|
//-----------------------------------------------------------------------------
// Copyright (c) Microsoft Corporation. All rights reserved.
//-----------------------------------------------------------------------------
namespace System.IdentityModel
{
using System.Runtime.InteropServices;
using System.Security.Authentication.ExtendedProtection;
using System.Security.Cryptography.X509Certificates;
internal enum CredentialUse
{
Inbound = 0x1,
Outbound = 0x2,
Both = 0x3,
}
internal enum Endianness
{
Network = 0x00,
Native = 0x10,
}
internal enum CertificateEncoding
{
Zero = 0,
X509AsnEncoding = unchecked((int)0x00000001),
X509NdrEncoding = unchecked((int)0x00000002),
Pkcs7AsnEncoding = unchecked((int)0x00010000),
Pkcs7NdrEncoding = unchecked((int)0x00020000),
AnyAsnEncoding = X509AsnEncoding | Pkcs7AsnEncoding
}
internal enum BufferType
{
Empty = 0x00,
Data = 0x01,
Token = 0x02,
Parameters = 0x03,
Missing = 0x04,
Extra = 0x05,
Trailer = 0x06,
Header = 0x07,
Padding = 0x09,
Stream = 0x0A,
ChannelBindings = 0x0E,
}
internal enum SecurityStatus
{
OK = 0x00000000,
OutOfMemory = unchecked((int)0x80090300),
InvalidHandle = unchecked((int)0x80090301),
Unsupported = unchecked((int)0x80090302),
TargetUnknown = unchecked((int)0x80090303),
InternalError = unchecked((int)0x80090304),
PackageNotFound = unchecked((int)0x80090305),
NotOwner = unchecked((int)0x80090306),
CannotInstall = unchecked((int)0x80090307),
InvalidToken = unchecked((int)0x80090308),
LogonDenied = unchecked((int)0x8009030C),
UnknownCredential = unchecked((int)0x8009030D),
NoCredentials = unchecked((int)0x8009030E),
MessageAltered = unchecked((int)0x8009030F),
ContinueNeeded = unchecked((int)0x00090312),
CompleteNeeded = unchecked((int)0x00090313),
CompAndContinue = unchecked((int)0x00090314),
ContextExpired = unchecked((int)0x00090317),
IncompleteMessage = unchecked((int)0x80090318),
IncompleteCred = unchecked((int)0x80090320),
BufferNotEnough = unchecked((int)0x80090321),
WrongPrincipal = unchecked((int)0x80090322),
UntrustedRoot = unchecked((int)0x80090325),
UnknownCertificate = unchecked((int)0x80090327),
CredentialsNeeded = unchecked((int)0x00090320),
Renegotiate = unchecked((int)0x00090321),
}
internal enum ContextAttribute
{
//
// look into <sspi.h> and <schannel.h>
//
Sizes = 0x00,
Names = 0x01,
Lifespan = 0x02,
DceInfo = 0x03,
StreamSizes = 0x04,
//KeyInfo = 0x05, must not be used, see ConnectionInfo instead
Authority = 0x06,
// SECPKG_ATTR_PROTO_INFO = 7,
// SECPKG_ATTR_PASSWORD_EXPIRY = 8,
SessionKey = 0x09,
PackageInfo = 0x0A,
// SECPKG_ATTR_USER_FLAGS = 11,
NegotiationInfo = 0x0C,
// SECPKG_ATTR_NATIVE_NAMES = 13,
// SECPKG_ATTR_FLAGS = 14,
Flags = 0x0E,
// SECPKG_ATTR_USE_VALIDATED = 15,
// SECPKG_ATTR_CREDENTIAL_NAME = 16,
// SECPKG_ATTR_TARGET_INFORMATION = 17,
// SECPKG_ATTR_ACCESS_TOKEN = 18,
// SECPKG_ATTR_TARGET = 19,
// SECPKG_ATTR_AUTHENTICATION_ID = 20,
// SECPKG_ATTR_CLIENT_SPECIFIED_TARGET 27
SpecifiedTarget = 0x1B,
RemoteCertificate = 0x53,
LocalCertificate = 0x54,
RootStore = 0x55,
IssuerListInfoEx = 0x59,
ConnectionInfo = 0x5A,
EapKey = 0x5B
}
internal enum CredentialStatus
{
InValidParameter = unchecked((int)0x57),
NoSuchPackage = unchecked((int)0x554),
NotSupported = unchecked((int)0x32),
Cancelled = unchecked((int)0x4C7),
Success = unchecked((int)0x0),
}
[StructLayout(LayoutKind.Sequential)]
internal unsafe struct SecurityBufferStruct
{
public int count;
public BufferType type;
public IntPtr token;
public static readonly int Size = sizeof(SecurityBufferStruct);
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
internal struct AuthIdentityEx
{
// see SEC_WINNT_AUTH_IDENTITY_EX
internal int Version;
internal int Length;
internal string UserName;
internal int UserNameLength;
internal string Domain;
internal int DomainLength;
internal string Password;
internal int PasswordLength;
internal int Flags;
internal string PackageList;
internal int PackageListLength;
// sspi.h: #define SEC_WINNT_AUTH_IDENTITY_VERSION 0x200
static readonly int WinNTAuthIdentityVersion = 0x200;
internal AuthIdentityEx(string userName, string password, string domain, params string[] additionalPackages)
{
Version = WinNTAuthIdentityVersion;
Length = Marshal.SizeOf(typeof(AuthIdentityEx));
UserName = userName;
UserNameLength = userName == null ? 0 : userName.Length;
Password = password;
PasswordLength = password == null ? 0 : password.Length;
Domain = domain;
DomainLength = domain == null ? 0 : domain.Length;
// Flags are 2 for Unicode and 1 for ANSI. We use 2 on NT
Flags = 2;
if (null == additionalPackages)
{
PackageList = null;
PackageListLength = 0;
}
else
{
PackageList = String.Join(",", additionalPackages);
PackageListLength = PackageList.Length;
}
}
}
[StructLayout(LayoutKind.Sequential)]
internal struct SecureCredential
{
/*
typedef struct _SCHANNEL_CRED
{
DWORD dwVersion; // always SCHANNEL_CRED_VERSION
DWORD cCreds;
PCCERT_CONTEXT *paCred;
HCERTSTORE hRootStore;
DWORD cMappers;
struct _HMAPPER **aphMappers;
DWORD cSupportedAlgs;
ALG_ID * palgSupportedAlgs;
DWORD grbitEnabledProtocols;
DWORD dwMinimumCipherStrength;
DWORD dwMaximumCipherStrength;
DWORD dwSessionLifespan;
DWORD dwFlags;
DWORD reserved;
} SCHANNEL_CRED, *PSCHANNEL_CRED;
*/
public const int CurrentVersion = 0x4;
public int version;
public int cCreds;
// ptr to an array of pointers
// Cannot convert it to SafeHandle because it gets wrapped with another pointer
// right before native AcquireCredentialsHandle call
public IntPtr certContextArray;
private IntPtr rootStore; // == always null, OTHERWISE NOT RELIABLE
public int cMappers;
private IntPtr phMappers; // == always null, OTHERWISE NOT RELIABLE
public int cSupportedAlgs;
private IntPtr palgSupportedAlgs; // == always null, OTHERWISE NOT RELIABLE
public SchProtocols grbitEnabledProtocols;
public int dwMinimumCipherStrength;
public int dwMaximumCipherStrength;
public int dwSessionLifespan;
public SecureCredential.Flags dwFlags;
public int reserved;
[Flags]
public enum Flags
{
Zero = 0,
NoSystemMapper = 0x02,
NoNameCheck = 0x04,
ValidateManual = 0x08,
NoDefaultCred = 0x10,
ValidateAuto = 0x20
}
public SecureCredential(int version, X509Certificate2 certificate,
SecureCredential.Flags flags, SchProtocols protocols)
{
//Setting default values
rootStore = phMappers = palgSupportedAlgs = certContextArray = IntPtr.Zero;
cCreds = cMappers = cSupportedAlgs = 0;
dwMinimumCipherStrength = dwMaximumCipherStrength = 0;
dwSessionLifespan = reserved = 0;
this.version = version;
dwFlags = flags;
grbitEnabledProtocols = protocols;
if (certificate != null)
{
certContextArray = certificate.Handle;
cCreds = 1;
}
}
} // SecureCredential
static class IntPtrHelper
{
private const string KERNEL32 = "kernel32.dll";
//internal static bool IsZero(IntPtr a)
//{
// return ((long) a)==0;
//}
//internal static IntPtr Add(IntPtr a, IntPtr b)
//{
// return (IntPtr) ((long) a + (long) b);
//}
//internal static IntPtr Add(IntPtr a, long b)
//{
// return (IntPtr) ((long) a + b);
//}
//internal static IntPtr Add(long a, IntPtr b)
//{
// return (IntPtr) (a + (long) b);
//}
internal static IntPtr Add(IntPtr a, int b)
{
return (IntPtr)((long)a + (long)b);
}
//internal static IntPtr Add(int a, IntPtr b)
//{
// return (IntPtr) ((long) a + (long) b);
//}
}
[StructLayout(LayoutKind.Sequential)]
internal unsafe class SecurityBufferDescriptor
{
/*
typedef struct _SecBufferDesc {
ULONG ulVersion;
ULONG cBuffers;
PSecBuffer pBuffers;
} SecBufferDesc, * PSecBufferDesc;
*/
public readonly int Version;
public readonly int Count;
public void* UnmanagedPointer;
public SecurityBufferDescriptor(int count)
{
Version = 0;
Count = count;
UnmanagedPointer = null;
}
} // SecurityBufferDescriptor
internal class SecurityBuffer
{
/*
typedef struct _SecBuffer {
ULONG cbBuffer;
ULONG BufferType;
PVOID pvBuffer;
} SecBuffer, *PSecBuffer;
*/
public int size;
public BufferType type;
public byte[] token;
public int offset;
public SafeHandle unmanagedToken;
public SecurityBuffer(byte[] data, int offset, int size, BufferType tokentype)
{
this.offset = offset;
this.size = (data == null) ? 0 : size;
this.type = tokentype;
this.token = data;
}
public SecurityBuffer(byte[] data, BufferType tokentype)
{
this.size = (data == null) ? 0 : data.Length;
this.type = tokentype;
this.token = data;
}
public SecurityBuffer(int size, BufferType tokentype)
{
this.size = size;
this.type = tokentype;
this.token = size == 0 ? null : DiagnosticUtility.Utility.AllocateByteArray(size);
}
public SecurityBuffer(ChannelBinding channelBinding)
{
this.size = channelBinding.Size;
this.type = BufferType.ChannelBindings;
this.unmanagedToken = channelBinding;
}
}
}
|