static extern int LsaCallAuthenticationPackage(
LsaSafeHandle LsaHandle,
uint AuthenticationPackage,
ref KERB_QUERY_TKT_CACHE_REQUEST ProtocolSubmitBuffer,
int SubmitBufferLength,
out IntPtr ProtocolReturnBuffer,
out int ReturnBufferLength,
out int ProtocolStatus);
internal static Ticket GetTicket()
{
LsaSafeHandle lsaHandle = null;
try
{
// connect to the LSA outside the TCB
Check(LsaConnectUntrusted(out lsaHandle));
string kerberos = "Kerberos";
LsaString lsaString = new LsaString();
lsaString.Length = (ushort)kerberos.Length;
lsaString.MaximumLength = (ushort)kerberos.Length;
lsaString.Buffer = kerberos;
uint authenticationPackage = 0;
// lookup the index for the Kerberos authentication package
Check(LsaLookupAuthenticationPackage(lsaHandle, ref lsaString, out authenticationPackage));
KERB_QUERY_TKT_CACHE_REQUEST request = new KERB_QUERY_TKT_CACHE_REQUEST();
request.MessageType = KERB_PROTOCOL_MESSAGE_TYPE.KerbRetrieveTicketMessage;
request.LoginId.LowPart = 0;
request.LoginId.HighPart = 0;
int submitBufferLength = Marshal.SizeOf(typeof(KERB_QUERY_TKT_CACHE_REQUEST));
IntPtr responsePointer = IntPtr.Zero;
int returnBufferLength = 0;
int protocolStatus = 0;
try
{
// send the request to Kerberos and get a response
Check(LsaCallAuthenticationPackage(lsaHandle,
authenticationPackage,
ref request,
submitBufferLength,
out responsePointer,
out returnBufferLength,
out protocolStatus));
Check(protocolStatus);
if (responsePointer == IntPtr.Zero || returnBufferLength < Marshal.SizeOf(typeof(KERB_RETRIEVE_TKT_RESPONSE)))
{
throw new InvalidOperationException();
}
KERB_RETRIEVE_TKT_RESPONSE response = new KERB_RETRIEVE_TKT_RESPONSE();
Marshal.PtrToStructure(responsePointer, response);
Ticket ticket = new Ticket();
ticket.EncodedTicket = ReadBytes(response.Ticket.EncodedTicket, response.Ticket.EncodedTicketSize);
ticket.ClientNames = ReadExternalName(response.Ticket.ClientName);
ticket.TargetNames = ReadExternalName(response.Ticket.TargetName);
ticket.SessionKey = ReadBytes(response.Ticket.SessionKey.Value, response.Ticket.SessionKey.Length);
ticket.SessionKeyType = response.Ticket.SessionKey.KeyType;
ticket.StartTime = response.Ticket.StartTime;
ticket.EndTime = response.Ticket.EndTime;
ticket.RenewUntil = response.Ticket.RenewUntil;
return(ticket);
}
finally
{
if (responsePointer != IntPtr.Zero)
{
Check(LsaFreeReturnBuffer(responsePointer));
}
}
}
finally
{
if (lsaHandle != null)
{
lsaHandle.Close();
}
}
}
static extern int LsaLookupAuthenticationPackage(
LsaSafeHandle LsaHandle,
ref LsaString PackageName,
out uint AuthenticationPackage);
static extern int LsaConnectUntrusted(out LsaSafeHandle LsaHandle);
static extern int LsaLookupAuthenticationPackage(
LsaSafeHandle LsaHandle,
ref LsaString PackageName,
out uint AuthenticationPackage);
static extern int LsaCallAuthenticationPackage(
LsaSafeHandle LsaHandle,
uint AuthenticationPackage,
ref KERB_QUERY_TKT_CACHE_REQUEST ProtocolSubmitBuffer,
int SubmitBufferLength,
out IntPtr ProtocolReturnBuffer,
out int ReturnBufferLength,
out int ProtocolStatus);
static extern int LsaConnectUntrusted(out LsaSafeHandle LsaHandle);