internal override SafeBuffer ToBuffer(DisposableList list, string package) { if (!AuthenticationPackage.CheckSChannel(package) && !AuthenticationPackage.CheckCredSSP(package)) { throw new ArgumentException("Can only use SchannelCredentials for the Schannel or CredSSP package.", nameof(package)); } SCHANNEL_CRED creds = new SCHANNEL_CRED { dwVersion = SCHANNEL_CRED.SCHANNEL_CRED_VERSION, dwSessionLifespan = SessionLifespan, dwFlags = Flags, grbitEnabledProtocols = Protocols, dwMinimumCipherStrength = MinimumCipherStrength, dwMaximumCipherStrength = MaximumCipherStrength }; if (_certs.Count > 0) { IntPtr[] cred_handles = _certs.Select(c => c.Handle).ToArray(); var array_buffer = list.AddResource(cred_handles.ToBuffer()); creds.cCreds = cred_handles.Length; creds.paCred = array_buffer.DangerousGetHandle(); } if (_alg_types.Count > 0) { creds.cSupportedAlgs = _alg_types.Count; creds.palgSupportedAlgs = list.AddResource(_alg_types.Select(a => (int)a).ToArray().ToBuffer()).DangerousGetHandle(); } return(creds.ToBuffer()); }
private static void HandleAuthPackage(AuthenticationPackage authenticationPackage, TcpClient senderTcpClient) { Console.WriteLine("Clients count {0}", _server.Clients.Count); string clientUid = authenticationPackage.SenderUid; var connectedClient = _server.GetClientFromClientList(senderTcpClient); connectedClient.Uid = clientUid; Console.WriteLine("Client with {0} authenticated with UID: {1}", senderTcpClient.Client.RemoteEndPoint, clientUid); }
internal void SetNegotiatedAuthType() { if (TransportSecurity.AuthenticationType == RpcAuthenticationType.Negotiate) { var package_name = AuthContext.PackageName; NegotiatedAuthType = AuthenticationPackage.CheckKerberos(package_name) ? RpcAuthenticationType.Kerberos : RpcAuthenticationType.WinNT; } else { NegotiatedAuthType = TransportSecurity.AuthenticationType; } }
private async void SendLoginMessage(string username, string password) { App.Username = username; await Task.Run(() => { var loginPackage = new AuthenticationPackage( username, password, App.Uid, Router.ServerWildcard); _client.EnqueueDataForWrite(loginPackage); }); }
internal override SafeBuffer ToBuffer(DisposableList list, string package) { if (!AuthenticationPackage.CheckCredSSP(package)) { throw new ArgumentException("Can only use CredSSPCredentials for the CredSSP package.", nameof(package)); } CREDSSP_CRED ret = new CREDSSP_CRED { Type = CREDSSP_SUBMIT_TYPE.CredsspSubmitBufferBoth, pSchannelCred = list.AddResource(_schannel.ToBuffer(list, package)).DangerousGetHandle(), pSpnegoCred = list.AddResource(_user.ToBuffer(list, package)).DangerousGetHandle() }; return(ret.ToBuffer()); }
private static void HandleOnAuthenticationPackage(AuthenticationPackage package, TcpClient senderTcpClient) { var client = (DrawingHammerClientData)_server.GetClientFromClientList(senderTcpClient); client.Uid = package.SenderUid; var authResult = _authenticationManager.IsValid(package.Username, package.Password); if (authResult.Result) { Log.Info($"Authenticationcredentials for username '{package.Username}' are valid!"); client.Authenticated = true; client.User = authResult.User; client.EnqueueDataForWrite(new AuthenticationResultPackage(AuthenticationResult.Ok, Router.ServerWildcard, package.SenderUid)); } else { Log.Info($"Authenticationcredentials for username '{package.Username}' are not valid!"); client.EnqueueDataForWrite(new AuthenticationResultPackage(AuthenticationResult.Failed, Router.ServerWildcard, package.SenderUid)); } }
internal override SafeBuffer ToBuffer(DisposableList list, string package) { if (!AuthenticationPackage.CheckSChannel(package) && !AuthenticationPackage.CheckCredSSP(package)) { throw new ArgumentException("Can only use SchannelCredentials for the Schannel or CredSSP package.", nameof(package)); } SCHANNEL_CRED creds = new SCHANNEL_CRED { dwVersion = SCHANNEL_CRED.SCHANNEL_CRED_VERSION, dwSessionLifespan = SessionLifespan, dwFlags = Flags }; if (_certs.Count > 0) { IntPtr[] cred_handles = _certs.Select(c => c.Handle).ToArray(); var array_buffer = list.AddResource(cred_handles.ToBuffer()); creds.cCreds = cred_handles.Length; creds.paCred = array_buffer.DangerousGetHandle(); } return(creds.ToBuffer()); }
private void BindAuth(Guid interface_id, Version interface_version, Guid transfer_syntax_id, Version transfer_syntax_version) { // 8 should be more than enough legs to complete authentication. int max_legs = _transport_security.AuthenticationType == RpcAuthenticationType.WinNT ? 3 : 8; int call_id = ++CallId; int count = 0; bool alter_context = false; while (count++ < max_legs) { PDUBind bind_pdu = new PDUBind(_max_send_fragment, _max_recv_fragment, alter_context); bind_pdu.Elements.Add(new ContextElement(interface_id, interface_version, transfer_syntax_id, transfer_syntax_version)); var recv = SendReceivePDU(call_id, bind_pdu, _auth_context.Token.ToArray(), true); if (recv.Item1 is PDUBindAck bind_ack) { if (bind_ack.ResultList.Count != 1 || bind_ack.ResultList[0].Result != PresentationResultType.Acceptance) { throw new RpcTransportException($"Bind to {interface_id}:{interface_version} was rejected."); } if (!alter_context) { // Only capture values from the BindAck. _max_recv_fragment = bind_ack.MaxRecvFrag; _max_send_fragment = bind_ack.MaxXmitFrag; alter_context = true; } if (recv.Item2.Data == null || recv.Item2.Data.Length == 0) { // No auth, assume success. break; } _auth_context.Continue(new AuthenticationToken(recv.Item2.Data)); if (_auth_context.Done) { byte[] token = _auth_context.Token.ToArray(); if (token.Length == 0) { break; } // If we still have an NTLM token to complete then send as an Auth3 PDU. if (_transport_security.AuthenticationType == RpcAuthenticationType.WinNT) { SendReceivePDU(call_id, new PDUAuth3(), _auth_context.Token.ToArray(), false); break; } } } else if (recv.Item1 is PDUBindNack bind_nack) { throw new RpcTransportException($"Bind NACK returned with rejection reason {bind_nack.RejectionReason}"); } else { throw new RpcTransportException($"Unexpected {recv.Item1.PDUType} PDU from server."); } } if (!_auth_context.Done) { throw new RpcTransportException("Failed to complete the client authentication."); } if (_transport_security.AuthenticationType == RpcAuthenticationType.Negotiate) { var package_name = _auth_context.PackageName; _negotiated_auth_type = AuthenticationPackage.CheckKerberos(package_name) ? RpcAuthenticationType.Kerberos : RpcAuthenticationType.WinNT; } else { _negotiated_auth_type = _transport_security.AuthenticationType; } }