static MessageTypes GetMessageType(KerberosData KerbData, TDSReader ByteReader)
        {
            int Len = ReadAsnLen(ByteReader);

            int MsgType = ByteReader.ReadByte();

            if (Len == 1)
            {
                if (MsgType == (int)MessageTypes.KRB_TGS_REQ)
                {
                    KerbData.RequestType = MessageTypes.KRB_TGS_REQ;
                }
                else if (MsgType == (int)MessageTypes.KRB_ERROR)
                {
                    KerbData.ResponseType = MessageTypes.KRB_ERROR;
                }
                else if (MsgType == (int)MessageTypes.KRB_TGS_REP)
                {
                    KerbData.ResponseType = MessageTypes.KRB_TGS_REP;
                }

                return((MessageTypes)MsgType);
            }
            else // bug in the code if we get here ...
            {
                throw new Exception("Invalid KERB Request length: " + Len);
            }
        }
Exemplo n.º 2
0
 public void Read(TDSReader r)
 {
     PacketType = r.ReadByte();
     if (PacketType != (byte)TDSPacketType.SQLBATCH &&
         PacketType != (byte)TDSPacketType.LOGIN &&
         PacketType != (byte)TDSPacketType.RPC &&
         PacketType != (byte)TDSPacketType.RESPONSE &&
         PacketType != (byte)TDSPacketType.ATTENTION &&
         PacketType != (byte)TDSPacketType.BULKLOAD &&
         PacketType != (byte)TDSPacketType.DTC &&
         PacketType != (byte)TDSPacketType.LOGIN7 &&
         PacketType != (byte)TDSPacketType.SSPI &&
         PacketType != (byte)TDSPacketType.PRELOGIN &&
         PacketType != (byte)TDSPacketType.APPDATA)
     {
         throw new InvalidTDSException("Unknown token type: " + PacketType);
     }
     Status = r.ReadByte();
     if (Status > 31)
     {
         throw new InvalidTDSException("Unknown Status value: " + Status);               // supposed to ignore other flag fields
     }
     Length   = r.ReadBigEndianUInt16();
     SPID     = r.ReadBigEndianUInt16();
     PacketID = r.ReadByte();
     Window   = r.ReadByte();
     if (Window != 0)
     {
         throw new InvalidTDSException("Invalid TDS Window value: " + Window);              // supposed to ignore
     }
 }
        static void ParseNonErrorResponseTCP(KerberosData KerbData, TDSReader ByteReader)
        {
            //Tag4-TagC
            //int TagID = 0, TagLen = 0;

            //do
            //{
            //    TagID = ByteReader.ReadByte();
            //    TagLen = ReadAsnLen(ByteReader, false);
            //    TagID = (TagID & (int)0x1F);


            //    switch (TagID)
            //    {
            //        case 0:
            //        case 1:
            //        case 2:
            //        case 3:
            //        case 4:
            //        case 5:
            //        case 6:
            //            {
            //                ByteReader.ReadBytes(TagLen); // Skip 'Crealm', 'Cname', 'Ticket' and 'EncPart'
            //                break;
            //            }
            //        default:
            //            {
            //                throw new Exception("Unexpected Tag " + TagID + " found in KERB TCP error response" );
            //            }
            //    }

            //}
            //while (TagID < 6); //total 6 tags expected
        }
        static void ParseErrorResponseUDP(KerberosData KerbData, TDSReader ByteReader)
        {
            int TagID = 0, TagLen = 0;

            do
            {
                TagID  = ByteReader.ReadByte() & (int)0x1F;
                TagLen = ReadAsnLen(ByteReader, false);

                switch (TagID)
                {
                case 4:     //skip Tag4->Stime,
                case 5:     //skip Tag5->SuSec
                {
                    ByteReader.ReadBytes(TagLen);
                    break;
                }

                case 6:
                {
                    ReadAsnLen(ByteReader);
                    KerbData.errorCode = ByteReader.ReadByte();
                    KerbData.ErrorDesc = GetErrorDesc((ErrorCodes)KerbData.errorCode);
                    return;
                }

                default:
                {
                    //throw new Exception("Unexpected Tag " + TagID + " found in  KERB UDP error response");
                    break;
                }
                }
            }while (TagID < 6); //Total 12 tags expected, but we are reading only 6 tags until error code
        }
Exemplo n.º 5
0
        //Parse User name and domain name
        //check are they both 0 length? if yes, set a flag in conversation data that indicates null credentials
        public static bool AreTheCredentialsNull(FrameData fd)
        {
            if (fd.payload == null)
            {
                return(false);
            }

            // does not matter if the frame is fragmented. What we want - the length fields - are right near the beginning of the payload - just 36 bytes into it
            TDSReader ByteReader = new TDSReader(fd.payload, 0, -1, fd.payloadLength);

            ByteReader.ReadBytes(8);                          // TDS header
            ByteReader.ReadBytes(8);                          // Skip NTLMSSP string.
            ByteReader.ReadBytes(4);                          // Skip Message type
            ByteReader.ReadBytes(8);                          // Skip LmChallengeResponseFields - 8 bytes expected
            ByteReader.ReadBytes(8);                          // Skip NtChallengeResponseFields - 8 bytes expected
            short DomainNameLen = ByteReader.ReadInt16();     // Read DomainNameFields->Length - 2 bytes

            ByteReader.ReadBytes(2);                          // Skip DomainNameFields->MaximumLength - 2 bytes - to be ignored per the spec
            int   DomainNameOffSet = ByteReader.ReadInt32();  // Read DomainNameFields->BufferOffset - 4 bytes
            short UserNameLen      = ByteReader.ReadInt16();  // Read UserNameFields-Length

            ByteReader.ReadBytes(2);                          // Skip UserNameFields-MaximumLength  - 2 bytes - to be ignored per the spec
            int UserNameOffSet = (int)ByteReader.ReadInt16(); // Read UserNameFields-BufferOffset

            if (UserNameLen > 0 && DomainNameLen > 0)
            {
                return(false);
            }

            return(true); // user name or domain name are null
        }
Exemplo n.º 6
0
        public static TDSHeader Read(TDSReader r)   // TODo - not all token types have a TDS Header, like APPDATA or perhaps SSPI - needs more research
        {
            TDSHeader head = new TDSHeader();

            head.PacketType = r.ReadByte();
            if (head.PacketType != (byte)TDSPacketType.SQLBATCH &&
                head.PacketType != (byte)TDSPacketType.LOGIN &&
                head.PacketType != (byte)TDSPacketType.RPC &&
                head.PacketType != (byte)TDSPacketType.RESPONSE &&
                head.PacketType != (byte)TDSPacketType.ATTENTION &&
                head.PacketType != (byte)TDSPacketType.BULKLOAD &&
                head.PacketType != (byte)TDSPacketType.DTC &&
                head.PacketType != (byte)TDSPacketType.LOGIN7 &&
                head.PacketType != (byte)TDSPacketType.SSPI &&
                head.PacketType != (byte)TDSPacketType.PRELOGIN &&
                head.PacketType != (byte)TDSPacketType.APPDATA)
            {
                throw new InvalidTDSException("Unknown token type: " + head.PacketType);
            }
            head.Status = r.ReadByte();
            if (head.Status > 31)
            {
                throw new InvalidTDSException("Unknown Status value: " + head.Status);                    // supposed to ignore other flag fields
            }
            head.Length   = r.ReadBigEndianUInt16();
            head.SPID     = r.ReadBigEndianUInt16();
            head.PacketID = r.ReadByte();
            head.Window   = r.ReadByte();
            if (head.Window != 0)
            {
                throw new InvalidTDSException("Invalid TDS Window value: " + head.Window);                   // supposed to ignore
            }
            return(head);
        }
Exemplo n.º 7
0
        public void Read(TDSReader r)
        {
            byte FeatureID = r.ReadByte();

            while (FeatureID != 0xFF)
            {
                FeatureExtAckData data = new FeatureExtAckData();
                data.FeatureID   = FeatureID;
                data.FeatureData = r.ReadBytes4();
                FeatureID        = r.ReadByte();
            }
        }
Exemplo n.º 8
0
 public void Read(TDSReader r)
 {
     Length = r.ReadUInt16();
     r.TokenStart(Length);
     Number        = r.ReadUInt32();
     State         = r.ReadByte();
     Class         = r.ReadByte();
     Message       = r.ReadUnicodeString2();
     ServerName    = r.ReadUnicodeString1();
     ProcedureName = r.ReadUnicodeString1();
     LineNumber    = r.ReadUInt32();
     r.TokenDone();
 }
        public TDSHeader GetTDSHeader()
        {
            TDSHeader head = null;
            TDSReader r    = null;              // TDSReader does not need to be closed; GC is all it needs

            try
            {
                r    = new TDSReader(payload, 0); // header does not span packets, so we can read without aggregating
                head = TDSHeader.Read(r);
            }
            catch (Exception) { return(null); }  // null if error
            return(head);
        }
Exemplo n.º 10
0
        UInt64 DoneRowCount;               // read 4 bytes if TDS > 7.1, otherwise, read 2 bytes

        public void Read(TDSReader r)
        {
            if (r.TDSVersion == (UInt32)TDSVersions.Unknown)
            {
                throw new UnknownTDSVersionException("Done token needs to know the TDS version.");
            }
            Status = r.ReadUInt16();
            CurCmd = r.ReadUInt16();
            byte TDSVer = (byte)(r.TDSVersion & 0x000000FF);

            DoneRowCount = (TDSVer < 0x72) ? r.ReadUInt32() : r.ReadUInt64();
            r.TokenDone();
        }
        static void GetVersion(KerberosData KerbData, TDSReader ByteReader)
        {
            int Length = ReadAsnLen(ByteReader);

            if (Length == 1)
            {
                KerbData.Version = ByteReader.ReadByte();
            }

            if ((Length != 1) || (KerbData.Version != 5))
            {
                throw new Exception("Invalid Kerberos version and unexpected version or unexpected number of bytes are used for storing the version ");
            }
        }
Exemplo n.º 12
0
        public TDSHeader GetTDSHeader()
        {
            if (frames == null)
            {
                throw new InvalidOperationException("Packet must have at least one frame.");
            }
            TDSHeader head = null;
            TDSReader r    = null;              // TDSReader does not need to be closed; GC is all it needs

            try
            {
                r    = new TDSReader(((FrameData)(frames[0])).payload, 0); // header does not span packets, so we can read without aggregating
                head = TDSHeader.Read(r);
            }
            catch (Exception) { return(null); }  // null if error
            return(head);
        }
Exemplo n.º 13
0
        public void Read(TDSReader r)
        {
            byte   MajorVer;
            byte   MinorVer;
            ushort Build;

            Length = r.ReadUInt16();
            r.TokenStart(Length);
            Interface      = r.ReadByte();
            TDSVersion     = r.ReadUInt32();
            r.TDSVersion   = TDSVersion;
            ProgramName    = r.ReadUnicodeString1();
            MajorVer       = r.ReadByte();
            MinorVer       = r.ReadByte();
            Build          = r.ReadUInt16();
            ProgramVersion = MajorVer + "." + MinorVer + "." + Build;
            r.TokenDone();
        }
Exemplo n.º 14
0
 public void Read(TDSReader r)
 {
     if (r.TDSVersion == (UInt32)TDSVersions.Unknown)
     {
         throw new UnknownTDSVersionException("Column meta data needs to know the TDS version.");
     }
     ColumnCount = r.ReadUInt16();
     if (ColumnCount == 0xFFFF)
     {
         return;                          // no metadata - the client specified to return none
     }
     for (int i = 0; i < ColumnCount; i++)
     {
         TDSColumnMetaData cm = new TDSColumnMetaData();
         cm.Read(r);
         ColumnData.Add(cm);
     }
 }
Exemplo n.º 15
0
        public void Read(TDSReader r)
        {
            uint   ReadLength = 4;
            uint   headerLength;
            ushort headerType;

            TotalLength = r.ReadUInt32();
            r.TokenStart((int)TotalLength - 4);    // TotalLength includes its own length (DWORD = 4 bytes)
            while (ReadLength < TotalLength)
            {
                headerLength = r.ReadUInt32();
                ReadLength  += headerLength;
                headerType   = r.ReadUInt16();
                switch (headerType)
                {
                case 1:
                {
                    notification = new TDSHeaderQueryNotification();
                    notification.Read(r, (int)headerLength);
                    break;
                }

                case 2:
                {
                    txd = new TDSHeaderTransactionDescriptor();
                    txd.Read(r);
                    break;
                }

                case 3:
                {
                    trace = new TDSHeaderTraceActivity();
                    trace.Read(r);
                    break;
                }
                }
            }
            r.TokenDone();
            if (TotalLength != ReadLength)
            {
                throw new InvalidTDSException("TDS HeaderAll TotalLength(" + TotalLength + ") does not equal ReadLength(" + ReadLength + ").");
            }
        }
        static void ParseErrorResponseTCP(KerberosData KerbData, TDSReader ByteReader)
        {
            //Tag4-TagC
            int TagID = 0, TagLen = 0;

            do
            {
                TagID  = ByteReader.ReadByte();
                TagLen = ReadAsnLen(ByteReader, false);

                TagID = (TagID & (int)0x1F);
                switch (TagID)
                {
                case 4:
                case 5:
                case 9:
                case 10:
                case 12:
                {
                    ByteReader.ReadBytes(TagLen);         // Skip 'STime', 'SuSec', 'Realm'
                    break;
                }

                case 6:
                {
                    ReadAsnLen(ByteReader);
                    KerbData.errorCode = ByteReader.ReadByte();
                    KerbData.ErrorDesc = GetErrorDesc((ErrorCodes)KerbData.errorCode);
                    return;
                }

                default:
                {
                    break;
                    //return;
                    //throw new Exception("Unexpected Tag" + TagID + " found in  KERB TCP response");
                }
                }
            }while (TagID < 6); //Total 12 tags expected, but we are reading only 6 tags until error code
        }
        static Int32 ReadAsnLen(TDSReader ByteReader, bool IsReadFirstByte = true)
        {
            if (IsReadFirstByte)
            {
                ByteReader.ReadByte();
            }

            int Len = ByteReader.ReadByte();

            if ((Len & (int)0x80) == (int)0x80)
            {
                switch (Len & 0x7F)
                {
                case 1:
                {
                    Len = ByteReader.ReadByte();
                    break;
                }

                case 2:
                {
                    Len = ByteReader.ReadBigEndianUInt16();
                    break;
                }

                case 3:
                {
                    Len = (int)ByteReader.ReadUInt32();
                    break;
                }

                default:
                {
                    //throw new Exception("Unknown tag (" + Len + ") in kerberos packet.");
                    break;
                }
                }
            }
            return(Len);
        }
Exemplo n.º 18
0
        public void Read(TDSReader r, int headerLength)
        {
            int    ReadLength = 4;
            ushort IDLength;
            ushort DeploymentLength;

            IDLength         = r.ReadUInt16();
            NotifyID         = r.ReadUnicodeString(IDLength / 2);         // IDLength is supposed to be BYTEs rather than Characters - according to the spec
            DeploymentLength = r.ReadUInt16();
            SSBDeployment    = r.ReadUnicodeString(DeploymentLength / 2); // spec section 2.2.5.3.1 (p33/195) says it is a count of bytes not chars
            ReadLength      += 4 + IDLength + DeploymentLength;           // multiply these guys by 2 if it turns out they a char counts - but spec says bytes
            if (ReadLength == headerLength - 4)
            {
                fHasTimeout   = true;
                NotifyTimeout = r.ReadUInt32();
                ReadLength   += 4;
            }
            if (ReadLength != headerLength)
            {
                throw new InvalidTDSException("Query notification header length (" + headerLength + ") does not match bytes read (" + ReadLength + ").");
            }
        }
        static KerberosData ParseErrorResponseUDP(TDSReader ByteReader)
        {
            int TagID = 10, TagLen = 0, DataLen = 0;

            KerberosData KerbData = new KerberosData();

            ReadAsnLen(ByteReader); //Skip over 4 bytes 'ApplicationTag'
            ReadAsnLen(ByteReader); //Skip over 4 bytes 'SequenceHeader'
            do
            {
                TagID  = ByteReader.ReadByte();
                TagLen = ReadAsnLen(ByteReader, false);
                switch (TagID & 0x1F)
                {
                case 0:
                case 1:
                case 4:
                case 5:
                case 9:
                    break;

                case 6:
                {
                    DataLen = ReadAsnLen(ByteReader, false);
                    if (DataLen == 1)
                    {
                        KerbData.errorCode = ByteReader.ReadByte();
                        KerbData.ErrorDesc = GetErrorDesc((ErrorCodes)KerbData.errorCode);
                    }

                    return(KerbData);
                }
                } //Switch
            }while ((TagID & (int)0x1F) <= 9);


            return(KerbData);
        }
 static void ParseNonErrorResponseUDP(KerberosData KerbData, TDSReader ByteReader)
 {
     /*
      * int TagID = 0, TagLen = 0;
      * return;
      *
      * do
      * {
      *  TagID = ByteReader.ReadByte();
      *  TagLen = ReadAsnLen(ByteReader, false);
      *
      *  TagID = (TagID & (int)0x1F);
      *  switch (TagID)
      *  {
      *
      *      case 3:
      *      case 4:
      *          {
      *              ByteReader.ReadBytes(TagLen); // Skip 'Crealm', 'Cname',
      *              break;
      *          }
      *      case 5:
      *          {
      *              //Skip Tag5->Ticket->ApplicationTag
      *              ReadAsnLen(ByteReader);
      *
      *              //Skip Tag5->Ticket->SequenceHeader
      *              ReadAsnLen(ByteReader);
      *
      *              int InnerTagID = -1;
      *              int InnerTagLen = 0;
      *
      *              do
      *              {
      *                  InnerTagID = ByteReader.ReadByte() & (int)0x1F;
      *                  InnerTagLen = ReadAsnLen(ByteReader, false);
      *
      *
      *                  switch (InnerTagID)
      *                  {
      *
      *                      case 0: //Tag0->TktVno
      *                      case 1: //Skip Tag1->Realm
      *                          {
      *                              ByteReader.ReadBytes(InnerTagLen);
      *                              break;
      *                          }
      *                      case 2: //Ticket->Sname
      *                          {
      *                              //int Length = ReadAsnLen(ByteReader); //Skip sequenceheader  of sname.
      *                              //ByteReader.ReadByte();
      *
      *
      *                              //Skip Tag5->Ticket->Sname->SequenceHeader
      *                              ReadAsnLen(ByteReader);
      *                              int IInnerTagID = -1;
      *                              int IInnerTagLen = 0;
      *
      *                              do
      *                              {
      *                                  IInnerTagID = ByteReader.ReadByte() & (int)0x1F;
      *                                  IInnerTagLen = ReadAsnLen(ByteReader, false);
      *                                  switch (IInnerTagID)
      *                                  {
      *                                      case 0:
      *                                          {
      *                                              ByteReader.ReadBytes(IInnerTagLen);
      *                                              break;
      *                                          }
      *                                      case 1:
      *                                          {
      *                                              ByteReader.ReadByte();
      *                                              ByteReader.ReadByte();
      *
      *                                              ByteReader.ReadByte();
      *
      *                                              int Length = ByteReader.ReadByte();
      *                                              String Class = ByteReader.ReadAnsiString(Length);
      *
      *                                              ByteReader.ReadByte();
      *                                              Length = ByteReader.ReadByte();
      *                                              KerbData.SPNRequested = Class + "/" + ByteReader.ReadAnsiString(Length);
      *                                              break;
      *                                          }
      *
      *                                  }
      *                              } while (IInnerTagID < 1);
      *                              //KerbData.SPNRequested = ByteReader.ReadAnsiString(InnerTagLen);
      *                              break;
      *                          }
      *                  }
      *              }
      *              while (InnerTagID < 2); // Read until Sname
      *
      *              break;
      *          }
      *      default:
      *          {
      *              throw new Exception("Unexpected Tag " + TagID + " found in  KERB TCP response");
      *          }
      *  }
      *
      * }
      * while (TagID < 5);
      */
 }
Exemplo n.º 21
0
        //
        // Used when creating child TDSReaders - called by the OffsetReader method - See Prelogin token for an example
        //

        internal TDSReader(TDSReader parent, byte[] data, int initialOffset, int lastTDSIndex = -1, int TDSlength = -1)
            : this(data, initialOffset, lastTDSIndex, TDSlength)
        {
            ParentReader = parent;
        }
Exemplo n.º 22
0
        public void Read(TDSReader r)
        {
            byte TDSVer = (byte)(r.TDSVersion & 0x000000FF);

            UserType = (TDSVer < 0x72) ? r.ReadUInt16() : r.ReadUInt32();
            Flags    = r.ReadUInt16();
            Type     = (TDSTokenColumnType)(r.ReadByte());
            switch (Type)
            {
            //
            // no need to read anything else for fixed-length types
            //
            case TDSTokenColumnType.Null:
            case TDSTokenColumnType.TinyInt:
            case TDSTokenColumnType.Bit:
            case TDSTokenColumnType.SmallInt:
            case TDSTokenColumnType.Int:
            case TDSTokenColumnType.SmallDateTime:
            case TDSTokenColumnType.Real:
            case TDSTokenColumnType.Money:
            case TDSTokenColumnType.DateTime:
            case TDSTokenColumnType.Float:
            case TDSTokenColumnType.SmallMoney:
            case TDSTokenColumnType.BigInt:
            {
                break;
            }

            //
            // data types that have a 1 byte length
            //
            case TDSTokenColumnType.GUID:
            case TDSTokenColumnType.VarBinary:
            case TDSTokenColumnType.IntN:
            case TDSTokenColumnType.VarChar:
            case TDSTokenColumnType.DateN:       // question about this type
            case TDSTokenColumnType.Binary:
            case TDSTokenColumnType.Char:
            case TDSTokenColumnType.BitN:
            case TDSTokenColumnType.FloatN:
            case TDSTokenColumnType.MoneyN:
            case TDSTokenColumnType.DateTimeN:
            {
                Length = r.ReadByte();
                break;
            }

            //
            // data types that have a 1 byte length and 1 byte scale
            //
            case TDSTokenColumnType.TimeN:
            case TDSTokenColumnType.DateTime2N:
            case TDSTokenColumnType.DateTimeOffsetN:
            {
                Length = r.ReadByte();
                Scale  = r.ReadByte();
                break;
            }

            //
            // data types that have a 1 byte length, 1 byte precision, and 1 byte scale
            //
            case TDSTokenColumnType.Decimal:
            case TDSTokenColumnType.Numeric:
            case TDSTokenColumnType.DecimalN:
            case TDSTokenColumnType.NumericN:
            {
                Length    = r.ReadByte();
                Precision = r.ReadByte();
                Scale     = r.ReadByte();
                break;
            }

            //
            // data types that have a 2 byte length
            //
            case TDSTokenColumnType.LongVarBinary:
            case TDSTokenColumnType.LongBinary:
            {
                Length = r.ReadUInt16();
                break;
            }

            //
            // data types that have a 2 byte length and an optional 5-byte collation
            //
            case TDSTokenColumnType.LongVarChar:
            case TDSTokenColumnType.LongChar:
            case TDSTokenColumnType.NVarChar:
            case TDSTokenColumnType.NChar:
            {
                Length = r.ReadUInt16();
                if (TDSVer >= 0x71)
                {
                    Collation = r.ReadBytes(5);
                }
                break;
            }

            //
            // data types that have a 4 byte length
            //
            case TDSTokenColumnType.Image:
            case TDSTokenColumnType.Variant:
            case TDSTokenColumnType.NText:
            {
                Length = r.ReadUInt32();
                break;
            }

            //
            // data types that have a 4 byte length and an optional 5-byte collation
            //
            case TDSTokenColumnType.Text:
            {
                Length = r.ReadUInt32();
                if (TDSVer >= 0x71)
                {
                    Collation = r.ReadBytes(5);
                }
                break;
            }

            //
            // CLR User-Defined Type
            //
            case TDSTokenColumnType.UDT:
            {
                Length       = r.ReadUInt16();
                DBName       = r.ReadUnicodeString1();
                SchemaName   = r.ReadUnicodeString1();
                TypeName     = r.ReadUnicodeString1();
                AssemblyName = r.ReadUnicodeString2();         // can be longer than 255 characters
                break;
            }

            //
            // XML
            //
            case TDSTokenColumnType.XML:
            {
                XmlSchemaPresent = r.ReadByte();
                if (XmlSchemaPresent == 1)
                {
                    DBName           = r.ReadUnicodeString1();
                    SchemaName       = r.ReadUnicodeString1();
                    SchemaCollection = r.ReadUnicodeString2();           // can be longer than 255 characters
                }
                break;
            }

            default:
            {
                throw new InvalidTDSException("Unknown TDS data type: " + (byte)(Type) + ".");
            }
            }
            ColumnName = r.ReadUnicodeString1();
        }
        public static KerberosData ProcessTCP(ConversationData c)
        {
            KerberosData KerbData = new KerberosData();

            KerbData.SourcePort = c.sourcePort;
            KerbData.convData   = c;

            ReassembleFrames(c);
            foreach (FrameData fd in c.frames)
            {
                TDSReader ByteReader = null;

                if ((fd.payloadLength <= 1) && (fd.reassembledPayLoadLength <= 1))
                {
                    continue;
                }

                if ((fd.flags & (int)(TCPFlag.PUSH)) == 0)
                {
                    continue;
                }



                if (fd.reassembledPayLoad != null)
                {
                    ByteReader = new TDSReader(fd.reassembledPayLoad, 0, -1, fd.reassembledPayLoad.Length);
                }
                else
                {
                    ByteReader = new TDSReader(fd.payload, 0, -1, fd.payloadLength);
                }


                //Read or skip 4 bytes
                ByteReader.ReadByte();
                ByteReader.ReadByte();
                ByteReader.ReadByte();
                ByteReader.ReadByte();

                //Skip over 4 bytes 'ApplicationTag'
                ReadAsnLen(ByteReader);

                //Skip over 4 bytes 'KdcReq->SequenceHeader'
                ReadAsnLen(ByteReader);

                int    Len2 = 0, TagLen = 0, TagID = 0;
                string SPN = null;

                KerbData.convData = c;
                bool IsContinueToNextFrame = false;

                do
                {
                    TagID  = ByteReader.ReadByte();
                    TagLen = ReadAsnLen(ByteReader, false);
                    TagID  = TagID & 0x1F;


                    switch (TagID) //Lower 5 bits
                    {
                    case 0:        // Version# is in Tago in error response.
                    {
                        GetVersion(KerbData, ByteReader);
                        break;
                    }

                    case 1:
                    {
                        //Tag1 contains request type for error and non-error response.
                        //So, read the response type and break.
                        if (!fd.isFromClient)         // could KERB error response or normal response
                        {
                            GetMessageType(KerbData, ByteReader);
                            KerbData.frameNo   = fd.frameNo;
                            KerbData.TimeStamp = new DateTime(((FrameData)c.frames[c.frames.Count - 1]).ticks).ToString(utility.TIME_FORMAT);
                            if (KerbData.ResponseType == MessageTypes.KRB_ERROR)
                            {
                                //Console.WriteLine(fd.frameNo.ToString());
                                ParseErrorResponseTCP(KerbData, ByteReader);

                                IsContinueToNextFrame = true;
                            }
                            else if (KerbData.ResponseType == MessageTypes.KRB_TGS_REP)
                            {
                                //ParseNonErrorResponseTCP(KerbData, ByteReader);
                                IsContinueToNextFrame = true;
                                KerbData.ErrorDesc    = "No Error.";
                            }

                            //
                            // Looks like a bug here if the Message type is not 12 or 13. e.g. in my trace, it is KRB_AS_REP (11)
                            // We don't go down either of the above paths and then try to parse TAG 2 next time around the loop, which has a different meaning (padata) and then crash.
                            //
                            // Suggested fix:
                            //
                            else
                            {
                                IsContinueToNextFrame = true;          // must abort parsing if unexpected message type
                            }
                            //

                            break;
                        }
                        else
                        {
                            GetVersion(KerbData, ByteReader);          //Extract version# from KERB TCP request.
                            break;
                        }
                    }

                    case 2:
                    {
                        // Tag2 present only in the request and not in the response and error responses.
                        // Console.WriteLine(fd.frameNo.ToString());
                        if (GetMessageType(KerbData, ByteReader) != MessageTypes.KRB_TGS_REQ)
                        {
                            return(KerbData);                                                                           // if not a TGS_REQ, ignore rest of conversation and exit
                        }
                        // IsContinueToNextFrame = true;
                        break;
                    }

                    case 3:
                    {
                        // skip the padata tag. Tag3 present in requet and response.
                        //But we should not hit this case for response and only for request
                        ByteReader.ReadBytes(TagLen);
                        break;
                    }

                    case 4:
                    {
                        //Skip over 4 bytes 'SequenceHeader'
                        ReadAsnLen(ByteReader);
                        int Id2    = 0;
                        int TagNum = 0;
                        do
                        {
                            Id2  = ByteReader.ReadByte();
                            Len2 = ReadAsnLen(ByteReader, false);

                            TagNum = Id2 & 0x1F;

                            switch (TagNum)
                            {
                            case 0:
                            {
                                ByteReader.ReadByte();
                                int Len3 = ReadAsnLen(ByteReader, false);

                                //Read and skip 'padding'
                                ByteReader.ReadBytes(Len3 - 4);

                                KerbData.IsForwardable = (ByteReader.ReadByte() & 0x40) != 0;

                                //Read remaining three bytes
                                ByteReader.ReadBytes(3);
                                break;
                            }

                            case 1:
                            case 2:
                            case 4:
                            case 5:
                            case 7:
                            case 8:
                            case 9:
                            case 10:
                            {
                                ByteReader.ReadBytes(Len2);
                                break;
                            }

                            case 3:                                // outer tag 4 inner tag 3 - Request:SNAME
                            {
                                ReadAsnLen(ByteReader);            //Skip sequence header  of sname
                                int Len3 = ReadAsnLen(ByteReader); //Skip Tag0  of sname
                                //
                                // Read the Name Type:
                                //
                                //  2 = NT-SRV-INST   - has two Strings: Service and Instance. '/' separater is implied
                                // 10 = NT-ENTERPRISE - has one String
                                //
                                // Throw error on all other values
                                //
                                Len3 = ReadAsnLen(ByteReader);
                                if (Len3 != 1)
                                {
                                    throw new Exception("Unexpected length (" + Len3 + ") reading SName Name Type.");
                                }
                                byte NameType = ByteReader.ReadByte();
                                KerbData.SNameType = NameType;
                                //if (NameType != 2 && NameType != 10)
                                //{
                                //    IsContinueToNextFrame = true;
                                //    break;
                                //}

                                ReadAsnLen(ByteReader);                 //Skip  Tag1 of sname
                                Len3 = ReadAsnLen(ByteReader);          //Skip sequenceheader  of sname.

                                SPN = "";
                                if (NameType == 2)                 // read service type
                                {
                                    Len3 = ReadAsnLen(ByteReader);
                                    SPN  = ByteReader.ReadAnsiString(Len3) + "/";
                                }
                                Len3 = ReadAsnLen(ByteReader);                 // read SPN length
                                SPN += ByteReader.ReadAnsiString(Len3);
                                KerbData.SPNRequested = SPN;
                                //Console.WriteLine("SPN=\t" + SPN);
                                break;
                            }

                            default:
                            {
                                //throw new Exception("Unexpected TAG (" + TagNum + ") found in the KERB TCP request, frame: " + fd.frameNo.ToString());
                                break;
                            }
                            }
                        } while (TagNum < 3);         //Because, we are reading only 1st three tags of requestbody and skip the rest

                        break;
                    }

                    default:
                    {
                        // throw new Exception("Un expected tags in kerberos request/response/ problem in parseing");
                        break;
                    }
                    }
                }while ((TagID < 4) && (!IsContinueToNextFrame));
            }

            return(KerbData);
        }
Exemplo n.º 24
0
        public string AlternateServer = null;   // server name to reroute the connection to

        public void Read(TDSReader r)
        {
            Length = r.ReadUInt16();
            r.TokenStart(Length);
            EnvChangeType = (TDSEnvChgTokens)r.ReadByte();
            if (EnvChangeType == TDSEnvChgTokens.PromoteTrans)
            {
                r.TokenDone();                                                // Length always 1 for this token type
            }
            switch (EnvChangeType)
            {
            case TDSEnvChgTokens.Database:                   //   1  Database name
            case TDSEnvChgTokens.Language:                   //   2  Language
            case TDSEnvChgTokens.CharSet:                    //   3  Character set                         - TDS 7.0
            case TDSEnvChgTokens.PacketSize:                 //   4  Packet Size
            case TDSEnvChgTokens.UnicodeSortLocale:          //   5  Unicode data sorting locale id        - TDS 7.0
            case TDSEnvChgTokens.UnicodeCompareFlags:        //   6  Unicode data sorting comparison flags - TDS 7.0
            case TDSEnvChgTokens.MirrorPartner:              //  13  Database mirroring partner
            case TDSEnvChgTokens.UserInfo:                   //  19  User instance
            {
                NewValue = r.ReadUnicodeString1();           // returns "" if length argument is zero
                OldValue = r.ReadUnicodeString1();
                break;
            }

            case TDSEnvChgTokens.Collation:                  //   7  SQL collation - generally 5 bytes
            case TDSEnvChgTokens.BeginTrans:                 //   8  Begin transaction          - old data is always 0x00 length
            case TDSEnvChgTokens.CommitTrans:                //   9  Commit transaction         - new data is always 0x00 length
            case TDSEnvChgTokens.RollbackTrans:              //  10  Rollback transaction       - new data is always 0x00 length
            case TDSEnvChgTokens.EnlistDTC:                  //  11  Enlist TDS transaction     - new data is always 0x00 length
            case TDSEnvChgTokens.DefectTrans:                //  12  Defect transaction         - old data is always 0x00 length
            case TDSEnvChgTokens.TransMgrAddress:            //  16  Transaction Manager Address- old data is always 0x00 length - unused token
            case TDSEnvChgTokens.TransEnded:                 //  17  Transaction Ended          - new data is always 0x00 length
            case TDSEnvChgTokens.ResetCompletedAck:          //  18  Reset achknowledgement     - new data and old data both 0x00 length
            {
                NewBytes = r.ReadBytes1();
                OldBytes = r.ReadBytes1();
                break;
            }

            case TDSEnvChgTokens.PromoteTrans:               //  15  Promote transaction        - new data length is 4 bytes, old data is always 0x00 length
            {
                NewBytes = r.ReadBytes4();
                r.ReadByte();             // no real old data, just a 1 byte 0-length indicator
                break;
            }

            case TDSEnvChgTokens.Routing:                    //  20  Routing                    - old data length is always 0x0000
            {
                // new value
                ushort RoutingDataLength = r.ReadUInt16();           // may be sent if ReadOnlyIntent is true in TDS 7.1 - 7.3; could be sent in 7.4 even if the flag is false
                if (RoutingDataLength > 0)
                {
                    Protocol         = r.ReadByte();
                    ProtocolProperty = r.ReadUInt16();
                    AlternateServer  = r.ReadUnicodeString2();
                }
                // old value
                r.ReadUInt16();
                break;
            }
            }
            if (EnvChangeType != TDSEnvChgTokens.PromoteTrans)
            {
                r.TokenDone();                                                 // Length for this token is always 1 even if there is more data; r.DoneToken(0 is called earlier for this token type
            }
        }
Exemplo n.º 25
0
        byte[] Nonce          = null; // 32 bytes of data if FedAuth is non-zero

        public void Read(TDSReader r)
        {
            byte      OptionToken = 0;;
            int       DataOffset;
            int       DataLength;
            TDSReader offsetReader = null;

            OptionToken = r.ReadByte();

            while (OptionToken != (byte)TDSTokenType.DONEINPROC) // 255 or 0xFF
            {
                DataOffset   = r.ReadBigEndianUInt16();
                DataLength   = r.ReadBigEndianUInt16();
                offsetReader = r.OffsetReader(DataOffset);

                switch (OptionToken)
                {
                case 0:              // version
                {
                    if (DataLength > 0)
                    {
                        Version  = offsetReader.ReadUInt32();
                        SubBuild = offsetReader.ReadUInt16();
                    }
                    break;
                }

                case 1:             // encryption
                {
                    if (DataLength > 0)
                    {
                        Encryption = offsetReader.ReadByte();
                    }
                    if (Encryption > 3)
                    {
                        throw new InvalidTDSException("Invalid encryption option: " + Encryption);
                    }
                    break;
                }

                case 2:             // instanceValidity validity
                {
                    if (DataLength > 0)
                    {
                        InstanceValidity = offsetReader.ReadByte();
                    }
                    break;
                }

                case 3:             // thread ID
                {
                    if (DataLength > 0)
                    {
                        ThreadID = offsetReader.ReadUInt32();
                    }
                    break;
                }

                case 4:             // MARS
                {
                    if (DataLength > 0)
                    {
                        MarsData = offsetReader.ReadByte();
                    }
                    if (MarsData > 1)
                    {
                        throw new InvalidTDSException("Invalid MARS option: " + MarsData);
                    }
                    break;
                }

                case 5:            // Trace ID
                {
                    if (DataLength > 0)
                    {
                        TraceID = new Guid(offsetReader.ReadBytes(16));
                    }
                    break;
                }

                case 6:            // Federated Auth Required
                {
                    if (DataLength > 0)
                    {
                        FedAuth = offsetReader.ReadByte();
                    }
                    break;
                }

                case 7:            // NONCE Option - 32 bytes of encrypted data
                {
                    if (DataLength > 0)
                    {
                        Nonce = offsetReader.ReadBytes(32);
                    }
                    break;
                }
                }
            }
            r.DoneWithChildReaders();  // updates parent reader offset with child reader high offset - i.e.  causes the parent to jump past the referenced data
        }
Exemplo n.º 26
0
 public void Read(TDSReader r)
 {
     Status = r.ReadInt32();
 }
Exemplo n.º 27
0
 public void Read(TDSReader r)
 {
     TransactionDescriptor   = r.ReadUInt64();
     OutstandingRequestCount = r.ReadUInt32();
 }
        public static void ProcessUDP(NetworkTrace trace)
        {
            string[] DnsReturnMessage = new string[] {
                "Success",
                "Format error; DNS server did not understand the update request.",
                "DNS server encountered an internal error, such as a forwarding timeout.",
                "A name that should exist does not exist.",
                "DNS server does not support the specified Operation code.",
                "DNS server refuses to perform the update.",
                "A name that should not exist does exist.",
                "A resource record set that should not exist does exist.",
                "A resource record set that should exist does not exist.",
                "DNS server is not authoritative for the zone named in the Zone section.",
                "A name used in the Prerequisite or Update sections is not within the zone specified by the Zone section.",
                "Invalid return code.",
                "Invalid return code.",
                "Invalid return code.",
                "Invalid return code.",
                "Reserved."
            };

            foreach (ConversationData c in trace.conversations)
            {
                //DNS traffic is over UDP. If the current converstion is not UDP then skip that non DNS conversation.
                if (!c.isUDP)
                {
                    continue;
                }

                //Skip the conversation, if  its just UDP, but not DNS
                if ((c.isUDP) && c.destPort != 53)
                {
                    continue;
                }

                trace.DNSRequestCount++;

                try
                {
                    //Parse the DNS frames of the conversation.
                    foreach (FrameData fd in c.frames)
                    {
                        DNS DNSresponse = new DNS();

                        if (fd.payloadLength < 1)
                        {
                            continue;
                        }



                        //DNS data starts at 42nd byte of the total payload. so the payload = (Total Payload - 42) bytes.
                        TDSReader ByteReader = new TDSReader(fd.payload, 0, -1, fd.payloadLength);


                        ByteReader.ReadBigEndianUInt16();     //Skip over the query ID.

                        //Read the Flags and convert into bytes.
                        int FlagsHigh = ByteReader.ReadByte();
                        int FlagsLow  = ByteReader.ReadByte();

                        if ((FlagsHigh & (int)0x80) == (int)0x0)     // DNS request
                        {
                            //DNSresponse.srcServerIP  = c.sourceIP.ToString();
                            DNSresponse.dnsServerIP = c.destIP.ToString();
                        }
                        else if ((FlagsHigh & (int)0x80) == (int)0x80) // DNS response
                        {
                            int rCode = FlagsLow & 0x0F;               // should be between 0 - 15.

                            //DNSresponse.srcServerIP= c.destIP.ToString();
                            DNSresponse.dnsServerIP = c.sourceIP.ToString();
                            DNSresponse.frameNo     = fd.frameNo;
                            DNSresponse.TimeStamp   = new DateTime(((FrameData)c.frames[c.frames.Count - 1]).ticks).ToString(utility.TIME_FORMAT);
                            //new DateTime(((FrameData)trace.frames[0]).ticks).ToString(utility.TIME_FORMAT);
                            DNSresponse.errorCode = rCode;
                            DNSresponse.ErrorDesc = DnsReturnMessage[rCode];

                            //Question Count  - 2 bytes
                            DNSresponse.QuestionCount = ByteReader.ReadInt16();

                            //Answer Count - 2 bytes
                            DNSresponse.AnswerCount = ByteReader.ReadInt16();

                            //Skip 2 bytes - Name Server count
                            ByteReader.ReadInt16();

                            //Skip 2 bytes - Additional count
                            ByteReader.ReadInt16();

                            //Start reading the QName
                            //13th byte of the DNS Payload - payload[12]
                            byte   length = ByteReader.ReadByte();
                            string Name   = "";
                            while (length != 0)
                            {
                                Name  += (Name == "" ? "" : ".") + ByteReader.ReadAnsiString(length);
                                length = ByteReader.ReadByte();
                            }

                            DNSresponse.nameReqested = Name;
                            DNSresponse.convData     = c;
                            //DNSresponse.srcPort = c.sourcePort;

                            // Console.WriteLine(fd.file.filePath + "\t" + fd.frameNo.ToString());
                            if (rCode != (int)DNSReturnCodes.NOERROR)
                            {
                                trace.DNSResponses.Add(DNSresponse);
                            }
                        }
                    }
                }
                catch (Exception ex)
                {
                    Console.WriteLine("Error parsing DNS conversation: " + ex.Message + "\r\n" + ex.StackTrace);
                    Program.logDiagnostic("Error parsing DNS conversation: " + ex.Message + "\r\n" + ex.StackTrace);
                }
            }
        }
        public static KerberosData ProcessUDP(ConversationData c)
        {
            KerberosData KerbData = new KerberosData();

            KerbData.SourcePort = c.sourcePort;
            KerbData.convData   = c;

            int    Len2   = 0;
            int    TagLen = 0;
            string SPN    = null;
            int    TagID  = 0;

            bool IsContinueToNextFrame = false;

            foreach (FrameData fd in c.frames)
            {
                if (fd.payloadLength <= 1)
                {
                    continue;
                }


                TDSReader ByteReader = new TDSReader(fd.payload, 0, -1, fd.payloadLength);

                //Skip over 4 bytes 'ApplicationTag'
                ReadAsnLen(ByteReader);

                //Skip over 4 bytes 'KdcReq->SequenceHeader'
                ReadAsnLen(ByteReader);

                //Init vars after every frame processing

                Len2   = 0;
                TagLen = 0;
                SPN    = null;

                TagID = 0;

                do
                {
                    TagID  = ByteReader.ReadByte();
                    TagLen = ReadAsnLen(ByteReader, false);

                    TagID = TagID & 0x1F;
                    switch (TagID) //Lower 5 bits
                    {
                    case 0:        // version# in Tag 0 for KRB_TGS_REP (response)
                    case 1:
                    case 2:
                    {
                        if ((fd.isFromClient && TagID == 1) || (!fd.isFromClient && TagID == 0))
                        {
                            GetVersion(KerbData, ByteReader);
                        }
                        else if ((!fd.isFromClient && TagID == 1) || (fd.isFromClient && TagID == 2))
                        {
                            MessageTypes MsgType = GetMessageType(KerbData, ByteReader);
                            KerbData.frameNo = fd.frameNo;

                            if (MsgType == MessageTypes.KRB_TGS_REP)
                            {
                                //ParseNonErrorResponseUDP(KerbData, ByteReader);
                                IsContinueToNextFrame = true;
                            }
                            else if (MsgType == MessageTypes.KRB_ERROR)
                            {
                                ParseErrorResponseUDP(KerbData, ByteReader);
                                IsContinueToNextFrame = true;
                            }
                        }
                        break;
                    }

                    case 3:

                    {
                        //ByteReader.ReadByte();
                        Len2 = ReadAsnLen(ByteReader);
                        ByteReader.ReadBytes(Len2);         // skip the padata tag.
                        break;
                    }

                    case 4:
                    {
                        //ByteReader.ReadByte(); //skip sequence header of ReqBody
                        ReadAsnLen(ByteReader);
                        int TagId2 = 0;
                        do
                        {
                            TagId2 = ByteReader.ReadByte();
                            Len2   = ReadAsnLen(ByteReader, false);
                            TagId2 = TagId2 & 0x1F;
                            switch (TagId2)
                            {
                            case 0:
                            {
                                ByteReader.ReadByte();
                                int Len3 = ReadAsnLen(ByteReader, false);

                                //Read and skip 'padding'
                                ByteReader.ReadBytes(Len3 - 4);

                                KerbData.IsForwardable = (ByteReader.ReadByte() & 0x40) != 0;

                                //Read remaining three bytes
                                ByteReader.ReadBytes(3);
                                break;
                            }

                            case 1:
                            case 2:
                            case 4:
                            case 5:
                            case 7:
                            case 8:            //skip these tags.
                            {
                                ByteReader.ReadBytes(Len2);
                                break;
                            }

                            case 3:
                            {
                                // UDP SName implementation - replacing with TCP implementation

                                // ReadAsnLen(ByteReader);             //Skip sequence header  of sname
                                // int Len3 = ReadAsnLen(ByteReader);  //Skip Tag0  of sname
                                // ByteReader.ReadBytes(Len3);         //skip nametype
                                // ReadAsnLen(ByteReader);             //Skip  Tag1 of sname
                                // Len3 = ReadAsnLen(ByteReader);      //Skip sequence header  of sname->Tag1
                                // Len3 = ReadAsnLen(ByteReader);      // Read SPN Length - same as the TCP implementation
                                // SPN = ByteReader.ReadAnsiString(Len3);
                                // KerbData.SPNRequested = SPN;

                                // TCP SName implementation

                                ReadAsnLen(ByteReader);                 //Skip sequence header  of sname
                                int Len3 = ReadAsnLen(ByteReader);      //Skip Tag0  of sname
                                //
                                // Read the Name Type:
                                //
                                //  2 = NT-SRV-INST   - has two Strings: Service and Instance. '/' separater is implied
                                // 10 = NT-ENTERPRISE - has one String
                                //
                                // Throw error on all other values
                                //
                                Len3 = ReadAsnLen(ByteReader);
                                if (Len3 != 1)
                                {
                                    throw new Exception("Unexpected length (" + Len3 + ") reading SName Name Type.");
                                }
                                byte NameType = ByteReader.ReadByte();
                                KerbData.SNameType = NameType;
                                if (NameType != 2 && NameType != 10)
                                {
                                    IsContinueToNextFrame = true;
                                    break;
                                }

                                ReadAsnLen(ByteReader);                 //Skip  Tag1 of sname
                                Len3 = ReadAsnLen(ByteReader);          //Skip sequenceheader  of sname.

                                SPN = "";
                                if (NameType == 2)                 // read service type
                                {
                                    Len3 = ReadAsnLen(ByteReader);
                                    SPN  = ByteReader.ReadAnsiString(Len3) + "/";
                                }
                                Len3 = ReadAsnLen(ByteReader);                 // read SPN length
                                SPN += ByteReader.ReadAnsiString(Len3);
                                KerbData.SPNRequested = SPN;

                                break;
                            }

                            default:
                            {
                                throw new Exception("Unknonw tag in kerberos packet");
                            }
                            }
                        } while (TagId2 < 3);

                        break;
                    }

                    default:
                    {
                        // throw new Exception("Un expected tags in kerberos request/response/ problem in parseing");
                        break;
                    }
                    }
                }while ((TagID < 4) && (!IsContinueToNextFrame));
            }

            return(KerbData);
        }
Exemplo n.º 30
0
 public void Read(TDSReader r)
 {
     ActivityID = r.ReadBytes(20);
 }