Terraria v1.4.4.9
Terraria source code documentation
Loading...
Searching...
No Matches
NTAuthentication.cs
Go to the documentation of this file.
1using System.ComponentModel;
2using System.Diagnostics.CodeAnalysis;
3using System.Net.Security;
4using System.Runtime.Versioning;
5using System.Security.Authentication.ExtendedProtection;
6
7namespace System.Net;
8
9[UnsupportedOSPlatform("tvos")]
10[UnsupportedOSPlatform("tvos")]
11internal sealed class NTAuthentication
12{
13 private bool _isServer;
14
15 private SafeFreeCredentials _credentialsHandle;
16
17 private SafeDeleteContext _securityContext;
18
19 private string _spn;
20
21 private int _tokenSize;
22
23 private ContextFlagsPal _requestedContextFlags;
24
25 private ContextFlagsPal _contextFlags;
26
27 private bool _isCompleted;
28
29 private string _package;
30
31 private string _lastProtocolName;
32
33 private string _protocolName;
34
35 private string _clientSpecifiedSpn;
36
37 private ChannelBinding _channelBinding;
38
39 internal string AssociatedName
40 {
41 get
42 {
43 if (!IsValidContext || !IsCompleted)
44 {
45 throw new Win32Exception(10);
46 }
47 string text = NegotiateStreamPal.QueryContextAssociatedName(_securityContext);
48 if (System.Net.NetEventSource.Log.IsEnabled())
49 {
50 System.Net.NetEventSource.Info(this, $"NTAuthentication: The context is associated with [{text}]", "AssociatedName");
51 }
52 return text;
53 }
54 }
55
56 internal bool IsConfidentialityFlag => (_contextFlags & ContextFlagsPal.Confidentiality) != 0;
57
58 internal bool IsIntegrityFlag => ((uint)_contextFlags & (uint)(_isServer ? 131072 : 65536)) != 0;
59
60 internal bool IsMutualAuthFlag => (_contextFlags & ContextFlagsPal.MutualAuth) != 0;
61
62 internal bool IsDelegationFlag => (_contextFlags & ContextFlagsPal.Delegate) != 0;
63
64 internal bool IsIdentifyFlag => ((uint)_contextFlags & (uint)(_isServer ? 524288 : 131072)) != 0;
65
66 internal string Spn => _spn;
67
68 internal bool IsNTLM
69 {
70 get
71 {
72 if (_lastProtocolName == null)
73 {
74 _lastProtocolName = ProtocolName;
75 }
76 return (object)_lastProtocolName == "NTLM";
77 }
78 }
79
80 internal bool IsCompleted => _isCompleted;
81
82 internal bool IsValidContext
83 {
84 get
85 {
86 if (_securityContext != null)
87 {
88 return !_securityContext.IsInvalid;
89 }
90 return false;
91 }
92 }
93
94 internal bool IsServer => _isServer;
95
96 internal string ClientSpecifiedSpn
97 {
98 get
99 {
100 if (_clientSpecifiedSpn == null)
101 {
102 _clientSpecifiedSpn = GetClientSpecifiedSpn();
103 }
104 return _clientSpecifiedSpn;
105 }
106 }
107
108 internal string ProtocolName
109 {
110 get
111 {
112 if (_protocolName == null)
113 {
114 string text = null;
115 if (IsValidContext)
116 {
117 text = NegotiateStreamPal.QueryContextAuthenticationPackage(_securityContext);
118 if (IsCompleted)
119 {
120 _protocolName = text;
121 }
122 }
123 return text ?? string.Empty;
124 }
125 return _protocolName;
126 }
127 }
128
129 internal bool IsKerberos
130 {
131 get
132 {
133 if (_lastProtocolName == null)
134 {
135 _lastProtocolName = ProtocolName;
136 }
137 return (object)_lastProtocolName == "Kerberos";
138 }
139 }
140
141 internal int Encrypt(ReadOnlySpan<byte> buffer, [NotNull] ref byte[] output, uint sequenceNumber)
142 {
143 return NegotiateStreamPal.Encrypt(_securityContext, buffer, IsConfidentialityFlag, IsNTLM, ref output, sequenceNumber);
144 }
145
146 internal int Decrypt(byte[] payload, int offset, int count, out int newOffset, uint expectedSeqNumber)
147 {
148 return NegotiateStreamPal.Decrypt(_securityContext, payload, offset, count, IsConfidentialityFlag, IsNTLM, out newOffset, expectedSeqNumber);
149 }
150
151 internal NTAuthentication(bool isServer, string package, NetworkCredential credential, string spn, ContextFlagsPal requestedContextFlags, ChannelBinding channelBinding)
152 {
153 Initialize(isServer, package, credential, spn, requestedContextFlags, channelBinding);
154 }
155
156 [MemberNotNull("_package")]
157 private void Initialize(bool isServer, string package, NetworkCredential credential, string spn, ContextFlagsPal requestedContextFlags, ChannelBinding channelBinding)
158 {
159 if (System.Net.NetEventSource.Log.IsEnabled())
160 {
161 System.Net.NetEventSource.Info(this, $"package={package}, spn={spn}, requestedContextFlags={requestedContextFlags}", "Initialize");
162 }
163 _tokenSize = NegotiateStreamPal.QueryMaxTokenSize(package);
164 _isServer = isServer;
165 _spn = spn;
166 _securityContext = null;
167 _requestedContextFlags = requestedContextFlags;
168 _package = package;
169 _channelBinding = channelBinding;
170 if (System.Net.NetEventSource.Log.IsEnabled())
171 {
172 System.Net.NetEventSource.Info(this, $"Peer SPN-> '{_spn}'", "Initialize");
173 }
174 if (credential == CredentialCache.DefaultCredentials)
175 {
176 if (System.Net.NetEventSource.Log.IsEnabled())
177 {
178 System.Net.NetEventSource.Info(this, "using DefaultCredentials", "Initialize");
179 }
180 _credentialsHandle = NegotiateStreamPal.AcquireDefaultCredential(package, _isServer);
181 }
182 else
183 {
184 _credentialsHandle = NegotiateStreamPal.AcquireCredentialsHandle(package, _isServer, credential);
185 }
186 }
187
188 internal SafeDeleteContext GetContext(out SecurityStatusPal status)
189 {
190 status = new SecurityStatusPal(SecurityStatusPalErrorCode.OK);
191 if (!IsValidContext)
192 {
193 status = new SecurityStatusPal(SecurityStatusPalErrorCode.InvalidHandle);
194 return null;
195 }
196 return _securityContext;
197 }
198
199 internal void CloseContext()
200 {
201 if (_securityContext != null && !_securityContext.IsClosed)
202 {
203 _securityContext.Dispose();
204 }
205 }
206
207 internal byte[] GetOutgoingBlob(byte[] incomingBlob, bool throwOnError, out SecurityStatusPal statusCode)
208 {
209 byte[] resultBlob = new byte[_tokenSize];
210 bool flag = _securityContext == null;
211 try
212 {
213 if (!_isServer)
214 {
215 statusCode = NegotiateStreamPal.InitializeSecurityContext(ref _credentialsHandle, ref _securityContext, _spn, _requestedContextFlags, incomingBlob, _channelBinding, ref resultBlob, ref _contextFlags);
216 if (System.Net.NetEventSource.Log.IsEnabled())
217 {
218 System.Net.NetEventSource.Info(this, $"SSPIWrapper.InitializeSecurityContext() returns statusCode:0x{(int)statusCode.ErrorCode:x8} ({statusCode})", "GetOutgoingBlob");
219 }
220 if (statusCode.ErrorCode == SecurityStatusPalErrorCode.CompleteNeeded)
221 {
222 statusCode = NegotiateStreamPal.CompleteAuthToken(ref _securityContext, resultBlob);
223 if (System.Net.NetEventSource.Log.IsEnabled())
224 {
225 System.Net.NetEventSource.Info(this, $"SSPIWrapper.CompleteAuthToken() returns statusCode:0x{(int)statusCode.ErrorCode:x8} ({statusCode})", "GetOutgoingBlob");
226 }
227 resultBlob = null;
228 }
229 }
230 else
231 {
232 statusCode = NegotiateStreamPal.AcceptSecurityContext(_credentialsHandle, ref _securityContext, _requestedContextFlags, incomingBlob, _channelBinding, ref resultBlob, ref _contextFlags);
233 if (System.Net.NetEventSource.Log.IsEnabled())
234 {
235 System.Net.NetEventSource.Info(this, $"SSPIWrapper.AcceptSecurityContext() returns statusCode:0x{(int)statusCode.ErrorCode:x8} ({statusCode})", "GetOutgoingBlob");
236 }
237 }
238 }
239 finally
240 {
241 if (flag)
242 {
243 _credentialsHandle?.Dispose();
244 }
245 }
246 if (statusCode.ErrorCode >= SecurityStatusPalErrorCode.OutOfMemory)
247 {
248 CloseContext();
249 _isCompleted = true;
250 if (throwOnError)
251 {
252 throw NegotiateStreamPal.CreateExceptionFromError(statusCode);
253 }
254 return null;
255 }
256 if (flag && _credentialsHandle != null)
257 {
258 SSPIHandleCache.CacheCredential(_credentialsHandle);
259 }
260 if (statusCode.ErrorCode == SecurityStatusPalErrorCode.OK || (_isServer && statusCode.ErrorCode == SecurityStatusPalErrorCode.CompleteNeeded))
261 {
262 _isCompleted = true;
263 }
264 else if (System.Net.NetEventSource.Log.IsEnabled())
265 {
266 System.Net.NetEventSource.Info(this, $"need continue statusCode:0x{(int)statusCode.ErrorCode:x8} ({statusCode}) _securityContext:{_securityContext}", "GetOutgoingBlob");
267 }
268 return resultBlob;
269 }
270
271 private string GetClientSpecifiedSpn()
272 {
273 string text = NegotiateStreamPal.QueryContextClientSpecifiedSpn(_securityContext);
274 if (System.Net.NetEventSource.Log.IsEnabled())
275 {
276 System.Net.NetEventSource.Info(this, $"The client specified SPN is [{text}]", "GetClientSpecifiedSpn");
277 }
278 return text;
279 }
280}
System.Net.CredentialCache.DefaultCredentials
static ICredentials DefaultCredentials
Definition CredentialCache.cs:161
System.Net.NTAuthentication._credentialsHandle
SafeFreeCredentials _credentialsHandle
Definition NTAuthentication.cs:15
System.Net.NTAuthentication.Initialize
void Initialize(bool isServer, string package, NetworkCredential credential, string spn, System.Net.ContextFlagsPal requestedContextFlags, ChannelBinding channelBinding)
Definition NTAuthentication.cs:51
System.Net.NTAuthentication.GetContext
SafeDeleteContext GetContext(out SecurityStatusPal status)
Definition NTAuthentication.cs:188
System.Net.NTAuthentication._contextFlags
System.Net.ContextFlagsPal _contextFlags
Definition NTAuthentication.cs:23
System.Net.NTAuthentication.NTAuthentication
NTAuthentication(bool isServer, string package, NetworkCredential credential, string spn, ContextFlagsPal requestedContextFlags, ChannelBinding channelBinding)
Definition NTAuthentication.cs:151
System.Net.NTAuthentication.GetOutgoingBlob
byte[] GetOutgoingBlob(byte[] incomingBlob, bool throwOnError, out SecurityStatusPal statusCode)
Definition NTAuthentication.cs:207
System.Net.NTAuthentication.Initialize
void Initialize(bool isServer, string package, NetworkCredential credential, string spn, ContextFlagsPal requestedContextFlags, ChannelBinding channelBinding)
Definition NTAuthentication.cs:157
System.Net.NTAuthentication.Encrypt
int Encrypt(ReadOnlySpan< byte > buffer, [NotNull] ref byte[] output, uint sequenceNumber)
Definition NTAuthentication.cs:141
System.Net.NTAuthentication._credentialsHandle
System.Net.Security.SafeFreeCredentials _credentialsHandle
Definition NTAuthentication.cs:13
System.Net.NTAuthentication._requestedContextFlags
System.Net.ContextFlagsPal _requestedContextFlags
Definition NTAuthentication.cs:21
System.Net.NTAuthentication._securityContext
System.Net.Security.SafeDeleteContext _securityContext
Definition NTAuthentication.cs:15
System.Net.NTAuthentication._requestedContextFlags
ContextFlagsPal _requestedContextFlags
Definition NTAuthentication.cs:23
System.Net.NTAuthentication.Decrypt
int Decrypt(byte[] payload, int offset, int count, out int newOffset, uint expectedSeqNumber)
Definition NTAuthentication.cs:146
System.Net.NTAuthentication._securityContext
SafeDeleteContext _securityContext
Definition NTAuthentication.cs:17
System.Net.NetEventSource.Log
static readonly System.Net.NetEventSource Log
Definition NetEventSource.cs:20
System.Net.NetEventSource.Info
static void Info(object thisOrContextObject, FormattableString formattableString=null, [CallerMemberName] string memberName=null)
Definition NetEventSource.cs:192
System.Net.Security.NegotiateStreamPal.AcceptSecurityContext
static System.Net.SecurityStatusPal AcceptSecurityContext(System.Net.Security.SafeFreeCredentials credentialsHandle, ref System.Net.Security.SafeDeleteContext securityContext, System.Net.ContextFlagsPal requestedContextFlags, byte[] incomingBlob, ChannelBinding channelBinding, ref byte[] resultBlob, ref System.Net.ContextFlagsPal contextFlags)
Definition NegotiateStreamPal.cs:70
System.Net.Security.NegotiateStreamPal.QueryContextAssociatedName
static string QueryContextAssociatedName(SafeDeleteContext securityContext)
Definition NegotiateStreamPal.cs:47
System.Net.Security.NegotiateStreamPal.InitializeSecurityContext
static System.Net.SecurityStatusPal InitializeSecurityContext(ref System.Net.Security.SafeFreeCredentials credentialsHandle, ref System.Net.Security.SafeDeleteContext securityContext, string spn, System.Net.ContextFlagsPal requestedContextFlags, byte[] incomingBlob, ChannelBinding channelBinding, ref byte[] resultBlob, ref System.Net.ContextFlagsPal contextFlags)
Definition NegotiateStreamPal.cs:40
System.Net.Security.NegotiateStreamPal.Decrypt
static int Decrypt(SafeDeleteContext securityContext, byte[] buffer, int offset, int count, bool isConfidential, bool isNtlm, out int newOffset, uint sequenceNumber)
Definition NegotiateStreamPal.cs:122
System.Net.Security.NegotiateStreamPal.AcquireDefaultCredential
static System.Net.Security.SafeFreeCredentials AcquireDefaultCredential(string package, bool isServer)
Definition NegotiateStreamPal.cs:13
System.Net.Security.NegotiateStreamPal.CompleteAuthToken
static System.Net.SecurityStatusPal CompleteAuthToken(ref System.Net.Security.SafeDeleteContext securityContext, byte[] incomingBlob)
Definition NegotiateStreamPal.cs:61
System.Net.Security.NegotiateStreamPal.AcquireCredentialsHandle
static System.Net.Security.SafeFreeCredentials AcquireCredentialsHandle(string package, bool isServer, NetworkCredential credential)
Definition NegotiateStreamPal.cs:18
System.Net.Security.NegotiateStreamPal.Encrypt
static int Encrypt(SafeDeleteContext securityContext, ReadOnlySpan< byte > buffer, bool isConfidential, bool isNtlm, [NotNull] ref byte[] output, uint sequenceNumber)
Definition NegotiateStreamPal.cs:60
System.Net.Security.NegotiateStreamPal.QueryMaxTokenSize
static int QueryMaxTokenSize(string package)
Definition NegotiateStreamPal.cs:8
System.Net.Security.NegotiateStreamPal.QueryContextClientSpecifiedSpn
static string QueryContextClientSpecifiedSpn(System.Net.Security.SafeDeleteContext securityContext)
Definition NegotiateStreamPal.cs:41
System.Net.Security.NegotiateStreamPal.QueryContextAuthenticationPackage
static string QueryContextAuthenticationPackage(System.Net.Security.SafeDeleteContext securityContext)
Definition NegotiateStreamPal.cs:46
System.Net.Security.NegotiateStreamPal.CreateExceptionFromError
static Win32Exception CreateExceptionFromError(System.Net.SecurityStatusPal statusCode)
Definition NegotiateStreamPal.cs:91
System.Net.Security.SSPIHandleCache.CacheCredential
static void CacheCredential(System.Net.Security.SafeFreeCredentials newHandle)
Definition SSPIHandleCache.cs:11