private void btnTestS4U_Click(object sender, EventArgs e)
{
try
{
SecurityLogonType logonType = (SecurityLogonType)comboBoxS4ULogonType.SelectedItem;
if (radioLUNormal.Checked)
{
using (NtToken token = TokenUtils.GetLogonUserToken(txtS4UUserName.Text, txtS4URealm.Text, txtLUPassword.Text, logonType))
{
TokenForm.OpenForm(token, true);
}
}
else
{
using (NtToken token = TokenUtils.GetLogonS4UToken(txtS4UUserName.Text, txtS4URealm.Text, logonType))
{
TokenForm.OpenForm(token, true);
}
}
}
catch (Exception ex)
{
MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
private static NtResult <NtToken> LsaLogonUser(SecurityLogonType type, string auth_package, string origin_name,
SafeBuffer buffer, IEnumerable <UserGroup> local_groups, bool throw_on_error)
{
using (var list = new DisposableList()) {
var hlsa = list.AddResource(SafeLsaLogonHandle.Connect(throw_on_error));
if (!hlsa.IsSuccess)
{
return(hlsa.Cast <NtToken>());
}
var auth_pkg = hlsa.Result.LookupAuthPackage(auth_package, throw_on_error);
if (!auth_pkg.IsSuccess)
{
return(auth_pkg.Cast <NtToken>());
}
var groups = local_groups == null ? SafeTokenGroupsBuffer.Null
: list.AddResource(SafeTokenGroupsBuffer.Create(local_groups));
TOKEN_SOURCE tokenSource = new TOKEN_SOURCE("NT.NET");
SecurityNativeMethods.AllocateLocallyUniqueId(out tokenSource.SourceIdentifier);
QUOTA_LIMITS quota_limits = new QUOTA_LIMITS();
return(SecurityNativeMethods.LsaLogonUser(hlsa.Result, new LsaString(origin_name),
type, auth_pkg.Result, buffer, buffer.GetLength(), groups,
tokenSource, out SafeLsaReturnBufferHandle profile,
out int cbProfile, out Luid logon_id, out SafeKernelObjectHandle token_handle,
quota_limits, out NtStatus subStatus).CreateResult(throw_on_error, () => {
using (profile) {
return NtToken.FromHandle(token_handle);
}
}));
}
}
/// <summary>
/// Logon a user.
/// </summary>
/// <param name="type">The type of logon.</param>
/// <param name="auth_package">The authentication package to use.</param>
/// <param name="origin_name">The name of the origin.</param>
/// <param name="source_context">The token source context.</param>
/// <param name="buffer">The authentication credentials buffer.</param>
/// <param name="local_groups">Additional local groups.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The LSA logon result.</returns>
public NtResult <LsaLogonResult> LsaLogonUser(SecurityLogonType type, string auth_package, string origin_name,
TokenSource source_context, SafeBuffer buffer, IEnumerable <UserGroup> local_groups, bool throw_on_error)
{
using (var list = new DisposableList())
{
var auth_pkg = _handle.LookupAuthPackage(auth_package, throw_on_error);
if (!auth_pkg.IsSuccess)
{
return(auth_pkg.Cast <LsaLogonResult>());
}
var groups = local_groups == null ? SafeTokenGroupsBuffer.Null
: list.AddResource(SafeTokenGroupsBuffer.Create(local_groups));
QUOTA_LIMITS quota_limits = new QUOTA_LIMITS();
return(SecurityNativeMethods.LsaLogonUser(_handle, new LsaString(origin_name),
type, auth_pkg.Result, buffer, buffer.GetLength(), groups,
source_context, out SafeLsaReturnBufferHandle profile,
out int cbProfile, out Luid logon_id, out SafeKernelObjectHandle token_handle,
quota_limits, out NtStatus subStatus).CreateResult(throw_on_error, () =>
{
profile.InitializeLength(cbProfile);
return new LsaLogonResult(NtToken.FromHandle(token_handle), profile, logon_id, quota_limits);
}));
}
}
/// <summary>
/// Logon user using Kerberos Ticket.
/// </summary>
/// <param name="type">The type of logon token.</param>
/// <param name="service_ticket">The service ticket.</param>
/// <param name="tgt_ticket">Optional TGT.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The logged on token.</returns>
public static NtResult <NtToken> LsaLogonTicket(SecurityLogonType type, byte[] service_ticket, byte[] tgt_ticket, bool throw_on_error)
{
if (service_ticket is null)
{
throw new ArgumentNullException(nameof(service_ticket));
}
int total_size = service_ticket.Length + (tgt_ticket?.Length ?? 0);
using (var buffer = new SafeStructureInOutBuffer <KERB_TICKET_LOGON>(total_size, true))
{
KERB_TICKET_LOGON logon_struct = new KERB_TICKET_LOGON
{
MessageType = KERB_LOGON_SUBMIT_TYPE.KerbTicketLogon,
ServiceTicketLength = service_ticket.Length,
ServiceTicket = buffer.Data.DangerousGetHandle(),
TicketGrantingTicket = tgt_ticket != null?buffer.Data.DangerousGetHandle() + service_ticket.Length : IntPtr.Zero,
TicketGrantingTicketLength = tgt_ticket?.Length ?? 0
};
buffer.Data.WriteArray(0, service_ticket, 0, service_ticket.Length);
if (tgt_ticket != null)
{
buffer.Data.WriteArray((ulong)service_ticket.Length, tgt_ticket, 0, tgt_ticket.Length);
}
buffer.Result = logon_struct;
return(LsaLogonUser(type, AuthenticationPackage.KERBEROS_NAME, "KTIK", buffer, null, throw_on_error));
}
}
/// <summary>
/// Logon user using S4U
/// </summary>
/// <param name="user">The username.</param>
/// <param name="realm">The user's realm.</param>
/// <param name="type">The type of logon token.</param>
/// <param name="auth_package">The name of the auth package to user.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The logged on token.</returns>
public static NtResult <NtToken> LsaLogonS4U(string user, string realm, SecurityLogonType type, string auth_package, bool throw_on_error)
{
if (user is null)
{
throw new ArgumentNullException(nameof(user));
}
if (realm is null)
{
throw new ArgumentNullException(nameof(realm));
}
byte[] user_bytes = Encoding.Unicode.GetBytes(user);
byte[] realm_bytes = Encoding.Unicode.GetBytes(realm);
using (var buffer = new SafeStructureInOutBuffer <KERB_S4U_LOGON>(user_bytes.Length + realm_bytes.Length, true)) {
KERB_S4U_LOGON logon_struct = new KERB_S4U_LOGON {
MessageType = KERB_LOGON_SUBMIT_TYPE.KerbS4ULogon
};
SafeHGlobalBuffer data_buffer = buffer.Data;
logon_struct.ClientUpn.Buffer = data_buffer.DangerousGetHandle();
data_buffer.WriteArray(0, user_bytes, 0, user_bytes.Length);
logon_struct.ClientUpn.Length = (ushort)user_bytes.Length;
logon_struct.ClientUpn.MaximumLength = (ushort)user_bytes.Length;
logon_struct.ClientRealm.Buffer = data_buffer.DangerousGetHandle() + user_bytes.Length;
data_buffer.WriteArray((ulong)user_bytes.Length, realm_bytes, 0, realm_bytes.Length);
logon_struct.ClientRealm.Length = (ushort)realm_bytes.Length;
logon_struct.ClientRealm.MaximumLength = (ushort)realm_bytes.Length;
buffer.Result = logon_struct;
return(LsaLogonUser(type, auth_package, "S4U", buffer, null, throw_on_error));
}
}
/// <summary>
/// Logon a user with a username and password.
/// </summary>
/// <param name="user">The username.</param>
/// <param name="domain">The user's domain.</param>
/// <param name="password">The user's password.</param>
/// <param name="type">The type of logon token.</param>
/// <returns>The logged on token.</returns>
public static NtToken Logon(string user, string domain, string password, SecurityLogonType type)
{
if (!Win32NativeMethods.LogonUser(user, domain, password, type, 0, out SafeKernelObjectHandle handle))
{
throw new SafeWin32Exception();
}
return(NtToken.FromHandle(handle));
}
/// <summary>
/// Logon user using Kerberos Ticket.
/// </summary>
/// <param name="type">The type of logon token.</param>
/// <param name="service_ticket">The service ticket.</param>
/// <param name="tgt_ticket">Optional TGT.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The logged on token.</returns>
public static NtResult <NtToken> LsaLogonTicket(SecurityLogonType type, KerberosTicket service_ticket, KerberosCredential tgt_ticket, bool throw_on_error)
{
if (service_ticket is null)
{
throw new ArgumentNullException(nameof(service_ticket));
}
return(LsaLogonTicket(type, service_ticket.TicketData, tgt_ticket?.ToArray(), throw_on_error));
}
public TokenHandle LogonUser(
string originName,
SecurityLogonType logonType,
IAuthenticationPackage package,
TokenSource source,
out object profileData,
out Luid logonId,
out NtStatus subStatus
)
{
NtStatus status;
AnsiString originNameStr;
IntPtr profileBuffer;
int profileBufferLength;
IntPtr token;
QuotaLimits quotas;
originNameStr = new AnsiString(originName);
try
{
using (var logonData = package.GetAuthData())
{
if ((status = Win32.LsaLogonUser(
this,
ref originNameStr,
logonType,
this.LookupAuthenticationPackage(package.PackageName),
logonData,
logonData.Size,
IntPtr.Zero,
ref source,
out profileBuffer,
out profileBufferLength,
out logonId,
out token,
out quotas,
out subStatus
)) >= NtStatus.Error)
{
Win32.Throw(status);
}
using (var profileBufferAlloc = new LsaMemoryAlloc(profileBuffer, true))
profileData = package.GetProfileData(new MemoryRegion(profileBuffer, 0, profileBufferLength));
return(new TokenHandle(token, true));
}
}
finally
{
originNameStr.Dispose();
}
}
internal static extern bool LogonUserExExW(
string lpszUsername,
string lpszDomain,
SecureStringMarshalBuffer lpszPassword,
SecurityLogonType dwLogonType,
Logon32Provider dwLogonProvider,
SafeTokenGroupsBuffer pTokenGroups,
out SafeKernelObjectHandle phToken,
[Out] OptionalPointer ppLogonSid,
[Out] OptionalPointer ppProfileBuffer,
[Out] OptionalPointer pdwProfileLength,
[Out] QUOTA_LIMITS pQuotaLimits
);
public static NtToken LogonS4U(string user, string realm, SecurityLogonType type)
{
SafeLsaHandle hlsa = null;
LsaString pkgName = new LsaString("Negotiate");
LsaConnectUntrusted(out hlsa).ToNtException();
using (hlsa)
{
uint authnPkg;
LsaLookupAuthenticationPackage(hlsa, pkgName, out authnPkg).ToNtException();
byte[] user_bytes = Encoding.Unicode.GetBytes(user);
byte[] realm_bytes = Encoding.Unicode.GetBytes(realm);
using (var buffer = new SafeStructureInOutBuffer <KERB_S4U_LOGON>(user_bytes.Length + realm_bytes.Length, true))
{
KERB_S4U_LOGON logon_struct = new KERB_S4U_LOGON();
logon_struct.MessageType = KERB_LOGON_SUBMIT_TYPE.KerbS4ULogon;
SafeHGlobalBuffer data_buffer = buffer.Data;
logon_struct.ClientUpn.Buffer = data_buffer.DangerousGetHandle();
data_buffer.WriteArray(0, user_bytes, 0, user_bytes.Length);
logon_struct.ClientUpn.Length = (ushort)user_bytes.Length;
logon_struct.ClientUpn.MaximumLength = (ushort)user_bytes.Length;
logon_struct.ClientRealm.Buffer = data_buffer.DangerousGetHandle() + user_bytes.Length;
data_buffer.WriteArray((ulong)user_bytes.Length, realm_bytes, 0, realm_bytes.Length);
logon_struct.ClientRealm.Length = (ushort)realm_bytes.Length;
logon_struct.ClientRealm.MaximumLength = (ushort)realm_bytes.Length;
Marshal.StructureToPtr(logon_struct, buffer.DangerousGetHandle(), false);
TOKEN_SOURCE tokenSource = new TOKEN_SOURCE("NtLmSsp");
AllocateLocallyUniqueId(out tokenSource.SourceIdentifier);
LsaString originName = new LsaString("S4U");
IntPtr profile;
int cbProfile;
Luid logon_id;
NtStatus subStatus;
QUOTA_LIMITS quota_limits;
SafeKernelObjectHandle token_handle;
LsaLogonUser(hlsa, originName, type, authnPkg,
buffer, buffer.Length, IntPtr.Zero,
tokenSource, out profile, out cbProfile, out logon_id, out token_handle,
out quota_limits, out subStatus).ToNtException();
LsaFreeReturnBuffer(profile);
return(NtToken.FromHandle(token_handle));
}
}
}
public static NtToken GetLogonS4UToken(string user, string realm, SecurityLogonType logon_type)
{
switch (logon_type)
{
case SecurityLogonType.Batch:
case SecurityLogonType.Interactive:
case SecurityLogonType.Network:
break;
default:
throw new ArgumentException("Invalid logon type for S4U");
}
return LogonUtils.LogonS4U(user, realm, logon_type);
}
/// <summary>
/// Logon a user using S4U
/// </summary>
/// <param name="user">The username.</param>
/// <param name="realm">The user's realm.</param>
/// <param name="logon_type"></param>
/// <returns>The logged on token.</returns>
public static NtToken GetLogonS4UToken(string user, string realm, SecurityLogonType logon_type)
{
switch (logon_type)
{
case SecurityLogonType.Batch:
case SecurityLogonType.Interactive:
case SecurityLogonType.Network:
break;
default:
throw new ArgumentException("Invalid logon type for S4U");
}
return(LogonUtils.LogonS4U(user, realm, logon_type));
}
public static extern WinStatusCodes LsaLogonUser(
[In] IntPtr LsaHandle,
[In] ref LSA_STRING OriginName,
[In] SecurityLogonType LogonType,
[In] UInt32 AuthenticationPackage,
[In] IntPtr AuthenticationInformation,
[In] UInt32 AuthenticationInformationLength,
[In] /*PTOKEN_GROUPS*/ IntPtr LocalGroups,
[In] ref TOKEN_SOURCE SourceContext,
[Out] /*PVOID*/ out IntPtr ProfileBuffer,
[Out] out UInt32 ProfileBufferLength,
[Out] out Int64 LogonId,
[Out] out IntPtr Token,
[Out] out QUOTA_LIMITS Quotas,
[Out] out WinStatusCodes SubStatus
);
internal static extern int LsaLogonUser(
[In] SafeLsaLogonProcessHandle LsaHandle,
[In] ref UNICODE_INTPTR_STRING OriginName,
[In] SecurityLogonType LogonType,
[In] uint AuthenticationPackage,
[In] IntPtr AuthenticationInformation,
[In] uint AuthenticationInformationLength,
[In] IntPtr LocalGroups,
[In] ref TOKEN_SOURCE SourceContext,
[Out] out SafeLsaReturnBufferHandle ProfileBuffer,
[Out] out uint ProfileBufferLength,
[Out] out LUID LogonId,
[Out] out SafeCloseHandle Token,
[Out] out QUOTA_LIMITS Quotas,
[Out] out int SubStatus
);
public TokenHandle LogonUser(string originName, SecurityLogonType logonType, IAuthenticationPackage package)
{
object profileData;
Luid logonId;
NtStatus subStatus;
return(this.LogonUser(
originName,
logonType,
package,
TokenHandle.PhTokenSource,
out profileData,
out logonId,
out subStatus
));
}
internal static extern NtStatus LsaLogonUser(
SafeLsaLogonHandle LsaHandle,
LsaString OriginName,
SecurityLogonType LogonType,
uint AuthenticationPackage,
SafeBuffer AuthenticationInformation,
int AuthenticationInformationLength,
SafeTokenGroupsBuffer LocalGroups,
TOKEN_SOURCE SourceContext,
out SafeLsaReturnBufferHandle ProfileBuffer,
out int ProfileBufferLength,
out Luid LogonId,
out SafeKernelObjectHandle Token,
QUOTA_LIMITS Quotas,
out NtStatus SubStatus
);
public static extern NtStatus LsaLogonUser(
[In] IntPtr LsaHandle,
[In] ref AnsiString OriginName,
[In] SecurityLogonType LogonType,
[In] int AuthenticationPackage,
[In] IntPtr AuthenticationInformation,
[In] int AuthenticationInformationLength,
[In][Optional] IntPtr LocalGroups, // TokenGroups*
[In] ref TokenSource SourceContext,
[Out] out IntPtr ProfileBuffer,
[Out] out int ProfileBufferLength,
[Out] out Luid LogonId,
[Out] out IntPtr Token,
[Out] out QuotaLimits Quotas,
[Out] out NtStatus SubStatus
);
public TokenHandle LogonUser(string originName, SecurityLogonType logonType, IAuthenticationPackage package)
{
object profileData;
Luid logonId;
NtStatus subStatus;
return this.LogonUser(
originName,
logonType,
package,
TokenHandle.PhTokenSource,
out profileData,
out logonId,
out subStatus
);
}
private void btnTestS4U_Click(object sender, EventArgs e)
{
try
{
SecurityLogonType logon_type = (SecurityLogonType)comboBoxS4ULogonType.SelectedItem;
if (radioLUNormal.Checked)
{
SecureString str = new SecureString();
foreach (var ch in txtLUPassword.Text)
{
str.AppendChar(ch);
}
switch (logon_type)
{
case SecurityLogonType.Batch:
case SecurityLogonType.Interactive:
case SecurityLogonType.Network:
case SecurityLogonType.NetworkCleartext:
case SecurityLogonType.NewCredentials:
case SecurityLogonType.Service:
break;
default:
throw new ArgumentException("Invalid logon type for Logon");
}
using (NtToken token = Win32Security.LsaLogonUser(txtS4UUserName.Text, txtS4URealm.Text, str, logon_type, Logon32Provider.Default))
{
TokenForm.OpenForm(token, "LogonUser", true);
}
}
else
{
using (NtToken token = TokenUtils.GetLogonS4UToken(txtS4UUserName.Text, txtS4URealm.Text, logon_type))
{
TokenForm.OpenForm(token, "S4U", true);
}
}
}
catch (Exception ex)
{
MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
public static NtToken GetLogonUserToken(string username, string domain, string password, SecurityLogonType logon_type)
{
switch (logon_type)
{
case SecurityLogonType.Batch:
case SecurityLogonType.Interactive:
case SecurityLogonType.Network:
case SecurityLogonType.NetworkCleartext:
case SecurityLogonType.NewCredentials:
case SecurityLogonType.Service:
break;
default:
throw new ArgumentException("Invalid logon type for Logon");
}
return HandleUtils.LogonUtils.Logon(username, domain, password, logon_type);
}
private NtToken GetLogonToken(TokenAccessRights desired_access, string user,
string domain, SecureString password, SecurityLogonType logon_type)
{
IEnumerable <UserGroup> groups = null;
if (AdditionalGroup != null && AdditionalGroup.Length > 0)
{
groups = AdditionalGroup.Select(s => new UserGroup(s,
GetAttributes(s)));
}
using (NtToken token = Win32Security.LsaLogonUser(user, domain, password, logon_type, LogonProvider, groups))
{
if (desired_access == TokenAccessRights.MaximumAllowed)
{
return(token.Duplicate());
}
return(token.Duplicate(desired_access));
}
}
private NtToken GetLogonToken(TokenAccessRights desired_access, string user,
string domain, string password, SecurityLogonType logon_type)
{
IEnumerable <UserGroup> groups = null;
if (AdditionalGroups != null && AdditionalGroups.Length > 0)
{
groups = AdditionalGroups.Select(s => new UserGroup(s,
GroupAttributes.Enabled | GroupAttributes.EnabledByDefault | GroupAttributes.Mandatory));
}
using (NtToken token = TokenUtils.GetLogonUserToken(user, domain, password, logon_type, groups))
{
if (desired_access == TokenAccessRights.MaximumAllowed)
{
return(token.Duplicate());
}
return(token.Duplicate(desired_access));
}
}
/// <summary>
/// Logon a user with a username and password.
/// </summary>
/// <param name="user">The username.</param>
/// <param name="domain">The user's domain.</param>
/// <param name="password">The user's password.</param>
/// <param name="type">The type of logon token.</param>
/// <param name="groups">Additional groups to add. Needs SeTcbPrivilege.</param>
/// <returns>The logged on token.</returns>
public static NtToken Logon(string user, string domain, string password, SecurityLogonType type, IEnumerable <UserGroup> groups)
{
TokenGroupsBuilder builder = new TokenGroupsBuilder();
foreach (var group in groups)
{
builder.AddGroup(group.Sid, group.Attributes);
}
using (var group_buffer = builder.ToBuffer())
{
if (!Win32NativeMethods.LogonUserExExW(user, domain, password, type, 0, group_buffer,
out SafeKernelObjectHandle token, null, null, null, null))
{
throw new SafeWin32Exception();
}
return(new NtToken(token));
}
}
public static NtToken LogonS4U(string user, string realm, SecurityLogonType type)
{
return(LsaLogonS4U(user, realm, type));
}
/// <summary>
/// Logon user using S4U
/// </summary>
/// <param name="user">The username.</param>
/// <param name="realm">The user's realm.</param>
/// <param name="type">The type of logon token.</param>
/// <returns>The logged on token.</returns>
public static NtToken LsaLogonS4U(string user, string realm, SecurityLogonType type)
{
return(LsaLogonS4U(user, realm, type, AuthenticationPackage.NEGOSSP_NAME));
}
/// <summary>
/// Logon user using S4U
/// </summary>
/// <param name="user">The username.</param>
/// <param name="realm">The user's realm.</param>
/// <param name="type">The type of logon token.</param>
/// <param name="auth_package">The name of the auth package to user.</param>
/// <returns>The logged on token.</returns>
public static NtToken LsaLogonS4U(string user, string realm, SecurityLogonType type, string auth_package)
{
return(LsaLogonS4U(user, realm, type, auth_package, true).Result);
}
public static NtToken Logon(string user, string domain, string password, SecurityLogonType type, IEnumerable <UserGroup> groups)
{
return(Logon(user, domain, password, type, Logon32Provider.Default, groups));
}
public static NtResult <NtToken> Logon(string user, string domain, string password, SecurityLogonType type, Logon32Provider provider,
IEnumerable <UserGroup> groups, bool throw_on_error)
{
return(Win32Security.LsaLogonUser(user, domain, password.ToSecureString(), type, provider, groups, throw_on_error));
}
public static NtToken Logon(string user, string domain, string password, SecurityLogonType type, Logon32Provider provider, IEnumerable <UserGroup> groups)
{
return(Logon(user, domain, password, type, provider, groups, true).Result);
}
static extern NtStatus LsaLogonUser(SafeLsaHandle LsaHandle, LsaString OriginName, SecurityLogonType LogonType, uint AuthenticationPackage,
SafeBuffer AuthenticationInformation,
int AuthenticationInformationLength,
IntPtr LocalGroups,
TOKEN_SOURCE SourceContext,
out IntPtr ProfileBuffer,
out int ProfileBufferLength,
out Luid LogonId,
out SafeKernelObjectHandle Token,
out QUOTA_LIMITS Quotas,
out NtStatus SubStatus
);
public static NtToken Logon(string user, string domain, string password, SecurityLogonType type)
{
SafeKernelObjectHandle handle;
if (!LogonUser(user, domain, password, type, 0, out handle))
{
throw new SafeWin32Exception();
}
return NtToken.FromHandle(handle);
}
internal static extern bool LogonUser(string lpszUsername, string lpszDomain, SecureStringMarshalBuffer lpszPassword, SecurityLogonType dwLogonType,
Logon32Provider dwLogonProvider, out SafeKernelObjectHandle phToken);
static extern bool LogonUser(string lpszUsername, string lpszDomain, string lpszPassword, SecurityLogonType dwLogonType,
int dwLogonProvider, out SafeKernelObjectHandle phToken);
public static NtToken LogonS4U(string user, string realm, SecurityLogonType type)
{
SafeLsaHandle hlsa = null;
LsaString pkgName = new LsaString("Negotiate");
LsaConnectUntrusted(out hlsa).ToNtException();
using (hlsa)
{
uint authnPkg;
LsaLookupAuthenticationPackage(hlsa, pkgName, out authnPkg).ToNtException();
byte[] user_bytes = Encoding.Unicode.GetBytes(user);
byte[] realm_bytes = Encoding.Unicode.GetBytes(realm);
using (var buffer = new SafeStructureInOutBuffer<KERB_S4U_LOGON>(user_bytes.Length + realm_bytes.Length, true))
{
KERB_S4U_LOGON logon_struct = new KERB_S4U_LOGON();
logon_struct.MessageType = KERB_LOGON_SUBMIT_TYPE.KerbS4ULogon;
SafeHGlobalBuffer data_buffer = buffer.Data;
logon_struct.ClientUpn.Buffer = data_buffer.DangerousGetHandle();
data_buffer.WriteArray(0, user_bytes, 0, user_bytes.Length);
logon_struct.ClientUpn.Length = (ushort)user_bytes.Length;
logon_struct.ClientUpn.MaximumLength = (ushort)user_bytes.Length;
logon_struct.ClientRealm.Buffer = data_buffer.DangerousGetHandle() + user_bytes.Length;
data_buffer.WriteArray((ulong)user_bytes.Length, realm_bytes, 0, realm_bytes.Length);
logon_struct.ClientRealm.Length = (ushort)realm_bytes.Length;
logon_struct.ClientRealm.MaximumLength = (ushort)realm_bytes.Length;
Marshal.StructureToPtr(logon_struct, buffer.DangerousGetHandle(), false);
TOKEN_SOURCE tokenSource = new TOKEN_SOURCE("NtLmSsp");
AllocateLocallyUniqueId(out tokenSource.SourceIdentifier);
LsaString originName = new LsaString("S4U");
IntPtr profile;
int cbProfile;
Luid logon_id;
NtStatus subStatus;
QUOTA_LIMITS quota_limits;
SafeKernelObjectHandle token_handle;
LsaLogonUser(hlsa, originName, type, authnPkg,
buffer, buffer.Length, IntPtr.Zero,
tokenSource, out profile, out cbProfile, out logon_id, out token_handle,
out quota_limits, out subStatus).ToNtException();
LsaFreeReturnBuffer(profile);
return NtToken.FromHandle(token_handle);
}
}
}
public TokenHandle LogonUser(
string originName,
SecurityLogonType logonType,
IAuthenticationPackage package,
TokenSource source,
out object profileData,
out Luid logonId,
out NtStatus subStatus
)
{
IntPtr profileBuffer;
int profileBufferLength;
IntPtr token;
QuotaLimits quotas;
AnsiString originNameStr = new AnsiString(originName);
try
{
using (MemoryRegion logonData = package.GetAuthData())
{
Win32.LsaLogonUser(
this,
ref originNameStr,
logonType,
this.LookupAuthenticationPackage(package.PackageName),
logonData,
logonData.Size,
IntPtr.Zero,
ref source,
out profileBuffer,
out profileBufferLength,
out logonId,
out token,
out quotas,
out subStatus
).ThrowIf();
using (new LsaMemoryAlloc(profileBuffer, true))
{
profileData = package.GetProfileData(new MemoryRegion(profileBuffer, 0, profileBufferLength));
}
return new TokenHandle(token, true);
}
}
finally
{
originNameStr.Dispose();
}
}
static extern bool LogonUser(string lpszUsername, string lpszDomain, string lpszPassword, SecurityLogonType dwLogonType,
int dwLogonProvider, out SafeKernelObjectHandle phToken);
/// <summary>
/// Logon user using Kerberos Ticket.
/// </summary>
/// <param name="type">The type of logon token.</param>
/// <param name="service_ticket">The service ticket.</param>
/// <param name="tgt_ticket">Optional TGT.</param>
/// <returns>The logged on token.</returns>
public static NtToken LsaLogonTicket(SecurityLogonType type, byte[] service_ticket, byte[] tgt_ticket)
{
return(LsaLogonTicket(type, service_ticket, tgt_ticket, true).Result);
}
/// <summary>
/// Logon user using Kerberos Ticket.
/// </summary>
/// <param name="type">The type of logon token.</param>
/// <param name="service_ticket">The service ticket.</param>
/// <param name="tgt_ticket">Optional TGT.</param>
/// <returns>The logged on token.</returns>
public static NtToken LsaLogonTicket(SecurityLogonType type, KerberosTicket service_ticket, KerberosCredential tgt_ticket)
{
return(LsaLogonTicket(type, service_ticket, tgt_ticket, true).Result);
}
public TokenHandle LogonUser(SecurityLogonType logonType, IAuthenticationPackage package)
{
return this.LogonUser("PH.N", logonType, package);
}
