/// <summary>
/// It is called when SQL batch request arrives
/// </summary>
public virtual TDSMessageCollection OnSQLBatchRequest(ITDSServerSession session, TDSMessage message)
{
// Delegate to the query engine
TDSMessageCollection responseMessage = Engine.ExecuteBatch(session, message);
// Check if session packet size is different than the engine packet size
if (session.PacketSize != Arguments.PacketSize)
{
// Get the first message
TDSMessage firstMessage = responseMessage[0];
// Find DONE token in it
int indexOfDone = firstMessage.IndexOf(firstMessage.Where(t => t is TDSDoneToken).First());
// Create new packet size environment change token
TDSEnvChangeToken envChange = new TDSEnvChangeToken(TDSEnvChangeTokenType.PacketSize, Arguments.PacketSize.ToString(), session.PacketSize.ToString());
// Log response
TDSUtilities.Log(Arguments.Log, "Response", envChange);
// Insert env change before done token
firstMessage.Insert(indexOfDone, envChange);
// Update session with the new packet size
session.PacketSize = (uint)Arguments.PacketSize;
}
return(responseMessage);
}
public virtual TDSMessageCollection OnFederatedAuthenticationTokenMessage(ITDSServerSession session, TDSMessage message)
{
// Get the FedAuthToken
TDSFedAuthToken fedauthToken = message[0] as TDSFedAuthToken;
// Log
TDSUtilities.Log(Arguments.Log, "Request", fedauthToken);
return(OnFederatedAuthenticationCompleted(session, fedauthToken.Token));
}
/// <summary>
/// Handler for SSPI request
/// </summary>
public virtual TDSMessageCollection OnSSPIRequest(ITDSServerSession session, TDSMessage request)
{
// Get the SSPI token
TDSSSPIClientToken sspiRequest = request[0] as TDSSSPIClientToken;
// Log request
TDSUtilities.Log(Arguments.Log, "Request", sspiRequest.Payload);
// Delegate to SSPI routine
return(ContinueSSPIAuthentication(session, sspiRequest.Payload));
}
/// <summary>
/// Ensure that federated authentication option is valid
/// </summary>
protected virtual TDSMessageCollection CheckFederatedAuthenticationOption(ITDSServerSession session, TDSLogin7FedAuthOptionToken federatedAuthenticationOption)
{
// Check if server's prelogin response for FedAuthRequired prelogin option is echoed back correctly in FedAuth Feature Extenion Echo
if (federatedAuthenticationOption.Echo != (session as GenericTDSServerSession).FedAuthRequiredPreLoginServerResponse)
{
// Create Error message
string message =
string.Format("FEDAUTHREQUIRED option in the prelogin response is not echoed back correctly: in prelogin response, it is {0} and in login, it is {1}: ",
(session as GenericTDSServerSession).FedAuthRequiredPreLoginServerResponse,
federatedAuthenticationOption.Echo);
// Create errorToken token
TDSErrorToken errorToken = new TDSErrorToken(3456, 34, 23, message);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", errorToken);
// Create DONE token
TDSDoneToken doneToken = new TDSDoneToken(TDSDoneTokenStatusType.Final | TDSDoneTokenStatusType.Error);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", doneToken);
// Build a collection with a single message of two tokens
return(new TDSMessageCollection(new TDSMessage(TDSMessageType.Response, errorToken, doneToken)));
}
// Check if the nonce exists
if ((federatedAuthenticationOption.Nonce == null && federatedAuthenticationOption.Library == TDSFedAuthLibraryType.IDCRL) ||
!AreEqual((session as GenericTDSServerSession).ServerNonce, federatedAuthenticationOption.Nonce))
{
// Error message
string message = string.Format("Unexpected NONCEOPT specified in the Federated authentication feature extension");
// Create errorToken token
TDSErrorToken errorToken = new TDSErrorToken(5672, 32, 87, message);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", errorToken);
// Create DONE token
TDSDoneToken doneToken = new TDSDoneToken(TDSDoneTokenStatusType.Final | TDSDoneTokenStatusType.Error);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", doneToken);
// Build a collection with a single message of two tokens
return(new TDSMessageCollection(new TDSMessage(TDSMessageType.Response, errorToken, doneToken)));
}
// We're good
return(null);
}
/// <summary>
/// Handler for login request
/// </summary>
public override TDSMessageCollection OnLogin7Request(ITDSServerSession session, TDSMessage request)
{
// Inflate login7 request from the message
TDSLogin7Token loginRequest = request[0] as TDSLogin7Token;
// Check if arguments are of the routing server
if (Arguments is RoutingTDSServerArguments)
{
// Cast to routing server arguments
RoutingTDSServerArguments ServerArguments = Arguments as RoutingTDSServerArguments;
// Check filter
if (ServerArguments.RequireReadOnly && (loginRequest.TypeFlags.ReadOnlyIntent != TDSLogin7TypeFlagsReadOnlyIntent.ReadOnly))
{
// Log request
TDSUtilities.Log(Arguments.Log, "Request", loginRequest);
// Prepare ERROR token with the denial details
TDSErrorToken errorToken = new TDSErrorToken(18456, 1, 14, "Received application intent: " + loginRequest.TypeFlags.ReadOnlyIntent.ToString(), Arguments.ServerName);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", errorToken);
// Serialize the error token into the response packet
TDSMessage responseMessage = new TDSMessage(TDSMessageType.Response, errorToken);
// Prepare ERROR token for the final decision
errorToken = new TDSErrorToken(18456, 1, 14, "Read-Only application intent is required for routing", Arguments.ServerName);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", errorToken);
// Serialize the error token into the response packet
responseMessage.Add(errorToken);
// Create DONE token
TDSDoneToken doneToken = new TDSDoneToken(TDSDoneTokenStatusType.Final | TDSDoneTokenStatusType.Error);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", doneToken);
// Serialize DONE token into the response packet
responseMessage.Add(doneToken);
// Return a single message in the collection
return(new TDSMessageCollection(responseMessage));
}
}
// Delegate to the base class
return(base.OnLogin7Request(session, request));
}
/// <summary>
/// Handler for pre-login request
/// </summary>
public virtual TDSMessageCollection OnPreLoginRequest(ITDSServerSession session, TDSMessage request)
{
// Inflate pre-login request from the message
TDSPreLoginToken preLoginRequest = request[0] as TDSPreLoginToken;
// Log request
TDSUtilities.Log(Arguments.Log, "Request", preLoginRequest);
// Generate server response for encryption
TDSPreLoginTokenEncryptionType serverResponse = TDSUtilities.GetEncryptionResponse(preLoginRequest.Encryption, Arguments.Encryption);
// Update client state with encryption resolution
session.Encryption = TDSUtilities.ResolveEncryption(preLoginRequest.Encryption, serverResponse);
// Create TDS prelogin packet
TDSPreLoginToken preLoginToken = new TDSPreLoginToken(Arguments.ServerVersion, serverResponse, false); // TDS server doesn't support MARS
// Cache the recieved Nonce into the session
(session as GenericTDSServerSession).ClientNonce = preLoginRequest.Nonce;
// Check if the server has been started up as requiring FedAuth when choosing between SSPI and FedAuth
if (Arguments.FedAuthRequiredPreLoginOption == TdsPreLoginFedAuthRequiredOption.FedAuthRequired)
{
if (preLoginRequest.FedAuthRequired == TdsPreLoginFedAuthRequiredOption.FedAuthRequired)
{
// Set the FedAuthRequired option
preLoginToken.FedAuthRequired = TdsPreLoginFedAuthRequiredOption.FedAuthRequired;
}
// Keep the federated authentication required flag in the server session
(session as GenericTDSServerSession).FedAuthRequiredPreLoginServerResponse = preLoginToken.FedAuthRequired;
if (preLoginRequest.Nonce != null)
{
// Generate Server Nonce
preLoginToken.Nonce = _GenerateRandomBytes(32);
}
}
// Cache the server Nonce in a session
(session as GenericTDSServerSession).ServerNonce = preLoginToken.Nonce;
// Log response
TDSUtilities.Log(Arguments.Log, "Response", preLoginToken);
// Reset authentication information
session.SQLUserID = null;
session.NTUserAuthenticationContext = null;
// Respond with a single message that contains only one token
return(new TDSMessageCollection(new TDSMessage(TDSMessageType.Response, preLoginToken)));
}
/// <summary>
/// It is called when SQL batch request arrives
/// </summary>
/// <param name="message">TDS message recieved</param>
/// <returns>TDS message to respond with</returns>
public override TDSMessageCollection OnSQLBatchRequest(ITDSServerSession session, TDSMessage request)
{
// Delegate to the base class to produce the response first
TDSMessageCollection batchResponse = base.OnSQLBatchRequest(session, request);
// Check if arguments are of routing server
if (Arguments is RoutingTDSServerArguments)
{
// Cast to routing server arguments
RoutingTDSServerArguments ServerArguments = Arguments as RoutingTDSServerArguments;
// Check routing condition
if (ServerArguments.RouteOnPacket == TDSMessageType.SQLBatch)
{
// Construct routing token
TDSPacketToken routingToken = CreateRoutingToken();
// Log response
TDSUtilities.Log(Arguments.Log, "Response", routingToken);
// Insert the routing token at the beginning of the response
batchResponse[0].Insert(0, routingToken);
}
else
{
// Get the first response message
TDSMessage responseMessage = batchResponse[0];
// Reset the content of the first message
responseMessage.Clear();
// Prepare ERROR token with the denial details
responseMessage.Add(new TDSErrorToken(11111, 1, 14, "Client should have been routed by now", Arguments.ServerName));
// Log response
TDSUtilities.Log(Arguments.Log, "Response", responseMessage[0]);
// Prepare DONE token
responseMessage.Add(new TDSDoneToken(TDSDoneTokenStatusType.Final | TDSDoneTokenStatusType.Error));
// Log response
TDSUtilities.Log(Arguments.Log, "Response", responseMessage[1]);
}
}
// Register only one message with the collection
return(batchResponse);
}
/// <summary>
/// Complete login sequence
/// </summary>
protected override TDSMessageCollection OnAuthenticationCompleted(ITDSServerSession session)
{
// Delegate to the base class
TDSMessageCollection responseMessageCollection = base.OnAuthenticationCompleted(session);
// Check if arguments are of routing server
if (Arguments is RoutingTDSServerArguments)
{
// Cast to routing server arguments
RoutingTDSServerArguments serverArguments = Arguments as RoutingTDSServerArguments;
// Check routing condition
if (serverArguments.RouteOnPacket == TDSMessageType.TDS7Login)
{
// Construct routing token
TDSPacketToken routingToken = CreateRoutingToken();
// Log response
TDSUtilities.Log(Arguments.Log, "Response", routingToken);
// Get the first message
TDSMessage targetMessage = responseMessageCollection[0];
// Index at which to insert the routing token
int insertIndex = targetMessage.Count - 1;
// VSTS# 1021027 - Read-Only Routing yields TDS protocol error
// Resolution: Send TDS FeatureExtAct token before TDS ENVCHANGE token with routing information
TDSPacketToken featureExtAckToken = targetMessage.Find(t => t is TDSFeatureExtAckToken);
// Check if found
if (featureExtAckToken != null)
{
// Find token position
insertIndex = targetMessage.IndexOf(featureExtAckToken);
}
// Insert right before the done token
targetMessage.Insert(insertIndex, routingToken);
}
}
return(responseMessageCollection);
}
protected virtual TDSMessageCollection OnFederatedAuthenticationInfoRequest(ITDSServerSession session)
{
TDSFedAuthInfoToken infoToken = new TDSFedAuthInfoToken();
// Make fake info options
TDSFedAuthInfoOptionSPN spn = new TDSFedAuthInfoOptionSPN(Arguments.ServerPrincipalName);
TDSFedAuthInfoOptionSTSURL stsurl = new TDSFedAuthInfoOptionSTSURL(Arguments.StsUrl);
infoToken.Options.Add(0, spn);
infoToken.Options.Add(1, stsurl);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", spn);
TDSUtilities.Log(Arguments.Log, "Response", stsurl);
TDSMessage infoMessage = new TDSMessage(TDSMessageType.FederatedAuthenticationInfo, infoToken);
return(new TDSMessageCollection(infoMessage));
}
/// <summary>
/// Checks the TDS version
/// </summary>
/// <param name="session">Server session</param>
/// <returns>Null if the TDS version is supported, errorToken message otherwise</returns>
protected virtual TDSMessageCollection CheckTDSVersion(ITDSServerSession session)
{
// Check if version is supported
if (TDSVersion.IsSupported(session.TDSVersion))
{
return(null);
}
// Prepare ERROR token
TDSErrorToken errorToken = new TDSErrorToken(12345, 1, 16, "Unsupported TDS client version", Arguments.ServerName);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", errorToken);
// Create DONE token
TDSDoneToken doneToken = new TDSDoneToken(TDSDoneTokenStatusType.Final | TDSDoneTokenStatusType.Error);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", doneToken);
// Wrap with message collection
return(new TDSMessageCollection(new TDSMessage(TDSMessageType.Response, errorToken, doneToken)));
}
/// <summary>
/// Complete the Federated Login
/// </summary>
/// <param name="session">Server session</param>
/// <returns>Federated Login message collection</returns>
protected virtual TDSMessageCollection OnFederatedAuthenticationCompleted(ITDSServerSession session, byte[] ticket)
{
// Delegate to successful authentication routine
TDSMessageCollection responseMessageCollection = OnAuthenticationCompleted(session);
// Get the last message
TDSMessage targetMessage = responseMessageCollection.Last();
IFederatedAuthenticationTicket decryptedTicket = null;
try
{
// Get the Federated Authentication ticket using RPS
decryptedTicket = FederatedAuthenticationTicketService.DecryptTicket((session as GenericTDSServerSession).FederatedAuthenticationLibrary, ticket);
if (decryptedTicket is RpsTicket)
{
TDSUtilities.Log(Arguments.Log, "RPS ticket session key: ", (decryptedTicket as RpsTicket).sessionKey);
}
else if (decryptedTicket is JwtTicket)
{
TDSUtilities.Log(Arguments.Log, "JWT Ticket Received", null);
}
}
catch (Exception ex)
{
// Prepare ERROR token
TDSErrorToken errorToken = new TDSErrorToken(54879, 1, 20, "Authentication error in Federated Authentication Ticket Service: " + ex.Message, Arguments.ServerName);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", errorToken);
// Create DONE token
TDSDoneToken doneToken = new TDSDoneToken(TDSDoneTokenStatusType.Final | TDSDoneTokenStatusType.Error);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", doneToken);
// Return the message and stop processing request
return(new TDSMessageCollection(new TDSMessage(TDSMessageType.Response, errorToken, doneToken)));
}
// Create federated authentication extension option
TDSFeatureExtAckFederatedAuthenticationOption federatedAuthenticationOption;
if ((session as GenericTDSServerSession).FederatedAuthenticationLibrary == TDSFedAuthLibraryType.MSAL)
{
// For the time being, fake fedauth tokens are used for ADAL, so decryptedTicket is null.
federatedAuthenticationOption =
new TDSFeatureExtAckFederatedAuthenticationOption((session as GenericTDSServerSession).ClientNonce, null);
}
else
{
federatedAuthenticationOption =
new TDSFeatureExtAckFederatedAuthenticationOption((session as GenericTDSServerSession).ClientNonce,
decryptedTicket.GetSignature((session as GenericTDSServerSession).ClientNonce));
}
// Look for feature extension token
TDSFeatureExtAckToken featureExtActToken = (TDSFeatureExtAckToken)targetMessage.Where(t => t is TDSFeatureExtAckToken).FirstOrDefault();
// Check if response already contains federated authentication
if (featureExtActToken == null)
{
// Create Feature extension Ack token
featureExtActToken = new TDSFeatureExtAckToken(federatedAuthenticationOption);
// Serialize feature extension token into the response
// The last token is Done token, so we should put feautureextack token before done token
targetMessage.Insert(targetMessage.Count - 1, featureExtActToken);
}
else
{
// Update
featureExtActToken.Options.Add(federatedAuthenticationOption);
}
// Log response
TDSUtilities.Log(Arguments.Log, "Response", federatedAuthenticationOption);
// Wrap a message with a collection
return(responseMessageCollection);
}
protected virtual TDSMessageCollection OnAuthenticationCompleted(ITDSServerSession session)
{
// Create new database environment change token
TDSEnvChangeToken envChange = new TDSEnvChangeToken(TDSEnvChangeTokenType.Database, session.Database, "master");
// Log response
TDSUtilities.Log(Arguments.Log, "Response", envChange);
// Serialize the login token into the response packet
TDSMessage responseMessage = new TDSMessage(TDSMessageType.Response, envChange);
// Create information token on the change
TDSInfoToken infoToken = new TDSInfoToken(5701, 2, 0, string.Format("Changed database context to '{0}'", envChange.NewValue), Arguments.ServerName);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", infoToken);
// Serialize the login token into the response packet
responseMessage.Add(infoToken);
// Create new collation change token
envChange = new TDSEnvChangeToken(TDSEnvChangeTokenType.SQLCollation, (session as GenericTDSServerSession).Collation);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", envChange);
// Serialize the login token into the response packet
responseMessage.Add(envChange);
// Create new language change token
envChange = new TDSEnvChangeToken(TDSEnvChangeTokenType.Language, LanguageString.ToString((session as GenericTDSServerSession).Language));
// Log response
TDSUtilities.Log(Arguments.Log, "Response", envChange);
// Serialize the login token into the response packet
responseMessage.Add(envChange);
// Create information token on the change
infoToken = new TDSInfoToken(5703, 1, 0, string.Format("Changed language setting to {0}", envChange.NewValue), Arguments.ServerName);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", infoToken);
// Serialize the login token into the response packet
responseMessage.Add(infoToken);
// Create new packet size environment change token
envChange = new TDSEnvChangeToken(TDSEnvChangeTokenType.PacketSize, Arguments.PacketSize.ToString(), Arguments.PacketSize.ToString());
// Log response
TDSUtilities.Log(Arguments.Log, "Response", envChange);
// Serialize the login token into the response packet
responseMessage.Add(envChange);
// Update session packet size
session.PacketSize = (uint)Arguments.PacketSize;
// Create login acknowledgement packet
TDSLoginAckToken loginResponseToken = new TDSLoginAckToken(Arguments.ServerVersion, session.TDSVersion, TDSLogin7TypeFlagsSQL.SQL, "Microsoft SQL Server"); // Otherwise SNAC yields E_FAIL
// Log response
TDSUtilities.Log(Arguments.Log, "Response", loginResponseToken);
// Serialize the login token into the response packet
responseMessage.Add(loginResponseToken);
// Check if session recovery is enabled
if (session.IsSessionRecoveryEnabled)
{
// Create Feature extension Ack token
TDSFeatureExtAckToken featureExtActToken = new TDSFeatureExtAckToken(new TDSFeatureExtAckSessionStateOption((session as GenericTDSServerSession).Deflate()));
// Log response
TDSUtilities.Log(Arguments.Log, "Response", featureExtActToken);
// Serialize feature extnesion token into the response
responseMessage.Add(featureExtActToken);
}
// Create DONE token
TDSDoneToken doneToken = new TDSDoneToken(TDSDoneTokenStatusType.Final);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", doneToken);
// Serialize DONE token into the response packet
responseMessage.Add(doneToken);
// Wrap a single message in a collection
return(new TDSMessageCollection(responseMessage));
}
/// <summary>
/// Advances one step in SSPI authentication sequence
/// </summary>
protected virtual TDSMessageCollection ContinueSSPIAuthentication(ITDSServerSession session, byte[] payload)
{
// Response to send to the client
SSPIResponse response;
try
{
// Check if we have an SSPI context
if (session.NTUserAuthenticationContext == null)
{
// This is the first step so we need to create a server context and initialize it
session.NTUserAuthenticationContext = SSPIContext.CreateServer();
// Run the first step of authentication
response = session.NTUserAuthenticationContext.StartServerAuthentication(payload);
}
else
{
// Process SSPI request from the client
response = session.NTUserAuthenticationContext.ContinueServerAuthentication(payload);
}
}
catch (Exception e)
{
// Prepare ERROR token with the reason
TDSErrorToken errorToken = new TDSErrorToken(12345, 1, 15, "Failed to accept security SSPI context", Arguments.ServerName);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", errorToken);
// Serialize the error token into the response packet
TDSMessage responseErrorMessage = new TDSMessage(TDSMessageType.Response, errorToken);
// Prepare ERROR token with the final errorToken
errorToken = new TDSErrorToken(12345, 1, 15, e.Message, Arguments.ServerName);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", errorToken);
// Serialize the error token into the response packet
responseErrorMessage.Add(errorToken);
// Create DONE token
TDSDoneToken doneToken = new TDSDoneToken(TDSDoneTokenStatusType.Final | TDSDoneTokenStatusType.Error);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", doneToken);
// Serialize DONE token into the response packet
responseErrorMessage.Add(doneToken);
// Respond with a single message
return(new TDSMessageCollection(responseErrorMessage));
}
// Message collection to respond with
TDSMessageCollection responseMessages = new TDSMessageCollection();
// Check if there's a response
if (response != null)
{
// Check if there's a payload
if (response.Payload != null)
{
// Create SSPI token
TDSSSPIToken sspiToken = new TDSSSPIToken(response.Payload);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", sspiToken);
// Prepare response message with a single response token
responseMessages.Add(new TDSMessage(TDSMessageType.Response, sspiToken));
// Check if we can complete login
if (!response.IsFinal)
{
// Send the message to the client
return(responseMessages);
}
}
}
// Reset SQL user identifier since we're using NT authentication
session.SQLUserID = null;
// Append successfully authentication response
responseMessages.AddRange(OnAuthenticationCompleted(session));
// Return the message with SSPI token
return(responseMessages);
}
/// <summary>
/// Handler for login request
/// </summary>
public virtual TDSMessageCollection OnLogin7Request(ITDSServerSession session, TDSMessage request)
{
// Inflate login7 request from the message
TDSLogin7Token loginRequest = request[0] as TDSLogin7Token;
// Log request
TDSUtilities.Log(Arguments.Log, "Request", loginRequest);
// Update server context
session.Database = string.IsNullOrEmpty(loginRequest.Database) ? "master" : loginRequest.Database;
// Resolve TDS version
session.TDSVersion = TDSVersion.Resolve(TDSVersion.GetTDSVersion(Arguments.ServerVersion), loginRequest.TDSVersion);
// Check for the TDS version
TDSMessageCollection collection = CheckTDSVersion(session);
// Check if any errors are posted
if (collection != null)
{
// Version check needs to send own message hence we can't proceed
return(collection);
}
// Indicates federated authentication
bool bIsFedAuthConnection = false;
// Federated authentication option to be used later
TDSLogin7FedAuthOptionToken federatedAuthenticationOption = null;
// Check if feature extension block is available
if (loginRequest.FeatureExt != null)
{
// Go over the feature extension data
foreach (TDSLogin7FeatureOptionToken option in loginRequest.FeatureExt)
{
// Check option type
switch (option.FeatureID)
{
case TDSFeatureID.SessionRecovery:
{
// Enable session recovery
session.IsSessionRecoveryEnabled = true;
// Cast to session state options
TDSLogin7SessionRecoveryOptionToken sessionStateOption = option as TDSLogin7SessionRecoveryOptionToken;
// Inflate session state
(session as GenericTDSServerSession).Inflate(sessionStateOption.Initial, sessionStateOption.Current);
break;
}
case TDSFeatureID.FederatedAuthentication:
{
// Cast to federated authentication option
federatedAuthenticationOption = option as TDSLogin7FedAuthOptionToken;
// Mark authentication as federated
bIsFedAuthConnection = true;
// Validate federated authentication option
collection = CheckFederatedAuthenticationOption(session, option as TDSLogin7FedAuthOptionToken);
if (collection != null)
{
// Version error happened.
return(collection);
}
// Save the fed auth library to be used
(session as GenericTDSServerSession).FederatedAuthenticationLibrary = federatedAuthenticationOption.Library;
break;
}
default:
{
// Do nothing
break;
}
}
}
}
// Check if SSPI authentication is requested
if (loginRequest.OptionalFlags2.IntegratedSecurity == TDSLogin7OptionalFlags2IntSecurity.On)
{
// Delegate to SSPI authentication
return(ContinueSSPIAuthentication(session, loginRequest.SSPI));
}
// If it is not a FedAuth connection or the server has been started up as not supporting FedAuth, just ignore the FeatureExtension
// Yes unfortunately for the fake server, supporting FedAuth = Requiring FedAuth
if (!bIsFedAuthConnection ||
Arguments.FedAuthRequiredPreLoginOption == TdsPreLoginFedAuthRequiredOption.FedAuthNotRequired)
{
// We use SQL authentication
session.SQLUserID = loginRequest.UserID;
// Process with the SQL login.
return(OnSqlAuthenticationCompleted(session));
}
else
{
// Fedauth feature extension is present and server has been started up as Requiring (or Supporting) FedAuth
if (federatedAuthenticationOption.IsRequestingAuthenticationInfo)
{
// Must provide client with more info before completing authentication
return(OnFederatedAuthenticationInfoRequest(session));
}
else
{
return(OnFederatedAuthenticationCompleted(session, federatedAuthenticationOption.Token));
}
}
}
/// <summary>
/// Handler for login request
/// </summary>
public override TDSMessageCollection OnLogin7Request(ITDSServerSession session, TDSMessage request)
{
// Inflate login7 request from the message
TDSLogin7Token loginRequest = request[0] as TDSLogin7Token;
// Check if arguments are of the authenticating TDS server
if (Arguments is AuthenticatingTDSServerArguments)
{
// Cast to authenticating TDS server arguments
AuthenticatingTDSServerArguments ServerArguments = Arguments as AuthenticatingTDSServerArguments;
// Check if we're still processing normal login
if (ServerArguments.ApplicationIntentFilter != ApplicationIntentFilterType.All)
{
// Check filter
if ((ServerArguments.ApplicationIntentFilter == ApplicationIntentFilterType.ReadOnly && loginRequest.TypeFlags.ReadOnlyIntent != TDSLogin7TypeFlagsReadOnlyIntent.ReadOnly) ||
(ServerArguments.ApplicationIntentFilter == ApplicationIntentFilterType.None))
{
// Log request to which we're about to send a failure
TDSUtilities.Log(Arguments.Log, "Request", loginRequest);
// Prepare ERROR token with the denial details
TDSErrorToken errorToken = new TDSErrorToken(18456, 1, 14, "Received application intent: " + loginRequest.TypeFlags.ReadOnlyIntent.ToString(), Arguments.ServerName);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", errorToken);
// Serialize the error token into the response packet
TDSMessage responseMessage = new TDSMessage(TDSMessageType.Response, errorToken);
// Prepare ERROR token for the final decision
errorToken = new TDSErrorToken(18456, 1, 14, "Connection is denied by application intent filter", Arguments.ServerName);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", errorToken);
// Serialize the error token into the response packet
responseMessage.Add(errorToken);
// Create DONE token
TDSDoneToken doneToken = new TDSDoneToken(TDSDoneTokenStatusType.Final | TDSDoneTokenStatusType.Error);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", doneToken);
// Serialize DONE token into the response packet
responseMessage.Add(doneToken);
// Put a single message into the collection and return it
return(new TDSMessageCollection(responseMessage));
}
}
// Check if we're still processing normal login and there's a filter to check
if (ServerArguments.ServerNameFilterType != ServerNameFilterType.None)
{
// Check each algorithm
if ((ServerArguments.ServerNameFilterType == ServerNameFilterType.Equals && string.Compare(ServerArguments.ServerNameFilter, loginRequest.ServerName, true) != 0) ||
(ServerArguments.ServerNameFilterType == ServerNameFilterType.StartsWith && !loginRequest.ServerName.StartsWith(ServerArguments.ServerNameFilter)) ||
(ServerArguments.ServerNameFilterType == ServerNameFilterType.EndsWith && !loginRequest.ServerName.EndsWith(ServerArguments.ServerNameFilter)) ||
(ServerArguments.ServerNameFilterType == ServerNameFilterType.Contains && !loginRequest.ServerName.Contains(ServerArguments.ServerNameFilter)))
{
// Log request to which we're about to send a failure
TDSUtilities.Log(Arguments.Log, "Request", loginRequest);
// Prepare ERROR token with the reason
TDSErrorToken errorToken = new TDSErrorToken(18456, 1, 14, string.Format("Received server name \"{0}\", expected \"{1}\" using \"{2}\" algorithm", loginRequest.ServerName, ServerArguments.ServerNameFilter, ServerArguments.ServerNameFilterType), Arguments.ServerName);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", errorToken);
// Serialize the errorToken token into the response packet
TDSMessage responseMessage = new TDSMessage(TDSMessageType.Response, errorToken);
// Prepare ERROR token with the final errorToken
errorToken = new TDSErrorToken(18456, 1, 14, "Connection is denied by server name filter", Arguments.ServerName);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", errorToken);
// Serialize the errorToken token into the response packet
responseMessage.Add(errorToken);
// Create DONE token
TDSDoneToken doneToken = new TDSDoneToken(TDSDoneTokenStatusType.Final | TDSDoneTokenStatusType.Error);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", doneToken);
// Serialize DONE token into the response packet
responseMessage.Add(doneToken);
// Return only a single message with the collection
return(new TDSMessageCollection(responseMessage));
}
}
// Check if packet size filter is applied
if (ServerArguments.PacketSizeFilter != null)
{
// Check if requested packet size is the same as the filter specified
if (loginRequest.PacketSize != ServerArguments.PacketSizeFilter.Value)
{
// Log request to which we're about to send a failure
TDSUtilities.Log(Arguments.Log, "Request", loginRequest);
// Prepare ERROR token with the reason
TDSErrorToken errorToken = new TDSErrorToken(1919, 1, 14, string.Format("Received packet size \"{0}\", expected \"{1}\"", loginRequest.PacketSize, ServerArguments.PacketSizeFilter.Value), Arguments.ServerName);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", errorToken);
// Serialize the errorToken token into the response packet
TDSMessage responseMessage = new TDSMessage(TDSMessageType.Response, errorToken);
// Prepare ERROR token with the final errorToken
errorToken = new TDSErrorToken(1919, 1, 14, "Connection is denied by packet size filter", Arguments.ServerName);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", errorToken);
// Serialize the errorToken token into the response packet
responseMessage.Add(errorToken);
// Create DONE token
TDSDoneToken doneToken = new TDSDoneToken(TDSDoneTokenStatusType.Final | TDSDoneTokenStatusType.Error);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", doneToken);
// Serialize DONE token into the response packet
responseMessage.Add(doneToken);
// Return only a single message with the collection
return(new TDSMessageCollection(responseMessage));
}
}
// If we have an application name filter
if (ServerArguments.ApplicationNameFilter != null)
{
// If we are supposed to block this connection attempt
if (loginRequest.ApplicationName.Equals(ServerArguments.ApplicationNameFilter, System.StringComparison.OrdinalIgnoreCase))
{
// Log request to which we're about to send a failure
TDSUtilities.Log(Arguments.Log, "Request", loginRequest);
// Prepare ERROR token with the denial details
TDSErrorToken errorToken = new TDSErrorToken(18456, 1, 14, "Received application name: " + loginRequest.ApplicationName, Arguments.ServerName);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", errorToken);
// Serialize the error token into the response packet
TDSMessage responseMessage = new TDSMessage(TDSMessageType.Response, errorToken);
// Prepare ERROR token for the final decision
errorToken = new TDSErrorToken(18456, 1, 14, "Connection is denied by application name filter", Arguments.ServerName);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", errorToken);
// Serialize the error token into the response packet
responseMessage.Add(errorToken);
// Create DONE token
TDSDoneToken doneToken = new TDSDoneToken(TDSDoneTokenStatusType.Final | TDSDoneTokenStatusType.Error);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", doneToken);
// Serialize DONE token into the response packet
responseMessage.Add(doneToken);
// Put a single message into the collection and return it
return(new TDSMessageCollection(responseMessage));
}
}
}
// Return login response from the base class
return(base.OnLogin7Request(session, request));
}
public override TDSMessageCollection ExecuteRPC(ITDSServerSession session, TDSMessage message)
{
TDSRPCRequestToken rpc = message[0] as TDSRPCRequestToken;
TDSDoneToken done = new TDSDoneToken(TDSDoneTokenStatusType.Final, TDSDoneTokenCommandType.Done, 0);
if (String.IsNullOrEmpty(rpc.ProcName))
{
if (rpc.ProcID == TDSRPCRequestTokenProcID.Sp_ExecuteSql)
{
var sqlQuery = rpc.Parameters.First();
if (sqlQuery.DataType == TDSDataType.NVarChar)
{
var sql = sqlQuery.Value.ToString();
var result = TryGet(sql, rpc.Parameters);
if (null != result)
{
if (result.GetRecords().Any())
{
var tokens = ReturnTable(result);
// Create DONE token
TDSDoneToken doneToken =
new TDSDoneToken(TDSDoneTokenStatusType.Final | TDSDoneTokenStatusType.Count,
TDSDoneTokenCommandType.Select, (ulong)result.GetRecords().Count());
tokens.Add(doneToken);
// Log response
TDSUtilities.Log(Log, "Response", doneToken);
// Serialize tokens into the message
return(new TDSMessageCollection(new TDSMessage(TDSMessageType.Response,
tokens.ToArray())));
}
else if (result.ReturnValue.HasValue)
{
var retVal = new TDSReturnValueToken();
retVal.Flags.Updatable = TDSColumnDataUpdatableFlag.ReadOnly;
retVal.DataType = TDSDataType.IntN;
retVal.DataTypeSpecific = (byte)4;
retVal.Flags.IsComputed = true;
retVal.Flags.IsNullable =
true; // TODO: Must be nullable, otherwise something is wrong with SqlClient
retVal.ParamName = "@RETURN_VALUE";
retVal.Value = (int)result.ReturnValue.Value;
retVal.Status = TDSReturnValueStatus.Output;
TDSDoneInProcToken doneInRpc =
new TDSDoneInProcToken(TDSDoneTokenStatusType.Count,
TDSDoneTokenCommandType.DoneInProc, 1);
return(new TDSMessageCollection(new TDSMessage(TDSMessageType.Response, retVal, doneInRpc)));
}
else
{
TDSDoneInProcToken doneInRpc =
new TDSDoneInProcToken(TDSDoneTokenStatusType.Count,
TDSDoneTokenCommandType.DoneInProc,
result.Scalar);
return(new TDSMessageCollection(new TDSMessage(TDSMessageType.Response, doneInRpc)));
}
}
else
{
PrintMissignQuery(sql, rpc.Parameters);
}
}
}
}
else
{
var text = rpc.ProcName.ToLowerInvariant();
var result = TryGet(text, rpc.Parameters);
if (null != result)
{
if (result.GetRecords().Any())
{
var tokens = ReturnTable(result);
// Create DONE token
TDSDoneToken doneToken =
new TDSDoneToken(TDSDoneTokenStatusType.Final | TDSDoneTokenStatusType.Count,
TDSDoneTokenCommandType.Select, (ulong)result.GetRecords().Count());
tokens.Add(doneToken);
// Log response
TDSUtilities.Log(Log, "Response", doneToken);
// Serialize tokens into the message
return(new TDSMessageCollection(new TDSMessage(TDSMessageType.Response, tokens.ToArray())));
}
else
{
TDSDoneInProcToken doneIn =
new TDSDoneInProcToken(TDSDoneTokenStatusType.Count, TDSDoneTokenCommandType.DoneInProc,
result.Scalar);
return(new TDSMessageCollection(new TDSMessage(TDSMessageType.Response, doneIn)));
}
}
else
{
PrintMissignQuery(text, rpc.Parameters);
}
}
return(new TDSMessageCollection(new TDSMessage(TDSMessageType.Response, done)));
}
