public static extern int VerifySignature(ref SECURITY_HANDLE phContext, // Context to use
ref SecBufferDesc pMessage, // Message to sign
uint MessageSeqNo, // Message Sequence Num.
out uint pfQOP); // Quality of Protection
private void InitializeClient(byte[] serverToken, out byte[] clientToken)
{
clientToken = null;
SECURITY_INTEGER ClientLifeTime = new SECURITY_INTEGER(0);
if (!_bGotClientCredentials)
{
uint returnValue;
if (!UseWindowsCreds)
{
SEC_WINNT_AUTH_IDENTITY ident = new SEC_WINNT_AUTH_IDENTITY();
ident.User = Username;
ident.UserLength = ident.User.Length;
ident.Domain = Domain;
ident.DomainLength = ident.Domain.Length;
ident.Password = Password;
ident.PasswordLength = ident.Password.Length;
ident.Flags = 0x1;
returnValue = AcquireCredentialsHandle(null, "Kerberos", SECPKG_CRED_OUTBOUND,
IntPtr.Zero, ref ident, 0, IntPtr.Zero,
ref _hOutboundCred, ref ClientLifeTime);
}
else
{
returnValue = AcquireCredentialsHandle(null, "Kerberos", SECPKG_CRED_OUTBOUND,
HANDLE.Zero, HANDLE.Zero, 0, HANDLE.Zero,
ref _hOutboundCred, ref ClientLifeTime);
}
if (returnValue != SEC_E_OK)
{
throw new Exception("Couldn't acquire client credentials");
}
_bGotClientCredentials = true;
}
uint ss;
SecBufferDesc ClientToken = new SecBufferDesc(MAX_TOKEN_SIZE);
try
{
uint ContextAttributes;
if (serverToken == null)
{
ss = InitializeSecurityContext(ref _hOutboundCred,
IntPtr.Zero,
_sAccountName, // null string pszTargetName,
STANDARD_CONTEXT_ATTRIBUTES,
0, //int Reserved1,
SECURITY_NETWORK_DREP, //int TargetDataRep
IntPtr.Zero, //Always zero first time around...
0, //int Reserved2,
out _hClientContext, //pHandle CtxtHandle = SecHandle
out ClientToken, //ref SecBufferDesc pOutput, //PSecBufferDesc
out ContextAttributes, //ref int pfContextAttr,
out ClientLifeTime); //ref IntPtr ptsExpiry ); //PTimeStamp
}
else
{
SecBufferDesc ServerToken = new SecBufferDesc(serverToken);
try
{
ss = InitializeSecurityContext(ref _hOutboundCred,
ref _hClientContext,
_sAccountName, // null string pszTargetName,
STANDARD_CONTEXT_ATTRIBUTES,
0, //int Reserved1,
SECURITY_NETWORK_DREP, //int TargetDataRep
ref ServerToken, //Always zero first time around...
0, //int Reserved2,
out _hClientContext, //pHandle CtxtHandle = SecHandle
out ClientToken, //ref SecBufferDesc pOutput, //PSecBufferDesc
out ContextAttributes, //ref int pfContextAttr,
out ClientLifeTime); //ref IntPtr ptsExpiry ); //PTimeStamp
}
finally
{
ServerToken.Dispose();
}
}
if (ss == SEC_E_LOGON_DENIED)
{
throw new Exception("Bad username, password or domain.");
}
else if (ss != SEC_E_OK && ss != SEC_I_CONTINUE_NEEDED)
{
throw new Exception("InitializeSecurityContext() failed!!!");
}
clientToken = ClientToken.GetSecBufferByteArray();
}
finally
{
ClientToken.Dispose();
}
InitializeKerberosStage = ss != SEC_E_OK;
}
public static extern int DecryptMessage(ref SECURITY_HANDLE phContext,
ref SecBufferDesc pMessage,
uint MessageSeqNo,
out uint pfQOP);
public static extern int MakeSignature(ref SECURITY_HANDLE phContext, // Context to use
uint fQOP, // Quality of Protection
ref SecBufferDesc pMessage, // Message to sign
uint MessageSeqNo); // Message Sequence Num.
public void DecryptMessage(int messageLength, byte[] encryptedBuffer, out byte[] decryptedBuffer)
{
decryptedBuffer = null;
SECURITY_HANDLE DecryptionContext = _hClientContext;
byte[] EncryptedMessage = new byte[messageLength];
Array.Copy(encryptedBuffer, 0, EncryptedMessage, 0, messageLength);
int SecurityTrailerLength = encryptedBuffer.Length - messageLength;
byte[] SecurityTrailer = new byte[SecurityTrailerLength];
Array.Copy(encryptedBuffer, messageLength, SecurityTrailer, 0, SecurityTrailerLength);
MultipleSecBufferHelper[] ThisSecHelper = new MultipleSecBufferHelper[]
{
new MultipleSecBufferHelper(EncryptedMessage, SecBufferType.SECBUFFER_DATA),
new MultipleSecBufferHelper(SecurityTrailer, SecBufferType.SECBUFFER_STREAM)
};
SecBufferDesc DescBuffer = new SecBufferDesc(ThisSecHelper);
try
{
uint EncryptionQuality;
if (DecryptMessage(ref DecryptionContext, ref DescBuffer, 0, out EncryptionQuality) != SEC_E_OK)
{
throw new Exception("DecryptMessage() failed!!!");
}
decryptedBuffer = new byte[messageLength];
Array.Copy(DescBuffer.GetSecBufferByteArray(), 0, decryptedBuffer, 0, messageLength);
}
finally
{
DescBuffer.Dispose();
}
}
public static extern int EncryptMessage(ref SECURITY_HANDLE phContext,
uint fQOP, //managed ulong == 64 bits!!!
ref SecBufferDesc pMessage,
uint MessageSeqNo); //managed ulong == 64 bits!!!
private void InitializeClient(byte[] serverToken, out byte[] clientToken)
{
clientToken = null;
SECURITY_INTEGER ClientLifeTime = new SECURITY_INTEGER(0);
if (!_bGotClientCredentials)
{
uint returnValue;
if (!UseWindowsCreds)
{
SEC_WINNT_AUTH_IDENTITY ident = new SEC_WINNT_AUTH_IDENTITY();
ident.User = Username;
ident.UserLength = ident.User.Length;
ident.Domain = Domain;
ident.DomainLength = ident.Domain.Length;
ident.Password = Password;
ident.PasswordLength = ident.Password.Length;
ident.Flags = 0x1;
returnValue = AcquireCredentialsHandle(null, "Kerberos", SECPKG_CRED_OUTBOUND,
IntPtr.Zero, ref ident, 0, IntPtr.Zero,
ref _hOutboundCred, ref ClientLifeTime);
}
else
{
returnValue = AcquireCredentialsHandle(null, "Kerberos", SECPKG_CRED_OUTBOUND,
HANDLE.Zero, HANDLE.Zero, 0, HANDLE.Zero,
ref _hOutboundCred, ref ClientLifeTime);
}
if (returnValue != SEC_E_OK)
{
throw new Exception("Couldn't acquire client credentials");
}
_bGotClientCredentials = true;
}
uint ss;
SecBufferDesc ClientToken = new SecBufferDesc(MAX_TOKEN_SIZE);
try
{
uint ContextAttributes;
if (serverToken == null)
{
ss = InitializeSecurityContext(ref _hOutboundCred,
IntPtr.Zero,
_sAccountName,// null string pszTargetName,
STANDARD_CONTEXT_ATTRIBUTES,
0,//int Reserved1,
SECURITY_NETWORK_DREP, //int TargetDataRep
IntPtr.Zero, //Always zero first time around...
0, //int Reserved2,
out _hClientContext, //pHandle CtxtHandle = SecHandle
out ClientToken,//ref SecBufferDesc pOutput, //PSecBufferDesc
out ContextAttributes,//ref int pfContextAttr,
out ClientLifeTime); //ref IntPtr ptsExpiry ); //PTimeStamp
}
else
{
SecBufferDesc ServerToken = new SecBufferDesc(serverToken);
try
{
ss = InitializeSecurityContext(ref _hOutboundCred,
ref _hClientContext,
_sAccountName,// null string pszTargetName,
STANDARD_CONTEXT_ATTRIBUTES,
0,//int Reserved1,
SECURITY_NETWORK_DREP,//int TargetDataRep
ref ServerToken, //Always zero first time around...
0, //int Reserved2,
out _hClientContext, //pHandle CtxtHandle = SecHandle
out ClientToken,//ref SecBufferDesc pOutput, //PSecBufferDesc
out ContextAttributes,//ref int pfContextAttr,
out ClientLifeTime); //ref IntPtr ptsExpiry ); //PTimeStamp
}
finally
{
ServerToken.Dispose();
}
}
if (ss == SEC_E_LOGON_DENIED)
{
throw new Exception("Bad username, password or domain.");
}
else if (ss != SEC_E_OK && ss != SEC_I_CONTINUE_NEEDED)
{
throw new Exception("InitializeSecurityContext() failed!!!");
}
clientToken = ClientToken.GetSecBufferByteArray();
}
finally
{
ClientToken.Dispose();
}
InitializeKerberosStage = ss != SEC_E_OK;
}
public void EncryptMessage(byte[] message, out byte[] encryptedBuffer)
{
encryptedBuffer = null;
SECURITY_HANDLE EncryptionContext = _hClientContext;
SecPkgContext_Sizes ContextSizes;
if (QueryContextAttributes(ref EncryptionContext,
SECPKG_ATTR_SIZES, out ContextSizes) != SEC_E_OK)
{
throw new Exception("QueryContextAttribute() failed!!!");
}
MultipleSecBufferHelper[] ThisSecHelper = new MultipleSecBufferHelper[]
{
new MultipleSecBufferHelper(new byte[ContextSizes.cbSecurityTrailer],
SecBufferType.SECBUFFER_TOKEN),
new MultipleSecBufferHelper(message, SecBufferType.SECBUFFER_DATA),
new MultipleSecBufferHelper(new byte[ContextSizes.cbBlockSize],
SecBufferType.SECBUFFER_PADDING)
};
SecBufferDesc DescBuffer = new SecBufferDesc(ThisSecHelper);
try
{
if (EncryptMessage(ref EncryptionContext,
SECQOP_WRAP_NO_ENCRYPT, ref DescBuffer, 0) != SEC_E_OK)
{
throw new Exception("EncryptMessage() failed!!!");
}
encryptedBuffer = DescBuffer.GetSecBufferByteArray();
}
finally
{
DescBuffer.Dispose();
}
}
public static extern int VerifySignature(ref SECURITY_HANDLE phContext, // Context to use
ref SecBufferDesc pMessage, // Message to sign
uint MessageSeqNo, // Message Sequence Num.
out uint pfQOP); // Quality of Protection
public static extern int MakeSignature(ref SECURITY_HANDLE phContext, // Context to use
uint fQOP, // Quality of Protection
ref SecBufferDesc pMessage, // Message to sign
uint MessageSeqNo); // Message Sequence Num.
public static extern int DecryptMessage(ref SECURITY_HANDLE phContext,
ref SecBufferDesc pMessage,
uint MessageSeqNo,
out uint pfQOP);
public static extern int EncryptMessage(ref SECURITY_HANDLE phContext,
uint fQOP, //managed ulong == 64 bits!!!
ref SecBufferDesc pMessage,
uint MessageSeqNo); //managed ulong == 64 bits!!!
static extern uint InitializeSecurityContext(
ref SECURITY_HANDLE phCredential,//PCredHandle
ref SECURITY_HANDLE phContext, //PCtxtHandle
string pszTargetName,
int fContextReq,
int Reserved1,
int TargetDataRep,
ref SecBufferDesc SecBufferDesc, //PSecBufferDesc SecBufferDesc
int Reserved2,
out SECURITY_HANDLE phNewContext, //PCtxtHandle
out SecBufferDesc pOutput, //PSecBufferDesc SecBufferDesc
out uint pfContextAttr, //managed ulong == 64 bits!!!
out SECURITY_INTEGER ptsExpiry); //PTimeStamp