internal SecurityContext( SecurityCredentials credentials, Int64 contextHandle, Int64 contextExpiry, SecurityContextType contextType, SecurityContextState contextState) { // parameters validation if (credentials == null) throw new ArgumentNullException("credentials"); if (contextHandle == 0) throw new ArgumentNullException("contextHandle"); _credentials = credentials; _contextHandle = contextHandle; _contextExpiry = contextExpiry; _contextType = contextType; _contextState = contextState; }
internal SecurityContext( SecurityCredentials credentials, Int64 contextHandle, Int64 contextExpiry, SecurityContextType contextType, SecurityContextState contextState) { // parameters validation if (credentials == null) { throw new ArgumentNullException("credentials"); } if (contextHandle == 0) { throw new ArgumentNullException("contextHandle"); } _credentials = credentials; _contextHandle = contextHandle; _contextExpiry = contextExpiry; _contextType = contextType; _contextState = contextState; }
/// <summary> /// Creates security context, proceeds client token and generates server token /// </summary> public SecurityContext AcceptSecurityContext( SecurityCredentials credentials, SecurityContextAttributes contextAttributes, byte[] inputToken, out byte[] outputToken) { // parameters validation if (credentials == null) { throw new ArgumentNullException("credentials"); } if (inputToken == null) { throw new ArgumentNullException("inputToken"); } // prepare requirements for context uint contextReq = GetContextRequirements(true, contextAttributes); // prepare buffers SecurityBuffers inputBuffers = new SecurityBuffers(1); inputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_TOKEN, inputToken); SecurityBuffers outputBuffers = new SecurityBuffers(1); outputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_TOKEN, _secPackage.MaxToken); // create context Int64 credHandle = credentials.Handle; Int64 newContextHandle; Int64 contextExpiry; uint contextAttribs; int error = SSPINative.AcceptSecurityContext( ref credHandle, IntPtr.Zero, inputBuffers, contextReq, SSPINative.SECURITY_NETWORK_DREP, out newContextHandle, outputBuffers, out contextAttribs, out contextExpiry); inputBuffers.Dispose(); // check context state bool continueNeeded = false; bool completeNeeded = false; switch (error) { case Win32.ERROR_SUCCESS: break; case SSPINative.SEC_I_CONTINUE_NEEDED: continueNeeded = true; break; case SSPINative.SEC_I_COMPLETE_NEEDED: completeNeeded = true; break; case SSPINative.SEC_I_COMPLETE_AND_CONTINUE: continueNeeded = true; completeNeeded = true; break; default: throw new SSPIException(error, "Could not accept security context"); } if (completeNeeded) { // complete context error = SSPINative.CompleteAuthToken(ref newContextHandle, outputBuffers); if (error < 0) { throw new SSPIException(error, "Could not complete security context"); } } // get output token outputToken = outputBuffers.GetBuffer(0); outputBuffers.Dispose(); // create context object SecurityContextState contextState = (continueNeeded ? SecurityContextState.ContinueNeeded : SecurityContextState.Completed); return(new SecurityContext(credentials, newContextHandle, contextExpiry, SecurityContextType.Server, contextState)); }
private string SendSspiAuthentication () { try { // initialize network transport TransportClient client = new TransportClient(this.Repository.CvsRoot.ToString(), typeof(CvsTransport)); this.SetInputStream(new CvsStream(client.GetStream())); this.SetOutputStream(this.InputStream); this.OutputStream.SendString("BEGIN SSPI\n"); string[] names = System.Enum.GetNames(typeof(EncryptionType)); string protocols = string.Empty; for (int i = 0; i < names.Length; i++) { protocols += names[i]; if (i + 1 < names.Length) { protocols += ","; } } this.OutputStream.SendString(string.Format("{0}\n", protocols)); string authTypeResponse = this.InputStream.ReadLine(); CurrentEncryptionType = (EncryptionType) System.Enum.Parse(typeof(EncryptionType), authTypeResponse); // initialize authorization module authModule = new NTAuthModule(new SecurityPackage(CurrentEncryptionType.ToString())); // acquire client credentials clientCredentials = authModule.AcquireSecurityCredentials(SecurityCredentialsType.OutBound, null); byte[] clientToken; byte[] serverToken; // create client context SecurityContext clientContext = authModule.CreateSecurityContext(clientCredentials, SecurityContextAttributes.Identify, null, out clientToken); while (true) { if (clientToken != null) { // send client token to server string clientTokenString = Encoding.ASCII.GetString(clientToken, 54, 57); this.OutputStream.SendString( clientTokenString); } if (clientContext.State == SecurityContextState.Completed) { // authentication completed break; } // receive server token serverToken = Encoding.ASCII.GetBytes(this.InputStream.ReadToFirstWS()); // update security context authModule.UpdateSecurityContext(clientContext, SecurityContextAttributes.Identify, serverToken, out clientToken); } // AuthenticateClient(client); return InputStream.ReadLine(); } catch (IOException e) { String msg = "Failed to read line from server. " + "It is possible that the remote server was down."; LOGGER.Error (msg, e); throw new AuthenticationException (msg); } }
/// <summary> /// Creates security context and generates client token /// </summary> public SecurityContext CreateSecurityContext( SecurityCredentials credentials, SecurityContextAttributes contextAttributes, string targetName, out byte[] outputToken) { // parameters validation if (credentials == null) throw new ArgumentNullException("credentials"); // prepare requirements for context uint contextReq = GetContextRequirements(false, contextAttributes); // prepare buffers SecurityBuffers outputBuffers = new SecurityBuffers(1); outputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_TOKEN, _secPackage.MaxToken); // create context Int64 credHandle = credentials.Handle; Int64 newContextHandle; Int64 contextExpiry; uint contextAttribs; int error = SSPINative.InitializeSecurityContext( ref credHandle, IntPtr.Zero, targetName, contextReq, 0, SSPINative.SECURITY_NETWORK_DREP, null, 0, out newContextHandle, outputBuffers, out contextAttribs, out contextExpiry); // check context state bool continueNeeded = false; bool completeNeeded = false; switch (error) { case Win32.ERROR_SUCCESS: break; case SSPINative.SEC_I_CONTINUE_NEEDED: continueNeeded = true; break; case SSPINative.SEC_I_COMPLETE_NEEDED: completeNeeded = true; break; case SSPINative.SEC_I_COMPLETE_AND_CONTINUE: continueNeeded = true; completeNeeded = true; break; default: throw new SSPIException(error, "Could not create security context"); } if (completeNeeded) { // complete context error = SSPINative.CompleteAuthToken(ref newContextHandle, outputBuffers); if (error < 0) throw new SSPIException(error, "Could not complete security context"); } // get output token outputToken = outputBuffers.GetBuffer(0); outputBuffers.Dispose(); // create context object SecurityContextState contextState = (continueNeeded ? SecurityContextState.ContinueNeeded : SecurityContextState.Completed); return new SecurityContext(credentials, newContextHandle, contextExpiry, SecurityContextType.Client, contextState); }