private static SafeCtxtHandle GetSecContext(SafeCredHandle hCred, SafeSecBufferDesc pOutput, string target = null) { if (target is null) { target = WindowsIdentity.GetCurrent().Name; } var hCtxt = new SafeCtxtHandle(); var hr = InitializeSecurityContext(hCred, hCtxt, target, 0, DREP.SECURITY_NATIVE_DREP, null, pOutput, out _, out _); if (hr == HRESULT.SEC_I_COMPLETE_NEEDED) { hr = CompleteAuthToken(hCtxt, pOutput.GetRef()); } else if (hr == HRESULT.SEC_I_CONTINUE_NEEDED) { var pIn = pOutput; var hCtxt2 = SafeCtxtHandle.Null; unsafe { using (var pOutput2 = new SafeSecBufferDesc(SecBufferType.SECBUFFER_TOKEN)) { AcceptSecurityContext(hCred, hCtxt2, pIn, ASC_REQ.ASC_REQ_ALLOCATE_MEMORY, DREP.SECURITY_NATIVE_DREP, out var hCtxt2Temp, pOutput2, out _, out _).ThrowIfFailed(); return(new SafeCtxtHandle(hCtxt2Temp)); } } } hr.ThrowIfFailed(); return(hCtxt); }
public SspiContext() { this.Handle = new SafeCtxtHandle(); this.SecBufferDesc5 = new SecBufferDescEx(new SecBufferEx[5]); this.SecBufferDesc2 = new SecBufferDescEx[] { new SecBufferDescEx(new SecBufferEx[2]), new SecBufferDescEx(new SecBufferEx[2]) }; this.Buffer = new StreamBuffer(); }
public SspiContext() { Handle = new SafeCtxtHandle(); SecBufferDesc5 = new SecBufferDescEx(new SecBufferEx[5]); SecBufferDesc2 = new SecBufferDescEx[] { new SecBufferDescEx(new SecBufferEx[2]), new SecBufferDescEx(new SecBufferEx[2]), }; Buffer = new StreamBuffer(); }
public SecurityAssociation(int opaque, AuthSchemes scheme, ByteArrayPart targetname) //, SafeCredHandle credentials) { this.scheme = scheme; this.targetname = targetname.DeepCopy(); this.Opaque = opaque; this.contextHandle = new SafeCtxtHandle(); this.expireTime = DateTime.MaxValue; this.idleTime = DateTime.MaxValue; this.idleTimeUpdatedByExpires = false; this.outSnum = 0; this.inCnum = 0; //_SlidingWindow.SetAll(false); }
public bool Authentication(SafeCredHandle credHandle, Methods method, byte[] realm, byte[] inToken, out ArraySegment <byte> outToken) { //idleTime = DateTime.UtcNow.AddMinutes(IdleMinutes); InitializeThreadStaticVars(); secBufferDesc1.Buffers[0].SetBuffer(BufferType.SECBUFFER_TOKEN, inToken); secBufferDesc1.Buffers[1].SetBuffer(BufferType.SECBUFFER_PKG_PARAMS, method.ToByteArrayPart().Bytes); secBufferDesc1.Buffers[2].SetBuffer(BufferType.SECBUFFER_PKG_PARAMS, new byte[0]); secBufferDesc1.Buffers[3].SetBuffer(BufferType.SECBUFFER_PKG_PARAMS, new byte[0]); secBufferDesc1.Buffers[4].SetBuffer(BufferType.SECBUFFER_PKG_PARAMS, realm); secBufferDesc1.Buffers[5].SetBuffer(BufferType.SECBUFFER_CHANNEL_BINDINGS, new byte[0]); secBufferDesc2.Buffers[0].SetBuffer(BufferType.SECBUFFER_TOKEN, bytes1); secBufferDesc2.Buffers[1].SetBufferEmpty(); var newHandle = (contextHandle.IsInvalid) ? new SafeCtxtHandle() : contextHandle; var result = Sspi.SafeAcceptSecurityContext( ref credHandle, ref contextHandle, ref secBufferDesc1, 0, TargetDataRep.SECURITY_NETWORK_DREP, ref newHandle, ref secBufferDesc2); Tracer.WriteInformation("SSPI Digest Auth: " + result.ToString()); if (contextHandle.IsInvalid && newHandle.IsInvalid == false) { contextHandle = newHandle; } if (result == SecurityStatus.SEC_E_OK) { outToken = new ArraySegment <byte>(); isAuthenticationComplete = true; return(true); } else { outToken = new ArraySegment <byte>(); return(false); } }
public void InitializeSecurityContextTest2() { var sid = new SEC_WINNT_AUTH_IDENTITY(Environment.UserName, Environment.UserDomainName, ""); using (var hCred = SafeCredHandle.Acquire <SEC_WINNT_AUTH_IDENTITY>(NTLMSP_NAME, SECPKG_CRED.SECPKG_CRED_OUTBOUND, sid)) { var hCtxt = new SafeCtxtHandle(); var fContextReq = ASC_REQ.ASC_REQ_REPLAY_DETECT | ASC_REQ.ASC_REQ_SEQUENCE_DETECT | ASC_REQ.ASC_REQ_CONFIDENTIALITY | ASC_REQ.ASC_REQ_DELEGATE; var hr = InitializeSecurityContext(hCred, hCtxt, WindowsIdentity.GetCurrent().Name, fContextReq, DREP.SECURITY_NATIVE_DREP, null, SecBufferType.SECBUFFER_TOKEN, out var sbd, out _, out _); Assert.That(hr, Is.EqualTo((HRESULT)0).Or.Property("Succeeded").True); Assert.That(hCtxt.DangerousGetHandle().IsNull, Is.False); Assert.That(sbd.Count, Is.EqualTo(1)); Assert.That(sbd[0].pvBuffer, Is.Not.EqualTo(IntPtr.Zero)); Assert.That(() => sbd.Dispose(), Throws.Nothing); } }
public ErrorCodes Authentication(SafeCredHandle credHandle, byte[] inToken, out ArraySegment <byte> outToken) { idleTime = DateTime.UtcNow.AddMinutes(IdleMinutes); InitializeThreadStaticVars(); secBufferDesc1.Buffers[0].SetBuffer(BufferType.SECBUFFER_TOKEN, inToken); secBufferDesc1.Buffers[1].SetBufferEmpty(); secBufferDesc2.Buffers[0].SetBuffer(BufferType.SECBUFFER_TOKEN, bytes1); secBufferDesc2.Buffers[1].SetBufferEmpty(); var newHandle = (contextHandle.IsInvalid) ? new SafeCtxtHandle() : contextHandle; var result = Sspi.SafeAcceptSecurityContext( ref credHandle, ref contextHandle, ref secBufferDesc1, (int)(ContextReq.ASC_REQ_INTEGRITY | ContextReq.ASC_REQ_IDENTIFY | ((scheme == AuthSchemes.Ntlm) ? ContextReq.ASC_REQ_DATAGRAM : ContextReq.ASC_REQ_MUTUAL_AUTH)), TargetDataRep.SECURITY_NETWORK_DREP, ref newHandle, ref secBufferDesc2); Tracer.WriteInformation("Auth: " + result.ToString()); if (contextHandle.IsInvalid && newHandle.IsInvalid == false) { contextHandle = newHandle; } if (result == SecurityStatus.SEC_E_OK) { outToken = new ArraySegment <byte>(); isAuthenticationComplete = true; SecPkgContext_Sizes sizes; if (Sspi.Failed(Sspi.SafeQueryContextAttributes(ref contextHandle, out sizes))) { return(ErrorCodes.QueryContextAttributesForSizesFailed); } maxSignatureSize = sizes.cbMaxSignature; if (Sspi.Failed(Sspi.SafeQueryContextAttributes(ref contextHandle, out userName))) { return(ErrorCodes.QueryContextAttributesForUsernameFailed); } int slash = userName.IndexOf('\\'); if (slash >= 0) { userName = userName.Substring(slash + 1); } Tracer.WriteInformation("Username: " + userName); expireTime = DateTime.UtcNow.AddHours(ExpirationHours); return(ErrorCodes.Ok); } else if (result == SecurityStatus.SEC_I_CONTINUE_NEEDED) { outToken = new ArraySegment <byte>(bytes1, 0, secBufferDesc2.Buffers[0].Size); return(ErrorCodes.Continue); } else { outToken = new ArraySegment <byte>(); return(ErrorCodes.SecurityViolation); } }
public SecurityAssociation() { this.contextHandle = new SafeCtxtHandle(); }
private bool Handshake(ServerAsyncEventArgs ie, Server <C> .Connection <C> connection) { int num = 0; ServerAsyncEventArgs serverAsyncEventArgs = null; SspiContext sspiContext = connection.SspiContext; SecBufferDescEx secBufferDescEx = sspiContext.SecBufferDesc2[0]; SecBufferDescEx secBufferDescEx2 = sspiContext.SecBufferDesc2[1]; bool result; try { if (sspiContext.Buffer.IsValid && ie != null && !sspiContext.Buffer.CopyTransferredFrom(ie, 0)) { result = false; } else { while (true) { secBufferDescEx.Buffers[0].BufferType = BufferType.SECBUFFER_TOKEN; if (sspiContext.Buffer.IsValid) { this.SetSecBuffer(ref secBufferDescEx.Buffers[0], sspiContext); } else { this.SetSecBuffer(ref secBufferDescEx.Buffers[0], ie); } secBufferDescEx.Buffers[1].SetBufferEmpty(); if (serverAsyncEventArgs == null) { serverAsyncEventArgs = EventArgsManager.Get(); } serverAsyncEventArgs.AllocateBuffer(); secBufferDescEx2.Buffers[0].BufferType = BufferType.SECBUFFER_TOKEN; secBufferDescEx2.Buffers[0].Size = serverAsyncEventArgs.Count; secBufferDescEx2.Buffers[0].Buffer = serverAsyncEventArgs.Buffer; secBufferDescEx2.Buffers[0].Offset = serverAsyncEventArgs.Offset; secBufferDescEx2.Buffers[1].SetBufferEmpty(); int contextReq = 98332; SafeCtxtHandle handle = sspiContext.Handle.IsInvalid ? new SafeCtxtHandle() : sspiContext.Handle; long num2; SecurityStatus securityStatus = Sspi.SafeAcceptSecurityContext(ref this.credential, ref sspiContext.Handle, ref secBufferDescEx, contextReq, TargetDataRep.SECURITY_NATIVE_DREP, ref handle, ref secBufferDescEx2, out num, out num2); if (sspiContext.Handle.IsInvalid) { sspiContext.Handle = handle; } SecurityStatus securityStatus2 = securityStatus; if (securityStatus2 == (SecurityStatus)2148074264u) { break; } if (securityStatus2 != (SecurityStatus)2148074273u) { if ((securityStatus == SecurityStatus.SEC_I_CONTINUE_NEEDED || securityStatus == SecurityStatus.SEC_E_OK || (Sspi.Failed(securityStatus) && (num & 32768) != 0)) && secBufferDescEx2.Buffers[0].Size > 0) { serverAsyncEventArgs.Count = secBufferDescEx2.Buffers[0].Size; serverAsyncEventArgs.CopyAddressesFrom(ie); serverAsyncEventArgs.LocalEndPoint = base.GetLocalEndpoint(ie.RemoteEndPoint.Address); base.SendAsync(connection, serverAsyncEventArgs); serverAsyncEventArgs = null; } int bufferIndex = secBufferDescEx.GetBufferIndex(BufferType.SECBUFFER_EXTRA, 0); if (bufferIndex < 0) { sspiContext.Buffer.Free(); } else if (sspiContext.Buffer.IsInvalid) { if (!sspiContext.Buffer.CopyTransferredFrom(ie, ie.BytesTransferred - secBufferDescEx.Buffers[bufferIndex].Size)) { goto Block_21; } } else { sspiContext.Buffer.MoveToBegin(sspiContext.Buffer.BytesTransferred - secBufferDescEx.Buffers[bufferIndex].Size, secBufferDescEx.Buffers[bufferIndex].Size); } SecurityStatus securityStatus3 = securityStatus; if (securityStatus3 == SecurityStatus.SEC_E_OK) { goto IL_2FF; } if (securityStatus3 != SecurityStatus.SEC_I_CONTINUE_NEEDED) { goto Block_23; } if (bufferIndex < 0) { goto Block_25; } } else { if (serverAsyncEventArgs.Count >= this.maxTokenSize) { goto IL_1DC; } serverAsyncEventArgs.Count = this.maxTokenSize; serverAsyncEventArgs.ReAllocateBuffer(false); } } if (sspiContext.Buffer.IsInvalid && !sspiContext.Buffer.CopyTransferredFrom(ie, 0)) { result = false; return(result); } result = true; return(result); IL_1DC: result = false; return(result); Block_21: result = false; return(result); Block_23: result = false; return(result); IL_2FF: if (Sspi.SafeQueryContextAttributes(ref sspiContext.Handle, out sspiContext.StreamSizes) != SecurityStatus.SEC_E_OK) { result = false; return(result); } sspiContext.Connected = true; this.OnNewConnection(connection); result = true; return(result); Block_25: result = true; } } finally { if (serverAsyncEventArgs != null) { EventArgsManager.Put(ref serverAsyncEventArgs); } } return(result); }