static extern int AcceptSecurityContext(
IntPtr phCredential,
IntPtr phContext,
ref SecBufferDesc pInput,
uint fContextReq,
uint TargetDataRep,
IntPtr phNewContext,
out SecBufferDesc pOutput,
out uint pfContextAttr,
out SECURITY_INTEGER ptsTimeStamp);
public static extern int AcquireCredentialsHandle(
System.IntPtr pszPrincipal, //SEC_CHAR*
string pszPackage, //SEC_CHAR* //"Kerberos","NTLM","Negotiative"
int fCredentialUse,
IntPtr PAuthenticationID, //_LUID AuthenticationID,//pvLogonID, //PLUID
ref AuthIdentityEx pAuthData, //PVOID
int pGetKeyFn, //SEC_GET_KEY_FN
IntPtr pvGetKeyArgument, //PVOID
ref SECURITY_HANDLE phCredential, //SecHandle //PCtxtHandle ref
ref SECURITY_INTEGER ptsExpiry); //PTimeStamp //TimeStamp ref
internal static extern SecStatus AcceptSecurityContext_1(
ref SECURITY_HANDLE phCredential,
ref SECURITY_HANDLE phContext,
ref SecBufferDesc pInput,
ContextFlag fContextReq,
uint TargetDataRep,
ref SECURITY_HANDLE phNewContext,
out SecBufferDesc pOutput,
out ContextFlag pfContextAttr,
out SECURITY_INTEGER ptsTimeStamp
);
public static extern int AcquireCredentialsHandle(
string pszPrincipal,
string pszPackage,
int fCredentialUse,
IntPtr PAuthenticationID,
IntPtr pAuthData,
int pGetKeyFn,
IntPtr pvGetKeyArgument,
// out SECURITY_HANDLE phCredential,
IntPtr phCredential,
out SECURITY_INTEGER ptsExpiry);
/// <summary>
///
/// </summary>
/// <param name="obj"></param>
/// <returns></returns>
public override bool Equals(object obj)
{
if (obj is SECURITY_INTEGER)
{
SECURITY_INTEGER secHandle = (SECURITY_INTEGER)obj;
return(secHandle.HighPart == HighPart &&
secHandle.LowPart == LowPart);
}
return(base.Equals(obj));
}
internal static extern int AcceptSecurityContext_1(
ref SECURITY_HANDLE phCredential,
SECURITY_HANDLE phContext,
ref SecBufferDesc pInput,
ContextFlags fContextReq,
uint TargetDataRep,
out SECURITY_HANDLE phNewContext,
out SecBufferDesc pOutput,
out ContextFlags pfContextAttr, //managed ulong == 64 bits!!!
out SECURITY_INTEGER ptsTimeStamp
);
public static extern int InitializeSecurityContext(ref SECURITY_HANDLE phCredential, //PCredHandle
ref SECURITY_HANDLE phContext, //PCtxtHandle
string pszTargetName,
int fContextReq,
int Reserved1,
int TargetDataRep,
ref SecBufferDesc SecBufferDesc, //PSecBufferDesc SecBufferDesc
int Reserved2,
out SECURITY_HANDLE phNewContext, //PCtxtHandle
out SecBufferDesc pOutput, //PSecBufferDesc SecBufferDesc
out uint pfContextAttr, //managed ulong == 64 bits!!!
out SECURITY_INTEGER ptsExpiry); //PTimeStamp
public bool Type3(byte[] input, int ntlm_offset)
{
int ntlm_length = input.Length - ntlm_offset;
Console.WriteLine("[Type3] handling type 3 resposne");
// Client buffers
client_buffer.BufferType = (int)Secur32.SECBUFFER_TOKEN;
client_buffer.BufferPtr = Marshal.AllocHGlobal(ntlm_length);
client_buffer.BufferSize = ntlm_length;
Marshal.Copy(input, ntlm_offset, client_buffer.BufferPtr, ntlm_length);
client_desc.Version = (int)Secur32.SECBUFFER_VERSION;
client_desc.BufferCount = 1;
client_desc.BuffersPtr = Marshal.AllocHGlobal(Marshal.SizeOf(client_buffer));
Marshal.StructureToPtr(client_buffer, client_desc.BuffersPtr, false);
// Server buffers
server_buffer.BufferType = (int)Secur32.SECBUFFER_TOKEN;
server_buffer.BufferSize = 0;
server_buffer.BufferPtr = IntPtr.Zero;
server_desc.Version = (int)Secur32.SECBUFFER_VERSION;
server_desc.BufferCount = 1;
server_desc.BuffersPtr = Marshal.AllocHGlobal(Marshal.SizeOf(server_buffer));
Marshal.StructureToPtr(server_buffer, server_desc.BuffersPtr, false);
SECURITY_INTEGER context_expiration = new SECURITY_INTEGER(0);
uint context_attr;
int status = 0;
status = AcceptSecurityContext(
p_cred_handle,
p_ctxt_handle,
ref client_desc,
(uint)(Secur32.ASC_REQ_ALLOCATE_MEMORY | Secur32.ASC_REQ_CONNECTION),
(uint)Secur32.SECURITY_NATIVE_DREP,
// out ctxt_handle,
p_ctxt_handle,
out server_desc,
out context_attr,
out context_expiration);
Console.WriteLine(String.Format("[Type3] AcceptSecurityContext returned:{0:x8}", status));
this.check_cred_handle();
return(true);
}
private static extern uint InitializeSecurityContext(
ref SecHandle phCredential,
IntPtr phContext,
string pszTargetName,
uint fContextReq,
uint Reserved1,
uint TargetDataRep,
IntPtr pInput,
uint Reserved2,
ref SecHandle phNewContext,
ref SecBufferDesc pOutput,
out uint pfContextAttr,
out SECURITY_INTEGER ptsExpiry);
public static extern int InitializeSecurityContext(
[In] ref SecHandle phCredential,
[In] ref SecHandle phContext,
[In] string pszTargetName,
[In] int fContextReq,
[In] int Reserved1,
[In] int TargetDataRep,
[In] ref SecBufferDesc SecBufferDesc,
[In] int Reserved2,
[In][Out] ref SecHandle phNewContext,
[In][Out] ref SecBufferDesc pOutput,
[Out] out uint pfContextAttr,
[Out] out SECURITY_INTEGER ptsExpiry);
public static extern uint InitializeSecurityContext(
ref SECURITY_HANDLE phCredential,
ref SECURITY_HANDLE phContext,
IntPtr pszTargetName,
int fContextReq,
int Reserved1,
int TargetDataRep,
ref SecBufferDesc pInput,
int Reserved2,
out SECURITY_HANDLE phNewContext,
out SecBufferDesc pOutput,
out uint pfContextAttr,
out SECURITY_INTEGER ptsExpiry);
/// <summary>
/// Creates SSPIHelper with given security package and remote principal and gets client credentials
/// </summary>
/// <param name="securPackage">Name of security package (e.g. NTLM, Kerberos, ...)</param>
/// <param name="remotePrincipal">SPN of server (may be necessary for Kerberos</param>
public SSPIHelper(string securPackage, string remotePrincipal)
{
this.securPackage = securPackage;
this.remotePrincipal = remotePrincipal;
SECURITY_INTEGER expiry = new SECURITY_INTEGER(0);
if (AcquireCredentialsHandle(null, securPackage, SECPKG_CRED_OUTBOUND,
IntPtr.Zero, IntPtr.Zero, 0, IntPtr.Zero,
out clientCredentials, out expiry) != SEC_E_OK)
{
throw new Exception("Acquiring client credentials failed");
}
}
public static uint AcquireCredentialsHandle(
string pszPrincipal, //SEC_CHAR*
string pszPackage, //SEC_CHAR* //"Kerberos","NTLM","Negotiative"
int fCredentialUse,
IntPtr PAuthenticationID, //_LUID AuthenticationID,//pvLogonID, //PLUID
IntPtr pAuthData, //PVOID
int pGetKeyFn, //SEC_GET_KEY_FN
IntPtr pvGetKeyArgument, //PVOID
ref SECURITY_HANDLE phCredential, //SecHandle //PCtxtHandle ref
ref SECURITY_INTEGER ptsExpiry) //PTimeStamp //TimeStamp ref
{
NotImplemented(MethodBase.GetCurrentMethod());
return(0);
}
/// <summary>
/// Creates client authentication data based on already existing security context and
/// authentication data sent by server
/// This method must not be called before InitializeClientSecurity
/// </summary>
/// <param name="serverToken">Authentication data received from server</param>
/// <returns>Client authentication data to be sent to server</returns>
public byte[] GetClientSecurity(byte[] serverToken)
{
if (disposed)
{
throw new ObjectDisposedException("SSPIHelper");
}
if (clientContext.HighPart == IntPtr.Zero && clientContext.LowPart == IntPtr.Zero)
{
throw new InvalidOperationException("InitializeClientSecurity not called");
}
SECURITY_INTEGER expiry = new SECURITY_INTEGER(0);
uint contextAttributes;
SecBufferDesc clientTokenBuf = new SecBufferDesc(MAX_TOKEN_SIZE);
try
{
SecBufferDesc serverTokenBuf = new SecBufferDesc(serverToken);
try
{
int resCode = InitializeSecurityContext(
ref clientCredentials,
ref clientContext,
remotePrincipal, // null string pszTargetName,
STANDARD_CONTEXT_ATTRIBUTES,
0, //int Reserved1,
SECURITY_NATIVE_DREP, //int TargetDataRep
ref serverTokenBuf, // server token must be ref because it is struct
0, //int Reserved2,
out clientContext, //pHandle CtxtHandle = SecHandle
ref clientTokenBuf, //ref SecBufferDesc pOutput, //PSecBufferDesc
out contextAttributes, //ref int pfContextAttr,
out expiry); //ref IntPtr ptsExpiry ); //PTimeStamp
if (resCode != SEC_E_OK && resCode != SEC_I_CONTINUE_NEEDED)
{
throw new Exception("InitializeSecurityContext() failed");
}
return(clientTokenBuf.GetSecBufferBytes());
}
finally
{
serverTokenBuf.Dispose();
}
}
finally
{
clientTokenBuf.Dispose();
}
}
/// <summary>
/// Creates client security context and returns "client token"
/// </summary>
/// <returns>Client authentication data to be sent to server</returns>
public byte[] InitializeClientSecurity()
{
if (disposed)
{
throw new ObjectDisposedException("SSPIHelper");
}
CloseClientContext();
SECURITY_INTEGER expiry = new SECURITY_INTEGER(0);
uint contextAttributes;
SecBufferDesc clientTokenBuf = new SecBufferDesc(MAX_TOKEN_SIZE);
try
{
int resCode = InitializeSecurityContext(
ref clientCredentials,
IntPtr.Zero,
remotePrincipal, // null string pszTargetName,
STANDARD_CONTEXT_ATTRIBUTES,
0, //int Reserved1,
SECURITY_NATIVE_DREP, //int TargetDataRep
IntPtr.Zero, //Always zero first time around...
0, //int Reserved2,
out clientContext, //pHandle CtxtHandle = SecHandle
ref clientTokenBuf, //ref SecBufferDesc pOutput, //PSecBufferDesc
out contextAttributes, //ref int pfContextAttr,
out expiry); //ref IntPtr ptsExpiry ); //PTimeStamp
if (resCode != SEC_E_OK && resCode != SEC_I_CONTINUE_NEEDED)
{
throw new Exception("InitializeSecurityContext failed");
}
return(clientTokenBuf.GetSecBufferBytes());
}
finally
{
clientTokenBuf.Dispose();
}
}
public bool Type1(byte[] input, int ntlm_offset)
{
int ntlm_length = (input.Length - ntlm_offset);
Console.WriteLine("[Type1] handling response...");
Console.WriteLine("[Type1] ntlm_length:" + ntlm_length);
SECURITY_INTEGER expiration_acq = new SECURITY_INTEGER(0);
SECURITY_INTEGER expiration_acc = new SECURITY_INTEGER(0);
int status = AcquireCredentialsHandle(
null,
"Negotiate",
(int)Secur32.SECPKG_CRED_INBOUND,
IntPtr.Zero,
IntPtr.Zero,
0,
IntPtr.Zero,
// out cred_handle,
p_cred_handle,
out expiration_acq);
if (status != (int)HRESULT.S_OK)
{
Console.WriteLine("!! AcquireCredentialsHandle failed");
return(false);
}
SECURITY_HANDLE sec_handle = new SECURITY_HANDLE();
// Client buffers
client_buffer.BufferType = (int)Secur32.SECBUFFER_TOKEN;
client_buffer.BufferPtr = Marshal.AllocHGlobal(ntlm_length);
client_buffer.BufferSize = ntlm_length;
Marshal.Copy(input, ntlm_offset, client_buffer.BufferPtr, ntlm_length);
client_desc.Version = (int)Secur32.SECBUFFER_VERSION;
client_desc.BufferCount = 1;
client_desc.BuffersPtr = Marshal.AllocHGlobal(Marshal.SizeOf(client_buffer));
Marshal.StructureToPtr(client_buffer, client_desc.BuffersPtr, false);
// Server buffers
server_buffer.BufferType = (int)Secur32.SECBUFFER_TOKEN;
server_buffer.BufferSize = 0;
server_buffer.BufferPtr = IntPtr.Zero;
server_desc.Version = (int)Secur32.SECBUFFER_VERSION;
server_desc.BufferCount = 1;
server_desc.BuffersPtr = Marshal.AllocHGlobal(Marshal.SizeOf(server_buffer));
Marshal.StructureToPtr(server_buffer, server_desc.BuffersPtr, false);
Console.WriteLine(String.Format("[Type1] client_buffer.BufferPtr: {0:x8}", client_buffer.BufferPtr));
Console.WriteLine(String.Format("[Type1] server_buffer.BufferPtr: {0:x8}", server_buffer.BufferPtr));
uint context_attr;
status = AcceptSecurityContext(
p_cred_handle,
IntPtr.Zero,
ref client_desc,
(uint)(Secur32.ASC_REQ_ALLOCATE_MEMORY | Secur32.ASC_REQ_CONNECTION),
(uint)Secur32.SECURITY_NATIVE_DREP,
// out ctxt_handle,
p_ctxt_handle,
out server_desc,
out context_attr,
out expiration_acc);
Console.WriteLine(String.Format("[Type1] AcceptSecurityContext returned {0:x8}", status));
server_buffer = (SecBuffer)Marshal.PtrToStructure(server_desc.BuffersPtr, typeof(SecBuffer));
Console.WriteLine(String.Format("[Type1] new server security buffer: {0:x8}", server_buffer.BufferPtr));
if (status == (int)HRESULT.S_OK)
{
return(true);
}
return(false);
}
public static extern int AcquireCredentialsHandle( System.IntPtr pszPrincipal, //SEC_CHAR* string pszPackage, //SEC_CHAR* //"Kerberos","NTLM","Negotiative" int fCredentialUse, IntPtr PAuthenticationID,//_LUID AuthenticationID,//pvLogonID, //PLUID System.IntPtr pAuthData,//PVOID int pGetKeyFn, //SEC_GET_KEY_FN IntPtr pvGetKeyArgument, //PVOID ref SECURITY_HANDLE phCredential, //SecHandle //PCtxtHandle ref ref SECURITY_INTEGER ptsExpiry);
public static extern int InitializeSecurityContext(ref SECURITY_HANDLE phCredential,//PCredHandle
ref SECURITY_HANDLE phContext, //PCtxtHandle
string pszTargetName,
int fContextReq,
int Reserved1,
int TargetDataRep,
ref SecBufferDesc SecBufferDesc, //PSecBufferDesc SecBufferDesc
int Reserved2,
out SECURITY_HANDLE phNewContext, //PCtxtHandle
out SecBufferDesc pOutput, //PSecBufferDesc SecBufferDesc
out uint pfContextAttr, //managed ulong == 64 bits!!!
out SECURITY_INTEGER ptsExpiry);
void InitializeClient(out byte[] clientBlob, byte[] serverBlob, out bool continueProcessing)
{
clientBlob = null;
continueProcessing = true;
SecBufferDesc clientBufferDesc = new SecBufferDesc(MAX_TOKEN_SIZE);
SECURITY_INTEGER initLifetime = new SECURITY_INTEGER(0);
int ss = -1;
try
{
uint ContextAttributes = 0;
if (serverBlob == null)
{
ss = InitializeSecurityContext(
ref outboundCredentials,
IntPtr.Zero,
targetName,
STANDARD_CONTEXT_ATTRIBUTES,
0,
SECURITY_NETWORK_DREP,
IntPtr.Zero, /* always zero first time around */
0,
out clientContext,
out clientBufferDesc,
out ContextAttributes,
out initLifetime);
}
else
{
SecBufferDesc serverBufferDesc = new SecBufferDesc(serverBlob);
try
{
ss = InitializeSecurityContext(ref outboundCredentials,
ref clientContext,
targetName,
STANDARD_CONTEXT_ATTRIBUTES,
0,
SECURITY_NETWORK_DREP,
ref serverBufferDesc,
0,
out clientContext,
out clientBufferDesc,
out ContextAttributes,
out initLifetime);
}
finally
{
serverBufferDesc.Dispose();
}
}
if ((SEC_I_COMPLETE_NEEDED == ss) ||
(SEC_I_COMPLETE_AND_CONTINUE == ss))
{
CompleteAuthToken(ref clientContext, ref clientBufferDesc);
}
if (ss != SEC_E_OK &&
ss != SEC_I_CONTINUE_NEEDED &&
ss != SEC_I_COMPLETE_NEEDED &&
ss != SEC_I_COMPLETE_AND_CONTINUE)
{
throw new MySqlException(
"InitializeSecurityContext() failed with errorcode " + ss);
}
clientBlob = clientBufferDesc.GetSecBufferByteArray();
}
finally
{
clientBufferDesc.Dispose();
}
continueProcessing = (ss != SEC_E_OK && ss != SEC_I_COMPLETE_NEEDED);
}
public static extern int AcceptSecurityContext(ref SECURITY_HANDLE phCredential,
IntPtr phContext,
ref SecBufferDesc pInput,
uint fContextReq,
uint TargetDataRep,
out SECURITY_HANDLE phNewContext,
out SecBufferDesc pOutput,
out uint pfContextAttr, //managed ulong == 64 bits!!!
out SECURITY_INTEGER ptsTimeStamp);
