Strona główna Odkrywaj Pomoc
Zaloguj się
coder
/
SMBLibrary-Fork
1
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Drzewo: 9ca92eca83
Gałęzie Tagi
SMBLibrary-F...
/
SMBLibrary.Win32
/
Security
/
SSPIHelper.cs

SSPIHelper.cs 18 KB
Historia Czysty

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451 
  1. /* Copyright (C) 2014-2017 Tal Aloni <tal.aloni.il@gmail.com>. All rights reserved.
    2. 

  2.  * 
    3. 

  3.  * You can redistribute this program and/or modify it under the terms of
    4. 

  4.  * the GNU Lesser Public License as published by the Free Software Foundation,
    5. 

  5.  * either version 3 of the License, or (at your option) any later version.
    6. 

  6.  */
    7. 

  7. using System;
    8. 

  8. using System.Collections.Generic;
    9. 

  9. using System.Runtime.InteropServices;
    10. 

  10. 

  11. namespace SMBLibrary.Win32.Security
    12. 

  12. {
    13. 

  13.     [StructLayout(LayoutKind.Sequential)]
    14. 

  14.     public struct SecHandle
    15. 

  15.     {
    16. 

  16.         public IntPtr dwLower;
    17. 

  17.         public IntPtr dwUpper;
    18. 

  18.     };
    19. 

  19. 

  20.     public class SSPIHelper
    21. 

  21.     {
    22. 

  22.         private const int MAX_TOKEN_SIZE = 12000;
    23. 

  23. 

  24.         private const uint SEC_E_OK = 0;
    25. 

  25.         private const uint SEC_I_CONTINUE_NEEDED = 0x00090312;
    26. 

  26.         private const uint SEC_E_INVALID_HANDLE = 0x80090301;
    27. 

  27.         private const uint SEC_E_INVALID_TOKEN = 0x80090308;
    28. 

  28.         private const uint SEC_E_LOGON_DENIED = 0x8009030C;
    29. 

  29.         private const uint SEC_E_BUFFER_TOO_SMALL = 0x80090321;
    30. 

  30. 

  31.         private const uint SECURITY_NETWORK_DREP = 0x00;
    32. 

  32.         private const uint SECURITY_NATIVE_DREP = 0x10;
    33. 

  33. 

  34.         private const uint SECPKG_CRED_INBOUND = 0x01;
    35. 

  35.         private const uint SECPKG_CRED_OUTBOUND = 0x02;
    36. 

  36.         private const uint SECPKG_CRED_BOTH = 0x03;
    37. 

  37. 

  38.         private const uint ISC_REQ_CONFIDENTIALITY = 0x00000010;
    39. 

  39.         private const uint ISC_REQ_ALLOCATE_MEMORY = 0x00000100;
    40. 

  40.         private const uint ISC_REQ_INTEGRITY = 0x00010000;
    41. 

  41. 

  42.         private const uint ASC_REQ_REPLAY_DETECT = 0x00000004;
    43. 

  43.         private const uint ASC_REQ_CONFIDENTIALITY = 0x00000010;
    44. 

  44.         private const uint ASC_REQ_USE_SESSION_KEY = 0x00000020;
    45. 

  45.         private const uint ASC_REQ_INTEGRITY = 0x00020000;
    46. 

  46. 

  47.         private const uint SEC_WINNT_AUTH_IDENTITY_ANSI = 1;
    48. 

  48.         private const uint SEC_WINNT_AUTH_IDENTITY_UNICODE = 2;
    49. 

  49. 

  50.         private const uint SECPKG_ATTR_NAME = 1; // Username
    51. 

  51.         private const uint SECPKG_ATTR_SESSION_KEY = 9;
    52. 

  52.         private const uint SECPKG_ATTR_ACCESS_TOKEN = 18;
    53. 

  53.         
    54. 

  54.         [StructLayout(LayoutKind.Sequential)]
    55. 

  55.         private struct SECURITY_INTEGER
    56. 

  56.         {
    57. 

  57.             public uint LowPart;
    58. 

  58.             public int HighPart;
    59. 

  59.         };
    60. 

  60. 

  61.         /// <summary>
    62. 

  62.         /// When using the NTLM package, the maximum character lengths for user name, password, and domain are 256, 256, and 15, respectively.
    63. 

  63.         /// </summary>
    64. 

  64.         [StructLayout(LayoutKind.Sequential)]
    65. 

  65.         private struct SEC_WINNT_AUTH_IDENTITY
    66. 

  66.         {
    67. 

  67.             public string User;
    68. 

  68.             public uint UserLength;
    69. 

  69.             public string Domain;
    70. 

  70.             public uint DomainLength;
    71. 

  71.             public string Password;
    72. 

  72.             public uint PasswordLength;
    73. 

  73.             public uint Flags;
    74. 

  74.         };
    75. 

  75. 

  76.         [StructLayout(LayoutKind.Sequential)]
    77. 

  77.         public struct SecPkgContext_SessionKey
    78. 

  78.         {
    79. 

  79.             public uint SessionKeyLength;
    80. 

  80.             public IntPtr SessionKey;
    81. 

  81.         }
    82. 

  82. 

  83.         [DllImport("secur32.dll", SetLastError = true)]
    84. 

  84.         private static extern uint AcquireCredentialsHandle(
    85. 

  85.           string pszPrincipal,
    86. 

  86.           string pszPackage,
    87. 

  87.           uint fCredentialUse,
    88. 

  88.           IntPtr pvLogonID,
    89. 

  89.           IntPtr pAuthData,
    90. 

  90.           IntPtr pGetKeyFn,
    91. 

  91.           IntPtr pvGetKeyArgument,
    92. 

  92.           out SecHandle phCredential,
    93. 

  93.           out SECURITY_INTEGER ptsExpiry);
    94. 

  94. 

  95.         [DllImport("secur32.dll", SetLastError = true)]
    96. 

  96.         private static extern uint InitializeSecurityContext(
    97. 

  97.             ref SecHandle phCredential,
    98. 

  98.             IntPtr phContext,
    99. 

  99.             string pszTargetName,
    100. 

  100.             uint fContextReq,
    101. 

  101.             uint Reserved1,
    102. 

  102.             uint TargetDataRep,
    103. 

  103.             IntPtr pInput,
    104. 

  104.             uint Reserved2,
    105. 

  105.             ref SecHandle phNewContext,
    106. 

  106.             ref SecBufferDesc pOutput,
    107. 

  107.             out uint pfContextAttr,
    108. 

  108.             out SECURITY_INTEGER ptsExpiry);
    109. 

  109. 

  110.         [DllImport("secur32.dll", SetLastError = true)]
    111. 

  111.         private static extern uint InitializeSecurityContext(
    112. 

  112.             IntPtr phCredential,
    113. 

  113.             ref SecHandle phContext,
    114. 

  114.             string pszTargetName,
    115. 

  115.             uint fContextReq,
    116. 

  116.             uint Reserved1,
    117. 

  117.             uint TargetDataRep,
    118. 

  118.             ref SecBufferDesc pInput,
    119. 

  119.             uint Reserved2,
    120. 

  120.             ref SecHandle phNewContext,
    121. 

  121.             ref SecBufferDesc pOutput,
    122. 

  122.             out uint pfContextAttr,
    123. 

  123.             out SECURITY_INTEGER ptsExpiry);
    124. 

  124. 

  125.         [DllImport("secur32.dll", SetLastError = true)]
    126. 

  126.         private static extern uint AcceptSecurityContext(
    127. 

  127.             ref SecHandle phCredential,
    128. 

  128.             IntPtr phContext,
    129. 

  129.             ref SecBufferDesc pInput,
    130. 

  130.             uint fContextReq,
    131. 

  131.             uint TargetDataRep,
    132. 

  132.             ref SecHandle phNewContext,
    133. 

  133.             ref SecBufferDesc pOutput,
    134. 

  134.             out uint pfContextAttr,
    135. 

  135.             out SECURITY_INTEGER ptsTimeStamp);
    136. 

  136. 

  137.         [DllImport("secur32.dll", SetLastError = true)]
    138. 

  138.         private static extern uint AcceptSecurityContext(
    139. 

  139.             IntPtr phCredential,
    140. 

  140.             ref SecHandle phContext,
    141. 

  141.             ref SecBufferDesc pInput,
    142. 

  142.             uint fContextReq,
    143. 

  143.             uint TargetDataRep,
    144. 

  144.             ref SecHandle phNewContext,
    145. 

  145.             ref SecBufferDesc pOutput,
    146. 

  146.             out uint pfContextAttr,
    147. 

  147.             out SECURITY_INTEGER ptsTimeStamp);
    148. 

  148. 

  149.         [DllImport("secur32.Dll", SetLastError = true)]
    150. 

  150.         private static extern uint QueryContextAttributes(
    151. 

  151.             ref SecHandle phContext,
    152. 

  152.             uint ulAttribute,
    153. 

  153.             out string value);
    154. 

  154. 

  155.         [DllImport("secur32.Dll", SetLastError = true)]
    156. 

  156.         private static extern uint QueryContextAttributes(
    157. 

  157.             ref SecHandle phContext,
    158. 

  158.             uint ulAttribute,
    159. 

  159.             out IntPtr value);
    160. 

  160. 

  161.         [DllImport("secur32.Dll", SetLastError = true)]
    162. 

  162.         private static extern uint QueryContextAttributes(
    163. 

  163.             ref SecHandle phContext,
    164. 

  164.             uint ulAttribute,
    165. 

  165.             out SecPkgContext_SessionKey value);
    166. 

  166. 

  167.         [DllImport("Secur32.dll")]
    168. 

  168.         private extern static uint FreeContextBuffer(
    169. 

  169.             IntPtr pvContextBuffer
    170. 

  170.         );
    171. 

  171. 

  172.         [DllImport("Secur32.dll")]
    173. 

  173.         private extern static uint FreeCredentialsHandle(
    174. 

  174.             ref SecHandle phCredential
    175. 

  175.         );
    176. 

  176. 

  177.         [DllImport("Secur32.dll")]
    178. 

  178.         public extern static uint DeleteSecurityContext(
    179. 

  179.             ref SecHandle phContext
    180. 

  180.         );
    181. 

  181. 

  182.         public static SecHandle AcquireNTLMCredentialsHandle()
    183. 

  183.         {
    184. 

  184.             return AcquireNTLMCredentialsHandle(null);
    185. 

  185.         }
    186. 

  186. 

  187.         public static SecHandle AcquireNTLMCredentialsHandle(string domainName, string userName, string password)
    188. 

  188.         {
    189. 

  189.             SEC_WINNT_AUTH_IDENTITY auth = new SEC_WINNT_AUTH_IDENTITY();
    190. 

  190.             auth.Domain = domainName;
    191. 

  191.             auth.DomainLength = (uint)domainName.Length;
    192. 

  192.             auth.User = userName;
    193. 

  193.             auth.UserLength = (uint)userName.Length;
    194. 

  194.             auth.Password = password;
    195. 

  195.             auth.PasswordLength = (uint)password.Length;
    196. 

  196.             auth.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
    197. 

  197.             return AcquireNTLMCredentialsHandle(auth);
    198. 

  198.         }
    199. 

  199. 

  200.         private static SecHandle AcquireNTLMCredentialsHandle(SEC_WINNT_AUTH_IDENTITY? auth)
    201. 

  201.         {
    202. 

  202.             SecHandle credential;
    203. 

  203.             SECURITY_INTEGER expiry;
    204. 

  204. 

  205.             IntPtr pAuthData;
    206. 

  206.             if (auth.HasValue)
    207. 

  207.             {
    208. 

  208.                 pAuthData = Marshal.AllocHGlobal(Marshal.SizeOf(auth.Value));
    209. 

  209.                 Marshal.StructureToPtr(auth.Value, pAuthData, false);
    210. 

  210.             }
    211. 

  211.             else
    212. 

  212.             {
    213. 

  213.                 pAuthData = IntPtr.Zero;
    214. 

  214.             }
    215. 

  215. 

  216.             uint result = AcquireCredentialsHandle(null, "NTLM", SECPKG_CRED_BOTH, IntPtr.Zero, pAuthData, IntPtr.Zero, IntPtr.Zero, out credential, out expiry);
    217. 

  217.             if (pAuthData != IntPtr.Zero)
    218. 

  218.             {
    219. 

  219.                 Marshal.FreeHGlobal(pAuthData);
    220. 

  220.             }
    221. 

  221.             if (result != SEC_E_OK)
    222. 

  222.             {
    223. 

  223.                 throw new Exception("AcquireCredentialsHandle failed, Error code 0x" + result.ToString("X8"));
    224. 

  224.             }
    225. 

  225. 

  226.             return credential;
    227. 

  227.         }
    228. 

  228. 

  229.         public static byte[] GetType1Message(string userName, string password, out SecHandle clientContext)
    230. 

  230.         {
    231. 

  231.             return GetType1Message(String.Empty, userName, password, out clientContext);
    232. 

  232.         }
    233. 

  233. 

  234.         public static byte[] GetType1Message(string domainName, string userName, string password, out SecHandle clientContext)
    235. 

  235.         {
    236. 

  236.             SecHandle credentialsHandle = AcquireNTLMCredentialsHandle(domainName, userName, password);
    237. 

  237.             clientContext = new SecHandle();
    238. 

  238.             SecBuffer outputBuffer = new SecBuffer(MAX_TOKEN_SIZE);
    239. 

  239.             SecBufferDesc output = new SecBufferDesc(outputBuffer);
    240. 

  240.             uint contextAttributes;
    241. 

  241.             SECURITY_INTEGER expiry;
    242. 

  242. 

  243.             uint result = InitializeSecurityContext(ref credentialsHandle, IntPtr.Zero, null, ISC_REQ_CONFIDENTIALITY | ISC_REQ_INTEGRITY, 0, SECURITY_NATIVE_DREP, IntPtr.Zero, 0, ref clientContext, ref output, out contextAttributes, out expiry);
    244. 

  244.             if (result != SEC_E_OK && result != SEC_I_CONTINUE_NEEDED)
    245. 

  245.             {
    246. 

  246.                 if (result == SEC_E_INVALID_HANDLE)
    247. 

  247.                 {
    248. 

  248.                     throw new Exception("InitializeSecurityContext failed, Invalid handle");
    249. 

  249.                 }
    250. 

  250.                 else if (result == SEC_E_BUFFER_TOO_SMALL)
    251. 

  251.                 {
    252. 

  252.                     throw new Exception("InitializeSecurityContext failed, Buffer too small");
    253. 

  253.                 }
    254. 

  254.                 else
    255. 

  255.                 {
    256. 

  256.                     throw new Exception("InitializeSecurityContext failed, Error code 0x" + result.ToString("X8"));
    257. 

  257.                 }
    258. 

  258.             }
    259. 

  259.             FreeCredentialsHandle(ref credentialsHandle);
    260. 

  260.             byte[] messageBytes = output.GetBufferBytes(0);
    261. 

  261.             outputBuffer.Dispose();
    262. 

  262.             output.Dispose();
    263. 

  263.             return messageBytes;
    264. 

  264.         }
    265. 

  265. 

  266.         public static byte[] GetType3Message(SecHandle clientContext, byte[] type2Message)
    267. 

  267.         {
    268. 

  268.             SecHandle newContext = new SecHandle();
    269. 

  269.             SecBuffer inputBuffer = new SecBuffer(type2Message);
    270. 

  270.             SecBufferDesc input = new SecBufferDesc(inputBuffer);
    271. 

  271.             SecBuffer outputBuffer = new SecBuffer(MAX_TOKEN_SIZE);
    272. 

  272.             SecBufferDesc output = new SecBufferDesc(outputBuffer);
    273. 

  273.             uint contextAttributes;
    274. 

  274.             SECURITY_INTEGER expiry;
    275. 

  275. 

  276.             uint result = InitializeSecurityContext(IntPtr.Zero, ref clientContext, null, ISC_REQ_CONFIDENTIALITY | ISC_REQ_INTEGRITY, 0, SECURITY_NATIVE_DREP, ref input, 0, ref newContext, ref output, out contextAttributes, out expiry);
    277. 

  277.             if (result != SEC_E_OK)
    278. 

  278.             {
    279. 

  279.                 if (result == SEC_E_INVALID_HANDLE)
    280. 

  280.                 {
    281. 

  281.                     throw new Exception("InitializeSecurityContext failed, Invalid handle");
    282. 

  282.                 }
    283. 

  283.                 else if (result == SEC_E_INVALID_TOKEN)
    284. 

  284.                 {
    285. 

  285.                     throw new Exception("InitializeSecurityContext failed, Invalid token");
    286. 

  286.                 }
    287. 

  287.                 else if (result == SEC_E_BUFFER_TOO_SMALL)
    288. 

  288.                 {
    289. 

  289.                     throw new Exception("InitializeSecurityContext failed, Buffer too small");
    290. 

  290.                 }
    291. 

  291.                 else
    292. 

  292.                 {
    293. 

  293.                     throw new Exception("InitializeSecurityContext failed, Error code 0x" + result.ToString("X8"));
    294. 

  294.                 }
    295. 

  295.             }
    296. 

  296.             byte[] messageBytes = output.GetBufferBytes(0);
    297. 

  297.             inputBuffer.Dispose();
    298. 

  298.             input.Dispose();
    299. 

  299.             outputBuffer.Dispose();
    300. 

  300.             output.Dispose();
    301. 

  301.             return messageBytes;
    302. 

  302.         }
    303. 

  303. 

  304.         public static byte[] GetType2Message(byte[] type1MessageBytes, out SecHandle serverContext)
    305. 

  305.         {
    306. 

  306.             SecHandle credentialsHandle = AcquireNTLMCredentialsHandle();
    307. 

  307.             SecBuffer inputBuffer = new SecBuffer(type1MessageBytes);
    308. 

  308.             SecBufferDesc input = new SecBufferDesc(inputBuffer);
    309. 

  309.             serverContext = new SecHandle();
    310. 

  310.             SecBuffer outputBuffer = new SecBuffer(MAX_TOKEN_SIZE);
    311. 

  311.             SecBufferDesc output = new SecBufferDesc(outputBuffer);
    312. 

  312.             uint contextAttributes;
    313. 

  313.             SECURITY_INTEGER timestamp;
    314. 

  314. 

  315.             uint result = AcceptSecurityContext(ref credentialsHandle, IntPtr.Zero, ref input, ASC_REQ_INTEGRITY | ASC_REQ_CONFIDENTIALITY, SECURITY_NATIVE_DREP, ref serverContext, ref output, out contextAttributes, out timestamp);
    316. 

  316.             if (result != SEC_E_OK && result != SEC_I_CONTINUE_NEEDED)
    317. 

  317.             {
    318. 

  318.                 if (result == SEC_E_INVALID_HANDLE)
    319. 

  319.                 {
    320. 

  320.                     throw new Exception("AcceptSecurityContext failed, Invalid handle");
    321. 

  321.                 }
    322. 

  322.                 else if (result == SEC_E_INVALID_TOKEN)
    323. 

  323.                 {
    324. 

  324.                     throw new Exception("AcceptSecurityContext failed, Invalid token");
    325. 

  325.                 }
    326. 

  326.                 else if (result == SEC_E_BUFFER_TOO_SMALL)
    327. 

  327.                 {
    328. 

  328.                     throw new Exception("AcceptSecurityContext failed, Buffer too small");
    329. 

  329.                 }
    330. 

  330.                 else
    331. 

  331.                 {
    332. 

  332.                     throw new Exception("AcceptSecurityContext failed, Error code 0x" + result.ToString("X8"));
    333. 

  333.                 }
    334. 

  334.             }
    335. 

  335.             FreeCredentialsHandle(ref credentialsHandle);
    336. 

  336.             byte[] messageBytes = output.GetBufferBytes(0);
    337. 

  337.             inputBuffer.Dispose();
    338. 

  338.             input.Dispose();
    339. 

  339.             outputBuffer.Dispose();
    340. 

  340.             output.Dispose();
    341. 

  341.             return messageBytes;
    342. 

  342.         }
    343. 

  343. 

  344.         /// <summary>
    345. 

  345.         /// AcceptSecurityContext will return SEC_E_LOGON_DENIED when the password is correct in these cases:
    346. 

  346.         /// 1. The account is listed under the "Deny access to this computer from the network" list.
    347. 

  347.         /// 2. 'limitblankpassworduse' is set to 1, non-guest is attempting to login with an empty password,
    348. 

  348.         ///    and the Guest account is disabled, has non-empty pasword set or listed under the "Deny access to this computer from the network" list.
    349. 

  349.         /// 
    350. 

  350.         /// Note: "If the Guest account is enabled, SSPI logon may succeed as Guest for user credentials that are not valid".
    351. 

  351.         /// </summary>
    352. 

  352.         /// <remarks>
    353. 

  353.         /// 1. 'limitblankpassworduse' will not affect the Guest account.
    354. 

  354.         /// 2. Listing the user in the "Deny access to this computer from the network" or the "Deny logon locally" lists will not affect AcceptSecurityContext if all of these conditions are met.
    355. 

  355.         /// - 'limitblankpassworduse' is set to 1.
    356. 

  356.         /// - The user has an empty password set.
    357. 

  357.         /// - Guest is NOT listed in the "Deny access to this computer from the network" list.
    358. 

  358.         /// - Guest is enabled and has empty pasword set.
    359. 

  359.         /// </remarks>
    360. 

  360.         public static bool AuthenticateType3Message(SecHandle serverContext, byte[] type3MessageBytes)
    361. 

  361.         {
    362. 

  362.             SecHandle newContext = new SecHandle();
    363. 

  363.             SecBuffer inputBuffer = new SecBuffer(type3MessageBytes);
    364. 

  364.             SecBufferDesc input = new SecBufferDesc(inputBuffer);
    365. 

  365.             SecBuffer outputBuffer = new SecBuffer(MAX_TOKEN_SIZE);
    366. 

  366.             SecBufferDesc output = new SecBufferDesc(outputBuffer);
    367. 

  367.             uint contextAttributes;
    368. 

  368.             SECURITY_INTEGER timestamp;
    369. 

  369. 

  370.             uint result = AcceptSecurityContext(IntPtr.Zero, ref serverContext, ref input, ASC_REQ_INTEGRITY | ASC_REQ_CONFIDENTIALITY, SECURITY_NATIVE_DREP, ref newContext, ref output, out contextAttributes, out timestamp);
    371. 

  371. 

  372.             inputBuffer.Dispose();
    373. 

  373.             input.Dispose();
    374. 

  374.             outputBuffer.Dispose();
    375. 

  375.             output.Dispose();
    376. 

  376. 

  377.             if (result == SEC_E_OK)
    378. 

  378.             {
    379. 

  379.                 return true;
    380. 

  380.             }
    381. 

  381.             else if ((uint)result == SEC_E_LOGON_DENIED)
    382. 

  382.             {
    383. 

  383.                 return false;
    384. 

  384.             }
    385. 

  385.             else
    386. 

  386.             {
    387. 

  387.                 if (result == SEC_E_INVALID_HANDLE)
    388. 

  388.                 {
    389. 

  389.                     throw new Exception("AcceptSecurityContext failed, Invalid handle");
    390. 

  390.                 }
    391. 

  391.                 else if (result == SEC_E_INVALID_TOKEN)
    392. 

  392.                 {
    393. 

  393.                     throw new Exception("AcceptSecurityContext failed, Invalid security token");
    394. 

  394.                 }
    395. 

  395.                 else
    396. 

  396.                 {
    397. 

  397.                     throw new Exception("AcceptSecurityContext failed, Error code 0x" + result.ToString("X8"));
    398. 

  398.                 }
    399. 

  399.             }
    400. 

  400.         }
    401. 

  401. 

  402.         public static string GetUserName(SecHandle context)
    403. 

  403.         {
    404. 

  404.             string userName;
    405. 

  405.             uint result = QueryContextAttributes(ref context, SECPKG_ATTR_NAME, out userName);
    406. 

  406.             if (result == SEC_E_OK)
    407. 

  407.             {
    408. 

  408.                 return userName;
    409. 

  409.             }
    410. 

  410.             else
    411. 

  411.             {
    412. 

  412.                 return null;
    413. 

  413.             }
    414. 

  414.         }
    415. 

  415. 

  416.         /// <summary>
    417. 

  417.         /// Windows Vista or newer is required for SECPKG_ATTR_SESSION_KEY to work.
    418. 

  418.         /// Windows XP / Server 2003 will return SEC_E_INVALID_TOKEN.
    419. 

  419.         /// </summary>
    420. 

  420.         public static byte[] GetSessionKey(SecHandle context)
    421. 

  421.         {
    422. 

  422.             SecPkgContext_SessionKey sessionKey;
    423. 

  423.             uint result = QueryContextAttributes(ref context, SECPKG_ATTR_SESSION_KEY, out sessionKey);
    424. 

  424.             if (result == SEC_E_OK)
    425. 

  425.             {
    426. 

  426.                 int length = (int)sessionKey.SessionKeyLength;
    427. 

  427.                 byte[] sessionKeyBytes = new byte[length];
    428. 

  428.                 Marshal.Copy(sessionKey.SessionKey, sessionKeyBytes, 0, length);
    429. 

  429.                 return sessionKeyBytes;
    430. 

  430.             }
    431. 

  431.             else
    432. 

  432.             {
    433. 

  433.                 return null;
    434. 

  434.             }
    435. 

  435.         }
    436. 

  436. 

  437.         public static IntPtr GetAccessToken(SecHandle serverContext)
    438. 

  438.         {
    439. 

  439.             IntPtr accessToken;
    440. 

  440.             uint result = QueryContextAttributes(ref serverContext, SECPKG_ATTR_ACCESS_TOKEN, out accessToken);
    441. 

  441.             if (result == SEC_E_OK)
    442. 

  442.             {
    443. 

  443.                 return accessToken;
    444. 

  444.             }
    445. 

  445.             else
    446. 

  446.             {
    447. 

  447.                 return IntPtr.Zero;
    448. 

  448.             }
    449. 

  449.         }
    450. 

  450.     }
    451. 

  451. }
    452.