public unsafe int VerifySignature(SafeDeleteContext context, SecurityBufferDescriptor inputOutput, uint sequenceNumber) { int status = (int)SecurityStatus.InvalidHandle; bool b = false; uint qop = 0; RuntimeHelpers.PrepareConstrainedRegions(); try { context.DangerousAddRef(ref b); } catch (Exception e) { if (b) { context.DangerousRelease(); b = false; } if (!(e is ObjectDisposedException)) { throw; } } finally { if (b) { status = UnsafeNclNativeMethods.NativeNTSSPI.DecryptMessage(ref context._handle, inputOutput, sequenceNumber, &qop); context.DangerousRelease(); } } return(status); }
private unsafe int VerifySignatureHelper(SafeDeleteContext context, SecurityBufferDescriptor inputOutput, uint sequenceNumber) { int num = -2146893055; bool success = false; uint qualityOfProtection = 0; RuntimeHelpers.PrepareConstrainedRegions(); try { context.DangerousAddRef(ref success); } catch (Exception exception) { if (success) { context.DangerousRelease(); success = false; } if (!(exception is ObjectDisposedException)) { throw; } } finally { if (success) { num = UnsafeNclNativeMethods.NativeNTSSPI.DecryptMessage(ref context._handle, inputOutput, sequenceNumber, &qualityOfProtection); context.DangerousRelease(); } } return(num); }
private int DecryptMessageHelper9x(SafeDeleteContext context, SecurityBufferDescriptor inputOutput, uint sequenceNumber) { int num = -2146893055; bool success = false; RuntimeHelpers.PrepareConstrainedRegions(); try { context.DangerousAddRef(ref success); } catch (Exception exception) { if (success) { context.DangerousRelease(); success = false; } if (!(exception is ObjectDisposedException)) { throw; } } finally { if (success) { num = UnsafeNclNativeMethods.NativeSSLWin9xSSPI.UnsealMessage(ref context._handle, inputOutput, IntPtr.Zero, sequenceNumber); context.DangerousRelease(); } } return(num); }
public int MakeSignature(SafeDeleteContext context, SecurityBufferDescriptor inputOutput, uint sequenceNumber) { int status = (int)SecurityStatus.InvalidHandle; bool b = false; RuntimeHelpers.PrepareConstrainedRegions(); try { context.DangerousAddRef(ref b); } catch (Exception e) { if (b) { context.DangerousRelease(); b = false; } if (!(e is ObjectDisposedException)) { throw; } } finally { if (b) { const uint SECQOP_WRAP_NO_ENCRYPT = 0x80000001; status = UnsafeNclNativeMethods.NativeNTSSPI.EncryptMessage(ref context._handle, SECQOP_WRAP_NO_ENCRYPT, inputOutput, sequenceNumber); context.DangerousRelease(); } } return(status); }
public int DecryptMessage(SafeDeleteContext context, SecurityBufferDescriptor inputOutput, uint sequenceNumber) { if (ComNetOS.IsWin9x) { return(this.DecryptMessageHelper9x(context, inputOutput, sequenceNumber)); } return(this.DecryptMessageHelper(context, inputOutput, sequenceNumber)); }
public int DecryptMessage(SafeDeleteContext context, SecurityBufferDescriptor inputOutput, uint sequenceNumber) { if (ComNetOS.IsWin9x) { throw ExceptionHelper.MethodNotImplementedException; } return this.DecryptMessageHelper(context, inputOutput, sequenceNumber); }
public int EncryptMessage(SafeDeleteContext context, SecurityBufferDescriptor inputOutput, uint sequenceNumber) { if (ComNetOS.IsWin9x) { throw ExceptionHelper.MethodNotImplementedException; } return(this.EncryptMessageHelper(context, inputOutput, sequenceNumber)); }
public static int UnsealMessage( SSPIInterface SecModule, ref long context, int QOP, SecurityBufferClass[] input, int sequenceNumber) { GCHandle[] handleIn = PinBuffers(input); SecurityBufferDescriptor sdcInOut = new SecurityBufferDescriptor(input); int errorCode = SecModule.UnsealMessage(ref context, ref sdcInOut, QOP, sequenceNumber); SecurityBufferClass[] result = sdcInOut.marshall(); for (int k = 0; k < input.Length; k++) { input[k] = result[k]; } sdcInOut.FreeAllBuffers(0); FreeGCHandles(handleIn); return(errorCode); }
public unsafe int DecryptMessage(SafeDeleteContext context, SecurityBufferDescriptor inputOutput, uint sequenceNumber) { int status = (int)SecurityStatus.InvalidHandle; bool b = false; uint qop = 0; RuntimeHelpers.PrepareConstrainedRegions(); try { context.DangerousAddRef(ref b); } catch (Exception e) { if (b) { context.DangerousRelease(); b = false; } if (!(e is ObjectDisposedException)) { throw; } } finally { if (b) { status = UnsafeNclNativeMethods.NativeNTSSPI.DecryptMessage(ref context._handle, inputOutput, sequenceNumber, &qop); context.DangerousRelease(); } } const uint SECQOP_WRAP_NO_ENCRYPT = 0x80000001; if (status == 0 && qop == SECQOP_WRAP_NO_ENCRYPT) { GlobalLog.Assert("NativeNTSSPI.DecryptMessage", "Expected qop = 0, returned value = " + qop.ToString("x", CultureInfo.InvariantCulture)); throw new InvalidOperationException(SR.GetString(SR.net_auth_message_not_encrypted)); } return(status); }
private unsafe int DecryptMessageHelper(SafeDeleteContext context, SecurityBufferDescriptor inputOutput, uint sequenceNumber) { int num = -2146893055; bool success = false; uint qualityOfProtection = 0; RuntimeHelpers.PrepareConstrainedRegions(); try { context.DangerousAddRef(ref success); } catch (Exception exception) { if (success) { context.DangerousRelease(); success = false; } if (!(exception is ObjectDisposedException)) { throw; } } finally { if (success) { num = UnsafeNclNativeMethods.NativeNTSSPI.DecryptMessage(ref context._handle, inputOutput, sequenceNumber, &qualityOfProtection); context.DangerousRelease(); } } if ((num == 0) && (qualityOfProtection == 0x80000001)) { throw new InvalidOperationException(SR.GetString("net_auth_message_not_encrypted")); } return(num); }
private unsafe int DecryptMessageHelper(SafeDeleteContext context, SecurityBufferDescriptor inputOutput, uint sequenceNumber) { int num = -2146893055; bool success = false; uint qualityOfProtection = 0; RuntimeHelpers.PrepareConstrainedRegions(); try { context.DangerousAddRef(ref success); } catch (Exception exception) { if (success) { context.DangerousRelease(); success = false; } if (!(exception is ObjectDisposedException)) { throw; } } finally { if (success) { num = UnsafeNclNativeMethods.NativeNTSSPI.DecryptMessage(ref context._handle, inputOutput, sequenceNumber, &qualityOfProtection); context.DangerousRelease(); } } if ((num == 0) && (qualityOfProtection == 0x80000001)) { throw new InvalidOperationException(SR.GetString("net_auth_message_not_encrypted")); } return num; }
private static unsafe int EncryptDecryptHelper(OP op, SSPIInterface SecModule, SafeDeleteContext context, SecurityBuffer[] input, uint sequenceNumber) { SecurityBufferDescriptor inputOutput = new SecurityBufferDescriptor(input.Length); SecurityBufferStruct[] structArray = new SecurityBufferStruct[input.Length]; fixed(SecurityBufferStruct *structRef = structArray) { int num6; inputOutput.UnmanagedPointer = (void *)structRef; GCHandle[] handleArray = new GCHandle[input.Length]; byte[][] bufferArray = new byte[input.Length][]; try { int num2; for (int i = 0; i < input.Length; i++) { SecurityBuffer buffer = input[i]; structArray[i].count = buffer.size; structArray[i].type = buffer.type; if ((buffer.token == null) || (buffer.token.Length == 0)) { structArray[i].token = IntPtr.Zero; } else { handleArray[i] = GCHandle.Alloc(buffer.token, GCHandleType.Pinned); structArray[i].token = Marshal.UnsafeAddrOfPinnedArrayElement(buffer.token, buffer.offset); bufferArray[i] = buffer.token; } } switch (op) { case OP.Encrypt: num2 = SecModule.EncryptMessage(context, inputOutput, sequenceNumber); break; case OP.Decrypt: num2 = SecModule.DecryptMessage(context, inputOutput, sequenceNumber); break; case OP.MakeSignature: num2 = SecModule.MakeSignature(context, inputOutput, sequenceNumber); break; case OP.VerifySignature: num2 = SecModule.VerifySignature(context, inputOutput, sequenceNumber); break; default: throw ExceptionHelper.MethodNotImplementedException; } for (int j = 0; j < input.Length; j++) { SecurityBuffer buffer2 = input[j]; buffer2.size = structArray[j].count; buffer2.type = structArray[j].type; if (buffer2.size == 0) { buffer2.offset = 0; buffer2.token = null; } else { int index = 0; while (index < input.Length) { if (bufferArray[index] != null) { byte *numPtr = (byte *)Marshal.UnsafeAddrOfPinnedArrayElement(bufferArray[index], 0); if ((((void *)structArray[j].token) >= numPtr) && ((((void *)structArray[j].token) + buffer2.size) <= (numPtr + bufferArray[index].Length))) { buffer2.offset = (int)((long)((((void *)structArray[j].token) - numPtr) / 1)); buffer2.token = bufferArray[index]; break; } } index++; } if (index >= input.Length) { buffer2.size = 0; buffer2.offset = 0; buffer2.token = null; } } } if ((num2 != 0) && Logging.On) { if (num2 == 0x90321) { Logging.PrintError(Logging.Web, SR.GetString("net_log_operation_returned_something", new object[] { op, "SEC_I_RENEGOTIATE" })); } else { Logging.PrintError(Logging.Web, SR.GetString("net_log_operation_failed_with_error", new object[] { op, string.Format(CultureInfo.CurrentCulture, "0X{0:X}", new object[] { num2 }) })); } } num6 = num2; } finally { for (int k = 0; k < handleArray.Length; k++) { if (handleArray[k].IsAllocated) { handleArray[k].Free(); } } } return(num6); } }
public int VerifySignature(SafeDeleteContext context, SecurityBufferDescriptor inputOutput, uint sequenceNumber) { throw ExceptionHelper.MethodNotSupportedException; }
internal static unsafe int InitializeSecurityContext(SecurDll dll, ref SafeFreeCredentials inCredentials, ref SafeDeleteContext refContext, string targetName, ContextFlags inFlags, Endianness endianness, SecurityBuffer inSecBuffer, SecurityBuffer[] inSecBuffers, SecurityBuffer outSecBuffer, ref ContextFlags outFlags) { if (inCredentials == null) { throw new ArgumentNullException("inCredentials"); } SecurityBufferDescriptor inputBuffer = null; if (inSecBuffer != null) { inputBuffer = new SecurityBufferDescriptor(1); } else if (inSecBuffers != null) { inputBuffer = new SecurityBufferDescriptor(inSecBuffers.Length); } SecurityBufferDescriptor outputBuffer = new SecurityBufferDescriptor(1); bool flag = (inFlags & ContextFlags.AllocateMemory) != ContextFlags.Zero; int num = -1; SSPIHandle handle = new SSPIHandle(); if (refContext != null) { handle = refContext._handle; } GCHandle[] handleArray = null; GCHandle handle2 = new GCHandle(); SafeFreeContextBuffer handleTemplate = null; try { handle2 = GCHandle.Alloc(outSecBuffer.token, GCHandleType.Pinned); SecurityBufferStruct[] structArray = new SecurityBufferStruct[(inputBuffer == null) ? 1 : inputBuffer.Count]; try { SecurityBufferStruct[] structArray3; if (((structArray3 = structArray) == null) || (structArray3.Length == 0)) { ptrRef = null; goto Label_00A6; } fixed(IntPtr *ptrRef = structArray3) { Label_00A6: if (inputBuffer != null) { inputBuffer.UnmanagedPointer = (void *)ptrRef; handleArray = new GCHandle[inputBuffer.Count]; for (int i = 0; i < inputBuffer.Count; i++) { SecurityBuffer buffer2 = (inSecBuffer != null) ? inSecBuffer : inSecBuffers[i]; if (buffer2 != null) { structArray[i].count = buffer2.size; structArray[i].type = buffer2.type; if (buffer2.unmanagedToken != null) { structArray[i].token = buffer2.unmanagedToken.DangerousGetHandle(); } else if ((buffer2.token == null) || (buffer2.token.Length == 0)) { structArray[i].token = IntPtr.Zero; } else { handleArray[i] = GCHandle.Alloc(buffer2.token, GCHandleType.Pinned); structArray[i].token = Marshal.UnsafeAddrOfPinnedArrayElement(buffer2.token, buffer2.offset); } } } } SecurityBufferStruct[] structArray2 = new SecurityBufferStruct[1]; try { SecurityBufferStruct[] structArray4; if (((structArray4 = structArray2) == null) || (structArray4.Length == 0)) { ptrRef2 = null; goto Label_01CC; } fixed(IntPtr *ptrRef2 = structArray4) { ref byte pinned numRef; ref byte pinned numRef2; Label_01CC: outputBuffer.UnmanagedPointer = (void *)ptrRef2; structArray2[0].count = outSecBuffer.size; structArray2[0].type = outSecBuffer.type; if ((outSecBuffer.token == null) || (outSecBuffer.token.Length == 0)) { structArray2[0].token = IntPtr.Zero; } else { structArray2[0].token = Marshal.UnsafeAddrOfPinnedArrayElement(outSecBuffer.token, outSecBuffer.offset); } if (flag) { handleTemplate = SafeFreeContextBuffer.CreateEmptyHandle(dll); } switch (dll) { case SecurDll.SECURITY: if ((refContext == null) || refContext.IsInvalid) { refContext = new SafeDeleteContext_SECURITY(); } if ((targetName == null) || (targetName.Length == 0)) { targetName = " "; } fixed(char *str = ((char *)targetName)) { char *chPtr = str; num = MustRunInitializeSecurityContext_SECURITY(ref inCredentials, handle.IsZero ? null : ((void *)&handle), (targetName == " ") ? null : ((byte *)chPtr), inFlags, endianness, inputBuffer, refContext, outputBuffer, ref outFlags, handleTemplate); goto Label_044B; } break; case SecurDll.SECUR32: break; case SecurDll.SCHANNEL: goto Label_0381; default: goto Label_0423; } if ((refContext == null) || refContext.IsInvalid) { refContext = new SafeDeleteContext_SECUR32(); } byte[] dummyBytes = SafeDeleteContext.dummyBytes; if ((targetName != null) && (targetName.Length != 0)) { dummyBytes = new byte[targetName.Length + 2]; Encoding.Default.GetBytes(targetName, 0, targetName.Length, dummyBytes, 0); } try { byte[] buffer5; if (((buffer5 = dummyBytes) == null) || (buffer5.Length == 0)) { numRef = null; } else { numRef = buffer5; } num = MustRunInitializeSecurityContext_SECUR32(ref inCredentials, handle.IsZero ? null : ((void *)&handle), (dummyBytes == SafeDeleteContext.dummyBytes) ? null : numRef, inFlags, endianness, inputBuffer, refContext, outputBuffer, ref outFlags, handleTemplate); goto Label_044B; } finally { numRef = null; } Label_0381: if ((refContext == null) || refContext.IsInvalid) { refContext = new SafeDeleteContext_SCHANNEL(); } byte[] bytes = SafeDeleteContext.dummyBytes; if ((targetName != null) && (targetName.Length != 0)) { bytes = new byte[targetName.Length + 2]; Encoding.Default.GetBytes(targetName, 0, targetName.Length, bytes, 0); } try { byte[] buffer6; if (((buffer6 = bytes) == null) || (buffer6.Length == 0)) { numRef2 = null; } else { numRef2 = buffer6; } num = MustRunInitializeSecurityContext_SCHANNEL(ref inCredentials, handle.IsZero ? null : ((void *)&handle), (bytes == SafeDeleteContext.dummyBytes) ? null : numRef2, inFlags, endianness, inputBuffer, refContext, outputBuffer, ref outFlags, handleTemplate); goto Label_044B; } finally { numRef2 = null; } Label_0423 :; throw new ArgumentException(SR.GetString("net_invalid_enum", new object[] { "SecurDll" }), "Dll"); Label_044B: outSecBuffer.size = structArray2[0].count; outSecBuffer.type = structArray2[0].type; if (outSecBuffer.size > 0) { outSecBuffer.token = new byte[outSecBuffer.size]; Marshal.Copy(structArray2[0].token, outSecBuffer.token, 0, outSecBuffer.size); return(num); } outSecBuffer.token = null; return(num); } } finally { ptrRef2 = null; } return(num); } }
internal static unsafe int CompleteAuthToken(SecurDll dll, ref SafeDeleteContext refContext, SecurityBuffer[] inSecBuffers) { SecurityBufferStruct[] structArray2; SecurityBufferDescriptor inputBuffers = new SecurityBufferDescriptor(inSecBuffers.Length); int num = -2146893055; GCHandle[] handleArray = null; SecurityBufferStruct[] structArray = new SecurityBufferStruct[inputBuffers.Count]; if (((structArray2 = structArray) != null) && (structArray2.Length != 0)) { goto Label_002F; } fixed(IntPtr *ptrRef = null) { goto Label_0039; Label_002F: ptrRef = structArray2; Label_0039: inputBuffers.UnmanagedPointer = (void *)ptrRef; handleArray = new GCHandle[inputBuffers.Count]; for (int i = 0; i < inputBuffers.Count; i++) { SecurityBuffer buffer = inSecBuffers[i]; if (buffer != null) { structArray[i].count = buffer.size; structArray[i].type = buffer.type; if (buffer.unmanagedToken != null) { structArray[i].token = buffer.unmanagedToken.DangerousGetHandle(); } else if ((buffer.token == null) || (buffer.token.Length == 0)) { structArray[i].token = IntPtr.Zero; } else { handleArray[i] = GCHandle.Alloc(buffer.token, GCHandleType.Pinned); structArray[i].token = Marshal.UnsafeAddrOfPinnedArrayElement(buffer.token, buffer.offset); } } } SSPIHandle handle = new SSPIHandle(); if (refContext != null) { handle = refContext._handle; } try { if (dll == SecurDll.SECURITY) { if ((refContext == null) || refContext.IsInvalid) { refContext = new SafeDeleteContext_SECURITY(); } bool success = false; RuntimeHelpers.PrepareConstrainedRegions(); try { try { refContext.DangerousAddRef(ref success); } catch (Exception exception) { if (success) { refContext.DangerousRelease(); success = false; } if (!(exception is ObjectDisposedException)) { throw; } } goto Label_0201; } finally { if (success) { num = UnsafeNclNativeMethods.SafeNetHandles_SECURITY.CompleteAuthToken(handle.IsZero ? null : ((void *)&handle), inputBuffers); refContext.DangerousRelease(); } } } throw new ArgumentException(SR.GetString("net_invalid_enum", new object[] { "SecurDll" }), "Dll"); } finally { if (handleArray != null) { for (int j = 0; j < handleArray.Length; j++) { if (handleArray[j].IsAllocated) { handleArray[j].Free(); } } } } } Label_0201 :; return(num); }
internal static unsafe int AcceptSecurityContext(SecurDll dll, ref SafeFreeCredentials inCredentials, ref SafeDeleteContext refContext, ContextFlags inFlags, Endianness endianness, SecurityBuffer inSecBuffer, SecurityBuffer[] inSecBuffers, SecurityBuffer outSecBuffer, ref ContextFlags outFlags) { if (inCredentials == null) { throw new ArgumentNullException("inCredentials"); } SecurityBufferDescriptor inputBuffer = null; if (inSecBuffer != null) { inputBuffer = new SecurityBufferDescriptor(1); } else if (inSecBuffers != null) { inputBuffer = new SecurityBufferDescriptor(inSecBuffers.Length); } SecurityBufferDescriptor outputBuffer = new SecurityBufferDescriptor(1); bool flag = (inFlags & ContextFlags.AllocateMemory) != ContextFlags.Zero; int num = -1; SSPIHandle handle = new SSPIHandle(); if (refContext != null) { handle = refContext._handle; } GCHandle[] handleArray = null; GCHandle handle2 = new GCHandle(); SafeFreeContextBuffer handleTemplate = null; try { handle2 = GCHandle.Alloc(outSecBuffer.token, GCHandleType.Pinned); SecurityBufferStruct[] structArray = new SecurityBufferStruct[(inputBuffer == null) ? 1 : inputBuffer.Count]; try { SecurityBufferStruct[] structArray3; if (((structArray3 = structArray) == null) || (structArray3.Length == 0)) { ptrRef = null; goto Label_00A5; } fixed(IntPtr *ptrRef = structArray3) { Label_00A5: if (inputBuffer != null) { inputBuffer.UnmanagedPointer = (void *)ptrRef; handleArray = new GCHandle[inputBuffer.Count]; for (int i = 0; i < inputBuffer.Count; i++) { SecurityBuffer buffer2 = (inSecBuffer != null) ? inSecBuffer : inSecBuffers[i]; if (buffer2 != null) { structArray[i].count = buffer2.size; structArray[i].type = buffer2.type; if (buffer2.unmanagedToken != null) { structArray[i].token = buffer2.unmanagedToken.DangerousGetHandle(); } else if ((buffer2.token == null) || (buffer2.token.Length == 0)) { structArray[i].token = IntPtr.Zero; } else { handleArray[i] = GCHandle.Alloc(buffer2.token, GCHandleType.Pinned); structArray[i].token = Marshal.UnsafeAddrOfPinnedArrayElement(buffer2.token, buffer2.offset); } } } } SecurityBufferStruct[] structArray2 = new SecurityBufferStruct[1]; try { SecurityBufferStruct[] structArray4; if (((structArray4 = structArray2) == null) || (structArray4.Length == 0)) { ptrRef2 = null; goto Label_01CB; } fixed(IntPtr *ptrRef2 = structArray4) { Label_01CB: outputBuffer.UnmanagedPointer = (void *)ptrRef2; structArray2[0].count = outSecBuffer.size; structArray2[0].type = outSecBuffer.type; if ((outSecBuffer.token == null) || (outSecBuffer.token.Length == 0)) { structArray2[0].token = IntPtr.Zero; } else { structArray2[0].token = Marshal.UnsafeAddrOfPinnedArrayElement(outSecBuffer.token, outSecBuffer.offset); } if (flag) { handleTemplate = SafeFreeContextBuffer.CreateEmptyHandle(dll); } switch (dll) { case SecurDll.SECURITY: if ((refContext == null) || refContext.IsInvalid) { refContext = new SafeDeleteContext_SECURITY(); } num = MustRunAcceptSecurityContext_SECURITY(ref inCredentials, handle.IsZero ? null : ((void *)&handle), inputBuffer, inFlags, endianness, refContext, outputBuffer, ref outFlags, handleTemplate); break; case SecurDll.SECUR32: if ((refContext == null) || refContext.IsInvalid) { refContext = new SafeDeleteContext_SECUR32(); } num = MustRunAcceptSecurityContext_SECUR32(ref inCredentials, handle.IsZero ? null : ((void *)&handle), inputBuffer, inFlags, endianness, refContext, outputBuffer, ref outFlags, handleTemplate); break; case SecurDll.SCHANNEL: if ((refContext == null) || refContext.IsInvalid) { refContext = new SafeDeleteContext_SCHANNEL(); } num = MustRunAcceptSecurityContext_SCHANNEL(ref inCredentials, handle.IsZero ? null : ((void *)&handle), inputBuffer, inFlags, endianness, refContext, outputBuffer, ref outFlags, handleTemplate); break; default: throw new ArgumentException(SR.GetString("net_invalid_enum", new object[] { "SecurDll" }), "Dll"); } outSecBuffer.size = structArray2[0].count; outSecBuffer.type = structArray2[0].type; if (outSecBuffer.size > 0) { outSecBuffer.token = new byte[outSecBuffer.size]; Marshal.Copy(structArray2[0].token, outSecBuffer.token, 0, outSecBuffer.size); return(num); } outSecBuffer.token = null; return(num); } } finally { ptrRef2 = null; } return(num); } } finally { ptrRef = null; } } finally { if (handleArray != null) { for (int j = 0; j < handleArray.Length; j++) { if (handleArray[j].IsAllocated) { handleArray[j].Free(); } } } if (handle2.IsAllocated) { handle2.Free(); } if (handleTemplate != null) { handleTemplate.Close(); } } return(num); }
public int EncryptMessage(SafeDeleteContext context, SecurityBufferDescriptor inputOutput, uint sequenceNumber) { int status = (int)SecurityStatus.InvalidHandle; bool b = false; RuntimeHelpers.PrepareConstrainedRegions(); try { context.DangerousAddRef(ref b); } catch(Exception e) { if (b) { context.DangerousRelease(); b = false; } if (!(e is ObjectDisposedException)) throw; } finally { if (b) { status = UnsafeNclNativeMethods.NativeNTSSPI.EncryptMessage(ref context._handle, 0, inputOutput, sequenceNumber); context.DangerousRelease(); } } return status; }
public unsafe int DecryptMessage(SafeDeleteContext context, SecurityBufferDescriptor inputOutput, uint sequenceNumber) { int status = (int)SecurityStatus.InvalidHandle; bool b = false; uint qop = 0; RuntimeHelpers.PrepareConstrainedRegions(); try { context.DangerousAddRef(ref b); } catch(Exception e) { if (b) { context.DangerousRelease(); b = false; } if (!(e is ObjectDisposedException)) throw; } finally { if (b) { status = UnsafeNclNativeMethods.NativeNTSSPI.DecryptMessage(ref context._handle, inputOutput, sequenceNumber, &qop); context.DangerousRelease(); } } const uint SECQOP_WRAP_NO_ENCRYPT = 0x80000001; if (status == 0 && qop == SECQOP_WRAP_NO_ENCRYPT) { GlobalLog.Assert("NativeNTSSPI.DecryptMessage", "Expected qop = 0, returned value = " + qop.ToString("x", CultureInfo.InvariantCulture)); throw new InvalidOperationException(SR.GetString(SR.net_auth_message_not_encrypted)); } return status; }
internal static unsafe int InitializeSecurityContext(SecurDll dll, ref SafeFreeCredentials inCredentials, ref SafeDeleteContext refContext, string targetName, ContextFlags inFlags, Endianness endianness, SecurityBuffer inSecBuffer, SecurityBuffer[] inSecBuffers, SecurityBuffer outSecBuffer, ref ContextFlags outFlags) { if (inCredentials == null) { throw new ArgumentNullException("inCredentials"); } SecurityBufferDescriptor inputBuffer = null; if (inSecBuffer != null) { inputBuffer = new SecurityBufferDescriptor(1); } else if (inSecBuffers != null) { inputBuffer = new SecurityBufferDescriptor(inSecBuffers.Length); } SecurityBufferDescriptor outputBuffer = new SecurityBufferDescriptor(1); bool flag = (inFlags & ContextFlags.AllocateMemory) != ContextFlags.Zero; int num = -1; SSPIHandle handle = new SSPIHandle(); if (refContext != null) { handle = refContext._handle; } GCHandle[] handleArray = null; GCHandle handle2 = new GCHandle(); SafeFreeContextBuffer handleTemplate = null; try { handle2 = GCHandle.Alloc(outSecBuffer.token, GCHandleType.Pinned); SecurityBufferStruct[] structArray = new SecurityBufferStruct[(inputBuffer == null) ? 1 : inputBuffer.Count]; try { SecurityBufferStruct[] structArray3; if (((structArray3 = structArray) == null) || (structArray3.Length == 0)) { ptrRef = null; goto Label_00A6; } fixed (IntPtr* ptrRef = structArray3) { Label_00A6: if (inputBuffer != null) { inputBuffer.UnmanagedPointer = (void*) ptrRef; handleArray = new GCHandle[inputBuffer.Count]; for (int i = 0; i < inputBuffer.Count; i++) { SecurityBuffer buffer2 = (inSecBuffer != null) ? inSecBuffer : inSecBuffers[i]; if (buffer2 != null) { structArray[i].count = buffer2.size; structArray[i].type = buffer2.type; if (buffer2.unmanagedToken != null) { structArray[i].token = buffer2.unmanagedToken.DangerousGetHandle(); } else if ((buffer2.token == null) || (buffer2.token.Length == 0)) { structArray[i].token = IntPtr.Zero; } else { handleArray[i] = GCHandle.Alloc(buffer2.token, GCHandleType.Pinned); structArray[i].token = Marshal.UnsafeAddrOfPinnedArrayElement(buffer2.token, buffer2.offset); } } } } SecurityBufferStruct[] structArray2 = new SecurityBufferStruct[1]; try { SecurityBufferStruct[] structArray4; if (((structArray4 = structArray2) == null) || (structArray4.Length == 0)) { ptrRef2 = null; goto Label_01CC; } fixed (IntPtr* ptrRef2 = structArray4) { ref byte pinned numRef; ref byte pinned numRef2; Label_01CC: outputBuffer.UnmanagedPointer = (void*) ptrRef2; structArray2[0].count = outSecBuffer.size; structArray2[0].type = outSecBuffer.type; if ((outSecBuffer.token == null) || (outSecBuffer.token.Length == 0)) { structArray2[0].token = IntPtr.Zero; } else { structArray2[0].token = Marshal.UnsafeAddrOfPinnedArrayElement(outSecBuffer.token, outSecBuffer.offset); } if (flag) { handleTemplate = SafeFreeContextBuffer.CreateEmptyHandle(dll); } switch (dll) { case SecurDll.SECURITY: if ((refContext == null) || refContext.IsInvalid) { refContext = new SafeDeleteContext_SECURITY(); } if ((targetName == null) || (targetName.Length == 0)) { targetName = " "; } fixed (char* str = ((char*) targetName)) { char* chPtr = str; num = MustRunInitializeSecurityContext_SECURITY(ref inCredentials, handle.IsZero ? null : ((void*) &handle), (targetName == " ") ? null : ((byte*) chPtr), inFlags, endianness, inputBuffer, refContext, outputBuffer, ref outFlags, handleTemplate); goto Label_044B; } break; case SecurDll.SECUR32: break; case SecurDll.SCHANNEL: goto Label_0381; default: goto Label_0423; } if ((refContext == null) || refContext.IsInvalid) { refContext = new SafeDeleteContext_SECUR32(); } byte[] dummyBytes = SafeDeleteContext.dummyBytes; if ((targetName != null) && (targetName.Length != 0)) { dummyBytes = new byte[targetName.Length + 2]; Encoding.Default.GetBytes(targetName, 0, targetName.Length, dummyBytes, 0); } try { byte[] buffer5; if (((buffer5 = dummyBytes) == null) || (buffer5.Length == 0)) { numRef = null; } else { numRef = buffer5; } num = MustRunInitializeSecurityContext_SECUR32(ref inCredentials, handle.IsZero ? null : ((void*) &handle), (dummyBytes == SafeDeleteContext.dummyBytes) ? null : numRef, inFlags, endianness, inputBuffer, refContext, outputBuffer, ref outFlags, handleTemplate); goto Label_044B; } finally { numRef = null; } Label_0381: if ((refContext == null) || refContext.IsInvalid) { refContext = new SafeDeleteContext_SCHANNEL(); } byte[] bytes = SafeDeleteContext.dummyBytes; if ((targetName != null) && (targetName.Length != 0)) { bytes = new byte[targetName.Length + 2]; Encoding.Default.GetBytes(targetName, 0, targetName.Length, bytes, 0); } try { byte[] buffer6; if (((buffer6 = bytes) == null) || (buffer6.Length == 0)) { numRef2 = null; } else { numRef2 = buffer6; } num = MustRunInitializeSecurityContext_SCHANNEL(ref inCredentials, handle.IsZero ? null : ((void*) &handle), (bytes == SafeDeleteContext.dummyBytes) ? null : numRef2, inFlags, endianness, inputBuffer, refContext, outputBuffer, ref outFlags, handleTemplate); goto Label_044B; } finally { numRef2 = null; } Label_0423:; throw new ArgumentException(SR.GetString("net_invalid_enum", new object[] { "SecurDll" }), "Dll"); Label_044B: outSecBuffer.size = structArray2[0].count; outSecBuffer.type = structArray2[0].type; if (outSecBuffer.size > 0) { outSecBuffer.token = new byte[outSecBuffer.size]; Marshal.Copy(structArray2[0].token, outSecBuffer.token, 0, outSecBuffer.size); return num; } outSecBuffer.token = null; return num; } } finally { ptrRef2 = null; } return num; } }
private static unsafe int EncryptDecryptHelper(OP op, SSPIInterface SecModule, SafeDeleteContext context, SecurityBuffer[] input, uint sequenceNumber) { SecurityBufferDescriptor inputOutput = new SecurityBufferDescriptor(input.Length); SecurityBufferStruct[] structArray = new SecurityBufferStruct[input.Length]; fixed (SecurityBufferStruct* structRef = structArray) { int num6; inputOutput.UnmanagedPointer = (void*) structRef; GCHandle[] handleArray = new GCHandle[input.Length]; byte[][] bufferArray = new byte[input.Length][]; try { int num2; for (int i = 0; i < input.Length; i++) { SecurityBuffer buffer = input[i]; structArray[i].count = buffer.size; structArray[i].type = buffer.type; if ((buffer.token == null) || (buffer.token.Length == 0)) { structArray[i].token = IntPtr.Zero; } else { handleArray[i] = GCHandle.Alloc(buffer.token, GCHandleType.Pinned); structArray[i].token = Marshal.UnsafeAddrOfPinnedArrayElement(buffer.token, buffer.offset); bufferArray[i] = buffer.token; } } switch (op) { case OP.Encrypt: num2 = SecModule.EncryptMessage(context, inputOutput, sequenceNumber); break; case OP.Decrypt: num2 = SecModule.DecryptMessage(context, inputOutput, sequenceNumber); break; case OP.MakeSignature: num2 = SecModule.MakeSignature(context, inputOutput, sequenceNumber); break; case OP.VerifySignature: num2 = SecModule.VerifySignature(context, inputOutput, sequenceNumber); break; default: throw ExceptionHelper.MethodNotImplementedException; } for (int j = 0; j < input.Length; j++) { SecurityBuffer buffer2 = input[j]; buffer2.size = structArray[j].count; buffer2.type = structArray[j].type; if (buffer2.size == 0) { buffer2.offset = 0; buffer2.token = null; } else { int index = 0; while (index < input.Length) { if (bufferArray[index] != null) { byte* numPtr = (byte*) Marshal.UnsafeAddrOfPinnedArrayElement(bufferArray[index], 0); if ((((void*) structArray[j].token) >= numPtr) && ((((void*) structArray[j].token) + buffer2.size) <= (numPtr + bufferArray[index].Length))) { buffer2.offset = (int) ((long) ((((void*) structArray[j].token) - numPtr) / 1)); buffer2.token = bufferArray[index]; break; } } index++; } if (index >= input.Length) { buffer2.size = 0; buffer2.offset = 0; buffer2.token = null; } } } if ((num2 != 0) && Logging.On) { if (num2 == 0x90321) { Logging.PrintError(Logging.Web, SR.GetString("net_log_operation_returned_something", new object[] { op, "SEC_I_RENEGOTIATE" })); } else { Logging.PrintError(Logging.Web, SR.GetString("net_log_operation_failed_with_error", new object[] { op, string.Format(CultureInfo.CurrentCulture, "0X{0:X}", new object[] { num2 }) })); } } num6 = num2; } finally { for (int k = 0; k < handleArray.Length; k++) { if (handleArray[k].IsAllocated) { handleArray[k].Free(); } } } return num6; } }
private unsafe int VerifySignatureHelper(SafeDeleteContext context, SecurityBufferDescriptor inputOutput, uint sequenceNumber) { int num = -2146893055; bool success = false; uint qualityOfProtection = 0; RuntimeHelpers.PrepareConstrainedRegions(); try { context.DangerousAddRef(ref success); } catch (Exception exception) { if (success) { context.DangerousRelease(); success = false; } if (!(exception is ObjectDisposedException)) { throw; } } finally { if (success) { num = UnsafeNclNativeMethods.NativeNTSSPI.DecryptMessage(ref context._handle, inputOutput, sequenceNumber, &qualityOfProtection); context.DangerousRelease(); } } return num; }
// private unsafe static int EncryptDecryptHelper(OP op, SSPIInterface SecModule, SafeDeleteContext context, SecurityBuffer[] input, uint sequenceNumber) { SecurityBufferDescriptor sdcInOut = new SecurityBufferDescriptor(input.Length); SecurityBufferStruct[] unmanagedBuffer = new SecurityBufferStruct[input.Length]; fixed (SecurityBufferStruct* unmanagedBufferPtr = unmanagedBuffer) { sdcInOut.UnmanagedPointer = unmanagedBufferPtr; GCHandle[] pinnedBuffers = new GCHandle[input.Length]; byte[][] buffers = new byte[input.Length][]; try { for (int i = 0; i < input.Length; i++) { SecurityBuffer iBuffer = input[i]; unmanagedBuffer[i].count = iBuffer.size; unmanagedBuffer[i].type = iBuffer.type; if (iBuffer.token == null || iBuffer.token.Length == 0) { unmanagedBuffer[i].token = IntPtr.Zero; } else { pinnedBuffers[i] = GCHandle.Alloc(iBuffer.token, GCHandleType.Pinned); unmanagedBuffer[i].token = Marshal.UnsafeAddrOfPinnedArrayElement(iBuffer.token, iBuffer.offset); buffers[i] = iBuffer.token; } } // The result is written in the input Buffer passed as type=BufferType.Data. int errorCode; switch (op) { case OP.Encrypt: errorCode = SecModule.EncryptMessage(context, sdcInOut, sequenceNumber); break; case OP.Decrypt: errorCode = SecModule.DecryptMessage(context, sdcInOut, sequenceNumber); break; case OP.MakeSignature: errorCode = SecModule.MakeSignature(context, sdcInOut, sequenceNumber); break; case OP.VerifySignature: errorCode = SecModule.VerifySignature(context, sdcInOut, sequenceNumber); break; default: throw ExceptionHelper.MethodNotImplementedException; } // Marshalling back returned sizes / data. for (int i = 0; i < input.Length; i++) { SecurityBuffer iBuffer = input[i]; iBuffer.size = unmanagedBuffer[i].count; iBuffer.type = unmanagedBuffer[i].type; if (iBuffer.size == 0) { iBuffer.offset = 0; iBuffer.token = null; } else checked { // Find the buffer this is inside of. Usually they all point inside buffer 0. int j; for (j = 0; j < input.Length; j++) { if (buffers[j] == null) { continue; } byte* bufferAddress = (byte*) Marshal.UnsafeAddrOfPinnedArrayElement(buffers[j], 0); if ((byte*) unmanagedBuffer[i].token >= bufferAddress && (byte*) unmanagedBuffer[i].token + iBuffer.size <= bufferAddress + buffers[j].Length) { iBuffer.offset = (int) ((byte*) unmanagedBuffer[i].token - bufferAddress); iBuffer.token = buffers[j]; break; } } if (j >= input.Length) { GlobalLog.Assert("SSPIWrapper::EncryptDecryptHelper", "Output buffer out of range."); iBuffer.size = 0; iBuffer.offset = 0; iBuffer.token = null; } } // Backup validate the new sizes. GlobalLog.Assert(iBuffer.offset >= 0 && iBuffer.offset <= (iBuffer.token == null ? 0 : iBuffer.token.Length), "SSPIWrapper::EncryptDecryptHelper|'offset' out of range. [{0}]", iBuffer.offset); GlobalLog.Assert(iBuffer.size >= 0 && iBuffer.size <= (iBuffer.token == null ? 0 : iBuffer.token.Length - iBuffer.offset), "SSPIWrapper::EncryptDecryptHelper|'size' out of range. [{0}]", iBuffer.size); } if (errorCode !=0) if (Logging.On) { if (errorCode == 0x90321) Logging.PrintError(Logging.Web, SR.GetString(SR.net_log_operation_returned_something, op, "SEC_I_RENEGOTIATE")); else Logging.PrintError(Logging.Web, SR.GetString(SR.net_log_operation_failed_with_error, op, String.Format(CultureInfo.CurrentCulture, "0X{0:X}", errorCode))); } return errorCode; } finally { for (int i = 0; i < pinnedBuffers.Length; ++i) { if (pinnedBuffers[i].IsAllocated) { pinnedBuffers[i].Free(); } } } } }
InitializeSecurityContext(SSPIInterface SecModule, long credential, long context, string targetName, int requirements, Endianness datarep, SecurityBufferClass[] inputBuffers, ref long newContext, SecurityBufferClass[] outputBuffers, ref int attributes, ref long timestamp ) { GlobalLog.Enter("InitializeSecurityContext#2"); GlobalLog.Print("SSPIWrapper::InitializeSecurityContext#2()"); GCHandle[] handleOut = null; GCHandle[] handleIn = null; if (outputBuffers != null) { handleOut = PinBuffers(outputBuffers); } int errorCode = 0; SecurityBufferDescriptor outSecurityBufferDescriptor = new SecurityBufferDescriptor(outputBuffers); if (inputBuffers == null) { GlobalLog.Print("SSPIWrapper::InitializeSecurityContext#2(): inputBuffers == null"); errorCode = SecModule.InitializeSecurityContext( ref credential, IntPtr.Zero, targetName, requirements, 0, (int)datarep, IntPtr.Zero, 0, ref newContext, ref outSecurityBufferDescriptor, ref attributes, ref timestamp ); } else { handleIn = PinBuffers(inputBuffers); SecurityBufferDescriptor inSecurityBufferDescriptor = new SecurityBufferDescriptor(inputBuffers); errorCode = SecModule.InitializeSecurityContext( ref credential, ref context, targetName, requirements, 0, (int)datarep, ref inSecurityBufferDescriptor, 0, ref newContext, ref outSecurityBufferDescriptor, ref attributes, ref timestamp ); inSecurityBufferDescriptor.FreeAllBuffers(0); } if ((errorCode == 0) || (errorCode == (int)SecurityStatus.ContinueNeeded)) { SecurityBufferClass[] result = outSecurityBufferDescriptor.marshall(); for (int k = 0; k < outputBuffers.Length; k++) { outputBuffers[k] = result[k]; } } outSecurityBufferDescriptor.FreeAllBuffers(requirements); if (handleOut != null) { FreeGCHandles(handleOut); } if (handleIn != null) { FreeGCHandles(handleIn); } GlobalLog.Leave("InitializeSecurityContext#2"); return(errorCode); }
private static int AcceptSecurityContext( SSPIInterface SecModule, long credential, long context, int requirements, Endianness datarep, SecurityBufferClass[] inputBuffers, ref long newContext, SecurityBufferClass[] outputBuffers, out int attributes, out long timestamp ) { GlobalLog.Enter("AcceptSecurityContext#2"); GCHandle[] handleIn = null; GCHandle[] handleOut = null; if (inputBuffers != null) { handleIn = PinBuffers(inputBuffers); } if (outputBuffers != null) { handleOut = PinBuffers(outputBuffers); } int errorCode = 0; SecurityBufferDescriptor outSecurityBufferDescriptor = new SecurityBufferDescriptor(outputBuffers); if (inputBuffers == null) { errorCode = SecModule.AcceptSecurityContext( ref credential, 0, 0, requirements, (int)datarep, ref newContext, ref outSecurityBufferDescriptor, out attributes, out timestamp); } else { SecurityBufferDescriptor inSecurityBufferDescriptor = new SecurityBufferDescriptor(inputBuffers); errorCode = SecModule.AcceptSecurityContext( ref credential, ref context, ref inSecurityBufferDescriptor, requirements, (int)datarep, ref newContext, ref outSecurityBufferDescriptor, out attributes, out timestamp); } SecurityBufferClass[] result = outSecurityBufferDescriptor.marshall(); outSecurityBufferDescriptor.FreeAllBuffers(requirements); FreeGCHandles(handleIn); FreeGCHandles(handleOut); GlobalLog.Leave("AcceptSecurityContext#2"); return(errorCode); }
// private unsafe static int EncryptDecryptHelper(OP op, SSPIInterface SecModule, SafeDeleteContext context, SecurityBuffer[] input, uint sequenceNumber) { SecurityBufferDescriptor sdcInOut = new SecurityBufferDescriptor(input.Length); SecurityBufferStruct[] unmanagedBuffer = new SecurityBufferStruct[input.Length]; fixed(SecurityBufferStruct *unmanagedBufferPtr = unmanagedBuffer) { sdcInOut.UnmanagedPointer = unmanagedBufferPtr; GCHandle[] pinnedBuffers = new GCHandle[input.Length]; byte[][] buffers = new byte[input.Length][]; try { for (int i = 0; i < input.Length; i++) { SecurityBuffer iBuffer = input[i]; unmanagedBuffer[i].count = iBuffer.size; unmanagedBuffer[i].type = iBuffer.type; if (iBuffer.token == null || iBuffer.token.Length == 0) { unmanagedBuffer[i].token = IntPtr.Zero; } else { pinnedBuffers[i] = GCHandle.Alloc(iBuffer.token, GCHandleType.Pinned); unmanagedBuffer[i].token = Marshal.UnsafeAddrOfPinnedArrayElement(iBuffer.token, iBuffer.offset); buffers[i] = iBuffer.token; } } // The result is written in the input Buffer passed as type=BufferType.Data. int errorCode; switch (op) { case OP.Encrypt: errorCode = SecModule.EncryptMessage(context, sdcInOut, sequenceNumber); break; case OP.Decrypt: errorCode = SecModule.DecryptMessage(context, sdcInOut, sequenceNumber); break; case OP.MakeSignature: errorCode = SecModule.MakeSignature(context, sdcInOut, sequenceNumber); break; case OP.VerifySignature: errorCode = SecModule.VerifySignature(context, sdcInOut, sequenceNumber); break; default: throw ExceptionHelper.MethodNotImplementedException; } // Marshalling back returned sizes / data. for (int i = 0; i < input.Length; i++) { SecurityBuffer iBuffer = input[i]; iBuffer.size = unmanagedBuffer[i].count; iBuffer.type = unmanagedBuffer[i].type; if (iBuffer.size == 0) { iBuffer.offset = 0; iBuffer.token = null; } else { checked { // Find the buffer this is inside of. Usually they all point inside buffer 0. int j; for (j = 0; j < input.Length; j++) { if (buffers[j] == null) { continue; } byte *bufferAddress = (byte *)Marshal.UnsafeAddrOfPinnedArrayElement(buffers[j], 0); if ((byte *)unmanagedBuffer[i].token >= bufferAddress && (byte *)unmanagedBuffer[i].token + iBuffer.size <= bufferAddress + buffers[j].Length) { iBuffer.offset = (int)((byte *)unmanagedBuffer[i].token - bufferAddress); iBuffer.token = buffers[j]; break; } } if (j >= input.Length) { GlobalLog.Assert("SSPIWrapper::EncryptDecryptHelper", "Output buffer out of range."); iBuffer.size = 0; iBuffer.offset = 0; iBuffer.token = null; } } } // Backup validate the new sizes. GlobalLog.Assert(iBuffer.offset >= 0 && iBuffer.offset <= (iBuffer.token == null ? 0 : iBuffer.token.Length), "SSPIWrapper::EncryptDecryptHelper|'offset' out of range. [{0}]", iBuffer.offset); GlobalLog.Assert(iBuffer.size >= 0 && iBuffer.size <= (iBuffer.token == null ? 0 : iBuffer.token.Length - iBuffer.offset), "SSPIWrapper::EncryptDecryptHelper|'size' out of range. [{0}]", iBuffer.size); } if (errorCode != 0) { if (Logging.On) { if (errorCode == 0x90321) { Logging.PrintError(Logging.Web, SR.GetString(SR.net_log_operation_returned_something, op, "SEC_I_RENEGOTIATE")); } else { Logging.PrintError(Logging.Web, SR.GetString(SR.net_log_operation_failed_with_error, op, String.Format(CultureInfo.CurrentCulture, "0X{0:X}", errorCode))); } } } return(errorCode); } finally { for (int i = 0; i < pinnedBuffers.Length; ++i) { if (pinnedBuffers[i].IsAllocated) { pinnedBuffers[i].Free(); } } } } }
// // After PINvoke call the method will fix the handleTemplate.handle with the returned value. // The caller is responsible for creating a correct SafeFreeContextBuffer_XXX flavour or null can be passed if no handle is returned. // // Since it has a CER, this method can't have any references to imports from DLLs that may not exist on the system. // private static unsafe int MustRunAcceptSecurityContext_SECURITY( ref SafeFreeCredentials inCredentials, void* inContextPtr, SecurityBufferDescriptor inputBuffer, ContextFlags inFlags, Endianness endianness, SafeDeleteContext outContext, SecurityBufferDescriptor outputBuffer, ref ContextFlags outFlags, SafeFreeContextBuffer handleTemplate) { int errorCode = (int) SecurityStatus.InvalidHandle; bool b1 = false; bool b2 = false; // Run the body of this method as a non-interruptible block. RuntimeHelpers.PrepareConstrainedRegions(); try { inCredentials.DangerousAddRef(ref b1); outContext.DangerousAddRef(ref b2); } catch(Exception e) { if (b1) { inCredentials.DangerousRelease(); b1 = false; } if (b2) { outContext.DangerousRelease(); b2 = false; } if (!(e is ObjectDisposedException)) throw; } finally { SSPIHandle credentialHandle = inCredentials._handle; long timeStamp; if (!b1) { // caller should retry inCredentials = null; } else if (b1 && b2) { errorCode = UnsafeNclNativeMethods.SafeNetHandles_SECURITY.AcceptSecurityContext( ref credentialHandle, inContextPtr, inputBuffer, inFlags, endianness, ref outContext._handle, outputBuffer, ref outFlags, out timeStamp); // // When a credential handle is first associated with the context we keep credential // ref count bumped up to ensure ordered finalization. // If the credential handle has been changed we de-ref the old one and associate the // context with the new cred handle but only if the call was successful. if (outContext._EffectiveCredential != inCredentials && (errorCode & 0x80000000) == 0) { // Disassociate the previous credential handle if (outContext._EffectiveCredential != null) outContext._EffectiveCredential.DangerousRelease(); outContext._EffectiveCredential = inCredentials; } else { inCredentials.DangerousRelease(); } outContext.DangerousRelease(); // The idea is that SSPI has allocated a block and filled up outUnmanagedBuffer+8 slot with the pointer. if (handleTemplate != null) { handleTemplate.Set(((SecurityBufferStruct*)outputBuffer.UnmanagedPointer)->token); //ATTN: on 64 BIT that is still +8 cause of 2* c++ unsigned long == 8 bytes if (handleTemplate.IsInvalid) { handleTemplate.SetHandleAsInvalid(); } } } if (inContextPtr == null && (errorCode & 0x80000000) != 0) { // an error on the first call, need to set the out handle to invalid value outContext._handle.SetToInvalid(); } } return errorCode; }
//------------------------------------------------------------------- internal unsafe static int AcceptSecurityContext( SecurDll dll, ref SafeFreeCredentials inCredentials, ref SafeDeleteContext refContext, ContextFlags inFlags, Endianness endianness, SecurityBuffer inSecBuffer, SecurityBuffer[] inSecBuffers, SecurityBuffer outSecBuffer, ref ContextFlags outFlags) { #if TRAVE GlobalLog.Enter("SafeDeleteContext::AcceptSecurityContex"); GlobalLog.Print(" DLL = " + dll); GlobalLog.Print(" credential = " + inCredentials.ToString()); GlobalLog.Print(" refContext = " + ValidationHelper.ToString(refContext)); GlobalLog.Print(" inFlags = " + inFlags); // GlobalLog.Print(" endianness = " + endianness); // GlobalLog.Print(" inSecBuffer = " + SecurityBuffer.ToString(inSecBuffer)); // if (inSecBuffers==null) { GlobalLog.Print(" inSecBuffers = (null)"); } else { GlobalLog.Print(" inSecBuffers[] = length:" + inSecBuffers.Length); // for (int index=0; index<inSecBuffers.Length; index++) { GlobalLog.Print(" inSecBuffers[" + index + "] = " + SecurityBuffer.ToString(inSecBuffers[index])); } } // GlobalLog.Print(" newContext = {ref} inContext"); // GlobalLog.Print(" outSecBuffer = " + SecurityBuffer.ToString(outSecBuffer)); // GlobalLog.Print(" outFlags = {ref} " + outFlags); // GlobalLog.Print(" timestamp = null"); #endif GlobalLog.Assert(outSecBuffer != null, "SafeDeleteContext::AcceptSecurityContext()|outSecBuffer != null"); GlobalLog.Assert(inSecBuffer == null || inSecBuffers == null, "SafeDeleteContext::AcceptSecurityContext()|inSecBuffer == null || inSecBuffers == null"); if (inCredentials == null) { throw new ArgumentNullException("inCredentials"); } SecurityBufferDescriptor inSecurityBufferDescriptor = null; if (inSecBuffer!=null) { inSecurityBufferDescriptor = new SecurityBufferDescriptor(1); } else if (inSecBuffers!=null) { inSecurityBufferDescriptor = new SecurityBufferDescriptor(inSecBuffers.Length); } SecurityBufferDescriptor outSecurityBufferDescriptor = new SecurityBufferDescriptor(1); // actually this is returned in outFlags bool isSspiAllocated = (inFlags & ContextFlags.AllocateMemory) != 0 ? true : false; int errorCode = -1; SSPIHandle contextHandle = new SSPIHandle(); if (refContext != null) contextHandle = refContext._handle; // these are pinned user byte arrays passed along with SecurityBuffers GCHandle[] pinnedInBytes = null; GCHandle pinnedOutBytes = new GCHandle(); // optional output buffer that may need to be freed SafeFreeContextBuffer outFreeContextBuffer = null; try { pinnedOutBytes = GCHandle.Alloc(outSecBuffer.token, GCHandleType.Pinned); SecurityBufferStruct[] inUnmanagedBuffer = new SecurityBufferStruct[inSecurityBufferDescriptor==null ? 1:inSecurityBufferDescriptor.Count]; fixed (void* inUnmanagedBufferPtr = inUnmanagedBuffer) { if (inSecurityBufferDescriptor!=null) { // Fix Descriptor pointer that points to unmanaged SecurityBuffers inSecurityBufferDescriptor.UnmanagedPointer = inUnmanagedBufferPtr; pinnedInBytes = new GCHandle[inSecurityBufferDescriptor.Count]; SecurityBuffer securityBuffer; for (int index = 0; index < inSecurityBufferDescriptor.Count; ++index) { securityBuffer = inSecBuffer!=null ? inSecBuffer : inSecBuffers[index]; if (securityBuffer!=null) { // Copy the SecurityBuffer content into unmanaged place holder inUnmanagedBuffer[index].count = securityBuffer.size; inUnmanagedBuffer[index].type = securityBuffer.type; // use the unmanaged token if it's not null; otherwise use the managed buffer if (securityBuffer.unmanagedToken != null) { inUnmanagedBuffer[index].token = securityBuffer.unmanagedToken.DangerousGetHandle(); } else if (securityBuffer.token == null || securityBuffer.token.Length == 0) { inUnmanagedBuffer[index].token = IntPtr.Zero; } else { pinnedInBytes[index] = GCHandle.Alloc(securityBuffer.token, GCHandleType.Pinned); inUnmanagedBuffer[index].token = Marshal.UnsafeAddrOfPinnedArrayElement(securityBuffer.token, securityBuffer.offset); } #if TRAVE GlobalLog.Print("SecBuffer: cbBuffer:" + securityBuffer.size + " BufferType:" + securityBuffer.type); #endif } } } SecurityBufferStruct[] outUnmanagedBuffer = new SecurityBufferStruct[1]; fixed (void* outUnmanagedBufferPtr = outUnmanagedBuffer) { // Fix Descriptor pointer that points to unmanaged SecurityBuffers outSecurityBufferDescriptor.UnmanagedPointer = outUnmanagedBufferPtr; // Copy the SecurityBuffer content into unmanaged place holder outUnmanagedBuffer[0].count = outSecBuffer.size; outUnmanagedBuffer[0].type = outSecBuffer.type; if (outSecBuffer.token == null || outSecBuffer.token.Length == 0) outUnmanagedBuffer[0].token = IntPtr.Zero; else outUnmanagedBuffer[0].token = Marshal.UnsafeAddrOfPinnedArrayElement(outSecBuffer.token, outSecBuffer.offset); if (isSspiAllocated) outFreeContextBuffer = SafeFreeContextBuffer.CreateEmptyHandle(dll); switch (dll) { case SecurDll.SECURITY: if (refContext == null || refContext.IsInvalid) refContext = new SafeDeleteContext_SECURITY(); errorCode = MustRunAcceptSecurityContext_SECURITY( ref inCredentials, contextHandle.IsZero? null: &contextHandle, inSecurityBufferDescriptor, inFlags, endianness, refContext, outSecurityBufferDescriptor, ref outFlags, outFreeContextBuffer ); break; default: throw new ArgumentException(SR.GetString(SR.net_invalid_enum, "SecurDll"), "Dll"); } GlobalLog.Print("SafeDeleteContext:AcceptSecurityContext Marshalling OUT buffer"); // Get unmanaged buffer with index 0 as the only one passed into PInvoke outSecBuffer.size = outUnmanagedBuffer[0].count; outSecBuffer.type = outUnmanagedBuffer[0].type; if (outSecBuffer.size > 0) { outSecBuffer.token = new byte[outSecBuffer.size]; Marshal.Copy(outUnmanagedBuffer[0].token, outSecBuffer.token, 0, outSecBuffer.size); } else { outSecBuffer.token = null; } } } } finally { if (pinnedInBytes!=null) { for (int index=0; index<pinnedInBytes.Length; index++) { if (pinnedInBytes[index].IsAllocated) pinnedInBytes[index].Free(); } } if (pinnedOutBytes.IsAllocated) pinnedOutBytes.Free(); if (outFreeContextBuffer != null) outFreeContextBuffer.Close(); } GlobalLog.Leave("SafeDeleteContext::AcceptSecurityContex() unmanaged AcceptSecurityContex()", "errorCode:0x" + errorCode.ToString("x8") + " refContext:" + ValidationHelper.ToString(refContext)); return errorCode; }
internal static unsafe int AcceptSecurityContext(SecurDll dll, ref SafeFreeCredentials inCredentials, ref SafeDeleteContext refContext, ContextFlags inFlags, Endianness endianness, SecurityBuffer inSecBuffer, SecurityBuffer[] inSecBuffers, SecurityBuffer outSecBuffer, ref ContextFlags outFlags) { if (inCredentials == null) { throw new ArgumentNullException("inCredentials"); } SecurityBufferDescriptor inputBuffer = null; if (inSecBuffer != null) { inputBuffer = new SecurityBufferDescriptor(1); } else if (inSecBuffers != null) { inputBuffer = new SecurityBufferDescriptor(inSecBuffers.Length); } SecurityBufferDescriptor outputBuffer = new SecurityBufferDescriptor(1); bool flag = (inFlags & ContextFlags.AllocateMemory) != ContextFlags.Zero; int num = -1; SSPIHandle handle = new SSPIHandle(); if (refContext != null) { handle = refContext._handle; } GCHandle[] handleArray = null; GCHandle handle2 = new GCHandle(); SafeFreeContextBuffer handleTemplate = null; try { handle2 = GCHandle.Alloc(outSecBuffer.token, GCHandleType.Pinned); SecurityBufferStruct[] structArray = new SecurityBufferStruct[(inputBuffer == null) ? 1 : inputBuffer.Count]; try { SecurityBufferStruct[] structArray3; if (((structArray3 = structArray) == null) || (structArray3.Length == 0)) { ptrRef = null; goto Label_00A5; } fixed (IntPtr* ptrRef = structArray3) { Label_00A5: if (inputBuffer != null) { inputBuffer.UnmanagedPointer = (void*) ptrRef; handleArray = new GCHandle[inputBuffer.Count]; for (int i = 0; i < inputBuffer.Count; i++) { SecurityBuffer buffer2 = (inSecBuffer != null) ? inSecBuffer : inSecBuffers[i]; if (buffer2 != null) { structArray[i].count = buffer2.size; structArray[i].type = buffer2.type; if (buffer2.unmanagedToken != null) { structArray[i].token = buffer2.unmanagedToken.DangerousGetHandle(); } else if ((buffer2.token == null) || (buffer2.token.Length == 0)) { structArray[i].token = IntPtr.Zero; } else { handleArray[i] = GCHandle.Alloc(buffer2.token, GCHandleType.Pinned); structArray[i].token = Marshal.UnsafeAddrOfPinnedArrayElement(buffer2.token, buffer2.offset); } } } } SecurityBufferStruct[] structArray2 = new SecurityBufferStruct[1]; try { SecurityBufferStruct[] structArray4; if (((structArray4 = structArray2) == null) || (structArray4.Length == 0)) { ptrRef2 = null; goto Label_01CB; } fixed (IntPtr* ptrRef2 = structArray4) { Label_01CB: outputBuffer.UnmanagedPointer = (void*) ptrRef2; structArray2[0].count = outSecBuffer.size; structArray2[0].type = outSecBuffer.type; if ((outSecBuffer.token == null) || (outSecBuffer.token.Length == 0)) { structArray2[0].token = IntPtr.Zero; } else { structArray2[0].token = Marshal.UnsafeAddrOfPinnedArrayElement(outSecBuffer.token, outSecBuffer.offset); } if (flag) { handleTemplate = SafeFreeContextBuffer.CreateEmptyHandle(dll); } switch (dll) { case SecurDll.SECURITY: if ((refContext == null) || refContext.IsInvalid) { refContext = new SafeDeleteContext_SECURITY(); } num = MustRunAcceptSecurityContext_SECURITY(ref inCredentials, handle.IsZero ? null : ((void*) &handle), inputBuffer, inFlags, endianness, refContext, outputBuffer, ref outFlags, handleTemplate); break; case SecurDll.SECUR32: if ((refContext == null) || refContext.IsInvalid) { refContext = new SafeDeleteContext_SECUR32(); } num = MustRunAcceptSecurityContext_SECUR32(ref inCredentials, handle.IsZero ? null : ((void*) &handle), inputBuffer, inFlags, endianness, refContext, outputBuffer, ref outFlags, handleTemplate); break; case SecurDll.SCHANNEL: if ((refContext == null) || refContext.IsInvalid) { refContext = new SafeDeleteContext_SCHANNEL(); } num = MustRunAcceptSecurityContext_SCHANNEL(ref inCredentials, handle.IsZero ? null : ((void*) &handle), inputBuffer, inFlags, endianness, refContext, outputBuffer, ref outFlags, handleTemplate); break; default: throw new ArgumentException(SR.GetString("net_invalid_enum", new object[] { "SecurDll" }), "Dll"); } outSecBuffer.size = structArray2[0].count; outSecBuffer.type = structArray2[0].type; if (outSecBuffer.size > 0) { outSecBuffer.token = new byte[outSecBuffer.size]; Marshal.Copy(structArray2[0].token, outSecBuffer.token, 0, outSecBuffer.size); return num; } outSecBuffer.token = null; return num; } } finally { ptrRef2 = null; } return num; } } finally { ptrRef = null; } } finally { if (handleArray != null) { for (int j = 0; j < handleArray.Length; j++) { if (handleArray[j].IsAllocated) { handleArray[j].Free(); } } } if (handle2.IsAllocated) { handle2.Free(); } if (handleTemplate != null) { handleTemplate.Close(); } } return num; }
// // // internal unsafe static int CompleteAuthToken( SecurDll dll, ref SafeDeleteContext refContext, SecurityBuffer[] inSecBuffers) { GlobalLog.Enter("SafeDeleteContext::CompleteAuthToken"); GlobalLog.Print(" DLL = " + dll); GlobalLog.Print(" refContext = " + ValidationHelper.ToString(refContext)); #if TRAVE GlobalLog.Print(" inSecBuffers[] = length:" + inSecBuffers.Length); // for (int index=0; index<inSecBuffers.Length; index++) { GlobalLog.Print(" inSecBuffers[" + index + "] = " + SecurityBuffer.ToString(inSecBuffers[index])); } #endif GlobalLog.Assert(inSecBuffers != null, "SafeDeleteContext::CompleteAuthToken()|inSecBuffers == null"); SecurityBufferDescriptor inSecurityBufferDescriptor = new SecurityBufferDescriptor(inSecBuffers.Length); int errorCode = (int)SecurityStatus.InvalidHandle; // these are pinned user byte arrays passed along with SecurityBuffers GCHandle[] pinnedInBytes = null; SecurityBufferStruct[] inUnmanagedBuffer = new SecurityBufferStruct[inSecurityBufferDescriptor.Count]; fixed (void* inUnmanagedBufferPtr = inUnmanagedBuffer) { // Fix Descriptor pointer that points to unmanaged SecurityBuffers inSecurityBufferDescriptor.UnmanagedPointer = inUnmanagedBufferPtr; pinnedInBytes = new GCHandle[inSecurityBufferDescriptor.Count]; SecurityBuffer securityBuffer; for (int index = 0; index < inSecurityBufferDescriptor.Count; ++index) { securityBuffer = inSecBuffers[index]; if (securityBuffer!=null) { inUnmanagedBuffer[index].count = securityBuffer.size; inUnmanagedBuffer[index].type = securityBuffer.type; // use the unmanaged token if it's not null; otherwise use the managed buffer if (securityBuffer.unmanagedToken != null) { inUnmanagedBuffer[index].token = securityBuffer.unmanagedToken.DangerousGetHandle(); } else if (securityBuffer.token==null || securityBuffer.token.Length==0) { inUnmanagedBuffer[index].token = IntPtr.Zero; } else { pinnedInBytes[index] = GCHandle.Alloc(securityBuffer.token, GCHandleType.Pinned); inUnmanagedBuffer[index].token = Marshal.UnsafeAddrOfPinnedArrayElement(securityBuffer.token, securityBuffer.offset); } #if TRAVE GlobalLog.Print("SecBuffer: cbBuffer:" + securityBuffer.size + " BufferType:" + securityBuffer.type); // securityBuffer.DebugDump(); #endif } } SSPIHandle contextHandle = new SSPIHandle(); if (refContext != null) { contextHandle = refContext._handle; } try { if (dll==SecurDll.SECURITY) { if (refContext == null || refContext.IsInvalid) { refContext = new SafeDeleteContext_SECURITY(); } bool b = false; RuntimeHelpers.PrepareConstrainedRegions(); try { refContext.DangerousAddRef(ref b); } catch(Exception e) { if (b) { refContext.DangerousRelease(); b = false; } if (!(e is ObjectDisposedException)) throw; } finally { if (b) { errorCode = UnsafeNclNativeMethods.SafeNetHandles_SECURITY.CompleteAuthToken(contextHandle.IsZero? null: &contextHandle, inSecurityBufferDescriptor); refContext.DangerousRelease(); } } } else { throw new ArgumentException(SR.GetString(SR.net_invalid_enum, "SecurDll"), "Dll"); } } finally { if (pinnedInBytes!=null) { for (int index=0; index<pinnedInBytes.Length; index++) { if (pinnedInBytes[index].IsAllocated) { pinnedInBytes[index].Free(); } } } } } GlobalLog.Leave("SafeDeleteContext::CompleteAuthToken() unmanaged CompleteAuthToken()", "errorCode:0x" + errorCode.ToString("x8") + " refContext:" + ValidationHelper.ToString(refContext)); return errorCode; }
internal static unsafe int CompleteAuthToken(SecurDll dll, ref SafeDeleteContext refContext, SecurityBuffer[] inSecBuffers) { SecurityBufferStruct[] structArray2; SecurityBufferDescriptor inputBuffers = new SecurityBufferDescriptor(inSecBuffers.Length); int num = -2146893055; GCHandle[] handleArray = null; SecurityBufferStruct[] structArray = new SecurityBufferStruct[inputBuffers.Count]; if (((structArray2 = structArray) != null) && (structArray2.Length != 0)) { goto Label_002F; } fixed (IntPtr* ptrRef = null) { goto Label_0039; Label_002F: ptrRef = structArray2; Label_0039: inputBuffers.UnmanagedPointer = (void*) ptrRef; handleArray = new GCHandle[inputBuffers.Count]; for (int i = 0; i < inputBuffers.Count; i++) { SecurityBuffer buffer = inSecBuffers[i]; if (buffer != null) { structArray[i].count = buffer.size; structArray[i].type = buffer.type; if (buffer.unmanagedToken != null) { structArray[i].token = buffer.unmanagedToken.DangerousGetHandle(); } else if ((buffer.token == null) || (buffer.token.Length == 0)) { structArray[i].token = IntPtr.Zero; } else { handleArray[i] = GCHandle.Alloc(buffer.token, GCHandleType.Pinned); structArray[i].token = Marshal.UnsafeAddrOfPinnedArrayElement(buffer.token, buffer.offset); } } } SSPIHandle handle = new SSPIHandle(); if (refContext != null) { handle = refContext._handle; } try { if (dll == SecurDll.SECURITY) { if ((refContext == null) || refContext.IsInvalid) { refContext = new SafeDeleteContext_SECURITY(); } bool success = false; RuntimeHelpers.PrepareConstrainedRegions(); try { try { refContext.DangerousAddRef(ref success); } catch (Exception exception) { if (success) { refContext.DangerousRelease(); success = false; } if (!(exception is ObjectDisposedException)) { throw; } } goto Label_0201; } finally { if (success) { num = UnsafeNclNativeMethods.SafeNetHandles_SECURITY.CompleteAuthToken(handle.IsZero ? null : ((void*) &handle), inputBuffers); refContext.DangerousRelease(); } } } throw new ArgumentException(SR.GetString("net_invalid_enum", new object[] { "SecurDll" }), "Dll"); } finally { if (handleArray != null) { for (int j = 0; j < handleArray.Length; j++) { if (handleArray[j].IsAllocated) { handleArray[j].Free(); } } } } } Label_0201:; return num; }