internal SecurityContext(
SecurityCredentials credentials,
Int64 contextHandle,
Int64 contextExpiry,
SecurityContextType contextType,
SecurityContextState contextState)
{
// parameters validation
if (credentials == null)
throw new ArgumentNullException("credentials");
if (contextHandle == 0)
throw new ArgumentNullException("contextHandle");
_credentials = credentials;
_contextHandle = contextHandle;
_contextExpiry = contextExpiry;
_contextType = contextType;
_contextState = contextState;
}
internal SecurityContext(
SecurityCredentials credentials,
Int64 contextHandle,
Int64 contextExpiry,
SecurityContextType contextType,
SecurityContextState contextState)
{
// parameters validation
if (credentials == null)
{
throw new ArgumentNullException("credentials");
}
if (contextHandle == 0)
{
throw new ArgumentNullException("contextHandle");
}
_credentials = credentials;
_contextHandle = contextHandle;
_contextExpiry = contextExpiry;
_contextType = contextType;
_contextState = contextState;
}
/// <summary>
/// Creates security context, proceeds client token and generates server token
/// </summary>
public SecurityContext AcceptSecurityContext(
SecurityCredentials credentials,
SecurityContextAttributes contextAttributes,
byte[] inputToken,
out byte[] outputToken)
{
// parameters validation
if (credentials == null)
{
throw new ArgumentNullException("credentials");
}
if (inputToken == null)
{
throw new ArgumentNullException("inputToken");
}
// prepare requirements for context
uint contextReq = GetContextRequirements(true, contextAttributes);
// prepare buffers
SecurityBuffers inputBuffers = new SecurityBuffers(1);
inputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_TOKEN, inputToken);
SecurityBuffers outputBuffers = new SecurityBuffers(1);
outputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_TOKEN, _secPackage.MaxToken);
// create context
Int64 credHandle = credentials.Handle;
Int64 newContextHandle;
Int64 contextExpiry;
uint contextAttribs;
int error = SSPINative.AcceptSecurityContext(
ref credHandle,
IntPtr.Zero,
inputBuffers,
contextReq,
SSPINative.SECURITY_NETWORK_DREP,
out newContextHandle,
outputBuffers,
out contextAttribs,
out contextExpiry);
inputBuffers.Dispose();
// check context state
bool continueNeeded = false;
bool completeNeeded = false;
switch (error)
{
case Win32.ERROR_SUCCESS:
break;
case SSPINative.SEC_I_CONTINUE_NEEDED:
continueNeeded = true;
break;
case SSPINative.SEC_I_COMPLETE_NEEDED:
completeNeeded = true;
break;
case SSPINative.SEC_I_COMPLETE_AND_CONTINUE:
continueNeeded = true;
completeNeeded = true;
break;
default:
throw new SSPIException(error, "Could not accept security context");
}
if (completeNeeded)
{
// complete context
error = SSPINative.CompleteAuthToken(ref newContextHandle, outputBuffers);
if (error < 0)
{
throw new SSPIException(error, "Could not complete security context");
}
}
// get output token
outputToken = outputBuffers.GetBuffer(0);
outputBuffers.Dispose();
// create context object
SecurityContextState contextState = (continueNeeded ? SecurityContextState.ContinueNeeded : SecurityContextState.Completed);
return(new SecurityContext(credentials, newContextHandle, contextExpiry, SecurityContextType.Server, contextState));
}
private string SendSspiAuthentication () {
try {
// initialize network transport
TransportClient client =
new TransportClient(this.Repository.CvsRoot.ToString(),
typeof(CvsTransport));
this.SetInputStream(new CvsStream(client.GetStream()));
this.SetOutputStream(this.InputStream);
this.OutputStream.SendString("BEGIN SSPI\n");
string[] names = System.Enum.GetNames(typeof(EncryptionType));
string protocols = string.Empty;
for (int i = 0; i < names.Length; i++) {
protocols += names[i];
if (i + 1 < names.Length) {
protocols += ",";
}
}
this.OutputStream.SendString(string.Format("{0}\n", protocols));
string authTypeResponse = this.InputStream.ReadLine();
CurrentEncryptionType = (EncryptionType)
System.Enum.Parse(typeof(EncryptionType), authTypeResponse);
// initialize authorization module
authModule =
new NTAuthModule(new SecurityPackage(CurrentEncryptionType.ToString()));
// acquire client credentials
clientCredentials =
authModule.AcquireSecurityCredentials(SecurityCredentialsType.OutBound, null);
byte[] clientToken;
byte[] serverToken;
// create client context
SecurityContext clientContext =
authModule.CreateSecurityContext(clientCredentials,
SecurityContextAttributes.Identify, null, out clientToken);
while (true) {
if (clientToken != null) {
// send client token to server
string clientTokenString =
Encoding.ASCII.GetString(clientToken, 54, 57);
this.OutputStream.SendString(
clientTokenString);
}
if (clientContext.State == SecurityContextState.Completed) {
// authentication completed
break;
}
// receive server token
serverToken =
Encoding.ASCII.GetBytes(this.InputStream.ReadToFirstWS());
// update security context
authModule.UpdateSecurityContext(clientContext,
SecurityContextAttributes.Identify, serverToken, out clientToken);
}
// AuthenticateClient(client);
return InputStream.ReadLine();
} catch (IOException e) {
String msg = "Failed to read line from server. " +
"It is possible that the remote server was down.";
LOGGER.Error (msg, e);
throw new AuthenticationException (msg);
}
}
/// <summary>
/// Creates security context and generates client token
/// </summary>
public SecurityContext CreateSecurityContext(
SecurityCredentials credentials,
SecurityContextAttributes contextAttributes,
string targetName,
out byte[] outputToken)
{
// parameters validation
if (credentials == null)
throw new ArgumentNullException("credentials");
// prepare requirements for context
uint contextReq = GetContextRequirements(false, contextAttributes);
// prepare buffers
SecurityBuffers outputBuffers = new SecurityBuffers(1);
outputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_TOKEN, _secPackage.MaxToken);
// create context
Int64 credHandle = credentials.Handle;
Int64 newContextHandle;
Int64 contextExpiry;
uint contextAttribs;
int error = SSPINative.InitializeSecurityContext(
ref credHandle,
IntPtr.Zero,
targetName,
contextReq,
0,
SSPINative.SECURITY_NETWORK_DREP,
null,
0,
out newContextHandle,
outputBuffers,
out contextAttribs,
out contextExpiry);
// check context state
bool continueNeeded = false;
bool completeNeeded = false;
switch (error)
{
case Win32.ERROR_SUCCESS:
break;
case SSPINative.SEC_I_CONTINUE_NEEDED:
continueNeeded = true;
break;
case SSPINative.SEC_I_COMPLETE_NEEDED:
completeNeeded = true;
break;
case SSPINative.SEC_I_COMPLETE_AND_CONTINUE:
continueNeeded = true;
completeNeeded = true;
break;
default:
throw new SSPIException(error, "Could not create security context");
}
if (completeNeeded)
{
// complete context
error = SSPINative.CompleteAuthToken(ref newContextHandle, outputBuffers);
if (error < 0)
throw new SSPIException(error, "Could not complete security context");
}
// get output token
outputToken = outputBuffers.GetBuffer(0);
outputBuffers.Dispose();
// create context object
SecurityContextState contextState = (continueNeeded ? SecurityContextState.ContinueNeeded : SecurityContextState.Completed);
return new SecurityContext(credentials, newContextHandle, contextExpiry, SecurityContextType.Client, contextState);
}
