Пример #1
0
		internal static Ticket GetTicket()
		{
            LsaSafeHandle lsaHandle = null;
            try
            {
                // connect to the LSA outside the TCB
                Check(LsaConnectUntrusted(out lsaHandle));

                string kerberos = "Kerberos";
                LsaString lsaString = new LsaString();
                lsaString.Length = (ushort)kerberos.Length;
                lsaString.MaximumLength = (ushort)kerberos.Length;
                lsaString.Buffer = kerberos;

                uint authenticationPackage = 0;

                // lookup the index for the Kerberos authentication package
                Check(LsaLookupAuthenticationPackage(lsaHandle, ref lsaString, out authenticationPackage));

                KERB_QUERY_TKT_CACHE_REQUEST request = new KERB_QUERY_TKT_CACHE_REQUEST();
                request.MessageType = KERB_PROTOCOL_MESSAGE_TYPE.KerbRetrieveTicketMessage;
                request.LoginId.LowPart = 0;
                request.LoginId.HighPart = 0;

                int submitBufferLength = Marshal.SizeOf(typeof(KERB_QUERY_TKT_CACHE_REQUEST));
                IntPtr responsePointer = IntPtr.Zero;
                int returnBufferLength = 0;
                int protocolStatus = 0;

                try
                {
                    // send the request to Kerberos and get a response
                    Check(LsaCallAuthenticationPackage(lsaHandle,
                            authenticationPackage,
                            ref request,
                            submitBufferLength,
                            out responsePointer,
                            out returnBufferLength,
                            out protocolStatus));

                    Check(protocolStatus);

                    if (responsePointer == IntPtr.Zero || returnBufferLength < Marshal.SizeOf(typeof(KERB_RETRIEVE_TKT_RESPONSE)))
                    {
                        throw new InvalidOperationException();
                    }

                    KERB_RETRIEVE_TKT_RESPONSE response = new KERB_RETRIEVE_TKT_RESPONSE();
                    Marshal.PtrToStructure(responsePointer, response);

                    Ticket ticket = new Ticket();
                    ticket.EncodedTicket = ReadBytes(response.Ticket.EncodedTicket, response.Ticket.EncodedTicketSize);
                    ticket.ClientNames = ReadExternalName(response.Ticket.ClientName);
                    ticket.TargetNames = ReadExternalName(response.Ticket.TargetName);
                    ticket.SessionKey = ReadBytes(response.Ticket.SessionKey.Value, response.Ticket.SessionKey.Length);
                    ticket.SessionKeyType = response.Ticket.SessionKey.KeyType;
                    ticket.StartTime = response.Ticket.StartTime;
                    ticket.EndTime = response.Ticket.EndTime;
                    ticket.RenewUntil = response.Ticket.RenewUntil;
                    return ticket;
                }
                finally
                {
                    if (responsePointer != IntPtr.Zero)
                    {
                        Check(LsaFreeReturnBuffer(responsePointer));
                    }
                }
            }
            finally
            {
                if (lsaHandle != null)
                {
                    lsaHandle.Close();
                }
            }
		}
Пример #2
0
		static extern int LsaLookupAuthenticationPackage(
                LsaSafeHandle LsaHandle,
				ref LsaString PackageName,
				out uint AuthenticationPackage);