internal static extern NtStatus LsaLogonUser( SafeLsaLogonHandle LsaHandle, LsaString OriginName, SecurityLogonType LogonType, uint AuthenticationPackage, SafeBuffer AuthenticationInformation, int AuthenticationInformationLength, SafeTokenGroupsBuffer LocalGroups, TOKEN_SOURCE SourceContext, out SafeLsaReturnBufferHandle ProfileBuffer, out int ProfileBufferLength, out Luid LogonId, out SafeKernelObjectHandle Token, QUOTA_LIMITS Quotas, out NtStatus SubStatus );
private static NtResult <KerberosTicketCacheInfo[]> QueryTicketCacheList(SafeLsaLogonHandle handle, Luid logon_id, bool throw_on_error) { var package = handle.LookupAuthPackage(AuthenticationPackage.KERBEROS_NAME, throw_on_error); if (!package.IsSuccess) { return(package.Cast <KerberosTicketCacheInfo[]>()); } var request_struct = new KERB_QUERY_TKT_CACHE_REQUEST() { LogonId = logon_id, MessageType = KERB_PROTOCOL_MESSAGE_TYPE.KerbQueryTicketCacheMessage }; using (var request = request_struct.ToBuffer()) { using (var result = handle.CallPackage(package.Result, request, throw_on_error)) { if (!result.IsSuccess) { return(result.Cast <KerberosTicketCacheInfo[]>()); } if (!result.Result.Status.IsSuccess()) { return(result.Result.Status.CreateResultFromError <KerberosTicketCacheInfo[]>(throw_on_error)); } var response = result.Result.Buffer.Read <KERB_QUERY_TKT_CACHE_RESPONSE_HEADER>(0); if (response.CountOfTickets == 0) { return(new KerberosTicketCacheInfo[0].CreateResult()); } var buffer = BufferUtils.GetStructAtOffset <KERB_QUERY_TKT_CACHE_RESPONSE>(result.Result.Buffer, 0); KERB_TICKET_CACHE_INFO[] infos = new KERB_TICKET_CACHE_INFO[response.CountOfTickets]; buffer.Data.ReadArray(0, infos, 0, response.CountOfTickets); return(infos.Select(i => new KerberosTicketCacheInfo(i)).ToArray().CreateResult()); } } }
private static NtResult <SafeLsaReturnBufferHandle> QueryCachedTicket(SafeLsaLogonHandle handle, uint auth_package, string target_name, KERB_RETRIEVE_TICKET_FLAGS flags, Luid logon_id, SecHandle sec_handle, bool throw_on_error) { int string_length = (target_name.Length) * 2; int max_string_length = string_length + 2; using (var request = new SafeStructureInOutBuffer <KERB_RETRIEVE_TKT_REQUEST>(max_string_length, true)) { request.Data.WriteUnicodeString(target_name + '\0'); var request_str = new KERB_RETRIEVE_TKT_REQUEST() { CacheOptions = flags, CredentialsHandle = sec_handle, LogonId = logon_id, MessageType = KERB_PROTOCOL_MESSAGE_TYPE.KerbRetrieveEncodedTicketMessage, TargetName = new UnicodeStringOut() { Length = (ushort)string_length, MaximumLength = (ushort)max_string_length, Buffer = request.Data.DangerousGetHandle() } }; request.Result = request_str; using (var result = handle.CallPackage(auth_package, request, throw_on_error)) { if (!result.IsSuccess) { return(result.Cast <SafeLsaReturnBufferHandle>()); } if (!result.Result.Status.IsSuccess()) { return(result.Result.Status.CreateResultFromError <SafeLsaReturnBufferHandle>(throw_on_error)); } return(result.Result.Buffer.Detach().CreateResult()); } } }
private static NtResult <NtToken> LsaLogonUser(SecurityLogonType type, string auth_package, string origin_name, SafeBuffer buffer, IEnumerable <UserGroup> local_groups, bool throw_on_error) { using (var list = new DisposableList()) { var hlsa = list.AddResource(SafeLsaLogonHandle.Connect(throw_on_error)); if (!hlsa.IsSuccess) { return(hlsa.Cast <NtToken>()); } var auth_pkg = hlsa.Result.LookupAuthPackage(auth_package, throw_on_error); if (!auth_pkg.IsSuccess) { return(auth_pkg.Cast <NtToken>()); } var groups = local_groups == null ? SafeTokenGroupsBuffer.Null : list.AddResource(SafeTokenGroupsBuffer.Create(local_groups)); TOKEN_SOURCE tokenSource = new TOKEN_SOURCE("NT.NET"); SecurityNativeMethods.AllocateLocallyUniqueId(out tokenSource.SourceIdentifier); QUOTA_LIMITS quota_limits = new QUOTA_LIMITS(); return(SecurityNativeMethods.LsaLogonUser(hlsa.Result, new LsaString(origin_name), type, auth_pkg.Result, buffer, buffer.GetLength(), groups, tokenSource, out SafeLsaReturnBufferHandle profile, out int cbProfile, out Luid logon_id, out SafeKernelObjectHandle token_handle, quota_limits, out NtStatus subStatus).CreateResult(throw_on_error, () => { using (profile) { return NtToken.FromHandle(token_handle); } })); } }
private static NtResult <KerberosExternalTicket> QueryCachedTicket(SafeLsaLogonHandle handle, string target_name, KERB_RETRIEVE_TICKET_FLAGS flags, Luid logon_id, SecHandle sec_handle, bool throw_on_error) { var package = handle.LookupAuthPackage(AuthenticationPackage.KERBEROS_NAME, throw_on_error); if (!package.IsSuccess) { return(package.Cast <KerberosExternalTicket>()); } using (var buffer = QueryCachedTicket(handle, package.Result, target_name, flags, logon_id, sec_handle, throw_on_error)) { if (!buffer.IsSuccess) { return(buffer.Cast <KerberosExternalTicket>()); } KERB_EXTERNAL_TICKET ticket = buffer.Result.Read <KERB_EXTERNAL_TICKET>(0); if (!KerberosExternalTicket.TryParse(ticket, out KerberosExternalTicket ret)) { return(NtStatus.STATUS_INVALID_PARAMETER.CreateResultFromError <KerberosExternalTicket>(throw_on_error)); } return(ret.CreateResult()); } }
internal static extern NtStatus LsaLookupAuthenticationPackage(SafeLsaLogonHandle LsaHandle, LsaString PackageName, out uint AuthenticationPackage);
internal static extern NtStatus LsaRegisterLogonProcess( LsaString LogonProcessName, out SafeLsaLogonHandle LsaHandle, out uint SecurityMode // PLSA_OPERATIONAL_MODE );
internal static extern NtStatus LsaConnectUntrusted(out SafeLsaLogonHandle handle);
/// <summary> /// Connect to LSA and register as a logon process. /// </summary> /// <param name="process_name">The arbitrary name of the process.</param> /// <param name="throw_on_error">True to throw on error.</param> /// <returns>The LSA logon handle.</returns> public static NtResult <LsaLogonHandle> RegisterLogonProcess(string process_name, bool throw_on_error) { return(SafeLsaLogonHandle.RegisterLogonProcess(process_name, throw_on_error).Map(h => new LsaLogonHandle(h))); }
/// <summary> /// Connect to the LSA untrusted. /// </summary> /// <param name="throw_on_error">True to throw on error.</param> /// <returns>The LSA logon handle.</returns> public static NtResult <LsaLogonHandle> ConnectUntrusted(bool throw_on_error) { return(SafeLsaLogonHandle.ConnectUntrusted(throw_on_error).Map(h => new LsaLogonHandle(h))); }
private LsaLogonHandle(SafeLsaLogonHandle handle) { _handle = handle; }