static extern int AcquireCredentialsHandle(
string pszPrincipal,
string pszPackage,
int fCredentialUse,
IntPtr PAuthenticationID,
IntPtr pAuthData,
int pGetKeyFn,
IntPtr pvGetKeyArgument,
ref SECURITY_HANDLE phCredential,
ref SECURITY_INTEGER ptsExpiry);
static extern int InitializeSecurityContext(
ref SECURITY_HANDLE phCredential,
ref SECURITY_HANDLE phContext,
string pszTargetName,
int fContextReq,
int Reserved1,
int TargetDataRep,
ref SecBufferDesc SecBufferDesc,
int Reserved2,
out SECURITY_HANDLE phNewContext,
out SecBufferDesc pOutput,
out uint pfContextAttr,
out SECURITY_INTEGER ptsExpiry);
static extern int InitializeSecurityContext(
ref SECURITY_HANDLE phCredential,
IntPtr phContext,
string pszTargetName,
int fContextReq,
int Reserved1,
int TargetDataRep,
IntPtr pInput,
int Reserved2,
out SECURITY_HANDLE phNewContext,
out SecBufferDesc pOutput,
out uint pfContextAttr,
out SECURITY_INTEGER ptsExpiry);
public void AuthenticateClient()
{
bool continueProcessing = true;
byte[] clientBlob = null;
byte[] serverBlob = null;
SECURITY_INTEGER lifetime = new SECURITY_INTEGER(0);
int ss;
ss = AcquireCredentialsHandle(null, "Negotiate", SECPKG_CRED_OUTBOUND,
IntPtr.Zero, IntPtr.Zero, 0, IntPtr.Zero, ref outboundCredentials,
ref lifetime);
if (ss != SEC_E_OK)
{
throw new MySqlException(
"AcquireCredentialsHandle failed with errorcode" + ss);
}
try
{
while (continueProcessing)
{
InitializeClient(out clientBlob, serverBlob,
out continueProcessing);
if (clientBlob != null && clientBlob.Length > 0)
{
WriteData(clientBlob);
if (continueProcessing)
{
serverBlob = ReadData();
}
}
}
}
finally
{
FreeCredentialsHandle(ref outboundCredentials);
DeleteSecurityContext(ref clientContext);
}
}
void InitializeClient(out byte[] clientBlob, byte[] serverBlob,
out bool continueProcessing)
{
clientBlob = null;
continueProcessing = true;
SecBufferDesc clientBufferDesc = new SecBufferDesc(MAX_TOKEN_SIZE);
SECURITY_INTEGER lifetime = new SECURITY_INTEGER(0);
int ss = -1;
try
{
uint ContextAttributes = 0;
if (serverBlob == null)
{
ss = InitializeSecurityContext(
ref outboundCredentials,
IntPtr.Zero,
targetName,
STANDARD_CONTEXT_ATTRIBUTES,
0,
SECURITY_NETWORK_DREP,
IntPtr.Zero, /* always zero first time around */
0,
out clientContext,
out clientBufferDesc,
out ContextAttributes,
out lifetime);
}
else
{
String s = System.Text.Encoding.UTF8.GetString(serverBlob, 0,
serverBlob.Length);
SecBufferDesc serverBufferDesc = new SecBufferDesc(serverBlob);
try
{
ss = InitializeSecurityContext(ref outboundCredentials,
ref clientContext,
targetName,
STANDARD_CONTEXT_ATTRIBUTES,
0,
SECURITY_NETWORK_DREP,
ref serverBufferDesc,
0,
out clientContext,
out clientBufferDesc,
out ContextAttributes,
out lifetime);
}
finally
{
serverBufferDesc.Dispose();
}
}
if ((SEC_I_COMPLETE_NEEDED == ss)
|| (SEC_I_COMPLETE_AND_CONTINUE == ss))
{
CompleteAuthToken(ref clientContext, ref clientBufferDesc);
}
if (ss != SEC_E_OK &&
ss != SEC_I_CONTINUE_NEEDED &&
ss != SEC_I_COMPLETE_NEEDED &&
ss != SEC_I_COMPLETE_AND_CONTINUE)
{
throw new MySqlException(
"InitializeSecurityContext() failed with errorcode " + ss);
}
clientBlob = clientBufferDesc.GetSecBufferByteArray();
}
finally
{
clientBufferDesc.Dispose();
}
continueProcessing = (ss != SEC_E_OK && ss != SEC_I_COMPLETE_NEEDED);
}
public void AuthenticateClient()
{
bool continueProcessing = true;
byte[] clientBlob = null;
byte[] serverBlob = null;
SECURITY_INTEGER lifetime = new SECURITY_INTEGER(0);
int ss;
ss = AcquireCredentialsHandle(null, "Negotiate", SECPKG_CRED_OUTBOUND,
IntPtr.Zero, IntPtr.Zero, 0, IntPtr.Zero, ref outboundCredentials,
ref lifetime);
if (ss != SEC_E_OK)
{
throw new MySqlException(
"AcquireCredentialsHandle failed with errorcode" + ss);
}
try
{
while (continueProcessing)
{
InitializeClient(out clientBlob, serverBlob,
out continueProcessing);
if (clientBlob != null && clientBlob.Length > 0)
{
WriteData(clientBlob);
if (continueProcessing)
serverBlob = ReadData();
if (version.isAtLeast(5, 5, 16))
{
// Treat properly prefix byte as per
// https://bug.oraclecorp.com/pls/bug/webbug_print.show?c_rptno=12944747
// - 0x00 to acknowledge auth
// - 0xff to deny auth
// - 0xfe to switch auth
// - 0x01 to return more auth data
byte prefix = serverBlob[0];
byte[] buf = new byte[serverBlob.Length - 1];
Array.Copy(serverBlob, 1, buf, 0, buf.Length);
serverBlob = buf;
}
}
}
}
finally
{
FreeCredentialsHandle(ref outboundCredentials);
DeleteSecurityContext(ref clientContext);
}
}
void InitializeClient(out byte[] clientBlob, byte[] serverBlob,
out bool continueProcessing)
{
clientBlob = null;
continueProcessing = true;
SecBufferDesc clientBufferDesc = new SecBufferDesc(MAX_TOKEN_SIZE);
SECURITY_INTEGER lifetime = new SECURITY_INTEGER(0);
int ss = -1;
try
{
uint ContextAttributes = 0;
if (serverBlob == null)
{
ss = InitializeSecurityContext(
ref outboundCredentials,
IntPtr.Zero,
targetName,
STANDARD_CONTEXT_ATTRIBUTES,
0,
SECURITY_NETWORK_DREP,
IntPtr.Zero, /* always zero first time around */
0,
out clientContext,
out clientBufferDesc,
out ContextAttributes,
out lifetime);
}
else
{
String s = System.Text.Encoding.UTF8.GetString(serverBlob, 0,
serverBlob.Length);
SecBufferDesc serverBufferDesc = new SecBufferDesc(serverBlob);
try
{
ss = InitializeSecurityContext(ref outboundCredentials,
ref clientContext,
targetName,
STANDARD_CONTEXT_ATTRIBUTES,
0,
SECURITY_NETWORK_DREP,
ref serverBufferDesc,
0,
out clientContext,
out clientBufferDesc,
out ContextAttributes,
out lifetime);
}
finally
{
serverBufferDesc.Dispose();
}
}
if ((SEC_I_COMPLETE_NEEDED == ss) ||
(SEC_I_COMPLETE_AND_CONTINUE == ss))
{
CompleteAuthToken(ref clientContext, ref clientBufferDesc);
}
if (ss != SEC_E_OK &&
ss != SEC_I_CONTINUE_NEEDED &&
ss != SEC_I_COMPLETE_NEEDED &&
ss != SEC_I_COMPLETE_AND_CONTINUE)
{
throw new MySqlException(
"InitializeSecurityContext() failed with errorcode " + ss);
}
clientBlob = clientBufferDesc.GetSecBufferByteArray();
}
finally
{
clientBufferDesc.Dispose();
}
continueProcessing = (ss != SEC_E_OK && ss != SEC_I_COMPLETE_NEEDED);
}
public void AuthenticateClient()
{
bool continueProcessing = true;
byte[] clientBlob = null;
byte[] serverBlob = null;
SECURITY_INTEGER lifetime = new SECURITY_INTEGER(0);
int ss;
ss = AcquireCredentialsHandle(null, "Negotiate", SECPKG_CRED_OUTBOUND,
IntPtr.Zero, IntPtr.Zero, 0, IntPtr.Zero, ref outboundCredentials,
ref lifetime);
if(ss != SEC_E_OK)
{
throw new MySqlException(
"AcquireCredentialsHandle failed with errorcode" + ss);
}
try
{
while (continueProcessing)
{
InitializeClient(out clientBlob, serverBlob,
out continueProcessing);
if (clientBlob != null && clientBlob.Length > 0)
{
WriteData(clientBlob);
if (continueProcessing)
serverBlob = ReadData();
}
}
}
finally
{
FreeCredentialsHandle(ref outboundCredentials);
DeleteSecurityContext(ref clientContext);
}
}
