You've already forked linux-packaging-mono
							
							
		
			
				
	
	
		
			1500 lines
		
	
	
		
			60 KiB
		
	
	
	
		
			C#
		
	
	
	
	
	
			
		
		
	
	
			1500 lines
		
	
	
		
			60 KiB
		
	
	
	
		
			C#
		
	
	
	
	
	
| //-----------------------------------------------------------------------------
 | |
| // Copyright (c) Microsoft Corporation.  All rights reserved.
 | |
| //-----------------------------------------------------------------------------
 | |
| 
 | |
| /*++
 | |
| Abstract:
 | |
|         The file contains SafeHandles implementations for SSPI.
 | |
|         These handle wrappers do guarantee that OS resources get cleaned up when the app domain dies.
 | |
| 
 | |
|         All PInvoke declarations that do freeing  the  OS resources  _must_ be in this file
 | |
|         All PInvoke declarations that do allocation the OS resources _must_ be in this file
 | |
| 
 | |
| 
 | |
| Details:
 | |
| 
 | |
|         The protection from leaking OF the OS resources is based on two technologies
 | |
|         1) SafeHandle class
 | |
|         2) Non interuptible regions using Constrained Execution Region (CER) technology
 | |
| 
 | |
|         For simple cases SafeHandle class does all the job. The Prerequisites are:
 | |
|         - A resource is able to be represented by IntPtr type (32 bits on 32 bits platforms).
 | |
|         - There is a PInvoke availble that does the creation of the resource.
 | |
|           That PInvoke either returns the handle value or it writes the handle into out/ref parameter.
 | |
|         - The above PInvoke as part of the call does NOT free any OS resource.
 | |
| 
 | |
|         For those "simple" cases we desinged SafeHandle-derived classes that provide
 | |
|         static methods to allocate a handle object.
 | |
|         Each such derived class provides a handle release method that is run as non-interrupted.
 | |
| 
 | |
|         For more complicated cases we employ the support for non-interruptible methods (CERs).
 | |
|         Each CER is a tree of code rooted at a catch or finally clause for a specially marked exception
 | |
|         handler (preceded by the RuntimeHelpers.PrepareConstrainedRegions() marker) or the Dispose or
 | |
|         ReleaseHandle method of a SafeHandle derived class. The graph is automatically computed by the
 | |
|         runtime (typically at the jit time of the root method), but cannot follow virtual or interface
 | |
|         calls (these must be explicitly prepared via RuntimeHelpers.PrepareMethod once the definite target
 | |
|         method is known). Also, methods in the graph that must be included in the CER must be marked with
 | |
|         a reliability contract stating guarantees about the consistency of the system if an error occurs
 | |
|         while they are executing. Look for ReliabilityContract for examples (a full explanation of the
 | |
|         semantics of this contract is beyond the scope of this comment).
 | |
| 
 | |
|         An example of the top-level of a CER:
 | |
| 
 | |
|             RuntimeHelpers.PrepareConstrainedRegions();
 | |
|             try
 | |
|             {
 | |
|                 // Normal code
 | |
|             }
 | |
|             finally
 | |
|             {
 | |
|                 // Guaranteed to get here even in low memory scenarios. Thread abort will not interrupt
 | |
|                 // this clause and we won't fail because of a jit allocation of any method called (modulo
 | |
|                 // restrictions on interface/virtual calls listed above and further restrictions listed
 | |
|                 // below).
 | |
|             }
 | |
| 
 | |
|         Another common pattern is an empty-try (where you really just want a region of code the runtime
 | |
|         won't interrupt you in):
 | |
| 
 | |
|             RuntimeHelpers.PrepareConstrainedRegions();
 | |
|             try {} finally
 | |
|             {
 | |
|                 // Non-interruptible code here
 | |
|             }
 | |
| 
 | |
|         This ugly syntax will be supplanted with compiler support at some point.
 | |
| 
 | |
|         While within a CER region certain restrictions apply in order to avoid having the runtime inject
 | |
|         a potential fault point into your code (and of course you're are responsible for ensuring your
 | |
|         code doesn't inject any explicit fault points of its own unless you know how to tolerate them).
 | |
| 
 | |
|         A quick and dirty guide to the possible causes of fault points in CER regions:
 | |
|         - Explicit allocations (though allocating a value type only implies allocation on the stack,
 | |
|           which may not present an issue).
 | |
|         - Boxing a value type (C# does this implicitly for you in many cases, so be careful).
 | |
|         - Use of Monitor.Enter or the lock keyword.
 | |
|         - Accessing a multi-dimensional array.
 | |
|         - Calling any method outside your control that doesn't make a guarantee (e.g. via a
 | |
|           ReliabilityAttribute) that it doesn't introduce failure points.
 | |
|         - Making P/Invoke calls with non-blittable parameters types. Blittable types are:
 | |
|             - SafeHandle when used as an [in] parameter
 | |
|             - NON BOXED base types that fit onto a machine word
 | |
|             - ref struct with blittable fields
 | |
|             - class type with blittable fields
 | |
|             - pinned Unicode strings using "fixed" statement
 | |
|             - pointers of any kind
 | |
|             - IntPtr type
 | |
|         - P/Invokes should not have any CharSet attribute on it's declaration.
 | |
|           Obvioulsy string types should not appear in the parameters.
 | |
|         - String type MUST not appear in a field of a marshaled ref struct or class in a P?Invoke
 | |
| 
 | |
| 
 | |
| (taken from the NCL classes)
 | |
| --*/
 | |
| namespace System.IdentityModel
 | |
| {
 | |
|     using System.Security;
 | |
|     using System.Runtime.InteropServices;
 | |
|     using System.Runtime.CompilerServices;
 | |
|     using System.Runtime.Versioning;
 | |
|     using System.Threading;
 | |
|     using System.Security.Permissions;
 | |
|     using System.ComponentModel;
 | |
|     using System.Text;
 | |
|     using System.ServiceModel.Diagnostics;
 | |
|     using Microsoft.Win32.SafeHandles;
 | |
|     using System.Runtime.ConstrainedExecution;
 | |
| 
 | |
| 
 | |
|     [StructLayout(LayoutKind.Sequential, Pack = 1)]
 | |
|     struct SSPIHandle
 | |
|     {
 | |
|         IntPtr HandleHi;
 | |
|         IntPtr HandleLo;
 | |
| 
 | |
|         public bool IsZero
 | |
|         {
 | |
|             get { return HandleHi == IntPtr.Zero && HandleLo == IntPtr.Zero; }
 | |
|         }
 | |
| 
 | |
|         [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
 | |
|         internal void SetToInvalid()
 | |
|         {
 | |
|             HandleHi = IntPtr.Zero;
 | |
|             HandleLo = IntPtr.Zero;
 | |
|         }
 | |
| 
 | |
|         //public static string ToString(ref SSPIHandle obj) 
 | |
|         //{
 | |
|         //    return obj.HandleHi.ToString("x") + ":" + obj.HandleLo.ToString("x");
 | |
|         //}
 | |
|     }
 | |
| 
 | |
|     class SafeDeleteContext : SafeHandle
 | |
|     {
 | |
|         const string SECURITY = "security.Dll";
 | |
| 
 | |
|         const string dummyStr = " ";
 | |
|         static readonly byte[] dummyBytes = new byte[] { 0 };
 | |
| 
 | |
|         internal SSPIHandle _handle; //should be always used as by ref in PINvokes parameters
 | |
|         SafeFreeCredentials _EffectiveCredential;
 | |
| 
 | |
|         protected SafeDeleteContext()
 | |
|             : base(IntPtr.Zero, true)
 | |
|         {
 | |
|             _handle = new SSPIHandle();
 | |
|         }
 | |
| 
 | |
|         public override bool IsInvalid
 | |
|         {
 | |
|             get
 | |
|             {
 | |
|                 return IsClosed || _handle.IsZero;
 | |
|             }
 | |
|         }
 | |
| 
 | |
|         //This method should never be called for this type
 | |
|         //public new IntPtr DangerousGetHandle()
 | |
|         //{
 | |
|         //    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException());
 | |
|         //}
 | |
| 
 | |
|         //public static string ToString(SafeDeleteContext obj) 
 | |
|         //{
 | |
|         //    {   return obj == null ? "null" : SSPIHandle.ToString(ref obj._handle); }
 | |
|         //}
 | |
| 
 | |
|         //-------------------------------------------------------------------
 | |
|         internal static unsafe int InitializeSecurityContext(
 | |
|             SafeFreeCredentials inCredentials,
 | |
|             ref SafeDeleteContext refContext,
 | |
|             string targetName,
 | |
|             SspiContextFlags inFlags,
 | |
|             Endianness endianness,
 | |
|             SecurityBuffer inSecBuffer,
 | |
|             SecurityBuffer[] inSecBuffers,
 | |
|             SecurityBuffer outSecBuffer,
 | |
|             ref SspiContextFlags outFlags)
 | |
|         {
 | |
|             if (inCredentials == null)
 | |
|             {
 | |
|                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("inCredentials");
 | |
|             }
 | |
| 
 | |
|             SecurityBufferDescriptor inSecurityBufferDescriptor = null;
 | |
|             if (inSecBuffer != null)
 | |
|             {
 | |
|                 inSecurityBufferDescriptor = new SecurityBufferDescriptor(1);
 | |
|             }
 | |
|             else if (inSecBuffers != null)
 | |
|             {
 | |
|                 inSecurityBufferDescriptor = new SecurityBufferDescriptor(inSecBuffers.Length);
 | |
|             }
 | |
|             SecurityBufferDescriptor outSecurityBufferDescriptor = new SecurityBufferDescriptor(1);
 | |
| 
 | |
|             // actually this is returned in outFlags
 | |
|             bool isSspiAllocated = (inFlags & SspiContextFlags.AllocateMemory) != 0 ? true : false;
 | |
| 
 | |
|             int errorCode = -1;
 | |
|             SSPIHandle contextHandle = new SSPIHandle();
 | |
|             if (refContext != null)
 | |
|             {
 | |
|                 contextHandle = refContext._handle;
 | |
|             }
 | |
| 
 | |
|             // these are pinned user byte arrays passed along with SecurityBuffers
 | |
|             GCHandle[] pinnedInBytes = null;
 | |
|             GCHandle pinnedOutBytes = new GCHandle();
 | |
| 
 | |
|             // optional output buffer that may need to be freed
 | |
|             SafeFreeContextBuffer outFreeContextBuffer = null;
 | |
| 
 | |
|             try
 | |
|             {
 | |
|                 pinnedOutBytes = GCHandle.Alloc(outSecBuffer.token, GCHandleType.Pinned);
 | |
| 
 | |
|                 SecurityBufferStruct[] inUnmanagedBuffer = new SecurityBufferStruct[inSecurityBufferDescriptor == null ? 1 : inSecurityBufferDescriptor.Count];
 | |
|                 fixed (void* inUnmanagedBufferPtr = inUnmanagedBuffer)
 | |
|                 {
 | |
|                     if (inSecurityBufferDescriptor != null)
 | |
|                     {
 | |
|                         // Fix Descriptor pointer that points to unmanaged SecurityBuffers
 | |
|                         inSecurityBufferDescriptor.UnmanagedPointer = inUnmanagedBufferPtr;
 | |
|                         pinnedInBytes = new GCHandle[inSecurityBufferDescriptor.Count];
 | |
|                         SecurityBuffer securityBuffer;
 | |
|                         for (int index = 0; index < inSecurityBufferDescriptor.Count; ++index)
 | |
|                         {
 | |
|                             securityBuffer = inSecBuffer != null ? inSecBuffer : inSecBuffers[index];
 | |
|                             if (securityBuffer != null)
 | |
|                             {
 | |
|                                 // Copy the SecurityBuffer content into unmanaged place holder
 | |
|                                 inUnmanagedBuffer[index].count = securityBuffer.size;
 | |
|                                 inUnmanagedBuffer[index].type = securityBuffer.type;
 | |
|                                 // use the unmanaged token if it's not null; otherwise use the managed buffer
 | |
|                                 if (securityBuffer.unmanagedToken != null)
 | |
|                                 {
 | |
|                                     inUnmanagedBuffer[index].token = securityBuffer.unmanagedToken.DangerousGetHandle();
 | |
|                                 }
 | |
|                                 else if (securityBuffer.token == null || securityBuffer.token.Length == 0)
 | |
|                                 {
 | |
|                                     inUnmanagedBuffer[index].token = IntPtr.Zero;
 | |
|                                 }
 | |
|                                 else
 | |
|                                 {
 | |
|                                     pinnedInBytes[index] = GCHandle.Alloc(securityBuffer.token, GCHandleType.Pinned);
 | |
|                                     inUnmanagedBuffer[index].token = Marshal.UnsafeAddrOfPinnedArrayElement(securityBuffer.token, securityBuffer.offset);
 | |
|                                 }
 | |
|                             }
 | |
|                         }
 | |
|                     }
 | |
|                     SecurityBufferStruct[] outUnmanagedBuffer = new SecurityBufferStruct[1];
 | |
|                     fixed (void* outUnmanagedBufferPtr = outUnmanagedBuffer)
 | |
|                     {
 | |
|                         // Fix Descriptor pointer that points to unmanaged SecurityBuffers
 | |
|                         outSecurityBufferDescriptor.UnmanagedPointer = outUnmanagedBufferPtr;
 | |
|                         outUnmanagedBuffer[0].count = outSecBuffer.size;
 | |
|                         outUnmanagedBuffer[0].type = outSecBuffer.type;
 | |
|                         if (outSecBuffer.token == null || outSecBuffer.token.Length == 0)
 | |
|                         {
 | |
|                             outUnmanagedBuffer[0].token = IntPtr.Zero;
 | |
|                         }
 | |
|                         else
 | |
|                         {
 | |
|                             outUnmanagedBuffer[0].token = Marshal.UnsafeAddrOfPinnedArrayElement(outSecBuffer.token, outSecBuffer.offset);
 | |
|                         }
 | |
|                         if (isSspiAllocated)
 | |
|                         {
 | |
|                             outFreeContextBuffer = SafeFreeContextBuffer.CreateEmptyHandle();
 | |
|                         }
 | |
|                         if (refContext == null || refContext.IsInvalid)
 | |
|                         {
 | |
|                             refContext = new SafeDeleteContext();
 | |
|                         }
 | |
|                         if (targetName == null || targetName.Length == 0)
 | |
|                         {
 | |
|                             targetName = dummyStr;
 | |
|                         }
 | |
|                         fixed (char* namePtr = targetName)
 | |
|                         {
 | |
|                             errorCode = MustRunInitializeSecurityContext(
 | |
|                                 inCredentials,
 | |
|                                 contextHandle.IsZero ? null : &contextHandle,
 | |
|                                 (byte*)(((object)targetName == (object)dummyStr) ? null : namePtr),
 | |
|                                 inFlags,
 | |
|                                 endianness,
 | |
|                                 inSecurityBufferDescriptor,
 | |
|                                 refContext,
 | |
|                                 outSecurityBufferDescriptor,
 | |
|                                 ref outFlags,
 | |
|                                 outFreeContextBuffer
 | |
|                                 );
 | |
|                         }
 | |
| 
 | |
|                         // Get unmanaged buffer with index 0 as the only one passed into PInvoke
 | |
|                         outSecBuffer.size = outUnmanagedBuffer[0].count;
 | |
|                         outSecBuffer.type = outUnmanagedBuffer[0].type;
 | |
|                         if (outSecBuffer.size > 0)
 | |
|                         {
 | |
|                             outSecBuffer.token = DiagnosticUtility.Utility.AllocateByteArray(outSecBuffer.size);
 | |
|                             Marshal.Copy(outUnmanagedBuffer[0].token, outSecBuffer.token, 0, outSecBuffer.size);
 | |
|                         }
 | |
|                         else
 | |
|                         {
 | |
|                             outSecBuffer.token = null;
 | |
|                         }
 | |
|                     }
 | |
|                 }
 | |
|             }
 | |
|             finally
 | |
|             {
 | |
|                 if (pinnedInBytes != null)
 | |
|                 {
 | |
|                     for (int index = 0; index < pinnedInBytes.Length; index++)
 | |
|                     {
 | |
|                         if (pinnedInBytes[index].IsAllocated)
 | |
|                         {
 | |
|                             pinnedInBytes[index].Free();
 | |
|                         }
 | |
|                     }
 | |
|                 }
 | |
|                 if (pinnedOutBytes.IsAllocated)
 | |
|                 {
 | |
|                     pinnedOutBytes.Free();
 | |
|                 }
 | |
|                 if (outFreeContextBuffer != null)
 | |
|                 {
 | |
|                     outFreeContextBuffer.Close();
 | |
|                 }
 | |
|             }
 | |
|             return errorCode;
 | |
|         }
 | |
| 
 | |
|         //
 | |
|         // After PINvoke call the method will fix the handleTemplate.handle with the returned value.
 | |
|         // The caller is responsible for creating a correct SafeFreeContextBuffer or null can be passed if no handle is returned.
 | |
|         //
 | |
|         // Since it has a CER, this method can't have any references to imports from DLLs that may not exist on the system.
 | |
|         //
 | |
|         static unsafe int MustRunInitializeSecurityContext(
 | |
|             SafeFreeCredentials inCredentials,
 | |
|             void* inContextPtr,
 | |
|             byte* targetName,
 | |
|             SspiContextFlags inFlags,
 | |
|             Endianness endianness,
 | |
|             SecurityBufferDescriptor inputBuffer,
 | |
|             SafeDeleteContext outContext,
 | |
|             SecurityBufferDescriptor outputBuffer,
 | |
|             ref SspiContextFlags attributes,
 | |
|             SafeFreeContextBuffer handleTemplate)
 | |
|         {
 | |
|             int errorCode = -1;
 | |
|             bool b1 = false;
 | |
|             bool b2 = false;
 | |
| 
 | |
|             // Run the body of this method as a non-interruptible block.
 | |
|             RuntimeHelpers.PrepareConstrainedRegions();
 | |
|             try
 | |
|             {
 | |
|                 inCredentials.DangerousAddRef(ref b1);
 | |
|                 outContext.DangerousAddRef(ref b2);
 | |
|             }
 | |
|             catch (Exception e)
 | |
|             {
 | |
|                 if (System.Runtime.Fx.IsFatal(e))
 | |
|                     throw;
 | |
|                 
 | |
|                 if (b1)
 | |
|                 {
 | |
|                     inCredentials.DangerousRelease();
 | |
|                     b1 = false;
 | |
|                 }
 | |
|                 
 | |
|                 if (b2)
 | |
|                 {
 | |
|                     outContext.DangerousRelease();
 | |
|                     b2 = false;
 | |
|                 }
 | |
| 
 | |
|                 if (!(e is ObjectDisposedException))
 | |
|                     throw;
 | |
|             }
 | |
|             finally
 | |
|             {
 | |
|                 long timeStamp;
 | |
|                 if (!b1)
 | |
|                 {
 | |
|                     // caller should retry
 | |
|                     inCredentials = null;
 | |
|                 }
 | |
|                 else if (b1 && b2)
 | |
|                 {
 | |
| 
 | |
|                     SSPIHandle credentialHandle = inCredentials._handle;
 | |
|                     // PreSharp Bug: Call 'Marshal.GetLastWin32Error' or 'Marshal.GetHRForLastWin32Error' before any other interop call. 
 | |
| #pragma warning suppress 56523 // This API does not set Win32 Last Error.
 | |
|                     errorCode = InitializeSecurityContextW(
 | |
|                         ref credentialHandle,
 | |
|                         inContextPtr,
 | |
|                         targetName,
 | |
|                         inFlags,
 | |
|                         0,
 | |
|                         endianness,
 | |
|                         inputBuffer,
 | |
|                         0,
 | |
|                         ref outContext._handle,
 | |
|                         outputBuffer,
 | |
|                         ref attributes,
 | |
|                         out timeStamp
 | |
|                         );
 | |
|                     //
 | |
|                     // When a credential handle is first associated with the context we keep credential
 | |
|                     // ref count bumped up to ensure ordered finalization.
 | |
|                     // If the credential handle has been changed we de-ref the old one and associate the
 | |
|                     //  context with the new cred handle but only if the call was successful.
 | |
|                     if (outContext._EffectiveCredential != inCredentials && (errorCode & 0x80000000) == 0)
 | |
|                     {
 | |
|                         // Disassociate the previous credential handle
 | |
|                         if (outContext._EffectiveCredential != null)
 | |
|                             outContext._EffectiveCredential.DangerousRelease();
 | |
|                         outContext._EffectiveCredential = inCredentials;
 | |
|                     }
 | |
|                     else
 | |
|                     {
 | |
|                         inCredentials.DangerousRelease();
 | |
|                     }
 | |
| 
 | |
|                     outContext.DangerousRelease();
 | |
| 
 | |
|                     // The idea is that SSPI has allocated a block and filled up outUnmanagedBuffer+8 slot with the pointer.
 | |
|                     if (handleTemplate != null)
 | |
|                     {
 | |
|                         handleTemplate.Set(((SecurityBufferStruct*)outputBuffer.UnmanagedPointer)->token); //ATTN: on 64 BIT that is still +8 cause of 2* c++ unsigned long == 8 bytes
 | |
|                         if (handleTemplate.IsInvalid)
 | |
|                         {
 | |
|                             handleTemplate.SetHandleAsInvalid();
 | |
|                         }
 | |
|                     }
 | |
| 
 | |
|                 }
 | |
|                 if (inContextPtr == null && (errorCode & 0x80000000) != 0)
 | |
|                 {
 | |
|                     // an error on the first call, need to set the out handle to invalid value
 | |
|                     outContext._handle.SetToInvalid();
 | |
|                 }
 | |
|             }
 | |
|             return errorCode;
 | |
|         }
 | |
| 
 | |
|         //-------------------------------------------------------------------
 | |
|         internal static unsafe int AcceptSecurityContext(
 | |
|             SafeFreeCredentials inCredentials,
 | |
|             ref SafeDeleteContext refContext,
 | |
|             SspiContextFlags inFlags,
 | |
|             Endianness endianness,
 | |
|             SecurityBuffer inSecBuffer,
 | |
|             SecurityBuffer[] inSecBuffers,
 | |
|             SecurityBuffer outSecBuffer,
 | |
|             ref SspiContextFlags outFlags)
 | |
|         {
 | |
| 
 | |
|             if (inCredentials == null)
 | |
|             {
 | |
|                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("inCredentials");
 | |
|             }
 | |
| 
 | |
|             SecurityBufferDescriptor inSecurityBufferDescriptor = null;
 | |
|             if (inSecBuffer != null)
 | |
|             {
 | |
|                 inSecurityBufferDescriptor = new SecurityBufferDescriptor(1);
 | |
|             }
 | |
|             else if (inSecBuffers != null)
 | |
|             {
 | |
|                 inSecurityBufferDescriptor = new SecurityBufferDescriptor(inSecBuffers.Length);
 | |
|             }
 | |
|             SecurityBufferDescriptor outSecurityBufferDescriptor = new SecurityBufferDescriptor(1);
 | |
| 
 | |
|             // actually this is returned in outFlags
 | |
|             bool isSspiAllocated = (inFlags & SspiContextFlags.AllocateMemory) != 0 ? true : false;
 | |
| 
 | |
|             int errorCode = -1;
 | |
|             SSPIHandle contextHandle = new SSPIHandle();
 | |
|             if (refContext != null)
 | |
|             {
 | |
|                 contextHandle = refContext._handle;
 | |
|             }
 | |
| 
 | |
|             // these are pinned user byte arrays passed along with SecurityBuffers
 | |
|             GCHandle[] pinnedInBytes = null;
 | |
|             GCHandle pinnedOutBytes = new GCHandle();
 | |
|             // optional output buffer that may need to be freed
 | |
|             SafeFreeContextBuffer outFreeContextBuffer = null;
 | |
| 
 | |
|             try
 | |
|             {
 | |
|                 pinnedOutBytes = GCHandle.Alloc(outSecBuffer.token, GCHandleType.Pinned);
 | |
| 
 | |
|                 SecurityBufferStruct[] inUnmanagedBuffer = new SecurityBufferStruct[inSecurityBufferDescriptor == null ? 1 : inSecurityBufferDescriptor.Count];
 | |
|                 fixed (void* inUnmanagedBufferPtr = inUnmanagedBuffer)
 | |
|                 {
 | |
|                     if (inSecurityBufferDescriptor != null)
 | |
|                     {
 | |
|                         // Fix Descriptor pointer that points to unmanaged SecurityBuffers
 | |
|                         inSecurityBufferDescriptor.UnmanagedPointer = inUnmanagedBufferPtr;
 | |
|                         pinnedInBytes = new GCHandle[inSecurityBufferDescriptor.Count];
 | |
|                         SecurityBuffer securityBuffer;
 | |
|                         for (int index = 0; index < inSecurityBufferDescriptor.Count; ++index)
 | |
|                         {
 | |
|                             securityBuffer = inSecBuffer != null ? inSecBuffer : inSecBuffers[index];
 | |
|                             if (securityBuffer != null)
 | |
|                             {
 | |
|                                 // Copy the SecurityBuffer content into unmanaged place holder
 | |
|                                 inUnmanagedBuffer[index].count = securityBuffer.size;
 | |
|                                 inUnmanagedBuffer[index].type = securityBuffer.type;
 | |
|                                 // use the unmanaged token if it's not null; otherwise use the managed buffer
 | |
|                                 if (securityBuffer.unmanagedToken != null)
 | |
|                                 {
 | |
|                                     inUnmanagedBuffer[index].token = securityBuffer.unmanagedToken.DangerousGetHandle();
 | |
|                                 }
 | |
|                                 else if (securityBuffer.token == null || securityBuffer.token.Length == 0)
 | |
|                                 {
 | |
|                                     inUnmanagedBuffer[index].token = IntPtr.Zero;
 | |
|                                 }
 | |
|                                 else
 | |
|                                 {
 | |
|                                     pinnedInBytes[index] = GCHandle.Alloc(securityBuffer.token, GCHandleType.Pinned);
 | |
|                                     inUnmanagedBuffer[index].token = Marshal.UnsafeAddrOfPinnedArrayElement(securityBuffer.token, securityBuffer.offset);
 | |
|                                 }
 | |
|                             }
 | |
|                         }
 | |
|                     }
 | |
|                     SecurityBufferStruct[] outUnmanagedBuffer = new SecurityBufferStruct[1];
 | |
|                     fixed (void* outUnmanagedBufferPtr = outUnmanagedBuffer)
 | |
|                     {
 | |
|                         // Fix Descriptor pointer that points to unmanaged SecurityBuffers
 | |
|                         outSecurityBufferDescriptor.UnmanagedPointer = outUnmanagedBufferPtr;
 | |
|                         // Copy the SecurityBuffer content into unmanaged place holder
 | |
|                         outUnmanagedBuffer[0].count = outSecBuffer.size;
 | |
|                         outUnmanagedBuffer[0].type = outSecBuffer.type;
 | |
|                         if (outSecBuffer.token == null || outSecBuffer.token.Length == 0)
 | |
|                         {
 | |
|                             outUnmanagedBuffer[0].token = IntPtr.Zero;
 | |
|                         }
 | |
|                         else
 | |
|                         {
 | |
|                             outUnmanagedBuffer[0].token = Marshal.UnsafeAddrOfPinnedArrayElement(outSecBuffer.token, outSecBuffer.offset);
 | |
|                         }
 | |
|                         if (isSspiAllocated)
 | |
|                         {
 | |
|                             outFreeContextBuffer = SafeFreeContextBuffer.CreateEmptyHandle();
 | |
|                         }
 | |
| 
 | |
|                         if (refContext == null || refContext.IsInvalid)
 | |
|                         {
 | |
|                             refContext = new SafeDeleteContext();
 | |
|                         }
 | |
|                         errorCode = MustRunAcceptSecurityContext(
 | |
|                             inCredentials,
 | |
|                             contextHandle.IsZero ? null : &contextHandle,
 | |
|                             inSecurityBufferDescriptor,
 | |
|                             inFlags,
 | |
|                             endianness,
 | |
|                             refContext,
 | |
|                             outSecurityBufferDescriptor,
 | |
|                             ref outFlags,
 | |
|                             outFreeContextBuffer
 | |
|                             );
 | |
| 
 | |
|                         // Get unmanaged buffer with index 0 as the only one passed into PInvoke
 | |
|                         outSecBuffer.size = outUnmanagedBuffer[0].count;
 | |
|                         outSecBuffer.type = outUnmanagedBuffer[0].type;
 | |
|                         if (outSecBuffer.size > 0)
 | |
|                         {
 | |
|                             outSecBuffer.token = DiagnosticUtility.Utility.AllocateByteArray(outSecBuffer.size);
 | |
|                             Marshal.Copy(outUnmanagedBuffer[0].token, outSecBuffer.token, 0, outSecBuffer.size);
 | |
|                         }
 | |
|                         else
 | |
|                         {
 | |
|                             outSecBuffer.token = null;
 | |
|                         }
 | |
|                     }
 | |
|                 }
 | |
|             }
 | |
|             finally
 | |
|             {
 | |
|                 if (pinnedInBytes != null)
 | |
|                 {
 | |
|                     for (int index = 0; index < pinnedInBytes.Length; index++)
 | |
|                     {
 | |
|                         if (pinnedInBytes[index].IsAllocated)
 | |
|                         {
 | |
|                             pinnedInBytes[index].Free();
 | |
|                         }
 | |
|                     }
 | |
|                 }
 | |
|                 if (pinnedOutBytes.IsAllocated)
 | |
|                 {
 | |
|                     pinnedOutBytes.Free();
 | |
|                 }
 | |
|                 if (outFreeContextBuffer != null)
 | |
|                 {
 | |
|                     outFreeContextBuffer.Close();
 | |
|                 }
 | |
|             }
 | |
| 
 | |
|             return errorCode;
 | |
|         }
 | |
| 
 | |
|         // After PINvoke call the method will fix the handleTemplate.handle with the returned value.
 | |
|         // The caller is responsible for creating a correct SafeFreeContextBuffer_XXX flavour or null can be passed if no handle is returned.
 | |
|         // This method is run as non-interruptible.
 | |
|         static unsafe int MustRunAcceptSecurityContext(
 | |
|             SafeFreeCredentials inCredentials,
 | |
|             void* inContextPtr,
 | |
|             SecurityBufferDescriptor inputBuffer,
 | |
|             SspiContextFlags inFlags,
 | |
|             Endianness endianness,
 | |
|             SafeDeleteContext outContext,
 | |
|             SecurityBufferDescriptor outputBuffer,
 | |
|             ref SspiContextFlags outFlags,
 | |
|             SafeFreeContextBuffer handleTemplate)
 | |
|         {
 | |
|             int errorCode = -1;
 | |
|             bool b1 = false;
 | |
|             bool b2 = false;
 | |
| 
 | |
|             // Run the body of this method as a non-interruptible block.
 | |
|             RuntimeHelpers.PrepareConstrainedRegions();
 | |
| 
 | |
|             try
 | |
|             {
 | |
|                 inCredentials.DangerousAddRef(ref b1);
 | |
|                 outContext.DangerousAddRef(ref b2);
 | |
|             }
 | |
|             catch (Exception e)
 | |
|             {
 | |
|                 if (System.Runtime.Fx.IsFatal(e))
 | |
|                     throw;
 | |
|                 
 | |
|                 if (b1)
 | |
|                 {
 | |
|                     inCredentials.DangerousRelease();
 | |
|                     b1 = false;
 | |
|                 }
 | |
|                 if (b2)
 | |
|                 {
 | |
|                     outContext.DangerousRelease();
 | |
|                     b2 = false;
 | |
|                 }
 | |
|                 if (!(e is ObjectDisposedException))
 | |
|                     throw;
 | |
|             }
 | |
|             finally
 | |
|             {
 | |
|                 long timeStamp;
 | |
|                 if (!b1)
 | |
|                 {
 | |
|                     // caller should retry
 | |
|                     inCredentials = null;
 | |
|                 }
 | |
|                 else if (b1 && b2)
 | |
|                 {
 | |
| 
 | |
|                     SSPIHandle credentialHandle = inCredentials._handle;
 | |
|                     // PreSharp Bug: Call 'Marshal.GetLastWin32Error' or 'Marshal.GetHRForLastWin32Error' before any other interop call. 
 | |
| #pragma warning suppress 56523 // This API does not set Win32 Last Error.
 | |
|                     errorCode = AcceptSecurityContext(
 | |
|                         ref credentialHandle,
 | |
|                         inContextPtr,
 | |
|                         inputBuffer,
 | |
|                         inFlags,
 | |
|                         endianness,
 | |
|                         ref outContext._handle,
 | |
|                         outputBuffer,
 | |
|                         ref outFlags,
 | |
|                         out timeStamp
 | |
|                         );
 | |
| 
 | |
|                     //
 | |
|                     // When a credential handle is first associated with the context we keep credential
 | |
|                     // ref count bumped up to ensure ordered finalization.
 | |
|                     // If the credential handle has been changed we de-ref the old one and associate the
 | |
|                     //  context with the new cred handle but only if the call was successful.
 | |
|                     if (outContext._EffectiveCredential != inCredentials && (errorCode & 0x80000000) == 0)
 | |
|                     {
 | |
|                         // Disassociate the previous credential handle
 | |
|                         if (outContext._EffectiveCredential != null)
 | |
|                             outContext._EffectiveCredential.DangerousRelease();
 | |
|                         outContext._EffectiveCredential = inCredentials;
 | |
|                     }
 | |
|                     else
 | |
|                     {
 | |
|                         inCredentials.DangerousRelease();
 | |
|                     }
 | |
| 
 | |
|                     outContext.DangerousRelease();
 | |
| 
 | |
|                     // The idea is that SSPI has allocated a block and filled up outUnmanagedBuffer+8 slot with the pointer.
 | |
|                     if (handleTemplate != null)
 | |
|                     {
 | |
|                         handleTemplate.Set(((SecurityBufferStruct*)outputBuffer.UnmanagedPointer)->token); //ATTN: on 64 BIT that is still +8 cause of 2* c++ unsigned long == 8 bytes
 | |
|                         if (handleTemplate.IsInvalid)
 | |
|                         {
 | |
|                             handleTemplate.SetHandleAsInvalid();
 | |
|                         }
 | |
|                     }
 | |
|                     if (inContextPtr == null && (errorCode & 0x80000000) != 0)
 | |
|                     {
 | |
|                         // an error on the first call, need to set the out handle to invalid value
 | |
|                         outContext._handle.SetToInvalid();
 | |
|                     }
 | |
|                 }
 | |
|             }
 | |
|             return errorCode;
 | |
|         }
 | |
| 
 | |
|         public static int ImpersonateSecurityContext(SafeDeleteContext context)
 | |
|         {
 | |
|             int status = (int)SecurityStatus.InvalidHandle;
 | |
|             bool b = false;
 | |
| 
 | |
|             RuntimeHelpers.PrepareConstrainedRegions();
 | |
|             try
 | |
|             {
 | |
|                 context.DangerousAddRef(ref b);
 | |
|             }
 | |
|             catch (Exception e)
 | |
|             {
 | |
|                 if (System.Runtime.Fx.IsFatal(e))
 | |
|                     throw;
 | |
|                 
 | |
|                 if (b)
 | |
|                 {
 | |
|                     context.DangerousRelease();
 | |
|                     b = false;
 | |
|                 }
 | |
|                 if (!(e is ObjectDisposedException))
 | |
|                     throw;
 | |
|             }
 | |
|             finally
 | |
|             {
 | |
| 
 | |
|                 if (b)
 | |
|                 {
 | |
|                     // PreSharp Bug: Call 'Marshal.GetLastWin32Error' or 'Marshal.GetHRForLastWin32Error' before any other interop call. 
 | |
| #pragma warning suppress 56523 // The API does not set Win32 Last Error. It returns a error code.
 | |
|                     status = ImpersonateSecurityContext(ref context._handle);
 | |
|                     context.DangerousRelease();
 | |
|                 }
 | |
|             }
 | |
|             return status;
 | |
|         }
 | |
| 
 | |
|         public static int EncryptMessage(SafeDeleteContext context, SecurityBufferDescriptor inputOutput, uint sequenceNumber)
 | |
|         {
 | |
|             int status = (int)SecurityStatus.InvalidHandle;
 | |
|             bool b = false;
 | |
| 
 | |
|             RuntimeHelpers.PrepareConstrainedRegions();
 | |
|             try
 | |
|             {
 | |
|                 context.DangerousAddRef(ref b);
 | |
|             }
 | |
|             catch (Exception e)
 | |
|             {
 | |
|                 if (System.Runtime.Fx.IsFatal(e))
 | |
|                     throw;
 | |
|                 
 | |
|                 if (b)
 | |
|                 {
 | |
|                     context.DangerousRelease();
 | |
|                     b = false;
 | |
|                 }
 | |
|                 if (!(e is ObjectDisposedException))
 | |
|                     throw;
 | |
|             }
 | |
|             finally
 | |
|             {
 | |
|                 if (b)
 | |
|                 {
 | |
|                     // PreSharp Bug: Call 'Marshal.GetLastWin32Error' or 'Marshal.GetHRForLastWin32Error' before any other interop call. 
 | |
| #pragma warning suppress 56523 // The API does not set Win32 Last Error. It returns a error code.
 | |
|                     status = EncryptMessage(ref context._handle, 0, inputOutput, sequenceNumber);
 | |
|                     context.DangerousRelease();
 | |
|                 }
 | |
|             }
 | |
|             return status;
 | |
|         }
 | |
| 
 | |
|         public unsafe static int DecryptMessage(SafeDeleteContext context, SecurityBufferDescriptor inputOutput, uint sequenceNumber)
 | |
|         {
 | |
|             int status = (int)SecurityStatus.InvalidHandle;
 | |
|             bool b = false;
 | |
|             uint qop = 0;
 | |
| 
 | |
|             RuntimeHelpers.PrepareConstrainedRegions();
 | |
|             try
 | |
|             {
 | |
|                 context.DangerousAddRef(ref b);
 | |
|             }
 | |
|             catch (Exception e)
 | |
|             {
 | |
|                 if (System.Runtime.Fx.IsFatal(e))
 | |
|                     throw;
 | |
|                 
 | |
|                 if (b)
 | |
|                 {
 | |
|                     context.DangerousRelease();
 | |
|                     b = false;
 | |
|                 }
 | |
|                 if (!(e is ObjectDisposedException))
 | |
|                     throw;
 | |
|             }
 | |
|             finally
 | |
|             {
 | |
| 
 | |
|                 if (b)
 | |
|                 {
 | |
| #pragma warning suppress 56523 // we don't take any action on the win32 error message.
 | |
|                     status = DecryptMessage(ref context._handle, inputOutput, sequenceNumber, &qop);
 | |
|                     context.DangerousRelease();
 | |
|                 }
 | |
|             }
 | |
| 
 | |
|             const uint SECQOP_WRAP_NO_ENCRYPT = 0x80000001;
 | |
|             if (status == 0 && qop == SECQOP_WRAP_NO_ENCRYPT)
 | |
|             {
 | |
|                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SspiPayloadNotEncrypted)));
 | |
|             }
 | |
| 
 | |
|             return status;
 | |
|         }
 | |
| 
 | |
|         internal int GetSecurityContextToken(out SafeCloseHandle safeHandle)
 | |
|         {
 | |
|             int status = (int)SecurityStatus.InvalidHandle;
 | |
|             bool b = false;
 | |
| 
 | |
|             RuntimeHelpers.PrepareConstrainedRegions();
 | |
|             try
 | |
|             {
 | |
|                 DangerousAddRef(ref b);
 | |
|             }
 | |
|             catch (Exception e)
 | |
|             {
 | |
|                 if (System.Runtime.Fx.IsFatal(e))
 | |
|                     throw;
 | |
|                 
 | |
|                 if (b)
 | |
|                 {
 | |
|                     DangerousRelease();
 | |
|                     b = false;
 | |
|                 }
 | |
|                 if (!(e is ObjectDisposedException))
 | |
|                     throw;
 | |
|             }
 | |
|             finally
 | |
|             {
 | |
|                 if (b)
 | |
|                 {
 | |
|                     // PreSharp Bug: Call 'Marshal.GetLastWin32Error' or 'Marshal.GetHRForLastWin32Error' before any other interop call. 
 | |
| #pragma warning suppress 56523 // The API does not set Win32 Last Error. The API returns a error code.
 | |
|                     status = QuerySecurityContextToken(ref _handle, out safeHandle);
 | |
|                     DangerousRelease();
 | |
|                 }
 | |
|                 else
 | |
|                 {
 | |
|                     safeHandle = new SafeCloseHandle(IntPtr.Zero, false);
 | |
|                 }
 | |
|             }
 | |
|             return status;
 | |
|         }
 | |
| 
 | |
|         protected override bool ReleaseHandle()
 | |
|         {
 | |
|             if (this._EffectiveCredential != null)
 | |
|                 this._EffectiveCredential.DangerousRelease();
 | |
| 
 | |
|             // PreSharp Bug: Call 'Marshal.GetLastWin32Error' or 'Marshal.GetHRForLastWin32Error' before any other interop call. 
 | |
| #pragma warning suppress 56523 // The API does not set Win32 Last Error. It returns a error code.
 | |
|             return DeleteSecurityContext(ref _handle) == 0;
 | |
|         }
 | |
| 
 | |
|         [DllImport(SECURITY, ExactSpelling = true, SetLastError = true)]
 | |
|         [ResourceExposure(ResourceScope.None)]
 | |
|         [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
 | |
|         extern static int QuerySecurityContextToken(ref SSPIHandle phContext, [Out] out SafeCloseHandle handle);
 | |
| 
 | |
|         [DllImport(SECURITY, ExactSpelling = true, SetLastError = true)]
 | |
|         [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
 | |
|         [ResourceExposure(ResourceScope.None)]
 | |
|         internal extern static unsafe int InitializeSecurityContextW(
 | |
|             ref SSPIHandle credentialHandle,
 | |
|             [In] void* inContextPtr,
 | |
|             [In] byte* targetName,
 | |
|             [In] SspiContextFlags inFlags,
 | |
|             [In] int reservedI,
 | |
|             [In] Endianness endianness,
 | |
|             [In] SecurityBufferDescriptor inputBuffer,
 | |
|             [In] int reservedII,
 | |
|             ref SSPIHandle outContextPtr,
 | |
|             [In, Out] SecurityBufferDescriptor outputBuffer,
 | |
|             [In, Out] ref SspiContextFlags attributes,
 | |
|             out long timestamp
 | |
|             );
 | |
| 
 | |
|         [DllImport(SECURITY, ExactSpelling = true, SetLastError = true)]
 | |
|         [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
 | |
|         [ResourceExposure(ResourceScope.None)]
 | |
|         internal extern static unsafe int AcceptSecurityContext(
 | |
|             ref SSPIHandle credentialHandle,
 | |
|             [In] void* inContextPtr,
 | |
|             [In] SecurityBufferDescriptor inputBuffer,
 | |
|             [In] SspiContextFlags inFlags,
 | |
|             [In] Endianness endianness,
 | |
|             ref SSPIHandle outContextPtr,
 | |
|             [In, Out] SecurityBufferDescriptor outputBuffer,
 | |
|             [In, Out] ref SspiContextFlags attributes,
 | |
|             out long timestamp
 | |
|             );
 | |
| 
 | |
|         [DllImport(SECURITY, ExactSpelling = true, SetLastError = true)]
 | |
|         [SuppressUnmanagedCodeSecurity]
 | |
|         [ResourceExposure(ResourceScope.None)]
 | |
|         [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
 | |
|         internal extern static int DeleteSecurityContext(
 | |
|             ref SSPIHandle handlePtr
 | |
|             );
 | |
| 
 | |
|         [DllImport(SECURITY, ExactSpelling = true, SetLastError = true)]
 | |
|         [ResourceExposure(ResourceScope.None)]
 | |
|         internal extern static int ImpersonateSecurityContext(
 | |
|             ref SSPIHandle handlePtr
 | |
|             );
 | |
| 
 | |
|         [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
 | |
|         [DllImport(SECURITY, ExactSpelling = true, SetLastError = true)]
 | |
|         [ResourceExposure(ResourceScope.None)]
 | |
|         internal extern static int EncryptMessage(
 | |
|             ref SSPIHandle contextHandle,
 | |
|             [In] uint qualityOfProtection,
 | |
|             [In, Out] SecurityBufferDescriptor inputOutput,
 | |
|             [In] uint sequenceNumber
 | |
|             );
 | |
| 
 | |
|         [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
 | |
|         [DllImport(SECURITY, ExactSpelling = true, SetLastError = true)]
 | |
|         [ResourceExposure(ResourceScope.None)]
 | |
|         internal unsafe extern static int DecryptMessage(
 | |
|             ref SSPIHandle contextHandle,
 | |
|             [In, Out] SecurityBufferDescriptor inputOutput,
 | |
|             [In] uint sequenceNumber,
 | |
|             uint* qualityOfProtection
 | |
|             );
 | |
|     }
 | |
| 
 | |
|     class SafeFreeCredentials : SafeHandle
 | |
|     {
 | |
|         const string SECURITY = "security.Dll";
 | |
|         internal SSPIHandle _handle; //should be always used as by ref in PINvokes parameters
 | |
| 
 | |
|         protected SafeFreeCredentials()
 | |
|             : base(IntPtr.Zero, true)
 | |
|         {
 | |
|             _handle = new SSPIHandle();
 | |
|         }
 | |
| 
 | |
|         //internal static string ToString(SafeFreeCredentials obj)
 | |
|         //{   return obj == null ? "null" : SSPIHandle.ToString(ref obj._handle); }
 | |
| 
 | |
|         public override bool IsInvalid
 | |
|         {
 | |
|             get { return IsClosed || _handle.IsZero; }
 | |
|         }
 | |
| 
 | |
|         //This method should never be called for this type
 | |
|         //public new IntPtr DangerousGetHandle()
 | |
|         //{
 | |
|         //    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException());
 | |
|         //}
 | |
| 
 | |
|         public static unsafe int AcquireCredentialsHandle(
 | |
|             string package,
 | |
|             CredentialUse intent,
 | |
|             ref AuthIdentityEx authdata,
 | |
|             out SafeFreeCredentials outCredential)
 | |
|         {
 | |
|             int errorCode = -1;
 | |
|             long timeStamp;
 | |
| 
 | |
|             outCredential = new SafeFreeCredentials();
 | |
|             RuntimeHelpers.PrepareConstrainedRegions();
 | |
|             try { }
 | |
|             finally
 | |
|             {
 | |
|                 // PreSharp Bug: Call 'Marshal.GetLastWin32Error' or 'Marshal.GetHRForLastWin32Error' before any other interop call. 
 | |
| #pragma warning suppress 56523 // The API does not set Win32 Last Error. It returns a error code.
 | |
|                 errorCode = AcquireCredentialsHandleW(
 | |
|                     null,
 | |
|                     package,
 | |
|                     (int)intent,
 | |
|                     null,
 | |
|                     ref authdata,
 | |
|                     null,
 | |
|                     null,
 | |
|                     ref outCredential._handle,
 | |
|                     out timeStamp
 | |
|                     );
 | |
|                 if (errorCode != 0)
 | |
|                 {
 | |
|                     outCredential.SetHandleAsInvalid();
 | |
|                 }
 | |
|             }
 | |
|             return errorCode;
 | |
|         }
 | |
| 
 | |
|         public static unsafe int AcquireDefaultCredential(
 | |
|             string package,
 | |
|             CredentialUse intent,
 | |
|             ref AuthIdentityEx authIdentity,
 | |
|             out SafeFreeCredentials outCredential)
 | |
|         {
 | |
|             int errorCode = -1;
 | |
|             long timeStamp;
 | |
| 
 | |
|             outCredential = new SafeFreeCredentials();
 | |
|             RuntimeHelpers.PrepareConstrainedRegions();
 | |
|             try { }
 | |
|             finally
 | |
|             {
 | |
|                 // PreSharp Bug: Call 'Marshal.GetLastWin32Error' or 'Marshal.GetHRForLastWin32Error' before any other interop call. 
 | |
| #pragma warning suppress 56523 // The API does not set Win32 Last Error. It returns a error code.
 | |
|                 errorCode = AcquireCredentialsHandleW(
 | |
|                                 null,
 | |
|                                 package,
 | |
|                                 (int)intent,
 | |
|                                 null,
 | |
|                                 ref authIdentity, // IntPtr.Zero,
 | |
|                                 null,
 | |
|                                 null,
 | |
|                                 ref outCredential._handle,
 | |
|                                 out timeStamp
 | |
|                                 );
 | |
| 
 | |
|                 if (errorCode != 0)
 | |
|                 {
 | |
|                     outCredential.SetHandleAsInvalid();
 | |
|                 }
 | |
|             }
 | |
|             return errorCode;
 | |
|         }
 | |
| 
 | |
|         public static unsafe int AcquireCredentialsHandle(
 | |
|             string package,
 | |
|             CredentialUse intent,
 | |
|             ref SecureCredential authdata,
 | |
|             out SafeFreeCredentials outCredential)
 | |
|         {
 | |
|             int errorCode = -1;
 | |
|             long timeStamp;
 | |
| 
 | |
|             // If there is a certificate, wrap it into an array
 | |
|             IntPtr copiedPtr = authdata.certContextArray;
 | |
|             try
 | |
|             {
 | |
|                 IntPtr certArrayPtr = new IntPtr(&copiedPtr);
 | |
|                 if (copiedPtr != IntPtr.Zero)
 | |
|                 {
 | |
|                     authdata.certContextArray = certArrayPtr;
 | |
|                 }
 | |
| 
 | |
|                 outCredential = new SafeFreeCredentials();
 | |
|                 RuntimeHelpers.PrepareConstrainedRegions();
 | |
|                 try { }
 | |
|                 finally
 | |
|                 {
 | |
|                     // PreSharp Bug: Call 'Marshal.GetLastWin32Error' or 'Marshal.GetHRForLastWin32Error' before any other interop call. 
 | |
| #pragma warning suppress 56523 // The API does not set Win32 Last Error. It returns a error code.
 | |
|                     errorCode = AcquireCredentialsHandleW(
 | |
|                                     null,
 | |
|                                     package,
 | |
|                                     (int)intent,
 | |
|                                     null,
 | |
|                                     ref authdata,
 | |
|                                     null,
 | |
|                                     null,
 | |
|                                     ref outCredential._handle,
 | |
|                                     out timeStamp
 | |
|                                     );
 | |
|                     if (errorCode != 0)
 | |
|                     {
 | |
|                         outCredential.SetHandleAsInvalid();
 | |
|                     }
 | |
|                 }
 | |
|             }
 | |
|             finally
 | |
|             {
 | |
|                 authdata.certContextArray = copiedPtr;
 | |
|             }
 | |
| 
 | |
|             return errorCode;
 | |
|         }
 | |
| 
 | |
|         public static unsafe int AcquireCredentialsHandle(
 | |
|          string package,
 | |
|          CredentialUse intent,
 | |
|          ref IntPtr ppAuthIdentity,
 | |
|          out SafeFreeCredentials outCredential
 | |
|          )
 | |
|         {
 | |
|             int errorCode = -1;
 | |
|             long timeStamp;
 | |
|             outCredential = new SafeFreeCredentials();
 | |
|             RuntimeHelpers.PrepareConstrainedRegions();
 | |
|             try { }
 | |
|             finally
 | |
|             {
 | |
|                 // PreSharp Bug: Call 'Marshal.GetLastWin32Error' or 'Marshal.GetHRForLastWin32Error' before any other interop call. 
 | |
| #pragma warning suppress 56523 // The API does not set Win32 Last Error. It returns a error code.
 | |
|                 errorCode = AcquireCredentialsHandleW(
 | |
|                                     null,
 | |
|                                     package,
 | |
|                                     (int)intent,
 | |
|                                     null,
 | |
|                                     ppAuthIdentity,
 | |
|                                     null,
 | |
|                                     null,
 | |
|                                     ref outCredential._handle,
 | |
|                                     out timeStamp
 | |
|                                     );
 | |
|                 if (errorCode != 0)
 | |
|                 {
 | |
|                     outCredential.SetHandleAsInvalid();
 | |
|                 }
 | |
|             }
 | |
| 
 | |
|             return errorCode;
 | |
|         }
 | |
| 
 | |
|         protected override bool ReleaseHandle()
 | |
|         {
 | |
|             // PreSharp Bug: Call 'Marshal.GetLastWin32Error' or 'Marshal.GetHRForLastWin32Error' before any other interop call. 
 | |
| #pragma warning suppress 56523 // The API does not set Win32 Last Error. It returns a error code.
 | |
|             return FreeCredentialsHandle(ref _handle) == 0;
 | |
|         }
 | |
| 
 | |
|         [ResourceExposure(ResourceScope.None)]
 | |
|         [DllImport(SECURITY, ExactSpelling = true, CharSet = CharSet.Unicode, SetLastError = true)]
 | |
|         internal extern static unsafe int AcquireCredentialsHandleW(
 | |
|             [In] string principal,
 | |
|             [In] string moduleName,
 | |
|             [In] int usage,
 | |
|             [In] void* logonID,
 | |
|             [In] ref AuthIdentityEx authdata,
 | |
|             [In] void* keyCallback,
 | |
|             [In] void* keyArgument,
 | |
|             ref SSPIHandle handlePtr,
 | |
|             [Out] out long timeStamp
 | |
|             );
 | |
| 
 | |
|         [ResourceExposure(ResourceScope.None)]
 | |
|         [DllImport(SECURITY, ExactSpelling = true, CharSet = CharSet.Unicode, SetLastError = true)]
 | |
|         internal extern static unsafe int AcquireCredentialsHandleW(
 | |
|             [In] string principal,
 | |
|             [In] string moduleName,
 | |
|             [In] int usage,
 | |
|             [In] void* logonID,
 | |
|             [In] IntPtr zero,
 | |
|             [In] void* keyCallback,
 | |
|             [In] void* keyArgument,
 | |
|             ref SSPIHandle handlePtr,
 | |
|             [Out] out long timeStamp
 | |
|             );
 | |
| 
 | |
|         [ResourceExposure(ResourceScope.None)]
 | |
|         [DllImport(SECURITY, ExactSpelling = true, CharSet = CharSet.Unicode, SetLastError = true)]
 | |
|         internal extern static unsafe int AcquireCredentialsHandleW(
 | |
|             [In] string principal,
 | |
|             [In] string moduleName,
 | |
|             [In] int usage,
 | |
|             [In] void* logonID,
 | |
|             [In] ref SecureCredential authData,
 | |
|             [In] void* keyCallback,
 | |
|             [In] void* keyArgument,
 | |
|             ref SSPIHandle handlePtr,
 | |
|             [Out] out long timeStamp
 | |
|             );
 | |
| 
 | |
| 
 | |
|         [DllImport(SECURITY, ExactSpelling = true, SetLastError = true)]
 | |
|         [SuppressUnmanagedCodeSecurity]
 | |
|         [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
 | |
|         [ResourceExposure(ResourceScope.None)]
 | |
|         internal extern static int FreeCredentialsHandle(
 | |
|             ref SSPIHandle handlePtr
 | |
|             );
 | |
|     }
 | |
| 
 | |
|     sealed class SafeFreeCertContext : SafeHandleZeroOrMinusOneIsInvalid
 | |
|     {
 | |
|         const string CRYPT32 = "crypt32.dll";
 | |
|         const string ADVAPI32 = "advapi32.dll";
 | |
| 
 | |
|         internal SafeFreeCertContext() : base(true) { }
 | |
| 
 | |
|         // This must be ONLY called from this file and form a MustRun method
 | |
|         [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
 | |
|         internal unsafe void Set(IntPtr value)
 | |
|         {
 | |
|             this.handle = value;
 | |
|         }
 | |
| 
 | |
|         const uint CRYPT_ACQUIRE_SILENT_FLAG = 0x00000040;
 | |
| 
 | |
|         [DllImport(CRYPT32, ExactSpelling = true, SetLastError = true)]
 | |
|         [SuppressUnmanagedCodeSecurity]
 | |
|         [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
 | |
|         [ResourceExposure(ResourceScope.None)]
 | |
|         extern static bool CertFreeCertificateContext(// Suppressing returned status check, it's always==TRUE,
 | |
|             [In] IntPtr certContext);
 | |
| 
 | |
|         protected override bool ReleaseHandle()
 | |
|         {
 | |
|             // PreSharp Bug: Call 'Marshal.GetLastWin32Error' or 'Marshal.GetHRForLastWin32Error' before any other interop call. 
 | |
| #pragma warning suppress 56523 // The API does not set Win32 Last Error.
 | |
|             return CertFreeCertificateContext(handle);
 | |
|         }
 | |
|     }
 | |
| 
 | |
|     sealed class SafeFreeContextBuffer : SafeHandleZeroOrMinusOneIsInvalid
 | |
|     {
 | |
|         const string SECURITY = "security.dll";
 | |
| 
 | |
|         SafeFreeContextBuffer() : base(true) { }
 | |
| 
 | |
|         // This must be ONLY called from this file and form a MustRun method
 | |
|         [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
 | |
|         internal unsafe void Set(IntPtr value)
 | |
|         {
 | |
|             this.handle = value;
 | |
|         }
 | |
| 
 | |
|         internal static int EnumeratePackages(out int pkgnum, out SafeFreeContextBuffer pkgArray)
 | |
|         {
 | |
|             int res = -1;
 | |
|             // PreSharp Bug: Call 'Marshal.GetLastWin32Error' or 'Marshal.GetHRForLastWin32Error' before any other interop call. 
 | |
| #pragma warning suppress 56523 // The API does not set Win32 Last Error. The API returns a error code.
 | |
|             res = SafeFreeContextBuffer.EnumerateSecurityPackagesW(out pkgnum, out pkgArray);
 | |
| 
 | |
|             if (res != 0)
 | |
|             {
 | |
|                 Utility.CloseInvalidOutSafeHandle(pkgArray);
 | |
|                 pkgArray = null;
 | |
|             }
 | |
|             return res;
 | |
|         }
 | |
| 
 | |
|         internal static SafeFreeContextBuffer CreateEmptyHandle()
 | |
|         {
 | |
|             return new SafeFreeContextBuffer();
 | |
|         }
 | |
| 
 | |
|         //
 | |
|         // After PInvoke call the method will fix the refHandle.handle with the returned value.
 | |
|         // The caller is responsible for creating a correct SafeHandle template or null can be passed if no handle is returned.
 | |
|         //
 | |
|         // This method is run as non-interruptible.
 | |
|         //
 | |
|         public static unsafe int QueryContextAttributes(SafeDeleteContext phContext, ContextAttribute contextAttribute, byte* buffer, SafeHandle refHandle)
 | |
|         {
 | |
|             int status = (int)SecurityStatus.InvalidHandle;
 | |
|             bool b = false;
 | |
| 
 | |
|             // We don't want to be interrupted by thread abort exceptions or unexpected out-of-memory errors failing to jit
 | |
|             // one of the following methods. So run within a CER non-interruptible block.
 | |
|             RuntimeHelpers.PrepareConstrainedRegions();
 | |
| 
 | |
|             try
 | |
|             {
 | |
|                 phContext.DangerousAddRef(ref b);
 | |
|             }
 | |
|             catch (Exception e)
 | |
|             {
 | |
|                 if (System.Runtime.Fx.IsFatal(e))
 | |
|                     throw;
 | |
|                 
 | |
|                 if (b)
 | |
|                 {
 | |
|                     phContext.DangerousRelease();
 | |
|                     b = false;
 | |
|                 }
 | |
|                 if (!(e is ObjectDisposedException))
 | |
|                     throw;
 | |
|             }
 | |
|             finally
 | |
|             {
 | |
|                 if (b)
 | |
|                 {
 | |
|                     // PreSharp Bug: Call 'Marshal.GetLastWin32Error' or 'Marshal.GetHRForLastWin32Error' before any other interop call. 
 | |
| #pragma warning suppress 56523 // The API does not set Win32 Last Error. The API returns a error code.
 | |
|                     status = SafeFreeContextBuffer.QueryContextAttributesW(ref phContext._handle, contextAttribute, buffer);
 | |
|                     phContext.DangerousRelease();
 | |
|                 }
 | |
|                 if (status == 0 && refHandle != null)
 | |
|                 {
 | |
|                     if (refHandle is SafeFreeContextBuffer)
 | |
|                     {
 | |
|                         if (contextAttribute == ContextAttribute.SessionKey)
 | |
|                         {
 | |
|                             IntPtr keyPtr = Marshal.ReadIntPtr(new IntPtr(buffer), SecPkgContext_SessionKey.SessionkeyOffset);
 | |
|                             ((SafeFreeContextBuffer)refHandle).Set(keyPtr);
 | |
|                         }
 | |
|                         else
 | |
|                         {
 | |
|                             ((SafeFreeContextBuffer)refHandle).Set(*(IntPtr*)buffer);
 | |
|                         }
 | |
|                     }
 | |
|                     else
 | |
|                     {
 | |
|                         ((SafeFreeCertContext)refHandle).Set(*(IntPtr*)buffer);
 | |
|                     }
 | |
|                 }
 | |
| 
 | |
|                 if (status != 0 && refHandle != null)
 | |
|                 {
 | |
|                     refHandle.SetHandleAsInvalid();
 | |
|                 }
 | |
|             }
 | |
|             return status;
 | |
|         }
 | |
| 
 | |
|         protected override bool ReleaseHandle()
 | |
|         {
 | |
|             // PreSharp Bug: Call 'Marshal.GetLastWin32Error' or 'Marshal.GetHRForLastWin32Error' before any other interop call. 
 | |
| #pragma warning suppress 56523 // The API does not set Win32 Last Error. The API returns a error code.
 | |
|             return FreeContextBuffer(handle) == 0;
 | |
|         }
 | |
| 
 | |
|         [DllImport(SECURITY, ExactSpelling = true, SetLastError = true)]
 | |
|         [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
 | |
|         [ResourceExposure(ResourceScope.None)]
 | |
|         internal extern static unsafe int QueryContextAttributesW(
 | |
|             ref SSPIHandle contextHandle,
 | |
|             [In] ContextAttribute attribute,
 | |
|             [In] void* buffer);
 | |
| 
 | |
|         [DllImport(SECURITY, ExactSpelling = true, SetLastError = true)]
 | |
|         [ResourceExposure(ResourceScope.None)]
 | |
|         internal extern static int EnumerateSecurityPackagesW(
 | |
|             [Out] out int pkgnum,
 | |
|             [Out] out SafeFreeContextBuffer handle);
 | |
| 
 | |
|         [DllImport(SECURITY, ExactSpelling = true, SetLastError = true)]
 | |
|         [SuppressUnmanagedCodeSecurity]
 | |
|         [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
 | |
|         [ResourceExposure(ResourceScope.None)]
 | |
|         extern static int FreeContextBuffer(
 | |
|             [In] IntPtr contextBuffer);
 | |
|     }
 | |
| 
 | |
|     sealed class SafeCloseHandle : SafeHandleZeroOrMinusOneIsInvalid
 | |
|     {
 | |
|         const string KERNEL32 = "kernel32.dll";
 | |
| 
 | |
|         SafeCloseHandle() : base(true) { }
 | |
|         internal SafeCloseHandle(IntPtr handle, bool ownsHandle)
 | |
|             : base(ownsHandle)
 | |
|         {
 | |
|             DiagnosticUtility.DebugAssert(handle == IntPtr.Zero || !ownsHandle, "Unsafe to create a SafeHandle that owns a pre-existing handle before the SafeHandle was created.");
 | |
|             SetHandle(handle);
 | |
|         }
 | |
| 
 | |
|         protected override bool ReleaseHandle()
 | |
|         {
 | |
|             // PreSharp Bug: Call 'Marshal.GetLastWin32Error' or 'Marshal.GetHRForLastWin32Error' before any other interop call. 
 | |
| #pragma warning suppress 56523 // We are not interested to throw an exception here. We can ignore the Last Error code.
 | |
|             return CloseHandle(handle);
 | |
|         }
 | |
| 
 | |
|         [DllImport(KERNEL32, ExactSpelling = true, SetLastError = true)]
 | |
|         [SuppressUnmanagedCodeSecurity]
 | |
|         [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
 | |
|         [ResourceExposure(ResourceScope.None)]
 | |
|         extern static bool CloseHandle(IntPtr handle);
 | |
|     }
 | |
| 
 | |
| #pragma warning disable 618 // have not moved to the v4 security model yet
 | |
|     [SecurityCritical(SecurityCriticalScope.Everything)]
 | |
| #pragma warning restore 618
 | |
|     sealed class SafeHGlobalHandle : SafeHandleZeroOrMinusOneIsInvalid
 | |
|     {
 | |
|         SafeHGlobalHandle() : base(true) { }
 | |
| 
 | |
|         // 0 is an Invalid Handle
 | |
|         SafeHGlobalHandle(IntPtr handle)
 | |
|             : base(true)
 | |
|         {
 | |
|             DiagnosticUtility.DebugAssert(handle == IntPtr.Zero, "SafeHGlobalHandle constructor can only be called with IntPtr.Zero.");
 | |
|             SetHandle(handle);
 | |
|         }
 | |
| 
 | |
|         protected override bool ReleaseHandle()
 | |
|         {
 | |
|             Marshal.FreeHGlobal(handle);
 | |
|             return true;
 | |
|         }
 | |
| 
 | |
|         public static SafeHGlobalHandle InvalidHandle
 | |
|         {
 | |
|             get { return new SafeHGlobalHandle(IntPtr.Zero); }
 | |
|         }
 | |
| 
 | |
|         public static SafeHGlobalHandle AllocHGlobal(string s)
 | |
|         {
 | |
|             byte[] bytes = DiagnosticUtility.Utility.AllocateByteArray(checked((s.Length + 1) * 2));
 | |
|             Encoding.Unicode.GetBytes(s, 0, s.Length, bytes, 0);
 | |
|             return AllocHGlobal(bytes);
 | |
|         }
 | |
| 
 | |
|         public static SafeHGlobalHandle AllocHGlobal(byte[] bytes)
 | |
|         {
 | |
|             SafeHGlobalHandle result = AllocHGlobal(bytes.Length);
 | |
|             Marshal.Copy(bytes, 0, result.DangerousGetHandle(), bytes.Length);
 | |
|             return result;
 | |
|         }
 | |
| 
 | |
|         public static SafeHGlobalHandle AllocHGlobal(uint cb)
 | |
|         {
 | |
|             // The cast could overflow to minus.
 | |
|             // Unfortunately, Marshal.AllocHGlobal only takes int.
 | |
|             return AllocHGlobal((int)cb);
 | |
|         }
 | |
| 
 | |
|         public static SafeHGlobalHandle AllocHGlobal(int cb)
 | |
|         {
 | |
|             if (cb < 0)
 | |
|             {
 | |
|                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("cb", SR.GetString(SR.ValueMustBeNonNegative)));
 | |
|             }
 | |
| 
 | |
|             SafeHGlobalHandle result = new SafeHGlobalHandle();
 | |
| 
 | |
|             // CER 
 | |
|             RuntimeHelpers.PrepareConstrainedRegions();
 | |
|             try { }
 | |
|             finally
 | |
|             {
 | |
|                 IntPtr ptr = Marshal.AllocHGlobal(cb);
 | |
|                 result.SetHandle(ptr);
 | |
|             }
 | |
|             return result;
 | |
|         }
 | |
|     }
 | |
| 
 | |
|     sealed class SafeLsaLogonProcessHandle : SafeHandleZeroOrMinusOneIsInvalid
 | |
|     {
 | |
|         SafeLsaLogonProcessHandle() : base(true) { }
 | |
| 
 | |
|         // 0 is an Invalid Handle
 | |
|         internal SafeLsaLogonProcessHandle(IntPtr handle)
 | |
|             : base(true)
 | |
|         {
 | |
|             SetHandle(handle);
 | |
|         }
 | |
| 
 | |
|         internal static SafeLsaLogonProcessHandle InvalidHandle
 | |
|         {
 | |
|             get { return new SafeLsaLogonProcessHandle(IntPtr.Zero); }
 | |
|         }
 | |
| 
 | |
|         override protected bool ReleaseHandle()
 | |
|         {
 | |
|             // LsaDeregisterLogonProcess returns an NTSTATUS
 | |
|             return NativeMethods.LsaDeregisterLogonProcess(handle) >= 0;
 | |
|         }
 | |
|     }
 | |
| 
 | |
|     sealed class SafeLsaReturnBufferHandle : SafeHandleZeroOrMinusOneIsInvalid
 | |
|     {
 | |
|         SafeLsaReturnBufferHandle() : base(true) { }
 | |
| 
 | |
|         // 0 is an Invalid Handle
 | |
|         internal SafeLsaReturnBufferHandle(IntPtr handle)
 | |
|             : base(true)
 | |
|         {
 | |
|             SetHandle(handle);
 | |
|         }
 | |
| 
 | |
|         internal static SafeLsaReturnBufferHandle InvalidHandle
 | |
|         {
 | |
|             get { return new SafeLsaReturnBufferHandle(IntPtr.Zero); }
 | |
|         }
 | |
| 
 | |
|         override protected bool ReleaseHandle()
 | |
|         {
 | |
|             // LsaFreeReturnBuffer returns an NTSTATUS
 | |
|             return NativeMethods.LsaFreeReturnBuffer(handle) >= 0;
 | |
|         }
 | |
|     }
 | |
| }
 |