internal static SecStatusCode AcceptSecurityContext(
CredentialHandle credential,
SecHandle context,
AcceptContextReqFlags req_attributes,
SecDataRep data_rep,
IList <SecurityBuffer> input,
SecHandle new_context,
IList <SecurityBuffer> output,
out AcceptContextRetFlags ret_attributes,
LargeInteger expiry,
bool throw_on_error)
{
using (DisposableList list = new DisposableList())
{
var input_buffers = input?.ToBufferList(list);
var output_buffers = output?.ToBufferList(list);
var in_buffer_desc = input_buffers.ToDesc(list);
var out_buffer_desc = output_buffers.ToDesc(list);
SecStatusCode result = SecurityNativeMethods.AcceptSecurityContext(credential.CredHandle, context,
in_buffer_desc, req_attributes, data_rep, new_context, out_buffer_desc, out ret_attributes, expiry).CheckResult(throw_on_error);
if (!result.IsSuccess())
{
return(result);
}
try
{
if (result == SecStatusCode.SEC_I_COMPLETE_NEEDED || result == SecStatusCode.SEC_I_COMPLETE_AND_CONTINUE)
{
var comp_result = SecurityNativeMethods.CompleteAuthToken(context, out_buffer_desc).CheckResult(throw_on_error);
if (!comp_result.IsSuccess())
{
return(comp_result);
}
}
}
finally
{
if (result.IsSuccess())
{
output?.UpdateBuffers(out_buffer_desc);
}
}
return(result);
}
}
private SecStatusCode CallInitialize(List <SecurityBuffer> input_buffers, List <SecurityBuffer> output_buffers, bool throw_on_error)
{
var token_buffer = new SecurityBufferAllocMem(SecurityBufferType.Token);
output_buffers.Insert(0, token_buffer);
if (ChannelBinding != null)
{
input_buffers.Add(new SecurityBufferChannelBinding(ChannelBinding));
}
string target_name = string.IsNullOrEmpty(Target) ? null : Target;
LargeInteger expiry = new LargeInteger();
SecHandle new_context = _context ?? new SecHandle();
SecStatusCode result = SecurityContextUtils.InitializeSecurityContext(_creds, _context, target_name,
RequestAttributes | InitializeContextReqFlags.AllocateMemory, DataRepresentation, input_buffers, new_context,
output_buffers, out InitializeContextRetFlags flags, expiry, throw_on_error);
if (!result.IsSuccess())
{
return(result);
}
_context = new_context;
Expiry = expiry.QuadPart;
ReturnAttributes = flags & ~InitializeContextRetFlags.AllocatedMemory;
Token = AuthenticationToken.Parse(_creds.PackageName, _token_count++, true, token_buffer.ToArray());
Done = !(result == SecStatusCode.SEC_I_CONTINUE_NEEDED || result == SecStatusCode.SEC_I_COMPLETE_AND_CONTINUE);
return(result);
}
private SecStatusCode CallAccept(List <SecurityBuffer> input_buffers, List <SecurityBuffer> output_buffers, bool throw_on_error)
{
var token_buffer = new SecurityBufferAllocMem(SecurityBufferType.Token);
output_buffers.Insert(0, token_buffer);
if (ChannelBinding != null)
{
input_buffers.Add(new SecurityBufferChannelBinding(ChannelBinding));
}
LargeInteger expiry = new LargeInteger();
SecHandle new_context = _context ?? new SecHandle();
SecStatusCode result = SecurityContextUtils.AcceptSecurityContext(_creds, _context,
RequestAttributes | AcceptContextReqFlags.AllocateMemory, DataRepresentation, input_buffers, new_context, output_buffers,
out AcceptContextRetFlags context_attr, expiry, throw_on_error);
if (!result.IsSuccess())
{
return(result);
}
_context = new_context;
ReturnAttributes = context_attr & ~AcceptContextRetFlags.AllocatedMemory;
Expiry = expiry.QuadPart;
Token = AuthenticationToken.Parse(_creds.PackageName, _token_count++, false, token_buffer.ToArray());
Done = !(result == SecStatusCode.SEC_I_CONTINUE_NEEDED || result == SecStatusCode.SEC_I_COMPLETE_AND_CONTINUE);
return(result);
}