private static void bindingSetAuthInfo(RPC_C_AUTHN_LEVEL level, RPC_C_AUTHN[] authTypes,
RpcHandle handle, string serverPrincipalName, NetworkCredential credentails)
{
if (credentails == null)
{
foreach (RPC_C_AUTHN atype in authTypes)
{
RPC_STATUS result = NativeMethods.RpcBindingSetAuthInfo2(handle.Handle, serverPrincipalName, level, atype, IntPtr.Zero, 0);
if (result != RPC_STATUS.RPC_S_OK)
{
RpcTrace.Warning("Unable to register {0}, result = {1}", atype, new RpcException(result).Message);
}
}
}
else
{
SEC_WINNT_AUTH_IDENTITY pSecInfo = new SEC_WINNT_AUTH_IDENTITY(credentails);
foreach (RPC_C_AUTHN atype in authTypes)
{
RPC_STATUS result = NativeMethods.RpcBindingSetAuthInfo(handle.Handle, serverPrincipalName, level, atype, ref pSecInfo, 0);
if (result != RPC_STATUS.RPC_S_OK)
{
RpcTrace.Warning("Unable to register {0}, result = {1}", atype, new RpcException(result).Message);
}
}
}
}
internal static extern Win32Error FwpmEngineOpen0(
[Optional] string serverName,
RpcAuthenticationType authnService,
SEC_WINNT_AUTH_IDENTITY authIdentity,
FWPM_SESSION0 session,
out SafeFwpmEngineHandle engineHandle
);
private static void BindingSetAuthInfo(RpcProtectionLevel level, RpcAuthentication[] authTypes,
RpcHandle handle, string serverPrincipalName, NetworkCredential credentails)
{
if (credentails == null)
{
foreach (RpcAuthentication atype in authTypes)
{
RpcError result = RpcBindingSetAuthInfo2(handle.Handle, serverPrincipalName, level, atype, IntPtr.Zero, 0);
if (result != RpcError.RPC_S_OK)
{
Log.Warning("Unable to register {0}, result = {1}", atype, new RpcException(result).Message);
}
}
}
else
{
SEC_WINNT_AUTH_IDENTITY pSecInfo = new SEC_WINNT_AUTH_IDENTITY(credentails);
foreach (RpcAuthentication atype in authTypes)
{
RpcError result = RpcBindingSetAuthInfo(handle.Handle, serverPrincipalName, level, atype, ref pSecInfo, 0);
if (result != RpcError.RPC_S_OK)
{
Log.Warning("Unable to register {0}, result = {1}", atype, new RpcException(result).Message);
}
}
}
}
public extern static uint RpcBindingSetAuthInfo(
IntPtr Binding,
string ServerPrincName,
UInt32 AuthnLevel,
UInt32 AuthnSvc,
ref SEC_WINNT_AUTH_IDENTITY AuthIdentity,
UInt32 AuthzService);
public SspiCredentials(string principal, string username, string password, string domain)
{
long expiry = 0;
var authenticationData = new SEC_WINNT_AUTH_IDENTITY
{
User = username,
UserLength = username.Length,
Domain = domain,
DomainLength = domain.Length,
Password = password,
PasswordLength = password.Length,
Flags = SspiInterop.SEC_WINNT_AUTH_IDENTITY_UNICODE
};
var result = SspiInterop.AcquireCredentialsHandle(
principal,
SecurityPackage,
SspiInterop.SECPKG_CRED_BOTH,
IntPtr.Zero,
authenticationData,
0,
IntPtr.Zero,
ref _credentials,
ref expiry);
if (result != SspiInterop.SEC_E_OK)
{
throw new Exception($"Unable to aquire credentials for {principal}, SECURITY_STATUS 0x{result:x8}");
}
Credentials = _credentials;
}
public void RpcBindingSetAuthInfo_null_notOk()
{
var identity = new SEC_WINNT_AUTH_IDENTITY();
var status = NativeMethods.RpcBindingSetAuthInfo(IntPtr.Zero, "", RPC_C_AUTHN_LEVEL.RPC_C_AUTHN_LEVEL_NONE,
RPC_C_AUTHN.RPC_C_AUTHN_NONE, ref identity, 0);
Assert.AreNotEqual(RPC_STATUS.RPC_S_OK, status);
}
internal static extern int AcquireCredentialsHandle_1(
string pszPrincipal, //SEC_CHAR*
string pszPackage, //SEC_CHAR* //"Kerberos","NTLM","Negotiative"
int fCredentialUse,
IntPtr PAuthenticationID, //_LUID AuthenticationID,//pvLogonID, //PLUID
ref SEC_WINNT_AUTH_IDENTITY pAuthData,
IntPtr pGetKeyFn, //SEC_GET_KEY_FN
IntPtr pvGetKeyArgument, //PVOID
ref SECURITY_HANDLE phCredential, //SecHandle //PCtxtHandle ref
IntPtr ptsExpiry //PTimeStamp //TimeStamp ref
);
public static SecHandle AcquireNTLMCredentialsHandle(string domainName, string userName, string password)
{
SEC_WINNT_AUTH_IDENTITY auth = new SEC_WINNT_AUTH_IDENTITY();
auth.Domain = domainName;
auth.DomainLength = (uint)domainName.Length;
auth.User = userName;
auth.UserLength = (uint)userName.Length;
auth.Password = password;
auth.PasswordLength = (uint)password.Length;
auth.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
return(AcquireNTLMCredentialsHandle(auth));
}
public static uint AcquireCredentialsHandle(
string pszPrincipal, //SEC_CHAR*
string pszPackage, //SEC_CHAR* //"Kerberos","NTLM","Negotiative"
int fCredentialUse,
IntPtr PAuthenticationID, //_LUID AuthenticationID,//pvLogonID, //PLUID
ref SEC_WINNT_AUTH_IDENTITY pAuthData, //PVOID
int pGetKeyFn, //SEC_GET_KEY_FN
IntPtr pvGetKeyArgument, //PVOID
ref SECURITY_HANDLE phCredential, //SecHandle //PCtxtHandle ref
ref SECURITY_INTEGER ptsExpiry) //PTimeStamp //TimeStamp ref
{
NotImplemented(MethodBase.GetCurrentMethod());
return(0);
}
public void AcquireCredentialsHandleTest()
{
var hCred = SafeCredHandle.Null;
Assert.That(() => hCred = SafeCredHandle.Acquire("Kerberos", SECPKG_CRED.SECPKG_CRED_OUTBOUND), Throws.Nothing);
Assert.That(hCred.DangerousGetHandle().IsInvalid, Is.False);
Assert.That(() => ((IDisposable)hCred).Dispose(), Throws.Nothing);
var sid = new SEC_WINNT_AUTH_IDENTITY(Environment.UserName, Environment.UserDomainName, "");
Assert.That(() => hCred = SafeCredHandle.Acquire <SEC_WINNT_AUTH_IDENTITY>(NTLMSP_NAME, SECPKG_CRED.SECPKG_CRED_OUTBOUND, sid, null, null, out _), Throws.Nothing);
Assert.That(hCred.DangerousGetHandle().IsInvalid, Is.False);
Assert.That(() => ((IDisposable)hCred).Dispose(), Throws.Nothing);
}
public void InitializeSecurityContextTest2()
{
var sid = new SEC_WINNT_AUTH_IDENTITY(Environment.UserName, Environment.UserDomainName, "");
using (var hCred = SafeCredHandle.Acquire <SEC_WINNT_AUTH_IDENTITY>(NTLMSP_NAME, SECPKG_CRED.SECPKG_CRED_OUTBOUND, sid))
{
var hCtxt = new SafeCtxtHandle();
var fContextReq = ASC_REQ.ASC_REQ_REPLAY_DETECT | ASC_REQ.ASC_REQ_SEQUENCE_DETECT | ASC_REQ.ASC_REQ_CONFIDENTIALITY | ASC_REQ.ASC_REQ_DELEGATE;
var hr = InitializeSecurityContext(hCred, hCtxt, WindowsIdentity.GetCurrent().Name, fContextReq, DREP.SECURITY_NATIVE_DREP,
null, SecBufferType.SECBUFFER_TOKEN, out var sbd, out _, out _);
Assert.That(hr, Is.EqualTo((HRESULT)0).Or.Property("Succeeded").True);
Assert.That(hCtxt.DangerousGetHandle().IsNull, Is.False);
Assert.That(sbd.Count, Is.EqualTo(1));
Assert.That(sbd[0].pvBuffer, Is.Not.EqualTo(IntPtr.Zero));
Assert.That(() => sbd.Dispose(), Throws.Nothing);
}
}
public static void Free(IntPtr pSwai)
{
SEC_WINNT_AUTH_IDENTITY swai =
(SEC_WINNT_AUTH_IDENTITY)Marshal.PtrToStructure(
pSwai, typeof(SEC_WINNT_AUTH_IDENTITY));
if (swai.Flags == SEC_WINNT_AUTH_IDENTITY_ANSI)
{
Marshal.ZeroFreeGlobalAllocAnsi(swai.Password);
}
else
{
Marshal.ZeroFreeGlobalAllocUnicode(swai.Password);
}
Marshal.FreeHGlobal(swai.Domain);
Marshal.FreeHGlobal(swai.User);
Marshal.FreeHGlobal(pSwai);
}
public static void LdapBind(IntPtr ld, string domain,
string username, SecureString password)
{
IntPtr cred = SEC_WINNT_AUTH_IDENTITY.GetUnicode(username, password, domain);
try
{
uint errorCode = ldap_bind_s(ld, NULL, cred, LDAP_AUTH_NEGOTIATE);
if (errorCode != LDAP_SUCCESS)
{
throw new Exception("LDAP Error: " + errorCode);
}
}
finally
{
if (cred != NULL) SEC_WINNT_AUTH_IDENTITY.Free(cred);
}
}
public static IntPtr GetUnicode(string username,
SecureString password, string domain)
{
SEC_WINNT_AUTH_IDENTITY swai = new SEC_WINNT_AUTH_IDENTITY();
bool exception = true;
try
{
swai.User = Marshal.StringToHGlobalUni(username);
swai.UserLength = username.Length;
swai.Domain = Marshal.StringToHGlobalUni(domain);
swai.DomainLength = domain.Length;
swai.Password = Marshal.SecureStringToGlobalAllocUnicode(password);
swai.PasswordLength = password.Length;
swai.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
IntPtr pSwai = Marshal.AllocHGlobal(Marshal.SizeOf(swai));
try
{
Marshal.StructureToPtr(swai, pSwai, false);
exception = false;
return pSwai;
}
finally
{
if (exception && pSwai != NULL)
{
Marshal.FreeHGlobal(pSwai);
}
}
}
finally
{
if (exception)
{
if (swai.User != NULL) Marshal.FreeHGlobal(swai.User);
if (swai.Domain != NULL) Marshal.FreeHGlobal(swai.Domain);
if (swai.Password != NULL)
{
Marshal.ZeroFreeGlobalAllocUnicode(swai.Password);
}
}
}
}
protected override SECURITY_HANDLE AcquireCredential()
{
if (Settings.AcquisitionCredentials == null ||
string.IsNullOrWhiteSpace(Settings.AcquisitionCredentials.UserName) ||
string.IsNullOrWhiteSpace(Settings.AcquisitionCredentials.Password))
{
return(base.AcquireCredential());
}
SEC_WINNT_AUTH_IDENTITY pAuthData = new SEC_WINNT_AUTH_IDENTITY(
Settings.AcquisitionCredentials.Domain,
Settings.AcquisitionCredentials.UserName,
Settings.AcquisitionCredentials.Password,
SEC_WINNT_AUTH_IDENTITY_FLAGS.Unicode
);
SECURITY_HANDLE phCredential = default(SECURITY_HANDLE);
var result = AcquireCredentialsHandle_1(
null,
Mechanism,
SECPKG_CRED_INBOUND,
IntPtr.Zero,
ref pAuthData,
IntPtr.Zero,
IntPtr.Zero,
ref phCredential,
IntPtr.Zero
);
if (result < 0)
{
throw new Win32Exception(result);
}
return(phCredential);
}
internal static extern Int32 RpcBindingSetAuthInfo(IntPtr lpBinding, string ServerPrincName,
UInt32 AuthnLevel, UInt32 AuthnSvc, ref SEC_WINNT_AUTH_IDENTITY AuthIdentity, UInt32 AuthzSvc);
private static extern RpcError RpcBindingSetAuthInfo(IntPtr Binding, String ServerPrincName,
RpcProtectionLevel AuthnLevel, RpcAuthentication AuthnSvc,
[In] ref SEC_WINNT_AUTH_IDENTITY AuthIdentity,
uint AuthzSvc);
internal static extern Int32 RpcBindingSetAuthInfoEx(IntPtr lpBinding, string ServerPrincName,
UInt32 AuthnLevel, UInt32 AuthnSvc, ref SEC_WINNT_AUTH_IDENTITY AuthIdentity, UInt32 AuthzSvc,
ref RPC_SECURITY_QOS SecurityQOS);
private static extern int AcquireCredentialsHandleIdentity__(IntPtr pszPrincipal, string pszPackage, int fCredentialUse,
IntPtr pvLogonId, ref SEC_WINNT_AUTH_IDENTITY pAuthData, IntPtr pGetKeyFn, IntPtr pvGetKeyArgument,
SecHandle phCredential, ref Int64 ptsExpiry);
