/// <summary>
        ///  The NetrLogonSamLogoff method handles logoff requests
        ///  for the SAM accounts. Opnum: 3
        /// </summary>
        /// <param name="logonServer">
        ///  The custom RPC binding handle.
        /// </param>
        /// <param name="computerName">
        ///  The Unicode string that contains the NetBIOS name of
        ///  the client computer calling this method.
        /// </param>
        /// <param name="authenticator">
        ///  A pointer to a NETLOGON_AUTHENTICATOR structure,
        ///  that contains the client authenticator.
        /// </param>
        /// <param name="returnAuthenticator">
        ///  A pointer to a NETLOGON_AUTHENTICATOR structure,
        ///  that contains the server return
        ///  authenticator.
        /// </param>
        /// <param name="logonLevel">
        ///  A NETLOGON_LOGON_INFO_CLASS structure,
        ///  that identifies the type of logon information
        ///  in the LogonInformation union.
        /// </param>
        /// <param name="logonInformation">
        ///  A pointer to a NETLOGON_LEVEL structure,
        ///  that describes the logon information.
        /// </param>
        /// <param name="isLogonInfoNull">
        ///  Indicate if the logonInformation field is NULL.
        ///  </param>
        /// <returns>
        /// The method returns 0x00000000 on success;
        /// otherwise, it returns a nonzero error code.
        /// </returns>
        public NtStatus NetrLogonSamLogoff(
            string logonServer,
            string computerName,
            _NETLOGON_AUTHENTICATOR?authenticator,
            ref _NETLOGON_AUTHENTICATOR?returnAuthenticator,
            _NETLOGON_LOGON_INFO_CLASS logonLevel,
            _NETLOGON_LEVEL?logonInformation,
            bool isLogonInfoNull)
        {
            NtStatus status = this.customRpc.NetrLogonSamLogoff(
                logonServer,
                computerName,
                authenticator,
                ref returnAuthenticator,
                logonLevel,
                logonInformation,
                isLogonInfoNull);

            this.context.ConnectionStatus = status;
            return(status);
        }
        /// <summary>
        ///  The NetrLogonSamLogonWithFlags method Supported in windows_xpwindows_server_2003,
        ///  windows_vista, windows_server_2008, windows_7, and
        ///  windows_server_7. handles logon requests for the SAM
        ///  accounts. Opnum: 45 
        /// </summary>
        /// <param name="LogonServer">
        ///  The custom RPC binding handle, as specified in section
        ///  .
        /// </param>
        /// <param name="ComputerName">
        ///  The Unicode string that contains the NetBIOS name of
        ///  the client computer calling this method.
        /// </param>
        /// <param name="Authenticator">
        ///  A pointer to a NETLOGON_AUTHENTICATOR structure, as
        ///  specified in section , that contains the client authenticator.
        /// </param>
        /// <param name="ReturnAuthenticator">
        ///  A pointer to a NETLOGON_AUTHENTICATOR structure, as
        ///  specified in section , that contains the server return
        ///  authenticator.
        /// </param>
        /// <param name="LogonLevel">
        ///  A NETLOGON_LOGON_INFO_CLASS structure, as specified
        ///  in section , that specifies the type of logon information
        ///  passed in the LogonInformation parameter.
        /// </param>
        /// <param name="LogonInformation">
        ///  A pointer to a NETLOGON_LEVEL structure, as specified
        ///  in section , that describes the logon request information.
        /// </param>
        /// <param name="ValidationLevel">
        ///  A NETLOGON_VALIDATION_INFO_CLASS enumerated type, as
        ///  specified in section , that contains the validation
        ///  level requested by the client.
        /// </param>
        /// <param name="ValidationInformation">
        ///  A pointer to a NETLOGON_VALIDATION structure, as specified
        ///  in section , that describes the user validation information
        ///  returned to the client. The type of the NETLOGON_VALIDATION
        ///  used is determined by the value of the ValidationLevel
        ///  parameter.
        /// </param>
        /// <param name="Authoritative">
        ///  A pointer to a char value representing a Boolean condition.
        ///  FALSE is indicated by the value 0x00; TRUE SHOULD be
        ///  indicated by the value 0x01 and MAY also be indicated
        ///  by any nonzero value. Windows uses the value of 0x01
        ///  as the representation of TRUE and 0x00 for FALSE. This
        ///  Boolean value indicates whether the validation information
        ///  is final. This field is necessary because the request
        ///  might be forwarded through multiple servers. A value
        ///  of TRUE indicates that the validation information is
        ///  final and MUST remain unchanged.
        /// </param>
        /// <param name="ExtraFlags">
        ///  A pointer to a set of bit flags that specify delivery
        ///  settings. A flag is TRUE (or set) if its value is equal
        ///  to 1. The value is constructed from zero or more bit
        ///  flags from the following table.
        /// </param>
        public NtStatus NetrLogonSamLogonWithFlags(
            string LogonServer,
            string ComputerName,
            _NETLOGON_AUTHENTICATOR? Authenticator,
            ref _NETLOGON_AUTHENTICATOR? ReturnAuthenticator,
            _NETLOGON_LOGON_INFO_CLASS LogonLevel,
            _NETLOGON_LEVEL? LogonInformation,
            _NETLOGON_VALIDATION_INFO_CLASS ValidationLevel,
            out _NETLOGON_VALIDATION? ValidationInformation,
            out byte? Authoritative,
            ref uint? ExtraFlags)
        {
            const ushort opnum = 45;

            byte[] requestStub;
            byte[] responseStub;
            Int3264[] paramList;
            int retVal;

            SafeIntPtr pLogonServer = Marshal.StringToHGlobalUni(LogonServer);
            SafeIntPtr pComputerName = Marshal.StringToHGlobalUni(ComputerName);
            SafeIntPtr pAuthenticator = TypeMarshal.ToIntPtr(Authenticator);
            SafeIntPtr pReturnAuthenticatorIn = TypeMarshal.ToIntPtr(ReturnAuthenticator);
            SafeIntPtr pLogonInformation = TypeMarshal.ToIntPtr(LogonInformation, LogonLevel, null, null);
            SafeIntPtr pExtraFlags = TypeMarshal.ToIntPtr(ExtraFlags);

            paramList = new Int3264[] {
                pLogonServer,
                pComputerName,
                pAuthenticator,
                pReturnAuthenticatorIn,
                (uint)LogonLevel,
                pLogonInformation,
                (uint)ValidationLevel,
                IntPtr.Zero,
                IntPtr.Zero,
                pExtraFlags,
                0 // retVal
            };

            requestStub = RpceStubEncoder.ToBytes(
                     RpceStubHelper.GetPlatform(),
                    NrpcRpcStubFormatString.TypeFormatString,
                    new RpceStubExprEval[] { new RpceStubExprEval(logon__NETLOGON_DELTA_USERExprEval_0000) },
                    NrpcRpcStubFormatString.ProcFormatString,
                    NrpcRpcStubFormatString.ProcFormatStringOffsetTable[opnum],
                    true,
                    paramList);

            rpceClientTransport.Call(opnum, requestStub, rpceTimeout, out responseStub);

            using (RpceInt3264Collection outParamList = RpceStubDecoder.ToParamList(
                     RpceStubHelper.GetPlatform(),
                    NrpcRpcStubFormatString.TypeFormatString,
                    new RpceStubExprEval[] { new RpceStubExprEval(logon__NETLOGON_DELTA_USERExprEval_0000) },
                    NrpcRpcStubFormatString.ProcFormatString,
                    NrpcRpcStubFormatString.ProcFormatStringOffsetTable[opnum],
                    true,
                    responseStub,
                    paramList))
            {
                IntPtr pReturnAuthenticatorOut = outParamList[3];
                ReturnAuthenticator = TypeMarshal.ToNullableStruct<_NETLOGON_AUTHENTICATOR>(pReturnAuthenticatorOut);

                IntPtr pValidationInformation = outParamList[7];
                ValidationInformation = TypeMarshal.ToNullableStruct<_NETLOGON_VALIDATION>(
                    pValidationInformation,
                    ValidationLevel,
                    null,
                    null);

                Authoritative = TypeMarshal.ToNullableStruct<byte>(outParamList[8]);

                ExtraFlags = TypeMarshal.ToNullableStruct<uint>(outParamList[9]);

                retVal = outParamList[10].ToInt32();
            }

            pLogonServer.Dispose();
            pComputerName.Dispose();
            pAuthenticator.Dispose();
            pReturnAuthenticatorIn.Dispose();
            pLogonInformation.Dispose();
            pExtraFlags.Dispose();

            return (NtStatus)retVal;
        }
예제 #3
0
        /// <summary>
        /// Send KERB_VERIFY_PAC_REQUEST message to DC through generic pass-through mechanism
        /// </summary>
        /// <param name="serverSignature">Server Signature in the privilege attribute certificate (PAC)</param>
        /// <param name="kdcSignature">Key Distribution Center (KDC) Signature in the PAC</param>
        /// <returns></returns>
        public Status GenerateKerberosValidationRequest(
            PAC_SIGNATURE_DATA serverSignature,
            PAC_SIGNATURE_DATA kdcSignature)
        {
            _NETLOGON_LOGON_INFO_CLASS      logonLevel      = _NETLOGON_LOGON_INFO_CLASS.NetlogonGenericInformation;
            _NETLOGON_VALIDATION_INFO_CLASS validationLevel = _NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationGenericInfo2;

            //Get Kerberos Request
            KERB_VERIFY_PAC_REQUEST kerberosReq = ApdsUtility.CreateKerbVerifyPacRequest(serverSignature, kdcSignature);

            //Create digest validation logon info
            _NETLOGON_LEVEL netlogonLevel = ApdsUtility.CreatePacLogonInfo(
                NrpcParameterControlFlags.AllowLogonWithComputerAccount,
                PrimaryDomainDnsName,
                DomainAdministratorName,
                PDCNetbiosName,
                kerberosReq);

            //Create Secure Channel
            EstablishSecureChannel();

            //Client calls EncryptNetlogonLevel
            _NETLOGON_LEVEL encryptedLogonLevel = nrpcClient.EncryptNetlogonLevel(
                (_NETLOGON_LOGON_INFO_CLASS)logonLevel,
                netlogonLevel);

            //Client calls NetrLogonSamLogonEx
            _NETLOGON_VALIDATION?validationInfomation;
            byte?authoritative;
            NrpcNetrLogonSamLogonExtraFlags?extraFlags = NrpcNetrLogonSamLogonExtraFlags.None;

            result = nrpcClient.NetrLogonSamLogonEx(
                nrpcClient.Handle,
                sutComputerName,
                clientComputerName,
                logonLevel,
                encryptedLogonLevel,
                validationLevel,
                out validationInfomation,
                out authoritative,
                ref extraFlags);

            // Whether this method use pass-through mechanism or not.
            bool isPassThroughMethod = false;

            //Kerberos PAC validation SHOULD use the generic pass-through mechanism ([MS-NRPC] section 3.2.4.1).
            //For generic pass-through, the LogonLevel is 4(NetlogonGenericInformation) as defined in [MS-NRPC] section 3.2.4.1.
            //So when the LogonLevel is  4, we can say that NRPC pass-through authentication method is used.
            if ((int)logonLevel == 4)
            {
                isPassThroughMethod = true;
            }
            Site.CaptureRequirementIfIsTrue(
                isPassThroughMethod,
                5,
                @"For domain support, authentication protocols MUST use an NRPC pass-through authentication 
                ([MS-NRPC] section 3.2) method with parameters determined by the authentication protocol being 
                used[to return the response structures to member server].");
            Site.CaptureRequirementIfAreEqual <int>(
                5,
                (int)validationLevel,
                402,
                @"The encoded data SHOULD be sent by using the generic pass-through mechanism ([MS-NRPC] section 3.2.4.1).");

            if (result == NtStatus.STATUS_SUCCESS)
            {
                Site.CaptureRequirementIfIsNull(validationInfomation.Value.ValidationGeneric2[0].ValidationData, 403,
                                                @"If the checksum is verified, the DC MUST return STATUS_SUCCESS. There is no return message.");
            }
            return((Status)result);
        }
 /// <summary>
 ///  Decodes the request stub, and fills the fields of the class
 /// </summary>
 /// <param name="sessionContext">The session context of the request received</param>
 /// <param name="requestStub">The request stub got from RPCE layer</param>
 internal override void Decode(NrpcServerSessionContext sessionContext, byte[] requestStub)
 {
     using (RpceInt3264Collection outParamList = RpceStubDecoder.ToParamList(
       RpceStubHelper.GetPlatform(),
         NrpcRpcStubFormatString.TypeFormatString,
         new RpceStubExprEval[] {
             new RpceStubExprEval(NrpcRpcAdapter.logon__NETLOGON_DELTA_USERExprEval_0000) },
         NrpcRpcStubFormatString.ProcFormatString,
         NrpcRpcStubFormatString.ProcFormatStringOffsetTable[(int)Opnum],
         false,
         requestStub))
     {
         LogonServer = Marshal.PtrToStringUni(outParamList[0]);
         ComputerName = Marshal.PtrToStringUni(outParamList[1]);
         Authenticator = TypeMarshal.ToNullableStruct<_NETLOGON_AUTHENTICATOR>(outParamList[2]);
         ReturnAuthenticator = TypeMarshal.ToNullableStruct<_NETLOGON_AUTHENTICATOR>(outParamList[3]);
         LogonLevel = (_NETLOGON_LOGON_INFO_CLASS)outParamList[4].ToInt32();
         LogonInformation = TypeMarshal.ToNullableStruct<_NETLOGON_LEVEL>(outParamList[5], LogonLevel, null, null);
         ValidationLevel = (_NETLOGON_VALIDATION_INFO_CLASS)outParamList[6].ToInt32();
         ExtraFlags = TypeMarshal.ToNullableStruct<uint>(outParamList[9]);
     }
 }
예제 #5
0
        /// <summary>
        /// Send NTLM request message to DC for validation.
        /// </summary>
        /// <param name="logonLevel">Indicates the logon level.</param>
        /// <param name="accountInfo">Indicates whether this account is valid in DC validation.</param>
        /// <param name="isAccessCheckSuccess">Indicates whether the access checked success.</param>
        /// <param name="validationLevel">Indicates the validation level.</param>
        /// <returns>Indicates the result status of DC response.</returns>
        public Status NTLMLogon(
            _NETLOGON_LOGON_INFO_CLASS logonLevel,
            AccountInformation accountInfo,
            Boolean isAccessCheckSuccess,
            _NETLOGON_VALIDATION_INFO_CLASS validationLevel)
        {
            //Compute the password
            GenerateCurrentCredentials(accountInfo);

            //Create Secure Channel
            EstablishSecureChannel();

            _NETLOGON_LEVEL netLogonLevel = new _NETLOGON_LEVEL();

            if (logonLevel == _NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveInformation)
            {
                //Fill InteractiveInfo
                netLogonLevel = ApdsUtility.CreateNlmpInteractiveLogonInfo(
                    NrpcParameterControlFlags.AllowLogonWithComputerAccount,
                    sutTrustDomainName,
                    currentUserName,
                    currentPassword,
                    sutComputerName);
            }
            else if (logonLevel == _NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkInformation)
            {
                //Fill Netlogon_Network_Info
                if (accountInfo == AccountInformation.ManagedServiceAccount)
                {
                    netLogonLevel = nrpcClient.CreateNetlogonLevel(
                        _NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkInformation,
                        NrpcParameterControlFlags.AllowLogonWithComputerAccount,
                        sutDomainName, // managed service account is created in the local domain
                        currentUserName,
                        currentPassword);
                }
                else
                {
                    netLogonLevel = nrpcClient.CreateNetlogonLevel(
                        _NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkInformation,
                        NrpcParameterControlFlags.AllowLogonWithComputerAccount,
                        sutTrustDomainName,
                        currentUserName,
                        currentPassword);
                }
            }

            _NETLOGON_LEVEL encryptedLogonLevel = nrpcClient.EncryptNetlogonLevel(
                logonLevel,
                netLogonLevel);

            byte?authoritative;
            _NETLOGON_VALIDATION?           validationInformation = new _NETLOGON_VALIDATION();
            NrpcNetrLogonSamLogonExtraFlags?extraFlags            = NrpcNetrLogonSamLogonExtraFlags.None;

            result = nrpcClient.NetrLogonSamLogonEx(
                nrpcClient.Handle,
                sutComputerName,
                clientComputerName,
                logonLevel,
                encryptedLogonLevel,
                validationLevel,
                out validationInformation,
                out authoritative,
                ref extraFlags);

            // Whether this method use pass-through mechanism or not.
            bool isPassThroughMethod = false;

            //
            //For NTLM pass-through, the LogonLevel is 1(NetlogonInteractiveInformation) or 2(NetlogonNetworkInformation)
            //based on Interactive Logono and Network Logon,as defined in [MS-APDS] section 3.1.5.1 and section 3.1.5.2.
            //So when the LogonLevel is 1 or 2, we can say that NRPC pass-through authentication method is used.
            //
            if ((int)logonLevel == 1 || (int)logonLevel == 2)
            {
                isPassThroughMethod = true;
            }

            //
            //Verify MS-APDS requirment:MS-APDS_R5
            //
            Site.CaptureRequirementIfIsTrue(
                isPassThroughMethod,
                5,
                @"For domain support, authentication protocols MUST use an NRPC pass-through authentication 
                ([MS-NRPC] section 3.2) method with parameters determined by the authentication protocol being 
                used[to return the response structures to member server].");

            //
            //Verify MS-APDS requirment:MS-APDS_R118
            //if isPassThroughMethod is true, this requirement can be verified.
            //
            Site.CaptureRequirementIfIsTrue(
                isPassThroughMethod,
                118,
                @"NT LAN Manager (NTLM) interactive logon and network logon MUST receive the authentication 
                response sequence by contacting the DC using an NRPC pass-through authentication method .");

            if (result == NtStatus.STATUS_SUCCESS)
            {
                if (validationLevel == _NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo4)
                {
                    VerifyNTLMDataStructure(validationLevel, logonLevel);

                    VerifyMessageSyntxNTLMValidV4Resp(
                        validationInformation.Value.ValidationSam4[0].UserSessionKey.data[0].data,
                        validationInformation.Value.ValidationSam4[0].EffectiveName.ToString());
                }
                else if (validationLevel == _NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo2)
                {
                    VerifyNTLMDataStructure(validationLevel, logonLevel);
                }
                else if (validationLevel == _NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo)
                {
                    VerifyNTLMDataStructure(validationLevel, logonLevel);
                }
            }

            return((Status)result);
        }
예제 #6
0
        /// <summary>
        /// Send Digest request message to DC, and validate the credentials.
        /// </summary>
        /// <param name="isValidationSuccess">Indicates whether the validation from server will be success.</param>
        /// <param name="digestType">Indicates the DigestType field of the request.</param>
        /// <param name="algType">Indicates the AlgType field of the request.</param>
        /// <param name="ignoredFields">It indicates the fields that should be ignored by DC in DIGEST_VALIDATION_REQ.</param>
        /// <returns>Indicates the result status of DC response.</returns>
        public Status GenerateDigestRequest(
            Boolean isValidationSuccess,
            AccountInformation accountInfo,
            DigestType_Values digestType,
            AlgType_Values algType,
            IgnoredFields ignoredFields)
        {
            DIGEST_VALIDATION_REQ           digestReq;
            _NETLOGON_LOGON_INFO_CLASS      logonLevel      = _NETLOGON_LOGON_INFO_CLASS.NetlogonGenericInformation;
            _NETLOGON_VALIDATION_INFO_CLASS validationLevel = _NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationGenericInfo2;

            //Compute the password
            GenerateCurrentCredentials(accountInfo);

            //Get Digest Request
            GetDigestRequest(digestType, algType, ignoredFields, out digestReq);

            //Create digest validation logon info
            _NETLOGON_LEVEL netlogonLevel = ApdsUtility.CreateDpspLogonInfo(
                NrpcParameterControlFlags.AllowLogonWithComputerAccount,
                digestReq);

            //Create Secure Channel
            EstablishSecureChannel();

            //Client calls EncryptNetlogonLevel
            _NETLOGON_LEVEL encryptedLogonLevel = nrpcClient.EncryptNetlogonLevel(
                (_NETLOGON_LOGON_INFO_CLASS)logonLevel,
                netlogonLevel);

            //Client calls NetrLogonSamLogonEx
            _NETLOGON_VALIDATION?validationInfomation;
            byte?authoritative;
            NrpcNetrLogonSamLogonExtraFlags?extraFlags = NrpcNetrLogonSamLogonExtraFlags.None;

            result = nrpcClient.NetrLogonSamLogonEx(
                nrpcClient.Handle,
                sutComputerName,
                clientComputerName,
                logonLevel,
                encryptedLogonLevel,
                validationLevel,
                out validationInfomation,
                out authoritative,
                ref extraFlags);

            // Whether this method use pass-through mechanism or not.
            bool isPassThroughMethod = false;

            //
            //The Digest validation protocol SHOULD use the generic pass-through mechanism.
            //For generic pass-through, the LogonLevel is 4(NetlogonGenericInformation) as defined in [MS-NRPC] section 3.2.4.1.
            //So when the LogonLevel is  4, we can say that NRPC pass-through authentication method is used.
            //
            if ((int)logonLevel == 4)
            {
                isPassThroughMethod = true;
            }
            //
            //Verify MS-APDS requirment:MS-APDS_R5
            //
            Site.CaptureRequirementIfIsTrue(
                isPassThroughMethod,
                5,
                @"For domain support, authentication protocols MUST use an NRPC pass-through authentication 
                ([MS-NRPC] section 3.2) method with parameters determined by the authentication protocol being 
                used[to return the response structures to member server].");

            //
            //Verify MS-APDS requirment:MS-APDS_R15
            //
            Site.CaptureRequirementIfAreEqual <int>(
                5,
                (int)validationLevel,
                15,
                @"Digest response messages MUST be encoded as opaque blobs and transported 
                by the generic pass-through capability of Netlogon.");

            //
            //Configured in PTFConfig file,default SHOULD to true and MAY to false.
            //
            string isR169Implemented = "true";

            //
            //Check OS version
            //
            if (isWindows)
            {
                //
                //Verify MS-APDS requirment:MS-APDS_R100169
                //
                Site.CaptureRequirementIfAreEqual <int>(
                    5,
                    (int)validationLevel,
                    100169,
                    @"In Windows, the Digest validation protocol uses the generic pass-through mechanism.");

                if (null == isR169Implemented)
                {
                    Site.Properties.Add("R169Implemented", Boolean.TrueString);
                    isR169Implemented = Boolean.TrueString;
                }
            }
            if (null != isR169Implemented)
            {
                bool implSigns   = Boolean.Parse(isR169Implemented);
                bool isSatisfied = ((int)_NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationGenericInfo2 == 5);
                //
                //Verify MS-APDS requirment:MS-APDS_R169
                //
                Site.CaptureRequirementIfAreEqual <Boolean>(
                    implSigns,
                    isSatisfied,
                    169,
                    string.Format(@"The Digest validation protocol SHOULD use the generic pass-through mechanism. 
                   This requirement is {0} implemented.", implSigns ? "" : "not"));
            }

            byte[] buf;
            bool   isDigestResStructure = true;
            DIGEST_VALIDATION_RESP digestValidationResponse = new DIGEST_VALIDATION_RESP();

            // Judge whether the digest response is exist, validationData is response point.
            // if validationData equals 0, no response return from NRPC.
            if (validationInfomation.Value.ValidationGeneric2 == null)
            {
                isDigestResStructure = false;
            }
            else
            {
                // decrypt validation info
                buf = NrpcUtility.DecryptBuffer(
                    (nrpcClient.Context.NegotiateFlags & NrpcNegotiateFlags.SupportsAESAndSHA2) == NrpcNegotiateFlags.SupportsAESAndSHA2,
                    nrpcClient.Context.SessionKey,
                    validationInfomation.Value.ValidationGeneric2[0].ValidationData);

                _NETLOGON_VALIDATION decryptValidationInfo = new _NETLOGON_VALIDATION();
                decryptValidationInfo.ValidationGeneric2 = new _NETLOGON_VALIDATION_GENERIC_INFO2[1];
                decryptValidationInfo.ValidationGeneric2[0].ValidationData = buf;

                digestValidationResponse =
                    ApdsUtility.ConvertDataToDigestValidationResponse(decryptValidationInfo);

                VerifyMessageSyntaxDigestValidCredential(digestValidationResponse, validationLevel, (uint)buf.Length);
            }

            if (result != NtStatus.STATUS_SUCCESS)
            {
                //
                //Verify MS-APDS requirment:MS-APDS_R292
                //
                Site.CaptureRequirementIfIsFalse(
                    isDigestResStructure,
                    292,
                    "[If unsuccessful]It[DC] MUST NOT send back the DIGEST_VALIDATION_RESP message.");

                VerifyMessageSyntxDigestInvalidResp((uint)result, digestValidationResponse.AuthDataSize);
            }

            return((Status)result);
        }
        /// <summary>
        /// Verify response data structure for NTLM is NetlogonValidationSamInfo2 or NetlogonValidationSamInfo4
        /// </summary>
        /// <param name="validationLevel">request validation data structure level</param>
        /// <param name="logonLevel">request logon level</param>
        private void VerifyNTLMDataStructure(
            _NETLOGON_VALIDATION_INFO_CLASS validationLevel,
            _NETLOGON_LOGON_INFO_CLASS logonLevel)
        {
            if (validationLevel == _NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo)
            {
                //
                //Verify MS-APDS requirment:MS-APDS_R100136
                //
                Site.CaptureRequirementIfAreEqual <_NETLOGON_VALIDATION_INFO_CLASS>(
                    _NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo,
                    validationLevel,
                    100136,
                    @"If there is a successful match[the local copy of password matches with the one sent in the 
                    request ], the domain controller MUST return data with ValidationInformation containing a reference 
                    to NETLOGON_VALIDATION_SAM_INFO ([MS-NRPC] section 2.2.1.4.11), if the ValidationLevel in the 
                    request is NetlogonValidationSamInfo.");
            }

            if (validationLevel == _NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo2)
            {
                //
                //Verify MS-APDS requirment:MS-APDS_R136
                //this capture function is invoked when the return value is success,
                //It means that the local copy of password must match with the one sent in the request
                //
                Site.CaptureRequirementIfAreEqual <_NETLOGON_VALIDATION_INFO_CLASS>(
                    _NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo2,
                    validationLevel,
                    136,
                    @"If the local copy of password matches with the one sent in the request, and the  ValidationLevel in 
                    the request is NetlogonValidationSamInfo2, then domain controller MUST return data with ValidationInformation 
                    containing a reference to  NETLOGON_VALIDATION_SAM_INFO2.");
            }

            if (validationLevel == _NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo4)
            {
                //
                //Verify MS-APDS requirment:MS-APDS_R135
                //
                Site.CaptureRequirementIfAreEqual <_NETLOGON_VALIDATION_INFO_CLASS>(
                    _NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo4,
                    validationLevel,
                    135,
                    @"If the local copy of password matches with the one sent in the request, and the  ValidationLevel 
                    in the request is NetlogonValidationSamInfo4, then domain controller MUST return data with 
                    ValidationInformation containing a reference to NETLOGON_VALIDATION_SAM_INFO4.");
                //
                //Verify MS-APDS requirment:MS-APDS_R122
                //
                Site.CaptureRequirementIfAreEqual <_NETLOGON_VALIDATION_INFO_CLASS>(
                    _NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo4,
                    validationLevel,
                    122,
                    @"The DC MUST send the NETLOGON_VALIDATION_SAM_INFO4 structures back to the NTLM server");

                if (logonLevel == _NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkInformation)
                {
                    //
                    //Configured in PTFConfig file,default SHOULD to true and MAY to false.
                    //
                    string isR120Implemented = "true";
                    //
                    //Check OS version
                    //
                    if (isWindows)
                    {
                        //
                        //Verify MS-APDS requirment:MS-APDS_R100120
                        //
                        Site.CaptureRequirementIfAreEqual <int>(
                            6,
                            (int)validationLevel,
                            100120,
                            @"In Windows, in NTLM Network logon, NETLOGON_VALIDATION_SAM_INFO4 data structures are 
                            returned by the server.");

                        if (null == isR120Implemented)
                        {
                            Site.Properties.Add("R120Implemented", Boolean.TrueString);
                            isR120Implemented = Boolean.TrueString;
                        }
                    }
                    if (null != isR120Implemented)
                    {
                        bool implSigns   = Boolean.Parse(isR120Implemented);
                        bool isSatisfied = ((int)_NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo4 == 6);
                        //
                        //Verify MS-APDS requirment:MS-APDS_R120
                        //
                        Site.CaptureRequirementIfAreEqual <Boolean>(
                            implSigns,
                            isSatisfied,
                            120,
                            string.Format(@"In NTLM Network logon, NETLOGON_VALIDATION_SAM_INFO4 data structures SHOULD be returned 
                                            by the server. This requirement is {0} implemented.", implSigns? "":"not"));
                    }
                }
            }
        }
        public void NRPC_Traditional05_VerifyOutOfSequenceMessage()
        {
            PlatformType platform;
            HRESULT      result = HRESULT.ERROR_SUCCESS;

            Site.Log.Add(LogEntryKind.Comment, "Call GetPlatform");

            nrpcServerAdapter.GetPlatform(out platform);

            Site.Log.Add(LogEntryKind.Comment, "Return GetPlatform(out {0})", platform);


            Site.Log.Add(LogEntryKind.Comment, "Call ConfigServer");

            nrpcServerSutControlAdapter.ConfigServer(true, false);

            Site.Log.Add(LogEntryKind.Comment, "Return ConfigServer");

            NrpcServerAdapter adapter = new NrpcServerAdapter();

            adapter.Initialize(Site);

            using (this.nrpcClient = NrpcClient.CreateNrpcClient(adapter.PrimaryDomainDnsName))
            {
                this.nrpcClient.Context.NegotiateFlags = (NrpcNegotiateFlags)NrpcServerAdapter.NegotiateFlags;
                MachineAccountCredential machineCredential = new MachineAccountCredential(
                    adapter.PrimaryDomainDnsName,
                    adapter.ENDPOINTNetbiosName,
                    adapter.ENDPOINTPassword);
                NrpcClientSecurityContext secuContext = new NrpcClientSecurityContext(
                    adapter.PrimaryDomainDnsName,
                    adapter.PDCNetbiosName,
                    machineCredential,
                    true,
                    this.nrpcClient.Context.NegotiateFlags);
                AccountCredential accountCredential = new AccountCredential(
                    adapter.PrimaryDomainDnsName,
                    adapter.DomainAdministratorName,
                    adapter.DomainUserPassword);
                try
                {
                    this.nrpcClient.BindOverNamedPipe(
                        adapter.PDCNetbiosName,
                        accountCredential,
                        secuContext,
                        adapter.timeOut);
                }
                catch (Exception e)
                {
                    Site.Log.Add(LogEntryKind.Debug, "Failed to bind NamedPipe to " + adapter.PDCNetbiosName + "due to reason: " + e.Message);
                    Site.Assert.Fail("Failed on init NRPC client on transport NamedPipe");
                }
                this.nrpcClient.Context.SequenceNumber++;

                _NETLOGON_LOGON_INFO_CLASS logonLevelInfoClass = _NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveInformation;
                _NETLOGON_LEVEL            logonLevel          = this.nrpcClient.CreateNetlogonLevel(
                    logonLevelInfoClass,
                    NrpcParameterControlFlags.AllowLogonWithComputerAccount,
                    adapter.PrimaryDomainDnsName,
                    adapter.DomainAdministratorName,
                    adapter.DomainUserPassword);

                // Client calls EncryptNetlogonLevel
                _NETLOGON_LEVEL?encryptedLogonLevel = this.nrpcClient.EncryptNetlogonLevel(
                    logonLevelInfoClass,
                    logonLevel);
                _NETLOGON_AUTHENTICATOR?serverAuthenticator  = this.nrpcClient.CreateEmptyNetlogonAuthenticator();
                _NETLOGON_AUTHENTICATOR?clientAuthenticator  = this.nrpcClient.ComputeNetlogonAuthenticator();
                _NETLOGON_VALIDATION?   validationInfomation = null;
                byte?authoritative = null;

                try
                {
                    result = (HRESULT)this.nrpcClient.NetrLogonSamLogon(
                        adapter.PDCNetbiosName,
                        adapter.ENDPOINTNetbiosName,
                        clientAuthenticator,
                        ref serverAuthenticator,
                        logonLevelInfoClass,
                        encryptedLogonLevel,
                        _NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo2,
                        out validationInfomation,
                        out authoritative);
                }
                catch (InvalidOperationException e)
                {
                    result = (HRESULT)int.Parse(e.Message, CultureInfo.InvariantCulture);
                }

                // If the sequence number in security context is out of sequence, the server will return an error message.
                Site.CaptureRequirementIfAreNotEqual <HRESULT>(
                    HRESULT.ERROR_SUCCESS,
                    result,
                    853,
                    @"[In Receiving an Initial Netlogon Signature Token,  The following steps are 
                performed to verify the data  and to decrypt with AES if negotiated, otherwise 
                RC4 if required: in step 7: ] If these two [SequenceNumber  and CopySeqNumber ] 
                do not match, an error is returned indicating that out-of-sequence data was received.");
            }
        }
        /// <summary>
        /// Create an instance of NETLOGON_LEVEL structure 
        /// based on logonLevel parameter passed to the method.<para/>
        /// This method only supports logonLevel equals to 
        /// NetlogonInteractiveInformation or 
        /// NetlogonNetworkInformation or 
        /// NetlogonServiceInformation or 
        /// NetlogonInteractiveTransitiveInformation or
        /// NetlogonNetworkTransitiveInformation or
        /// NetlogonServiceTransitiveInformation.
        /// </summary>
        /// <param name="logonLevel">
        /// A NETLOGON_LOGON_INFO_CLASS structure, as specified in section 2.2.1.4.16, 
        /// that specifies the type of the logon information.
        /// This method only supports logonLevel equals to 
        /// NetlogonInteractiveInformation or 
        /// NetlogonNetworkInformation or 
        /// NetlogonServiceInformation or 
        /// NetlogonInteractiveTransitiveInformation or
        /// NetlogonNetworkTransitiveInformation or
        /// NetlogonServiceTransitiveInformation.
        /// </param>
        /// <param name="parameterControl">
        /// A set of bit flags that contain information pertaining 
        /// to the logon validation processing.
        /// </param>
        /// <param name="domainName">
        /// Contains the NetBIOS name of the domain of the account.
        /// </param>
        /// <param name="userName">
        /// Contains the name of the user.
        /// </param>
        /// <param name="password">
        /// The password.
        /// </param>
        /// <returns>
        /// Created but not-yet-encrypted NETLOGON_LEVEL structure.
        /// </returns>
        /// <exception cref="ArgumentException">
        /// Thrown when logonLevel is not supported by the method.
        /// </exception>
        public _NETLOGON_LEVEL CreateNetlogonLevel(
            _NETLOGON_LOGON_INFO_CLASS logonLevel,
            NrpcParameterControlFlags parameterControl,
            string domainName,
            string userName,
            string password)
        {
            _NETLOGON_LEVEL netlogonLevel = new _NETLOGON_LEVEL();
            byte[] lmOwf;
            byte[] ntOwf;
            byte[] lmChallenge;
            byte[] ntChallengeResponse;
            byte[] lmChallengeResponse;

            //Identity: A NETLOGON_LOGON_IDENTITY_INFO structure, as specified in section 2.2.1.4.15,
            //that contains information about the logon identity.
            _NETLOGON_LOGON_IDENTITY_INFO identityInfo = NrpcUtility.CreateNetlogonIdentityInfo(
                parameterControl,
                domainName,
                userName,
                context.ClientComputerName);

            switch (logonLevel)
            {
                case _NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveInformation:
                    //LmOwfPassword: LM_OWF_PASSWORD structure, as specified in section 2.2.1.1.3,
                    //that contains the LMOWFv1 of a password.
                    //LMOWFv1 is specified in NTLM v1 Authentication in [MS-NLMP] section 3.3.1.
                    lmOwf = NlmpUtility.LmOWF(NlmpVersion.v1, domainName, userName, password);
                    //NtOwfPassword: An NT_OWF_PASSWORD structure, as specified in section 2.2.1.1.4,
                    //that contains the NTOWFv1 of a password.
                    //NTOWFv1 is specified in NTLM v1 Authentication in [MS-NLMP] section 3.3.1.
                    ntOwf = NlmpUtility.NtOWF(NlmpVersion.v1, domainName, userName, password);

                    netlogonLevel.LogonInteractive = new _NETLOGON_INTERACTIVE_INFO[1];
                    netlogonLevel.LogonInteractive[0].Identity = identityInfo;
                    netlogonLevel.LogonInteractive[0].LmOwfPassword = new _LM_OWF_PASSWORD();
                    netlogonLevel.LogonInteractive[0].LmOwfPassword.data = NrpcUtility.CreateCypherBlocks(lmOwf);
                    netlogonLevel.LogonInteractive[0].NtOwfPassword = new _NT_OWF_PASSWORD();
                    netlogonLevel.LogonInteractive[0].NtOwfPassword.data = NrpcUtility.CreateCypherBlocks(ntOwf);
                    break;

                case _NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkInformation:
                    //LmChallenge: LM_CHALLENGE structure, as specified in section 2.2.1.4.1,
                    //that contains the network authentication challenge.
                    //For details about challenges, see [MS-NLMP].
                    lmChallenge = NrpcUtility.GenerateNonce(NrpcUtility.NL_CREDENTIAL_LENGTH);
                    //NtChallengeResponse: String that contains the NT response (see [MS-NLMP])
                    //to the network authentication challenge.
                    lmOwf = NlmpUtility.GetResponseKeyLm(NlmpVersion.v1, domainName, userName, password);
                    lmChallengeResponse = NlmpUtility.DESL(lmOwf, lmChallenge);
                    //LmChallengeResponse: String that contains the LAN Manager response
                    //(see [MS-NLMP]) to the network authentication challenge.
                    ntOwf = NlmpUtility.GetResponseKeyNt(NlmpVersion.v1, domainName, userName, password);
                    ntChallengeResponse = NlmpUtility.DESL(ntOwf, lmChallenge);

                    netlogonLevel.LogonNetwork = new _NETLOGON_NETWORK_INFO[1];
                    netlogonLevel.LogonNetwork[0].Identity = identityInfo;
                    netlogonLevel.LogonNetwork[0].LmChallenge = new LM_CHALLENGE();
                    netlogonLevel.LogonNetwork[0].LmChallenge.data = lmChallenge;
                    netlogonLevel.LogonNetwork[0].LmChallengeResponse = NrpcUtility.CreateString(lmChallengeResponse);
                    netlogonLevel.LogonNetwork[0].NtChallengeResponse = NrpcUtility.CreateString(ntChallengeResponse);
                    break;

                case _NETLOGON_LOGON_INFO_CLASS.NetlogonServiceInformation:
                    //LmOwfPassword: LM_OWF_PASSWORD structure, as specified in section 2.2.1.1.3,
                    //that contains the LMOWFv1 of a password.
                    //LMOWFv1 is specified in NTLM v1 Authentication in [MS-NLMP] section 3.3.1.
                    lmOwf = NlmpUtility.LmOWF(NlmpVersion.v1, domainName, userName, password);
                    //NtOwfPassword: NT_OWF_PASSWORD structure, as specified in section 2.2.1.1.4,
                    //that contains the NTOWFv1 of a password.
                    //NTOWFv1 is specified in NTLM v1 Authentication in [MS-NLMP] section 3.3.1.
                    ntOwf = NlmpUtility.NtOWF(NlmpVersion.v1, domainName, userName, password);

                    netlogonLevel.LogonService = new _NETLOGON_SERVICE_INFO[1];
                    netlogonLevel.LogonService[0].Identity = identityInfo;
                    netlogonLevel.LogonService[0].LmOwfPassword = new _LM_OWF_PASSWORD();
                    netlogonLevel.LogonService[0].LmOwfPassword.data = NrpcUtility.CreateCypherBlocks(lmOwf);
                    netlogonLevel.LogonService[0].NtOwfPassword = new _NT_OWF_PASSWORD();
                    netlogonLevel.LogonService[0].NtOwfPassword.data = NrpcUtility.CreateCypherBlocks(ntOwf);
                    break;

                case _NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveTransitiveInformation:
                    lmOwf = NlmpUtility.LmOWF(NlmpVersion.v1, domainName, userName, password);
                    ntOwf = NlmpUtility.NtOWF(NlmpVersion.v1, domainName, userName, password);

                    netlogonLevel.LogonInteractiveTransitive = new _NETLOGON_INTERACTIVE_INFO[1];
                    netlogonLevel.LogonInteractiveTransitive[0].Identity = identityInfo;
                    netlogonLevel.LogonInteractiveTransitive[0].LmOwfPassword = new _LM_OWF_PASSWORD();
                    netlogonLevel.LogonInteractiveTransitive[0].LmOwfPassword.data
                        = NrpcUtility.CreateCypherBlocks(lmOwf);
                    netlogonLevel.LogonInteractiveTransitive[0].NtOwfPassword = new _NT_OWF_PASSWORD();
                    netlogonLevel.LogonInteractiveTransitive[0].NtOwfPassword.data
                        = NrpcUtility.CreateCypherBlocks(ntOwf);
                    break;

                case _NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkTransitiveInformation:
                    lmChallenge = NrpcUtility.GenerateNonce(NrpcUtility.NL_CREDENTIAL_LENGTH);
                    lmOwf = NlmpUtility.GetResponseKeyLm(NlmpVersion.v1, domainName, userName, password);
                    lmChallengeResponse = NlmpUtility.DESL(lmOwf, lmChallenge);
                    ntOwf = NlmpUtility.GetResponseKeyNt(NlmpVersion.v1, domainName, userName, password);
                    ntChallengeResponse = NlmpUtility.DESL(ntOwf, lmChallenge);

                    netlogonLevel.LogonNetworkTransitive = new _NETLOGON_NETWORK_INFO[1];
                    netlogonLevel.LogonNetworkTransitive[0].Identity = identityInfo;
                    netlogonLevel.LogonNetworkTransitive[0].LmChallenge = new LM_CHALLENGE();
                    netlogonLevel.LogonNetworkTransitive[0].LmChallenge.data = lmChallenge;
                    netlogonLevel.LogonNetworkTransitive[0].LmChallengeResponse
                        = NrpcUtility.CreateString(lmChallengeResponse);
                    netlogonLevel.LogonNetworkTransitive[0].NtChallengeResponse
                        = NrpcUtility.CreateString(ntChallengeResponse);
                    break;

                case _NETLOGON_LOGON_INFO_CLASS.NetlogonServiceTransitiveInformation:
                    lmOwf = NlmpUtility.LmOWF(NlmpVersion.v1, domainName, userName, password);
                    ntOwf = NlmpUtility.NtOWF(NlmpVersion.v1, domainName, userName, password);

                    netlogonLevel.LogonServiceTransitive = new _NETLOGON_SERVICE_INFO[1];
                    netlogonLevel.LogonServiceTransitive[0].Identity = identityInfo;
                    netlogonLevel.LogonServiceTransitive[0].LmOwfPassword = new _LM_OWF_PASSWORD();
                    netlogonLevel.LogonServiceTransitive[0].LmOwfPassword.data = NrpcUtility.CreateCypherBlocks(lmOwf);
                    netlogonLevel.LogonServiceTransitive[0].NtOwfPassword = new _NT_OWF_PASSWORD();
                    netlogonLevel.LogonServiceTransitive[0].NtOwfPassword.data = NrpcUtility.CreateCypherBlocks(ntOwf);
                    break;

                case _NETLOGON_LOGON_INFO_CLASS.NetlogonGenericInformation:
                default:
                    throw new ArgumentException("logonLevel is not supported by the method.", "logonLevel");
            }

            return netlogonLevel;
        }
예제 #10
0
        public _NETLOGON_LEVEL CreateNetlogonLevel(
            _NETLOGON_LOGON_INFO_CLASS logonLevel,
            string logonDomainName,
            NrpcParameterControlFlags parameterControl,
            string userName,
            string workstation,
            string packageName,
            byte[] logonData)
        {
            if (logonLevel != _NETLOGON_LOGON_INFO_CLASS.NetlogonGenericInformation)
            {
                throw new ArgumentException("logonLevel is not supported by the method.", "logonLevel");
            }

            _NETLOGON_LEVEL netlogonLevel = new _NETLOGON_LEVEL();

            netlogonLevel.LogonGeneric = new _NETLOGON_GENERIC_INFO[1];
            netlogonLevel.LogonGeneric[0].Identity = new _NETLOGON_LOGON_IDENTITY_INFO();
            netlogonLevel.LogonGeneric[0].Identity.LogonDomainName = DtypUtility.ToRpcUnicodeString(logonDomainName);
            netlogonLevel.LogonGeneric[0].Identity.ParameterControl = (uint)parameterControl;
            netlogonLevel.LogonGeneric[0].Identity.UserName = DtypUtility.ToRpcUnicodeString(userName);
            netlogonLevel.LogonGeneric[0].Identity.Workstation = DtypUtility.ToRpcUnicodeString(workstation);
            netlogonLevel.LogonGeneric[0].Identity.Reserved = DtypUtility.ToOldLargeInteger(0);
            netlogonLevel.LogonGeneric[0].PackageName = DtypUtility.ToRpcUnicodeString(packageName);
            netlogonLevel.LogonGeneric[0].DataLength = (uint)logonData.Length;
            netlogonLevel.LogonGeneric[0].LogonData = logonData;

            return netlogonLevel;
        }
예제 #11
0
        /// <summary>
        ///  The NetrLogonSamLogonWithFlags method Supported in windows_xpwindows_server_2003,
        ///  windows_vista, windows_server_2008, windows_7, and
        ///  windows_server_7. handles logon requests for the SAM
        ///  accounts. Opnum: 45 
        /// </summary>
        /// <param name="logonServer">
        ///  The custom RPC binding handle.
        /// </param>
        /// <param name="computerName">
        ///  The Unicode string that contains the NetBIOS name of
        ///  the client computer calling this method.
        /// </param>
        /// <param name="authenticator">
        ///  A pointer to a NETLOGON_AUTHENTICATOR structure, 
        ///  that contains the client authenticator.
        /// </param>
        /// <param name="returnAuthenticator">
        ///  A pointer to a NETLOGON_AUTHENTICATOR structure, 
        ///  that contains the server return
        ///  authenticator.
        /// </param>
        /// <param name="logonLevel">
        ///  A NETLOGON_LOGON_INFO_CLASS structure, 
        ///  that specifies the type of logon information
        ///  passed in the LogonInformation parameter.
        /// </param>
        /// <param name="logonInformation">
        ///  A pointer to a NETLOGON_LEVEL structure, 
        ///  that describes the logon request information.
        /// </param>
        /// <param name="validationLevel">
        ///  A NETLOGON_VALIDATION_INFO_CLASS enumerated type, 
        ///  that contains the validation
        ///  level requested by the client.
        /// </param>
        /// <param name="validationInformation">
        ///  A pointer to a NETLOGON_VALIDATION structure, 
        ///  that describes the user validation information
        ///  returned to the client. The type of the NETLOGON_VALIDATION
        ///  used is determined by the value of the ValidationLevel
        ///  parameter.
        /// </param>
        /// <param name="authoritative">
        ///  A pointer to a char value representing a Boolean condition.
        ///  FALSE is indicated by the value 0x00; TRUE SHOULD be
        ///  indicated by the value 0x01 and MAY also be indicated
        ///  by any nonzero value. Windows uses the value of 0x01
        ///  as the representation of TRUE and 0x00 for FALSE. This
        ///  Boolean value indicates whether the validation information
        ///  is final. This field is necessary because the request
        ///  might be forwarded through multiple servers. A value
        ///  of TRUE indicates that the validation information is
        ///  final and MUST remain unchanged.
        /// </param>
        /// <param name="extraFlags">
        ///  A pointer to a set of bit flags that specify delivery
        ///  settings. A flag is TRUE (or set) if its value is equal
        ///  to 1. The value is constructed from zero or more bit
        ///  flags from the following table.
        /// </param>
        /// <returns>
        /// The method returns 0x00000000 on success; 
        /// otherwise, it returns a nonzero error code.
        /// </returns>
        public NtStatus NetrLogonSamLogonWithFlags(
            string logonServer,
            string computerName,
            _NETLOGON_AUTHENTICATOR? authenticator,
            ref _NETLOGON_AUTHENTICATOR? returnAuthenticator,
            _NETLOGON_LOGON_INFO_CLASS logonLevel,
            _NETLOGON_LEVEL? logonInformation,
            _NETLOGON_VALIDATION_INFO_CLASS validationLevel,
            out _NETLOGON_VALIDATION? validationInformation,
            out byte? authoritative,
            ref NrpcNetrLogonSamLogonExtraFlags? extraFlags)
        {
            uint? flags = (uint?)extraFlags;

            NtStatus status = rpc.NetrLogonSamLogonWithFlags(
                logonServer,
                computerName,
                authenticator,
                ref returnAuthenticator,
                logonLevel,
                logonInformation,
                validationLevel,
                out validationInformation,
                out authoritative,
                ref flags);

            context.ConnectionStatus = status;
            extraFlags = (NrpcNetrLogonSamLogonExtraFlags?)flags;
            return status;
        }
예제 #12
0
        /// <summary>
        ///  The NetrLogonSamLogonEx method Supported in windows_2000_server,
        ///  windows_xp, windows_server_2003, windows_vista, windows_server_2008,
        ///  windows_7, and windows_server_7. provides an extension
        ///  to NetrLogonSamLogon that accepts an extra flags parameter
        ///  and uses Secure RPC ([MS-RPCE]) instead of
        ///  Netlogon authenticators. This method handles logon
        ///  requests for the SAM accounts and allows for generic
        ///  pass-through authentication.
        ///  For more information about fields and structures
        ///  used by Netlogon pass-through methods.
        ///  Opnum: 39 
        /// </summary>
        /// <param name="contextHandle">
        ///  A primitive RPC handle that identifies a particular
        ///  client/server binding.
        /// </param>
        /// <param name="logonServer">
        ///  The null-terminated Unicode string that contains the
        ///  NetBIOS name of the server that will handle the logon
        ///  request.
        /// </param>
        /// <param name="computerName">
        ///  The null-terminated Unicode string that contains the
        ///  NetBIOS name of the client computer sending the logon
        ///  request.
        /// </param>
        /// <param name="logonLevel">
        ///  A NETLOGON_LOGON_INFO_CLASS structure, 
        ///  that specifies the type of the logon information
        ///  passed in the LogonInformation parameter.
        /// </param>
        /// <param name="logonInformation">
        ///  A pointer to a NETLOGON_LEVEL structure, 
        ///  that describes the logon request information.
        /// </param>
        /// <param name="validationLevel">
        ///  A NETLOGON_VALIDATION_INFO_CLASS enumerated type, 
        ///  that contains the validation
        ///  level requested by the client.
        /// </param>
        /// <param name="validationInformation">
        ///  A pointer to a NETLOGON_VALIDATION structure, 
        ///  that describes the user validation information
        ///  returned to the client. The type of the NETLOGON_VALIDATION
        ///  used is determined by the value of the ValidationLevel
        ///  parameter.
        /// </param>
        /// <param name="authoritative">
        ///  A pointer to a char value that represents a Boolean
        ///  condition. FALSE is indicated by the value 0x00, and
        ///  TRUE SHOULDwindows uses the value 0x01 as the representation
        ///  of TRUE and 0x00 for FALSE. be indicated by the value
        ///  0x01 and MAY also be indicated by any nonzero value.
        ///  This Boolean value indicates whether the validation
        ///  information is final. This field is necessary because
        ///  the request might be forwarded through multiple servers.
        ///  The value TRUE indicates that the validation information
        ///  is final and MUST remain unchanged. The Authoritative
        ///  parameter indicates whether the response to this call
        ///  is final or if the same request can be sent to another
        ///  server. The value SHOULD be set to FALSE if the server
        ///  encounters a transient error, and the client can resend
        ///  the request to another server. If the same request
        ///  is known to fail in all subsequent requests, the server
        ///  SHOULD return TRUE.
        /// </param>
        /// <param name="extraFlags">
        ///  A pointer to a set of bit flags that specify delivery
        ///  settings. A flag is TRUE (or set) if its value is equal
        ///  to 1. Output flags MUST be the same as input. The value
        ///  is constructed from zero or more bit flags from the
        ///  following table.
        /// </param>
        /// <returns>
        /// The method returns 0x00000000 on success; 
        /// otherwise, it returns a nonzero error code.
        /// </returns>
        public NtStatus NetrLogonSamLogonEx(
            IntPtr contextHandle,
            string logonServer,
            string computerName,
            _NETLOGON_LOGON_INFO_CLASS logonLevel,
            _NETLOGON_LEVEL? logonInformation,
            _NETLOGON_VALIDATION_INFO_CLASS validationLevel,
            out _NETLOGON_VALIDATION? validationInformation,
            out byte? authoritative,
            ref NrpcNetrLogonSamLogonExtraFlags? extraFlags)
        {
            uint? flags = (uint?)extraFlags;

            NtStatus status = rpc.NetrLogonSamLogonEx(
                contextHandle,
                logonServer,
                computerName,
                logonLevel,
                logonInformation,
                validationLevel,
                out validationInformation,
                out authoritative,
                ref flags);

            context.ConnectionStatus = status;
            extraFlags = (NrpcNetrLogonSamLogonExtraFlags?)flags;
            return status;
        }
예제 #13
0
        /// <summary>
        ///  The NetrLogonSamLogon method This method was used in
        ///  windows_nt_4_0. It was superseded by the NetrLogonSamLogonWithFlags
        ///  method in windows_2000_server, windows_xp,
        ///  windows_server_2003, windows_vista, and windows_server_2008,
        ///  windows_7, and windows_server_7. is a predecessor to
        ///  the NetrLogonSamLogonWithFlags method. All
        ///  parameters of this method have the same meanings as
        ///  the identically named parameters of the NetrLogonSamLogonWithFlags
        ///  method. Opnum: 2 
        /// </summary>
        /// <param name="logonServer">
        ///  LogonServer parameter.
        /// </param>
        /// <param name="computerName">
        ///  ComputerName parameter.
        /// </param>
        /// <param name="authenticator">
        ///  Authenticator parameter.
        /// </param>
        /// <param name="returnAuthenticator">
        ///  ReturnAuthenticator parameter.
        /// </param>
        /// <param name="logonLevel">
        ///  LogonLevel parameter.
        /// </param>
        /// <param name="logonInformation">
        ///  LogonInformation parameter.
        /// </param>
        /// <param name="validationLevel">
        ///  ValidationLevel parameter.
        /// </param>
        /// <param name="validationInformation">
        ///  ValidationInformation parameter.
        /// </param>
        /// <param name="authoritative">
        ///  Authoritative parameter.
        /// </param>
        /// <returns>
        /// The method returns 0x00000000 on success; 
        /// otherwise, it returns a nonzero error code.
        /// </returns>
        public NtStatus NetrLogonSamLogon(
            string logonServer,
            string computerName,
            _NETLOGON_AUTHENTICATOR? authenticator,
            ref _NETLOGON_AUTHENTICATOR? returnAuthenticator,
            _NETLOGON_LOGON_INFO_CLASS logonLevel,
            _NETLOGON_LEVEL? logonInformation,
            _NETLOGON_VALIDATION_INFO_CLASS validationLevel,
            out _NETLOGON_VALIDATION? validationInformation,
            out byte? authoritative)
        {
            NtStatus status = rpc.NetrLogonSamLogon(
                logonServer,
                computerName,
                authenticator,
                ref returnAuthenticator,
                logonLevel,
                logonInformation,
                validationLevel,
                out validationInformation,
                out authoritative);

            //ConnectionStatus: A 4-byte value that contains the most recent
            //connection status return value (section 3.4.5.3.1) last returned
            //during secure channel establishment or by a method requiring
            //session key establishment (section 3.1.4.6).
            context.ConnectionStatus = status;
            return status;
        }
예제 #14
0
        /// <summary>
        ///  The NetrLogonSamLogoff method handles logoff requests
        ///  for the SAM accounts. Opnum: 3 
        /// </summary>
        /// <param name="logonServer">
        ///  The custom RPC binding handle.
        /// </param>
        /// <param name="computerName">
        ///  The Unicode string that contains the NetBIOS name of
        ///  the client computer calling this method.
        /// </param>
        /// <param name="authenticator">
        ///  A pointer to a NETLOGON_AUTHENTICATOR structure, 
        ///  that contains the client authenticator.
        /// </param>
        /// <param name="returnAuthenticator">
        ///  A pointer to a NETLOGON_AUTHENTICATOR structure, 
        ///  that contains the server return
        ///  authenticator.
        /// </param>
        /// <param name="logonLevel">
        ///  A NETLOGON_LOGON_INFO_CLASS structure, 
        ///  that identifies the type of logon information
        ///  in the LogonInformation union.
        /// </param>
        /// <param name="logonInformation">
        ///  A pointer to a NETLOGON_LEVEL structure, 
        ///  that describes the logon information.
        /// </param>
        /// <returns>
        /// The method returns 0x00000000 on success; 
        /// otherwise, it returns a nonzero error code.
        /// </returns>
        public NtStatus NetrLogonSamLogoff(
            string logonServer,
            string computerName,
            _NETLOGON_AUTHENTICATOR? authenticator,
            ref _NETLOGON_AUTHENTICATOR? returnAuthenticator,
            _NETLOGON_LOGON_INFO_CLASS logonLevel,
            _NETLOGON_LEVEL? logonInformation)
        {
            NtStatus status = rpc.NetrLogonSamLogoff(
                logonServer,
                computerName,
                authenticator,
                ref returnAuthenticator,
                logonLevel,
                logonInformation);

            context.ConnectionStatus = status;
            return status;
        }
예제 #15
0
        /// <summary>
        /// Encrypt a NETLOGON_LEVEL structure based on 
        /// logonLevel parameter passed to the method. 
        /// This method support RC4 encryption only.
        /// </summary>
        /// <param name="logonLevel">
        /// A NETLOGON_LOGON_INFO_CLASS structure, as specified in section 2.2.1.4.16, 
        /// that specifies the type of the logon information.
        /// </param>
        /// <param name="logonInformation">
        /// A NETLOGON_LEVEL structure to be encrypted.
        /// </param>
        /// <returns>The encrypted NETLOGON_LEVEL structure.</returns>
        /// <exception cref="ArgumentException">
        /// Thrown when logonLevel or logonInformation is invalid.
        /// </exception>
        /// <exception cref="InvalidOperationException">
        /// Thrown when session key is not negotiated.
        /// </exception>
        /// <exception cref="InvalidOperationException">
        /// Thrown when the method is called before establishing a NRPC secure channel. 
        /// Thrown when neither AES nor RC4 is negotiated.
        /// </exception>
        public _NETLOGON_LEVEL EncryptNetlogonLevel(
            _NETLOGON_LOGON_INFO_CLASS logonLevel,
            _NETLOGON_LEVEL logonInformation)
        {
            ValidateSecureChannelExists();

            switch (logonLevel)
            {
                case _NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveInformation:
                    //If the LogonLevel is NetlogonInteractiveInformation or
                    //NetlogonInteractiveTransitiveInformation, then encrypt<102>
                    //the LmOwfPassword and NtOwfPassword members in the
                    //NETLOGON_INTERACTIVE_INFO structure.
                    if (logonInformation.LogonInteractive == null
                        || logonInformation.LogonInteractive.Length != 1)
                    {
                        throw new ArgumentException("logonInformation is invalid.", "logonInformation");
                    }

                    EncryptLmAndNtOwfPassword(
                        ref logonInformation.LogonInteractive[0].LmOwfPassword,
                        ref logonInformation.LogonInteractive[0].NtOwfPassword);
                    break;

                case _NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveTransitiveInformation:
                    if (logonInformation.LogonInteractiveTransitive == null
                        || logonInformation.LogonInteractiveTransitive.Length != 1)
                    {
                        throw new ArgumentException("logonInformation is invalid.", "logonInformation");
                    }

                    EncryptLmAndNtOwfPassword(
                        ref logonInformation.LogonInteractiveTransitive[0].LmOwfPassword,
                        ref logonInformation.LogonInteractiveTransitive[0].NtOwfPassword);
                    break;

                case _NETLOGON_LOGON_INFO_CLASS.NetlogonServiceInformation:
                    //If the LogonLevel is NetlogonServiceInformation or
                    //NetlogonServiceTransitiveInformation, then encrypt<103>
                    //the LmOwfPassword and NtOwfPassword members in the
                    //NETLOGON_SERVICE_INFO structure.
                    if (logonInformation.LogonService == null
                        || logonInformation.LogonService.Length != 1)
                    {
                        throw new ArgumentException("logonInformation is invalid.", "logonInformation");
                    }

                    EncryptLmAndNtOwfPassword(
                        ref logonInformation.LogonService[0].LmOwfPassword,
                        ref logonInformation.LogonService[0].NtOwfPassword);
                    break;

                case _NETLOGON_LOGON_INFO_CLASS.NetlogonServiceTransitiveInformation:
                    if (logonInformation.LogonServiceTransitive == null
                        || logonInformation.LogonServiceTransitive.Length != 1)
                    {
                        throw new ArgumentException("logonInformation is invalid.", "logonInformation");
                    }

                    EncryptLmAndNtOwfPassword(
                        ref logonInformation.LogonServiceTransitive[0].LmOwfPassword,
                        ref logonInformation.LogonServiceTransitive[0].NtOwfPassword);
                    break;

                case _NETLOGON_LOGON_INFO_CLASS.NetlogonGenericInformation:
                    //If the LogonLevel is NetlogonGenericInformation,
                    //then encrypt<104> the LogonData member in the
                    //NETLOGON_GENERIC_INFO structure.
                    if (logonInformation.LogonGeneric == null
                        || logonInformation.LogonGeneric.Length != 1)
                    {
                        throw new ArgumentException("logonInformation is invalid.", "logonInformation");
                    }

                    //Encrypt the ClearNewPassword parameter using the RC4 algorithm
                    //and the session key established as the encryption key.
                    logonInformation.LogonGeneric[0].LogonData = NrpcUtility.EncryptBuffer(
                        IsAesOrRc4Negotiated(),
                        context.SessionKey,
                        logonInformation.LogonGeneric[0].LogonData);
                    break;

                case _NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkInformation:
                case _NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkTransitiveInformation:
                    //If the LogonLevel is NetlogonNetworkInformation or
                    //NetlogonNetworkTransitiveInformation, then encrypt the
                    //UserSessionKey and the first two elements of the
                    //ExpansionRoom array in the NETLOGON_VALIDATION_SAM_INFO
                    //(section 2.2.1.4.11) or in the NETLOGON_VALIDATION_SAM_INFO2
                    //(section 2.2.1.4.12) structure.

                    //TODO: TDI 48320, there're no UserSessionKey and ExpansionRoom in NETLOGON_INFO class.

                    break;

                default:
                    throw new ArgumentException("logonLevel is invalid.", "logonLevel");
            }

            return logonInformation;
        }