internal static partial Status InitiateCredWithPassword(
out Status minorStatus,
[MarshalAs(UnmanagedType.Bool)] bool isNtlm,
SafeGssNameHandle desiredName,
string password,
int passwordLen,
out SafeGssCredHandle outputCredHandle);
internal static extern Status InitiateCredWithPassword(
out Status minorStatus,
bool isNtlm,
SafeGssNameHandle desiredName,
string password,
int passwordLen,
out SafeGssCredHandle outputCredHandle);
internal static partial Status InitiateCredWithPassword(
out Status minorStatus,
PackageType packageType,
SafeGssNameHandle desiredName,
string password,
int passwordLen,
out SafeGssCredHandle outputCredHandle);
internal static Status InitiateCredWithPassword(
out Status minorStatus,
bool isNtlm,
SafeGssNameHandle desiredName,
string password,
int passwordLen,
out SafeGssCredHandle outputCredHandle) => throw new NotSupportedException();
internal static extern Status InitSecContext(
out Status minorStatus,
SafeGssCredHandle initiatorCredHandle,
ref SafeGssContextHandle contextHandle,
bool isNtlm,
SafeGssNameHandle targetName,
uint reqFlags,
byte[] inputBytes,
int inputLength,
ref GssBuffer token,
out uint retFlags);
private static bool GssInitSecurityContext(
ref SafeGssContextHandle context,
SafeGssCredHandle credential,
bool isNtlm,
SafeGssNameHandle targetName,
Interop.NetSecurityNative.GssFlags inFlags,
byte[] buffer,
out byte[] outputBuffer,
out uint outFlags,
out int isNtlmUsed)
{
outputBuffer = null;
outFlags = 0;
// EstablishSecurityContext is called multiple times in a session.
// In each call, we need to pass the context handle from the previous call.
// For the first call, the context handle will be null.
if (context == null)
{
context = new SafeGssContextHandle();
}
Interop.NetSecurityNative.GssBuffer token = default;
Interop.NetSecurityNative.Status status;
try
{
Interop.NetSecurityNative.Status minorStatus;
status = Interop.NetSecurityNative.InitSecContext(out minorStatus,
credential,
ref context,
isNtlm,
targetName,
(uint)inFlags,
buffer,
(buffer == null) ? 0 : buffer.Length,
ref token,
out outFlags,
out isNtlmUsed);
if ((status != Interop.NetSecurityNative.Status.GSS_S_COMPLETE) && (status != Interop.NetSecurityNative.Status.GSS_S_CONTINUE_NEEDED))
{
throw new Interop.NetSecurityNative.GssApiException(status, minorStatus);
}
outputBuffer = token.ToByteArray();
}
finally
{
token.Dispose();
}
return(status == Interop.NetSecurityNative.Status.GSS_S_COMPLETE);
}
internal static Status InitSecContext(
out Status minorStatus,
SafeGssCredHandle initiatorCredHandle,
ref SafeGssContextHandle contextHandle,
bool isNtlmOnly,
SafeGssNameHandle targetName,
uint reqFlags,
byte[] inputBytes,
int inputLength,
ref GssBuffer token,
out uint retFlags,
out int isNtlmUsed) => throw new NotSupportedException();
public SafeDeleteNegoContext(SafeFreeNegoCredentials credential, string targetName)
: this(credential)
{
try
{
_targetName = SafeGssNameHandle.CreateTarget(targetName);
}
catch
{
Dispose();
throw;
}
}
public SafeDeleteNegoContext(SafeFreeNegoCredentials credential, string targetName)
: base(credential)
{
Debug.Assert((null != credential), "Null credential in SafeDeleteNegoContext");
try
{
_targetName = SafeGssNameHandle.CreatePrincipal(targetName);
}
catch
{
Dispose();
throw;
}
}
public SafeDeleteNegoContext(SafeFreeNegoCredentials credential, string targetName)
: base(credential)
{
Debug.Assert((null != credential), "Null credential in SafeDeleteNegoContext");
try
{
_targetNameKerberos = SafeGssNameHandle.CreateTarget(targetName, isNtlmTarget: false);
_targetNameNtlm = SafeGssNameHandle.CreateTarget(targetName, isNtlmTarget: true);
}
catch
{
Dispose();
throw;
}
}
internal static extern Status InitSecContext(
out Status minorStatus,
SafeGssCredHandle initiatorCredHandle,
ref SafeGssContextHandle contextHandle,
bool isNtlmOnly,
IntPtr cbt,
int cbtSize,
bool isNtlmFallback,
SafeGssNameHandle targetNameKerberos,
SafeGssNameHandle targetNameNtlm,
uint reqFlags,
byte[] inputBytes,
int inputLength,
ref GssBuffer token,
out uint retFlags,
out bool isNtlmUsed);
public SafeDeleteNegoContext(SafeFreeNegoCredentials credential, string targetName)
: this(credential)
{
try
{
// Convert any "SERVICE/HOST" style of targetName to use "SERVICE@HOST" style.
// This is because the System.Net.Security.Native GSS-API layer uses
// GSS_C_NT_HOSTBASED_SERVICE format for targetName.
_targetName = SafeGssNameHandle.CreateTarget(targetName.Replace('/', '@'));
}
catch
{
Dispose();
throw;
}
}
protected override void Dispose(bool disposing)
{
if (disposing)
{
if (null != _context)
{
_context.Dispose();
_context = null;
}
if (_targetName != null)
{
_targetName.Dispose();
_targetName = null;
}
}
base.Dispose(disposing);
}
public SafeDeleteNegoContext(SafeFreeNegoCredentials credential, string targetName)
: base(IntPtr.Zero)
{
try
{
_targetName = SafeGssNameHandle.CreateTarget(targetName);
_context = new SafeGssContextHandle();
}
catch
{
Dispose();
throw;
}
_credential = credential;
bool ignore = false;
_credential.DangerousAddRef(ref ignore);
}
protected override void Dispose(bool disposing)
{
if (disposing)
{
if (null != _context)
{
_context.Dispose();
_context = null;
}
if (_targetNameKerberos != null)
{
_targetNameKerberos.Dispose();
_targetNameKerberos = null;
}
if (_targetNameNtlm != null)
{
_targetNameNtlm.Dispose();
_targetNameNtlm = null;
}
}
base.Dispose(disposing);
}
internal static Status InitiateCredSpNego(
out Status minorStatus,
SafeGssNameHandle desiredName,
out SafeGssCredHandle outputCredHandle) => throw new NotSupportedException();
internal static extern Status InitiateCredSpNego(
out Status minorStatus,
SafeGssNameHandle desiredName,
out SafeGssCredHandle outputCredHandle);
internal static extern Status ImportTargetName(
out Status minorStatus,
string inputName,
int inputNameByteCount,
out SafeGssNameHandle outputName);
internal static partial Status ImportPrincipalName(
out Status minorStatus,
[MarshalAs(UnmanagedType.LPUTF8Str)] string inputName,
int inputNameByteCount,
out SafeGssNameHandle outputName);
private static bool GssInitSecurityContext(
ref SafeGssContextHandle context,
SafeGssCredHandle credential,
bool isNtlm,
ChannelBinding channelBinding,
SafeGssNameHandle targetName,
Interop.NetSecurityNative.GssFlags inFlags,
byte[] buffer,
out byte[] outputBuffer,
out uint outFlags,
out bool isNtlmUsed)
{
// If a TLS channel binding token (cbt) is available then get the pointer
// to the application specific data.
IntPtr cbtAppData = IntPtr.Zero;
int cbtAppDataSize = 0;
if (channelBinding != null)
{
int appDataOffset = Marshal.SizeOf <SecChannelBindings>();
Debug.Assert(appDataOffset < channelBinding.Size);
cbtAppData = channelBinding.DangerousGetHandle() + appDataOffset;
cbtAppDataSize = channelBinding.Size - appDataOffset;
}
outputBuffer = null;
outFlags = 0;
// EstablishSecurityContext is called multiple times in a session.
// In each call, we need to pass the context handle from the previous call.
// For the first call, the context handle will be null.
bool newContext = false;
if (context == null)
{
newContext = true;
context = new SafeGssContextHandle();
}
Interop.NetSecurityNative.GssBuffer token = default(Interop.NetSecurityNative.GssBuffer);
Interop.NetSecurityNative.Status status;
try
{
Interop.NetSecurityNative.Status minorStatus;
status = Interop.NetSecurityNative.InitSecContext(out minorStatus,
credential,
ref context,
isNtlm,
cbtAppData,
cbtAppDataSize,
targetName,
(uint)inFlags,
buffer,
(buffer == null) ? 0 : buffer.Length,
ref token,
out outFlags,
out isNtlmUsed);
if ((status != Interop.NetSecurityNative.Status.GSS_S_COMPLETE) &&
(status != Interop.NetSecurityNative.Status.GSS_S_CONTINUE_NEEDED))
{
if (newContext)
{
context.Dispose();
context = null;
}
throw new Interop.NetSecurityNative.GssApiException(status, minorStatus);
}
outputBuffer = token.ToByteArray();
}
finally
{
token.Dispose();
}
return(status == Interop.NetSecurityNative.Status.GSS_S_COMPLETE);
}
internal static Status ImportPrincipalName(
out Status minorStatus,
string inputName,
int inputNameByteCount,
out SafeGssNameHandle outputName) => throw new NotSupportedException();
