private static SafeCtxtHandle GetSecContext(SafeCredHandle hCred, SafeSecBufferDesc pOutput, string target = null)
{
if (target is null)
{
target = WindowsIdentity.GetCurrent().Name;
}
var hCtxt = new SafeCtxtHandle();
var hr = InitializeSecurityContext(hCred, hCtxt, target, 0, DREP.SECURITY_NATIVE_DREP, null, pOutput, out _, out _);
if (hr == HRESULT.SEC_I_COMPLETE_NEEDED)
{
hr = CompleteAuthToken(hCtxt, pOutput.GetRef());
}
else if (hr == HRESULT.SEC_I_CONTINUE_NEEDED)
{
var pIn = pOutput;
var hCtxt2 = SafeCtxtHandle.Null;
unsafe
{
using (var pOutput2 = new SafeSecBufferDesc(SecBufferType.SECBUFFER_TOKEN))
{
AcceptSecurityContext(hCred, hCtxt2, pIn, ASC_REQ.ASC_REQ_ALLOCATE_MEMORY, DREP.SECURITY_NATIVE_DREP, out var hCtxt2Temp, pOutput2, out _, out _).ThrowIfFailed();
return(new SafeCtxtHandle(hCtxt2Temp));
}
}
}
hr.ThrowIfFailed();
return(hCtxt);
}
public SspiContext()
{
this.Handle = new SafeCtxtHandle();
this.SecBufferDesc5 = new SecBufferDescEx(new SecBufferEx[5]);
this.SecBufferDesc2 = new SecBufferDescEx[]
{
new SecBufferDescEx(new SecBufferEx[2]),
new SecBufferDescEx(new SecBufferEx[2])
};
this.Buffer = new StreamBuffer();
}
public SspiContext()
{
Handle = new SafeCtxtHandle();
SecBufferDesc5 = new SecBufferDescEx(new SecBufferEx[5]);
SecBufferDesc2 = new SecBufferDescEx[]
{
new SecBufferDescEx(new SecBufferEx[2]),
new SecBufferDescEx(new SecBufferEx[2]),
};
Buffer = new StreamBuffer();
}
public SspiContext()
{
Handle = new SafeCtxtHandle();
SecBufferDesc5 = new SecBufferDescEx(new SecBufferEx[5]);
SecBufferDesc2 = new SecBufferDescEx[]
{
new SecBufferDescEx(new SecBufferEx[2]),
new SecBufferDescEx(new SecBufferEx[2]),
};
Buffer = new StreamBuffer();
}
public SecurityAssociation(int opaque, AuthSchemes scheme, ByteArrayPart targetname) //, SafeCredHandle credentials)
{
this.scheme = scheme;
this.targetname = targetname.DeepCopy();
this.Opaque = opaque;
this.contextHandle = new SafeCtxtHandle();
this.expireTime = DateTime.MaxValue;
this.idleTime = DateTime.MaxValue;
this.idleTimeUpdatedByExpires = false;
this.outSnum = 0;
this.inCnum = 0;
//_SlidingWindow.SetAll(false);
}
public bool Authentication(SafeCredHandle credHandle, Methods method, byte[] realm, byte[] inToken, out ArraySegment <byte> outToken)
{
//idleTime = DateTime.UtcNow.AddMinutes(IdleMinutes);
InitializeThreadStaticVars();
secBufferDesc1.Buffers[0].SetBuffer(BufferType.SECBUFFER_TOKEN, inToken);
secBufferDesc1.Buffers[1].SetBuffer(BufferType.SECBUFFER_PKG_PARAMS, method.ToByteArrayPart().Bytes);
secBufferDesc1.Buffers[2].SetBuffer(BufferType.SECBUFFER_PKG_PARAMS, new byte[0]);
secBufferDesc1.Buffers[3].SetBuffer(BufferType.SECBUFFER_PKG_PARAMS, new byte[0]);
secBufferDesc1.Buffers[4].SetBuffer(BufferType.SECBUFFER_PKG_PARAMS, realm);
secBufferDesc1.Buffers[5].SetBuffer(BufferType.SECBUFFER_CHANNEL_BINDINGS, new byte[0]);
secBufferDesc2.Buffers[0].SetBuffer(BufferType.SECBUFFER_TOKEN, bytes1);
secBufferDesc2.Buffers[1].SetBufferEmpty();
var newHandle = (contextHandle.IsInvalid) ? new SafeCtxtHandle() : contextHandle;
var result = Sspi.SafeAcceptSecurityContext(
ref credHandle,
ref contextHandle,
ref secBufferDesc1,
0,
TargetDataRep.SECURITY_NETWORK_DREP,
ref newHandle,
ref secBufferDesc2);
Tracer.WriteInformation("SSPI Digest Auth: " + result.ToString());
if (contextHandle.IsInvalid && newHandle.IsInvalid == false)
{
contextHandle = newHandle;
}
if (result == SecurityStatus.SEC_E_OK)
{
outToken = new ArraySegment <byte>();
isAuthenticationComplete = true;
return(true);
}
else
{
outToken = new ArraySegment <byte>();
return(false);
}
}
public void InitializeSecurityContextTest2()
{
var sid = new SEC_WINNT_AUTH_IDENTITY(Environment.UserName, Environment.UserDomainName, "");
using (var hCred = SafeCredHandle.Acquire <SEC_WINNT_AUTH_IDENTITY>(NTLMSP_NAME, SECPKG_CRED.SECPKG_CRED_OUTBOUND, sid))
{
var hCtxt = new SafeCtxtHandle();
var fContextReq = ASC_REQ.ASC_REQ_REPLAY_DETECT | ASC_REQ.ASC_REQ_SEQUENCE_DETECT | ASC_REQ.ASC_REQ_CONFIDENTIALITY | ASC_REQ.ASC_REQ_DELEGATE;
var hr = InitializeSecurityContext(hCred, hCtxt, WindowsIdentity.GetCurrent().Name, fContextReq, DREP.SECURITY_NATIVE_DREP,
null, SecBufferType.SECBUFFER_TOKEN, out var sbd, out _, out _);
Assert.That(hr, Is.EqualTo((HRESULT)0).Or.Property("Succeeded").True);
Assert.That(hCtxt.DangerousGetHandle().IsNull, Is.False);
Assert.That(sbd.Count, Is.EqualTo(1));
Assert.That(sbd[0].pvBuffer, Is.Not.EqualTo(IntPtr.Zero));
Assert.That(() => sbd.Dispose(), Throws.Nothing);
}
}
public ErrorCodes Authentication(SafeCredHandle credHandle, byte[] inToken, out ArraySegment <byte> outToken)
{
idleTime = DateTime.UtcNow.AddMinutes(IdleMinutes);
InitializeThreadStaticVars();
secBufferDesc1.Buffers[0].SetBuffer(BufferType.SECBUFFER_TOKEN, inToken);
secBufferDesc1.Buffers[1].SetBufferEmpty();
secBufferDesc2.Buffers[0].SetBuffer(BufferType.SECBUFFER_TOKEN, bytes1);
secBufferDesc2.Buffers[1].SetBufferEmpty();
var newHandle = (contextHandle.IsInvalid) ? new SafeCtxtHandle() : contextHandle;
var result = Sspi.SafeAcceptSecurityContext(
ref credHandle,
ref contextHandle,
ref secBufferDesc1,
(int)(ContextReq.ASC_REQ_INTEGRITY | ContextReq.ASC_REQ_IDENTIFY |
((scheme == AuthSchemes.Ntlm) ? ContextReq.ASC_REQ_DATAGRAM : ContextReq.ASC_REQ_MUTUAL_AUTH)),
TargetDataRep.SECURITY_NETWORK_DREP,
ref newHandle,
ref secBufferDesc2);
Tracer.WriteInformation("Auth: " + result.ToString());
if (contextHandle.IsInvalid && newHandle.IsInvalid == false)
{
contextHandle = newHandle;
}
if (result == SecurityStatus.SEC_E_OK)
{
outToken = new ArraySegment <byte>();
isAuthenticationComplete = true;
SecPkgContext_Sizes sizes;
if (Sspi.Failed(Sspi.SafeQueryContextAttributes(ref contextHandle, out sizes)))
{
return(ErrorCodes.QueryContextAttributesForSizesFailed);
}
maxSignatureSize = sizes.cbMaxSignature;
if (Sspi.Failed(Sspi.SafeQueryContextAttributes(ref contextHandle, out userName)))
{
return(ErrorCodes.QueryContextAttributesForUsernameFailed);
}
int slash = userName.IndexOf('\\');
if (slash >= 0)
{
userName = userName.Substring(slash + 1);
}
Tracer.WriteInformation("Username: " + userName);
expireTime = DateTime.UtcNow.AddHours(ExpirationHours);
return(ErrorCodes.Ok);
}
else if (result == SecurityStatus.SEC_I_CONTINUE_NEEDED)
{
outToken = new ArraySegment <byte>(bytes1, 0, secBufferDesc2.Buffers[0].Size);
return(ErrorCodes.Continue);
}
else
{
outToken = new ArraySegment <byte>();
return(ErrorCodes.SecurityViolation);
}
}
public SecurityAssociation()
{
this.contextHandle = new SafeCtxtHandle();
}
private bool Handshake(ServerAsyncEventArgs ie, Server <C> .Connection <C> connection)
{
int num = 0;
ServerAsyncEventArgs serverAsyncEventArgs = null;
SspiContext sspiContext = connection.SspiContext;
SecBufferDescEx secBufferDescEx = sspiContext.SecBufferDesc2[0];
SecBufferDescEx secBufferDescEx2 = sspiContext.SecBufferDesc2[1];
bool result;
try
{
if (sspiContext.Buffer.IsValid && ie != null && !sspiContext.Buffer.CopyTransferredFrom(ie, 0))
{
result = false;
}
else
{
while (true)
{
secBufferDescEx.Buffers[0].BufferType = BufferType.SECBUFFER_TOKEN;
if (sspiContext.Buffer.IsValid)
{
this.SetSecBuffer(ref secBufferDescEx.Buffers[0], sspiContext);
}
else
{
this.SetSecBuffer(ref secBufferDescEx.Buffers[0], ie);
}
secBufferDescEx.Buffers[1].SetBufferEmpty();
if (serverAsyncEventArgs == null)
{
serverAsyncEventArgs = EventArgsManager.Get();
}
serverAsyncEventArgs.AllocateBuffer();
secBufferDescEx2.Buffers[0].BufferType = BufferType.SECBUFFER_TOKEN;
secBufferDescEx2.Buffers[0].Size = serverAsyncEventArgs.Count;
secBufferDescEx2.Buffers[0].Buffer = serverAsyncEventArgs.Buffer;
secBufferDescEx2.Buffers[0].Offset = serverAsyncEventArgs.Offset;
secBufferDescEx2.Buffers[1].SetBufferEmpty();
int contextReq = 98332;
SafeCtxtHandle handle = sspiContext.Handle.IsInvalid ? new SafeCtxtHandle() : sspiContext.Handle;
long num2;
SecurityStatus securityStatus = Sspi.SafeAcceptSecurityContext(ref this.credential, ref sspiContext.Handle, ref secBufferDescEx, contextReq, TargetDataRep.SECURITY_NATIVE_DREP, ref handle, ref secBufferDescEx2, out num, out num2);
if (sspiContext.Handle.IsInvalid)
{
sspiContext.Handle = handle;
}
SecurityStatus securityStatus2 = securityStatus;
if (securityStatus2 == (SecurityStatus)2148074264u)
{
break;
}
if (securityStatus2 != (SecurityStatus)2148074273u)
{
if ((securityStatus == SecurityStatus.SEC_I_CONTINUE_NEEDED || securityStatus == SecurityStatus.SEC_E_OK || (Sspi.Failed(securityStatus) && (num & 32768) != 0)) && secBufferDescEx2.Buffers[0].Size > 0)
{
serverAsyncEventArgs.Count = secBufferDescEx2.Buffers[0].Size;
serverAsyncEventArgs.CopyAddressesFrom(ie);
serverAsyncEventArgs.LocalEndPoint = base.GetLocalEndpoint(ie.RemoteEndPoint.Address);
base.SendAsync(connection, serverAsyncEventArgs);
serverAsyncEventArgs = null;
}
int bufferIndex = secBufferDescEx.GetBufferIndex(BufferType.SECBUFFER_EXTRA, 0);
if (bufferIndex < 0)
{
sspiContext.Buffer.Free();
}
else if (sspiContext.Buffer.IsInvalid)
{
if (!sspiContext.Buffer.CopyTransferredFrom(ie, ie.BytesTransferred - secBufferDescEx.Buffers[bufferIndex].Size))
{
goto Block_21;
}
}
else
{
sspiContext.Buffer.MoveToBegin(sspiContext.Buffer.BytesTransferred - secBufferDescEx.Buffers[bufferIndex].Size, secBufferDescEx.Buffers[bufferIndex].Size);
}
SecurityStatus securityStatus3 = securityStatus;
if (securityStatus3 == SecurityStatus.SEC_E_OK)
{
goto IL_2FF;
}
if (securityStatus3 != SecurityStatus.SEC_I_CONTINUE_NEEDED)
{
goto Block_23;
}
if (bufferIndex < 0)
{
goto Block_25;
}
}
else
{
if (serverAsyncEventArgs.Count >= this.maxTokenSize)
{
goto IL_1DC;
}
serverAsyncEventArgs.Count = this.maxTokenSize;
serverAsyncEventArgs.ReAllocateBuffer(false);
}
}
if (sspiContext.Buffer.IsInvalid && !sspiContext.Buffer.CopyTransferredFrom(ie, 0))
{
result = false;
return(result);
}
result = true;
return(result);
IL_1DC:
result = false;
return(result);
Block_21:
result = false;
return(result);
Block_23:
result = false;
return(result);
IL_2FF:
if (Sspi.SafeQueryContextAttributes(ref sspiContext.Handle, out sspiContext.StreamSizes) != SecurityStatus.SEC_E_OK)
{
result = false;
return(result);
}
sspiContext.Connected = true;
this.OnNewConnection(connection);
result = true;
return(result);
Block_25:
result = true;
}
}
finally
{
if (serverAsyncEventArgs != null)
{
EventArgsManager.Put(ref serverAsyncEventArgs);
}
}
return(result);
}
