private GetHostByName ( string hostName ) : |
||
hostName | string | |
return |
public Authorization Authenticate(string challenge, WebRequest webRequest, ICredentials credentials) { GlobalLog.Print("KerberosClient::Authenticate(): " + challenge); GlobalLog.Assert(credentials != null, "KerberosClient::Authenticate() credentials==null", ""); if (credentials == null) { return(null); } HttpWebRequest httpWebRequest = webRequest as HttpWebRequest; GlobalLog.Assert(httpWebRequest != null, "KerberosClient::Authenticate() httpWebRequest==null", ""); if (httpWebRequest == null || httpWebRequest.ChallengedUri == null) { // // there has been no challenge: // 1) the request never went on the wire // 2) somebody other than us is calling into AuthenticationManager // return(null); } int index = AuthenticationManager.FindSubstringNotInQuotes(challenge.ToLower(CultureInfo.InvariantCulture), Signature); if (index < 0) { return(null); } int blobBegin = index + SignatureSize; string incoming = null; // // there may be multiple challenges. If the next character after the // package name is not a comma then it is challenge data // if (challenge.Length > blobBegin && challenge[blobBegin] != ',') { ++blobBegin; } else { index = -1; } if (index >= 0 && challenge.Length > blobBegin) { incoming = challenge.Substring(blobBegin); } NTAuthentication authSession = sessions[httpWebRequest.CurrentAuthenticationState] as NTAuthentication; GlobalLog.Print("KerberosClient::Authenticate() key:" + ValidationHelper.HashString(httpWebRequest.CurrentAuthenticationState) + " retrieved authSession:" + ValidationHelper.HashString(authSession)); if (authSession == null) { NetworkCredential NC = credentials.GetCredential(httpWebRequest.ChallengedUri, Signature); GlobalLog.Print("KerberosClient::Authenticate() GetCredential() returns:" + ValidationHelper.ToString(NC)); if (NC == null) { return(null); } string username = NC.UserName; if (username == null || (username.Length == 0 && !(NC is SystemNetworkCredential))) { return(null); } if (httpWebRequest.ChallengedSpn == null) { string host = httpWebRequest.ChallengedUri.Host; if (httpWebRequest.ChallengedUri.HostNameType != UriHostNameType.IPv6 && httpWebRequest.ChallengedUri.HostNameType != UriHostNameType.IPv4 && host.IndexOf('.') == -1) { // only do the DNS lookup for short names, no form of IP addess (new DnsPermission(PermissionState.Unrestricted)).Assert(); try { host = Dns.GetHostByName(host).HostName; GlobalLog.Print("KerberosClient::Authenticate() Dns returned host:" + ValidationHelper.ToString(host)); } catch (Exception exception) { GlobalLog.Print("KerberosClient::Authenticate() GetHostByName(host) failed:" + ValidationHelper.ToString(exception)); } finally { DnsPermission.RevertAssert(); } } // CONSIDER V.NEXT // for now avoid appending the non default port to the // SPN, sometime in the future we'll have to do this. // httpWebRequest.ChallengedSpn = httpWebRequest.ChallengedUri.IsDefaultPort ? host : host + ":" + httpWebRequest.ChallengedUri.Port; httpWebRequest.ChallengedSpn = host; } GlobalLog.Print("KerberosClient::Authenticate() ChallengedSpn:" + ValidationHelper.ToString(httpWebRequest.ChallengedSpn)); authSession = new NTAuthentication( AuthType, NC, "HTTP/" + httpWebRequest.ChallengedSpn, httpWebRequest.DelegationFix); GlobalLog.Print("KerberosClient::Authenticate() adding authSession:" + ValidationHelper.HashString(authSession) + " for:" + ValidationHelper.HashString(httpWebRequest.CurrentAuthenticationState)); sessions.Add(httpWebRequest.CurrentAuthenticationState, authSession); } bool handshakeComplete; string clientResponse = authSession.GetOutgoingBlob(incoming, out handshakeComplete); if (clientResponse == null) { return(null); } return(new Authorization(AuthType + " " + clientResponse, false, string.Empty)); }
internal void Resolve() { // // if we already resolved this name then don't do it again // if (cached) { return; } // // IP wildcards are not resolved // if (wildcard) { return; } // // IP addresses with wildcards are allowed in permissions // if (IsValidWildcard) { wildcard = true; cached = true; return; } try { // // Check if the permission was specified as numeric IP, // "InetAddr" function will resolve it, otherwise it will // throw an exception that we catch below // IPAddress ipaddr = IPAddress.Parse(hostname); address = new IPAddress[1]; address[0] = ipaddr; cached = true; return; } catch (SecurityException) { throw; } catch { // ignore first exception } // // Not numeric: use GetHostByName to determine addresses // try { IPHostEntry hostInfo = Dns.GetHostByName(hostname); address = hostInfo.AddressList; // NB: It never caches DNS responses // } catch (SecurityException) { throw; } catch { // ignore second exception } }