/// <summary> /// Updates security context, proceeds input token and generates output token /// </summary> public void UpdateSecurityContext( SecurityContext context, SecurityContextAttributes contextAttributes, byte[] inputToken, out byte[] outputToken) { // parameters validation if (context == null) { throw new ArgumentNullException("credentials"); } if (inputToken == null) { throw new ArgumentNullException("inputToken"); } // prepare requirements for context uint contextReq = GetContextRequirements(context.Type == SecurityContextType.Server, contextAttributes); // prepare buffers SecurityBuffers inputBuffers = new SecurityBuffers(1); inputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_TOKEN, inputToken); SecurityBuffers outputBuffers = new SecurityBuffers(1); outputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_TOKEN, _secPackage.MaxToken); // update context Int64 credHandle = context.credentials.Handle; Int64 contextHandle = context.Handle; uint contextAttribs; int error; if (context.Type == SecurityContextType.Client) { error = SSPINative.InitializeSecurityContext( ref credHandle, ref contextHandle, null, contextReq, 0, SSPINative.SECURITY_NETWORK_DREP, inputBuffers, 0, IntPtr.Zero, outputBuffers, out contextAttribs, IntPtr.Zero); } else { error = SSPINative.AcceptSecurityContext( ref credHandle, ref contextHandle, inputBuffers, contextReq, SSPINative.SECURITY_NETWORK_DREP, IntPtr.Zero, outputBuffers, out contextAttribs, IntPtr.Zero); } inputBuffers.Dispose(); // check context state bool continueNeeded = false; bool completeNeeded = false; switch (error) { case Win32.ERROR_SUCCESS: break; case SSPINative.SEC_I_CONTINUE_NEEDED: continueNeeded = true; break; case SSPINative.SEC_I_COMPLETE_NEEDED: completeNeeded = true; break; case SSPINative.SEC_I_COMPLETE_AND_CONTINUE: continueNeeded = true; completeNeeded = true; break; default: throw new SSPIException(error, "Could not update security context"); } if (completeNeeded) { // complete context error = SSPINative.CompleteAuthToken(ref contextHandle, outputBuffers); if (error < 0) { throw new SSPIException(error, "Could not complete security context"); } } // get output token outputToken = outputBuffers.GetBuffer(0); outputBuffers.Dispose(); // update context object state if (!continueNeeded) { context.SetCompleted(); } }
/// <summary> /// Updates security context, proceeds input token and generates output token /// </summary> public void UpdateSecurityContext( SecurityContext context, SecurityContextAttributes contextAttributes, byte[] inputToken, out byte[] outputToken) { // parameters validation if (context == null) throw new ArgumentNullException("credentials"); if (inputToken == null) throw new ArgumentNullException("inputToken"); // prepare requirements for context uint contextReq = GetContextRequirements(context.Type == SecurityContextType.Server, contextAttributes); // prepare buffers SecurityBuffers inputBuffers = new SecurityBuffers(1); inputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_TOKEN, inputToken); SecurityBuffers outputBuffers = new SecurityBuffers(1); outputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_TOKEN, _secPackage.MaxToken); // update context Int64 credHandle = context.credentials.Handle; Int64 contextHandle = context.Handle; uint contextAttribs; int error; if (context.Type == SecurityContextType.Client) { error = SSPINative.InitializeSecurityContext( ref credHandle, ref contextHandle, null, contextReq, 0, SSPINative.SECURITY_NETWORK_DREP, inputBuffers, 0, IntPtr.Zero, outputBuffers, out contextAttribs, IntPtr.Zero); } else { error = SSPINative.AcceptSecurityContext( ref credHandle, ref contextHandle, inputBuffers, contextReq, SSPINative.SECURITY_NETWORK_DREP, IntPtr.Zero, outputBuffers, out contextAttribs, IntPtr.Zero); } inputBuffers.Dispose(); // check context state bool continueNeeded = false; bool completeNeeded = false; switch (error) { case Win32.ERROR_SUCCESS: break; case SSPINative.SEC_I_CONTINUE_NEEDED: continueNeeded = true; break; case SSPINative.SEC_I_COMPLETE_NEEDED: completeNeeded = true; break; case SSPINative.SEC_I_COMPLETE_AND_CONTINUE: continueNeeded = true; completeNeeded = true; break; default: throw new SSPIException(error, "Could not update security context"); } if (completeNeeded) { // complete context error = SSPINative.CompleteAuthToken(ref contextHandle, outputBuffers); if (error < 0) throw new SSPIException(error, "Could not complete security context"); } // get output token outputToken = outputBuffers.GetBuffer(0); outputBuffers.Dispose(); // update context object state if (!continueNeeded) { context.SetCompleted(); } }