sean-m
/
Vanara
mirror of https://github.com/dahall/Vanara.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Added missing structures related to kerberos tickets

pull/83/head
David Hall 2019-11-26 21:32:18 -07:00
parent a7b722c8a3
commit 6192335362
2 changed files with 363 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
PInvoke/Security/AdvApi32/WinNT.cs
View File

@ -14,6 +14,9 @@ namespace Vanara.PInvoke
{
public const uint SECURITY_DESCRIPTOR_REVISION = 1;
public const uint SECURITY_DESCRIPTOR_REVISION1 = 1;
public const int SID_MAX_SUB_AUTHORITIES = 15;
public const int SID_RECOMMENDED_SUB_AUTHORITIES = 1; // Will change to around 6
public const uint SID_REVISION = 1; // Current revision level
/// <summary>Indicates whether the ObjectTypeName and InheritedObjectTypeName members contain strings.</summary>
[PInvokeData("winnt.h")]

405
PInvoke/Security/Secur32/NTSecApi.cs
View File

@ -1,5 +1,8 @@
using System;
using System.Collections.Generic;
using System.Runtime.InteropServices;
using Vanara.Extensions;
using Vanara.InteropServices;
using static Vanara.PInvoke.AdvApi32;
using FILETIME = System.Runtime.InteropServices.ComTypes.FILETIME;
@ -8,6 +11,10 @@ namespace Vanara.PInvoke
/// <summary>Functions, enumerations and structures found in Secur32.dll.</summary>
public static partial class Secur32
{
/// <summary>Microsoft CredSSP Security Provider.</summary>
[PInvokeData("credssp.h")]
public const string CREDSSP_NAME = "CREDSSP";
/// <summary>The Kerberos authentication package name.</summary>
[PInvokeData("Ntsecapi.h")]
public const string MICROSOFT_KERBEROS_NAME = "Kerberos";
@ -24,22 +31,17 @@ namespace Vanara.PInvoke
[PInvokeData("Security.h")]
public const string NTLMSP_NAME = "NTLM";
/// <summary>Digest Authentication for Windows.</summary>
[PInvokeData("wdigest.h")]
public const string WDIGEST_SP_NAME = "WDigest";
/// <summary>Microsoft CredSSP Security Provider.</summary>
[PInvokeData("credssp.h")]
public const string CREDSSP_NAME = "CREDSSP";
/// <summary>TS Service Security Package</summary>
[PInvokeData("Ntsecapi.h")]
public const string PKU2U_PACKAGE_NAME = "pku2u";
/// <summary>TS Service Security Package</summary>
[PInvokeData("credssp.h")]
public const string TS_SSP_NAME = "TSSSP";
/// <summary>TS Service Security Package</summary>
[PInvokeData("Ntsecapi.h")]
public const string PKU2U_PACKAGE_NAME = "pku2u";
/// <summary>Digest Authentication for Windows.</summary>
[PInvokeData("wdigest.h")]
public const string WDIGEST_SP_NAME = "WDigest";
/// <summary>Kerberos encryption types.</summary>
[PInvokeData("Ntsecapi.h", MSDNShortId = "3b088c94-810b-44c7-887a-58e8dbd13603")]
public enum KERB_ETYPE
@ -85,6 +87,40 @@ namespace Vanara.PInvoke
KERB_ETYPE_RC4_HMAC_NT_EXP = 24
}
/// <summary>The <c>KERB_LOGON_SUBMIT_TYPE</c> enumeration identifies the type of logon being requested.</summary>
// https://docs.microsoft.com/en-us/windows/desktop/api/ntsecapi/ne-ntsecapi-kerb_logon_submit_type
// typedef enum _KERB_LOGON_SUBMIT_TYPE { KerbInteractiveLogon, KerbSmartCardLogon, KerbWorkstationUnlockLogon, KerbSmartCardUnlockLogon, KerbProxyLogon, KerbTicketLogon, KerbTicketUnlockLogon, KerbS4ULogon, KerbCertificateLogon, KerbCertificateS4ULogon, KerbCertificateUnlockLogon, KerbNoElevationLogon, KerbLuidLogon } KERB_LOGON_SUBMIT_TYPE, *PKERB_LOGON_SUBMIT_TYPE;
[PInvokeData("ntsecapi.h", MSDNShortId = "500bee53-638b-4782-b42d-1df158396fb6")]
public enum KERB_LOGON_SUBMIT_TYPE
{
/// <summary>Perform an interactive logon.</summary>
KerbInteractiveLogon = 2,
/// <summary>Logon using a smart card.</summary>
KerbSmartCardLogon = 6,
/// <summary>Unlock a workstation.</summary>
KerbWorkstationUnlockLogon,
/// <summary>Unlock a workstation using a smart card.</summary>
KerbSmartCardUnlockLogon,
/// <summary>Logon using a proxy server.</summary>
KerbProxyLogon,
/// <summary>Logon using a valid Kerberos ticket as a credential.</summary>
KerbTicketLogon,
/// <summary>Unlock a workstation by using a Kerberos ticket.</summary>
KerbTicketUnlockLogon,
/// <summary>Perform a service for user logon.</summary>
KerbS4ULogon,
/// <summary>Logon interactively using a certificate stored on a smart card.</summary>
KerbCertificateLogon,
/// <summary>Perform a service for user logon using a certificate stored on a smart card.</summary>
KerbCertificateS4ULogon,
/// <summary>Unlock a workstation using a certificate stored on a smart card.</summary>
KerbCertificateUnlockLogon,
/// <summary />
KerbNoElevationLogon = 83,
/// <summary />
KerbLuidLogon,
}
/// <summary>
/// <para>
/// The <c>KERB_PROTOCOL_MESSAGE_TYPE</c> enumeration lists the types of messages that can be sent to the Kerberos authentication
@ -242,38 +278,77 @@ namespace Vanara.PInvoke
KerbQueryS4U2ProxyCacheMessage,
}
/// <summary>The <c>KERB_LOGON_SUBMIT_TYPE</c> enumeration identifies the type of logon being requested.</summary>
// https://docs.microsoft.com/en-us/windows/desktop/api/ntsecapi/ne-ntsecapi-kerb_logon_submit_type
// typedef enum _KERB_LOGON_SUBMIT_TYPE { KerbInteractiveLogon, KerbSmartCardLogon, KerbWorkstationUnlockLogon, KerbSmartCardUnlockLogon, KerbProxyLogon, KerbTicketLogon, KerbTicketUnlockLogon, KerbS4ULogon, KerbCertificateLogon, KerbCertificateS4ULogon, KerbCertificateUnlockLogon, KerbNoElevationLogon, KerbLuidLogon } KERB_LOGON_SUBMIT_TYPE, *PKERB_LOGON_SUBMIT_TYPE;
[PInvokeData("ntsecapi.h", MSDNShortId = "500bee53-638b-4782-b42d-1df158396fb6")]
public enum KERB_LOGON_SUBMIT_TYPE
/// <summary>Ticket flags, as defined in Internet RFC 4120. This parameter can be one or more of the following values.</summary>
[PInvokeData("ntsecapi.h", MSDNShortId = "742e2795-ec74-4856-a680-7a1c233a2934")]
[Flags]
public enum KERB_TICKET_FLAGS : uint
{
/// <summary>Perform an interactive logon.</summary>
KerbInteractiveLogon = 2,
/// <summary>Logon using a smart card.</summary>
KerbSmartCardLogon = 6,
/// <summary>Unlock a workstation.</summary>
KerbWorkstationUnlockLogon,
/// <summary>Unlock a workstation using a smart card.</summary>
KerbSmartCardUnlockLogon,
/// <summary>Logon using a proxy server.</summary>
KerbProxyLogon,
/// <summary>Logon using a valid Kerberos ticket as a credential.</summary>
KerbTicketLogon,
/// <summary>Unlock a workstation by using a Kerberos ticket.</summary>
KerbTicketUnlockLogon,
/// <summary>Perform a service for user logon.</summary>
KerbS4ULogon,
/// <summary>Logon interactively using a certificate stored on a smart card.</summary>
KerbCertificateLogon,
/// <summary>Perform a service for user logon using a certificate stored on a smart card.</summary>
KerbCertificateS4ULogon,
/// <summary>Unlock a workstation using a certificate stored on a smart card.</summary>
KerbCertificateUnlockLogon,
/// <summary />
KerbNoElevationLogon = 83,
/// <summary />
KerbLuidLogon,
/// <summary>
/// The ticket-granting server can issue a new ticket-granting ticket with a different network address, based on the presented ticket.
/// </summary>
KERB_TICKET_FLAGS_forwardable = 0x40000000,
/// <summary>
/// The ticket has either been forwarded or was issued based on authentication that involved a forwarded ticket-granting ticket.
/// </summary>
KERB_TICKET_FLAGS_forwarded = 0x20000000,
/// <summary>
/// The protocol employed for initial authentication required the use of hardware expected to be possessed solely by the named
/// client. The hardware authentication method is selected by the KDC, and the strength of the method is not indicated.
/// </summary>
KERB_TICKET_FLAGS_hw_authent = 0x00100000,
/// <summary>
/// The ticket was issued by using the Authentication Service protocol instead of being based on a ticket-granting ticket.
/// </summary>
KERB_TICKET_FLAGS_initial = 0x00400000,
/// <summary>The ticket is not valid.</summary>
KERB_TICKET_FLAGS_invalid = 0x01000000,
/// <summary>
/// Indicates to the ticket-granting server that a postdated ticket can be issued based on this ticket-granting ticket.
/// </summary>
KERB_TICKET_FLAGS_may_postdate = 0x04000000,
/// <summary>
/// The target of the ticket is trusted by the directory service for delegation. Thus, the clients may delegate their
/// credentials to the server, which lets the server act as the client when talking to other services.
/// </summary>
KERB_TICKET_FLAGS_ok_as_delegate = 0x00040000,
/// <summary>
/// The ticket has been postdated. The end service can check the ticket's authtime member to determine when the original
/// authentication occurred.
/// </summary>
KERB_TICKET_FLAGS_postdated = 0x02000000,
/// <summary>
/// During initial authentication, the client was authenticated by the KDC before a ticket was issued. The strength of the
/// preauthentication method is not indicated but is acceptable to the KDC.
/// </summary>
KERB_TICKET_FLAGS_pre_authent = 0x00200000,
/// <summary>
/// Indicates to the ticket-granting server that only nonticket-granting tickets can be issued with different network addresses.
/// </summary>
KERB_TICKET_FLAGS_proxiable = 0x10000000,
/// <summary>The ticket is a proxy.</summary>
KERB_TICKET_FLAGS_proxy = 0x08000000,
/// <summary>
/// The ticket is renewable. If this flag is set, the time limit for renewing the ticket is set in the RenewTime member of a
/// KERB_TICKET_CACHE_INFO structure. A renewable ticket can be used to obtain a replacement ticket that expires at a later date.
/// </summary>
KERB_TICKET_FLAGS_renewable = 0x00800000,
/// <summary>Reserved for future use. Do not set this flag.</summary>
KERB_TICKET_FLAGS_reserved = 0x80000000,
/// <summary>Reserved.</summary>
KERB_TICKET_FLAGS_reserved1 = 0x00000001,
}
[PInvokeData("ntsecapi.h", MSDNShortId = "8ed37546-6443-4010-a078-4359dd1c2861")]
@ -1646,8 +1721,16 @@ namespace Vanara.PInvoke
[FieldOffset(8)]
public IntPtr Names;
// /// <inheritdoc/> public override string ToString() => NameCount == 0 ? "" : string.Join("; ",
// Array.ConvertAll(Names.ToArray<LSA_UNICODE_STRING>(NameCount), s => s.ToString()));
/// <summary>Extracts the names from <see cref="Names"/>.</summary>
/// <returns>A sequence of names.</returns>
public IEnumerable<string> GetNames()
{
if (NameCount == 0)
yield break;
using var pin = new PinnedObject(this);
foreach (var us in ((IntPtr)pin).ToIEnum<LSA_UNICODE_STRING>(NameCount, 8))
yield return us.ToString();
}
}
/// <summary>
@ -1785,7 +1868,7 @@ namespace Vanara.PInvoke
/// </item>
/// </list>
/// </summary>
public uint TicketFlags;
public KERB_TICKET_FLAGS TicketFlags;
/// <summary>Reserved for future use. Set this member to zero.</summary>
public uint Flags;
@ -1849,6 +1932,105 @@ namespace Vanara.PInvoke
public LSA_UNICODE_STRING Password;
}
/// <summary>
/// <para>The <c>KERB_PURGE_TKT_CACHE_REQUEST</c> structure contains information used to delete entries from the ticket cache.</para>
/// <para>It is used by LsaCallAuthenticationPackage.</para>
/// </summary>
/// <remarks>
/// <para>
/// If both <c>ServerName</c> and <c>RealmName</c> are of zero length, LsaCallAuthenticationPackage will delete all tickets for the
/// logon session identified by <c>LogonId</c>. Otherwise, <c>LsaCallAuthenticationPackage</c> will search the cache tickets for
/// <c>ServerName</c>@ <c>RealmName</c>, and will delete all such tickets.
/// </para>
/// <para>
/// LsaCallAuthenticationPackage does not return this buffer. It returns STATUS_SUCCESS if one or more tickets are deleted. If no
/// tickets are found, the function returns SEC_E_NO_CREDENTIALS.
/// </para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/ns-ntsecapi-kerb_purge_tkt_cache_request typedef struct
// _KERB_PURGE_TKT_CACHE_REQUEST { KERB_PROTOCOL_MESSAGE_TYPE MessageType; LUID LogonId; UNICODE_STRING ServerName; UNICODE_STRING
// RealmName; } KERB_PURGE_TKT_CACHE_REQUEST, *PKERB_PURGE_TKT_CACHE_REQUEST;
[PInvokeData("ntsecapi.h", MSDNShortId = "4e5e944a-8163-42de-b534-3b0478d9f334")]
[StructLayout(LayoutKind.Sequential)]
public struct KERB_PURGE_TKT_CACHE_REQUEST
{
/// <summary>KERB_PROTOCOL_MESSAGE_TYPE value identifying the type of request being made. This member must be set to <c>KerbPurgeTicketCacheMessage</c>.</summary>
public KERB_PROTOCOL_MESSAGE_TYPE MessageType;
/// <summary>
/// LUID structure containing the logon session identifier. This can be zero for the current user's logon session. If not zero,
/// the caller must have the SeTcbPrivilege privilege set. If this fails, the Kerberos authentication package sets the
/// ProtocolStatus parameter of LsaCallAuthenticationPackage to <c>STATUS_ACCESS_DENIED</c>.
/// </summary>
public LUID LogonId;
/// <summary>UNICODE_STRING containing the name of the service whose tickets should be deleted from the cache.</summary>
public LSA_UNICODE_STRING ServerName;
/// <summary>UNICODE_STRING containing the name of the realm whose tickets should be deleted from the cache.</summary>
public LSA_UNICODE_STRING RealmName;
}
/// <summary>
/// <para>The <c>KERB_QUERY_TKT_CACHE_REQUEST</c> structure contains information used to query the ticket cache.</para>
/// <para>It is used by LsaCallAuthenticationPackage.</para>
/// </summary>
// https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/ns-ntsecapi-kerb_query_tkt_cache_request typedef struct
// _KERB_QUERY_TKT_CACHE_REQUEST { KERB_PROTOCOL_MESSAGE_TYPE MessageType; LUID LogonId; } KERB_QUERY_TKT_CACHE_REQUEST, *PKERB_QUERY_TKT_CACHE_REQUEST;
[PInvokeData("ntsecapi.h", MSDNShortId = "3c8e63b3-9ac4-4228-87e1-6802c3d12d6c")]
[StructLayout(LayoutKind.Sequential)]
public struct KERB_QUERY_TKT_CACHE_REQUEST
{
/// <summary>
/// <para>
/// KERB_PROTOCOL_MESSAGE_TYPE value identifying the type of request being made. This member must be set to
/// <c>KerbQueryTicketCacheMessage</c> or <c>KerbRetrieveTicketMessage</c>.
/// </para>
/// <para>
/// If this member is set to <c>KerbQueryTicketCacheMessage</c>, the request is for information about all of the cached tickets
/// for the specified user logon session. If it is set to <c>KerbRetrieveTicketMessage</c>, the request is for the ticket
/// granting ticket from the ticket cache of the specified user logon session.
/// </para>
/// </summary>
public KERB_PROTOCOL_MESSAGE_TYPE MessageType;
/// <summary>
/// LUID structure containing the logon session identifier. This can be zero for the current user's logon session. If not zero,
/// the caller must have the SeTcbPrivilege privilege set. If this fails, the Kerberos authentication package sets the
/// ProtocolStatus parameter of LsaCallAuthenticationPackage to STATUS_ACCESS_DENIED.
/// </summary>
public LUID LogonId;
}
/// <summary>
/// <para>The <c>KERB_QUERY_TKT_CACHE_RESPONSE</c> structure contains the results of querying the ticket cache.</para>
/// <para>It is used by LsaCallAuthenticationPackage.</para>
/// </summary>
/// <remarks>
/// This buffer is allocated by the Kerberos authentication package and should be deleted by the application that called
/// LsaCallAuthenticationPackage, using LsaFreeReturnBuffer.
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/ns-ntsecapi-kerb_query_tkt_cache_response typedef struct
// _KERB_QUERY_TKT_CACHE_RESPONSE { KERB_PROTOCOL_MESSAGE_TYPE MessageType; ULONG CountOfTickets; KERB_TICKET_CACHE_INFO
// Tickets[ANYSIZE_ARRAY]; } KERB_QUERY_TKT_CACHE_RESPONSE, *PKERB_QUERY_TKT_CACHE_RESPONSE;
[PInvokeData("ntsecapi.h", MSDNShortId = "2101c1de-f304-4d44-899f-f9f03cd50934")]
[StructLayout(LayoutKind.Sequential)]
[VanaraMarshaler(typeof(SafeAnysizeStructMarshaler<KERB_QUERY_TKT_CACHE_RESPONSE>), nameof(CountOfTickets))]
public struct KERB_QUERY_TKT_CACHE_RESPONSE
{
/// <summary>KERB_PROTOCOL_MESSAGE_TYPE value identifying the type of request being made. This member must be set to <c>KerbQueryTicketCacheMessage</c>.</summary>
public KERB_PROTOCOL_MESSAGE_TYPE MessageType;
/// <summary>
/// Number of tickets in <c>Tickets</c> array. This can be zero if no tickets are available for the specified logon session.
/// </summary>
public uint CountOfTickets;
/// <summary>Array of length <c>CountOfTickets</c> of KERB_TICKET_CACHE_INFO structures.</summary>
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)]
public KERB_TICKET_CACHE_INFO[] Tickets;
}
/// <summary>
/// <para>The <c>KERB_RETRIEVE_TKT_REQUEST</c> structure contains information used to retrieve a ticket.</para>
/// <para>
@ -2011,6 +2193,139 @@ namespace Vanara.PInvoke
public KERB_EXTERNAL_TICKET Ticket;
}
/// <summary>
/// <para>
/// The <c>KERB_TICKET_CACHE_INFO</c> structure contains information about a cached Kerberos ticket. The Kerberos ticket is defined
/// in Internet RFC 4120. For more information, see http://www.ietf.org.
/// </para>
/// <para>
/// It can be used both for retrieving tickets and querying the ticket cache. The KERB_QUERY_TKT_CACHE_RESPONSE structure uses this structure.
/// </para>
/// </summary>
// https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/ns-ntsecapi-kerb_ticket_cache_info typedef struct
// _KERB_TICKET_CACHE_INFO { UNICODE_STRING ServerName; UNICODE_STRING RealmName; LARGE_INTEGER StartTime; LARGE_INTEGER EndTime;
// LARGE_INTEGER RenewTime; LONG EncryptionType; ULONG TicketFlags; } KERB_TICKET_CACHE_INFO, *PKERB_TICKET_CACHE_INFO;
[PInvokeData("ntsecapi.h", MSDNShortId = "e9ac70f0-65dc-4c5a-b41f-7c4659680333")]
[StructLayout(LayoutKind.Sequential)]
public struct KERB_TICKET_CACHE_INFO
{
/// <summary>
/// A UNICODE_STRING that contains the name of the server the ticket applies to. This name is combined with the <c>RealmName</c>
/// value to create the full name <c>ServerName</c>@ <c>RealmName</c>.
/// </summary>
public LSA_UNICODE_STRING ServerName;
/// <summary>A UNICODE_STRING that contains the name of the realm the ticket applies to.</summary>
public LSA_UNICODE_STRING RealmName;
/// <summary>
/// A FILETIME structure that contains the time at which the ticket becomes valid. If the <c>starttime</c> member of the ticket
/// is not set, this value defaults to the time when the ticket was initially authenticated, <c>authtime</c>. The
/// <c>starttime</c> member of a ticket is optional.
/// </summary>
public FILETIME StartTime;
/// <summary>A FILETIME structure that contains the time when the ticket expires.</summary>
public FILETIME EndTime;
/// <summary>
/// If KERB_TICKET_FLAGS_renewable is set in <c>TicketFlags</c>, this member is a FILETIME structure that contains the time
/// beyond which the ticket cannot be renewed.
/// </summary>
public FILETIME RenewTime;
/// <summary>The type of encryption used in the ticket.</summary>
public KERB_ETYPE EncryptionType;
/// <summary>
/// <para>The ticket flags, as defined in Internet RFC 4120. These flags can be one or more of the following values.</para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>KERB_TICKET_FLAGS_forwardable 0x40000000</term>
/// <term>
/// The ticket-granting server can issue a new ticket-granting ticket with a different network address based on the presented ticket.
/// </term>
/// </item>
/// <item>
/// <term>KERB_TICKET_FLAGS_forwarded 0x20000000</term>
/// <term>
/// The ticket has either been forwarded or was issued based on authentication that involved a forwarded ticket-granting ticket.
/// </term>
/// </item>
/// <item>
/// <term>KERB_TICKET_FLAGS_hw_authent 0x00100000</term>
/// <term>
/// The protocol employed for initial authentication required the use of hardware expected to be possessed solely by the named
/// client. The hardware authentication method is selected by the KDC and the strength of the method is not indicated.
/// </term>
/// </item>
/// <item>
/// <term>KERB_TICKET_FLAGS_initial 0x00400000</term>
/// <term>The ticket was issued by using the Authentication Service protocol instead of being based on a ticket-granting ticket.</term>
/// </item>
/// <item>
/// <term>KERB_TICKET_FLAGS_invalid 0x01000000</term>
/// <term>The ticket is not valid.</term>
/// </item>
/// <item>
/// <term>KERB_TICKET_FLAGS_may_postdate 0x04000000</term>
/// <term>Indicates to the ticket-granting server that a postdated ticket can be issued based on this ticket-granting ticket.</term>
/// </item>
/// <item>
/// <term>KERB_TICKET_FLAGS_ok_as_delegate 0x00040000</term>
/// <term>
/// The target of the ticket is trusted by the directory service for delegation. Thus, clients may delegate their credentials to
/// the server, which lets the server act as the client when talking to other services.
/// </term>
/// </item>
/// <item>
/// <term>KERB_TICKET_FLAGS_postdated 0x02000000</term>
/// <term>
/// The ticket has been postdated. The end-service can check the ticket's authtime member to see when the original
/// authentication occurred.
/// </term>
/// </item>
/// <item>
/// <term>KERB_TICKET_FLAGS_pre_authent 0x00200000</term>
/// <term>
/// During initial authentication, the client was authenticated by the Key Distribution Center (KDC) before a ticket was issued.
/// The strength of the preauthentication method is not indicated, but is acceptable to the KDC.
/// </term>
/// </item>
/// <item>
/// <term>KERB_TICKET_FLAGS_proxiable 0x10000000</term>
/// <term>
/// Indicates to the ticket-granting server that only nonticket-granting tickets can be issued based on this ticket but with a
/// different network addresses.
/// </term>
/// </item>
/// <item>
/// <term>KERB_TICKET_FLAGS_proxy 0x08000000</term>
/// <term>The ticket is a proxy.</term>
/// </item>
/// <item>
/// <term>KERB_TICKET_FLAGS_renewable 0x00800000</term>
/// <term>
/// The ticket is renewable. If this flag is set, the time limit for renewing the ticket is set in RenewTime. A renewable ticket
/// can be used to obtain a replacement ticket that expires at a later date.
/// </term>
/// </item>
/// <item>
/// <term>KERB_TICKET_FLAGS_reserved 0x80000000</term>
/// <term>Reserved for future use. Do not set this flag.</term>
/// </item>
/// <item>
/// <term>KERB_TICKET_FLAGS_reserved1 0x00000001</term>
/// <term>Reserved.</term>
/// </item>
/// </list>
/// </summary>
public KERB_TICKET_FLAGS TicketFlags;
}
/// <summary>The <c>LSA_LAST_INTER_LOGON_INFO</c> structure contains information about a logon session.</summary>
// https://docs.microsoft.com/en-us/windows/desktop/api/ntsecapi/ns-ntsecapi-_lsa_last_inter_logon_info typedef struct
// _LSA_LAST_INTER_LOGON_INFO { LARGE_INTEGER LastSuccessfulLogon; LARGE_INTEGER LastFailedLogon; ULONG