/// <summary>
/// Connect the client to a RPC endpoint.
/// </summary>
/// <param name="endpoint">The endpoint for RPC server.</param>
/// <param name="security_quality_of_service">The security quality of service for the connection.</param>
public void Connect(RpcEndpoint endpoint, SecurityQualityOfService security_quality_of_service)
{
if (Connected)
{
throw new InvalidOperationException("RPC client is already connected.");
}
if (endpoint == null)
{
throw new ArgumentNullException("Must specify an endpoint", nameof(endpoint));
}
try
{
_transport = RpcClientTransportFactory.ConnectEndpoint(endpoint, security_quality_of_service);
_transport.Bind(InterfaceId, InterfaceVersion, NdrNativeUtils.DCE_TransferSyntax, new Version(2, 0));
}
catch
{
// Disconnect transport on any exception.
_transport?.Disconnect();
_transport = null;
throw;
}
}
public static PortComHandle Connect(string portName)
{
UnicodeString portNameStr = new UnicodeString(portName);
SecurityQualityOfService securityQos = new SecurityQualityOfService(SecurityImpersonationLevel.SecurityImpersonation, true, false);
IntPtr handle;
try
{
Win32.NtConnectPort(
out handle,
ref portNameStr,
ref securityQos,
IntPtr.Zero,
IntPtr.Zero,
IntPtr.Zero,
IntPtr.Zero,
IntPtr.Zero
).ThrowIf();
}
finally
{
portNameStr.Dispose();
}
return(new PortComHandle(handle, true));
}
private static NtAlpcClient ConnectPort(string path, SecurityQualityOfService sqos)
{
AlpcReceiveMessageAttributes in_attr = new AlpcReceiveMessageAttributes();
return(NtAlpcClient.Connect(path, null,
CreatePortAttributes(sqos), AlpcMessageFlags.SyncRequest, null, null, null, in_attr, NtWaitTimeout.FromSeconds(5)));
}
public static PortComHandle Connect(string portName)
{
NtStatus status;
UnicodeString portNameStr = new UnicodeString(portName);
SecurityQualityOfService securityQos =
new SecurityQualityOfService(SecurityImpersonationLevel.SecurityImpersonation, true, false);
IntPtr handle;
try
{
if ((status = Win32.NtConnectPort(
out handle,
ref portNameStr,
ref securityQos,
IntPtr.Zero,
IntPtr.Zero,
IntPtr.Zero,
IntPtr.Zero,
IntPtr.Zero
)) >= NtStatus.Error)
{
Win32.ThrowLastError(status);
}
}
finally
{
portNameStr.Dispose();
}
return(new PortComHandle(handle, true));
}
/// <summary>
/// Process record.
/// </summary>
protected override void ProcessRecord()
{
SecurityQualityOfService sqos = ParameterSetName == "FromSqos"
? SecurityQualityOfService
: new SecurityQualityOfService(ImpersonationLevel, ContextTrackingMode, EffectiveOnly);
WriteObject(Port.CreateSecurityContext(sqos));
}
/// <summary>
/// Connect the client to an ALPC RPC port.
/// </summary>
/// <param name="alpc_path">The path to the ALPC RPC port.</param>
/// <param name="security_quality_of_service">The security quality of service for the port.</param>
public void Connect(string alpc_path, SecurityQualityOfService security_quality_of_service)
{
if (Connected)
{
throw new InvalidOperationException("RPC client is already connected.");
}
Connect("ncalrpc", alpc_path, security_quality_of_service);
}
/// <summary>
/// Connect a client transport from an endpoint.
/// </summary>
/// <param name="endpoint">The RPC endpoint.</param>
/// <param name="security_quality_of_service">The security quality of service for the connection.</param>
/// <returns>The connected client transport.</returns>
/// <exception cref="ArgumentException">Thrown if protocol sequence unsupported.</exception>
/// <exception cref="Exception">Other exceptions depending on the connection.</exception>
public static IRpcClientTransport ConnectEndpoint(RpcEndpoint endpoint, SecurityQualityOfService security_quality_of_service)
{
if (!_factories.ContainsKey(endpoint.ProtocolSequence))
{
throw new ArgumentException($"Unsupported protocol sequence {endpoint.ProtocolSequence}", nameof(endpoint));
}
return(_factories[endpoint.ProtocolSequence].Connect(endpoint, security_quality_of_service));
}
/// <summary>
/// Causes the thread to impersonate a client thread.
/// </summary>
/// <param name="clientThreadHandle">A handle to a client thread.</param>
/// <param name="impersonationLevel">The impersonation level to request.</param>
public void Impersonate(ThreadHandle clientThreadHandle, SecurityImpersonationLevel impersonationLevel)
{
SecurityQualityOfService securityQos = new SecurityQualityOfService(impersonationLevel, false, false);
Win32.NtImpersonateThread(
this,
clientThreadHandle,
ref securityQos
).ThrowIf();
}
/// <summary>
/// Causes the thread to impersonate a client thread.
/// </summary>
/// <param name="clientThreadHandle">A handle to a client thread.</param>
/// <param name="impersonationLevel">The impersonation level to request.</param>
public void Impersonate(ThreadHandle clientThreadHandle, SecurityImpersonationLevel impersonationLevel)
{
NtStatus status;
SecurityQualityOfService securityQos =
new SecurityQualityOfService(impersonationLevel, false, false);
if ((status = Win32.NtImpersonateThread(this, clientThreadHandle, ref securityQos)) >= NtStatus.Error)
{
Win32.Throw(status);
}
}
/// <summary>
/// Constructor.
/// </summary>
/// <param name="path">The NT pipe path to connect. e.g. \??\pipe\ABC.</param>
/// <param name="security_quality_of_service">The security quality of service for the connection.</param>
public RpcNamedPipeClientTransport(string path, SecurityQualityOfService security_quality_of_service)
{
if (string.IsNullOrEmpty(path))
{
throw new ArgumentException("Must specify a path to connect to", nameof(path));
}
_pipe = ConnectPipe(path, security_quality_of_service);
_data_rep = new NdrDataRepresentation();
_max_recv_fragment = MaxRecvFrag;
_max_send_fragment = MaxXmitFrag;
Endpoint = path;
}
/// <summary>
/// Constructor.
/// </summary>
public NewNtTokenCmdlet()
{
AuthenticationId = NtToken.LocalSystemAuthId;
TokenType = TokenType.Primary;
ExpirationTime = DateTime.Now.AddYears(10);
Groups = new Sid[0];
Privileges = new TokenPrivilegeValue[0];
DefaultAcl = new Acl();
DefaultAcl.AddAccessAllowedAce(GenericAccessRights.GenericAll, AceFlags.None, "SY");
DefaultAcl.AddAccessAllowedAce(GenericAccessRights.GenericAll, AceFlags.None, "BA");
IntegrityLevel = TokenIntegrityLevel.System;
SecurityQualityOfService = new SecurityQualityOfService(SecurityImpersonationLevel.Anonymous, SecurityContextTrackingMode.Static, false);
}
/// <summary>
/// Constructor.
/// </summary>
/// <param name="path">The path to connect. The format depends on the transport.</param>
/// <param name="security_quality_of_service">The security quality of service for the connection.</param>
public RpcAlpcClientTransport(string path, SecurityQualityOfService security_quality_of_service)
{
if (string.IsNullOrEmpty(path))
{
throw new ArgumentException("Must specify a path to connect to");
}
if (!path.StartsWith(@"\"))
{
path = $@"\RPC Control\{path}";
}
_client = ConnectPort(path, security_quality_of_service);
Endpoint = path;
}
/// <summary>
/// Connect the client to a RPC endpoint.
/// </summary>
/// <param name="protocol_seq">The protocol sequence for the transport.</param>
/// <param name="endpoint">The endpoint for the protocol sequence.</param>
/// <param name="security_quality_of_service">The security quality of service for the connection.</param>
public void Connect(string protocol_seq, string endpoint, SecurityQualityOfService security_quality_of_service)
{
if (Connected)
{
throw new InvalidOperationException("RPC client is already connected.");
}
if (string.IsNullOrEmpty(protocol_seq))
{
throw new ArgumentException("Must specify a protocol sequence", nameof(protocol_seq));
}
Connect(string.IsNullOrEmpty(endpoint) ? LookupEndpoint(protocol_seq) :
new RpcEndpoint(InterfaceId, InterfaceVersion,
SafeRpcBindingHandle.Compose(null, protocol_seq, null, endpoint, null), true),
security_quality_of_service);
}
public RpcNamedPipeTransport(string path, SecurityQualityOfService security_quality_of_service)
{
if (string.IsNullOrEmpty(path))
{
throw new ArgumentException("Must specify a path to connect to");
}
if (path.Contains(@"\"))
{
path = path.Substring(path.LastIndexOf(@"\") + 1);
}
_client = new NamedPipeClientStream(path);
_client.Connect();
Endpoint = path;
}
private NtNamedPipeFileClient ConnectPipe(string path, SecurityQualityOfService security_quality_of_service)
{
using (var obj_attr = new ObjectAttributes(path, AttributeFlags.CaseInsensitive, (NtObject)null, security_quality_of_service, null))
{
using (var file = NtFile.Open(obj_attr, FileAccessRights.Synchronize | FileAccessRights.GenericRead | FileAccessRights.GenericWrite,
FileShareMode.None, FileOpenOptions.NonDirectoryFile | FileOpenOptions.SynchronousIoNonAlert))
{
if (!(file is NtNamedPipeFileClient pipe))
{
throw new ArgumentException("Path was not a named pipe endpoint.");
}
pipe.ReadMode = NamedPipeReadMode.Message;
return((NtNamedPipeFileClient)pipe.Duplicate());
}
}
}
/// <summary>
/// Connect the client to an ALPC port.
/// </summary>
/// <param name="alpc_path">The path to the ALPC port.</param>
/// <param name="security_quality_of_service">The security quality of service for the port.</param>
public void Connect(string alpc_path, SecurityQualityOfService security_quality_of_service)
{
if (Connected)
{
throw new InvalidOperationException("RPC client is already connected.");
}
if (string.IsNullOrEmpty(alpc_path))
{
alpc_path = LookupEndpoint();
}
else if (!alpc_path.StartsWith(@"\"))
{
alpc_path = $@"\RPC Control\{alpc_path}";
}
AlpcPath = alpc_path;
_client = ConnectPort(alpc_path, security_quality_of_service);
CallId = 1;
BindInterface();
}
private static AlpcPortAttributes CreatePortAttributes(SecurityQualityOfService sqos)
{
AlpcPortAttributeFlags flags = AlpcPortAttributeFlags.AllowDupObject | AlpcPortAttributeFlags.AllowImpersonation | AlpcPortAttributeFlags.WaitablePort;
if (!NtObjectUtils.IsWindows81OrLess)
{
flags |= AlpcPortAttributeFlags.AllowMultiHandleAttribute;
}
return(new AlpcPortAttributes()
{
DupObjectTypes = AlpcHandleObjectType.AllObjects,
MemoryBandwidth = new IntPtr(0),
Flags = flags,
MaxMessageLength = new IntPtr(0x1000),
MaxPoolUsage = new IntPtr(-1),
MaxSectionSize = new IntPtr(-1),
MaxViewSize = new IntPtr(-1),
MaxTotalSectionSize = new IntPtr(-1),
SecurityQos = sqos?.ToStruct() ?? new SecurityQualityOfServiceStruct(SecurityImpersonationLevel.Impersonation, SecurityContextTrackingMode.Static, false)
});
}
public void Connect(RpcEndpoint endpoint, SecurityQualityOfService security_quality_of_service)
{
Connect(endpoint, new RpcTransportSecurity(security_quality_of_service));
}
public void Connect(string protocol_seq, string endpoint, string network_address, SecurityQualityOfService security_quality_of_service)
{
Connect(protocol_seq, endpoint, network_address, new RpcTransportSecurity(security_quality_of_service));
}
public void Connect(string protocol_seq, string endpoint, SecurityQualityOfService security_quality_of_service)
{
Connect(protocol_seq, endpoint, null, security_quality_of_service);
}
public IRpcClientTransport Connect(RpcEndpoint endpoint, SecurityQualityOfService security_quality_of_service)
{
return(new RpcNamedPipeClientTransport(endpoint.EndpointPath, security_quality_of_service));
}
private object CreateObject(string path, AttributeFlags attributes, NtObject root, SecurityQualityOfService security_quality_of_service, SecurityDescriptor security_descriptor)
{
using (ObjectAttributes obja = new ObjectAttributes(path, attributes, root, security_quality_of_service, security_descriptor))
{
return(CreateObject(obja));
}
}
public static IRpcClientTransport ConnectEndpoint(RpcEndpoint endpoint, SecurityQualityOfService security_quality_of_service)
{
return(ConnectEndpoint(endpoint, new RpcTransportSecurity(security_quality_of_service)));
}
/// <summary>
/// Constructor.
/// </summary>
/// <param name="security_quality_of_service">Security quality of service.</param>
public RpcTransportSecurity(SecurityQualityOfService security_quality_of_service) : this()
{
SecurityQualityOfService = security_quality_of_service;
}
public ObjectAttributes(string object_name, AttributeFlags attributes, SafeKernelObjectHandle root, SecurityQualityOfService sqos, GenericSecurityDescriptor security_descriptor)
{
Length = Marshal.SizeOf(this);
if (object_name != null)
{
ObjectName = AllocStruct(new UnicodeString(object_name));
}
Attributes = attributes;
if (sqos != null)
{
SecurityQualityOfService = AllocStruct(sqos);
}
if (root != null)
{
RootDirectory = root.DangerousGetHandle();
}
if (security_descriptor != null)
{
byte[] sd_binary = new byte[security_descriptor.BinaryLength];
security_descriptor.GetBinaryForm(sd_binary, 0);
SecurityDescriptor = Marshal.AllocHGlobal(sd_binary.Length);
Marshal.Copy(sd_binary, 0, SecurityDescriptor, sd_binary.Length);
}
}
