private void btnTestS4U_Click(object sender, EventArgs e)
        {
            try
            {
                SecurityLogonType logonType = (SecurityLogonType)comboBoxS4ULogonType.SelectedItem;

                if (radioLUNormal.Checked)
                {
                    using (NtToken token = TokenUtils.GetLogonUserToken(txtS4UUserName.Text, txtS4URealm.Text, txtLUPassword.Text, logonType))
                    {
                        TokenForm.OpenForm(token, true);
                    }
                }
                else
                {
                    using (NtToken token = TokenUtils.GetLogonS4UToken(txtS4UUserName.Text, txtS4URealm.Text, logonType))
                    {
                        TokenForm.OpenForm(token, true);
                    }
                }
            }
            catch (Exception ex)
            {
                MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
            }
        }
Ejemplo n.º 2
0
        private static NtResult <NtToken> LsaLogonUser(SecurityLogonType type, string auth_package, string origin_name,
                                                       SafeBuffer buffer, IEnumerable <UserGroup> local_groups, bool throw_on_error)
        {
            using (var list = new DisposableList()) {
                var hlsa = list.AddResource(SafeLsaLogonHandle.Connect(throw_on_error));
                if (!hlsa.IsSuccess)
                {
                    return(hlsa.Cast <NtToken>());
                }

                var auth_pkg = hlsa.Result.LookupAuthPackage(auth_package, throw_on_error);
                if (!auth_pkg.IsSuccess)
                {
                    return(auth_pkg.Cast <NtToken>());
                }

                var groups = local_groups == null ? SafeTokenGroupsBuffer.Null
            : list.AddResource(SafeTokenGroupsBuffer.Create(local_groups));

                TOKEN_SOURCE tokenSource = new TOKEN_SOURCE("NT.NET");
                SecurityNativeMethods.AllocateLocallyUniqueId(out tokenSource.SourceIdentifier);
                QUOTA_LIMITS quota_limits = new QUOTA_LIMITS();
                return(SecurityNativeMethods.LsaLogonUser(hlsa.Result, new LsaString(origin_name),
                                                          type, auth_pkg.Result, buffer, buffer.GetLength(), groups,
                                                          tokenSource, out SafeLsaReturnBufferHandle profile,
                                                          out int cbProfile, out Luid logon_id, out SafeKernelObjectHandle token_handle,
                                                          quota_limits, out NtStatus subStatus).CreateResult(throw_on_error, () => {
                    using (profile) {
                        return NtToken.FromHandle(token_handle);
                    }
                }));
            }
        }
        /// <summary>
        /// Logon a user.
        /// </summary>
        /// <param name="type">The type of logon.</param>
        /// <param name="auth_package">The authentication package to use.</param>
        /// <param name="origin_name">The name of the origin.</param>
        /// <param name="source_context">The token source context.</param>
        /// <param name="buffer">The authentication credentials buffer.</param>
        /// <param name="local_groups">Additional local groups.</param>
        /// <param name="throw_on_error">True to throw on error.</param>
        /// <returns>The LSA logon result.</returns>
        public NtResult <LsaLogonResult> LsaLogonUser(SecurityLogonType type, string auth_package, string origin_name,
                                                      TokenSource source_context, SafeBuffer buffer, IEnumerable <UserGroup> local_groups, bool throw_on_error)
        {
            using (var list = new DisposableList())
            {
                var auth_pkg = _handle.LookupAuthPackage(auth_package, throw_on_error);
                if (!auth_pkg.IsSuccess)
                {
                    return(auth_pkg.Cast <LsaLogonResult>());
                }

                var groups = local_groups == null ? SafeTokenGroupsBuffer.Null
                    : list.AddResource(SafeTokenGroupsBuffer.Create(local_groups));

                QUOTA_LIMITS quota_limits = new QUOTA_LIMITS();
                return(SecurityNativeMethods.LsaLogonUser(_handle, new LsaString(origin_name),
                                                          type, auth_pkg.Result, buffer, buffer.GetLength(), groups,
                                                          source_context, out SafeLsaReturnBufferHandle profile,
                                                          out int cbProfile, out Luid logon_id, out SafeKernelObjectHandle token_handle,
                                                          quota_limits, out NtStatus subStatus).CreateResult(throw_on_error, () =>
                {
                    profile.InitializeLength(cbProfile);
                    return new LsaLogonResult(NtToken.FromHandle(token_handle), profile, logon_id, quota_limits);
                }));
            }
        }
        /// <summary>
        /// Logon user using Kerberos Ticket.
        /// </summary>
        /// <param name="type">The type of logon token.</param>
        /// <param name="service_ticket">The service ticket.</param>
        /// <param name="tgt_ticket">Optional TGT.</param>
        /// <param name="throw_on_error">True to throw on error.</param>
        /// <returns>The logged on token.</returns>
        public static NtResult <NtToken> LsaLogonTicket(SecurityLogonType type, byte[] service_ticket, byte[] tgt_ticket, bool throw_on_error)
        {
            if (service_ticket is null)
            {
                throw new ArgumentNullException(nameof(service_ticket));
            }
            int total_size = service_ticket.Length + (tgt_ticket?.Length ?? 0);

            using (var buffer = new SafeStructureInOutBuffer <KERB_TICKET_LOGON>(total_size, true))
            {
                KERB_TICKET_LOGON logon_struct = new KERB_TICKET_LOGON
                {
                    MessageType                = KERB_LOGON_SUBMIT_TYPE.KerbTicketLogon,
                    ServiceTicketLength        = service_ticket.Length,
                    ServiceTicket              = buffer.Data.DangerousGetHandle(),
                    TicketGrantingTicket       = tgt_ticket != null?buffer.Data.DangerousGetHandle() + service_ticket.Length : IntPtr.Zero,
                    TicketGrantingTicketLength = tgt_ticket?.Length ?? 0
                };
                buffer.Data.WriteArray(0, service_ticket, 0, service_ticket.Length);
                if (tgt_ticket != null)
                {
                    buffer.Data.WriteArray((ulong)service_ticket.Length, tgt_ticket, 0, tgt_ticket.Length);
                }

                buffer.Result = logon_struct;
                return(LsaLogonUser(type, AuthenticationPackage.KERBEROS_NAME, "KTIK", buffer, null, throw_on_error));
            }
        }
Ejemplo n.º 5
0
        /// <summary>
        /// Logon user using S4U
        /// </summary>
        /// <param name="user">The username.</param>
        /// <param name="realm">The user's realm.</param>
        /// <param name="type">The type of logon token.</param>
        /// <param name="auth_package">The name of the auth package to user.</param>
        /// <param name="throw_on_error">True to throw on error.</param>
        /// <returns>The logged on token.</returns>
        public static NtResult <NtToken> LsaLogonS4U(string user, string realm, SecurityLogonType type, string auth_package, bool throw_on_error)
        {
            if (user is null)
            {
                throw new ArgumentNullException(nameof(user));
            }

            if (realm is null)
            {
                throw new ArgumentNullException(nameof(realm));
            }

            byte[] user_bytes  = Encoding.Unicode.GetBytes(user);
            byte[] realm_bytes = Encoding.Unicode.GetBytes(realm);

            using (var buffer = new SafeStructureInOutBuffer <KERB_S4U_LOGON>(user_bytes.Length + realm_bytes.Length, true)) {
                KERB_S4U_LOGON logon_struct = new KERB_S4U_LOGON {
                    MessageType = KERB_LOGON_SUBMIT_TYPE.KerbS4ULogon
                };
                SafeHGlobalBuffer data_buffer = buffer.Data;

                logon_struct.ClientUpn.Buffer = data_buffer.DangerousGetHandle();
                data_buffer.WriteArray(0, user_bytes, 0, user_bytes.Length);
                logon_struct.ClientUpn.Length        = (ushort)user_bytes.Length;
                logon_struct.ClientUpn.MaximumLength = (ushort)user_bytes.Length;

                logon_struct.ClientRealm.Buffer = data_buffer.DangerousGetHandle() + user_bytes.Length;
                data_buffer.WriteArray((ulong)user_bytes.Length, realm_bytes, 0, realm_bytes.Length);
                logon_struct.ClientRealm.Length        = (ushort)realm_bytes.Length;
                logon_struct.ClientRealm.MaximumLength = (ushort)realm_bytes.Length;
                buffer.Result = logon_struct;

                return(LsaLogonUser(type, auth_package, "S4U", buffer, null, throw_on_error));
            }
        }
 /// <summary>
 /// Logon a user with a username and password.
 /// </summary>
 /// <param name="user">The username.</param>
 /// <param name="domain">The user's domain.</param>
 /// <param name="password">The user's password.</param>
 /// <param name="type">The type of logon token.</param>
 /// <returns>The logged on token.</returns>
 public static NtToken Logon(string user, string domain, string password, SecurityLogonType type)
 {
     if (!Win32NativeMethods.LogonUser(user, domain, password, type, 0, out SafeKernelObjectHandle handle))
     {
         throw new SafeWin32Exception();
     }
     return(NtToken.FromHandle(handle));
 }
        /// <summary>
        /// Logon user using Kerberos Ticket.
        /// </summary>
        /// <param name="type">The type of logon token.</param>
        /// <param name="service_ticket">The service ticket.</param>
        /// <param name="tgt_ticket">Optional TGT.</param>
        /// <param name="throw_on_error">True to throw on error.</param>
        /// <returns>The logged on token.</returns>
        public static NtResult <NtToken> LsaLogonTicket(SecurityLogonType type, KerberosTicket service_ticket, KerberosCredential tgt_ticket, bool throw_on_error)
        {
            if (service_ticket is null)
            {
                throw new ArgumentNullException(nameof(service_ticket));
            }

            return(LsaLogonTicket(type, service_ticket.TicketData, tgt_ticket?.ToArray(), throw_on_error));
        }
Ejemplo n.º 8
0
        public TokenHandle LogonUser(
            string originName,
            SecurityLogonType logonType,
            IAuthenticationPackage package,
            TokenSource source,
            out object profileData,
            out Luid logonId,
            out NtStatus subStatus
            )
        {
            NtStatus    status;
            AnsiString  originNameStr;
            IntPtr      profileBuffer;
            int         profileBufferLength;
            IntPtr      token;
            QuotaLimits quotas;

            originNameStr = new AnsiString(originName);

            try
            {
                using (var logonData = package.GetAuthData())
                {
                    if ((status = Win32.LsaLogonUser(
                             this,
                             ref originNameStr,
                             logonType,
                             this.LookupAuthenticationPackage(package.PackageName),
                             logonData,
                             logonData.Size,
                             IntPtr.Zero,
                             ref source,
                             out profileBuffer,
                             out profileBufferLength,
                             out logonId,
                             out token,
                             out quotas,
                             out subStatus
                             )) >= NtStatus.Error)
                    {
                        Win32.Throw(status);
                    }

                    using (var profileBufferAlloc = new LsaMemoryAlloc(profileBuffer, true))
                        profileData = package.GetProfileData(new MemoryRegion(profileBuffer, 0, profileBufferLength));

                    return(new TokenHandle(token, true));
                }
            }
            finally
            {
                originNameStr.Dispose();
            }
        }
Ejemplo n.º 9
0
 internal static extern bool LogonUserExExW(
     string lpszUsername,
     string lpszDomain,
     SecureStringMarshalBuffer lpszPassword,
     SecurityLogonType dwLogonType,
     Logon32Provider dwLogonProvider,
     SafeTokenGroupsBuffer pTokenGroups,
     out SafeKernelObjectHandle phToken,
     [Out] OptionalPointer ppLogonSid,
     [Out] OptionalPointer ppProfileBuffer,
     [Out] OptionalPointer pdwProfileLength,
     [Out] QUOTA_LIMITS pQuotaLimits
     );
Ejemplo n.º 10
0
        public static NtToken LogonS4U(string user, string realm, SecurityLogonType type)
        {
            SafeLsaHandle hlsa    = null;
            LsaString     pkgName = new LsaString("Negotiate");

            LsaConnectUntrusted(out hlsa).ToNtException();
            using (hlsa)
            {
                uint authnPkg;
                LsaLookupAuthenticationPackage(hlsa, pkgName, out authnPkg).ToNtException();
                byte[] user_bytes  = Encoding.Unicode.GetBytes(user);
                byte[] realm_bytes = Encoding.Unicode.GetBytes(realm);

                using (var buffer = new SafeStructureInOutBuffer <KERB_S4U_LOGON>(user_bytes.Length + realm_bytes.Length, true))
                {
                    KERB_S4U_LOGON logon_struct = new KERB_S4U_LOGON();
                    logon_struct.MessageType = KERB_LOGON_SUBMIT_TYPE.KerbS4ULogon;
                    SafeHGlobalBuffer data_buffer = buffer.Data;

                    logon_struct.ClientUpn.Buffer = data_buffer.DangerousGetHandle();
                    data_buffer.WriteArray(0, user_bytes, 0, user_bytes.Length);
                    logon_struct.ClientUpn.Length        = (ushort)user_bytes.Length;
                    logon_struct.ClientUpn.MaximumLength = (ushort)user_bytes.Length;

                    logon_struct.ClientRealm.Buffer = data_buffer.DangerousGetHandle() + user_bytes.Length;
                    data_buffer.WriteArray((ulong)user_bytes.Length, realm_bytes, 0, realm_bytes.Length);
                    logon_struct.ClientRealm.Length        = (ushort)realm_bytes.Length;
                    logon_struct.ClientRealm.MaximumLength = (ushort)realm_bytes.Length;

                    Marshal.StructureToPtr(logon_struct, buffer.DangerousGetHandle(), false);

                    TOKEN_SOURCE tokenSource = new TOKEN_SOURCE("NtLmSsp");
                    AllocateLocallyUniqueId(out tokenSource.SourceIdentifier);

                    LsaString              originName = new LsaString("S4U");
                    IntPtr                 profile;
                    int                    cbProfile;
                    Luid                   logon_id;
                    NtStatus               subStatus;
                    QUOTA_LIMITS           quota_limits;
                    SafeKernelObjectHandle token_handle;

                    LsaLogonUser(hlsa, originName, type, authnPkg,
                                 buffer, buffer.Length, IntPtr.Zero,
                                 tokenSource, out profile, out cbProfile, out logon_id, out token_handle,
                                 out quota_limits, out subStatus).ToNtException();
                    LsaFreeReturnBuffer(profile);
                    return(NtToken.FromHandle(token_handle));
                }
            }
        }
        public static NtToken GetLogonS4UToken(string user, string realm, SecurityLogonType logon_type)
        {
            switch (logon_type)
            {
                case SecurityLogonType.Batch:
                case SecurityLogonType.Interactive:
                case SecurityLogonType.Network:
                    break;
                default:
                    throw new ArgumentException("Invalid logon type for S4U");
            }

            return LogonUtils.LogonS4U(user, realm, logon_type);
        }
        /// <summary>
        /// Logon a user using S4U
        /// </summary>
        /// <param name="user">The username.</param>
        /// <param name="realm">The user's realm.</param>
        /// <param name="logon_type"></param>
        /// <returns>The logged on token.</returns>
        public static NtToken GetLogonS4UToken(string user, string realm, SecurityLogonType logon_type)
        {
            switch (logon_type)
            {
            case SecurityLogonType.Batch:
            case SecurityLogonType.Interactive:
            case SecurityLogonType.Network:
                break;

            default:
                throw new ArgumentException("Invalid logon type for S4U");
            }

            return(LogonUtils.LogonS4U(user, realm, logon_type));
        }
Ejemplo n.º 13
0
 public static extern WinStatusCodes LsaLogonUser(
     [In] IntPtr LsaHandle,
     [In] ref LSA_STRING OriginName,
     [In] SecurityLogonType LogonType,
     [In] UInt32 AuthenticationPackage,
     [In] IntPtr AuthenticationInformation,
     [In] UInt32 AuthenticationInformationLength,
     [In] /*PTOKEN_GROUPS*/ IntPtr LocalGroups,
     [In] ref TOKEN_SOURCE SourceContext,
     [Out] /*PVOID*/ out IntPtr ProfileBuffer,
     [Out] out UInt32 ProfileBufferLength,
     [Out] out Int64 LogonId,
     [Out] out IntPtr Token,
     [Out] out QUOTA_LIMITS Quotas,
     [Out] out WinStatusCodes SubStatus
     );
 internal static extern int LsaLogonUser(
     [In] SafeLsaLogonProcessHandle LsaHandle,
     [In] ref UNICODE_INTPTR_STRING OriginName,
     [In] SecurityLogonType LogonType,
     [In] uint AuthenticationPackage,
     [In] IntPtr AuthenticationInformation,
     [In] uint AuthenticationInformationLength,
     [In] IntPtr LocalGroups,
     [In] ref TOKEN_SOURCE SourceContext,
     [Out] out SafeLsaReturnBufferHandle ProfileBuffer,
     [Out] out uint ProfileBufferLength,
     [Out] out LUID LogonId,
     [Out] out SafeCloseHandle Token,
     [Out] out QUOTA_LIMITS Quotas,
     [Out] out int SubStatus
     );
Ejemplo n.º 15
0
        public TokenHandle LogonUser(string originName, SecurityLogonType logonType, IAuthenticationPackage package)
        {
            object   profileData;
            Luid     logonId;
            NtStatus subStatus;

            return(this.LogonUser(
                       originName,
                       logonType,
                       package,
                       TokenHandle.PhTokenSource,
                       out profileData,
                       out logonId,
                       out subStatus
                       ));
        }
Ejemplo n.º 16
0
 internal static extern NtStatus LsaLogonUser(
     SafeLsaLogonHandle LsaHandle,
     LsaString OriginName,
     SecurityLogonType LogonType,
     uint AuthenticationPackage,
     SafeBuffer AuthenticationInformation,
     int AuthenticationInformationLength,
     SafeTokenGroupsBuffer LocalGroups,
     TOKEN_SOURCE SourceContext,
     out SafeLsaReturnBufferHandle ProfileBuffer,
     out int ProfileBufferLength,
     out Luid LogonId,
     out SafeKernelObjectHandle Token,
     QUOTA_LIMITS Quotas,
     out NtStatus SubStatus
     );
Ejemplo n.º 17
0
 public static extern NtStatus LsaLogonUser(
     [In] IntPtr LsaHandle,
     [In] ref AnsiString OriginName,
     [In] SecurityLogonType LogonType,
     [In] int AuthenticationPackage,
     [In] IntPtr AuthenticationInformation,
     [In] int AuthenticationInformationLength,
     [In][Optional] IntPtr LocalGroups,  // TokenGroups*
     [In] ref TokenSource SourceContext,
     [Out] out IntPtr ProfileBuffer,
     [Out] out int ProfileBufferLength,
     [Out] out Luid LogonId,
     [Out] out IntPtr Token,
     [Out] out QuotaLimits Quotas,
     [Out] out NtStatus SubStatus
     );
Ejemplo n.º 18
0
        public TokenHandle LogonUser(string originName, SecurityLogonType logonType, IAuthenticationPackage package)
        {
            object profileData;
            Luid logonId;
            NtStatus subStatus;

            return this.LogonUser(
                originName,
                logonType,
                package,
                TokenHandle.PhTokenSource,
                out profileData,
                out logonId,
                out subStatus
                );
        }
Ejemplo n.º 19
0
        private void btnTestS4U_Click(object sender, EventArgs e)
        {
            try
            {
                SecurityLogonType logon_type = (SecurityLogonType)comboBoxS4ULogonType.SelectedItem;

                if (radioLUNormal.Checked)
                {
                    SecureString str = new SecureString();
                    foreach (var ch in txtLUPassword.Text)
                    {
                        str.AppendChar(ch);
                    }

                    switch (logon_type)
                    {
                    case SecurityLogonType.Batch:
                    case SecurityLogonType.Interactive:
                    case SecurityLogonType.Network:
                    case SecurityLogonType.NetworkCleartext:
                    case SecurityLogonType.NewCredentials:
                    case SecurityLogonType.Service:
                        break;

                    default:
                        throw new ArgumentException("Invalid logon type for Logon");
                    }


                    using (NtToken token = Win32Security.LsaLogonUser(txtS4UUserName.Text, txtS4URealm.Text, str, logon_type, Logon32Provider.Default))
                    {
                        TokenForm.OpenForm(token, "LogonUser", true);
                    }
                }
                else
                {
                    using (NtToken token = TokenUtils.GetLogonS4UToken(txtS4UUserName.Text, txtS4URealm.Text, logon_type))
                    {
                        TokenForm.OpenForm(token, "S4U", true);
                    }
                }
            }
            catch (Exception ex)
            {
                MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
            }
        }
        public static NtToken GetLogonUserToken(string username, string domain, string password, SecurityLogonType logon_type)
        {
            switch (logon_type)
            {
                case SecurityLogonType.Batch:
                case SecurityLogonType.Interactive:
                case SecurityLogonType.Network:
                case SecurityLogonType.NetworkCleartext:
                case SecurityLogonType.NewCredentials:
                case SecurityLogonType.Service:
                    break;
                default:
                    throw new ArgumentException("Invalid logon type for Logon");
            }

            return HandleUtils.LogonUtils.Logon(username, domain, password, logon_type);
        }
        private NtToken GetLogonToken(TokenAccessRights desired_access, string user,
                                      string domain, SecureString password, SecurityLogonType logon_type)
        {
            IEnumerable <UserGroup> groups = null;

            if (AdditionalGroup != null && AdditionalGroup.Length > 0)
            {
                groups = AdditionalGroup.Select(s => new UserGroup(s,
                                                                   GetAttributes(s)));
            }
            using (NtToken token = Win32Security.LsaLogonUser(user, domain, password, logon_type, LogonProvider, groups))
            {
                if (desired_access == TokenAccessRights.MaximumAllowed)
                {
                    return(token.Duplicate());
                }
                return(token.Duplicate(desired_access));
            }
        }
Ejemplo n.º 22
0
        private NtToken GetLogonToken(TokenAccessRights desired_access, string user,
                                      string domain, string password, SecurityLogonType logon_type)
        {
            IEnumerable <UserGroup> groups = null;

            if (AdditionalGroups != null && AdditionalGroups.Length > 0)
            {
                groups = AdditionalGroups.Select(s => new UserGroup(s,
                                                                    GroupAttributes.Enabled | GroupAttributes.EnabledByDefault | GroupAttributes.Mandatory));
            }
            using (NtToken token = TokenUtils.GetLogonUserToken(user, domain, password, logon_type, groups))
            {
                if (desired_access == TokenAccessRights.MaximumAllowed)
                {
                    return(token.Duplicate());
                }
                return(token.Duplicate(desired_access));
            }
        }
        /// <summary>
        /// Logon a user with a username and password.
        /// </summary>
        /// <param name="user">The username.</param>
        /// <param name="domain">The user's domain.</param>
        /// <param name="password">The user's password.</param>
        /// <param name="type">The type of logon token.</param>
        /// <param name="groups">Additional groups to add. Needs SeTcbPrivilege.</param>
        /// <returns>The logged on token.</returns>
        public static NtToken Logon(string user, string domain, string password, SecurityLogonType type, IEnumerable <UserGroup> groups)
        {
            TokenGroupsBuilder builder = new TokenGroupsBuilder();

            foreach (var group in groups)
            {
                builder.AddGroup(group.Sid, group.Attributes);
            }

            using (var group_buffer = builder.ToBuffer())
            {
                if (!Win32NativeMethods.LogonUserExExW(user, domain, password, type, 0, group_buffer,
                                                       out SafeKernelObjectHandle token, null, null, null, null))
                {
                    throw new SafeWin32Exception();
                }
                return(new NtToken(token));
            }
        }
 public static NtToken LogonS4U(string user, string realm, SecurityLogonType type)
 {
     return(LsaLogonS4U(user, realm, type));
 }
 /// <summary>
 /// Logon user using S4U
 /// </summary>
 /// <param name="user">The username.</param>
 /// <param name="realm">The user's realm.</param>
 /// <param name="type">The type of logon token.</param>
 /// <returns>The logged on token.</returns>
 public static NtToken LsaLogonS4U(string user, string realm, SecurityLogonType type)
 {
     return(LsaLogonS4U(user, realm, type, AuthenticationPackage.NEGOSSP_NAME));
 }
 /// <summary>
 /// Logon user using S4U
 /// </summary>
 /// <param name="user">The username.</param>
 /// <param name="realm">The user's realm.</param>
 /// <param name="type">The type of logon token.</param>
 /// <param name="auth_package">The name of the auth package to user.</param>
 /// <returns>The logged on token.</returns>
 public static NtToken LsaLogonS4U(string user, string realm, SecurityLogonType type, string auth_package)
 {
     return(LsaLogonS4U(user, realm, type, auth_package, true).Result);
 }
 public static NtToken Logon(string user, string domain, string password, SecurityLogonType type, IEnumerable <UserGroup> groups)
 {
     return(Logon(user, domain, password, type, Logon32Provider.Default, groups));
 }
 public static NtResult <NtToken> Logon(string user, string domain, string password, SecurityLogonType type, Logon32Provider provider,
                                        IEnumerable <UserGroup> groups, bool throw_on_error)
 {
     return(Win32Security.LsaLogonUser(user, domain, password.ToSecureString(), type, provider, groups, throw_on_error));
 }
 public static NtToken Logon(string user, string domain, string password, SecurityLogonType type, Logon32Provider provider, IEnumerable <UserGroup> groups)
 {
     return(Logon(user, domain, password, type, provider, groups, true).Result);
 }
 static extern NtStatus LsaLogonUser(SafeLsaHandle LsaHandle, LsaString OriginName, SecurityLogonType LogonType, uint AuthenticationPackage,
     SafeBuffer AuthenticationInformation,
     int AuthenticationInformationLength,
     IntPtr LocalGroups,
     TOKEN_SOURCE SourceContext,
     out IntPtr ProfileBuffer,
     out int ProfileBufferLength,
     out Luid LogonId,
     out SafeKernelObjectHandle Token,
     out QUOTA_LIMITS Quotas,
     out NtStatus SubStatus
 );
 public static NtToken Logon(string user, string domain, string password, SecurityLogonType type)
 {
     SafeKernelObjectHandle handle;
     if (!LogonUser(user, domain, password, type, 0, out handle))
     {
         throw new SafeWin32Exception();
     }
     return NtToken.FromHandle(handle);
 }
Ejemplo n.º 32
0
 internal static extern bool LogonUser(string lpszUsername, string lpszDomain, SecureStringMarshalBuffer lpszPassword, SecurityLogonType dwLogonType,
                                       Logon32Provider dwLogonProvider, out SafeKernelObjectHandle phToken);
Ejemplo n.º 33
0
 static extern bool LogonUser(string lpszUsername, string lpszDomain, string lpszPassword, SecurityLogonType dwLogonType,
                              int dwLogonProvider, out SafeKernelObjectHandle phToken);
        public static NtToken LogonS4U(string user, string realm, SecurityLogonType type)
        {
            SafeLsaHandle hlsa = null;
            LsaString pkgName = new LsaString("Negotiate");

            LsaConnectUntrusted(out hlsa).ToNtException();
            using (hlsa)
            {
                uint authnPkg;
                LsaLookupAuthenticationPackage(hlsa, pkgName, out authnPkg).ToNtException();
                byte[] user_bytes = Encoding.Unicode.GetBytes(user);
                byte[] realm_bytes = Encoding.Unicode.GetBytes(realm);

                using (var buffer = new SafeStructureInOutBuffer<KERB_S4U_LOGON>(user_bytes.Length + realm_bytes.Length, true))
                {
                    KERB_S4U_LOGON logon_struct = new KERB_S4U_LOGON();
                    logon_struct.MessageType = KERB_LOGON_SUBMIT_TYPE.KerbS4ULogon;
                    SafeHGlobalBuffer data_buffer = buffer.Data;

                    logon_struct.ClientUpn.Buffer = data_buffer.DangerousGetHandle();
                    data_buffer.WriteArray(0, user_bytes, 0, user_bytes.Length);
                    logon_struct.ClientUpn.Length = (ushort)user_bytes.Length;
                    logon_struct.ClientUpn.MaximumLength = (ushort)user_bytes.Length;

                    logon_struct.ClientRealm.Buffer = data_buffer.DangerousGetHandle() + user_bytes.Length;
                    data_buffer.WriteArray((ulong)user_bytes.Length, realm_bytes, 0, realm_bytes.Length);
                    logon_struct.ClientRealm.Length = (ushort)realm_bytes.Length;
                    logon_struct.ClientRealm.MaximumLength = (ushort)realm_bytes.Length;

                    Marshal.StructureToPtr(logon_struct, buffer.DangerousGetHandle(), false);

                    TOKEN_SOURCE tokenSource = new TOKEN_SOURCE("NtLmSsp");
                    AllocateLocallyUniqueId(out tokenSource.SourceIdentifier);

                    LsaString originName = new LsaString("S4U");
                    IntPtr profile;
                    int cbProfile;
                    Luid logon_id;
                    NtStatus subStatus;
                    QUOTA_LIMITS quota_limits;
                    SafeKernelObjectHandle token_handle;

                    LsaLogonUser(hlsa, originName, type, authnPkg,
                        buffer, buffer.Length, IntPtr.Zero,
                        tokenSource, out profile, out cbProfile, out logon_id, out token_handle,
                        out quota_limits, out subStatus).ToNtException();
                    LsaFreeReturnBuffer(profile);
                    return NtToken.FromHandle(token_handle);
                }
            }
        }
Ejemplo n.º 35
0
        public TokenHandle LogonUser(
            string originName,
            SecurityLogonType logonType,
            IAuthenticationPackage package,
            TokenSource source,
            out object profileData,
            out Luid logonId,
            out NtStatus subStatus
            )
        {
            IntPtr profileBuffer;
            int profileBufferLength;
            IntPtr token;
            QuotaLimits quotas;

            AnsiString originNameStr = new AnsiString(originName);

            try
            {
                using (MemoryRegion logonData = package.GetAuthData())
                {
                    Win32.LsaLogonUser(
                        this,
                        ref originNameStr,
                        logonType,
                        this.LookupAuthenticationPackage(package.PackageName),
                        logonData,
                        logonData.Size,
                        IntPtr.Zero,
                        ref source,
                        out profileBuffer,
                        out profileBufferLength,
                        out logonId,
                        out token,
                        out quotas,
                        out subStatus
                        ).ThrowIf();

                    using (new LsaMemoryAlloc(profileBuffer, true))
                    {
                        profileData = package.GetProfileData(new MemoryRegion(profileBuffer, 0, profileBufferLength));
                    }

                    return new TokenHandle(token, true);
                }
            }
            finally
            {
                originNameStr.Dispose();
            }
        }
 static extern bool LogonUser(string lpszUsername, string lpszDomain, string lpszPassword, SecurityLogonType dwLogonType,
     int dwLogonProvider, out SafeKernelObjectHandle phToken);
 /// <summary>
 /// Logon user using Kerberos Ticket.
 /// </summary>
 /// <param name="type">The type of logon token.</param>
 /// <param name="service_ticket">The service ticket.</param>
 /// <param name="tgt_ticket">Optional TGT.</param>
 /// <returns>The logged on token.</returns>
 public static NtToken LsaLogonTicket(SecurityLogonType type, byte[] service_ticket, byte[] tgt_ticket)
 {
     return(LsaLogonTicket(type, service_ticket, tgt_ticket, true).Result);
 }
 /// <summary>
 /// Logon user using Kerberos Ticket.
 /// </summary>
 /// <param name="type">The type of logon token.</param>
 /// <param name="service_ticket">The service ticket.</param>
 /// <param name="tgt_ticket">Optional TGT.</param>
 /// <returns>The logged on token.</returns>
 public static NtToken LsaLogonTicket(SecurityLogonType type, KerberosTicket service_ticket, KerberosCredential tgt_ticket)
 {
     return(LsaLogonTicket(type, service_ticket, tgt_ticket, true).Result);
 }
Ejemplo n.º 39
0
 public TokenHandle LogonUser(SecurityLogonType logonType, IAuthenticationPackage package)
 {
     return this.LogonUser("PH.N", logonType, package);
 }