Exemple #1
0
                private void PurgeAllTickets(
                    IntPtr lsaHandle,
                    UInt32 kerberosPackageId)
                {
                    IntPtr purgeCacheRequestPtr  = IntPtr.Zero;
                    IntPtr purgeCacheResponsePtr = IntPtr.Zero;

                    try
                    {
                        using (var empty = new OSCalls.UNICODE_STRING(""))
                        {
                            var purgeCacheRequest = new OSCalls.KERB_PURGE_TKT_CACHE_REQUEST
                            {
                                MessageType = OSCalls.KERB_PROTOCOL_MESSAGE_TYPE.KerbPurgeTicketCacheMessage,
                                LogonId     = new OSCalls.LUID(),

                                ServerName = empty,
                                RealmName  = empty,
                            };

                            var purgeCacheRequestSize = Marshal.SizeOf(purgeCacheRequest);
                            purgeCacheRequestPtr = Marshal.AllocHGlobal(purgeCacheRequestSize);
                            Marshal.StructureToPtr(purgeCacheRequest, purgeCacheRequestPtr, false);

                            OSCalls.NtStatus ntSubStatus;

                            ulong purgeCacheResponseSize;
                            var   ntStatus = OSCalls.LsaCallAuthenticationPackage(
                                lsaHandle,
                                kerberosPackageId,
                                purgeCacheRequestPtr,
                                purgeCacheRequestSize,
                                out purgeCacheResponsePtr,
                                out purgeCacheResponseSize,
                                out ntSubStatus);


                            if (ntStatus != OSCalls.NtStatus.Success || ntSubStatus != OSCalls.NtStatus.Success)
                            {
                                throw new Win32Exception(
                                          string.Format(
                                              "PurgeAllTickets->LsaCallAuthenticationPackage failed, ntStatus={0}, ntSubStatus={1}",
                                              ntStatus, ntSubStatus));
                            }
                        }
                    }
                    finally
                    {
                        if (purgeCacheRequestPtr != IntPtr.Zero)
                        {
                            Marshal.FreeHGlobal(purgeCacheRequestPtr);
                        }
                        if (purgeCacheResponsePtr != IntPtr.Zero)
                        {
                            OSCalls.LsaFreeReturnBuffer(purgeCacheResponsePtr);
                        }
                    }
                }
 private void Dispose(bool disposing)
 {
     lock (this)
     {
         if (!m_hToken.Equals(IntPtr.Zero))
         {
             OSCalls.CloseHandle(m_hToken);
             m_hToken = IntPtr.Zero;
         }
         if (disposing)
         {
             GC.SuppressFinalize(this);
         }
     }
 }
Exemple #3
0
                public void PurgeAll()
                {
                    IntPtr lsaHandle = IntPtr.Zero;

                    OSCalls.WinStatusCodes status = OSCalls.LsaConnectUntrusted(out lsaHandle);
                    if (status != OSCalls.WinStatusCodes.STATUS_SUCCESS)
                    {
                        throw new Win32Exception((int)OSCalls.LsaNtStatusToWinError(status));
                    }

                    IntPtr cacheRequestPtr = IntPtr.Zero;

                    try
                    {
                        using (var kerberosPackageName = new OSCalls.LsaStringWrapper("Kerberos"))
                        {
                            UInt32 kerberosPackageId;
                            status = OSCalls.LsaLookupAuthenticationPackage(lsaHandle,
                                                                            ref kerberosPackageName._string, out kerberosPackageId);
                            if (status != OSCalls.WinStatusCodes.STATUS_SUCCESS)
                            {
                                throw new Win32Exception((int)OSCalls.LsaNtStatusToWinError(status));
                            }

                            PurgeAllTickets(lsaHandle, kerberosPackageId);
                        }
                    }
                    finally
                    {
                        if (cacheRequestPtr != IntPtr.Zero)
                        {
                            Marshal.FreeHGlobal(cacheRequestPtr);
                        }

                        if (lsaHandle != IntPtr.Zero)
                        {
                            OSCalls.LsaDeregisterLogonProcess(lsaHandle);
                        }
                    }
                }
 // using S4U logon
 public HandleSecurityToken(string UserName,
                            string Domain,
                            OSCalls.WinLogonType LogonType
                            )
 {
     using (OSCalls.KerbS4ULogon authPackage = new OSCalls.KerbS4ULogon(UserName, Domain))
     {
         IntPtr lsaHandle;
         OSCalls.WinStatusCodes status = OSCalls.LsaConnectUntrusted(out lsaHandle);
         if (status != OSCalls.WinStatusCodes.STATUS_SUCCESS)
         {
             throw new System.ComponentModel.Win32Exception((int)OSCalls.LsaNtStatusToWinError(status));
         }
         try
         {
             UInt32 kerberosPackageId;
             using (OSCalls.LsaStringWrapper kerberosPackageName = new OSCalls.LsaStringWrapper("Negotiate"))
             {
                 status = OSCalls.LsaLookupAuthenticationPackage(lsaHandle, ref kerberosPackageName._string, out kerberosPackageId);
                 if (status != OSCalls.WinStatusCodes.STATUS_SUCCESS)
                 {
                     throw new System.ComponentModel.Win32Exception((int)OSCalls.LsaNtStatusToWinError(status));
                 }
             }
             OSCalls.LsaStringWrapper originName = null;
             try
             {
                 originName = new OSCalls.LsaStringWrapper("S4U");
                 OSCalls.TOKEN_SOURCE sourceContext = new OSCalls.TOKEN_SOURCE("NtLmSsp");
                 System.IntPtr        profileBuffer = IntPtr.Zero;
                 UInt32 profileBufferLength         = 0;
                 Int64  logonId;
                 OSCalls.WinStatusCodes subStatus;
                 OSCalls.QUOTA_LIMITS   quotas;
                 status = OSCalls.LsaLogonUser(
                     lsaHandle,
                     ref originName._string,
                     (OSCalls.SecurityLogonType)LogonType,
                     kerberosPackageId,
                     authPackage.Ptr,
                     (uint)authPackage.Length,
                     IntPtr.Zero,
                     ref sourceContext,
                     out profileBuffer,
                     out profileBufferLength,
                     out logonId,
                     out m_hToken,
                     out quotas,
                     out subStatus);
                 if (status != OSCalls.WinStatusCodes.STATUS_SUCCESS)
                 {
                     throw new System.ComponentModel.Win32Exception((int)OSCalls.LsaNtStatusToWinError(status));
                 }
                 if (profileBuffer != IntPtr.Zero)
                 {
                     OSCalls.LsaFreeReturnBuffer(profileBuffer);
                 }
             }
             finally
             {
                 if (originName != null)
                 {
                     originName.Dispose();
                 }
             }
         }
         finally
         {
             OSCalls.LsaDeregisterLogonProcess(lsaHandle);
         }
     }
 }