public static bool RequestCommand(SslStream sslStream, String command_requested, String nonce)
{
byte[] message = Encoding.UTF8.GetBytes(command_requested + ";" + Environment.UserName + ";" + nonce + "<EOF>");
// Send command request
sslStream.Write(message);
sslStream.Flush();
// Read response from the server.
string serverResponseCommand = ReadMessage(sslStream).Replace("<EOF>", "");
switch (serverResponseCommand)
{
case "Unauthorized":
Console.WriteLine("Unauthorized command for this user or bad authentication.");
CloseConnection(client);
return(false);
case "Password":
Console.WriteLine("Command needs administrator password.");
CloseConnection(client);
RunPowershell.RunAsAdmin(command_requested);
return(false);
case "OK":
return(true);
default:
CloseConnection(client);
return(false);
}
}
private static bool IsGroupExist(String groupName)
{
List <String> isGroupExist = RunPowershell.RunCommand("(Get-LocalGroup -Name \"" + groupName + "\").Name", false);
if (isGroupExist[0] == groupName)
{
return(true);
}
else
{
return(false);
}
}
private static bool IsGroupMember(String username, String groupName)
{
List <String> isGroupMember = RunPowershell.RunCommand("(Get-LocalGroupMember -Group \"" + groupName + "\" -Member \"" + username + "\").Name", false);
if (isGroupMember.Count > 0 && isGroupMember[0].Split("\\").Length > 1 && isGroupMember[0].Split("\\")[1] == username)
{
return(true);
}
else
{
return(false);
}
}
private static List <String> GetListUsers()
{
List <String> listUser = RunPowershell.RunCommand("Get-LocalUser", true);
List <String> users = new List <String>();
foreach (String line in listUser)
{
if (line.Split(";").Length == 14 && line.Split(";")[10].Replace("\"", "") != "Name")
{
users.Add(line.Split(";")[10].Replace("\"", ""));
}
}
return(users);
}
private static void RunMain()
{
while (true)
{
// start listening
while (true)
{
TcpListener listener = SslTcpServer.RunServer();
TcpClient client = listener.AcceptTcpClient();
SslStream sslStream = SslTcpServer.ProcessClient(client);
// get nonce request from client
String clientUsername = SslTcpServer.GetNonceRequest(sslStream);
// verify nonce request
if (clientUsername == null)
{
SslTcpServer.AnswerNonceRequest(sslStream, "Error during nonce sending");
client.Close();
listener.Stop();
break;
}
// verify username
if (!GetUserInfo.IsUserSystemMember(clientUsername))
{
SslTcpServer.AnswerNonceRequest(sslStream, "Error during nonce sending");
client.Close();
listener.Stop();
break;
}
String clientNonce = Security.SendNonce(clientUsername);
// answer nonce request
if (clientNonce != null)
{
SslTcpServer.AnswerNonceRequest(sslStream, "Nonce send");
}
// wait for command request
String[] clientCommandRequest = SslTcpServer.GetCommandRequest(sslStream);
// verify command request
if (clientCommandRequest == null)
{
SslTcpServer.AnswerCommandRequest(sslStream, "Error during command execution");
client.Close();
listener.Stop();
break;
}
String clientCommand = clientCommandRequest[0];
String clientUsernameCommand = clientCommandRequest[1];
String clientNonceCommand = clientCommandRequest[2];
// verify username
if (clientUsernameCommand != clientUsername || !GetUserInfo.IsUserSystemMember(clientUsernameCommand))
{
SslTcpServer.AnswerCommandRequest(sslStream, "Unauthorized");
client.Close();
listener.Stop();
break;
}
// verify nonce
if (clientNonceCommand != clientNonce)
{
SslTcpServer.AnswerCommandRequest(sslStream, "Unauthorized");
client.Close();
listener.Stop();
break;
}
// verify access to command
int retAuth = GetAuthorization.IsUserGranted(clientUsernameCommand, clientCommand);
if (retAuth == 2)
{
SslTcpServer.AnswerCommandRequest(sslStream, "Unauthorized");
client.Close();
listener.Stop();
break;
}
else if (retAuth == 1)
{
SslTcpServer.AnswerCommandRequest(sslStream, "Password");
client.Close();
listener.Stop();
break;
}
// answer command request
SslTcpServer.AnswerCommandRequest(sslStream, "OK");
String commandResult = RunPowershell.RunSudoersCommand(clientCommand);
// send command result
SslTcpServer.SendCommandResult(sslStream, commandResult);
client.Close();
listener.Stop();
}
}
}
