Пример #1
0
        protected override void Dispose(bool disposing)
        {
            if (disposing)
            {
                if (null != _context)
                {
                    _context.Dispose();
                    _context = null;
                }

                if (_targetName != null)
                {
                    _targetName.Dispose();
                    _targetName = null;
                }
            }
            base.Dispose(disposing);
        }
Пример #2
0
        protected override void Dispose(bool disposing)
        {
            if (disposing)
            {
                _context.Dispose();

                if (_targetName != null)
                {
                    _targetName.Dispose();
                    _targetName = null;
                }

                if (_acceptorCredential != null)
                {
                    _acceptorCredential.Dispose();
                    _acceptorCredential = null;
                }
            }
            base.Dispose(disposing);
        }
Пример #3
0
        protected override void Dispose(bool disposing)
        {
            if (disposing)
            {
                if (null != _context)
                {
                    _context.Dispose();
                    _context = null;
                }

                if (_targetNameKerberos != null)
                {
                    _targetNameKerberos.Dispose();
                    _targetNameKerberos = null;
                }

                if (_targetNameNtlm != null)
                {
                    _targetNameNtlm.Dispose();
                    _targetNameNtlm = null;
                }
            }
            base.Dispose(disposing);
        }
Пример #4
0
        internal static SecurityStatusPal AcceptSecurityContext(
            SafeFreeCredentials?credentialsHandle,
            ref SafeDeleteContext?securityContext,
            ContextFlagsPal requestedContextFlags,
            ReadOnlySpan <byte> incomingBlob,
            ChannelBinding?channelBinding,
            ref byte[] resultBlob,
            out int resultBlobLength,
            ref ContextFlagsPal contextFlags)
        {
            securityContext ??= new SafeDeleteNegoContext((SafeFreeNegoCredentials)credentialsHandle !);

            SafeDeleteNegoContext negoContext   = (SafeDeleteNegoContext)securityContext;
            SafeGssContextHandle  contextHandle = negoContext.GssContext;

            Interop.NetSecurityNative.GssBuffer token = default(Interop.NetSecurityNative.GssBuffer);
            try
            {
                Interop.NetSecurityNative.Status status;
                Interop.NetSecurityNative.Status minorStatus;
                status = Interop.NetSecurityNative.AcceptSecContext(out minorStatus,
                                                                    negoContext.AcceptorCredential,
                                                                    ref contextHandle,
                                                                    incomingBlob,
                                                                    ref token,
                                                                    out uint outputFlags,
                                                                    out bool isNtlmUsed);

                if ((status != Interop.NetSecurityNative.Status.GSS_S_COMPLETE) &&
                    (status != Interop.NetSecurityNative.Status.GSS_S_CONTINUE_NEEDED))
                {
                    if (negoContext.GssContext.IsInvalid)
                    {
                        contextHandle.Dispose();
                    }

                    Interop.NetSecurityNative.GssApiException gex = new Interop.NetSecurityNative.GssApiException(status, minorStatus);
                    if (NetEventSource.Log.IsEnabled())
                    {
                        NetEventSource.Error(null, gex);
                    }
                    resultBlobLength = 0;
                    return(new SecurityStatusPal(GetErrorCode(gex), gex));
                }

                resultBlob = token.ToByteArray();

                Debug.Assert(resultBlob != null, "Unexpected null buffer returned by GssApi");

                contextFlags = ContextFlagsAdapterPal.GetContextFlagsPalFromInterop(
                    (Interop.NetSecurityNative.GssFlags)outputFlags, isServer: true);
                resultBlobLength = resultBlob.Length;

                SecurityStatusPalErrorCode errorCode;
                if (status == Interop.NetSecurityNative.Status.GSS_S_COMPLETE)
                {
                    if (NetEventSource.Log.IsEnabled())
                    {
                        string protocol = isNtlmUsed ? "SPNEGO-NTLM" : "SPNEGO-Kerberos";
                        NetEventSource.Info(securityContext, $"AcceptSecurityContext: actual protocol = {protocol}");
                    }

                    negoContext.SetAuthenticationPackage(isNtlmUsed);
                    errorCode = SecurityStatusPalErrorCode.OK;
                }
                else
                {
                    errorCode = SecurityStatusPalErrorCode.ContinueNeeded;
                }

                return(new SecurityStatusPal(errorCode));
            }
            catch (Exception ex)
            {
                if (NetEventSource.Log.IsEnabled())
                {
                    NetEventSource.Error(null, ex);
                }
                resultBlobLength = 0;
                return(new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError, ex));
            }
            finally
            {
                token.Dispose();

                // Save the inner context handle for further calls to NetSecurity
                //
                // For the first call `negoContext.GssContext` is invalid and we expect the
                // inital handle to be returned from AcceptSecContext. For any subsequent
                // call the handle should stay the same or it can be destroyed by the native
                // AcceptSecContext call.
                Debug.Assert(
                    negoContext.GssContext == contextHandle ||
                    negoContext.GssContext.IsInvalid ||
                    contextHandle.IsInvalid);
                negoContext.SetGssContext(contextHandle);
            }
        }