Example #1
0
        /// <summary>
        /// Sets up correct security context and invokes a target.
        /// This method may not throw any exceptions.
        /// </summary>
        /// <param name="message">The message to be performed.</param>
        /// <param name="connectionLevel">Indicates whether Security Session is used on the connection level.</param>
        public override void Invoke(Message message, bool connectionLevel)
        {
            bool impersonateContext = (this.KeyProvider_SspiServer.RequiredFeatures & SspiFeatureFlags.Impersonation) != 0 ||
                                      (this.KeyProvider_SspiServer.RequiredFeatures & SspiFeatureFlags.Delegation) != 0;

            try
            {
                if (impersonateContext)
                {
                    SspiApi.ImpersonateSecurityContext(this.SspiSecurityContext._phContext);
                }

                base.Invoke(message, connectionLevel);
            }
            finally
            {
                if (impersonateContext)
                {
                    SspiApi.RevertSecurityContext(this.SspiSecurityContext._phContext);
                }
            }
        }
        /// <summary>
        /// Initiates or continues establishing of the Security Session.
        /// Implementation notes: receiving of exceptions no more breaks up the connection like
        /// it was in the previous versions.
        /// </summary>
        /// <param name="input">A null reference or an incoming stream.</param>
        /// <param name="connectionLevel">Indicates whether the Security Session operates on connection level.</param>
        /// <returns>A stream containing data for sending to the remote host or a null reference if Security Session is established.</returns>
        public override GenuineChunkedStream EstablishSession(Stream input, bool connectionLevel)
        {
            bool passException = false;

            // a dance is over
            if (this.IsEstablished)
            {
                return(null);
            }

            GenuineChunkedStream outputStream = null;
            var binaryFormatter = new BinaryFormatter().Safe();

            // skip the status flag
            if (connectionLevel)
            {
                if (input != null)
                {
                    input.ReadByte();
                }
                outputStream = new GenuineChunkedStream(false);
            }
            else
            {
                outputStream = this.CreateOutputStream();
            }

            // write session is being established flag
            BinaryWriter binaryWriter = new BinaryWriter(outputStream);

            binaryWriter.Write((byte)0);

            try
            {
                lock (this)
                {
                    if (input == Stream.Null)
                    {
                        if (this.KeyProvider_SspiClient.DelegatedContext != null)
                        {
                            try
                            {
                                SspiApi.ImpersonateSecurityContext(this.KeyProvider_SspiClient.DelegatedContext.SspiSecurityContext._phContext);

                                // start new session
                                this.SspiSecurityContext = new SspiClientSecurityContext(this.KeyProvider_SspiClient);
                                binaryWriter.Write((byte)SspiPacketStatusFlags.InitializeFromScratch);
                                this.SspiSecurityContext.BuildUpSecurityContext(null, outputStream);
                                return(outputStream);
                            }
                            finally
                            {
                                SspiApi.RevertSecurityContext(this.KeyProvider_SspiClient.DelegatedContext.SspiSecurityContext._phContext);
                            }
                        }

                        // start new session
                        this.SspiSecurityContext = new SspiClientSecurityContext(this.KeyProvider_SspiClient);
                        binaryWriter.Write((byte)SspiPacketStatusFlags.InitializeFromScratch);
                        this.SspiSecurityContext.BuildUpSecurityContext(null, outputStream);
                        return(outputStream);
                    }

                    SspiPacketStatusFlags sspiPacketStatusFlags = (SspiPacketStatusFlags)input.ReadByte();
                    switch (sspiPacketStatusFlags)
                    {
                    case SspiPacketStatusFlags.ContinueAuthentication:
                        // continue building a security context
                        GenuineChunkedStream sspiData = new GenuineChunkedStream(false);
                        this.SspiSecurityContext.BuildUpSecurityContext(input, sspiData);

                        if (sspiData.Length == 0)
                        {
                            // SSPI session has been built up
                            outputStream.WriteByte((byte)SspiPacketStatusFlags.SessionEstablished);
                            this.SessionEstablished();
                        }
                        else
                        {
                            outputStream.WriteByte((byte)SspiPacketStatusFlags.ContinueAuthentication);
                            outputStream.WriteStream(sspiData);
                        }
                        return(outputStream);

                    case SspiPacketStatusFlags.ExceptionThrown:
                        Exception receivedException = GenuineUtility.ReadException(input);

#if DEBUG
//							this.Remote.ITransportContext.IEventLogger.Log(LogMessageCategory.Security, receivedException, "SecuritySession_SspiServer.EstablishSession",
//								null, "SSPI initialization ends up with an exception at the remote host. Remote host: {0}.",
//								this.Remote.ToString());
#endif

                        if (this.Remote != null)
                        {
                            this.Remote.ITransportContext.IGenuineEventProvider.Fire(new GenuineEventArgs(
                                                                                         GenuineEventType.SecuritySessionFailed, receivedException, this.Remote, this));
                        }

                        this.DispatchException(receivedException);
                        passException = true;
                        throw receivedException;

                    case SspiPacketStatusFlags.ForceInitialization:
                        return(this.EstablishSession(Stream.Null, connectionLevel));

                    case SspiPacketStatusFlags.InitializeFromScratch:
                        throw GenuineExceptions.Get_Processing_LogicError(
                                  string.Format("The remote host must have the Security Session of the type SecuritySession_SspiServer registered with the name {0}. SecuritySession_SspiServer never sends SspiPacketMark.InitializeFromScratch packet marker.",
                                                this.Name));

                    case SspiPacketStatusFlags.SessionEstablished:
                        this.SessionEstablished();
                        break;
                    }
                }
            }
            catch (Exception opEx)
            {
#if DEBUG
//				this.Remote.ITransportContext.IEventLogger.Log(LogMessageCategory.Security, opEx, "SecuritySession_SspiServer.EstablishSession",
//					null, "Exception was thrown while establishing security context.");
#endif

                if (this.Remote != null)
                {
                    this.Remote.ITransportContext.IGenuineEventProvider.Fire(new GenuineEventArgs(
                                                                                 GenuineEventType.SecuritySessionFailed, opEx, this.Remote, this));
                }

                this.DispatchException(opEx);
                if (passException)
                {
                    throw;
                }

                binaryWriter.Write((byte)SspiPacketStatusFlags.ExceptionThrown);
                binaryFormatter.Serialize(outputStream, opEx);
                return(outputStream);
            }

            return(null);
        }