Пример #1
0
        /// <summary>
        /// Updates security context, proceeds input token and generates output token
        /// </summary>
        public void UpdateSecurityContext(
            SecurityContext context,
            SecurityContextAttributes contextAttributes,
            byte[] inputToken,
            out byte[] outputToken)
        {
            // parameters validation
            if (context == null)
            {
                throw new ArgumentNullException("credentials");
            }
            if (inputToken == null)
            {
                throw new ArgumentNullException("inputToken");
            }

            // prepare requirements for context
            uint contextReq = GetContextRequirements(context.Type == SecurityContextType.Server, contextAttributes);

            // prepare buffers
            SecurityBuffers inputBuffers = new SecurityBuffers(1);

            inputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_TOKEN, inputToken);

            SecurityBuffers outputBuffers = new SecurityBuffers(1);

            outputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_TOKEN, _secPackage.MaxToken);

            // update context
            Int64 credHandle    = context.credentials.Handle;
            Int64 contextHandle = context.Handle;
            uint  contextAttribs;
            int   error;

            if (context.Type == SecurityContextType.Client)
            {
                error = SSPINative.InitializeSecurityContext(
                    ref credHandle,
                    ref contextHandle,
                    null,
                    contextReq,
                    0,
                    SSPINative.SECURITY_NETWORK_DREP,
                    inputBuffers,
                    0,
                    IntPtr.Zero,
                    outputBuffers,
                    out contextAttribs,
                    IntPtr.Zero);
            }
            else
            {
                error = SSPINative.AcceptSecurityContext(
                    ref credHandle,
                    ref contextHandle,
                    inputBuffers,
                    contextReq,
                    SSPINative.SECURITY_NETWORK_DREP,
                    IntPtr.Zero,
                    outputBuffers,
                    out contextAttribs,
                    IntPtr.Zero);
            }

            inputBuffers.Dispose();

            // check context state
            bool continueNeeded = false;
            bool completeNeeded = false;

            switch (error)
            {
            case Win32.ERROR_SUCCESS:
                break;

            case SSPINative.SEC_I_CONTINUE_NEEDED:
                continueNeeded = true;
                break;

            case SSPINative.SEC_I_COMPLETE_NEEDED:
                completeNeeded = true;
                break;

            case SSPINative.SEC_I_COMPLETE_AND_CONTINUE:
                continueNeeded = true;
                completeNeeded = true;
                break;

            default:
                throw new SSPIException(error, "Could not update security context");
            }

            if (completeNeeded)
            {
                // complete context
                error = SSPINative.CompleteAuthToken(ref contextHandle, outputBuffers);
                if (error < 0)
                {
                    throw new SSPIException(error, "Could not complete security context");
                }
            }

            // get output token
            outputToken = outputBuffers.GetBuffer(0);
            outputBuffers.Dispose();

            // update context object state
            if (!continueNeeded)
            {
                context.SetCompleted();
            }
        }
Пример #2
0
        /// <summary>
        /// Creates security context, proceeds client token and generates server token
        /// </summary>
        public SecurityContext AcceptSecurityContext(
            SecurityCredentials credentials,
            SecurityContextAttributes contextAttributes,
            byte[] inputToken,
            out byte[] outputToken)
        {
            // parameters validation
            if (credentials == null)
            {
                throw new ArgumentNullException("credentials");
            }
            if (inputToken == null)
            {
                throw new ArgumentNullException("inputToken");
            }

            // prepare requirements for context
            uint contextReq = GetContextRequirements(true, contextAttributes);

            // prepare buffers
            SecurityBuffers inputBuffers = new SecurityBuffers(1);

            inputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_TOKEN, inputToken);

            SecurityBuffers outputBuffers = new SecurityBuffers(1);

            outputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_TOKEN, _secPackage.MaxToken);

            // create context
            Int64 credHandle = credentials.Handle;
            Int64 newContextHandle;
            Int64 contextExpiry;
            uint  contextAttribs;

            int error = SSPINative.AcceptSecurityContext(
                ref credHandle,
                IntPtr.Zero,
                inputBuffers,
                contextReq,
                SSPINative.SECURITY_NETWORK_DREP,
                out newContextHandle,
                outputBuffers,
                out contextAttribs,
                out contextExpiry);

            inputBuffers.Dispose();

            // check context state
            bool continueNeeded = false;
            bool completeNeeded = false;

            switch (error)
            {
            case Win32.ERROR_SUCCESS:
                break;

            case SSPINative.SEC_I_CONTINUE_NEEDED:
                continueNeeded = true;
                break;

            case SSPINative.SEC_I_COMPLETE_NEEDED:
                completeNeeded = true;
                break;

            case SSPINative.SEC_I_COMPLETE_AND_CONTINUE:
                continueNeeded = true;
                completeNeeded = true;
                break;

            default:
                throw new SSPIException(error, "Could not accept security context");
            }

            if (completeNeeded)
            {
                // complete context
                error = SSPINative.CompleteAuthToken(ref newContextHandle, outputBuffers);
                if (error < 0)
                {
                    throw new SSPIException(error, "Could not complete security context");
                }
            }

            // get output token
            outputToken = outputBuffers.GetBuffer(0);
            outputBuffers.Dispose();

            // create context object
            SecurityContextState contextState = (continueNeeded ? SecurityContextState.ContinueNeeded : SecurityContextState.Completed);

            return(new SecurityContext(credentials, newContextHandle, contextExpiry, SecurityContextType.Server, contextState));
        }