jeff/NSspi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: jeff:0.1.3
Branches Tags
jeff:master
jeff:0.3.1 jeff:0.30 jeff:0.3.0 jeff:0.2.1 jeff:0.2.0 jeff:0.1.3 jeff:0.1.1 jeff:0.1
..
compare: jeff:0.2.0
Branches Tags
jeff:master
jeff:0.3.1 jeff:0.30 jeff:0.3.0 jeff:0.2.1 jeff:0.2.0 jeff:0.1.3 jeff:0.1.1 jeff:0.1

14 Commits
0.1.3 ... 0.2.0

Author SHA1 Message Date
Kevin Thompson
4d79f1b5db Announced v0.2.0 release 2017-10-20 01:46:33 -04:00
Kevin Thompson
aef74fe8aa Default to VS2015. 2017-10-20 01:25:49 -04:00
Kevin Thompson
37a7881d25 Updated version declarations to v0.2.0, to reflect the new support for username/password authentication plus the minor incompatibility introduced with the updated design. 2017-10-20 01:25:36 -04:00
Kevin Thompson
9350412fb6 Updated the svn-ignore properties. 2017-09-24 02:41:00 -04:00
Kevin Thompson
6a5e6056a7 Added password authentication support. 
Added the ability to acquire a valid credential by providing a username/password combination.
 2017-09-24 02:39:49 -04:00
Kevin Thompson
c6c0ac623e Code cleanup. 
Fixed comment and code style; removed unnecessary initialization of variable.
 2017-09-24 02:10:00 -04:00
Kevin Thompson
c07abdaa62 Comments. 2017-09-24 02:02:10 -04:00
Kevin Thompson
f2d4541bab Renamed Client/ServerCredential. 
The credential implementations should indicate in their name that they are implementations of the 'current' credential (acquired from the login running the process).
 2017-09-24 01:59:34 -04:00
Kevin Thompson
0eb8ff49f2 Fixed ClientContext and ServerContext constructors. 
Changed the contexts to take in any Credential implementation, instead of requiring client- or server-specific credentials.
 2017-09-24 01:56:36 -04:00
Kevin Thompson
3b189d2865 Code cleanup 
Fixed code style using CodeMaid.
 2017-09-24 01:52:45 -04:00
Kevin Thompson
6ff68d8812 Merge pull request #8 from mcgov/master 
Adding QuerySessionKey, as well as QueryContextAttributes and SafeQue…
 2017-09-23 15:00:00 -04:00
Matthew McGovern
e631d77f01 Adding QuerySessionKey, as well as QueryContextAttributes and SafeQueryContextAttributes 2017-09-22 09:21:48 -07:00
Kevin Thompson
4e629a71b2 Changed the csproj to output the documentation xml file 2017-05-01 10:10:32 -04:00
Kevin Thompson
8db4b6d8a5 Documented release 0.1.3 in the readme 2017-05-01 10:06:00 -04:00
58 changed files with 707 additions and 648 deletions
Expand all files Collapse all files

4
NSspi.sln
View File

@@ -1,6 +1,8 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio 2012
# Visual Studio 14
VisualStudioVersion = 14.0.25420.1
MinimumVisualStudioVersion = 10.0.40219.1
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "TestClient", "TestClient\TestClient.csproj", "{E93FBF1A-5198-44D6-BDF0-880D17F2B81A}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "TestProtocol", "TestProtocol\TestProtocol.csproj", "{9BFD94E1-D9FB-44D7-A6E7-8BAC2620E535}"

8
NSspi/ByteWriter.cs
View File

@@ -1,9 +1,4 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
namespace NSspi
{
@@ -37,8 +32,7 @@ namespace NSspi
buffer[position + 0] = (byte)( value >> 24 );
buffer[position + 1] = (byte)( value >> 16 );
buffer[position + 2] = (byte)( value >> 8 );
buffer[position + 3] = (byte)( value);
buffer[position + 3] = (byte)( value );
}
/// <summary>

17
NSspi/Contexts/ClientContext.cs
View File

@@ -1,9 +1,4 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
using NSspi.Buffers;
using NSspi.Credentials;
@@ -33,7 +28,7 @@ namespace NSspi.Contexts
/// <param name="requestedAttribs">Requested attributes that describe the desired properties of the
/// context once it is established. If a context cannot be established that satisfies the indicated
/// properties, the context initialization is aborted.</param>
public ClientContext( ClientCredential cred, string serverPrinc, ContextAttrib requestedAttribs )
public ClientContext( Credential cred, string serverPrinc, ContextAttrib requestedAttribs )
: base( cred )
{
this.serverPrinc = serverPrinc;
@@ -90,12 +85,12 @@ namespace NSspi.Contexts
// The security package tells us how big its biggest token will be. We'll allocate a buffer
// that size, and it'll tell us how much it used.
outTokenBuffer = new SecureBuffer(
new byte[ this.Credential.PackageInfo.MaxTokenLength ],
new byte[this.Credential.PackageInfo.MaxTokenLength],
BufferType.Token
);
serverBuffer = null;
if ( serverToken != null )
if( serverToken != null )
{
serverBuffer = new SecureBuffer( serverToken, BufferType.Token );
}
@@ -115,9 +110,9 @@ namespace NSspi.Contexts
// Windows, 128 bits on 64-bit Windows.
// - So in the end, on a 64-bit machine, we're passing a 64-bit value (the pointer to the struct) that
// points to 128 bits of memory (the struct itself) for where to write the handle numbers.
using ( outAdapter = new SecureBufferAdapter( outTokenBuffer ) )
using( outAdapter = new SecureBufferAdapter( outTokenBuffer ) )
{
if ( this.ContextHandle.IsInvalid )
if( this.ContextHandle.IsInvalid )
{
status = ContextNativeMethods.InitializeSecurityContext_1(
ref this.Credential.Handle.rawHandle,
@@ -136,7 +131,7 @@ namespace NSspi.Contexts
}
else
{
using ( serverAdapter = new SecureBufferAdapter( serverBuffer ) )
using( serverAdapter = new SecureBufferAdapter( serverBuffer ) )
{
status = ContextNativeMethods.InitializeSecurityContext_2(
ref this.Credential.Handle.rawHandle,

69
NSspi/Contexts/Context.cs
View File

@@ -1,12 +1,7 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
using NSspi.Buffers;
using NSspi.Contexts;
using NSspi.Credentials;
namespace NSspi.Contexts
@@ -257,7 +252,7 @@ namespace NSspi.Contexts
paddingLength = ByteWriter.ReadInt16_BE( input, position );
position += 2;
if ( trailerLength + dataLength + paddingLength + 2 + 4 + 2 > input.Length )
if( trailerLength + dataLength + paddingLength + 2 + 4 + 2 > input.Length )
{
throw new ArgumentException( "The buffer contains invalid data - the embedded length data does not add up." );
}
@@ -296,8 +291,7 @@ namespace NSspi.Contexts
}
// else there was no padding.
using( adapter = new SecureBufferAdapter( new [] { trailerBuffer, dataBuffer, paddingBuffer } ) )
using( adapter = new SecureBufferAdapter( new[] { trailerBuffer, dataBuffer, paddingBuffer } ) )
{
status = ContextNativeMethods.SafeDecryptMessage(
this.ContextHandle,
@@ -348,7 +342,7 @@ namespace NSspi.Contexts
Array.Copy( message, dataBuffer.Buffer, message.Length );
using ( adapter = new SecureBufferAdapter( new[] { dataBuffer, signatureBuffer } ) )
using( adapter = new SecureBufferAdapter( new[] { dataBuffer, signatureBuffer } ) )
{
status = ContextNativeMethods.SafeMakeSignature(
this.ContextHandle,
@@ -358,7 +352,7 @@ namespace NSspi.Contexts
);
}
if ( status != SecurityStatus.OK )
if( status != SecurityStatus.OK )
{
throw new SSPIException( "Failed to create message signature.", status );
}
@@ -389,6 +383,35 @@ namespace NSspi.Contexts
return outMessage;
}
/// <summary>
/// Returns the Session Key from a context or null on failure.
/// </summary>
/// <remarks>
/// Session keys are sometimes needed for other purposes or HMAC functions. This function
/// will run QueryAttribute to get the session key struct, and read and return the key from
/// that struct.
/// </remarks>
/// <returns>byte[] with the session key data or null on failure</returns>
public byte[] QuerySessionKey()
{
SecurityStatus status;
byte[] SessionKey = null;
status = ContextNativeMethods.SafeQueryContextAttribute(
this.ContextHandle,
ContextQueryAttrib.SessionKey,
ref SessionKey
);
if( status != SecurityStatus.OK )
{
throw new SSPIException( "Failed to query session key.", status );
}
return SessionKey;
}
/// <summary>
/// Verifies the signature of a signed message
/// </summary>
@@ -415,7 +438,7 @@ namespace NSspi.Contexts
sizes = QueryBufferSizes();
if ( signedMessage.Length < 2 + 4 + sizes.MaxSignature )
if( signedMessage.Length < 2 + 4 + sizes.MaxSignature )
{
throw new ArgumentException( "Input message is too small to possibly fit a valid message" );
}
@@ -430,7 +453,7 @@ namespace NSspi.Contexts
sigLen = ByteWriter.ReadInt16_BE( signedMessage, position );
position += 2;
if ( messageLen + sigLen + 2 + 4 > signedMessage.Length )
if( messageLen + sigLen + 2 + 4 > signedMessage.Length )
{
throw new ArgumentException( "The buffer contains invalid data - the embedded length data does not add up." );
}
@@ -443,7 +466,7 @@ namespace NSspi.Contexts
Array.Copy( signedMessage, position, signatureBuffer.Buffer, 0, sigLen );
position += sigLen;
using ( adapter = new SecureBufferAdapter( new[] { dataBuffer, signatureBuffer } ) )
using( adapter = new SecureBufferAdapter( new[] { dataBuffer, signatureBuffer } ) )
{
status = ContextNativeMethods.SafeVerifySignature(
this.ContextHandle,
@@ -453,12 +476,12 @@ namespace NSspi.Contexts
);
}
if ( status == SecurityStatus.OK )
if( status == SecurityStatus.OK )
{
origMessage = dataBuffer.Buffer;
return true;
}
else if ( status == SecurityStatus.MessageAltered ||
else if( status == SecurityStatus.MessageAltered ||
status == SecurityStatus.OutOfSequence )
{
origMessage = null;
@@ -485,9 +508,9 @@ namespace NSspi.Contexts
{
this.ContextHandle.DangerousAddRef( ref gotRef );
}
catch ( Exception )
catch( Exception )
{
if ( gotRef )
if( gotRef )
{
this.ContextHandle.DangerousRelease();
gotRef = false;
@@ -497,7 +520,7 @@ namespace NSspi.Contexts
}
finally
{
if ( gotRef )
if( gotRef )
{
status = ContextNativeMethods.QueryContextAttributes_Sizes(
ref this.ContextHandle.rawHandle,
@@ -521,7 +544,7 @@ namespace NSspi.Contexts
/// </summary>
/// <param name="attrib">The string-valued attribute to query.</param>
/// <returns></returns>
private string QueryContextString(ContextQueryAttrib attrib)
private string QueryContextString( ContextQueryAttrib attrib )
{
SecPkgContext_String stringAttrib;
SecurityStatus status = SecurityStatus.InternalError;
@@ -540,9 +563,9 @@ namespace NSspi.Contexts
{
this.ContextHandle.DangerousAddRef( ref gotRef );
}
catch ( Exception )
catch( Exception )
{
if ( gotRef )
if( gotRef )
{
this.ContextHandle.DangerousRelease();
gotRef = false;
@@ -551,7 +574,7 @@ namespace NSspi.Contexts
}
finally
{
if ( gotRef )
if( gotRef )
{
status = ContextNativeMethods.QueryContextAttributes_String(
ref this.ContextHandle.rawHandle,
@@ -561,7 +584,7 @@ namespace NSspi.Contexts
this.ContextHandle.DangerousRelease();
if ( status == SecurityStatus.OK )
if( status == SecurityStatus.OK )
{
result = Marshal.PtrToStringUni( stringAttrib.StringResult );
ContextNativeMethods.FreeContextBuffer( stringAttrib.StringResult );

5
NSspi/Contexts/ContextAttrib.cs
View File

@@ -1,8 +1,4 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace NSspi.Contexts
{
@@ -36,7 +32,6 @@ namespace NSspi.Contexts
/// </summary>
MutualAuth = 0x00000002,
/// <summary>
/// Detect replayed messages that have been encoded by using the EncryptMessage or MakeSignature
/// message support functionality.

110
NSspi/Contexts/ContextNativeMethods.cs
View File

@@ -1,13 +1,8 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.CompilerServices;
using System.Runtime.ConstrainedExecution;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
using NSspi.Buffers;
using NSspi.Contexts;
namespace NSspi.Contexts
{
@@ -45,7 +40,7 @@ namespace NSspi.Contexts
);
*/
[DllImport( "Secur32.dll", EntryPoint = "AcceptSecurityContext",CharSet = CharSet.Unicode )]
[DllImport( "Secur32.dll", EntryPoint = "AcceptSecurityContext", CharSet = CharSet.Unicode )]
internal static extern SecurityStatus AcceptSecurityContext_1(
ref RawSspiHandle credHandle,
IntPtr oldContextHandle,
@@ -58,7 +53,6 @@ namespace NSspi.Contexts
ref TimeStamp expiry
);
[DllImport( "Secur32.dll", EntryPoint = "AcceptSecurityContext", CharSet = CharSet.Unicode )]
internal static extern SecurityStatus AcceptSecurityContext_2(
ref RawSspiHandle credHandle,
@@ -72,7 +66,6 @@ namespace NSspi.Contexts
ref TimeStamp expiry
);
[DllImport( "Secur32.dll", EntryPoint = "InitializeSecurityContext", CharSet = CharSet.Unicode )]
internal static extern SecurityStatus InitializeSecurityContext_1(
ref RawSspiHandle credentialHandle,
@@ -89,7 +82,6 @@ namespace NSspi.Contexts
ref TimeStamp expiry
);
[DllImport( "Secur32.dll", EntryPoint = "InitializeSecurityContext", CharSet = CharSet.Unicode )]
internal static extern SecurityStatus InitializeSecurityContext_2(
ref RawSspiHandle credentialHandle,
@@ -106,12 +98,11 @@ namespace NSspi.Contexts
ref TimeStamp expiry
);
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success )]
[ReliabilityContract( Consistency.WillNotCorruptState, Cer.Success )]
[DllImport( "Secur32.dll", EntryPoint = "DeleteSecurityContext", CharSet = CharSet.Unicode )]
internal static extern SecurityStatus DeleteSecurityContext( ref RawSspiHandle contextHandle );
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail )]
[ReliabilityContract( Consistency.WillNotCorruptState, Cer.MayFail )]
[DllImport( "Secur32.dll", EntryPoint = "EncryptMessage", CharSet = CharSet.Unicode )]
internal static extern SecurityStatus EncryptMessage(
ref RawSspiHandle contextHandle,
@@ -155,7 +146,7 @@ namespace NSspi.Contexts
ref SecPkgContext_Sizes sizes
);
[ReliabilityContract( Consistency.WillNotCorruptState, Cer.Success)]
[ReliabilityContract( Consistency.WillNotCorruptState, Cer.Success )]
[DllImport( "Secur32.dll", EntryPoint = "QueryContextAttributes", CharSet = CharSet.Unicode )]
internal static extern SecurityStatus QueryContextAttributes_String(
ref RawSspiHandle contextHandle,
@@ -163,11 +154,18 @@ namespace NSspi.Contexts
ref SecPkgContext_String names
);
[ReliabilityContract( Consistency.WillNotCorruptState, Cer.Success )]
[DllImport( "Secur32.dll", EntryPoint = "QueryContextAttributes", CharSet = CharSet.Unicode )]
internal static extern SecurityStatus QueryContextAttributes(
ref RawSspiHandle contextHandle,
ContextQueryAttrib attrib,
IntPtr attribute
);
[ReliabilityContract( Consistency.WillNotCorruptState, Cer.Success )]
[DllImport( "Secur32.dll", EntryPoint = "FreeContextBuffer", CharSet = CharSet.Unicode )]
internal static extern SecurityStatus FreeContextBuffer( IntPtr handle );
[ReliabilityContract( Consistency.WillNotCorruptState, Cer.Success )]
[DllImport( "Secur32.dll", EntryPoint = "ImpersonateSecurityContext", CharSet = CharSet.Unicode )]
internal static extern SecurityStatus ImpersonateSecurityContext( ref RawSspiHandle contextHandle );
@@ -176,6 +174,72 @@ namespace NSspi.Contexts
[DllImport( "Secur32.dll", EntryPoint = "RevertSecurityContext", CharSet = CharSet.Unicode )]
internal static extern SecurityStatus RevertSecurityContext( ref RawSspiHandle contextHandle );
[StructLayout( LayoutKind.Sequential )]
private class KeyStruct
{
public int size;
public IntPtr data;
}
internal static SecurityStatus SafeQueryContextAttribute(
SafeContextHandle handle,
ContextQueryAttrib attribute,
ref byte[] buffer
)
{
bool gotRef = false;
SecurityStatus status = SecurityStatus.InternalError;
RuntimeHelpers.PrepareConstrainedRegions();
int pointerSize = System.Environment.Is64BitOperatingSystem ? 8 : 4; //NOTE: update this when 128 bit processors exist
IntPtr alloc_buffer = Marshal.AllocHGlobal( sizeof( uint ) + pointerSize ); //NOTE: this is at most 4 + sizeof(void*) bytes
//see struct SecPkgContext_SessionKey
// https://msdn.microsoft.com/en-us/library/windows/desktop/aa380096(v=vs.85).aspx
try
{
handle.DangerousAddRef( ref gotRef );
}
catch( Exception )
{
if( gotRef )
{
handle.DangerousRelease();
gotRef = false;
buffer = null;
}
throw;
}
finally
{
if( gotRef )
{
status = ContextNativeMethods.QueryContextAttributes(
ref handle.rawHandle,
attribute,
alloc_buffer
);
if( status == SecurityStatus.OK )
{
KeyStruct key = new KeyStruct();
Marshal.PtrToStructure( alloc_buffer, key ); // fit to the proper size, read a byte[]
byte[] sizedBuffer = new byte[key.size];
for( int i = 0; i < key.size; i++ )
sizedBuffer[i] = Marshal.ReadByte( key.data, i );
buffer = sizedBuffer;
}
handle.DangerousRelease();
}
}
Marshal.FreeHGlobal( alloc_buffer );
return status;
}
/// <summary>
/// Safely invokes the native EncryptMessage function, making sure that handle ref counting is
/// performed in a proper CER.
@@ -199,9 +263,9 @@ namespace NSspi.Contexts
{
handle.DangerousAddRef( ref gotRef );
}
catch ( Exception )
catch( Exception )
{
if ( gotRef )
if( gotRef )
{
handle.DangerousRelease();
gotRef = false;
@@ -211,7 +275,7 @@ namespace NSspi.Contexts
}
finally
{
if ( gotRef )
if( gotRef )
{
status = ContextNativeMethods.EncryptMessage(
ref handle.rawHandle,
@@ -301,9 +365,9 @@ namespace NSspi.Contexts
{
handle.DangerousAddRef( ref gotRef );
}
catch ( Exception )
catch( Exception )
{
if ( gotRef )
if( gotRef )
{
handle.DangerousRelease();
gotRef = false;
@@ -313,7 +377,7 @@ namespace NSspi.Contexts
}
finally
{
if ( gotRef )
if( gotRef )
{
status = ContextNativeMethods.MakeSignature(
ref handle.rawHandle,
@@ -352,9 +416,9 @@ namespace NSspi.Contexts
{
handle.DangerousAddRef( ref gotRef );
}
catch ( Exception )
catch( Exception )
{
if ( gotRef )
if( gotRef )
{
handle.DangerousRelease();
gotRef = false;
@@ -364,7 +428,7 @@ namespace NSspi.Contexts
}
finally
{
if ( gotRef )
if( gotRef )
{
status = ContextNativeMethods.VerifySignature(
ref handle.rawHandle,

4
NSspi/Contexts/ContextQueries.cs
View File

@@ -1,9 +1,5 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
namespace NSspi.Contexts
{

14
NSspi/Contexts/ContextQueryAttrib.cs
View File

@@ -1,8 +1,4 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace NSspi.Contexts
{
@@ -36,5 +32,15 @@ namespace NSspi.Contexts
/// Results for a query of this type are stored in a Win32 SecPkgContext_Authority structure.
/// </remarks>
Authority = 6,
/// <summary>
/// Queries the context for it's neogtiated SessionKey
/// </summary>
/// <remarks>
/// Results for a query of this type are stored in a Win32 SecPkgContext_SessionKey structure
/// </remarks>
SessionKey = 9,
AccessToken = 13, //not implemented yet but this would be cool
}
}

7
NSspi/Contexts/ImpersonationHandle.cs
View File

@@ -1,8 +1,4 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace NSspi.Contexts
{
@@ -27,7 +23,7 @@ namespace NSspi.Contexts
/// Initializes a new instance of the ImpersonationHandle. Does not perform impersonation.
/// </summary>
/// <param name="server">The server context that is performing impersonation.</param>
internal ImpersonationHandle(ServerContext server)
internal ImpersonationHandle( ServerContext server )
{
this.server = server;
this.disposed = false;
@@ -54,6 +50,5 @@ namespace NSspi.Contexts
this.server.RevertImpersonate();
}
}
}
}

4
NSspi/Contexts/SafeContextHandle.cs
View File

@@ -1,9 +1,5 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.ConstrainedExecution;
using System.Text;
using System.Threading.Tasks;
namespace NSspi.Contexts
{

20
NSspi/Contexts/ServerContext.cs
View File

@@ -1,9 +1,5 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.CompilerServices;
using System.Text;
using System.Threading.Tasks;
using NSspi.Buffers;
using NSspi.Credentials;
@@ -25,7 +21,7 @@ namespace NSspi.Contexts
/// </summary>
/// <param name="cred"></param>
/// <param name="requestedAttribs"></param>
public ServerContext(ServerCredential cred, ContextAttrib requestedAttribs) : base ( cred )
public ServerContext( Credential cred, ContextAttrib requestedAttribs ) : base( cred )
{
this.requestedAttribs = requestedAttribs;
this.finalAttribs = ContextAttrib.Zero;
@@ -90,13 +86,13 @@ namespace NSspi.Contexts
clientBuffer = new SecureBuffer( clientToken, BufferType.Token );
outBuffer = new SecureBuffer(
new byte[ this.Credential.PackageInfo.MaxTokenLength ],
new byte[this.Credential.PackageInfo.MaxTokenLength],
BufferType.Token
);
using ( clientAdapter = new SecureBufferAdapter( clientBuffer ) )
using( clientAdapter = new SecureBufferAdapter( clientBuffer ) )
{
using ( outAdapter = new SecureBufferAdapter( outBuffer ) )
using( outAdapter = new SecureBufferAdapter( outBuffer ) )
{
if( this.ContextHandle.IsInvalid )
{
@@ -125,19 +121,17 @@ namespace NSspi.Contexts
ref this.finalAttribs,
ref rawExpiry
);
}
}
}
if ( status == SecurityStatus.OK )
if( status == SecurityStatus.OK )
{
nextToken = null;
base.Initialize( rawExpiry.ToDateTime() );
if ( outBuffer.Length != 0 )
if( outBuffer.Length != 0 )
{
nextToken = new byte[outBuffer.Length];
Array.Copy( outBuffer.Buffer, nextToken, nextToken.Length );
@@ -147,7 +141,7 @@ namespace NSspi.Contexts
nextToken = null;
}
}
else if ( status == SecurityStatus.ContinueNeeded )
else if( status == SecurityStatus.ContinueNeeded )
{
nextToken = new byte[outBuffer.Length];
Array.Copy( outBuffer.Buffer, nextToken, nextToken.Length );

55
NSspi/Credentials/AuthData.cs Normal file
View File

@@ -0,0 +1,55 @@
using System;
using System.Runtime.InteropServices;
namespace NSspi.Credentials
{
/// <summary>
/// Provides authentication data in native method calls.
/// </summary>
/// <remarks>
/// Implements the 'SEC_WINNT_AUTH_IDENTITY' structure. See:
///
/// https://msdn.microsoft.com/en-us/library/windows/desktop/aa380131(v=vs.85).aspx
/// </remarks>
[StructLayout( LayoutKind.Sequential )]
internal struct NativeAuthData
{
public NativeAuthData( string domain, string username, string password, NativeAuthDataFlag flag )
{
this.Domain = domain;
this.DomainLength = domain.Length;
this.User = username;
this.UserLength = username.Length;
this.Password = password;
this.PasswordLength = password.Length;
this.Flags = flag;
}
[MarshalAs( UnmanagedType.LPWStr )]
public string User;
public int UserLength;
[MarshalAs( UnmanagedType.LPWStr )]
public string Domain;
public int DomainLength;
[MarshalAs( UnmanagedType.LPWStr )]
public string Password;
public int PasswordLength;
public NativeAuthDataFlag Flags;
}
internal enum NativeAuthDataFlag : int
{
Ansi = 1,
Unicode = 1
}
}

24
NSspi/Credentials/ClientCredential.cs
View File

@@ -1,24 +0,0 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.CompilerServices;
using System.Text;
using System.Threading.Tasks;
namespace NSspi.Credentials
{
/// <summary>
/// Represents the credentials of the user running the current process, for use as an SSPI client.
/// </summary>
public class ClientCredential : CurrentCredential
{
/// <summary>
/// Initializes a new instance of the ClientCredential class.
/// </summary>
/// <param name="package">The security package to acquire the credential handle from.</param>
public ClientCredential( string package )
: base( package, CredentialUse.Outbound )
{
}
}
}

20
NSspi/Credentials/ClientCurrentCredential.cs Normal file
View File

@@ -0,0 +1,20 @@
using System;
namespace NSspi.Credentials
{
/// <summary>
/// Represents a handle to the credentials of the user running the current process, to be used to
/// authenticate as a client.
/// </summary>
public class ClientCurrentCredential : CurrentCredential
{
/// <summary>
/// Initializes a new instance of the ClientCurrentCredential class.
/// </summary>
/// <param name="package">The security package to acquire the credential handle from.</param>
public ClientCurrentCredential( string package )
: base( package, CredentialUse.Outbound )
{
}
}
}

11
NSspi/Credentials/Credential.cs
View File

@@ -1,13 +1,6 @@
using System;
using System.Collections.Generic;
using System.DirectoryServices.AccountManagement;
using System.Linq;
using System.Runtime.CompilerServices;
using System.Runtime.ConstrainedExecution;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
using NSspi.Credentials;
namespace NSspi.Credentials
{
@@ -187,9 +180,9 @@ namespace NSspi.Credentials
protected virtual void Dispose( bool disposing )
{
if ( this.disposed == false )
if( this.disposed == false )
{
if ( disposing )
if( disposing )
{
this.safeCredHandle.Dispose();
}

23
NSspi/Credentials/CredentialNativeMethods.cs
View File

@@ -1,17 +1,12 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.ConstrainedExecution;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
using NSspi.Credentials;
namespace NSspi.Credentials
{
internal static class CredentialNativeMethods
{
[ReliabilityContract( Consistency.WillNotCorruptState, Cer.MayFail)]
[ReliabilityContract( Consistency.WillNotCorruptState, Cer.MayFail )]
[DllImport( "Secur32.dll", EntryPoint = "AcquireCredentialsHandle", CharSet = CharSet.Unicode )]
internal static extern SecurityStatus AcquireCredentialsHandle(
string principleName,
@@ -25,13 +20,27 @@ namespace NSspi.Credentials
ref TimeStamp expiry
);
[ReliabilityContract( Consistency.WillNotCorruptState, Cer.MayFail )]
[DllImport( "Secur32.dll", EntryPoint = "AcquireCredentialsHandle", CharSet = CharSet.Unicode )]
internal static extern SecurityStatus AcquireCredentialsHandle_AuthData(
string principleName,
string packageName,
CredentialUse credentialUse,
IntPtr loginId,
ref NativeAuthData authData,
IntPtr getKeyFunc,
IntPtr getKeyData,
ref RawSspiHandle credentialHandle,
ref TimeStamp expiry
);
[ReliabilityContract( Consistency.WillNotCorruptState, Cer.Success )]
[DllImport( "Secur32.dll", EntryPoint = "FreeCredentialsHandle", CharSet = CharSet.Unicode )]
internal static extern SecurityStatus FreeCredentialsHandle(
ref RawSspiHandle credentialHandle
);
/// <summary>
/// The overload of the QueryCredentialsAttribute method that is used for querying the name attribute.
/// In this call, it takes a void* to a structure that contains a wide char pointer. The wide character

4
NSspi/Credentials/CredentialQueryAttrib.cs
View File

@@ -1,8 +1,4 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace NSspi.Credentials
{

4
NSspi/Credentials/CredentialUse.cs
View File

@@ -1,8 +1,4 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace NSspi.Credentials
{

7
NSspi/Credentials/CurrentCredential.cs
View File

@@ -1,9 +1,5 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.CompilerServices;
using System.Text;
using System.Threading.Tasks;
namespace NSspi.Credentials
{
@@ -57,13 +53,12 @@ namespace NSspi.Credentials
);
}
if ( status != SecurityStatus.OK )
if( status != SecurityStatus.OK )
{
throw new SSPIException( "Failed to call AcquireCredentialHandle", status );
}
this.Expiry = rawExpiry.ToDateTime();
}
}
}

78
NSspi/Credentials/PasswordCredential.cs Normal file
View File

@@ -0,0 +1,78 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.CompilerServices;
using System.Text;
namespace NSspi.Credentials
{
/// <summary>
/// Represents credentials acquired by providing a username, password, and domain.
/// </summary>
public class PasswordCredential : Credential
{
/// <summary>
/// Initializes a new instance of the PasswordCredential class.
/// </summary>
/// <remarks>
/// It is possible to acquire a valid handle to credentials that do not provide a valid
/// username-password combination. The username and password are not validation until the
/// authentication cycle begins.
/// </remarks>
/// <param name="domain">The domain to authenticate to.</param>
/// <param name="username">The username of the user to authenticate as.</param>
/// <param name="password">The user's password.</param>
/// <param name="secPackage">The SSPI security package to create credentials for.</param>
/// <param name="use">
/// Specify inbound when acquiring credentials for a server; outbound for a client.
/// </param>
public PasswordCredential( string domain, string username, string password, string secPackage, CredentialUse use )
: base( secPackage )
{
NativeAuthData authData = new NativeAuthData( domain, username, password, NativeAuthDataFlag.Unicode );
Init( authData, secPackage, use );
}
private void Init( NativeAuthData authData, string secPackage, CredentialUse use )
{
string packageName;
TimeStamp rawExpiry = new TimeStamp();
SecurityStatus status = SecurityStatus.InternalError;
// -- Package --
// Copy off for the call, since this.SecurityPackage is a property.
packageName = this.SecurityPackage;
this.Handle = new SafeCredentialHandle();
// The finally clause is the actual constrained region. The VM pre-allocates any stack space,
// performs any allocations it needs to prepare methods for execution, and postpones any
// instances of the 'uncatchable' exceptions (ThreadAbort, StackOverflow, OutOfMemory).
RuntimeHelpers.PrepareConstrainedRegions();
try { }
finally
{
status = CredentialNativeMethods.AcquireCredentialsHandle_AuthData(
null,
packageName,
use,
IntPtr.Zero,
ref authData,
IntPtr.Zero,
IntPtr.Zero,
ref this.Handle.rawHandle,
ref rawExpiry
);
}
if( status != SecurityStatus.OK )
{
throw new SSPIException( "Failed to call AcquireCredentialHandle", status );
}
this.Expiry = rawExpiry.ToDateTime();
}
}
}

4
NSspi/Credentials/QueryNameSupport.cs
View File

@@ -1,9 +1,5 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
namespace NSspi.Credentials
{

5
NSspi/Credentials/SafeCredentialHandle.cs
View File

@@ -1,9 +1,5 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.ConstrainedExecution;
using System.Text;
using System.Threading.Tasks;
namespace NSspi.Credentials
{
@@ -28,5 +24,4 @@ namespace NSspi.Credentials
return status == SecurityStatus.OK;
}
}
}

12
NSspi/Credentials/ServerCredential.cs → NSspi/Credentials/ServerCurrentCredential.cs
View File

@@ -1,23 +1,19 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.CompilerServices;
using System.Text;
using System.Threading.Tasks;
namespace NSspi.Credentials
{
/// <summary>
/// Represents the credentials of the user running the current process, for use as an SSPI server.
/// Represents a handle to the credentials of the user running the current process, to be used to
/// authenticate as a server.
/// </summary>
public class ServerCredential : CurrentCredential
public class ServerCurrentCredential : CurrentCredential
{
/// <summary>
/// Initializes a new instance of the ServerCredential class, acquiring credentials from
/// the current thread's security context.
/// </summary>
/// <param name="package">The name of the security package to obtain credentials from.</param>
public ServerCredential( string package )
public ServerCurrentCredential( string package )
: base( package, CredentialUse.Inbound )
{
}

3
NSspi/EnumMgr.cs
View File

@@ -1,8 +1,5 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Reflection;
using System.Text;
namespace NSspi
{

7
NSspi/NSspi.csproj
View File

@@ -23,6 +23,7 @@
<WarningLevel>4</WarningLevel>
<AllowUnsafeBlocks>false</AllowUnsafeBlocks>
<Prefer32Bit>false</Prefer32Bit>
<DocumentationFile>bin\Debug\NSspi.XML</DocumentationFile>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<DebugType>pdbonly</DebugType>
@@ -54,18 +55,20 @@
<Compile Include="Contexts\ContextQueryAttrib.cs" />
<Compile Include="Contexts\ImpersonationHandle.cs" />
<Compile Include="Contexts\SafeContextHandle.cs" />
<Compile Include="Credentials\AuthData.cs" />
<Compile Include="Credentials\ClientCurrentCredential.cs" />
<Compile Include="Credentials\CurrentCredential.cs" />
<Compile Include="Credentials\PasswordCredential.cs" />
<Compile Include="Credentials\ServerCurrentCredential.cs" />
<Compile Include="EnumMgr.cs" />
<Compile Include="SecPkgInfo.cs" />
<Compile Include="Contexts\ServerContext.cs" />
<Compile Include="Credentials\ClientCredential.cs" />
<Compile Include="Credentials\Credential.cs" />
<Compile Include="Credentials\CredentialNativeMethods.cs" />
<Compile Include="Credentials\CredentialQueryAttrib.cs" />
<Compile Include="Credentials\CredentialUse.cs" />
<Compile Include="Credentials\QueryNameSupport.cs" />
<Compile Include="Credentials\SafeCredentialHandle.cs" />
<Compile Include="Credentials\ServerCredential.cs" />
<Compile Include="NativeMethods.cs" />
<Compile Include="PackageSupport.cs" />
<Compile Include="PackageNames.cs" />

4
NSspi/NSspi.nuspec
View File

@@ -2,7 +2,7 @@
<package >
<metadata>
<id>NSspi</id>
<version>0.1.3.0</version>
<version>0.2.0.0</version>
<authors>Kevin Thompson</authors>
<owners>Kevin Thompson</owners>
<projectUrl>https://github.com/antiduh/nsspi</projectUrl>
@@ -12,7 +12,7 @@
better known as Windows Integrated Authentication.
</description>
<language>C#</language>
<releaseNotes>First release of NSspi.</releaseNotes>
<releaseNotes>Adds support for username/password credentials, but introduces a minor change in the interface that breaks existing code.</releaseNotes>
<copyright>Copyright 2017</copyright>
</metadata>
</package>

9
NSspi/NativeMethods.cs
View File

@@ -1,21 +1,15 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.ConstrainedExecution;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
using NSspi.Contexts;
namespace NSspi
{
internal static class NativeMethods
{
[ReliabilityContract( Consistency.WillNotCorruptState, Cer.Success)]
[ReliabilityContract( Consistency.WillNotCorruptState, Cer.Success )]
[DllImport( "Secur32.dll", EntryPoint = "FreeContextBuffer", CharSet = CharSet.Unicode )]
internal static extern SecurityStatus FreeContextBuffer( IntPtr buffer );
[ReliabilityContract( Consistency.WillNotCorruptState, Cer.Success )]
[DllImport( "Secur32.dll", EntryPoint = "QuerySecurityPackageInfo", CharSet = CharSet.Unicode )]
internal static extern SecurityStatus QuerySecurityPackageInfo( string packageName, ref IntPtr pkgInfo );
@@ -23,6 +17,5 @@ namespace NSspi
[ReliabilityContract( Consistency.WillNotCorruptState, Cer.Success )]
[DllImport( "Secur32.dll", EntryPoint = "EnumerateSecurityPackages", CharSet = CharSet.Unicode )]
internal static extern SecurityStatus EnumerateSecurityPackages( ref int numPackages, ref IntPtr pkgInfoArry );
}
}

4
NSspi/PackageNames.cs
View File

@@ -1,8 +1,4 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace NSspi
{

10
NSspi/PackageSupport.cs
View File

@@ -1,10 +1,6 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
namespace NSspi
{
@@ -35,11 +31,11 @@ namespace NSspi
{
status = NativeMethods.QuerySecurityPackageInfo( packageName, ref rawInfoPtr );
if ( rawInfoPtr != IntPtr.Zero )
if( rawInfoPtr != IntPtr.Zero )
{
try
{
if ( status == SecurityStatus.OK )
if( status == SecurityStatus.OK )
{
// This performs allocations as it makes room for the strings contained in the SecPkgInfo class.
Marshal.PtrToStructure( rawInfoPtr, info );
@@ -71,7 +67,7 @@ namespace NSspi
IntPtr pkgArrayPtr;
IntPtr pkgPtr;
int numPackages = 0;
int pkgSize = Marshal.SizeOf( typeof(SecPkgInfo) );
int pkgSize = Marshal.SizeOf( typeof( SecPkgInfo ) );
pkgArrayPtr = new IntPtr();

25
NSspi/Properties/AssemblyInfo.cs
View File

@@ -1,26 +1,25 @@
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
// General Information about an assembly is controlled through the following
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("NSspi")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("Kevin Thompson")]
[assembly: AssemblyProduct("NSspi")]
[assembly: AssemblyCopyright("Copyright © Kevin Thompson 2014")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
[assembly: AssemblyTitle( "NSspi" )]
[assembly: AssemblyDescription( "" )]
[assembly: AssemblyConfiguration( "" )]
[assembly: AssemblyCompany( "Kevin Thompson" )]
[assembly: AssemblyProduct( "NSspi" )]
[assembly: AssemblyCopyright( "Copyright © Kevin Thompson 2017" )]
[assembly: AssemblyTrademark( "" )]
[assembly: AssemblyCulture( "" )]
// Setting ComVisible to false makes the types in this assembly not visible
// to COM components. If you need to access a type in this assembly from
// COM, set the ComVisible attribute to true on that type.
[assembly: ComVisible(false)]
[assembly: ComVisible( false )]
// The following GUID is for the ID of the typelib if this project is exposed to COM
[assembly: Guid("9abf710c-c646-42aa-8183-76bfa141a07b")]
[assembly: Guid( "9abf710c-c646-42aa-8183-76bfa141a07b" )]
// Version information for an assembly consists of the following four values:
//
@@ -32,5 +31,5 @@ using System.Runtime.InteropServices;
// You can specify all the values or you can default the Build and Revision Numbers
// by using the '*' as shown below:
// [assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyVersion("0.1.3.0")]
[assembly: AssemblyFileVersion("0.1.2.0")]
[assembly: AssemblyVersion( "0.2.0.0" )]
[assembly: AssemblyFileVersion( "0.2.0.0" )]

8
NSspi/SSPIException.cs
View File

@@ -1,9 +1,5 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.Serialization;
using System.Text;
using System.Threading.Tasks;
namespace NSspi
{
@@ -35,7 +31,7 @@ namespace NSspi
protected SSPIException( SerializationInfo info, StreamingContext context )
: base( info, context )
{
this.message = info.GetString("message");
this.message = info.GetString( "message" );
this.errorCode = (SecurityStatus)info.GetUInt32( "errorCode" );
}
@@ -74,7 +70,7 @@ namespace NSspi
"{0}. Error Code = '0x{1:X}' - \"{2}\".",
this.message,
this.errorCode,
EnumMgr.ToText(this.errorCode)
EnumMgr.ToText( this.errorCode )
);
}
}

4
NSspi/SecPkgInfo.cs
View File

@@ -1,9 +1,5 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
namespace NSspi
{

4
NSspi/SecureBuffer/SecureBuffer.cs
View File

@@ -1,9 +1,5 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
namespace NSspi.Buffers
{

11
NSspi/SecureBuffer/SecureBufferAdapter.cs
View File

@@ -1,10 +1,7 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.ConstrainedExecution;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
namespace NSspi.Buffers
{
@@ -120,7 +117,7 @@ namespace NSspi.Buffers
this.bufferHandles = new GCHandle[this.buffers.Count];
this.bufferCarrier = new SecureBufferInternal[this.buffers.Count];
for ( int i = 0; i < this.buffers.Count; i++ )
for( int i = 0; i < this.buffers.Count; i++ )
{
this.bufferHandles[i] = GCHandle.Alloc( this.buffers[i].Buffer, GCHandleType.Pinned );
@@ -156,7 +153,7 @@ namespace NSspi.Buffers
{
get
{
if ( this.disposed )
if( this.disposed )
{
throw new ObjectDisposedException( "Cannot use SecureBufferListHandle after it has been disposed" );
}
@@ -184,9 +181,9 @@ namespace NSspi.Buffers
[ReliabilityContract( Consistency.WillNotCorruptState, Cer.Success )]
private void Dispose( bool disposing )
{
if ( this.disposed == true ) { return; }
if( this.disposed == true ) { return; }
if ( disposing )
if( disposing )
{
// When this class is actually being used for its original purpose - to convey buffers
// back and forth to SSPI calls - we need to copy the potentially modified structure members

4
NSspi/SecureBuffer/SecureBufferDataRep.cs
View File

@@ -1,8 +1,4 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace NSspi.Buffers
{

7
NSspi/SecureBuffer/SecureBufferDesc.cs
View File

@@ -1,10 +1,5 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.ConstrainedExecution;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
namespace NSspi.Buffers
{
@@ -12,7 +7,7 @@ namespace NSspi.Buffers
/// Represents the native layout of the secure buffer descriptor that is provided directly
/// to native API calls.
/// </summary>
[StructLayout( LayoutKind.Sequential)]
[StructLayout( LayoutKind.Sequential )]
internal struct SecureBufferDescInternal
{
/// <summary>

6
NSspi/SecureBuffer/SecureBufferType.cs
View File

@@ -1,8 +1,4 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace NSspi.Buffers
{
@@ -57,7 +53,7 @@ namespace NSspi.Buffers
Stream = 0x0A,
ChannelBindings = 0x0E,
TargetHost = 0x10,
ReadOnlyFlag = unchecked( (int)0x80000000 ),
ReadOnlyFlag = unchecked((int)0x80000000),
ReadOnlyWithChecksum = 0x10000000
}
}

33
NSspi/SecurityStatus.cs
View File

@@ -1,8 +1,4 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace NSspi
{
@@ -67,16 +63,16 @@ namespace NSspi
Renegotiate = 0x00090321,
// Errors
[EnumString( "Not enough memory.")]
[EnumString( "Not enough memory." )]
OutOfMemory = 0x80090300,
[EnumString( "The handle provided to the API was invalid.")]
[EnumString( "The handle provided to the API was invalid." )]
InvalidHandle = 0x80090301,
[EnumString( "The attempted operation is not supported")]
[EnumString( "The attempted operation is not supported" )]
Unsupported = 0x80090302,
[EnumString( "The specified principle is not known in the authentication system.")]
[EnumString( "The specified principle is not known in the authentication system." )]
TargetUnknown = 0x80090303,
[EnumString( "An internal error occurred" )]
@@ -85,7 +81,7 @@ namespace NSspi
/// <summary>
/// No security provider package was found with the given name.
/// </summary>
[EnumString( "The requested security package was not found.")]
[EnumString( "The requested security package was not found." )]
PackageNotFound = 0x80090305,
NotOwner = 0x80090306,
@@ -94,7 +90,7 @@ namespace NSspi
/// <summary>
/// A token was provided that contained incorrect or corrupted data.
/// </summary>
[EnumString("The provided authentication token is invalid or corrupted.")]
[EnumString( "The provided authentication token is invalid or corrupted." )]
InvalidToken = 0x80090308,
CannotPack = 0x80090309,
@@ -103,27 +99,26 @@ namespace NSspi
/// <summary>
/// Impersonation is not supported.
/// </summary>
[EnumString("Impersonation is not supported with the current security package.")]
[EnumString( "Impersonation is not supported with the current security package." )]
NoImpersonation = 0x8009030B,
[EnumString("The logon was denied, perhaps because the provided credentials were incorrect.")]
[EnumString( "The logon was denied, perhaps because the provided credentials were incorrect." )]
LogonDenied = 0x8009030C,
[EnumString( "The credentials provided are not recognized by the selected security package.")]
[EnumString( "The credentials provided are not recognized by the selected security package." )]
UnknownCredentials = 0x8009030D,
[EnumString( "No credentials are available in the selected security package.")]
[EnumString( "No credentials are available in the selected security package." )]
NoCredentials = 0x8009030E,
[EnumString( "A message that was provided to the Decrypt or VerifySignature functions was altered " +
"after it was created.")]
"after it was created." )]
MessageAltered = 0x8009030F,
[EnumString( "A message was received out of the expected order.")]
[EnumString( "A message was received out of the expected order." )]
OutOfSequence = 0x80090310,
[EnumString( "The current security package cannot contact an authenticating authority.")]
[EnumString( "The current security package cannot contact an authenticating authority." )]
NoAuthenticatingAuthority = 0x80090311,
/// <summary>
@@ -138,6 +133,7 @@ namespace NSspi
/// type 'extra'.
/// </remarks>
IncompleteMessage = 0x80090318,
IncompleteCredentials = 0x80090320,
BufferNotEnough = 0x80090321,
WrongPrincipal = 0x80090322,
@@ -168,5 +164,4 @@ namespace NSspi
return (uint)status > 0x80000000u;
}
}
}

10
NSspi/SspiHandle.cs
View File

@@ -1,12 +1,6 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.CompilerServices;
using System.Runtime.ConstrainedExecution;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
using NSspi.Contexts;
namespace NSspi
{
@@ -25,7 +19,7 @@ namespace NSspi
/// to this handle for performing work (InitializeSecurityContext, eg) should be performed a CER
/// that employs handle reference counting across the native API invocation.
/// </remarks>
[StructLayout( LayoutKind.Sequential, Pack = 1 ) ]
[StructLayout( LayoutKind.Sequential, Pack = 1 )]
internal struct RawSspiHandle
{
private IntPtr lowPart;
@@ -46,7 +40,7 @@ namespace NSspi
/// <remarks>
/// This method is executed in a CER during handle release.
/// </remarks>
[ReliabilityContract( Consistency.WillNotCorruptState, Cer.Success)]
[ReliabilityContract( Consistency.WillNotCorruptState, Cer.Success )]
public void SetInvalid()
{
this.lowPart = IntPtr.Zero;

8
NSspi/TimeStamp.cs
View File

@@ -1,9 +1,5 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
namespace NSspi
{
@@ -29,13 +25,13 @@ namespace NSspi
/// <returns></returns>
public DateTime ToDateTime()
{
ulong test = (ulong)this.time + (ulong)(Epoch.Ticks);
ulong test = (ulong)this.time + (ulong)( Epoch.Ticks );
// Sometimes the value returned is massive, eg, 0x7fffff154e84ffff, which is a value
// somewhere in the year 30848. This would overflow DateTime, since it peaks at 31-Dec-9999.
// It turns out that this value corresponds to a TimeStamp's maximum value, reduced by my local timezone
// http://stackoverflow.com/questions/24478056/
if ( test > (ulong)DateTime.MaxValue.Ticks )
if( test > (ulong)DateTime.MaxValue.Ticks )
{
return DateTime.MaxValue;
}

2
NsspiDemo/App.config
View File

@@ -1,6 +1,6 @@
<?xml version="1.0"?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0" />
</startup>
</configuration>

32
NsspiDemo/Program.cs
View File

@@ -16,10 +16,10 @@ namespace NSspi
private static void CredTest( string packageName )
{
ClientCredential clientCred = null;
ClientCurrentCredential clientCred = null;
ClientContext client = null;
ServerCredential serverCred = null;
ServerCurrentCredential serverCred = null;
ServerContext server = null;
byte[] clientToken;
@@ -30,8 +30,8 @@ namespace NSspi
try
{
clientCred = new ClientCredential( packageName );
serverCred = new ServerCredential( packageName );
clientCred = new ClientCurrentCredential( packageName );
serverCred = new ServerCurrentCredential( packageName );
Console.Out.WriteLine( clientCred.PrincipleName );
@@ -47,7 +47,6 @@ namespace NSspi
ContextAttrib.Delegate
);
server = new ServerContext(
serverCred,
ContextAttrib.MutualAuth |
@@ -64,18 +63,17 @@ namespace NSspi
clientStatus = client.Init( serverToken, out clientToken );
while ( true )
while( true )
{
serverStatus = server.AcceptToken( clientToken, out serverToken );
if ( serverStatus != SecurityStatus.ContinueNeeded && clientStatus != SecurityStatus.ContinueNeeded ) { break; }
if( serverStatus != SecurityStatus.ContinueNeeded && clientStatus != SecurityStatus.ContinueNeeded ) { break; }
clientStatus = client.Init( serverToken, out clientToken );
if ( serverStatus != SecurityStatus.ContinueNeeded && clientStatus != SecurityStatus.ContinueNeeded ) { break; }
if( serverStatus != SecurityStatus.ContinueNeeded && clientStatus != SecurityStatus.ContinueNeeded ) { break; }
}
Console.Out.WriteLine( "Server authority: " + server.AuthorityName );
Console.Out.WriteLine( "Server context user: " + server.ContextUserName );
@@ -102,7 +100,7 @@ namespace NSspi
throw new Exception();
}
for( int i= 0; i < plainText.Length; i++ )
for( int i = 0; i < plainText.Length; i++ )
{
if( plainText[i] != roundTripPlaintext[i] )
{
@@ -117,25 +115,23 @@ namespace NSspi
throw new Exception();
}
using( server.ImpersonateClient() )
{
}
cipherText = client.MakeSignature( plainText );
bool goodSig = server.VerifySignature( cipherText, out roundTripPlaintext );
if ( goodSig == false ||
if( goodSig == false ||
roundTripPlaintext.Length != plainText.Length )
{
throw new Exception();
}
for ( int i = 0; i < plainText.Length; i++ )
for( int i = 0; i < plainText.Length; i++ )
{
if ( plainText[i] != roundTripPlaintext[i] )
if( plainText[i] != roundTripPlaintext[i] )
{
throw new Exception();
}
@@ -145,12 +141,12 @@ namespace NSspi
}
finally
{
if ( server != null )
if( server != null )
{
server.Dispose();
}
if ( client != null )
if( client != null )
{
client.Dispose();
}
@@ -160,7 +156,7 @@ namespace NSspi
clientCred.Dispose();
}
if ( serverCred != null )
if( serverCred != null )
{
serverCred.Dispose();
}

1
NsspiDemo/Properties/AssemblyInfo.cs
View File

@@ -1,5 +1,4 @@
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
// General Information about an assembly is controlled through the following

2
TestClient/App.config
View File

@@ -1,6 +1,6 @@
<?xml version="1.0"?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0" />
</startup>
</configuration>

18
TestClient/ClientForm.cs
View File

@@ -1,12 +1,6 @@
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Net.Sockets;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using NSspi;
using NSspi.Contexts;
@@ -20,7 +14,7 @@ namespace TestClient
public partial class ClientForm : Form
{
private ClientContext context;
private ClientCredential cred;
private ClientCurrentCredential cred;
private CustomConnection connection;
@@ -48,7 +42,7 @@ namespace TestClient
this.FormClosing += Form1_FormClosing;
// --- SSPI ---
this.cred = new ClientCredential( PackageNames.Negotiate );
this.cred = new ClientCurrentCredential( PackageNames.Negotiate );
this.context = new ClientContext(
cred,
@@ -107,7 +101,6 @@ namespace TestClient
throw;
}
}
}
}
@@ -116,7 +109,6 @@ namespace TestClient
this.connection.Stop();
}
private void encryptButton_Click( object sender, EventArgs e )
{
byte[] plaintext;
@@ -149,7 +141,7 @@ namespace TestClient
private void connection_Received( Message message )
{
this.Invoke( (Action)delegate()
this.Invoke( (Action)delegate ()
{
if( message.Operation == ProtocolOp.ServerToken )
{
@@ -180,7 +172,7 @@ namespace TestClient
this.initializing = false;
this.lastServerToken = null;
this.BeginInvoke( (Action)delegate()
this.BeginInvoke( (Action)delegate ()
{
this.context.Dispose();
this.context = new ClientContext(
@@ -195,7 +187,7 @@ namespace TestClient
);
UpdateButtons();
});
} );
}
private void DoInit()

7
TestClient/Program.cs
View File

@@ -1,18 +1,15 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using System.Windows.Forms;
namespace TestClient
{
static class Program
internal static class Program
{
/// <summary>
/// The main entry point for the application.
/// </summary>
[STAThread]
static void Main()
private static void Main()
{
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault( false );

1
TestClient/Properties/AssemblyInfo.cs
View File

@@ -1,5 +1,4 @@
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
// General Information about an assembly is controlled through the following

2
TestProtocol/App.config
View File

@@ -1,6 +1,6 @@
<?xml version="1.0"?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0" />
</startup>
</configuration>

11
TestProtocol/CustomConnection.cs
View File

@@ -1,10 +1,6 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net.Sockets;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
using System.Windows.Forms;
using NSspi;
@@ -33,7 +29,7 @@ namespace TestProtocol
{
if( this.running )
{
throw new InvalidOperationException("Already running");
throw new InvalidOperationException( "Already running" );
}
this.socket = new Socket( AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp );
@@ -65,7 +61,7 @@ namespace TestProtocol
throw new InvalidOperationException( "Not connected" );
}
byte[] outBuffer = new byte[ message.Data.Length + 8 ];
byte[] outBuffer = new byte[message.Data.Length + 8];
int position = 0;
ByteWriter.WriteInt32_BE( (int)message.Operation, outBuffer, position );
@@ -124,7 +120,6 @@ namespace TestProtocol
// |--4 bytes--|--4 bytes--|---N--|
// Every command is a TLV - | Operation | Length | Data |
// Read the operation.
this.socket.Receive( readBuffer, 4, SocketFlags.None );
@@ -153,7 +148,6 @@ namespace TestProtocol
remaining -= chunkLength;
position += chunkLength;
}
}
catch( SocketException e )
{
@@ -187,7 +181,6 @@ namespace TestProtocol
catch( Exception e )
{ }
}
}
}
}

2
TestProtocol/CustomServer.cs
View File

@@ -212,7 +212,6 @@ namespace TestProtocol
catch( Exception )
{ }
}
}
try
@@ -225,5 +224,4 @@ namespace TestProtocol
catch { }
}
}
}

6
TestProtocol/Message.cs
View File

@@ -1,14 +1,10 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace TestProtocol
{
public class Message
{
public Message(ProtocolOp op, byte[] data)
public Message( ProtocolOp op, byte[] data )
{
this.Operation = op;
this.Data = data;

1
TestProtocol/Properties/AssemblyInfo.cs
View File

@@ -1,5 +1,4 @@
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
// General Information about an assembly is controlled through the following

4
TestProtocol/ProtocolOp.cs
View File

@@ -1,8 +1,4 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace TestProtocol
{

2
TestServer/App.config
View File

@@ -1,6 +1,6 @@
<?xml version="1.0"?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0" />
</startup>
</configuration>

7
TestServer/Program.cs
View File

@@ -1,18 +1,15 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using System.Windows.Forms;
namespace TestServer
{
static class Program
internal static class Program
{
/// <summary>
/// The main entry point for the application.
/// </summary>
[STAThread]
static void Main()
private static void Main()
{
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault( false );

1
TestServer/Properties/AssemblyInfo.cs
View File

@@ -1,5 +1,4 @@
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
// General Information about an assembly is controlled through the following

31
TestServer/ServerForm.cs
View File

@@ -1,11 +1,5 @@
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using TestProtocol;
@@ -19,7 +13,7 @@ namespace TestServer
public partial class ServerForm : Form
{
private ServerCredential serverCred;
private ServerCurrentCredential serverCred;
private ServerContext serverContext;
@@ -35,7 +29,7 @@ namespace TestServer
{
InitializeComponent();
this.serverCred = new ServerCredential( PackageNames.Negotiate );
this.serverCred = new ServerCurrentCredential( PackageNames.Negotiate );
this.serverContext = new ServerContext(
serverCred,
@@ -129,7 +123,7 @@ namespace TestServer
{
MessageBox.Show( "Starting impersonation: " + Environment.UserName );
FileStream stream = File.Create( Environment.GetFolderPath( Environment.SpecialFolder.DesktopDirectory) + @"\test.txt" );
FileStream stream = File.Create( Environment.GetFolderPath( Environment.SpecialFolder.DesktopDirectory ) + @"\test.txt" );
StreamWriter writer = new StreamWriter( stream, Encoding.UTF8 );
writer.WriteLine( "Hello world." );
@@ -150,7 +144,6 @@ namespace TestServer
this.signButton.Enabled = this.connected;
}
private void server_Received( Message message )
{
if( message.Operation == ProtocolOp.ClientToken )
@@ -177,7 +170,6 @@ namespace TestServer
this.initializing = true;
this.connected = false;
this.serverContext.Dispose();
this.serverContext = new ServerContext(
serverCred,
@@ -189,14 +181,13 @@ namespace TestServer
ContextAttrib.Confidentiality
);
this.BeginInvoke( (Action)delegate()
this.BeginInvoke( (Action)delegate ()
{
UpdateButtons();
this.clientUsernameTextBox.Text = "";
});
} );
}
private void HandleInit( Message message )
{
byte[] nextToken;
@@ -218,7 +209,7 @@ namespace TestServer
this.initializing = false;
this.connected = true;
this.Invoke( (Action)delegate()
this.Invoke( (Action)delegate ()
{
UpdateButtons();
this.clientUsernameTextBox.Text = serverContext.ContextUserName;
@@ -227,18 +218,17 @@ namespace TestServer
}
else
{
this.Invoke( (Action)delegate()
this.Invoke( (Action)delegate ()
{
MessageBox.Show( "Failed to accept token from client. Sspi error code: " + status );
} );
}
}
}
private void HandleEncrypted( Message message )
{
this.Invoke( (Action)delegate()
this.Invoke( (Action)delegate ()
{
byte[] plainText = this.serverContext.Decrypt( message.Data );
string text = Encoding.UTF8.GetString( plainText );
@@ -249,7 +239,7 @@ namespace TestServer
private void HandleSigned( Message message )
{
this.Invoke( (Action)delegate()
this.Invoke( (Action)delegate ()
{
byte[] plainText;
@@ -268,11 +258,10 @@ namespace TestServer
private void HandleUnknown( Message message )
{
this.Invoke( (Action)delegate()
this.Invoke( (Action)delegate ()
{
MessageBox.Show( "Received unexpected message from server. Message type: " + message.Operation );
} );
}
}
}

9
readme.md
View File

@@ -1,9 +1,12 @@
## Downloads ##
The latest release of NSspi is v0.1.1.
The latest release of NSspi is v0.2.0.
* [Source](https://github.com/antiduh/nsspi/archive/0.1.1.zip)
* [Binaries](https://github.com/antiduh/nsspi/releases/download/0.1.1/nsspi-0.1.1-bin.zip)
Version 0.2.0 adds the ability to authenticate using provided username/password credentials.
**Please note** that v0.2.0 introduces a small change in the design that breaks backwards compatibility with previous verisons.
* [Source](https://github.com/antiduh/nsspi/archive/0.2.0.zip)
* [Binaries](https://github.com/antiduh/nsspi/releases/download/0.1.3/nsspi-0.2.0-bin.zip)
* [Nuget package](https://www.nuget.org/packages/NSspi)
You can also browse the list of [releases](https://github.com/antiduh/nsspi/releases).