/// <summary>
/// Safely invokes the native VerifySignature function, making sure that handle ref counting is
/// performed in a proper CER.
/// </summary>
/// <param name="handle"></param>
/// <param name="qualityOfProtection"></param>
/// <param name="adapter"></param>
/// <param name="sequenceNumber"></param>
/// <returns></returns>
internal static SecurityStatus SafeVerifySignature(
SafeContextHandle handle,
int qualityOfProtection,
SecureBufferAdapter adapter,
int sequenceNumber)
{
bool gotRef = false;
SecurityStatus status = SecurityStatus.InternalError;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
handle.DangerousAddRef(ref gotRef);
}
catch (Exception)
{
if (gotRef)
{
handle.DangerousRelease();
gotRef = false;
}
throw;
}
finally
{
if (gotRef)
{
status = ContextNativeMethods.VerifySignature(
ref handle.rawHandle,
adapter.Handle,
sequenceNumber,
qualityOfProtection
);
handle.DangerousRelease();
}
}
return(status);
}
/// <summary>
/// Returns the properties of the named package.
/// </summary>
/// <param name="packageName">The name of the package.</param>
/// <returns></returns>
public static SecPkgInfo GetPackageCapabilities(string packageName)
{
SecPkgInfo info;
SecurityStatus status = SecurityStatus.InternalError;
IntPtr rawInfoPtr;
rawInfoPtr = new IntPtr();
info = new SecPkgInfo();
RuntimeHelpers.PrepareConstrainedRegions();
try
{ }
finally
{
status = NativeMethods.QuerySecurityPackageInfo(packageName, ref rawInfoPtr);
if (rawInfoPtr != IntPtr.Zero)
{
try
{
if (status == SecurityStatus.OK)
{
// This performs allocations as it makes room for the strings contained in the SecPkgInfo class.
Marshal.PtrToStructure(rawInfoPtr, info);
}
}
finally
{
NativeMethods.FreeContextBuffer(rawInfoPtr);
}
}
}
if (status != SecurityStatus.OK)
{
throw new SSPIException("Failed to query security package provider details", status);
}
return(info);
}
/// <summary>
/// Queries the security package's expections regarding message/token/signature/padding buffer sizes.
/// </summary>
/// <returns></returns>
private SecPkgContext_Sizes QueryBufferSizes()
{
SecPkgContext_Sizes sizes = new SecPkgContext_Sizes();
SecurityStatus status = SecurityStatus.InternalError;
bool gotRef = false;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
this.ContextHandle.DangerousAddRef(ref gotRef);
}
catch (Exception)
{
if (gotRef)
{
this.ContextHandle.DangerousRelease();
gotRef = false;
}
throw;
}
finally
{
if (gotRef)
{
status = ContextNativeMethods.QueryContextAttributes_Sizes(
ref this.ContextHandle.rawHandle,
ContextQueryAttrib.Sizes,
ref sizes
);
this.ContextHandle.DangerousRelease();
}
}
if (status != SecurityStatus.OK)
{
throw new SSPIException("Failed to query context buffer size attributes", status);
}
return(sizes);
}
private int ProcessFrameBody(int readBytes, byte[] buffer, int offset, int count, AsyncProtocolRequest asyncRequest)
{
if (readBytes == 0)
{
throw new IOException(SR.GetString("net_io_eof"));
}
readBytes += this._SslState.HeaderSize;
int num = 0;
SecurityStatus errorCode = this._SslState.DecryptData(this.InternalBuffer, ref num, ref readBytes);
if (errorCode != SecurityStatus.OK)
{
byte[] dst = null;
if (readBytes != 0)
{
dst = new byte[readBytes];
Buffer.BlockCopy(this.InternalBuffer, num, dst, 0, readBytes);
}
this.DecrementInternalBufferCount(this.InternalBufferCount);
return(this.ProcessReadErrorCode(errorCode, buffer, offset, count, asyncRequest, dst));
}
if ((readBytes == 0) && (count != 0))
{
this.DecrementInternalBufferCount(this.InternalBufferCount);
return(-1);
}
this.EnsureInternalBufferSize(0, num + readBytes);
this.DecrementInternalBufferCount(num);
if (readBytes > count)
{
readBytes = count;
}
Buffer.BlockCopy(this.InternalBuffer, this.InternalOffset, buffer, offset, readBytes);
this.DecrementInternalBufferCount(readBytes);
this._SslState.FinishRead(null);
if (asyncRequest != null)
{
asyncRequest.CompleteUser(readBytes);
}
return(readBytes);
}
private void setNTLMToken()
{
initNTLMClientAuth();
if (NTLMChallangeToken != "")
{
serverToken = Convert.FromBase64String(NTLMChallangeToken);
Debug.WriteLine("NTLM Challange token detected. Setting server token: " + NTLMChallangeToken);
}
//while (true)
//{
NSSPIclientStatus = NSSPIclient.Init(serverToken, out NTLMClientToken);
Debug.WriteLine("NSSPI ClientStatus: " + NSSPIclientStatus.ToString());
//if (clientStatus != SecurityStatus.ContinueNeeded) { break; }
//}
//
this.NTLMToken = Convert.ToBase64String(NTLMClientToken);
Debug.WriteLine("NTLMToken: " + this.NTLMToken);
}
internal static SecurityStatus InitializeSecurityContext(SSPIInterface SecModule, ref SafeFreeCredentials credential, ref SafeDeleteContext context, string targetName, SecurityBuffer inputBuffer, SecurityBuffer outputBuffer)
{
if (Logging.On)
{
Logging.PrintInfo(Logging.Web,
"InitializeSecurityContext(" +
"credential = " + credential.ToString() + ", " +
"context = " + Logging.ObjectToString(context) + ", " +
"targetName = " + targetName);
}
SecurityStatus errorCode = SecModule.InitializeSecurityContext(ref credential, ref context, targetName, inputBuffer, outputBuffer);
if (Logging.On)
{
Logging.PrintInfo(Logging.Web, SR.Format(SR.net_log_sspi_security_context_input_buffer, "InitializeSecurityContext", (inputBuffer == null ? 0 : inputBuffer.size), outputBuffer.size, (SecurityStatus)errorCode));
}
return(errorCode);
}
private void Init(NativeAuthData authData, string secPackage, CredentialUse use)
{
string packageName;
TimeStamp rawExpiry = new TimeStamp();
SecurityStatus status = SecurityStatus.InternalError;
// -- Package --
// Copy off for the call, since this.SecurityPackage is a property.
packageName = this.SecurityPackage;
this.Handle = new SafeCredentialHandle();
// The finally clause is the actual constrained region. The VM pre-allocates any stack space,
// performs any allocations it needs to prepare methods for execution, and postpones any
// instances of the 'uncatchable' exceptions (ThreadAbort, StackOverflow, OutOfMemory).
RuntimeHelpers.PrepareConstrainedRegions();
try { }
finally
{
status = CredentialNativeMethods.AcquireCredentialsHandle_AuthData(
null,
packageName,
use,
IntPtr.Zero,
ref authData,
IntPtr.Zero,
IntPtr.Zero,
ref this.Handle.rawHandle,
ref rawExpiry
);
}
if (status != SecurityStatus.OK)
{
throw new SSPIException("Failed to call AcquireCredentialHandle", status);
}
this.Expiry = rawExpiry.ToDateTime();
}
public SecurityStatus EncryptMessage(SafeDeleteContext securityContext, byte[] buffer, int size, int headerSize, int trailerSize, out int resultSize)
{
resultSize = 0;
// Encryption using SCHANNEL requires 4 buffers: header, payload, trailer, empty.
SecurityBuffer[] securityBuffer = new SecurityBuffer[4];
securityBuffer[0] = new SecurityBuffer(buffer, 0, headerSize, SecurityBufferType.Header);
securityBuffer[1] = new SecurityBuffer(buffer, headerSize, size, SecurityBufferType.Data);
securityBuffer[2] = new SecurityBuffer(buffer, headerSize + size, trailerSize, SecurityBufferType.Trailer);
securityBuffer[3] = new SecurityBuffer(null, SecurityBufferType.Empty);
SecurityStatus secStatus = EncryptDecryptHelper(OP.Encrypt, securityContext, securityBuffer, 0);
if (secStatus == 0)
{
// The full buffer may not be used.
resultSize = securityBuffer[0].size + securityBuffer[1].size + securityBuffer[2].size;
GlobalLog.Leave("SecureChannel#" + Logging.HashString(this) + "::Encrypt OK", "data size:" + resultSize.ToString());
}
return(secStatus);
}
//
// Only processing SEC_I_RENEGOTIATE.
//
private int ProcessReadErrorCode(SecurityStatus errorCode, byte[] buffer, int offset, int count, byte[] extraBuffer)
{
// ERROR - examine what kind
ProtocolToken message = new ProtocolToken(null, errorCode);
GlobalLog.Print("SecureChannel#" + Logging.HashString(this) + "::***Processing an error Status = " + message.Status.ToString());
if (message.Renegotiate)
{
_SslState.ReplyOnReAuthentication(extraBuffer);
// Loop on read.
return(-1);
}
if (message.CloseConnection)
{
_SslState.FinishRead(null);
return(0);
}
throw new IOException(SR.net_io_decrypt, message.GetException());
}
private bool createNSSPIToken()
{
try
{
initNSSPI();
if (ChallangeToken != "")
{
NSSPIChallangeToken = Convert.FromBase64String(ChallangeToken);
Debug.WriteLine("[NSSPI] NTLM Challange token detected. Setting as server token: " + ChallangeToken);
}
NSSPIclientStatus = NSSPIclient.Init(NSSPIChallangeToken, out NSSPIClientToken);
this.AuthToken = Convert.ToBase64String(NSSPIClientToken);
return(true);
} catch (Exception e)
{
OnException("Failed to perform NSSPI Authentication while connecting to proxy. " + e.ToString());
return(false);
}
}
private void ProcessReceivedBlob(byte[] buffer, int count, AsyncProtocolRequest asyncRequest)
{
if (count == 0)
{
throw new AuthenticationException(SR.GetString("net_auth_eof"), null);
}
if (this._PendingReHandshake)
{
int offset = 0;
SecurityStatus errorCode = this.PrivateDecryptData(buffer, ref offset, ref count);
if (errorCode == SecurityStatus.OK)
{
Exception exception = this.EnqueueOldKeyDecryptedData(buffer, offset, count);
if (exception != null)
{
this.StartSendAuthResetSignal(null, asyncRequest, exception);
return;
}
this._Framing = Framing.None;
this.StartReceiveBlob(buffer, asyncRequest);
return;
}
if (errorCode != SecurityStatus.Renegotiate)
{
ProtocolToken token = new ProtocolToken(null, errorCode);
this.StartSendAuthResetSignal(null, asyncRequest, new AuthenticationException(SR.GetString("net_auth_SSPI"), token.GetException()));
return;
}
this._PendingReHandshake = false;
if (offset != 0)
{
Buffer.BlockCopy(buffer, offset, buffer, 0, count);
}
}
this.StartSendBlob(buffer, count, asyncRequest);
}
private void StartSendBlob(byte[] incoming, int count, AsyncProtocolRequest asyncRequest)
{
ProtocolToken message = this.Context.NextMessage(incoming, 0, count);
this._SecurityStatus = message.Status;
if (message.Size != 0)
{
if (this.Context.IsServer && (this._CachedSession == CachedSessionStatus.Unknown))
{
this._CachedSession = (message.Size < 200) ? CachedSessionStatus.IsCached : CachedSessionStatus.IsNotCached;
}
if (this._Framing == Framing.Unified)
{
this._Framing = this.DetectFraming(message.Payload, message.Payload.Length);
}
if (((message.Done && this._ForceBufferingLastHandshakePayload) && ((this.InnerStream.GetType() == typeof(NetworkStream)) && !this._PendingReHandshake)) && !this.CheckWin9xCachedSession())
{
this._LastPayload = message.Payload;
}
else if (asyncRequest == null)
{
this.InnerStream.Write(message.Payload, 0, message.Size);
}
else
{
asyncRequest.AsyncState = message;
IAsyncResult asyncResult = this.InnerStream.BeginWrite(message.Payload, 0, message.Size, _WriteCallback, asyncRequest);
if (!asyncResult.CompletedSynchronously)
{
return;
}
this.InnerStream.EndWrite(asyncResult);
}
}
this.CheckCompletionBeforeNextReceive(message, asyncRequest);
}
public override int GetHashCode()
{
unchecked
{
int hashCode = (StockExchange != null
? StockExchange.GetHashCode()
: 0);
hashCode = (hashCode * 397) ^ (TradeSector != null
? TradeSector.GetHashCode()
: 0);
hashCode = (hashCode * 397) ^ (SecurityCode != null
? SecurityCode.GetHashCode()
: 0);
hashCode = (hashCode * 397) ^ (SecurityName != null
? SecurityName.GetHashCode()
: 0);
hashCode = (hashCode * 397) ^ (SecurityClass != null
? SecurityClass.GetHashCode()
: 0);
hashCode = (hashCode * 397) ^ HasOptions.GetHashCode();
hashCode = (hashCode * 397) ^ (SecurityStatus != null
? SecurityStatus.GetHashCode()
: 0);
hashCode = (hashCode * 397) ^ (Currency != null
? Currency.GetHashCode()
: 0);
hashCode = (hashCode * 397) ^ LimitUpPrice.GetHashCode();
hashCode = (hashCode * 397) ^ LimitDownPrice.GetHashCode();
hashCode = (hashCode * 397) ^ LotSize.GetHashCode();
hashCode = (hashCode * 397) ^ (LotFlag != null
? LotFlag.GetHashCode()
: 0);
hashCode = (hashCode * 397) ^ (SuspendedFlag != null
? SuspendedFlag.GetHashCode()
: 0);
hashCode = (hashCode * 397) ^ (SecuritySubClass != null
? SecuritySubClass.GetHashCode()
: 0);
hashCode = (hashCode * 397) ^ (UnderlyinSecurityCode != null
? UnderlyinSecurityCode.GetHashCode()
: 0);
hashCode = (hashCode * 397) ^ (SecurityLevel != null
? SecurityLevel.GetHashCode()
: 0);
hashCode = (hashCode * 397) ^ PreviousClose.GetHashCode();
hashCode = (hashCode * 397) ^ OpenPrice.GetHashCode();
hashCode = (hashCode * 397) ^ Turnover.GetHashCode();
hashCode = (hashCode * 397) ^ HighPrice.GetHashCode();
hashCode = (hashCode * 397) ^ LowPrice.GetHashCode();
hashCode = (hashCode * 397) ^ LastPrice.GetHashCode();
hashCode = (hashCode * 397) ^ CurrentBidPrice.GetHashCode();
hashCode = (hashCode * 397) ^ CurrentAskPrice.GetHashCode();
hashCode = (hashCode * 397) ^ Volume.GetHashCode();
hashCode = (hashCode * 397) ^ PERatio.GetHashCode();
hashCode = (hashCode * 397) ^ BuyVolume1.GetHashCode();
hashCode = (hashCode * 397) ^ SellVolume1.GetHashCode();
hashCode = (hashCode * 397) ^ BuyPrice2.GetHashCode();
hashCode = (hashCode * 397) ^ BuyVolume2.GetHashCode();
hashCode = (hashCode * 397) ^ SellPrice2.GetHashCode();
hashCode = (hashCode * 397) ^ SellVolume2.GetHashCode();
hashCode = (hashCode * 397) ^ BuyPrice3.GetHashCode();
hashCode = (hashCode * 397) ^ BuyVolume3.GetHashCode();
hashCode = (hashCode * 397) ^ SellPrice3.GetHashCode();
hashCode = (hashCode * 397) ^ SellVolume3.GetHashCode();
hashCode = (hashCode * 397) ^ BuyPrice4.GetHashCode();
hashCode = (hashCode * 397) ^ BuyVolume4.GetHashCode();
hashCode = (hashCode * 397) ^ SellPrice4.GetHashCode();
hashCode = (hashCode * 397) ^ SellVolume4.GetHashCode();
hashCode = (hashCode * 397) ^ BuyPrice5.GetHashCode();
hashCode = (hashCode * 397) ^ BuyVolume5.GetHashCode();
hashCode = (hashCode * 397) ^ SellPrice5.GetHashCode();
hashCode = (hashCode * 397) ^ SellVolume5.GetHashCode();
return(hashCode);
}
}
//
// Methods
//
// This will return an client token when conducted authentication on server side'
// This token can be used ofr impersanation
// We use it to create a WindowsIdentity and hand it out to the server app.
internal SafeCloseHandle GetContextToken(out SecurityStatus status)
{
GlobalLog.Assert(IsCompleted && IsValidContext, "NTAuthentication#{0}::GetContextToken|Should be called only when completed with success, currently is not!", ValidationHelper.HashString(this));
GlobalLog.Assert(IsServer, "NTAuthentication#{0}::GetContextToken|The method must not be called by the client side!", ValidationHelper.HashString(this));
if (!IsValidContext) {
throw new Win32Exception((int)SecurityStatus.InvalidHandle);
}
SafeCloseHandle token = null;
status = (SecurityStatus) SSPIWrapper.QuerySecurityContextToken(
GlobalSSPI.SSPIAuth,
m_SecurityContext,
out token);
return token;
}
// for Server side (IIS 6.0) see: \\netindex\Sources\inetsrv\iis\iisrearc\iisplus\ulw3\digestprovider.cxx
// for Client side (HTTP.SYS) see: \\netindex\Sources\net\http\sys\ucauth.c
internal string GetOutgoingDigestBlob(string incomingBlob, string requestMethod, string requestedUri, string realm, bool isClientPreAuth, bool throwOnError, out SecurityStatus statusCode)
{
GlobalLog.Enter("NTAuthentication#" + ValidationHelper.HashString(this) + "::GetOutgoingDigestBlob", incomingBlob);
// second time call with 3 incoming buffers to select HTTP client.
// we should get back a SecurityStatus.OK and a non null outgoingBlob.
SecurityBuffer[] inSecurityBuffers = null;
SecurityBuffer outSecurityBuffer = new SecurityBuffer(m_TokenSize, isClientPreAuth ? BufferType.Parameters : BufferType.Token);
bool firstTime = m_SecurityContext == null;
try {
if (!m_IsServer) {
// client session
if (!isClientPreAuth) {
if (incomingBlob != null)
{
List<SecurityBuffer> list = new List<SecurityBuffer>(5);
list.Add(new SecurityBuffer(WebHeaderCollection.HeaderEncoding.GetBytes(incomingBlob), BufferType.Token));
list.Add(new SecurityBuffer(WebHeaderCollection.HeaderEncoding.GetBytes(requestMethod), BufferType.Parameters));
list.Add(new SecurityBuffer(null, BufferType.Parameters));
list.Add(new SecurityBuffer(Encoding.Unicode.GetBytes(m_Spn), BufferType.TargetHost));
if (m_ChannelBinding != null) {
list.Add(new SecurityBuffer(m_ChannelBinding));
}
inSecurityBuffers = list.ToArray();
}
statusCode = (SecurityStatus) SSPIWrapper.InitializeSecurityContext(
GlobalSSPI.SSPIAuth,
m_CredentialsHandle,
ref m_SecurityContext,
requestedUri, // this must match the Uri in the HTTP status line for the current request
m_RequestedContextFlags,
Endianness.Network,
inSecurityBuffers,
outSecurityBuffer,
ref m_ContextFlags );
GlobalLog.Print("NTAuthentication#" + ValidationHelper.HashString(this) + "::GetOutgoingDigestBlob() SSPIWrapper.InitializeSecurityContext() returns statusCode:0x" + ((int) statusCode).ToString("x8", NumberFormatInfo.InvariantInfo) + " (" + statusCode.ToString() + ")");
}
else {
#if WDIGEST_PREAUTH
inSecurityBuffers = new SecurityBuffer[] {
new SecurityBuffer(null, BufferType.Token),
new SecurityBuffer(WebHeaderCollection.HeaderEncoding.GetBytes(requestMethod), BufferType.Parameters),
new SecurityBuffer(WebHeaderCollection.HeaderEncoding.GetBytes(requestedUri), BufferType.Parameters),
new SecurityBuffer(null, BufferType.Parameters),
outSecurityBuffer,
};
statusCode = (SecurityStatus) SSPIWrapper.MakeSignature(GlobalSSPI.SSPIAuth, m_SecurityContext, inSecurityBuffers, 0);
GlobalLog.Print("NTAuthentication#" + ValidationHelper.HashString(this) + "::GetOutgoingDigestBlob() SSPIWrapper.MakeSignature() returns statusCode:0x" + ((int) statusCode).ToString("x8", NumberFormatInfo.InvariantInfo) + " (" + statusCode.ToString() + ")");
#else
statusCode = SecurityStatus.OK;
GlobalLog.Assert("NTAuthentication#" + ValidationHelper.HashString(this) + "::GetOutgoingDigestBlob()", "Invalid code path.");
#endif
}
}
else {
// server session
List<SecurityBuffer> list = new List<SecurityBuffer>(6);
list.Add(incomingBlob == null ? new SecurityBuffer(0, BufferType.Token) : new SecurityBuffer(WebHeaderCollection.HeaderEncoding.GetBytes(incomingBlob), BufferType.Token));
list.Add(requestMethod == null ? new SecurityBuffer(0, BufferType.Parameters) : new SecurityBuffer(WebHeaderCollection.HeaderEncoding.GetBytes(requestMethod), BufferType.Parameters));
list.Add(requestedUri == null ? new SecurityBuffer(0, BufferType.Parameters) : new SecurityBuffer(WebHeaderCollection.HeaderEncoding.GetBytes(requestedUri), BufferType.Parameters));
list.Add(new SecurityBuffer(0, BufferType.Parameters));
list.Add(realm == null ? new SecurityBuffer(0, BufferType.Parameters) : new SecurityBuffer(Encoding.Unicode.GetBytes(realm), BufferType.Parameters));
if (m_ChannelBinding != null) {
list.Add(new SecurityBuffer(m_ChannelBinding));
}
inSecurityBuffers = list.ToArray();
statusCode = (SecurityStatus) SSPIWrapper.AcceptSecurityContext(
GlobalSSPI.SSPIAuth,
m_CredentialsHandle,
ref m_SecurityContext,
m_RequestedContextFlags,
Endianness.Network,
inSecurityBuffers,
outSecurityBuffer,
ref m_ContextFlags );
GlobalLog.Print("NTAuthentication#" + ValidationHelper.HashString(this) + "::GetOutgoingDigestBlob() SSPIWrapper.AcceptSecurityContext() returns statusCode:0x" + ((int)statusCode).ToString("x8", NumberFormatInfo.InvariantInfo) + " (" + statusCode.ToString() + ")");
if (statusCode == SecurityStatus.CompleteNeeded)
{
inSecurityBuffers[4] = outSecurityBuffer;
statusCode = (SecurityStatus) SSPIWrapper.CompleteAuthToken(
GlobalSSPI.SSPIAuth,
ref m_SecurityContext,
inSecurityBuffers );
GlobalLog.Print("NTAuthentication#" + ValidationHelper.HashString(this) + "::GetOutgoingDigestBlob() SSPIWrapper.CompleteAuthToken() returns statusCode:0x" + ((int)statusCode).ToString("x8", NumberFormatInfo.InvariantInfo) + " (" + statusCode.ToString() + ")");
outSecurityBuffer.token = null;
}
}
}
finally {
//
// Assuming the ISC or ASC has referenced the credential on the first successful call,
// we want to decrement the effective ref count by "disposing" it.
// The real dispose will happen when the security context is closed.
// Note if the first call was not successfull the handle is physically destroyed here
//
if (firstTime && m_CredentialsHandle != null)
m_CredentialsHandle.Close();
}
if (((int) statusCode & unchecked((int) 0x80000000)) != 0)
{
CloseContext();
if (throwOnError) {
Win32Exception exception = new Win32Exception((int) statusCode);
GlobalLog.Leave("NTAuthentication#" + ValidationHelper.HashString(this) + "::GetOutgoingDigestBlob", "Win32Exception:" + exception);
throw exception;
}
GlobalLog.Leave("NTAuthentication#" + ValidationHelper.HashString(this) + "::GetOutgoingDigestBlob", "null statusCode:0x" + ((int) statusCode).ToString("x8", NumberFormatInfo.InvariantInfo) + " (" + statusCode.ToString() + ")");
return null;
}
else if (firstTime && m_CredentialsHandle != null)
{
// cache until it is pushed out by newly incoming handles
SSPIHandleCache.CacheCredential(m_CredentialsHandle);
}
// the return value from SSPI will tell us correctly if the
// handshake is over or not: http://msdn.microsoft.com/library/psdk/secspi/sspiref_67p0.htm
if (statusCode == SecurityStatus.OK)
{
// we're done, cleanup
m_IsCompleted = true;
}
else {
// we need to continue
GlobalLog.Print("NTAuthentication#" + ValidationHelper.HashString(this) + "::GetOutgoingDigestBlob() need continue statusCode:[0x" + ((int) statusCode).ToString("x8", NumberFormatInfo.InvariantInfo) + "] (" + statusCode.ToString() + ") m_SecurityContext#" + ValidationHelper.HashString(m_SecurityContext) + "::Handle:" + ValidationHelper.ToString(m_SecurityContext) + "]");
}
GlobalLog.Print("out token = " + outSecurityBuffer.ToString());
GlobalLog.Dump(outSecurityBuffer.token);
GlobalLog.Print("NTAuthentication#" + ValidationHelper.HashString(this) + "::GetOutgoingDigestBlob() IsCompleted:" + IsCompleted.ToString());
byte[] decodedOutgoingBlob = outSecurityBuffer.token;
string outgoingBlob = null;
if (decodedOutgoingBlob!=null && decodedOutgoingBlob.Length>0) {
outgoingBlob = WebHeaderCollection.HeaderEncoding.GetString(decodedOutgoingBlob, 0, outSecurityBuffer.size);
}
GlobalLog.Leave("NTAuthentication#" + ValidationHelper.HashString(this) + "::GetOutgoingDigestBlob", outgoingBlob);
return outgoingBlob;
}
/// <summary>
/// Initializes a new instance of the SSPIException class from serialization data.
/// </summary>
/// <param name="info"></param>
/// <param name="context"></param>
protected SSPIException(SerializationInfo info, StreamingContext context)
: base(info, context)
{
this.message = info.GetString("message");
this.errorCode = (SecurityStatus)info.GetUInt32("errorCode");
}
//
// Codes we process (Anything else - fail)
//
// - SEC_I_RENEGOTIATE
//
private int ProcessReadErrorCode(SecurityStatus errorCode, byte[] buffer, int offset, int count, AsyncProtocolRequest asyncRequest, byte[] extraBuffer)
{
// ERROR - examine what kind
ProtocolToken message = new ProtocolToken(null, errorCode);
GlobalLog.Print("SecureChannel#" + ValidationHelper.HashString(this) + "::***Processing an error Status = " + message.Status.ToString());
if (message.Renegotiate)
{
_SslState.ReplyOnReAuthentication(extraBuffer);
// loop on read
return -1;
}
if (message.CloseConnection) {
_SslState.FinishRead(null);
if (asyncRequest != null)
{
asyncRequest.CompleteUser((object)0);
}
return 0;
}
// Otherwise bail out.
throw new IOException(SR.GetString(SR.net_io_decrypt), message.GetException());
}
/// <summary>
/// Encrypts the byte array using the context's session key.
/// </summary>
/// <remarks>
/// The structure of the returned data is as follows:
/// - 2 bytes, an unsigned big-endian integer indicating the length of the trailer buffer size
/// - 4 bytes, an unsigned big-endian integer indicating the length of the message buffer size.
/// - 2 bytes, an unsigned big-endian integer indicating the length of the encryption padding buffer size.
/// - The trailer buffer
/// - The message buffer
/// - The padding buffer.
/// </remarks>
/// <param name="input">The raw message to encrypt.</param>
/// <returns>The packed and encrypted message.</returns>
public byte[] Encrypt(byte[] input)
{
// The message is encrypted in place in the buffer we provide to Win32 EncryptMessage
SecPkgContext_Sizes sizes;
SecureBuffer trailerBuffer;
SecureBuffer dataBuffer;
SecureBuffer paddingBuffer;
SecureBufferAdapter adapter;
SecurityStatus status = SecurityStatus.InvalidHandle;
byte[] result;
CheckLifecycle();
sizes = QueryBufferSizes();
trailerBuffer = new SecureBuffer(new byte[sizes.SecurityTrailer], BufferType.Token);
dataBuffer = new SecureBuffer(new byte[input.Length], BufferType.Data);
paddingBuffer = new SecureBuffer(new byte[sizes.BlockSize], BufferType.Padding);
Array.Copy(input, dataBuffer.Buffer, input.Length);
using (adapter = new SecureBufferAdapter(new[] { trailerBuffer, dataBuffer, paddingBuffer }))
{
status = ContextNativeMethods.SafeEncryptMessage(
this.ContextHandle,
0,
adapter,
0
);
}
if (status != SecurityStatus.OK)
{
SSPIException exc = new SSPIException("Failed to encrypt message", status);
throw new SecurityException(ErrorHandling.ErrorCodes.Security.SSPI_ERROR, new string[] { exc.Message });
}
int position = 0;
// Enough room to fit:
// -- 2 bytes for the trailer buffer size
// -- 4 bytes for the message size
// -- 2 bytes for the padding size.
// -- The encrypted message
result = new byte[2 + 4 + 2 + trailerBuffer.Length + dataBuffer.Length + paddingBuffer.Length];
ByteWriter.WriteInt16_BE((short)trailerBuffer.Length, result, position);
position += 2;
ByteWriter.WriteInt32_BE(dataBuffer.Length, result, position);
position += 4;
ByteWriter.WriteInt16_BE((short)paddingBuffer.Length, result, position);
position += 2;
Array.Copy(trailerBuffer.Buffer, 0, result, position, trailerBuffer.Length);
position += trailerBuffer.Length;
Array.Copy(dataBuffer.Buffer, 0, result, position, dataBuffer.Length);
position += dataBuffer.Length;
Array.Copy(paddingBuffer.Buffer, 0, result, position, paddingBuffer.Length);
position += paddingBuffer.Length;
return(result);
}
/// <summary>
/// Verifies the signature of a signed message
/// </summary>
/// <remarks>
/// The expected structure of the signed message buffer is as follows:
/// - 4 bytes, unsigned integer in big endian format indicating the length of the plaintext message
/// - 2 bytes, unsigned integer in big endian format indicating the length of the signture
/// - The plaintext message
/// - The message's signature.
/// </remarks>
/// <param name="signedMessage">The packed signed message.</param>
/// <param name="origMessage">The extracted original message.</param>
/// <returns>True if the message has a valid signature, false otherwise.</returns>
public bool VerifySignature(byte[] signedMessage, out byte[] origMessage)
{
SecurityStatus status = SecurityStatus.InternalError;
SecPkgContext_Sizes sizes;
SecureBuffer dataBuffer;
SecureBuffer signatureBuffer;
SecureBufferAdapter adapter;
CheckLifecycle();
sizes = QueryBufferSizes();
if (signedMessage.Length < 2 + 4 + sizes.MaxSignature)
{
throw new ArgumentException("Input message is too small to possibly fit a valid message");
}
int position = 0;
int messageLen;
int sigLen;
messageLen = ByteWriter.ReadInt32_BE(signedMessage, 0);
position += 4;
sigLen = ByteWriter.ReadInt16_BE(signedMessage, position);
position += 2;
if (messageLen + sigLen + 2 + 4 > signedMessage.Length)
{
throw new ArgumentException("The buffer contains invalid data - the embedded length data does not add up.");
}
dataBuffer = new SecureBuffer(new byte[messageLen], BufferType.Data);
Array.Copy(signedMessage, position, dataBuffer.Buffer, 0, messageLen);
position += messageLen;
signatureBuffer = new SecureBuffer(new byte[sigLen], BufferType.Token);
Array.Copy(signedMessage, position, signatureBuffer.Buffer, 0, sigLen);
position += sigLen;
using (adapter = new SecureBufferAdapter(new[] { dataBuffer, signatureBuffer }))
{
status = ContextNativeMethods.SafeVerifySignature(
this.ContextHandle,
0,
adapter,
0
);
}
if (status == SecurityStatus.OK)
{
origMessage = dataBuffer.Buffer;
return(true);
}
else if (status == SecurityStatus.MessageAltered ||
status == SecurityStatus.OutOfSequence)
{
origMessage = null;
return(false);
}
else
{
throw new SspiException("Failed to determine the veracity of a signed message.", status);
}
}
public Exception GetException(SecurityStatus status)
{
// TODO (Issue #3362) To be implemented
return(new Exception("status = " + status));
}
internal ProtocolToken(byte[] data, SecurityStatus errorCode)
{
this.Status = errorCode;
this.Payload = data;
this.Size = (data != null) ? data.Length : 0;
}
private HttpStatusCode HttpStatusFromSecurityStatus(SecurityStatus status)
{
if (NclUtilities.IsCredentialFailure(status))
{
return HttpStatusCode.Unauthorized;
}
if (NclUtilities.IsClientFault(status))
{
return HttpStatusCode.BadRequest;
}
return HttpStatusCode.InternalServerError;
}
internal static Exception GetException(SSPIInterface secModule, SecurityStatus status)
{
return secModule.GetException(status);
}
private int ProcessReadErrorCode(SecurityStatus errorCode, byte[] buffer, int offset, int count, AsyncProtocolRequest asyncRequest, byte[] extraBuffer)
{
ProtocolToken token = new ProtocolToken(null, errorCode);
if (token.Renegotiate)
{
this._SslState.ReplyOnReAuthentication(extraBuffer);
return -1;
}
if (!token.CloseConnection)
{
throw new IOException(SR.GetString("net_io_decrypt"), token.GetException());
}
this._SslState.FinishRead(null);
if (asyncRequest != null)
{
asyncRequest.CompleteUser(0);
}
return 0;
}
internal static bool IsCredentialFailure(SecurityStatus error)
{
if ((((error != SecurityStatus.LogonDenied) && (error != SecurityStatus.UnknownCredentials)) && ((error != SecurityStatus.NoImpersonation) && (error != SecurityStatus.NoAuthenticatingAuthority))) && (((error != SecurityStatus.UntrustedRoot) && (error != SecurityStatus.CertExpired)) && (error != SecurityStatus.SmartcardLogonRequired)))
{
return (error == SecurityStatus.BadBinding);
}
return true;
}
internal static bool IsClientFault(SecurityStatus error)
{
if (((((error != SecurityStatus.InvalidToken) && (error != SecurityStatus.CannotPack)) && ((error != SecurityStatus.QopNotSupported) && (error != SecurityStatus.NoCredentials))) && (((error != SecurityStatus.MessageAltered) && (error != SecurityStatus.OutOfSequence)) && ((error != SecurityStatus.IncompleteMessage) && (error != SecurityStatus.IncompleteCredentials)))) && ((((error != SecurityStatus.WrongPrincipal) && (error != SecurityStatus.TimeSkew)) && ((error != SecurityStatus.IllegalMessage) && (error != SecurityStatus.CertUnknown))) && ((error != SecurityStatus.AlgorithmMismatch) && (error != SecurityStatus.SecurityQosFailed))))
{
return (error == SecurityStatus.UnsupportedPreauth);
}
return true;
}
//
// Client side starts here, but server also loops through this method.
//
private void StartSendBlob(byte[] incoming, int count, AsyncProtocolRequest asyncRequest)
{
ProtocolToken message = Context.NextMessage(incoming, 0, count);
_securityStatus = message.Status;
if (message.Size != 0)
{
if (Context.IsServer && _CachedSession == CachedSessionStatus.Unknown)
{
//
//[Schannel] If the first call to ASC returns a token less than 200 bytes,
// then it's a reconnect (a handshake based on a cache entry).
//
_CachedSession = message.Size < 200 ? CachedSessionStatus.IsCached : CachedSessionStatus.IsNotCached;
}
if (_Framing == Framing.Unified)
{
_Framing = DetectFraming(message.Payload, message.Payload.Length);
}
if (asyncRequest == null)
{
InnerStream.Write(message.Payload, 0, message.Size);
}
else
{
asyncRequest.AsyncState = message;
IAsyncResult ar = InnerStreamAPM.BeginWrite(message.Payload, 0, message.Size, s_writeCallback, asyncRequest);
if (!ar.CompletedSynchronously)
{
#if DEBUG
asyncRequest._DebugAsyncChain = ar;
#endif
return;
}
InnerStreamAPM.EndWrite(ar);
}
}
CheckCompletionBeforeNextReceive(message, asyncRequest);
}
public Exception GetException(SecurityStatus status)
{
// TODO (Issue #3362) To be implemented
return new Exception("status = " + status);
}
private void StartSendBlob(byte[] incoming, int count, AsyncProtocolRequest asyncRequest)
{
ProtocolToken message = this.Context.NextMessage(incoming, 0, count);
this._SecurityStatus = message.Status;
if (message.Size != 0)
{
if (this.Context.IsServer && (this._CachedSession == CachedSessionStatus.Unknown))
{
this._CachedSession = (message.Size < 200) ? CachedSessionStatus.IsCached : CachedSessionStatus.IsNotCached;
}
if (this._Framing == Framing.Unified)
{
this._Framing = this.DetectFraming(message.Payload, message.Payload.Length);
}
if (((message.Done && this._ForceBufferingLastHandshakePayload) && ((this.InnerStream.GetType() == typeof(NetworkStream)) && !this._PendingReHandshake)) && !this.CheckWin9xCachedSession())
{
this._LastPayload = message.Payload;
}
else if (asyncRequest == null)
{
this.InnerStream.Write(message.Payload, 0, message.Size);
}
else
{
asyncRequest.AsyncState = message;
IAsyncResult asyncResult = this.InnerStream.BeginWrite(message.Payload, 0, message.Size, _WriteCallback, asyncRequest);
if (!asyncResult.CompletedSynchronously)
{
return;
}
this.InnerStream.EndWrite(asyncResult);
}
}
this.CheckCompletionBeforeNextReceive(message, asyncRequest);
}
public Exception GetException(SecurityStatus status)
{
return new Interop.OpenSsl.SslException((int)status);
}
public Exception GetException(SecurityStatus status)
{
return new Win32Exception((int)status);
}
// Token: 0x06000020 RID: 32 RVA: 0x00002DC0 File Offset: 0x00000FC0
internal Stream GetCommandParameterStream(string targetHost, string responseLine, out Exception failureException)
{
failureException = null;
if (this.CommandType == ImapCommandType.Append)
{
return(this.CommandParameters[2] as Stream);
}
if (this.CommandType == ImapCommandType.Authenticate)
{
byte[] inputBuffer = null;
MemoryStream result = null;
ImapAuthenticationMechanism imapAuthenticationMechanism = (ImapAuthenticationMechanism)this.CommandParameters[0];
string text = (string)this.CommandParameters[1];
SecureString password = (SecureString)this.CommandParameters[2];
AuthenticationContext authenticationContext = (AuthenticationContext)this.CommandParameters[3];
string text2 = null;
if (responseLine != null && responseLine.Length > 2)
{
inputBuffer = Encoding.ASCII.GetBytes(responseLine.Substring(2));
}
byte[] buffer = null;
ImapAuthenticationMechanism imapAuthenticationMechanism2 = imapAuthenticationMechanism;
if (imapAuthenticationMechanism2 != ImapAuthenticationMechanism.Basic)
{
if (imapAuthenticationMechanism2 == ImapAuthenticationMechanism.Ntlm)
{
SecurityStatus securityStatus;
if (authenticationContext == null)
{
authenticationContext = new AuthenticationContext();
this.CommandParameters[3] = authenticationContext;
string spn = "IMAP/" + targetHost;
securityStatus = authenticationContext.InitializeForOutboundNegotiate(AuthenticationMechanism.Ntlm, spn, text, password);
if (securityStatus != SecurityStatus.OK)
{
failureException = new ImapAuthenticationException(targetHost, imapAuthenticationMechanism.ToString(), RetryPolicy.Backoff);
return(null);
}
}
securityStatus = authenticationContext.NegotiateSecurityContext(inputBuffer, out buffer);
SecurityStatus securityStatus2 = securityStatus;
if (securityStatus2 != SecurityStatus.OK && securityStatus2 != SecurityStatus.ContinueNeeded)
{
failureException = new ImapAuthenticationException(targetHost, imapAuthenticationMechanism.ToString(), RetryPolicy.Backoff);
return(null);
}
result = new MemoryStream(buffer);
}
else
{
failureException = new ImapUnsupportedAuthenticationException(targetHost, imapAuthenticationMechanism.ToString(), RetryPolicy.Backoff);
}
}
else
{
SecurityStatus securityStatus;
if (authenticationContext == null)
{
authenticationContext = new AuthenticationContext();
this.CommandParameters[3] = authenticationContext;
Match match = ImapCommand.UserNameWithAuthorizationId.Match(text);
if (match != null && match.Success && match.Groups.Count == 3)
{
text2 = match.Groups[1].Value;
text = match.Groups[2].Value;
}
securityStatus = authenticationContext.InitializeForOutboundNegotiate(AuthenticationMechanism.Plain, null, text, password);
if (securityStatus != SecurityStatus.OK)
{
failureException = new ImapAuthenticationException(targetHost, imapAuthenticationMechanism.ToString(), RetryPolicy.Backoff);
return(null);
}
if (text2 != null)
{
authenticationContext.AuthorizationIdentity = Encoding.ASCII.GetBytes(text2);
}
}
securityStatus = authenticationContext.NegotiateSecurityContext(inputBuffer, out buffer);
SecurityStatus securityStatus3 = securityStatus;
if (securityStatus3 != SecurityStatus.OK)
{
failureException = new ImapAuthenticationException(targetHost, imapAuthenticationMechanism.ToString(), RetryPolicy.Backoff);
return(null);
}
result = new MemoryStream(buffer);
}
return(result);
}
return(null);
}
private void UpdateMarketState(string secturityId, SecurityStatus securityStatus)
{
if (secturityId != null)
{
this.marketStateToolStripStatusLabel.Text = string.Format("SecurityId={0}, Status={1}", secturityId, securityStatus);
}
else
{
this.marketStateToolStripStatusLabel.Text = string.Format("SecurityId=, Status={0}", securityStatus);
}
}
//
// Client side starts here, but server also loops through this method
//
private void StartSendBlob(byte[] incoming, int count, AsyncProtocolRequest asyncRequest)
{
ProtocolToken message = Context.NextMessage(incoming, 0, count);
_SecurityStatus = message.Status;
if (message.Size != 0)
{
if (Context.IsServer && _CachedSession == CachedSessionStatus.Unknown)
{
//
//[Schannel] If the first call to ASC returns a token less than 200 bytes,
// then it's a reconnect (a handshake based on a cache entry)
//
_CachedSession = message.Size < 200? CachedSessionStatus.IsCached: CachedSessionStatus.IsNotCached;
}
if (_Framing == Framing.Unified)
{
_Framing = DetectFraming(message.Payload, message.Payload.Length);
}
// Even if we are comleted, there could be a blob for sending.
// ONLY for TlsStream we want to delay it if the underlined stream is a NetworkStream that is subject to Nagle algorithm
//
if ( message.Done && _ForceBufferingLastHandshakePayload && InnerStream.GetType() == typeof(NetworkStream) && !_PendingReHandshake)
{
_LastPayload = message.Payload;
}
else
{
if (asyncRequest == null)
{
InnerStream.Write(message.Payload, 0, message.Size);
}
else
{
asyncRequest.AsyncState = message;
IAsyncResult ar = InnerStream.BeginWrite(message.Payload, 0, message.Size, _WriteCallback, asyncRequest);
if (!ar.CompletedSynchronously)
{
#if DEBUG
asyncRequest._DebugAsyncChain = ar;
#endif
return;
}
InnerStream.EndWrite(ar);
}
}
}
CheckCompletionBeforeNextReceive(message, asyncRequest);
}
/// <summary>
/// Initializes a new instance of the SSPIException class with the given message and status.
/// </summary>
/// <param name="message">A message explaining what part of the system failed.</param>
/// <param name="errorCode">The error code observed during the failure.</param>
public SSPIException(string message, SecurityStatus errorCode)
{
this.message = message;
this.errorCode = errorCode;
}
public bool ProcessHandshakeMessage (HandshakeType type, TlsBuffer incoming, out SecurityStatus status)
{
if (HasPendingOutput && type != HandshakeType.HelloRequest)
throw new TlsException (AlertDescription.InternalError);
if (!VerifyMessage (type)) {
if (type == HandshakeType.HelloRequest) {
status = SecurityStatus.ContinueNeeded;
return false;
}
throw new TlsException (AlertDescription.UnexpectedMessage);
}
var incomingBuffer = new BufferOffsetSize (incoming.Buffer, incoming.Position - 4, incoming.Remaining + 4);
var startPosition = incoming.Position - 4;
var message = CreateMessage (type, incoming);
incoming.Position = startPosition;
#if DEBUG_FULL
if (Context.EnableDebugging)
DebugHelper.WriteLine ("ProcessMessage: {0} {1} {2}", GetType ().Name, Context.IsServer, type);
#endif
#if INSTRUMENTATION
if (State == NegotiationState.InitialServerConnection && Context.HasInstrument (HandshakeInstrumentType.CloseServerConnection)) {
DebugHelper.WriteLine ("Instrumentation requested to close server connection.");
status = SecurityStatus.InvalidHandle;
return true;
}
#endif
var result = HandleMessage (message);
switch (result) {
case MessageStatus.CredentialsNeeded:
status = SecurityStatus.CredentialsNeeded;
return false;
case MessageStatus.Finished:
hasPendingOutput = true;
if (Context.IsServer)
Context.HandshakeParameters.HandshakeMessages.Add (message, incomingBuffer);
status = SecurityStatus.OK;
return true;
case MessageStatus.IgnoreMessage:
status = SecurityStatus.ContinueNeeded;
return false;
case MessageStatus.Renegotiate:
hasPendingOutput = true;
if (message.Type != HandshakeType.HelloRequest)
Context.HandshakeParameters.HandshakeMessages.Add (message, incomingBuffer);
status = SecurityStatus.ContinueNeeded;
return true;
case MessageStatus.GenerateOutput:
hasPendingOutput = true;
Context.HandshakeParameters.HandshakeMessages.Add (message, incomingBuffer);
status = SecurityStatus.ContinueNeeded;
return true;
case MessageStatus.ContinueNeeded:
Context.HandshakeParameters.HandshakeMessages.Add (message, incomingBuffer);
status = SecurityStatus.ContinueNeeded;
return false;
default:
throw new InvalidOperationException ();
}
}
public void Deserialize(Serialization.IO.CompactReader reader)
{
Token = reader.ReadObject() as Byte[];
Status = (SecurityStatus)reader.ReadObject();
}
internal static Exception GetException(SSPIInterface secModule, SecurityStatus status)
{
return(secModule.GetException(status));
}
internal ProtocolToken(byte[] data, SecurityStatus errorCode) {
Status = errorCode;
Payload = data;
Size = data!=null ? data.Length : 0;
}
// This only works for context-destroying errors.
internal static bool IsClientFault(SecurityStatus error)
{
return error == SecurityStatus.InvalidToken ||
error == SecurityStatus.CannotPack ||
error == SecurityStatus.QopNotSupported ||
error == SecurityStatus.NoCredentials ||
error == SecurityStatus.MessageAltered ||
error == SecurityStatus.OutOfSequence ||
error == SecurityStatus.IncompleteMessage ||
error == SecurityStatus.IncompleteCredentials ||
error == SecurityStatus.WrongPrincipal ||
error == SecurityStatus.TimeSkew ||
error == SecurityStatus.IllegalMessage ||
error == SecurityStatus.CertUnknown ||
error == SecurityStatus.AlgorithmMismatch ||
error == SecurityStatus.SecurityQosFailed ||
error == SecurityStatus.UnsupportedPreauth;
}
// NTAuth::GetOutgoingBlob()
// Created: 12-01-1999: L.M.
// Description:
// Accepts an incoming binary security blob and returns
// an outgoing binary security blob
internal byte[] GetOutgoingBlob(byte[] incomingBlob, bool throwOnError, out SecurityStatus statusCode)
{
GlobalLog.Enter("NTAuthentication#" + ValidationHelper.HashString(this) + "::GetOutgoingBlob", ((incomingBlob == null) ? "0" : incomingBlob.Length.ToString(NumberFormatInfo.InvariantInfo)) + " bytes");
List<SecurityBuffer> list = new List<SecurityBuffer>(2);
if (incomingBlob != null) {
list.Add(new SecurityBuffer(incomingBlob, BufferType.Token));
}
if (m_ChannelBinding != null) {
list.Add(new SecurityBuffer(m_ChannelBinding));
}
SecurityBuffer[] inSecurityBufferArray = null;
if (list.Count > 0)
{
inSecurityBufferArray = list.ToArray();
}
SecurityBuffer outSecurityBuffer = new SecurityBuffer(m_TokenSize, BufferType.Token);
bool firstTime = m_SecurityContext == null;
try {
if (!m_IsServer) {
// client session
statusCode = (SecurityStatus)SSPIWrapper.InitializeSecurityContext(
GlobalSSPI.SSPIAuth,
m_CredentialsHandle,
ref m_SecurityContext,
m_Spn,
m_RequestedContextFlags,
Endianness.Network,
inSecurityBufferArray,
outSecurityBuffer,
ref m_ContextFlags);
GlobalLog.Print("NTAuthentication#" + ValidationHelper.HashString(this) + "::GetOutgoingBlob() SSPIWrapper.InitializeSecurityContext() returns statusCode:0x" + ((int) statusCode).ToString("x8", NumberFormatInfo.InvariantInfo) + " (" + statusCode.ToString() + ")");
if (statusCode == SecurityStatus.CompleteNeeded)
{
SecurityBuffer[] inSecurityBuffers = new SecurityBuffer[1];
inSecurityBuffers[0] = outSecurityBuffer;
statusCode = (SecurityStatus) SSPIWrapper.CompleteAuthToken(
GlobalSSPI.SSPIAuth,
ref m_SecurityContext,
inSecurityBuffers );
GlobalLog.Print("NTAuthentication#" + ValidationHelper.HashString(this) + "::GetOutgoingDigestBlob() SSPIWrapper.CompleteAuthToken() returns statusCode:0x" + ((int) statusCode).ToString("x8", NumberFormatInfo.InvariantInfo) + " (" + statusCode.ToString() + ")");
outSecurityBuffer.token = null;
}
}
else {
// server session
statusCode = (SecurityStatus)SSPIWrapper.AcceptSecurityContext(
GlobalSSPI.SSPIAuth,
m_CredentialsHandle,
ref m_SecurityContext,
m_RequestedContextFlags,
Endianness.Network,
inSecurityBufferArray,
outSecurityBuffer,
ref m_ContextFlags);
GlobalLog.Print("NTAuthentication#" + ValidationHelper.HashString(this) + "::GetOutgoingBlob() SSPIWrapper.AcceptSecurityContext() returns statusCode:0x" + ((int) statusCode).ToString("x8", NumberFormatInfo.InvariantInfo) + " (" + statusCode.ToString() + ")");
}
}
finally {
//
// Assuming the ISC or ASC has referenced the credential on the first successful call,
// we want to decrement the effective ref count by "disposing" it.
// The real dispose will happen when the security context is closed.
// Note if the first call was not successfull the handle is physically destroyed here
//
if (firstTime && m_CredentialsHandle != null)
m_CredentialsHandle.Close();
}
if (((int) statusCode & unchecked((int) 0x80000000)) != 0)
{
CloseContext();
m_IsCompleted = true;
if (throwOnError) {
Win32Exception exception = new Win32Exception((int) statusCode);
GlobalLog.Leave("NTAuthentication#" + ValidationHelper.HashString(this) + "::GetOutgoingBlob", "Win32Exception:" + exception);
throw exception;
}
GlobalLog.Leave("NTAuthentication#" + ValidationHelper.HashString(this) + "::GetOutgoingBlob", "null statusCode:0x" + ((int) statusCode).ToString("x8", NumberFormatInfo.InvariantInfo) + " (" + statusCode.ToString() + ")");
return null;
}
else if (firstTime && m_CredentialsHandle != null)
{
// cache until it is pushed out by newly incoming handles
SSPIHandleCache.CacheCredential(m_CredentialsHandle);
}
// the return value from SSPI will tell us correctly if the
// handshake is over or not: http://msdn.microsoft.com/library/psdk/secspi/sspiref_67p0.htm
// we also have to consider the case in which SSPI formed a new context, in this case we're done as well.
if (statusCode == SecurityStatus.OK)
{
// we're sucessfully done
GlobalLog.Assert(statusCode == SecurityStatus.OK, "NTAuthentication#{0}::GetOutgoingBlob()|statusCode:[0x{1:x8}] ({2}) m_SecurityContext#{3}::Handle:[{4}] [STATUS != OK]", ValidationHelper.HashString(this), (int)statusCode, statusCode, ValidationHelper.HashString(m_SecurityContext), ValidationHelper.ToString(m_SecurityContext));
m_IsCompleted = true;
}
else {
// we need to continue
GlobalLog.Print("NTAuthentication#" + ValidationHelper.HashString(this) + "::GetOutgoingBlob() need continue statusCode:[0x" + ((int) statusCode).ToString("x8", NumberFormatInfo.InvariantInfo) + "] (" + statusCode.ToString() + ") m_SecurityContext#" + ValidationHelper.HashString(m_SecurityContext) + "::Handle:" + ValidationHelper.ToString(m_SecurityContext) + "]");
}
// GlobalLog.Print("out token = " + outSecurityBuffer.ToString());
// GlobalLog.Dump(outSecurityBuffer.token);
GlobalLog.Leave("NTAuthentication#" + ValidationHelper.HashString(this) + "::GetOutgoingBlob", "IsCompleted:" + IsCompleted.ToString());
return outSecurityBuffer.token;
}
internal byte[] GetOutgoingBlob(byte[] incomingBlob, bool throwOnError, out SecurityStatus statusCode)
{
List<SecurityBuffer> list = new List<SecurityBuffer>(2);
if (incomingBlob != null)
{
list.Add(new SecurityBuffer(incomingBlob, BufferType.Token));
}
if (this.m_ChannelBinding != null)
{
list.Add(new SecurityBuffer(this.m_ChannelBinding));
}
SecurityBuffer[] inputBuffers = null;
if (list.Count > 0)
{
inputBuffers = list.ToArray();
}
SecurityBuffer outputBuffer = new SecurityBuffer(this.m_TokenSize, BufferType.Token);
bool flag = this.m_SecurityContext == null;
try
{
if (!this.m_IsServer)
{
statusCode = (SecurityStatus) SSPIWrapper.InitializeSecurityContext(GlobalSSPI.SSPIAuth, this.m_CredentialsHandle, ref this.m_SecurityContext, this.m_Spn, this.m_RequestedContextFlags, Endianness.Network, inputBuffers, outputBuffer, ref this.m_ContextFlags);
if (statusCode == SecurityStatus.CompleteNeeded)
{
SecurityBuffer[] bufferArray2 = new SecurityBuffer[] { outputBuffer };
statusCode = (SecurityStatus) SSPIWrapper.CompleteAuthToken(GlobalSSPI.SSPIAuth, ref this.m_SecurityContext, bufferArray2);
outputBuffer.token = null;
}
}
else
{
statusCode = (SecurityStatus) SSPIWrapper.AcceptSecurityContext(GlobalSSPI.SSPIAuth, this.m_CredentialsHandle, ref this.m_SecurityContext, this.m_RequestedContextFlags, Endianness.Network, inputBuffers, outputBuffer, ref this.m_ContextFlags);
}
}
finally
{
if (flag && (this.m_CredentialsHandle != null))
{
this.m_CredentialsHandle.Close();
}
}
if ((statusCode & ((SecurityStatus) (-2147483648))) != SecurityStatus.OK)
{
this.CloseContext();
this.m_IsCompleted = true;
if (throwOnError)
{
Win32Exception exception = new Win32Exception((int) statusCode);
throw exception;
}
return null;
}
if (flag && (this.m_CredentialsHandle != null))
{
SSPIHandleCache.CacheCredential(this.m_CredentialsHandle);
}
if (statusCode == SecurityStatus.OK)
{
this.m_IsCompleted = true;
}
return outputBuffer.token;
}
/// <summary>
/// Changes the current thread's security context to impersonate the user of the client.
/// </summary>
/// <remarks>
/// Requires that the security package provided with the server's credentials, as well as the
/// client's credentials, support impersonation.
///
/// Currently, only one thread may initiate impersonation per security context. Impersonation may
/// follow threads created by the initial impersonation thread, however.
/// </remarks>
/// <returns>A handle to capture the lifetime of the impersonation. Dispose the handle to revert
/// impersonation. If the handle is leaked, the impersonation will automatically revert at a
/// non-deterministic time when the handle is finalized by the Garbage Collector.</returns>
public ImpersonationHandle ImpersonateClient()
{
ImpersonationHandle handle;
SecurityStatus status = SecurityStatus.InternalError;
bool gotRef = false;
if (this.Disposed)
{
throw new ObjectDisposedException("ServerContext");
}
else if (this.Initialized == false)
{
throw new InvalidOperationException(
"The server context has not been completely initialized."
);
}
else if (impersonating)
{
throw new InvalidOperationException("Cannot impersonate again while already impersonating.");
}
else if (this.SupportsImpersonate == false)
{
throw new InvalidOperationException(
"The ServerContext is using a security package that does not support impersonation."
);
}
handle = new ImpersonationHandle(this);
RuntimeHelpers.PrepareConstrainedRegions();
try
{
this.ContextHandle.DangerousAddRef(ref gotRef);
}
catch (Exception)
{
if (gotRef)
{
this.ContextHandle.DangerousRelease();
gotRef = false;
}
throw;
}
finally
{
if (gotRef)
{
status = ContextNativeMethods.ImpersonateSecurityContext(
ref this.ContextHandle.rawHandle
);
this.ContextHandle.DangerousRelease();
this.impersonating = status == SecurityStatus.OK;
}
}
if (status == SecurityStatus.NoImpersonation)
{
throw new SSPIException("Impersonation could not be performed.", status);
}
else if (status == SecurityStatus.Unsupported)
{
throw new SSPIException("Impersonation is not supported by the security context's Security Support Provider.", status);
}
else if (status != SecurityStatus.OK)
{
throw new SSPIException("Failed to impersonate the client", status);
}
if (this.impersonating && this.impersonationSetsThreadPrinciple)
{
SetThreadPrinciple();
}
return(handle);
}
bool ProcessHandshakeMessage (TlsBuffer incoming, out SecurityStatus status)
{
var handshakeType = (HandshakeType)incoming.ReadByte ();
#if DEBUG_FULL
if (EnableDebugging) {
DebugHelper.WriteLine (">>>> Processing Handshake record ({0})", handshakeType);
DebugHelper.WriteRemaining ("HANDSHAKE", incoming);
}
#endif
// Read message length
int length = incoming.ReadInt24 ();
if (incoming.Remaining < length) {
cachedFragment = new TlsBuffer (length + 4);
cachedFragment.Position = incoming.Remaining + 4;
Buffer.BlockCopy (incoming.Buffer, incoming.Position - 4, cachedFragment.Buffer, 0, cachedFragment.Position);
incoming.Position += incoming.Remaining;
status = SecurityStatus.ContinueNeeded;
return false;
}
var buffer = incoming.ReadBuffer (length);
return negotiationHandler.ProcessHandshakeMessage (handshakeType, buffer, out status);
}
internal SafeCloseHandle GetContextToken(out SecurityStatus status)
{
if (!this.IsValidContext)
{
throw new Win32Exception(-2146893055);
}
SafeCloseHandle token = null;
status = (SecurityStatus) SSPIWrapper.QuerySecurityContextToken(GlobalSSPI.SSPIAuth, this.m_SecurityContext, out token);
return token;
}
//
// Performs encryption of an array of buffers, proceeds buffer by buffer, if the individual
// buffer size exceeds a SSL limit of SecureChannel.MaxDataSize,the buffers are then split into smaller ones.
// Returns the same array that is encrypted or a new array of encrypted buffers.
//
private BufferOffsetSize[] EncryptBuffers(BufferOffsetSize[] buffers, byte[] lastHandshakePayload)
{
List <BufferOffsetSize> arrayList = null;
SecurityStatus status = SecurityStatus.OK;
foreach (BufferOffsetSize buffer in buffers)
{
int chunkBytes = Math.Min(buffer.Size, _SslState.MaxDataSize);
byte[] outBuffer = null;
int outSize;
status = _SslState.EncryptData(buffer.Buffer, buffer.Offset, chunkBytes, ref outBuffer, out outSize);
if (status != SecurityStatus.OK)
{
break;
}
if (chunkBytes != buffer.Size || arrayList != null)
{
if (arrayList == null)
{
arrayList = new List <BufferOffsetSize>(buffers.Length * (buffer.Size / chunkBytes + 1));
if (lastHandshakePayload != null)
{
arrayList.Add(new BufferOffsetSize(lastHandshakePayload, false));
}
foreach (BufferOffsetSize oldBuffer in buffers)
{
if (oldBuffer == buffer)
{
break;
}
arrayList.Add(oldBuffer);
}
}
arrayList.Add(new BufferOffsetSize(outBuffer, 0, outSize, false));
while ((buffer.Size -= chunkBytes) != 0)
{
buffer.Offset += chunkBytes;
chunkBytes = Math.Min(buffer.Size, _SslState.MaxDataSize);
outBuffer = null;
status = _SslState.EncryptData(buffer.Buffer, buffer.Offset, chunkBytes, ref outBuffer, out outSize);
if (status != SecurityStatus.OK)
{
break;
}
arrayList.Add(new BufferOffsetSize(outBuffer, 0, outSize, false));
}
}
else
{
buffer.Buffer = outBuffer;
buffer.Offset = 0;
buffer.Size = outSize;
}
if (status != SecurityStatus.OK)
{
break;
}
}
if (status != SecurityStatus.OK)
{
//
ProtocolToken message = new ProtocolToken(null, status);
throw new IOException(SR.GetString(SR.net_io_encrypt), message.GetException());
}
if (arrayList != null)
{
buffers = arrayList.ToArray();
}
else if (lastHandshakePayload != null)
{
BufferOffsetSize[] result = new BufferOffsetSize[buffers.Length + 1];
Array.Copy(buffers, 0, result, 1, buffers.Length);
result[0] = new BufferOffsetSize(lastHandshakePayload, false);
buffers = result;
}
return(buffers);
}
public virtual void onMessage(SecurityStatus message, QuickFix.SessionID session)
{
throw new QuickFix.UnsupportedMessageType();
}
internal string GetOutgoingDigestBlob(string incomingBlob, string requestMethod, string requestedUri, string realm, bool isClientPreAuth, bool throwOnError, out SecurityStatus statusCode)
{
SecurityBuffer[] inputBuffers = null;
SecurityBuffer outputBuffer = new SecurityBuffer(this.m_TokenSize, isClientPreAuth ? BufferType.Parameters : BufferType.Token);
bool flag = this.m_SecurityContext == null;
try
{
if (!this.m_IsServer)
{
if (!isClientPreAuth)
{
if (incomingBlob != null)
{
List<SecurityBuffer> list = new List<SecurityBuffer>(5) {
new SecurityBuffer(WebHeaderCollection.HeaderEncoding.GetBytes(incomingBlob), 2),
new SecurityBuffer(WebHeaderCollection.HeaderEncoding.GetBytes(requestMethod), 3),
new SecurityBuffer(null, 3),
new SecurityBuffer(Encoding.Unicode.GetBytes(this.m_Spn), 0x10)
};
if (this.m_ChannelBinding != null)
{
list.Add(new SecurityBuffer(this.m_ChannelBinding));
}
inputBuffers = list.ToArray();
}
statusCode = (SecurityStatus) SSPIWrapper.InitializeSecurityContext(GlobalSSPI.SSPIAuth, this.m_CredentialsHandle, ref this.m_SecurityContext, requestedUri, this.m_RequestedContextFlags, Endianness.Network, inputBuffers, outputBuffer, ref this.m_ContextFlags);
}
else
{
statusCode = SecurityStatus.OK;
}
}
else
{
List<SecurityBuffer> list2 = new List<SecurityBuffer>(6) {
(incomingBlob == null) ? new SecurityBuffer(0, BufferType.Token) : new SecurityBuffer(WebHeaderCollection.HeaderEncoding.GetBytes(incomingBlob), BufferType.Token),
(requestMethod == null) ? new SecurityBuffer(0, BufferType.Parameters) : new SecurityBuffer(WebHeaderCollection.HeaderEncoding.GetBytes(requestMethod), BufferType.Parameters),
(requestedUri == null) ? new SecurityBuffer(0, BufferType.Parameters) : new SecurityBuffer(WebHeaderCollection.HeaderEncoding.GetBytes(requestedUri), BufferType.Parameters),
new SecurityBuffer(0, BufferType.Parameters),
(realm == null) ? new SecurityBuffer(0, BufferType.Parameters) : new SecurityBuffer(Encoding.Unicode.GetBytes(realm), BufferType.Parameters)
};
if (this.m_ChannelBinding != null)
{
list2.Add(new SecurityBuffer(this.m_ChannelBinding));
}
inputBuffers = list2.ToArray();
statusCode = (SecurityStatus) SSPIWrapper.AcceptSecurityContext(GlobalSSPI.SSPIAuth, this.m_CredentialsHandle, ref this.m_SecurityContext, this.m_RequestedContextFlags, Endianness.Network, inputBuffers, outputBuffer, ref this.m_ContextFlags);
if (statusCode == SecurityStatus.CompleteNeeded)
{
inputBuffers[4] = outputBuffer;
statusCode = (SecurityStatus) SSPIWrapper.CompleteAuthToken(GlobalSSPI.SSPIAuth, ref this.m_SecurityContext, inputBuffers);
outputBuffer.token = null;
}
}
}
finally
{
if (flag && (this.m_CredentialsHandle != null))
{
this.m_CredentialsHandle.Close();
}
}
if ((statusCode & ((SecurityStatus) (-2147483648))) != SecurityStatus.OK)
{
this.CloseContext();
if (throwOnError)
{
Win32Exception exception = new Win32Exception((int) statusCode);
throw exception;
}
return null;
}
if (flag && (this.m_CredentialsHandle != null))
{
SSPIHandleCache.CacheCredential(this.m_CredentialsHandle);
}
if (statusCode == SecurityStatus.OK)
{
this.m_IsCompleted = true;
}
byte[] token = outputBuffer.token;
string str = null;
if ((token != null) && (token.Length > 0))
{
str = WebHeaderCollection.HeaderEncoding.GetString(token, 0, outputBuffer.size);
}
return str;
}
/// <summary>
/// Returns whether or not the status represents an error.
/// </summary>
/// <param name="status"></param>
/// <returns>True if the status represents an error condition.</returns>
public static bool IsError(this SecurityStatus status)
{
return((uint)status > 0x80000000u);
}
/// <summary>
/// Initializes a new instance of the SSPIException class with the given message and status.
/// </summary>
/// <param name="message">A message explaining what part of the system failed.</param>
/// <param name="errorCode">The error code observed during the failure.</param>
internal SspiException( string message, SecurityStatus errorCode )
{
this.message = message;
this.errorCode = errorCode;
}
// This only works for context-destroying errors.
internal static bool IsCredentialFailure(SecurityStatus error)
{
return error == SecurityStatus.LogonDenied ||
error == SecurityStatus.UnknownCredentials ||
error == SecurityStatus.NoImpersonation ||
error == SecurityStatus.NoAuthenticatingAuthority ||
error == SecurityStatus.UntrustedRoot ||
error == SecurityStatus.CertExpired ||
error == SecurityStatus.SmartcardLogonRequired ||
error == SecurityStatus.BadBinding;
}
//
// Only processing SEC_I_RENEGOTIATE.
//
private int ProcessReadErrorCode(SecurityStatus errorCode, byte[] buffer, int offset, int count, byte[] extraBuffer)
{
// ERROR - examine what kind
ProtocolToken message = new ProtocolToken(null, errorCode);
GlobalLog.Print("SecureChannel#" + Logging.HashString(this) + "::***Processing an error Status = " + message.Status.ToString());
if (message.Renegotiate)
{
_SslState.ReplyOnReAuthentication(extraBuffer);
// Loop on read.
return -1;
}
if (message.CloseConnection)
{
_SslState.FinishRead(null);
return 0;
}
throw new IOException(SR.net_io_decrypt, message.GetException());
}
public Exception GetException(SecurityStatus status)
{
return(new Win32Exception((int)status));
}
/// <summary>
/// Initializes a new instance of the SSPIException class with the given message and status.
/// </summary>
/// <param name="message">A message explaining what part of the system failed.</param>
/// <param name="errorCode">The error code observed during the failure.</param>
public SSPIException( string message, SecurityStatus errorCode )
{
this.message = message;
this.errorCode = errorCode;
}
internal static SecurityStatus SafeQueryContextAttribute(
SafeContextHandle handle,
ContextQueryAttrib attribute,
ref byte[] buffer
)
{
bool gotRef = false;
SecurityStatus status = SecurityStatus.InternalError;
RuntimeHelpers.PrepareConstrainedRegions();
int pointerSize = System.Environment.Is64BitOperatingSystem ? 8 : 4; //NOTE: update this when 128 bit processors exist
IntPtr alloc_buffer = Marshal.AllocHGlobal(sizeof(uint) + pointerSize); //NOTE: this is at most 4 + sizeof(void*) bytes
//see struct SecPkgContext_SessionKey
// https://msdn.microsoft.com/en-us/library/windows/desktop/aa380096(v=vs.85).aspx
try
{
handle.DangerousAddRef(ref gotRef);
}
catch (Exception)
{
if (gotRef)
{
handle.DangerousRelease();
gotRef = false;
buffer = null;
}
throw;
}
finally
{
if (gotRef)
{
status = ContextNativeMethods.QueryContextAttributes(
ref handle.rawHandle,
attribute,
alloc_buffer
);
if (status == SecurityStatus.OK)
{
KeyStruct key = new KeyStruct();
Marshal.PtrToStructure(alloc_buffer, key); // fit to the proper size, read a byte[]
byte[] sizedBuffer = new byte[key.size];
for (int i = 0; i < key.size; i++)
{
sizedBuffer[i] = Marshal.ReadByte(key.data, i);
}
buffer = sizedBuffer;
}
handle.DangerousRelease();
}
}
Marshal.FreeHGlobal(alloc_buffer);
return(status);
}
/// <summary>
/// Initializes a new instance of the SSPIException class from serialization data.
/// </summary>
/// <param name="info"></param>
/// <param name="context"></param>
protected SSPIException( SerializationInfo info, StreamingContext context )
: base(info, context)
{
this.message = info.GetString( "messsage" );
this.errorCode = (SecurityStatus)info.GetUInt32( "errorCode" );
}
public bool ProcessHandshakeMessage(HandshakeType type, TlsBuffer incoming, out SecurityStatus status)
{
if (HasPendingOutput && type != HandshakeType.HelloRequest)
{
throw new TlsException(AlertDescription.InternalError);
}
if (!VerifyMessage(type))
{
throw new TlsException(AlertDescription.UnexpectedMessage);
}
var incomingBuffer = new BufferOffsetSize(incoming.Buffer, incoming.Position - 4, incoming.Remaining + 4);
var startPosition = incoming.Position - 4;
var message = CreateMessage(type, incoming);
incoming.Position = startPosition;
#if FIXME
incoming.Offset = incoming.Position;
#endif
#if DEBUG_FULL
if (Context.EnableDebugging)
{
DebugHelper.WriteLine("ProcessMessage: {0} {1} {2}", GetType().Name, Context.IsServer, type);
}
#endif
var result = HandleMessage(message);
switch (result)
{
case MessageStatus.CredentialsNeeded:
status = SecurityStatus.CredentialsNeeded;
return(false);
case MessageStatus.Finished:
hasPendingOutput = true;
if (Context.IsServer)
{
Context.HandshakeParameters.HandshakeMessages.Add(message, incomingBuffer);
}
status = SecurityStatus.OK;
return(true);
case MessageStatus.IgnoreMessage:
status = SecurityStatus.ContinueNeeded;
return(false);
case MessageStatus.Renegotiate:
hasPendingOutput = true;
if (message.Type != HandshakeType.HelloRequest)
{
Context.HandshakeParameters.HandshakeMessages.Add(message, incomingBuffer);
}
status = SecurityStatus.Renegotiate;
return(true);
case MessageStatus.GenerateOutput:
hasPendingOutput = true;
Context.HandshakeParameters.HandshakeMessages.Add(message, incomingBuffer);
status = SecurityStatus.ContinueNeeded;
return(true);
case MessageStatus.ContinueNeeded:
Context.HandshakeParameters.HandshakeMessages.Add(message, incomingBuffer);
status = SecurityStatus.ContinueNeeded;
return(false);
default:
throw new InvalidOperationException();
}
}
public Exception GetException(SecurityStatus status)
{
// TODO: To be implemented
throw new Exception("status = " + status);
}
//
private void StartWriting(byte[] buffer, int offset, int count, AsyncProtocolRequest asyncRequest)
{
if (asyncRequest != null)
{
asyncRequest.SetNextRequest(buffer, offset, count, _ResumeAsyncWriteCallback);
}
// We loop to this method from the callback
// If the last chunk was just completed from async callback (count < 0), we complete user request
if (count >= 0)
{
byte[] outBuffer = null;
if (_PinnableOutputBufferInUse == null) // The output buffer is not in use
{
if (_PinnableOutputBuffer == null) // Create one if needed
{
_PinnableOutputBuffer = s_PinnableWriteBufferCache.AllocateBuffer();
}
_PinnableOutputBufferInUse = buffer; // put it in use
outBuffer = _PinnableOutputBuffer;
if (PinnableBufferCacheEventSource.Log.IsEnabled())
{
PinnableBufferCacheEventSource.Log.DebugMessage3("In System.Net._SslStream.StartWriting Trying Pinnable", this.GetHashCode(), count, PinnableBufferCacheEventSource.AddressOfByteArray(outBuffer));
}
}
else
{
if (PinnableBufferCacheEventSource.Log.IsEnabled())
{
PinnableBufferCacheEventSource.Log.DebugMessage2("In System.Net._SslStream.StartWriting BufferInUse", this.GetHashCode(), count);
}
}
do
{
// request a write IO slot
if (_SslState.CheckEnqueueWrite(asyncRequest))
{
// operation is async and has been queued, return.
return;
}
int chunkBytes = Math.Min(count, _SslState.MaxDataSize);
int encryptedBytes;
SecurityStatus errorCode = _SslState.EncryptData(buffer, offset, chunkBytes, ref outBuffer, out encryptedBytes);
if (errorCode != SecurityStatus.OK)
{
//
ProtocolToken message = new ProtocolToken(null, errorCode);
throw new IOException(SR.GetString(SR.net_io_encrypt), message.GetException());
}
if (PinnableBufferCacheEventSource.Log.IsEnabled())
{
PinnableBufferCacheEventSource.Log.DebugMessage3("In System.Net._SslStream.StartWriting Got Encrypted Buffer",
this.GetHashCode(), encryptedBytes, PinnableBufferCacheEventSource.AddressOfByteArray(outBuffer));
}
if (asyncRequest != null)
{
// prepare for the next request
asyncRequest.SetNextRequest(buffer, offset + chunkBytes, count - chunkBytes, _ResumeAsyncWriteCallback);
IAsyncResult ar = _SslState.InnerStream.BeginWrite(outBuffer, 0, encryptedBytes, _WriteCallback, asyncRequest);
if (!ar.CompletedSynchronously)
{
return;
}
_SslState.InnerStream.EndWrite(ar);
}
else
{
_SslState.InnerStream.Write(outBuffer, 0, encryptedBytes);
}
offset += chunkBytes;
count -= chunkBytes;
// release write IO slot
_SslState.FinishWrite();
} while (count != 0);
}
if (asyncRequest != null)
{
asyncRequest.CompleteUser();
}
if (buffer == _PinnableOutputBufferInUse) // Did we put it in use?
{
// Then free it
_PinnableOutputBufferInUse = null;
if (PinnableBufferCacheEventSource.Log.IsEnabled())
{
PinnableBufferCacheEventSource.Log.DebugMessage1("In System.Net._SslStream.StartWriting Freeing buffer.", this.GetHashCode());
}
}
}
// Token: 0x0600074D RID: 1869 RVA: 0x00027EFC File Offset: 0x000260FC
public void Execute()
{
AirSyncDiagnostics.TraceDebug(ExTraceGlobals.RequestsTracer, this, "DocumentLibrary Fetch command received. Processing request...");
Uri uri = null;
try
{
uri = new Uri(this.linkId);
}
catch (UriFormatException innerException)
{
AirSyncDiagnostics.TraceDebug(ExTraceGlobals.RequestsTracer, this, string.Format(CultureInfo.InvariantCulture, "ItemOperationsFetchProvider: Bad document Uri {0} was specified!", new object[]
{
this.linkId
}));
this.user.Context.ProtocolLogger.SetValue(ProtocolLoggerData.Error, "BadLinkInDocFetch");
throw new AirSyncPermanentException(StatusCode.Sync_ProtocolError, innerException, false);
}
AirSyncDiagnostics.TraceDebug <string>(ExTraceGlobals.RequestsTracer, this, "Processing Fetch command with Uri {0}.", uri.AbsoluteUri);
if (!DocumentLibraryUtility.IsTrustedProtocol(uri.Scheme))
{
AirSyncDiagnostics.TraceDebug(ExTraceGlobals.RequestsTracer, this, string.Format(CultureInfo.InvariantCulture, "ItemOperationsFetchProvider: untrusted protocol: {0}!", new object[]
{
uri.Scheme
}));
this.user.Context.ProtocolLogger.SetValue(ProtocolLoggerData.Error, "BadProtocolInDocFetch");
throw new AirSyncPermanentException(StatusCode.Sync_Retry, false);
}
if (!DocumentLibraryUtility.IsInternalUri(uri))
{
AirSyncDiagnostics.TraceDebug(ExTraceGlobals.RequestsTracer, this, string.Format(CultureInfo.InvariantCulture, "ItemOperationsFetchProvider: Uri must be internal: {0}!", new object[]
{
uri.Host
}));
this.user.Context.ProtocolLogger.SetValue(ProtocolLoggerData.Error, "ExternalProtocolInDocFetch");
throw new AirSyncPermanentException(StatusCode.Sync_Retry, false);
}
AuthenticationContext authenticationContext = new AuthenticationContext();
try
{
IPrincipal principal;
if (this.userPassword == null)
{
principal = this.user.WindowsPrincipal;
if (principal == null)
{
if (GlobalSettings.EnableCredentialRequest && this.user.Context.Request.Version >= 121)
{
this.user.Context.ProtocolLogger.SetValue(ProtocolLoggerData.Error, "NeedPromptForCredsToProxy2");
throw new AirSyncPermanentException(StatusCode.ItemOperations_CredentialsRequired, false);
}
this.user.Context.ProtocolLogger.SetValue(ProtocolLoggerData.Error, "NeedCredsToProxy2");
throw new AirSyncPermanentException(HttpStatusCode.Forbidden, StatusCode.AccessDenied, null, false);
}
}
else
{
SecurityStatus securityStatus = authenticationContext.LogonUser(this.userName, this.userPassword);
this.userPassword.Dispose();
this.userPassword = null;
if (securityStatus != SecurityStatus.OK)
{
AirSyncDiagnostics.TraceDebug(ExTraceGlobals.RequestsTracer, this, string.Format(CultureInfo.InvariantCulture, "ItemOperationsFetchProvider: Authentication failed with status {0}.", new object[]
{
securityStatus
}));
this.user.Context.ProtocolLogger.SetValue(ProtocolLoggerData.Error, string.Format(CultureInfo.InvariantCulture, "AuthenticationErrorStatus{0}", new object[]
{
securityStatus
}));
throw new AirSyncPermanentException(HttpStatusCode.OK, StatusCode.Sync_ServerError, null, false);
}
principal = new WindowsPrincipal(authenticationContext.Identity);
}
ClassifyResult classifyResult = LinkClassifier.ClassifyLinks(principal, new Uri[]
{
uri
})[0];
if (classifyResult.Error != ClassificationError.None)
{
AirSyncDiagnostics.TraceDebug <string, ClassificationError>(ExTraceGlobals.RequestsTracer, this, "The LinkClassifier failed to classify the link {0}, returned {1}", this.linkId, classifyResult.Error);
switch (classifyResult.Error)
{
case ClassificationError.ConnectionFailed:
this.user.Context.ProtocolLogger.SetValue(ProtocolLoggerData.Error, "LinkClassConnFailedInDocFetch");
throw new AirSyncPermanentException(HttpStatusCode.OK, StatusCode.Sync_Conflict, null, false);
case ClassificationError.AccessDenied:
this.user.Context.ProtocolLogger.SetValue(ProtocolLoggerData.Error, "LinkClassDeniedInDocFetch");
throw new AirSyncPermanentException(HttpStatusCode.OK, StatusCode.Sync_ServerError, null, false);
case ClassificationError.ObjectNotFound:
this.user.Context.ProtocolLogger.SetValue(ProtocolLoggerData.Error, "LinkClassNotFoundInDocFetch");
throw new AirSyncPermanentException(HttpStatusCode.OK, StatusCode.Sync_ClientServerConversion, null, false);
case ClassificationError.UriTypeNotSupported:
case ClassificationError.InvalidUri:
this.user.Context.ProtocolLogger.SetValue(ProtocolLoggerData.Error, "LinkClassBadUriInDocFetch");
throw new AirSyncPermanentException(HttpStatusCode.OK, StatusCode.Sync_ProtocolError, null, false);
}
this.user.Context.ProtocolLogger.SetValue(ProtocolLoggerData.Error, "LinkClassFailureInDocFetch");
throw new AirSyncPermanentException(StatusCode.Sync_InvalidSyncKey, false);
}
IDocument document = null;
UncSession uncSession = null;
SharepointSession sharepointSession = null;
if ((classifyResult.UriFlags & UriFlags.UncDocument) == UriFlags.UncDocument)
{
if (!DocumentLibraryUtility.IsUncAccessEnabled(this.user))
{
this.user.Context.ProtocolLogger.SetValue(ProtocolLoggerData.Error, "AccessDeniedInDocFetch");
throw new AirSyncPermanentException(StatusCode.Sync_Retry, false);
}
if (DocumentLibraryUtility.IsBlockedHostName(uri.Host))
{
this.user.Context.ProtocolLogger.SetValue(ProtocolLoggerData.Error, "HostBlockedInDocFetch");
throw new AirSyncPermanentException(StatusCode.Sync_Retry, false);
}
uncSession = UncSession.Open(classifyResult.ObjectId, principal);
}
else
{
if ((classifyResult.UriFlags & UriFlags.SharepointDocument) != UriFlags.SharepointDocument)
{
AirSyncDiagnostics.TraceDebug <string, UriFlags>(ExTraceGlobals.RequestsTracer, this, "The Uri {0} of type {1} is not supported for Fetch", this.linkId, classifyResult.UriFlags);
this.user.Context.ProtocolLogger.SetValue(ProtocolLoggerData.Error, "BadLinkInDocFetch2");
throw new AirSyncPermanentException(StatusCode.Sync_ProtocolError, false);
}
if (!DocumentLibraryUtility.IsWssAccessEnabled(this.user))
{
this.user.Context.ProtocolLogger.SetValue(ProtocolLoggerData.Error, "WssDeniedInDocFetch");
throw new AirSyncPermanentException(StatusCode.Sync_Retry, false);
}
if (DocumentLibraryUtility.IsBlockedHostName(uri.Host))
{
this.user.Context.ProtocolLogger.SetValue(ProtocolLoggerData.Error, "HostBlockedInDocFetch2");
throw new AirSyncPermanentException(StatusCode.Sync_Retry, false);
}
this.user.Context.ProtocolLogger.IncrementValue(ProtocolLoggerData.SharePointDocs);
sharepointSession = SharepointSession.Open(classifyResult.ObjectId, principal);
}
try
{
if (uncSession != null)
{
AirSyncDiagnostics.TraceDebug(ExTraceGlobals.RequestsTracer, this, "Reading UNC document...");
document = UncDocument.Read(uncSession, classifyResult.ObjectId);
}
else
{
AirSyncDiagnostics.TraceDebug(ExTraceGlobals.RequestsTracer, this, "Reading Sharepoint document...");
AirSyncDiagnostics.Assert(sharepointSession != null);
document = SharepointDocument.Read(sharepointSession, classifyResult.ObjectId);
}
}
catch (ObjectNotFoundException innerException2)
{
this.user.Context.ProtocolLogger.SetValue(ProtocolLoggerData.Error, "NotFoundInDocFetch");
throw new AirSyncPermanentException(StatusCode.Sync_ClientServerConversion, innerException2, false);
}
catch (AccessDeniedException innerException3)
{
this.user.Context.ProtocolLogger.SetValue(ProtocolLoggerData.Error, "AccessDeniedInDocFetch2");
throw new AirSyncPermanentException(StatusCode.Sync_ServerError, innerException3, false);
}
this.documentSize = (int)document.Size;
if (this.documentSize == 0)
{
AirSyncDiagnostics.TraceDebug <string>(ExTraceGlobals.RequestsTracer, this, "The file {0} was found to be empty!", this.linkId);
this.user.Context.ProtocolLogger.SetValue(ProtocolLoggerData.Error, "EmptyDocInDocFetch");
throw new AirSyncPermanentException(HttpStatusCode.OK, StatusCode.Sync_NotificationGUID, null, false);
}
object obj = document.TryGetProperty(DocumentLibraryItemSchema.LastModifiedDate);
if (obj is PropertyError)
{
this.user.Context.ProtocolLogger.SetValue(ProtocolLoggerData.Error, "GeneralErrorInDocFetch");
throw new AirSyncPermanentException(StatusCode.Sync_InvalidSyncKey, false);
}
ExDateTime exDateTime;
if (obj is DateTime)
{
exDateTime = new ExDateTime(ExTimeZone.UtcTimeZone, (DateTime)obj);
}
else
{
exDateTime = (ExDateTime)obj;
}
this.version = exDateTime.ToString("yyyy-MM-dd\\THH:mm:ss.fff\\Z", CultureInfo.InvariantCulture);
if (this.rangeSpecified && this.minRange >= this.documentSize)
{
AirSyncDiagnostics.TraceDebug <int, int>(ExTraceGlobals.RequestsTracer, this, "The minimum range specified {0} is greater than the document size {1}", this.minRange, this.documentSize);
this.user.Context.ProtocolLogger.SetValue(ProtocolLoggerData.Error, "BadMinSizeInDocFetch");
throw new AirSyncPermanentException(HttpStatusCode.OK, StatusCode.Sync_ObjectNotFound, null, false);
}
using (Stream document2 = document.GetDocument())
{
int num;
if (this.rangeSpecified)
{
num = this.maxRange - this.minRange + 1;
}
else
{
num = this.documentSize;
}
if (uncSession != null)
{
this.user.Context.ProtocolLogger.IncrementValue(ProtocolLoggerData.UNCFiles);
this.user.Context.ProtocolLogger.IncrementValueBy(ProtocolLoggerData.UNCBytes, num);
}
if (sharepointSession != null)
{
this.user.Context.ProtocolLogger.IncrementValue(ProtocolLoggerData.SharePointDocs);
this.user.Context.ProtocolLogger.IncrementValueBy(ProtocolLoggerData.SharePointBytes, num);
}
this.outStream = new MemoryStream(num);
if (num > GlobalSettings.MaxDocumentDataSize)
{
this.user.Context.ProtocolLogger.SetValue(ProtocolLoggerData.Error, "DocTooBigInDocFetch");
throw new AirSyncPermanentException(StatusCode.Sync_NotificationsNotProvisioned, false);
}
try
{
StreamHelper.CopyStream(document2, this.outStream, this.minRange, num);
}
catch (IOException innerException4)
{
this.user.Context.ProtocolLogger.SetValue(ProtocolLoggerData.Error, "IOErrorInDocFetch");
throw new AirSyncPermanentException(StatusCode.Sync_FolderHierarchyRequired, innerException4, false);
}
}
}
catch (UnknownErrorException innerException5)
{
this.user.Context.ProtocolLogger.SetValue(ProtocolLoggerData.Error, "IOErrorInDocFetch2");
throw new AirSyncPermanentException(StatusCode.Sync_FolderHierarchyRequired, innerException5, false);
}
catch (DocumentModifiedException innerException6)
{
this.user.Context.ProtocolLogger.SetValue(ProtocolLoggerData.Error, "IOErrorInDocFetch3");
throw new AirSyncPermanentException(StatusCode.Sync_FolderHierarchyRequired, innerException6, false);
}
catch (DocumentStreamAccessDeniedException innerException7)
{
this.user.Context.ProtocolLogger.SetValue(ProtocolLoggerData.Error, "AccessDeniedInDocFetch3");
throw new AirSyncPermanentException(StatusCode.Sync_ServerError, innerException7, false);
}
catch (ObjectMovedOrDeletedException innerException8)
{
this.user.Context.ProtocolLogger.SetValue(ProtocolLoggerData.Error, "NotFoundInDocFetch2");
throw new AirSyncPermanentException(StatusCode.Sync_ClientServerConversion, innerException8, false);
}
catch (DocumentLibraryException innerException9)
{
this.user.Context.ProtocolLogger.SetValue(ProtocolLoggerData.Error, "GeneralErrorInDocFetch2");
throw new AirSyncPermanentException(StatusCode.Sync_InvalidSyncKey, innerException9, false);
}
finally
{
if (authenticationContext != null)
{
authenticationContext.Dispose();
authenticationContext = null;
}
}
}