private static bool IsErrorStatus(SecurityStatusPalErrorCode errorCode)
{
return(errorCode != SecurityStatusPalErrorCode.NotSet &&
errorCode != SecurityStatusPalErrorCode.OK &&
errorCode != SecurityStatusPalErrorCode.ContinueNeeded &&
errorCode != SecurityStatusPalErrorCode.CompleteNeeded &&
errorCode != SecurityStatusPalErrorCode.CompAndContinue &&
errorCode != SecurityStatusPalErrorCode.ContextExpired &&
errorCode != SecurityStatusPalErrorCode.CredentialsNeeded &&
errorCode != SecurityStatusPalErrorCode.Renegotiate);
}
internal static SecurityStatusPal AcceptSecurityContext(
SafeFreeCredentials credentialsHandle,
ref SafeDeleteContext securityContext,
ContextFlagsPal requestedContextFlags,
byte[] incomingBlob,
ChannelBinding channelBinding,
ref byte[] resultBlob,
ref ContextFlagsPal contextFlags)
{
if (securityContext == null)
{
securityContext = new SafeDeleteNegoContext((SafeFreeNegoCredentials)credentialsHandle);
}
SafeDeleteNegoContext negoContext = (SafeDeleteNegoContext)securityContext;
try
{
SafeGssContextHandle contextHandle = negoContext.GssContext;
bool done = GssAcceptSecurityContext(
ref contextHandle,
incomingBlob,
out resultBlob,
out uint outputFlags);
Debug.Assert(resultBlob != null, "Unexpected null buffer returned by GssApi");
Debug.Assert(negoContext.GssContext == null || contextHandle == negoContext.GssContext);
// Save the inner context handle for further calls to NetSecurity
Debug.Assert(negoContext.GssContext == null || contextHandle == negoContext.GssContext);
if (null == negoContext.GssContext)
{
negoContext.SetGssContext(contextHandle);
}
contextFlags = ContextFlagsAdapterPal.GetContextFlagsPalFromInterop(
(Interop.NetSecurityNative.GssFlags)outputFlags, isServer: true);
SecurityStatusPalErrorCode errorCode = done ?
(negoContext.IsNtlmUsed && resultBlob.Length > 0 ? SecurityStatusPalErrorCode.OK : SecurityStatusPalErrorCode.CompleteNeeded) :
SecurityStatusPalErrorCode.ContinueNeeded;
return(new SecurityStatusPal(errorCode));
}
catch (Exception ex)
{
if (NetEventSource.IsEnabled)
{
NetEventSource.Error(null, ex);
}
return(new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError, ex));
}
}
private static SecurityStatusPal HandshakeInternal(
SafeFreeCredentials credential,
ref SafeDeleteSslContext?context,
ReadOnlySpan <byte> inputBuffer,
ref byte[]?outputBuffer,
SslAuthenticationOptions sslAuthenticationOptions)
{
Debug.Assert(!credential.IsInvalid);
try
{
SafeDeleteSslContext?sslContext = ((SafeDeleteSslContext?)context);
if ((context == null) || context.IsInvalid)
{
context = new SafeDeleteSslContext((credential as SafeFreeSslCredentials) !, sslAuthenticationOptions);
sslContext = context;
}
if (inputBuffer.Length > 0)
{
sslContext !.Write(inputBuffer);
}
SafeSslHandle sslHandle = sslContext !.SslContext;
PAL_SSLStreamStatus ret = Interop.AndroidCrypto.SSLStreamHandshake(sslHandle);
SecurityStatusPalErrorCode statusCode = ret switch
{
PAL_SSLStreamStatus.OK => SecurityStatusPalErrorCode.OK,
PAL_SSLStreamStatus.NeedData => SecurityStatusPalErrorCode.ContinueNeeded,
_ => SecurityStatusPalErrorCode.InternalError
};
outputBuffer = sslContext.ReadPendingWrites();
return(new SecurityStatusPal(statusCode));
}
catch (Exception exc)
{
return(new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError, exc));
}
}
public static SecurityStatusPal EncryptMessage(
SafeDeleteContext securityContext,
ReadOnlyMemory <byte> input,
int headerSize,
int trailerSize,
ref byte[] output,
out int resultSize)
{
resultSize = 0;
Debug.Assert(input.Length > 0, $"{nameof(input.Length)} > 0 since {nameof(CanEncryptEmptyMessage)} is false");
try
{
SafeDeleteSslContext sslContext = (SafeDeleteSslContext)securityContext;
SafeSslHandle sslHandle = sslContext.SslContext;
PAL_SSLStreamStatus ret = Interop.AndroidCrypto.SSLStreamWrite(sslHandle, input);
SecurityStatusPalErrorCode statusCode = ret switch
{
PAL_SSLStreamStatus.OK => SecurityStatusPalErrorCode.OK,
PAL_SSLStreamStatus.NeedData => SecurityStatusPalErrorCode.ContinueNeeded,
PAL_SSLStreamStatus.Renegotiate => SecurityStatusPalErrorCode.Renegotiate,
PAL_SSLStreamStatus.Closed => SecurityStatusPalErrorCode.ContextExpired,
_ => SecurityStatusPalErrorCode.InternalError
};
if (sslContext.BytesReadyForConnection <= output?.Length)
{
resultSize = sslContext.ReadPendingWrites(output, 0, output.Length);
}
else
{
output = sslContext.ReadPendingWrites() !;
resultSize = output.Length;
}
return(new SecurityStatusPal(statusCode));
}
catch (Exception e)
{
return(new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError, e));
}
}
public static SecurityStatusPal DecryptMessage(
SafeDeleteSslContext securityContext,
Span <byte> buffer,
out int offset,
out int count)
{
offset = 0;
count = 0;
try
{
SafeSslHandle sslHandle = securityContext.SslContext;
securityContext.Write(buffer);
PAL_SSLStreamStatus ret = Interop.AndroidCrypto.SSLStreamRead(sslHandle, buffer, out int read);
if (ret == PAL_SSLStreamStatus.Error)
{
return(new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError));
}
count = read;
SecurityStatusPalErrorCode statusCode = ret switch
{
PAL_SSLStreamStatus.OK => SecurityStatusPalErrorCode.OK,
PAL_SSLStreamStatus.NeedData => SecurityStatusPalErrorCode.OK,
PAL_SSLStreamStatus.Renegotiate => SecurityStatusPalErrorCode.Renegotiate,
PAL_SSLStreamStatus.Closed => SecurityStatusPalErrorCode.ContextExpired,
_ => SecurityStatusPalErrorCode.InternalError
};
return(new SecurityStatusPal(statusCode));
}
catch (Exception e)
{
return(new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError, e));
}
}
private static SecurityStatusPal EstablishSecurityContext(
SafeFreeNegoCredentials credential,
ref SafeDeleteContext?context,
ChannelBinding?channelBinding,
string?targetName,
ContextFlagsPal inFlags,
byte[]?incomingBlob,
ref byte[]?resultBuffer,
ref ContextFlagsPal outFlags)
{
bool isNtlmOnly = credential.IsNtlmOnly;
if (context == null)
{
if (NetEventSource.Log.IsEnabled())
{
string protocol = isNtlmOnly ? "NTLM" : "SPNEGO";
NetEventSource.Info(context, $"requested protocol = {protocol}, target = {targetName}");
}
context = new SafeDeleteNegoContext(credential, targetName !);
}
SafeDeleteNegoContext negoContext = (SafeDeleteNegoContext)context;
try
{
Interop.NetSecurityNative.GssFlags inputFlags =
ContextFlagsAdapterPal.GetInteropFromContextFlagsPal(inFlags, isServer: false);
uint outputFlags;
bool isNtlmUsed;
SafeGssContextHandle?contextHandle = negoContext.GssContext;
bool done = GssInitSecurityContext(
ref contextHandle,
credential.GssCredential,
isNtlmOnly,
channelBinding,
negoContext.TargetName,
inputFlags,
incomingBlob,
out resultBuffer,
out outputFlags,
out isNtlmUsed);
if (done)
{
if (NetEventSource.Log.IsEnabled())
{
string protocol = isNtlmOnly ? "NTLM" : isNtlmUsed ? "SPNEGO-NTLM" : "SPNEGO-Kerberos";
NetEventSource.Info(context, $"actual protocol = {protocol}");
}
// Populate protocol used for authentication
negoContext.SetAuthenticationPackage(isNtlmUsed);
}
Debug.Assert(resultBuffer != null, "Unexpected null buffer returned by GssApi");
outFlags = ContextFlagsAdapterPal.GetContextFlagsPalFromInterop(
(Interop.NetSecurityNative.GssFlags)outputFlags, isServer: false);
Debug.Assert(negoContext.GssContext == null || contextHandle == negoContext.GssContext);
// Save the inner context handle for further calls to NetSecurity
Debug.Assert(negoContext.GssContext == null || contextHandle == negoContext.GssContext);
if (null == negoContext.GssContext)
{
negoContext.SetGssContext(contextHandle !);
}
SecurityStatusPalErrorCode errorCode = done ?
(negoContext.IsNtlmUsed && resultBuffer.Length > 0 ? SecurityStatusPalErrorCode.OK : SecurityStatusPalErrorCode.CompleteNeeded) :
SecurityStatusPalErrorCode.ContinueNeeded;
return(new SecurityStatusPal(errorCode));
}
catch (Exception ex)
{
if (NetEventSource.Log.IsEnabled())
{
NetEventSource.Error(null, ex);
}
return(new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError, ex));
}
}
private static SecurityStatusPal EstablishSecurityContext(
SafeFreeNegoCredentials credential,
ref SafeDeleteContext context,
string targetName,
ContextFlagsPal inFlags,
SecurityBuffer inputBuffer,
SecurityBuffer outputBuffer,
ref ContextFlagsPal outFlags)
{
bool isNtlmOnly = credential.IsNtlmOnly;
if (context == null)
{
// Empty target name causes the failure on Linux, hence passing a non-empty string
context = isNtlmOnly ? new SafeDeleteNegoContext(credential, credential.UserName) : new SafeDeleteNegoContext(credential, targetName);
}
SafeDeleteNegoContext negoContext = (SafeDeleteNegoContext)context;
try
{
Interop.NetSecurityNative.GssFlags inputFlags = ContextFlagsAdapterPal.GetInteropFromContextFlagsPal(inFlags, isServer: false);
uint outputFlags;
int isNtlmUsed;
SafeGssContextHandle contextHandle = negoContext.GssContext;
bool done = GssInitSecurityContext(
ref contextHandle,
credential.GssCredential,
isNtlmOnly,
negoContext.TargetName,
inputFlags,
inputBuffer?.token,
out outputBuffer.token,
out outputFlags,
out isNtlmUsed);
Debug.Assert(outputBuffer.token != null, "Unexpected null buffer returned by GssApi");
outputBuffer.size = outputBuffer.token.Length;
outputBuffer.offset = 0;
outFlags = ContextFlagsAdapterPal.GetContextFlagsPalFromInterop((Interop.NetSecurityNative.GssFlags)outputFlags, isServer: false);
Debug.Assert(negoContext.GssContext == null || contextHandle == negoContext.GssContext);
// Save the inner context handle for further calls to NetSecurity
Debug.Assert(negoContext.GssContext == null || contextHandle == negoContext.GssContext);
if (null == negoContext.GssContext)
{
negoContext.SetGssContext(contextHandle);
}
// Populate protocol used for authentication
if (done)
{
negoContext.SetAuthenticationPackage(Convert.ToBoolean(isNtlmUsed));
}
SecurityStatusPalErrorCode errorCode = done ?
(negoContext.IsNtlmUsed && outputBuffer.size > 0 ? SecurityStatusPalErrorCode.OK : SecurityStatusPalErrorCode.CompleteNeeded) :
SecurityStatusPalErrorCode.ContinueNeeded;
return(new SecurityStatusPal(errorCode));
}
catch (Exception ex)
{
if (NetEventSource.IsEnabled)
{
NetEventSource.Error(null, ex);
}
return(new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError, ex));
}
}
private static SecurityStatusPal EstablishSecurityContext(
SafeFreeNegoCredentials credential,
ref SafeDeleteContext?context,
ChannelBinding?channelBinding,
string?targetName,
ContextFlagsPal inFlags,
ReadOnlySpan <byte> incomingBlob,
out byte[]?resultBuffer,
ref ContextFlagsPal outFlags)
{
bool isNtlmOnly = credential.IsNtlmOnly;
resultBuffer = null;
if (context == null)
{
if (NetEventSource.Log.IsEnabled())
{
string protocol = isNtlmOnly ? "NTLM" : "SPNEGO";
NetEventSource.Info(context, $"requested protocol = {protocol}, target = {targetName}");
}
context = new SafeDeleteNegoContext(credential, targetName !);
}
Interop.NetSecurityNative.GssBuffer token = default(Interop.NetSecurityNative.GssBuffer);
Interop.NetSecurityNative.Status status;
Interop.NetSecurityNative.Status minorStatus;
SafeDeleteNegoContext negoContext = (SafeDeleteNegoContext)context;
SafeGssContextHandle contextHandle = negoContext.GssContext;
try
{
Interop.NetSecurityNative.GssFlags inputFlags =
ContextFlagsAdapterPal.GetInteropFromContextFlagsPal(inFlags, isServer: false);
uint outputFlags;
bool isNtlmUsed;
if (channelBinding != null)
{
// If a TLS channel binding token (cbt) is available then get the pointer
// to the application specific data.
int appDataOffset = Marshal.SizeOf <SecChannelBindings>();
Debug.Assert(appDataOffset < channelBinding.Size);
IntPtr cbtAppData = channelBinding.DangerousGetHandle() + appDataOffset;
int cbtAppDataSize = channelBinding.Size - appDataOffset;
status = Interop.NetSecurityNative.InitSecContext(out minorStatus,
credential.GssCredential,
ref contextHandle,
isNtlmOnly,
cbtAppData,
cbtAppDataSize,
negoContext.TargetName,
(uint)inputFlags,
incomingBlob,
ref token,
out outputFlags,
out isNtlmUsed);
}
else
{
status = Interop.NetSecurityNative.InitSecContext(out minorStatus,
credential.GssCredential,
ref contextHandle,
isNtlmOnly,
negoContext.TargetName,
(uint)inputFlags,
incomingBlob,
ref token,
out outputFlags,
out isNtlmUsed);
}
if ((status != Interop.NetSecurityNative.Status.GSS_S_COMPLETE) &&
(status != Interop.NetSecurityNative.Status.GSS_S_CONTINUE_NEEDED))
{
if (negoContext.GssContext.IsInvalid)
{
context.Dispose();
}
Interop.NetSecurityNative.GssApiException gex = new Interop.NetSecurityNative.GssApiException(status, minorStatus);
if (NetEventSource.Log.IsEnabled())
{
NetEventSource.Error(null, gex);
}
resultBuffer = Array.Empty <byte>();
return(new SecurityStatusPal(GetErrorCode(gex), gex));
}
resultBuffer = token.ToByteArray();
if (status == Interop.NetSecurityNative.Status.GSS_S_COMPLETE)
{
if (NetEventSource.Log.IsEnabled())
{
string protocol = isNtlmOnly ? "NTLM" : isNtlmUsed ? "SPNEGO-NTLM" : "SPNEGO-Kerberos";
NetEventSource.Info(context, $"actual protocol = {protocol}");
}
// Populate protocol used for authentication
negoContext.SetAuthenticationPackage(isNtlmUsed);
}
Debug.Assert(resultBuffer != null, "Unexpected null buffer returned by GssApi");
outFlags = ContextFlagsAdapterPal.GetContextFlagsPalFromInterop(
(Interop.NetSecurityNative.GssFlags)outputFlags, isServer: false);
SecurityStatusPalErrorCode errorCode = status == Interop.NetSecurityNative.Status.GSS_S_COMPLETE ?
SecurityStatusPalErrorCode.OK :
SecurityStatusPalErrorCode.ContinueNeeded;
return(new SecurityStatusPal(errorCode));
}
catch (Exception ex)
{
if (NetEventSource.Log.IsEnabled())
{
NetEventSource.Error(null, ex);
}
return(new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError, ex));
}
finally
{
token.Dispose();
// Save the inner context handle for further calls to NetSecurity
//
// For the first call `negoContext.GssContext` is invalid and we expect the
// inital handle to be returned from InitSecContext. For any subsequent
// call the handle should stay the same or it can be destroyed by the native
// InitSecContext call.
Debug.Assert(
negoContext.GssContext == contextHandle ||
negoContext.GssContext.IsInvalid ||
contextHandle.IsInvalid);
negoContext.SetGssContext(contextHandle);
}
}
public SecurityStatusPal(SecurityStatusPalErrorCode errorCode, Exception exception = null)
{
ErrorCode = errorCode;
Exception = exception;
}
private static SecurityStatusPal EstablishSecurityContext(
SafeFreeNegoCredentials credential,
ref SafeDeleteContext context,
bool isNtlm,
string targetName,
ContextFlagsPal inFlags,
SecurityBuffer inputBuffer,
SecurityBuffer outputBuffer,
ref ContextFlagsPal outFlags)
{
Debug.Assert(!isNtlm, "EstablishSecurityContext: NTLM is not yet supported");
if (context == null)
{
context = new SafeDeleteNegoContext(credential, targetName);
}
SafeDeleteNegoContext negoContext = (SafeDeleteNegoContext)context;
try
{
Interop.NetSecurityNative.GssFlags inputFlags = ContextFlagsAdapterPal.GetInteropFromContextFlagsPal(inFlags);
uint outputFlags;
SafeGssContextHandle contextHandle = negoContext.GssContext;
bool done = Interop.GssApi.EstablishSecurityContext(
ref contextHandle,
credential.GssCredential,
isNtlm,
negoContext.TargetName,
inputFlags,
inputBuffer?.token,
out outputBuffer.token,
out outputFlags);
Debug.Assert(outputBuffer.token != null, "Unexpected null buffer returned by GssApi");
outputBuffer.size = outputBuffer.token.Length;
outputBuffer.offset = 0;
outFlags = ContextFlagsAdapterPal.GetContextFlagsPalFromInterop((Interop.NetSecurityNative.GssFlags)outputFlags);
// Save the inner context handle for further calls to NetSecurity
Debug.Assert(negoContext.GssContext == null || contextHandle == negoContext.GssContext);
if (null == negoContext.GssContext)
{
negoContext.SetGssContext(contextHandle);
}
SecurityStatusPalErrorCode errorCode = done ? SecurityStatusPalErrorCode.CompleteNeeded : SecurityStatusPalErrorCode.ContinueNeeded;
return(new SecurityStatusPal(errorCode));
}
catch (Exception ex)
{
//TODO (Issue #5890): Print exception until issue is fixed
Debug.Write("Exception Caught. - " + ex);
if (GlobalLog.IsEnabled)
{
GlobalLog.Print("Exception Caught. - " + ex);
}
return(new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError, ex));
}
}
public SecurityStatusPal(SecurityStatusPalErrorCode errorCode, Exception exception = null)
{
ErrorCode = errorCode;
Exception = exception;
}
// This only works for context-destroying errors.
internal static bool IsClientFault(SecurityStatusPalErrorCode error)
{
return error == SecurityStatusPalErrorCode.InvalidToken ||
error == SecurityStatusPalErrorCode.CannotPack ||
error == SecurityStatusPalErrorCode.QopNotSupported ||
error == SecurityStatusPalErrorCode.NoCredentials ||
error == SecurityStatusPalErrorCode.MessageAltered ||
error == SecurityStatusPalErrorCode.OutOfSequence ||
error == SecurityStatusPalErrorCode.IncompleteMessage ||
error == SecurityStatusPalErrorCode.IncompleteCredentials ||
error == SecurityStatusPalErrorCode.WrongPrincipal ||
error == SecurityStatusPalErrorCode.TimeSkew ||
error == SecurityStatusPalErrorCode.IllegalMessage ||
error == SecurityStatusPalErrorCode.CertUnknown ||
error == SecurityStatusPalErrorCode.AlgorithmMismatch ||
error == SecurityStatusPalErrorCode.SecurityQosFailed ||
error == SecurityStatusPalErrorCode.UnsupportedPreauth;
}
// This only works for context-destroying errors.
internal static bool IsCredentialFailure(SecurityStatusPalErrorCode error)
{
return error == SecurityStatusPalErrorCode.LogonDenied ||
error == SecurityStatusPalErrorCode.UnknownCredentials ||
error == SecurityStatusPalErrorCode.NoImpersonation ||
error == SecurityStatusPalErrorCode.NoAuthenticatingAuthority ||
error == SecurityStatusPalErrorCode.UntrustedRoot ||
error == SecurityStatusPalErrorCode.CertExpired ||
error == SecurityStatusPalErrorCode.SmartcardLogonRequired ||
error == SecurityStatusPalErrorCode.BadBinding;
}
// This only works for context-destroying errors.
private HttpStatusCode HttpStatusFromSecurityStatus(SecurityStatusPalErrorCode statusErrorCode)
{
if (IsCredentialFailure(statusErrorCode))
{
return HttpStatusCode.Unauthorized;
}
if (IsClientFault(statusErrorCode))
{
return HttpStatusCode.BadRequest;
}
return HttpStatusCode.InternalServerError;
}
private static Interop.SecurityStatus GetInteropFromSecurityStatusPal(SecurityStatusPalErrorCode status)
{
switch (status)
{
case SecurityStatusPalErrorCode.NotSet:
Debug.Fail("SecurityStatus NotSet");
throw new InternalException();
case SecurityStatusPalErrorCode.OK:
return(Interop.SecurityStatus.OK);
case SecurityStatusPalErrorCode.ContinueNeeded:
return(Interop.SecurityStatus.ContinueNeeded);
case SecurityStatusPalErrorCode.CompleteNeeded:
return(Interop.SecurityStatus.CompleteNeeded);
case SecurityStatusPalErrorCode.CompAndContinue:
return(Interop.SecurityStatus.CompAndContinue);
case SecurityStatusPalErrorCode.ContextExpired:
return(Interop.SecurityStatus.ContextExpired);
case SecurityStatusPalErrorCode.CredentialsNeeded:
return(Interop.SecurityStatus.CredentialsNeeded);
case SecurityStatusPalErrorCode.Renegotiate:
return(Interop.SecurityStatus.Renegotiate);
case SecurityStatusPalErrorCode.OutOfMemory:
return(Interop.SecurityStatus.OutOfMemory);
case SecurityStatusPalErrorCode.InvalidHandle:
return(Interop.SecurityStatus.InvalidHandle);
case SecurityStatusPalErrorCode.Unsupported:
return(Interop.SecurityStatus.Unsupported);
case SecurityStatusPalErrorCode.TargetUnknown:
return(Interop.SecurityStatus.TargetUnknown);
case SecurityStatusPalErrorCode.InternalError:
return(Interop.SecurityStatus.InternalError);
case SecurityStatusPalErrorCode.PackageNotFound:
return(Interop.SecurityStatus.PackageNotFound);
case SecurityStatusPalErrorCode.NotOwner:
return(Interop.SecurityStatus.NotOwner);
case SecurityStatusPalErrorCode.CannotInstall:
return(Interop.SecurityStatus.CannotInstall);
case SecurityStatusPalErrorCode.InvalidToken:
return(Interop.SecurityStatus.InvalidToken);
case SecurityStatusPalErrorCode.CannotPack:
return(Interop.SecurityStatus.CannotPack);
case SecurityStatusPalErrorCode.QopNotSupported:
return(Interop.SecurityStatus.QopNotSupported);
case SecurityStatusPalErrorCode.NoImpersonation:
return(Interop.SecurityStatus.NoImpersonation);
case SecurityStatusPalErrorCode.LogonDenied:
return(Interop.SecurityStatus.LogonDenied);
case SecurityStatusPalErrorCode.UnknownCredentials:
return(Interop.SecurityStatus.UnknownCredentials);
case SecurityStatusPalErrorCode.NoCredentials:
return(Interop.SecurityStatus.NoCredentials);
case SecurityStatusPalErrorCode.MessageAltered:
return(Interop.SecurityStatus.MessageAltered);
case SecurityStatusPalErrorCode.OutOfSequence:
return(Interop.SecurityStatus.OutOfSequence);
case SecurityStatusPalErrorCode.NoAuthenticatingAuthority:
return(Interop.SecurityStatus.NoAuthenticatingAuthority);
case SecurityStatusPalErrorCode.IncompleteMessage:
return(Interop.SecurityStatus.IncompleteMessage);
case SecurityStatusPalErrorCode.IncompleteCredentials:
return(Interop.SecurityStatus.IncompleteCredentials);
case SecurityStatusPalErrorCode.BufferNotEnough:
return(Interop.SecurityStatus.BufferNotEnough);
case SecurityStatusPalErrorCode.WrongPrincipal:
return(Interop.SecurityStatus.WrongPrincipal);
case SecurityStatusPalErrorCode.TimeSkew:
return(Interop.SecurityStatus.TimeSkew);
case SecurityStatusPalErrorCode.UntrustedRoot:
return(Interop.SecurityStatus.UntrustedRoot);
case SecurityStatusPalErrorCode.IllegalMessage:
return(Interop.SecurityStatus.IllegalMessage);
case SecurityStatusPalErrorCode.CertUnknown:
return(Interop.SecurityStatus.CertUnknown);
case SecurityStatusPalErrorCode.CertExpired:
return(Interop.SecurityStatus.CertExpired);
case SecurityStatusPalErrorCode.AlgorithmMismatch:
return(Interop.SecurityStatus.AlgorithmMismatch);
case SecurityStatusPalErrorCode.SecurityQosFailed:
return(Interop.SecurityStatus.SecurityQosFailed);
case SecurityStatusPalErrorCode.SmartcardLogonRequired:
return(Interop.SecurityStatus.SmartcardLogonRequired);
case SecurityStatusPalErrorCode.UnsupportedPreauth:
return(Interop.SecurityStatus.UnsupportedPreauth);
case SecurityStatusPalErrorCode.BadBinding:
return(Interop.SecurityStatus.BadBinding);
default:
Debug.Fail("Unknown Interop.SecurityStatus value: " + status);
throw new InternalException();
}
}
