/// <summary> /// Bind SWN to the RPC server. /// </summary> /// <param name="serverName">SWN server name to bind</param> /// <param name="bindCred">Credential to bind SWN server</param> /// <param name="secContext">Security provider for RPC</param> /// <param name="timeout">Timeout for bind and requests</param> /// <param name="authLevel">RPCE authentication level</param> /// <returns>Return true if success, or false for fail</returns> ///<exception cref="ArgumentNullException"> /// Thrown when serverName is null or empty. /// </exception> public bool SwnBind( string serverName, AccountCredential bindCred, ClientSecurityContext secContext, RpceAuthenticationLevel authLevel, TimeSpan timeout) { if (string.IsNullOrEmpty(serverName)) { throw new ArgumentNullException("serverName"); } //Query endpoint on SWN server ushort[] endpoints = SwnUtility.QueryEndpoints(serverName); bool retVal = RpcBind( RpceUtility.RPC_OVER_TCPIP_PROTOCOL_SEQUENCE, serverName, endpoints[0].ToString(), bindCred, secContext, authLevel, timeout); rpceTimeout = timeout; return(retVal); }
public DrsrClientSessionContext BindOverTcp( string serverName, ClientSecurityContext securityContext, RpceAuthenticationLevel authenticationLevel, TimeSpan timeout) { DrsrClientSessionContext clientSessionContext = new DrsrClientSessionContext(); if (serverName == null) { throw new ArgumentNullException("serverName"); } this.rpcAdapter.Bind( RpceUtility.RPC_OVER_TCPIP_PROTOCOL_SEQUENCE, serverName, DrsrUtility.QueryDrsrTcpEndpoint(DrsrRpcInterfaceType.DSAOP, serverName)[0].ToString(), securityContext, authenticationLevel, timeout); clientSessionContext.RPCHandle = rpcAdapter.Handle; return(clientSessionContext); }
/// <summary> /// Bind to DRSR RPC server. /// </summary> /// <param name="protocolSequence"> /// RPC protocol sequence. /// </param> /// <param name="networkAddress"> /// RPC network address. /// </param> /// <param name="endpoint"> /// RPC endpoint. /// </param> /// <param name="securityContext"> /// RPC security provider. /// </param> /// <param name="authenticationLevel"> /// RPC authentication level. /// </param> /// <param name="timeout"> /// Timeout /// </param> public void Bind( string protocolSequence, string networkAddress, string endpoint, ClientSecurityContext securityContext, RpceAuthenticationLevel authenticationLevel, TimeSpan timeout) { if (rpceClientTransport != null) { throw new InvalidOperationException("DRSR has already been bind."); } rpceTimeout = timeout; rpceClientTransport = new RpceClientTransport(); rpceClientTransport.Bind( protocolSequence, networkAddress, endpoint, null, DrsrUtility.DSAOP_RPC_INTERFACE_UUID, DrsrUtility.DSAOP_RPC_INTERFACE_MAJOR_VERSION, DrsrUtility.DSAOP_RPC_INTERFACE_MINOR_VERSION, securityContext, authenticationLevel, false, rpceTimeout); }
/// <summary> /// Connect and bind to a RPCE remote host. /// </summary> /// <param name="protocolSequence"> /// A protocol sequence.<para/> /// Support ncacn_ip_tcp and ncacn_np only. /// </param> /// <param name="networkAddress"> /// A network address of RPCE remote host. /// </param> /// <param name="endpoint"> /// An endpoint that its format and content /// are associated with the protocol sequence. /// </param> /// <param name="transportCredential"> /// If connect by SMB/SMB2, it's the security credential /// used by underlayer transport (SMB/SMB2). /// If connect by TCP, this parameter is ignored. /// </param> /// <param name="interfaceId"> /// A Guid of interface_id that is binding to. /// </param> /// <param name="interfaceMajorVersion"> /// interface_major_ver that is binding to. /// </param> /// <param name="interfaceMinorVersion"> /// interface_minor_ver that is binding to. /// </param> /// <param name="securityContext"> /// A security provider. If setting to null, indicate the default authentication type NTLM is selected. /// </param> /// <param name="authenticationLevel"> /// An authentication level. /// </param> /// <param name="supportsHeaderSign"> /// Indicates whether client supports header sign or not. /// </param> /// <param name="timeout"> /// Timeout period. /// </param> /// <exception cref="ArgumentNullException"> /// Thrown when protSeq, networkAddr or endpoint is null. /// </exception> /// <exception cref="InvalidOperationException"> /// Thrown when receive error from server. /// </exception> public virtual void Bind( string protocolSequence, string networkAddress, string endpoint, AccountCredential transportCredential, Guid interfaceId, ushort interfaceMajorVersion, ushort interfaceMinorVersion, ClientSecurityContext securityContext, RpceAuthenticationLevel authenticationLevel, bool supportsHeaderSign, TimeSpan timeout) { Bind(protocolSequence, networkAddress, endpoint, transportCredential, interfaceId, interfaceMajorVersion, interfaceMinorVersion, securityContext, securityContext, authenticationLevel, supportsHeaderSign, timeout); }
/// <summary> /// RPC bind to interface, using specified endpoint and authenticate provider. /// </summary> /// <param name="protocolSequence"> /// RPC protocol sequence. /// </param> /// <param name="networkAddress"> /// RPC network address. /// </param> /// <param name="endpoint"> /// RPC endpoint. /// </param> /// <param name="transportCred"> /// Credential to bind SWN server /// </param> /// <param name="secContext"> /// RPC security provider. /// </param> /// <param name="authLevel"> /// RPC authentication level. /// </param> /// <param name="timeout"> /// Timeout /// </param> /// <exception cref="InvalidOperationException"> /// Thrown when there's existing connection. /// </exception> private bool RpcBind( string protocolSequence, string networkAddress, string endpoint, AccountCredential transportCred, ClientSecurityContext secContext, RpceAuthenticationLevel authLevel, TimeSpan timeout) { if (rpceClientTransport != null) { throw new InvalidOperationException("Connection has been established"); } rpceTimeout = timeout; rpceClientTransport = new RpceClientTransport(); try { rpceClientTransport.Bind( protocolSequence, networkAddress, endpoint, transportCred, SwnUtility.SWN_INTERFACE_UUID, SwnUtility.SWN_INTERFACE_MAJOR_VERSION, SwnUtility.SWN_INTERFACE_MINOR_VERSION, secContext, authLevel, true, rpceTimeout); } catch (Exception) { rpceClientTransport.Dispose(); rpceClientTransport = null; throw; } return(true); }
/// <summary> /// RPC bind over TCP/IP, using specified endpoint and authenticate provider. /// </summary> /// <param name="serverName">NRPC server machine name.</param> /// <param name="endpoint">RPC endpoints, it's the port on TCP/IP.</param> /// <param name="securityContext"> /// Security provider for RPC. /// Set the value to null to disable authentication. /// </param> /// <param name="timeout">Timeout for bind and all future requests.</param> /// <exception cref="ArgumentNullException"> /// Thrown when serverName is null. /// </exception> public void BindOverTcp( string serverName, ushort endpoint, ClientSecurityContext securityContext, TimeSpan timeout) { if (serverName == null) { throw new ArgumentNullException("serverName"); } this.nrpcSecurityContext = securityContext as NrpcCustomClientSecurityContext; if (this.nrpcSecurityContext != null) { this.context = new NrpcCustomClientContext(this.nrpcSecurityContext.Context); } RpceAuthenticationLevel level = securityContext == null ? RpceAuthenticationLevel.RPC_C_AUTHN_LEVEL_NONE : (this.context.SealSecureChannel ? RpceAuthenticationLevel.RPC_C_AUTHN_LEVEL_PKT_PRIVACY : RpceAuthenticationLevel.RPC_C_AUTHN_LEVEL_PKT_INTEGRITY); this.customRpc.Bind( RpceUtility.RPC_OVER_TCPIP_PROTOCOL_SEQUENCE, serverName, endpoint.ToString(CultureInfo.InvariantCulture), null, securityContext, level, timeout); this.context.PrimaryName = serverName; NrpcCustomRpcAdapter nrpcRpcAdapter = this.customRpc as NrpcCustomRpcAdapter; if (nrpcRpcAdapter != null) { this.context.RpceTransportContext = nrpcRpcAdapter.RpceClientTransport.Context; } }
public DrsrClientSessionContext BindOverTcp( string serverName, string servicePrincipalName, Guid?clientGuid, String protocolSequence, String endPoint, String networkOptions, ClientSecurityContext securityContext, RpceAuthenticationLevel authenticationLevel, TimeSpan timeout) { DrsrClientSessionContext clientSessionContext = new DrsrClientSessionContext(); uint endpoint; endpoint = Convert.ToUInt16(this.InquiryAdldsDynamicPort(servicePrincipalName, clientGuid, protocolSequence, serverName, endPoint, networkOptions)); if (serverName == null) { throw new ArgumentNullException("serverName"); } if (servicePrincipalName == null) { throw new ArgumentNullException("servicePrincipalName"); } this.rpcAdapter.Bind( RpceUtility.RPC_OVER_TCPIP_PROTOCOL_SEQUENCE, serverName, endpoint.ToString(), securityContext, authenticationLevel, timeout); clientSessionContext.RPCHandle = rpcAdapter.Handle; return(clientSessionContext); }
/// <summary> /// RPC bind over named pipe, using well-known endpoint "\PIPE\NETLOGON". /// </summary> /// <param name="serverName">NRPC server machine name.</param> /// <param name="transportCredential"> /// If connect by SMB/SMB2, it's the security credential /// used by underlayer transport (SMB/SMB2). /// If connect by TCP, this parameter is ignored. /// </param> /// <param name="securityContext"> /// Security provider for RPC. /// Set the value to null to disable authentication. /// </param> /// <param name="timeout">Timeout for bind and all future requests.</param> /// <exception cref="ArgumentNullException"> /// Thrown when serverName is null. /// </exception> public void BindOverNamedPipe( string serverName, AccountCredential transportCredential, ClientSecurityContext securityContext, TimeSpan timeout) { if (serverName == null) { throw new ArgumentNullException("serverName"); } this.nrpcSecurityContext = securityContext as NrpcCustomClientSecurityContext; if (this.nrpcSecurityContext != null) { this.context = new NrpcCustomClientContext(this.nrpcSecurityContext.Context); } RpceAuthenticationLevel level = securityContext == null ? RpceAuthenticationLevel.RPC_C_AUTHN_LEVEL_NONE : (this.context.SealSecureChannel ? RpceAuthenticationLevel.RPC_C_AUTHN_LEVEL_PKT_PRIVACY : RpceAuthenticationLevel.RPC_C_AUTHN_LEVEL_PKT_INTEGRITY); this.customRpc.Bind( RpceUtility.RPC_OVER_NAMED_PIPE_PROTOCOL_SEQUENCE, serverName, NrpcUtility.NETLOGON_RPC_OVER_NP_WELLKNOWN_ENDPOINT, transportCredential, securityContext, level, timeout); this.context.PrimaryName = serverName; NrpcCustomRpcAdapter nrpcRpcAdapter = this.customRpc as NrpcCustomRpcAdapter; if (nrpcRpcAdapter != null) { this.context.RpceTransportContext = nrpcRpcAdapter.RpceClientTransport.Context; } }
/// <summary> /// RPC bind to interface, using specified endpoint and authenticate provider. /// </summary> /// <param name="protocolSequence">RPC protocol sequence.</param> /// <param name="networkAddress">RPC network address.</param> /// <param name="endpoint">RPC endpoint.</param> /// <param name="transportCredential"> /// If connect by SMB/SMB2, it's the security credential /// used by underlayer transport (SMB/SMB2). /// If connect by TCP, this parameter is ignored. /// </param> /// <param name="securityContext">RPC security provider.</param> /// <param name="authenticationLevel">RPC authentication level.</param> /// <param name="timeout">Timeout for bind and all future requests.</param> /// <exception cref="InvalidOperationException"> /// Thrown when rpceClientTransport is not null. /// </exception> public void Bind( string protocolSequence, string networkAddress, string endpoint, AccountCredential transportCredential, ClientSecurityContext securityContext, RpceAuthenticationLevel authenticationLevel, TimeSpan timeout) { if (rpceClientTransport != null) { throw new InvalidOperationException("FSRVP has already been bind."); } rpceTimeout = timeout; rpceClientTransport = new RpceClientTransport(); try { rpceClientTransport.Bind( protocolSequence, networkAddress, endpoint, transportCredential, FsrvpUtility.FSRVP_INTERFACE_UUID, FsrvpUtility.FSRVP_INTERFACE_MAJOR_VERSION, FsrvpUtility.FSRVP_INTERFACE_MINOR_VERSION, securityContext, authenticationLevel, true, rpceTimeout); } catch { rpceClientTransport = null; throw; } }
/// <summary> /// Create an instance of auth_verifier_co_t. /// </summary> /// <param name="packetType">PTYPE</param> /// <param name="stubLength">stub length</param> /// <param name="securityContext">security context</param> /// <param name="type">auth_type</param> /// <param name="level">auth_level</param> /// <param name="contextId">auth_context_id</param> /// <returns>an auth_verifier_co_t instance.</returns> internal static auth_verifier_co_t?AuthVerifierCreateInstance( RpcePacketType packetType, int stubLength, SecurityContext securityContext, RpceAuthenticationType type, RpceAuthenticationLevel level, uint contextId) { if (type == RpceAuthenticationType.RPC_C_AUTHN_NONE || level == RpceAuthenticationLevel.RPC_C_AUTHN_LEVEL_NONE) { return(null); } if (level <= RpceAuthenticationLevel.RPC_C_AUTHN_LEVEL_CONNECT) { if (packetType != RpcePacketType.Bind && packetType != RpcePacketType.BindAck && packetType != RpcePacketType.BindNak && packetType != RpcePacketType.AlterContext && packetType != RpcePacketType.AlterContextResp && packetType != RpcePacketType.Auth3) { return(null); } } //The authentication verifier is never present in bind_nak and shutdown PDUs if (packetType == RpcePacketType.BindNak || packetType == RpcePacketType.Shutdown) { return(null); } auth_verifier_co_t authVerifier = new auth_verifier_co_t(); //The sec_trailer structure MUST be 4-byte aligned with respect //to the beginning of the PDU. Padding octets MUST be used to //align the sec_trailer structure if its natural beginning is not //already 4-byte aligned. authVerifier.auth_pad_length = (byte)(Align(stubLength, STUB_PAD_LENGTH) - stubLength); authVerifier.auth_pad = new byte[authVerifier.auth_pad_length]; authVerifier.auth_type = (byte)type; authVerifier.auth_level = (byte)level; authVerifier.auth_reserved = 0; authVerifier.auth_context_id = contextId; if (securityContext != null) { if (packetType == RpcePacketType.Bind || packetType == RpcePacketType.BindAck || packetType == RpcePacketType.AlterContext || packetType == RpcePacketType.AlterContextResp || packetType == RpcePacketType.Auth3) { authVerifier.auth_value = securityContext.Token; } else if (level == RpceAuthenticationLevel.RPC_C_AUTHN_LEVEL_PKT_PRIVACY) { int authValueSize = Align( (int)securityContext.ContextSizes.SecurityTrailerSize, STUB_PAD_LENGTH); authVerifier.auth_value = new byte[authValueSize]; } else { // level == RpceAuthenticationLevel.RPC_C_AUTHN_LEVEL_PKT_INTEGRITY || // level == RpceAuthenticationLevel.RPC_C_AUTHN_LEVEL_PKT || // level == RpceAuthenticationLevel.RPC_C_AUTHN_LEVEL_CALL int authValueSize = Align( (int)securityContext.ContextSizes.MaxSignatureSize, STUB_PAD_LENGTH); authVerifier.auth_value = new byte[authValueSize]; } } return(authVerifier); }
/// <summary> /// Connect and bind to a RPCE remote host. /// </summary> /// <param name="protocolSequence"> /// A protocol sequence.<para/> /// Support ncacn_ip_tcp and ncacn_np only. /// </param> /// <param name="networkAddress"> /// A network address of RPCE remote host. /// </param> /// <param name="endpoint"> /// An endpoint that its format and content /// are associated with the protocol sequence. /// </param> /// <param name="transportCredential"> /// If connect by SMB/SMB2, it's the security credential /// used by underlayer transport (SMB/SMB2). /// If connect by TCP, this parameter is ignored. /// </param> /// <param name="interfaceId"> /// A Guid of interface_id that is binding to. /// </param> /// <param name="interfaceMajorVersion"> /// interface_major_ver that is binding to. /// </param> /// <param name="interfaceMinorVersion"> /// interface_minor_ver that is binding to. /// </param> /// <param name="securityContext"> /// A security provider. If setting to null, indicate the default authentication type NTLM is selected. /// </param> /// <param name="connectSecurityContext"> /// A security provider for connect authentication. If setting to null, indicate the default authentication type NTLM is selected. /// </param> /// <param name="authenticationLevel"> /// An authentication level. /// </param> /// <param name="supportsHeaderSign"> /// Indicates whether client supports header sign or not. /// </param> /// <param name="timeout"> /// Timeout period. /// </param> /// <exception cref="ArgumentNullException"> /// Thrown when protSeq, networkAddr or endpoint is null. /// </exception> /// <exception cref="InvalidOperationException"> /// Thrown when receive error from server. /// </exception> public virtual void Bind( string protocolSequence, string networkAddress, string endpoint, AccountCredential transportCredential, Guid interfaceId, ushort interfaceMajorVersion, ushort interfaceMinorVersion, ClientSecurityContext securityContext, ClientSecurityContext connectSecurityContext, RpceAuthenticationLevel authenticationLevel, bool supportsHeaderSign, TimeSpan timeout) { if (protocolSequence == null) { throw new ArgumentNullException("protocolSequence"); } if (networkAddress == null) { throw new ArgumentNullException("networkAddress"); } if (endpoint == null) { throw new ArgumentNullException("endpoint"); } // RPC over named-pipe does not support asynchronous call in this library. // http://msdn.microsoft.com/en-us/library/windows/desktop/aa373551(v=vs.85).aspx rpceClient.Context.IsAsynchronous = (string.Compare(protocolSequence, RpceUtility.RPC_OVER_NAMED_PIPE_PROTOCOL_SEQUENCE, true) != 0); rpceClient.Connect(protocolSequence, networkAddress, endpoint, transportCredential, timeout, connectSecurityContext == null ? SecurityPackageType.Ntlm : connectSecurityContext.PackageType); rpceClient.SetAuthInfo(securityContext, authenticationLevel, rpceClient.Context.AuthenticationContextId); RpceCoBindPdu bindPdu = rpceClient.CreateCoBindPdu( //read from context, donot hardcode. rpceClient.Context.RpcVersionMinor, // default is rpc vers 5.0 supportsHeaderSign ? RpceCoPfcFlags.PFC_SUPPORT_HEADER_SIGN : RpceCoPfcFlags.None, rpceClient.ComputeNextCallId(), // call id, default is 1 rpceClient.Context.MaxTransmitFragmentSize, // max xmit frag rpceClient.Context.MaxReceiveFragmentSize, // max recv frag rpceClient.Context.AssociateGroupId, // assoc group id, default 0 interfaceId, interfaceMajorVersion, interfaceMinorVersion, rpceClient.Context.NdrVersion, // default is NDR (rpceClient.Context.BindTimeFeatureNegotiationBitmask != RpceBindTimeFeatureNegotiationBitmask.None) // default is None ? (RpceBindTimeFeatureNegotiationBitmask?)rpceClient.Context.BindTimeFeatureNegotiationBitmask : null); FragmentAndSendPdu(bindPdu); RpcePdu receivedPdu = ReceiveAndReassemblePdu(timeout); if (receivedPdu is RpceCoBindAckPdu) { if (rpceClient.Context.NdrVersion == RpceNdrVersion.None) { throw new InvalidOperationException("Neither NDR nor NDR64 is supported."); } } else { RpceCoBindNakPdu bindNakPdu = receivedPdu as RpceCoBindNakPdu; if (bindNakPdu != null) { throw new InvalidOperationException(bindNakPdu.provider_reject_reason.ToString()); } else { throw new InvalidOperationException( string.Format("Unexpected packet type received - {0}.", receivedPdu.GetType().Name)); } } while (rpceClient.Context.SecurityContext != null && rpceClient.Context.SecurityContext.NeedContinueProcessing) { RpceCoAlterContextPdu alterContextPdu = rpceClient.CreateCoAlterContextPdu(); FragmentAndSendPdu(alterContextPdu); receivedPdu = ReceiveAndReassemblePdu(timeout); RpceCoFaultPdu faultPdu = receivedPdu as RpceCoFaultPdu; if (faultPdu != null) { throw new InvalidOperationException(faultPdu.status.ToString()); } if (!(receivedPdu is RpceCoAlterContextRespPdu)) { throw new InvalidOperationException("Expect alter_context_pdu, but received others."); } } if (rpceClient.Context.SecurityContext != null && rpceClient.Context.SecurityContext.Token != null && rpceClient.Context.SecurityContext.Token.Length != 0) { RpceCoAuth3Pdu auth3Pdu = rpceClient.CreateCoAuth3Pdu(); FragmentAndSendPdu(auth3Pdu); // no expected response from server rpceClient.Context.OutstandingCalls.Remove(auth3Pdu.call_id); } if (rpceClient.Context.IsAsynchronous) { // Start the receiving thread to receive the response from server. receiveThread = new Thread(new ThreadStart(EventLoop)); receiveThread.IsBackground = true; receiveThread.Start(); } }
/// <summary> /// Bind RPC server. /// </summary> /// <param name="swnClient">SWN rpc client</param> /// <param name="networkAddress">RPC network address</param> /// <param name="domainName">Domain name</param> /// <param name="userName">User name</param> /// <param name="password">Password</param> /// <param name="securityPackage">Security package</param> /// <param name="authLevel">Authentication level</param> /// <param name="timeout">Timeout</param> /// <param name="serverComputerName">ServerComputerName</param> /// <returns>Return true if success, otherwise return false</returns> public static bool BindServer(SwnClient swnClient, IPAddress networkAddress, string domainName, string userName, string password, SecurityPackageType securityPackage, RpceAuthenticationLevel authLevel, TimeSpan timeout,string serverComputerName = null) { AccountCredential accountCredential = new AccountCredential(domainName, userName, password); string cifsServicePrincipalName = string.Empty; if (!string.IsNullOrEmpty(serverComputerName)) { cifsServicePrincipalName = "cifs/" + serverComputerName; } else { IPHostEntry hostEntry = null; try { hostEntry = Dns.GetHostEntry(networkAddress); } catch (Exception ex) { throw new Exception(string.Format("Failed to resolve network address {0} with exception: {1}", networkAddress.ToString(), ex.Message)); } if (hostEntry != null && !string.IsNullOrEmpty(hostEntry.HostName)) { cifsServicePrincipalName = "cifs/" + hostEntry.HostName; } else { throw new Exception("Failed to get HostName from network address " + networkAddress.ToString()); } } ClientSecurityContext securityContext = new SspiClientSecurityContext( securityPackage, accountCredential, cifsServicePrincipalName, ClientSecurityContextAttribute.Connection | ClientSecurityContextAttribute.DceStyle | ClientSecurityContextAttribute.Integrity | ClientSecurityContextAttribute.ReplayDetect | ClientSecurityContextAttribute.SequenceDetect | ClientSecurityContextAttribute.UseSessionKey, SecurityTargetDataRepresentation.SecurityNativeDrep); try { //Bind BaseTestSite.Log.Add(LogEntryKind.Debug, "Start to Bind RPC to {0}.", networkAddress.ToString()); swnClient.SwnBind(networkAddress.ToString(), accountCredential, securityContext, authLevel, timeout); } catch (Exception ex) { BaseTestSite.Log.Add(LogEntryKind.Debug, "Bind server {0} failed. Exception: {1}", networkAddress.ToString(), ex.Message); swnClient.SwnUnbind(timeout); return false; } BaseTestSite.Log.Add(LogEntryKind.Debug, "Bind server {0} successfully.", networkAddress.ToString()); return true; }
/// <summary> /// Bind to SAMR RPC server. /// </summary> /// <param name="protocolSequence"> /// RPC protocol sequence. /// </param> /// <param name="networkAddress"> /// RPC network address. /// </param> /// <param name="endpoint"> /// RPC endpoint. /// </param> /// <param name="transportCredential"> /// If connect by SMB/SMB2, it's the security credential /// used by under layer transport (SMB/SMB2). /// If connect by TCP, this parameter is ignored. /// </param> /// <param name="securityContext"> /// RPC security provider. /// </param> /// <param name="authenticationLevel"> /// RPC authentication level. /// </param> /// <param name="timeout"> /// Timeout /// </param> public void Bind( string protocolSequence, string networkAddress, string endpoint, AccountCredential transportCredential, ClientSecurityContext securityContext, RpceAuthenticationLevel authenticationLevel, TimeSpan timeout) { if (rpceClientTransport != null) { throw new InvalidOperationException("SAMR has already been binded."); } rpceTimeout = timeout; rpceClientTransport = new RpceClientTransport(); rpceClientTransport.Bind( protocolSequence, networkAddress, endpoint, transportCredential, SamrUtility.SAMR_RPC_INTERFACE_UUID, SamrUtility.SAMR_RPC_INTERFACE_MAJOR_VERSION, SamrUtility.SAMR_RPC_INTERFACE_MINOR_VERSION, securityContext, authenticationLevel, false, rpceTimeout); }
/// <summary> /// Connect and bind to a RPCE remote host. /// </summary> /// <param name="protocolSequence"> /// A protocol sequence.<para/> /// Support ncacn_ip_tcp and ncacn_np only. /// </param> /// <param name="networkAddress"> /// A network address of RPCE remote host. /// </param> /// <param name="endpoint"> /// An endpoint that its format and content /// are associated with the protocol sequence. /// </param> /// <param name="transportCredential"> /// If connect by SMB/SMB2, it's the security credential /// used by underlayer transport (SMB/SMB2). /// If connect by TCP, this parameter is ignored. /// </param> /// <param name="interfaceId"> /// A Guid of interface_id that is binding to. /// </param> /// <param name="interfaceMajorVersion"> /// interface_major_ver that is binding to. /// </param> /// <param name="interfaceMinorVersion"> /// interface_minor_ver that is binding to. /// </param> /// <param name="securityContext"> /// A security provider. If setting to null, indicate the default authentication type NTLM is selected. /// </param> /// <param name="connectSecurityContext"> /// A security provider for connect authentication. If setting to null, indicate the default authentication type NTLM is selected. /// </param> /// <param name="authenticationLevel"> /// An authentication level. /// </param> /// <param name="supportsHeaderSign"> /// Indicates whether client supports header sign or not. /// </param> /// <param name="timeout"> /// Timeout period. /// </param> /// <exception cref="ArgumentNullException"> /// Thrown when protSeq, networkAddr or endpoint is null. /// </exception> /// <exception cref="InvalidOperationException"> /// Thrown when receive error from server. /// </exception> public virtual void Bind( string protocolSequence, string networkAddress, string endpoint, AccountCredential transportCredential, Guid interfaceId, ushort interfaceMajorVersion, ushort interfaceMinorVersion, ClientSecurityContext securityContext, ClientSecurityContext connectSecurityContext, RpceAuthenticationLevel authenticationLevel, bool supportsHeaderSign, TimeSpan timeout) { if (protocolSequence == null) { throw new ArgumentNullException("protocolSequence"); } if (networkAddress == null) { throw new ArgumentNullException("networkAddress"); } if (endpoint == null) { throw new ArgumentNullException("endpoint"); } // RPC over named-pipe does not support asynchronous call in this library. // http://msdn.microsoft.com/en-us/library/windows/desktop/aa373551(v=vs.85).aspx rpceClient.Context.IsAsynchronous = (string.Compare(protocolSequence, RpceUtility.RPC_OVER_NAMED_PIPE_PROTOCOL_SEQUENCE, true) != 0); rpceClient.Connect(protocolSequence, networkAddress, endpoint, transportCredential, timeout, connectSecurityContext == null ? SecurityPackageType.Ntlm : connectSecurityContext.PackageType); rpceClient.SetAuthInfo(securityContext, authenticationLevel, rpceClient.Context.AuthenticationContextId); RpceCoBindPdu bindPdu = rpceClient.CreateCoBindPdu( //read from context, donot hardcode. rpceClient.Context.RpcVersionMinor, // default is rpc vers 5.0 supportsHeaderSign ? RpceCoPfcFlags.PFC_SUPPORT_HEADER_SIGN : RpceCoPfcFlags.None, rpceClient.ComputeNextCallId(), // call id, default is 1 rpceClient.Context.MaxTransmitFragmentSize, // max xmit frag rpceClient.Context.MaxReceiveFragmentSize, // max recv frag rpceClient.Context.AssociateGroupId, // assoc group id, default 0 interfaceId, interfaceMajorVersion, interfaceMinorVersion, rpceClient.Context.NdrVersion, // default is NDR (rpceClient.Context.BindTimeFeatureNegotiationBitmask != RpceBindTimeFeatureNegotiationBitmask.None) // default is None ? (RpceBindTimeFeatureNegotiationBitmask?)rpceClient.Context.BindTimeFeatureNegotiationBitmask : null); FragmentAndSendPdu(bindPdu); RpcePdu receivedPdu = ReceiveAndReassemblePdu(timeout); if (receivedPdu is RpceCoBindAckPdu) { if (rpceClient.Context.NdrVersion == RpceNdrVersion.None) { throw new InvalidOperationException("Neither NDR nor NDR64 is supported."); } } else { RpceCoBindNakPdu bindNakPdu = receivedPdu as RpceCoBindNakPdu; if (bindNakPdu != null) { throw new InvalidOperationException(bindNakPdu.provider_reject_reason.ToString()); } else { throw new InvalidOperationException( string.Format("Unexpected packet type received - {0}.", receivedPdu.GetType().Name)); } } while (rpceClient.Context.SecurityContext != null && rpceClient.Context.SecurityContext.NeedContinueProcessing) { RpceCoAlterContextPdu alterContextPdu = rpceClient.CreateCoAlterContextPdu(); FragmentAndSendPdu(alterContextPdu); receivedPdu = ReceiveAndReassemblePdu(timeout); RpceCoFaultPdu faultPdu = receivedPdu as RpceCoFaultPdu; if (faultPdu != null) { throw new InvalidOperationException(faultPdu.status.ToString()); } if (!(receivedPdu is RpceCoAlterContextRespPdu)) { throw new InvalidOperationException("Expect alter_context_pdu, but received others."); } } if (rpceClient.Context.SecurityContext != null && rpceClient.Context.SecurityContext.Token != null && rpceClient.Context.SecurityContext.Token.Length != 0) { RpceCoAuth3Pdu auth3Pdu = rpceClient.CreateCoAuth3Pdu(); FragmentAndSendPdu(auth3Pdu); // no expected response from server rpceClient.Context.OutstandingCalls.Remove(auth3Pdu.call_id); } if (rpceClient.Context.IsAsynchronous) { // Start the receiving thread to receive the response from server. cancellationToken = new CancellationTokenSource(); receiveTask = new Task(EventLoop, cancellationToken.Token); //new Thread(new ThreadStart(EventLoop)); //receiveThread.IsBackground = true; receiveTask.Start(); } }
/// <summary> /// Bind RPC server. /// </summary> /// <param name="swnClient">SWN rpc client</param> /// <param name="networkAddress">RPC network address</param> /// <param name="domainName">Domain name</param> /// <param name="userName">User name</param> /// <param name="password">Password</param> /// <param name="securityPackage">Security package</param> /// <param name="authLevel">Authentication level</param> /// <param name="timeout">Timeout</param> /// <param name="serverComputerName">ServerComputerName</param> /// <returns>Return true if success, otherwise return false</returns> public static bool BindServer(SwnClient swnClient, IPAddress networkAddress, string domainName, string userName, string password, SecurityPackageType securityPackage, RpceAuthenticationLevel authLevel, TimeSpan timeout, string serverComputerName = null) { AccountCredential accountCredential = new AccountCredential(domainName, userName, password); string cifsServicePrincipalName = string.Empty; if (!string.IsNullOrEmpty(serverComputerName)) { cifsServicePrincipalName = "cifs/" + serverComputerName; } else { IPHostEntry hostEntry = null; try { hostEntry = Dns.GetHostEntry(networkAddress); } catch (Exception ex) { throw new Exception(string.Format("Failed to resolve network address {0} with exception: {1}", networkAddress.ToString(), ex.Message)); } if (hostEntry != null && !string.IsNullOrEmpty(hostEntry.HostName)) { cifsServicePrincipalName = "cifs/" + hostEntry.HostName; } else { throw new Exception("Failed to get HostName from network address " + networkAddress.ToString()); } } ClientSecurityContext securityContext = new SspiClientSecurityContext( securityPackage, accountCredential, cifsServicePrincipalName, ClientSecurityContextAttribute.Connection | ClientSecurityContextAttribute.DceStyle | ClientSecurityContextAttribute.Integrity | ClientSecurityContextAttribute.ReplayDetect | ClientSecurityContextAttribute.SequenceDetect | ClientSecurityContextAttribute.UseSessionKey, SecurityTargetDataRepresentation.SecurityNativeDrep); try { //Bind BaseTestSite.Log.Add(LogEntryKind.Debug, "Start to Bind RPC to {0}.", networkAddress.ToString()); swnClient.SwnBind(networkAddress.ToString(), accountCredential, securityContext, authLevel, timeout); } catch (Exception ex) { BaseTestSite.Log.Add(LogEntryKind.Debug, "Bind server {0} failed. Exception: {1}", networkAddress.ToString(), ex.Message); swnClient.SwnUnbind(timeout); return(false); } BaseTestSite.Log.Add(LogEntryKind.Debug, "Bind server {0} successfully.", networkAddress.ToString()); return(true); }
/// <summary> /// RPC bind to interface, using specified endpoint and authenticate provider. /// </summary> /// <param name="protocolSequence"> /// RPC protocol sequence. /// </param> /// <param name="networkAddress"> /// RPC network address. /// </param> /// <param name="endpoint"> /// RPC endpoint. /// </param> /// <param name="transportCred"> /// Credential to bind SWN server /// </param> /// <param name="secContext"> /// RPC security provider. /// </param> /// <param name="authLevel"> /// RPC authentication level. /// </param> /// <param name="timeout"> /// Timeout /// </param> /// <exception cref="InvalidOperationException"> /// Thrown when there's existing connection. /// </exception> private bool RpcBind( string protocolSequence, string networkAddress, string endpoint, AccountCredential transportCred, ClientSecurityContext secContext, RpceAuthenticationLevel authLevel, TimeSpan timeout) { if (rpceClientTransport != null) { throw new InvalidOperationException("Connection has been established"); } rpceTimeout = timeout; rpceClientTransport = new RpceClientTransport(); try { rpceClientTransport.Bind( protocolSequence, networkAddress, endpoint, transportCred, SwnUtility.SWN_INTERFACE_UUID, SwnUtility.SWN_INTERFACE_MAJOR_VERSION, SwnUtility.SWN_INTERFACE_MINOR_VERSION, secContext, authLevel, true, rpceTimeout); } catch (Exception) { rpceClientTransport.Dispose(); rpceClientTransport = null; throw; } return true; }
/// <summary> /// Set the security provider and authentication level of the RPCE connection. /// </summary> /// <param name="securityContext"> /// A security provider. /// </param> /// <param name="authenticationLevel"> /// An authentication level. /// </param> /// <param name="authenticationContextId"> /// Authentication context id, can be any value, /// but must be different in different security context. /// </param> /// <exception cref="ArgumentException"> /// Thrown when securityProvider is null but authenticationLevel is not NONE. /// </exception> /// <exception cref="NotSupportedException"> /// Thrown when securityProvider is not supported. /// </exception> public void SetAuthInfo( ClientSecurityContext securityContext, RpceAuthenticationLevel authenticationLevel, uint authenticationContextId) { if (securityContext == null) { if (authenticationLevel != RpceAuthenticationLevel.RPC_C_AUTHN_LEVEL_NONE) { throw new ArgumentException( "auth_level must set to NONE when securityProvider is null", "authenticationLevel"); } context.AuthenticationType = RpceAuthenticationType.RPC_C_AUTHN_NONE; } else { securityContext.Initialize(null); switch (securityContext.PackageType) { case SecurityPackageType.Kerberos: context.AuthenticationType = RpceAuthenticationType.RPC_C_AUTHN_GSS_KERBEROS; break; case SecurityPackageType.Ntlm: context.AuthenticationType = RpceAuthenticationType.RPC_C_AUTHN_WINNT; break; case SecurityPackageType.Negotiate: context.AuthenticationType = RpceAuthenticationType.RPC_C_AUTHN_GSS_NEGOTIATE; break; case SecurityPackageType.NetLogon: context.AuthenticationType = RpceAuthenticationType.RPC_C_AUTHN_NETLOGON; break; default: throw new NotSupportedException("Specified SSPI is not supported."); } } context.SecurityContext = securityContext; context.AuthenticationLevel = authenticationLevel; context.AuthenticationContextId = authenticationContextId; }
/// <summary> /// Bind to SAMR RPC server. /// </summary> /// <param name="protocolSequence"> /// RPC protocol sequence. /// </param> /// <param name="networkAddress"> /// RPC network address. /// </param> /// <param name="endpoint"> /// RPC endpoint. /// </param> /// <param name="transportCredential"> /// If connect by SMB/SMB2, it's the security credential /// used by under layer transport (SMB/SMB2). /// If connect by TCP, this parameter is ignored. /// </param> /// <param name="securityContext"> /// RPC security provider. /// </param> /// <param name="authenticationLevel"> /// RPC authentication level. /// </param> /// <param name="timeout"> /// Timeout /// </param> public void Bind( string protocolSequence, string networkAddress, string endpoint, AccountCredential transportCredential, ClientSecurityContext securityContext, RpceAuthenticationLevel authenticationLevel, TimeSpan timeout) { rpc.Bind(protocolSequence, networkAddress, endpoint, transportCredential, securityContext, authenticationLevel, timeout); }
/// <summary> /// Bind SWN to the RPC server. /// </summary> /// <param name="serverName">SWN server name to bind</param> /// <param name="bindCred">Credential to bind SWN server</param> /// <param name="secContext">Security provider for RPC</param> /// <param name="timeout">Timeout for bind and requests</param> /// <param name="authLevel">RPCE authentication level</param> /// <returns>Return true if success, or false for fail</returns> ///<exception cref="ArgumentNullException"> /// Thrown when serverName is null or empty. /// </exception> public bool SwnBind( string serverName, AccountCredential bindCred, ClientSecurityContext secContext, RpceAuthenticationLevel authLevel, TimeSpan timeout) { if (string.IsNullOrEmpty(serverName)) { throw new ArgumentNullException("serverName"); } //Query endpoint on SWN server ushort[] endpoints = SwnUtility.QueryEndpoints(serverName); bool retVal = RpcBind( RpceUtility.RPC_OVER_TCPIP_PROTOCOL_SEQUENCE, serverName, endpoints[0].ToString(), bindCred, secContext, authLevel, timeout); rpceTimeout = timeout; return retVal; }