private void InitializeClient(byte[] serverToken, out byte[] clientToken) { clientToken = null; SECURITY_INTEGER ClientLifeTime = new SECURITY_INTEGER(0); if (!_bGotClientCredentials) { uint returnValue = AcquireCredentialsHandle(null, "Kerberos", SECPKG_CRED_OUTBOUND, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, ref _hOutboundCred, ref ClientLifeTime); if (returnValue != SEC_E_OK) { throw new Exception("Couldn't acquire client credentials"); } _bGotClientCredentials = true; } uint ss; SecBufferDesc ClientToken = new SecBufferDesc(MAX_TOKEN_SIZE); try { uint ContextAttributes; if (serverToken == null) { ss = InitializeSecurityContext(ref _hOutboundCred, IntPtr.Zero, _sRemotePrincipal, STANDARD_CONTEXT_ATTRIBUTES, 0, SECURITY_NETWORK_DREP, IntPtr.Zero, 0, out _hClientContext, out ClientToken, out ContextAttributes, out ClientLifeTime); } else { SecBufferDesc ServerToken = new SecBufferDesc(serverToken); try { ss = InitializeSecurityContext(ref _hOutboundCred, ref _hClientContext, _sRemotePrincipal, STANDARD_CONTEXT_ATTRIBUTES, 0, SECURITY_NETWORK_DREP, ref ServerToken, 0, out _hClientContext, out ClientToken, out ContextAttributes, out ClientLifeTime); } finally { ServerToken.Dispose(); } } if (ss == SEC_E_LOGON_DENIED) { throw new Exception("Bad username, password or domain."); } else if (ss != SEC_E_OK && ss != SEC_I_CONTINUE_NEEDED) { throw new Exception("InitializeSecurityContext() failed!!!"); } clientToken = ClientToken.GetSecBufferByteArray(); } finally { ClientToken.Dispose(); } InitializeKerberosStage = ss != SEC_E_OK; }
public static extern int EncryptMessage(ref SECURITY_HANDLE phContext, uint fQOP, //managed ulong == 64 bits!!! ref SecBufferDesc pMessage, uint MessageSeqNo); //managed ulong == 64 bits!!!
static extern uint InitializeSecurityContext( ref SECURITY_HANDLE phCredential,//PCredHandle ref SECURITY_HANDLE phContext, //PCtxtHandle string pszTargetName, int fContextReq, int Reserved1, int TargetDataRep, ref SecBufferDesc SecBufferDesc, //PSecBufferDesc SecBufferDesc int Reserved2, out SECURITY_HANDLE phNewContext, //PCtxtHandle out SecBufferDesc pOutput, //PSecBufferDesc SecBufferDesc out uint pfContextAttr, //managed ulong == 64 bits!!! out SECURITY_INTEGER ptsExpiry);
public void EncryptMessage(byte[] message, out byte[] encryptedBuffer) { encryptedBuffer = null; SECURITY_HANDLE EncryptionContext = _hClientContext; SecPkgContext_Sizes ContextSizes; if (QueryContextAttributes(ref EncryptionContext, SECPKG_ATTR_SIZES, out ContextSizes) != SEC_E_OK) { throw new Exception("QueryContextAttribute() failed!!!"); } MultipleSecBufferHelper[] ThisSecHelper = new MultipleSecBufferHelper[] { new MultipleSecBufferHelper(new byte[ContextSizes.cbSecurityTrailer], SecBufferType.SECBUFFER_TOKEN), new MultipleSecBufferHelper(message, SecBufferType.SECBUFFER_DATA), new MultipleSecBufferHelper(new byte[ContextSizes.cbBlockSize], SecBufferType.SECBUFFER_PADDING) }; SecBufferDesc DescBuffer = new SecBufferDesc(ThisSecHelper); try { if (EncryptMessage(ref EncryptionContext, SECQOP_WRAP_NO_ENCRYPT, ref DescBuffer, 0) != SEC_E_OK) { throw new Exception("EncryptMessage() failed!!!"); } encryptedBuffer = DescBuffer.GetSecBufferByteArray(); } finally { DescBuffer.Dispose(); } }
public void DecryptMessage(int messageLength, byte[] encryptedBuffer, out byte[] decryptedBuffer) { decryptedBuffer = null; SECURITY_HANDLE DecryptionContext = _hClientContext; byte[] EncryptedMessage = new byte[messageLength]; Array.Copy(encryptedBuffer, 0, EncryptedMessage, 0, messageLength); int SecurityTrailerLength = encryptedBuffer.Length - messageLength; byte[] SecurityTrailer = new byte[SecurityTrailerLength]; Array.Copy(encryptedBuffer, messageLength, SecurityTrailer, 0, SecurityTrailerLength); MultipleSecBufferHelper[] ThisSecHelper = new MultipleSecBufferHelper[] { new MultipleSecBufferHelper(EncryptedMessage, SecBufferType.SECBUFFER_DATA), new MultipleSecBufferHelper(SecurityTrailer, SecBufferType.SECBUFFER_STREAM) }; SecBufferDesc DescBuffer = new SecBufferDesc(ThisSecHelper); try { uint EncryptionQuality; if (DecryptMessage(ref DecryptionContext, ref DescBuffer, 0, out EncryptionQuality) != SEC_E_OK) { throw new Exception("DecryptMessage() failed!!!"); } decryptedBuffer = new byte[messageLength]; Array.Copy(DescBuffer.GetSecBufferByteArray(), 0, decryptedBuffer, 0, messageLength); } finally { DescBuffer.Dispose(); } }
public static extern int EncryptMessage(ref SECURITY_HANDLE phContext, uint fQOP, //managed ulong == 64 bits!!! ref SecBufferDesc pMessage, uint MessageSeqNo);
public static extern int DecryptMessage(ref SECURITY_HANDLE phContext, ref SecBufferDesc pMessage, uint MessageSeqNo, out uint pfQOP);