From ade72b32f48e55964ffcb313b31dbb71404e0872 Mon Sep 17 00:00:00 2001 From: antiduh Date: Wed, 25 Jun 2014 02:00:05 +0000 Subject: [PATCH] Implement the context-completion check I've had sitting half done. --- Contexts/ClientContext.cs | 7 ++----- Contexts/Context.cs | 28 ++++++++++++++++++++++++---- Contexts/ServerContext.cs | 8 +++----- 3 files changed, 29 insertions(+), 14 deletions(-) diff --git a/Contexts/ClientContext.cs b/Contexts/ClientContext.cs index ee08102..60374ce 100644 --- a/Contexts/ClientContext.cs +++ b/Contexts/ClientContext.cs @@ -11,7 +11,6 @@ namespace NSspi.Contexts { public class ClientContext : Context { - private bool complete; private ContextAttrib requestedAttribs; private ContextAttrib finalAttribs; private string serverPrinc; @@ -19,8 +18,6 @@ namespace NSspi.Contexts public ClientContext( ClientCredential cred, string serverPrinc, ContextAttrib requestedAttribs ) : base( cred ) { - this.complete = false; - this.serverPrinc = serverPrinc; this.requestedAttribs = requestedAttribs; } @@ -112,12 +109,12 @@ namespace NSspi.Contexts if ( status == SecurityStatus.OK ) { - this.complete = true; + this.Initialized = true; outToken = null; } else if ( status == SecurityStatus.ContinueNeeded ) { - this.complete = false; + this.Initialized = false; outToken = new byte[outTokenBuffer.Length]; Array.Copy( outTokenBuffer.Buffer, outToken, outToken.Length ); diff --git a/Contexts/Context.cs b/Contexts/Context.cs index eb0e3eb..4dcca18 100644 --- a/Contexts/Context.cs +++ b/Contexts/Context.cs @@ -22,12 +22,18 @@ namespace NSspi.Contexts this.ContextHandle = new SafeContextHandle(); this.disposed = false; + this.Initialized = false; } ~Context() { Dispose( false ); } + + /// + /// Whether or not the context is fully formed. + /// + public bool Initialized { get; protected set; } protected Credential Credential { get; private set; } @@ -85,7 +91,7 @@ namespace NSspi.Contexts public byte[] Encrypt( byte[] input ) { // The message is encrypted in place in the buffer we provide to Win32 EncryptMessage - SecPkgContext_Sizes sizes = QueryBufferSizes(); + SecPkgContext_Sizes sizes; SecureBuffer trailerBuffer; SecureBuffer dataBuffer; @@ -95,6 +101,13 @@ namespace NSspi.Contexts SecurityStatus status = SecurityStatus.InvalidHandle; byte[] result; + if ( this.Initialized == false ) + { + throw new InvalidOperationException( "The context is not fully formed." ); + } + + sizes = QueryBufferSizes(); + trailerBuffer = new SecureBuffer( new byte[sizes.SecurityTrailer], BufferType.Token ); dataBuffer = new SecureBuffer( new byte[input.Length], BufferType.Data ); paddingBuffer = new SecureBuffer( new byte[sizes.BlockSize], BufferType.Padding ); @@ -148,7 +161,7 @@ namespace NSspi.Contexts public byte[] Decrypt( byte[] input ) { - SecPkgContext_Sizes sizes = QueryBufferSizes(); + SecPkgContext_Sizes sizes; SecureBuffer trailerBuffer; SecureBuffer dataBuffer; @@ -164,6 +177,13 @@ namespace NSspi.Contexts int dataLength; int paddingLength; + if ( this.Initialized == false ) + { + throw new InvalidOperationException( "The context is not fully formed." ); + } + + sizes = QueryBufferSizes(); + // This check is required, but not sufficient. We could be stricter. if( input.Length < 2 + 4 + 2 + sizes.SecurityTrailer ) { @@ -238,7 +258,7 @@ namespace NSspi.Contexts return result; } - internal SecPkgContext_Sizes QueryBufferSizes() + private SecPkgContext_Sizes QueryBufferSizes() { SecPkgContext_Sizes sizes = new SecPkgContext_Sizes(); SecurityStatus status = SecurityStatus.InternalError; @@ -280,7 +300,7 @@ namespace NSspi.Contexts return sizes; } - internal string QueryContextString(ContextQueryAttrib attrib) + private string QueryContextString(ContextQueryAttrib attrib) { SecPkgContext_String stringAttrib; SecurityStatus status = SecurityStatus.InternalError; diff --git a/Contexts/ServerContext.cs b/Contexts/ServerContext.cs index 01965c6..24d5a50 100644 --- a/Contexts/ServerContext.cs +++ b/Contexts/ServerContext.cs @@ -12,13 +12,11 @@ namespace NSspi.Contexts { private ContextAttrib requestedAttribs; private ContextAttrib finalAttribs; - private bool complete; - + public ServerContext(ServerCredential cred, ContextAttrib requestedAttribs) : base ( cred ) { this.requestedAttribs = requestedAttribs; this.finalAttribs = ContextAttrib.Zero; - } public SecurityStatus AcceptToken( byte[] clientToken, out byte[] nextToken ) @@ -72,7 +70,7 @@ namespace NSspi.Contexts if ( status == SecurityStatus.OK ) { nextToken = null; - this.complete = true; + this.Initialized = true; if ( outBuffer.Length != 0 ) { @@ -86,7 +84,7 @@ namespace NSspi.Contexts } else if ( status == SecurityStatus.ContinueNeeded ) { - this.complete = false; + this.Initialized = false; nextToken = new byte[outBuffer.Length]; Array.Copy( outBuffer.Buffer, nextToken, nextToken.Length );