private static NtResult <KerberosExternalTicket> QueryCachedTicket(SafeLsaLogonHandle handle, string target_name, KERB_RETRIEVE_TICKET_FLAGS flags,
Luid logon_id, SecHandle sec_handle, bool throw_on_error)
{
var package = handle.LookupAuthPackage(AuthenticationPackage.KERBEROS_NAME, throw_on_error);
if (!package.IsSuccess)
{
return(package.Cast <KerberosExternalTicket>());
}
using (var buffer = QueryCachedTicket(handle, package.Result, target_name, flags, logon_id, sec_handle, throw_on_error))
{
if (!buffer.IsSuccess)
{
return(buffer.Cast <KerberosExternalTicket>());
}
KERB_EXTERNAL_TICKET ticket = buffer.Result.Read <KERB_EXTERNAL_TICKET>(0);
if (!KerberosExternalTicket.TryParse(ticket, out KerberosExternalTicket ret))
{
return(NtStatus.STATUS_INVALID_PARAMETER.CreateResultFromError <KerberosExternalTicket>(throw_on_error));
}
return(ret.CreateResult());
}
}
/// <summary>
/// Logon a user.
/// </summary>
/// <param name="type">The type of logon.</param>
/// <param name="auth_package">The authentication package to use.</param>
/// <param name="origin_name">The name of the origin.</param>
/// <param name="source_context">The token source context.</param>
/// <param name="buffer">The authentication credentials buffer.</param>
/// <param name="local_groups">Additional local groups.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The LSA logon result.</returns>
public NtResult <LsaLogonResult> LsaLogonUser(SecurityLogonType type, string auth_package, string origin_name,
TokenSource source_context, SafeBuffer buffer, IEnumerable <UserGroup> local_groups, bool throw_on_error)
{
using (var list = new DisposableList())
{
var auth_pkg = _handle.LookupAuthPackage(auth_package, throw_on_error);
if (!auth_pkg.IsSuccess)
{
return(auth_pkg.Cast <LsaLogonResult>());
}
var groups = local_groups == null ? SafeTokenGroupsBuffer.Null
: list.AddResource(SafeTokenGroupsBuffer.Create(local_groups));
QUOTA_LIMITS quota_limits = new QUOTA_LIMITS();
return(SecurityNativeMethods.LsaLogonUser(_handle, new LsaString(origin_name),
type, auth_pkg.Result, buffer, buffer.GetLength(), groups,
source_context, out SafeLsaReturnBufferHandle profile,
out int cbProfile, out Luid logon_id, out SafeKernelObjectHandle token_handle,
quota_limits, out NtStatus subStatus).CreateResult(throw_on_error, () =>
{
profile.InitializeLength(cbProfile);
return new LsaLogonResult(NtToken.FromHandle(token_handle), profile, logon_id, quota_limits);
}));
}
}
private static NtResult <KerberosTicketCacheInfo[]> QueryTicketCacheList(SafeLsaLogonHandle handle, Luid logon_id, bool throw_on_error)
{
var package = handle.LookupAuthPackage(AuthenticationPackage.KERBEROS_NAME, throw_on_error);
if (!package.IsSuccess)
{
return(package.Cast <KerberosTicketCacheInfo[]>());
}
var request_struct = new KERB_QUERY_TKT_CACHE_REQUEST()
{
LogonId = logon_id,
MessageType = KERB_PROTOCOL_MESSAGE_TYPE.KerbQueryTicketCacheMessage
};
using (var request = request_struct.ToBuffer())
{
using (var result = handle.CallPackage(package.Result, request, throw_on_error))
{
if (!result.IsSuccess)
{
return(result.Cast <KerberosTicketCacheInfo[]>());
}
if (!result.Result.Status.IsSuccess())
{
return(result.Result.Status.CreateResultFromError <KerberosTicketCacheInfo[]>(throw_on_error));
}
var response = result.Result.Buffer.Read <KERB_QUERY_TKT_CACHE_RESPONSE_HEADER>(0);
if (response.CountOfTickets == 0)
{
return(new KerberosTicketCacheInfo[0].CreateResult());
}
var buffer = BufferUtils.GetStructAtOffset <KERB_QUERY_TKT_CACHE_RESPONSE>(result.Result.Buffer, 0);
KERB_TICKET_CACHE_INFO[] infos = new KERB_TICKET_CACHE_INFO[response.CountOfTickets];
buffer.Data.ReadArray(0, infos, 0, response.CountOfTickets);
return(infos.Select(i => new KerberosTicketCacheInfo(i)).ToArray().CreateResult());
}
}
}