  542.                             return message;
    543. 

  543.                         }
    544. 

  544.                     }
    545. 

  545.                 }
    546. 

  546.                 m_incomingQueueEventHandle.WaitOne(100);
    547. 

  547.             }
    548. 

  548.             return null;
    549. 

  549.         }
    550. 

  550. 

  551.         internal SessionPacket WaitForSessionResponsePacket()
    552. 

  552.         {
    553. 

  553.             const int TimeOut = 5000;
    554. 

  554.             Stopwatch stopwatch = new Stopwatch();
    555. 

  555.             stopwatch.Start();
    556. 

  556.             while (stopwatch.ElapsedMilliseconds < TimeOut)
    557. 

  557.             {
    558. 

  558.                 if (m_sessionResponsePacket != null)
    559. 

  559.                 {
    560. 

  560.                     SessionPacket result = m_sessionResponsePacket;
    561. 

  561.                     m_sessionResponsePacket = null;
    562. 

  562.                     return result;
    563. 

  563.                 }
    564. 

  564. 

  565.                 m_sessionResponseEventHandle.WaitOne(100);
    566. 

  566.             }
    567. 

  567. 

  568.             return null;
    569. 

  569.         }
    570. 

  570. 

  571.         private void Log(string message)
    572. 

  572.         {
    573. 

  573.             System.Diagnostics.Debug.Print(message);
    574. 

  574.         }
    575. 

  575. 

  576.         internal void TrySendMessage(SMB1Command request)
    577. 

  577.         {
    578. 

  578.             TrySendMessage(request, 0);
    579. 

  579.         }
    580. 

  580. 

  581.         internal void TrySendMessage(SMB1Command request, ushort treeID)
    582. 

  582.         {
    583. 

  583.             SMB1Message message = new SMB1Message();
    584. 

  584.             message.Header.UnicodeFlag = m_unicode;
    585. 

  585.             message.Header.ExtendedSecurityFlag = m_forceExtendedSecurity;
    586. 

  586.             message.Header.Flags2 |= HeaderFlags2.LongNamesAllowed | HeaderFlags2.LongNameUsed | HeaderFlags2.NTStatusCode;
    587. 

  587.             message.Header.UID = m_userID;
    588. 

  588.             message.Header.TID = treeID;
    589. 

  589.             message.Commands.Add(request);
    590. 

  590.             TrySendMessage(m_clientSocket, message);
    591. 

  591.         }
    592. 

  592. 

  593.         public bool Unicode
    594. 

  594.         {
    595. 

  595.             get
    596. 

  596.             {
    597. 

  597.                 return m_unicode;
    598. 

  598.             }
    599. 

  599.         }
    600. 

  600. 

  601.         public bool LargeFiles
    602. 

  602.         {
    603. 

  603.             get
    604. 

  604.             {
    605. 

  605.                 return m_largeFiles;
    606. 

  606.             }
    607. 

  607.         }
    608. 

  608. 

  609.         public bool InfoLevelPassthrough
    610. 

  610.         {
    611. 

  611.             get
    612. 

  612.             {
    613. 

  613.                 return m_infoLevelPassthrough;
    614. 

  614.             }
    615. 

  615.         }
    616. 

  616. 

  617.         public bool LargeRead
    618. 

  618.         {
    619. 

  619.             get
    620. 

  620.             {
    621. 

  621.                 return m_largeRead;
    622. 

  622.             }
    623. 

  623.         }
    624. 

  624. 

  625.         public bool LargeWrite
    626. 

  626.         {
    627. 

  627.             get
    628. 

  628.             {
    629. 

  629.                 return m_largeWrite;
    630. 

  630.             }
    631. 

  631.         }
    632. 

  632. 

  633.         public uint ServerMaxBufferSize
    634. 

  634.         {
    635. 

  635.             get
    636. 

  636.             {
    637. 

  637.                 return m_serverMaxBufferSize;
    638. 

  638.             }
    639. 

  639.         }
    640. 

  640. 

  641.         public int MaxMpxCount
    642. 

  642.         {
    643. 

  643.             get
    644. 

  644.             {
    645. 

  645.                 return m_maxMpxCount;
    646. 

  646.             }
    647. 

  647.         }
    648. 

  648. 

  649.         public uint MaxReadSize
    650. 

  650.         {
    651. 

  651.             get
    652. 

  652.             {
    653. 

  653.                 return (uint)ClientMaxBufferSize - (SMB1Header.Length + 3 + ReadAndXResponse.ParametersLength);
    654. 

  654.             }
    655. 

  655.         }
    656. 

  656. 

  657.         public uint MaxWriteSize
    658. 

  658.         {
    659. 

  659.             get
    660. 

  660.             {
    661. 

  661.                 uint result = ServerMaxBufferSize - (SMB1Header.Length + 3 + WriteAndXRequest.ParametersFixedLength + 4);
    662. 

  662.                 if (m_unicode)
    663. 

  663.                 {
    664. 

  664.                     result--;
    665. 

  665.                 }
    666. 

  666.                 return result;
    667. 

  667.             }
    668. 

  668.         }
    669. 

  669. 

  670.         public static void TrySendMessage(Socket socket, SMB1Message message)
    671. 

  671.         {
    672. 

  672.             SessionMessagePacket packet = new SessionMessagePacket();
    673. 

  673.             packet.Trailer = message.GetBytes();
    674. 

  674.             TrySendPacket(socket, packet);
    675. 

  675.         }
    676. 

  676. 

  677.         public static void TrySendPacket(Socket socket, SessionPacket packet)
    678. 

  678.         {
    679. 

  679.             try
    680. 

  680.             {
    681. 

  681.                 byte[] packetBytes = packet.GetBytes();
    682. 

  682.                 socket.Send(packetBytes);
    683. 

  683.             }
    684. 

  684.             catch (SocketException)
    685. 

  685.             {
    686. 

  686.             }
    687. 

  687.             catch (ObjectDisposedException)
    688. 

  688.             {
    689. 

  689.             }
    690. 

  690.         }
    691. 

  691.     }
    692. 

  692. }
    693.