Added QueryServicePrincipalName

Author: tyranid

NtApiDotNet/Win32/Rpc/Transport/RpcTransportSecurity.cs

@@ -12,6 +12,7 @@
 //  See the License for the specific language governing permissions and
 //  limitations under the License.
 
+using NtApiDotNet.Win32.SafeHandles;
 using NtApiDotNet.Win32.Security.Authentication;
 using System;
 
@@ -22,9 +23,68 @@ namespace NtApiDotNet.Win32.Rpc.Transport
     /// </summary>
     public struct RpcTransportSecurity
     {
+        #region Private Members
         private readonly Func<RpcTransportSecurity, IClientAuthenticationContext> _auth_factory;
         private RpcAuthenticationType _auth_type;
 
+        private string GetAuthPackageName()
+        {
+            switch (_auth_type)
+            {
+                case RpcAuthenticationType.Negotiate:
+                    return AuthenticationPackage.NEGOSSP_NAME;
+                case RpcAuthenticationType.Kerberos:
+                    return AuthenticationPackage.KERBEROS_NAME;
+                case RpcAuthenticationType.WinNT:
+                    return AuthenticationPackage.NTLM_NAME;
+                case RpcAuthenticationType.None:
+                    throw new ArgumentException("Must specify an authentication type to authenticate an RPC connection.");
+                default:
+                    throw new ArgumentException($"Unknown authentication type: {_auth_type}");
+            }
+        }
+
+        private InitializeContextReqFlags GetContextRequestFlags()
+        {
+            InitializeContextReqFlags flags = InitializeContextReqFlags.Connection | InitializeContextReqFlags.UseDCEStyle;
+            if (SecurityQualityOfService != null)
+            {
+                switch (SecurityQualityOfService.ImpersonationLevel)
+                {
+                    case SecurityImpersonationLevel.Identification:
+                        flags |= InitializeContextReqFlags.Identify;
+                        break;
+                    case SecurityImpersonationLevel.Delegation:
+                        flags |= InitializeContextReqFlags.Delegate | InitializeContextReqFlags.MutualAuth;
+                        break;
+                }
+            }
+
+            switch (AuthenticationLevel)
+            {
+                case RpcAuthenticationLevel.PacketIntegrity:
+                    flags |= InitializeContextReqFlags.Integrity | InitializeContextReqFlags.ReplayDetect | InitializeContextReqFlags.SequenceDetect;
+                    break;
+                case RpcAuthenticationLevel.PacketPrivacy:
+                    flags |= InitializeContextReqFlags.Confidentiality | InitializeContextReqFlags.Integrity | InitializeContextReqFlags.ReplayDetect | InitializeContextReqFlags.SequenceDetect;
+                    break;
+            }
+
+            if (AuthenticationCapabilities.HasFlagSet(RpcAuthenticationCapabilities.MutualAuthentication))
+            {
+                flags |= InitializeContextReqFlags.MutualAuth;
+            }
+            if (AuthenticationCapabilities.HasFlagSet(RpcAuthenticationCapabilities.NullSession))
+            {
+                flags |= InitializeContextReqFlags.NullSession;
+            }
+
+            return flags;
+        }
+
+        #endregion
+
+        #region Public Properties
         /// <summary>
         /// Security quality of service.
         /// </summary>
@@ -58,7 +118,9 @@ public RpcAuthenticationType AuthenticationType
         /// Authentication capabilities.
         /// </summary>
         public RpcAuthenticationCapabilities AuthenticationCapabilities { get; set; }
+        #endregion
 
+        #region Constructors
         /// <summary>
         /// Constructor.
         /// </summary>
@@ -77,62 +139,49 @@ public RpcTransportSecurity(SecurityQualityOfService security_quality_of_service
         {
             SecurityQualityOfService = security_quality_of_service;
         }
+        #endregion
 
-        private string GetAuthPackageName()
-        {
-            switch (_auth_type)
-            {
-                case RpcAuthenticationType.Negotiate:
-                    return AuthenticationPackage.NEGOSSP_NAME;
-                case RpcAuthenticationType.Kerberos:
-                    return AuthenticationPackage.KERBEROS_NAME;
-                case RpcAuthenticationType.WinNT:
-                    return AuthenticationPackage.NTLM_NAME;
-                case RpcAuthenticationType.None:
-                    throw new ArgumentException("Must specify an authentication type to authenticate an RPC connection.");
-                default:
-                    throw new ArgumentException($"Unknown authentication type: {_auth_type}");
-            }
-        }
-
-        private InitializeContextReqFlags GetContextRequestFlags()
+        #region Static Members
+        /// <summary>
+        /// Query the service principal name for the server.
+        /// </summary>
+        /// <param name="string_binding">The binding string for the server.</param>
+        /// <param name="authn_svc">The authentication service to query.</param>
+        /// <param name="throw_on_error">True to throw on error.</param>
+        /// <returns>The service principal name.</returns>
+        public static NtResult<string> QueryServicePrincipalName(string string_binding, RpcAuthenticationType authn_svc, bool throw_on_error)
         {
-            InitializeContextReqFlags flags = InitializeContextReqFlags.Connection | InitializeContextReqFlags.UseDCEStyle;
-            if (SecurityQualityOfService != null)
+            using (var binding = SafeRpcBindingHandle.Create(string_binding, false))
             {
-                switch (SecurityQualityOfService.ImpersonationLevel)
+                if (!binding.IsSuccess)
                 {
-                    case SecurityImpersonationLevel.Identification:
-                        flags |= InitializeContextReqFlags.Identify;
-                        break;
-                    case SecurityImpersonationLevel.Delegation:
-                        flags |= InitializeContextReqFlags.Delegate | InitializeContextReqFlags.MutualAuth;
-                        break;
+                    return binding.Cast<string>();
                 }
-            }
 
-            switch (AuthenticationLevel)
-            {
-                case RpcAuthenticationLevel.PacketIntegrity:
-                    flags |= InitializeContextReqFlags.Integrity | InitializeContextReqFlags.ReplayDetect | InitializeContextReqFlags.SequenceDetect;
-                    break;
-                case RpcAuthenticationLevel.PacketPrivacy:
-                    flags |= InitializeContextReqFlags.Confidentiality | InitializeContextReqFlags.Integrity | InitializeContextReqFlags.ReplayDetect | InitializeContextReqFlags.SequenceDetect;
-                    break;
-            }
-
-            if (AuthenticationCapabilities.HasFlagSet(RpcAuthenticationCapabilities.MutualAuthentication))
-            {
-                flags |= InitializeContextReqFlags.MutualAuth;
-            }
-            if (AuthenticationCapabilities.HasFlagSet(RpcAuthenticationCapabilities.NullSession))
-            {
-                flags |= InitializeContextReqFlags.NullSession;
+                return Win32NativeMethods.RpcMgmtInqServerPrincName(binding.Result, authn_svc,
+                    out SafeRpcStringHandle spn).CreateWin32Result(throw_on_error, () => {
+                        using (spn)
+                        {
+                            return spn.ToString();
+                        }
+                    }
+                    );
             }
+        }
 
-            return flags;
+        /// <summary>
+        /// Query the service principal name for the server.
+        /// </summary>
+        /// <param name="string_binding">The binding string for the server.</param>
+        /// <param name="authn_svc">The authentication service to query.</param>
+        /// <returns>The service principal name.</returns>
+        public static string QueryServicePrincipalName(string string_binding, RpcAuthenticationType authn_svc)
+        {
+            return QueryServicePrincipalName(string_binding, authn_svc, true).Result;
         }
+        #endregion
 
+        #region Internal Members
         internal IClientAuthenticationContext CreateClientContext()
         {
             if (_auth_factory != null)
@@ -157,5 +206,6 @@ internal IClientAuthenticationContext CreateClientContext()
                     ServicePrincipalName, SecDataRep.Native);
             }
         }
+        #endregion
     }
 }

NtApiDotNet/Win32/RpcEndpointMapper.cs

@@ -140,14 +140,6 @@ private static IEnumerable<RpcEndpoint> QueryEndpointsForBinding(SafeRpcBindingH
             }
         }
 
-        /// <summary>
-        /// Resolve the binding string for this service from the local Endpoint Mapper.
-        /// </summary>
-        /// <param name="binding">The binding handle.</param>
-        /// <param name="interface_id">Interface UUID to lookup.</param>
-        /// <param name="interface_version">Interface version lookup.</param>
-        /// <remarks>This only will return a valid value if the service is running and registered with the Endpoint Mapper. It can also hang.</remarks>
-        /// <returns>The RPC binding string. Empty string if it doesn't exist or the lookup failed.</returns>
         private static string MapBindingToBindingString(NtResult<SafeRpcBindingHandle> binding, Guid interface_id, Version interface_version)
         {
             if (!binding.IsSuccess)

NtApiDotNet/Win32/Win32NativeMethods.cs

@@ -14,6 +14,7 @@
 
 using NtApiDotNet.Ndr;
 using NtApiDotNet.Win32.Debugger;
+using NtApiDotNet.Win32.Rpc.Transport;
 using NtApiDotNet.Win32.SafeHandles;
 using NtApiDotNet.Win32.Security.Native;
 using System;
@@ -627,6 +628,13 @@ internal static extern int RpcMgmtInqIfIds(
             out SafeRpcIfIdVectorHandle IfIdVector
         );
 
+        [DllImport("rpcrt4.dll", CharSet = CharSet.Unicode)]
+        internal static extern Win32Error RpcMgmtInqServerPrincName(
+          SafeRpcBindingHandle Binding,
+          RpcAuthenticationType AuthnSvc,
+          out SafeRpcStringHandle ServerPrincName
+        );
+
         [DllImport("rpcrt4.dll", CharSet = CharSet.Unicode)]
         internal static extern int RpcBindingFree(ref IntPtr Binding);