/// <summary> /// Handler for pre-login request /// </summary> public override TDSMessageCollection OnPreLoginRequest(ITDSServerSession session, TDSMessage request) { // Delegate to the base class TDSMessageCollection response = base.OnPreLoginRequest(session, request); // Check if arguments are of the routing server if (Arguments is RoutingTDSServerArguments) { // Cast to routing server arguments RoutingTDSServerArguments serverArguments = Arguments as RoutingTDSServerArguments; // Check if routing is configured during login if (serverArguments.RouteOnPacket == TDSMessageType.TDS7Login) { // Check if pre-login response is contained inside the first message if (response.Count > 0 && response[0].Any(t => t is TDSPreLoginToken)) { // Find the first prelogin token TDSPreLoginToken preLoginResponse = (TDSPreLoginToken)response[0].Where(t => t is TDSPreLoginToken).First(); // Inflate pre-login request from the message TDSPreLoginToken preLoginRequest = request[0] as TDSPreLoginToken; // Update MARS with the requested value preLoginResponse.IsMARS = preLoginRequest.IsMARS; } } } return response; }
/// <summary> /// Handler for login request /// </summary> public override TDSMessageCollection OnLogin7Request(ITDSServerSession session, TDSMessage request) { // Inflate login7 request from the message TDSLogin7Token loginRequest = request[0] as TDSLogin7Token; // Check if arguments are of the routing server if (Arguments is RoutingTDSServerArguments) { // Cast to routing server arguments RoutingTDSServerArguments ServerArguments = Arguments as RoutingTDSServerArguments; // Check filter if (ServerArguments.RequireReadOnly && (loginRequest.TypeFlags.ReadOnlyIntent != TDSLogin7TypeFlagsReadOnlyIntent.ReadOnly)) { // Log request TDSUtilities.Log(Arguments.Log, "Request", loginRequest); // Prepare ERROR token with the denial details TDSErrorToken errorToken = new TDSErrorToken(18456, 1, 14, "Received application intent: " + loginRequest.TypeFlags.ReadOnlyIntent.ToString(), Arguments.ServerName); // Log response TDSUtilities.Log(Arguments.Log, "Response", errorToken); // Serialize the error token into the response packet TDSMessage responseMessage = new TDSMessage(TDSMessageType.Response, errorToken); // Prepare ERROR token for the final decision errorToken = new TDSErrorToken(18456, 1, 14, "Read-Only application intent is required for routing", Arguments.ServerName); // Log response TDSUtilities.Log(Arguments.Log, "Response", errorToken); // Serialize the error token into the response packet responseMessage.Add(errorToken); // Create DONE token TDSDoneToken doneToken = new TDSDoneToken(TDSDoneTokenStatusType.Final | TDSDoneTokenStatusType.Error); // Log response TDSUtilities.Log(Arguments.Log, "Response", doneToken); // Serialize DONE token into the response packet responseMessage.Add(doneToken); // Return a single message in the collection return new TDSMessageCollection(responseMessage); } } // Delegate to the base class return base.OnLogin7Request(session, request); }
/// <summary> /// Handler for login request /// </summary> public override TDSMessageCollection OnLogin7Request(ITDSServerSession session, TDSMessage request) { // Get the collection from the normal behavior On Login7 Request TDSMessageCollection login7Collection = base.OnLogin7Request(session, request); // Check if arguments are of the Federated Authentication server if (Arguments is FederatedAuthenticationNegativeTDSServerArguments) { // Cast to federated authentication server arguments FederatedAuthenticationNegativeTDSServerArguments ServerArguments = Arguments as FederatedAuthenticationNegativeTDSServerArguments; // Get the Federated Authentication ExtAck from Login 7 TDSFeatureExtAckFederatedAuthenticationOption fedAutExtAct = GetFeatureExtAckFederatedAuthenticationOptionFromLogin7(login7Collection); // If not found, return the base collection intact if (fedAutExtAct != null) { switch (ServerArguments.Scenario) { case FederatedAuthenticationNegativeTDSScenarioType.NonceMissingInFedAuthFEATUREXTACK: { // Delete the nonce from the Token fedAutExtAct.ClientNonce = null; break; } case FederatedAuthenticationNegativeTDSScenarioType.FedAuthMissingInFEATUREEXTACK: { // Remove the Fed Auth Ext Ack from the options list in the FeatureExtAckToken GetFeatureExtAckTokenFromLogin7(login7Collection).Options.Remove(fedAutExtAct); break; } case FederatedAuthenticationNegativeTDSScenarioType.SignatureMissingInFedAuthFEATUREXTACK: { // Delete the signature from the Token fedAutExtAct.Signature = null; break; } } } } // Return the collection return login7Collection; }
/// <summary> /// Handler for login request /// </summary> public override TDSMessageCollection OnPreLoginRequest(ITDSServerSession session, TDSMessage request) { // Get the collection from a valid On PreLogin Request TDSMessageCollection preLoginCollection = base.OnPreLoginRequest(session, request); // Check if arguments are of the Federated Authentication server if (Arguments is FederatedAuthenticationNegativeTDSServerArguments) { // Cast to federated authentication server arguments FederatedAuthenticationNegativeTDSServerArguments ServerArguments = Arguments as FederatedAuthenticationNegativeTDSServerArguments; // Find the is token carrying on TDSPreLoginToken TDSPreLoginToken preLoginToken = preLoginCollection.Find(message => message.Exists(packetToken => packetToken is TDSPreLoginToken)). Find(packetToken => packetToken is TDSPreLoginToken) as TDSPreLoginToken; switch (ServerArguments.Scenario) { case FederatedAuthenticationNegativeTDSScenarioType.NonceMissingInFedAuthPreLogin: { // If we have the prelogin token if (preLoginToken != null && preLoginToken.Nonce != null) { // Nullify the nonce from the Token preLoginToken.Nonce = null; } break; } case FederatedAuthenticationNegativeTDSScenarioType.InvalidB_FEDAUTHREQUIREDResponse: { // If we have the prelogin token if (preLoginToken != null) { // Set an illegal value for B_FEDAUTHREQURED preLoginToken.FedAuthRequired = TdsPreLoginFedAuthRequiredOption.Illegal; } break; } } } // Return the collection return preLoginCollection; }
public virtual TDSMessageCollection OnFederatedAuthenticationTokenMessage(ITDSServerSession session, TDSMessage message) { // Get the FedAuthToken TDSFedAuthToken fedauthToken = message[0] as TDSFedAuthToken; // Log TDSUtilities.Log(Arguments.Log, "Request", fedauthToken); return OnFederatedAuthenticationCompleted(session, fedauthToken.Token); }
/// <summary> /// Handler for login request /// </summary> public override TDSMessageCollection OnLogin7Request(ITDSServerSession session, TDSMessage request) { // Get the collection from the normal behavior On Login7 Request TDSMessageCollection login7Collection = base.OnLogin7Request(session, request); // Check if arguments are of the Federated Authentication server if (Arguments is FederatedAuthenticationNegativeTDSServerArguments) { // Cast to federated authentication server arguments FederatedAuthenticationNegativeTDSServerArguments ServerArguments = Arguments as FederatedAuthenticationNegativeTDSServerArguments; // Get the Federated Authentication ExtAck from Login 7 TDSFeatureExtAckFederatedAuthenticationOption fedAutExtAct = GetFeatureExtAckFederatedAuthenticationOptionFromLogin7(login7Collection); // If not found, return the base collection intact if (fedAutExtAct != null) { switch (ServerArguments.Scenario) { case FederatedAuthenticationNegativeTDSScenarioType.NonceMissingInFedAuthFEATUREXTACK: { // Delete the nonce from the Token fedAutExtAct.ClientNonce = null; break; } case FederatedAuthenticationNegativeTDSScenarioType.FedAuthMissingInFEATUREEXTACK: { // Remove the Fed Auth Ext Ack from the options list in the FeatureExtAckToken GetFeatureExtAckTokenFromLogin7(login7Collection).Options.Remove(fedAutExtAct); break; } case FederatedAuthenticationNegativeTDSScenarioType.SignatureMissingInFedAuthFEATUREXTACK: { // Delete the signature from the Token fedAutExtAct.Signature = null; break; } } } } // Return the collection return(login7Collection); }
/// <summary> /// Read data from TDS server /// </summary> /// <returns></returns> private TDSMessage _ReadResponse() { // Prepare response container TDSMessage responseMessage = new TDSMessage(); // Loop as long as it takes to receive the entire message while (!responseMessage.InflateServerResponse(Client.State, Transport)) { // Switch context to avoid CPU overloading System.Threading.Thread.Sleep(1); } // Log event Log("Recieved a response to \"{0}\"", Client.State); // Return what we inflated return responseMessage; }
/// <summary> /// Handler for login request /// </summary> public override TDSMessageCollection OnLogin7Request(ITDSServerSession session, TDSMessage request) { // Inflate login7 request from the message TDSLogin7Token loginRequest = request[0] as TDSLogin7Token; // Check if arguments are of the authenticating TDS server if (Arguments is AuthenticatingTDSServerArguments) { // Cast to authenticating TDS server arguments AuthenticatingTDSServerArguments ServerArguments = Arguments as AuthenticatingTDSServerArguments; // Check if we're still processing normal login if (ServerArguments.ApplicationIntentFilter != ApplicationIntentFilterType.All) { // Check filter if ((ServerArguments.ApplicationIntentFilter == ApplicationIntentFilterType.ReadOnly && loginRequest.TypeFlags.ReadOnlyIntent != TDSLogin7TypeFlagsReadOnlyIntent.ReadOnly) || (ServerArguments.ApplicationIntentFilter == ApplicationIntentFilterType.None)) { // Log request to which we're about to send a failure TDSUtilities.Log(Arguments.Log, "Request", loginRequest); // Prepare ERROR token with the denial details TDSErrorToken errorToken = new TDSErrorToken(18456, 1, 14, "Received application intent: " + loginRequest.TypeFlags.ReadOnlyIntent.ToString(), Arguments.ServerName); // Log response TDSUtilities.Log(Arguments.Log, "Response", errorToken); // Serialize the error token into the response packet TDSMessage responseMessage = new TDSMessage(TDSMessageType.Response, errorToken); // Prepare ERROR token for the final decision errorToken = new TDSErrorToken(18456, 1, 14, "Connection is denied by application intent filter", Arguments.ServerName); // Log response TDSUtilities.Log(Arguments.Log, "Response", errorToken); // Serialize the error token into the response packet responseMessage.Add(errorToken); // Create DONE token TDSDoneToken doneToken = new TDSDoneToken(TDSDoneTokenStatusType.Final | TDSDoneTokenStatusType.Error); // Log response TDSUtilities.Log(Arguments.Log, "Response", doneToken); // Serialize DONE token into the response packet responseMessage.Add(doneToken); // Put a single message into the collection and return it return new TDSMessageCollection(responseMessage); } } // Check if we're still processing normal login and there's a filter to check if (ServerArguments.ServerNameFilterType != ServerNameFilterType.None) { // Check each algorithm if ((ServerArguments.ServerNameFilterType == ServerNameFilterType.Equals && string.Compare(ServerArguments.ServerNameFilter, loginRequest.ServerName, true) != 0) || (ServerArguments.ServerNameFilterType == ServerNameFilterType.StartsWith && !loginRequest.ServerName.StartsWith(ServerArguments.ServerNameFilter)) || (ServerArguments.ServerNameFilterType == ServerNameFilterType.EndsWith && !loginRequest.ServerName.EndsWith(ServerArguments.ServerNameFilter)) || (ServerArguments.ServerNameFilterType == ServerNameFilterType.Contains && !loginRequest.ServerName.Contains(ServerArguments.ServerNameFilter))) { // Log request to which we're about to send a failure TDSUtilities.Log(Arguments.Log, "Request", loginRequest); // Prepare ERROR token with the reason TDSErrorToken errorToken = new TDSErrorToken(18456, 1, 14, string.Format("Received server name \"{0}\", expected \"{1}\" using \"{2}\" algorithm", loginRequest.ServerName, ServerArguments.ServerNameFilter, ServerArguments.ServerNameFilterType), Arguments.ServerName); // Log response TDSUtilities.Log(Arguments.Log, "Response", errorToken); // Serialize the errorToken token into the response packet TDSMessage responseMessage = new TDSMessage(TDSMessageType.Response, errorToken); // Prepare ERROR token with the final errorToken errorToken = new TDSErrorToken(18456, 1, 14, "Connection is denied by server name filter", Arguments.ServerName); // Log response TDSUtilities.Log(Arguments.Log, "Response", errorToken); // Serialize the errorToken token into the response packet responseMessage.Add(errorToken); // Create DONE token TDSDoneToken doneToken = new TDSDoneToken(TDSDoneTokenStatusType.Final | TDSDoneTokenStatusType.Error); // Log response TDSUtilities.Log(Arguments.Log, "Response", doneToken); // Serialize DONE token into the response packet responseMessage.Add(doneToken); // Return only a single message with the collection return new TDSMessageCollection(responseMessage); } } // Check if packet size filter is applied if (ServerArguments.PacketSizeFilter != null) { // Check if requested packet size is the same as the filter specified if (loginRequest.PacketSize != ServerArguments.PacketSizeFilter.Value) { // Log request to which we're about to send a failure TDSUtilities.Log(Arguments.Log, "Request", loginRequest); // Prepare ERROR token with the reason TDSErrorToken errorToken = new TDSErrorToken(1919, 1, 14, string.Format("Received packet size \"{0}\", expected \"{1}\"", loginRequest.PacketSize, ServerArguments.PacketSizeFilter.Value), Arguments.ServerName); // Log response TDSUtilities.Log(Arguments.Log, "Response", errorToken); // Serialize the errorToken token into the response packet TDSMessage responseMessage = new TDSMessage(TDSMessageType.Response, errorToken); // Prepare ERROR token with the final errorToken errorToken = new TDSErrorToken(1919, 1, 14, "Connection is denied by packet size filter", Arguments.ServerName); // Log response TDSUtilities.Log(Arguments.Log, "Response", errorToken); // Serialize the errorToken token into the response packet responseMessage.Add(errorToken); // Create DONE token TDSDoneToken doneToken = new TDSDoneToken(TDSDoneTokenStatusType.Final | TDSDoneTokenStatusType.Error); // Log response TDSUtilities.Log(Arguments.Log, "Response", doneToken); // Serialize DONE token into the response packet responseMessage.Add(doneToken); // Return only a single message with the collection return new TDSMessageCollection(responseMessage); } } // If we have an application name filter if (ServerArguments.ApplicationNameFilter != null) { // If we are supposed to block this connection attempt if (loginRequest.ApplicationName.Equals(ServerArguments.ApplicationNameFilter, System.StringComparison.OrdinalIgnoreCase)) { // Log request to which we're about to send a failure TDSUtilities.Log(Arguments.Log, "Request", loginRequest); // Prepare ERROR token with the denial details TDSErrorToken errorToken = new TDSErrorToken(18456, 1, 14, "Received application name: " + loginRequest.ApplicationName, Arguments.ServerName); // Log response TDSUtilities.Log(Arguments.Log, "Response", errorToken); // Serialize the error token into the response packet TDSMessage responseMessage = new TDSMessage(TDSMessageType.Response, errorToken); // Prepare ERROR token for the final decision errorToken = new TDSErrorToken(18456, 1, 14, "Connection is denied by application name filter", Arguments.ServerName); // Log response TDSUtilities.Log(Arguments.Log, "Response", errorToken); // Serialize the error token into the response packet responseMessage.Add(errorToken); // Create DONE token TDSDoneToken doneToken = new TDSDoneToken(TDSDoneTokenStatusType.Final | TDSDoneTokenStatusType.Error); // Log response TDSUtilities.Log(Arguments.Log, "Response", doneToken); // Serialize DONE token into the response packet responseMessage.Add(doneToken); // Put a single message into the collection and return it return new TDSMessageCollection(responseMessage); } } } // Return login response from the base class return base.OnLogin7Request(session, request); }
protected virtual TDSMessageCollection OnFederatedAuthenticationInfoRequest(ITDSServerSession session) { TDSFedAuthInfoToken infoToken = new TDSFedAuthInfoToken(); // Make fake info options TDSFedAuthInfoOptionSPN spn = new TDSFedAuthInfoOptionSPN(Arguments.ServerPrincipalName); TDSFedAuthInfoOptionSTSURL stsurl = new TDSFedAuthInfoOptionSTSURL(Arguments.StsUrl); infoToken.Options.Add(0, spn); infoToken.Options.Add(1, stsurl); // Log response TDSUtilities.Log(Arguments.Log, "Response", spn); TDSUtilities.Log(Arguments.Log, "Response", stsurl); TDSMessage infoMessage = new TDSMessage(TDSMessageType.FederatedAuthenticationInfo, infoToken); return new TDSMessageCollection(infoMessage); }
/// <summary> /// It is called when attention arrives /// </summary> public virtual TDSMessageCollection OnAttention(ITDSServerSession session, TDSMessage message) { // Delegate into the query engine return Engine.ExecuteAttention(session, message); }
public virtual TDSMessageCollection OnFederatedAuthenticationTokenMessage(ITDSServerSession session, TDSMessage message) { // Get the FedAuthToken TDSFedAuthToken fedauthToken = message[0] as TDSFedAuthToken; // Log TDSUtilities.Log(Arguments.Log, "Request", fedauthToken); return(OnFederatedAuthenticationCompleted(session, fedauthToken.Token)); }
/// <summary> /// Handler for login request /// </summary> public virtual TDSMessageCollection OnLogin7Request(ITDSServerSession session, TDSMessage request) { // Inflate login7 request from the message TDSLogin7Token loginRequest = request[0] as TDSLogin7Token; // Log request TDSUtilities.Log(Arguments.Log, "Request", loginRequest); // Update server context session.Database = string.IsNullOrEmpty(loginRequest.Database) ? "master" : loginRequest.Database; // Resolve TDS version session.TDSVersion = TDSVersion.Resolve(TDSVersion.GetTDSVersion(Arguments.ServerVersion), loginRequest.TDSVersion); // Check for the TDS version TDSMessageCollection collection = CheckTDSVersion(session); // Check if any errors are posted if (collection != null) { // Version check needs to send own message hence we can't proceed return(collection); } // Indicates federated authentication bool bIsFedAuthConnection = false; // Federated authentication option to be used later TDSLogin7FedAuthOptionToken federatedAuthenticationOption = null; // Check if feature extension block is available if (loginRequest.FeatureExt != null) { // Go over the feature extension data foreach (TDSLogin7FeatureOptionToken option in loginRequest.FeatureExt) { // Check option type switch (option.FeatureID) { case TDSFeatureID.SessionRecovery: { // Enable session recovery session.IsSessionRecoveryEnabled = true; // Cast to session state options TDSLogin7SessionRecoveryOptionToken sessionStateOption = option as TDSLogin7SessionRecoveryOptionToken; // Inflate session state (session as GenericTDSServerSession).Inflate(sessionStateOption.Initial, sessionStateOption.Current); break; } case TDSFeatureID.FederatedAuthentication: { // Cast to federated authentication option federatedAuthenticationOption = option as TDSLogin7FedAuthOptionToken; // Mark authentication as federated bIsFedAuthConnection = true; // Validate federated authentication option collection = CheckFederatedAuthenticationOption(session, option as TDSLogin7FedAuthOptionToken); if (collection != null) { // Version error happened. return(collection); } // Save the fed auth library to be used (session as GenericTDSServerSession).FederatedAuthenticationLibrary = federatedAuthenticationOption.Library; break; } default: { // Do nothing break; } } } } // Check if SSPI authentication is requested if (loginRequest.OptionalFlags2.IntegratedSecurity == TDSLogin7OptionalFlags2IntSecurity.On) { // Delegate to SSPI authentication return(ContinueSSPIAuthentication(session, loginRequest.SSPI)); } // If it is not a FedAuth connection or the server has been started up as not supporting FedAuth, just ignore the FeatureExtension // Yes unfortunately for the fake server, supporting FedAuth = Requiring FedAuth if (!bIsFedAuthConnection || Arguments.FedAuthRequiredPreLoginOption == TdsPreLoginFedAuthRequiredOption.FedAuthNotRequired) { // We use SQL authentication session.SQLUserID = loginRequest.UserID; // Process with the SQL login. return(OnSqlAuthenticationCompleted(session)); } else { // Fedauth feature extension is present and server has been started up as Requiring (or Supporting) FedAuth if (federatedAuthenticationOption.IsRequestingAuthenticationInfo) { // Must provide client with more info before completing authentication return(OnFederatedAuthenticationInfoRequest(session)); } else { return(OnFederatedAuthenticationCompleted(session, federatedAuthenticationOption.Token)); } } }
/// <summary> /// Handler for pre-login request /// </summary> public virtual TDSMessageCollection OnPreLoginRequest(ITDSServerSession session, TDSMessage request) { // Inflate pre-login request from the message TDSPreLoginToken preLoginRequest = request[0] as TDSPreLoginToken; // Log request TDSUtilities.Log(Arguments.Log, "Request", preLoginRequest); // Generate server response for encryption TDSPreLoginTokenEncryptionType serverResponse = TDSUtilities.GetEncryptionResponse(preLoginRequest.Encryption, Arguments.Encryption); // Update client state with encryption resolution session.Encryption = TDSUtilities.ResolveEncryption(preLoginRequest.Encryption, serverResponse); // Create TDS prelogin packet TDSPreLoginToken preLoginToken = new TDSPreLoginToken(Arguments.ServerVersion, serverResponse, false); // TDS server doesn't support MARS // Cache the recieved Nonce into the session (session as GenericTDSServerSession).ClientNonce = preLoginRequest.Nonce; // Check if the server has been started up as requiring FedAuth when choosing between SSPI and FedAuth if (Arguments.FedAuthRequiredPreLoginOption == TdsPreLoginFedAuthRequiredOption.FedAuthRequired) { if (preLoginRequest.FedAuthRequired == TdsPreLoginFedAuthRequiredOption.FedAuthRequired) { // Set the FedAuthRequired option preLoginToken.FedAuthRequired = TdsPreLoginFedAuthRequiredOption.FedAuthRequired; } // Keep the federated authentication required flag in the server session (session as GenericTDSServerSession).FedAuthRequiredPreLoginServerResponse = preLoginToken.FedAuthRequired; if (preLoginRequest.Nonce != null) { // Generate Server Nonce preLoginToken.Nonce = _GenerateRandomBytes(32); } } // Cache the server Nonce in a session (session as GenericTDSServerSession).ServerNonce = preLoginToken.Nonce; // Log response TDSUtilities.Log(Arguments.Log, "Response", preLoginToken); // Reset authentication information session.SQLUserID = null; session.NTUserAuthenticationContext = null; // Respond with a single message that contains only one token return(new TDSMessageCollection(new TDSMessage(TDSMessageType.Response, preLoginToken))); }
/// <summary> /// Handler for login request /// </summary> public override TDSMessageCollection OnLogin7Request(ITDSServerSession session, TDSMessage request) { // Inflate login7 request from the message TDSLogin7Token loginRequest = request[0] as TDSLogin7Token; // Check if arguments are of the authenticating TDS server if (Arguments is AuthenticatingTDSServerArguments) { // Cast to authenticating TDS server arguments AuthenticatingTDSServerArguments ServerArguments = Arguments as AuthenticatingTDSServerArguments; // Check if we're still processing normal login if (ServerArguments.ApplicationIntentFilter != ApplicationIntentFilterType.All) { // Check filter if ((ServerArguments.ApplicationIntentFilter == ApplicationIntentFilterType.ReadOnly && loginRequest.TypeFlags.ReadOnlyIntent != TDSLogin7TypeFlagsReadOnlyIntent.ReadOnly) || (ServerArguments.ApplicationIntentFilter == ApplicationIntentFilterType.None)) { // Log request to which we're about to send a failure TDSUtilities.Log(Arguments.Log, "Request", loginRequest); // Prepare ERROR token with the denial details TDSErrorToken errorToken = new TDSErrorToken(18456, 1, 14, "Received application intent: " + loginRequest.TypeFlags.ReadOnlyIntent.ToString(), Arguments.ServerName); // Log response TDSUtilities.Log(Arguments.Log, "Response", errorToken); // Serialize the error token into the response packet TDSMessage responseMessage = new TDSMessage(TDSMessageType.Response, errorToken); // Prepare ERROR token for the final decision errorToken = new TDSErrorToken(18456, 1, 14, "Connection is denied by application intent filter", Arguments.ServerName); // Log response TDSUtilities.Log(Arguments.Log, "Response", errorToken); // Serialize the error token into the response packet responseMessage.Add(errorToken); // Create DONE token TDSDoneToken doneToken = new TDSDoneToken(TDSDoneTokenStatusType.Final | TDSDoneTokenStatusType.Error); // Log response TDSUtilities.Log(Arguments.Log, "Response", doneToken); // Serialize DONE token into the response packet responseMessage.Add(doneToken); // Put a single message into the collection and return it return(new TDSMessageCollection(responseMessage)); } } // Check if we're still processing normal login and there's a filter to check if (ServerArguments.ServerNameFilterType != ServerNameFilterType.None) { // Check each algorithm if ((ServerArguments.ServerNameFilterType == ServerNameFilterType.Equals && string.Compare(ServerArguments.ServerNameFilter, loginRequest.ServerName, true) != 0) || (ServerArguments.ServerNameFilterType == ServerNameFilterType.StartsWith && !loginRequest.ServerName.StartsWith(ServerArguments.ServerNameFilter)) || (ServerArguments.ServerNameFilterType == ServerNameFilterType.EndsWith && !loginRequest.ServerName.EndsWith(ServerArguments.ServerNameFilter)) || (ServerArguments.ServerNameFilterType == ServerNameFilterType.Contains && !loginRequest.ServerName.Contains(ServerArguments.ServerNameFilter))) { // Log request to which we're about to send a failure TDSUtilities.Log(Arguments.Log, "Request", loginRequest); // Prepare ERROR token with the reason TDSErrorToken errorToken = new TDSErrorToken(18456, 1, 14, string.Format("Received server name \"{0}\", expected \"{1}\" using \"{2}\" algorithm", loginRequest.ServerName, ServerArguments.ServerNameFilter, ServerArguments.ServerNameFilterType), Arguments.ServerName); // Log response TDSUtilities.Log(Arguments.Log, "Response", errorToken); // Serialize the errorToken token into the response packet TDSMessage responseMessage = new TDSMessage(TDSMessageType.Response, errorToken); // Prepare ERROR token with the final errorToken errorToken = new TDSErrorToken(18456, 1, 14, "Connection is denied by server name filter", Arguments.ServerName); // Log response TDSUtilities.Log(Arguments.Log, "Response", errorToken); // Serialize the errorToken token into the response packet responseMessage.Add(errorToken); // Create DONE token TDSDoneToken doneToken = new TDSDoneToken(TDSDoneTokenStatusType.Final | TDSDoneTokenStatusType.Error); // Log response TDSUtilities.Log(Arguments.Log, "Response", doneToken); // Serialize DONE token into the response packet responseMessage.Add(doneToken); // Return only a single message with the collection return(new TDSMessageCollection(responseMessage)); } } // Check if packet size filter is applied if (ServerArguments.PacketSizeFilter != null) { // Check if requested packet size is the same as the filter specified if (loginRequest.PacketSize != ServerArguments.PacketSizeFilter.Value) { // Log request to which we're about to send a failure TDSUtilities.Log(Arguments.Log, "Request", loginRequest); // Prepare ERROR token with the reason TDSErrorToken errorToken = new TDSErrorToken(1919, 1, 14, string.Format("Received packet size \"{0}\", expected \"{1}\"", loginRequest.PacketSize, ServerArguments.PacketSizeFilter.Value), Arguments.ServerName); // Log response TDSUtilities.Log(Arguments.Log, "Response", errorToken); // Serialize the errorToken token into the response packet TDSMessage responseMessage = new TDSMessage(TDSMessageType.Response, errorToken); // Prepare ERROR token with the final errorToken errorToken = new TDSErrorToken(1919, 1, 14, "Connection is denied by packet size filter", Arguments.ServerName); // Log response TDSUtilities.Log(Arguments.Log, "Response", errorToken); // Serialize the errorToken token into the response packet responseMessage.Add(errorToken); // Create DONE token TDSDoneToken doneToken = new TDSDoneToken(TDSDoneTokenStatusType.Final | TDSDoneTokenStatusType.Error); // Log response TDSUtilities.Log(Arguments.Log, "Response", doneToken); // Serialize DONE token into the response packet responseMessage.Add(doneToken); // Return only a single message with the collection return(new TDSMessageCollection(responseMessage)); } } // If we have an application name filter if (ServerArguments.ApplicationNameFilter != null) { // If we are supposed to block this connection attempt if (loginRequest.ApplicationName.Equals(ServerArguments.ApplicationNameFilter, System.StringComparison.OrdinalIgnoreCase)) { // Log request to which we're about to send a failure TDSUtilities.Log(Arguments.Log, "Request", loginRequest); // Prepare ERROR token with the denial details TDSErrorToken errorToken = new TDSErrorToken(18456, 1, 14, "Received application name: " + loginRequest.ApplicationName, Arguments.ServerName); // Log response TDSUtilities.Log(Arguments.Log, "Response", errorToken); // Serialize the error token into the response packet TDSMessage responseMessage = new TDSMessage(TDSMessageType.Response, errorToken); // Prepare ERROR token for the final decision errorToken = new TDSErrorToken(18456, 1, 14, "Connection is denied by application name filter", Arguments.ServerName); // Log response TDSUtilities.Log(Arguments.Log, "Response", errorToken); // Serialize the error token into the response packet responseMessage.Add(errorToken); // Create DONE token TDSDoneToken doneToken = new TDSDoneToken(TDSDoneTokenStatusType.Final | TDSDoneTokenStatusType.Error); // Log response TDSUtilities.Log(Arguments.Log, "Response", doneToken); // Serialize DONE token into the response packet responseMessage.Add(doneToken); // Put a single message into the collection and return it return(new TDSMessageCollection(responseMessage)); } } } // Return login response from the base class return(base.OnLogin7Request(session, request)); }
/// <summary> /// Handler for SSPI request /// </summary> public virtual TDSMessageCollection OnSSPIRequest(ITDSServerSession session, TDSMessage request) { // Get the SSPI token TDSSSPIClientToken sspiRequest = request[0] as TDSSSPIClientToken; // Log request TDSUtilities.Log(Arguments.Log, "Request", sspiRequest.Payload); // Delegate to SSPI routine return ContinueSSPIAuthentication(session, sspiRequest.Payload); }
/// <summary> /// It is called when SQL batch request arrives /// </summary> public virtual TDSMessageCollection OnSQLBatchRequest(ITDSServerSession session, TDSMessage message) { // Delegate to the query engine TDSMessageCollection responseMessage = Engine.ExecuteBatch(session, message); // Check if session packet size is different than the engine packet size if (session.PacketSize != Arguments.PacketSize) { // Get the first message TDSMessage firstMessage = responseMessage[0]; // Find DONE token in it int indexOfDone = firstMessage.IndexOf(firstMessage.Where(t => t is TDSDoneToken).First()); // Create new packet size environment change token TDSEnvChangeToken envChange = new TDSEnvChangeToken(TDSEnvChangeTokenType.PacketSize, Arguments.PacketSize.ToString(), session.PacketSize.ToString()); // Log response TDSUtilities.Log(Arguments.Log, "Response", envChange); // Insert env change before done token firstMessage.Insert(indexOfDone, envChange); // Update session with the new packet size session.PacketSize = (uint)Arguments.PacketSize; } return responseMessage; }
/// <summary> /// It is called when SQL batch request arrives /// </summary> public virtual TDSMessageCollection OnSQLBatchRequest(ITDSServerSession session, TDSMessage message) { // Delegate to the query engine TDSMessageCollection responseMessage = Engine.ExecuteBatch(session, message); // Check if session packet size is different than the engine packet size if (session.PacketSize != Arguments.PacketSize) { // Get the first message TDSMessage firstMessage = responseMessage[0]; // Find DONE token in it int indexOfDone = firstMessage.IndexOf(firstMessage.Where(t => t is TDSDoneToken).First()); // Create new packet size environment change token TDSEnvChangeToken envChange = new TDSEnvChangeToken(TDSEnvChangeTokenType.PacketSize, Arguments.PacketSize.ToString(), session.PacketSize.ToString()); // Log response TDSUtilities.Log(Arguments.Log, "Response", envChange); // Insert env change before done token firstMessage.Insert(indexOfDone, envChange); // Update session with the new packet size session.PacketSize = (uint)Arguments.PacketSize; } return(responseMessage); }
/// <summary> /// Advances one step in SSPI authentication sequence /// </summary> protected virtual TDSMessageCollection ContinueSSPIAuthentication(ITDSServerSession session, byte[] payload) { // Response to send to the client SSPIResponse response; try { // Check if we have an SSPI context if (session.NTUserAuthenticationContext == null) { // This is the first step so we need to create a server context and initialize it session.NTUserAuthenticationContext = SSPIContext.CreateServer(); // Run the first step of authentication response = session.NTUserAuthenticationContext.StartServerAuthentication(payload); } else { // Process SSPI request from the client response = session.NTUserAuthenticationContext.ContinueServerAuthentication(payload); } } catch (Exception e) { // Prepare ERROR token with the reason TDSErrorToken errorToken = new TDSErrorToken(12345, 1, 15, "Failed to accept security SSPI context", Arguments.ServerName); // Log response TDSUtilities.Log(Arguments.Log, "Response", errorToken); // Serialize the error token into the response packet TDSMessage responseErrorMessage = new TDSMessage(TDSMessageType.Response, errorToken); // Prepare ERROR token with the final errorToken errorToken = new TDSErrorToken(12345, 1, 15, e.Message, Arguments.ServerName); // Log response TDSUtilities.Log(Arguments.Log, "Response", errorToken); // Serialize the error token into the response packet responseErrorMessage.Add(errorToken); // Create DONE token TDSDoneToken doneToken = new TDSDoneToken(TDSDoneTokenStatusType.Final | TDSDoneTokenStatusType.Error); // Log response TDSUtilities.Log(Arguments.Log, "Response", doneToken); // Serialize DONE token into the response packet responseErrorMessage.Add(doneToken); // Respond with a single message return new TDSMessageCollection(responseErrorMessage); } // Message collection to respond with TDSMessageCollection responseMessages = new TDSMessageCollection(); // Check if there's a response if (response != null) { // Check if there's a payload if (response.Payload != null) { // Create SSPI token TDSSSPIToken sspiToken = new TDSSSPIToken(response.Payload); // Log response TDSUtilities.Log(Arguments.Log, "Response", sspiToken); // Prepare response message with a single response token responseMessages.Add(new TDSMessage(TDSMessageType.Response, sspiToken)); // Check if we can complete login if (!response.IsFinal) { // Send the message to the client return responseMessages; } } } // Reset SQL user identifier since we're using NT authentication session.SQLUserID = null; // Append successfully authentication response responseMessages.AddRange(OnAuthenticationCompleted(session)); // Return the message with SSPI token return responseMessages; }
/// <summary> /// Run one cycle of the parser to process incoming stream of data or dispatch outgoing data /// </summary> public void Run() { // Check if there's a message being inflated if (MessageBeingReceived == null) { // Create a new message MessageBeingReceived = new TDSMessage(); } // Inflate the message using incoming stream // This call will use only as much data is it needs and leave everything else on the stream if (MessageBeingReceived.InflateClientRequest(Transport)) { // Call into the server logics to process the message and generate the response TDSMessageCollection responseMessages = null; // Check the type of the packet switch (MessageBeingReceived.MessageType) { case TDSMessageType.PreLogin: { // Call into the subscriber to process the packet responseMessages = Server.OnPreLoginRequest(Session, MessageBeingReceived); break; } case TDSMessageType.TDS7Login: { // Call into the subscriber to process the packet responseMessages = Server.OnLogin7Request(Session, MessageBeingReceived); // Check if encryption needs to be turned off if (Session.Encryption == TDSEncryptionType.LoginOnly) { // Disable transport encryption DisableTransportEncryption(); } break; } case TDSMessageType.SSPI: { // Call into the subscriber to process the packet responseMessages = Server.OnSSPIRequest(Session, MessageBeingReceived); break; } case TDSMessageType.SQLBatch: { // Call into the subscriber to process the packet responseMessages = Server.OnSQLBatchRequest(Session, MessageBeingReceived); break; } case TDSMessageType.Attention: { // Call into the subscriber to process the packet responseMessages = Server.OnAttention(Session, MessageBeingReceived); break; } case TDSMessageType.FederatedAuthenticationToken: { // Call into the subscriber to process the packet responseMessages = Server.OnFederatedAuthenticationTokenMessage(Session, MessageBeingReceived); break; } default: { // New code is needed to process this message throw new NotImplementedException(string.Format("Handler of TDS message \"{0}\" is not implemented", MessageBeingReceived.MessageType)); } } // Check if TDS packet size changed if (Session.PacketSize != Transport.PacketSize) { // Update packet size Transport.PacketSize = Session.PacketSize; } // Send all messages to the client responseMessages.Deflate(Transport); // Check the type of message just sent if (MessageBeingReceived.MessageType == TDSMessageType.PreLogin) { // Check encryption settings on the session if (Session.Encryption == TDSEncryptionType.LoginOnly || Session.Encryption == TDSEncryptionType.Full) { // Enable server side encryption EnableServerTransportEncryption(Session.EncryptionCertificate); } } // Reset the current message because it's complete // It would also trigger creation of the next message during the next cycle MessageBeingReceived = null; } }
protected virtual TDSMessageCollection OnAuthenticationCompleted(ITDSServerSession session) { // Create new database environment change token TDSEnvChangeToken envChange = new TDSEnvChangeToken(TDSEnvChangeTokenType.Database, session.Database, "master"); // Log response TDSUtilities.Log(Arguments.Log, "Response", envChange); // Serialize the login token into the response packet TDSMessage responseMessage = new TDSMessage(TDSMessageType.Response, envChange); // Create information token on the change TDSInfoToken infoToken = new TDSInfoToken(5701, 2, 0, string.Format("Changed database context to '{0}'", envChange.NewValue), Arguments.ServerName); // Log response TDSUtilities.Log(Arguments.Log, "Response", infoToken); // Serialize the login token into the response packet responseMessage.Add(infoToken); // Create new collation change token envChange = new TDSEnvChangeToken(TDSEnvChangeTokenType.SQLCollation, (session as GenericTDSServerSession).Collation); // Log response TDSUtilities.Log(Arguments.Log, "Response", envChange); // Serialize the login token into the response packet responseMessage.Add(envChange); // Create new language change token envChange = new TDSEnvChangeToken(TDSEnvChangeTokenType.Language, LanguageString.ToString((session as GenericTDSServerSession).Language)); // Log response TDSUtilities.Log(Arguments.Log, "Response", envChange); // Serialize the login token into the response packet responseMessage.Add(envChange); // Create information token on the change infoToken = new TDSInfoToken(5703, 1, 0, string.Format("Changed language setting to {0}", envChange.NewValue), Arguments.ServerName); // Log response TDSUtilities.Log(Arguments.Log, "Response", infoToken); // Serialize the login token into the response packet responseMessage.Add(infoToken); // Create new packet size environment change token envChange = new TDSEnvChangeToken(TDSEnvChangeTokenType.PacketSize, Arguments.PacketSize.ToString(), Arguments.PacketSize.ToString()); // Log response TDSUtilities.Log(Arguments.Log, "Response", envChange); // Serialize the login token into the response packet responseMessage.Add(envChange); // Update session packet size session.PacketSize = (uint)Arguments.PacketSize; // Create login acknowledgnment packet TDSLoginAckToken loginResponseToken = new TDSLoginAckToken(Arguments.ServerVersion, session.TDSVersion, TDSLogin7TypeFlagsSQL.SQL, "Microsoft SQL Server"); // Otherwise SNAC yields E_FAIL // Log response TDSUtilities.Log(Arguments.Log, "Response", loginResponseToken); // Serialize the login token into the response packet responseMessage.Add(loginResponseToken); // Check if session recovery is enabled if (session.IsSessionRecoveryEnabled) { // Create Feature extension Ack token TDSFeatureExtAckToken featureExtActToken = new TDSFeatureExtAckToken(new TDSFeatureExtAckSessionStateOption((session as GenericTDSServerSession).Deflate())); // Log response TDSUtilities.Log(Arguments.Log, "Response", featureExtActToken); // Serialize feature extnesion token into the response responseMessage.Add(featureExtActToken); } // Create DONE token TDSDoneToken doneToken = new TDSDoneToken(TDSDoneTokenStatusType.Final); // Log response TDSUtilities.Log(Arguments.Log, "Response", doneToken); // Serialize DONE token into the response packet responseMessage.Add(doneToken); // Wrap a single message in a collection return new TDSMessageCollection(responseMessage); }
/// <summary> /// Handle attention from the client /// </summary> public TDSMessageCollection ExecuteAttention(ITDSServerSession session, TDSMessage request) { // Create attention DONE token TDSDoneToken doneToken = new TDSDoneToken(TDSDoneTokenStatusType.Final | TDSDoneTokenStatusType.Attention); // Log response TDSUtilities.Log(Log, "Response", doneToken); // Return a single message with DONE token only return new TDSMessageCollection(new TDSMessage(TDSMessageType.Response, doneToken)); }
/// <summary> /// It is called when SQL batch request arrives /// </summary> /// <param name="message">TDS message recieved</param> /// <returns>TDS message to respond with</returns> public override TDSMessageCollection OnSQLBatchRequest(ITDSServerSession session, TDSMessage request) { // Delegate to the base class to produce the response first TDSMessageCollection batchResponse = base.OnSQLBatchRequest(session, request); // Check if arguments are of routing server if (Arguments is RoutingTDSServerArguments) { // Cast to routing server arguments RoutingTDSServerArguments ServerArguments = Arguments as RoutingTDSServerArguments; // Check routing condition if (ServerArguments.RouteOnPacket == TDSMessageType.SQLBatch) { // Construct routing token TDSPacketToken routingToken = CreateRoutingToken(); // Log response TDSUtilities.Log(Arguments.Log, "Response", routingToken); // Insert the routing token at the beginning of the response batchResponse[0].Insert(0, routingToken); } else { // Get the first response message TDSMessage responseMessage = batchResponse[0]; // Reset the content of the first message responseMessage.Clear(); // Prepare ERROR token with the denial details responseMessage.Add(new TDSErrorToken(11111, 1, 14, "Client should have been routed by now", Arguments.ServerName)); // Log response TDSUtilities.Log(Arguments.Log, "Response", responseMessage[0]); // Prepare DONE token responseMessage.Add(new TDSDoneToken(TDSDoneTokenStatusType.Final | TDSDoneTokenStatusType.Error)); // Log response TDSUtilities.Log(Arguments.Log, "Response", responseMessage[1]); } } // Register only one message with the collection return batchResponse; }
/// <summary> /// Execute the query and produce a response /// </summary> public TDSMessageCollection ExecuteBatch(ITDSServerSession session, TDSMessage request) { // Get the batch from the tokens TDSSQLBatchToken batchRequest = request[0] as TDSSQLBatchToken; // Log request TDSUtilities.Log(Log, "Request", batchRequest); // Increase the counter of connection reset requests if the message contains the proper flags if (request.IsResetConnectionRequestSet || request.IsResetConnectionSkipTransactionRequestSet) { session.ConnectionResetRequestCount++; } // Prepare response message TDSMessage responseMessage = new TDSMessage(TDSMessageType.Response); // Prepare query text string lowerBatchText = batchRequest.Text.ToLowerInvariant(); // Check query if (lowerBatchText.Contains("serverproperty('servername')")) // SELECT convert(nvarchar(256), ServerProperty('ServerName')) { // Delegate to server name query responseMessage = _PrepareServerNameResponse(session); } if (lowerBatchText.Contains("serverproperty('machinename')")) // SELECT convert(nvarchar(256), ServerProperty('MachineName')) { // Delegate to server name query responseMessage = _PrepareMachineNameResponse(session); } else if (lowerBatchText.Contains("serverproperty('instancename')")) // SELECT convert(nvarchar(256), ServerProperty('InstanceName')) { // Delegate to instance name query responseMessage = _PrepareInstanceNameResponse(session); } else if (lowerBatchText.Contains("serverproperty('ishadrenabled')")) // SELECT convert(bit, ServerProperty('IsHADREnabled')) { // Delegate to HADRon query responseMessage = _PrepareIsHADRResponse(session); } else if (lowerBatchText.Contains("serverproperty('engineedition')")) // SELECT convert(int, ServerProperty('EngineEdition')) { // Delegate to Azure query responseMessage = _PrepareIsAzure(session); } else if (lowerBatchText.Contains("serverproperty('islocaldb')")) // SELECT convert(bit, ServerProperty('IsLocalDB')) { // Delegate to Local DB query responseMessage = _PrepareIsLocalDB(session); } else if (lowerBatchText.Contains("serverproperty('istestsqlserver')")) // SELECT convert(bit, ServerProperty('IsTestSQLServer')) { // Delegate to test SQL Server query response responseMessage = _PrepareIsTestSQLServerResponse(session); } else if (lowerBatchText.Contains("serverproperty('testsqlserverclass')")) // SELECT convert(nvarchar(256), ServerProperty('TestSQLServerClass')) { // Delegate to test SQL Server class response responseMessage = _PrepareTestSQLServerClassResponse(session); } else if (lowerBatchText.Contains("dm_exec_sessions") && lowerBatchText.Contains("login_name") && lowerBatchText.Contains("nt_domain") && lowerBatchText.Contains("nt_user_name") && lowerBatchText.Contains("session_id")) // SELECT login_name, nt_domain, nt_user_name FROM sys.dm_exec_sessions WHERE session_id = @@spid { // Delegate to session user query responseMessage = _PrepareSessionUserResponse(session); } else if (lowerBatchText.Contains("sp_oledb_ro_usrname")) // exec [sys].sp_oledb_ro_usrname { // Delegate to OLE DB query responseMessage = _PrepareOleDbReadOnlyUserName(session); } else if (lowerBatchText.Contains("physical_net_transport") && lowerBatchText.Contains("local_net_address") && lowerBatchText.Contains("local_tcp_port")) // SELECT convert(nvarchar(40), ConnectionProperty('physical_net_transport')), convert(varchar(48), ConnectionProperty('local_net_address')), convert(int, ConnectionProperty('local_tcp_port')) { // Delegate to connection information query responseMessage = _PrepareConnectionInfoResponse(session); } else if (lowerBatchText.Contains("dm_exec_connections") && lowerBatchText.Contains("encrypt_option") && lowerBatchText.Contains("session_id")) // SELECT TOP (1) [encrypt_option] FROM [sys].[dm_exec_connections] WHERE [session_id] = @@SPID { // Delegate to encryption information query responseMessage = _PrepareEncryptionInfoResponse(session); } else if (lowerBatchText.Contains("select 1")) // SELECT 1 { // Delegate to server ping response responseMessage = _PreparePingResponse(session); } else if (lowerBatchText.Contains("name") && lowerBatchText.Contains("state") && lowerBatchText.Contains("databases") && lowerBatchText.Contains("db_name")) // SELECT [name], [state] FROM [sys].[databases] WHERE [name] = db_name() { // Delegate to current database response responseMessage = _PrepareDatabaseResponse(session); } else if (lowerBatchText.Contains("dbcc") && lowerBatchText.Contains("tracestatus")) // dbcc tracestatus() { // Delegate to current configuration response responseMessage = _PrepareConfigurationResponse(session); } else if (lowerBatchText.Contains("connectionproperty('sp_reset_connection_count')")) // select CONNECTIONPROPERTY('sp_reset_connection_count') { // Delegate to reset connection request response responseMessage = _PrepareConnectionResetRequestCountResponse(session); } else if (lowerBatchText.Contains("select") && lowerBatchText.Contains("convert") && lowerBatchText.Contains("nvarchar(128)") && lowerBatchText.Contains("@@spid")) // SELECT convert(nvarchar(128), @@SPID) { // Delegate to reset connection request response responseMessage = _PrepareSPIDResponse(session); } else if (lowerBatchText.Contains("select") && lowerBatchText.Contains("auth_scheme") && lowerBatchText.Contains("dm_exec_connections")) //select top (1) [auth_scheme] from [sys].[dm_exec_connections] where [session_id] = @@spid { // Delegate to reset connection request response responseMessage = _PrepareAuthSchemeResponse(session); } else if (lowerBatchText.Contains("select") && lowerBatchText.Contains("ansi_defaults") && lowerBatchText.Contains("dm_exec_sessions") && lowerBatchText.Contains("session_id") && lowerBatchText.Contains("@@spid")) // SELECT TOP (1) [ansi_defaults] FROM [sys].[dm_exec_sessions] WHERE [session_id] = @@SPID { // Delegate session property query responseMessage = _PrepareAnsiDefaultsResponse(session); } else if (lowerBatchText.Contains("select") && lowerBatchText.Contains("ansi_null_dflt_on") && lowerBatchText.Contains("dm_exec_sessions") && lowerBatchText.Contains("session_id") && lowerBatchText.Contains("@@spid")) // SELECT TOP (1) [ansi_null_dflt_on] FROM [sys].[dm_exec_sessions] WHERE [session_id] = @@SPID { // Delegate session property query responseMessage = _PrepareAnsiNullDefaultOnResponse(session); } else if (lowerBatchText.Contains("select") && lowerBatchText.Contains("ansi_nulls") && lowerBatchText.Contains("dm_exec_sessions") && lowerBatchText.Contains("session_id") && lowerBatchText.Contains("@@spid")) // SELECT TOP (1) [ansi_nulls] FROM [sys].[dm_exec_sessions] WHERE [session_id] = @@SPID { // Delegate session property query responseMessage = _PrepareAnsiNullsResponse(session); } else if (lowerBatchText.Contains("select") && lowerBatchText.Contains("ansi_padding") && lowerBatchText.Contains("dm_exec_sessions") && lowerBatchText.Contains("session_id") && lowerBatchText.Contains("@@spid")) // SELECT TOP (1) [ansi_padding] FROM [sys].[dm_exec_sessions] WHERE [session_id] = @@SPID { // Delegate session property query responseMessage = _PrepareAnsiPaddingResponse(session); } else if (lowerBatchText.Contains("select") && lowerBatchText.Contains("ansi_warnings") && lowerBatchText.Contains("dm_exec_sessions") && lowerBatchText.Contains("session_id") && lowerBatchText.Contains("@@spid")) // SELECT TOP (1) [ansi_warnings] FROM [sys].[dm_exec_sessions] WHERE [session_id] = @@SPID { // Delegate session property query responseMessage = _PrepareAnsiWarningsResponse(session); } else if (lowerBatchText.Contains("select") && lowerBatchText.Contains("arithabort") && lowerBatchText.Contains("dm_exec_sessions") && lowerBatchText.Contains("session_id") && lowerBatchText.Contains("@@spid")) // SELECT TOP (1) [arithabort] FROM [sys].[dm_exec_sessions] WHERE [session_id] = @@SPID { // Delegate session property query responseMessage = _PrepareArithAbortResponse(session); } else if (lowerBatchText.Contains("select") && lowerBatchText.Contains("concat_null_yields_null") && lowerBatchText.Contains("dm_exec_sessions") && lowerBatchText.Contains("session_id") && lowerBatchText.Contains("@@spid")) // SELECT TOP (1) [concat_null_yields_null] FROM [sys].[dm_exec_sessions] WHERE [session_id] = @@SPID { // Delegate session property query responseMessage = _PrepareConcatNullYieldsNullResponse(session); } else if (lowerBatchText.Contains("select") && lowerBatchText.Contains("date_first") && lowerBatchText.Contains("dm_exec_sessions") && lowerBatchText.Contains("session_id") && lowerBatchText.Contains("@@spid")) // SELECT TOP (1) [date_first] FROM [sys].[dm_exec_sessions] WHERE [session_id] = @@SPID { // Delegate session property query responseMessage = _PrepareDateFirstResponse(session); } else if (lowerBatchText.Contains("select") && lowerBatchText.Contains("date_format") && lowerBatchText.Contains("dm_exec_sessions") && lowerBatchText.Contains("session_id") && lowerBatchText.Contains("@@spid")) // SELECT TOP (1) [date_format] FROM [sys].[dm_exec_sessions] WHERE [session_id] = @@SPID { // Delegate session property query responseMessage = _PrepareDateFormatResponse(session); } else if (lowerBatchText.Contains("select") && lowerBatchText.Contains("deadlock_priority") && lowerBatchText.Contains("dm_exec_sessions") && lowerBatchText.Contains("session_id") && lowerBatchText.Contains("@@spid")) // SELECT TOP (1) [deadlock_priority] FROM [sys].[dm_exec_sessions] WHERE [session_id] = @@SPID { // Delegate session property query responseMessage = _PrepareDeadlockPriorityResponse(session); } else if (lowerBatchText.Contains("select") && lowerBatchText.Contains("language") && lowerBatchText.Contains("dm_exec_sessions") && lowerBatchText.Contains("session_id") && lowerBatchText.Contains("@@spid")) // SELECT TOP (1) [language] FROM [sys].[dm_exec_sessions] WHERE [session_id] = @@SPID { // Delegate session property query responseMessage = _PrepareLanguageResponse(session); } else if (lowerBatchText.Contains("select") && lowerBatchText.Contains("lock_timeout") && lowerBatchText.Contains("dm_exec_sessions") && lowerBatchText.Contains("session_id") && lowerBatchText.Contains("@@spid")) // SELECT TOP (1) [lock_timeout] FROM [sys].[dm_exec_sessions] WHERE [session_id] = @@SPID { // Delegate session property query responseMessage = _PrepareLockTimeoutResponse(session); } else if (lowerBatchText.Contains("select") && lowerBatchText.Contains("quoted_identifier") && lowerBatchText.Contains("dm_exec_sessions") && lowerBatchText.Contains("session_id") && lowerBatchText.Contains("@@spid")) // SELECT TOP (1) [quoted_identifier] FROM [sys].[dm_exec_sessions] WHERE [session_id] = @@SPID { // Delegate session property query responseMessage = _PrepareQuotedIdentifierResponse(session); } else if (lowerBatchText.Contains("select") && lowerBatchText.Contains("text_size") && lowerBatchText.Contains("dm_exec_sessions") && lowerBatchText.Contains("session_id") && lowerBatchText.Contains("@@spid")) // SELECT TOP (1) [text_size] FROM [sys].[dm_exec_sessions] WHERE [session_id] = @@SPID { // Delegate session property query responseMessage = _PrepareTextSizeResponse(session); } else if (lowerBatchText.Contains("select") && lowerBatchText.Contains("transaction_isolation_level") && lowerBatchText.Contains("dm_exec_sessions") && lowerBatchText.Contains("session_id") && lowerBatchText.Contains("@@spid")) // SELECT TOP (1) [transaction_isolation_level] FROM [sys].[dm_exec_sessions] WHERE [session_id] = @@SPID { // Delegate session property query responseMessage = _PrepareTransactionIsolationLevelResponse(session); } else if (lowerBatchText.Contains("select") && lowerBatchText.Contains("@@options")) // SELECT @@OPTIONS { // Delegate session property query responseMessage = _PrepareOptionsResponse(session); } else if (lowerBatchText.Contains("select") && lowerBatchText.Contains("context_info()")) // SELECT CONTEXT_INFO() { // Delegate session property query responseMessage = _PrepareContextInfoResponse(session); } else { // Create an info token that contains the query received TDSInfoToken infoToken = new TDSInfoToken(2012, 2, 0, lowerBatchText); // Log response TDSUtilities.Log(Log, "Response", infoToken); // Serialize DONE token into the response packet responseMessage.Add(infoToken); // Create an info token to let client know that we don't recognize this query infoToken = new TDSInfoToken(2012, 2, 0, "Received query is not recognized by the query engine. Please ask a very specific question."); // Log response TDSUtilities.Log(Log, "Response", infoToken); // Serialize DONE token into the response packet responseMessage.Add(infoToken); // Create generic DONE token TDSDoneToken doneToken = new TDSDoneToken(TDSDoneTokenStatusType.Final); // Log response TDSUtilities.Log(Log, "Response", doneToken); // Serialize DONE token into the response packet responseMessage.Add(doneToken); } // Response collection will contain only one message return new TDSMessageCollection(responseMessage); }
/// <summary> /// Handler for pre-login request /// </summary> public virtual TDSMessageCollection OnPreLoginRequest(ITDSServerSession session, TDSMessage request) { // Inflate pre-login request from the message TDSPreLoginToken preLoginRequest = request[0] as TDSPreLoginToken; // Log request TDSUtilities.Log(Arguments.Log, "Request", preLoginRequest); // Generate server response for encryption TDSPreLoginTokenEncryptionType serverResponse = TDSUtilities.GetEncryptionResponse(preLoginRequest.Encryption, Arguments.Encryption); // Update client state with encryption resolution session.Encryption = TDSUtilities.ResolveEncryption(preLoginRequest.Encryption, serverResponse); // Create TDS prelogin packet TDSPreLoginToken preLoginToken = new TDSPreLoginToken(Arguments.ServerVersion, serverResponse, false); // TDS server doesn't support MARS // Cache the recieved Nonce into the session (session as GenericTDSServerSession).ClientNonce = preLoginRequest.Nonce; // Check if the server has been started up as requiring FedAuth when choosing between SSPI and FedAuth if (Arguments.FedAuthRequiredPreLoginOption == TdsPreLoginFedAuthRequiredOption.FedAuthRequired) { if (preLoginRequest.FedAuthRequired == TdsPreLoginFedAuthRequiredOption.FedAuthRequired) { // Set the FedAuthRequired option preLoginToken.FedAuthRequired = TdsPreLoginFedAuthRequiredOption.FedAuthRequired; } // Keep the federated authentication required flag in the server session (session as GenericTDSServerSession).FedAuthRequiredPreLoginServerResponse = preLoginToken.FedAuthRequired; if (preLoginRequest.Nonce != null) { // Generate Server Nonce preLoginToken.Nonce = _GenerateRandomBytes(32); } } // Cache the server Nonce in a session (session as GenericTDSServerSession).ServerNonce = preLoginToken.Nonce; // Log response TDSUtilities.Log(Arguments.Log, "Response", preLoginToken); // Reset authentication information session.SQLUserID = null; session.NTUserAuthenticationContext = null; // Respond with a single message that contains only one token return new TDSMessageCollection(new TDSMessage(TDSMessageType.Response, preLoginToken)); }
/// <summary> /// Handler for login request /// </summary> public virtual TDSMessageCollection OnLogin7Request(ITDSServerSession session, TDSMessage request) { // Inflate login7 request from the message TDSLogin7Token loginRequest = request[0] as TDSLogin7Token; // Log request TDSUtilities.Log(Arguments.Log, "Request", loginRequest); // Update server context session.Database = string.IsNullOrEmpty(loginRequest.Database) ? "master" : loginRequest.Database; // Resolve TDS version session.TDSVersion = TDSVersion.Resolve(TDSVersion.GetTDSVersion(Arguments.ServerVersion), loginRequest.TDSVersion); // Check for the TDS version TDSMessageCollection collection = CheckTDSVersion(session); // Check if any errors are posted if (collection != null) { // Version check needs to send own message hence we can't proceed return collection; } // Indicates federated authentication bool bIsFedAuthConnection = false; // Federated authentication option to be used later TDSLogin7FedAuthOptionToken federatedAuthenticationOption = null; // Check if feature extension block is available if (loginRequest.FeatureExt != null) { // Go over the feature extension data foreach (TDSLogin7FeatureOptionToken option in loginRequest.FeatureExt) { // Check option type switch (option.FeatureID) { case TDSFeatureID.SessionRecovery: { // Enable session recovery session.IsSessionRecoveryEnabled = true; // Cast to session state options TDSLogin7SessionRecoveryOptionToken sessionStateOption = option as TDSLogin7SessionRecoveryOptionToken; // Inflate session state (session as GenericTDSServerSession).Inflate(sessionStateOption.Initial, sessionStateOption.Current); break; } case TDSFeatureID.FederatedAuthentication: { // Cast to federated authentication option federatedAuthenticationOption = option as TDSLogin7FedAuthOptionToken; // Mark authentication as federated bIsFedAuthConnection = true; // Validate federated authentication option collection = CheckFederatedAuthenticationOption(session, option as TDSLogin7FedAuthOptionToken); if (collection != null) { // Version error happened. return collection; } // Save the fed auth library to be used (session as GenericTDSServerSession).FederatedAuthenticationLibrary = federatedAuthenticationOption.Library; break; } default: { // Do nothing break; } } } } // Check if SSPI authentication is requested if (loginRequest.OptionalFlags2.IntegratedSecurity == TDSLogin7OptionalFlags2IntSecurity.On) { // Delegate to SSPI authentication return ContinueSSPIAuthentication(session, loginRequest.SSPI); } // If it is not a FedAuth connection or the server has been started up as not supporting FedAuth, just ignore the FeatureExtension // Yes unfortunately for the fake server, supporting FedAuth = Requiring FedAuth if (!bIsFedAuthConnection || Arguments.FedAuthRequiredPreLoginOption == TdsPreLoginFedAuthRequiredOption.FedAuthNotRequired) { // We use SQL authentication session.SQLUserID = loginRequest.UserID; // Process with the SQL login. return OnSqlAuthenticationCompleted(session); } else { // Fedauth feature extension is present and server has been started up as Requiring (or Supporting) FedAuth if (federatedAuthenticationOption.IsRequestingAuthenticationInfo) { // Must provide client with more info before completing authentication return OnFederatedAuthenticationInfoRequest(session); } else { return OnFederatedAuthenticationCompleted(session, federatedAuthenticationOption.Token); } } }
/// <summary> /// Send a request to the TDS server /// </summary> private void _WriteRequest(TDSMessage requestMessage) { // Check if TDS packet size changed if (Client.Context.PacketSize != Transport.PacketSize) { // Update packet size Transport.PacketSize = Client.Context.PacketSize; } // Check if there is request to send if (requestMessage != null) { // Dispatch the request to the server requestMessage.Deflate(Transport); // Log event Log("Sent a request and entered \"{0}\"", Client.State); } else { // Log event Log("Client entered \"{0}\"", Client.State); } }
/// <summary> /// Handler for login request /// </summary> public override TDSMessageCollection OnPreLoginRequest(ITDSServerSession session, TDSMessage request) { // Get the collection from a valid On PreLogin Request TDSMessageCollection preLoginCollection = base.OnPreLoginRequest(session, request); // Check if arguments are of the Federated Authentication server if (Arguments is FederatedAuthenticationNegativeTDSServerArguments) { // Cast to federated authentication server arguments FederatedAuthenticationNegativeTDSServerArguments ServerArguments = Arguments as FederatedAuthenticationNegativeTDSServerArguments; // Find the is token carrying on TDSPreLoginToken TDSPreLoginToken preLoginToken = preLoginCollection.Find(message => message.Exists(packetToken => packetToken is TDSPreLoginToken)). Find(packetToken => packetToken is TDSPreLoginToken) as TDSPreLoginToken; switch (ServerArguments.Scenario) { case FederatedAuthenticationNegativeTDSScenarioType.NonceMissingInFedAuthPreLogin: { // If we have the prelogin token if (preLoginToken != null && preLoginToken.Nonce != null) { // Nullify the nonce from the Token preLoginToken.Nonce = null; } break; } case FederatedAuthenticationNegativeTDSScenarioType.InvalidB_FEDAUTHREQUIREDResponse: { // If we have the prelogin token if (preLoginToken != null) { // Set an illegal value for B_FEDAUTHREQURED preLoginToken.FedAuthRequired = TdsPreLoginFedAuthRequiredOption.Illegal; } break; } } } // Return the collection return(preLoginCollection); }