/// <summary>
/// Constructor.
/// </summary>
/// <param name="creds">Credential handle.</param>
/// <param name="req_attributes">Request attribute flags.</param>
/// <param name="target">Target SPN (optional).</param>
/// <param name="data_rep">Data representation.</param>
public ClientAuthenticationContext(CredentialHandle creds, InitializeContextReqFlags req_attributes,
string target, SecDataRep data_rep)
{
_creds = creds;
_req_attributes = req_attributes & ~InitializeContextReqFlags.AllocateMemory;
_context = new SecHandle();
_target = target;
_data_rep = data_rep;
Continue(null);
}
/// <summary>
/// Constructor.
/// </summary>
/// <param name="creds">Credential handle.</param>
/// <param name="req_attributes">Request attribute flags.</param>
/// <param name="target">Target SPN (optional).</param>
/// <param name="data_rep">Data representation.</param>
/// <param name="channel_binding">Optional channel binding token.</param>
public ClientAuthenticationContext(CredentialHandle creds,
InitializeContextReqFlags req_attributes,
string target, byte[] channel_binding, SecDataRep data_rep)
{
_creds = creds;
_req_attributes = req_attributes & ~InitializeContextReqFlags.AllocateMemory;
_context = new SecHandle();
_target = target == string.Empty ? null : target;
_data_rep = data_rep;
_token_count = 0;
_channel_binding = channel_binding;
Continue(null);
}
internal static SecStatusCode InitializeSecurityContext(
CredentialHandle credential,
SecHandle context,
string target_name,
InitializeContextReqFlags req_attributes,
SecDataRep data_rep,
IList <SecurityBuffer> input,
SecHandle new_context,
IList <SecurityBuffer> output,
out InitializeContextRetFlags ret_attributes,
LargeInteger expiry,
bool throw_on_error)
{
using (DisposableList list = new DisposableList())
{
var input_buffers = input?.ToBufferList(list);
var output_buffers = output?.ToBufferList(list);
var in_buffer_desc = input_buffers.ToDesc(list);
var out_buffer_desc = output_buffers.ToDesc(list);
var result = SecurityNativeMethods.InitializeSecurityContext(credential.CredHandle,
context, target_name, req_attributes, 0, data_rep, in_buffer_desc, 0,
new_context, out_buffer_desc, out ret_attributes, expiry).CheckResult(throw_on_error);
if (!result.IsSuccess())
{
return(result);
}
try
{
if (result == SecStatusCode.SEC_I_COMPLETE_NEEDED || result == SecStatusCode.SEC_I_COMPLETE_AND_CONTINUE)
{
var comp_result = SecurityNativeMethods.CompleteAuthToken(new_context, out_buffer_desc).CheckResult(throw_on_error);
if (!comp_result.IsSuccess())
{
return(comp_result);
}
}
}
finally
{
if (result.IsSuccess())
{
output?.UpdateBuffers(out_buffer_desc);
}
}
return(result);
}
}
internal static extern SecStatusCode InitializeSecurityContext(
[In] SecHandle phCredential,
[In] SecHandle phContext,
string pszTargetName,
InitializeContextReqFlags fContextReq,
int Reserved1,
SecDataRep TargetDataRep,
SecBufferDesc pInput,
int Reserved2,
[Out] SecHandle phNewContext,
[In, Out] SecBufferDesc pOutput,
out InitializeContextRetFlags pfContextAttr,
[Out] LargeInteger ptsExpiry
);
/// <summary>
/// Constructor.
/// </summary>
/// <param name="creds">Credential handle.</param>
/// <param name="req_attributes">Request attribute flags.</param>
/// <param name="target">Target SPN (optional).</param>
/// <param name="data_rep">Data representation.</param>
/// <param name="channel_binding">Optional channel binding token.</param>
/// <param name="initialize">Specify to default initialize the context. Must call Continue with an auth token to initialize.</param>
public ClientAuthenticationContext(CredentialHandle creds,
InitializeContextReqFlags req_attributes,
string target, byte[] channel_binding, SecDataRep data_rep, bool initialize)
{
_creds = creds;
_token_count = 0;
RequestAttributes = req_attributes;
Target = target;
DataRepresentation = data_rep;
ChannelBinding = channel_binding;
if (initialize)
{
Continue();
}
}
private InitializeContextReqFlags GetContextRequestFlags()
{
InitializeContextReqFlags flags = InitializeContextReqFlags.Connection | InitializeContextReqFlags.UseDCEStyle;
if (SecurityQualityOfService != null)
{
switch (SecurityQualityOfService.ImpersonationLevel)
{
case SecurityImpersonationLevel.Identification:
flags |= InitializeContextReqFlags.Identify;
break;
case SecurityImpersonationLevel.Delegation:
flags |= InitializeContextReqFlags.Delegate | InitializeContextReqFlags.MutualAuth;
break;
}
}
switch (AuthenticationLevel)
{
case RpcAuthenticationLevel.PacketIntegrity:
flags |= InitializeContextReqFlags.Integrity | InitializeContextReqFlags.ReplayDetect | InitializeContextReqFlags.SequenceDetect;
break;
case RpcAuthenticationLevel.PacketPrivacy:
flags |= InitializeContextReqFlags.Confidentiality | InitializeContextReqFlags.Integrity | InitializeContextReqFlags.ReplayDetect | InitializeContextReqFlags.SequenceDetect;
break;
}
if (AuthenticationCapabilities.HasFlagSet(RpcAuthenticationCapabilities.MutualAuthentication))
{
flags |= InitializeContextReqFlags.MutualAuth;
}
if (AuthenticationCapabilities.HasFlagSet(RpcAuthenticationCapabilities.NullSession))
{
flags |= InitializeContextReqFlags.NullSession;
}
if (AuthenticationCapabilities.HasFlagSet(RpcAuthenticationCapabilities.Delegation))
{
flags |= InitializeContextReqFlags.Delegate | InitializeContextReqFlags.MutualAuth;
}
return(flags);
}
/// <summary>
/// Constructor.
/// </summary>
/// <param name="creds">Credential handle.</param>
/// <param name="req_attributes">Request attribute flags.</param>
/// <param name="data_rep">Data representation.</param>
public ClientAuthenticationContext(CredentialHandle creds,
InitializeContextReqFlags req_attributes, SecDataRep data_rep)
: this(creds, req_attributes, null, data_rep)
{
}
/// <summary>
/// Constructor.
/// </summary>
/// <param name="creds">Credential handle.</param>
/// <param name="req_attributes">Request attribute flags.</param>
/// <param name="target">Target SPN (optional).</param>
/// <param name="data_rep">Data representation.</param>
/// <param name="channel_binding">Optional channel binding token.</param>
public ClientAuthenticationContext(CredentialHandle creds,
InitializeContextReqFlags req_attributes,
string target, byte[] channel_binding, SecDataRep data_rep)
: this(creds, req_attributes, target, channel_binding, data_rep, true)
{
}