private void ReadCommonHeader(NdrBinaryStream pacStream)
{
Version = pacStream.Read(1)[0];
if (Version != NdrConstants.PROTOCOL_VERSION)
{
throw new InvalidDataException($"Unknown Protocol version {Version}");
}
var headerBits = pacStream.Read(1)[0];
var endian = headerBits >> 4 & 0x0F;
if (endian != 0 && endian != 1)
{
throw new InvalidDataException($"Unknown endianness {endian}");
}
Endian = Convert.ToBoolean(endian);
Encoding = (byte)(headerBits & 0x0F);
if (Encoding != 0 && Encoding != 1)
{
throw new InvalidDataException($"Unknown encoding {Encoding}");
}
Length = pacStream.ReadShort();
if (Length != NdrConstants.COMMON_HEADER_BYTES)
{
throw new InvalidDataException($"Unknown common header length {Length}");
}
}
public RpcHeader(NdrBinaryStream pacStream)
{
ReadCommonHeader(pacStream);
pacStream.Read(4);
pacStream.Read(8);
pacStream.Read(4);
}
public override void ReadBody(NdrBinaryStream stream)
{
Type = (ChecksumType)stream.ReadUnsignedInt();
SignaturePosition = (int)stream.Position;
Signature = SetSignatureValue(Type, size => stream.Read(size));
Validator = CryptoService.CreateChecksumValidator(Type, Signature, signatureData);
if (stream.Position < stream.Length)
{
RODCIdentifier = stream.ReadShort();
}
}
public override void ReadBody(NdrBinaryStream stream)
{
Count = stream.ReadInt();
stream.Seek(4);
ReservedType = stream.ReadShort();
ReservedFieldSize = stream.ReadInt();
ReservedField = stream.Read(ReservedFieldSize);
stream.Align(8);
ClaimsArray = ReadClaimsArray(stream);
}
public override void ReadBody(NdrBinaryStream stream)
{
LogonTime = stream.ReadFiletime();
LogoffTime = stream.ReadFiletime();
KickOffTime = stream.ReadFiletime();
PwdLastChangeTime = stream.ReadFiletime();
PwdCanChangeTime = stream.ReadFiletime();
PwdMustChangeTime = stream.ReadFiletime();
var userName = stream.ReadRPCUnicodeString();
var userDisplayName = stream.ReadRPCUnicodeString();
var logonScript = stream.ReadRPCUnicodeString();
var profilePath = stream.ReadRPCUnicodeString();
var homeDirectory = stream.ReadRPCUnicodeString();
var homeDrive = stream.ReadRPCUnicodeString();
LogonCount = stream.ReadShort();
BadPasswordCount = stream.ReadShort();
var userSid = stream.ReadRid();
var groupSid = stream.ReadRid();
// Groups information
var groupCount = stream.ReadInt();
var groupPointer = stream.ReadInt();
UserFlags = (UserFlags)stream.ReadInt();
// sessionKey
stream.Read(new byte[16]);
var serverNameString = stream.ReadRPCUnicodeString();
var domainNameString = stream.ReadRPCUnicodeString();
var domainIdPointer = stream.ReadInt();
// reserved1
stream.Read(new byte[8]);
UserAccountControl = (UserAccountControlFlags)stream.ReadInt();
SubAuthStatus = stream.ReadInt();
LastSuccessfulILogon = stream.ReadFiletime();
LastFailedILogon = stream.ReadFiletime();
FailedILogonCount = stream.ReadInt();
// reserved3
stream.ReadInt();
// Extra SIDs information
var extraSidCount = stream.ReadInt();
var extraSidPointer = stream.ReadInt();
var resourceDomainIdPointer = stream.ReadInt();
var resourceGroupCount = stream.ReadInt();
var resourceGroupPointer = stream.ReadInt();
UserName = userName.ReadString(stream);
UserDisplayName = userDisplayName.ReadString(stream);
LogonScript = logonScript.ReadString(stream);
ProfilePath = profilePath.ReadString(stream);
HomeDirectory = homeDirectory.ReadString(stream);
HomeDrive = homeDrive.ReadString(stream);
// Groups data
var groupSids = ParseAttributes(stream, groupCount, groupPointer);
// Server related strings
ServerName = serverNameString.ReadString(stream);
DomainName = domainNameString.ReadString(stream);
if (domainIdPointer != 0)
{
DomainSid = stream.ReadSid();
}
UserSid = userSid.AppendTo(DomainSid);
GroupSid = groupSid.AppendTo(DomainSid);
GroupSids = groupSids.Select(g => g.AppendTo(DomainSid)).ToList();
if (UserFlags.HasFlag(UserFlags.LOGON_EXTRA_SIDS))
{
ExtraSids = ParseExtraSids(stream, extraSidCount, extraSidPointer).ToList();
}
if (resourceDomainIdPointer != 0)
{
ResourceDomainSid = stream.ReadSid();
}
if (UserFlags.HasFlag(UserFlags.LOGON_RESOURCE_GROUPS))
{
ResourceGroups = ParseAttributes(
stream,
resourceGroupCount,
resourceGroupPointer
).Select(g => g.AppendTo(ResourceDomainSid)).ToList();
}
}
