private static SafeLocalAllocHandle GetTokenInformation(SafeTokenHandle tokenHandle, TokenInformationClass tokenInformationClass) { SafeLocalAllocHandle invalidHandle = SafeLocalAllocHandle.InvalidHandle; uint returnLength = (uint)Marshal.SizeOf(typeof(uint)); bool flag = Win32Native.GetTokenInformation(tokenHandle, (uint)tokenInformationClass, invalidHandle, 0, out returnLength); int errorCode = Marshal.GetLastWin32Error(); int num3 = errorCode; if (num3 == 6) { throw new ArgumentException(Environment.GetResourceString("Argument_InvalidImpersonationToken")); } if ((num3 != 0x18) && (num3 != 0x7a)) { throw new SecurityException(Win32Native.GetMessage(errorCode)); } IntPtr sizetdwBytes = new IntPtr((long)returnLength); invalidHandle.Dispose(); invalidHandle = Win32Native.LocalAlloc(0, sizetdwBytes); if ((invalidHandle == null) || invalidHandle.IsInvalid) { throw new OutOfMemoryException(); } invalidHandle.Initialize((ulong)returnLength); if (!Win32Native.GetTokenInformation(tokenHandle, (uint)tokenInformationClass, invalidHandle, returnLength, out returnLength)) { throw new SecurityException(Win32Native.GetMessage(Marshal.GetLastWin32Error())); } return(invalidHandle); }
private static SafeLocalAllocHandle SafeLocalAlloc(int uFlags, uint size) { SafeLocalAllocHandle result = LocalAlloc(uFlags, (UIntPtr)size); if (result == null || result.IsInvalid) { throw new OutOfMemoryException(); } result.Initialize(size); return(result); }
private static SafeLocalAllocHandle GetTokenInformation(SafeAccessTokenHandle tokenHandle, TokenInformationClass tokenInformationClass) { SafeLocalAllocHandle safeLocalAllocHandle = SafeLocalAllocHandle.InvalidHandle; uint dwLength = (uint)sizeof(uint); bool result = Interop.Advapi32.GetTokenInformation(tokenHandle, (uint)tokenInformationClass, safeLocalAllocHandle, 0, out dwLength); int dwErrorCode = Marshal.GetLastWin32Error(); switch (dwErrorCode) { case Interop.Errors.ERROR_BAD_LENGTH: // special case for TokenSessionId. Falling through case Interop.Errors.ERROR_INSUFFICIENT_BUFFER: // ptrLength is an [In] param to LocalAlloc UIntPtr ptrLength = new UIntPtr(dwLength); safeLocalAllocHandle.Dispose(); safeLocalAllocHandle = Interop.Kernel32.LocalAlloc(0, ptrLength); if (safeLocalAllocHandle == null || safeLocalAllocHandle.IsInvalid) { throw new OutOfMemoryException(); } safeLocalAllocHandle.Initialize(dwLength); result = Interop.Advapi32.GetTokenInformation(tokenHandle, (uint)tokenInformationClass, safeLocalAllocHandle, dwLength, out dwLength); if (!result) { throw new SecurityException(new Win32Exception().Message); } break; case Interop.Errors.ERROR_INVALID_HANDLE: throw new ArgumentException(SR.Argument_InvalidImpersonationToken); default: throw new SecurityException(new Win32Exception(dwErrorCode).Message); } return(safeLocalAllocHandle); }
private static unsafe SafeTokenHandle KerbS4ULogon(string upn, ref SafeTokenHandle safeTokenHandle) { SafeTokenHandle handle6; byte[] array = new byte[] { 0x43, 0x4c, 0x52 }; IntPtr sizetdwBytes = new IntPtr((long)((ulong)(array.Length + 1))); using (SafeLocalAllocHandle handle = Win32Native.LocalAlloc(0x40, sizetdwBytes)) { if ((handle == null) || handle.IsInvalid) { throw new OutOfMemoryException(); } handle.Initialize((ulong)(array.Length + 1L)); handle.WriteArray <byte>(0L, array, 0, array.Length); Win32Native.UNICODE_INTPTR_STRING logonProcessName = new Win32Native.UNICODE_INTPTR_STRING(array.Length, handle); SafeLsaLogonProcessHandle invalidHandle = SafeLsaLogonProcessHandle.InvalidHandle; SafeLsaReturnBufferHandle profileBuffer = SafeLsaReturnBufferHandle.InvalidHandle; try { int num; Privilege privilege = null; RuntimeHelpers.PrepareConstrainedRegions(); try { try { privilege = new Privilege("SeTcbPrivilege"); privilege.Enable(); } catch (PrivilegeNotHeldException) { } IntPtr zero = IntPtr.Zero; num = Win32Native.LsaRegisterLogonProcess(ref logonProcessName, ref invalidHandle, ref zero); if (5 == Win32Native.LsaNtStatusToWinError(num)) { num = Win32Native.LsaConnectUntrusted(ref invalidHandle); } } catch { if (privilege != null) { privilege.Revert(); } throw; } finally { if (privilege != null) { privilege.Revert(); } } if (num < 0) { throw GetExceptionFromNtStatus(num); } byte[] bytes = new byte["Kerberos".Length + 1]; Encoding.ASCII.GetBytes("Kerberos", 0, "Kerberos".Length, bytes, 0); sizetdwBytes = new IntPtr((long)((ulong)bytes.Length)); using (SafeLocalAllocHandle handle4 = Win32Native.LocalAlloc(0, sizetdwBytes)) { if ((handle4 == null) || handle4.IsInvalid) { throw new OutOfMemoryException(); } handle4.Initialize((ulong)bytes.Length); handle4.WriteArray <byte>(0L, bytes, 0, bytes.Length); Win32Native.UNICODE_INTPTR_STRING packageName = new Win32Native.UNICODE_INTPTR_STRING("Kerberos".Length, handle4); uint authenticationPackage = 0; num = Win32Native.LsaLookupAuthenticationPackage(invalidHandle, ref packageName, ref authenticationPackage); if (num < 0) { throw GetExceptionFromNtStatus(num); } Win32Native.TOKEN_SOURCE sourceContext = new Win32Native.TOKEN_SOURCE(); if (!Win32Native.AllocateLocallyUniqueId(ref sourceContext.SourceIdentifier)) { throw new SecurityException(Win32Native.GetMessage(Marshal.GetLastWin32Error())); } sourceContext.Name = new char[8]; sourceContext.Name[0] = 'C'; sourceContext.Name[1] = 'L'; sourceContext.Name[2] = 'R'; uint profileBufferLength = 0; Win32Native.LUID logonId = new Win32Native.LUID(); Win32Native.QUOTA_LIMITS quotas = new Win32Native.QUOTA_LIMITS(); int subStatus = 0; byte[] buffer3 = Encoding.Unicode.GetBytes(upn); int num5 = Marshal.SizeOf(typeof(Win32Native.KERB_S4U_LOGON)) + buffer3.Length; using (SafeLocalAllocHandle handle5 = Win32Native.LocalAlloc(0x40, new IntPtr(num5))) { if ((handle5 == null) || handle5.IsInvalid) { throw new OutOfMemoryException(); } handle5.Initialize((ulong)num5); ulong byteOffset = (ulong)Marshal.SizeOf(typeof(Win32Native.KERB_S4U_LOGON)); handle5.WriteArray <byte>(byteOffset, buffer3, 0, buffer3.Length); byte *pointer = null; RuntimeHelpers.PrepareConstrainedRegions(); try { handle5.AcquirePointer(ref pointer); Win32Native.KERB_S4U_LOGON kerb_su_logon = new Win32Native.KERB_S4U_LOGON { MessageType = 12, Flags = 0, ClientUpn = new Win32Native.UNICODE_INTPTR_STRING(buffer3.Length, new IntPtr((void *)(pointer + byteOffset))) }; handle5.Write <Win32Native.KERB_S4U_LOGON>(0L, kerb_su_logon); num = Win32Native.LsaLogonUser(invalidHandle, ref logonProcessName, 3, authenticationPackage, new IntPtr((void *)pointer), (uint)handle5.ByteLength, IntPtr.Zero, ref sourceContext, ref profileBuffer, ref profileBufferLength, ref logonId, ref safeTokenHandle, ref quotas, ref subStatus); if ((num == -1073741714) && (subStatus < 0)) { num = subStatus; } if (num < 0) { throw GetExceptionFromNtStatus(num); } if (subStatus < 0) { throw GetExceptionFromNtStatus(subStatus); } } finally { if (pointer != null) { handle5.ReleasePointer(); } } } handle6 = safeTokenHandle; } } finally { if (!invalidHandle.IsInvalid) { invalidHandle.Dispose(); } if (!profileBuffer.IsInvalid) { profileBuffer.Dispose(); } } } return(handle6); }