private void GetServiceToken(string name)
{
try
{
IEnumerable <UserGroup> groups = GetServiceSids();
TokenForm.OpenForm(Win32Security.LsaLogonUser(name, "NT AUTHORITY", null,
SecurityLogonType.Service, Logon32Provider.Default, groups), "Service", false);
}
catch (Exception ex)
{
MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
private void btnTestS4U_Click(object sender, EventArgs e)
{
try
{
SecurityLogonType logon_type = (SecurityLogonType)comboBoxS4ULogonType.SelectedItem;
if (radioLUNormal.Checked)
{
SecureString str = new SecureString();
foreach (var ch in txtLUPassword.Text)
{
str.AppendChar(ch);
}
switch (logon_type)
{
case SecurityLogonType.Batch:
case SecurityLogonType.Interactive:
case SecurityLogonType.Network:
case SecurityLogonType.NetworkCleartext:
case SecurityLogonType.NewCredentials:
case SecurityLogonType.Service:
break;
default:
throw new ArgumentException("Invalid logon type for Logon");
}
using (NtToken token = Win32Security.LsaLogonUser(txtS4UUserName.Text, txtS4URealm.Text, str, logon_type, Logon32Provider.Default))
{
TokenForm.OpenForm(token, "LogonUser", true);
}
}
else
{
using (NtToken token = TokenUtils.GetLogonS4UToken(txtS4UUserName.Text, txtS4URealm.Text, logon_type))
{
TokenForm.OpenForm(token, "S4U", true);
}
}
}
catch (Exception ex)
{
MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
private NtToken GetLogonToken(TokenAccessRights desired_access, string user,
string domain, SecureString password, SecurityLogonType logon_type)
{
IEnumerable <UserGroup> groups = null;
if (AdditionalGroup != null && AdditionalGroup.Length > 0)
{
groups = AdditionalGroup.Select(s => new UserGroup(s,
GetAttributes(s)));
}
using (NtToken token = Win32Security.LsaLogonUser(user, domain, password, logon_type, LogonProvider, groups))
{
if (desired_access == TokenAccessRights.MaximumAllowed)
{
return(token.Duplicate());
}
return(token.Duplicate(desired_access));
}
}
private static NtToken GetSystemToken()
{
NtToken.EnableDebugPrivilege();
using (var ps = NtProcess.GetProcesses(ProcessAccessRights.QueryLimitedInformation).ToDisposableList())
{
Sid local_system = KnownSids.LocalSystem;
foreach (var p in ps)
{
using (var result = NtToken.OpenProcessToken(p, TokenAccessRights.Query | TokenAccessRights.Duplicate, false))
{
if (!result.IsSuccess)
{
continue;
}
var token = result.Result;
if (token.User.Sid == local_system &&
!token.Filtered &&
token.GetPrivilege(TokenPrivilegeValue.SeTcbPrivilege) != null &&
token.IntegrityLevel == TokenIntegrityLevel.System)
{
using (var imp_token = token.DuplicateToken(SecurityImpersonationLevel.Impersonation))
{
if (imp_token.SetPrivilege(TokenPrivilegeValue.SeTcbPrivilege, PrivilegeAttributes.Enabled))
{
using (imp_token.Impersonate())
{
return(Win32Security.LsaLogonUser("SYSTEM", "NT AUTHORITY", null,
SecurityLogonType.Service, Logon32Provider.Default, false).GetResultOrDefault());
}
}
}
}
}
}
}
return(null);
}
public static NtResult <NtToken> Logon(string user, string domain, string password, SecurityLogonType type, Logon32Provider provider,
IEnumerable <UserGroup> groups, bool throw_on_error)
{
return(Win32Security.LsaLogonUser(user, domain, password.ToSecureString(), type, provider, groups, throw_on_error));
}
