/// <summary> /// Creates a BindRequest with simple bind. /// </summary> /// <param name="context">The user context which contains message ID.</param> /// <param name="name"> /// The name field of BindRequest, see TD Section 5.1.1.1.1 for full list of legal names. /// </param> /// <param name="password">The password credential of the object.</param> /// <returns>The packet that contains the request.</returns> internal override AdtsBindRequestPacket CreateSimpleBindRequest( AdtsLdapContext context, string name, string password) { AuthenticationChoice authentication = new AuthenticationChoice(); authentication.SetData(AuthenticationChoice.simple, new Asn1OctetString(password ?? string.Empty)); BindRequest bindRequest = new BindRequest( new Asn1Integer((long)version), new LDAPDN(name ?? string.Empty), authentication); return CreateBindRequestPacket(context, bindRequest); }
/// <summary> /// Creates a BindRequestPacket with context and BindRequest. /// </summary> /// <param name="context">The context.</param> /// <param name="bindRequest">The BindRequest message.</param> /// <returns>The BindRequestPacket.</returns> private AdtsBindRequestPacket CreateBindRequestPacket( AdtsLdapContext context, BindRequest bindRequest) { LDAPMessage_protocolOp operation = new LDAPMessage_protocolOp(); operation.SetData(LDAPMessage_protocolOp.bindRequest, bindRequest); MessageID messageId = new MessageID(context.MessageId); LDAPMessage message = new LDAPMessage(messageId, operation, null); AdtsBindRequestPacket packet = new AdtsBindRequestPacket(); packet.ldapMessagev3 = message; packet.messageId = context.MessageId; return packet; }
/// <summary> /// Creates a BindRequest with simple bind for Active Directory Domain Services(AD DS). /// </summary> /// <param name="context">The user context which contains message ID.</param> /// <param name="username">User name which doesn't include domain prefix.</param> /// <param name="password">Password of user.</param> /// <param name="domainNetbiosName">NetBIOS domain name(with suffix like ".com" removed).</param> /// <returns>The packet that contains the request.</returns> /// <exception cref="ArgumentNullException">Thrown when username is null.</exception> internal override AdtsBindRequestPacket CreateSimpleBindRequest( AdtsLdapContext context, string username, string password, string domainNetbiosName) { if (username == null) { throw new ArgumentNullException("username"); } AuthenticationChoice authentication = new AuthenticationChoice(); authentication.SetData(AuthenticationChoice.simple, new Asn1OctetString(password ?? string.Empty)); string fullname = (domainNetbiosName != null) ? (domainNetbiosName + "\\" + username) : username; BindRequest bindRequest = new BindRequest( new Asn1Integer((long)version), new LDAPDN(fullname), authentication); return CreateBindRequestPacket(context, bindRequest); }
/// <summary> /// Creates a sicily response BindRequest packet. Usually it's the last packet of authentication during /// the bind process. /// </summary> /// <param name="context">The user context which contains message ID.</param> /// <param name="credential">The credential to be sent, it can be calculated with SSPI.</param> /// <returns>The packet that contains the request.</returns> internal override AdtsBindRequestPacket CreateSicilyResponseBindRequest( AdtsLdapContext context, byte[] credential) { AuthenticationChoice authentication = new AuthenticationChoice(); authentication.SetData(AuthenticationChoice.sicilyResponse, new Asn1OctetString(credential ?? (new byte[0]))); BindRequest bindRequest = new BindRequest( new Asn1Integer((long)version), new LDAPDN(new byte[0]), authentication); return CreateBindRequestPacket(context, bindRequest); }
/// <summary> /// Creates a sicily package discovery BindRequest packet. /// </summary> /// <param name="context">The user context which contains message ID.</param> /// <returns>The sicily package discovery BindRequest.</returns> internal override AdtsBindRequestPacket CreateSicilyPackageDiscoveryBindRequest(AdtsLdapContext context) { AuthenticationChoice authentication = new AuthenticationChoice(); authentication.SetData(AuthenticationChoice.sicilyPackageDiscovery, new Asn1OctetString(string.Empty)); BindRequest bindRequest = new BindRequest( new Asn1Integer((long)version), new LDAPDN(new byte[0]), // For Sicily package discovery, DN is not required. authentication); return CreateBindRequestPacket(context, bindRequest); }
/// <summary> /// Creates a BindRequest with SASL bind. This method is for LDAP v3 only. /// Note that for GSS-SPNEGO with NTLM, two rounds of bind requests is required. /// </summary> /// <param name="context">The user context which contains message ID.</param> /// <param name="mechanism">Authentication mechanism used, e.g., GSS-SPNEGO, etc.</param> /// <param name="credential">The credential to be sent, it can be calculated with SSPI.</param> /// <returns>The packet that contains the request.</returns> internal override AdtsBindRequestPacket CreateSaslBindRequest( AdtsLdapContext context, string mechanism, byte[] credential) { AuthenticationChoice authentication = new AuthenticationChoice(); authentication.SetData( AuthenticationChoice.sasl, new SaslCredentials( new LDAPString(mechanism ?? string.Empty), new Asn1OctetString(credential ?? (new byte[0])))); BindRequest bindRequest = new BindRequest( new Asn1Integer((long)version), new LDAPDN(new byte[0]), // For SASL, DN is not required. authentication); return CreateBindRequestPacket(context, bindRequest); }
/// <summary> /// This method encapsulates LdapV2Decoder and LdapV3Decoder because the incoming packets may be /// LDAP v2 or v3 packets, the decoding may require both decoders if the LDAP version that client uses /// is not clear. /// </summary> /// <param name="endPoint">The end point of the client.</param> /// <param name="messageBytes">The message bytes that contains the packet data.</param> /// <param name="consumedLength">Consumed length.</param> /// <param name="expectedLength"> /// Indicates expected length if the message bytes doesn't all packet data. /// </param> /// <returns>Decoded packets.</returns> internal override StackPacket[] DecodeLdapPacketCallBack( object endPoint, byte[] messageBytes, out int consumedLength, out int expectedLength) { // Get packet data, start decoding. IPEndPoint remote = (IPEndPoint)endPoint; AdtsLdapContext context = GetContext(remote, this.server.IsTcp); byte[] data = messageBytes; // decode messageBytes if needed if (context != null && messageBytes != null) { // if security is not init, and the package is SslHandshake, init security. if (context.Security == null) { AdtsLdapSslTlsSecurityHeader header = new AdtsLdapSslTlsSecurityHeader(); header.FromBytes(messageBytes); if (header.IsSslHandShake) { this.server.SslStartup(context); } } // decode messageBytes with security. if (context.Security != null) { data = this.server.Decrypt(context, messageBytes); } } byte[] packetData = this.GetSinglePacketData(data, out consumedLength, out expectedLength); // add the comsumed length of security decorder if (context != null && context.Security != null && context.Security.ConsumedData) { consumedLength = context.Security.ConsumedLength; } if (packetData == null) { return(null); } // New connection. Try both LDAP v2 and v3 decoders. Note that for requests that don't have version // context(e.g., UDP search requests), LDAP v3 is used by default. AdtsLdapPacket packet = null; if (context == null) { context = new AdtsLdapContext(AdtsLdapVersion.V3, remote); packet = this.decoderv3.ParseAdtsLdapPacket( this.decoderv3.AuthenticateMessage(packetData), context); // synchronize the message ID with newly received packet. context.MessageId = packet.messageId; // Check BindRequestPacket, normally it's the first message from client in which // contains the LDAP version. And since LDAP v3 decoder can decode LDAP v2 messages // without any exception, we need to check into the 'version' variable in the request. AdtsBindRequestPacket bindRequestPacket = packet as AdtsBindRequestPacket; if (bindRequestPacket != null) { LdapV3.BindRequest bindRequest = (LdapV3.BindRequest)bindRequestPacket.GetInnerRequestOrResponse(); // Version doesn't match. Decode again with LDAP v2 decoder and update context version. if ((AdtsLdapVersion)bindRequest.version.Value == AdtsLdapVersion.V2) { packet = this.decoderv2.ParseAdtsLdapPacket( this.decoderv2.AuthenticateMessage(packetData), context); context.ClientVersion = context.ServerVersion = AdtsLdapVersion.V2; } } // Add context. this.server.ContextManager.AddContext(context, this.server.IsTcp); } else { if (context.ClientVersion == AdtsLdapVersion.V2) { packet = this.decoderv2.ParseAdtsLdapPacket( this.decoderv2.AuthenticateMessage(packetData), context); } else { packet = this.decoderv3.ParseAdtsLdapPacket( this.decoderv3.AuthenticateMessage(packetData), context); } // synchronize the message ID with newly received packet. context.MessageId = packet.messageId; } return(new StackPacket[] { packet }); }