internal static extern Win32Error FwpmEngineOpen0(
[Optional] string serverName,
RpcAuthenticationType authnService,
SEC_WINNT_AUTH_IDENTITY authIdentity,
FWPM_SESSION0 session,
out SafeFwpmEngineHandle engineHandle
);
public ExampleRpcConnection(Guid iid, string connection)
{
_iid = iid;
_rpcClient = null;
_connectionUri = new Uri(connection, UriKind.Absolute);
_connection = connection;
_authenticationType = RpcAuthenticationType.Anonymous;
_credentials = null;
RetryLimit = 1;
RetryWaitTime = 0;
ExceptionTypeResolution = RpcErrorTypeBehavior.OnlyUseLoadedAssemblies;
if (StringComparer.OrdinalIgnoreCase.Equals(_connectionUri.UserInfo, "self"))
{
_authenticationType = RpcAuthenticationType.Self;
}
else if (!String.IsNullOrEmpty(_connectionUri.UserInfo))
{
var uri = new UriBuilder(connection);
string domainName = "";
string userName = Uri.UnescapeDataString(uri.UserName);
int ixOffset = userName.LastIndexOf('\\');
if (ixOffset >= 0)
{
domainName = Uri.UnescapeDataString(userName.Substring(0, ixOffset));
userName = Uri.UnescapeDataString(userName.Substring(ixOffset + 1));
}
_credentials = new NetworkCredential(userName, Uri.UnescapeDataString(uri.Password), domainName);
_authenticationType = RpcAuthenticationType.User;
}
}
protected RpcClient()
{
_exceptionTypeResolution = RpcErrorTypeBehavior.OnlyUseLoadedAssemblies;
_extensions = ExtensionRegistry.CreateInstance();
_callContext = RpcCallContext.CreateBuilder();
_authenticatedAs = RpcAuthenticationType.None;
_serverPrincipalName = null;
}
public AuthData(RpcAuthenticationType type, RpcAuthenticationLevel level, int padding, int context_id, byte[] data)
{
Type = type;
Level = level;
Padding = padding;
ContextId = context_id;
Data = data;
}
public static AuthData Read(BinaryReader reader, int auth_length)
{
RpcAuthenticationType type = (RpcAuthenticationType)reader.ReadByte();
RpcAuthenticationLevel level = (RpcAuthenticationLevel)reader.ReadByte();
int padding = reader.ReadByte();
reader.ReadByte(); // Reserved;
int context_id = reader.ReadInt32();
return(new AuthData(type, level, padding, context_id, reader.ReadAllBytes(auth_length)));
}
protected override void AuthenticateClient(RpcAuthenticationType type, NetworkCredential credentials)
{
switch (type)
{
case RpcAuthenticationType.User:
_client.AuthenticateAs(ServerPrincipalName, credentials);
break;
case RpcAuthenticationType.Self:
_client.AuthenticateAs(ServerPrincipalName, RpcClientApi.Self);
break;
default:
_client.AuthenticateAs(ServerPrincipalName, RpcClientApi.Anonymous);
break;
}
}
protected override void AuthenticateClient(RpcAuthenticationType type, NetworkCredential credentials)
{
switch (type)
{
case RpcAuthenticationType.User:
_client.AuthenticateAs(ServerPrincipalName, credentials);
break;
case RpcAuthenticationType.Self:
_client.AuthenticateAs(ServerPrincipalName, RpcClientApi.Self);
break;
default:
_client.AuthenticateAs(ServerPrincipalName, RpcClientApi.Anonymous);
break;
}
}
protected override void AuthenticateClient(RpcAuthenticationType type, NetworkCredential credentials)
{
}
protected override void AuthenticateClient(RpcAuthenticationType type, NetworkCredential credentials)
{
}
protected abstract void AuthenticateClient(RpcAuthenticationType type, NetworkCredential credentials);
public RpcClient Authenticate(RpcAuthenticationType type, NetworkCredential credentials)
{
AuthenticateClient(type, credentials);
_authenticatedAs = type;
return(this);
}
public RpcClient Authenticate(RpcAuthenticationType type)
{
AuthenticateClient(type, null);
_authenticatedAs = type;
return(this);
}
private void BindAuth(Guid interface_id, Version interface_version, Guid transfer_syntax_id, Version transfer_syntax_version)
{
// 8 should be more than enough legs to complete authentication.
int max_legs = _transport_security.AuthenticationType == RpcAuthenticationType.WinNT ? 3 : 8;
int call_id = ++CallId;
int count = 0;
bool alter_context = false;
while (count++ < max_legs)
{
PDUBind bind_pdu = new PDUBind(_max_send_fragment, _max_recv_fragment, alter_context);
bind_pdu.Elements.Add(new ContextElement(interface_id, interface_version, transfer_syntax_id, transfer_syntax_version));
var recv = SendReceivePDU(call_id, bind_pdu, _auth_context.Token.ToArray(), true);
if (recv.Item1 is PDUBindAck bind_ack)
{
if (bind_ack.ResultList.Count != 1 || bind_ack.ResultList[0].Result != PresentationResultType.Acceptance)
{
throw new RpcTransportException($"Bind to {interface_id}:{interface_version} was rejected.");
}
if (!alter_context)
{
// Only capture values from the BindAck.
_max_recv_fragment = bind_ack.MaxRecvFrag;
_max_send_fragment = bind_ack.MaxXmitFrag;
alter_context = true;
}
if (recv.Item2.Data == null || recv.Item2.Data.Length == 0)
{
// No auth, assume success.
break;
}
_auth_context.Continue(new AuthenticationToken(recv.Item2.Data));
if (_auth_context.Done)
{
byte[] token = _auth_context.Token.ToArray();
if (token.Length == 0)
{
break;
}
// If we still have an NTLM token to complete then send as an Auth3 PDU.
if (_transport_security.AuthenticationType == RpcAuthenticationType.WinNT)
{
SendReceivePDU(call_id, new PDUAuth3(), _auth_context.Token.ToArray(), false);
break;
}
}
}
else if (recv.Item1 is PDUBindNack bind_nack)
{
throw new RpcTransportException($"Bind NACK returned with rejection reason {bind_nack.RejectionReason}");
}
else
{
throw new RpcTransportException($"Unexpected {recv.Item1.PDUType} PDU from server.");
}
}
if (!_auth_context.Done)
{
throw new RpcTransportException("Failed to complete the client authentication.");
}
if (_transport_security.AuthenticationType == RpcAuthenticationType.Negotiate)
{
var package_name = _auth_context.PackageName;
_negotiated_auth_type = AuthenticationPackage.CheckKerberos(package_name)
? RpcAuthenticationType.Kerberos : RpcAuthenticationType.WinNT;
}
else
{
_negotiated_auth_type = _transport_security.AuthenticationType;
}
}
