internal static SecurityStatusPal CompleteAuthToken(
ref SafeDeleteContext securityContext,
SecurityBuffer[] inSecurityBufferArray)
{
Interop.SECURITY_STATUS winStatus = (Interop.SECURITY_STATUS)SSPIWrapper.CompleteAuthToken(
GlobalSSPI.SSPIAuth,
ref securityContext,
inSecurityBufferArray);
return SecurityStatusAdapterPal.GetSecurityStatusPalFromInterop(winStatus);
}
public static SecurityStatusPal AcceptSecurityContext(ref SafeFreeCredentials credentialsHandle, ref SafeDeleteContext context, SecurityBuffer inputBuffer, SecurityBuffer outputBuffer, bool remoteCertRequired)
{
Interop.SspiCli.ContextFlags unusedAttributes = default(Interop.SspiCli.ContextFlags);
int errorCode = SSPIWrapper.AcceptSecurityContext(
GlobalSSPI.SSPISecureChannel,
ref credentialsHandle,
ref context,
ServerRequiredFlags | (remoteCertRequired ? Interop.SspiCli.ContextFlags.MutualAuth : Interop.SspiCli.ContextFlags.Zero),
Interop.SspiCli.Endianness.SECURITY_NATIVE_DREP,
inputBuffer,
outputBuffer,
ref unusedAttributes);
return SecurityStatusAdapterPal.GetSecurityStatusPalFromNativeInt(errorCode);
}
public static SecurityStatusPal InitializeSecurityContext(SafeFreeCredentials credentialsHandle, ref SafeDeleteContext context, string targetName, SecurityBuffer[] inputBuffers, SecurityBuffer outputBuffer)
{
Interop.SspiCli.ContextFlags unusedAttributes = default(Interop.SspiCli.ContextFlags);
int errorCode = SSPIWrapper.InitializeSecurityContext(
GlobalSSPI.SSPISecureChannel,
credentialsHandle,
ref context,
targetName,
RequiredFlags | Interop.SspiCli.ContextFlags.InitManualCredValidation,
Interop.SspiCli.Endianness.SECURITY_NATIVE_DREP,
inputBuffers,
outputBuffer,
ref unusedAttributes);
return SecurityStatusAdapterPal.GetSecurityStatusPalFromNativeInt(errorCode);
}
internal static SecurityStatusPal InitializeSecurityContext(
SafeFreeCredentials credentialsHandle,
ref SafeDeleteContext securityContext,
string spn,
ContextFlagsPal requestedContextFlags,
SecurityBuffer[] inSecurityBufferArray,
SecurityBuffer outSecurityBuffer,
ref ContextFlagsPal contextFlags)
{
Interop.SspiCli.ContextFlags outContextFlags = Interop.SspiCli.ContextFlags.Zero;
Interop.SECURITY_STATUS winStatus = (Interop.SECURITY_STATUS)SSPIWrapper.InitializeSecurityContext(
GlobalSSPI.SSPIAuth,
credentialsHandle,
ref securityContext,
spn,
ContextFlagsAdapterPal.GetInteropFromContextFlagsPal(requestedContextFlags),
Interop.SspiCli.Endianness.SECURITY_NETWORK_DREP,
inSecurityBufferArray,
outSecurityBuffer,
ref outContextFlags);
contextFlags = ContextFlagsAdapterPal.GetContextFlagsPalFromInterop(outContextFlags);
return SecurityStatusAdapterPal.GetSecurityStatusPalFromInterop(winStatus);
}
public static SecurityBuffer[] GetIncomingSecurityBuffers(SslAuthenticationOptions options, ref SecurityBuffer incomingSecurity)
{
SecurityBuffer alpnBuffer = null;
SecurityBuffer[] incomingSecurityBuffers = null;
if (options.ApplicationProtocols != null && options.ApplicationProtocols.Count != 0)
{
byte[] alpnBytes = SslStreamPal.ConvertAlpnProtocolListToByteArray(options.ApplicationProtocols);
alpnBuffer = new SecurityBuffer(alpnBytes, 0, alpnBytes.Length, SecurityBufferType.SECBUFFER_APPLICATION_PROTOCOLS);
}
if (incomingSecurity != null)
{
if (alpnBuffer != null)
{
incomingSecurityBuffers = new SecurityBuffer[]
{
incomingSecurity,
new SecurityBuffer(null, 0, 0, SecurityBufferType.SECBUFFER_EMPTY),
alpnBuffer
};
}
else
{
incomingSecurityBuffers = new SecurityBuffer[]
{
incomingSecurity,
new SecurityBuffer(null, 0, 0, SecurityBufferType.SECBUFFER_EMPTY)
};
}
}
else if (alpnBuffer != null)
{
incomingSecurity = alpnBuffer;
}
return(incomingSecurityBuffers);
}
public static SecurityStatusPal ApplyAlertToken(ref SafeFreeCredentials credentialsHandle, SafeDeleteContext securityContext, TlsAlertType alertType, TlsAlertMessage alertMessage)
{
Interop.SChannel.SCHANNEL_ALERT_TOKEN alertToken;
alertToken.dwTokenType = Interop.SChannel.SCHANNEL_ALERT;
alertToken.dwAlertType = (uint)alertType;
alertToken.dwAlertNumber = (uint)alertMessage;
var bufferDesc = new SecurityBuffer[1];
int alertTokenByteSize = Marshal.SizeOf<Interop.SChannel.SCHANNEL_ALERT_TOKEN>();
IntPtr p = Marshal.AllocHGlobal(alertTokenByteSize);
try
{
var buffer = new byte[alertTokenByteSize];
Marshal.StructureToPtr<Interop.SChannel.SCHANNEL_ALERT_TOKEN>(alertToken, p, false);
Marshal.Copy(p, buffer, 0, alertTokenByteSize);
bufferDesc[0] = new SecurityBuffer(buffer, SecurityBufferType.SECBUFFER_TOKEN);
var errorCode = (Interop.SECURITY_STATUS)SSPIWrapper.ApplyControlToken(
GlobalSSPI.SSPISecureChannel,
ref securityContext,
bufferDesc);
return SecurityStatusAdapterPal.GetSecurityStatusPalFromInterop(errorCode, attachException:true);
}
finally
{
Marshal.FreeHGlobal(p);
}
}
internal static int MakeSignature(SafeDeleteContext securityContext, byte[] buffer, int offset, int count, ref byte[] output)
{
SecPkgContext_Sizes sizes = SSPIWrapper.QueryContextAttributes(
GlobalSSPI.SSPIAuth,
securityContext,
Interop.SspiCli.ContextAttribute.SECPKG_ATTR_SIZES
) as SecPkgContext_Sizes;
// alloc new output buffer if not supplied or too small
int resultSize = count + sizes.cbMaxSignature;
if (output == null || output.Length < resultSize)
{
output = new byte[resultSize];
}
// make a copy of user data for in-place encryption
Buffer.BlockCopy(buffer, offset, output, sizes.cbMaxSignature, count);
// setup security buffers for ssp call
SecurityBuffer[] securityBuffer = new SecurityBuffer[2];
securityBuffer[0] = new SecurityBuffer(output, 0, sizes.cbMaxSignature, SecurityBufferType.SECBUFFER_TOKEN);
securityBuffer[1] = new SecurityBuffer(output, sizes.cbMaxSignature, count, SecurityBufferType.SECBUFFER_DATA);
// call SSP Function
int errorCode = SSPIWrapper.MakeSignature(GlobalSSPI.SSPIAuth, securityContext, securityBuffer, 0);
// throw if error
if (errorCode != 0)
{
NetEventSource.Info($"MakeSignature threw error: {errorCode.ToString("x", NumberFormatInfo.InvariantInfo)}");
throw new Win32Exception(errorCode);
}
// return signed size
return securityBuffer[0].size + securityBuffer[1].size;
}
internal Interop.SecurityStatus Decrypt(byte[] payload, ref int offset, ref int count)
{
GlobalLog.Print("SecureChannel#" + Logging.HashString(this) + "::Decrypt() - offset: " + offset.ToString() + " size: " + count.ToString() + " buffersize: " + payload.Length.ToString());
if (offset < 0 || offset > (payload == null ? 0 : payload.Length))
{
GlobalLog.Assert(false, "SecureChannel#" + Logging.HashString(this) + "::Encrypt", "Argument 'offset' out of range.");
throw new ArgumentOutOfRangeException("offset");
}
if (count < 0 || count > (payload == null ? 0 : payload.Length - offset))
{
GlobalLog.Assert(false, "SecureChannel#" + Logging.HashString(this) + "::Encrypt", "Argument 'count' out of range.");
throw new ArgumentOutOfRangeException("count");
}
// Decryption using SCHANNEL requires four buffers.
SecurityBuffer[] decspc = new SecurityBuffer[4];
decspc[0] = new SecurityBuffer(payload, offset, count, SecurityBufferType.Data);
decspc[1] = new SecurityBuffer(null, SecurityBufferType.Empty);
decspc[2] = new SecurityBuffer(null, SecurityBufferType.Empty);
decspc[3] = new SecurityBuffer(null, SecurityBufferType.Empty);
Interop.SecurityStatus errorCode = (Interop.SecurityStatus)SSPIWrapper.DecryptMessage(GlobalSSPI.SSPISecureChannel, _securityContext, decspc, 0);
count = 0;
for (int i = 0; i < decspc.Length; i++)
{
// Successfully decoded data and placed it at the following position in the buffer,
if ((errorCode == Interop.SecurityStatus.OK && decspc[i].type == SecurityBufferType.Data)
// or we failed to decode the data, here is the encoded data.
|| (errorCode != Interop.SecurityStatus.OK && decspc[i].type == SecurityBufferType.Extra))
{
offset = decspc[i].offset;
count = decspc[i].size;
break;
}
}
return errorCode;
}
/*++
GenerateToken - Called after each successive state
in the Client - Server handshake. This function
generates a set of bytes that will be sent next to
the server. The server responds, each response,
is pass then into this function, again, and the cycle
repeats until successful connection, or failure.
Input:
input - bytes from the wire
output - ref to byte [], what we will send to the
server in response
Return:
errorCode - an SSPI error code
--*/
private Interop.SecurityStatus GenerateToken(byte[] input, int offset, int count, ref byte[] output)
{
#if TRACE_VERBOSE
GlobalLog.Enter("SecureChannel#" + Logging.HashString(this) + "::GenerateToken, _refreshCredentialNeeded = " + _refreshCredentialNeeded);
#endif
if (offset < 0 || offset > (input == null ? 0 : input.Length))
{
GlobalLog.Assert(false, "SecureChannel#" + Logging.HashString(this) + "::GenerateToken", "Argument 'offset' out of range.");
throw new ArgumentOutOfRangeException("offset");
}
if (count < 0 || count > (input == null ? 0 : input.Length - offset))
{
GlobalLog.Assert(false, "SecureChannel#" + Logging.HashString(this) + "::GenerateToken", "Argument 'count' out of range.");
throw new ArgumentOutOfRangeException("count");
}
SecurityBuffer incomingSecurity = null;
SecurityBuffer[] incomingSecurityBuffers = null;
if (input != null)
{
incomingSecurity = new SecurityBuffer(input, offset, count, SecurityBufferType.Token);
incomingSecurityBuffers = new SecurityBuffer[]
{
incomingSecurity,
new SecurityBuffer(null, 0, 0, SecurityBufferType.Empty)
};
}
SecurityBuffer outgoingSecurity = new SecurityBuffer(null, SecurityBufferType.Token);
int errorCode = 0;
bool cachedCreds = false;
byte[] thumbPrint = null;
//
// Looping through ASC or ISC with potentially cached credential that could have been
// already disposed from a different thread before ISC or ASC dir increment a cred ref count.
//
try
{
do
{
thumbPrint = null;
if (_refreshCredentialNeeded)
{
cachedCreds = _serverMode
? AcquireServerCredentials(ref thumbPrint)
: AcquireClientCredentials(ref thumbPrint);
}
if (_serverMode)
{
errorCode = SSPIWrapper.AcceptSecurityContext(
GlobalSSPI.SSPISecureChannel,
ref _credentialsHandle,
ref _securityContext,
ServerRequiredFlags | (_remoteCertRequired ? Interop.Secur32.ContextFlags.MutualAuth : Interop.Secur32.ContextFlags.Zero),
Interop.Secur32.Endianness.Native,
incomingSecurity,
outgoingSecurity,
ref _attributes
);
}
else
{
if (incomingSecurity == null)
{
errorCode = SSPIWrapper.InitializeSecurityContext(
GlobalSSPI.SSPISecureChannel,
ref _credentialsHandle,
ref _securityContext,
_destination,
RequiredFlags | Interop.Secur32.ContextFlags.InitManualCredValidation,
Interop.Secur32.Endianness.Native,
incomingSecurity,
outgoingSecurity,
ref _attributes
);
}
else
{
errorCode = SSPIWrapper.InitializeSecurityContext(
GlobalSSPI.SSPISecureChannel,
_credentialsHandle,
ref _securityContext,
_destination,
RequiredFlags | Interop.Secur32.ContextFlags.InitManualCredValidation,
Interop.Secur32.Endianness.Native,
incomingSecurityBuffers,
outgoingSecurity,
ref _attributes
);
}
}
} while (cachedCreds && _credentialsHandle == null);
}
finally
{
if (_refreshCredentialNeeded)
{
_refreshCredentialNeeded = false;
//
// Assuming the ISC or ASC has referenced the credential,
// we want to call dispose so to decrement the effective ref count.
//
if (_credentialsHandle != null)
{
_credentialsHandle.Dispose();
}
//
// This call may bump up the credential reference count further.
// Note that thumbPrint is retrieved from a safe cert object that was possible cloned from the user passed cert.
//
if (!cachedCreds && _securityContext != null && !_securityContext.IsInvalid && _credentialsHandle != null && !_credentialsHandle.IsInvalid)
{
SslSessionsCache.CacheCredential(_credentialsHandle, thumbPrint, _protocolFlags, _encryptionPolicy);
}
}
}
output = outgoingSecurity.token;
#if TRACE_VERBOSE
GlobalLog.Leave("SecureChannel#" + Logging.HashString(this) + "::GenerateToken()", Interop.MapSecurityStatus((uint)errorCode));
#endif
return (Interop.SecurityStatus)errorCode;
}
//-------------------------------------------------------------------
internal unsafe static int AcceptSecurityContext(
ref SafeFreeCredentials inCredentials,
ref SafeDeleteContext refContext,
Interop.Secur32.ContextFlags inFlags,
Interop.Secur32.Endianness endianness,
SecurityBuffer inSecBuffer,
SecurityBuffer[] inSecBuffers,
SecurityBuffer outSecBuffer,
ref Interop.Secur32.ContextFlags outFlags)
{
#if TRACE_VERBOSE
GlobalLog.Enter("SafeDeleteContext::AcceptSecurityContex");
GlobalLog.Print(" credential = " + inCredentials.ToString());
GlobalLog.Print(" refContext = " + Logging.ObjectToString(refContext));
GlobalLog.Print(" inFlags = " + inFlags);
if (inSecBuffers == null)
{
GlobalLog.Print(" inSecBuffers = (null)");
}
else
{
GlobalLog.Print(" inSecBuffers[] = length:" + inSecBuffers.Length);
}
#endif
GlobalLog.Assert(outSecBuffer != null, "SafeDeleteContext::AcceptSecurityContext()|outSecBuffer != null");
GlobalLog.Assert(inSecBuffer == null || inSecBuffers == null, "SafeDeleteContext::AcceptSecurityContext()|inSecBuffer == null || inSecBuffers == null");
if (inCredentials == null)
{
throw new ArgumentNullException("inCredentials");
}
Interop.Secur32.SecurityBufferDescriptor inSecurityBufferDescriptor = null;
if (inSecBuffer != null)
{
inSecurityBufferDescriptor = new Interop.Secur32.SecurityBufferDescriptor(1);
}
else if (inSecBuffers != null)
{
inSecurityBufferDescriptor = new Interop.Secur32.SecurityBufferDescriptor(inSecBuffers.Length);
}
Interop.Secur32.SecurityBufferDescriptor outSecurityBufferDescriptor = new Interop.Secur32.SecurityBufferDescriptor(1);
// Actually, this is returned in outFlags.
bool isSspiAllocated = (inFlags & Interop.Secur32.ContextFlags.AllocateMemory) != 0 ? true : false;
int errorCode = -1;
Interop.Secur32.SSPIHandle contextHandle = new Interop.Secur32.SSPIHandle();
if (refContext != null)
{
contextHandle = refContext._handle;
}
// These are pinned user byte arrays passed along with SecurityBuffers.
GCHandle[] pinnedInBytes = null;
GCHandle pinnedOutBytes = new GCHandle();
// Optional output buffer that may need to be freed.
SafeFreeContextBuffer outFreeContextBuffer = null;
try
{
pinnedOutBytes = GCHandle.Alloc(outSecBuffer.token, GCHandleType.Pinned);
var inUnmanagedBuffer = new Interop.Secur32.SecurityBufferStruct[inSecurityBufferDescriptor == null ? 1 : inSecurityBufferDescriptor.Count];
fixed(void *inUnmanagedBufferPtr = inUnmanagedBuffer)
{
if (inSecurityBufferDescriptor != null)
{
// Fix Descriptor pointer that points to unmanaged SecurityBuffers.
inSecurityBufferDescriptor.UnmanagedPointer = inUnmanagedBufferPtr;
pinnedInBytes = new GCHandle[inSecurityBufferDescriptor.Count];
SecurityBuffer securityBuffer;
for (int index = 0; index < inSecurityBufferDescriptor.Count; ++index)
{
securityBuffer = inSecBuffer != null ? inSecBuffer : inSecBuffers[index];
if (securityBuffer != null)
{
// Copy the SecurityBuffer content into unmanaged place holder.
inUnmanagedBuffer[index].count = securityBuffer.size;
inUnmanagedBuffer[index].type = securityBuffer.type;
// Use the unmanaged token if it's not null; otherwise use the managed buffer.
if (securityBuffer.unmanagedToken != null)
{
inUnmanagedBuffer[index].token = securityBuffer.unmanagedToken.DangerousGetHandle();
}
else if (securityBuffer.token == null || securityBuffer.token.Length == 0)
{
inUnmanagedBuffer[index].token = IntPtr.Zero;
}
else
{
pinnedInBytes[index] = GCHandle.Alloc(securityBuffer.token, GCHandleType.Pinned);
inUnmanagedBuffer[index].token = Marshal.UnsafeAddrOfPinnedArrayElement(securityBuffer.token, securityBuffer.offset);
}
#if TRACE_VERBOSE
GlobalLog.Print("SecBuffer: cbBuffer:" + securityBuffer.size + " BufferType:" + securityBuffer.type);
#endif
}
}
}
var outUnmanagedBuffer = new Interop.Secur32.SecurityBufferStruct[1];
fixed(void *outUnmanagedBufferPtr = outUnmanagedBuffer)
{
// Fix Descriptor pointer that points to unmanaged SecurityBuffers.
outSecurityBufferDescriptor.UnmanagedPointer = outUnmanagedBufferPtr;
// Copy the SecurityBuffer content into unmanaged place holder.
outUnmanagedBuffer[0].count = outSecBuffer.size;
outUnmanagedBuffer[0].type = outSecBuffer.type;
if (outSecBuffer.token == null || outSecBuffer.token.Length == 0)
{
outUnmanagedBuffer[0].token = IntPtr.Zero;
}
else
{
outUnmanagedBuffer[0].token = Marshal.UnsafeAddrOfPinnedArrayElement(outSecBuffer.token, outSecBuffer.offset);
}
if (isSspiAllocated)
{
outFreeContextBuffer = SafeFreeContextBuffer.CreateEmptyHandle();
}
if (refContext == null || refContext.IsInvalid)
{
refContext = new SafeDeleteContext_SECURITY();
}
errorCode = MustRunAcceptSecurityContext_SECURITY(
ref inCredentials,
contextHandle.IsZero ? null : &contextHandle,
inSecurityBufferDescriptor,
inFlags,
endianness,
refContext,
outSecurityBufferDescriptor,
ref outFlags,
outFreeContextBuffer);
GlobalLog.Print("SafeDeleteContext:AcceptSecurityContext Marshalling OUT buffer");
// Get unmanaged buffer with index 0 as the only one passed into PInvoke.
outSecBuffer.size = outUnmanagedBuffer[0].count;
outSecBuffer.type = outUnmanagedBuffer[0].type;
if (outSecBuffer.size > 0)
{
outSecBuffer.token = new byte[outSecBuffer.size];
Marshal.Copy(outUnmanagedBuffer[0].token, outSecBuffer.token, 0, outSecBuffer.size);
}
else
{
outSecBuffer.token = null;
}
}
}
}
finally
{
if (pinnedInBytes != null)
{
for (int index = 0; index < pinnedInBytes.Length; index++)
{
if (pinnedInBytes[index].IsAllocated)
{
pinnedInBytes[index].Free();
}
}
}
if (pinnedOutBytes.IsAllocated)
{
pinnedOutBytes.Free();
}
if (outFreeContextBuffer != null)
{
outFreeContextBuffer.Dispose();
}
}
GlobalLog.Leave("SafeDeleteContext::AcceptSecurityContex() unmanaged AcceptSecurityContex()", "errorCode:0x" + errorCode.ToString("x8") + " refContext:" + Logging.ObjectToString(refContext));
return(errorCode);
}
internal static int Decrypt(
SafeDeleteContext securityContext,
byte[] buffer,
int offset,
int count,
bool isConfidential,
bool isNtlm,
out int newOffset,
uint sequenceNumber)
{
if (offset < 0 || offset > (buffer == null ? 0 : buffer.Length))
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Assert("NTAuthentication#" + LoggingHash.HashString(securityContext) + "::Decrypt", "Argument 'offset' out of range.");
}
Debug.Fail("NTAuthentication#" + LoggingHash.HashString(securityContext) + "::Decrypt", "Argument 'offset' out of range.");
throw new ArgumentOutOfRangeException(nameof(offset));
}
if (count < 0 || count > (buffer == null ? 0 : buffer.Length - offset))
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Assert("NTAuthentication#" + LoggingHash.HashString(securityContext) + "::Decrypt", "Argument 'count' out of range.");
}
Debug.Fail("NTAuthentication#" + LoggingHash.HashString(securityContext) + "::Decrypt", "Argument 'count' out of range.");
throw new ArgumentOutOfRangeException(nameof(count));
}
if (isNtlm)
{
return DecryptNtlm(securityContext, buffer, offset, count, isConfidential, out newOffset, sequenceNumber);
}
//
// Kerberos and up
//
var securityBuffer = new SecurityBuffer[2];
securityBuffer[0] = new SecurityBuffer(buffer, offset, count, SecurityBufferType.Stream);
securityBuffer[1] = new SecurityBuffer(0, SecurityBufferType.Data);
int errorCode;
if (isConfidential)
{
errorCode = SSPIWrapper.DecryptMessage(GlobalSSPI.SSPIAuth, securityContext, securityBuffer, sequenceNumber);
}
else
{
errorCode = SSPIWrapper.VerifySignature(GlobalSSPI.SSPIAuth, securityContext, securityBuffer, sequenceNumber);
}
if (errorCode != 0)
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Print("NTAuthentication#"+ "::Decrypt() throw Error = " + errorCode.ToString("x", NumberFormatInfo.InvariantInfo));
}
throw new Win32Exception(errorCode);
}
if (securityBuffer[1].type != SecurityBufferType.Data)
{
throw new InternalException();
}
newOffset = securityBuffer[1].offset;
return securityBuffer[1].size;
}
internal static int Decrypt(
SafeDeleteContext securityContext,
byte[] buffer,
int offset,
int count,
bool isConfidential,
bool isNtlm,
out int newOffset,
uint sequenceNumber)
{
if (offset < 0 || offset > (buffer == null ? 0 : buffer.Length))
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Assert("NTAuthentication#" + LoggingHash.HashString(securityContext) + "::Decrypt", "Argument 'offset' out of range.");
}
Debug.Fail("NTAuthentication#" + LoggingHash.HashString(securityContext) + "::Decrypt", "Argument 'offset' out of range.");
throw new ArgumentOutOfRangeException(nameof(offset));
}
if (count < 0 || count > (buffer == null ? 0 : buffer.Length - offset))
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Assert("NTAuthentication#" + LoggingHash.HashString(securityContext) + "::Decrypt", "Argument 'count' out of range.");
}
Debug.Fail("NTAuthentication#" + LoggingHash.HashString(securityContext) + "::Decrypt", "Argument 'count' out of range.");
throw new ArgumentOutOfRangeException(nameof(count));
}
if (isNtlm)
{
return(DecryptNtlm(securityContext, buffer, offset, count, isConfidential, out newOffset, sequenceNumber));
}
//
// Kerberos and up
//
var securityBuffer = new SecurityBuffer[2];
securityBuffer[0] = new SecurityBuffer(buffer, offset, count, SecurityBufferType.SECBUFFER_STREAM);
securityBuffer[1] = new SecurityBuffer(0, SecurityBufferType.SECBUFFER_DATA);
int errorCode;
if (isConfidential)
{
errorCode = SSPIWrapper.DecryptMessage(GlobalSSPI.SSPIAuth, securityContext, securityBuffer, sequenceNumber);
}
else
{
errorCode = SSPIWrapper.VerifySignature(GlobalSSPI.SSPIAuth, securityContext, securityBuffer, sequenceNumber);
}
if (errorCode != 0)
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Print("NTAuthentication#" + "::Decrypt() throw Error = " + errorCode.ToString("x", NumberFormatInfo.InvariantInfo));
}
throw new Win32Exception(errorCode);
}
if (securityBuffer[1].type != SecurityBufferType.SECBUFFER_DATA)
{
throw new InternalException();
}
newOffset = securityBuffer[1].offset;
return(securityBuffer[1].size);
}
internal static int Encrypt(
SafeDeleteContext securityContext,
byte[] buffer,
int offset,
int count,
bool isConfidential,
bool isNtlm,
ref byte[] output,
uint sequenceNumber)
{
SecPkgContext_Sizes sizes = SSPIWrapper.QueryContextAttributes(
GlobalSSPI.SSPIAuth,
securityContext,
Interop.SspiCli.ContextAttribute.SECPKG_ATTR_SIZES
) as SecPkgContext_Sizes;
try
{
int maxCount = checked (Int32.MaxValue - 4 - sizes.cbBlockSize - sizes.cbSecurityTrailer);
if (count > maxCount || count < 0)
{
throw new ArgumentOutOfRangeException(nameof(count), SR.Format(SR.net_io_out_range, maxCount));
}
}
catch (Exception e)
{
if (!ExceptionCheck.IsFatal(e))
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Assert("NTAuthentication#" + LoggingHash.HashString(securityContext) + "::Encrypt", "Arguments out of range.");
}
Debug.Fail("NTAuthentication#" + LoggingHash.HashString(securityContext) + "::Encrypt", "Arguments out of range.");
}
throw;
}
int resultSize = count + sizes.cbSecurityTrailer + sizes.cbBlockSize;
if (output == null || output.Length < resultSize + 4)
{
output = new byte[resultSize + 4];
}
// Make a copy of user data for in-place encryption.
Buffer.BlockCopy(buffer, offset, output, 4 + sizes.cbSecurityTrailer, count);
// Prepare buffers TOKEN(signature), DATA and Padding.
var securityBuffer = new SecurityBuffer[3];
securityBuffer[0] = new SecurityBuffer(output, 4, sizes.cbSecurityTrailer, SecurityBufferType.SECBUFFER_TOKEN);
securityBuffer[1] = new SecurityBuffer(output, 4 + sizes.cbSecurityTrailer, count, SecurityBufferType.SECBUFFER_DATA);
securityBuffer[2] = new SecurityBuffer(output, 4 + sizes.cbSecurityTrailer + count, sizes.cbBlockSize, SecurityBufferType.SECBUFFER_PADDING);
int errorCode;
if (isConfidential)
{
errorCode = SSPIWrapper.EncryptMessage(GlobalSSPI.SSPIAuth, securityContext, securityBuffer, sequenceNumber);
}
else
{
if (isNtlm)
{
securityBuffer[1].type |= SecurityBufferType.SECBUFFER_READONLY;
}
errorCode = SSPIWrapper.MakeSignature(GlobalSSPI.SSPIAuth, securityContext, securityBuffer, 0);
}
if (errorCode != 0)
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Print("NTAuthentication#" + LoggingHash.HashString(securityContext) + "::Encrypt() throw Error = " + errorCode.ToString("x", NumberFormatInfo.InvariantInfo));
}
throw new Win32Exception(errorCode);
}
// Compacting the result.
resultSize = securityBuffer[0].size;
bool forceCopy = false;
if (resultSize != sizes.cbSecurityTrailer)
{
forceCopy = true;
Buffer.BlockCopy(output, securityBuffer[1].offset, output, 4 + resultSize, securityBuffer[1].size);
}
resultSize += securityBuffer[1].size;
if (securityBuffer[2].size != 0 && (forceCopy || resultSize != (count + sizes.cbSecurityTrailer)))
{
Buffer.BlockCopy(output, securityBuffer[2].offset, output, 4 + resultSize, securityBuffer[2].size);
}
resultSize += securityBuffer[2].size;
unchecked
{
output[0] = (byte)((resultSize) & 0xFF);
output[1] = (byte)(((resultSize) >> 8) & 0xFF);
output[2] = (byte)(((resultSize) >> 16) & 0xFF);
output[3] = (byte)(((resultSize) >> 24) & 0xFF);
}
return(resultSize + 4);
}
internal static int Encrypt(
SafeDeleteContext securityContext,
byte[] buffer,
int offset,
int count,
bool isConfidential,
bool isNtlm,
ref byte[] output,
uint sequenceNumber)
{
SecPkgContext_Sizes sizes = default;
bool success = SSPIWrapper.QueryBlittableContextAttributes(GlobalSSPI.SSPIAuth, securityContext, Interop.SspiCli.ContextAttribute.SECPKG_ATTR_SIZES, ref sizes);
Debug.Assert(success);
try
{
int maxCount = checked (int.MaxValue - 4 - sizes.cbBlockSize - sizes.cbSecurityTrailer);
if (count > maxCount || count < 0)
{
throw new ArgumentOutOfRangeException(nameof(count), SR.Format(SR.net_io_out_range, maxCount));
}
}
catch (Exception e) when(!ExceptionCheck.IsFatal(e))
{
NetEventSource.Fail(null, "Arguments out of range.");
throw;
}
int resultSize = count + sizes.cbSecurityTrailer + sizes.cbBlockSize;
if (output == null || output.Length < resultSize + 4)
{
output = new byte[resultSize + 4];
}
// Make a copy of user data for in-place encryption.
Buffer.BlockCopy(buffer, offset, output, 4 + sizes.cbSecurityTrailer, count);
// Prepare buffers TOKEN(signature), DATA and Padding.
ThreeSecurityBuffers buffers = default;
var securityBuffer = MemoryMarshal.CreateSpan(ref buffers._item0, 3);
securityBuffer[0] = new SecurityBuffer(output, 4, sizes.cbSecurityTrailer, SecurityBufferType.SECBUFFER_TOKEN);
securityBuffer[1] = new SecurityBuffer(output, 4 + sizes.cbSecurityTrailer, count, SecurityBufferType.SECBUFFER_DATA);
securityBuffer[2] = new SecurityBuffer(output, 4 + sizes.cbSecurityTrailer + count, sizes.cbBlockSize, SecurityBufferType.SECBUFFER_PADDING);
int errorCode;
if (isConfidential)
{
errorCode = SSPIWrapper.EncryptMessage(GlobalSSPI.SSPIAuth, securityContext, securityBuffer, sequenceNumber);
}
else
{
if (isNtlm)
{
securityBuffer[1].type |= SecurityBufferType.SECBUFFER_READONLY;
}
errorCode = SSPIWrapper.MakeSignature(GlobalSSPI.SSPIAuth, securityContext, securityBuffer, 0);
}
if (errorCode != 0)
{
Exception e = new Win32Exception(errorCode);
if (NetEventSource.IsEnabled)
{
NetEventSource.Error(null, e);
}
throw e;
}
// Compacting the result.
resultSize = securityBuffer[0].size;
bool forceCopy = false;
if (resultSize != sizes.cbSecurityTrailer)
{
forceCopy = true;
Buffer.BlockCopy(output, securityBuffer[1].offset, output, 4 + resultSize, securityBuffer[1].size);
}
resultSize += securityBuffer[1].size;
if (securityBuffer[2].size != 0 && (forceCopy || resultSize != (count + sizes.cbSecurityTrailer)))
{
Buffer.BlockCopy(output, securityBuffer[2].offset, output, 4 + resultSize, securityBuffer[2].size);
}
resultSize += securityBuffer[2].size;
unchecked
{
output[0] = (byte)((resultSize) & 0xFF);
output[1] = (byte)(((resultSize) >> 8) & 0xFF);
output[2] = (byte)(((resultSize) >> 16) & 0xFF);
output[3] = (byte)(((resultSize) >> 24) & 0xFF);
}
return(resultSize + 4);
}
internal static int Decrypt(
SafeDeleteContext securityContext,
byte[] buffer,
int offset,
int count,
bool isConfidential,
bool isNtlm,
out int newOffset,
uint sequenceNumber)
{
if (offset < 0 || offset > (buffer == null ? 0 : buffer.Length))
{
NetEventSource.Fail(null, "Argument 'offset' out of range.");
throw new ArgumentOutOfRangeException(nameof(offset));
}
if (count < 0 || count > (buffer == null ? 0 : buffer.Length - offset))
{
NetEventSource.Fail(null, "Argument 'count' out of range.");
throw new ArgumentOutOfRangeException(nameof(count));
}
if (isNtlm)
{
return(DecryptNtlm(securityContext, buffer, offset, count, isConfidential, out newOffset, sequenceNumber));
}
//
// Kerberos and up
//
TwoSecurityBuffers buffers = default;
var securityBuffer = MemoryMarshal.CreateSpan(ref buffers._item0, 2);
securityBuffer[0] = new SecurityBuffer(buffer, offset, count, SecurityBufferType.SECBUFFER_STREAM);
securityBuffer[1] = new SecurityBuffer(0, SecurityBufferType.SECBUFFER_DATA);
int errorCode;
if (isConfidential)
{
errorCode = SSPIWrapper.DecryptMessage(GlobalSSPI.SSPIAuth, securityContext, securityBuffer, sequenceNumber);
}
else
{
errorCode = SSPIWrapper.VerifySignature(GlobalSSPI.SSPIAuth, securityContext, securityBuffer, sequenceNumber);
}
if (errorCode != 0)
{
Exception e = new Win32Exception(errorCode);
if (NetEventSource.IsEnabled)
{
NetEventSource.Error(null, e);
}
throw e;
}
if (securityBuffer[1].type != SecurityBufferType.SECBUFFER_DATA)
{
throw new InternalException(securityBuffer[1].type);
}
newOffset = securityBuffer[1].offset;
return(securityBuffer[1].size);
}
/*++
* GenerateToken - Called after each successive state
* in the Client - Server handshake. This function
* generates a set of bytes that will be sent next to
* the server. The server responds, each response,
* is pass then into this function, again, and the cycle
* repeats until successful connection, or failure.
*
* Input:
* input - bytes from the wire
* output - ref to byte [], what we will send to the
* server in response
* Return:
* errorCode - an SSPI error code
* --*/
private SecurityStatus GenerateToken(byte[] input, int offset, int count, ref byte[] output)
{
#if TRACE_VERBOSE
GlobalLog.Enter("SecureChannel#" + Logging.HashString(this) + "::GenerateToken, _refreshCredentialNeeded = " + _refreshCredentialNeeded);
#endif
if (offset < 0 || offset > (input == null ? 0 : input.Length))
{
GlobalLog.Assert(false, "SecureChannel#" + Logging.HashString(this) + "::GenerateToken", "Argument 'offset' out of range.");
throw new ArgumentOutOfRangeException("offset");
}
if (count < 0 || count > (input == null ? 0 : input.Length - offset))
{
GlobalLog.Assert(false, "SecureChannel#" + Logging.HashString(this) + "::GenerateToken", "Argument 'count' out of range.");
throw new ArgumentOutOfRangeException("count");
}
SecurityBuffer incomingSecurity = null;
SecurityBuffer[] incomingSecurityBuffers = null;
if (input != null)
{
incomingSecurity = new SecurityBuffer(input, offset, count, SecurityBufferType.Token);
incomingSecurityBuffers = new SecurityBuffer[]
{
incomingSecurity,
new SecurityBuffer(null, 0, 0, SecurityBufferType.Empty)
};
}
SecurityBuffer outgoingSecurity = new SecurityBuffer(null, SecurityBufferType.Token);
SecurityStatus errorCode = 0;
bool cachedCreds = false;
byte[] thumbPrint = null;
//
// Looping through ASC or ISC with potentially cached credential that could have been
// already disposed from a different thread before ISC or ASC dir increment a cred ref count.
//
try
{
do
{
thumbPrint = null;
if (_refreshCredentialNeeded)
{
cachedCreds = _serverMode
? AcquireServerCredentials(ref thumbPrint)
: AcquireClientCredentials(ref thumbPrint);
}
if (_serverMode)
{
errorCode = SSPIWrapper.AcceptSecurityContext(
GlobalSSPI.SSPISecureChannel,
ref _credentialsHandle,
ref _securityContext,
incomingSecurity,
outgoingSecurity,
_remoteCertRequired
);
}
else
{
if (incomingSecurity == null)
{
errorCode = SSPIWrapper.InitializeSecurityContext(
GlobalSSPI.SSPISecureChannel,
ref _credentialsHandle,
ref _securityContext,
_destination,
incomingSecurity,
outgoingSecurity
);
}
else
{
errorCode = SSPIWrapper.InitializeSecurityContext(
GlobalSSPI.SSPISecureChannel,
_credentialsHandle,
ref _securityContext,
_destination,
incomingSecurityBuffers,
outgoingSecurity
);
}
}
} while (cachedCreds && _credentialsHandle == null);
}
finally
{
if (_refreshCredentialNeeded)
{
_refreshCredentialNeeded = false;
//
// Assuming the ISC or ASC has referenced the credential,
// we want to call dispose so to decrement the effective ref count.
//
if (_credentialsHandle != null)
{
_credentialsHandle.Dispose();
}
//
// This call may bump up the credential reference count further.
// Note that thumbPrint is retrieved from a safe cert object that was possible cloned from the user passed cert.
//
if (!cachedCreds && _securityContext != null && !_securityContext.IsInvalid && _credentialsHandle != null && !_credentialsHandle.IsInvalid)
{
SslSessionsCache.CacheCredential(_credentialsHandle, thumbPrint, _sslProtocols, _serverMode, _encryptionPolicy);
}
}
}
output = outgoingSecurity.token;
#if TRACE_VERBOSE
GlobalLog.Leave("SecureChannel#" + Logging.HashString(this) + "::GenerateToken()", Interop.MapSecurityStatus((uint)errorCode));
#endif
return((SecurityStatus)errorCode);
}
internal static unsafe int AcceptSecurityContext(
ref SafeFreeCredentials?inCredentials,
ref SafeDeleteSslContext?refContext,
Interop.SspiCli.ContextFlags inFlags,
Interop.SspiCli.Endianness endianness,
InputSecurityBuffers inSecBuffers,
ref SecurityBuffer outSecBuffer,
ref Interop.SspiCli.ContextFlags outFlags)
{
if (NetEventSource.IsEnabled)
{
NetEventSource.Enter(null, $"credential={inCredentials}, refContext={refContext}, inFlags={inFlags}");
}
if (inCredentials == null)
{
throw new ArgumentNullException(nameof(inCredentials));
}
Debug.Assert(inSecBuffers.Count <= 3);
Interop.SspiCli.SecBufferDesc inSecurityBufferDescriptor = new Interop.SspiCli.SecBufferDesc(inSecBuffers.Count);
Interop.SspiCli.SecBufferDesc outSecurityBufferDescriptor = new Interop.SspiCli.SecBufferDesc(count: 2);
// Actually, this is returned in outFlags.
bool isSspiAllocated = (inFlags & Interop.SspiCli.ContextFlags.AllocateMemory) != 0 ? true : false;
int errorCode = -1;
bool isContextAbsent = true;
if (refContext != null)
{
isContextAbsent = refContext._handle.IsZero;
}
// Optional output buffer that may need to be freed.
SafeFreeContextBuffer? outFreeContextBuffer = null;
Span <Interop.SspiCli.SecBuffer> outUnmanagedBuffer = stackalloc Interop.SspiCli.SecBuffer[2];
outUnmanagedBuffer[1].pvBuffer = IntPtr.Zero;
try
{
// Allocate always maximum to allow better code optimization.
Span <Interop.SspiCli.SecBuffer> inUnmanagedBuffer = stackalloc Interop.SspiCli.SecBuffer[3];
fixed(void *inUnmanagedBufferPtr = inUnmanagedBuffer)
fixed(void *outUnmanagedBufferPtr = outUnmanagedBuffer)
fixed(void *pinnedToken0 = inSecBuffers._item0.Token)
fixed(void *pinnedToken1 = inSecBuffers._item1.Token)
fixed(void *pinnedToken2 = inSecBuffers._item2.Token)
{
inSecurityBufferDescriptor.pBuffers = inUnmanagedBufferPtr;
// Updated pvBuffer with pinned address. UnmanagedToken takes precedence.
if (inSecBuffers.Count > 2)
{
inUnmanagedBuffer[2].BufferType = inSecBuffers._item2.Type;
inUnmanagedBuffer[2].cbBuffer = inSecBuffers._item2.Token.Length;
inUnmanagedBuffer[2].pvBuffer = inSecBuffers._item2.UnmanagedToken != null ?
(IntPtr)inSecBuffers._item2.UnmanagedToken.DangerousGetHandle() :
(IntPtr)pinnedToken2;
}
if (inSecBuffers.Count > 1)
{
inUnmanagedBuffer[1].BufferType = inSecBuffers._item1.Type;
inUnmanagedBuffer[1].cbBuffer = inSecBuffers._item1.Token.Length;
inUnmanagedBuffer[1].pvBuffer = inSecBuffers._item1.UnmanagedToken != null ?
(IntPtr)inSecBuffers._item1.UnmanagedToken.DangerousGetHandle() :
(IntPtr)pinnedToken1;
}
if (inSecBuffers.Count > 0)
{
inUnmanagedBuffer[0].BufferType = inSecBuffers._item0.Type;
inUnmanagedBuffer[0].cbBuffer = inSecBuffers._item0.Token.Length;
inUnmanagedBuffer[0].pvBuffer = inSecBuffers._item0.UnmanagedToken != null ?
(IntPtr)inSecBuffers._item0.UnmanagedToken.DangerousGetHandle() :
(IntPtr)pinnedToken0;
}
fixed(byte *pinnedOutBytes = outSecBuffer.token)
{
// Fix Descriptor pointer that points to unmanaged SecurityBuffers.
outSecurityBufferDescriptor.pBuffers = outUnmanagedBufferPtr;
// Copy the SecurityBuffer content into unmanaged place holder.
outUnmanagedBuffer[0].cbBuffer = outSecBuffer.size;
outUnmanagedBuffer[0].BufferType = outSecBuffer.type;
outUnmanagedBuffer[0].pvBuffer = outSecBuffer.token == null || outSecBuffer.token.Length == 0 ?
IntPtr.Zero :
(IntPtr)(pinnedOutBytes + outSecBuffer.offset);
outUnmanagedBuffer[1].cbBuffer = 0;
outUnmanagedBuffer[1].BufferType = SecurityBufferType.SECBUFFER_ALERT;
if (isSspiAllocated)
{
outFreeContextBuffer = SafeFreeContextBuffer.CreateEmptyHandle();
}
if (refContext == null || refContext.IsInvalid)
{
// Previous versions unconditionally built a new "refContext" here, but would pass
// incorrect arguments to AcceptSecurityContext in cases where an "contextHandle" was
// already present and non-zero.
if (isContextAbsent)
{
refContext = new SafeDeleteSslContext();
}
}
errorCode = MustRunAcceptSecurityContext_SECURITY(
ref inCredentials,
isContextAbsent,
&inSecurityBufferDescriptor,
inFlags,
endianness,
refContext !,
ref outSecurityBufferDescriptor,
ref outFlags,
outFreeContextBuffer);
if (NetEventSource.IsEnabled)
{
NetEventSource.Info(null, "Marshaling OUT buffer");
}
// No data written out but there is Alert
if (outUnmanagedBuffer[0].cbBuffer == 0 && outUnmanagedBuffer[1].cbBuffer > 0)
{
outSecBuffer.size = outUnmanagedBuffer[1].cbBuffer;
outSecBuffer.type = outUnmanagedBuffer[1].BufferType;
outSecBuffer.token = new Span <byte>((byte *)outUnmanagedBuffer[1].pvBuffer, outUnmanagedBuffer[1].cbBuffer).ToArray();
}
else
{
outSecBuffer.size = outUnmanagedBuffer[0].cbBuffer;
outSecBuffer.type = outUnmanagedBuffer[0].BufferType;
outSecBuffer.token = outUnmanagedBuffer[0].cbBuffer > 0 ?
new Span <byte>((byte *)outUnmanagedBuffer[0].pvBuffer, outUnmanagedBuffer[0].cbBuffer).ToArray() :
null;
}
}
}
}
finally
{
outFreeContextBuffer?.Dispose();
if (outUnmanagedBuffer[1].pvBuffer != IntPtr.Zero)
{
Interop.SspiCli.FreeContextBuffer(outUnmanagedBuffer[1].pvBuffer);
}
}
if (NetEventSource.IsEnabled)
{
NetEventSource.Exit(null, $"errorCode:0x{errorCode:x8}, refContext:{refContext}");
}
return(errorCode);
}
internal static unsafe int InitializeSecurityContext(
ref SafeFreeCredentials?inCredentials,
ref SafeDeleteSslContext?refContext,
string?targetName,
Interop.SspiCli.ContextFlags inFlags,
Interop.SspiCli.Endianness endianness,
InputSecurityBuffers inSecBuffers,
ref SecurityBuffer outSecBuffer,
ref Interop.SspiCli.ContextFlags outFlags)
{
if (NetEventSource.IsEnabled)
{
NetEventSource.Enter(null, $"credential:{inCredentials}, crefContext:{refContext}, targetName:{targetName}, inFlags:{inFlags}, endianness:{endianness}");
}
if (inCredentials == null)
{
throw new ArgumentNullException(nameof(inCredentials));
}
Debug.Assert(inSecBuffers.Count <= 3);
Interop.SspiCli.SecBufferDesc inSecurityBufferDescriptor = new Interop.SspiCli.SecBufferDesc(inSecBuffers.Count);
Interop.SspiCli.SecBufferDesc outSecurityBufferDescriptor = new Interop.SspiCli.SecBufferDesc(1);
// Actually, this is returned in outFlags.
bool isSspiAllocated = (inFlags & Interop.SspiCli.ContextFlags.AllocateMemory) != 0 ? true : false;
int errorCode = -1;
bool isContextAbsent = true;
if (refContext != null)
{
isContextAbsent = refContext._handle.IsZero;
}
// Optional output buffer that may need to be freed.
SafeFreeContextBuffer?outFreeContextBuffer = null;
try
{
Span <Interop.SspiCli.SecBuffer> inUnmanagedBuffer = stackalloc Interop.SspiCli.SecBuffer[3];
fixed(void *inUnmanagedBufferPtr = inUnmanagedBuffer)
fixed(void *pinnedToken0 = inSecBuffers._item0.Token)
fixed(void *pinnedToken1 = inSecBuffers._item1.Token)
fixed(void *pinnedToken2 = inSecBuffers._item2.Token)
{
// Fix Descriptor pointer that points to unmanaged SecurityBuffers.
inSecurityBufferDescriptor.pBuffers = inUnmanagedBufferPtr;
// Updated pvBuffer with pinned address. UnmanagedToken takes precedence.
if (inSecBuffers.Count > 2)
{
inUnmanagedBuffer[2].BufferType = inSecBuffers._item2.Type;
inUnmanagedBuffer[2].cbBuffer = inSecBuffers._item2.Token.Length;
inUnmanagedBuffer[2].pvBuffer = inSecBuffers._item2.UnmanagedToken != null ?
(IntPtr)inSecBuffers._item2.UnmanagedToken.DangerousGetHandle() :
(IntPtr)pinnedToken2;
}
if (inSecBuffers.Count > 1)
{
inUnmanagedBuffer[1].BufferType = inSecBuffers._item1.Type;
inUnmanagedBuffer[1].cbBuffer = inSecBuffers._item1.Token.Length;
inUnmanagedBuffer[1].pvBuffer = inSecBuffers._item1.UnmanagedToken != null ?
(IntPtr)inSecBuffers._item1.UnmanagedToken.DangerousGetHandle() :
(IntPtr)pinnedToken1;
}
if (inSecBuffers.Count > 0)
{
inUnmanagedBuffer[0].BufferType = inSecBuffers._item0.Type;
inUnmanagedBuffer[0].cbBuffer = inSecBuffers._item0.Token.Length;
inUnmanagedBuffer[0].pvBuffer = inSecBuffers._item0.UnmanagedToken != null ?
(IntPtr)inSecBuffers._item0.UnmanagedToken.DangerousGetHandle() :
(IntPtr)pinnedToken0;
}
fixed(byte *pinnedOutBytes = outSecBuffer.token)
{
// Fix Descriptor pointer that points to unmanaged SecurityBuffers.
Interop.SspiCli.SecBuffer outUnmanagedBuffer = default;
outSecurityBufferDescriptor.pBuffers = &outUnmanagedBuffer;
outUnmanagedBuffer.cbBuffer = outSecBuffer.size;
outUnmanagedBuffer.BufferType = outSecBuffer.type;
outUnmanagedBuffer.pvBuffer = outSecBuffer.token == null || outSecBuffer.token.Length == 0 ?
IntPtr.Zero :
(IntPtr)(pinnedOutBytes + outSecBuffer.offset);
if (isSspiAllocated)
{
outFreeContextBuffer = SafeFreeContextBuffer.CreateEmptyHandle();
}
if (refContext == null || refContext.IsInvalid)
{
// Previous versions unconditionally built a new "refContext" here, but would pass
// incorrect arguments to InitializeSecurityContextW in cases where an "contextHandle" was
// already present and non-zero.
if (isContextAbsent)
{
refContext = new SafeDeleteSslContext();
}
}
if (targetName == null || targetName.Length == 0)
{
targetName = dummyStr;
}
string punyCode = s_idnMapping.GetAscii(targetName);
fixed(char *namePtr = punyCode)
{
errorCode = MustRunInitializeSecurityContext(
ref inCredentials,
isContextAbsent,
(byte *)(((object)targetName == (object)dummyStr) ? null : namePtr),
inFlags,
endianness,
&inSecurityBufferDescriptor,
refContext !,
ref outSecurityBufferDescriptor,
ref outFlags,
outFreeContextBuffer);
}
if (NetEventSource.IsEnabled)
{
NetEventSource.Info(null, "Marshalling OUT buffer");
}
// Get unmanaged buffer with index 0 as the only one passed into PInvoke.
outSecBuffer.size = outUnmanagedBuffer.cbBuffer;
outSecBuffer.type = outUnmanagedBuffer.BufferType;
outSecBuffer.token = outSecBuffer.size > 0 ?
new Span <byte>((byte *)outUnmanagedBuffer.pvBuffer, outUnmanagedBuffer.cbBuffer).ToArray() :
null;
}
}
}
finally
{
outFreeContextBuffer?.Dispose();
}
if (NetEventSource.IsEnabled)
{
NetEventSource.Exit(null, $"errorCode:0x{errorCode:x8}, refContext:{refContext}");
}
return(errorCode);
}
public static SecurityStatusPal InitializeSecurityContext(SafeFreeCredentials credentialsHandle, ref SafeDeleteContext context, string targetName, SecurityBuffer[] inputBuffers, SecurityBuffer outputBuffer, SslAuthenticationOptions sslAuthenticationOptions)
{
Interop.SspiCli.ContextFlags unusedAttributes = default(Interop.SspiCli.ContextFlags);
int errorCode = SSPIWrapper.InitializeSecurityContext(
GlobalSSPI.SSPISecureChannel,
credentialsHandle,
ref context,
targetName,
RequiredFlags | Interop.SspiCli.ContextFlags.InitManualCredValidation,
Interop.SspiCli.Endianness.SECURITY_NATIVE_DREP,
inputBuffers,
outputBuffer,
ref unusedAttributes);
return(SecurityStatusAdapterPal.GetSecurityStatusPalFromNativeInt(errorCode));
}
internal static SecurityStatusPal AcceptSecurityContext(
SafeFreeCredentials credentialsHandle,
ref SafeDeleteContext securityContext,
ContextFlagsPal requestedContextFlags,
SecurityBuffer[] inSecurityBufferArray,
SecurityBuffer outSecurityBuffer,
ref ContextFlagsPal contextFlags)
{
Interop.SspiCli.ContextFlags outContextFlags = Interop.SspiCli.ContextFlags.Zero;
Interop.SecurityStatus winStatus = (Interop.SecurityStatus)SSPIWrapper.AcceptSecurityContext(
GlobalSSPI.SSPIAuth,
credentialsHandle,
ref securityContext,
ContextFlagsAdapterPal.GetInteropFromContextFlagsPal(requestedContextFlags),
Interop.SspiCli.Endianness.Network,
inSecurityBufferArray,
outSecurityBuffer,
ref outContextFlags);
contextFlags = ContextFlagsAdapterPal.GetContextFlagsPalFromInterop(outContextFlags);
return SecurityStatusAdapterPal.GetSecurityStatusPalFromInterop(winStatus);
}
private static SecurityStatusPal HandshakeInternal(SafeFreeCredentials credential, ref SafeDeleteContext context,
SecurityBuffer inputBuffer, SecurityBuffer outputBuffer, bool isServer, bool remoteCertRequired)
{
Debug.Assert(!credential.IsInvalid);
try
{
if ((null == context) || context.IsInvalid)
{
context = new SafeDeleteSslContext(credential as SafeFreeSslCredentials, isServer, remoteCertRequired);
}
byte[] output = null;
int outputSize;
bool done;
if (null == inputBuffer)
{
done = Interop.OpenSsl.DoSslHandshake(((SafeDeleteSslContext)context).SslContext, null, 0, 0, out output, out outputSize);
}
else
{
done = Interop.OpenSsl.DoSslHandshake(((SafeDeleteSslContext)context).SslContext, inputBuffer.token, inputBuffer.offset, inputBuffer.size, out output, out outputSize);
}
outputBuffer.size = outputSize;
outputBuffer.offset = 0;
outputBuffer.token = outputSize > 0 ? output : null;
return(new SecurityStatusPal(done ? SecurityStatusPalErrorCode.OK : SecurityStatusPalErrorCode.ContinueNeeded));
}
catch (Exception exc)
{
return(new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError, exc));
}
}
internal unsafe static int CompleteAuthToken(
ref SafeDeleteContext refContext,
SecurityBuffer[] inSecBuffers)
{
GlobalLog.Enter("SafeDeleteContext::CompleteAuthToken");
GlobalLog.Print(" refContext = " + Logging.ObjectToString(refContext));
#if TRACE_VERBOSE
GlobalLog.Print(" inSecBuffers[] = length:" + inSecBuffers.Length);
#endif
GlobalLog.Assert(inSecBuffers != null, "SafeDeleteContext::CompleteAuthToken()|inSecBuffers == null");
var inSecurityBufferDescriptor = new Interop.Secur32.SecurityBufferDescriptor(inSecBuffers.Length);
int errorCode = (int)Interop.SecurityStatus.InvalidHandle;
// These are pinned user byte arrays passed along with SecurityBuffers.
GCHandle[] pinnedInBytes = null;
var inUnmanagedBuffer = new Interop.Secur32.SecurityBufferStruct[inSecurityBufferDescriptor.Count];
fixed (void* inUnmanagedBufferPtr = inUnmanagedBuffer)
{
// Fix Descriptor pointer that points to unmanaged SecurityBuffers.
inSecurityBufferDescriptor.UnmanagedPointer = inUnmanagedBufferPtr;
pinnedInBytes = new GCHandle[inSecurityBufferDescriptor.Count];
SecurityBuffer securityBuffer;
for (int index = 0; index < inSecurityBufferDescriptor.Count; ++index)
{
securityBuffer = inSecBuffers[index];
if (securityBuffer != null)
{
inUnmanagedBuffer[index].count = securityBuffer.size;
inUnmanagedBuffer[index].type = securityBuffer.type;
// Use the unmanaged token if it's not null; otherwise use the managed buffer.
if (securityBuffer.unmanagedToken != null)
{
inUnmanagedBuffer[index].token = securityBuffer.unmanagedToken.DangerousGetHandle();
}
else if (securityBuffer.token == null || securityBuffer.token.Length == 0)
{
inUnmanagedBuffer[index].token = IntPtr.Zero;
}
else
{
pinnedInBytes[index] = GCHandle.Alloc(securityBuffer.token, GCHandleType.Pinned);
inUnmanagedBuffer[index].token = Marshal.UnsafeAddrOfPinnedArrayElement(securityBuffer.token, securityBuffer.offset);
}
#if TRACE_VERBOSE
GlobalLog.Print("SecBuffer: cbBuffer:" + securityBuffer.size + " BufferType:" + securityBuffer.type);
#endif
}
}
Interop.Secur32.SSPIHandle contextHandle = new Interop.Secur32.SSPIHandle();
if (refContext != null)
{
contextHandle = refContext._handle;
}
try
{
if (refContext == null || refContext.IsInvalid)
{
refContext = new SafeDeleteContext_SECURITY();
}
try
{
bool ignore = false;
refContext.DangerousAddRef(ref ignore);
errorCode = Interop.Secur32.CompleteAuthToken(contextHandle.IsZero ? null : &contextHandle, inSecurityBufferDescriptor);
}
finally
{
refContext.DangerousRelease();
}
}
finally
{
if (pinnedInBytes != null)
{
for (int index = 0; index < pinnedInBytes.Length; index++)
{
if (pinnedInBytes[index].IsAllocated)
{
pinnedInBytes[index].Free();
}
}
}
}
}
GlobalLog.Leave("SafeDeleteContext::CompleteAuthToken() unmanaged CompleteAuthToken()", "errorCode:0x" + errorCode.ToString("x8") + " refContext:" + Logging.ObjectToString(refContext));
return errorCode;
}
public static SecurityStatusPal AcceptSecurityContext(ref SafeFreeCredentials credential, ref SafeDeleteContext context,
SecurityBuffer inputBuffer, SecurityBuffer outputBuffer, bool remoteCertRequired)
{
return(HandshakeInternal(credential, ref context, inputBuffer, outputBuffer, true, remoteCertRequired));
}
private static SecurityStatusPal EstablishSecurityContext(
SafeFreeNegoCredentials credential,
ref SafeDeleteContext context,
string targetName,
ContextFlagsPal inFlags,
SecurityBuffer inputBuffer,
SecurityBuffer outputBuffer,
ref ContextFlagsPal outFlags)
{
bool isNtlmOnly = credential.IsNtlmOnly;
if (context == null)
{
// Empty target name causes the failure on Linux, hence passing a non-empty string
context = isNtlmOnly ? new SafeDeleteNegoContext(credential, credential.UserName) : new SafeDeleteNegoContext(credential, targetName);
}
SafeDeleteNegoContext negoContext = (SafeDeleteNegoContext)context;
try
{
Interop.NetSecurityNative.GssFlags inputFlags = ContextFlagsAdapterPal.GetInteropFromContextFlagsPal(inFlags, isServer:false);
uint outputFlags;
int isNtlmUsed;
SafeGssContextHandle contextHandle = negoContext.GssContext;
bool done = GssInitSecurityContext(
ref contextHandle,
credential.GssCredential,
isNtlmOnly,
negoContext.TargetName,
inputFlags,
inputBuffer?.token,
out outputBuffer.token,
out outputFlags,
out isNtlmUsed);
Debug.Assert(outputBuffer.token != null, "Unexpected null buffer returned by GssApi");
outputBuffer.size = outputBuffer.token.Length;
outputBuffer.offset = 0;
outFlags = ContextFlagsAdapterPal.GetContextFlagsPalFromInterop((Interop.NetSecurityNative.GssFlags)outputFlags, isServer:false);
Debug.Assert(negoContext.GssContext == null || contextHandle == negoContext.GssContext);
// Save the inner context handle for further calls to NetSecurity
Debug.Assert(negoContext.GssContext == null || contextHandle == negoContext.GssContext);
if (null == negoContext.GssContext)
{
negoContext.SetGssContext(contextHandle);
}
// Populate protocol used for authentication
if (done)
{
negoContext.SetAuthenticationPackage(Convert.ToBoolean(isNtlmUsed));
}
SecurityStatusPalErrorCode errorCode = done ?
(negoContext.IsNtlmUsed && outputBuffer.size > 0 ? SecurityStatusPalErrorCode.OK : SecurityStatusPalErrorCode.CompleteNeeded) :
SecurityStatusPalErrorCode.ContinueNeeded;
return new SecurityStatusPal(errorCode);
}
catch(Exception ex)
{
if (NetEventSource.IsEnabled) NetEventSource.Error(null, ex);
return new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError, ex);
}
}
public static SecurityStatusPal InitializeSecurityContext(ref SafeFreeCredentials credential, ref SafeDeleteContext context,
string targetName, SecurityBuffer inputBuffer, SecurityBuffer outputBuffer)
{
return(HandshakeInternal(credential, ref context, inputBuffer, outputBuffer, false, false));
}
/*++
Encrypt - Encrypts our bytes before we send them over the wire
PERF: make more efficient, this does an extra copy when the offset
is non-zero.
Input:
buffer - bytes for sending
offset -
size -
output - Encrypted bytes
--*/
internal Interop.SecurityStatus Encrypt(byte[] buffer, int offset, int size, ref byte[] output, out int resultSize)
{
GlobalLog.Enter("SecureChannel#" + Logging.HashString(this) + "::Encrypt");
GlobalLog.Print("SecureChannel#" + Logging.HashString(this) + "::Encrypt() - offset: " + offset.ToString() + " size: " + size.ToString() + " buffersize: " + buffer.Length.ToString());
GlobalLog.Print("SecureChannel#" + Logging.HashString(this) + "::Encrypt() buffer:");
GlobalLog.Dump(buffer, Math.Min(buffer.Length, 128));
byte[] writeBuffer;
try
{
if (offset < 0 || offset > (buffer == null ? 0 : buffer.Length))
{
throw new ArgumentOutOfRangeException("offset");
}
if (size < 0 || size > (buffer == null ? 0 : buffer.Length - offset))
{
throw new ArgumentOutOfRangeException("size");
}
resultSize = 0;
int bufferSizeNeeded = checked(size + _headerSize + _trailerSize);
if (output != null && bufferSizeNeeded <= output.Length)
{
writeBuffer = output;
}
else
{
writeBuffer = new byte[bufferSizeNeeded];
}
Buffer.BlockCopy(buffer, offset, writeBuffer, _headerSize, size);
}
catch (Exception e)
{
if (!ExceptionCheck.IsFatal(e))
{
GlobalLog.Assert(false, "SecureChannel#" + Logging.HashString(this) + "::Encrypt", "Arguments out of range.");
}
throw;
}
// Encryption using SCHANNEL requires 4 buffers: header, payload, trailer, empty.
SecurityBuffer[] securityBuffer = new SecurityBuffer[4];
securityBuffer[0] = new SecurityBuffer(writeBuffer, 0, _headerSize, SecurityBufferType.Header);
securityBuffer[1] = new SecurityBuffer(writeBuffer, _headerSize, size, SecurityBufferType.Data);
securityBuffer[2] = new SecurityBuffer(writeBuffer, _headerSize + size, _trailerSize, SecurityBufferType.Trailer);
securityBuffer[3] = new SecurityBuffer(null, SecurityBufferType.Empty);
int errorCode = SSPIWrapper.EncryptMessage(GlobalSSPI.SSPISecureChannel, _securityContext, securityBuffer, 0);
if (errorCode != 0)
{
GlobalLog.Leave("SecureChannel#" + Logging.HashString(this) + "::Encrypt ERROR", errorCode.ToString("x"));
return (Interop.SecurityStatus)errorCode;
}
else
{
output = writeBuffer;
// The full buffer may not be used.
resultSize = securityBuffer[0].size + securityBuffer[1].size + securityBuffer[2].size;
GlobalLog.Leave("SecureChannel#" + Logging.HashString(this) + "::Encrypt OK", "data size:" + resultSize.ToString());
return Interop.SecurityStatus.OK;
}
}
public static SecurityStatusPal InitializeSecurityContext(SafeFreeCredentials credential, ref SafeDeleteContext context, string targetName, SecurityBuffer[] inputBuffers, SecurityBuffer outputBuffer)
{
Debug.Assert(inputBuffers.Length == 2);
Debug.Assert(inputBuffers[1].token == null);
return(HandshakeInternal(credential, ref context, inputBuffers[0], outputBuffer, false, false));
}
internal static int VerifySignature(SafeDeleteContext securityContext, byte[] buffer, int offset, int count)
{
// validate offset within length
if (offset < 0 || offset > (buffer == null ? 0 : buffer.Length))
{
NetEventSource.Info("Argument 'offset' out of range.");
throw new ArgumentOutOfRangeException(nameof(offset));
}
// validate count within offset and end of buffer
if (count < 0 ||
count > (buffer == null ? 0 : buffer.Length - offset))
{
NetEventSource.Info("Argument 'count' out of range.");
throw new ArgumentOutOfRangeException(nameof(count));
}
// setup security buffers for ssp call
// one points at signed data
// two will receive payload if signature is valid
SecurityBuffer[] securityBuffer = new SecurityBuffer[2];
securityBuffer[0] = new SecurityBuffer(buffer, offset, count, SecurityBufferType.SECBUFFER_STREAM);
securityBuffer[1] = new SecurityBuffer(0, SecurityBufferType.SECBUFFER_DATA);
// call SSP function
int errorCode = SSPIWrapper.VerifySignature(
GlobalSSPI.SSPIAuth,
securityContext,
securityBuffer,
0);
// throw if error
if (errorCode != 0)
{
NetEventSource.Info($"VerifySignature threw error: {errorCode.ToString("x", NumberFormatInfo.InvariantInfo)}");
throw new Win32Exception(errorCode);
}
// not sure why this is here - retained from Encrypt code above
if (securityBuffer[1].type != SecurityBufferType.SECBUFFER_DATA)
throw new InternalException();
// return validated payload size
return securityBuffer[1].size;
}
private static SecurityStatusPal EstablishSecurityContext(
SafeFreeNegoCredentials credential,
ref SafeDeleteContext context,
string targetName,
ContextFlagsPal inFlags,
SecurityBuffer inputBuffer,
SecurityBuffer outputBuffer,
ref ContextFlagsPal outFlags)
{
bool isNtlmOnly = credential.IsNtlmOnly;
if (context == null)
{
// Empty target name causes the failure on Linux, hence passing a non-empty string
context = isNtlmOnly ? new SafeDeleteNegoContext(credential, credential.UserName) : new SafeDeleteNegoContext(credential, targetName);
}
SafeDeleteNegoContext negoContext = (SafeDeleteNegoContext)context;
try
{
Interop.NetSecurityNative.GssFlags inputFlags = ContextFlagsAdapterPal.GetInteropFromContextFlagsPal(inFlags);
uint outputFlags;
int isNtlmUsed;
SafeGssContextHandle contextHandle = negoContext.GssContext;
bool done = Interop.GssApi.EstablishSecurityContext(
ref contextHandle,
credential.GssCredential,
isNtlmOnly,
negoContext.TargetName,
inputFlags,
inputBuffer?.token,
out outputBuffer.token,
out outputFlags,
out isNtlmUsed);
Debug.Assert(outputBuffer.token != null, "Unexpected null buffer returned by GssApi");
outputBuffer.size = outputBuffer.token.Length;
outputBuffer.offset = 0;
outFlags = ContextFlagsAdapterPal.GetContextFlagsPalFromInterop((Interop.NetSecurityNative.GssFlags)outputFlags);
// Save the inner context handle for further calls to NetSecurity
Debug.Assert(negoContext.GssContext == null || contextHandle == negoContext.GssContext);
if (null == negoContext.GssContext)
{
negoContext.SetGssContext(contextHandle);
}
// Populate protocol used for authentication
if (done)
{
negoContext.SetAuthenticationPackage(Convert.ToBoolean(isNtlmUsed));
}
SecurityStatusPalErrorCode errorCode = done ?
(negoContext.IsNtlmUsed && outputBuffer.size > 0 ? SecurityStatusPalErrorCode.OK : SecurityStatusPalErrorCode.CompleteNeeded) :
SecurityStatusPalErrorCode.ContinueNeeded;
return(new SecurityStatusPal(errorCode));
}
catch (Exception ex)
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Print("Exception Caught. - " + ex);
}
return(new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError, ex));
}
}
internal unsafe static int ApplyControlToken(
ref SafeDeleteContext refContext,
SecurityBuffer[] inSecBuffers)
{
if (NetEventSource.IsEnabled)
{
NetEventSource.Enter(null);
NetEventSource.Info(null, $" refContext = {refContext}");
NetEventSource.Info(null, $" inSecBuffers[] = length:{inSecBuffers.Length}");
}
if (inSecBuffers == null)
{
NetEventSource.Fail(null, "inSecBuffers == null");
}
var inSecurityBufferDescriptor = new Interop.SspiCli.SecBufferDesc(inSecBuffers.Length);
int errorCode = (int)Interop.SECURITY_STATUS.InvalidHandle;
// These are pinned user byte arrays passed along with SecurityBuffers.
GCHandle[] pinnedInBytes = null;
var inUnmanagedBuffer = new Interop.SspiCli.SecBuffer[inSecurityBufferDescriptor.cBuffers];
fixed (void* inUnmanagedBufferPtr = inUnmanagedBuffer)
{
// Fix Descriptor pointer that points to unmanaged SecurityBuffers.
inSecurityBufferDescriptor.pBuffers = inUnmanagedBufferPtr;
pinnedInBytes = new GCHandle[inSecurityBufferDescriptor.cBuffers];
SecurityBuffer securityBuffer;
for (int index = 0; index < inSecurityBufferDescriptor.cBuffers; ++index)
{
securityBuffer = inSecBuffers[index];
if (securityBuffer != null)
{
inUnmanagedBuffer[index].cbBuffer = securityBuffer.size;
inUnmanagedBuffer[index].BufferType = securityBuffer.type;
// Use the unmanaged token if it's not null; otherwise use the managed buffer.
if (securityBuffer.unmanagedToken != null)
{
inUnmanagedBuffer[index].pvBuffer = securityBuffer.unmanagedToken.DangerousGetHandle();
}
else if (securityBuffer.token == null || securityBuffer.token.Length == 0)
{
inUnmanagedBuffer[index].pvBuffer = IntPtr.Zero;
}
else
{
pinnedInBytes[index] = GCHandle.Alloc(securityBuffer.token, GCHandleType.Pinned);
inUnmanagedBuffer[index].pvBuffer = Marshal.UnsafeAddrOfPinnedArrayElement(securityBuffer.token, securityBuffer.offset);
}
#if TRACE_VERBOSE
if (NetEventSource.IsEnabled) NetEventSource.Info(null, $"SecBuffer: cbBuffer:{securityBuffer.size} BufferType:{securityBuffer.type}");
#endif
}
}
// TODO: (#3114): Optimizations to remove the unnecesary allocation of a CredHandle, remove the AddRef
// if refContext was previously null, refactor the code to unify CompleteAuthToken and ApplyControlToken.
Interop.SspiCli.CredHandle contextHandle = new Interop.SspiCli.CredHandle();
if (refContext != null)
{
contextHandle = refContext._handle;
}
try
{
if (refContext == null || refContext.IsInvalid)
{
refContext = new SafeDeleteContext_SECURITY();
}
try
{
bool ignore = false;
refContext.DangerousAddRef(ref ignore);
errorCode = Interop.SspiCli.ApplyControlToken(contextHandle.IsZero ? null : &contextHandle, ref inSecurityBufferDescriptor);
}
finally
{
refContext.DangerousRelease();
}
}
finally
{
if (pinnedInBytes != null)
{
for (int index = 0; index < pinnedInBytes.Length; index++)
{
if (pinnedInBytes[index].IsAllocated)
{
pinnedInBytes[index].Free();
}
}
}
}
}
if (NetEventSource.IsEnabled) NetEventSource.Exit(null, $"unmanaged ApplyControlToken() errorCode:0x{errorCode:x8} refContext: {refContext}");
return errorCode;
}
/*++
GenerateToken - Called after each successive state
in the Client - Server handshake. This function
generates a set of bytes that will be sent next to
the server. The server responds, each response,
is pass then into this function, again, and the cycle
repeats until successful connection, or failure.
Input:
input - bytes from the wire
output - ref to byte [], what we will send to the
server in response
Return:
status - error information
--*/
private SecurityStatusPal GenerateToken(byte[] input, int offset, int count, ref byte[] output)
{
#if TRACE_VERBOSE
if (GlobalLog.IsEnabled)
{
GlobalLog.Enter("SecureChannel#" + LoggingHash.HashString(this) + "::GenerateToken, _refreshCredentialNeeded = " + _refreshCredentialNeeded);
}
#endif
if (offset < 0 || offset > (input == null ? 0 : input.Length))
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Assert("SecureChannel#" + LoggingHash.HashString(this) + "::GenerateToken", "Argument 'offset' out of range.");
}
Debug.Fail("SecureChannel#" + LoggingHash.HashString(this) + "::GenerateToken", "Argument 'offset' out of range.");
throw new ArgumentOutOfRangeException(nameof(offset));
}
if (count < 0 || count > (input == null ? 0 : input.Length - offset))
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Assert("SecureChannel#" + LoggingHash.HashString(this) + "::GenerateToken", "Argument 'count' out of range.");
}
Debug.Fail("SecureChannel#" + LoggingHash.HashString(this) + "::GenerateToken", "Argument 'count' out of range.");
throw new ArgumentOutOfRangeException(nameof(count));
}
SecurityBuffer incomingSecurity = null;
SecurityBuffer[] incomingSecurityBuffers = null;
if (input != null)
{
incomingSecurity = new SecurityBuffer(input, offset, count, SecurityBufferType.Token);
incomingSecurityBuffers = new SecurityBuffer[]
{
incomingSecurity,
new SecurityBuffer(null, 0, 0, SecurityBufferType.Empty)
};
}
SecurityBuffer outgoingSecurity = new SecurityBuffer(null, SecurityBufferType.Token);
SecurityStatusPal status = default(SecurityStatusPal);
bool cachedCreds = false;
byte[] thumbPrint = null;
//
// Looping through ASC or ISC with potentially cached credential that could have been
// already disposed from a different thread before ISC or ASC dir increment a cred ref count.
//
try
{
do
{
thumbPrint = null;
if (_refreshCredentialNeeded)
{
cachedCreds = _serverMode
? AcquireServerCredentials(ref thumbPrint)
: AcquireClientCredentials(ref thumbPrint);
}
if (_serverMode)
{
status = SslStreamPal.AcceptSecurityContext(
ref _credentialsHandle,
ref _securityContext,
incomingSecurity,
outgoingSecurity,
_remoteCertRequired);
}
else
{
if (incomingSecurity == null)
{
status = SslStreamPal.InitializeSecurityContext(
ref _credentialsHandle,
ref _securityContext,
_destination,
incomingSecurity,
outgoingSecurity);
}
else
{
status = SslStreamPal.InitializeSecurityContext(
_credentialsHandle,
ref _securityContext,
_destination,
incomingSecurityBuffers,
outgoingSecurity);
}
}
} while (cachedCreds && _credentialsHandle == null);
}
finally
{
if (_refreshCredentialNeeded)
{
_refreshCredentialNeeded = false;
//
// Assuming the ISC or ASC has referenced the credential,
// we want to call dispose so to decrement the effective ref count.
//
if (_credentialsHandle != null)
{
_credentialsHandle.Dispose();
}
//
// This call may bump up the credential reference count further.
// Note that thumbPrint is retrieved from a safe cert object that was possible cloned from the user passed cert.
//
if (!cachedCreds && _securityContext != null && !_securityContext.IsInvalid && _credentialsHandle != null && !_credentialsHandle.IsInvalid)
{
SslSessionsCache.CacheCredential(_credentialsHandle, thumbPrint, _sslProtocols, _serverMode, _encryptionPolicy);
}
}
}
output = outgoingSecurity.token;
#if TRACE_VERBOSE
if (GlobalLog.IsEnabled)
{
GlobalLog.Leave("SecureChannel#" + LoggingHash.HashString(this) + "::GenerateToken()", Interop.MapSecurityStatus((uint)errorCode));
}
#endif
return status;
}
public static SecurityStatusPal ApplyShutdownToken(ref SafeFreeCredentials credentialsHandle, SafeDeleteContext securityContext)
{
int shutdownToken = Interop.SChannel.SCHANNEL_SHUTDOWN;
var bufferDesc = new SecurityBuffer[1];
var buffer = BitConverter.GetBytes(shutdownToken);
bufferDesc[0] = new SecurityBuffer(buffer, SecurityBufferType.SECBUFFER_TOKEN);
var errorCode = (Interop.SECURITY_STATUS)SSPIWrapper.ApplyControlToken(
GlobalSSPI.SSPISecureChannel,
ref securityContext,
bufferDesc);
return SecurityStatusAdapterPal.GetSecurityStatusPalFromInterop(errorCode, attachException:true);
}
private static int DecryptNtlm(
SafeDeleteContext securityContext,
byte[] buffer,
int offset,
int count,
bool isConfidential,
out int newOffset,
uint sequenceNumber)
{
const int ntlmSignatureLength = 16;
// For the most part the arguments are verified in Decrypt().
if (count < ntlmSignatureLength)
{
NetEventSource.Fail(null, "Argument 'count' out of range.");
throw new ArgumentOutOfRangeException(nameof(count));
}
var securityBuffer = new SecurityBuffer[2];
securityBuffer[0] = new SecurityBuffer(buffer, offset, ntlmSignatureLength, SecurityBufferType.SECBUFFER_TOKEN);
securityBuffer[1] = new SecurityBuffer(buffer, offset + ntlmSignatureLength, count - ntlmSignatureLength, SecurityBufferType.SECBUFFER_DATA);
int errorCode;
SecurityBufferType realDataType = SecurityBufferType.SECBUFFER_DATA;
if (isConfidential)
{
errorCode = SSPIWrapper.DecryptMessage(GlobalSSPI.SSPIAuth, securityContext, securityBuffer, sequenceNumber);
}
else
{
realDataType |= SecurityBufferType.SECBUFFER_READONLY;
securityBuffer[1].type = realDataType;
errorCode = SSPIWrapper.VerifySignature(GlobalSSPI.SSPIAuth, securityContext, securityBuffer, sequenceNumber);
}
if (errorCode != 0)
{
Exception e = new Win32Exception(errorCode);
if (NetEventSource.IsEnabled) NetEventSource.Error(null, e);
throw new Win32Exception(errorCode);
}
if (securityBuffer[1].type != realDataType)
{
throw new InternalException();
}
newOffset = securityBuffer[1].offset;
return securityBuffer[1].size;
}
internal static int DecryptMessage (SSPIInterface secModule, SafeDeleteContext safeContext, SecurityBuffer securityBuffer, uint sequenceNumber)
{
var incoming = GetInputBuffer (securityBuffer);
var retval = (int)safeContext.Context.DecryptMessage (ref incoming);
UpdateOutput (incoming, securityBuffer);
return retval;
}
public static SecurityStatusPal AcceptSecurityContext(ref SafeFreeCredentials credentialsHandle, ref SafeDeleteContext context, SecurityBuffer[] inputBuffers, SecurityBuffer outputBuffer, SslAuthenticationOptions sslAuthenticationOptions)
{
Interop.SspiCli.ContextFlags unusedAttributes = default(Interop.SspiCli.ContextFlags);
int errorCode = SSPIWrapper.AcceptSecurityContext(
GlobalSSPI.SSPISecureChannel,
credentialsHandle,
ref context,
ServerRequiredFlags | (sslAuthenticationOptions.RemoteCertRequired ? Interop.SspiCli.ContextFlags.MutualAuth : Interop.SspiCli.ContextFlags.Zero),
Interop.SspiCli.Endianness.SECURITY_NATIVE_DREP,
inputBuffers,
outputBuffer,
ref unusedAttributes);
return(SecurityStatusAdapterPal.GetSecurityStatusPalFromNativeInt(errorCode));
}
//-------------------------------------------------------------------
internal unsafe static int AcceptSecurityContext(
ref SafeFreeCredentials inCredentials,
ref SafeDeleteContext refContext,
Interop.SspiCli.ContextFlags inFlags,
Interop.SspiCli.Endianness endianness,
SecurityBuffer inSecBuffer,
SecurityBuffer[] inSecBuffers,
SecurityBuffer outSecBuffer,
ref Interop.SspiCli.ContextFlags outFlags)
{
#if TRACE_VERBOSE
if (NetEventSource.IsEnabled)
{
NetEventSource.Enter(null, $"credential={inCredentials}, refContext={refContext}, inFlags={inFlags}");
if (inSecBuffers == null)
{
NetEventSource.Info(null, "inSecBuffers = (null)");
}
else
{
NetEventSource.Info(null, $"inSecBuffers[] = (inSecBuffers)");
}
}
#endif
if (outSecBuffer == null)
{
NetEventSource.Fail(null, "outSecBuffer != null");
}
if (inSecBuffer != null && inSecBuffers != null)
{
NetEventSource.Fail(null, "inSecBuffer == null || inSecBuffers == null");
}
if (inCredentials == null)
{
throw new ArgumentNullException(nameof(inCredentials));
}
Interop.SspiCli.SecBufferDesc inSecurityBufferDescriptor = default(Interop.SspiCli.SecBufferDesc);
bool haveInSecurityBufferDescriptor = false;
if (inSecBuffer != null)
{
inSecurityBufferDescriptor = new Interop.SspiCli.SecBufferDesc(1);
haveInSecurityBufferDescriptor = true;
}
else if (inSecBuffers != null)
{
inSecurityBufferDescriptor = new Interop.SspiCli.SecBufferDesc(inSecBuffers.Length);
haveInSecurityBufferDescriptor = true;
}
Interop.SspiCli.SecBufferDesc outSecurityBufferDescriptor = new Interop.SspiCli.SecBufferDesc(1);
// Actually, this is returned in outFlags.
bool isSspiAllocated = (inFlags & Interop.SspiCli.ContextFlags.AllocateMemory) != 0 ? true : false;
int errorCode = -1;
Interop.SspiCli.CredHandle contextHandle = new Interop.SspiCli.CredHandle();
if (refContext != null)
{
contextHandle = refContext._handle;
}
// These are pinned user byte arrays passed along with SecurityBuffers.
GCHandle[] pinnedInBytes = null;
GCHandle pinnedOutBytes = new GCHandle();
// Optional output buffer that may need to be freed.
SafeFreeContextBuffer outFreeContextBuffer = null;
try
{
pinnedOutBytes = GCHandle.Alloc(outSecBuffer.token, GCHandleType.Pinned);
var inUnmanagedBuffer = new Interop.SspiCli.SecBuffer[haveInSecurityBufferDescriptor ? inSecurityBufferDescriptor.cBuffers : 1];
fixed (void* inUnmanagedBufferPtr = inUnmanagedBuffer)
{
if (haveInSecurityBufferDescriptor)
{
// Fix Descriptor pointer that points to unmanaged SecurityBuffers.
inSecurityBufferDescriptor.pBuffers = inUnmanagedBufferPtr;
pinnedInBytes = new GCHandle[inSecurityBufferDescriptor.cBuffers];
SecurityBuffer securityBuffer;
for (int index = 0; index < inSecurityBufferDescriptor.cBuffers; ++index)
{
securityBuffer = inSecBuffer != null ? inSecBuffer : inSecBuffers[index];
if (securityBuffer != null)
{
// Copy the SecurityBuffer content into unmanaged place holder.
inUnmanagedBuffer[index].cbBuffer = securityBuffer.size;
inUnmanagedBuffer[index].BufferType = securityBuffer.type;
// Use the unmanaged token if it's not null; otherwise use the managed buffer.
if (securityBuffer.unmanagedToken != null)
{
inUnmanagedBuffer[index].pvBuffer = securityBuffer.unmanagedToken.DangerousGetHandle();
}
else if (securityBuffer.token == null || securityBuffer.token.Length == 0)
{
inUnmanagedBuffer[index].pvBuffer = IntPtr.Zero;
}
else
{
pinnedInBytes[index] = GCHandle.Alloc(securityBuffer.token, GCHandleType.Pinned);
inUnmanagedBuffer[index].pvBuffer = Marshal.UnsafeAddrOfPinnedArrayElement(securityBuffer.token, securityBuffer.offset);
}
#if TRACE_VERBOSE
if (NetEventSource.IsEnabled) NetEventSource.Info(null, $"SecBuffer: cbBuffer:{securityBuffer.size} BufferType:{securityBuffer.type}");
#endif
}
}
}
var outUnmanagedBuffer = new Interop.SspiCli.SecBuffer[1];
fixed (void* outUnmanagedBufferPtr = outUnmanagedBuffer)
{
// Fix Descriptor pointer that points to unmanaged SecurityBuffers.
outSecurityBufferDescriptor.pBuffers = outUnmanagedBufferPtr;
// Copy the SecurityBuffer content into unmanaged place holder.
outUnmanagedBuffer[0].cbBuffer = outSecBuffer.size;
outUnmanagedBuffer[0].BufferType = outSecBuffer.type;
if (outSecBuffer.token == null || outSecBuffer.token.Length == 0)
{
outUnmanagedBuffer[0].pvBuffer = IntPtr.Zero;
}
else
{
outUnmanagedBuffer[0].pvBuffer = Marshal.UnsafeAddrOfPinnedArrayElement(outSecBuffer.token, outSecBuffer.offset);
}
if (isSspiAllocated)
{
outFreeContextBuffer = SafeFreeContextBuffer.CreateEmptyHandle();
}
if (refContext == null || refContext.IsInvalid)
{
refContext = new SafeDeleteContext_SECURITY();
}
errorCode = MustRunAcceptSecurityContext_SECURITY(
ref inCredentials,
contextHandle.IsZero ? null : &contextHandle,
haveInSecurityBufferDescriptor ? &inSecurityBufferDescriptor : null,
inFlags,
endianness,
refContext,
ref outSecurityBufferDescriptor,
ref outFlags,
outFreeContextBuffer);
if (NetEventSource.IsEnabled) NetEventSource.Info(null, "Marshaling OUT buffer");
// Get unmanaged buffer with index 0 as the only one passed into PInvoke.
outSecBuffer.size = outUnmanagedBuffer[0].cbBuffer;
outSecBuffer.type = outUnmanagedBuffer[0].BufferType;
if (outSecBuffer.size > 0)
{
outSecBuffer.token = new byte[outSecBuffer.size];
Marshal.Copy(outUnmanagedBuffer[0].pvBuffer, outSecBuffer.token, 0, outSecBuffer.size);
}
else
{
outSecBuffer.token = null;
}
}
}
}
finally
{
if (pinnedInBytes != null)
{
for (int index = 0; index < pinnedInBytes.Length; index++)
{
if (pinnedInBytes[index].IsAllocated)
{
pinnedInBytes[index].Free();
}
}
}
if (pinnedOutBytes.IsAllocated)
{
pinnedOutBytes.Free();
}
if (outFreeContextBuffer != null)
{
outFreeContextBuffer.Dispose();
}
}
if (NetEventSource.IsEnabled) NetEventSource.Exit(null, $"errorCode:0x{errorCode:x8}, refContext:{refContext}");
return errorCode;
}
static IBufferOffsetSize GetInputBuffer (SecurityBuffer incoming)
{
return incoming != null ? new InputBuffer (incoming.token, incoming.offset, incoming.size) : null;
}
internal static int Decrypt(
SafeDeleteContext securityContext,
byte[] buffer,
int offset,
int count,
bool isConfidential,
bool isNtlm,
out int newOffset,
uint sequenceNumber)
{
if (offset < 0 || offset > (buffer == null ? 0 : buffer.Length))
{
NetEventSource.Fail(null, "Argument 'offset' out of range.");
throw new ArgumentOutOfRangeException(nameof(offset));
}
if (count < 0 || count > (buffer == null ? 0 : buffer.Length - offset))
{
NetEventSource.Fail(null, "Argument 'count' out of range.");
throw new ArgumentOutOfRangeException(nameof(count));
}
if (isNtlm)
{
return DecryptNtlm(securityContext, buffer, offset, count, isConfidential, out newOffset, sequenceNumber);
}
//
// Kerberos and up
//
var securityBuffer = new SecurityBuffer[2];
securityBuffer[0] = new SecurityBuffer(buffer, offset, count, SecurityBufferType.SECBUFFER_STREAM);
securityBuffer[1] = new SecurityBuffer(0, SecurityBufferType.SECBUFFER_DATA);
int errorCode;
if (isConfidential)
{
errorCode = SSPIWrapper.DecryptMessage(GlobalSSPI.SSPIAuth, securityContext, securityBuffer, sequenceNumber);
}
else
{
errorCode = SSPIWrapper.VerifySignature(GlobalSSPI.SSPIAuth, securityContext, securityBuffer, sequenceNumber);
}
if (errorCode != 0)
{
Exception e = new Win32Exception(errorCode);
if (NetEventSource.IsEnabled) NetEventSource.Error(null, e);
throw e;
}
if (securityBuffer[1].type != SecurityBufferType.SECBUFFER_DATA)
{
throw new InternalException();
}
newOffset = securityBuffer[1].offset;
return securityBuffer[1].size;
}
static void UpdateOutput (IBufferOffsetSize buffer, SecurityBuffer outputBuffer)
{
if (buffer != null) {
outputBuffer.token = buffer.Buffer;
outputBuffer.offset = buffer.Offset;
outputBuffer.size = buffer.Size;
outputBuffer.type = BufferType.Token;
} else {
outputBuffer.token = null;
outputBuffer.size = outputBuffer.offset = 0;
outputBuffer.type = BufferType.Empty;
}
}
internal static int Encrypt(
SafeDeleteContext securityContext,
byte[] buffer,
int offset,
int count,
bool isConfidential,
bool isNtlm,
ref byte[] output,
uint sequenceNumber)
{
SecPkgContext_Sizes sizes = SSPIWrapper.QueryContextAttributes(
GlobalSSPI.SSPIAuth,
securityContext,
Interop.SspiCli.ContextAttribute.SECPKG_ATTR_SIZES
) as SecPkgContext_Sizes;
try
{
int maxCount = checked(Int32.MaxValue - 4 - sizes.cbBlockSize - sizes.cbSecurityTrailer);
if (count > maxCount || count < 0)
{
throw new ArgumentOutOfRangeException(nameof(count), SR.Format(SR.net_io_out_range, maxCount));
}
}
catch (Exception e) when (!ExceptionCheck.IsFatal(e))
{
NetEventSource.Fail(null, "Arguments out of range.");
throw;
}
int resultSize = count + sizes.cbSecurityTrailer + sizes.cbBlockSize;
if (output == null || output.Length < resultSize + 4)
{
output = new byte[resultSize + 4];
}
// Make a copy of user data for in-place encryption.
Buffer.BlockCopy(buffer, offset, output, 4 + sizes.cbSecurityTrailer, count);
// Prepare buffers TOKEN(signature), DATA and Padding.
var securityBuffer = new SecurityBuffer[3];
securityBuffer[0] = new SecurityBuffer(output, 4, sizes.cbSecurityTrailer, SecurityBufferType.SECBUFFER_TOKEN);
securityBuffer[1] = new SecurityBuffer(output, 4 + sizes.cbSecurityTrailer, count, SecurityBufferType.SECBUFFER_DATA);
securityBuffer[2] = new SecurityBuffer(output, 4 + sizes.cbSecurityTrailer + count, sizes.cbBlockSize, SecurityBufferType.SECBUFFER_PADDING);
int errorCode;
if (isConfidential)
{
errorCode = SSPIWrapper.EncryptMessage(GlobalSSPI.SSPIAuth, securityContext, securityBuffer, sequenceNumber);
}
else
{
if (isNtlm)
{
securityBuffer[1].type |= SecurityBufferType.SECBUFFER_READONLY;
}
errorCode = SSPIWrapper.MakeSignature(GlobalSSPI.SSPIAuth, securityContext, securityBuffer, 0);
}
if (errorCode != 0)
{
Exception e = new Win32Exception(errorCode);
if (NetEventSource.IsEnabled) NetEventSource.Error(null, e);
throw e;
}
// Compacting the result.
resultSize = securityBuffer[0].size;
bool forceCopy = false;
if (resultSize != sizes.cbSecurityTrailer)
{
forceCopy = true;
Buffer.BlockCopy(output, securityBuffer[1].offset, output, 4 + resultSize, securityBuffer[1].size);
}
resultSize += securityBuffer[1].size;
if (securityBuffer[2].size != 0 && (forceCopy || resultSize != (count + sizes.cbSecurityTrailer)))
{
Buffer.BlockCopy(output, securityBuffer[2].offset, output, 4 + resultSize, securityBuffer[2].size);
}
resultSize += securityBuffer[2].size;
unchecked
{
output[0] = (byte)((resultSize) & 0xFF);
output[1] = (byte)(((resultSize) >> 8) & 0xFF);
output[2] = (byte)(((resultSize) >> 16) & 0xFF);
output[3] = (byte)(((resultSize) >> 24) & 0xFF);
}
return resultSize + 4;
}
internal static SecurityStatusPal InitializeSecurityContext(
SafeFreeCredentials credentialsHandle,
ref SafeDeleteContext securityContext,
string spn,
ContextFlagsPal requestedContextFlags,
SecurityBuffer[] inSecurityBufferArray,
SecurityBuffer outSecurityBuffer,
ref ContextFlagsPal contextFlags)
{
// TODO (Issue #3718): The second buffer can contain a channel binding which is not supported
if ((null != inSecurityBufferArray) && (inSecurityBufferArray.Length > 1))
{
throw new PlatformNotSupportedException(SR.net_nego_channel_binding_not_supported);
}
SafeFreeNegoCredentials negoCredentialsHandle = (SafeFreeNegoCredentials) credentialsHandle;
if (negoCredentialsHandle.IsDefault && string.IsNullOrEmpty(spn))
{
throw new PlatformNotSupportedException(SR.net_nego_not_supported_empty_target_with_defaultcreds);
}
SecurityStatusPal status = EstablishSecurityContext(
negoCredentialsHandle,
ref securityContext,
spn,
requestedContextFlags,
((inSecurityBufferArray != null && inSecurityBufferArray.Length != 0) ? inSecurityBufferArray[0] : null),
outSecurityBuffer,
ref contextFlags);
// Confidentiality flag should not be set if not requested
if (status.ErrorCode == SecurityStatusPalErrorCode.CompleteNeeded)
{
ContextFlagsPal mask = ContextFlagsPal.Confidentiality;
if ((requestedContextFlags & mask) != (contextFlags & mask))
{
throw new PlatformNotSupportedException(SR.net_nego_protection_level_not_supported);
}
}
return status;
}
internal static int Encrypt(
SafeDeleteContext securityContext,
byte[] buffer,
int offset,
int count,
bool isConfidential,
bool isNtlm,
ref byte[] output,
uint sequenceNumber)
{
SecSizes sizes = SSPIWrapper.QueryContextAttributes(
GlobalSSPI.SSPIAuth,
securityContext,
Interop.SspiCli.ContextAttribute.Sizes
) as SecSizes;
try
{
int maxCount = checked(Int32.MaxValue - 4 - sizes.BlockSize - sizes.SecurityTrailer);
if (count > maxCount || count < 0)
{
throw new ArgumentOutOfRangeException(nameof(count), SR.Format(SR.net_io_out_range, maxCount));
}
}
catch (Exception e)
{
if (!ExceptionCheck.IsFatal(e))
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Assert("NTAuthentication#" + LoggingHash.HashString(securityContext) + "::Encrypt", "Arguments out of range.");
}
Debug.Fail("NTAuthentication#" + LoggingHash.HashString(securityContext) + "::Encrypt", "Arguments out of range.");
}
throw;
}
int resultSize = count + sizes.SecurityTrailer + sizes.BlockSize;
if (output == null || output.Length < resultSize + 4)
{
output = new byte[resultSize + 4];
}
// Make a copy of user data for in-place encryption.
Buffer.BlockCopy(buffer, offset, output, 4 + sizes.SecurityTrailer, count);
// Prepare buffers TOKEN(signature), DATA and Padding.
var securityBuffer = new SecurityBuffer[3];
securityBuffer[0] = new SecurityBuffer(output, 4, sizes.SecurityTrailer, SecurityBufferType.Token);
securityBuffer[1] = new SecurityBuffer(output, 4 + sizes.SecurityTrailer, count, SecurityBufferType.Data);
securityBuffer[2] = new SecurityBuffer(output, 4 + sizes.SecurityTrailer + count, sizes.BlockSize, SecurityBufferType.Padding);
int errorCode;
if (isConfidential)
{
errorCode = SSPIWrapper.EncryptMessage(GlobalSSPI.SSPIAuth, securityContext, securityBuffer, sequenceNumber);
}
else
{
if (isNtlm)
{
securityBuffer[1].type |= SecurityBufferType.ReadOnlyFlag;
}
errorCode = SSPIWrapper.MakeSignature(GlobalSSPI.SSPIAuth, securityContext, securityBuffer, 0);
}
if (errorCode != 0)
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Print("NTAuthentication#" + LoggingHash.HashString(securityContext) + "::Encrypt() throw Error = " + errorCode.ToString("x", NumberFormatInfo.InvariantInfo));
}
throw new Win32Exception(errorCode);
}
// Compacting the result.
resultSize = securityBuffer[0].size;
bool forceCopy = false;
if (resultSize != sizes.SecurityTrailer)
{
forceCopy = true;
Buffer.BlockCopy(output, securityBuffer[1].offset, output, 4 + resultSize, securityBuffer[1].size);
}
resultSize += securityBuffer[1].size;
if (securityBuffer[2].size != 0 && (forceCopy || resultSize != (count + sizes.SecurityTrailer)))
{
Buffer.BlockCopy(output, securityBuffer[2].offset, output, 4 + resultSize, securityBuffer[2].size);
}
resultSize += securityBuffer[2].size;
unchecked
{
output[0] = (byte)((resultSize) & 0xFF);
output[1] = (byte)(((resultSize) >> 8) & 0xFF);
output[2] = (byte)(((resultSize) >> 16) & 0xFF);
output[3] = (byte)(((resultSize) >> 24) & 0xFF);
}
return resultSize + 4;
}
internal static SecurityStatusPal CompleteAuthToken(
ref SafeDeleteContext securityContext,
SecurityBuffer[] inSecurityBufferArray)
{
return new SecurityStatusPal(SecurityStatusPalErrorCode.OK);
}
private static int DecryptNtlm(
SafeDeleteContext securityContext,
byte[] buffer,
int offset,
int count,
bool isConfidential,
out int newOffset,
uint sequenceNumber)
{
const int ntlmSignatureLength = 16;
// For the most part the arguments are verified in Decrypt().
if (count < ntlmSignatureLength)
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Assert("NTAuthentication#" + LoggingHash.HashString(securityContext) + "::DecryptNtlm", "Argument 'count' out of range.");
}
Debug.Fail("NTAuthentication#" + LoggingHash.HashString(securityContext) + "::DecryptNtlm", "Argument 'count' out of range.");
throw new ArgumentOutOfRangeException(nameof(count));
}
var securityBuffer = new SecurityBuffer[2];
securityBuffer[0] = new SecurityBuffer(buffer, offset, ntlmSignatureLength, SecurityBufferType.Token);
securityBuffer[1] = new SecurityBuffer(buffer, offset + ntlmSignatureLength, count - ntlmSignatureLength, SecurityBufferType.Data);
int errorCode;
SecurityBufferType realDataType = SecurityBufferType.Data;
if (isConfidential)
{
errorCode = SSPIWrapper.DecryptMessage(GlobalSSPI.SSPIAuth, securityContext, securityBuffer, sequenceNumber);
}
else
{
realDataType |= SecurityBufferType.ReadOnlyFlag;
securityBuffer[1].type = realDataType;
errorCode = SSPIWrapper.VerifySignature(GlobalSSPI.SSPIAuth, securityContext, securityBuffer, sequenceNumber);
}
if (errorCode != 0)
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Print("NTAuthentication#" + LoggingHash.HashString(securityContext) + "::Decrypt() throw Error = " + errorCode.ToString("x", NumberFormatInfo.InvariantInfo));
}
throw new Win32Exception(errorCode);
}
if (securityBuffer[1].type != realDataType)
{
throw new InternalException();
}
newOffset = securityBuffer[1].offset;
return securityBuffer[1].size;
}
internal static SecurityStatusPal AcceptSecurityContext(
SafeFreeCredentials credentialsHandle,
ref SafeDeleteContext securityContext,
ContextFlagsPal requestedContextFlags,
SecurityBuffer[] inSecurityBufferArray,
SecurityBuffer outSecurityBuffer,
ref ContextFlagsPal contextFlags)
{
throw new PlatformNotSupportedException(SR.net_nego_server_not_supported);
}
//-------------------------------------------------------------------
internal unsafe static int AcceptSecurityContext(
ref SafeFreeCredentials inCredentials,
ref SafeDeleteContext refContext,
Interop.Secur32.ContextFlags inFlags,
Interop.Secur32.Endianness endianness,
SecurityBuffer inSecBuffer,
SecurityBuffer[] inSecBuffers,
SecurityBuffer outSecBuffer,
ref Interop.Secur32.ContextFlags outFlags)
{
#if TRACE_VERBOSE
GlobalLog.Enter("SafeDeleteContext::AcceptSecurityContex");
GlobalLog.Print(" credential = " + inCredentials.ToString());
GlobalLog.Print(" refContext = " + Logging.ObjectToString(refContext));
GlobalLog.Print(" inFlags = " + inFlags);
if (inSecBuffers == null)
{
GlobalLog.Print(" inSecBuffers = (null)");
}
else
{
GlobalLog.Print(" inSecBuffers[] = length:" + inSecBuffers.Length);
}
#endif
GlobalLog.Assert(outSecBuffer != null, "SafeDeleteContext::AcceptSecurityContext()|outSecBuffer != null");
GlobalLog.Assert(inSecBuffer == null || inSecBuffers == null, "SafeDeleteContext::AcceptSecurityContext()|inSecBuffer == null || inSecBuffers == null");
if (inCredentials == null)
{
throw new ArgumentNullException("inCredentials");
}
Interop.Secur32.SecurityBufferDescriptor inSecurityBufferDescriptor = null;
if (inSecBuffer != null)
{
inSecurityBufferDescriptor = new Interop.Secur32.SecurityBufferDescriptor(1);
}
else if (inSecBuffers != null)
{
inSecurityBufferDescriptor = new Interop.Secur32.SecurityBufferDescriptor(inSecBuffers.Length);
}
Interop.Secur32.SecurityBufferDescriptor outSecurityBufferDescriptor = new Interop.Secur32.SecurityBufferDescriptor(1);
// Actually, this is returned in outFlags.
bool isSspiAllocated = (inFlags & Interop.Secur32.ContextFlags.AllocateMemory) != 0 ? true : false;
int errorCode = -1;
Interop.Secur32.SSPIHandle contextHandle = new Interop.Secur32.SSPIHandle();
if (refContext != null)
{
contextHandle = refContext._handle;
}
// These are pinned user byte arrays passed along with SecurityBuffers.
GCHandle[] pinnedInBytes = null;
GCHandle pinnedOutBytes = new GCHandle();
// Optional output buffer that may need to be freed.
SafeFreeContextBuffer outFreeContextBuffer = null;
try
{
pinnedOutBytes = GCHandle.Alloc(outSecBuffer.token, GCHandleType.Pinned);
var inUnmanagedBuffer = new Interop.Secur32.SecurityBufferStruct[inSecurityBufferDescriptor == null ? 1 : inSecurityBufferDescriptor.Count];
fixed (void* inUnmanagedBufferPtr = inUnmanagedBuffer)
{
if (inSecurityBufferDescriptor != null)
{
// Fix Descriptor pointer that points to unmanaged SecurityBuffers.
inSecurityBufferDescriptor.UnmanagedPointer = inUnmanagedBufferPtr;
pinnedInBytes = new GCHandle[inSecurityBufferDescriptor.Count];
SecurityBuffer securityBuffer;
for (int index = 0; index < inSecurityBufferDescriptor.Count; ++index)
{
securityBuffer = inSecBuffer != null ? inSecBuffer : inSecBuffers[index];
if (securityBuffer != null)
{
// Copy the SecurityBuffer content into unmanaged place holder.
inUnmanagedBuffer[index].count = securityBuffer.size;
inUnmanagedBuffer[index].type = securityBuffer.type;
// Use the unmanaged token if it's not null; otherwise use the managed buffer.
if (securityBuffer.unmanagedToken != null)
{
inUnmanagedBuffer[index].token = securityBuffer.unmanagedToken.DangerousGetHandle();
}
else if (securityBuffer.token == null || securityBuffer.token.Length == 0)
{
inUnmanagedBuffer[index].token = IntPtr.Zero;
}
else
{
pinnedInBytes[index] = GCHandle.Alloc(securityBuffer.token, GCHandleType.Pinned);
inUnmanagedBuffer[index].token = Marshal.UnsafeAddrOfPinnedArrayElement(securityBuffer.token, securityBuffer.offset);
}
#if TRACE_VERBOSE
GlobalLog.Print("SecBuffer: cbBuffer:" + securityBuffer.size + " BufferType:" + securityBuffer.type);
#endif
}
}
}
var outUnmanagedBuffer = new Interop.Secur32.SecurityBufferStruct[1];
fixed (void* outUnmanagedBufferPtr = outUnmanagedBuffer)
{
// Fix Descriptor pointer that points to unmanaged SecurityBuffers.
outSecurityBufferDescriptor.UnmanagedPointer = outUnmanagedBufferPtr;
// Copy the SecurityBuffer content into unmanaged place holder.
outUnmanagedBuffer[0].count = outSecBuffer.size;
outUnmanagedBuffer[0].type = outSecBuffer.type;
if (outSecBuffer.token == null || outSecBuffer.token.Length == 0)
{
outUnmanagedBuffer[0].token = IntPtr.Zero;
}
else
{
outUnmanagedBuffer[0].token = Marshal.UnsafeAddrOfPinnedArrayElement(outSecBuffer.token, outSecBuffer.offset);
}
if (isSspiAllocated)
{
outFreeContextBuffer = SafeFreeContextBuffer.CreateEmptyHandle();
}
if (refContext == null || refContext.IsInvalid)
{
refContext = new SafeDeleteContext_SECURITY();
}
errorCode = MustRunAcceptSecurityContext_SECURITY(
ref inCredentials,
contextHandle.IsZero ? null : &contextHandle,
inSecurityBufferDescriptor,
inFlags,
endianness,
refContext,
outSecurityBufferDescriptor,
ref outFlags,
outFreeContextBuffer);
GlobalLog.Print("SafeDeleteContext:AcceptSecurityContext Marshalling OUT buffer");
// Get unmanaged buffer with index 0 as the only one passed into PInvoke.
outSecBuffer.size = outUnmanagedBuffer[0].count;
outSecBuffer.type = outUnmanagedBuffer[0].type;
if (outSecBuffer.size > 0)
{
outSecBuffer.token = new byte[outSecBuffer.size];
Marshal.Copy(outUnmanagedBuffer[0].token, outSecBuffer.token, 0, outSecBuffer.size);
}
else
{
outSecBuffer.token = null;
}
}
}
}
finally
{
if (pinnedInBytes != null)
{
for (int index = 0; index < pinnedInBytes.Length; index++)
{
if (pinnedInBytes[index].IsAllocated)
{
pinnedInBytes[index].Free();
}
}
}
if (pinnedOutBytes.IsAllocated)
{
pinnedOutBytes.Free();
}
if (outFreeContextBuffer != null)
{
outFreeContextBuffer.Dispose();
}
}
GlobalLog.Leave("SafeDeleteContext::AcceptSecurityContex() unmanaged AcceptSecurityContex()", "errorCode:0x" + errorCode.ToString("x8") + " refContext:" + Logging.ObjectToString(refContext));
return errorCode;
}
public static SecurityBuffer[] GetIncomingSecurityBuffers(SslAuthenticationOptions options, ref SecurityBuffer incomingSecurity)
{
SecurityBuffer[] incomingSecurityBuffers = null;
if (incomingSecurity != null)
{
incomingSecurityBuffers = new SecurityBuffer[]
{
incomingSecurity,
new SecurityBuffer(null, 0, 0, SecurityBufferType.SECBUFFER_EMPTY)
};
}
return(incomingSecurityBuffers);
}
