internal override SafeBuffer ToBuffer(DisposableList list, string package)
{
if (!AuthenticationPackage.CheckSChannel(package) &&
!AuthenticationPackage.CheckCredSSP(package))
{
throw new ArgumentException("Can only use SchannelCredentials for the Schannel or CredSSP package.", nameof(package));
}
SCHANNEL_CRED creds = new SCHANNEL_CRED
{
dwVersion = SCHANNEL_CRED.SCHANNEL_CRED_VERSION,
dwSessionLifespan = SessionLifespan,
dwFlags = Flags,
grbitEnabledProtocols = Protocols,
dwMinimumCipherStrength = MinimumCipherStrength,
dwMaximumCipherStrength = MaximumCipherStrength
};
if (_certs.Count > 0)
{
IntPtr[] cred_handles = _certs.Select(c => c.Handle).ToArray();
var array_buffer = list.AddResource(cred_handles.ToBuffer());
creds.cCreds = cred_handles.Length;
creds.paCred = array_buffer.DangerousGetHandle();
}
if (_alg_types.Count > 0)
{
creds.cSupportedAlgs = _alg_types.Count;
creds.palgSupportedAlgs = list.AddResource(_alg_types.Select(a => (int)a).ToArray().ToBuffer()).DangerousGetHandle();
}
return(creds.ToBuffer());
}
private static void HandleAuthPackage(AuthenticationPackage authenticationPackage, TcpClient senderTcpClient)
{
Console.WriteLine("Clients count {0}", _server.Clients.Count);
string clientUid = authenticationPackage.SenderUid;
var connectedClient = _server.GetClientFromClientList(senderTcpClient);
connectedClient.Uid = clientUid;
Console.WriteLine("Client with {0} authenticated with UID: {1}", senderTcpClient.Client.RemoteEndPoint, clientUid);
}
internal void SetNegotiatedAuthType()
{
if (TransportSecurity.AuthenticationType == RpcAuthenticationType.Negotiate)
{
var package_name = AuthContext.PackageName;
NegotiatedAuthType = AuthenticationPackage.CheckKerberos(package_name)
? RpcAuthenticationType.Kerberos : RpcAuthenticationType.WinNT;
}
else
{
NegotiatedAuthType = TransportSecurity.AuthenticationType;
}
}
private async void SendLoginMessage(string username, string password)
{
App.Username = username;
await Task.Run(() =>
{
var loginPackage = new AuthenticationPackage(
username,
password,
App.Uid,
Router.ServerWildcard);
_client.EnqueueDataForWrite(loginPackage);
});
}
internal override SafeBuffer ToBuffer(DisposableList list, string package)
{
if (!AuthenticationPackage.CheckCredSSP(package))
{
throw new ArgumentException("Can only use CredSSPCredentials for the CredSSP package.", nameof(package));
}
CREDSSP_CRED ret = new CREDSSP_CRED
{
Type = CREDSSP_SUBMIT_TYPE.CredsspSubmitBufferBoth,
pSchannelCred = list.AddResource(_schannel.ToBuffer(list, package)).DangerousGetHandle(),
pSpnegoCred = list.AddResource(_user.ToBuffer(list, package)).DangerousGetHandle()
};
return(ret.ToBuffer());
}
private static void HandleOnAuthenticationPackage(AuthenticationPackage package, TcpClient senderTcpClient)
{
var client = (DrawingHammerClientData)_server.GetClientFromClientList(senderTcpClient);
client.Uid = package.SenderUid;
var authResult = _authenticationManager.IsValid(package.Username, package.Password);
if (authResult.Result)
{
Log.Info($"Authenticationcredentials for username '{package.Username}' are valid!");
client.Authenticated = true;
client.User = authResult.User;
client.EnqueueDataForWrite(new AuthenticationResultPackage(AuthenticationResult.Ok, Router.ServerWildcard, package.SenderUid));
}
else
{
Log.Info($"Authenticationcredentials for username '{package.Username}' are not valid!");
client.EnqueueDataForWrite(new AuthenticationResultPackage(AuthenticationResult.Failed, Router.ServerWildcard, package.SenderUid));
}
}
internal override SafeBuffer ToBuffer(DisposableList list, string package)
{
if (!AuthenticationPackage.CheckSChannel(package) &&
!AuthenticationPackage.CheckCredSSP(package))
{
throw new ArgumentException("Can only use SchannelCredentials for the Schannel or CredSSP package.", nameof(package));
}
SCHANNEL_CRED creds = new SCHANNEL_CRED
{
dwVersion = SCHANNEL_CRED.SCHANNEL_CRED_VERSION,
dwSessionLifespan = SessionLifespan,
dwFlags = Flags
};
if (_certs.Count > 0)
{
IntPtr[] cred_handles = _certs.Select(c => c.Handle).ToArray();
var array_buffer = list.AddResource(cred_handles.ToBuffer());
creds.cCreds = cred_handles.Length;
creds.paCred = array_buffer.DangerousGetHandle();
}
return(creds.ToBuffer());
}
private void BindAuth(Guid interface_id, Version interface_version, Guid transfer_syntax_id, Version transfer_syntax_version)
{
// 8 should be more than enough legs to complete authentication.
int max_legs = _transport_security.AuthenticationType == RpcAuthenticationType.WinNT ? 3 : 8;
int call_id = ++CallId;
int count = 0;
bool alter_context = false;
while (count++ < max_legs)
{
PDUBind bind_pdu = new PDUBind(_max_send_fragment, _max_recv_fragment, alter_context);
bind_pdu.Elements.Add(new ContextElement(interface_id, interface_version, transfer_syntax_id, transfer_syntax_version));
var recv = SendReceivePDU(call_id, bind_pdu, _auth_context.Token.ToArray(), true);
if (recv.Item1 is PDUBindAck bind_ack)
{
if (bind_ack.ResultList.Count != 1 || bind_ack.ResultList[0].Result != PresentationResultType.Acceptance)
{
throw new RpcTransportException($"Bind to {interface_id}:{interface_version} was rejected.");
}
if (!alter_context)
{
// Only capture values from the BindAck.
_max_recv_fragment = bind_ack.MaxRecvFrag;
_max_send_fragment = bind_ack.MaxXmitFrag;
alter_context = true;
}
if (recv.Item2.Data == null || recv.Item2.Data.Length == 0)
{
// No auth, assume success.
break;
}
_auth_context.Continue(new AuthenticationToken(recv.Item2.Data));
if (_auth_context.Done)
{
byte[] token = _auth_context.Token.ToArray();
if (token.Length == 0)
{
break;
}
// If we still have an NTLM token to complete then send as an Auth3 PDU.
if (_transport_security.AuthenticationType == RpcAuthenticationType.WinNT)
{
SendReceivePDU(call_id, new PDUAuth3(), _auth_context.Token.ToArray(), false);
break;
}
}
}
else if (recv.Item1 is PDUBindNack bind_nack)
{
throw new RpcTransportException($"Bind NACK returned with rejection reason {bind_nack.RejectionReason}");
}
else
{
throw new RpcTransportException($"Unexpected {recv.Item1.PDUType} PDU from server.");
}
}
if (!_auth_context.Done)
{
throw new RpcTransportException("Failed to complete the client authentication.");
}
if (_transport_security.AuthenticationType == RpcAuthenticationType.Negotiate)
{
var package_name = _auth_context.PackageName;
_negotiated_auth_type = AuthenticationPackage.CheckKerberos(package_name)
? RpcAuthenticationType.Kerberos : RpcAuthenticationType.WinNT;
}
else
{
_negotiated_auth_type = _transport_security.AuthenticationType;
}
}
