public override void ReadBody(NdrBinaryStream stream) { ClaimSource = (ClaimSourceType)stream.ReadInt(); Count = stream.ReadUnsignedInt(); var claims = new List <ClaimEntry>(); stream.Seek(4); var count = stream.ReadInt(); if (Count != count) { throw new InvalidDataException($"Claims count {Count} doesn't match actual count {count}"); } for (var i = 0; i < Count; i++) { var claim = new ClaimEntry(); claim.ReadBody(stream); claims.Add(claim); } foreach (var entry in claims) { entry.ReadValue(stream); } ClaimEntries = claims; }
private static IEnumerable <SecurityIdentifier> ParseAttributes(NdrBinaryStream Stream, int count, int pointer) { var attributes = new List <SecurityIdentifier>(); if (pointer == 0) { return(attributes); } int realCount = Stream.ReadInt(); if (realCount != count) { throw new InvalidDataException($"Expected count {count} doesn't match actual count {realCount}"); } for (int i = 0; i < count; i++) { Stream.Align(4); var sid = Stream.ReadRid(); attributes.Add(new SecurityIdentifier(sid, (SidAttributes)Stream.ReadInt())); } return(attributes); }
public override void ReadBody(NdrBinaryStream stream) { Count = stream.ReadInt(); stream.Seek(4); ReservedType = stream.ReadShort(); ReservedFieldSize = stream.ReadInt(); ReservedField = stream.Read(ReservedFieldSize); stream.Align(8); ClaimsArray = ReadClaimsArray(stream); }
private static SecurityIdentifier[] ParseExtraSids(NdrBinaryStream Stream, int extraSidCount, int extraSidPointer) { if (extraSidPointer == 0) { return(new SecurityIdentifier[0]); } int realExtraSidCount = Stream.ReadInt(); if (realExtraSidCount != extraSidCount) { throw new InvalidDataException($"Expected Sid count {extraSidCount} doesn't match actual sid count {realExtraSidCount}"); } var extraSidAtts = new SecurityIdentifier[extraSidCount]; var pointers = new int[extraSidCount]; var attributes = new SidAttributes[extraSidCount]; for (int i = 0; i < extraSidCount; i++) { pointers[i] = Stream.ReadInt(); attributes[i] = (SidAttributes)Stream.ReadUnsignedInt(); } for (int i = 0; i < extraSidCount; i++) { SecurityIdentifier sid = null; if (pointers[i] != 0) { sid = new SecurityIdentifier(Stream.ReadSid(), attributes[i]); } extraSidAtts[i] = sid; } return(extraSidAtts); }
internal void ReadValue(NdrBinaryStream stream) { Id = stream.ReadString(); stream.Align(4); var count = stream.ReadInt(); if (count != Count) { throw new InvalidDataException($"ValueCount {Count} doesn't match actual count {count} for claim {Id}."); } ReadValues(stream); }
private IEnumerable <ClaimsArray> ReadClaimsArray(NdrBinaryStream stream) { var count = stream.ReadInt(); if (count != Count) { throw new InvalidDataException($"Array count {Count} doesn't match actual count {count}"); } var claims = new List <ClaimsArray>(); for (var i = 0; i < Count; i++) { var array = new ClaimsArray(); array.ReadBody(stream); claims.Add(array); } return(claims); }
private void ReadValues(NdrBinaryStream stream) { if (Type == ClaimType.CLAIM_TYPE_STRING) { var pointers = new int[Count]; for (var i = 0; i < Count; i++) { pointers[i] = stream.ReadInt(); } } values = new object[Count]; for (var i = 0; i < Count; i++) { switch (Type) { case ClaimType.CLAIM_TYPE_BOOLEAN: values[i] = Convert.ToBoolean(stream.ReadLong()); break; case ClaimType.CLAIM_TYPE_INT64: values[i] = stream.ReadLong(); break; case ClaimType.CLAIM_TYPE_UINT64: values[i] = (ulong)stream.ReadLong(); break; case ClaimType.CLAIM_TYPE_STRING: values[i] = stream.ReadString(); break; } } }
public override void ReadBody(NdrBinaryStream stream) { LogonTime = stream.ReadFiletime(); LogoffTime = stream.ReadFiletime(); KickOffTime = stream.ReadFiletime(); PwdLastChangeTime = stream.ReadFiletime(); PwdCanChangeTime = stream.ReadFiletime(); PwdMustChangeTime = stream.ReadFiletime(); var userName = stream.ReadRPCUnicodeString(); var userDisplayName = stream.ReadRPCUnicodeString(); var logonScript = stream.ReadRPCUnicodeString(); var profilePath = stream.ReadRPCUnicodeString(); var homeDirectory = stream.ReadRPCUnicodeString(); var homeDrive = stream.ReadRPCUnicodeString(); LogonCount = stream.ReadShort(); BadPasswordCount = stream.ReadShort(); var userSid = stream.ReadRid(); var groupSid = stream.ReadRid(); // Groups information var groupCount = stream.ReadInt(); var groupPointer = stream.ReadInt(); UserFlags = (UserFlags)stream.ReadInt(); // sessionKey stream.Read(new byte[16]); var serverNameString = stream.ReadRPCUnicodeString(); var domainNameString = stream.ReadRPCUnicodeString(); var domainIdPointer = stream.ReadInt(); // reserved1 stream.Read(new byte[8]); UserAccountControl = (UserAccountControlFlags)stream.ReadInt(); SubAuthStatus = stream.ReadInt(); LastSuccessfulILogon = stream.ReadFiletime(); LastFailedILogon = stream.ReadFiletime(); FailedILogonCount = stream.ReadInt(); // reserved3 stream.ReadInt(); // Extra SIDs information var extraSidCount = stream.ReadInt(); var extraSidPointer = stream.ReadInt(); var resourceDomainIdPointer = stream.ReadInt(); var resourceGroupCount = stream.ReadInt(); var resourceGroupPointer = stream.ReadInt(); UserName = userName.ReadString(stream); UserDisplayName = userDisplayName.ReadString(stream); LogonScript = logonScript.ReadString(stream); ProfilePath = profilePath.ReadString(stream); HomeDirectory = homeDirectory.ReadString(stream); HomeDrive = homeDrive.ReadString(stream); // Groups data var groupSids = ParseAttributes(stream, groupCount, groupPointer); // Server related strings ServerName = serverNameString.ReadString(stream); DomainName = domainNameString.ReadString(stream); if (domainIdPointer != 0) { DomainSid = stream.ReadSid(); } UserSid = userSid.AppendTo(DomainSid); GroupSid = groupSid.AppendTo(DomainSid); GroupSids = groupSids.Select(g => g.AppendTo(DomainSid)).ToList(); if (UserFlags.HasFlag(UserFlags.LOGON_EXTRA_SIDS)) { ExtraSids = ParseExtraSids(stream, extraSidCount, extraSidPointer).ToList(); } if (resourceDomainIdPointer != 0) { ResourceDomainSid = stream.ReadSid(); } if (UserFlags.HasFlag(UserFlags.LOGON_RESOURCE_GROUPS)) { ResourceGroups = ParseAttributes( stream, resourceGroupCount, resourceGroupPointer ).Select(g => g.AppendTo(ResourceDomainSid)).ToList(); } }