/// <summary> /// Updates security context, proceeds input token and generates output token /// </summary> public void UpdateSecurityContext( SecurityContext context, SecurityContextAttributes contextAttributes, byte[] inputToken, out byte[] outputToken) { // parameters validation if (context == null) { throw new ArgumentNullException("credentials"); } if (inputToken == null) { throw new ArgumentNullException("inputToken"); } // prepare requirements for context uint contextReq = GetContextRequirements(context.Type == SecurityContextType.Server, contextAttributes); // prepare buffers SecurityBuffers inputBuffers = new SecurityBuffers(1); inputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_TOKEN, inputToken); SecurityBuffers outputBuffers = new SecurityBuffers(1); outputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_TOKEN, _secPackage.MaxToken); // update context Int64 credHandle = context.credentials.Handle; Int64 contextHandle = context.Handle; uint contextAttribs; int error; if (context.Type == SecurityContextType.Client) { error = SSPINative.InitializeSecurityContext( ref credHandle, ref contextHandle, null, contextReq, 0, SSPINative.SECURITY_NETWORK_DREP, inputBuffers, 0, IntPtr.Zero, outputBuffers, out contextAttribs, IntPtr.Zero); } else { error = SSPINative.AcceptSecurityContext( ref credHandle, ref contextHandle, inputBuffers, contextReq, SSPINative.SECURITY_NETWORK_DREP, IntPtr.Zero, outputBuffers, out contextAttribs, IntPtr.Zero); } inputBuffers.Dispose(); // check context state bool continueNeeded = false; bool completeNeeded = false; switch (error) { case Win32.ERROR_SUCCESS: break; case SSPINative.SEC_I_CONTINUE_NEEDED: continueNeeded = true; break; case SSPINative.SEC_I_COMPLETE_NEEDED: completeNeeded = true; break; case SSPINative.SEC_I_COMPLETE_AND_CONTINUE: continueNeeded = true; completeNeeded = true; break; default: throw new SSPIException(error, "Could not update security context"); } if (completeNeeded) { // complete context error = SSPINative.CompleteAuthToken(ref contextHandle, outputBuffers); if (error < 0) { throw new SSPIException(error, "Could not complete security context"); } } // get output token outputToken = outputBuffers.GetBuffer(0); outputBuffers.Dispose(); // update context object state if (!continueNeeded) { context.SetCompleted(); } }
/// <summary> /// Creates security context and generates client token /// </summary> public SecurityContext CreateSecurityContext( SecurityCredentials credentials, SecurityContextAttributes contextAttributes, string targetName, out byte[] outputToken) { // parameters validation if (credentials == null) { throw new ArgumentNullException("credentials"); } // prepare requirements for context uint contextReq = GetContextRequirements(false, contextAttributes); // prepare buffers SecurityBuffers outputBuffers = new SecurityBuffers(1); outputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_TOKEN, _secPackage.MaxToken); // create context Int64 credHandle = credentials.Handle; Int64 newContextHandle; Int64 contextExpiry; uint contextAttribs; int error = SSPINative.InitializeSecurityContext( ref credHandle, IntPtr.Zero, targetName, contextReq, 0, SSPINative.SECURITY_NETWORK_DREP, null, 0, out newContextHandle, outputBuffers, out contextAttribs, out contextExpiry); // check context state bool continueNeeded = false; bool completeNeeded = false; switch (error) { case Win32.ERROR_SUCCESS: break; case SSPINative.SEC_I_CONTINUE_NEEDED: continueNeeded = true; break; case SSPINative.SEC_I_COMPLETE_NEEDED: completeNeeded = true; break; case SSPINative.SEC_I_COMPLETE_AND_CONTINUE: continueNeeded = true; completeNeeded = true; break; default: throw new SSPIException(error, "Could not create security context"); } if (completeNeeded) { // complete context error = SSPINative.CompleteAuthToken(ref newContextHandle, outputBuffers); if (error < 0) { throw new SSPIException(error, "Could not complete security context"); } } // get output token outputToken = outputBuffers.GetBuffer(0); outputBuffers.Dispose(); // create context object SecurityContextState contextState = (continueNeeded ? SecurityContextState.ContinueNeeded : SecurityContextState.Completed); return(new SecurityContext(credentials, newContextHandle, contextExpiry, SecurityContextType.Client, contextState)); }