/// <summary>
/// Logon a user with a username and password.
/// </summary>
/// <param name="user">The username.</param>
/// <param name="domain">The user's domain.</param>
/// <param name="password">The user's password.</param>
/// <param name="type">The type of logon token.</param>
/// <param name="provider">The Logon provider.</param>
/// <param name="groups">Additional groups to add. Needs SeTcbPrivilege.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The logged on token.</returns>
public static NtResult <NtToken> LsaLogonUser(string user, string domain, SecureString password, SecurityLogonType type, Logon32Provider provider,
IEnumerable <UserGroup> groups, bool throw_on_error)
{
if (groups is null)
{
return(LsaLogonUser(user, domain, password, type, provider, throw_on_error));
}
TokenGroupsBuilder builder = new TokenGroupsBuilder();
foreach (var group in groups)
{
builder.AddGroup(group.Sid, group.Attributes);
}
using (var group_buffer = builder.ToBuffer())
{
using (var pwd = new SecureStringMarshalBuffer(password))
{
return(SecurityNativeMethods.LogonUserExExW(user, domain, pwd, type, provider, group_buffer,
out SafeKernelObjectHandle token, null, null, null, null)
.CreateWin32Result(throw_on_error, () => new NtToken(token)));
}
}
}
/// <summary>
/// Logon a user with a username and password.
/// </summary>
/// <param name="user">The username.</param>
/// <param name="domain">The user's domain.</param>
/// <param name="password">The user's password.</param>
/// <param name="type">The type of logon token.</param>
/// <param name="provider">The Logon provider.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The logged on token.</returns>
public static NtResult <NtToken> LsaLogonUser(string user, string domain, SecureString password, SecurityLogonType type, Logon32Provider provider, bool throw_on_error)
{
using (var pwd = new SecureStringMarshalBuffer(password))
{
return(SecurityNativeMethods.LogonUser(user, domain, pwd, type, provider,
out SafeKernelObjectHandle handle).CreateWin32Result(throw_on_error, () => new NtToken(handle)));
}
}
internal static extern bool CreateProcessWithLogonW(
string lpUsername,
string lpDomain,
SecureStringMarshalBuffer lpPassword,
CreateProcessLogonFlags dwLogonFlags,
string lpApplicationName,
string lpCommandLine,
CreateProcessFlags dwCreationFlags,
[In] byte[] lpEnvironment,
string lpCurrentDirectory,
ref STARTUPINFO lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
/// <summary>
/// Set a user's password.
/// </summary>
/// <param name="password">The password to set.</param>
/// <param name="expired">Whether the password has expired.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The NT status code.</returns>
public NtStatus SetPassword(SecureString password, bool expired, bool throw_on_error)
{
using (var pwd_buf = new SecureStringMarshalBuffer(password))
{
var set_info = new USER_SET_PASSWORD_INFORMATION();
set_info.Password = new UnicodeStringInSecure(pwd_buf, password.Length);
set_info.PasswordExpired = expired;
using (var buf = set_info.ToBuffer())
{
return(SecurityNativeMethods.SamSetInformationUser(Handle,
UserInformationClass.UserSetPasswordInformation, buf).ToNtException(throw_on_error));
}
}
}
public UnicodeStringSecure(SecureStringMarshalBuffer str, int length)
{
Length = (ushort)(length * 2);
MaximumLength = (ushort)((length + 1) * 2);
Buffer = str;
}