internal static extern bool LogonUserExExW(
string lpszUsername,
string lpszDomain,
string lpszPassword,
SecurityLogonType dwLogonType,
int dwLogonProvider,
SafeTokenGroupsBuffer pTokenGroups,
out SafeKernelObjectHandle phToken,
[Out] OptionalPointer ppLogonSid,
[Out] OptionalPointer ppProfileBuffer,
[Out] OptionalPointer pdwProfileLength,
[Out] QUOTA_LIMITS pQuotaLimits
);
/// <summary>
/// Set AppContainer Information to Context.
/// </summary>
/// <param name="package_sid">The package SID.</param>
/// <param name="capabilities">List of capabilities.</param>
/// <param name="throw_on_error">True to throw on error</param>
/// <returns>The NT status code.</returns>
public NtStatus SetAppContainer(Sid package_sid, IEnumerable <UserGroup> capabilities, bool throw_on_error)
{
using (var list = new DisposableList()) {
var sid_buffer = list.AddResource(package_sid.ToSafeBuffer());
var cap_sids = capabilities?.ToArray() ?? new UserGroup[0];
SafeTokenGroupsBuffer cap_buffer = list.AddResource(SafeTokenGroupsBuffer.Create(cap_sids));
SafeBuffer buffer = cap_sids.Length > 0 ? cap_buffer.Data : SafeHGlobalBuffer.Null;
if (!SecurityNativeMethods.AuthzSetAppContainerInformation(_handle,
sid_buffer, cap_sids.Length, buffer))
{
return(NtObjectUtils.MapDosErrorToStatus().ToNtException(throw_on_error));
}
return(NtStatus.STATUS_SUCCESS);
}
}
internal static extern NtStatus LsaLogonUser(
SafeLsaLogonHandle LsaHandle,
LsaString OriginName,
SecurityLogonType LogonType,
uint AuthenticationPackage,
SafeBuffer AuthenticationInformation,
int AuthenticationInformationLength,
SafeTokenGroupsBuffer LocalGroups,
TOKEN_SOURCE SourceContext,
out SafeLsaReturnBufferHandle ProfileBuffer,
out int ProfileBufferLength,
out Luid LogonId,
out SafeKernelObjectHandle Token,
QUOTA_LIMITS Quotas,
out NtStatus SubStatus
);
private static NtResult <NtToken> LsaLogonUser(SecurityLogonType type, string auth_package, string origin_name,
SafeBuffer buffer, IEnumerable <UserGroup> local_groups, bool throw_on_error)
{
using (var list = new DisposableList())
{
var hlsa = list.AddResource(SafeLsaLogonHandle.Connect(throw_on_error));
if (!hlsa.IsSuccess)
{
return(hlsa.Cast <NtToken>());
}
var auth_pkg = hlsa.Result.LookupAuthPackage(auth_package, throw_on_error);
if (!auth_pkg.IsSuccess)
{
return(auth_pkg.Cast <NtToken>());
}
var groups = local_groups == null ? SafeTokenGroupsBuffer.Null
: list.AddResource(SafeTokenGroupsBuffer.Create(local_groups));
TOKEN_SOURCE tokenSource = new TOKEN_SOURCE("NT.NET");
SecurityNativeMethods.AllocateLocallyUniqueId(out tokenSource.SourceIdentifier);
QUOTA_LIMITS quota_limits = new QUOTA_LIMITS();
return(SecurityNativeMethods.LsaLogonUser(hlsa.Result, new LsaString(origin_name),
type, auth_pkg.Result, buffer, buffer.GetLength(), groups,
tokenSource, out SafeLsaReturnBufferHandle profile,
out int cbProfile, out Luid logon_id, out SafeKernelObjectHandle token_handle,
quota_limits, out NtStatus subStatus).CreateResult(throw_on_error, () =>
{
using (profile)
{
return NtToken.FromHandle(token_handle);
}
}));
}
}
internal static extern bool AuthzModifySids(
SafeAuthZClientContextHandle hAuthzClientContext,
AUTHZ_CONTEXT_INFORMATION_CLASS SidClass,
AuthZSidOperation[] pSidOperations,
SafeTokenGroupsBuffer pSids
);
