private static NtResult <NtToken> LsaLogonUser(SecurityLogonType type, string auth_package, string origin_name,
SafeBuffer buffer, IEnumerable <UserGroup> local_groups, bool throw_on_error)
{
using (var list = new DisposableList()) {
var hlsa = list.AddResource(SafeLsaLogonHandle.Connect(throw_on_error));
if (!hlsa.IsSuccess)
{
return(hlsa.Cast <NtToken>());
}
var auth_pkg = hlsa.Result.LookupAuthPackage(auth_package, throw_on_error);
if (!auth_pkg.IsSuccess)
{
return(auth_pkg.Cast <NtToken>());
}
var groups = local_groups == null ? SafeTokenGroupsBuffer.Null
: list.AddResource(SafeTokenGroupsBuffer.Create(local_groups));
TOKEN_SOURCE tokenSource = new TOKEN_SOURCE("NT.NET");
SecurityNativeMethods.AllocateLocallyUniqueId(out tokenSource.SourceIdentifier);
QUOTA_LIMITS quota_limits = new QUOTA_LIMITS();
return(SecurityNativeMethods.LsaLogonUser(hlsa.Result, new LsaString(origin_name),
type, auth_pkg.Result, buffer, buffer.GetLength(), groups,
tokenSource, out SafeLsaReturnBufferHandle profile,
out int cbProfile, out Luid logon_id, out SafeKernelObjectHandle token_handle,
quota_limits, out NtStatus subStatus).CreateResult(throw_on_error, () => {
using (profile) {
return NtToken.FromHandle(token_handle);
}
}));
}
}
internal static extern NtStatus LsaLogonUser(SafeLsaHandle LsaHandle, LsaString OriginName, SecurityLogonType LogonType, uint AuthenticationPackage,
SafeBuffer AuthenticationInformation,
int AuthenticationInformationLength,
IntPtr LocalGroups,
TOKEN_SOURCE SourceContext,
out IntPtr ProfileBuffer,
out int ProfileBufferLength,
out Luid LogonId,
out SafeKernelObjectHandle Token,
QUOTA_LIMITS Quotas,
out NtStatus SubStatus
);
internal static extern bool LogonUserExExW(
string lpszUsername,
string lpszDomain,
string lpszPassword,
SecurityLogonType dwLogonType,
int dwLogonProvider,
SafeTokenGroupsBuffer pTokenGroups,
out SafeKernelObjectHandle phToken,
[Out] OptionalPointer ppLogonSid,
[Out] OptionalPointer ppProfileBuffer,
[Out] OptionalPointer pdwProfileLength,
[Out] QUOTA_LIMITS pQuotaLimits
);
/// <summary>
/// Logon user using S4U
/// </summary>
/// <param name="user">The username.</param>
/// <param name="realm">The user's realm.</param>
/// <param name="type">The type of logon token.</param>
/// <returns>The logged on token.</returns>
public static NtToken LogonS4U(string user, string realm, SecurityLogonType type)
{
LsaString pkgName = new LsaString("Negotiate");
Win32NativeMethods.LsaConnectUntrusted(out SafeLsaHandle hlsa).ToNtException();
using (hlsa)
{
uint authnPkg;
Win32NativeMethods.LsaLookupAuthenticationPackage(hlsa, pkgName, out authnPkg).ToNtException();
byte[] user_bytes = Encoding.Unicode.GetBytes(user);
byte[] realm_bytes = Encoding.Unicode.GetBytes(realm);
using (var buffer = new SafeStructureInOutBuffer <KERB_S4U_LOGON>(user_bytes.Length + realm_bytes.Length, true))
{
KERB_S4U_LOGON logon_struct = new KERB_S4U_LOGON
{
MessageType = KERB_LOGON_SUBMIT_TYPE.KerbS4ULogon
};
SafeHGlobalBuffer data_buffer = buffer.Data;
logon_struct.ClientUpn.Buffer = data_buffer.DangerousGetHandle();
data_buffer.WriteArray(0, user_bytes, 0, user_bytes.Length);
logon_struct.ClientUpn.Length = (ushort)user_bytes.Length;
logon_struct.ClientUpn.MaximumLength = (ushort)user_bytes.Length;
logon_struct.ClientRealm.Buffer = data_buffer.DangerousGetHandle() + user_bytes.Length;
data_buffer.WriteArray((ulong)user_bytes.Length, realm_bytes, 0, realm_bytes.Length);
logon_struct.ClientRealm.Length = (ushort)realm_bytes.Length;
logon_struct.ClientRealm.MaximumLength = (ushort)realm_bytes.Length;
Marshal.StructureToPtr(logon_struct, buffer.DangerousGetHandle(), false);
TOKEN_SOURCE tokenSource = new TOKEN_SOURCE("NtLmSsp");
Win32NativeMethods.AllocateLocallyUniqueId(out tokenSource.SourceIdentifier);
LsaString originName = new LsaString("S4U");
QUOTA_LIMITS quota_limits = new QUOTA_LIMITS();
Win32NativeMethods.LsaLogonUser(hlsa, originName, type, authnPkg,
buffer, buffer.Length, IntPtr.Zero,
tokenSource, out IntPtr profile, out int cbProfile, out Luid logon_id, out SafeKernelObjectHandle token_handle,
quota_limits, out NtStatus subStatus).ToNtException();
Win32NativeMethods.LsaFreeReturnBuffer(profile);
return(NtToken.FromHandle(token_handle));
}
}
}
