private void ReadCommonHeader(NdrBinaryStream pacStream)
{
Version = pacStream.Read(1)[0];
if (Version != NdrConstants.PROTOCOL_VERSION)
{
throw new InvalidDataException($"Unknown Protocol version {Version}");
}
var headerBits = pacStream.Read(1)[0];
var endian = headerBits >> 4 & 0x0F;
if (endian != 0 && endian != 1)
{
throw new InvalidDataException($"Unknown endianness {endian}");
}
Endian = Convert.ToBoolean(endian);
Encoding = (byte)(headerBits & 0x0F);
if (Encoding != 0 && Encoding != 1)
{
throw new InvalidDataException($"Unknown encoding {Encoding}");
}
Length = pacStream.ReadShort();
if (Length != NdrConstants.COMMON_HEADER_BYTES)
{
throw new InvalidDataException($"Unknown common header length {Length}");
}
}
public override void ReadBody(NdrBinaryStream stream)
{
ClaimSource = (ClaimSourceType)stream.ReadInt();
Count = stream.ReadUnsignedInt();
var claims = new List <ClaimEntry>();
stream.Seek(4);
var count = stream.ReadInt();
if (Count != count)
{
throw new InvalidDataException($"Claims count {Count} doesn't match actual count {count}");
}
for (var i = 0; i < Count; i++)
{
var claim = new ClaimEntry();
claim.ReadBody(stream);
claims.Add(claim);
}
foreach (var entry in claims)
{
entry.ReadValue(stream);
}
ClaimEntries = claims;
}
private static IEnumerable <SecurityIdentifier> ParseAttributes(NdrBinaryStream Stream, int count, int pointer)
{
var attributes = new List <SecurityIdentifier>();
if (pointer == 0)
{
return(attributes);
}
int realCount = Stream.ReadInt();
if (realCount != count)
{
throw new InvalidDataException($"Expected count {count} doesn't match actual count {realCount}");
}
for (int i = 0; i < count; i++)
{
Stream.Align(4);
var sid = Stream.ReadRid();
attributes.Add(new SecurityIdentifier(sid, (SidAttributes)Stream.ReadInt()));
}
return(attributes);
}
public virtual void Decode(ReadOnlyMemory <byte> data)
{
var stream = new NdrBinaryStream(data.ToArray());
Header = stream.ReadNdrHeader();
ReadBody(stream);
}
public override void WriteBody(NdrBinaryStream stream)
{
stream.WriteUnsignedInt((int)Type);
stream.WriteBytes(Signature.Span);
stream.WriteShort(RODCIdentifier);
}
public RpcHeader(NdrBinaryStream pacStream)
{
ReadCommonHeader(pacStream);
pacStream.Read(4);
pacStream.Read(8);
pacStream.Read(4);
}
public override void WriteBody(NdrBinaryStream stream)
{
stream.WriteUnsignedInt(ClaimsArray.Count());
stream.WriteDeferredArray(ClaimsArray);
stream.WriteShort(ReservedType);
stream.WriteUnsignedInt(ReservedFieldSize);
stream.WriteBytes(ReservedField);
}
internal void EncodeType(object val, ClaimType type, NdrBinaryStream stream)
{
if (type == ClaimType.CLAIM_TYPE_STRING)
{
stream.WriteString(val.ToString());
}
else
{
stream.WriteUnsignedLong(Convert.ToInt64(val));
}
}
public override void ReadBody(NdrBinaryStream stream)
{
stream.Seek(4); // offset for Id
Type = (ClaimType)stream.ReadShort();
stream.Align(4);
Count = stream.ReadUnsignedInt();
stream.Seek(4); // offset to values
}
public virtual void Encode(NdrBinaryStream stream)
{
if (Header == null)
{
Header = new RpcHeader();
}
Header.WriteCommonHeader(stream);
WriteBody(stream);
stream.WriteDeferred();
}
public override void ReadBody(NdrBinaryStream stream)
{
Type = (ChecksumType)stream.ReadUnsignedInt();
SignaturePosition = (int)stream.Position;
Signature = SetSignatureValue(Type, size => stream.Read(size));
Validator = CryptoService.CreateChecksumValidator(Type, Signature, signatureData);
if (stream.Position < stream.Length)
{
RODCIdentifier = stream.ReadShort();
}
}
public void WriteCommonHeader(NdrBinaryStream stream)
{
stream.WriteBytes(new byte[] { NdrConstants.PROTOCOL_VERSION });
byte headerBits = 0;
headerBits |= Convert.ToByte(Encoding);
headerBits |= (byte)((1 << 4) & Convert.ToByte(Endian));
stream.WriteBytes(new byte[] { headerBits });
stream.WriteShort(NdrConstants.COMMON_HEADER_BYTES);
stream.WriteBytes(Enumerable.Repeat((byte)0, 4 + 8 + 4).ToArray());
}
public override void ReadBody(NdrBinaryStream stream)
{
Count = stream.ReadInt();
stream.Seek(4);
ReservedType = stream.ReadShort();
ReservedFieldSize = stream.ReadInt();
ReservedField = stream.Read(ReservedFieldSize);
stream.Align(8);
ClaimsArray = ReadClaimsArray(stream);
}
public virtual ReadOnlyMemory <byte> Encode()
{
if (cachedEncodedValue.Length <= 0 || IsDirty)
{
var stream = new NdrBinaryStream();
WriteBody(stream);
cachedEncodedValue = stream.ToMemory();
IsDirty = false;
}
return(cachedEncodedValue);
}
internal void ReadValue(NdrBinaryStream stream)
{
Id = stream.ReadString();
stream.Align(4);
var count = stream.ReadInt();
if (count != Count)
{
throw new InvalidDataException($"ValueCount {Count} doesn't match actual count {count} for claim {Id}.");
}
ReadValues(stream);
}
public string ReadString(NdrBinaryStream reader)
{
if (pointer == 0)
{
return(null);
}
var result = reader.ReadString(maxLength);
int expected = length / 2;
if (result.Length != expected)
{
throw new InvalidDataException($"Read length {result.Length} doesn't match expected length {expected}");
}
return(result);
}
private IEnumerable <ClaimsArray> ReadClaimsArray(NdrBinaryStream stream)
{
var count = stream.ReadInt();
if (count != Count)
{
throw new InvalidDataException($"Array count {Count} doesn't match actual count {count}");
}
var claims = new List <ClaimsArray>();
for (var i = 0; i < Count; i++)
{
var array = new ClaimsArray();
array.ReadBody(stream);
claims.Add(array);
}
return(claims);
}
private static SecurityIdentifier[] ParseExtraSids(NdrBinaryStream Stream, int extraSidCount, int extraSidPointer)
{
if (extraSidPointer == 0)
{
return(new SecurityIdentifier[0]);
}
int realExtraSidCount = Stream.ReadInt();
if (realExtraSidCount != extraSidCount)
{
throw new InvalidDataException($"Expected Sid count {extraSidCount} doesn't match actual sid count {realExtraSidCount}");
}
var extraSidAtts = new SecurityIdentifier[extraSidCount];
var pointers = new int[extraSidCount];
var attributes = new SidAttributes[extraSidCount];
for (int i = 0; i < extraSidCount; i++)
{
pointers[i] = Stream.ReadInt();
attributes[i] = (SidAttributes)Stream.ReadUnsignedInt();
}
for (int i = 0; i < extraSidCount; i++)
{
SecurityIdentifier sid = null;
if (pointers[i] != 0)
{
sid = new SecurityIdentifier(Stream.ReadSid(), attributes[i]);
}
extraSidAtts[i] = sid;
}
return(extraSidAtts);
}
private void ReadValues(NdrBinaryStream stream)
{
if (Type == ClaimType.CLAIM_TYPE_STRING)
{
var pointers = new int[Count];
for (var i = 0; i < Count; i++)
{
pointers[i] = stream.ReadInt();
}
}
values = new object[Count];
for (var i = 0; i < Count; i++)
{
switch (Type)
{
case ClaimType.CLAIM_TYPE_BOOLEAN:
values[i] = Convert.ToBoolean(stream.ReadLong());
break;
case ClaimType.CLAIM_TYPE_INT64:
values[i] = stream.ReadLong();
break;
case ClaimType.CLAIM_TYPE_UINT64:
values[i] = (ulong)stream.ReadLong();
break;
case ClaimType.CLAIM_TYPE_STRING:
values[i] = stream.ReadString();
break;
}
}
}
public override void WriteBody(NdrBinaryStream stream)
{
stream.WriteFiletime(LogonTime);
stream.WriteFiletime(LogoffTime);
stream.WriteFiletime(KickOffTime);
stream.WriteFiletime(PwdLastChangeTime);
stream.WriteFiletime(PwdCanChangeTime);
stream.WriteFiletime(PwdMustChangeTime);
stream.WriteRPCUnicodeString(UserName);
stream.WriteRPCUnicodeString(UserDisplayName);
stream.WriteRPCUnicodeString(LogonScript);
stream.WriteRPCUnicodeString(ProfilePath);
stream.WriteRPCUnicodeString(HomeDirectory);
stream.WriteRPCUnicodeString(HomeDrive);
stream.WriteShort((short)LogonCount);
stream.WriteShort((short)BadPasswordCount);
stream.WriteRid(UserSid);
stream.WriteRid(GroupSid);
WriteSidArray(stream, GroupSids);
if (ExtraSids != null)
{
UserFlags |= UserFlags.LOGON_EXTRA_SIDS;
}
if (ResourceGroups != null)
{
UserFlags |= UserFlags.LOGON_RESOURCE_GROUPS;
}
stream.WriteUnsignedInt((int)UserFlags);
stream.WriteBytes(new byte[16]);
stream.WriteRPCUnicodeString(ServerName);
stream.WriteRPCUnicodeString(DomainName);
stream.WriteSid(DomainSid, "DomainSid");
stream.WriteBytes(new byte[8]);
stream.WriteUnsignedInt((int)UserAccountControl);
stream.WriteUnsignedInt(SubAuthStatus);
stream.WriteFiletime(LastSuccessfulILogon);
stream.WriteFiletime(LastFailedILogon);
stream.WriteUnsignedInt(FailedILogonCount);
// reserved3
stream.WriteUnsignedInt(0);
WriteExtraSids(stream, ExtraSids);
stream.WriteSid(ResourceDomainSid, "ResourceDomainSid");
WriteSidArray(stream, ResourceGroups);
// write GroupSids
// write DomainSid
// write ExtraSids
// write ResourceDomainSid
// write ResourceGroups
}
public override void ReadBody(NdrBinaryStream stream)
{
LogonTime = stream.ReadFiletime();
LogoffTime = stream.ReadFiletime();
KickOffTime = stream.ReadFiletime();
PwdLastChangeTime = stream.ReadFiletime();
PwdCanChangeTime = stream.ReadFiletime();
PwdMustChangeTime = stream.ReadFiletime();
var userName = stream.ReadRPCUnicodeString();
var userDisplayName = stream.ReadRPCUnicodeString();
var logonScript = stream.ReadRPCUnicodeString();
var profilePath = stream.ReadRPCUnicodeString();
var homeDirectory = stream.ReadRPCUnicodeString();
var homeDrive = stream.ReadRPCUnicodeString();
LogonCount = stream.ReadShort();
BadPasswordCount = stream.ReadShort();
var userSid = stream.ReadRid();
var groupSid = stream.ReadRid();
// Groups information
var groupCount = stream.ReadInt();
var groupPointer = stream.ReadInt();
UserFlags = (UserFlags)stream.ReadInt();
// sessionKey
stream.Read(new byte[16]);
var serverNameString = stream.ReadRPCUnicodeString();
var domainNameString = stream.ReadRPCUnicodeString();
var domainIdPointer = stream.ReadInt();
// reserved1
stream.Read(new byte[8]);
UserAccountControl = (UserAccountControlFlags)stream.ReadInt();
SubAuthStatus = stream.ReadInt();
LastSuccessfulILogon = stream.ReadFiletime();
LastFailedILogon = stream.ReadFiletime();
FailedILogonCount = stream.ReadInt();
// reserved3
stream.ReadInt();
// Extra SIDs information
var extraSidCount = stream.ReadInt();
var extraSidPointer = stream.ReadInt();
var resourceDomainIdPointer = stream.ReadInt();
var resourceGroupCount = stream.ReadInt();
var resourceGroupPointer = stream.ReadInt();
UserName = userName.ReadString(stream);
UserDisplayName = userDisplayName.ReadString(stream);
LogonScript = logonScript.ReadString(stream);
ProfilePath = profilePath.ReadString(stream);
HomeDirectory = homeDirectory.ReadString(stream);
HomeDrive = homeDrive.ReadString(stream);
// Groups data
var groupSids = ParseAttributes(stream, groupCount, groupPointer);
// Server related strings
ServerName = serverNameString.ReadString(stream);
DomainName = domainNameString.ReadString(stream);
if (domainIdPointer != 0)
{
DomainSid = stream.ReadSid();
}
UserSid = userSid.AppendTo(DomainSid);
GroupSid = groupSid.AppendTo(DomainSid);
GroupSids = groupSids.Select(g => g.AppendTo(DomainSid)).ToList();
if (UserFlags.HasFlag(UserFlags.LOGON_EXTRA_SIDS))
{
ExtraSids = ParseExtraSids(stream, extraSidCount, extraSidPointer).ToList();
}
if (resourceDomainIdPointer != 0)
{
ResourceDomainSid = stream.ReadSid();
}
if (UserFlags.HasFlag(UserFlags.LOGON_RESOURCE_GROUPS))
{
ResourceGroups = ParseAttributes(
stream,
resourceGroupCount,
resourceGroupPointer
).Select(g => g.AppendTo(ResourceDomainSid)).ToList();
}
}
public override void WriteBody(NdrBinaryStream stream)
{
}
private void WriteSidArray(NdrBinaryStream stream, IEnumerable <SecurityIdentifier> sids)
{
stream.WriteRids(sids);
}
private void WriteExtraSids(NdrBinaryStream stream, IEnumerable <SecurityIdentifier> extraSids)
{
stream.WriteSids(extraSids, "ExtraSids");
}
public override void WriteBody(NdrBinaryStream stream, Queue <Action> deferredFurther)
{
stream.WriteClaimEntry(this, deferredFurther);
}
public override void WriteBody(NdrBinaryStream stream)
{
stream.WriteClaimsArray(this);
}
public abstract void ReadBody(NdrBinaryStream stream);
public virtual void WriteBody(NdrBinaryStream stream, Queue <Action> deferredFurther)
{
WriteBody(stream);
}
public abstract void WriteBody(NdrBinaryStream stream);
