internal static SecurityPackageInfoClass[] EnumerateSecurityPackages(SSPIInterface SecModule) {
GlobalLog.Enter("EnumerateSecurityPackages");
if (SecModule.SecurityPackages==null) {
lock (SecModule) {
if (SecModule.SecurityPackages==null) {
int moduleCount = 0;
SafeFreeContextBuffer arrayBaseHandle = null;
try {
int errorCode = SecModule.EnumerateSecurityPackages(out moduleCount, out arrayBaseHandle);
GlobalLog.Print("SSPIWrapper::arrayBase: " + (arrayBaseHandle.DangerousGetHandle().ToString("x")));
if (errorCode != 0) {
throw new Win32Exception(errorCode);
}
SecurityPackageInfoClass[] securityPackages = new SecurityPackageInfoClass[moduleCount];
if (Logging.On) Logging.PrintInfo(Logging.Web, SR.GetString(SR.net_log_sspi_enumerating_security_packages));
int i;
for (i = 0; i < moduleCount; i++) {
securityPackages[i] = new SecurityPackageInfoClass(arrayBaseHandle, i);
if (Logging.On) Logging.PrintInfo(Logging.Web, " " + securityPackages[i].Name);
}
SecModule.SecurityPackages = securityPackages;
}
finally {
if (arrayBaseHandle != null) {
arrayBaseHandle.Close();
}
}
}
}
}
GlobalLog.Leave("EnumerateSecurityPackages");
return SecModule.SecurityPackages;
}
internal static SecurityPackageInfoClass[] EnumerateSecurityPackages(SSPIInterface secModule)
{
if (NetEventSource.IsEnabled)
{
NetEventSource.Enter(null);
}
if (secModule.SecurityPackages == null)
{
lock (secModule)
{
if (secModule.SecurityPackages == null)
{
int moduleCount = 0;
SafeFreeContextBuffer arrayBaseHandle = null;
try
{
int errorCode = secModule.EnumerateSecurityPackages(out moduleCount, out arrayBaseHandle);
if (NetEventSource.IsEnabled)
{
NetEventSource.Info(null, $"arrayBase: {arrayBaseHandle}");
}
if (errorCode != 0)
{
throw new Win32Exception(errorCode);
}
var securityPackages = new SecurityPackageInfoClass[moduleCount];
int i;
for (i = 0; i < moduleCount; i++)
{
securityPackages[i] = new SecurityPackageInfoClass(arrayBaseHandle, i);
if (NetEventSource.IsEnabled)
{
NetEventSource.Log.EnumerateSecurityPackages(securityPackages[i].Name);
}
}
secModule.SecurityPackages = securityPackages;
}
finally
{
if (arrayBaseHandle != null)
{
arrayBaseHandle.Dispose();
}
}
}
}
}
if (NetEventSource.IsEnabled)
{
NetEventSource.Exit(null);
}
return(secModule.SecurityPackages);
}
internal static SecurityPackageInfoClass[] EnumerateSecurityPackages(SSPIInterface secModule)
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Enter(nameof(EnumerateSecurityPackages));
}
if (secModule.SecurityPackages == null)
{
lock (secModule)
{
if (secModule.SecurityPackages == null)
{
int moduleCount = 0;
SafeFreeContextBuffer arrayBaseHandle = null;
try
{
int errorCode = secModule.EnumerateSecurityPackages(out moduleCount, out arrayBaseHandle);
if (GlobalLog.IsEnabled)
{
GlobalLog.Print("SSPIWrapper::arrayBase: " + (arrayBaseHandle.DangerousGetHandle().ToString("x")));
}
if (errorCode != 0)
{
throw new Win32Exception(errorCode);
}
var securityPackages = new SecurityPackageInfoClass[moduleCount];
int i;
for (i = 0; i < moduleCount; i++)
{
securityPackages[i] = new SecurityPackageInfoClass(arrayBaseHandle, i);
if (SecurityEventSource.Log.IsEnabled())
{
SecurityEventSource.Log.EnumerateSecurityPackages(securityPackages[i].Name);
}
}
secModule.SecurityPackages = securityPackages;
}
finally
{
if (arrayBaseHandle != null)
{
arrayBaseHandle.Dispose();
}
}
}
}
}
if (GlobalLog.IsEnabled)
{
GlobalLog.Leave(nameof(EnumerateSecurityPackages));
}
return(secModule.SecurityPackages);
}
internal static SecurityPackageInfoClass[] EnumerateSecurityPackages(SSPIInterface secModule)
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Enter("EnumerateSecurityPackages");
}
if (secModule.SecurityPackages == null)
{
lock (secModule)
{
if (secModule.SecurityPackages == null)
{
int moduleCount = 0;
SafeFreeContextBuffer arrayBaseHandle = null;
try
{
int errorCode = secModule.EnumerateSecurityPackages(out moduleCount, out arrayBaseHandle);
if (GlobalLog.IsEnabled)
{
GlobalLog.Print("SSPIWrapper::arrayBase: " + (arrayBaseHandle.DangerousGetHandle().ToString("x")));
}
if (errorCode != 0)
{
throw new Win32Exception(errorCode);
}
var securityPackages = new SecurityPackageInfoClass[moduleCount];
int i;
for (i = 0; i < moduleCount; i++)
{
securityPackages[i] = new SecurityPackageInfoClass(arrayBaseHandle, i);
if (SecurityEventSource.Log.IsEnabled())
{
SecurityEventSource.Log.EnumerateSecurityPackages(securityPackages[i].Name);
}
}
secModule.SecurityPackages = securityPackages;
}
finally
{
if (arrayBaseHandle != null)
{
arrayBaseHandle.Dispose();
}
}
}
}
}
if (GlobalLog.IsEnabled)
{
GlobalLog.Leave("EnumerateSecurityPackages");
}
return secModule.SecurityPackages;
}
private void EnumerateSecurityPackages()
{
GlobalLog.Enter("EnumerateSecurityPackages");
if (securityPackages == null)
{
lock (this)
{
if (securityPackages == null)
{
int moduleCount = 0;
SafeFreeContextBuffer arrayBaseHandle = null;
try
{
int errorCode = SafeFreeContextBuffer.EnumeratePackages(out moduleCount, out arrayBaseHandle);
GlobalLog.Print("SSPIWrapper::arrayBase: " + (arrayBaseHandle.DangerousGetHandle().ToString("x")));
if (errorCode != 0)
{
throw new Win32Exception(errorCode);
}
SecurityPackageInfoClass[] securityPackagesList = new SecurityPackageInfoClass[moduleCount];
if (Logging.On)
{
Logging.PrintInfo(Logging.Web, SR.net_log_sspi_enumerating_security_packages);
}
for (int i = 0; i < moduleCount; i++)
{
securityPackagesList[i] = new SecurityPackageInfoClass(arrayBaseHandle, i);
if (Logging.On)
{
Logging.PrintInfo(Logging.Web, " " + securityPackagesList[i].Name);
}
}
securityPackages = securityPackagesList;
}
finally
{
if (arrayBaseHandle != null)
{
arrayBaseHandle.Dispose();
}
}
}
}
}
GlobalLog.Leave("EnumerateSecurityPackages");
}
internal static SecurityPackageInfoClass[] EnumerateSecurityPackages(SSPIInterface secModule)
{
if (NetEventSource.IsEnabled) NetEventSource.Enter(null);
if (secModule.SecurityPackages == null)
{
lock (secModule)
{
if (secModule.SecurityPackages == null)
{
int moduleCount = 0;
SafeFreeContextBuffer arrayBaseHandle = null;
try
{
int errorCode = secModule.EnumerateSecurityPackages(out moduleCount, out arrayBaseHandle);
if (NetEventSource.IsEnabled) NetEventSource.Info(null, $"arrayBase: {arrayBaseHandle}");
if (errorCode != 0)
{
throw new Win32Exception(errorCode);
}
var securityPackages = new SecurityPackageInfoClass[moduleCount];
int i;
for (i = 0; i < moduleCount; i++)
{
securityPackages[i] = new SecurityPackageInfoClass(arrayBaseHandle, i);
if (NetEventSource.IsEnabled) NetEventSource.Log.EnumerateSecurityPackages(securityPackages[i].Name);
}
secModule.SecurityPackages = securityPackages;
}
finally
{
if (arrayBaseHandle != null)
{
arrayBaseHandle.Dispose();
}
}
}
}
}
if (NetEventSource.IsEnabled) NetEventSource.Exit(null);
return secModule.SecurityPackages;
}
internal static SecurityPackageInfoClass[] EnumerateSecurityPackages(SSPIInterface SecModule)
{
GlobalLog.Enter("EnumerateSecurityPackages");
if (SecModule.SecurityPackages == null)
{
lock (SecModule) {
if (SecModule.SecurityPackages == null)
{
int moduleCount = 0;
SafeFreeContextBuffer arrayBaseHandle = null;
try {
int errorCode = SecModule.EnumerateSecurityPackages(out moduleCount, out arrayBaseHandle);
GlobalLog.Print("SSPIWrapper::arrayBase: " + (arrayBaseHandle.DangerousGetHandle().ToString("x")));
if (errorCode != 0)
{
throw new Win32Exception(errorCode);
}
SecurityPackageInfoClass[] securityPackages = new SecurityPackageInfoClass[moduleCount];
if (Logging.On)
{
Logging.PrintInfo(Logging.Web, SR.GetString(SR.net_log_sspi_enumerating_security_packages));
}
int i;
for (i = 0; i < moduleCount; i++)
{
securityPackages[i] = new SecurityPackageInfoClass(arrayBaseHandle, i);
if (Logging.On)
{
Logging.PrintInfo(Logging.Web, " " + securityPackages[i].Name);
}
}
SecModule.SecurityPackages = securityPackages;
}
finally {
if (arrayBaseHandle != null)
{
arrayBaseHandle.Close();
}
}
}
}
}
GlobalLog.Leave("EnumerateSecurityPackages");
return(SecModule.SecurityPackages);
}
internal static SecurityPackageInfoClass[] EnumerateSecurityPackages(SSPIInterface SecModule)
{
if (SecModule.SecurityPackages == null)
{
lock (SecModule)
{
if (SecModule.SecurityPackages == null)
{
int pkgnum = 0;
SafeFreeContextBuffer pkgArray = null;
try
{
int error = SecModule.EnumerateSecurityPackages(out pkgnum, out pkgArray);
if (error != 0)
{
throw new Win32Exception(error);
}
SecurityPackageInfoClass[] classArray = new SecurityPackageInfoClass[pkgnum];
if (Logging.On)
{
Logging.PrintInfo(Logging.Web, SR.GetString("net_log_sspi_enumerating_security_packages"));
}
for (int i = 0; i < pkgnum; i++)
{
classArray[i] = new SecurityPackageInfoClass(pkgArray, i);
if (Logging.On)
{
Logging.PrintInfo(Logging.Web, " " + classArray[i].Name);
}
}
SecModule.SecurityPackages = classArray;
}
finally
{
if (pkgArray != null)
{
pkgArray.Close();
}
}
}
}
}
return(SecModule.SecurityPackages);
}
// private static SecurityPackageInfoClass[] m_SecurityPackages;
private static SecurityPackageInfoClass[] EnumerateSecurityPackages(SSPIInterface SecModule)
{
GlobalLog.Enter("EnumerateSecurityPackages");
int moduleCount = 0;
IntPtr arrayBase = IntPtr.Zero;
int errorCode =
SecModule.EnumerateSecurityPackages(
out moduleCount,
out arrayBase);
GlobalLog.Print("SSPIWrapper::arrayBase: " + ((long)arrayBase).ToString());
if (errorCode != 0)
{
throw new Win32Exception(errorCode);
}
SecurityPackageInfoClass[] securityPackages = new SecurityPackageInfoClass[moduleCount];
int i;
IntPtr unmanagedPointer = arrayBase;
for (i = 0; i < moduleCount; i++)
{
GlobalLog.Print("SSPIWrapper::unmanagedPointer: " + ((long)unmanagedPointer).ToString());
securityPackages[i] = new SecurityPackageInfoClass(SecModule, unmanagedPointer);
unmanagedPointer = IntPtrHelper.Add(unmanagedPointer, SecurityPackageInfo.Size);
}
SecModule.FreeContextBuffer(arrayBase);
GlobalLog.Leave("EnumerateSecurityPackages");
return(securityPackages);
}
public static object QueryContextAttributes(SSPIInterface secModule, SafeDeleteContext securityContext, Interop.SspiCli.ContextAttribute contextAttribute, out int errorCode)
{
if (NetEventSource.IsEnabled) NetEventSource.Enter(null, contextAttribute);
int nativeBlockSize = IntPtr.Size;
Type handleType = null;
switch (contextAttribute)
{
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_SIZES:
nativeBlockSize = SecPkgContext_Sizes.SizeOf;
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_STREAM_SIZES:
nativeBlockSize = SecPkgContext_StreamSizes.SizeOf;
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_NAMES:
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_PACKAGE_INFO:
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_NEGOTIATION_INFO:
handleType = typeof(SafeFreeContextBuffer);
nativeBlockSize = Marshal.SizeOf<SecPkgContext_NegotiationInfoW>();
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_CLIENT_SPECIFIED_TARGET:
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_REMOTE_CERT_CONTEXT:
handleType = typeof(SafeFreeCertContext);
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_LOCAL_CERT_CONTEXT:
handleType = typeof(SafeFreeCertContext);
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_ISSUER_LIST_EX:
nativeBlockSize = Marshal.SizeOf<Interop.SspiCli.SecPkgContext_IssuerListInfoEx>();
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_CONNECTION_INFO:
nativeBlockSize = Marshal.SizeOf<SecPkgContext_ConnectionInfo>();
break;
default:
throw new ArgumentException(SR.Format(SR.net_invalid_enum, nameof(contextAttribute)), nameof(contextAttribute));
}
SafeHandle sspiHandle = null;
object attribute = null;
try
{
var nativeBuffer = new byte[nativeBlockSize];
errorCode = secModule.QueryContextAttributes(securityContext, contextAttribute, nativeBuffer, handleType, out sspiHandle);
if (errorCode != 0)
{
if (NetEventSource.IsEnabled) NetEventSource.Exit(null, $"ERROR = {ErrorDescription(errorCode)}");
return null;
}
switch (contextAttribute)
{
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_SIZES:
attribute = new SecPkgContext_Sizes(nativeBuffer);
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_STREAM_SIZES:
attribute = new SecPkgContext_StreamSizes(nativeBuffer);
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_NAMES:
attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle());
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_PACKAGE_INFO:
attribute = new SecurityPackageInfoClass(sspiHandle, 0);
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_NEGOTIATION_INFO:
unsafe
{
fixed (void* ptr = nativeBuffer)
{
attribute = new NegotiationInfoClass(sspiHandle, Marshal.ReadInt32(new IntPtr(ptr), SecPkgContext_NegotiationInfoW.NegotiationStateOffest));
}
}
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_CLIENT_SPECIFIED_TARGET:
attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle());
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_LOCAL_CERT_CONTEXT:
// Fall-through to RemoteCertificate is intentional.
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_REMOTE_CERT_CONTEXT:
attribute = sspiHandle;
sspiHandle = null;
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_ISSUER_LIST_EX:
attribute = new Interop.SspiCli.SecPkgContext_IssuerListInfoEx(sspiHandle, nativeBuffer);
sspiHandle = null;
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_CONNECTION_INFO:
attribute = new SecPkgContext_ConnectionInfo(nativeBuffer);
break;
default:
// Will return null.
break;
}
}
finally
{
if (sspiHandle != null)
{
sspiHandle.Dispose();
}
}
if (NetEventSource.IsEnabled) NetEventSource.Exit(null, attribute);
return attribute;
}
public static object QueryContextAttributes(SSPIInterface secModule, SafeDeleteContext securityContext, Interop.SspiCli.ContextAttribute contextAttribute, out int errorCode)
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Enter(nameof(QueryContextAttributes), contextAttribute.ToString());
}
int nativeBlockSize = IntPtr.Size;
Type handleType = null;
switch (contextAttribute)
{
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_SIZES:
nativeBlockSize = SecPkgContext_Sizes.SizeOf;
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_STREAM_SIZES:
nativeBlockSize = SecPkgContext_StreamSizes.SizeOf;
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_NAMES:
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_PACKAGE_INFO:
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_NEGOTIATION_INFO:
handleType = typeof(SafeFreeContextBuffer);
nativeBlockSize = Marshal.SizeOf <SecPkgContext_NegotiationInfoW>();
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_CLIENT_SPECIFIED_TARGET:
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_REMOTE_CERT_CONTEXT:
handleType = typeof(SafeFreeCertContext);
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_LOCAL_CERT_CONTEXT:
handleType = typeof(SafeFreeCertContext);
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_ISSUER_LIST_EX:
nativeBlockSize = Marshal.SizeOf <Interop.SspiCli.SecPkgContext_IssuerListInfoEx>();
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_CONNECTION_INFO:
nativeBlockSize = Marshal.SizeOf <SecPkgContext_ConnectionInfo>();
break;
default:
throw new ArgumentException(SR.Format(SR.net_invalid_enum, nameof(contextAttribute)), nameof(contextAttribute));
}
SafeHandle sspiHandle = null;
object attribute = null;
try
{
var nativeBuffer = new byte[nativeBlockSize];
errorCode = secModule.QueryContextAttributes(securityContext, contextAttribute, nativeBuffer, handleType, out sspiHandle);
if (errorCode != 0)
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Leave("Win32:QueryContextAttributes", "ERROR = " + ErrorDescription(errorCode));
}
return(null);
}
switch (contextAttribute)
{
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_SIZES:
attribute = new SecPkgContext_Sizes(nativeBuffer);
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_STREAM_SIZES:
attribute = new SecPkgContext_StreamSizes(nativeBuffer);
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_NAMES:
attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle());
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_PACKAGE_INFO:
attribute = new SecurityPackageInfoClass(sspiHandle, 0);
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_NEGOTIATION_INFO:
unsafe
{
fixed(void *ptr = nativeBuffer)
{
attribute = new NegotiationInfoClass(sspiHandle, Marshal.ReadInt32(new IntPtr(ptr), SecPkgContext_NegotiationInfoW.NegotiationStateOffest));
}
}
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_CLIENT_SPECIFIED_TARGET:
attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle());
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_LOCAL_CERT_CONTEXT:
// Fall-through to RemoteCertificate is intentional.
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_REMOTE_CERT_CONTEXT:
attribute = sspiHandle;
sspiHandle = null;
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_ISSUER_LIST_EX:
attribute = new Interop.SspiCli.SecPkgContext_IssuerListInfoEx(sspiHandle, nativeBuffer);
sspiHandle = null;
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_CONNECTION_INFO:
attribute = new SecPkgContext_ConnectionInfo(nativeBuffer);
break;
default:
// Will return null.
break;
}
}
finally
{
if (sspiHandle != null)
{
sspiHandle.Dispose();
}
}
if (GlobalLog.IsEnabled)
{
GlobalLog.Leave(nameof(QueryContextAttributes), LoggingHash.ObjectToString(attribute));
}
return(attribute);
}
public static object QueryContextAttributes(SSPIInterface secModule, SafeDeleteContext securityContext, Interop.SspiCli.ContextAttribute contextAttribute, out int errorCode)
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Enter(nameof(QueryContextAttributes), contextAttribute.ToString());
}
int nativeBlockSize = IntPtr.Size;
Type handleType = null;
switch (contextAttribute)
{
case Interop.SspiCli.ContextAttribute.Sizes:
nativeBlockSize = SecSizes.SizeOf;
break;
case Interop.SspiCli.ContextAttribute.StreamSizes:
nativeBlockSize = StreamSizes.SizeOf;
break;
case Interop.SspiCli.ContextAttribute.Names:
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.SspiCli.ContextAttribute.PackageInfo:
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.SspiCli.ContextAttribute.NegotiationInfo:
handleType = typeof(SafeFreeContextBuffer);
nativeBlockSize = Marshal.SizeOf <NegotiationInfo>();
break;
case Interop.SspiCli.ContextAttribute.ClientSpecifiedSpn:
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.SspiCli.ContextAttribute.RemoteCertificate:
handleType = typeof(SafeFreeCertContext);
break;
case Interop.SspiCli.ContextAttribute.LocalCertificate:
handleType = typeof(SafeFreeCertContext);
break;
case Interop.SspiCli.ContextAttribute.IssuerListInfoEx:
nativeBlockSize = Marshal.SizeOf <Interop.SspiCli.IssuerListInfoEx>();
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.SspiCli.ContextAttribute.ConnectionInfo:
nativeBlockSize = Marshal.SizeOf <SslConnectionInfo>();
break;
default:
throw new ArgumentException(SR.Format(SR.net_invalid_enum, nameof(contextAttribute)), nameof(contextAttribute));
}
SafeHandle sspiHandle = null;
object attribute = null;
try
{
var nativeBuffer = new byte[nativeBlockSize];
errorCode = secModule.QueryContextAttributes(securityContext, contextAttribute, nativeBuffer, handleType, out sspiHandle);
if (errorCode != 0)
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Leave("Win32:QueryContextAttributes", "ERROR = " + ErrorDescription(errorCode));
}
return(null);
}
switch (contextAttribute)
{
case Interop.SspiCli.ContextAttribute.Sizes:
attribute = new SecSizes(nativeBuffer);
break;
case Interop.SspiCli.ContextAttribute.StreamSizes:
attribute = new StreamSizes(nativeBuffer);
break;
case Interop.SspiCli.ContextAttribute.Names:
attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle());
break;
case Interop.SspiCli.ContextAttribute.PackageInfo:
attribute = new SecurityPackageInfoClass(sspiHandle, 0);
break;
case Interop.SspiCli.ContextAttribute.NegotiationInfo:
unsafe
{
fixed(void *ptr = nativeBuffer)
{
attribute = new NegotiationInfoClass(sspiHandle, Marshal.ReadInt32(new IntPtr(ptr), NegotiationInfo.NegotiationStateOffest));
}
}
break;
case Interop.SspiCli.ContextAttribute.ClientSpecifiedSpn:
attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle());
break;
case Interop.SspiCli.ContextAttribute.LocalCertificate:
// Fall-through to RemoteCertificate is intentional.
case Interop.SspiCli.ContextAttribute.RemoteCertificate:
attribute = sspiHandle;
sspiHandle = null;
break;
case Interop.SspiCli.ContextAttribute.IssuerListInfoEx:
attribute = new Interop.SspiCli.IssuerListInfoEx(sspiHandle, nativeBuffer);
sspiHandle = null;
break;
case Interop.SspiCli.ContextAttribute.ConnectionInfo:
attribute = new SslConnectionInfo(nativeBuffer);
break;
default:
// Will return null.
break;
}
}
finally
{
if (sspiHandle != null)
{
sspiHandle.Dispose();
}
}
if (GlobalLog.IsEnabled)
{
GlobalLog.Leave(nameof(QueryContextAttributes), LoggingHash.ObjectToString(attribute));
}
return(attribute);
}
public static object QueryContextAttributes(
SSPIInterface SecModule,
SecurityContext securityContext,
ContextAttribute contextAttribute)
{
GlobalLog.Enter("QueryContextAttributes#2");
int nativeBlockSize;
switch (contextAttribute)
{
case ContextAttribute.StreamSizes:
nativeBlockSize = 20;
break;
case ContextAttribute.Names:
nativeBlockSize = IntPtr.Size;
break;
case ContextAttribute.PackageInfo:
nativeBlockSize = IntPtr.Size;
break;
case ContextAttribute.RemoteCertificate:
nativeBlockSize = IntPtr.Size;
break;
case ContextAttribute.LocalCertificate:
nativeBlockSize = IntPtr.Size;
break;
case ContextAttribute.IssuerListInfoEx:
nativeBlockSize = Marshal.SizeOf(typeof(IssuerListInfoEx));
break;
default:
nativeBlockSize = IntPtr.Size;
GlobalLog.Assert(false,
"contextAttribute unexpected value", "");
break;
}
IntPtr nativeBlock = Marshal.AllocHGlobal((IntPtr)nativeBlockSize);
int errorCode =
SecModule.QueryContextAttributes(
ref securityContext.Handle,
(int)contextAttribute,
nativeBlock);
object attribute = null;
if (errorCode == 0)
{
switch (contextAttribute)
{
case ContextAttribute.StreamSizes:
attribute = new StreamSizes(nativeBlock);
break;
case ContextAttribute.Names:
IntPtr unmanagedString = Marshal.ReadIntPtr(nativeBlock);
if (ComNetOS.IsWin9x)
{
attribute = Marshal.PtrToStringAnsi(unmanagedString);
}
else
{
attribute = Marshal.PtrToStringUni(unmanagedString);
}
//SecModule.FreeContextBuffer(unmanagedString);
break;
case ContextAttribute.PackageInfo:
IntPtr unmanagedBlock = Marshal.ReadIntPtr(nativeBlock);
attribute = new SecurityPackageInfoClass(SecModule, unmanagedBlock);
//SecModule.FreeContextBuffer(unmanagedBlock);
break;
case ContextAttribute.LocalCertificate:
goto case ContextAttribute.RemoteCertificate;
case ContextAttribute.RemoteCertificate:
IntPtr contextHandle = Marshal.ReadIntPtr(nativeBlock);
if (contextHandle == ((IntPtr)0))
{
Debug.Assert(false,
"contextHandle == 0",
"QueryContextAttributes: marshalled certificate context is null on success"
);
}
else
{
attribute = new CertificateContextHandle(contextHandle);
}
break;
case ContextAttribute.IssuerListInfoEx:
IssuerListInfoEx issuerList = new IssuerListInfoEx();
issuerList.issuerArray = Marshal.ReadIntPtr(nativeBlock, 0);
issuerList.issuerCount = Marshal.ReadInt32(nativeBlock, 4);
attribute = issuerList;
break;
default:
// will return null
break;
}
}
else
{
//Win32Exception win32Exception = new Win32Exception(errorCode);
//Console.WriteLine(win32Exception.Message);
}
Marshal.FreeHGlobal(nativeBlock);
GlobalLog.Leave("QueryContextAttributes#2");
return(attribute);
}
//
// for Digest, the server will send us the blob immediately, so we need to make sure we
// call InitializeSecurityContext() a first time with a null input buffer, otherwise
// the next call will fail. do so here:
// WDigest.dll requires us to pass in 3 security buffers here
// 1) BufferType: SECBUFFER_TOKEN, Content: server's challenge (incoming)
// 2) BufferType: SECBUFFER_PKG_PARAMS, Content: request's HTTP Method
// 3) BufferType: SECBUFFER_PKG_PARAMS, Content: the HEntity (this would be the MD5 footprint of the request entity
// body, we can pass in NULL as this is not required)
//
public string GetOutgoingDigestBlob(string incomingBlob, string requestMethod, out bool handshakeComplete)
{
GlobalLog.Enter("NTAuthentication::GetOutgoingDigestBlob", incomingBlob);
//
// first time call with null incoming buffer to initialize.
// we should get back a 0x90312 and a null outgoingBlob.
//
byte[] decodedOutgoingBlob = GetOutgoingBlob(null, out handshakeComplete);
GlobalLog.Assert(!handshakeComplete, "NTAuthentication::GetOutgoingDigestBlob() handshakeComplete==true", "");
GlobalLog.Assert(decodedOutgoingBlob == null, "NTAuthentication::GetOutgoingDigestBlob() decodedOutgoingBlob!=null", "");
//
// second time call with 3 incoming buffers to select HTTP client.
// we should get back a SecurityStatus.OK and a non null outgoingBlob.
//
byte[] decodedIncomingBlob = Encoding.Default.GetBytes(incomingBlob);
byte[] decodedRequestMethod = Encoding.Default.GetBytes(requestMethod);
int requestedFlags =
(int)ContextFlags.Delegate |
(int)ContextFlags.MutualAuth |
(int)ContextFlags.ReplayDetect |
(int)ContextFlags.SequenceDetect |
// (int)ContextFlags.Confidentiality | // this would only work if the server provided a qop="auth-conf" directive
// (int)ContextFlags.ClientIntegrity | // this would only work if the server provided a qop="auth-int" directive
(int)ContextFlags.Connection;
SecurityBufferClass[] inSecurityBuffers = new SecurityBufferClass[] {
new SecurityBufferClass(decodedIncomingBlob, BufferType.Token),
new SecurityBufferClass(decodedRequestMethod, BufferType.Parameters),
new SecurityBufferClass(null, BufferType.Parameters),
};
SecurityBufferClass[] outSecurityBuffers = new SecurityBufferClass[] {
new SecurityBufferClass(m_TokenSize, BufferType.Token),
};
SecurityContext newSecurityContext = new SecurityContext(GlobalSSPI.SSPIAuth);
//
// this call is still returning an error. fix together with Kevin Damour
//
int status =
SSPIWrapper.InitializeSecurityContext(
GlobalSSPI.SSPIAuth,
m_CredentialsHandle.Handle,
m_SecurityContext.Handle,
m_RemotePeerId, // this must match the Uri in the HTTP status line for the current request
requestedFlags,
m_Endianness,
inSecurityBuffers,
ref newSecurityContext.Handle,
outSecurityBuffers,
ref m_ContextFlags,
ref newSecurityContext.TimeStamp);
GlobalLog.Print("NTAuthentication::GetOutgoingDigestBlob() SSPIWrapper.InitializeSecurityContext() returns 0x" + string.Format("{0:x}", status));
int errorCode = status & unchecked ((int)0x80000000);
if (errorCode != 0)
{
throw new Win32Exception(status);
}
//
// the return value from SSPI will tell us correctly if the
// handshake is over or not: http://msdn.microsoft.com/library/psdk/secspi/sspiref_67p0.htm
// we also have to consider the case in which SSPI formed a new context, in this case we're done as well.
//
IsCompleted = (status == (int)SecurityStatus.OK) || (m_SecurityContext.Handle != -1 && m_SecurityContext.Handle != newSecurityContext.Handle);
if (IsCompleted)
{
// ... if we're done, clean the handle up or the call to UpdateHandle() might leak it.
SSPIWrapper.DeleteSecurityContext(m_SecurityContext.m_SecModule, m_SecurityContext.Handle);
}
handshakeComplete = IsCompleted;
m_Authenticated = m_SecurityContext.Handle != -1;
m_SecurityContext.UpdateHandle(newSecurityContext);
#if TRAVE
if (handshakeComplete)
{
//
// Kevin Damour says:
// You should not query the securitycontext until you have actually formed one (
// with a success return form ISC). It is only a partially formed context and
// no info is available to user applications (at least for digest).
//
SecurityPackageInfoClass securityPackageInfo = (SecurityPackageInfoClass)SSPIWrapper.QueryContextAttributes(GlobalSSPI.SSPIAuth, m_SecurityContext, ContextAttribute.PackageInfo);
GlobalLog.Print("SecurityPackageInfoClass: using:[" + ((securityPackageInfo == null)?"null":securityPackageInfo.ToString()) + "]");
}
#endif // #if TRAVE
GlobalLog.Assert(outSecurityBuffers.Length == 1, "NTAuthentication::GetOutgoingDigestBlob() outSecurityBuffers.Length==" + outSecurityBuffers.Length.ToString(), "");
GlobalLog.Print("out token = " + m_TokenSize.ToString() + " size = " + outSecurityBuffers[0].size.ToString());
GlobalLog.Dump(outSecurityBuffers[0].token);
GlobalLog.Print("NTAuthentication::GetOutgoingDigestBlob() handshakeComplete:" + handshakeComplete.ToString());
decodedOutgoingBlob = outSecurityBuffers[0].token;
string outgoingBlob = null;
if (decodedOutgoingBlob != null && decodedOutgoingBlob.Length > 0)
{
// CONSIDER V.NEXT
// review Encoding.Default.GetString usage here because it might
// end up creating non ANSI characters in the string
outgoingBlob = Encoding.Default.GetString(decodedOutgoingBlob, 0, outSecurityBuffers[0].size);
}
GlobalLog.Leave("NTAuthentication::GetOutgoingDigestBlob", outgoingBlob);
return(outgoingBlob);
}
//
// NTAuth::GetOutgoingBlob()
// Created: 12-01-1999: L.M.
// Description:
// Accepts an incoming binary security blob and returns
// an outgoing binary security blob
//
private byte[] GetOutgoingBlob(byte[] incomingBlob, out bool handshakeComplete)
{
GlobalLog.Enter("NTAuthentication::GetOutgoingBlob", ((incomingBlob == null) ? "0" : incomingBlob.Length.ToString()) + " bytes");
// default to true in case of failure
handshakeComplete = true;
if (m_SecurityContext.Handle != -1 && incomingBlob == null)
{
// we tried auth previously, now we got a null blob, we're done. this happens
// with Kerberos & valid credentials on the domain but no ACLs on the resource
// the handle for m_SecurityContext will be collected at GC time.
GlobalLog.Print("NTAuthentication#" + ValidationHelper.HashString(this) + "::GetOutgoingBlob() null blob AND m_SecurityContext#" + ValidationHelper.HashString(m_SecurityContext) + "::Handle:[0x" + m_SecurityContext.Handle.ToString("x8") + "]");
m_SecurityContext.Close();
IsCompleted = true;
return(null);
}
int requestedFlags =
(int)ContextFlags.Delegate |
(int)ContextFlags.MutualAuth |
(int)ContextFlags.ReplayDetect |
(int)ContextFlags.SequenceDetect |
(int)ContextFlags.Confidentiality |
(int)ContextFlags.Connection;
SecurityBufferClass inSecurityBuffer = null;
if (incomingBlob != null)
{
GlobalLog.Print("in blob = ");
GlobalLog.Dump(incomingBlob);
inSecurityBuffer = new SecurityBufferClass(incomingBlob, BufferType.Token);
}
SecurityBufferClass outSecurityBuffer = new SecurityBufferClass(m_TokenSize, BufferType.Token);
int status;
#if SERVER_SIDE_SSPI
if (m_SecureSessionType == SecureSessionType.ClientSession)
{
#endif
//
// client session
//
requestedFlags |= (int)ContextFlags.ClientIntegrity;
status = SSPIWrapper.InitializeSecurityContext(
GlobalSSPI.SSPIAuth,
m_CredentialsHandle.Handle,
m_SecurityContext.Handle,
m_RemotePeerId,
requestedFlags,
m_Endianness,
inSecurityBuffer,
ref m_SecurityContext.Handle,
outSecurityBuffer,
ref m_ContextFlags,
ref m_SecurityContext.TimeStamp
);
GlobalLog.Print("SSPIWrapper.InitializeSecurityContext() returns 0x" + string.Format("{0:x}", status));
#if SERVER_SIDE_SSPI
}
else
{
//
// server session
//
requestedFlags |= (int)ContextFlags.ServerIntegrity;
status = SSPIWrapper.AcceptSecurityContext(
GlobalSSPI.SSPIAuth,
m_CredentialsHandle.Handle,
m_SecurityContext.Handle,
requestedFlags,
m_Endianness,
inSecurityBuffer,
ref m_SecurityContext.Handle,
outSecurityBuffer,
out m_ContextFlags,
out m_SecurityContext.TimeStamp
);
GlobalLog.Print("SSPIWrapper.AcceptSecurityContext() returns 0x" + string.Format("{0:x}", status));
}
#endif // SERVER_SIDE_SSPI
int errorCode = status & unchecked ((int)0x80000000);
if (errorCode != 0)
{
throw new Win32Exception(status);
}
//
// the return value from SSPI will tell us correctly if the
// handshake is over or not: http://msdn.microsoft.com/library/psdk/secspi/sspiref_67p0.htm
// we also have to consider the case in which SSPI formed a new context, in this case we're done as well.
//
if (status != (int)SecurityStatus.OK && m_SecurityContext.Handle != -1)
{
// we need to continue
GlobalLog.Print("NTAuthentication#" + ValidationHelper.HashString(this) + "::GetOutgoingBlob() need continue status:[0x" + status.ToString("x8") + "] m_SecurityContext#" + ValidationHelper.HashString(m_SecurityContext) + "::Handle:[0x" + m_SecurityContext.Handle.ToString("x8") + "]");
handshakeComplete = false;
}
else
{
// we're done, cleanup
GlobalLog.Assert(status == (int)SecurityStatus.OK, "NTAuthentication#" + ValidationHelper.HashString(this) + "::GetOutgoingBlob() status:[0x" + status.ToString("x8") + "] m_SecurityContext#" + ValidationHelper.HashString(m_SecurityContext) + "::Handle:[0x" + m_SecurityContext.Handle.ToString("x8") + "]", "[STATUS != OK]");
m_SecurityContext.Close();
IsCompleted = true;
}
#if TRAVE
if (handshakeComplete)
{
//
// Kevin Damour says:
// You should not query the securitycontext until you have actually formed one (
// with a success return form ISC). It is only a partially formed context and
// no info is available to user applications (at least for digest).
//
SecurityPackageInfoClass securityPackageInfo = (SecurityPackageInfoClass)SSPIWrapper.QueryContextAttributes(GlobalSSPI.SSPIAuth, m_SecurityContext, ContextAttribute.PackageInfo);
GlobalLog.Print("SecurityPackageInfoClass: using:[" + ((securityPackageInfo == null)?"null":securityPackageInfo.ToString()) + "]");
}
#endif // #if TRAVE
GlobalLog.Print("out token = " + m_TokenSize.ToString());
GlobalLog.Dump(outSecurityBuffer.token);
GlobalLog.Leave("NTAuthentication::GetOutgoingBlob", "handshakeComplete:" + handshakeComplete.ToString());
return(outSecurityBuffer.token);
}
private object QueryContextAttributes(SafeDeleteContext securityContext, Interop.Secur32.ContextAttribute contextAttribute, out int errorCode)
{
GlobalLog.Enter("QueryContextAttributes", contextAttribute.ToString());
int nativeBlockSize = IntPtr.Size;
Type handleType = null;
switch (contextAttribute)
{
case Interop.Secur32.ContextAttribute.Sizes:
nativeBlockSize = SecSizes.SizeOf;
break;
case Interop.Secur32.ContextAttribute.StreamSizes:
nativeBlockSize = StreamSizes.SizeOf;
break;
case Interop.Secur32.ContextAttribute.Names:
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.Secur32.ContextAttribute.PackageInfo:
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.Secur32.ContextAttribute.NegotiationInfo:
handleType = typeof(SafeFreeContextBuffer);
nativeBlockSize = Marshal.SizeOf <NegotiationInfo>();
break;
case Interop.Secur32.ContextAttribute.ClientSpecifiedSpn:
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.Secur32.ContextAttribute.RemoteCertificate:
handleType = typeof(SafeFreeCertContext);
break;
case Interop.Secur32.ContextAttribute.LocalCertificate:
handleType = typeof(SafeFreeCertContext);
break;
case Interop.Secur32.ContextAttribute.IssuerListInfoEx:
nativeBlockSize = Marshal.SizeOf <Interop.Secur32.IssuerListInfoEx>();
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.Secur32.ContextAttribute.ConnectionInfo:
nativeBlockSize = Marshal.SizeOf <SslConnectionInfo>();
break;
default:
throw new ArgumentException(SR.Format(SR.net_invalid_enum, "ContextAttribute"), "contextAttribute");
}
SafeHandle SspiHandle = null;
object attribute = null;
try
{
byte[] nativeBuffer = new byte[nativeBlockSize];
errorCode = QueryContextAttributes(securityContext, contextAttribute, nativeBuffer, handleType, out SspiHandle);
if (errorCode != 0)
{
GlobalLog.Leave("Win32:QueryContextAttributes", "ERROR = " + ErrorDescription(errorCode));
return(null);
}
switch (contextAttribute)
{
case Interop.Secur32.ContextAttribute.Sizes:
attribute = new SecSizes(nativeBuffer);
break;
case Interop.Secur32.ContextAttribute.StreamSizes:
attribute = new StreamSizes(nativeBuffer);
break;
case Interop.Secur32.ContextAttribute.Names:
attribute = Marshal.PtrToStringUni(SspiHandle.DangerousGetHandle());
break;
case Interop.Secur32.ContextAttribute.PackageInfo:
attribute = new SecurityPackageInfoClass(SspiHandle, 0);
break;
case Interop.Secur32.ContextAttribute.NegotiationInfo:
unsafe
{
fixed(void *ptr = nativeBuffer)
{
attribute = new NegotiationInfoClass(SspiHandle, Marshal.ReadInt32(new IntPtr(ptr), NegotiationInfo.NegotiationStateOffest));
}
}
break;
case Interop.Secur32.ContextAttribute.ClientSpecifiedSpn:
attribute = Marshal.PtrToStringUni(SspiHandle.DangerousGetHandle());
break;
case Interop.Secur32.ContextAttribute.LocalCertificate:
goto case Interop.Secur32.ContextAttribute.RemoteCertificate;
case Interop.Secur32.ContextAttribute.RemoteCertificate:
attribute = SspiHandle;
SspiHandle = null;
break;
case Interop.Secur32.ContextAttribute.IssuerListInfoEx:
attribute = new Interop.Secur32.IssuerListInfoEx(SspiHandle, nativeBuffer);
SspiHandle = null;
break;
case Interop.Secur32.ContextAttribute.ConnectionInfo:
attribute = new SslConnectionInfo(nativeBuffer);
break;
default:
// Will return null.
break;
}
}
finally
{
if (SspiHandle != null)
{
SspiHandle.Dispose();
}
}
GlobalLog.Leave("QueryContextAttributes", Logging.ObjectToString(attribute));
return(attribute);
}
public static object QueryContextAttributes(SSPIInterface secModule, SafeDeleteContext securityContext, Interop.Secur32.ContextAttribute contextAttribute, out int errorCode)
{
GlobalLog.Enter("QueryContextAttributes", contextAttribute.ToString());
int nativeBlockSize = IntPtr.Size;
Type handleType = null;
switch (contextAttribute)
{
case Interop.Secur32.ContextAttribute.Sizes:
nativeBlockSize = SecSizes.SizeOf;
break;
case Interop.Secur32.ContextAttribute.StreamSizes:
nativeBlockSize = StreamSizes.SizeOf;
break;
case Interop.Secur32.ContextAttribute.Names:
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.Secur32.ContextAttribute.PackageInfo:
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.Secur32.ContextAttribute.NegotiationInfo:
handleType = typeof(SafeFreeContextBuffer);
nativeBlockSize = Marshal.SizeOf<NegotiationInfo>();
break;
case Interop.Secur32.ContextAttribute.ClientSpecifiedSpn:
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.Secur32.ContextAttribute.RemoteCertificate:
handleType = typeof(SafeFreeCertContext);
break;
case Interop.Secur32.ContextAttribute.LocalCertificate:
handleType = typeof(SafeFreeCertContext);
break;
case Interop.Secur32.ContextAttribute.IssuerListInfoEx:
nativeBlockSize = Marshal.SizeOf<Interop.Secur32.IssuerListInfoEx>();
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.Secur32.ContextAttribute.ConnectionInfo:
nativeBlockSize = Marshal.SizeOf<SslConnectionInfo>();
break;
default:
throw new ArgumentException(SR.Format(SR.net_invalid_enum, "ContextAttribute"), "contextAttribute");
}
SafeHandle sspiHandle = null;
object attribute = null;
try
{
byte[] nativeBuffer = new byte[nativeBlockSize];
errorCode = secModule.QueryContextAttributes(securityContext, contextAttribute, nativeBuffer, handleType, out sspiHandle);
if (errorCode != 0)
{
GlobalLog.Leave("Win32:QueryContextAttributes", "ERROR = " + ErrorDescription(errorCode));
return null;
}
switch (contextAttribute)
{
case Interop.Secur32.ContextAttribute.Sizes:
attribute = new SecSizes(nativeBuffer);
break;
case Interop.Secur32.ContextAttribute.StreamSizes:
attribute = new StreamSizes(nativeBuffer);
break;
case Interop.Secur32.ContextAttribute.Names:
attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle());
break;
case Interop.Secur32.ContextAttribute.PackageInfo:
attribute = new SecurityPackageInfoClass(sspiHandle, 0);
break;
case Interop.Secur32.ContextAttribute.NegotiationInfo:
unsafe
{
fixed (void* ptr = nativeBuffer)
{
attribute = new NegotiationInfoClass(sspiHandle, Marshal.ReadInt32(new IntPtr(ptr), NegotiationInfo.NegotiationStateOffest));
}
}
break;
case Interop.Secur32.ContextAttribute.ClientSpecifiedSpn:
attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle());
break;
case Interop.Secur32.ContextAttribute.LocalCertificate:
// Fall-through to RemoteCertificate is intentional.
case Interop.Secur32.ContextAttribute.RemoteCertificate:
attribute = sspiHandle;
sspiHandle = null;
break;
case Interop.Secur32.ContextAttribute.IssuerListInfoEx:
attribute = new Interop.Secur32.IssuerListInfoEx(sspiHandle, nativeBuffer);
sspiHandle = null;
break;
case Interop.Secur32.ContextAttribute.ConnectionInfo:
attribute = new SslConnectionInfo(nativeBuffer);
break;
default:
// Will return null.
break;
}
}
finally
{
if (sspiHandle != null)
{
sspiHandle.Dispose();
}
}
GlobalLog.Leave("QueryContextAttributes", LoggingHash.ObjectToString(attribute));
return attribute;
}
private void EnumerateSecurityPackages()
{
GlobalLog.Enter("EnumerateSecurityPackages");
if (s_securityPackages == null)
{
lock (this)
{
if (s_securityPackages == null)
{
int moduleCount = 0;
SafeFreeContextBuffer arrayBaseHandle = null;
try
{
int errorCode = SafeFreeContextBuffer.EnumeratePackages(out moduleCount, out arrayBaseHandle);
GlobalLog.Print("SSPIWrapper::arrayBase: " + (arrayBaseHandle.DangerousGetHandle().ToString("x")));
if (errorCode != 0)
{
throw new Win32Exception(errorCode);
}
SecurityPackageInfoClass[] securityPackagesList = new SecurityPackageInfoClass[moduleCount];
if (Logging.On)
{
Logging.PrintInfo(Logging.Web, SR.net_log_sspi_enumerating_security_packages);
}
for (int i = 0; i < moduleCount; i++)
{
securityPackagesList[i] = new SecurityPackageInfoClass(arrayBaseHandle, i);
if (Logging.On)
{
Logging.PrintInfo(Logging.Web, " " + securityPackagesList[i].Name);
}
}
s_securityPackages = securityPackagesList;
}
finally
{
if (arrayBaseHandle != null)
{
arrayBaseHandle.Dispose();
}
}
}
}
}
GlobalLog.Leave("EnumerateSecurityPackages");
}
public static object QueryContextAttributes(SSPIInterface secModule, SafeDeleteContext securityContext, Interop.SspiCli.ContextAttribute contextAttribute, out int errorCode)
{
if (NetEventSource.IsEnabled)
{
NetEventSource.Enter(null, contextAttribute);
}
int nativeBlockSize = IntPtr.Size;
Type handleType = null;
switch (contextAttribute)
{
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_SIZES:
nativeBlockSize = SecPkgContext_Sizes.SizeOf;
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_STREAM_SIZES:
nativeBlockSize = SecPkgContext_StreamSizes.SizeOf;
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_NAMES:
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_PACKAGE_INFO:
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_NEGOTIATION_INFO:
handleType = typeof(SafeFreeContextBuffer);
unsafe
{
nativeBlockSize = sizeof(SecPkgContext_NegotiationInfoW);
}
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_CLIENT_SPECIFIED_TARGET:
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_REMOTE_CERT_CONTEXT:
handleType = typeof(SafeFreeCertContext);
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_LOCAL_CERT_CONTEXT:
handleType = typeof(SafeFreeCertContext);
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_ISSUER_LIST_EX:
nativeBlockSize = Marshal.SizeOf <Interop.SspiCli.SecPkgContext_IssuerListInfoEx>();
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_CONNECTION_INFO:
nativeBlockSize = Marshal.SizeOf <SecPkgContext_ConnectionInfo>();
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_APPLICATION_PROTOCOL:
nativeBlockSize = Marshal.SizeOf <Interop.SecPkgContext_ApplicationProtocol>();
break;
default:
throw new ArgumentException(System.StringsHelper.Format(Strings.net_invalid_enum, nameof(contextAttribute)), nameof(contextAttribute));
}
SafeHandle sspiHandle = null;
object attribute = null;
try
{
var nativeBuffer = new byte[nativeBlockSize];
errorCode = secModule.QueryContextAttributes(securityContext, contextAttribute, nativeBuffer, handleType, out sspiHandle);
if (errorCode != 0)
{
if (NetEventSource.IsEnabled)
{
NetEventSource.Exit(null, $"ERROR = {ErrorDescription(errorCode)}");
}
return(null);
}
switch (contextAttribute)
{
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_SIZES:
attribute = new SecPkgContext_Sizes(nativeBuffer);
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_STREAM_SIZES:
attribute = new SecPkgContext_StreamSizes(nativeBuffer);
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_NAMES:
attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle());
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_PACKAGE_INFO:
attribute = new SecurityPackageInfoClass(sspiHandle, 0);
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_NEGOTIATION_INFO:
unsafe
{
fixed(void *ptr = &nativeBuffer[0])
{
attribute = new NegotiationInfoClass(sspiHandle, (int)((SecPkgContext_NegotiationInfoW *)ptr)->NegotiationState);
}
}
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_CLIENT_SPECIFIED_TARGET:
attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle());
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_LOCAL_CERT_CONTEXT:
// Fall-through to RemoteCertificate is intentional.
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_REMOTE_CERT_CONTEXT:
attribute = sspiHandle;
sspiHandle = null;
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_ISSUER_LIST_EX:
attribute = new Interop.SspiCli.SecPkgContext_IssuerListInfoEx(sspiHandle, nativeBuffer);
sspiHandle = null;
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_CONNECTION_INFO:
attribute = new SecPkgContext_ConnectionInfo(nativeBuffer);
break;
case Interop.SspiCli.ContextAttribute.SECPKG_ATTR_APPLICATION_PROTOCOL:
unsafe
{
fixed(void *ptr = nativeBuffer)
{
attribute = Marshal.PtrToStructure <Interop.SecPkgContext_ApplicationProtocol>(new IntPtr(ptr));
}
}
break;
default:
// Will return null.
break;
}
}
finally
{
if (sspiHandle != null)
{
sspiHandle.Dispose();
}
}
if (NetEventSource.IsEnabled)
{
NetEventSource.Exit(null, attribute);
}
return(attribute);
}
internal static SecurityPackageInfoClass[] EnumerateSecurityPackages(SSPIInterface SecModule)
{
if (SecModule.SecurityPackages == null)
{
lock (SecModule)
{
if (SecModule.SecurityPackages == null)
{
int pkgnum = 0;
SafeFreeContextBuffer pkgArray = null;
try
{
int error = SecModule.EnumerateSecurityPackages(out pkgnum, out pkgArray);
if (error != 0)
{
throw new Win32Exception(error);
}
SecurityPackageInfoClass[] classArray = new SecurityPackageInfoClass[pkgnum];
if (Logging.On)
{
Logging.PrintInfo(Logging.Web, SR.GetString("net_log_sspi_enumerating_security_packages"));
}
for (int i = 0; i < pkgnum; i++)
{
classArray[i] = new SecurityPackageInfoClass(pkgArray, i);
if (Logging.On)
{
Logging.PrintInfo(Logging.Web, " " + classArray[i].Name);
}
}
SecModule.SecurityPackages = classArray;
}
finally
{
if (pkgArray != null)
{
pkgArray.Close();
}
}
}
}
}
return SecModule.SecurityPackages;
}
