public override void Accept(byte[] clientToken)
{
SecurityBuffer[] inSecurityBuffers;
//There must be two buffers.
inSecurityBuffers = new SecurityBuffer[3];
//The first buffer must be of type SECBUFFER_TOKEN and contain the security token
//received from the client.
inSecurityBuffers[0] = new SecurityBuffer(SecurityBufferType.Token, clientToken);
//The second buffer should be of type SECBUFFER_EMPTY.
inSecurityBuffers[1] = new SecurityBuffer(SecurityBufferType.Empty, new byte[0]);
//The 3nd buffer should be of type Extra.
inSecurityBuffers[2] = new SecurityBuffer(SecurityBufferType.Extra, new byte[0]);
SecurityBufferDescWrapper inputBufferDescWrapper = new SecurityBufferDescWrapper(inSecurityBuffers);
SecurityBuffer[] outSecurityBuffers;
outSecurityBuffers = new SecurityBuffer[2];
//1 token
outSecurityBuffers[0] = new SecurityBuffer(SecurityBufferType.Token, new byte[NativeMethods.MAX_TOKEN_SIZE]);
//2 alert
outSecurityBuffers[1] = new SecurityBuffer(SecurityBufferType.Alert, new byte[NativeMethods.MAX_TOKEN_SIZE]);
SecurityBufferDescWrapper outputBufferDescWrapper = new SecurityBufferDescWrapper(outSecurityBuffers);
SecurityInteger timeStamp;
uint contextAttribute;
uint hResult = 0;
if (this.contextHandle.LowPart == IntPtr.Zero || this.contextHandle.HighPart == IntPtr.Zero)
{
hResult = NativeMethods.AcceptSecurityContext(
ref this.credentialHandle,
IntPtr.Zero,
ref inputBufferDescWrapper.securityBufferDesc,
(uint)this.securityContextAttributes,
(uint)this.targetDataRepresentaion,
ref this.contextHandle,
out outputBufferDescWrapper.securityBufferDesc,
out contextAttribute,
out timeStamp);
}
else
{
hResult = NativeMethods.AcceptSecurityContext(
ref this.credentialHandle,
ref this.contextHandle,
ref inputBufferDescWrapper.securityBufferDesc,
(uint)this.securityContextAttributes,
(uint)this.targetDataRepresentaion,
ref this.contextHandle,
out outputBufferDescWrapper.securityBufferDesc,
out contextAttribute,
out timeStamp);
}
inputBufferDescWrapper.FreeSecurityBufferDesc();
lastHResult = hResult;
if (hResult == NativeMethods.SEC_E_OK)
{
this.needContinueProcessing = false;
this.hasMoreFragments = false;
}
else if (hResult == NativeMethods.SEC_I_CONTINUE_NEEDED)
{
this.needContinueProcessing = true;
this.hasMoreFragments = false;
}
else if (hResult == NativeMethods.SEC_I_MESSAGE_FRAGMENT)
{
this.needContinueProcessing = true;
this.hasMoreFragments = true;
}
else
{
throw new SspiException("Accept failed.", hResult);
}
//Get token
this.token = null;
SspiSecurityBuffer[] buffers = outputBufferDescWrapper.securityBufferDesc.GetBuffers();
for (int i = 0; i < buffers.Length; i++)
{
if (buffers[i].bufferType == (uint)SecurityBufferType.Token)
{
if (buffers[i].bufferLength > 0)
{
this.token = new byte[buffers[i].bufferLength];
Marshal.Copy(buffers[i].pSecBuffer, this.token, 0, this.token.Length);
}
break;
}
}
outputBufferDescWrapper.FreeSecurityBufferDesc();
}
/// <summary>
/// Initialize SecurityContext with a server token.
/// </summary>
/// <param name="serverToken">Server Token</param>
/// <exception cref="SspiException">If Initialize fail, this exception will be thrown.</exception>
public override void Initialize(byte[] serverToken)
{
uint hResult;
SecurityBuffer[] securityBuffers;
if (this.packageType == SecurityPackageType.CredSsp)
{
//On calls to this function after the initial call, there must be two buffers.
securityBuffers = new SecurityBuffer[2];
//The first has type SECBUFFER_TOKEN and contains the token received from the server.
securityBuffers[0] = new SecurityBuffer(SecurityBufferType.Token, serverToken);
//The second buffer has type SECBUFFER_EMPTY; set both the pvBuffer and cbBuffer members to zero.
securityBuffers[1] = new SecurityBuffer(SecurityBufferType.Empty, new byte[0]);
}
else
{
securityBuffers = new SecurityBuffer[] { new SecurityBuffer(SecurityBufferType.Token, serverToken) };
}
SecurityBuffer outTokenBuffer = new SecurityBuffer(
SecurityBufferType.Token,
new byte[Consts.MAX_TOKEN_SIZE]);
SecurityBufferDescWrapper serverTokenDescWrapper = new SecurityBufferDescWrapper(securityBuffers);
SecurityBufferDescWrapper outBufferDescWrapper = new SecurityBufferDescWrapper(outTokenBuffer);
uint outContextAttribute;
SecurityInteger expiryTime = new SecurityInteger();
if (serverToken == null)
{
hResult = NativeMethods.InitializeSecurityContext(
ref this.credentialHandle,
IntPtr.Zero,
this.serverPrincipalName,
(int)this.securityContextAttributes,
0,
(int)this.targetDataRepresentaion,
IntPtr.Zero,
0,
out this.contextHandle,
out outBufferDescWrapper.securityBufferDesc,
out outContextAttribute,
out expiryTime);
}
else
{
if (this.contextHandle.LowPart == IntPtr.Zero && this.contextHandle.HighPart == IntPtr.Zero)
{
hResult = NativeMethods.InitializeSecurityContext(
ref this.credentialHandle,
IntPtr.Zero,
this.serverPrincipalName,
(int)this.securityContextAttributes,
0,
(int)this.targetDataRepresentaion,
ref serverTokenDescWrapper.securityBufferDesc,
0,
out this.contextHandle,
out outBufferDescWrapper.securityBufferDesc,
out outContextAttribute,
out expiryTime);
}
else
{
hResult = NativeMethods.InitializeSecurityContext(
ref this.credentialHandle,
ref this.contextHandle,
this.serverPrincipalName,
(int)this.securityContextAttributes,
0,
(int)this.targetDataRepresentaion,
ref serverTokenDescWrapper.securityBufferDesc,
0,
out this.contextHandle,
out outBufferDescWrapper.securityBufferDesc,
out outContextAttribute,
out expiryTime);
}
}
serverTokenDescWrapper.FreeSecurityBufferDesc();
if (hResult == NativeMethods.SEC_E_OK)
{
this.needContinueProcessing = false;
}
else if (hResult == NativeMethods.SEC_I_CONTINUE_NEEDED)
{
this.needContinueProcessing = true;
}
else
{
throw new SspiException("Initialize failed.", hResult);
}
//Get token if success.
this.token = null;
SspiSecurityBuffer[] outBuffers = outBufferDescWrapper.securityBufferDesc.GetBuffers();
for (int i = 0; i < outBuffers.Length; i++)
{
if (outBuffers[i].bufferType == (uint)SecurityBufferType.Token)
{
if (outBuffers[i].bufferLength > 0)
{
this.token = new byte[outBuffers[i].bufferLength];
Marshal.Copy(outBuffers[i].pSecBuffer, this.token, 0, this.token.Length);
}
break;
}
}
outBufferDescWrapper.FreeSecurityBufferDesc();
}
internal static void MakeSignature(
ref SecurityHandle contextHandle,
uint sequenceNumber,
params SecurityBuffer[] securityBuffers)
{
SecurityBufferDescWrapper securityBufferDescWrapper = new SecurityBufferDescWrapper(securityBuffers);
uint hResult = NativeMethods.MakeSignature(
ref contextHandle,
0,
ref securityBufferDescWrapper.securityBufferDesc,
sequenceNumber);
if (hResult != NativeMethods.SEC_E_OK)
{
securityBufferDescWrapper.FreeSecurityBufferDesc();
throw new SspiException("Sign failed.", hResult);
}
else
{
SspiSecurityBuffer[] buffers = securityBufferDescWrapper.securityBufferDesc.GetBuffers();
if (buffers != null)
{
for (int i = 0; i < buffers.Length; i++)
{
if (securityBuffers[i].BufferType == SecurityBufferType.Token)
{
securityBuffers[i].Buffer = new byte[buffers[i].bufferLength];
Marshal.Copy(
buffers[i].pSecBuffer,
securityBuffers[i].Buffer,
0,
(int)buffers[i].bufferLength);
}
}
}
securityBufferDescWrapper.FreeSecurityBufferDesc();
}
}
public override void Initialize(byte[] serverToken)
{
uint hResult;
SecurityBuffer[] securityBuffers;
if (this.packageType == SecurityPackageType.CredSsp)
{
//On calls to this function after the initial call, there must be two buffers.
securityBuffers = new SecurityBuffer[2];
//The first has type SECBUFFER_TOKEN and contains the token received from the server.
securityBuffers[0] = new SecurityBuffer(SecurityBufferType.Token, serverToken);
//The second buffer has type SECBUFFER_EMPTY; set both the pvBuffer and cbBuffer members to zero.
securityBuffers[1] = new SecurityBuffer(SecurityBufferType.Empty, new byte[0]);
}
else
{
securityBuffers = new SecurityBuffer[] { new SecurityBuffer(SecurityBufferType.Token, serverToken) };
}
SecurityBuffer outTokenBuffer = new SecurityBuffer(
SecurityBufferType.Token,
new byte[NativeMethods.MAX_TOKEN_SIZE]);
SecurityBufferDescWrapper serverTokenDescWrapper = new SecurityBufferDescWrapper(securityBuffers);
SecurityBufferDescWrapper outBufferDescWrapper = new SecurityBufferDescWrapper(outTokenBuffer);
uint outContextAttribute;
SecurityInteger expiryTime = new SecurityInteger();
if (serverToken == null)
{
hResult = NativeMethods.InitializeSecurityContext(
ref this.credentialHandle,
IntPtr.Zero,
this.serverPrincipalName,
(int)this.securityContextAttributes,
0,
(int)this.targetDataRepresentaion,
IntPtr.Zero,
0,
out this.contextHandle,
out outBufferDescWrapper.securityBufferDesc,
out outContextAttribute,
out expiryTime);
}
else
{
if (this.contextHandle.LowPart == IntPtr.Zero && this.contextHandle.HighPart == IntPtr.Zero)
{
hResult = NativeMethods.InitializeSecurityContext(
ref this.credentialHandle,
IntPtr.Zero,
this.serverPrincipalName,
(int)this.securityContextAttributes,
0,
(int)this.targetDataRepresentaion,
ref serverTokenDescWrapper.securityBufferDesc,
0,
out this.contextHandle,
out outBufferDescWrapper.securityBufferDesc,
out outContextAttribute,
out expiryTime);
}
else
{
hResult = NativeMethods.InitializeSecurityContext(
ref this.credentialHandle,
ref this.contextHandle,
this.serverPrincipalName,
(int)this.securityContextAttributes,
0,
(int)this.targetDataRepresentaion,
ref serverTokenDescWrapper.securityBufferDesc,
0,
out this.contextHandle,
out outBufferDescWrapper.securityBufferDesc,
out outContextAttribute,
out expiryTime);
}
}
serverTokenDescWrapper.FreeSecurityBufferDesc();
if (hResult == NativeMethods.SEC_E_OK)
{
this.needContinueProcessing = false;
}
else if (hResult == NativeMethods.SEC_I_CONTINUE_NEEDED)
{
this.needContinueProcessing = true;
}
else
{
throw new SspiException("Initialize failed.", hResult);
}
//Get token if success.
this.token = null;
SspiSecurityBuffer[] outBuffers = outBufferDescWrapper.securityBufferDesc.GetBuffers();
for (int i = 0; i < outBuffers.Length; i++)
{
if (outBuffers[i].bufferType == (uint)SecurityBufferType.Token)
{
if (outBuffers[i].bufferLength > 0)
{
this.token = new byte[outBuffers[i].bufferLength];
Marshal.Copy(outBuffers[i].pSecBuffer, this.token, 0, this.token.Length);
}
break;
}
}
outBufferDescWrapper.FreeSecurityBufferDesc();
}
internal static void Encrypt(
ref SecurityHandle contextHandle,
uint sequenceNumber,
SECQOP_WRAP qualityOfProtection,
params SecurityBuffer[] securityBuffers)
{
SecurityBufferDescWrapper encryptBufferDescWrapper = new SecurityBufferDescWrapper(securityBuffers);
uint hResult = NativeMethods.EncryptMessage(
ref contextHandle,
(uint)qualityOfProtection,
ref encryptBufferDescWrapper.securityBufferDesc,
sequenceNumber);
if (hResult == NativeMethods.SEC_E_OK)
{
SspiSecurityBuffer[] buffers = encryptBufferDescWrapper.securityBufferDesc.GetBuffers();
for (int i = 0; i < securityBuffers.Length; i++)
{
securityBuffers[i].Buffer = new byte[buffers[i].bufferLength];
if (buffers[i].pSecBuffer != IntPtr.Zero)
{
Marshal.Copy(buffers[i].pSecBuffer,
securityBuffers[i].Buffer,
0,
securityBuffers[i].Buffer.Length);
}
}
encryptBufferDescWrapper.FreeSecurityBufferDesc();
}
else
{
encryptBufferDescWrapper.FreeSecurityBufferDesc();
throw new SspiException("Encrypt failed.", hResult);
}
}
internal static bool Decrypt(
ref SecurityHandle contextHandle,
uint sequenceNumber,
params SecurityBuffer[] securityBuffers)
{
SecurityBufferDescWrapper decryptBufferDescWrapper = new SecurityBufferDescWrapper(securityBuffers);
//A variable of type ULONG that receives package-specific flags that indicate the quality of protection.
//Only for out parameter.
uint pfQop;
uint hResult = NativeMethods.DecryptMessage(
ref contextHandle,
ref decryptBufferDescWrapper.securityBufferDesc,
sequenceNumber,
out pfQop);
if (hResult == NativeMethods.SEC_E_OK)
{
SspiSecurityBuffer[] buffers = decryptBufferDescWrapper.securityBufferDesc.GetBuffers();
for (int i = 0; i < securityBuffers.Length; i++)
{
securityBuffers[i].Buffer = new byte[buffers[i].bufferLength];
if (buffers[i].pSecBuffer != IntPtr.Zero)
{
Marshal.Copy(buffers[i].pSecBuffer,
securityBuffers[i].Buffer,
0,
securityBuffers[i].Buffer.Length);
securityBuffers[i].BufferType = (SecurityBufferType)buffers[i].bufferType;
}
}
decryptBufferDescWrapper.FreeSecurityBufferDesc();
return true;
}
else
{
decryptBufferDescWrapper.FreeSecurityBufferDesc();
throw new SspiException("Decrypt failed.", hResult);
}
}
internal static bool VerifySignature(
ref SecurityHandle contextHandle,
uint sequenceNumber,
params SecurityBuffer[] securityBuffers)
{
SecurityBufferDescWrapper securityBufferDescWrapper = new SecurityBufferDescWrapper(securityBuffers);
uint pfQop;
uint hResult = NativeMethods.VerifySignature(
ref contextHandle,
ref securityBufferDescWrapper.securityBufferDesc,
sequenceNumber,
out pfQop);
securityBufferDescWrapper.FreeSecurityBufferDesc();
if (hResult == NativeMethods.SEC_E_OK)
{
return true;
}
else
{
throw new SspiException("Verify failed.", hResult);
}
}
public override void Accept(byte[] clientToken)
{
SecurityBuffer[] inSecurityBuffers;
//There must be two buffers.
inSecurityBuffers = new SecurityBuffer[3];
//The first buffer must be of type SECBUFFER_TOKEN and contain the security token
//received from the client.
inSecurityBuffers[0] = new SecurityBuffer(SecurityBufferType.Token, clientToken);
//The second buffer should be of type SECBUFFER_EMPTY.
inSecurityBuffers[1] = new SecurityBuffer(SecurityBufferType.Empty, new byte[0]);
//The 3nd buffer should be of type Extra.
inSecurityBuffers[2] = new SecurityBuffer(SecurityBufferType.Extra, new byte[0]);
SecurityBufferDescWrapper inputBufferDescWrapper = new SecurityBufferDescWrapper(inSecurityBuffers);
SecurityBuffer[] outSecurityBuffers;
outSecurityBuffers = new SecurityBuffer[2];
//1 token
outSecurityBuffers[0] = new SecurityBuffer(SecurityBufferType.Token, new byte[NativeMethods.MAX_TOKEN_SIZE]);
//2 alert
outSecurityBuffers[1] = new SecurityBuffer(SecurityBufferType.Alert, new byte[NativeMethods.MAX_TOKEN_SIZE]);
SecurityBufferDescWrapper outputBufferDescWrapper = new SecurityBufferDescWrapper(outSecurityBuffers);
SecurityInteger timeStamp;
uint contextAttribute;
uint hResult = 0;
if (this.contextHandle.LowPart == IntPtr.Zero || this.contextHandle.HighPart == IntPtr.Zero)
{
hResult = NativeMethods.AcceptSecurityContext(
ref this.credentialHandle,
IntPtr.Zero,
ref inputBufferDescWrapper.securityBufferDesc,
(uint)this.securityContextAttributes,
(uint)this.targetDataRepresentaion,
ref this.contextHandle,
out outputBufferDescWrapper.securityBufferDesc,
out contextAttribute,
out timeStamp);
}
else
{
hResult = NativeMethods.AcceptSecurityContext(
ref this.credentialHandle,
ref this.contextHandle,
ref inputBufferDescWrapper.securityBufferDesc,
(uint)this.securityContextAttributes,
(uint)this.targetDataRepresentaion,
ref this.contextHandle,
out outputBufferDescWrapper.securityBufferDesc,
out contextAttribute,
out timeStamp);
}
inputBufferDescWrapper.FreeSecurityBufferDesc();
lastHResult = hResult;
if (hResult == NativeMethods.SEC_E_OK)
{
this.needContinueProcessing = false;
this.hasMoreFragments = false;
}
else if (hResult == NativeMethods.SEC_I_CONTINUE_NEEDED)
{
this.needContinueProcessing = true;
this.hasMoreFragments = false;
}
else if (hResult == NativeMethods.SEC_I_MESSAGE_FRAGMENT)
{
this.needContinueProcessing = true;
this.hasMoreFragments = true;
}
else
{
throw new SspiException("Accept failed.", hResult);
}
//Get token
this.token = null;
SspiSecurityBuffer[] buffers = outputBufferDescWrapper.securityBufferDesc.GetBuffers();
for (int i = 0; i < buffers.Length; i++)
{
if (buffers[i].bufferType == (uint)SecurityBufferType.Token)
{
if (buffers[i].bufferLength > 0)
{
this.token = new byte[buffers[i].bufferLength];
Marshal.Copy(buffers[i].pSecBuffer, this.token, 0, this.token.Length);
}
break;
}
}
outputBufferDescWrapper.FreeSecurityBufferDesc();
}
/// <summary>
/// Accept client token.
/// </summary>
/// <param name="clientToken">Token of client</param>
/// <exception cref="SspiException">If Accept fail, this exception will be thrown.</exception>
public override void Accept(byte[] clientToken)
{
SecurityBuffer[] securityBuffers;
if (this.packageType == SecurityPackageType.CredSsp)
{
//There must be two buffers.
securityBuffers = new SecurityBuffer[2];
//The first buffer must be of type SECBUFFER_TOKEN and contain the security token
//received from the client.
securityBuffers[0] = new SecurityBuffer(SecurityBufferType.Token, clientToken);
//The second buffer should be of type SECBUFFER_EMPTY.
securityBuffers[1] = new SecurityBuffer(SecurityBufferType.Empty, new byte[0]);
}
else
{
securityBuffers = new SecurityBuffer[] { new SecurityBuffer(SecurityBufferType.Token, clientToken) };
}
SecurityBufferDescWrapper inputBufferDescWrapper = new SecurityBufferDescWrapper(securityBuffers);
SecurityBuffer serverTokenBuffer = new SecurityBuffer(
SecurityBufferType.Token,
new byte[Consts.MAX_TOKEN_SIZE]);
SecurityBufferDescWrapper outputBufferDescWrapper = new SecurityBufferDescWrapper(serverTokenBuffer);
SecurityInteger timeStamp;
uint contextAttribute;
uint hResult = 0;
if (this.contextHandle.LowPart == IntPtr.Zero && this.contextHandle.HighPart == IntPtr.Zero)
{
hResult = NativeMethods.AcceptSecurityContext(
ref this.credentialHandle,
IntPtr.Zero,
ref inputBufferDescWrapper.securityBufferDesc,
(uint)this.securityContextAttributes,
(uint)this.targetDataRepresentaion,
ref this.contextHandle,
out outputBufferDescWrapper.securityBufferDesc,
out contextAttribute,
out timeStamp);
}
else
{
hResult = NativeMethods.AcceptSecurityContext(
ref this.credentialHandle,
ref this.contextHandle,
ref inputBufferDescWrapper.securityBufferDesc,
(uint)this.securityContextAttributes,
(uint)this.targetDataRepresentaion,
ref this.contextHandle,
out outputBufferDescWrapper.securityBufferDesc,
out contextAttribute,
out timeStamp);
}
inputBufferDescWrapper.FreeSecurityBufferDesc();
if (hResult == NativeMethods.SEC_E_OK)
{
this.needContinueProcessing = false;
}
else if (hResult == NativeMethods.SEC_I_CONTINUE_NEEDED)
{
this.needContinueProcessing = true;
}
else
{
throw new SspiException("Accept failed.", hResult);
}
//Get token
this.token = null;
SspiSecurityBuffer[] buffers = outputBufferDescWrapper.securityBufferDesc.GetBuffers();
for (int i = 0; i < buffers.Length; i++)
{
if (buffers[i].bufferType == (uint)SecurityBufferType.Token)
{
if (buffers[i].bufferLength > 0)
{
this.token = new byte[buffers[i].bufferLength];
Marshal.Copy(buffers[i].pSecBuffer, this.token, 0, this.token.Length);
}
break;
}
}
outputBufferDescWrapper.FreeSecurityBufferDesc();
}
