/// <summary>
        /// Creates a BindRequest with simple bind.
        /// </summary>
        /// <param name="context">The user context which contains message ID.</param>
        /// <param name="name">
        /// The name field of BindRequest, see TD Section 5.1.1.1.1 for full list of legal names.
        /// </param>
        /// <param name="password">The password credential of the object.</param>
        /// <returns>The packet that contains the request.</returns>
        internal override AdtsBindRequestPacket CreateSimpleBindRequest(
            AdtsLdapContext context,
            string name,
            string password)
        {
            AuthenticationChoice authentication = new AuthenticationChoice();
            authentication.SetData(AuthenticationChoice.simple, new Asn1OctetString(password ?? string.Empty));

            BindRequest bindRequest = new BindRequest(
                new Asn1Integer((long)version),
                new LDAPDN(name ?? string.Empty),
                authentication);

            return CreateBindRequestPacket(context, bindRequest);
        }
        /// <summary>
        /// Creates a BindRequestPacket with context and BindRequest.
        /// </summary>
        /// <param name="context">The context.</param>
        /// <param name="bindRequest">The BindRequest message.</param>
        /// <returns>The BindRequestPacket.</returns>
        private AdtsBindRequestPacket CreateBindRequestPacket(
            AdtsLdapContext context,
            BindRequest bindRequest)
        {
            LDAPMessage_protocolOp operation = new LDAPMessage_protocolOp();
            operation.SetData(LDAPMessage_protocolOp.bindRequest, bindRequest);

            MessageID messageId = new MessageID(context.MessageId);
            LDAPMessage message = new LDAPMessage(messageId, operation, null);

            AdtsBindRequestPacket packet = new AdtsBindRequestPacket();
            packet.ldapMessagev3 = message;
            packet.messageId = context.MessageId;

            return packet;
        }
        /// <summary>
        /// Creates a BindRequest with simple bind for Active Directory Domain Services(AD DS).
        /// </summary>
        /// <param name="context">The user context which contains message ID.</param>
        /// <param name="username">User name which doesn't include domain prefix.</param>
        /// <param name="password">Password of user.</param>
        /// <param name="domainNetbiosName">NetBIOS domain name(with suffix like ".com" removed).</param>
        /// <returns>The packet that contains the request.</returns>
        /// <exception cref="ArgumentNullException">Thrown when username is null.</exception>
        internal override AdtsBindRequestPacket CreateSimpleBindRequest(
            AdtsLdapContext context,
            string username,
            string password,
            string domainNetbiosName)
        {
            if (username == null)
            {
                throw new ArgumentNullException("username");
            }

            AuthenticationChoice authentication = new AuthenticationChoice();
            authentication.SetData(AuthenticationChoice.simple, new Asn1OctetString(password ?? string.Empty));

            string fullname = (domainNetbiosName != null) ? (domainNetbiosName + "\\" + username) : username;
            BindRequest bindRequest = new BindRequest(
                new Asn1Integer((long)version),
                new LDAPDN(fullname),
                authentication);

            return CreateBindRequestPacket(context, bindRequest);
        }
        /// <summary>
        /// Creates a sicily response BindRequest packet. Usually it's the last packet of authentication during
        /// the bind process.
        /// </summary>
        /// <param name="context">The user context which contains message ID.</param>
        /// <param name="credential">The credential to be sent, it can be calculated with SSPI.</param>
        /// <returns>The packet that contains the request.</returns>
        internal override AdtsBindRequestPacket CreateSicilyResponseBindRequest(
            AdtsLdapContext context,
            byte[] credential)
        {
            AuthenticationChoice authentication = new AuthenticationChoice();
            authentication.SetData(AuthenticationChoice.sicilyResponse, new Asn1OctetString(credential ?? (new byte[0])));

            BindRequest bindRequest = new BindRequest(
                new Asn1Integer((long)version),
                new LDAPDN(new byte[0]),
                authentication);

            return CreateBindRequestPacket(context, bindRequest);
        }
        /// <summary>
        /// Creates a sicily package discovery BindRequest packet.
        /// </summary>
        /// <param name="context">The user context which contains message ID.</param>
        /// <returns>The sicily package discovery BindRequest.</returns>
        internal override AdtsBindRequestPacket CreateSicilyPackageDiscoveryBindRequest(AdtsLdapContext context)
        {
            AuthenticationChoice authentication = new AuthenticationChoice();
            authentication.SetData(AuthenticationChoice.sicilyPackageDiscovery, new Asn1OctetString(string.Empty));

            BindRequest bindRequest = new BindRequest(
                new Asn1Integer((long)version),
                new LDAPDN(new byte[0]),    // For Sicily package discovery, DN is not required.
                authentication);

            return CreateBindRequestPacket(context, bindRequest);
        }
        /// <summary>
        /// Creates a BindRequest with SASL bind. This method is for LDAP v3 only.
        /// Note that for GSS-SPNEGO with NTLM, two rounds of bind requests is required.
        /// </summary>
        /// <param name="context">The user context which contains message ID.</param>
        /// <param name="mechanism">Authentication mechanism used, e.g., GSS-SPNEGO, etc.</param>
        /// <param name="credential">The credential to be sent, it can be calculated with SSPI.</param>
        /// <returns>The packet that contains the request.</returns>
        internal override AdtsBindRequestPacket CreateSaslBindRequest(
            AdtsLdapContext context,
            string mechanism,
            byte[] credential)
        {
            AuthenticationChoice authentication = new AuthenticationChoice();
            authentication.SetData(
                AuthenticationChoice.sasl,
                new SaslCredentials(
                    new LDAPString(mechanism ?? string.Empty),
                    new Asn1OctetString(credential ?? (new byte[0]))));

            BindRequest bindRequest = new BindRequest(
                new Asn1Integer((long)version),
                new LDAPDN(new byte[0]),    // For SASL, DN is not required.
                authentication);

            return CreateBindRequestPacket(context, bindRequest);
        }
Beispiel #7
0
        /// <summary>
        /// This method encapsulates LdapV2Decoder and LdapV3Decoder because the incoming packets may be
        /// LDAP v2 or v3 packets, the decoding may require both decoders if the LDAP version that client uses
        /// is not clear.
        /// </summary>
        /// <param name="endPoint">The end point of the client.</param>
        /// <param name="messageBytes">The message bytes that contains the packet data.</param>
        /// <param name="consumedLength">Consumed length.</param>
        /// <param name="expectedLength">
        /// Indicates expected length if the message bytes doesn't all packet data.
        /// </param>
        /// <returns>Decoded packets.</returns>
        internal override StackPacket[] DecodeLdapPacketCallBack(
            object endPoint,
            byte[] messageBytes,
            out int consumedLength,
            out int expectedLength)
        {
            // Get packet data, start decoding.
            IPEndPoint      remote  = (IPEndPoint)endPoint;
            AdtsLdapContext context = GetContext(remote, this.server.IsTcp);

            byte[] data = messageBytes;

            // decode messageBytes if needed
            if (context != null && messageBytes != null)
            {
                // if security is not init, and the package is SslHandshake, init security.
                if (context.Security == null)
                {
                    AdtsLdapSslTlsSecurityHeader header = new AdtsLdapSslTlsSecurityHeader();
                    header.FromBytes(messageBytes);

                    if (header.IsSslHandShake)
                    {
                        this.server.SslStartup(context);
                    }
                }

                // decode messageBytes with security.
                if (context.Security != null)
                {
                    data = this.server.Decrypt(context, messageBytes);
                }
            }

            byte[] packetData = this.GetSinglePacketData(data, out consumedLength, out expectedLength);

            // add the comsumed length of security decorder
            if (context != null && context.Security != null && context.Security.ConsumedData)
            {
                consumedLength = context.Security.ConsumedLength;
            }

            if (packetData == null)
            {
                return(null);
            }

            // New connection. Try both LDAP v2 and v3 decoders. Note that for requests that don't have version
            // context(e.g., UDP search requests), LDAP v3 is used by default.
            AdtsLdapPacket packet = null;

            if (context == null)
            {
                context = new AdtsLdapContext(AdtsLdapVersion.V3, remote);
                packet  = this.decoderv3.ParseAdtsLdapPacket(
                    this.decoderv3.AuthenticateMessage(packetData),
                    context);
                // synchronize the message ID with newly received packet.
                context.MessageId = packet.messageId;

                // Check BindRequestPacket, normally it's the first message from client in which
                // contains the LDAP version. And since LDAP v3 decoder can decode LDAP v2 messages
                // without any exception, we need to check into the 'version' variable in the request.
                AdtsBindRequestPacket bindRequestPacket = packet as AdtsBindRequestPacket;
                if (bindRequestPacket != null)
                {
                    LdapV3.BindRequest bindRequest =
                        (LdapV3.BindRequest)bindRequestPacket.GetInnerRequestOrResponse();
                    // Version doesn't match. Decode again with LDAP v2 decoder and update context version.
                    if ((AdtsLdapVersion)bindRequest.version.Value == AdtsLdapVersion.V2)
                    {
                        packet = this.decoderv2.ParseAdtsLdapPacket(
                            this.decoderv2.AuthenticateMessage(packetData),
                            context);
                        context.ClientVersion = context.ServerVersion = AdtsLdapVersion.V2;
                    }
                }

                // Add context.
                this.server.ContextManager.AddContext(context, this.server.IsTcp);
            }
            else
            {
                if (context.ClientVersion == AdtsLdapVersion.V2)
                {
                    packet = this.decoderv2.ParseAdtsLdapPacket(
                        this.decoderv2.AuthenticateMessage(packetData),
                        context);
                }
                else
                {
                    packet = this.decoderv3.ParseAdtsLdapPacket(
                        this.decoderv3.AuthenticateMessage(packetData),
                        context);
                }
                // synchronize the message ID with newly received packet.
                context.MessageId = packet.messageId;
            }

            return(new StackPacket[] { packet });
        }