private static NtResult <NtToken> LsaLogonUser(SecurityLogonType type, string auth_package, string origin_name, SafeBuffer buffer, IEnumerable <UserGroup> local_groups, bool throw_on_error) { using (var list = new DisposableList()) { var hlsa = list.AddResource(SafeLsaLogonHandle.Connect(throw_on_error)); if (!hlsa.IsSuccess) { return(hlsa.Cast <NtToken>()); } var auth_pkg = hlsa.Result.LookupAuthPackage(auth_package, throw_on_error); if (!auth_pkg.IsSuccess) { return(auth_pkg.Cast <NtToken>()); } var groups = local_groups == null ? SafeTokenGroupsBuffer.Null : list.AddResource(SafeTokenGroupsBuffer.Create(local_groups)); TOKEN_SOURCE tokenSource = new TOKEN_SOURCE("NT.NET"); SecurityNativeMethods.AllocateLocallyUniqueId(out tokenSource.SourceIdentifier); QUOTA_LIMITS quota_limits = new QUOTA_LIMITS(); return(SecurityNativeMethods.LsaLogonUser(hlsa.Result, new LsaString(origin_name), type, auth_pkg.Result, buffer, buffer.GetLength(), groups, tokenSource, out SafeLsaReturnBufferHandle profile, out int cbProfile, out Luid logon_id, out SafeKernelObjectHandle token_handle, quota_limits, out NtStatus subStatus).CreateResult(throw_on_error, () => { using (profile) { return NtToken.FromHandle(token_handle); } })); } }
internal static extern NtStatus LsaLogonUser(SafeLsaHandle LsaHandle, LsaString OriginName, SecurityLogonType LogonType, uint AuthenticationPackage, SafeBuffer AuthenticationInformation, int AuthenticationInformationLength, IntPtr LocalGroups, TOKEN_SOURCE SourceContext, out IntPtr ProfileBuffer, out int ProfileBufferLength, out Luid LogonId, out SafeKernelObjectHandle Token, QUOTA_LIMITS Quotas, out NtStatus SubStatus );
internal static extern bool LogonUserExExW( string lpszUsername, string lpszDomain, string lpszPassword, SecurityLogonType dwLogonType, int dwLogonProvider, SafeTokenGroupsBuffer pTokenGroups, out SafeKernelObjectHandle phToken, [Out] OptionalPointer ppLogonSid, [Out] OptionalPointer ppProfileBuffer, [Out] OptionalPointer pdwProfileLength, [Out] QUOTA_LIMITS pQuotaLimits );
/// <summary> /// Logon user using S4U /// </summary> /// <param name="user">The username.</param> /// <param name="realm">The user's realm.</param> /// <param name="type">The type of logon token.</param> /// <returns>The logged on token.</returns> public static NtToken LogonS4U(string user, string realm, SecurityLogonType type) { LsaString pkgName = new LsaString("Negotiate"); Win32NativeMethods.LsaConnectUntrusted(out SafeLsaHandle hlsa).ToNtException(); using (hlsa) { uint authnPkg; Win32NativeMethods.LsaLookupAuthenticationPackage(hlsa, pkgName, out authnPkg).ToNtException(); byte[] user_bytes = Encoding.Unicode.GetBytes(user); byte[] realm_bytes = Encoding.Unicode.GetBytes(realm); using (var buffer = new SafeStructureInOutBuffer <KERB_S4U_LOGON>(user_bytes.Length + realm_bytes.Length, true)) { KERB_S4U_LOGON logon_struct = new KERB_S4U_LOGON { MessageType = KERB_LOGON_SUBMIT_TYPE.KerbS4ULogon }; SafeHGlobalBuffer data_buffer = buffer.Data; logon_struct.ClientUpn.Buffer = data_buffer.DangerousGetHandle(); data_buffer.WriteArray(0, user_bytes, 0, user_bytes.Length); logon_struct.ClientUpn.Length = (ushort)user_bytes.Length; logon_struct.ClientUpn.MaximumLength = (ushort)user_bytes.Length; logon_struct.ClientRealm.Buffer = data_buffer.DangerousGetHandle() + user_bytes.Length; data_buffer.WriteArray((ulong)user_bytes.Length, realm_bytes, 0, realm_bytes.Length); logon_struct.ClientRealm.Length = (ushort)realm_bytes.Length; logon_struct.ClientRealm.MaximumLength = (ushort)realm_bytes.Length; Marshal.StructureToPtr(logon_struct, buffer.DangerousGetHandle(), false); TOKEN_SOURCE tokenSource = new TOKEN_SOURCE("NtLmSsp"); Win32NativeMethods.AllocateLocallyUniqueId(out tokenSource.SourceIdentifier); LsaString originName = new LsaString("S4U"); QUOTA_LIMITS quota_limits = new QUOTA_LIMITS(); Win32NativeMethods.LsaLogonUser(hlsa, originName, type, authnPkg, buffer, buffer.Length, IntPtr.Zero, tokenSource, out IntPtr profile, out int cbProfile, out Luid logon_id, out SafeKernelObjectHandle token_handle, quota_limits, out NtStatus subStatus).ToNtException(); Win32NativeMethods.LsaFreeReturnBuffer(profile); return(NtToken.FromHandle(token_handle)); } } }