private static bool GssInitSecurityContext(
ref SafeGssContextHandle?context,
SafeGssCredHandle credential,
bool isNtlm,
ChannelBinding?channelBinding,
SafeGssNameHandle?targetName,
Interop.NetSecurityNative.GssFlags inFlags,
byte[]?buffer,
out byte[]?outputBuffer,
out uint outFlags,
out bool isNtlmUsed)
{
outputBuffer = null;
outFlags = 0;
// EstablishSecurityContext is called multiple times in a session.
// In each call, we need to pass the context handle from the previous call.
// For the first call, the context handle will be null.
bool newContext = false;
if (context == null)
{
newContext = true;
context = new SafeGssContextHandle();
}
Interop.NetSecurityNative.GssBuffer token = default(Interop.NetSecurityNative.GssBuffer);
Interop.NetSecurityNative.Status status;
try
{
Interop.NetSecurityNative.Status minorStatus;
if (channelBinding != null)
{
// If a TLS channel binding token (cbt) is available then get the pointer
// to the application specific data.
int appDataOffset = Marshal.SizeOf <SecChannelBindings>();
Debug.Assert(appDataOffset < channelBinding.Size);
IntPtr cbtAppData = channelBinding.DangerousGetHandle() + appDataOffset;
int cbtAppDataSize = channelBinding.Size - appDataOffset;
status = Interop.NetSecurityNative.InitSecContext(out minorStatus,
credential,
ref context,
isNtlm,
cbtAppData,
cbtAppDataSize,
targetName,
(uint)inFlags,
buffer,
(buffer == null) ? 0 : buffer.Length,
ref token,
out outFlags,
out isNtlmUsed);
}
else
{
status = Interop.NetSecurityNative.InitSecContext(out minorStatus,
credential,
ref context,
isNtlm,
targetName,
(uint)inFlags,
buffer,
(buffer == null) ? 0 : buffer.Length,
ref token,
out outFlags,
out isNtlmUsed);
}
if ((status != Interop.NetSecurityNative.Status.GSS_S_COMPLETE) &&
(status != Interop.NetSecurityNative.Status.GSS_S_CONTINUE_NEEDED))
{
if (newContext)
{
context.Dispose();
context = null;
}
throw new Interop.NetSecurityNative.GssApiException(status, minorStatus);
}
outputBuffer = token.ToByteArray();
}
finally
{
token.Dispose();
}
return(status == Interop.NetSecurityNative.Status.GSS_S_COMPLETE);
}
internal static extern Status InitiateCredSpNego(
out Status minorStatus,
SafeGssNameHandle desiredName,
out SafeGssCredHandle outputCredHandle);
internal static extern Status AcquireAcceptorCred(
out Status minorStatus,
out SafeGssCredHandle outputCredHandle);
protected override bool ReleaseHandle()
{
_credential.DangerousRelease();
_credential = null !;
return(true);
}
public static void GetDefaultKerberosCredentials(string username, string password)
{
// Fetch a Kerberos TGT which gets saved in the default cache
SafeGssCredHandle.Create(username, password, string.Empty).Dispose();
}
internal static extern Status InitiateCredWithPassword(
out Status minorStatus,
SafeGssNameHandle desiredName,
string password,
int passwordLen,
out SafeGssCredHandle outputCredHandle);
internal static Status InitiateCredSpNego(
out Status minorStatus,
SafeGssNameHandle desiredName,
out SafeGssCredHandle outputCredHandle) => throw new PlatformNotSupportedException();