106 lines
3.2 KiB
C#
106 lines
3.2 KiB
C#
|
//
|
||
|
|
// Novell.Directory.Ldap.Security.CreateContextPrivilegedAction.cs
|
||
|
|
//
|
||
|
|
// Authors:
|
||
|
|
// Boris Kirzner <borsk@mainsoft.com>
|
||
|
|
// Konstantin Triger <kostat@mainsoft.com>
|
||
|
|
//
|
||
|
|
// (C) 2005 Mainsoft Corporation (http://www.mainsoft.com)
|
||
|
|
//
|
||
|
|
|
||
|
|
//
|
||
|
|
// Permission is hereby granted, free of charge, to any person obtaining
|
||
|
|
// a copy of this software and associated documentation files (the
|
||
|
|
// "Software"), to deal in the Software without restriction, including
|
||
|
|
// without limitation the rights to use, copy, modify, merge, publish,
|
||
|
|
// distribute, sublicense, and/or sell copies of the Software, and to
|
||
|
|
// permit persons to whom the Software is furnished to do so, subject to
|
||
|
|
// the following conditions:
|
||
|
|
//
|
||
|
|
// The above copyright notice and this permission notice shall be
|
||
|
|
// included in all copies or substantial portions of the Software.
|
||
|
|
//
|
||
|
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||
|
|
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||
|
|
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
||
|
|
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
||
|
|
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
||
|
|
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
||
|
|
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||
|
|
//
|
||
|
|
|
||
|
|
using System;
|
||
|
|
|
||
|
|
using java.security;
|
||
|
|
using org.ietf.jgss;
|
||
|
|
|
||
|
|
namespace Novell.Directory.Ldap.Security
|
||
|
|
{
|
||
|
|
internal class CreateContextPrivilegedAction : PrivilegedAction
|
||
|
|
{
|
||
|
|
#region Fields
|
||
|
|
|
||
|
|
private readonly bool _encryption;
|
||
|
|
private readonly bool _signing;
|
||
|
|
private readonly bool _delegation;
|
||
|
|
private readonly string _name;
|
||
|
|
private readonly string _clientName;
|
||
|
|
private readonly string _mech;
|
||
|
|
|
||
|
|
#endregion //Fields
|
||
|
|
|
||
|
|
#region Constructors
|
||
|
|
|
||
|
|
public CreateContextPrivilegedAction(string name, string clientName, string mech, bool encryption, bool signing, bool delegation)
|
||
|
|
{
|
||
|
|
_name = name;
|
||
|
|
_clientName = clientName;
|
||
|
|
_mech = mech;
|
||
|
|
_encryption = encryption;
|
||
|
|
_signing = signing;
|
||
|
|
_delegation = delegation;
|
||
|
|
}
|
||
|
|
|
||
|
|
#endregion // Constructors
|
||
|
|
|
||
|
|
#region Methods
|
||
|
|
|
||
|
|
public object run()
|
||
|
|
{
|
||
|
|
try {
|
||
|
|
Oid krb5Oid = new Oid (_mech);
|
||
|
|
GSSManager manager = GSSManager.getInstance ();
|
||
|
|
GSSName clientName =
|
||
|
|
manager.createName(_clientName, GSSName__Finals.NT_USER_NAME);
|
||
|
|
GSSCredential clientCreds =
|
||
|
|
manager.createCredential(clientName,
|
||
|
|
GSSContext__Finals.INDEFINITE_LIFETIME,
|
||
|
|
krb5Oid,
|
||
|
|
GSSCredential__Finals.INITIATE_ONLY);
|
||
|
|
|
||
|
|
// try {
|
||
|
|
GSSName serverName = manager.createName (_name, GSSName__Finals.NT_HOSTBASED_SERVICE, krb5Oid);
|
||
|
|
GSSContext context = manager.createContext (serverName, krb5Oid, clientCreds, GSSContext__Finals.INDEFINITE_LIFETIME);
|
||
|
|
|
||
|
|
context.requestMutualAuth(true);
|
||
|
|
context.requestConf (_encryption);
|
||
|
|
if (!_encryption || _signing)
|
||
|
|
context.requestInteg (!_encryption || _signing);
|
||
|
|
context.requestCredDeleg (_delegation);
|
||
|
|
|
||
|
|
return context;
|
||
|
|
// }
|
||
|
|
// finally {
|
||
|
|
// // Calling this throws GSSException: Operation unavailable...
|
||
|
|
// clientCreds.dispose();
|
||
|
|
// }
|
||
|
|
}
|
||
|
|
catch (GSSException e) {
|
||
|
|
throw new PrivilegedActionException (e);
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
#endregion // Methods
|
||
|
|
}
|
||
|
|
}
|