private SafeCredentialReference(SafeFreeCredentials target)
{
bool success = false;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
target.DangerousAddRef(ref success);
}
catch
{
if (success)
{
target.DangerousRelease();
success = false;
}
}
finally
{
if (success)
{
this._Target = target;
base.SetHandle(new IntPtr(0));
}
}
}
internal static SafeCredentialReference CreateReference(SafeFreeCredentials target)
{
SafeCredentialReference reference = new SafeCredentialReference(target);
if (reference.IsInvalid)
{
return null;
}
return reference;
}
public static unsafe int AcquireCredentialsHandle(SecurDll dll, string package, CredentialUse intent, ref SecureCredential authdata, out SafeFreeCredentials outCredential)
{
int num = -1;
IntPtr certContextArray = authdata.certContextArray;
try
{
long num2;
IntPtr ptr2 = new IntPtr((void*) &certContextArray);
if (certContextArray != IntPtr.Zero)
{
authdata.certContextArray = ptr2;
}
switch (dll)
{
case SecurDll.SECURITY:
outCredential = new SafeFreeCredential_SECURITY();
RuntimeHelpers.PrepareConstrainedRegions();
try
{
goto Label_00C5;
}
finally
{
num = UnsafeNclNativeMethods.SafeNetHandles_SECURITY.AcquireCredentialsHandleW(null, package, (int) intent, null, ref authdata, null, null, ref outCredential._handle, out num2);
}
break;
case SecurDll.SCHANNEL:
break;
default:
goto Label_0093;
}
outCredential = new SafeFreeCredential_SCHANNEL();
RuntimeHelpers.PrepareConstrainedRegions();
try
{
goto Label_00C5;
}
finally
{
num = UnsafeNclNativeMethods.SafeNetHandles_SCHANNEL.AcquireCredentialsHandleA(null, package, (int) intent, null, ref authdata, null, null, ref outCredential._handle, out num2);
}
Label_0093:;
throw new ArgumentException(SR.GetString("net_invalid_enum", new object[] { "SecurDll" }), "Dll");
}
finally
{
authdata.certContextArray = certContextArray;
}
Label_00C5:
if (num != 0)
{
outCredential.SetHandleAsInvalid();
}
return num;
}
protected override bool ReleaseHandle()
{
SafeFreeCredentials credentials = this._Target;
if (credentials != null)
{
credentials.DangerousRelease();
}
this._Target = null;
return true;
}
internal static int AcceptSecurityContext(SSPIInterface SecModule, ref SafeFreeCredentials credential, ref SafeDeleteContext context, ContextFlags inFlags, Endianness datarep, SecurityBuffer inputBuffer, SecurityBuffer outputBuffer, ref ContextFlags outFlags)
{
if (Logging.On)
{
Logging.PrintInfo(Logging.Web, string.Concat(new object[] { "AcceptSecurityContext(credential = ", credential.ToString(), ", context = ", ValidationHelper.ToString(context), ", inFlags = ", inFlags, ")" }));
}
int num = SecModule.AcceptSecurityContext(ref credential, ref context, inputBuffer, inFlags, datarep, outputBuffer, ref outFlags);
if (Logging.On)
{
Logging.PrintInfo(Logging.Web, SR.GetString("net_log_sspi_security_context_input_buffer", new object[] { "AcceptSecurityContext", (inputBuffer == null) ? 0 : inputBuffer.size, outputBuffer.size, (SecurityStatus) num }));
}
return num;
}
public static int AcquireCredentialsHandle(SecurDll dll, string package, CredentialUse intent, ref AuthIdentity authdata, out SafeFreeCredentials outCredential)
{
long num2;
int num = -1;
switch (dll)
{
case SecurDll.SECURITY:
outCredential = new SafeFreeCredential_SECURITY();
RuntimeHelpers.PrepareConstrainedRegions();
try
{
goto Label_008D;
}
finally
{
num = UnsafeNclNativeMethods.SafeNetHandles_SECURITY.AcquireCredentialsHandleW(null, package, (int) intent, null, ref authdata, null, null, ref outCredential._handle, out num2);
}
break;
case SecurDll.SECUR32:
break;
default:
goto Label_0068;
}
outCredential = new SafeFreeCredential_SECUR32();
RuntimeHelpers.PrepareConstrainedRegions();
try
{
goto Label_008D;
}
finally
{
num = UnsafeNclNativeMethods.SafeNetHandles_SECUR32.AcquireCredentialsHandleA(null, package, (int) intent, null, ref authdata, null, null, ref outCredential._handle, out num2);
}
Label_0068:;
throw new ArgumentException(SR.GetString("net_invalid_enum", new object[] { "SecurDll" }), "Dll");
Label_008D:
if (num != 0)
{
outCredential.SetHandleAsInvalid();
}
return num;
}
public static SafeFreeCredentials AcquireCredentialsHandle(SSPIInterface secModule, string package, Interop.SspiCli.CredentialUse intent, ref SafeSspiAuthDataHandle authdata)
{
if (NetEventSource.IsEnabled)
{
NetEventSource.Log.AcquireCredentialsHandle(package, intent, authdata);
}
SafeFreeCredentials credentialsHandle = null;
int errorCode = secModule.AcquireCredentialsHandle(package, intent, ref authdata, out credentialsHandle);
if (errorCode != 0)
{
if (NetEventSource.IsEnabled)
{
NetEventSource.Error(null, SR.Format(SR.net_log_operation_failed_with_error, nameof(AcquireCredentialsHandle), $"0x{errorCode:X}"));
}
throw new Win32Exception(errorCode);
}
return(credentialsHandle);
}
public static SafeFreeCredentials AcquireDefaultCredential(SSPIInterface secModule, string package, Interop.SspiCli.CredentialUse intent)
{
if (NetEventSource.IsEnabled)
{
NetEventSource.Enter(null, package);
NetEventSource.Log.AcquireDefaultCredential(package, intent);
}
SafeFreeCredentials outCredential = null;
int errorCode = secModule.AcquireDefaultCredential(package, intent, out outCredential);
if (errorCode != 0)
{
if (NetEventSource.IsEnabled)
{
NetEventSource.Error(null, SR.Format(SR.net_log_operation_failed_with_error, nameof(AcquireDefaultCredential), $"0x{errorCode:X}"));
}
throw new Win32Exception(errorCode);
}
return(outCredential);
}
internal static int InitializeSecurityContext(SSPIInterface secModule, SafeFreeCredentials credential, ref SafeDeleteContext context, string targetName, Interop.Secur32.ContextFlags inFlags, Interop.Secur32.Endianness datarep, SecurityBuffer[] inputBuffers, SecurityBuffer outputBuffer, ref Interop.Secur32.ContextFlags outFlags)
{
if (Logging.On)
{
Logging.PrintInfo(Logging.Web,
"InitializeSecurityContext(" +
"credential = " + credential.ToString() + ", " +
"context = " + Logging.ObjectToString(context) + ", " +
"targetName = " + targetName + ", " +
"inFlags = " + inFlags + ")");
}
int errorCode = secModule.InitializeSecurityContext(credential, ref context, targetName, inFlags, datarep, inputBuffers, outputBuffer, ref outFlags);
if (Logging.On)
{
Logging.PrintInfo(Logging.Web, SR.Format(SR.net_log_sspi_security_context_input_buffers, "InitializeSecurityContext", (inputBuffers == null ? 0 : inputBuffers.Length), outputBuffer.size, (Interop.SecurityStatus)errorCode));
}
return(errorCode);
}
public static SafeFreeCredentials AcquireCredentialsHandle(SSPIInterface secModule, string package, Interop.Secur32.CredentialUse intent, Interop.Secur32.SecureCredential scc)
{
GlobalLog.Print("SSPIWrapper::AcquireCredentialsHandle#3(): using " + package);
if (Logging.On)
{
Logging.PrintInfo(Logging.Web,
"AcquireCredentialsHandle(" +
"package = " + package + ", " +
"intent = " + intent + ", " +
"scc = " + scc + ")");
}
SafeFreeCredentials outCredential = null;
int errorCode = secModule.AcquireCredentialsHandle(
package,
intent,
ref scc,
out outCredential
);
if (errorCode != 0)
{
#if TRACE_VERBOSE
GlobalLog.Print("SSPIWrapper::AcquireCredentialsHandle#3(): error " + Interop.MapSecurityStatus((uint)errorCode));
#endif
if (Logging.On)
{
Logging.PrintError(Logging.Web, SR.Format(SR.net_log_operation_failed_with_error, "AcquireCredentialsHandle()", String.Format(CultureInfo.CurrentCulture, "0X{0:X}", errorCode)));
}
throw new Win32Exception(errorCode);
}
#if TRACE_VERBOSE
GlobalLog.Print("SSPIWrapper::AcquireCredentialsHandle#3(): cred handle = " + outCredential.ToString());
#endif
return(outCredential);
}
public static SafeFreeCredentials AcquireCredentialsHandle(SSPIInterface secModule, string package, Interop.SspiCli.CredentialUse intent, ref SafeSspiAuthDataHandle authdata)
{
if (SecurityEventSource.Log.IsEnabled())
{
SecurityEventSource.AcquireCredentialsHandle(package, intent, authdata);
}
SafeFreeCredentials credentialsHandle = null;
int errorCode = secModule.AcquireCredentialsHandle(package, intent, ref authdata, out credentialsHandle);
if (errorCode != 0)
{
if (NetEventSource.Log.IsEnabled())
{
NetEventSource.PrintError(NetEventSource.ComponentType.Security, SR.Format(SR.net_log_operation_failed_with_error, "AcquireCredentialsHandle()", String.Format(CultureInfo.CurrentCulture, "0X{0:X}", errorCode)));
}
throw new Win32Exception(errorCode);
}
return(credentialsHandle);
}
private void Initialize(bool isServer, string package, NetworkCredential credential, string spn, ContextFlagsPal requestedContextFlags, ChannelBinding channelBinding)
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Print("NTAuthentication#" + LoggingHash.HashString(this) + "::.ctor() package:" + LoggingHash.ObjectToString(package) + " spn:" + LoggingHash.ObjectToString(spn) + " flags :" + requestedContextFlags.ToString());
}
_tokenSize = NegotiateStreamPal.QueryMaxTokenSize(package);
_isServer = isServer;
_spn = spn;
_securityContext = null;
_requestedContextFlags = requestedContextFlags;
_package = package;
_channelBinding = channelBinding;
if (GlobalLog.IsEnabled)
{
GlobalLog.Print("Peer SPN-> '" + _spn + "'");
}
//
// Check if we're using DefaultCredentials.
//
Debug.Assert(CredentialCache.DefaultCredentials == CredentialCache.DefaultNetworkCredentials);
if (credential == CredentialCache.DefaultCredentials)
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Print("NTAuthentication#" + LoggingHash.HashString(this) + "::.ctor(): using DefaultCredentials");
}
_credentialsHandle = NegotiateStreamPal.AcquireDefaultCredential(package, _isServer);
}
else
{
_credentialsHandle = NegotiateStreamPal.AcquireCredentialsHandle(package, _isServer, credential);
}
}
private static SecurityStatusPal HandshakeInternal(SafeFreeCredentials credential, ref SafeDeleteContext context,
SecurityBuffer inputBuffer, SecurityBuffer outputBuffer, bool isServer, bool remoteCertRequired)
{
Debug.Assert(!credential.IsInvalid);
try
{
if ((null == context) || context.IsInvalid)
{
context = new SafeDeleteContext(credential, isServer, remoteCertRequired);
}
byte[] output = null;
int outputSize;
bool done;
if (null == inputBuffer)
{
done = Interop.OpenSsl.DoSslHandshake(context.SslContext, null, 0, 0, out output, out outputSize);
}
else
{
done = Interop.OpenSsl.DoSslHandshake(context.SslContext, inputBuffer.token, inputBuffer.offset, inputBuffer.size, out output, out outputSize);
}
outputBuffer.size = outputSize;
outputBuffer.offset = 0;
outputBuffer.token = outputSize > 0 ? output : null;
return(done ? SecurityStatusPal.OK : SecurityStatusPal.ContinueNeeded);
}
catch
{
// TODO: This Debug.Fail is triggering on Linux in many test cases #4317
// Debug.Fail("Exception Caught. - " + ex);
return(SecurityStatusPal.InternalError);
}
}
private void Initialize(bool isServer, string package, NetworkCredential credential, string spn, ContextFlagsPal requestedContextFlags, ChannelBinding channelBinding)
{
if (NetEventSource.IsEnabled)
{
NetEventSource.Enter(this, package, spn, requestedContextFlags);
}
_tokenSize = NegotiateStreamPal.QueryMaxTokenSize(package);
_isServer = isServer;
_spn = spn;
_securityContext = null;
_requestedContextFlags = requestedContextFlags;
_package = package;
_channelBinding = channelBinding;
if (NetEventSource.IsEnabled)
{
NetEventSource.Info(this, $"Peer SPN-> '{_spn}'");
}
//
// Check if we're using DefaultCredentials.
//
Debug.Assert(CredentialCache.DefaultCredentials == CredentialCache.DefaultNetworkCredentials);
if (credential == CredentialCache.DefaultCredentials)
{
if (NetEventSource.IsEnabled)
{
NetEventSource.Info(this, "using DefaultCredentials");
}
_credentialsHandle = NegotiateStreamPal.AcquireDefaultCredential(package, _isServer);
}
else
{
_credentialsHandle = NegotiateStreamPal.AcquireCredentialsHandle(package, _isServer, credential);
}
}
private void Initialize(bool isServer, string package, NetworkCredential credential, string spn, ContextFlags requestedContextFlags, System.Security.Authentication.ExtendedProtection.ChannelBinding channelBinding)
{
this.m_TokenSize = SSPIWrapper.GetVerifyPackageInfo(GlobalSSPI.SSPIAuth, package, true).MaxToken;
this.m_IsServer = isServer;
this.m_Spn = spn;
this.m_SecurityContext = null;
this.m_RequestedContextFlags = requestedContextFlags;
this.m_Package = package;
this.m_ChannelBinding = channelBinding;
if (credential is SystemNetworkCredential)
{
this.m_CredentialsHandle = SSPIWrapper.AcquireDefaultCredential(GlobalSSPI.SSPIAuth, package, this.m_IsServer ? CredentialUse.Inbound : CredentialUse.Outbound);
this.m_UniqueUserId = "/S";
}
else
{
string userName = credential.InternalGetUserName();
string domain = credential.InternalGetDomain();
AuthIdentity authdata = new AuthIdentity(userName, credential.InternalGetPassword(), ((package == "WDigest") && ((domain == null) || (domain.Length == 0))) ? null : domain);
this.m_UniqueUserId = domain + "/" + userName + "/U";
this.m_CredentialsHandle = SSPIWrapper.AcquireCredentialsHandle(GlobalSSPI.SSPIAuth, package, this.m_IsServer ? CredentialUse.Inbound : CredentialUse.Outbound, ref authdata);
}
}
private static SecurityStatusPal HandshakeInternal(SafeFreeCredentials credential, ref SafeDeleteContext context,
SecurityBuffer inputBuffer, SecurityBuffer outputBuffer, bool isServer, bool remoteCertRequired)
{
Debug.Assert(!credential.IsInvalid);
try
{
if ((null == context) || context.IsInvalid)
{
context = new SafeDeleteSslContext(credential as SafeFreeSslCredentials, isServer, remoteCertRequired);
}
byte[] output = null;
int outputSize;
bool done;
if (null == inputBuffer)
{
done = Interop.OpenSsl.DoSslHandshake(((SafeDeleteSslContext)context).SslContext, null, 0, 0, out output, out outputSize);
}
else
{
done = Interop.OpenSsl.DoSslHandshake(((SafeDeleteSslContext)context).SslContext, inputBuffer.token, inputBuffer.offset, inputBuffer.size, out output, out outputSize);
}
outputBuffer.size = outputSize;
outputBuffer.offset = 0;
outputBuffer.token = outputSize > 0 ? output : null;
return(new SecurityStatusPal(done ? SecurityStatusPalErrorCode.OK : SecurityStatusPalErrorCode.ContinueNeeded));
}
catch (Exception exc)
{
return(new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError, exc));
}
}
public static SafeFreeCredentials AcquireCredentialsHandle(SSPIInterface SecModule, string package, CredentialUse intent, ref SafeSspiAuthDataHandle authdata)
{
if (Logging.On)
{
Logging.PrintInfo(Logging.Web,
"AcquireCredentialsHandle(" +
"package = " + package + ", " +
"intent = " + intent + ", " +
"authdata = " + authdata + ")");
}
SafeFreeCredentials credentialsHandle = null;
int errorCode = SecModule.AcquireCredentialsHandle(package, intent, ref authdata, out credentialsHandle);
if (errorCode != 0)
{
if (Logging.On)
{
Logging.PrintError(Logging.Web, SR.GetString(SR.net_log_operation_failed_with_error, "AcquireCredentialsHandle()", String.Format(CultureInfo.CurrentCulture, "0X{0:X}", errorCode)));
}
throw new Win32Exception(errorCode);
}
return(credentialsHandle);
}
public int AcquireCredentialsHandle(string moduleName, CredentialUse usage, ref SecureCredential authdata, out SafeFreeCredentials outCredential) {
return SafeFreeCredentials.AcquireCredentialsHandle(Library, moduleName, usage, ref authdata, out outCredential);
}
private int AcquireCredentialsHandle(string moduleName, bool IsInBoundCred, ref Interop.Secur32.SecureCredential authdata, out SafeFreeCredentials outCredential)
{
Interop.Secur32.CredentialUse intent = IsInBoundCred ? Interop.Secur32.CredentialUse.Inbound : Interop.Secur32.CredentialUse.Outbound;
return(SafeFreeCredentials.AcquireCredentialsHandle(moduleName, intent, ref authdata, out outCredential));
}
public int AcceptSecurityContext(SafeFreeCredentials credential, ref SafeDeleteContext context, ReadOnlySpan <SecurityBuffer> inputBuffers, Interop.SspiCli.ContextFlags inFlags, Interop.SspiCli.Endianness endianness, ref SecurityBuffer outputBuffer, ref Interop.SspiCli.ContextFlags outFlags)
{
return(SafeDeleteContext.AcceptSecurityContext(ref credential, ref context, inFlags, endianness, inputBuffers, ref outputBuffer, ref outFlags));
}
//-------------------------------------------------------------------
internal unsafe static int AcceptSecurityContext(
SecurDll dll,
ref SafeFreeCredentials inCredentials,
ref SafeDeleteContext refContext,
ContextFlags inFlags,
Endianness endianness,
SecurityBuffer inSecBuffer,
SecurityBuffer[] inSecBuffers,
SecurityBuffer outSecBuffer,
ref ContextFlags outFlags) {
#if TRAVE
GlobalLog.Enter("SafeDeleteContext::AcceptSecurityContex");
GlobalLog.Print(" DLL = " + dll);
GlobalLog.Print(" credential = " + inCredentials.ToString());
GlobalLog.Print(" refContext = " + ValidationHelper.ToString(refContext));
GlobalLog.Print(" inFlags = " + inFlags);
// GlobalLog.Print(" endianness = " + endianness);
// GlobalLog.Print(" inSecBuffer = " + SecurityBuffer.ToString(inSecBuffer));
//
if (inSecBuffers==null)
{
GlobalLog.Print(" inSecBuffers = (null)");
}
else
{
GlobalLog.Print(" inSecBuffers[] = length:" + inSecBuffers.Length);
// for (int index=0; index<inSecBuffers.Length; index++) { GlobalLog.Print(" inSecBuffers[" + index + "] = " + SecurityBuffer.ToString(inSecBuffers[index])); }
}
// GlobalLog.Print(" newContext = {ref} inContext");
// GlobalLog.Print(" outSecBuffer = " + SecurityBuffer.ToString(outSecBuffer));
// GlobalLog.Print(" outFlags = {ref} " + outFlags);
// GlobalLog.Print(" timestamp = null");
#endif
GlobalLog.Assert(outSecBuffer != null, "SafeDeleteContext::AcceptSecurityContext()|outSecBuffer != null");
GlobalLog.Assert(inSecBuffer == null || inSecBuffers == null, "SafeDeleteContext::AcceptSecurityContext()|inSecBuffer == null || inSecBuffers == null");
if (inCredentials == null)
{
throw new ArgumentNullException("inCredentials");
}
SecurityBufferDescriptor inSecurityBufferDescriptor = null;
if (inSecBuffer!=null)
{
inSecurityBufferDescriptor = new SecurityBufferDescriptor(1);
}
else if (inSecBuffers!=null)
{
inSecurityBufferDescriptor = new SecurityBufferDescriptor(inSecBuffers.Length);
}
SecurityBufferDescriptor outSecurityBufferDescriptor = new SecurityBufferDescriptor(1);
// actually this is returned in outFlags
bool isSspiAllocated = (inFlags & ContextFlags.AllocateMemory) != 0 ? true : false;
int errorCode = -1;
SSPIHandle contextHandle = new SSPIHandle();
if (refContext != null)
contextHandle = refContext._handle;
// these are pinned user byte arrays passed along with SecurityBuffers
GCHandle[] pinnedInBytes = null;
GCHandle pinnedOutBytes = new GCHandle();
// optional output buffer that may need to be freed
SafeFreeContextBuffer outFreeContextBuffer = null;
try
{
pinnedOutBytes = GCHandle.Alloc(outSecBuffer.token, GCHandleType.Pinned);
SecurityBufferStruct[] inUnmanagedBuffer = new SecurityBufferStruct[inSecurityBufferDescriptor==null ? 1:inSecurityBufferDescriptor.Count];
fixed (void* inUnmanagedBufferPtr = inUnmanagedBuffer)
{
if (inSecurityBufferDescriptor!=null)
{
// Fix Descriptor pointer that points to unmanaged SecurityBuffers
inSecurityBufferDescriptor.UnmanagedPointer = inUnmanagedBufferPtr;
pinnedInBytes = new GCHandle[inSecurityBufferDescriptor.Count];
SecurityBuffer securityBuffer;
for (int index = 0; index < inSecurityBufferDescriptor.Count; ++index)
{
securityBuffer = inSecBuffer!=null ? inSecBuffer : inSecBuffers[index];
if (securityBuffer!=null)
{
// Copy the SecurityBuffer content into unmanaged place holder
inUnmanagedBuffer[index].count = securityBuffer.size;
inUnmanagedBuffer[index].type = securityBuffer.type;
// use the unmanaged token if it's not null; otherwise use the managed buffer
if (securityBuffer.unmanagedToken != null)
{
inUnmanagedBuffer[index].token = securityBuffer.unmanagedToken.DangerousGetHandle();
}
else if (securityBuffer.token == null || securityBuffer.token.Length == 0)
{
inUnmanagedBuffer[index].token = IntPtr.Zero;
}
else
{
pinnedInBytes[index] = GCHandle.Alloc(securityBuffer.token, GCHandleType.Pinned);
inUnmanagedBuffer[index].token = Marshal.UnsafeAddrOfPinnedArrayElement(securityBuffer.token, securityBuffer.offset);
}
#if TRAVE
GlobalLog.Print("SecBuffer: cbBuffer:" + securityBuffer.size + " BufferType:" + securityBuffer.type);
#endif
}
}
}
SecurityBufferStruct[] outUnmanagedBuffer = new SecurityBufferStruct[1];
fixed (void* outUnmanagedBufferPtr = outUnmanagedBuffer)
{
// Fix Descriptor pointer that points to unmanaged SecurityBuffers
outSecurityBufferDescriptor.UnmanagedPointer = outUnmanagedBufferPtr;
// Copy the SecurityBuffer content into unmanaged place holder
outUnmanagedBuffer[0].count = outSecBuffer.size;
outUnmanagedBuffer[0].type = outSecBuffer.type;
if (outSecBuffer.token == null || outSecBuffer.token.Length == 0)
outUnmanagedBuffer[0].token = IntPtr.Zero;
else
outUnmanagedBuffer[0].token = Marshal.UnsafeAddrOfPinnedArrayElement(outSecBuffer.token, outSecBuffer.offset);
if (isSspiAllocated)
outFreeContextBuffer = SafeFreeContextBuffer.CreateEmptyHandle(dll);
switch (dll)
{
case SecurDll.SECURITY:
if (refContext == null || refContext.IsInvalid)
refContext = new SafeDeleteContext_SECURITY();
errorCode = MustRunAcceptSecurityContext_SECURITY(
ref inCredentials,
contextHandle.IsZero? null: &contextHandle,
inSecurityBufferDescriptor,
inFlags,
endianness,
refContext,
outSecurityBufferDescriptor,
ref outFlags,
outFreeContextBuffer
);
break;
default: throw new ArgumentException(SR.GetString(SR.net_invalid_enum, "SecurDll"), "Dll");
}
GlobalLog.Print("SafeDeleteContext:AcceptSecurityContext Marshalling OUT buffer");
// Get unmanaged buffer with index 0 as the only one passed into PInvoke
outSecBuffer.size = outUnmanagedBuffer[0].count;
outSecBuffer.type = outUnmanagedBuffer[0].type;
if (outSecBuffer.size > 0)
{
outSecBuffer.token = new byte[outSecBuffer.size];
Marshal.Copy(outUnmanagedBuffer[0].token, outSecBuffer.token, 0, outSecBuffer.size);
}
else
{
outSecBuffer.token = null;
}
}
}
}
finally {
if (pinnedInBytes!=null)
{
for (int index=0; index<pinnedInBytes.Length; index++)
{
if (pinnedInBytes[index].IsAllocated)
pinnedInBytes[index].Free();
}
}
if (pinnedOutBytes.IsAllocated)
pinnedOutBytes.Free();
if (outFreeContextBuffer != null)
outFreeContextBuffer.Close();
}
GlobalLog.Leave("SafeDeleteContext::AcceptSecurityContex() unmanaged AcceptSecurityContex()", "errorCode:0x" + errorCode.ToString("x8") + " refContext:" + ValidationHelper.ToString(refContext));
return errorCode;
}
private SafeCredentialReference(SafeFreeCredentials target): base()
{
// Bumps up the refcount on Target to signify that target handle is statically cached so
// its dispose should be postponed
bool b = false;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
target.DangerousAddRef(ref b);
}
catch
{
if (b)
{
target.DangerousRelease();
b = false;
}
}
finally
{
if (b)
{
_Target = target;
SetHandle(new IntPtr(0)); // make this handle valid
}
}
}
public unsafe static int AcquireCredentialsHandle( SecurDll dll,
string package,
CredentialUse intent,
ref SecureCredential authdata,
out SafeFreeCredentials outCredential
)
{
GlobalLog.Print("SafeFreeCredentials::AcquireCredentialsHandle#2("
+ dll + ","
+ package + ", "
+ intent + ", "
+ authdata + ")"
);
int errorCode = -1;
long timeStamp;
// If there is a certificate, wrap it into an array.
// Not threadsafe.
IntPtr copiedPtr = authdata.certContextArray;
try
{
IntPtr certArrayPtr = new IntPtr(&copiedPtr);
if (copiedPtr != IntPtr.Zero) {
authdata.certContextArray = certArrayPtr;
}
switch (dll) {
case SecurDll.SECURITY:
outCredential = new SafeFreeCredential_SECURITY();
RuntimeHelpers.PrepareConstrainedRegions();
try {} finally {
errorCode = UnsafeNclNativeMethods.SafeNetHandles_SECURITY.AcquireCredentialsHandleW(
null,
package,
(int)intent,
null,
ref authdata,
null,
null,
ref outCredential._handle,
out timeStamp
);
}
break;
default: throw new ArgumentException(SR.GetString(SR.net_invalid_enum, "SecurDll"), "Dll");
}
}
finally
{
authdata.certContextArray = copiedPtr;
}
#if TRAVE
GlobalLog.Print("Unmanaged::AcquireCredentialsHandle() returns 0x"
+ errorCode.ToString("x")
+ ", handle = " + outCredential.ToString()
);
#endif
if (errorCode != 0) {
outCredential.SetHandleAsInvalid();
}
return errorCode;
}
public static SecurityStatusPal InitializeSecurityContext(SafeFreeCredentials credential, ref SafeDeleteContext context, string targetName, SecurityBuffer[] inputBuffers, SecurityBuffer outputBuffer)
{
Debug.Assert(inputBuffers.Length == 2);
Debug.Assert(inputBuffers[1].token == null);
return(HandshakeInternal(credential, ref context, inputBuffers[0], outputBuffer, false, false));
}
internal static SecurityStatus AcceptSecurityContext(SSPIInterface SecModule, ref SafeFreeCredentials credential, ref SafeDeleteContext context, SecurityBuffer inputBuffer, SecurityBuffer outputBuffer, bool remoteCertRequired)
{
if (Logging.On)
{
Logging.PrintInfo(Logging.Web,
"AcceptSecurityContext(" +
"credential = " + credential.ToString() + ", " +
"context = " + Logging.ObjectToString(context) + ", " +
"remoteCertRequired = " + remoteCertRequired);
}
return(SecModule.AcceptSecurityContext(ref credential, ref context, inputBuffer, outputBuffer, remoteCertRequired));
}
internal static SecurityStatus InitializeSecurityContext(SSPIInterface SecModule, SafeFreeCredentials credential, ref SafeDeleteContext context, string targetName, SecurityBuffer[] inputBuffers, SecurityBuffer outputBuffer)
{
if (Logging.On)
{
Logging.PrintInfo(Logging.Web,
"InitializeSecurityContext(" +
"credential = " + credential.ToString() + ", " +
"context = " + Logging.ObjectToString(context) + ", " +
"targetName = " + targetName);
}
SecurityStatus errorCode = SecModule.InitializeSecurityContext(credential, ref context, targetName, inputBuffers, outputBuffer);
return(errorCode);
}
internal static SecurityStatus InitializeSecurityContext(SSPIInterface SecModule, ref SafeFreeCredentials credential, ref SafeDeleteContext context, string targetName, SecurityBuffer inputBuffer, SecurityBuffer outputBuffer)
{
if (Logging.On)
{
Logging.PrintInfo(Logging.Web,
"InitializeSecurityContext(" +
"credential = " + credential.ToString() + ", " +
"context = " + Logging.ObjectToString(context) + ", " +
"targetName = " + targetName);
}
SecurityStatus errorCode = SecModule.InitializeSecurityContext(ref credential, ref context, targetName, inputBuffer, outputBuffer);
if (Logging.On)
{
Logging.PrintInfo(Logging.Web, SR.Format(SR.net_log_sspi_security_context_input_buffer, "InitializeSecurityContext", (inputBuffer == null ? 0 : inputBuffer.size), outputBuffer.size, (SecurityStatus)errorCode));
}
return(errorCode);
}
internal static unsafe int InitializeSecurityContext(SecurDll dll, ref SafeFreeCredentials inCredentials, ref SafeDeleteContext refContext, string targetName, ContextFlags inFlags, Endianness endianness, SecurityBuffer inSecBuffer, SecurityBuffer[] inSecBuffers, SecurityBuffer outSecBuffer, ref ContextFlags outFlags)
{
if (inCredentials == null)
{
throw new ArgumentNullException("inCredentials");
}
SecurityBufferDescriptor inputBuffer = null;
if (inSecBuffer != null)
{
inputBuffer = new SecurityBufferDescriptor(1);
}
else if (inSecBuffers != null)
{
inputBuffer = new SecurityBufferDescriptor(inSecBuffers.Length);
}
SecurityBufferDescriptor outputBuffer = new SecurityBufferDescriptor(1);
bool flag = (inFlags & ContextFlags.AllocateMemory) != ContextFlags.Zero;
int num = -1;
SSPIHandle handle = new SSPIHandle();
if (refContext != null)
{
handle = refContext._handle;
}
GCHandle[] handleArray = null;
GCHandle handle2 = new GCHandle();
SafeFreeContextBuffer handleTemplate = null;
try
{
handle2 = GCHandle.Alloc(outSecBuffer.token, GCHandleType.Pinned);
SecurityBufferStruct[] structArray = new SecurityBufferStruct[(inputBuffer == null) ? 1 : inputBuffer.Count];
try
{
SecurityBufferStruct[] structArray3;
if (((structArray3 = structArray) == null) || (structArray3.Length == 0))
{
ptrRef = null;
goto Label_00A6;
}
fixed(IntPtr *ptrRef = structArray3)
{
Label_00A6:
if (inputBuffer != null)
{
inputBuffer.UnmanagedPointer = (void *)ptrRef;
handleArray = new GCHandle[inputBuffer.Count];
for (int i = 0; i < inputBuffer.Count; i++)
{
SecurityBuffer buffer2 = (inSecBuffer != null) ? inSecBuffer : inSecBuffers[i];
if (buffer2 != null)
{
structArray[i].count = buffer2.size;
structArray[i].type = buffer2.type;
if (buffer2.unmanagedToken != null)
{
structArray[i].token = buffer2.unmanagedToken.DangerousGetHandle();
}
else if ((buffer2.token == null) || (buffer2.token.Length == 0))
{
structArray[i].token = IntPtr.Zero;
}
else
{
handleArray[i] = GCHandle.Alloc(buffer2.token, GCHandleType.Pinned);
structArray[i].token = Marshal.UnsafeAddrOfPinnedArrayElement(buffer2.token, buffer2.offset);
}
}
}
}
SecurityBufferStruct[] structArray2 = new SecurityBufferStruct[1];
try
{
SecurityBufferStruct[] structArray4;
if (((structArray4 = structArray2) == null) || (structArray4.Length == 0))
{
ptrRef2 = null;
goto Label_01CC;
}
fixed(IntPtr *ptrRef2 = structArray4)
{
ref byte pinned numRef;
ref byte pinned numRef2;
Label_01CC:
outputBuffer.UnmanagedPointer = (void *)ptrRef2;
structArray2[0].count = outSecBuffer.size;
structArray2[0].type = outSecBuffer.type;
if ((outSecBuffer.token == null) || (outSecBuffer.token.Length == 0))
{
structArray2[0].token = IntPtr.Zero;
}
else
{
structArray2[0].token = Marshal.UnsafeAddrOfPinnedArrayElement(outSecBuffer.token, outSecBuffer.offset);
}
if (flag)
{
handleTemplate = SafeFreeContextBuffer.CreateEmptyHandle(dll);
}
switch (dll)
{
case SecurDll.SECURITY:
if ((refContext == null) || refContext.IsInvalid)
{
refContext = new SafeDeleteContext_SECURITY();
}
if ((targetName == null) || (targetName.Length == 0))
{
targetName = " ";
}
fixed(char *str = ((char *)targetName))
{
char *chPtr = str;
num = MustRunInitializeSecurityContext_SECURITY(ref inCredentials, handle.IsZero ? null : ((void *)&handle), (targetName == " ") ? null : ((byte *)chPtr), inFlags, endianness, inputBuffer, refContext, outputBuffer, ref outFlags, handleTemplate);
goto Label_044B;
}
break;
case SecurDll.SECUR32:
break;
case SecurDll.SCHANNEL:
goto Label_0381;
default:
goto Label_0423;
}
if ((refContext == null) || refContext.IsInvalid)
{
refContext = new SafeDeleteContext_SECUR32();
}
byte[] dummyBytes = SafeDeleteContext.dummyBytes;
if ((targetName != null) && (targetName.Length != 0))
{
dummyBytes = new byte[targetName.Length + 2];
Encoding.Default.GetBytes(targetName, 0, targetName.Length, dummyBytes, 0);
}
try
{
byte[] buffer5;
if (((buffer5 = dummyBytes) == null) || (buffer5.Length == 0))
{
numRef = null;
}
else
{
numRef = buffer5;
}
num = MustRunInitializeSecurityContext_SECUR32(ref inCredentials, handle.IsZero ? null : ((void *)&handle), (dummyBytes == SafeDeleteContext.dummyBytes) ? null : numRef, inFlags, endianness, inputBuffer, refContext, outputBuffer, ref outFlags, handleTemplate);
goto Label_044B;
}
finally
{
numRef = null;
}
Label_0381:
if ((refContext == null) || refContext.IsInvalid)
{
refContext = new SafeDeleteContext_SCHANNEL();
}
byte[] bytes = SafeDeleteContext.dummyBytes;
if ((targetName != null) && (targetName.Length != 0))
{
bytes = new byte[targetName.Length + 2];
Encoding.Default.GetBytes(targetName, 0, targetName.Length, bytes, 0);
}
try
{
byte[] buffer6;
if (((buffer6 = bytes) == null) || (buffer6.Length == 0))
{
numRef2 = null;
}
else
{
numRef2 = buffer6;
}
num = MustRunInitializeSecurityContext_SCHANNEL(ref inCredentials, handle.IsZero ? null : ((void *)&handle), (bytes == SafeDeleteContext.dummyBytes) ? null : numRef2, inFlags, endianness, inputBuffer, refContext, outputBuffer, ref outFlags, handleTemplate);
goto Label_044B;
}
finally
{
numRef2 = null;
}
Label_0423 :;
throw new ArgumentException(SR.GetString("net_invalid_enum", new object[] { "SecurDll" }), "Dll");
Label_044B:
outSecBuffer.size = structArray2[0].count;
outSecBuffer.type = structArray2[0].type;
if (outSecBuffer.size > 0)
{
outSecBuffer.token = new byte[outSecBuffer.size];
Marshal.Copy(structArray2[0].token, outSecBuffer.token, 0, outSecBuffer.size);
return(num);
}
outSecBuffer.token = null;
return(num);
}
}
finally
{
ptrRef2 = null;
}
return(num);
}
}
public int InitializeSecurityContext(SafeFreeCredentials credential, ref SafeDeleteContext context, string targetName, ContextFlags inFlags, Endianness endianness, SecurityBuffer[] inputBuffers, SecurityBuffer outputBuffer, ref ContextFlags outFlags) {
return SafeDeleteContext.InitializeSecurityContext(Library, ref credential, ref context, targetName, inFlags, endianness, null, inputBuffers, outputBuffer, ref outFlags);
}
public int AcceptSecurityContext(SafeFreeCredentials credential, ref SafeDeleteContext context, SecurityBuffer[] inputBuffers, ContextFlags inFlags, Endianness endianness, SecurityBuffer outputBuffer, ref ContextFlags outFlags) {
return SafeDeleteContext.AcceptSecurityContext(Library, ref credential, ref context, inFlags, endianness, null, inputBuffers, outputBuffer, ref outFlags);
}
public unsafe static int AcquireDefaultCredential( SecurDll dll,
string package,
CredentialUse intent,
out SafeFreeCredentials outCredential
)
{
GlobalLog.Print("SafeFreeCredentials::AcquireDefaultCredential("
+ dll + ","
+ package + ", "
+ intent + ")"
);
int errorCode = -1;
long timeStamp;
switch (dll) {
case SecurDll.SECURITY:
outCredential = new SafeFreeCredential_SECURITY();
RuntimeHelpers.PrepareConstrainedRegions();
try {} finally {
errorCode = UnsafeNclNativeMethods.SafeNetHandles_SECURITY.AcquireCredentialsHandleW(
null,
package,
(int)intent,
null,
IntPtr.Zero,
null,
null,
ref outCredential._handle,
out timeStamp
);
}
break;
default: throw new ArgumentException(SR.GetString(SR.net_invalid_enum, "SecurDll"), "Dll");
}
#if TRAVE
GlobalLog.Print("Unmanaged::AcquireCredentialsHandle() returns 0x"
+ errorCode.ToString("x")
+ ", handle = " + outCredential.ToString()
);
#endif
if (errorCode != 0) {
outCredential.SetHandleAsInvalid();
}
return errorCode;
}
// This overload is only called on Win7+ where SspiEncodeStringsAsAuthIdentity() was used to
// create the authData blob.
public unsafe static int AcquireCredentialsHandle(
string package,
CredentialUse intent,
ref SafeSspiAuthDataHandle authdata,
out SafeFreeCredentials outCredential
)
{
int errorCode = -1;
long timeStamp;
outCredential = new SafeFreeCredential_SECURITY();
RuntimeHelpers.PrepareConstrainedRegions();
try { }
finally
{
errorCode = UnsafeNclNativeMethods.SafeNetHandles_SECURITY.AcquireCredentialsHandleW(
null,
package,
(int)intent,
null,
authdata,
null,
null,
ref outCredential._handle,
out timeStamp
);
}
if (errorCode != 0)
{
outCredential.SetHandleAsInvalid();
}
return errorCode;
}
public int AcquireDefaultCredential(string moduleName, Interop.SspiCli.CredentialUse usage, out SafeFreeCredentials outCredential)
{
return(SafeFreeCredentials.AcquireDefaultCredential(moduleName, usage, out outCredential));
}
//
//
internal static SafeCredentialReference CreateReference(SafeFreeCredentials target)
{
SafeCredentialReference result = new SafeCredentialReference(target);
if (result.IsInvalid)
return null;
return result;
}
internal static unsafe int AcceptSecurityContext(SecurDll dll, ref SafeFreeCredentials inCredentials, ref SafeDeleteContext refContext, ContextFlags inFlags, Endianness endianness, SecurityBuffer inSecBuffer, SecurityBuffer[] inSecBuffers, SecurityBuffer outSecBuffer, ref ContextFlags outFlags)
{
if (inCredentials == null)
{
throw new ArgumentNullException("inCredentials");
}
SecurityBufferDescriptor inputBuffer = null;
if (inSecBuffer != null)
{
inputBuffer = new SecurityBufferDescriptor(1);
}
else if (inSecBuffers != null)
{
inputBuffer = new SecurityBufferDescriptor(inSecBuffers.Length);
}
SecurityBufferDescriptor outputBuffer = new SecurityBufferDescriptor(1);
bool flag = (inFlags & ContextFlags.AllocateMemory) != ContextFlags.Zero;
int num = -1;
SSPIHandle handle = new SSPIHandle();
if (refContext != null)
{
handle = refContext._handle;
}
GCHandle[] handleArray = null;
GCHandle handle2 = new GCHandle();
SafeFreeContextBuffer handleTemplate = null;
try
{
handle2 = GCHandle.Alloc(outSecBuffer.token, GCHandleType.Pinned);
SecurityBufferStruct[] structArray = new SecurityBufferStruct[(inputBuffer == null) ? 1 : inputBuffer.Count];
try
{
SecurityBufferStruct[] structArray3;
if (((structArray3 = structArray) == null) || (structArray3.Length == 0))
{
ptrRef = null;
goto Label_00A5;
}
fixed (IntPtr* ptrRef = structArray3)
{
Label_00A5:
if (inputBuffer != null)
{
inputBuffer.UnmanagedPointer = (void*) ptrRef;
handleArray = new GCHandle[inputBuffer.Count];
for (int i = 0; i < inputBuffer.Count; i++)
{
SecurityBuffer buffer2 = (inSecBuffer != null) ? inSecBuffer : inSecBuffers[i];
if (buffer2 != null)
{
structArray[i].count = buffer2.size;
structArray[i].type = buffer2.type;
if (buffer2.unmanagedToken != null)
{
structArray[i].token = buffer2.unmanagedToken.DangerousGetHandle();
}
else if ((buffer2.token == null) || (buffer2.token.Length == 0))
{
structArray[i].token = IntPtr.Zero;
}
else
{
handleArray[i] = GCHandle.Alloc(buffer2.token, GCHandleType.Pinned);
structArray[i].token = Marshal.UnsafeAddrOfPinnedArrayElement(buffer2.token, buffer2.offset);
}
}
}
}
SecurityBufferStruct[] structArray2 = new SecurityBufferStruct[1];
try
{
SecurityBufferStruct[] structArray4;
if (((structArray4 = structArray2) == null) || (structArray4.Length == 0))
{
ptrRef2 = null;
goto Label_01CB;
}
fixed (IntPtr* ptrRef2 = structArray4)
{
Label_01CB:
outputBuffer.UnmanagedPointer = (void*) ptrRef2;
structArray2[0].count = outSecBuffer.size;
structArray2[0].type = outSecBuffer.type;
if ((outSecBuffer.token == null) || (outSecBuffer.token.Length == 0))
{
structArray2[0].token = IntPtr.Zero;
}
else
{
structArray2[0].token = Marshal.UnsafeAddrOfPinnedArrayElement(outSecBuffer.token, outSecBuffer.offset);
}
if (flag)
{
handleTemplate = SafeFreeContextBuffer.CreateEmptyHandle(dll);
}
switch (dll)
{
case SecurDll.SECURITY:
if ((refContext == null) || refContext.IsInvalid)
{
refContext = new SafeDeleteContext_SECURITY();
}
num = MustRunAcceptSecurityContext_SECURITY(ref inCredentials, handle.IsZero ? null : ((void*) &handle), inputBuffer, inFlags, endianness, refContext, outputBuffer, ref outFlags, handleTemplate);
break;
case SecurDll.SECUR32:
if ((refContext == null) || refContext.IsInvalid)
{
refContext = new SafeDeleteContext_SECUR32();
}
num = MustRunAcceptSecurityContext_SECUR32(ref inCredentials, handle.IsZero ? null : ((void*) &handle), inputBuffer, inFlags, endianness, refContext, outputBuffer, ref outFlags, handleTemplate);
break;
case SecurDll.SCHANNEL:
if ((refContext == null) || refContext.IsInvalid)
{
refContext = new SafeDeleteContext_SCHANNEL();
}
num = MustRunAcceptSecurityContext_SCHANNEL(ref inCredentials, handle.IsZero ? null : ((void*) &handle), inputBuffer, inFlags, endianness, refContext, outputBuffer, ref outFlags, handleTemplate);
break;
default:
throw new ArgumentException(SR.GetString("net_invalid_enum", new object[] { "SecurDll" }), "Dll");
}
outSecBuffer.size = structArray2[0].count;
outSecBuffer.type = structArray2[0].type;
if (outSecBuffer.size > 0)
{
outSecBuffer.token = new byte[outSecBuffer.size];
Marshal.Copy(structArray2[0].token, outSecBuffer.token, 0, outSecBuffer.size);
return num;
}
outSecBuffer.token = null;
return num;
}
}
finally
{
ptrRef2 = null;
}
return num;
}
}
finally
{
ptrRef = null;
}
}
finally
{
if (handleArray != null)
{
for (int j = 0; j < handleArray.Length; j++)
{
if (handleArray[j].IsAllocated)
{
handleArray[j].Free();
}
}
}
if (handle2.IsAllocated)
{
handle2.Free();
}
if (handleTemplate != null)
{
handleTemplate.Close();
}
}
return num;
}
override protected bool ReleaseHandle()
{
SafeFreeCredentials target = _Target;
if (target != null)
target.DangerousRelease();
_Target = null;
return true;
}
public int AcquireDefaultCredential(string moduleName, CredentialUse usage, out SafeFreeCredentials outCredential)
{
return(SafeFreeCredentials.AcquireDefaultCredential(Library, moduleName, usage, out outCredential));
}
//
// After PINvoke call the method will fix the handleTemplate.handle with the returned value.
// The caller is responsible for creating a correct SafeFreeContextBuffer_XXX flavour or null can be passed if no handle is returned.
//
// Since it has a CER, this method can't have any references to imports from DLLs that may not exist on the system.
//
private static unsafe int MustRunAcceptSecurityContext_SECURITY(
ref SafeFreeCredentials inCredentials,
void* inContextPtr,
SecurityBufferDescriptor inputBuffer,
ContextFlags inFlags,
Endianness endianness,
SafeDeleteContext outContext,
SecurityBufferDescriptor outputBuffer,
ref ContextFlags outFlags,
SafeFreeContextBuffer handleTemplate)
{
int errorCode = (int) SecurityStatus.InvalidHandle;
bool b1 = false;
bool b2 = false;
// Run the body of this method as a non-interruptible block.
RuntimeHelpers.PrepareConstrainedRegions();
try
{
inCredentials.DangerousAddRef(ref b1);
outContext.DangerousAddRef(ref b2);
}
catch(Exception e)
{
if (b1)
{
inCredentials.DangerousRelease();
b1 = false;
}
if (b2)
{
outContext.DangerousRelease();
b2 = false;
}
if (!(e is ObjectDisposedException))
throw;
}
finally {
SSPIHandle credentialHandle = inCredentials._handle;
long timeStamp;
if (!b1)
{
// caller should retry
inCredentials = null;
}
else if (b1 && b2)
{
errorCode = UnsafeNclNativeMethods.SafeNetHandles_SECURITY.AcceptSecurityContext(
ref credentialHandle,
inContextPtr,
inputBuffer,
inFlags,
endianness,
ref outContext._handle,
outputBuffer,
ref outFlags,
out timeStamp);
//
// When a credential handle is first associated with the context we keep credential
// ref count bumped up to ensure ordered finalization.
// If the credential handle has been changed we de-ref the old one and associate the
// context with the new cred handle but only if the call was successful.
if (outContext._EffectiveCredential != inCredentials && (errorCode & 0x80000000) == 0)
{
// Disassociate the previous credential handle
if (outContext._EffectiveCredential != null)
outContext._EffectiveCredential.DangerousRelease();
outContext._EffectiveCredential = inCredentials;
}
else
{
inCredentials.DangerousRelease();
}
outContext.DangerousRelease();
// The idea is that SSPI has allocated a block and filled up outUnmanagedBuffer+8 slot with the pointer.
if (handleTemplate != null)
{
handleTemplate.Set(((SecurityBufferStruct*)outputBuffer.UnmanagedPointer)->token); //ATTN: on 64 BIT that is still +8 cause of 2* c++ unsigned long == 8 bytes
if (handleTemplate.IsInvalid)
{
handleTemplate.SetHandleAsInvalid();
}
}
}
if (inContextPtr == null && (errorCode & 0x80000000) != 0)
{
// an error on the first call, need to set the out handle to invalid value
outContext._handle.SetToInvalid();
}
}
return errorCode;
}
public int AcquireCredentialsHandle(string moduleName, CredentialUse usage, ref SecureCredential authdata, out SafeFreeCredentials outCredential)
{
return(SafeFreeCredentials.AcquireCredentialsHandle(Library, moduleName, usage, ref authdata, out outCredential));
}
public int AcceptSecurityContext(SafeFreeCredentials credential, ref SafeDeleteContext context, SecurityBuffer[] inputBuffers, ContextFlags inFlags, Endianness endianness, SecurityBuffer outputBuffer, ref ContextFlags outFlags)
{
return(SafeDeleteContext.AcceptSecurityContext(Library, ref credential, ref context, inFlags, endianness, null, inputBuffers, outputBuffer, ref outFlags));
}
public static SecurityStatusPal AcceptSecurityContext(ref SafeFreeCredentials credential, ref SafeDeleteContext context,
SecurityBuffer inputBuffer, SecurityBuffer outputBuffer, bool remoteCertRequired)
{
return(HandshakeInternal(credential, ref context, inputBuffer, outputBuffer, true, remoteCertRequired));
}
public int InitializeSecurityContext(ref SafeFreeCredentials credential, ref SafeDeleteContext context, string targetName, Interop.SspiCli.ContextFlags inFlags, Interop.SspiCli.Endianness endianness, ReadOnlySpan <SecurityBuffer> inputBuffers, ref SecurityBuffer outputBuffer, ref Interop.SspiCli.ContextFlags outFlags)
{
return(SafeDeleteContext.InitializeSecurityContext(ref credential, ref context, targetName, inFlags, endianness, inputBuffers, ref outputBuffer, ref outFlags));
}
public int AcquireCredentialsHandle(string moduleName, CredentialUse usage, ref SafeSspiAuthDataHandle authdata, out SafeFreeCredentials outCredential) {
return SafeFreeCredentials.AcquireCredentialsHandle(moduleName, usage, ref authdata, out outCredential);
}
public int InitializeSecurityContext(ref SafeFreeCredentials credential, ref SafeDeleteContext context, string targetName, ContextFlags inFlags, Endianness endianness, SecurityBuffer inputBuffer, SecurityBuffer outputBuffer, ref ContextFlags outFlags)
{
return(SafeDeleteContext.InitializeSecurityContext(Library, ref credential, ref context, targetName, inFlags, endianness, inputBuffer, null, outputBuffer, ref outFlags));
}
public int AcquireDefaultCredential(string moduleName, CredentialUse usage, out SafeFreeCredentials outCredential) {
return SafeFreeCredentials.AcquireDefaultCredential(Library, moduleName, usage, out outCredential);
}
public static SecurityStatusPal InitializeSecurityContext(ref SafeFreeCredentials credential, ref SafeDeleteContext context,
string targetName, SecurityBuffer inputBuffer, SecurityBuffer outputBuffer)
{
return(HandshakeInternal(credential, ref context, inputBuffer, outputBuffer, false, false));
}
internal static unsafe int InitializeSecurityContext(SecurDll dll, ref SafeFreeCredentials inCredentials, ref SafeDeleteContext refContext, string targetName, ContextFlags inFlags, Endianness endianness, SecurityBuffer inSecBuffer, SecurityBuffer[] inSecBuffers, SecurityBuffer outSecBuffer, ref ContextFlags outFlags)
{
if (inCredentials == null)
{
throw new ArgumentNullException("inCredentials");
}
SecurityBufferDescriptor inputBuffer = null;
if (inSecBuffer != null)
{
inputBuffer = new SecurityBufferDescriptor(1);
}
else if (inSecBuffers != null)
{
inputBuffer = new SecurityBufferDescriptor(inSecBuffers.Length);
}
SecurityBufferDescriptor outputBuffer = new SecurityBufferDescriptor(1);
bool flag = (inFlags & ContextFlags.AllocateMemory) != ContextFlags.Zero;
int num = -1;
SSPIHandle handle = new SSPIHandle();
if (refContext != null)
{
handle = refContext._handle;
}
GCHandle[] handleArray = null;
GCHandle handle2 = new GCHandle();
SafeFreeContextBuffer handleTemplate = null;
try
{
handle2 = GCHandle.Alloc(outSecBuffer.token, GCHandleType.Pinned);
SecurityBufferStruct[] structArray = new SecurityBufferStruct[(inputBuffer == null) ? 1 : inputBuffer.Count];
try
{
SecurityBufferStruct[] structArray3;
if (((structArray3 = structArray) == null) || (structArray3.Length == 0))
{
ptrRef = null;
goto Label_00A6;
}
fixed (IntPtr* ptrRef = structArray3)
{
Label_00A6:
if (inputBuffer != null)
{
inputBuffer.UnmanagedPointer = (void*) ptrRef;
handleArray = new GCHandle[inputBuffer.Count];
for (int i = 0; i < inputBuffer.Count; i++)
{
SecurityBuffer buffer2 = (inSecBuffer != null) ? inSecBuffer : inSecBuffers[i];
if (buffer2 != null)
{
structArray[i].count = buffer2.size;
structArray[i].type = buffer2.type;
if (buffer2.unmanagedToken != null)
{
structArray[i].token = buffer2.unmanagedToken.DangerousGetHandle();
}
else if ((buffer2.token == null) || (buffer2.token.Length == 0))
{
structArray[i].token = IntPtr.Zero;
}
else
{
handleArray[i] = GCHandle.Alloc(buffer2.token, GCHandleType.Pinned);
structArray[i].token = Marshal.UnsafeAddrOfPinnedArrayElement(buffer2.token, buffer2.offset);
}
}
}
}
SecurityBufferStruct[] structArray2 = new SecurityBufferStruct[1];
try
{
SecurityBufferStruct[] structArray4;
if (((structArray4 = structArray2) == null) || (structArray4.Length == 0))
{
ptrRef2 = null;
goto Label_01CC;
}
fixed (IntPtr* ptrRef2 = structArray4)
{
ref byte pinned numRef;
ref byte pinned numRef2;
Label_01CC:
outputBuffer.UnmanagedPointer = (void*) ptrRef2;
structArray2[0].count = outSecBuffer.size;
structArray2[0].type = outSecBuffer.type;
if ((outSecBuffer.token == null) || (outSecBuffer.token.Length == 0))
{
structArray2[0].token = IntPtr.Zero;
}
else
{
structArray2[0].token = Marshal.UnsafeAddrOfPinnedArrayElement(outSecBuffer.token, outSecBuffer.offset);
}
if (flag)
{
handleTemplate = SafeFreeContextBuffer.CreateEmptyHandle(dll);
}
switch (dll)
{
case SecurDll.SECURITY:
if ((refContext == null) || refContext.IsInvalid)
{
refContext = new SafeDeleteContext_SECURITY();
}
if ((targetName == null) || (targetName.Length == 0))
{
targetName = " ";
}
fixed (char* str = ((char*) targetName))
{
char* chPtr = str;
num = MustRunInitializeSecurityContext_SECURITY(ref inCredentials, handle.IsZero ? null : ((void*) &handle), (targetName == " ") ? null : ((byte*) chPtr), inFlags, endianness, inputBuffer, refContext, outputBuffer, ref outFlags, handleTemplate);
goto Label_044B;
}
break;
case SecurDll.SECUR32:
break;
case SecurDll.SCHANNEL:
goto Label_0381;
default:
goto Label_0423;
}
if ((refContext == null) || refContext.IsInvalid)
{
refContext = new SafeDeleteContext_SECUR32();
}
byte[] dummyBytes = SafeDeleteContext.dummyBytes;
if ((targetName != null) && (targetName.Length != 0))
{
dummyBytes = new byte[targetName.Length + 2];
Encoding.Default.GetBytes(targetName, 0, targetName.Length, dummyBytes, 0);
}
try
{
byte[] buffer5;
if (((buffer5 = dummyBytes) == null) || (buffer5.Length == 0))
{
numRef = null;
}
else
{
numRef = buffer5;
}
num = MustRunInitializeSecurityContext_SECUR32(ref inCredentials, handle.IsZero ? null : ((void*) &handle), (dummyBytes == SafeDeleteContext.dummyBytes) ? null : numRef, inFlags, endianness, inputBuffer, refContext, outputBuffer, ref outFlags, handleTemplate);
goto Label_044B;
}
finally
{
numRef = null;
}
Label_0381:
if ((refContext == null) || refContext.IsInvalid)
{
refContext = new SafeDeleteContext_SCHANNEL();
}
byte[] bytes = SafeDeleteContext.dummyBytes;
if ((targetName != null) && (targetName.Length != 0))
{
bytes = new byte[targetName.Length + 2];
Encoding.Default.GetBytes(targetName, 0, targetName.Length, bytes, 0);
}
try
{
byte[] buffer6;
if (((buffer6 = bytes) == null) || (buffer6.Length == 0))
{
numRef2 = null;
}
else
{
numRef2 = buffer6;
}
num = MustRunInitializeSecurityContext_SCHANNEL(ref inCredentials, handle.IsZero ? null : ((void*) &handle), (bytes == SafeDeleteContext.dummyBytes) ? null : numRef2, inFlags, endianness, inputBuffer, refContext, outputBuffer, ref outFlags, handleTemplate);
goto Label_044B;
}
finally
{
numRef2 = null;
}
Label_0423:;
throw new ArgumentException(SR.GetString("net_invalid_enum", new object[] { "SecurDll" }), "Dll");
Label_044B:
outSecBuffer.size = structArray2[0].count;
outSecBuffer.type = structArray2[0].type;
if (outSecBuffer.size > 0)
{
outSecBuffer.token = new byte[outSecBuffer.size];
Marshal.Copy(structArray2[0].token, outSecBuffer.token, 0, outSecBuffer.size);
return num;
}
outSecBuffer.token = null;
return num;
}
}
finally
{
ptrRef2 = null;
}
return num;
}
}
public int AcquireCredentialsHandle(string moduleName, Interop.SspiCli.CredentialUse usage, ref SafeSspiAuthDataHandle authdata, out SafeFreeCredentials outCredential)
{
return(SafeFreeCredentials.AcquireCredentialsHandle(moduleName, usage, ref authdata, out outCredential));
}
private void Initialize(bool isServer, string package, NetworkCredential credential, string spn, Interop.SspiCli.ContextFlags requestedContextFlags, ChannelBinding channelBinding)
{
GlobalLog.Print("NTAuthentication#" + LoggingHash.HashString(this) + "::.ctor() package:" + LoggingHash.ObjectToString(package) + " spn:" + LoggingHash.ObjectToString(spn) + " flags :" + requestedContextFlags.ToString());
_tokenSize = SSPIWrapper.GetVerifyPackageInfo(GlobalSSPI.SSPIAuth, package, true).MaxToken;
_isServer = isServer;
_spn = spn;
_securityContext = null;
_requestedContextFlags = requestedContextFlags;
_package = package;
_channelBinding = channelBinding;
GlobalLog.Print("Peer SPN-> '" + _spn + "'");
//
// Check if we're using DefaultCredentials.
//
Debug.Assert(CredentialCache.DefaultCredentials == CredentialCache.DefaultNetworkCredentials);
if (credential == CredentialCache.DefaultCredentials)
{
GlobalLog.Print("NTAuthentication#" + LoggingHash.HashString(this) + "::.ctor(): using DefaultCredentials");
_credentialsHandle = SSPIWrapper.AcquireDefaultCredential(
GlobalSSPI.SSPIAuth,
package,
(_isServer ? Interop.SspiCli.CredentialUse.Inbound : Interop.SspiCli.CredentialUse.Outbound));
}
else
{
unsafe
{
SafeSspiAuthDataHandle authData = null;
try
{
Interop.SecurityStatus result = Interop.SspiCli.SspiEncodeStringsAsAuthIdentity(
credential.UserName, credential.Domain,
credential.Password, out authData);
if (result != Interop.SecurityStatus.OK)
{
if (NetEventSource.Log.IsEnabled())
{
NetEventSource.PrintError(
NetEventSource.ComponentType.Security,
SR.Format(
SR.net_log_operation_failed_with_error,
"SspiEncodeStringsAsAuthIdentity()",
String.Format(CultureInfo.CurrentCulture, "0x{0:X}", (int)result)));
}
throw new Win32Exception((int)result);
}
_credentialsHandle = SSPIWrapper.AcquireCredentialsHandle(GlobalSSPI.SSPIAuth,
package, (_isServer ? Interop.SspiCli.CredentialUse.Inbound : Interop.SspiCli.CredentialUse.Outbound), ref authData);
}
finally
{
if (authData != null)
{
authData.Dispose();
}
}
}
}
}
public unsafe int AcquireCredentialsHandle(string moduleName, Interop.SspiCli.CredentialUse usage, Interop.SspiCli.SCH_CREDENTIALS *authdata, out SafeFreeCredentials outCredential)
{
return(SafeFreeCredentials.AcquireCredentialsHandle(moduleName, usage, authdata, out outCredential));
}
public int AcquireCredentialsHandle(string moduleName, Interop.SspiCli.CredentialUse usage, ref Interop.SspiCli.SEC_WINNT_AUTH_IDENTITY_W authdata, out SafeFreeCredentials outCredential)
{
return(SafeFreeCredentials.AcquireCredentialsHandle(moduleName, usage, ref authdata, out outCredential));
}