/// <summary> /// Initialize an instance of NrpcClientSecurityContext class. /// By calling this constructor, the class will setup a new secure /// channel between client and server. /// </summary> /// <param name="domainName"> /// The NRPC domain name. /// </param> /// <param name="serverName"> /// The NRPC server name. /// </param> /// <param name="credential"> /// The credential to setup the secure channel. /// </param> /// <param name="requestConfidentiality"> /// A Boolean setting that indicates that the caller is requiring /// encryption of messages so that they cannot be read while in transit. /// Requesting this service results in Netlogon encrypting the message. /// </param> /// <param name="clientCapabilities"> /// The client capability. /// </param> /// <exception cref="ArgumentNullException"> /// Thrown when domainName, serverName or credential is null. /// </exception> public NrpcClientSecurityContext( string domainName, string serverName, MachineAccountCredential credential, bool requestConfidentiality, NrpcNegotiateFlags clientCapabilities) { if (string.IsNullOrWhiteSpace(domainName)) { throw new ArgumentNullException("domainName cannot be null or empty"); } if (string.IsNullOrWhiteSpace(serverName)) { throw new ArgumentNullException("serverName cannot be null or empty"); } if (credential == null) { throw new ArgumentNullException("credential cannot be null"); } this.nrpc = NrpcClient.CreateNrpcClient(domainName); this.nrpc.Context.PrimaryName = serverName; this.nrpc.Context.SealSecureChannel = requestConfidentiality; this.nrpc.Context.NegotiateFlags = clientCapabilities; this.credential = credential; this.secureChannelType = _NETLOGON_SECURE_CHANNEL_TYPE.WorkstationSecureChannel; }
/// <summary> /// Call to this method establishes a secure channel between protocol client and /// protocol server and generates a session key, ehich is used for encryption of /// request packets and decryption of response packets. /// </summary> private void EstablishSecureChannel() { nrpcClient = NrpcClient.CreateNrpcClient(sutDomainName); ushort[] endPointList = NrpcUtility.QueryNrpcTcpEndpoint(serverName); ushort endPoint = endPointList[0]; MachineAccountCredential machineCredential = new MachineAccountCredential( sutDomainName, clientComputerName, clientComputerPassword); nrpcClient.Context.NegotiateFlags = NrpcNegotiateFlags.SupportsAESAndSHA2 | NrpcNegotiateFlags.SupportsConcurrentRpcCalls | NrpcNegotiateFlags.SupportsCrossForestTrusts | NrpcNegotiateFlags.SupportsGenericPassThroughAuthentication | NrpcNegotiateFlags.SupportsNetrLogonGetDomainInfo | NrpcNegotiateFlags.SupportsNetrLogonSendToSam | NrpcNegotiateFlags.SupportsNetrServerPasswordSet2 | NrpcNegotiateFlags.SupportsRC4 | NrpcNegotiateFlags.SupportsRefusePasswordChange | NrpcNegotiateFlags.SupportsRodcPassThroughToDifferentDomains | NrpcNegotiateFlags.SupportsSecureRpc | NrpcNegotiateFlags.SupportsStrongKeys | NrpcNegotiateFlags.SupportsTransitiveTrusts; NrpcClientSecurityContext securityContext = new NrpcClientSecurityContext( sutDomainName, sutComputerName, machineCredential, true, nrpcClient.Context.NegotiateFlags); nrpcClient.BindOverTcp(serverName, endPoint, securityContext, timeout); }
/// <summary> /// This method is used to reset the adapter. /// </summary> public override void Reset() { base.Reset(); if (this.nrpcClient != null) { this.nrpcClient.Dispose(); this.nrpcClient = null; } }
/// <summary> /// Cleans up the test suite. /// </summary> protected override void TestCleanup() { base.TestCleanup(); if (null != this.nrpcClient) { this.nrpcClient.Dispose(); } NrpcClient.CleanAll(); }
/// <summary> /// This method is used to implement clean-up codes. /// </summary> /// <param name="disposing">Set TRUE to dispose resource, otherwise set FALSE</param> protected override void Dispose(bool disposing) { if (disposing) { if (this.nrpcClient != null) { this.nrpcClient.Dispose(); this.nrpcClient = null; } } }
/// <summary> /// Dispose method. /// </summary> /// <param name="disposing"> /// True to release both managed and unmanaged resources.<para/> /// False to release unmanaged resources only. /// </param> protected virtual void Dispose(bool disposing) { if (disposing) { // Release managed resources. if (nrpc != null) { nrpc.Dispose(); nrpc = null; } } // Release unmanaged resources. }
public void NRPC_Traditional05_VerifyOutOfSequenceMessage() { PlatformType platform; HRESULT result = HRESULT.ERROR_SUCCESS; Site.Log.Add(LogEntryKind.Comment, "Call GetPlatform"); nrpcServerAdapter.GetPlatform(out platform); Site.Log.Add(LogEntryKind.Comment, "Return GetPlatform(out {0})", platform); Site.Log.Add(LogEntryKind.Comment, "Call ConfigServer"); nrpcServerSutControlAdapter.ConfigServer(true, false); Site.Log.Add(LogEntryKind.Comment, "Return ConfigServer"); NrpcServerAdapter adapter = new NrpcServerAdapter(); adapter.Initialize(Site); using (this.nrpcClient = NrpcClient.CreateNrpcClient(adapter.PrimaryDomainDnsName)) { this.nrpcClient.Context.NegotiateFlags = (NrpcNegotiateFlags)NrpcServerAdapter.NegotiateFlags; MachineAccountCredential machineCredential = new MachineAccountCredential( adapter.PrimaryDomainDnsName, adapter.ENDPOINTNetbiosName, adapter.ENDPOINTPassword); NrpcClientSecurityContext secuContext = new NrpcClientSecurityContext( adapter.PrimaryDomainDnsName, adapter.PDCNetbiosName, machineCredential, true, this.nrpcClient.Context.NegotiateFlags); AccountCredential accountCredential = new AccountCredential( adapter.PrimaryDomainDnsName, adapter.DomainAdministratorName, adapter.DomainUserPassword); try { this.nrpcClient.BindOverNamedPipe( adapter.PDCNetbiosName, accountCredential, secuContext, adapter.timeOut); } catch (Exception e) { Site.Log.Add(LogEntryKind.Debug, "Failed to bind NamedPipe to " + adapter.PDCNetbiosName + "due to reason: " + e.Message); Site.Assert.Fail("Failed on init NRPC client on transport NamedPipe"); } this.nrpcClient.Context.SequenceNumber++; _NETLOGON_LOGON_INFO_CLASS logonLevelInfoClass = _NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveInformation; _NETLOGON_LEVEL logonLevel = this.nrpcClient.CreateNetlogonLevel( logonLevelInfoClass, NrpcParameterControlFlags.AllowLogonWithComputerAccount, adapter.PrimaryDomainDnsName, adapter.DomainAdministratorName, adapter.DomainUserPassword); // Client calls EncryptNetlogonLevel _NETLOGON_LEVEL?encryptedLogonLevel = this.nrpcClient.EncryptNetlogonLevel( logonLevelInfoClass, logonLevel); _NETLOGON_AUTHENTICATOR?serverAuthenticator = this.nrpcClient.CreateEmptyNetlogonAuthenticator(); _NETLOGON_AUTHENTICATOR?clientAuthenticator = this.nrpcClient.ComputeNetlogonAuthenticator(); _NETLOGON_VALIDATION? validationInfomation = null; byte?authoritative = null; try { result = (HRESULT)this.nrpcClient.NetrLogonSamLogon( adapter.PDCNetbiosName, adapter.ENDPOINTNetbiosName, clientAuthenticator, ref serverAuthenticator, logonLevelInfoClass, encryptedLogonLevel, _NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo2, out validationInfomation, out authoritative); } catch (InvalidOperationException e) { result = (HRESULT)int.Parse(e.Message, CultureInfo.InvariantCulture); } // If the sequence number in security context is out of sequence, the server will return an error message. Site.CaptureRequirementIfAreNotEqual <HRESULT>( HRESULT.ERROR_SUCCESS, result, 853, @"[In Receiving an Initial Netlogon Signature Token, The following steps are performed to verify the data and to decrypt with AES if negotiated, otherwise RC4 if required: in step 7: ] If these two [SequenceNumber and CopySeqNumber ] do not match, an error is returned indicating that out-of-sequence data was received."); } }