public void InitializeSecurityContext(SafeFreeCredentials credential, SafeDeleteContext context, string targetName, Interop.SspiCli.ContextFlags inFlags)
{
if (IsEnabled())
{
InitializeSecurityContext(IdOf(credential), IdOf(context), targetName, inFlags);
}
}
public void OperationReturnedSomething(string operation, Interop.SECURITY_STATUS errorCode)
{
if (IsEnabled())
{
WriteEvent(OperationReturnedSomethingId, operation, errorCode);
}
}
public void AcquireCredentialsHandle(string packageName, Interop.SspiCli.CredentialUse intent, string authdata)
{
if (IsEnabled())
{
WriteEvent(AcquireCredentialsHandleId, packageName, (int)intent, authdata);
}
}
public void SecurityContextInputBuffers(string context, int inputBuffersSize, int outputBufferSize, Interop.SECURITY_STATUS errorCode)
{
if (IsEnabled())
{
WriteEvent(SecurityContextInputBuffersId, context, inputBuffersSize, outputBufferSize, (int)errorCode);
}
}
public void AcquireDefaultCredential(string packageName, Interop.SspiCli.CredentialUse intent)
{
if (IsEnabled())
{
WriteEvent(AcquireDefaultCredentialId, packageName, intent);
}
}
public void AcquireCredentialsHandle(string packageName, Interop.SspiCli.CredentialUse intent, object authdata)
{
if (IsEnabled())
{
AcquireCredentialsHandle(packageName, intent, IdOf(authdata));
}
}
internal static int FillFdSetFromSocketList(ref Interop.Sys.FdSet fdset, IList socketList)
{
if (socketList == null || socketList.Count == 0)
{
return 0;
}
int maxFd = -1;
for (int i = 0; i < socketList.Count; i++)
{
var socket = socketList[i] as Socket;
if (socket == null)
{
throw new ArgumentException(SR.Format(SR.net_sockets_select, socketList[i].GetType().FullName, typeof(System.Net.Sockets.Socket).FullName), "socketList");
}
int fd = socket._handle.FileDescriptor;
fdset.Set(fd);
if (fd > maxFd)
{
maxFd = fd;
}
}
return maxFd + 1;
}
private void SetTimespanTimeout(Interop.HttpApi.HTTP_TIMEOUT_TYPE type, TimeSpan value)
{
Int64 timeoutValue;
//
// All timeouts are defined as USHORT in native layer (except MinSendRate, which is ULONG). Make sure that
// timeout value is within range.
//
timeoutValue = Convert.ToInt64(value.TotalSeconds);
if (timeoutValue < 0 || timeoutValue > ushort.MaxValue)
{
throw new ArgumentOutOfRangeException(nameof(value));
}
//
// Use local state to get values for other timeouts. Call into the native layer and if that
// call succeeds, update local state.
//
int[] currentTimeouts = _timeouts;
currentTimeouts[(int)type] = (int)timeoutValue;
_listener.SetServerTimeout(currentTimeouts, _minSendBytesPerSecond);
_timeouts[(int)type] = (int)timeoutValue;
}
private TimeSpan GetTimeout(Interop.HttpApi.HTTP_TIMEOUT_TYPE type)
{
//
// Since we maintain local state, GET is local.
//
return new TimeSpan(0, 0, (int)_timeouts[(int)type]);
}
private static void MicrosecondsToTimeValue(long microseconds, ref Interop.Winsock.TimeValue socketTime)
{
const int microcnv = 1000000;
socketTime.Seconds = (int)(microseconds / microcnv);
socketTime.Microseconds = (int)(microseconds % microcnv);
}
public void AcceptSecurityContext(SafeFreeCredentials credential, SafeDeleteContext context, Interop.SspiCli.ContextFlags inFlags)
{
if (IsEnabled())
{
AcceptSecurityContext(IdOf(credential), IdOf(context), inFlags);
}
}
private static unsafe IPHostEntry CreateIPHostEntry(Interop.Sys.HostEntry hostEntry)
{
string hostName = null;
if (hostEntry.CanonicalName != null)
{
hostName = Marshal.PtrToStringAnsi((IntPtr)hostEntry.CanonicalName);
}
int numAddresses = hostEntry.IPAddressCount;
IPAddress[] ipAddresses;
if (numAddresses == 0)
{
ipAddresses = Array.Empty<IPAddress>();
}
else
{
ipAddresses = new IPAddress[numAddresses];
void* addressListHandle = hostEntry.AddressListHandle;
var nativeIPAddress = default(Interop.Sys.IPAddress);
for (int i = 0; i < numAddresses; i++)
{
int err = Interop.Sys.GetNextIPAddress(&hostEntry, &addressListHandle, &nativeIPAddress);
Debug.Assert(err == 0);
ipAddresses[i] = nativeIPAddress.GetIPAddress();
}
}
int numAliases;
for (numAliases = 0; hostEntry.Aliases[numAliases] != null; numAliases++)
{
}
string[] aliases;
if (numAliases == 0)
{
aliases = Array.Empty<string>();
}
else
{
aliases = new string[numAliases];
for (int i = 0; i < numAliases; i++)
{
Debug.Assert(hostEntry.Aliases[i] != null);
aliases[i] = Marshal.PtrToStringAnsi((IntPtr)hostEntry.Aliases[i]);
}
}
Interop.Sys.FreeHostEntry(&hostEntry);
return new IPHostEntry
{
HostName = hostName,
AddressList = ipAddresses,
Aliases = aliases
};
}
internal SslConnectionInfo(Interop.libssl.SSL_CIPHER cipher)
{
Protocol = (int) MapProtocol(cipher.algorithm_ssl);
DataCipherAlg = (int) MapCipherAlgorithmType(cipher.algorithm_enc);
KeyExchangeAlg = (int) MapExchangeAlgorithmType(cipher.algorithm_mkey);
DataHashAlg = (int) MapHashAlgorithmType(cipher.algorithm_mac);
// TODO: map key sizes
}
internal SslConnectionInfo(Interop.libssl.SSL_CIPHER cipher, string protocol)
{
Protocol = (int) MapProtocolVersion(protocol);
DataCipherAlg = (int) MapCipherAlgorithmType((Interop.libssl.CipherAlgorithm) cipher.algorithm_enc);
KeyExchangeAlg = (int) MapExchangeAlgorithmType((Interop.libssl.KeyExchangeAlgorithm) cipher.algorithm_mkey);
DataHashAlg = (int) MapHashAlgorithmType((Interop.libssl.DataHashAlgorithm) cipher.algorithm_mac);
DataKeySize = cipher.alg_bits;
// TODO (Issue #3362) map key sizes
}
private static unsafe IPHostEntry CreateHostEntry(Interop.libc.hostent* hostent)
{
string hostName = null;
if (hostent->h_name != null)
{
hostName = Marshal.PtrToStringAnsi((IntPtr)hostent->h_name);
}
int numAddresses;
for (numAddresses = 0; hostent->h_addr_list[numAddresses] != null; numAddresses++)
{
}
IPAddress[] ipAddresses;
if (numAddresses == 0)
{
ipAddresses = Array.Empty<IPAddress>();
}
else
{
ipAddresses = new IPAddress[numAddresses];
for (int i = 0; i < numAddresses; i++)
{
Debug.Assert(hostent->h_addr_list[i] != null);
ipAddresses[i] = new IPAddress(*(int*)hostent->h_addr_list[i]);
}
}
int numAliases;
for (numAliases = 0; hostent->h_aliases[numAliases] != null; numAliases++)
{
}
string[] aliases;
if (numAliases == 0)
{
aliases = Array.Empty<string>();
}
else
{
aliases = new string[numAliases];
for (int i = 0; i < numAliases; i++)
{
Debug.Assert(hostent->h_aliases[i] != null);
aliases[i] = Marshal.PtrToStringAnsi((IntPtr)hostent->h_aliases[i]);
}
}
return new IPHostEntry
{
HostName = hostName,
AddressList = ipAddresses,
Aliases = aliases
};
}
// Must call this from derived class' constructors.
protected void BaseConstruction(Interop.HttpApi.HTTP_REQUEST* requestBlob)
{
if (requestBlob == null)
{
GC.SuppressFinalize(this);
}
else
{
_memoryBlob = requestBlob;
}
}
public int EncryptMessage(SafeDeleteContext context, Interop.Secur32.SecurityBufferDescriptor inputOutput, uint sequenceNumber)
{
int status = (int)Interop.SecurityStatus.InvalidHandle;
bool ignore = false;
context.DangerousAddRef(ref ignore);
status = Interop.Secur32.EncryptMessage(ref context._handle, 0, inputOutput, sequenceNumber);
context.DangerousRelease();
return status;
}
internal static SecurityStatusPal GetSecurityStatusPalFromInterop(Interop.SecurityStatus win32SecurityStatus)
{
SecurityStatusPalErrorCode statusCode;
if (!s_statusDictionary.TryGetForward(win32SecurityStatus, out statusCode))
{
Debug.Fail("Unknown Interop.SecurityStatus value: " + win32SecurityStatus);
throw new InternalException();
}
return new SecurityStatusPal(statusCode);
}
internal static void AcquireCredentialsHandle(string packageName, Interop.Secur32.CredentialUse intent, object authdata)
{
if (!s_log.IsEnabled())
{
return;
}
string arg1Str = "";
if (packageName != null)
{
arg1Str = packageName;
}
s_log.AcquireCredentialsHandle(arg1Str, intent, LoggingHash.GetObjectName(authdata));
}
internal static ContextFlagsPal GetContextFlagsPalFromInterop(Interop.SspiCli.ContextFlags win32Flags)
{
ContextFlagsPal flags = ContextFlagsPal.None;
foreach (ContextFlagMapping mapping in s_contextFlagMapping)
{
if ((win32Flags & mapping.Win32Flag) == mapping.Win32Flag)
{
flags |= mapping.ContextFlag;
}
}
return flags;
}
internal void AcquireDefaultCredential(string packageName, Interop.Secur32.CredentialUse intent)
{
if (!s_log.IsEnabled())
{
return;
}
string arg1Str = "";
if (packageName != null)
{
arg1Str = packageName;
}
s_log.WriteEvent(ACQUIRE_DEFAULT_CREDENTIAL_ID, arg1Str, intent);
}
public int EncryptMessage(SafeDeleteContext context, Interop.SspiCli.SecBufferDesc inputOutput, uint sequenceNumber)
{
try
{
bool ignore = false;
context.DangerousAddRef(ref ignore);
return Interop.SspiCli.EncryptMessage(ref context._handle, 0, inputOutput, sequenceNumber);
}
finally
{
context.DangerousRelease();
}
}
internal static ContextFlagsPal GetContextFlagsPalFromInterop(Interop.NetSecurityNative.GssFlags gssFlags)
{
ContextFlagsPal flags = ContextFlagsPal.None;
foreach (ContextFlagMapping mapping in s_contextFlagMapping)
{
if ((gssFlags & mapping.GssFlags) == mapping.GssFlags)
{
flags |= mapping.ContextFlag;
}
}
return flags;
}
public unsafe int DecryptMessage(SafeDeleteContext context, Interop.Secur32.SecurityBufferDescriptor inputOutput,
uint sequenceNumber)
{
try
{
bool ignore = false;
context.DangerousAddRef(ref ignore);
return Interop.Secur32.DecryptMessage(ref context._handle, inputOutput, sequenceNumber, null);
}
finally
{
context.DangerousRelease();
}
}
private static unsafe bool TryGetHostByAddr(Interop.libc.in_addr address, byte* buffer, int bufferSize, Interop.libc.hostent* hostent, Interop.libc.hostent** result)
{
int errno;
int err = Interop.libc.gethostbyaddr_r(&address, (uint)sizeof(Interop.libc.in_addr), Interop.libc.AF_INET, hostent, buffer, (IntPtr)bufferSize, result, &errno);
switch (Interop.Sys.ConvertErrorPlatformToPal(err))
{
case 0:
return true;
case Interop.Error.ERANGE:
return false;
default:
throw new InternalSocketException(GetSocketErrorForErrno(errno), errno);
}
}
private static unsafe bool TryGetHostByName(string hostName, byte* buffer, int bufferSize, Interop.libc.hostent* hostent, Interop.libc.hostent** result)
{
int errno;
int err = Interop.libc.gethostbyname_r(hostName, hostent, buffer, (IntPtr)bufferSize, result, &errno);
switch (Interop.Sys.ConvertErrorPlatformToPal(err))
{
case 0:
return true;
case Interop.Error.ERANGE:
return false;
default:
throw new InternalSocketException(GetSocketErrorForErrno(errno), errno);
}
}
private static CipherAlgorithmType MapCipherAlgorithmType(Interop.libssl.CipherAlgorithm encryption)
{
switch (encryption)
{
case Interop.libssl.CipherAlgorithm.SSL_DES:
return CipherAlgorithmType.Des;
case Interop.libssl.CipherAlgorithm.SSL_3DES:
return CipherAlgorithmType.TripleDes;
case Interop.libssl.CipherAlgorithm.SSL_RC4:
return CipherAlgorithmType.Rc4;
case Interop.libssl.CipherAlgorithm.SSL_RC2:
return CipherAlgorithmType.Rc2;
case Interop.libssl.CipherAlgorithm.SSL_eNULL:
return CipherAlgorithmType.Null;
case Interop.libssl.CipherAlgorithm.SSL_AES128:
return CipherAlgorithmType.Aes128;
case Interop.libssl.CipherAlgorithm.SSL_AES256:
return CipherAlgorithmType.Aes256;
case Interop.libssl.CipherAlgorithm.SSL_IDEA:
return (CipherAlgorithmType) SSL_IDEA;
case Interop.libssl.CipherAlgorithm.SSL_CAMELLIA128:
return (CipherAlgorithmType) SSL_CAMELLIA128;
case Interop.libssl.CipherAlgorithm.SSL_CAMELLIA256:
return (CipherAlgorithmType) SSL_CAMELLIA256;
case Interop.libssl.CipherAlgorithm.SSL_eGOST2814789CNT:
return (CipherAlgorithmType) SSL_eGOST2814789CNT;
case Interop.libssl.CipherAlgorithm.SSL_SEED:
return (CipherAlgorithmType) SSL_SEED;
case Interop.libssl.CipherAlgorithm.SSL_AES128GCM:
return CipherAlgorithmType.Aes128;
case Interop.libssl.CipherAlgorithm.SSL_AES256GCM:
return CipherAlgorithmType.Aes256;
default:
return CipherAlgorithmType.None;
}
}
internal void AcquireDefaultCredential(string packageName, Interop.SspiCli.CredentialUse intent)
{
if (!s_log.IsEnabled())
{
return;
}
string arg1Str = "";
if (packageName != null)
{
arg1Str = packageName;
}
s_log.WriteEvent(AcquireDefaultCredentialId, arg1Str, intent);
}
// Transform the list socketList such that the only sockets left are those
// with a file descriptor contained in the array "fileDescriptorArray".
internal static void FilterSocketListUsingFdSet(ref Interop.Sys.FdSet fdset, IList socketList)
{
if (socketList == null || socketList.Count == 0)
{
return;
}
lock (socketList)
{
for (int i = socketList.Count - 1; i >= 0; i--)
{
var socket = (Socket)socketList[i];
if (!fdset.IsSet(socket._handle.FileDescriptor))
{
socketList.RemoveAt(i);
}
}
}
}
internal static SecurityStatusPal GetSecurityStatusPalFromInterop(Interop.SECURITY_STATUS win32SecurityStatus, bool attachException = false)
{
SecurityStatusPalErrorCode statusCode;
if (!s_statusDictionary.TryGetForward(win32SecurityStatus, out statusCode))
{
Debug.Fail("Unknown Interop.SecurityStatus value: " + win32SecurityStatus);
throw new InternalException();
}
if (attachException)
{
return new SecurityStatusPal(statusCode, new Win32Exception((int)win32SecurityStatus));
}
else
{
return new SecurityStatusPal(statusCode);
}
}
public static SafeFreeCredentials AcquireCredentialsHandle(SSPIInterface secModule, string package, Interop.Secur32.CredentialUse intent, Interop.Secur32.SecureCredential scc)
{
GlobalLog.Print("SSPIWrapper::AcquireCredentialsHandle#3(): using " + package);
if (Logging.On)
{
Logging.PrintInfo(Logging.Web,
"AcquireCredentialsHandle(" +
"package = " + package + ", " +
"intent = " + intent + ", " +
"scc = " + scc + ")");
}
SafeFreeCredentials outCredential = null;
int errorCode = secModule.AcquireCredentialsHandle(
package,
intent,
ref scc,
out outCredential);
if (errorCode != 0)
{
#if TRACE_VERBOSE
GlobalLog.Print("SSPIWrapper::AcquireCredentialsHandle#3(): error " + Interop.MapSecurityStatus((uint)errorCode));
#endif
if (Logging.On)
{
Logging.PrintError(Logging.Web, SR.Format(SR.net_log_operation_failed_with_error, "AcquireCredentialsHandle()", String.Format(CultureInfo.CurrentCulture, "0X{0:X}", errorCode)));
}
throw new Win32Exception(errorCode);
}
#if TRACE_VERBOSE
GlobalLog.Print("SSPIWrapper::AcquireCredentialsHandle#3(): cred handle = " + outCredential.ToString());
#endif
return(outCredential);
}
public static SafeFreeCredentials AcquireCredentialsHandle(SSPIInterface secModule, string package, Interop.Secur32.CredentialUse intent, Interop.Secur32.SecureCredential scc)
{
GlobalLog.Print("SSPIWrapper::AcquireCredentialsHandle#3(): using " + package);
if (SecurityEventSource.Log.IsEnabled())
{
SecurityEventSource.AcquireCredentialsHandle(package, intent, scc);
}
SafeFreeCredentials outCredential = null;
int errorCode = secModule.AcquireCredentialsHandle(
package,
intent,
ref scc,
out outCredential);
if (errorCode != 0)
{
#if TRACE_VERBOSE
GlobalLog.Print("SSPIWrapper::AcquireCredentialsHandle#3(): error " + Interop.MapSecurityStatus((uint)errorCode));
#endif
if (NetEventSource.Log.IsEnabled())
{
NetEventSource.PrintError(NetEventSource.ComponentType.Security, SR.Format(SR.net_log_operation_failed_with_error, "AcquireCredentialsHandle()", String.Format(CultureInfo.CurrentCulture, "0X{0:X}", errorCode)));
}
throw new Win32Exception(errorCode);
}
#if TRACE_VERBOSE
GlobalLog.Print("SSPIWrapper::AcquireCredentialsHandle#3(): cred handle = " + outCredential.ToString());
#endif
return(outCredential);
}
