| static private CompleteAuthToken ( System.Net.Security.SSPIInterface secModule, SafeDeleteContext &context, SecurityBuffer inputBuffers ) : int | ||
| secModule | System.Net.Security.SSPIInterface | |
| context | SafeDeleteContext | |
| inputBuffers | SecurityBuffer | |
| return | int | |
internal string GetOutgoingDigestBlob(string incomingBlob, string requestMethod, string requestedUri, string realm, bool isClientPreAuth, bool throwOnError, out SecurityStatus statusCode)
{
SecurityBuffer[] inputBuffers = null;
SecurityBuffer outputBuffer = new SecurityBuffer(this.m_TokenSize, isClientPreAuth ? BufferType.Parameters : BufferType.Token);
bool flag = this.m_SecurityContext == null;
try
{
if (!this.m_IsServer)
{
if (!isClientPreAuth)
{
if (incomingBlob != null)
{
List <SecurityBuffer> list = new List <SecurityBuffer>(5)
{
new SecurityBuffer(WebHeaderCollection.HeaderEncoding.GetBytes(incomingBlob), 2),
new SecurityBuffer(WebHeaderCollection.HeaderEncoding.GetBytes(requestMethod), 3),
new SecurityBuffer(null, 3),
new SecurityBuffer(Encoding.Unicode.GetBytes(this.m_Spn), 0x10)
};
if (this.m_ChannelBinding != null)
{
list.Add(new SecurityBuffer(this.m_ChannelBinding));
}
inputBuffers = list.ToArray();
}
statusCode = (SecurityStatus)SSPIWrapper.InitializeSecurityContext(GlobalSSPI.SSPIAuth, this.m_CredentialsHandle, ref this.m_SecurityContext, requestedUri, this.m_RequestedContextFlags, Endianness.Network, inputBuffers, outputBuffer, ref this.m_ContextFlags);
}
else
{
statusCode = SecurityStatus.OK;
}
}
else
{
List <SecurityBuffer> list2 = new List <SecurityBuffer>(6)
{
(incomingBlob == null) ? new SecurityBuffer(0, BufferType.Token) : new SecurityBuffer(WebHeaderCollection.HeaderEncoding.GetBytes(incomingBlob), BufferType.Token),
(requestMethod == null) ? new SecurityBuffer(0, BufferType.Parameters) : new SecurityBuffer(WebHeaderCollection.HeaderEncoding.GetBytes(requestMethod), BufferType.Parameters),
(requestedUri == null) ? new SecurityBuffer(0, BufferType.Parameters) : new SecurityBuffer(WebHeaderCollection.HeaderEncoding.GetBytes(requestedUri), BufferType.Parameters),
new SecurityBuffer(0, BufferType.Parameters),
(realm == null) ? new SecurityBuffer(0, BufferType.Parameters) : new SecurityBuffer(Encoding.Unicode.GetBytes(realm), BufferType.Parameters)
};
if (this.m_ChannelBinding != null)
{
list2.Add(new SecurityBuffer(this.m_ChannelBinding));
}
inputBuffers = list2.ToArray();
statusCode = (SecurityStatus)SSPIWrapper.AcceptSecurityContext(GlobalSSPI.SSPIAuth, this.m_CredentialsHandle, ref this.m_SecurityContext, this.m_RequestedContextFlags, Endianness.Network, inputBuffers, outputBuffer, ref this.m_ContextFlags);
if (statusCode == SecurityStatus.CompleteNeeded)
{
inputBuffers[4] = outputBuffer;
statusCode = (SecurityStatus)SSPIWrapper.CompleteAuthToken(GlobalSSPI.SSPIAuth, ref this.m_SecurityContext, inputBuffers);
outputBuffer.token = null;
}
}
}
finally
{
if (flag && (this.m_CredentialsHandle != null))
{
this.m_CredentialsHandle.Close();
}
}
if ((statusCode & ((SecurityStatus)(-2147483648))) != SecurityStatus.OK)
{
this.CloseContext();
if (throwOnError)
{
Win32Exception exception = new Win32Exception((int)statusCode);
throw exception;
}
return(null);
}
if (flag && (this.m_CredentialsHandle != null))
{
SSPIHandleCache.CacheCredential(this.m_CredentialsHandle);
}
if (statusCode == SecurityStatus.OK)
{
this.m_IsCompleted = true;
}
byte[] token = outputBuffer.token;
string str = null;
if ((token != null) && (token.Length > 0))
{
str = WebHeaderCollection.HeaderEncoding.GetString(token, 0, outputBuffer.size);
}
return(str);
}
// Accepts an incoming binary security blob and returns an outgoing binary security blob.
internal byte[] GetOutgoingBlob(byte[] incomingBlob, bool throwOnError, out Interop.SecurityStatus statusCode)
{
GlobalLog.Enter("NTAuthentication#" + LoggingHash.HashString(this) + "::GetOutgoingBlob", ((incomingBlob == null) ? "0" : incomingBlob.Length.ToString(NumberFormatInfo.InvariantInfo)) + " bytes");
var list = new List <SecurityBuffer>(2);
if (incomingBlob != null)
{
list.Add(new SecurityBuffer(incomingBlob, SecurityBufferType.Token));
}
if (_channelBinding != null)
{
list.Add(new SecurityBuffer(_channelBinding));
}
SecurityBuffer[] inSecurityBufferArray = null;
if (list.Count > 0)
{
inSecurityBufferArray = list.ToArray();
}
var outSecurityBuffer = new SecurityBuffer(_tokenSize, SecurityBufferType.Token);
bool firstTime = _securityContext == null;
try
{
if (!_isServer)
{
// client session
statusCode = (Interop.SecurityStatus)SSPIWrapper.InitializeSecurityContext(
GlobalSSPI.SSPIAuth,
_credentialsHandle,
ref _securityContext,
_spn,
_requestedContextFlags,
Interop.SspiCli.Endianness.Network,
inSecurityBufferArray,
outSecurityBuffer,
ref _contextFlags);
GlobalLog.Print("NTAuthentication#" + LoggingHash.HashString(this) + "::GetOutgoingBlob() SSPIWrapper.InitializeSecurityContext() returns statusCode:0x" + ((int)statusCode).ToString("x8", NumberFormatInfo.InvariantInfo) + " (" + statusCode.ToString() + ")");
if (statusCode == Interop.SecurityStatus.CompleteNeeded)
{
var inSecurityBuffers = new SecurityBuffer[1];
inSecurityBuffers[0] = outSecurityBuffer;
statusCode = (Interop.SecurityStatus)SSPIWrapper.CompleteAuthToken(
GlobalSSPI.SSPIAuth,
ref _securityContext,
inSecurityBuffers);
GlobalLog.Print("NTAuthentication#" + LoggingHash.HashString(this) + "::GetOutgoingDigestBlob() SSPIWrapper.CompleteAuthToken() returns statusCode:0x" + ((int)statusCode).ToString("x8", NumberFormatInfo.InvariantInfo) + " (" + statusCode.ToString() + ")");
outSecurityBuffer.token = null;
}
}
else
{
// Server session.
statusCode = (Interop.SecurityStatus)SSPIWrapper.AcceptSecurityContext(
GlobalSSPI.SSPIAuth,
_credentialsHandle,
ref _securityContext,
_requestedContextFlags,
Interop.SspiCli.Endianness.Network,
inSecurityBufferArray,
outSecurityBuffer,
ref _contextFlags);
GlobalLog.Print("NTAuthentication#" + LoggingHash.HashString(this) + "::GetOutgoingBlob() SSPIWrapper.AcceptSecurityContext() returns statusCode:0x" + ((int)statusCode).ToString("x8", NumberFormatInfo.InvariantInfo) + " (" + statusCode.ToString() + ")");
}
}
finally
{
//
// Assuming the ISC or ASC has referenced the credential on the first successful call,
// we want to decrement the effective ref count by "disposing" it.
// The real dispose will happen when the security context is closed.
// Note if the first call was not successful the handle is physically destroyed here.
//
if (firstTime && _credentialsHandle != null)
{
_credentialsHandle.Dispose();
}
}
if (((int)statusCode & unchecked ((int)0x80000000)) != 0)
{
CloseContext();
_isCompleted = true;
if (throwOnError)
{
var exception = new Win32Exception((int)statusCode);
GlobalLog.Leave("NTAuthentication#" + LoggingHash.HashString(this) + "::GetOutgoingBlob", "Win32Exception:" + exception);
throw exception;
}
GlobalLog.Leave("NTAuthentication#" + LoggingHash.HashString(this) + "::GetOutgoingBlob", "null statusCode:0x" + ((int)statusCode).ToString("x8", NumberFormatInfo.InvariantInfo) + " (" + statusCode.ToString() + ")");
return(null);
}
else if (firstTime && _credentialsHandle != null)
{
// Cache until it is pushed out by newly incoming handles.
SSPIHandleCache.CacheCredential(_credentialsHandle);
}
// The return value from SSPI will tell us correctly if the
// handshake is over or not: http://msdn.microsoft.com/library/psdk/secspi/sspiref_67p0.htm
// we also have to consider the case in which SSPI formed a new context, in this case we're done as well.
if (statusCode == Interop.SecurityStatus.OK)
{
// Success.
if ((statusCode == Interop.SecurityStatus.OK) && GlobalLog.IsEnabled)
{
GlobalLog.AssertFormat("NTAuthentication#{0}::GetOutgoingBlob()|statusCode:[0x{1:x8}] ({2}) m_SecurityContext#{3}::Handle:[{4}] [STATUS != OK]", LoggingHash.HashString(this), (int)statusCode, statusCode, LoggingHash.HashString(_securityContext), LoggingHash.ObjectToString(_securityContext));
}
_isCompleted = true;
}
else
{
// We need to continue.
GlobalLog.Print("NTAuthentication#" + LoggingHash.HashString(this) + "::GetOutgoingBlob() need continue statusCode:[0x" + ((int)statusCode).ToString("x8", NumberFormatInfo.InvariantInfo) + "] (" + statusCode.ToString() + ") m_SecurityContext#" + LoggingHash.HashString(_securityContext) + "::Handle:" + LoggingHash.ObjectToString(_securityContext) + "]");
}
GlobalLog.Leave("NTAuthentication#" + LoggingHash.HashString(this) + "::GetOutgoingBlob", "IsCompleted:" + IsCompleted.ToString());
return(outSecurityBuffer.token);
}
internal byte[] GetOutgoingBlob(byte[] incomingBlob, bool throwOnError, out SecurityStatus statusCode)
{
List <SecurityBuffer> list = new List <SecurityBuffer>(2);
if (incomingBlob != null)
{
list.Add(new SecurityBuffer(incomingBlob, BufferType.Token));
}
if (this.m_ChannelBinding != null)
{
list.Add(new SecurityBuffer(this.m_ChannelBinding));
}
SecurityBuffer[] inputBuffers = null;
if (list.Count > 0)
{
inputBuffers = list.ToArray();
}
SecurityBuffer outputBuffer = new SecurityBuffer(this.m_TokenSize, BufferType.Token);
bool flag = this.m_SecurityContext == null;
try
{
if (!this.m_IsServer)
{
statusCode = (SecurityStatus)SSPIWrapper.InitializeSecurityContext(GlobalSSPI.SSPIAuth, this.m_CredentialsHandle, ref this.m_SecurityContext, this.m_Spn, this.m_RequestedContextFlags, Endianness.Network, inputBuffers, outputBuffer, ref this.m_ContextFlags);
if (statusCode == SecurityStatus.CompleteNeeded)
{
SecurityBuffer[] bufferArray2 = new SecurityBuffer[] { outputBuffer };
statusCode = (SecurityStatus)SSPIWrapper.CompleteAuthToken(GlobalSSPI.SSPIAuth, ref this.m_SecurityContext, bufferArray2);
outputBuffer.token = null;
}
}
else
{
statusCode = (SecurityStatus)SSPIWrapper.AcceptSecurityContext(GlobalSSPI.SSPIAuth, this.m_CredentialsHandle, ref this.m_SecurityContext, this.m_RequestedContextFlags, Endianness.Network, inputBuffers, outputBuffer, ref this.m_ContextFlags);
}
}
finally
{
if (flag && (this.m_CredentialsHandle != null))
{
this.m_CredentialsHandle.Close();
}
}
if ((statusCode & ((SecurityStatus)(-2147483648))) != SecurityStatus.OK)
{
this.CloseContext();
this.m_IsCompleted = true;
if (throwOnError)
{
Win32Exception exception = new Win32Exception((int)statusCode);
throw exception;
}
return(null);
}
if (flag && (this.m_CredentialsHandle != null))
{
SSPIHandleCache.CacheCredential(this.m_CredentialsHandle);
}
if (statusCode == SecurityStatus.OK)
{
this.m_IsCompleted = true;
}
return(outputBuffer.token);
}
