private void PurgeAllTickets(
IntPtr lsaHandle,
UInt32 kerberosPackageId)
{
IntPtr purgeCacheRequestPtr = IntPtr.Zero;
IntPtr purgeCacheResponsePtr = IntPtr.Zero;
try
{
using (var empty = new OSCalls.UNICODE_STRING(""))
{
var purgeCacheRequest = new OSCalls.KERB_PURGE_TKT_CACHE_REQUEST
{
MessageType = OSCalls.KERB_PROTOCOL_MESSAGE_TYPE.KerbPurgeTicketCacheMessage,
LogonId = new OSCalls.LUID(),
ServerName = empty,
RealmName = empty,
};
var purgeCacheRequestSize = Marshal.SizeOf(purgeCacheRequest);
purgeCacheRequestPtr = Marshal.AllocHGlobal(purgeCacheRequestSize);
Marshal.StructureToPtr(purgeCacheRequest, purgeCacheRequestPtr, false);
OSCalls.NtStatus ntSubStatus;
ulong purgeCacheResponseSize;
var ntStatus = OSCalls.LsaCallAuthenticationPackage(
lsaHandle,
kerberosPackageId,
purgeCacheRequestPtr,
purgeCacheRequestSize,
out purgeCacheResponsePtr,
out purgeCacheResponseSize,
out ntSubStatus);
if (ntStatus != OSCalls.NtStatus.Success || ntSubStatus != OSCalls.NtStatus.Success)
{
throw new Win32Exception(
string.Format(
"PurgeAllTickets->LsaCallAuthenticationPackage failed, ntStatus={0}, ntSubStatus={1}",
ntStatus, ntSubStatus));
}
}
}
finally
{
if (purgeCacheRequestPtr != IntPtr.Zero)
{
Marshal.FreeHGlobal(purgeCacheRequestPtr);
}
if (purgeCacheResponsePtr != IntPtr.Zero)
{
OSCalls.LsaFreeReturnBuffer(purgeCacheResponsePtr);
}
}
}
private void Dispose(bool disposing)
{
lock (this)
{
if (!m_hToken.Equals(IntPtr.Zero))
{
OSCalls.CloseHandle(m_hToken);
m_hToken = IntPtr.Zero;
}
if (disposing)
{
GC.SuppressFinalize(this);
}
}
}
public void PurgeAll()
{
IntPtr lsaHandle = IntPtr.Zero;
OSCalls.WinStatusCodes status = OSCalls.LsaConnectUntrusted(out lsaHandle);
if (status != OSCalls.WinStatusCodes.STATUS_SUCCESS)
{
throw new Win32Exception((int)OSCalls.LsaNtStatusToWinError(status));
}
IntPtr cacheRequestPtr = IntPtr.Zero;
try
{
using (var kerberosPackageName = new OSCalls.LsaStringWrapper("Kerberos"))
{
UInt32 kerberosPackageId;
status = OSCalls.LsaLookupAuthenticationPackage(lsaHandle,
ref kerberosPackageName._string, out kerberosPackageId);
if (status != OSCalls.WinStatusCodes.STATUS_SUCCESS)
{
throw new Win32Exception((int)OSCalls.LsaNtStatusToWinError(status));
}
PurgeAllTickets(lsaHandle, kerberosPackageId);
}
}
finally
{
if (cacheRequestPtr != IntPtr.Zero)
{
Marshal.FreeHGlobal(cacheRequestPtr);
}
if (lsaHandle != IntPtr.Zero)
{
OSCalls.LsaDeregisterLogonProcess(lsaHandle);
}
}
}
// using S4U logon
public HandleSecurityToken(string UserName,
string Domain,
OSCalls.WinLogonType LogonType
)
{
using (OSCalls.KerbS4ULogon authPackage = new OSCalls.KerbS4ULogon(UserName, Domain))
{
IntPtr lsaHandle;
OSCalls.WinStatusCodes status = OSCalls.LsaConnectUntrusted(out lsaHandle);
if (status != OSCalls.WinStatusCodes.STATUS_SUCCESS)
{
throw new System.ComponentModel.Win32Exception((int)OSCalls.LsaNtStatusToWinError(status));
}
try
{
UInt32 kerberosPackageId;
using (OSCalls.LsaStringWrapper kerberosPackageName = new OSCalls.LsaStringWrapper("Negotiate"))
{
status = OSCalls.LsaLookupAuthenticationPackage(lsaHandle, ref kerberosPackageName._string, out kerberosPackageId);
if (status != OSCalls.WinStatusCodes.STATUS_SUCCESS)
{
throw new System.ComponentModel.Win32Exception((int)OSCalls.LsaNtStatusToWinError(status));
}
}
OSCalls.LsaStringWrapper originName = null;
try
{
originName = new OSCalls.LsaStringWrapper("S4U");
OSCalls.TOKEN_SOURCE sourceContext = new OSCalls.TOKEN_SOURCE("NtLmSsp");
System.IntPtr profileBuffer = IntPtr.Zero;
UInt32 profileBufferLength = 0;
Int64 logonId;
OSCalls.WinStatusCodes subStatus;
OSCalls.QUOTA_LIMITS quotas;
status = OSCalls.LsaLogonUser(
lsaHandle,
ref originName._string,
(OSCalls.SecurityLogonType)LogonType,
kerberosPackageId,
authPackage.Ptr,
(uint)authPackage.Length,
IntPtr.Zero,
ref sourceContext,
out profileBuffer,
out profileBufferLength,
out logonId,
out m_hToken,
out quotas,
out subStatus);
if (status != OSCalls.WinStatusCodes.STATUS_SUCCESS)
{
throw new System.ComponentModel.Win32Exception((int)OSCalls.LsaNtStatusToWinError(status));
}
if (profileBuffer != IntPtr.Zero)
{
OSCalls.LsaFreeReturnBuffer(profileBuffer);
}
}
finally
{
if (originName != null)
{
originName.Dispose();
}
}
}
finally
{
OSCalls.LsaDeregisterLogonProcess(lsaHandle);
}
}
}
