public static unsafe int QueryContextAttributes(SafeDeleteContext phContext, ContextAttribute contextAttribute, byte* buffer, SafeHandle refHandle)
{
int num = -2146893055;
bool success = false;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
phContext.DangerousAddRef(ref success);
}
catch (Exception exception)
{
if (success)
{
phContext.DangerousRelease();
success = false;
}
if (!(exception is ObjectDisposedException))
{
throw;
}
}
finally
{
if (success)
{
num = QueryContextAttributesW(ref phContext._handle, contextAttribute, (void*) buffer);
phContext.DangerousRelease();
}
if ((num == 0) && (refHandle != null))
{
if (refHandle is SafeFreeContextBuffer)
{
if (contextAttribute == ContextAttribute.SessionKey)
{
IntPtr ptr = Marshal.ReadIntPtr(new IntPtr((void*) buffer), SecPkgContext_SessionKey.SessionkeyOffset);
((SafeFreeContextBuffer) refHandle).Set(ptr);
}
else
{
((SafeFreeContextBuffer) refHandle).Set(*((IntPtr*) buffer));
}
}
else
{
((SafeFreeCertContext) refHandle).Set(*((IntPtr*) buffer));
}
}
if ((num != 0) && (refHandle != null))
{
refHandle.SetHandleAsInvalid();
}
}
return num;
}
internal void CloseContext()
{
this.ThrowIfDisposed();
try
{
if (this.securityContext != null)
{
this.securityContext.Close();
}
}
finally
{
this.securityContext = null;
}
}
private TlsSspiNegotiation(string destination, bool isServer, SchProtocols protocolFlags, X509Certificate2 serverCertificate, X509Certificate2 clientCertificate, bool clientCertRequired)
{
this.syncObject = new object();
SspiWrapper.GetVerifyPackageInfo("Microsoft Unified Security Protocol Provider");
this.destination = destination;
this.isServer = isServer;
this.protocolFlags = protocolFlags;
this.serverCertificate = serverCertificate;
this.clientCertificate = clientCertificate;
this.clientCertRequired = clientCertRequired;
this.securityContext = null;
if (isServer)
{
this.ValidateServerCertificate();
}
else
{
this.ValidateClientCertificate();
}
if (this.isServer)
{
try
{
this.AcquireServerCredentials();
}
catch (Win32Exception exception)
{
if (exception.NativeErrorCode != -2146893043)
{
throw;
}
if (System.ServiceModel.DiagnosticUtility.ShouldTraceInformation)
{
System.ServiceModel.DiagnosticUtility.ExceptionUtility.TraceHandledException(exception, TraceEventType.Information);
}
Thread.Sleep(0);
this.AcquireServerCredentials();
}
}
else
{
this.AcquireDummyCredentials();
}
}
private WindowsSspiNegotiation(bool isServer, string package, SafeFreeCredentials credentialsHandle, TokenImpersonationLevel impersonationLevel, string servicePrincipalName, bool doMutualAuth, bool interactiveLogonEnabled, bool ntlmEnabled)
{
this.syncObject = new object();
this.interactiveNegoLogonEnabled = true;
this.saveClientCredentialsOnSspiUi = true;
this.tokenSize = SspiWrapper.GetVerifyPackageInfo(package).MaxToken;
this.isServer = isServer;
this.servicePrincipalName = servicePrincipalName;
this.securityContext = null;
if (isServer)
{
this.impersonationLevel = TokenImpersonationLevel.Delegation;
this.doMutualAuth = false;
}
else
{
this.impersonationLevel = impersonationLevel;
this.doMutualAuth = doMutualAuth;
this.interactiveNegoLogonEnabled = interactiveLogonEnabled;
this.clientPackageName = package;
this.allowNtlm = ntlmEnabled;
}
this.credentialsHandle = credentialsHandle;
}
public static int EncryptMessage(SafeDeleteContext context, SecurityBufferDescriptor inputOutput, uint sequenceNumber)
{
int num = -2146893055;
bool success = false;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
context.DangerousAddRef(ref success);
}
catch (Exception exception)
{
if (success)
{
context.DangerousRelease();
success = false;
}
if (!(exception is ObjectDisposedException))
{
throw;
}
}
finally
{
if (success)
{
num = EncryptMessage(ref context._handle, 0, inputOutput, sequenceNumber);
context.DangerousRelease();
}
}
return num;
}
private void Dispose(bool disposing)
{
lock (this.syncObject)
{
if (this.disposed == false)
{
this.disposed = true;
if (disposing)
{
if (this.securityContext != null)
{
this.securityContext.Close();
this.securityContext = null;
}
if (this.credentialsHandle != null)
{
this.credentialsHandle.Close();
this.credentialsHandle = null;
}
}
// set to null any references that aren't finalizable
this.connectionInfo = null;
this.destination = null;
this.streamSizes = null;
}
}
}
private void Initialize(TokenImpersonationLevel tokenImpersonationLevel, NetworkCredential networkCredential, System.IdentityModel.SafeFreeCredentials credentialsHandle, ChannelBinding channelBinding)
{
bool flag = false;
System.IdentityModel.SafeDeleteContext context = null;
try
{
if (credentialsHandle == null)
{
if ((networkCredential == null) || (networkCredential == CredentialCache.DefaultNetworkCredentials))
{
credentialsHandle = SspiWrapper.AcquireDefaultCredential("Kerberos", System.IdentityModel.CredentialUse.Outbound, new string[0]);
}
else
{
AuthIdentityEx authdata = new AuthIdentityEx(networkCredential.UserName, networkCredential.Password, networkCredential.Domain, new string[0]);
credentialsHandle = SspiWrapper.AcquireCredentialsHandle("Kerberos", System.IdentityModel.CredentialUse.Outbound, ref authdata);
}
flag = true;
}
SspiContextFlags inFlags = SspiContextFlags.AllocateMemory | SspiContextFlags.Confidentiality | SspiContextFlags.SequenceDetect | SspiContextFlags.ReplayDetect;
if (tokenImpersonationLevel == TokenImpersonationLevel.Identification)
{
inFlags |= SspiContextFlags.InitIdentify;
}
SspiContextFlags zero = SspiContextFlags.Zero;
System.IdentityModel.SecurityBuffer inputBuffer = null;
if (channelBinding != null)
{
inputBuffer = new System.IdentityModel.SecurityBuffer(channelBinding);
}
System.IdentityModel.SecurityBuffer outputBuffer = new System.IdentityModel.SecurityBuffer(0, System.IdentityModel.BufferType.Token);
int error = SspiWrapper.InitializeSecurityContext(credentialsHandle, ref context, this.servicePrincipalName, inFlags, System.IdentityModel.Endianness.Native, inputBuffer, outputBuffer, ref zero);
switch (error)
{
case 0:
break;
case 0x90312:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("KerberosMultilegsNotSupported"), new Win32Exception(error)));
default:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("FailInitializeSecurityContext"), new Win32Exception(error)));
}
this.apreq = outputBuffer.token;
LifeSpan span = (LifeSpan)SspiWrapper.QueryContextAttributes(context, System.IdentityModel.ContextAttribute.Lifespan);
this.effectiveTime = span.EffectiveTimeUtc;
this.expirationTime = span.ExpiryTimeUtc;
SecuritySessionKeyClass class2 = (SecuritySessionKeyClass)SspiWrapper.QueryContextAttributes(context, System.IdentityModel.ContextAttribute.SessionKey);
this.symmetricSecurityKey = new InMemorySymmetricSecurityKey(class2.SessionKey);
}
finally
{
if (context != null)
{
context.Close();
}
if (flag && (credentialsHandle != null))
{
credentialsHandle.Close();
}
}
}
private static unsafe int MustRunInitializeSecurityContext(SafeFreeCredentials inCredentials, void* inContextPtr, byte* targetName, SspiContextFlags inFlags, Endianness endianness, SecurityBufferDescriptor inputBuffer, SafeDeleteContext outContext, SecurityBufferDescriptor outputBuffer, ref SspiContextFlags attributes, SafeFreeContextBuffer handleTemplate)
{
int num = -1;
bool success = false;
bool flag2 = false;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
inCredentials.DangerousAddRef(ref success);
outContext.DangerousAddRef(ref flag2);
}
catch (Exception exception)
{
if (success)
{
inCredentials.DangerousRelease();
success = false;
}
if (flag2)
{
outContext.DangerousRelease();
flag2 = false;
}
if (!(exception is ObjectDisposedException))
{
throw;
}
}
finally
{
if (!success)
{
inCredentials = null;
}
else if (success && flag2)
{
long num2;
num = InitializeSecurityContextW(ref inCredentials._handle, inContextPtr, targetName, inFlags, 0, endianness, inputBuffer, 0, ref outContext._handle, outputBuffer, ref attributes, out num2);
if ((outContext._EffectiveCredential != inCredentials) && ((num & 0x80000000L) == 0L))
{
if (outContext._EffectiveCredential != null)
{
outContext._EffectiveCredential.DangerousRelease();
}
outContext._EffectiveCredential = inCredentials;
}
else
{
inCredentials.DangerousRelease();
}
outContext.DangerousRelease();
if (handleTemplate != null)
{
handleTemplate.Set(outputBuffer.UnmanagedPointer.token);
if (handleTemplate.IsInvalid)
{
handleTemplate.SetHandleAsInvalid();
}
}
}
if ((inContextPtr == null) && ((num & 0x80000000L) != 0L))
{
outContext._handle.SetToInvalid();
}
}
return num;
}
public static unsafe object QueryContextAttributes(SafeDeleteContext securityContext, ContextAttribute contextAttribute)
{
int size = IntPtr.Size;
Type handleType = null;
switch (contextAttribute)
{
case ContextAttribute.Sizes:
size = SecSizes.SizeOf;
break;
case ContextAttribute.Names:
handleType = typeof(SafeFreeContextBuffer);
break;
case ContextAttribute.Lifespan:
size = LifeSpan_Struct.Size;
break;
case ContextAttribute.StreamSizes:
size = StreamSizes.SizeOf;
break;
case ContextAttribute.SessionKey:
handleType = typeof(SafeFreeContextBuffer);
size = SecPkgContext_SessionKey.Size;
break;
case ContextAttribute.PackageInfo:
handleType = typeof(SafeFreeContextBuffer);
break;
case ContextAttribute.NegotiationInfo:
handleType = typeof(SafeFreeContextBuffer);
size = Marshal.SizeOf(typeof(NegotiationInfo));
break;
case ContextAttribute.Flags:
break;
case ContextAttribute.RemoteCertificate:
handleType = typeof(SafeFreeCertContext);
break;
case ContextAttribute.LocalCertificate:
handleType = typeof(SafeFreeCertContext);
break;
case ContextAttribute.ConnectionInfo:
size = Marshal.SizeOf(typeof(SslConnectionInfo));
break;
default:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidEnumArgumentException("contextAttribute", (int) contextAttribute, typeof(ContextAttribute)));
}
SafeHandle refHandle = null;
object obj2 = null;
try
{
byte[] buffer = new byte[size];
int error = QueryContextAttributes(securityContext, contextAttribute, buffer, handleType, out refHandle);
if (error != 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
switch (contextAttribute)
{
case ContextAttribute.Sizes:
break;
case ContextAttribute.Names:
return Marshal.PtrToStringUni(refHandle.DangerousGetHandle());
case ContextAttribute.Lifespan:
return new LifeSpan(buffer);
case ContextAttribute.DceInfo:
case (ContextAttribute.StreamSizes | ContextAttribute.Names):
case ContextAttribute.Authority:
case (ContextAttribute.Authority | ContextAttribute.Names):
case ((ContextAttribute) 8):
case (ContextAttribute.PackageInfo | ContextAttribute.Names):
case (ContextAttribute.NegotiationInfo | ContextAttribute.Names):
return obj2;
case ContextAttribute.StreamSizes:
return new StreamSizes(buffer);
case ContextAttribute.SessionKey:
try
{
byte[] buffer4;
if (((buffer4 = buffer) == null) || (buffer4.Length == 0))
{
fixed (IntPtr* ptrRef2 = null)
{
}
}
obj2 = new SecuritySessionKeyClass(refHandle, Marshal.ReadInt32(new IntPtr((void*) ptrRef2)));
}
finally
{
ptrRef2 = null;
}
return obj2;
case ContextAttribute.PackageInfo:
return new SecurityPackageInfoClass(refHandle, 0);
case ContextAttribute.NegotiationInfo:
try
{
byte[] buffer3;
if (((buffer3 = buffer) == null) || (buffer3.Length == 0))
{
fixed (IntPtr* ptrRef = null)
{
}
}
return new NegotiationInfoClass(refHandle, Marshal.ReadInt32(new IntPtr((void*) ptrRef), NegotiationInfo.NegotiationStateOffset));
}
finally
{
ptrRef = null;
}
goto Label_026A;
case ContextAttribute.Flags:
try
{
fixed (byte* numRef = buffer)
{
return Marshal.ReadInt32(new IntPtr((void*) numRef));
}
}
finally
{
numRef = null;
}
break;
case ContextAttribute.RemoteCertificate:
case ContextAttribute.LocalCertificate:
goto Label_026A;
case ContextAttribute.ConnectionInfo:
return new SslConnectionInfo(buffer);
default:
return obj2;
}
return new SecSizes(buffer);
Label_026A:
obj2 = refHandle;
refHandle = null;
return obj2;
}
finally
{
if (refHandle != null)
{
refHandle.Close();
}
}
return obj2;
}
public static void ImpersonateSecurityContext(SafeDeleteContext context)
{
int error = SafeDeleteContext.ImpersonateSecurityContext(context);
if (error != 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
}
internal static int AcceptSecurityContext(SafeFreeCredentials credential, ref SafeDeleteContext refContext, SspiContextFlags inFlags, Endianness datarep, SecurityBuffer[] inputBuffers, SecurityBuffer outputBuffer, ref SspiContextFlags outFlags)
{
return SafeDeleteContext.AcceptSecurityContext(credential, ref refContext, inFlags, datarep, null, inputBuffers, outputBuffer, ref outFlags);
}
public static unsafe int EncryptMessage(SafeDeleteContext context, SecurityBuffer[] input, uint sequenceNumber)
{
return(EncryptDecryptHelper(context, input, sequenceNumber, true, false));
}
public static unsafe int DecryptMessage(SafeDeleteContext context, SecurityBuffer[] input, uint sequenceNumber, bool isGssBlob)
{
return(EncryptDecryptHelper(context, input, sequenceNumber, false, isGssBlob));
}
public static unsafe int EncryptDecryptHelper(SafeDeleteContext context, SecurityBuffer[] input, uint sequenceNumber, bool encrypt, bool isGssBlob)
{
SecurityBufferDescriptor sdcInOut = new SecurityBufferDescriptor(input.Length);
SecurityBufferStruct[] unmanagedBuffer = new SecurityBufferStruct[input.Length];
byte[][] buffers = new byte[input.Length][];
fixed(void *unmanagedBufferPtr = unmanagedBuffer)
{
sdcInOut.UnmanagedPointer = unmanagedBufferPtr;
GCHandle[] pinnedBuffers = new GCHandle[input.Length];
try
{
for (int i = 0; i < input.Length; ++i)
{
SecurityBuffer iBuffer = input[i];
unmanagedBuffer[i].count = iBuffer.size;
unmanagedBuffer[i].type = iBuffer.type;
if (iBuffer.token == null || iBuffer.token.Length == 0)
{
unmanagedBuffer[i].token = IntPtr.Zero;
}
else
{
pinnedBuffers[i] = GCHandle.Alloc(iBuffer.token, GCHandleType.Pinned);
unmanagedBuffer[i].token = Marshal.UnsafeAddrOfPinnedArrayElement(iBuffer.token, iBuffer.offset);
buffers[i] = iBuffer.token;
}
}
int errorCode;
if (encrypt)
{
errorCode = SafeDeleteContext.EncryptMessage(context, sdcInOut, sequenceNumber);
}
else
{
errorCode = SafeDeleteContext.DecryptMessage(context, sdcInOut, sequenceNumber);
}
// Marshalling back returned sizes (do not marshal the "token" field)
for (int i = 0; i < input.Length; ++i)
{
SecurityBuffer iBuffer = input[i];
iBuffer.size = unmanagedBuffer[i].count;
iBuffer.type = unmanagedBuffer[i].type;
if (iBuffer.size == 0)
{
iBuffer.offset = 0;
iBuffer.token = null;
}
else if (isGssBlob && !encrypt && iBuffer.type == BufferType.Data)
{
iBuffer.token = DiagnosticUtility.Utility.AllocateByteArray(iBuffer.size);
Marshal.Copy(unmanagedBuffer[i].token, iBuffer.token, 0, iBuffer.size);
}
else
{
checked
{
// Find the buffer this is inside of. Usually they all point inside buffer 0.
int j;
for (j = 0; j < input.Length; j++)
{
if (buffers[j] == null)
{
continue;
}
byte *bufferAddress = (byte *)Marshal.UnsafeAddrOfPinnedArrayElement(buffers[j], 0);
if ((byte *)unmanagedBuffer[i].token >= bufferAddress &&
(byte *)unmanagedBuffer[i].token + iBuffer.size <= bufferAddress + buffers[j].Length)
{
iBuffer.offset = (int)((byte *)unmanagedBuffer[i].token - bufferAddress);
iBuffer.token = buffers[j];
break;
}
}
if (j >= input.Length)
{
iBuffer.size = 0;
iBuffer.offset = 0;
iBuffer.token = null;
}
if (!(iBuffer.offset >= 0 && iBuffer.offset <= (iBuffer.token == null ? 0 : iBuffer.token.Length)))
{
DiagnosticUtility.DebugAssert(SR.GetString(SR.SspiWrapperEncryptDecryptAssert1, iBuffer.offset));
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SspiWrapperEncryptDecryptAssert1, iBuffer.offset)));
}
if (!(iBuffer.size >= 0 && iBuffer.size <= (iBuffer.token == null ? 0 : iBuffer.token.Length - iBuffer.offset)))
{
DiagnosticUtility.DebugAssert(SR.GetString(SR.SspiWrapperEncryptDecryptAssert2, iBuffer.size));
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SspiWrapperEncryptDecryptAssert2, iBuffer.size)));
}
}
}
}
return(errorCode);
}
finally
{
for (int i = 0; i < pinnedBuffers.Length; ++i)
{
if (pinnedBuffers[i].IsAllocated)
{
pinnedBuffers[i].Free();
}
}
}
}
}
public static unsafe object QueryContextAttributes(
SafeDeleteContext securityContext,
ContextAttribute contextAttribute)
{
int nativeBlockSize = IntPtr.Size;
Type handleType = null;
switch (contextAttribute)
{
case ContextAttribute.Flags:
break;
case ContextAttribute.Sizes:
nativeBlockSize = SecSizes.SizeOf;
break;
case ContextAttribute.StreamSizes:
nativeBlockSize = StreamSizes.SizeOf;
break;
case ContextAttribute.Names:
handleType = typeof(SafeFreeContextBuffer);
break;
case ContextAttribute.PackageInfo:
handleType = typeof(SafeFreeContextBuffer);
break;
case ContextAttribute.NegotiationInfo:
handleType = typeof(SafeFreeContextBuffer);
nativeBlockSize = Marshal.SizeOf(typeof(NegotiationInfo));
break;
case ContextAttribute.RemoteCertificate:
handleType = typeof(SafeFreeCertContext);
break;
case ContextAttribute.LocalCertificate:
handleType = typeof(SafeFreeCertContext);
break;
case ContextAttribute.ConnectionInfo:
nativeBlockSize = Marshal.SizeOf(typeof(SslConnectionInfo));
break;
case ContextAttribute.Lifespan:
nativeBlockSize = LifeSpan_Struct.Size;
break;
case ContextAttribute.SessionKey:
handleType = typeof(SafeFreeContextBuffer);
nativeBlockSize = SecPkgContext_SessionKey.Size;
break;
default:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidEnumArgumentException("contextAttribute", (int)contextAttribute,
typeof(ContextAttribute)));
}
SafeHandle sspiHandle = null;
object attribute = null;
try
{
byte[] nativeBuffer = new byte[nativeBlockSize];
int errorCode = QueryContextAttributes(securityContext, contextAttribute, nativeBuffer, handleType, out sspiHandle);
if (errorCode != 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(errorCode));
}
switch (contextAttribute)
{
case ContextAttribute.Flags:
fixed(byte *pnativeBuffer = nativeBuffer)
{
attribute = (object)Marshal.ReadInt32(new IntPtr(pnativeBuffer));
}
break;
case ContextAttribute.Sizes:
attribute = new SecSizes(nativeBuffer);
break;
case ContextAttribute.StreamSizes:
attribute = new StreamSizes(nativeBuffer);
break;
case ContextAttribute.Names:
attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle());
break;
case ContextAttribute.PackageInfo:
attribute = new SecurityPackageInfoClass(sspiHandle, 0);
break;
case ContextAttribute.NegotiationInfo:
unsafe
{
fixed(void *ptr = nativeBuffer)
{
attribute = new NegotiationInfoClass(sspiHandle, Marshal.ReadInt32(new IntPtr(ptr), NegotiationInfo.NegotiationStateOffset));
}
}
break;
case ContextAttribute.LocalCertificate:
goto case ContextAttribute.RemoteCertificate;
case ContextAttribute.RemoteCertificate:
attribute = sspiHandle;
sspiHandle = null;
break;
case ContextAttribute.ConnectionInfo:
attribute = new SslConnectionInfo(nativeBuffer);
break;
case ContextAttribute.Lifespan:
attribute = new LifeSpan(nativeBuffer);
break;
case ContextAttribute.SessionKey:
unsafe
{
fixed(void *ptr = nativeBuffer)
{
attribute = new SecuritySessionKeyClass(sspiHandle, Marshal.ReadInt32(new IntPtr(ptr)));
}
}
break;
default:
// will return null
break;
}
}
finally
{
if (sspiHandle != null)
{
sspiHandle.Close();
}
}
return(attribute);
}
public static int QuerySecurityContextToken(
SafeDeleteContext context,
out SafeCloseHandle token)
{
return(context.GetSecurityContextToken(out token));
}
public static int EncryptMessage(SafeDeleteContext context, SecurityBufferDescriptor inputOutput, uint sequenceNumber)
{
int status = (int)SecurityStatus.InvalidHandle;
bool b = false;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
context.DangerousAddRef(ref b);
}
catch (Exception e)
{
if (System.Runtime.Fx.IsFatal(e))
throw;
if (b)
{
context.DangerousRelease();
b = false;
}
if (!(e is ObjectDisposedException))
throw;
}
finally
{
if (b)
{
// PreSharp Bug: Call 'Marshal.GetLastWin32Error' or 'Marshal.GetHRForLastWin32Error' before any other interop call.
#pragma warning suppress 56523 // The API does not set Win32 Last Error. It returns a error code.
status = EncryptMessage(ref context._handle, 0, inputOutput, sequenceNumber);
context.DangerousRelease();
}
}
return status;
}
public static int ImpersonateSecurityContext(SafeDeleteContext context)
{
int num = -2146893055;
bool success = false;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
context.DangerousAddRef(ref success);
}
catch (Exception exception)
{
if (success)
{
context.DangerousRelease();
success = false;
}
if (!(exception is ObjectDisposedException))
{
throw;
}
}
finally
{
if (success)
{
num = ImpersonateSecurityContext(ref context._handle);
context.DangerousRelease();
}
}
return num;
}
public unsafe static int DecryptMessage(SafeDeleteContext context, SecurityBufferDescriptor inputOutput, uint sequenceNumber)
{
int status = (int)SecurityStatus.InvalidHandle;
bool b = false;
uint qop = 0;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
context.DangerousAddRef(ref b);
}
catch (Exception e)
{
if (System.Runtime.Fx.IsFatal(e))
throw;
if (b)
{
context.DangerousRelease();
b = false;
}
if (!(e is ObjectDisposedException))
throw;
}
finally
{
if (b)
{
#pragma warning suppress 56523 // we don't take any action on the win32 error message.
status = DecryptMessage(ref context._handle, inputOutput, sequenceNumber, &qop);
context.DangerousRelease();
}
}
const uint SECQOP_WRAP_NO_ENCRYPT = 0x80000001;
if (status == 0 && qop == SECQOP_WRAP_NO_ENCRYPT)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SspiPayloadNotEncrypted)));
}
return status;
}
private void Dispose(bool disposing)
{
lock (this.syncObject)
{
if (!this.disposed)
{
this.disposed = true;
if (disposing)
{
if (this.securityContext != null)
{
this.securityContext.Close();
this.securityContext = null;
}
if (this.credentialsHandle != null)
{
this.credentialsHandle.Close();
this.credentialsHandle = null;
}
}
this.connectionInfo = null;
this.destination = null;
this.streamSizes = null;
}
}
}
public static int EncryptMessage(SafeDeleteContext context, SecurityBuffer[] input, uint sequenceNumber)
{
return EncryptDecryptHelper(context, input, sequenceNumber, true, false);
}
public static int QuerySecurityContextToken(SafeDeleteContext context, out SafeCloseHandle token)
{
return context.GetSecurityContextToken(out token);
}
internal static int InitializeSecurityContext(SafeFreeCredentials credential, ref SafeDeleteContext context, string targetName, SspiContextFlags inFlags, Endianness datarep, SecurityBuffer[] inputBuffers, SecurityBuffer outputBuffer, ref SspiContextFlags outFlags)
{
return SafeDeleteContext.InitializeSecurityContext(credential, ref context, targetName, inFlags, datarep, null, inputBuffers, outputBuffer, ref outFlags);
}
public static int DecryptMessage(SafeDeleteContext context, SecurityBuffer[] input, uint sequenceNumber, bool isGssBlob)
{
return EncryptDecryptHelper(context, input, sequenceNumber, false, isGssBlob);
}
private static unsafe int QueryContextAttributes(SafeDeleteContext phContext, ContextAttribute attribute, byte[] buffer, Type handleType, out SafeHandle refHandle)
{
refHandle = null;
if (handleType != null)
{
if (handleType != typeof(SafeFreeContextBuffer))
{
if (handleType != typeof(SafeFreeCertContext))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("handleType", System.IdentityModel.SR.GetString("ValueMustBeOf2Types", new object[] { typeof(SafeFreeContextBuffer).ToString(), typeof(SafeFreeCertContext).ToString() })));
}
refHandle = new SafeFreeCertContext();
}
else
{
refHandle = SafeFreeContextBuffer.CreateEmptyHandle();
}
}
fixed (byte* numRef = buffer)
{
return SafeFreeContextBuffer.QueryContextAttributes(phContext, attribute, numRef, refHandle);
}
}
internal static unsafe int InitializeSecurityContext(SafeFreeCredentials inCredentials, ref SafeDeleteContext refContext, string targetName, SspiContextFlags inFlags, Endianness endianness, SecurityBuffer inSecBuffer, SecurityBuffer[] inSecBuffers, SecurityBuffer outSecBuffer, ref SspiContextFlags outFlags)
{
if (inCredentials == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("inCredentials");
}
SecurityBufferDescriptor inputBuffer = null;
if (inSecBuffer != null)
{
inputBuffer = new SecurityBufferDescriptor(1);
}
else if (inSecBuffers != null)
{
inputBuffer = new SecurityBufferDescriptor(inSecBuffers.Length);
}
SecurityBufferDescriptor outputBuffer = new SecurityBufferDescriptor(1);
bool flag = (inFlags & SspiContextFlags.AllocateMemory) != SspiContextFlags.Zero;
int num = -1;
SSPIHandle handle = new SSPIHandle();
if (refContext != null)
{
handle = refContext._handle;
}
GCHandle[] handleArray = null;
GCHandle handle2 = new GCHandle();
SafeFreeContextBuffer handleTemplate = null;
try
{
handle2 = GCHandle.Alloc(outSecBuffer.token, GCHandleType.Pinned);
SecurityBufferStruct[] structArray = new SecurityBufferStruct[(inputBuffer == null) ? 1 : inputBuffer.Count];
try
{
SecurityBufferStruct[] structArray3;
if (((structArray3 = structArray) == null) || (structArray3.Length == 0))
{
ptrRef = null;
goto Label_00A9;
}
fixed (IntPtr* ptrRef = structArray3)
{
Label_00A9:
if (inputBuffer != null)
{
inputBuffer.UnmanagedPointer = (void*) ptrRef;
handleArray = new GCHandle[inputBuffer.Count];
for (int i = 0; i < inputBuffer.Count; i++)
{
SecurityBuffer buffer2 = (inSecBuffer != null) ? inSecBuffer : inSecBuffers[i];
if (buffer2 != null)
{
structArray[i].count = buffer2.size;
structArray[i].type = buffer2.type;
if (buffer2.unmanagedToken != null)
{
structArray[i].token = buffer2.unmanagedToken.DangerousGetHandle();
}
else if ((buffer2.token == null) || (buffer2.token.Length == 0))
{
structArray[i].token = IntPtr.Zero;
}
else
{
handleArray[i] = GCHandle.Alloc(buffer2.token, GCHandleType.Pinned);
structArray[i].token = Marshal.UnsafeAddrOfPinnedArrayElement(buffer2.token, buffer2.offset);
}
}
}
}
SecurityBufferStruct[] structArray2 = new SecurityBufferStruct[1];
try
{
SecurityBufferStruct[] structArray4;
if (((structArray4 = structArray2) == null) || (structArray4.Length == 0))
{
ptrRef2 = null;
goto Label_01CF;
}
fixed (IntPtr* ptrRef2 = structArray4)
{
Label_01CF:
outputBuffer.UnmanagedPointer = (void*) ptrRef2;
structArray2[0].count = outSecBuffer.size;
structArray2[0].type = outSecBuffer.type;
if ((outSecBuffer.token == null) || (outSecBuffer.token.Length == 0))
{
structArray2[0].token = IntPtr.Zero;
}
else
{
structArray2[0].token = Marshal.UnsafeAddrOfPinnedArrayElement(outSecBuffer.token, outSecBuffer.offset);
}
if (flag)
{
handleTemplate = SafeFreeContextBuffer.CreateEmptyHandle();
}
if ((refContext == null) || refContext.IsInvalid)
{
refContext = new SafeDeleteContext();
}
if ((targetName == null) || (targetName.Length == 0))
{
targetName = " ";
}
fixed (char* str = ((char*) targetName))
{
char* chPtr = str;
num = MustRunInitializeSecurityContext(inCredentials, handle.IsZero ? null : ((void*) &handle), (targetName == " ") ? null : ((byte*) chPtr), inFlags, endianness, inputBuffer, refContext, outputBuffer, ref outFlags, handleTemplate);
}
outSecBuffer.size = structArray2[0].count;
outSecBuffer.type = structArray2[0].type;
if (outSecBuffer.size > 0)
{
outSecBuffer.token = DiagnosticUtility.Utility.AllocateByteArray(outSecBuffer.size);
Marshal.Copy(structArray2[0].token, outSecBuffer.token, 0, outSecBuffer.size);
return num;
}
outSecBuffer.token = null;
return num;
}
}
finally
{
ptrRef2 = null;
}
return num;
}
}
finally
{
ptrRef = null;
}
}
finally
{
if (handleArray != null)
{
for (int j = 0; j < handleArray.Length; j++)
{
if (handleArray[j].IsAllocated)
{
handleArray[j].Free();
}
}
}
if (handle2.IsAllocated)
{
handle2.Free();
}
if (handleTemplate != null)
{
handleTemplate.Close();
}
}
return num;
}
public static int QuerySpecifiedTarget(SafeDeleteContext securityContext, out string specifiedTarget)
{
int num2;
int size = IntPtr.Size;
Type handleType = typeof(SafeFreeContextBuffer);
SafeHandle refHandle = null;
specifiedTarget = null;
try
{
byte[] buffer = new byte[size];
num2 = QueryContextAttributes(securityContext, ContextAttribute.SpecifiedTarget, buffer, handleType, out refHandle);
if (num2 != 0)
{
return num2;
}
specifiedTarget = Marshal.PtrToStringUni(refHandle.DangerousGetHandle());
}
finally
{
if (refHandle != null)
{
refHandle.Close();
}
}
return num2;
}
public void CheckServiceBinding(SafeDeleteContext securityContext, string defaultServiceBinding)
{
if (this._policyEnforcement != System.Security.Authentication.ExtendedProtection.PolicyEnforcement.Never)
{
string specifiedTarget = null;
int num = SspiWrapper.QuerySpecifiedTarget(securityContext, out specifiedTarget);
if (num == 0)
{
switch (this._policyEnforcement)
{
case System.Security.Authentication.ExtendedProtection.PolicyEnforcement.WhenSupported:
if (specifiedTarget != null)
{
break;
}
return;
case System.Security.Authentication.ExtendedProtection.PolicyEnforcement.Always:
if (string.IsNullOrEmpty(specifiedTarget))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("InvalidServiceBindingInSspiNegotiationServiceBindingNotMatched", new object[] { string.Empty })));
}
break;
}
if ((this._serviceNameCollection == null) || (this._serviceNameCollection.Count < 1))
{
if (defaultServiceBinding == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("InvalidServiceBindingInSspiNegotiationServiceBindingNotMatched", new object[] { string.Empty })));
}
if (string.Compare(defaultServiceBinding, specifiedTarget, StringComparison.OrdinalIgnoreCase) == 0)
{
return;
}
if (string.IsNullOrEmpty(specifiedTarget))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("InvalidServiceBindingInSspiNegotiationServiceBindingNotMatched", new object[] { string.Empty })));
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("InvalidServiceBindingInSspiNegotiationServiceBindingNotMatched", new object[] { specifiedTarget })));
}
foreach (string str2 in this._serviceNameCollection)
{
if ((str2 != null) && (string.Compare(str2, specifiedTarget, StringComparison.OrdinalIgnoreCase) == 0))
{
return;
}
}
if (string.IsNullOrEmpty(specifiedTarget))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("InvalidServiceBindingInSspiNegotiationServiceBindingNotMatched", new object[] { string.Empty })));
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("InvalidServiceBindingInSspiNegotiationServiceBindingNotMatched", new object[] { specifiedTarget })));
}
if ((num != -2146893053) && (num != -2146893054))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("InvalidServiceBindingInSspiNegotiationNoServiceBinding")));
}
if (this._policyEnforcement == System.Security.Authentication.ExtendedProtection.PolicyEnforcement.Always)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("InvalidServiceBindingInSspiNegotiationNoServiceBinding")));
}
if (this._policyEnforcement != System.Security.Authentication.ExtendedProtection.PolicyEnforcement.WhenSupported)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("InvalidServiceBindingInSspiNegotiationNoServiceBinding")));
}
}
}
public static unsafe int EncryptDecryptHelper(SafeDeleteContext context, SecurityBuffer[] input, uint sequenceNumber, bool encrypt, bool isGssBlob)
{
int num6;
SecurityBufferStruct[] structArray2;
SecurityBufferDescriptor inputOutput = new SecurityBufferDescriptor(input.Length);
SecurityBufferStruct[] structArray = new SecurityBufferStruct[input.Length];
byte[][] bufferArray = new byte[input.Length][];
if (((structArray2 = structArray) == null) || (structArray2.Length == 0))
{
fixed (IntPtr* ptrRef = null)
{
}
}
inputOutput.UnmanagedPointer = (void*) ptrRef;
GCHandle[] handleArray = new GCHandle[input.Length];
try
{
int num2;
for (int i = 0; i < input.Length; i++)
{
SecurityBuffer buffer = input[i];
structArray[i].count = buffer.size;
structArray[i].type = buffer.type;
if ((buffer.token == null) || (buffer.token.Length == 0))
{
structArray[i].token = IntPtr.Zero;
}
else
{
handleArray[i] = GCHandle.Alloc(buffer.token, GCHandleType.Pinned);
structArray[i].token = Marshal.UnsafeAddrOfPinnedArrayElement(buffer.token, buffer.offset);
bufferArray[i] = buffer.token;
}
}
if (encrypt)
{
num2 = SafeDeleteContext.EncryptMessage(context, inputOutput, sequenceNumber);
}
else
{
num2 = SafeDeleteContext.DecryptMessage(context, inputOutput, sequenceNumber);
}
for (int j = 0; j < input.Length; j++)
{
SecurityBuffer buffer2 = input[j];
buffer2.size = structArray[j].count;
buffer2.type = structArray[j].type;
if (buffer2.size == 0)
{
buffer2.offset = 0;
buffer2.token = null;
continue;
}
if ((isGssBlob && !encrypt) && (buffer2.type == BufferType.Data))
{
buffer2.token = DiagnosticUtility.Utility.AllocateByteArray(buffer2.size);
Marshal.Copy(structArray[j].token, buffer2.token, 0, buffer2.size);
continue;
}
int index = 0;
while (index < input.Length)
{
if (bufferArray[index] != null)
{
byte* numPtr = (byte*) Marshal.UnsafeAddrOfPinnedArrayElement(bufferArray[index], 0);
if ((((void*) structArray[j].token) >= numPtr) && ((((void*) structArray[j].token) + buffer2.size) <= (numPtr + bufferArray[index].Length)))
{
buffer2.offset = (int) ((long) ((((void*) structArray[j].token) - numPtr) / 1));
buffer2.token = bufferArray[index];
break;
}
}
index++;
}
if (index >= input.Length)
{
buffer2.size = 0;
buffer2.offset = 0;
buffer2.token = null;
}
if ((buffer2.offset < 0) || (buffer2.offset > ((buffer2.token == null) ? 0 : buffer2.token.Length)))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.IdentityModel.SR.GetString("SspiWrapperEncryptDecryptAssert1", new object[] { buffer2.offset })));
}
if ((buffer2.size < 0) || (buffer2.size > ((buffer2.token == null) ? 0 : (buffer2.token.Length - buffer2.offset))))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.IdentityModel.SR.GetString("SspiWrapperEncryptDecryptAssert2", new object[] { buffer2.size })));
}
}
num6 = num2;
}
finally
{
for (int k = 0; k < handleArray.Length; k++)
{
if (handleArray[k].IsAllocated)
{
handleArray[k].Free();
}
}
}
return num6;
}
//
// After PInvoke call the method will fix the refHandle.handle with the returned value.
// The caller is responsible for creating a correct SafeHandle template or null can be passed if no handle is returned.
//
// This method is run as non-interruptible.
//
public static unsafe int QueryContextAttributes(SafeDeleteContext phContext, ContextAttribute contextAttribute, byte* buffer, SafeHandle refHandle)
{
int status = (int)SecurityStatus.InvalidHandle;
bool b = false;
// We don't want to be interrupted by thread abort exceptions or unexpected out-of-memory errors failing to jit
// one of the following methods. So run within a CER non-interruptible block.
RuntimeHelpers.PrepareConstrainedRegions();
try
{
phContext.DangerousAddRef(ref b);
}
catch (Exception e)
{
if (System.Runtime.Fx.IsFatal(e))
throw;
if (b)
{
phContext.DangerousRelease();
b = false;
}
if (!(e is ObjectDisposedException))
throw;
}
finally
{
if (b)
{
// PreSharp Bug: Call 'Marshal.GetLastWin32Error' or 'Marshal.GetHRForLastWin32Error' before any other interop call.
#pragma warning suppress 56523 // The API does not set Win32 Last Error. The API returns a error code.
status = SafeFreeContextBuffer.QueryContextAttributesW(ref phContext._handle, contextAttribute, buffer);
phContext.DangerousRelease();
}
if (status == 0 && refHandle != null)
{
if (refHandle is SafeFreeContextBuffer)
{
if (contextAttribute == ContextAttribute.SessionKey)
{
IntPtr keyPtr = Marshal.ReadIntPtr(new IntPtr(buffer), SecPkgContext_SessionKey.SessionkeyOffset);
((SafeFreeContextBuffer)refHandle).Set(keyPtr);
}
else
{
((SafeFreeContextBuffer)refHandle).Set(*(IntPtr*)buffer);
}
}
else
{
((SafeFreeCertContext)refHandle).Set(*(IntPtr*)buffer);
}
}
if (status != 0 && refHandle != null)
{
refHandle.SetHandleAsInvalid();
}
}
return status;
}
//-------------------------------------------------------------------
internal static unsafe int AcceptSecurityContext(
SafeFreeCredentials inCredentials,
ref SafeDeleteContext refContext,
SspiContextFlags inFlags,
Endianness endianness,
SecurityBuffer inSecBuffer,
SecurityBuffer[] inSecBuffers,
SecurityBuffer outSecBuffer,
ref SspiContextFlags outFlags)
{
if (inCredentials == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("inCredentials");
}
SecurityBufferDescriptor inSecurityBufferDescriptor = null;
if (inSecBuffer != null)
{
inSecurityBufferDescriptor = new SecurityBufferDescriptor(1);
}
else if (inSecBuffers != null)
{
inSecurityBufferDescriptor = new SecurityBufferDescriptor(inSecBuffers.Length);
}
SecurityBufferDescriptor outSecurityBufferDescriptor = new SecurityBufferDescriptor(1);
// actually this is returned in outFlags
bool isSspiAllocated = (inFlags & SspiContextFlags.AllocateMemory) != 0 ? true : false;
int errorCode = -1;
SSPIHandle contextHandle = new SSPIHandle();
if (refContext != null)
{
contextHandle = refContext._handle;
}
// these are pinned user byte arrays passed along with SecurityBuffers
GCHandle[] pinnedInBytes = null;
GCHandle pinnedOutBytes = new GCHandle();
// optional output buffer that may need to be freed
SafeFreeContextBuffer outFreeContextBuffer = null;
try
{
pinnedOutBytes = GCHandle.Alloc(outSecBuffer.token, GCHandleType.Pinned);
SecurityBufferStruct[] inUnmanagedBuffer = new SecurityBufferStruct[inSecurityBufferDescriptor == null ? 1 : inSecurityBufferDescriptor.Count];
fixed (void* inUnmanagedBufferPtr = inUnmanagedBuffer)
{
if (inSecurityBufferDescriptor != null)
{
// Fix Descriptor pointer that points to unmanaged SecurityBuffers
inSecurityBufferDescriptor.UnmanagedPointer = inUnmanagedBufferPtr;
pinnedInBytes = new GCHandle[inSecurityBufferDescriptor.Count];
SecurityBuffer securityBuffer;
for (int index = 0; index < inSecurityBufferDescriptor.Count; ++index)
{
securityBuffer = inSecBuffer != null ? inSecBuffer : inSecBuffers[index];
if (securityBuffer != null)
{
// Copy the SecurityBuffer content into unmanaged place holder
inUnmanagedBuffer[index].count = securityBuffer.size;
inUnmanagedBuffer[index].type = securityBuffer.type;
// use the unmanaged token if it's not null; otherwise use the managed buffer
if (securityBuffer.unmanagedToken != null)
{
inUnmanagedBuffer[index].token = securityBuffer.unmanagedToken.DangerousGetHandle();
}
else if (securityBuffer.token == null || securityBuffer.token.Length == 0)
{
inUnmanagedBuffer[index].token = IntPtr.Zero;
}
else
{
pinnedInBytes[index] = GCHandle.Alloc(securityBuffer.token, GCHandleType.Pinned);
inUnmanagedBuffer[index].token = Marshal.UnsafeAddrOfPinnedArrayElement(securityBuffer.token, securityBuffer.offset);
}
}
}
}
SecurityBufferStruct[] outUnmanagedBuffer = new SecurityBufferStruct[1];
fixed (void* outUnmanagedBufferPtr = outUnmanagedBuffer)
{
// Fix Descriptor pointer that points to unmanaged SecurityBuffers
outSecurityBufferDescriptor.UnmanagedPointer = outUnmanagedBufferPtr;
// Copy the SecurityBuffer content into unmanaged place holder
outUnmanagedBuffer[0].count = outSecBuffer.size;
outUnmanagedBuffer[0].type = outSecBuffer.type;
if (outSecBuffer.token == null || outSecBuffer.token.Length == 0)
{
outUnmanagedBuffer[0].token = IntPtr.Zero;
}
else
{
outUnmanagedBuffer[0].token = Marshal.UnsafeAddrOfPinnedArrayElement(outSecBuffer.token, outSecBuffer.offset);
}
if (isSspiAllocated)
{
outFreeContextBuffer = SafeFreeContextBuffer.CreateEmptyHandle();
}
if (refContext == null || refContext.IsInvalid)
{
refContext = new SafeDeleteContext();
}
errorCode = MustRunAcceptSecurityContext(
inCredentials,
contextHandle.IsZero ? null : &contextHandle,
inSecurityBufferDescriptor,
inFlags,
endianness,
refContext,
outSecurityBufferDescriptor,
ref outFlags,
outFreeContextBuffer
);
// Get unmanaged buffer with index 0 as the only one passed into PInvoke
outSecBuffer.size = outUnmanagedBuffer[0].count;
outSecBuffer.type = outUnmanagedBuffer[0].type;
if (outSecBuffer.size > 0)
{
outSecBuffer.token = DiagnosticUtility.Utility.AllocateByteArray(outSecBuffer.size);
Marshal.Copy(outUnmanagedBuffer[0].token, outSecBuffer.token, 0, outSecBuffer.size);
}
else
{
outSecBuffer.token = null;
}
}
}
}
finally
{
if (pinnedInBytes != null)
{
for (int index = 0; index < pinnedInBytes.Length; index++)
{
if (pinnedInBytes[index].IsAllocated)
{
pinnedInBytes[index].Free();
}
}
}
if (pinnedOutBytes.IsAllocated)
{
pinnedOutBytes.Free();
}
if (outFreeContextBuffer != null)
{
outFreeContextBuffer.Close();
}
}
return errorCode;
}
// After PINvoke call the method will fix the handleTemplate.handle with the returned value.
// The caller is responsible for creating a correct SafeFreeContextBuffer_XXX flavour or null can be passed if no handle is returned.
// This method is run as non-interruptible.
static unsafe int MustRunAcceptSecurityContext(
SafeFreeCredentials inCredentials,
void* inContextPtr,
SecurityBufferDescriptor inputBuffer,
SspiContextFlags inFlags,
Endianness endianness,
SafeDeleteContext outContext,
SecurityBufferDescriptor outputBuffer,
ref SspiContextFlags outFlags,
SafeFreeContextBuffer handleTemplate)
{
int errorCode = -1;
bool b1 = false;
bool b2 = false;
// Run the body of this method as a non-interruptible block.
RuntimeHelpers.PrepareConstrainedRegions();
try
{
inCredentials.DangerousAddRef(ref b1);
outContext.DangerousAddRef(ref b2);
}
catch (Exception e)
{
if (System.Runtime.Fx.IsFatal(e))
throw;
if (b1)
{
inCredentials.DangerousRelease();
b1 = false;
}
if (b2)
{
outContext.DangerousRelease();
b2 = false;
}
if (!(e is ObjectDisposedException))
throw;
}
finally
{
long timeStamp;
if (!b1)
{
// caller should retry
inCredentials = null;
}
else if (b1 && b2)
{
SSPIHandle credentialHandle = inCredentials._handle;
// PreSharp Bug: Call 'Marshal.GetLastWin32Error' or 'Marshal.GetHRForLastWin32Error' before any other interop call.
#pragma warning suppress 56523 // This API does not set Win32 Last Error.
errorCode = AcceptSecurityContext(
ref credentialHandle,
inContextPtr,
inputBuffer,
inFlags,
endianness,
ref outContext._handle,
outputBuffer,
ref outFlags,
out timeStamp
);
//
// When a credential handle is first associated with the context we keep credential
// ref count bumped up to ensure ordered finalization.
// If the credential handle has been changed we de-ref the old one and associate the
// context with the new cred handle but only if the call was successful.
if (outContext._EffectiveCredential != inCredentials && (errorCode & 0x80000000) == 0)
{
// Disassociate the previous credential handle
if (outContext._EffectiveCredential != null)
outContext._EffectiveCredential.DangerousRelease();
outContext._EffectiveCredential = inCredentials;
}
else
{
inCredentials.DangerousRelease();
}
outContext.DangerousRelease();
// The idea is that SSPI has allocated a block and filled up outUnmanagedBuffer+8 slot with the pointer.
if (handleTemplate != null)
{
handleTemplate.Set(((SecurityBufferStruct*)outputBuffer.UnmanagedPointer)->token); //ATTN: on 64 BIT that is still +8 cause of 2* c++ unsigned long == 8 bytes
if (handleTemplate.IsInvalid)
{
handleTemplate.SetHandleAsInvalid();
}
}
if (inContextPtr == null && (errorCode & 0x80000000) != 0)
{
// an error on the first call, need to set the out handle to invalid value
outContext._handle.SetToInvalid();
}
}
}
return errorCode;
}
private TlsSspiNegotiation(
string destination,
bool isServer,
SchProtocols protocolFlags,
X509Certificate2 serverCertificate,
X509Certificate2 clientCertificate,
bool clientCertRequired)
{
SspiWrapper.GetVerifyPackageInfo(SecurityPackage);
this.destination = destination;
this.isServer = isServer;
this.protocolFlags = protocolFlags;
this.serverCertificate = serverCertificate;
this.clientCertificate = clientCertificate;
this.clientCertRequired = clientCertRequired;
this.securityContext = null;
if (isServer)
{
ValidateServerCertificate();
}
else
{
ValidateClientCertificate();
}
if (this.isServer)
{
// This retry is to address intermittent failure when accessing private key (MB56153)
try
{
AcquireServerCredentials();
}
catch (Win32Exception ex)
{
if (ex.NativeErrorCode != (int)SecurityStatus.UnknownCredential)
{
throw;
}
DiagnosticUtility.TraceHandledException(ex, TraceEventType.Information);
// Yield
Thread.Sleep(0);
AcquireServerCredentials();
}
}
else
{
// delay client credentials presenting till they are asked for
AcquireDummyCredentials();
}
}
public static unsafe int DecryptMessage(SafeDeleteContext context, SecurityBufferDescriptor inputOutput, uint sequenceNumber)
{
int num = -2146893055;
bool success = false;
uint qualityOfProtection = 0;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
context.DangerousAddRef(ref success);
}
catch (Exception exception)
{
if (success)
{
context.DangerousRelease();
success = false;
}
if (!(exception is ObjectDisposedException))
{
throw;
}
}
finally
{
if (success)
{
num = DecryptMessage(ref context._handle, inputOutput, sequenceNumber, &qualityOfProtection);
context.DangerousRelease();
}
}
if ((num == 0) && (qualityOfProtection == 0x80000001))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.IdentityModel.SR.GetString("SspiPayloadNotEncrypted")));
}
return num;
}
