mirror of
https://github.com/TalAloni/SMBLibrary.git
synced 2025-04-30 10:47:48 +02:00
store AuthenticationContext and AccessToken in SecurityContext
This commit is contained in:
Tal Aloni
parent
a84226abb9
commit
0764237260
7 changed files with 25 additions and 18 deletions
|
|
@ -52,20 +52,20 @@ namespace SMBLibrary.Server
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
public SMB1Session CreateSession(ushort userID, string userName, string machineName)
|
public SMB1Session CreateSession(ushort userID, string userName, string machineName, object accessToken)
|
||||||
{
|
{
|
||||||
SMB1Session session = new SMB1Session(this, userID, userName, machineName);
|
SMB1Session session = new SMB1Session(this, userID, userName, machineName, accessToken);
|
||||||
m_sessions.Add(userID, session);
|
m_sessions.Add(userID, session);
|
||||||
return session;
|
return session;
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <returns>null if all UserID values have already been allocated</returns>
|
/// <returns>null if all UserID values have already been allocated</returns>
|
||||||
public SMB1Session CreateSession(string userName, string machineName)
|
public SMB1Session CreateSession(string userName, string machineName, object accessToken)
|
||||||
{
|
{
|
||||||
ushort? userID = AllocateUserID();
|
ushort? userID = AllocateUserID();
|
||||||
if (userID.HasValue)
|
if (userID.HasValue)
|
||||||
{
|
{
|
||||||
return CreateSession(userID.Value, userName, machineName);
|
return CreateSession(userID.Value, userName, machineName, accessToken);
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -29,11 +29,11 @@ namespace SMBLibrary.Server
|
||||||
private Dictionary<ushort, OpenSearch> m_openSearches = new Dictionary<ushort, OpenSearch>();
|
private Dictionary<ushort, OpenSearch> m_openSearches = new Dictionary<ushort, OpenSearch>();
|
||||||
private ushort m_nextSearchHandle = 1;
|
private ushort m_nextSearchHandle = 1;
|
||||||
|
|
||||||
public SMB1Session(SMB1ConnectionState connection, ushort userID, string userName, string machineName)
|
public SMB1Session(SMB1ConnectionState connection, ushort userID, string userName, string machineName, object accessToken)
|
||||||
{
|
{
|
||||||
m_connection = connection;
|
m_connection = connection;
|
||||||
m_userID = userID;
|
m_userID = userID;
|
||||||
m_securityContext = new SecurityContext(userName, machineName, connection.ClientEndPoint);
|
m_securityContext = new SecurityContext(userName, machineName, connection.ClientEndPoint, connection.AuthenticationContext, accessToken);
|
||||||
}
|
}
|
||||||
|
|
||||||
public ushort? AddConnectedTree(ISMBShare share)
|
public ushort? AddConnectedTree(ISMBShare share)
|
||||||
|
|
|
||||||
|
|
@ -44,9 +44,9 @@ namespace SMBLibrary.Server
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
public SMB2Session CreateSession(ulong sessionID, string userName, string machineName)
|
public SMB2Session CreateSession(ulong sessionID, string userName, string machineName, object accessToken)
|
||||||
{
|
{
|
||||||
SMB2Session session = new SMB2Session(this, sessionID, userName, machineName);
|
SMB2Session session = new SMB2Session(this, sessionID, userName, machineName, accessToken);
|
||||||
m_sessions.Add(sessionID, session);
|
m_sessions.Add(sessionID, session);
|
||||||
return session;
|
return session;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -28,11 +28,11 @@ namespace SMBLibrary.Server
|
||||||
// Key is the persistent portion of the FileID
|
// Key is the persistent portion of the FileID
|
||||||
private Dictionary<ulong, OpenSearch> m_openSearches = new Dictionary<ulong, OpenSearch>();
|
private Dictionary<ulong, OpenSearch> m_openSearches = new Dictionary<ulong, OpenSearch>();
|
||||||
|
|
||||||
public SMB2Session(SMB2ConnectionState connecton, ulong sessionID, string userName, string machineName)
|
public SMB2Session(SMB2ConnectionState connection, ulong sessionID, string userName, string machineName, object accessToken)
|
||||||
{
|
{
|
||||||
m_connection = connecton;
|
m_connection = connection;
|
||||||
m_sessionID = sessionID;
|
m_sessionID = sessionID;
|
||||||
m_securityContext = new SecurityContext(userName, machineName, connecton.ClientEndPoint);
|
m_securityContext = new SecurityContext(userName, machineName, connection.ClientEndPoint, connection.AuthenticationContext, accessToken);
|
||||||
}
|
}
|
||||||
|
|
||||||
private uint? AllocateTreeID()
|
private uint? AllocateTreeID()
|
||||||
|
|
|
||||||
|
|
@ -15,12 +15,16 @@ namespace SMBLibrary
|
||||||
private string m_userName;
|
private string m_userName;
|
||||||
private string m_machineName;
|
private string m_machineName;
|
||||||
private IPEndPoint m_clientEndPoint;
|
private IPEndPoint m_clientEndPoint;
|
||||||
|
public object AuthenticationContext;
|
||||||
|
public object AccessToken;
|
||||||
|
|
||||||
public SecurityContext(string userName, string machineName, IPEndPoint clientEndPoint)
|
public SecurityContext(string userName, string machineName, IPEndPoint clientEndPoint, object authenticationContext, object accessToken)
|
||||||
{
|
{
|
||||||
m_userName = userName;
|
m_userName = userName;
|
||||||
m_machineName = machineName;
|
m_machineName = machineName;
|
||||||
m_clientEndPoint = clientEndPoint;
|
m_clientEndPoint = clientEndPoint;
|
||||||
|
AuthenticationContext = authenticationContext;
|
||||||
|
AccessToken = accessToken;
|
||||||
}
|
}
|
||||||
|
|
||||||
public string UserName
|
public string UserName
|
||||||
|
|
|
||||||
|
|
@ -33,17 +33,18 @@ namespace SMBLibrary.Server.SMB1
|
||||||
return new ErrorResponse(request.CommandName);
|
return new ErrorResponse(request.CommandName);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
object accessToken = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.AccessToken);
|
||||||
bool? isGuest = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.IsGuest) as bool?;
|
bool? isGuest = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.IsGuest) as bool?;
|
||||||
SMB1Session session;
|
SMB1Session session;
|
||||||
if (!isGuest.HasValue || !isGuest.Value)
|
if (!isGuest.HasValue || !isGuest.Value)
|
||||||
{
|
{
|
||||||
state.LogToServer(Severity.Information, "User '{0}' authenticated successfully.", message.UserName);
|
state.LogToServer(Severity.Information, "User '{0}' authenticated successfully.", message.UserName);
|
||||||
session = state.CreateSession(message.UserName, message.WorkStation);
|
session = state.CreateSession(message.UserName, message.WorkStation, accessToken);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
state.LogToServer(Severity.Information, "User '{0}' failed authentication, logged in as guest.", message.UserName);
|
state.LogToServer(Severity.Information, "User '{0}' failed authentication, logged in as guest.", message.UserName);
|
||||||
session = state.CreateSession("Guest", message.WorkStation);
|
session = state.CreateSession("Guest", message.WorkStation, accessToken);
|
||||||
response.Action = SessionSetupAction.SetupGuest;
|
response.Action = SessionSetupAction.SetupGuest;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -109,16 +110,17 @@ namespace SMBLibrary.Server.SMB1
|
||||||
{
|
{
|
||||||
string userName = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.UserName) as string;
|
string userName = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.UserName) as string;
|
||||||
string machineName = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.MachineName) as string;
|
string machineName = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.MachineName) as string;
|
||||||
|
object accessToken = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.AccessToken);
|
||||||
bool? isGuest = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.IsGuest) as bool?;
|
bool? isGuest = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.IsGuest) as bool?;
|
||||||
if (!isGuest.HasValue || !isGuest.Value)
|
if (!isGuest.HasValue || !isGuest.Value)
|
||||||
{
|
{
|
||||||
state.LogToServer(Severity.Information, "User '{0}' authenticated successfully.", userName);
|
state.LogToServer(Severity.Information, "User '{0}' authenticated successfully.", userName);
|
||||||
state.CreateSession(header.UID, userName, machineName);
|
state.CreateSession(header.UID, userName, machineName, accessToken);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
state.LogToServer(Severity.Information, "User '{0}' failed authentication, logged in as guest.", userName);
|
state.LogToServer(Severity.Information, "User '{0}' failed authentication, logged in as guest.", userName);
|
||||||
state.CreateSession(header.UID, "Guest", machineName);
|
state.CreateSession(header.UID, "Guest", machineName, accessToken);
|
||||||
response.Action = SessionSetupAction.SetupGuest;
|
response.Action = SessionSetupAction.SetupGuest;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -55,16 +55,17 @@ namespace SMBLibrary.Server.SMB2
|
||||||
{
|
{
|
||||||
string userName = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.UserName) as string;
|
string userName = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.UserName) as string;
|
||||||
string machineName = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.MachineName) as string;
|
string machineName = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.MachineName) as string;
|
||||||
|
object accessToken = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.AccessToken);
|
||||||
bool? isGuest = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.IsGuest) as bool?;
|
bool? isGuest = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.IsGuest) as bool?;
|
||||||
if (!isGuest.HasValue || !isGuest.Value)
|
if (!isGuest.HasValue || !isGuest.Value)
|
||||||
{
|
{
|
||||||
state.LogToServer(Severity.Information, "User '{0}' authenticated successfully.", userName);
|
state.LogToServer(Severity.Information, "User '{0}' authenticated successfully.", userName);
|
||||||
state.CreateSession(request.Header.SessionID, userName, machineName);
|
state.CreateSession(request.Header.SessionID, userName, machineName, accessToken);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
state.LogToServer(Severity.Information, "User '{0}' failed authentication, logged in as guest.", userName);
|
state.LogToServer(Severity.Information, "User '{0}' failed authentication, logged in as guest.", userName);
|
||||||
state.CreateSession(request.Header.SessionID, "Guest", machineName);
|
state.CreateSession(request.Header.SessionID, "Guest", machineName, accessToken);
|
||||||
response.SessionFlags = SessionFlags.IsGuest;
|
response.SessionFlags = SessionFlags.IsGuest;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue