/// <summary>
/// Updates security context, proceeds input token and generates output token
/// </summary>
public void UpdateSecurityContext(
SecurityContext context,
SecurityContextAttributes contextAttributes,
byte[] inputToken,
out byte[] outputToken)
{
// parameters validation
if (context == null)
{
throw new ArgumentNullException("credentials");
}
if (inputToken == null)
{
throw new ArgumentNullException("inputToken");
}
// prepare requirements for context
uint contextReq = GetContextRequirements(context.Type == SecurityContextType.Server, contextAttributes);
// prepare buffers
SecurityBuffers inputBuffers = new SecurityBuffers(1);
inputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_TOKEN, inputToken);
SecurityBuffers outputBuffers = new SecurityBuffers(1);
outputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_TOKEN, _secPackage.MaxToken);
// update context
Int64 credHandle = context.credentials.Handle;
Int64 contextHandle = context.Handle;
uint contextAttribs;
int error;
if (context.Type == SecurityContextType.Client)
{
error = SSPINative.InitializeSecurityContext(
ref credHandle,
ref contextHandle,
null,
contextReq,
0,
SSPINative.SECURITY_NETWORK_DREP,
inputBuffers,
0,
IntPtr.Zero,
outputBuffers,
out contextAttribs,
IntPtr.Zero);
}
else
{
error = SSPINative.AcceptSecurityContext(
ref credHandle,
ref contextHandle,
inputBuffers,
contextReq,
SSPINative.SECURITY_NETWORK_DREP,
IntPtr.Zero,
outputBuffers,
out contextAttribs,
IntPtr.Zero);
}
inputBuffers.Dispose();
// check context state
bool continueNeeded = false;
bool completeNeeded = false;
switch (error)
{
case Win32.ERROR_SUCCESS:
break;
case SSPINative.SEC_I_CONTINUE_NEEDED:
continueNeeded = true;
break;
case SSPINative.SEC_I_COMPLETE_NEEDED:
completeNeeded = true;
break;
case SSPINative.SEC_I_COMPLETE_AND_CONTINUE:
continueNeeded = true;
completeNeeded = true;
break;
default:
throw new SSPIException(error, "Could not update security context");
}
if (completeNeeded)
{
// complete context
error = SSPINative.CompleteAuthToken(ref contextHandle, outputBuffers);
if (error < 0)
{
throw new SSPIException(error, "Could not complete security context");
}
}
// get output token
outputToken = outputBuffers.GetBuffer(0);
outputBuffers.Dispose();
// update context object state
if (!continueNeeded)
{
context.SetCompleted();
}
}
/// <summary>
/// Creates security context, proceeds client token and generates server token
/// </summary>
public SecurityContext AcceptSecurityContext(
SecurityCredentials credentials,
SecurityContextAttributes contextAttributes,
byte[] inputToken,
out byte[] outputToken)
{
// parameters validation
if (credentials == null)
{
throw new ArgumentNullException("credentials");
}
if (inputToken == null)
{
throw new ArgumentNullException("inputToken");
}
// prepare requirements for context
uint contextReq = GetContextRequirements(true, contextAttributes);
// prepare buffers
SecurityBuffers inputBuffers = new SecurityBuffers(1);
inputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_TOKEN, inputToken);
SecurityBuffers outputBuffers = new SecurityBuffers(1);
outputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_TOKEN, _secPackage.MaxToken);
// create context
Int64 credHandle = credentials.Handle;
Int64 newContextHandle;
Int64 contextExpiry;
uint contextAttribs;
int error = SSPINative.AcceptSecurityContext(
ref credHandle,
IntPtr.Zero,
inputBuffers,
contextReq,
SSPINative.SECURITY_NETWORK_DREP,
out newContextHandle,
outputBuffers,
out contextAttribs,
out contextExpiry);
inputBuffers.Dispose();
// check context state
bool continueNeeded = false;
bool completeNeeded = false;
switch (error)
{
case Win32.ERROR_SUCCESS:
break;
case SSPINative.SEC_I_CONTINUE_NEEDED:
continueNeeded = true;
break;
case SSPINative.SEC_I_COMPLETE_NEEDED:
completeNeeded = true;
break;
case SSPINative.SEC_I_COMPLETE_AND_CONTINUE:
continueNeeded = true;
completeNeeded = true;
break;
default:
throw new SSPIException(error, "Could not accept security context");
}
if (completeNeeded)
{
// complete context
error = SSPINative.CompleteAuthToken(ref newContextHandle, outputBuffers);
if (error < 0)
{
throw new SSPIException(error, "Could not complete security context");
}
}
// get output token
outputToken = outputBuffers.GetBuffer(0);
outputBuffers.Dispose();
// create context object
SecurityContextState contextState = (continueNeeded ? SecurityContextState.ContinueNeeded : SecurityContextState.Completed);
return(new SecurityContext(credentials, newContextHandle, contextExpiry, SecurityContextType.Server, contextState));
}
