internal int MakeSignature(byte[] buffer, int offset, int count, ref byte[] output)
        {
            SecSizes sizes = this.Sizes;
            int      num   = count + sizes.MaxSignature;

            if ((output == null) || (output.Length < num))
            {
                output = new byte[num];
            }
            Buffer.BlockCopy(buffer, offset, output, sizes.MaxSignature, count);
            SecurityBuffer[] input = new SecurityBuffer[] { new SecurityBuffer(output, 0, sizes.MaxSignature, BufferType.Token), new SecurityBuffer(output, sizes.MaxSignature, count, BufferType.Data) };
            int error = SSPIWrapper.MakeSignature(GlobalSSPI.SSPIAuth, this.m_SecurityContext, input, 0);

            if (error != 0)
            {
                throw new Win32Exception(error);
            }
            return(input[0].size + input[1].size);
        }
Exemplo n.º 2
0
        public static object QueryContextAttributes(SSPIInterface secModule, SafeDeleteContext securityContext, Interop.Secur32.ContextAttribute contextAttribute, out int errorCode)
        {
            GlobalLog.Enter("QueryContextAttributes", contextAttribute.ToString());

            int nativeBlockSize = IntPtr.Size;
            Type handleType = null;

            switch (contextAttribute)
            {
                case Interop.Secur32.ContextAttribute.Sizes:
                    nativeBlockSize = SecSizes.SizeOf;
                    break;
                case Interop.Secur32.ContextAttribute.StreamSizes:
                    nativeBlockSize = StreamSizes.SizeOf;
                    break;

                case Interop.Secur32.ContextAttribute.Names:
                    handleType = typeof(SafeFreeContextBuffer);
                    break;

                case Interop.Secur32.ContextAttribute.PackageInfo:
                    handleType = typeof(SafeFreeContextBuffer);
                    break;

                case Interop.Secur32.ContextAttribute.NegotiationInfo:
                    handleType = typeof(SafeFreeContextBuffer);
                    nativeBlockSize = Marshal.SizeOf<NegotiationInfo>();
                    break;

                case Interop.Secur32.ContextAttribute.ClientSpecifiedSpn:
                    handleType = typeof(SafeFreeContextBuffer);
                    break;

                case Interop.Secur32.ContextAttribute.RemoteCertificate:
                    handleType = typeof(SafeFreeCertContext);
                    break;

                case Interop.Secur32.ContextAttribute.LocalCertificate:
                    handleType = typeof(SafeFreeCertContext);
                    break;

                case Interop.Secur32.ContextAttribute.IssuerListInfoEx:
                    nativeBlockSize = Marshal.SizeOf<Interop.Secur32.IssuerListInfoEx>();
                    handleType = typeof(SafeFreeContextBuffer);
                    break;

                case Interop.Secur32.ContextAttribute.ConnectionInfo:
                    nativeBlockSize = Marshal.SizeOf<SslConnectionInfo>();
                    break;

                default:
                    throw new ArgumentException(SR.Format(SR.net_invalid_enum, "ContextAttribute"), "contextAttribute");
            }

            SafeHandle sspiHandle = null;
            object attribute = null;

            try
            {
                byte[] nativeBuffer = new byte[nativeBlockSize];
                errorCode = secModule.QueryContextAttributes(securityContext, contextAttribute, nativeBuffer, handleType, out sspiHandle);
                if (errorCode != 0)
                {
                    GlobalLog.Leave("Win32:QueryContextAttributes", "ERROR = " + ErrorDescription(errorCode));
                    return null;
                }

                switch (contextAttribute)
                {
                    case Interop.Secur32.ContextAttribute.Sizes:
                        attribute = new SecSizes(nativeBuffer);
                        break;

                    case Interop.Secur32.ContextAttribute.StreamSizes:
                        attribute = new StreamSizes(nativeBuffer);
                        break;

                    case Interop.Secur32.ContextAttribute.Names:
                        attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle());
                        break;

                    case Interop.Secur32.ContextAttribute.PackageInfo:
                        attribute = new SecurityPackageInfoClass(sspiHandle, 0);
                        break;

                    case Interop.Secur32.ContextAttribute.NegotiationInfo:
                        unsafe
                        {
                            fixed (void* ptr = nativeBuffer)
                            {
                                attribute = new NegotiationInfoClass(sspiHandle, Marshal.ReadInt32(new IntPtr(ptr), NegotiationInfo.NegotiationStateOffest));
                            }
                        }
                        break;

                    case Interop.Secur32.ContextAttribute.ClientSpecifiedSpn:
                        attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle());
                        break;

                    case Interop.Secur32.ContextAttribute.LocalCertificate:
                        // Fall-through to RemoteCertificate is intentional.
                    case Interop.Secur32.ContextAttribute.RemoteCertificate:
                        attribute = sspiHandle;
                        sspiHandle = null;
                        break;

                    case Interop.Secur32.ContextAttribute.IssuerListInfoEx:
                        attribute = new Interop.Secur32.IssuerListInfoEx(sspiHandle, nativeBuffer);
                        sspiHandle = null;
                        break;

                    case Interop.Secur32.ContextAttribute.ConnectionInfo:
                        attribute = new SslConnectionInfo(nativeBuffer);
                        break;
                    default:
                        // Will return null.
                        break;
                }
            }
            finally
            {
                if (sspiHandle != null)
                {
                    sspiHandle.Dispose();
                }
            }
            GlobalLog.Leave("QueryContextAttributes", LoggingHash.ObjectToString(attribute));
            return attribute;
        }
Exemplo n.º 3
0
        private object QueryContextAttributes(SafeDeleteContext securityContext, Interop.Secur32.ContextAttribute contextAttribute, out int errorCode)
        {
            GlobalLog.Enter("QueryContextAttributes", contextAttribute.ToString());

            int  nativeBlockSize = IntPtr.Size;
            Type handleType      = null;

            switch (contextAttribute)
            {
            case Interop.Secur32.ContextAttribute.Sizes:
                nativeBlockSize = SecSizes.SizeOf;
                break;

            case Interop.Secur32.ContextAttribute.StreamSizes:
                nativeBlockSize = StreamSizes.SizeOf;
                break;

            case Interop.Secur32.ContextAttribute.Names:
                handleType = typeof(SafeFreeContextBuffer);
                break;

            case Interop.Secur32.ContextAttribute.PackageInfo:
                handleType = typeof(SafeFreeContextBuffer);
                break;

            case Interop.Secur32.ContextAttribute.NegotiationInfo:
                handleType      = typeof(SafeFreeContextBuffer);
                nativeBlockSize = Marshal.SizeOf <NegotiationInfo>();
                break;

            case Interop.Secur32.ContextAttribute.ClientSpecifiedSpn:
                handleType = typeof(SafeFreeContextBuffer);
                break;

            case Interop.Secur32.ContextAttribute.RemoteCertificate:
                handleType = typeof(SafeFreeCertContext);
                break;

            case Interop.Secur32.ContextAttribute.LocalCertificate:
                handleType = typeof(SafeFreeCertContext);
                break;

            case Interop.Secur32.ContextAttribute.IssuerListInfoEx:
                nativeBlockSize = Marshal.SizeOf <Interop.Secur32.IssuerListInfoEx>();
                handleType      = typeof(SafeFreeContextBuffer);
                break;

            case Interop.Secur32.ContextAttribute.ConnectionInfo:
                nativeBlockSize = Marshal.SizeOf <SslConnectionInfo>();
                break;

            default:
                throw new ArgumentException(SR.Format(SR.net_invalid_enum, "ContextAttribute"), "contextAttribute");
            }

            SafeHandle SspiHandle = null;
            object     attribute  = null;

            try
            {
                byte[] nativeBuffer = new byte[nativeBlockSize];
                errorCode = QueryContextAttributes(securityContext, contextAttribute, nativeBuffer, handleType, out SspiHandle);
                if (errorCode != 0)
                {
                    GlobalLog.Leave("Win32:QueryContextAttributes", "ERROR = " + ErrorDescription(errorCode));
                    return(null);
                }

                switch (contextAttribute)
                {
                case Interop.Secur32.ContextAttribute.Sizes:
                    attribute = new SecSizes(nativeBuffer);
                    break;

                case Interop.Secur32.ContextAttribute.StreamSizes:
                    attribute = new StreamSizes(nativeBuffer);
                    break;

                case Interop.Secur32.ContextAttribute.Names:
                    attribute = Marshal.PtrToStringUni(SspiHandle.DangerousGetHandle());
                    break;

                case Interop.Secur32.ContextAttribute.PackageInfo:
                    attribute = new SecurityPackageInfoClass(SspiHandle, 0);
                    break;

                case Interop.Secur32.ContextAttribute.NegotiationInfo:
                    unsafe
                    {
                        fixed(void *ptr = nativeBuffer)
                        {
                            attribute = new NegotiationInfoClass(SspiHandle, Marshal.ReadInt32(new IntPtr(ptr), NegotiationInfo.NegotiationStateOffest));
                        }
                    }
                    break;

                case Interop.Secur32.ContextAttribute.ClientSpecifiedSpn:
                    attribute = Marshal.PtrToStringUni(SspiHandle.DangerousGetHandle());
                    break;

                case Interop.Secur32.ContextAttribute.LocalCertificate:
                    goto case Interop.Secur32.ContextAttribute.RemoteCertificate;

                case Interop.Secur32.ContextAttribute.RemoteCertificate:
                    attribute  = SspiHandle;
                    SspiHandle = null;
                    break;

                case Interop.Secur32.ContextAttribute.IssuerListInfoEx:
                    attribute  = new Interop.Secur32.IssuerListInfoEx(SspiHandle, nativeBuffer);
                    SspiHandle = null;
                    break;

                case Interop.Secur32.ContextAttribute.ConnectionInfo:
                    attribute = new SslConnectionInfo(nativeBuffer);
                    break;

                default:
                    // Will return null.
                    break;
                }
            }
            finally
            {
                if (SspiHandle != null)
                {
                    SspiHandle.Dispose();
                }
            }
            GlobalLog.Leave("QueryContextAttributes", Logging.ObjectToString(attribute));
            return(attribute);
        }
Exemplo n.º 4
0
        internal int Encrypt(byte[] buffer, int offset, int count, ref byte[] output, uint sequenceNumber)
        {
            SecSizes sizes = Sizes;

            try
            {
                int maxCount = checked (Int32.MaxValue - 4 - sizes.BlockSize - sizes.SecurityTrailer);

                if (count > maxCount || count < 0)
                {
                    throw new ArgumentOutOfRangeException("count", SR.Format(SR.net_io_out_range, maxCount));
                }
            }
            catch (Exception e)
            {
                if (!ExceptionCheck.IsFatal(e) && GlobalLog.IsEnabled)
                {
                    GlobalLog.Assert("NTAuthentication#" + LoggingHash.HashString(this) + "::Encrypt", "Arguments out of range.");
                }

                throw;
            }

            int resultSize = count + sizes.SecurityTrailer + sizes.BlockSize;

            if (output == null || output.Length < resultSize + 4)
            {
                output = new byte[resultSize + 4];
            }

            // Make a copy of user data for in-place encryption.
            Buffer.BlockCopy(buffer, offset, output, 4 + sizes.SecurityTrailer, count);

            // Prepare buffers TOKEN(signature), DATA and Padding.
            var securityBuffer = new SecurityBuffer[3];

            securityBuffer[0] = new SecurityBuffer(output, 4, sizes.SecurityTrailer, SecurityBufferType.Token);
            securityBuffer[1] = new SecurityBuffer(output, 4 + sizes.SecurityTrailer, count, SecurityBufferType.Data);
            securityBuffer[2] = new SecurityBuffer(output, 4 + sizes.SecurityTrailer + count, sizes.BlockSize, SecurityBufferType.Padding);

            int errorCode;

            if (IsConfidentialityFlag)
            {
                errorCode = SSPIWrapper.EncryptMessage(GlobalSSPI.SSPIAuth, _securityContext, securityBuffer, sequenceNumber);
            }
            else
            {
                if (IsNTLM)
                {
                    securityBuffer[1].type |= SecurityBufferType.ReadOnlyFlag;
                }

                errorCode = SSPIWrapper.MakeSignature(GlobalSSPI.SSPIAuth, _securityContext, securityBuffer, 0);
            }

            if (errorCode != 0)
            {
                GlobalLog.Print("NTAuthentication#" + LoggingHash.HashString(this) + "::Encrypt() throw Error = " + errorCode.ToString("x", NumberFormatInfo.InvariantInfo));
                throw new Win32Exception(errorCode);
            }

            // Compacting the result.
            resultSize = securityBuffer[0].size;
            bool forceCopy = false;

            if (resultSize != sizes.SecurityTrailer)
            {
                forceCopy = true;
                Buffer.BlockCopy(output, securityBuffer[1].offset, output, 4 + resultSize, securityBuffer[1].size);
            }

            resultSize += securityBuffer[1].size;
            if (securityBuffer[2].size != 0 && (forceCopy || resultSize != (count + sizes.SecurityTrailer)))
            {
                Buffer.BlockCopy(output, securityBuffer[2].offset, output, 4 + resultSize, securityBuffer[2].size);
            }

            resultSize += securityBuffer[2].size;

            unchecked
            {
                output[0] = (byte)((resultSize) & 0xFF);
                output[1] = (byte)(((resultSize) >> 8) & 0xFF);
                output[2] = (byte)(((resultSize) >> 16) & 0xFF);
                output[3] = (byte)(((resultSize) >> 24) & 0xFF);
            }

            return(resultSize + 4);
        }
Exemplo n.º 5
0
        public static object QueryContextAttributes(SSPIInterface secModule, SafeDeleteContext securityContext, Interop.SspiCli.ContextAttribute contextAttribute, out int errorCode)
        {
            if (GlobalLog.IsEnabled)
            {
                GlobalLog.Enter(nameof(QueryContextAttributes), contextAttribute.ToString());
            }

            int  nativeBlockSize = IntPtr.Size;
            Type handleType      = null;

            switch (contextAttribute)
            {
            case Interop.SspiCli.ContextAttribute.Sizes:
                nativeBlockSize = SecSizes.SizeOf;
                break;

            case Interop.SspiCli.ContextAttribute.StreamSizes:
                nativeBlockSize = StreamSizes.SizeOf;
                break;

            case Interop.SspiCli.ContextAttribute.Names:
                handleType = typeof(SafeFreeContextBuffer);
                break;

            case Interop.SspiCli.ContextAttribute.PackageInfo:
                handleType = typeof(SafeFreeContextBuffer);
                break;

            case Interop.SspiCli.ContextAttribute.NegotiationInfo:
                handleType      = typeof(SafeFreeContextBuffer);
                nativeBlockSize = Marshal.SizeOf <NegotiationInfo>();
                break;

            case Interop.SspiCli.ContextAttribute.ClientSpecifiedSpn:
                handleType = typeof(SafeFreeContextBuffer);
                break;

            case Interop.SspiCli.ContextAttribute.RemoteCertificate:
                handleType = typeof(SafeFreeCertContext);
                break;

            case Interop.SspiCli.ContextAttribute.LocalCertificate:
                handleType = typeof(SafeFreeCertContext);
                break;

            case Interop.SspiCli.ContextAttribute.IssuerListInfoEx:
                nativeBlockSize = Marshal.SizeOf <Interop.SspiCli.IssuerListInfoEx>();
                handleType      = typeof(SafeFreeContextBuffer);
                break;

            case Interop.SspiCli.ContextAttribute.ConnectionInfo:
                nativeBlockSize = Marshal.SizeOf <SslConnectionInfo>();
                break;

            default:
                throw new ArgumentException(SR.Format(SR.net_invalid_enum, nameof(contextAttribute)), nameof(contextAttribute));
            }

            SafeHandle sspiHandle = null;
            object     attribute  = null;

            try
            {
                var nativeBuffer = new byte[nativeBlockSize];
                errorCode = secModule.QueryContextAttributes(securityContext, contextAttribute, nativeBuffer, handleType, out sspiHandle);
                if (errorCode != 0)
                {
                    if (GlobalLog.IsEnabled)
                    {
                        GlobalLog.Leave("Win32:QueryContextAttributes", "ERROR = " + ErrorDescription(errorCode));
                    }
                    return(null);
                }

                switch (contextAttribute)
                {
                case Interop.SspiCli.ContextAttribute.Sizes:
                    attribute = new SecSizes(nativeBuffer);
                    break;

                case Interop.SspiCli.ContextAttribute.StreamSizes:
                    attribute = new StreamSizes(nativeBuffer);
                    break;

                case Interop.SspiCli.ContextAttribute.Names:
                    attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle());
                    break;

                case Interop.SspiCli.ContextAttribute.PackageInfo:
                    attribute = new SecurityPackageInfoClass(sspiHandle, 0);
                    break;

                case Interop.SspiCli.ContextAttribute.NegotiationInfo:
                    unsafe
                    {
                        fixed(void *ptr = nativeBuffer)
                        {
                            attribute = new NegotiationInfoClass(sspiHandle, Marshal.ReadInt32(new IntPtr(ptr), NegotiationInfo.NegotiationStateOffest));
                        }
                    }
                    break;

                case Interop.SspiCli.ContextAttribute.ClientSpecifiedSpn:
                    attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle());
                    break;

                case Interop.SspiCli.ContextAttribute.LocalCertificate:
                // Fall-through to RemoteCertificate is intentional.
                case Interop.SspiCli.ContextAttribute.RemoteCertificate:
                    attribute  = sspiHandle;
                    sspiHandle = null;
                    break;

                case Interop.SspiCli.ContextAttribute.IssuerListInfoEx:
                    attribute  = new Interop.SspiCli.IssuerListInfoEx(sspiHandle, nativeBuffer);
                    sspiHandle = null;
                    break;

                case Interop.SspiCli.ContextAttribute.ConnectionInfo:
                    attribute = new SslConnectionInfo(nativeBuffer);
                    break;

                default:
                    // Will return null.
                    break;
                }
            }
            finally
            {
                if (sspiHandle != null)
                {
                    sspiHandle.Dispose();
                }
            }

            if (GlobalLog.IsEnabled)
            {
                GlobalLog.Leave(nameof(QueryContextAttributes), LoggingHash.ObjectToString(attribute));
            }

            return(attribute);
        }
        internal int Encrypt(byte[] buffer, int offset, int count, ref byte[] output, uint sequenceNumber)
        {
            int      num3;
            SecSizes sizes = this.Sizes;

            try
            {
                int num = (0x7ffffffb - sizes.BlockSize) - sizes.SecurityTrailer;
                if ((count > num) || (count < 0))
                {
                    throw new ArgumentOutOfRangeException("count", SR.GetString("net_io_out_range", new object[] { num }));
                }
            }
            catch (Exception exception)
            {
                NclUtilities.IsFatal(exception);
                throw;
            }
            int size = (count + sizes.SecurityTrailer) + sizes.BlockSize;

            if ((output == null) || (output.Length < (size + 4)))
            {
                output = new byte[size + 4];
            }
            Buffer.BlockCopy(buffer, offset, output, 4 + sizes.SecurityTrailer, count);
            SecurityBuffer[] input = new SecurityBuffer[] { new SecurityBuffer(output, 4, sizes.SecurityTrailer, BufferType.Token), new SecurityBuffer(output, 4 + sizes.SecurityTrailer, count, BufferType.Data), new SecurityBuffer(output, (4 + sizes.SecurityTrailer) + count, sizes.BlockSize, BufferType.Padding) };
            if (this.IsConfidentialityFlag)
            {
                num3 = SSPIWrapper.EncryptMessage(GlobalSSPI.SSPIAuth, this.m_SecurityContext, input, sequenceNumber);
            }
            else
            {
                if (this.IsNTLM)
                {
                    SecurityBuffer buffer1 = input[1];
                    buffer1.type |= BufferType.ReadOnlyFlag;
                }
                num3 = SSPIWrapper.MakeSignature(GlobalSSPI.SSPIAuth, this.m_SecurityContext, input, 0);
            }
            if (num3 != 0)
            {
                throw new Win32Exception(num3);
            }
            size = input[0].size;
            bool flag = false;

            if (size != sizes.SecurityTrailer)
            {
                flag = true;
                Buffer.BlockCopy(output, input[1].offset, output, 4 + size, input[1].size);
            }
            size += input[1].size;
            if ((input[2].size != 0) && (flag || (size != (count + sizes.SecurityTrailer))))
            {
                Buffer.BlockCopy(output, input[2].offset, output, 4 + size, input[2].size);
            }
            size     += input[2].size;
            output[0] = (byte)(size & 0xff);
            output[1] = (byte)((size >> 8) & 0xff);
            output[2] = (byte)((size >> 0x10) & 0xff);
            output[3] = (byte)((size >> 0x18) & 0xff);
            return(size + 4);
        }