static extern uint InitializeSecurityContext( ref SECURITY_HANDLE phCredential, //PCredHandle ref SECURITY_HANDLE phContext, //PCtxtHandle string pszTargetName, int fContextReq, int Reserved1, int TargetDataRep, ref SecBufferDesc SecBufferDesc, //PSecBufferDesc SecBufferDesc int Reserved2, out SECURITY_HANDLE phNewContext, //PCtxtHandle out SecBufferDesc pOutput, //PSecBufferDesc SecBufferDesc out uint pfContextAttr, //managed ulong == 64 bits!!! out SECURITY_INTEGER ptsExpiry); //PTimeStamp
private void InitializeClient(byte[] serverToken, out byte[] clientToken) { clientToken = null; SECURITY_INTEGER ClientLifeTime = new SECURITY_INTEGER(0); if (!_bGotClientCredentials) { uint returnValue; if (!UseWindowsCreds) { SEC_WINNT_AUTH_IDENTITY ident = new SEC_WINNT_AUTH_IDENTITY(); ident.User = Username; ident.UserLength = ident.User.Length; ident.Domain = Domain; ident.DomainLength = ident.Domain.Length; ident.Password = Password; ident.PasswordLength = ident.Password.Length; ident.Flags = 0x1; returnValue = AcquireCredentialsHandle(null, "Kerberos", SECPKG_CRED_OUTBOUND, IntPtr.Zero, ref ident, 0, IntPtr.Zero, ref _hOutboundCred, ref ClientLifeTime); } else { returnValue = AcquireCredentialsHandle(null, "Kerberos", SECPKG_CRED_OUTBOUND, HANDLE.Zero, HANDLE.Zero, 0, HANDLE.Zero, ref _hOutboundCred, ref ClientLifeTime); } if (returnValue != SEC_E_OK) { throw new Exception("Couldn't acquire client credentials"); } _bGotClientCredentials = true; } uint ss; SecBufferDesc ClientToken = new SecBufferDesc(MAX_TOKEN_SIZE); try { uint ContextAttributes; if (serverToken == null) { ss = InitializeSecurityContext(ref _hOutboundCred, IntPtr.Zero, _sAccountName, // null string pszTargetName, STANDARD_CONTEXT_ATTRIBUTES, 0, //int Reserved1, SECURITY_NETWORK_DREP, //int TargetDataRep IntPtr.Zero, //Always zero first time around... 0, //int Reserved2, out _hClientContext, //pHandle CtxtHandle = SecHandle out ClientToken, //ref SecBufferDesc pOutput, //PSecBufferDesc out ContextAttributes, //ref int pfContextAttr, out ClientLifeTime); //ref IntPtr ptsExpiry ); //PTimeStamp } else { SecBufferDesc ServerToken = new SecBufferDesc(serverToken); try { ss = InitializeSecurityContext(ref _hOutboundCred, ref _hClientContext, _sAccountName, // null string pszTargetName, STANDARD_CONTEXT_ATTRIBUTES, 0, //int Reserved1, SECURITY_NETWORK_DREP, //int TargetDataRep ref ServerToken, //Always zero first time around... 0, //int Reserved2, out _hClientContext, //pHandle CtxtHandle = SecHandle out ClientToken, //ref SecBufferDesc pOutput, //PSecBufferDesc out ContextAttributes, //ref int pfContextAttr, out ClientLifeTime); //ref IntPtr ptsExpiry ); //PTimeStamp } finally { ServerToken.Dispose(); } } if (ss == SEC_E_LOGON_DENIED) { throw new Exception("Bad username, password or domain."); } else if (ss != SEC_E_OK && ss != SEC_I_CONTINUE_NEEDED) { throw new Exception("InitializeSecurityContext() failed!!!"); } clientToken = ClientToken.GetSecBufferByteArray(); } finally { ClientToken.Dispose(); } InitializeKerberosStage = ss != SEC_E_OK; }
static extern uint InitializeSecurityContext( ref SECURITY_HANDLE phCredential,//PCredHandle ref SECURITY_HANDLE phContext, //PCtxtHandle string pszTargetName, int fContextReq, int Reserved1, int TargetDataRep, ref SecBufferDesc SecBufferDesc, //PSecBufferDesc SecBufferDesc int Reserved2, out SECURITY_HANDLE phNewContext, //PCtxtHandle out SecBufferDesc pOutput, //PSecBufferDesc SecBufferDesc out uint pfContextAttr, //managed ulong == 64 bits!!! out SECURITY_INTEGER ptsExpiry);
private void InitializeClient(byte[] serverToken, out byte[] clientToken) { clientToken = null; SECURITY_INTEGER ClientLifeTime = new SECURITY_INTEGER(0); if (!_bGotClientCredentials) { uint returnValue; if (!UseWindowsCreds) { SEC_WINNT_AUTH_IDENTITY ident = new SEC_WINNT_AUTH_IDENTITY(); ident.User = Username; ident.UserLength = ident.User.Length; ident.Domain = Domain; ident.DomainLength = ident.Domain.Length; ident.Password = Password; ident.PasswordLength = ident.Password.Length; ident.Flags = 0x1; returnValue = AcquireCredentialsHandle(null, "Kerberos", SECPKG_CRED_OUTBOUND, IntPtr.Zero, ref ident, 0, IntPtr.Zero, ref _hOutboundCred, ref ClientLifeTime); } else { returnValue = AcquireCredentialsHandle(null, "Kerberos", SECPKG_CRED_OUTBOUND, HANDLE.Zero, HANDLE.Zero, 0, HANDLE.Zero, ref _hOutboundCred, ref ClientLifeTime); } if (returnValue != SEC_E_OK) { throw new Exception("Couldn't acquire client credentials"); } _bGotClientCredentials = true; } uint ss; SecBufferDesc ClientToken = new SecBufferDesc(MAX_TOKEN_SIZE); try { uint ContextAttributes; if (serverToken == null) { ss = InitializeSecurityContext(ref _hOutboundCred, IntPtr.Zero, _sAccountName,// null string pszTargetName, STANDARD_CONTEXT_ATTRIBUTES, 0,//int Reserved1, SECURITY_NETWORK_DREP, //int TargetDataRep IntPtr.Zero, //Always zero first time around... 0, //int Reserved2, out _hClientContext, //pHandle CtxtHandle = SecHandle out ClientToken,//ref SecBufferDesc pOutput, //PSecBufferDesc out ContextAttributes,//ref int pfContextAttr, out ClientLifeTime); //ref IntPtr ptsExpiry ); //PTimeStamp } else { SecBufferDesc ServerToken = new SecBufferDesc(serverToken); try { ss = InitializeSecurityContext(ref _hOutboundCred, ref _hClientContext, _sAccountName,// null string pszTargetName, STANDARD_CONTEXT_ATTRIBUTES, 0,//int Reserved1, SECURITY_NETWORK_DREP,//int TargetDataRep ref ServerToken, //Always zero first time around... 0, //int Reserved2, out _hClientContext, //pHandle CtxtHandle = SecHandle out ClientToken,//ref SecBufferDesc pOutput, //PSecBufferDesc out ContextAttributes,//ref int pfContextAttr, out ClientLifeTime); //ref IntPtr ptsExpiry ); //PTimeStamp } finally { ServerToken.Dispose(); } } if (ss == SEC_E_LOGON_DENIED) { throw new Exception("Bad username, password or domain."); } else if (ss != SEC_E_OK && ss != SEC_I_CONTINUE_NEEDED) { throw new Exception("InitializeSecurityContext() failed!!!"); } clientToken = ClientToken.GetSecBufferByteArray(); } finally { ClientToken.Dispose(); } InitializeKerberosStage = ss != SEC_E_OK; }
static extern uint AcquireCredentialsHandle( string pszPrincipal, //SEC_CHAR* string pszPackage, //SEC_CHAR* //"Kerberos","NTLM","Negotiative" int fCredentialUse, IntPtr PAuthenticationID,//_LUID AuthenticationID,//pvLogonID, //PLUID IntPtr pAuthData,//PVOID int pGetKeyFn, //SEC_GET_KEY_FN IntPtr pvGetKeyArgument, //PVOID ref SECURITY_HANDLE phCredential, //SecHandle //PCtxtHandle ref ref SECURITY_INTEGER ptsExpiry);