internal static void FreeSchannelCred(SchannelCred schannelCred)
{
if (schannelCred.paCred != IntPtr.Zero)
{
Marshal.FreeHGlobal(schannelCred.paCred);
schannelCred.paCred = IntPtr.Zero;
}
}
internal static IntPtr CreateAuthData(SchannelCred schannelCred)
{
IntPtr pAuthData = Marshal.AllocHGlobal(Marshal.SizeOf(schannelCred));
Marshal.StructureToPtr(schannelCred, pAuthData, false);
return pAuthData;
}
internal static void DtlsAcquireCredentialsHandle(
SecurityPackageType packageType,
CertificateCredential certificateCredential,
string serverPrincipal,
uint fCredentialUse,
out SecurityHandle credentialHandle)
{
string stringPackage = SspiUtility.GetPackageStringName(packageType);
SecurityInteger expiryTime = new SecurityInteger();
uint enabledProtocols;
if (fCredentialUse == NativeMethods.SECPKG_CRED_OUTBOUND)
{
enabledProtocols = NativeMethods.SP_PROT_DTLS_CLIENT;
}
else
{
enabledProtocols = NativeMethods.SP_PROT_DTLS_SERVER;
}
SchannelCred schannelCred = new SchannelCred(certificateCredential, enabledProtocols);
CredSspCred sspCred = new CredSspCred();
IntPtr pAuthData = IntPtr.Zero;
if (packageType == SecurityPackageType.Schannel)
{
pAuthData = SspiUtility.CreateAuthData(schannelCred);
}
else if (packageType == SecurityPackageType.CredSsp)
{
sspCred.pSchannelCred = SspiUtility.CreateAuthData(schannelCred);
sspCred.pSpnegoCred = IntPtr.Zero;
sspCred.Type = CredSspSubmitType.CredsspSubmitBufferBoth;
pAuthData = SspiUtility.CreateAuthData(sspCred);
}
uint result = NativeMethods.AcquireCredentialsHandle(
null,
stringPackage,
fCredentialUse,
IntPtr.Zero,
pAuthData,
IntPtr.Zero,
IntPtr.Zero,
out credentialHandle,
out expiryTime);
//Free memory
SspiUtility.FreeSchannelCred(schannelCred);
if (pAuthData != IntPtr.Zero)
{
if (packageType == SecurityPackageType.CredSsp)
{
Marshal.FreeHGlobal(sspCred.pSchannelCred);
}
Marshal.FreeHGlobal(pAuthData);
}
if (result != NativeMethods.SEC_E_OK)
{
throw new SspiException("AquireCredentialsHandle fails.", result);
}
}
internal static void AcquireCredentialsHandle(
SecurityPackageType packageType,
AccountCredential accountCredential,
string serverPrincipal,
uint fCredentialUse,
out SecurityHandle credentialHandle)
{
string stringPackage = SspiUtility.GetPackageStringName(packageType);
SecurityInteger expiryTime;
SecurityWinntAuthIdentity authIdentity = new SecurityWinntAuthIdentity(accountCredential);
IntPtr pAuthData = IntPtr.Zero;
SchannelCred schannelCred = new SchannelCred();
schannelCred.dwVersion = NativeMethods.SCHANNEL_CRED_VERSION;
schannelCred.cCreds = 0;
schannelCred.paCred = IntPtr.Zero;
CredSspCred credSsp = new CredSspCred();
switch (packageType)
{
case SecurityPackageType.Ntlm:
case SecurityPackageType.Kerberos:
case SecurityPackageType.Negotiate:
pAuthData = SspiUtility.CreateAuthData(authIdentity);
break;
case SecurityPackageType.Schannel:
pAuthData = SspiUtility.CreateAuthData(schannelCred);
break;
case SecurityPackageType.CredSsp:
credSsp.Type = CredSspSubmitType.CredsspSubmitBufferBoth;
credSsp.pSchannelCred = CreateAuthData(schannelCred);
credSsp.pSpnegoCred = CreateAuthData(authIdentity);
pAuthData = CreateAuthData(credSsp);
break;
//default, if other values, exception will be thrown by GetPackageStringName.
default:
throw new ArgumentException("Invlid packageType value.", "packageType");
}
uint result = NativeMethods.AcquireCredentialsHandle(
serverPrincipal,
stringPackage,
fCredentialUse,
IntPtr.Zero,
pAuthData,
IntPtr.Zero,
IntPtr.Zero,
out credentialHandle,
out expiryTime);
//Free memory
switch (packageType)
{
case SecurityPackageType.Ntlm:
case SecurityPackageType.Kerberos:
case SecurityPackageType.Negotiate:
SspiUtility.FreeSecurityWinntAuthIdentity(authIdentity);
break;
case SecurityPackageType.Schannel:
stringPackage = Schannel;
SspiUtility.FreeSchannelCred(schannelCred);
break;
case SecurityPackageType.CredSsp:
SspiUtility.FreeSecurityWinntAuthIdentity(authIdentity);
SspiUtility.FreeSchannelCred(schannelCred);
SspiUtility.FreeCredSspCred(credSsp);
break;
//default, if other values, exception will be thrown by GetPackageStringName.
default:
throw new ArgumentException("Invlid packageType value.", "packageType");
}
Marshal.FreeHGlobal(pAuthData);
if (result != NativeMethods.SEC_E_OK)
{
throw new SspiException("AquireCredentialsHandle failed", result);
}
}
