public void PurgeAll()
{
IntPtr lsaHandle = IntPtr.Zero;
OSCalls.WinStatusCodes status = OSCalls.LsaConnectUntrusted(out lsaHandle);
if (status != OSCalls.WinStatusCodes.STATUS_SUCCESS)
{
throw new Win32Exception((int)OSCalls.LsaNtStatusToWinError(status));
}
IntPtr cacheRequestPtr = IntPtr.Zero;
try
{
using (var kerberosPackageName = new OSCalls.LsaStringWrapper("Kerberos"))
{
UInt32 kerberosPackageId;
status = OSCalls.LsaLookupAuthenticationPackage(lsaHandle,
ref kerberosPackageName._string, out kerberosPackageId);
if (status != OSCalls.WinStatusCodes.STATUS_SUCCESS)
{
throw new Win32Exception((int)OSCalls.LsaNtStatusToWinError(status));
}
PurgeAllTickets(lsaHandle, kerberosPackageId);
}
}
finally
{
if (cacheRequestPtr != IntPtr.Zero)
{
Marshal.FreeHGlobal(cacheRequestPtr);
}
if (lsaHandle != IntPtr.Zero)
{
OSCalls.LsaDeregisterLogonProcess(lsaHandle);
}
}
}
// using S4U logon
public HandleSecurityToken(string UserName,
string Domain,
OSCalls.WinLogonType LogonType
)
{
using (OSCalls.KerbS4ULogon authPackage = new OSCalls.KerbS4ULogon(UserName, Domain))
{
IntPtr lsaHandle;
OSCalls.WinStatusCodes status = OSCalls.LsaConnectUntrusted(out lsaHandle);
if (status != OSCalls.WinStatusCodes.STATUS_SUCCESS)
{
throw new System.ComponentModel.Win32Exception((int)OSCalls.LsaNtStatusToWinError(status));
}
try
{
UInt32 kerberosPackageId;
using (OSCalls.LsaStringWrapper kerberosPackageName = new OSCalls.LsaStringWrapper("Negotiate"))
{
status = OSCalls.LsaLookupAuthenticationPackage(lsaHandle, ref kerberosPackageName._string, out kerberosPackageId);
if (status != OSCalls.WinStatusCodes.STATUS_SUCCESS)
{
throw new System.ComponentModel.Win32Exception((int)OSCalls.LsaNtStatusToWinError(status));
}
}
OSCalls.LsaStringWrapper originName = null;
try
{
originName = new OSCalls.LsaStringWrapper("S4U");
OSCalls.TOKEN_SOURCE sourceContext = new OSCalls.TOKEN_SOURCE("NtLmSsp");
System.IntPtr profileBuffer = IntPtr.Zero;
UInt32 profileBufferLength = 0;
Int64 logonId;
OSCalls.WinStatusCodes subStatus;
OSCalls.QUOTA_LIMITS quotas;
status = OSCalls.LsaLogonUser(
lsaHandle,
ref originName._string,
(OSCalls.SecurityLogonType)LogonType,
kerberosPackageId,
authPackage.Ptr,
(uint)authPackage.Length,
IntPtr.Zero,
ref sourceContext,
out profileBuffer,
out profileBufferLength,
out logonId,
out m_hToken,
out quotas,
out subStatus);
if (status != OSCalls.WinStatusCodes.STATUS_SUCCESS)
{
throw new System.ComponentModel.Win32Exception((int)OSCalls.LsaNtStatusToWinError(status));
}
if (profileBuffer != IntPtr.Zero)
{
OSCalls.LsaFreeReturnBuffer(profileBuffer);
}
}
finally
{
if (originName != null)
{
originName.Dispose();
}
}
}
finally
{
OSCalls.LsaDeregisterLogonProcess(lsaHandle);
}
}
}
