c
/
mono
-ын хуулбар https://github.com/mono/mono.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146
							
//-----------------------------------------------------------------------------
// Copyright (c) Microsoft Corporation.  All rights reserved.
//-----------------------------------------------------------------------------

namespace System.ServiceModel.Security
{
    using System;
    using System.Collections.Generic;
    using System.Collections.ObjectModel;
    using System.IdentityModel.Claims;
    using System.IdentityModel.Policy;
    using System.Net;
    using System.Runtime;
    using System.Security.Authentication.ExtendedProtection;
    using System.Security.Principal;
    using System.ServiceModel;
    using System.ServiceModel.Diagnostics;
    using System.Xml;

    using SafeCloseHandle = System.IdentityModel.SafeCloseHandle;
    using SafeFreeCredentials = System.IdentityModel.SafeFreeCredentials;

    sealed class SpnegoTokenAuthenticator : SspiNegotiationTokenAuthenticator
    {
        bool extractGroupsForWindowsAccounts;
        NetworkCredential serverCredential;
        bool allowUnauthenticatedCallers;
        SafeFreeCredentials credentialsHandle;

        public SpnegoTokenAuthenticator()
            : base()
        {
            // empty
        }

        // settings        
        public bool ExtractGroupsForWindowsAccounts
        {
            get
            {
                return this.extractGroupsForWindowsAccounts;
            }
            set
            {
                this.CommunicationObject.ThrowIfDisposedOrImmutable();
                this.extractGroupsForWindowsAccounts = value;
            }
        }
        
        public NetworkCredential ServerCredential
        {
            get
            {
                return this.serverCredential;
            }
            set
            {
                this.CommunicationObject.ThrowIfDisposedOrImmutable();
                this.serverCredential = value;
            }
        }

        public bool AllowUnauthenticatedCallers
        {
            get
            {
                return this.allowUnauthenticatedCallers;
            }
            set
            {
                this.CommunicationObject.ThrowIfDisposedOrImmutable();
                this.allowUnauthenticatedCallers = value;
            }
        }

        // overrides
        public override XmlDictionaryString NegotiationValueType
        {
            get 
            {
                return XD.TrustApr2004Dictionary.SpnegoValueTypeUri;
            }
        }

        public override void OnOpening()
        {
            base.OnOpening();
            if (this.credentialsHandle == null)
            {
                this.credentialsHandle = SecurityUtils.GetCredentialsHandle("Negotiate", this.serverCredential, true);
            }
        }

        public override void OnClose(TimeSpan timeout)
        {
            base.OnClose(timeout);
            FreeCredentialsHandle();
        }

        public override void OnAbort()
        {
            base.OnAbort();
            FreeCredentialsHandle();
        }

        void FreeCredentialsHandle()
        {
            if (this.credentialsHandle != null)
            {
                this.credentialsHandle.Close();
                this.credentialsHandle = null;
            }
        }

        protected override SspiNegotiationTokenAuthenticatorState CreateSspiState(byte[] incomingBlob, string incomingValueTypeUri)
        {
            ISspiNegotiation windowsNegotiation = new WindowsSspiNegotiation("Negotiate", this.credentialsHandle, DefaultServiceBinding);
            return new SspiNegotiationTokenAuthenticatorState(windowsNegotiation);
        }

        protected override ReadOnlyCollection<IAuthorizationPolicy> ValidateSspiNegotiation(ISspiNegotiation sspiNegotiation)
        {
            WindowsSspiNegotiation windowsNegotiation = (WindowsSspiNegotiation)sspiNegotiation;
            if (windowsNegotiation.IsValidContext == false)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new SecurityNegotiationException(SR.GetString(SR.InvalidSspiNegotiation)));
            }
            SecurityTraceRecordHelper.TraceServiceSpnego(windowsNegotiation);
            if (this.IsClientAnonymous)
            {
                return EmptyReadOnlyCollection<IAuthorizationPolicy>.Instance;
            }
            using (SafeCloseHandle contextToken = windowsNegotiation.GetContextToken())
            {
                WindowsIdentity windowsIdentity = new WindowsIdentity(contextToken.DangerousGetHandle(), windowsNegotiation.ProtocolName);
                SecurityUtils.ValidateAnonymityConstraint(windowsIdentity, this.AllowUnauthenticatedCallers);

                List<IAuthorizationPolicy> policies = new List<IAuthorizationPolicy>(1);
                WindowsClaimSet wic = new WindowsClaimSet( windowsIdentity, windowsNegotiation.ProtocolName, this.extractGroupsForWindowsAccounts, false );
                policies.Add(new System.IdentityModel.Policy.UnconditionalPolicy(wic, TimeoutHelper.Add(DateTime.UtcNow, base.ServiceTokenLifetime)));
                return policies.AsReadOnly();
            }
        }
    }
}