/// <summary>
/// Call to this method establishes a secure channel between protocol client and
/// protocol server and generates a session key, ehich is used for encryption of
/// request packets and decryption of response packets.
/// </summary>
private void EstablishSecureChannel()
{
nrpcClient = NrpcClient.CreateNrpcClient(sutDomainName);
ushort[] endPointList = NrpcUtility.QueryNrpcTcpEndpoint(serverName);
ushort endPoint = endPointList[0];
MachineAccountCredential machineCredential = new MachineAccountCredential(
sutDomainName,
clientComputerName,
clientComputerPassword);
nrpcClient.Context.NegotiateFlags = NrpcNegotiateFlags.SupportsAESAndSHA2
| NrpcNegotiateFlags.SupportsConcurrentRpcCalls
| NrpcNegotiateFlags.SupportsCrossForestTrusts
| NrpcNegotiateFlags.SupportsGenericPassThroughAuthentication
| NrpcNegotiateFlags.SupportsNetrLogonGetDomainInfo
| NrpcNegotiateFlags.SupportsNetrLogonSendToSam
| NrpcNegotiateFlags.SupportsNetrServerPasswordSet2
| NrpcNegotiateFlags.SupportsRC4
| NrpcNegotiateFlags.SupportsRefusePasswordChange
| NrpcNegotiateFlags.SupportsRodcPassThroughToDifferentDomains
| NrpcNegotiateFlags.SupportsSecureRpc
| NrpcNegotiateFlags.SupportsStrongKeys
| NrpcNegotiateFlags.SupportsTransitiveTrusts;
NrpcClientSecurityContext securityContext = new NrpcClientSecurityContext(
sutDomainName,
sutComputerName,
machineCredential,
true,
nrpcClient.Context.NegotiateFlags);
nrpcClient.BindOverTcp(serverName, endPoint, securityContext, timeout);
}
public void NRPC_Traditional05_VerifyOutOfSequenceMessage()
{
PlatformType platform;
HRESULT result = HRESULT.ERROR_SUCCESS;
Site.Log.Add(LogEntryKind.Comment, "Call GetPlatform");
nrpcServerAdapter.GetPlatform(out platform);
Site.Log.Add(LogEntryKind.Comment, "Return GetPlatform(out {0})", platform);
Site.Log.Add(LogEntryKind.Comment, "Call ConfigServer");
nrpcServerSutControlAdapter.ConfigServer(true, false);
Site.Log.Add(LogEntryKind.Comment, "Return ConfigServer");
NrpcServerAdapter adapter = new NrpcServerAdapter();
adapter.Initialize(Site);
using (this.nrpcClient = NrpcClient.CreateNrpcClient(adapter.PrimaryDomainDnsName))
{
this.nrpcClient.Context.NegotiateFlags = (NrpcNegotiateFlags)NrpcServerAdapter.NegotiateFlags;
MachineAccountCredential machineCredential = new MachineAccountCredential(
adapter.PrimaryDomainDnsName,
adapter.ENDPOINTNetbiosName,
adapter.ENDPOINTPassword);
NrpcClientSecurityContext secuContext = new NrpcClientSecurityContext(
adapter.PrimaryDomainDnsName,
adapter.PDCNetbiosName,
machineCredential,
true,
this.nrpcClient.Context.NegotiateFlags);
AccountCredential accountCredential = new AccountCredential(
adapter.PrimaryDomainDnsName,
adapter.DomainAdministratorName,
adapter.DomainUserPassword);
try
{
this.nrpcClient.BindOverNamedPipe(
adapter.PDCNetbiosName,
accountCredential,
secuContext,
adapter.timeOut);
}
catch (Exception e)
{
Site.Log.Add(LogEntryKind.Debug, "Failed to bind NamedPipe to " + adapter.PDCNetbiosName + "due to reason: " + e.Message);
Site.Assert.Fail("Failed on init NRPC client on transport NamedPipe");
}
this.nrpcClient.Context.SequenceNumber++;
_NETLOGON_LOGON_INFO_CLASS logonLevelInfoClass = _NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveInformation;
_NETLOGON_LEVEL logonLevel = this.nrpcClient.CreateNetlogonLevel(
logonLevelInfoClass,
NrpcParameterControlFlags.AllowLogonWithComputerAccount,
adapter.PrimaryDomainDnsName,
adapter.DomainAdministratorName,
adapter.DomainUserPassword);
// Client calls EncryptNetlogonLevel
_NETLOGON_LEVEL?encryptedLogonLevel = this.nrpcClient.EncryptNetlogonLevel(
logonLevelInfoClass,
logonLevel);
_NETLOGON_AUTHENTICATOR?serverAuthenticator = this.nrpcClient.CreateEmptyNetlogonAuthenticator();
_NETLOGON_AUTHENTICATOR?clientAuthenticator = this.nrpcClient.ComputeNetlogonAuthenticator();
_NETLOGON_VALIDATION? validationInfomation = null;
byte?authoritative = null;
try
{
result = (HRESULT)this.nrpcClient.NetrLogonSamLogon(
adapter.PDCNetbiosName,
adapter.ENDPOINTNetbiosName,
clientAuthenticator,
ref serverAuthenticator,
logonLevelInfoClass,
encryptedLogonLevel,
_NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo2,
out validationInfomation,
out authoritative);
}
catch (InvalidOperationException e)
{
result = (HRESULT)int.Parse(e.Message, CultureInfo.InvariantCulture);
}
// If the sequence number in security context is out of sequence, the server will return an error message.
Site.CaptureRequirementIfAreNotEqual <HRESULT>(
HRESULT.ERROR_SUCCESS,
result,
853,
@"[In Receiving an Initial Netlogon Signature Token, The following steps are
performed to verify the data and to decrypt with AES if negotiated, otherwise
RC4 if required: in step 7: ] If these two [SequenceNumber and CopySeqNumber ]
do not match, an error is returned indicating that out-of-sequence data was received.");
}
}
