private void PurgeAllTickets( IntPtr lsaHandle, UInt32 kerberosPackageId) { IntPtr purgeCacheRequestPtr = IntPtr.Zero; IntPtr purgeCacheResponsePtr = IntPtr.Zero; try { using (var empty = new OSCalls.UNICODE_STRING("")) { var purgeCacheRequest = new OSCalls.KERB_PURGE_TKT_CACHE_REQUEST { MessageType = OSCalls.KERB_PROTOCOL_MESSAGE_TYPE.KerbPurgeTicketCacheMessage, LogonId = new OSCalls.LUID(), ServerName = empty, RealmName = empty, }; var purgeCacheRequestSize = Marshal.SizeOf(purgeCacheRequest); purgeCacheRequestPtr = Marshal.AllocHGlobal(purgeCacheRequestSize); Marshal.StructureToPtr(purgeCacheRequest, purgeCacheRequestPtr, false); OSCalls.NtStatus ntSubStatus; ulong purgeCacheResponseSize; var ntStatus = OSCalls.LsaCallAuthenticationPackage( lsaHandle, kerberosPackageId, purgeCacheRequestPtr, purgeCacheRequestSize, out purgeCacheResponsePtr, out purgeCacheResponseSize, out ntSubStatus); if (ntStatus != OSCalls.NtStatus.Success || ntSubStatus != OSCalls.NtStatus.Success) { throw new Win32Exception( string.Format( "PurgeAllTickets->LsaCallAuthenticationPackage failed, ntStatus={0}, ntSubStatus={1}", ntStatus, ntSubStatus)); } } } finally { if (purgeCacheRequestPtr != IntPtr.Zero) { Marshal.FreeHGlobal(purgeCacheRequestPtr); } if (purgeCacheResponsePtr != IntPtr.Zero) { OSCalls.LsaFreeReturnBuffer(purgeCacheResponsePtr); } } }
private void Dispose(bool disposing) { lock (this) { if (!m_hToken.Equals(IntPtr.Zero)) { OSCalls.CloseHandle(m_hToken); m_hToken = IntPtr.Zero; } if (disposing) { GC.SuppressFinalize(this); } } }
public void PurgeAll() { IntPtr lsaHandle = IntPtr.Zero; OSCalls.WinStatusCodes status = OSCalls.LsaConnectUntrusted(out lsaHandle); if (status != OSCalls.WinStatusCodes.STATUS_SUCCESS) { throw new Win32Exception((int)OSCalls.LsaNtStatusToWinError(status)); } IntPtr cacheRequestPtr = IntPtr.Zero; try { using (var kerberosPackageName = new OSCalls.LsaStringWrapper("Kerberos")) { UInt32 kerberosPackageId; status = OSCalls.LsaLookupAuthenticationPackage(lsaHandle, ref kerberosPackageName._string, out kerberosPackageId); if (status != OSCalls.WinStatusCodes.STATUS_SUCCESS) { throw new Win32Exception((int)OSCalls.LsaNtStatusToWinError(status)); } PurgeAllTickets(lsaHandle, kerberosPackageId); } } finally { if (cacheRequestPtr != IntPtr.Zero) { Marshal.FreeHGlobal(cacheRequestPtr); } if (lsaHandle != IntPtr.Zero) { OSCalls.LsaDeregisterLogonProcess(lsaHandle); } } }
// using S4U logon public HandleSecurityToken(string UserName, string Domain, OSCalls.WinLogonType LogonType ) { using (OSCalls.KerbS4ULogon authPackage = new OSCalls.KerbS4ULogon(UserName, Domain)) { IntPtr lsaHandle; OSCalls.WinStatusCodes status = OSCalls.LsaConnectUntrusted(out lsaHandle); if (status != OSCalls.WinStatusCodes.STATUS_SUCCESS) { throw new System.ComponentModel.Win32Exception((int)OSCalls.LsaNtStatusToWinError(status)); } try { UInt32 kerberosPackageId; using (OSCalls.LsaStringWrapper kerberosPackageName = new OSCalls.LsaStringWrapper("Negotiate")) { status = OSCalls.LsaLookupAuthenticationPackage(lsaHandle, ref kerberosPackageName._string, out kerberosPackageId); if (status != OSCalls.WinStatusCodes.STATUS_SUCCESS) { throw new System.ComponentModel.Win32Exception((int)OSCalls.LsaNtStatusToWinError(status)); } } OSCalls.LsaStringWrapper originName = null; try { originName = new OSCalls.LsaStringWrapper("S4U"); OSCalls.TOKEN_SOURCE sourceContext = new OSCalls.TOKEN_SOURCE("NtLmSsp"); System.IntPtr profileBuffer = IntPtr.Zero; UInt32 profileBufferLength = 0; Int64 logonId; OSCalls.WinStatusCodes subStatus; OSCalls.QUOTA_LIMITS quotas; status = OSCalls.LsaLogonUser( lsaHandle, ref originName._string, (OSCalls.SecurityLogonType)LogonType, kerberosPackageId, authPackage.Ptr, (uint)authPackage.Length, IntPtr.Zero, ref sourceContext, out profileBuffer, out profileBufferLength, out logonId, out m_hToken, out quotas, out subStatus); if (status != OSCalls.WinStatusCodes.STATUS_SUCCESS) { throw new System.ComponentModel.Win32Exception((int)OSCalls.LsaNtStatusToWinError(status)); } if (profileBuffer != IntPtr.Zero) { OSCalls.LsaFreeReturnBuffer(profileBuffer); } } finally { if (originName != null) { originName.Dispose(); } } } finally { OSCalls.LsaDeregisterLogonProcess(lsaHandle); } } }