File: //lib64/python2.7/smb/IWAConnection.py
import os, logging, select, socket, struct, errno
from smb_constants import *
from smb_structs import *
from smb2_structs import *
from base import SMB, NotConnectedError, NotReadyError, SMBTimeout
import ntlm, securityblob
class IWAConnection(SMB):
def __init__(self):
#SMB.__init__(self, '', '', '', '', '', True, SMB.SIGN_WHEN_REQUIRED, True)
SMB.__init__(self, 'dada', 'q', '', '10.17.45.43', '10.17.45.43', True, SMB.SIGN_WHEN_REQUIRED, True)
self.sock = None
self.is_busy = False
#
# Public Methods
#
def write(self, data):
assert self.sock
data_len = len(data)
total_sent = 0
while total_sent < data_len:
sent = self.sock.send(data[total_sent:])
if sent == 0:
raise NotConnectedError('Server disconnected')
total_sent = total_sent + sent
def connect(self, ip, port = 139, sock_family = socket.AF_INET, timeout = 60):
"""
Establish the SMB connection to the remote SMB/CIFS server.
You must call this method before attempting any of the file operations with the remote server.
This method will block until the SMB connection has attempted at least one authentication.
:return: A boolean value indicating the result of the authentication atttempt: True if authentication is successful; False, if otherwise.
"""
if self.sock:
self.sock.close()
self.auth_result = None
self.sock = socket.socket(sock_family)
self.sock.settimeout(timeout)
self.sock.connect(( ip, port ))
self.is_busy = True
return self.sock
def negotiate(self, ntlm_data, timeout = 60):
self.ntlm_data = ntlm_data
self.onNMBSessionOK()
self._pollForNetBIOSPacket(timeout)
self._pollForNetBIOSPacket(timeout)
result, ntlm_token = securityblob.decodeChallengeSecurityBlob(self.smb_message.payload.security_blob)
return ntlm_token
def session_setup(self, ntlm_data, timeout = 60):
self.ggwp(ntlm_data)
self._pollForNetBIOSPacket(timeout)
def close(self):
"""
Terminate the SMB connection (if it has been started) and release any sources held by the underlying socket.
"""
if self.sock:
self.sock.close()
self.sock = None
def _pollForNetBIOSPacket(self, timeout):
expiry_time = time.time() + timeout
read_len = 4
data = ''
while read_len > 0:
try:
if expiry_time < time.time():
raise SMBTimeout
ready, _, _ = select.select([ self.sock.fileno() ], [ ], [ ], timeout)
if not ready:
raise SMBTimeout
d = self.sock.recv(read_len)
if len(d) == 0:
raise NotConnectedError
data = data + d
read_len -= len(d)
except select.error, ex:
if isinstance(ex, types.TupleType):
if ex[0] != errno.EINTR and ex[0] != errno.EAGAIN:
raise ex
else:
raise ex
type_, flags, length = struct.unpack('>BBH', data)
if flags & 0x01:
length = length | 0x10000
read_len = length
while read_len > 0:
try:
if expiry_time < time.time():
raise SMBTimeout
ready, _, _ = select.select([ self.sock.fileno() ], [ ], [ ], timeout)
if not ready:
raise SMBTimeout
d = self.sock.recv(read_len)
if len(d) == 0:
raise NotConnectedError
data = data + d
read_len -= len(d)
except select.error, ex:
if isinstance(ex, types.TupleType):
if ex[0] != errno.EINTR and ex[0] != errno.EAGAIN:
raise ex
else:
raise ex
self.feedData(data)
def _handleNegotiateResponse_SMB2(self, message):
ntlm_data = self.ntlm_data
#ntlm_data = ntlm.generateNegotiateMessage()
blob = securityblob.generateNegotiateSecurityBlob(ntlm_data)
self._sendSMBMessage(SMB2Message(SMB2SessionSetupRequest(blob)))
def ggwp(self, ntlm_data):
if self.log.isEnabledFor(logging.DEBUG):
self.log.debug('NT challenge response is "%s" (%d bytes)', binascii.hexlify(nt_challenge_response), len(nt_challenge_response))
self.log.debug('LM challenge response is "%s" (%d bytes)', binascii.hexlify(lm_challenge_response), len(lm_challenge_response))
blob = securityblob.generateAuthSecurityBlob(ntlm_data)
self._sendSMBMessage(SMB2Message(SMB2SessionSetupRequest(blob)))
if self.security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED:
self.log.info('Server requires all SMB messages to be signed')
self.is_signing_active = (self.sign_options != SMB.SIGN_NEVER)
elif self.security_mode & SMB2_NEGOTIATE_SIGNING_ENABLED:
self.log.info('Server supports SMB signing')
self.is_signing_active = (self.sign_options == SMB.SIGN_WHEN_SUPPORTED)
else:
self.is_signing_active = False
if self.is_signing_active:
self.log.info("SMB signing activated. All SMB messages will be signed.")
self.signing_session_key = (ntlm_data[-16:] + '\0'*16)[:16]
if self.capabilities & CAP_EXTENDED_SECURITY:
self.signing_challenge_response = None
else:
self.signing_challenge_response = blob
else:
self.log.info("SMB signing deactivated. SMB messages will NOT be signed.")
def _handleNegotiateResponse_SMB1(self, message):
if message.uid and not self.uid:
self.uid = message.uid
if message.hasExtendedSecurity or message.payload.supportsExtendedSecurity:
ntlm_data = ntlm.generateNegotiateMessage()
blob = securityblob.generateNegotiateSecurityBlob(ntlm_data)
self._sendSMBMessage(SMBMessage(ComSessionSetupAndxRequest__WithSecurityExtension(message.payload.session_key, blob)))
def _handleSessionChallenge_SMB1(self, message, ntlm_token):
assert message.hasExtendedSecurity
if message.uid and not self.uid:
self.uid = message.uid
server_challenge, server_flags, server_info = ntlm.decodeChallengeMessage(ntlm_token)
if self.use_ntlm_v2:
self.log.info('Performing NTLMv2 authentication (with extended security) with server challenge "%s"', binascii.hexlify(server_challenge))
nt_challenge_response, lm_challenge_response, session_key = ntlm.generateChallengeResponseV2(self.password,
self.username,
server_challenge,
server_info,
self.domain)
else:
self.log.info('Performing NTLMv1 authentication (with extended security) with server challenge "%s"', binascii.hexlify(server_challenge))
nt_challenge_response, lm_challenge_response, session_key = ntlm.generateChallengeResponseV1(self.password, server_challenge, True)
ntlm_data = ntlm.generateAuthenticateMessage(server_flags,
nt_challenge_response,
lm_challenge_response,
session_key,
self.username,
self.domain,
self.my_name)
if self.log.isEnabledFor(logging.DEBUG):
self.log.debug('NT challenge response is "%s" (%d bytes)', binascii.hexlify(nt_challenge_response), len(nt_challenge_response))
self.log.debug('LM challenge response is "%s" (%d bytes)', binascii.hexlify(lm_challenge_response), len(lm_challenge_response))
blob = securityblob.generateAuthSecurityBlob(ntlm_data)
self._sendSMBMessage(SMBMessage(ComSessionSetupAndxRequest__WithSecurityExtension(0, blob)))
if self.security_mode & NEGOTIATE_SECURITY_SIGNATURES_REQUIRE:
self.log.info('Server requires all SMB messages to be signed')
self.is_signing_active = (self.sign_options != SMB.SIGN_NEVER)
elif self.security_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLE:
self.log.info('Server supports SMB signing')
self.is_signing_active = (self.sign_options == SMB.SIGN_WHEN_SUPPORTED)
else:
self.is_signing_active = False
if self.is_signing_active:
self.log.info("SMB signing activated. All SMB messages will be signed.")
self.signing_session_key = session_key
if self.capabilities & CAP_EXTENDED_SECURITY:
self.signing_challenge_response = None
else:
self.signing_challenge_response = blob
else:
self.log.info("SMB signing deactivated. SMB messages will NOT be signed.")