Commit 88f9858b authored by dwentzel's avatar dwentzel

various SSB Demystified script updates

parent e728f647
/*
This is the source code for .
This demos how a conversation replay attack is thwarted using SSB's native features.
*/
--basic setup
CREATE DATABASE SBTest;
GO
ALTER DATABASE SBTest SET NEW_BROKER;
GO
USE SBTest
GO
--basic cleanup
USE master;
GO
DROP DATABASE SBTest;
GO
/*
This is the source code for .
This covers some interesting anomalies with CLOSED conversations.
*/
--basic setup
CREATE DATABASE SBTest;
GO
ALTER DATABASE SBTest SET NEW_BROKER;
GO
USE SBTest
GO
--basic cleanup
USE master;
GO
DROP DATABASE SBTest;
GO
/*
This is the source code for http://www.davewentzel.com/content/service-broker-demystified-initiators-and-targets.
This demos some interesting featurs of initiator and target service naming.
*/
--basic setup
USE master
GO
CREATE DATABASE SBTest
GO
ALTER DATABASE SBTest SET NEW_BROKER
GO
USE SBTest
GO
/*
Let's prove that initiating services are objects and target services are string literals.
Let's set up a basic SSB design.
*/
CREATE QUEUE QueueA;
CREATE QUEUE QueueB;
CREATE SERVICE ServiceA ON QUEUE QueueA;
--we must use DEFAULT to allow ServiceB to be a target service.
CREATE SERVICE ServiceB ON QUEUE QueueB ([DEFAULT]);
--this works
BEGIN TRANSACTION
DECLARE @h UNIQUEIDENTIFIER;
BEGIN DIALOG @h
FROM SERVICE [ServiceA]
TO SERVICE 'ServiceB'
WITH ENCRYPTION = OFF;
SEND ON CONVERSATION @h ('Success!');
COMMIT;
select count(*) StuckInTranQ_cnt from sys.transmission_queue
select convert(xml,message_body) as MsgBody from QueueB
--this will generate a syntax error
--BEGIN TRANSACTION
--DECLARE @h1 UNIQUEIDENTIFIER;
--BEGIN DIALOG @h1
-- FROM SERVICE [ServiceA]
-- TO SERVICE [ServiceB]
-- WITH ENCRYPTION = OFF;
--SEND ON CONVERSATION @h1 ('Syntax Error!');
--COMMIT;
--you don't need object brackets if your names are simple
BEGIN TRANSACTION
DECLARE @h2 UNIQUEIDENTIFIER;
BEGIN DIALOG @h2
FROM SERVICE ServiceA
TO SERVICE 'ServiceB', 'CURRENT DATABASE'
WITH ENCRYPTION = OFF;
SEND ON CONVERSATION @h2 ('Also Success!');
COMMIT;
select count(*) StuckInTranQ_cnt from sys.transmission_queue
select convert(xml,message_body) as MsgBody from QueueB
--basic cleanup
USE master;
GO
DROP DATABASE SBTest;
GO
/*
This is the source code for http://www.davewentzel.com/content/service-broker-demystified-initiators-and-targets.
In this demo we will determine when remote services are validated and when network communications are established.
Do not run this code on an instance of SQL Server where you have SSB configured and running since this script will
possibly create a new SSB endpoint, which may have security ramifications in your organization. The script should be
safe to run but I wouldn't want to hose your environment.
*/
--basic setup
USE master
GO
CREATE DATABASE SBTestLocal
GO
ALTER DATABASE SBTestLocal SET NEW_BROKER
GO
CREATE DATABASE SBTestRemote
GO
ALTER DATABASE SBTestRemote SET NEW_BROKER
GO
USE SBTestLocal
GO
CREATE QUEUE LocalQ;
CREATE SERVICE LocalService ON QUEUE LocalQ; --send-only service
GO
USE SBTestRemote
GO
CREATE QUEUE RemoteQ;
--using DEFAULT allows this service to be a target.
CREATE SERVICE RemoteService ON QUEUE RemoteQ ([DEFAULT]);
GO
USE SBTestLocal
GO
DECLARE @RemoteGUID varchar(max), @exec_str varchar(max);
SELECT @RemoteGUID = '''' + convert(varchar(500),service_broker_guid) + '''' from sys.databases where name = 'SBTestRemote'
select @RemoteGUID
--this route will be destroyed when the database is dropped later
SELECT @exec_str = '
CREATE ROUTE [TargetRoute] WITH
SERVICE_NAME = N''RemoteService'',
BROKER_INSTANCE = ' + @RemoteGUID + ',
ADDRESS = ''tcp://localhost:4022'';'
EXEC (@exec_str);
--Let's make sure our route was created properly
select * from sys.routes WHERE name = 'TargetRoute'
--and note that there are no connections established yet from LocalService to RemoteService
select * from sys.dm_broker_connections
--HERE
--let's start a dialog but do not yet send a message.
DECLARE @h UNIQUEIDENTIFIER;
BEGIN DIALOG @h
FROM SERVICE [LocalService]
TO SERVICE 'RemoteService'
WITH ENCRYPTION = OFF;
--note that there are no still no network connections established...
select * from sys.dm_broker_connections
--...but we do have a conversation endpoint established on the "source server"
select is_initiator, state_desc, far_service, far_broker_instance
from sys.conversation_endpoints
--now let's send a message
SEND ON CONVERSATION @h ('Success!');
select * from sys.transmission_queue
SELECT tcpe.port
FROM sys.tcp_endpoints AS tcpe
INNER JOIN sys.service_broker_endpoints AS ssbe
ON ssbe.endpoint_id = tcpe.endpoint_id
WHERE ssbe.name = N'MyServiceBrokerEndpoint';
http://msdn.microsoft.com/en-us/library/ms186742.aspx
select * from sys.tcp_endpoints
select * from sys.service_broker_endpoints
select * from sys.dm_broker_connections
select * from sys.routes
IF EXISTS (
select * from sys.routes WHERE name = 'TargetRoute' AND remote_service_name = 'RemoteService'
)
select * from sys.endpoints
-- SELECT *
--FROM sys.http_endpoints;
--SELECT *
--FROM sys.soap_endpoints;
--SELECT *
--FROM sys.endpoint_webmethods;
By default, an instance of SQL Server does not contain a Service Broker endpoint. Thus, Service Broker does not send or
receive messages over the network by default. You must create a Service Broker endpoint to send or receive messages
outside the SQL Server instance.
When you create a Service Broker endpoint, SQL Server accepts TCP/IP connections on the port that is specified in the endpoint. Service Broker transport security requires authorization for connections to the port. If the computer on which SQL Server runs has a firewall enabled, the firewall configuration on the computer must allow both incoming and outgoing connections for the port that is sp
http://rusanu.com/2014/03/31/how-to-prevent-conversation-endpoint-leaks/
--this works
BEGIN TRANSACTION
DECLARE @h UNIQUEIDENTIFIER;
BEGIN DIALOG @h
FROM SERVICE [ServiceA]
TO SERVICE 'ServiceB'
WITH ENCRYPTION = OFF;
SEND ON CONVERSATION @h ('Success!');
COMMIT;
select count(*) StuckInTranQ_cnt from sys.transmission_queue
select convert(xml,message_body) as MsgBody from QueueB
--this will generate a syntax error
--BEGIN TRANSACTION
--DECLARE @h1 UNIQUEIDENTIFIER;
--BEGIN DIALOG @h1
-- FROM SERVICE [ServiceA]
-- TO SERVICE [ServiceB]
-- WITH ENCRYPTION = OFF;
--SEND ON CONVERSATION @h1 ('Syntax Error!');
--COMMIT;
--you don't need object brackets if your names are simple
BEGIN TRANSACTION
DECLARE @h2 UNIQUEIDENTIFIER;
BEGIN DIALOG @h2
FROM SERVICE ServiceA
TO SERVICE 'ServiceB', 'CURRENT DATABASE'
WITH ENCRYPTION = OFF;
SEND ON CONVERSATION @h2 ('Also Success!');
COMMIT;
select count(*) StuckInTranQ_cnt from sys.transmission_queue
select convert(xml,message_body) as MsgBody from QueueB
--basic cleanup
USE master;
GO
DROP DATABASE SBTestLocal;
GO
DROP DATABASE SBTestRemote;
GO
......@@ -8,15 +8,23 @@ This folder contains the source code for my [Service Broker Demystified blog ser
`contracts_and_message_types.sql` covers why contracts and message types are optional, yet really important.
`ConversationReplayAttacks.sql` demos how a SSB replay attack occurs and how SSB natively thwarts it.
`Conversations.sql` covers some interesting anomalies with CLOSED conversations.
`default_contract.sql` and `default_contract2.sql` covers why [DEFAULT] contract is not the default contract for a service
`encryption_errors.sql` and `encryption_errors2.sql` cover goofiness with encryption and how to work around it.
`GUIDs.sql` covers interesting aspects of SET NEW_BROKER vs ENABLE_BROKER.
`Initiators_and_targets.sql` demos why initiator services are delimited as objects but target services are string literals.
`Initiators_and_targets2.sql` covers when in the dialog process a connection is made to a remote service.
`more_on_services.sql` demos how to determine if a service is "send-only" as well as some other anomalies of services.
`ServicesAndQueues.sql` demonstrates why we need to have both service and queue objects in Service Broker.
`ServicesAndQueues.sql` demonstrates why we need to have both service and queue objects in Service Broker.
`URIs.sql` dispels the myth that if you use URI naming that your SQL Server will access external resources for validation.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment