internal static Ticket GetTicket() { LsaSafeHandle lsaHandle = null; try { // connect to the LSA outside the TCB Check(LsaConnectUntrusted(out lsaHandle)); string kerberos = "Kerberos"; LsaString lsaString = new LsaString(); lsaString.Length = (ushort)kerberos.Length; lsaString.MaximumLength = (ushort)kerberos.Length; lsaString.Buffer = kerberos; uint authenticationPackage = 0; // lookup the index for the Kerberos authentication package Check(LsaLookupAuthenticationPackage(lsaHandle, ref lsaString, out authenticationPackage)); KERB_QUERY_TKT_CACHE_REQUEST request = new KERB_QUERY_TKT_CACHE_REQUEST(); request.MessageType = KERB_PROTOCOL_MESSAGE_TYPE.KerbRetrieveTicketMessage; request.LoginId.LowPart = 0; request.LoginId.HighPart = 0; int submitBufferLength = Marshal.SizeOf(typeof(KERB_QUERY_TKT_CACHE_REQUEST)); IntPtr responsePointer = IntPtr.Zero; int returnBufferLength = 0; int protocolStatus = 0; try { // send the request to Kerberos and get a response Check(LsaCallAuthenticationPackage(lsaHandle, authenticationPackage, ref request, submitBufferLength, out responsePointer, out returnBufferLength, out protocolStatus)); Check(protocolStatus); if (responsePointer == IntPtr.Zero || returnBufferLength < Marshal.SizeOf(typeof(KERB_RETRIEVE_TKT_RESPONSE))) { throw new InvalidOperationException(); } KERB_RETRIEVE_TKT_RESPONSE response = new KERB_RETRIEVE_TKT_RESPONSE(); Marshal.PtrToStructure(responsePointer, response); Ticket ticket = new Ticket(); ticket.EncodedTicket = ReadBytes(response.Ticket.EncodedTicket, response.Ticket.EncodedTicketSize); ticket.ClientNames = ReadExternalName(response.Ticket.ClientName); ticket.TargetNames = ReadExternalName(response.Ticket.TargetName); ticket.SessionKey = ReadBytes(response.Ticket.SessionKey.Value, response.Ticket.SessionKey.Length); ticket.SessionKeyType = response.Ticket.SessionKey.KeyType; ticket.StartTime = response.Ticket.StartTime; ticket.EndTime = response.Ticket.EndTime; ticket.RenewUntil = response.Ticket.RenewUntil; return ticket; } finally { if (responsePointer != IntPtr.Zero) { Check(LsaFreeReturnBuffer(responsePointer)); } } } finally { if (lsaHandle != null) { lsaHandle.Close(); } } }
static extern int LsaLookupAuthenticationPackage( LsaSafeHandle LsaHandle, ref LsaString PackageName, out uint AuthenticationPackage);