public override void Accept(byte[] clientToken) { SecurityBuffer[] inSecurityBuffers; //There must be two buffers. inSecurityBuffers = new SecurityBuffer[3]; //The first buffer must be of type SECBUFFER_TOKEN and contain the security token //received from the client. inSecurityBuffers[0] = new SecurityBuffer(SecurityBufferType.Token, clientToken); //The second buffer should be of type SECBUFFER_EMPTY. inSecurityBuffers[1] = new SecurityBuffer(SecurityBufferType.Empty, new byte[0]); //The 3nd buffer should be of type Extra. inSecurityBuffers[2] = new SecurityBuffer(SecurityBufferType.Extra, new byte[0]); SecurityBufferDescWrapper inputBufferDescWrapper = new SecurityBufferDescWrapper(inSecurityBuffers); SecurityBuffer[] outSecurityBuffers; outSecurityBuffers = new SecurityBuffer[2]; //1 token outSecurityBuffers[0] = new SecurityBuffer(SecurityBufferType.Token, new byte[NativeMethods.MAX_TOKEN_SIZE]); //2 alert outSecurityBuffers[1] = new SecurityBuffer(SecurityBufferType.Alert, new byte[NativeMethods.MAX_TOKEN_SIZE]); SecurityBufferDescWrapper outputBufferDescWrapper = new SecurityBufferDescWrapper(outSecurityBuffers); SecurityInteger timeStamp; uint contextAttribute; uint hResult = 0; if (this.contextHandle.LowPart == IntPtr.Zero || this.contextHandle.HighPart == IntPtr.Zero) { hResult = NativeMethods.AcceptSecurityContext( ref this.credentialHandle, IntPtr.Zero, ref inputBufferDescWrapper.securityBufferDesc, (uint)this.securityContextAttributes, (uint)this.targetDataRepresentaion, ref this.contextHandle, out outputBufferDescWrapper.securityBufferDesc, out contextAttribute, out timeStamp); } else { hResult = NativeMethods.AcceptSecurityContext( ref this.credentialHandle, ref this.contextHandle, ref inputBufferDescWrapper.securityBufferDesc, (uint)this.securityContextAttributes, (uint)this.targetDataRepresentaion, ref this.contextHandle, out outputBufferDescWrapper.securityBufferDesc, out contextAttribute, out timeStamp); } inputBufferDescWrapper.FreeSecurityBufferDesc(); lastHResult = hResult; if (hResult == NativeMethods.SEC_E_OK) { this.needContinueProcessing = false; this.hasMoreFragments = false; } else if (hResult == NativeMethods.SEC_I_CONTINUE_NEEDED) { this.needContinueProcessing = true; this.hasMoreFragments = false; } else if (hResult == NativeMethods.SEC_I_MESSAGE_FRAGMENT) { this.needContinueProcessing = true; this.hasMoreFragments = true; } else { throw new SspiException("Accept failed.", hResult); } //Get token this.token = null; SspiSecurityBuffer[] buffers = outputBufferDescWrapper.securityBufferDesc.GetBuffers(); for (int i = 0; i < buffers.Length; i++) { if (buffers[i].bufferType == (uint)SecurityBufferType.Token) { if (buffers[i].bufferLength > 0) { this.token = new byte[buffers[i].bufferLength]; Marshal.Copy(buffers[i].pSecBuffer, this.token, 0, this.token.Length); } break; } } outputBufferDescWrapper.FreeSecurityBufferDesc(); }
/// <summary> /// Initialize SecurityContext with a server token. /// </summary> /// <param name="serverToken">Server Token</param> /// <exception cref="SspiException">If Initialize fail, this exception will be thrown.</exception> public override void Initialize(byte[] serverToken) { uint hResult; SecurityBuffer[] securityBuffers; if (this.packageType == SecurityPackageType.CredSsp) { //On calls to this function after the initial call, there must be two buffers. securityBuffers = new SecurityBuffer[2]; //The first has type SECBUFFER_TOKEN and contains the token received from the server. securityBuffers[0] = new SecurityBuffer(SecurityBufferType.Token, serverToken); //The second buffer has type SECBUFFER_EMPTY; set both the pvBuffer and cbBuffer members to zero. securityBuffers[1] = new SecurityBuffer(SecurityBufferType.Empty, new byte[0]); } else { securityBuffers = new SecurityBuffer[] { new SecurityBuffer(SecurityBufferType.Token, serverToken) }; } SecurityBuffer outTokenBuffer = new SecurityBuffer( SecurityBufferType.Token, new byte[Consts.MAX_TOKEN_SIZE]); SecurityBufferDescWrapper serverTokenDescWrapper = new SecurityBufferDescWrapper(securityBuffers); SecurityBufferDescWrapper outBufferDescWrapper = new SecurityBufferDescWrapper(outTokenBuffer); uint outContextAttribute; SecurityInteger expiryTime = new SecurityInteger(); if (serverToken == null) { hResult = NativeMethods.InitializeSecurityContext( ref this.credentialHandle, IntPtr.Zero, this.serverPrincipalName, (int)this.securityContextAttributes, 0, (int)this.targetDataRepresentaion, IntPtr.Zero, 0, out this.contextHandle, out outBufferDescWrapper.securityBufferDesc, out outContextAttribute, out expiryTime); } else { if (this.contextHandle.LowPart == IntPtr.Zero && this.contextHandle.HighPart == IntPtr.Zero) { hResult = NativeMethods.InitializeSecurityContext( ref this.credentialHandle, IntPtr.Zero, this.serverPrincipalName, (int)this.securityContextAttributes, 0, (int)this.targetDataRepresentaion, ref serverTokenDescWrapper.securityBufferDesc, 0, out this.contextHandle, out outBufferDescWrapper.securityBufferDesc, out outContextAttribute, out expiryTime); } else { hResult = NativeMethods.InitializeSecurityContext( ref this.credentialHandle, ref this.contextHandle, this.serverPrincipalName, (int)this.securityContextAttributes, 0, (int)this.targetDataRepresentaion, ref serverTokenDescWrapper.securityBufferDesc, 0, out this.contextHandle, out outBufferDescWrapper.securityBufferDesc, out outContextAttribute, out expiryTime); } } serverTokenDescWrapper.FreeSecurityBufferDesc(); if (hResult == NativeMethods.SEC_E_OK) { this.needContinueProcessing = false; } else if (hResult == NativeMethods.SEC_I_CONTINUE_NEEDED) { this.needContinueProcessing = true; } else { throw new SspiException("Initialize failed.", hResult); } //Get token if success. this.token = null; SspiSecurityBuffer[] outBuffers = outBufferDescWrapper.securityBufferDesc.GetBuffers(); for (int i = 0; i < outBuffers.Length; i++) { if (outBuffers[i].bufferType == (uint)SecurityBufferType.Token) { if (outBuffers[i].bufferLength > 0) { this.token = new byte[outBuffers[i].bufferLength]; Marshal.Copy(outBuffers[i].pSecBuffer, this.token, 0, this.token.Length); } break; } } outBufferDescWrapper.FreeSecurityBufferDesc(); }
internal static void MakeSignature( ref SecurityHandle contextHandle, uint sequenceNumber, params SecurityBuffer[] securityBuffers) { SecurityBufferDescWrapper securityBufferDescWrapper = new SecurityBufferDescWrapper(securityBuffers); uint hResult = NativeMethods.MakeSignature( ref contextHandle, 0, ref securityBufferDescWrapper.securityBufferDesc, sequenceNumber); if (hResult != NativeMethods.SEC_E_OK) { securityBufferDescWrapper.FreeSecurityBufferDesc(); throw new SspiException("Sign failed.", hResult); } else { SspiSecurityBuffer[] buffers = securityBufferDescWrapper.securityBufferDesc.GetBuffers(); if (buffers != null) { for (int i = 0; i < buffers.Length; i++) { if (securityBuffers[i].BufferType == SecurityBufferType.Token) { securityBuffers[i].Buffer = new byte[buffers[i].bufferLength]; Marshal.Copy( buffers[i].pSecBuffer, securityBuffers[i].Buffer, 0, (int)buffers[i].bufferLength); } } } securityBufferDescWrapper.FreeSecurityBufferDesc(); } }
public override void Initialize(byte[] serverToken) { uint hResult; SecurityBuffer[] securityBuffers; if (this.packageType == SecurityPackageType.CredSsp) { //On calls to this function after the initial call, there must be two buffers. securityBuffers = new SecurityBuffer[2]; //The first has type SECBUFFER_TOKEN and contains the token received from the server. securityBuffers[0] = new SecurityBuffer(SecurityBufferType.Token, serverToken); //The second buffer has type SECBUFFER_EMPTY; set both the pvBuffer and cbBuffer members to zero. securityBuffers[1] = new SecurityBuffer(SecurityBufferType.Empty, new byte[0]); } else { securityBuffers = new SecurityBuffer[] { new SecurityBuffer(SecurityBufferType.Token, serverToken) }; } SecurityBuffer outTokenBuffer = new SecurityBuffer( SecurityBufferType.Token, new byte[NativeMethods.MAX_TOKEN_SIZE]); SecurityBufferDescWrapper serverTokenDescWrapper = new SecurityBufferDescWrapper(securityBuffers); SecurityBufferDescWrapper outBufferDescWrapper = new SecurityBufferDescWrapper(outTokenBuffer); uint outContextAttribute; SecurityInteger expiryTime = new SecurityInteger(); if (serverToken == null) { hResult = NativeMethods.InitializeSecurityContext( ref this.credentialHandle, IntPtr.Zero, this.serverPrincipalName, (int)this.securityContextAttributes, 0, (int)this.targetDataRepresentaion, IntPtr.Zero, 0, out this.contextHandle, out outBufferDescWrapper.securityBufferDesc, out outContextAttribute, out expiryTime); } else { if (this.contextHandle.LowPart == IntPtr.Zero && this.contextHandle.HighPart == IntPtr.Zero) { hResult = NativeMethods.InitializeSecurityContext( ref this.credentialHandle, IntPtr.Zero, this.serverPrincipalName, (int)this.securityContextAttributes, 0, (int)this.targetDataRepresentaion, ref serverTokenDescWrapper.securityBufferDesc, 0, out this.contextHandle, out outBufferDescWrapper.securityBufferDesc, out outContextAttribute, out expiryTime); } else { hResult = NativeMethods.InitializeSecurityContext( ref this.credentialHandle, ref this.contextHandle, this.serverPrincipalName, (int)this.securityContextAttributes, 0, (int)this.targetDataRepresentaion, ref serverTokenDescWrapper.securityBufferDesc, 0, out this.contextHandle, out outBufferDescWrapper.securityBufferDesc, out outContextAttribute, out expiryTime); } } serverTokenDescWrapper.FreeSecurityBufferDesc(); if (hResult == NativeMethods.SEC_E_OK) { this.needContinueProcessing = false; } else if (hResult == NativeMethods.SEC_I_CONTINUE_NEEDED) { this.needContinueProcessing = true; } else { throw new SspiException("Initialize failed.", hResult); } //Get token if success. this.token = null; SspiSecurityBuffer[] outBuffers = outBufferDescWrapper.securityBufferDesc.GetBuffers(); for (int i = 0; i < outBuffers.Length; i++) { if (outBuffers[i].bufferType == (uint)SecurityBufferType.Token) { if (outBuffers[i].bufferLength > 0) { this.token = new byte[outBuffers[i].bufferLength]; Marshal.Copy(outBuffers[i].pSecBuffer, this.token, 0, this.token.Length); } break; } } outBufferDescWrapper.FreeSecurityBufferDesc(); }
internal static void Encrypt( ref SecurityHandle contextHandle, uint sequenceNumber, SECQOP_WRAP qualityOfProtection, params SecurityBuffer[] securityBuffers) { SecurityBufferDescWrapper encryptBufferDescWrapper = new SecurityBufferDescWrapper(securityBuffers); uint hResult = NativeMethods.EncryptMessage( ref contextHandle, (uint)qualityOfProtection, ref encryptBufferDescWrapper.securityBufferDesc, sequenceNumber); if (hResult == NativeMethods.SEC_E_OK) { SspiSecurityBuffer[] buffers = encryptBufferDescWrapper.securityBufferDesc.GetBuffers(); for (int i = 0; i < securityBuffers.Length; i++) { securityBuffers[i].Buffer = new byte[buffers[i].bufferLength]; if (buffers[i].pSecBuffer != IntPtr.Zero) { Marshal.Copy(buffers[i].pSecBuffer, securityBuffers[i].Buffer, 0, securityBuffers[i].Buffer.Length); } } encryptBufferDescWrapper.FreeSecurityBufferDesc(); } else { encryptBufferDescWrapper.FreeSecurityBufferDesc(); throw new SspiException("Encrypt failed.", hResult); } }
internal static bool Decrypt( ref SecurityHandle contextHandle, uint sequenceNumber, params SecurityBuffer[] securityBuffers) { SecurityBufferDescWrapper decryptBufferDescWrapper = new SecurityBufferDescWrapper(securityBuffers); //A variable of type ULONG that receives package-specific flags that indicate the quality of protection. //Only for out parameter. uint pfQop; uint hResult = NativeMethods.DecryptMessage( ref contextHandle, ref decryptBufferDescWrapper.securityBufferDesc, sequenceNumber, out pfQop); if (hResult == NativeMethods.SEC_E_OK) { SspiSecurityBuffer[] buffers = decryptBufferDescWrapper.securityBufferDesc.GetBuffers(); for (int i = 0; i < securityBuffers.Length; i++) { securityBuffers[i].Buffer = new byte[buffers[i].bufferLength]; if (buffers[i].pSecBuffer != IntPtr.Zero) { Marshal.Copy(buffers[i].pSecBuffer, securityBuffers[i].Buffer, 0, securityBuffers[i].Buffer.Length); securityBuffers[i].BufferType = (SecurityBufferType)buffers[i].bufferType; } } decryptBufferDescWrapper.FreeSecurityBufferDesc(); return true; } else { decryptBufferDescWrapper.FreeSecurityBufferDesc(); throw new SspiException("Decrypt failed.", hResult); } }
internal static bool VerifySignature( ref SecurityHandle contextHandle, uint sequenceNumber, params SecurityBuffer[] securityBuffers) { SecurityBufferDescWrapper securityBufferDescWrapper = new SecurityBufferDescWrapper(securityBuffers); uint pfQop; uint hResult = NativeMethods.VerifySignature( ref contextHandle, ref securityBufferDescWrapper.securityBufferDesc, sequenceNumber, out pfQop); securityBufferDescWrapper.FreeSecurityBufferDesc(); if (hResult == NativeMethods.SEC_E_OK) { return true; } else { throw new SspiException("Verify failed.", hResult); } }
public override void Accept(byte[] clientToken) { SecurityBuffer[] inSecurityBuffers; //There must be two buffers. inSecurityBuffers = new SecurityBuffer[3]; //The first buffer must be of type SECBUFFER_TOKEN and contain the security token //received from the client. inSecurityBuffers[0] = new SecurityBuffer(SecurityBufferType.Token, clientToken); //The second buffer should be of type SECBUFFER_EMPTY. inSecurityBuffers[1] = new SecurityBuffer(SecurityBufferType.Empty, new byte[0]); //The 3nd buffer should be of type Extra. inSecurityBuffers[2] = new SecurityBuffer(SecurityBufferType.Extra, new byte[0]); SecurityBufferDescWrapper inputBufferDescWrapper = new SecurityBufferDescWrapper(inSecurityBuffers); SecurityBuffer[] outSecurityBuffers; outSecurityBuffers = new SecurityBuffer[2]; //1 token outSecurityBuffers[0] = new SecurityBuffer(SecurityBufferType.Token, new byte[NativeMethods.MAX_TOKEN_SIZE]); //2 alert outSecurityBuffers[1] = new SecurityBuffer(SecurityBufferType.Alert, new byte[NativeMethods.MAX_TOKEN_SIZE]); SecurityBufferDescWrapper outputBufferDescWrapper = new SecurityBufferDescWrapper(outSecurityBuffers); SecurityInteger timeStamp; uint contextAttribute; uint hResult = 0; if (this.contextHandle.LowPart == IntPtr.Zero || this.contextHandle.HighPart == IntPtr.Zero) { hResult = NativeMethods.AcceptSecurityContext( ref this.credentialHandle, IntPtr.Zero, ref inputBufferDescWrapper.securityBufferDesc, (uint)this.securityContextAttributes, (uint)this.targetDataRepresentaion, ref this.contextHandle, out outputBufferDescWrapper.securityBufferDesc, out contextAttribute, out timeStamp); } else { hResult = NativeMethods.AcceptSecurityContext( ref this.credentialHandle, ref this.contextHandle, ref inputBufferDescWrapper.securityBufferDesc, (uint)this.securityContextAttributes, (uint)this.targetDataRepresentaion, ref this.contextHandle, out outputBufferDescWrapper.securityBufferDesc, out contextAttribute, out timeStamp); } inputBufferDescWrapper.FreeSecurityBufferDesc(); lastHResult = hResult; if (hResult == NativeMethods.SEC_E_OK) { this.needContinueProcessing = false; this.hasMoreFragments = false; } else if (hResult == NativeMethods.SEC_I_CONTINUE_NEEDED) { this.needContinueProcessing = true; this.hasMoreFragments = false; } else if (hResult == NativeMethods.SEC_I_MESSAGE_FRAGMENT) { this.needContinueProcessing = true; this.hasMoreFragments = true; } else { throw new SspiException("Accept failed.", hResult); } //Get token this.token = null; SspiSecurityBuffer[] buffers = outputBufferDescWrapper.securityBufferDesc.GetBuffers(); for (int i = 0; i < buffers.Length; i++) { if (buffers[i].bufferType == (uint)SecurityBufferType.Token) { if (buffers[i].bufferLength > 0) { this.token = new byte[buffers[i].bufferLength]; Marshal.Copy(buffers[i].pSecBuffer, this.token, 0, this.token.Length); } break; } } outputBufferDescWrapper.FreeSecurityBufferDesc(); }
/// <summary> /// Accept client token. /// </summary> /// <param name="clientToken">Token of client</param> /// <exception cref="SspiException">If Accept fail, this exception will be thrown.</exception> public override void Accept(byte[] clientToken) { SecurityBuffer[] securityBuffers; if (this.packageType == SecurityPackageType.CredSsp) { //There must be two buffers. securityBuffers = new SecurityBuffer[2]; //The first buffer must be of type SECBUFFER_TOKEN and contain the security token //received from the client. securityBuffers[0] = new SecurityBuffer(SecurityBufferType.Token, clientToken); //The second buffer should be of type SECBUFFER_EMPTY. securityBuffers[1] = new SecurityBuffer(SecurityBufferType.Empty, new byte[0]); } else { securityBuffers = new SecurityBuffer[] { new SecurityBuffer(SecurityBufferType.Token, clientToken) }; } SecurityBufferDescWrapper inputBufferDescWrapper = new SecurityBufferDescWrapper(securityBuffers); SecurityBuffer serverTokenBuffer = new SecurityBuffer( SecurityBufferType.Token, new byte[Consts.MAX_TOKEN_SIZE]); SecurityBufferDescWrapper outputBufferDescWrapper = new SecurityBufferDescWrapper(serverTokenBuffer); SecurityInteger timeStamp; uint contextAttribute; uint hResult = 0; if (this.contextHandle.LowPart == IntPtr.Zero && this.contextHandle.HighPart == IntPtr.Zero) { hResult = NativeMethods.AcceptSecurityContext( ref this.credentialHandle, IntPtr.Zero, ref inputBufferDescWrapper.securityBufferDesc, (uint)this.securityContextAttributes, (uint)this.targetDataRepresentaion, ref this.contextHandle, out outputBufferDescWrapper.securityBufferDesc, out contextAttribute, out timeStamp); } else { hResult = NativeMethods.AcceptSecurityContext( ref this.credentialHandle, ref this.contextHandle, ref inputBufferDescWrapper.securityBufferDesc, (uint)this.securityContextAttributes, (uint)this.targetDataRepresentaion, ref this.contextHandle, out outputBufferDescWrapper.securityBufferDesc, out contextAttribute, out timeStamp); } inputBufferDescWrapper.FreeSecurityBufferDesc(); if (hResult == NativeMethods.SEC_E_OK) { this.needContinueProcessing = false; } else if (hResult == NativeMethods.SEC_I_CONTINUE_NEEDED) { this.needContinueProcessing = true; } else { throw new SspiException("Accept failed.", hResult); } //Get token this.token = null; SspiSecurityBuffer[] buffers = outputBufferDescWrapper.securityBufferDesc.GetBuffers(); for (int i = 0; i < buffers.Length; i++) { if (buffers[i].bufferType == (uint)SecurityBufferType.Token) { if (buffers[i].bufferLength > 0) { this.token = new byte[buffers[i].bufferLength]; Marshal.Copy(buffers[i].pSecBuffer, this.token, 0, this.token.Length); } break; } } outputBufferDescWrapper.FreeSecurityBufferDesc(); }