private static string GetPrincipalNameFromContext(SecurityHandle context) { // We must pass SSPI a pointer to a structure, where upon SSPI will allocate additional memory for the // fields of the structure. We have to call back into SSPI to free the buffers it allocated, this code is // pretty verbose, probably should be refactored var name = new SecurityContextNamesBuffer(); var namePtr = Marshal.AllocHGlobal(Marshal.SizeOf(name)); Marshal.StructureToPtr(name, namePtr, false); var status = SspiInterop.QueryContextAttributes(ref context, SspiInterop.SECPKG_ATTR_NATIVE_NAMES, namePtr); if (status != SspiInterop.SEC_E_OK) { Marshal.FreeHGlobal(namePtr); throw new AuthenticationException($"An unhandled exception occurred obtaining the username from the context (QueryContextAttributes returned: {status})"); } var usernamePtr = Marshal.PtrToStructure <SecurityContextNamesBuffer>(namePtr).clientname; var servernamePtr = Marshal.PtrToStructure <SecurityContextNamesBuffer>(namePtr).servername; var username = Marshal.PtrToStringUni(usernamePtr); SspiInterop.FreeContextBuffer(usernamePtr); SspiInterop.FreeContextBuffer(servernamePtr); Marshal.FreeHGlobal(namePtr); return(username); }
public void Dispose() { if (_context.HighPart != IntPtr.Zero || _context.LowPart != IntPtr.Zero) { FreeCredentialsHandle(_context); _context = new SecurityHandle(0); } GC.SuppressFinalize(this); }
private static extern int AcquireCredentialsHandle( string pszPrincipal, // SEC_CHAR* string pszPackage, // SEC_CHAR* // "Kerberos","NTLM","Negotiative" int fCredentialUse, IntPtr pAuthenticationId, // _LUID AuthenticationID,//pvLogonID, // PLUID IntPtr pAuthData, // PVOID int pGetKeyFn, // SEC_GET_KEY_FN IntPtr pvGetKeyArgument, // PVOID ref SecurityHandle phCredential, // SecHandle // PCtxtHandle ref ref SecurityInteger ptsExpiry); // PTimeStamp // TimeStamp ref
private static extern int InitializeSecurityContext(ref SecurityHandle phCredential, // PCredHandle ref SecurityHandle phContext, // PCtxtHandle string pszTargetName, int fContextReq, int reserved1, int targetDataRep, ref SecurityBufferDesciption secBufferDesc, // PSecBufferDesc SecBufferDesc int reserved2, out SecurityHandle phNewContext, // PCtxtHandle out SecurityBufferDesciption pOutput, // PSecBufferDesc SecBufferDesc out uint pfContextAttr, // managed ulong == 64 bits!!! out SecurityInteger ptsExpiry); // PTimeStamp
private static string[] GetGroupMembershipFromContext(SecurityHandle context) { // Query the context to obtain the Win32 Access Token, this will enable us to get the list of SID's that // represent group membership for the principal, we will use these to populate the Roles property var accessToken = new SecurityContextBuffer(); var accessTokenPtr = Marshal.AllocHGlobal(Marshal.SizeOf(accessToken)); Marshal.StructureToPtr(accessToken, accessTokenPtr, false); var status = SspiInterop.QueryContextAttributes(ref context, SspiInterop.SECPKG_ATTR_ACCESS_TOKEN, accessTokenPtr); if (status != SspiInterop.SEC_E_OK) { Marshal.FreeHGlobal(accessTokenPtr); throw new AuthenticationException($"An unhandled exception occurred obtaining the access token from the context (QueryContextAttributes returned: {status})"); } // who closes the access token, I assume when we delete the context var tokenPtr = Marshal.PtrToStructure <SecurityContextBuffer>(accessTokenPtr).Buffer; var groups = GetMemebershipSids(tokenPtr).ToArray(); Marshal.FreeHGlobal(accessTokenPtr); return(groups); }
public static partial int ldap_get_option_sechandle(ConnectionHandle ldapHandle, LdapOption option, ref SecurityHandle outValue);
public static extern int ldap_get_option_sechandle([In] ConnectionHandle ldapHandle, [In] LdapOption option, ref SecurityHandle outValue);
internal WindowsHandshake(SecurityHandle ntlmHandle) { _ntlmHandle = ntlmHandle; }
public SspiInitiator(SspiCredentials credentials, string target) { _target = target; _credentials = credentials.Credentials; }
internal static extern SEC_RESULT DeleteSecurityContext(SecurityHandle phCredential);
internal static extern SEC_RESULT FreeCredentialsHandle(SecurityHandle phCredential);
internal static extern SEC_RESULT QuerySecurityContextToken(ref SecurityHandle phContext, out IntPtr phToken);
public static extern SEC_RESULT AcquireCredentialsHandle(string pszPrincipal, string pszPackage, CredentialsUse fCredentialUse, IntPtr pvLogonID, IntPtr pAuthData, int pGetKeyFn, IntPtr pvGetKeyArgument, out SecurityHandle phCredential, out SecurityInteger ptsExpiry);
public SspiAcceptor(SspiCredentials credentials) { _credentials = credentials.Credentials; }
internal static extern SEC_RESULT AcceptSecurityContext(SecurityHandle phCredential, ref SecurityHandle phContext, ref SecBufferDesc pInput, ASC_REQ fContextReq, Data_Rep TargetDataRep, out SecurityHandle phNewContext, ref SecBufferDesc pOutput, out uint pfContextAttr, out SecurityInteger ptsTimeStamp);
internal WindowsHandshake(string sessionId, SecurityHandle ntlmHandle) { _sessionId = sessionId; _ntlmHandle = ntlmHandle; }