static extern int InitializeSecurityContext( ref SECURITY_HANDLE phCredential, //PCredHandle ref SECURITY_HANDLE phContext, //PCtxtHandle string pszTargetName, int fContextReq, int Reserved1, int TargetDataRep, ref SecBufferDesc SecBufferDesc, //PSecBufferDesc SecBufferDesc int Reserved2, out SECURITY_HANDLE phNewContext, //PCtxtHandle out SecBufferDesc pOutput, //PSecBufferDesc SecBufferDesc out uint pfContextAttr, //managed ulong == 64 bits!!! out SECURITY_INTEGER ptsExpiry); //PTimeStamp
// This is what we use for all the token stuff. public void InitializeServer(byte[] clientToken, out byte[] serverToken, out bool bContinueProcessing) { serverToken = null; bContinueProcessing = true; SECURITY_INTEGER NewLifeTime = new SECURITY_INTEGER(0); if (!_bGotServerCredentials) { Console.WriteLine(_sAccountName); if (AcquireCredentialsHandle( _sAccountName, "Negotiate", SECPKG_CRED_INBOUND, IntPtr.Zero, IntPtr.Zero, 0, IntPtr.Zero, ref _hInboundCred, ref NewLifeTime) != SEC_E_OK) { throw new Exception("Couldn't acquire server credentials handle!!!"); } Console.WriteLine("AcquireCredentialsHandle DONE"); _bGotServerCredentials = true; } // SecBufferDesc ServerToken = new SecBufferDesc(MAX_TOKEN_SIZE); SecBufferDesc ClientToken = new SecBufferDesc(clientToken); // try { int ss = -1; uint uNewContextAttr = 0; if (!_bGotServerContext) // check if we have the context yet { ss = AcceptSecurityContext(ref _hInboundCred, // [in] handle to the credentials IntPtr.Zero, // [in/out] handle partially formed context. NULL the first time ref ClientToken, // [in] pointer to the input buffers STANDARD_CONTEXT_ATTRIBUTES, // [in] required context attributes SECURITY_NATIVE_DREP, // [in] data representation on the target out _hServerContext, // [in/out] receives the new context handle out ServerToken, // [in/out] pointer to the output buffers out uNewContextAttr, // [out] receives the context attributes out NewLifeTime); // [out] receives the life span of the security context Console.WriteLine("AcceptSecurityContext__1 DONE"); } else { ss = AcceptSecurityContext(ref _hInboundCred, // [in] handle to the credentials ref _hServerContext, // [in/out] handle of partially formed context. NULL the first time ref ClientToken, //NOT a token[InBuffDesc] // [in] pointer to the input buffers STANDARD_CONTEXT_ATTRIBUTES, // [in] required context attributes SECURITY_NATIVE_DREP, // [in] data representation on the target out _hServerContext, // [in/out] receives the new context handle out ServerToken, // [in/out] pointer to the output buffers out uNewContextAttr, // [out] receives the context attributes out NewLifeTime); // [out] receives the life span of the security context Console.WriteLine("AcceptSecurityContext__2 DONE"); } if (ss != SEC_E_OK && ss != SEC_I_CONTINUE_NEEDED) { Console.WriteLine("AcceptSecurityContext() failed!!!"); Console.WriteLine(new Win32Exception(Marshal.GetLastWin32Error())); } if (!_bGotServerContext) { _bGotServerContext = true; } serverToken = ServerToken.GetSecBufferByteArray(); bContinueProcessing = ss != SEC_E_OK; } finally { ClientToken.Dispose(); ServerToken.Dispose(); } }
public void InitializeClient(out byte[] clientToken, byte[] serverToken, out bool bContinueProcessing) { clientToken = null; bContinueProcessing = true; SECURITY_INTEGER ClientLifeTime = new SECURITY_INTEGER(0); if (!_bGotClientCredentials) // check if we already have a cred handle, if not call it. { if (AcquireCredentialsHandle( _sAccountName, // NULL // or _sAccountName = WindowsIdentity.GetCurrent().Name; "Negotiate", // lpPackageName = "Negotiate" SECPKG_CRED_OUTBOUND, // SECPKG_CRED_OUTBOUND IntPtr.Zero, // NULL IntPtr.Zero, // NULL 0, // NULL IntPtr.Zero, // NULL ref _hOutboundCred, // &hCred ref ClientLifeTime) != SEC_E_OK) //&Lifetime { throw new Exception("Couldn't acquire server credentials handle!!!"); } _bGotClientCredentials = true; } int ss = -1; SecBufferDesc ClientToken = new SecBufferDesc(MAX_TOKEN_SIZE); try { uint ContextAttributes = 0; if (serverToken == null) { ss = InitializeSecurityContext(ref _hOutboundCred, // hCred IntPtr.Zero, // NULL first time _sAccountName, // name of target "self", STANDARD_CONTEXT_ATTRIBUTES, // ISC_REQ_CONFIDENTIALITY // "null/sess options in flags!!!" 0, // 0 // Reserved1, SECURITY_NATIVE_DREP, // SECURITY_NATIVE_DREP IntPtr.Zero, // NULL // only first time 0, // 0 Reserved2, out _hClientContext, // pHandle CtxtHandle = SecHandle out ClientToken, // ref SecBufferDesc // output "Hash" out ContextAttributes, // ref int pfContextAttr, // out attributes [int] out ClientLifeTime); //ref IntPtr ptsExpiry ); //PTimeStamp } else { SecBufferDesc ServerToken = new SecBufferDesc(serverToken); try { ss = InitializeSecurityContext(ref _hOutboundCred, ref _hClientContext, _sAccountName, // null string pszTargetName, STANDARD_CONTEXT_ATTRIBUTES, 0, //int Reserved1, SECURITY_NATIVE_DREP, //int TargetDataRep ref ServerToken, //Always zero first time around... 0, //int Reserved2, out _hClientContext, //pHandle CtxtHandle = SecHandle out ClientToken, //ref SecBufferDesc pOutput, //PSecBufferDesc out ContextAttributes, //ref int pfContextAttr, out ClientLifeTime); //ref IntPtr ptsExpiry ); //PTimeStamp } finally { ServerToken.Dispose(); } } // if (ss != SEC_E_OK && ss != SEC_I_CONTINUE_NEEDED) { Console.WriteLine("InitializeSecurityContext() failed!!!"); Console.WriteLine(new Win32Exception(Marshal.GetLastWin32Error())); } clientToken = ClientToken.GetSecBufferByteArray(); } finally { ClientToken.Dispose(); } bContinueProcessing = ss != SEC_E_OK; }