private void btnOK_Click(object sender, EventArgs e)
{
bool success = false;
try
{
Sid = new Sid(textBoxSid.Text);
success = true;
}
catch (Exception)
{
}
if (!success)
{
try
{
Sid = NtSecurity.LookupAccountName(textBoxSid.Text);
success = true;
}
catch (Exception ex)
{
MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
if (success)
{
DialogResult = DialogResult.OK;
Close();
}
}
private static Sid LookupAccountSid(string name)
{
var sid = NtSecurity.SidFromSddl(name, false);
if (sid.IsSuccess)
{
return(sid.Result);
}
return(NtSecurity.LookupAccountName(name));
}
public static Sid UserToSid(string username)
{
try
{
return(NtSecurity.LookupAccountName(username));
}
catch (NtException)
{
return(new Sid(username));
}
}
private static Sid LookupAccountSid(string name)
{
try
{
return(new Sid(name));
}
catch (NtException)
{
return(NtSecurity.LookupAccountName(name));
}
}
private Sid GetSid()
{
switch (ParameterSetName)
{
case "FromSid":
return(Sid);
case "FromKnownSid":
return(KnownSids.GetKnownSid(KnownSid));
case "FromName":
return(NtSecurity.LookupAccountName(Name));
default:
throw new InvalidOperationException("Unknown parameter set");
}
}
/// <summary>
/// Process record.
/// </summary>
protected override void ProcessRecord()
{
Sid sid;
switch (ParameterSetName)
{
case "sddl":
sid = new Sid(Sddl);
break;
case "name":
sid = NtSecurity.LookupAccountName(Name);
break;
case "service":
sid = NtSecurity.GetServiceSid(ServiceName);
break;
case "il":
sid = NtSecurity.GetIntegritySid(IntegrityLevel);
break;
case "il_raw":
sid = NtSecurity.GetIntegritySidRaw(IntegrityLevelRaw);
break;
case "package":
sid = TokenUtils.DerivePackageSidFromName(PackageName);
if (RestrictedPackageName != null)
{
sid = TokenUtils.DeriveRestrictedPackageSidFromSid(sid, RestrictedPackageName);
}
break;
case "known":
sid = KnownSids.GetKnownSid(KnownSid);
break;
case "token":
using (NtToken token = NtToken.OpenProcessToken())
{
if (PrimaryGroup)
{
sid = token.PrimaryGroup;
}
else if (Owner)
{
sid = token.Owner;
}
else if (LogonGroup)
{
sid = token.LogonSid.Sid;
}
else if (AppContainer)
{
sid = token.AppContainerSid;
}
else if (Label)
{
sid = token.IntegrityLevelSid.Sid;
}
else
{
sid = token.User.Sid;
}
}
break;
case "cap":
sid = CapabilityGroup ? NtSecurity.GetCapabilityGroupSid(CapabilityName)
: NtSecurity.GetCapabilitySid(CapabilityName);
break;
case "sid":
sid = new Sid(SecurityAuthority, RelativeIdentifier);
break;
case "logon":
sid = NtSecurity.GetLogonSessionSid();
break;
case "trust":
sid = NtSecurity.GetTrustLevelSid(TrustType, TrustLevel);
break;
case "ace":
sid = AccessControlEntry.Sid;
break;
default:
throw new ArgumentException("No SID type specified");
}
if (ToSddl)
{
WriteObject(sid.ToString());
}
else if (ToName)
{
WriteObject(sid.Name);
}
else
{
WriteObject(sid);
}
}
private void BuildAuthZContext()
{
_resource_manager = string.IsNullOrWhiteSpace(Server) ? AuthZResourceManager.Create(GetType().Name,
AuthZResourceManagerInitializeFlags.NoAudit | AuthZResourceManagerInitializeFlags.NoCentralAccessPolicies,
null) : AuthZResourceManager.Create(Server, null, AuthZResourceManagerRemoteServiceType.Default);
var sids = new HashSet <Sid>();
if (UserSid != null)
{
foreach (var sid in UserSid)
{
sids.Add(sid);
}
}
if (UserName != null)
{
foreach (var name in UserName)
{
sids.Add(NtSecurity.LookupAccountName(name));
}
}
if (sids.Count == 0)
{
sids.Add(NtToken.CurrentUser.Sid);
}
if (_resource_manager.Remote || UseLocalGroup)
{
_context.AddRange(sids.Select(s => _resource_manager.CreateContext(s, AuthZContextInitializeSidFlags.None)));
}
else
{
foreach (var sid in sids)
{
if (!NtSecurity.IsDomainSid(sid) || NtSecurity.IsLocalDomainSid(sid))
{
_context.AddResource(_resource_manager.CreateContext(sid, AuthZContextInitializeSidFlags.None));
continue;
}
WriteProgress($"Building security context for {sid.Name}");
var context = _context.AddResource(_resource_manager.CreateContext(sid, AuthZContextInitializeSidFlags.SkipTokenGroups));
context.AddSids(_cached_user_groups.GetOrAdd(Tuple.Create(Domain, sid), _ => GetUserDomainSids(Domain, sid)));
}
}
foreach (var context in Context)
{
if (sids.Add(context.User.Sid))
{
var next_ctx = _context.AddResource(_resource_manager.CreateContext(context.User.Sid, AuthZContextInitializeSidFlags.SkipTokenGroups));
foreach (var group in context.Groups)
{
next_ctx.AddSid(group.Sid);
}
}
}
_token_info = _context.Select(c => new TokenInformation(c)).ToList();
}
/// <summary>
/// Process record.
/// </summary>
protected override void ProcessRecord()
{
Sid sid;
if (Sddl != null)
{
sid = new Sid(Sddl);
}
else if (Name != null)
{
sid = NtSecurity.LookupAccountName(Name);
}
else if (ServiceName != null)
{
sid = NtSecurity.GetServiceSid(ServiceName);
}
else if (IntegrityLevel.HasValue)
{
sid = NtSecurity.GetIntegritySid(IntegrityLevel.Value);
}
else if (IntegrityLevelRaw.HasValue)
{
sid = NtSecurity.GetIntegritySidRaw(IntegrityLevelRaw.Value);
}
else if (PackageName != null)
{
sid = TokenUtils.DerivePackageSidFromName(PackageName);
if (RestrictedPackageName != null)
{
sid = TokenUtils.DeriveRestrictedPackageSidFromSid(sid, RestrictedPackageName);
}
}
else if (KnownSid.HasValue)
{
sid = KnownSids.GetKnownSid(KnownSid.Value);
}
else if (Token)
{
using (NtToken token = NtToken.OpenProcessToken())
{
if (PrimaryGroup)
{
sid = token.PrimaryGroup;
}
else if (Owner)
{
sid = token.Owner;
}
else if (LogonGroup)
{
sid = token.LogonSid.Sid;
}
else if (AppContainer)
{
sid = token.AppContainerSid;
}
else if (Label)
{
sid = token.IntegrityLevelSid.Sid;
}
else
{
sid = token.User.Sid;
}
}
}
else
{
throw new ArgumentException("No SID type specified");
}
WriteObject(sid);
}
/// <summary>
/// Process record.
/// </summary>
protected override void ProcessRecord()
{
IEnumerable <Sid> sids;
switch (ParameterSetName)
{
case "sddl":
sids = Sddl.Select(s => new Sid(s));
break;
case "name":
sids = Name.Select(s => NtSecurity.LookupAccountName(s));
break;
case "service":
sids = ServiceName.Select(s => NtSecurity.GetServiceSid(s));
break;
case "il":
sids = IntegrityLevel.Select(s => NtSecurity.GetIntegritySid(s));
break;
case "il_raw":
sids = IntegrityLevelRaw.Select(s => NtSecurity.GetIntegritySidRaw(s));
break;
case "package":
sids = PackageName.Select(s => TokenUtils.DerivePackageSidFromName(s));
if (RestrictedPackageName != null)
{
sids = sids.Select(s => TokenUtils.DeriveRestrictedPackageSidFromSid(s, RestrictedPackageName));
}
if (AsCapability)
{
sids = sids.Select(s => NtSecurity.PackageSidToCapability(s));
}
break;
case "known":
sids = KnownSid.Select(s => KnownSids.GetKnownSid(s));
break;
case "token":
using (NtToken token = NtToken.OpenProcessToken())
{
Sid temp = null;
if (PrimaryGroup)
{
temp = token.PrimaryGroup;
}
else if (Owner)
{
temp = token.Owner;
}
else if (LogonGroup)
{
temp = token.LogonSid.Sid;
}
else if (AppContainer)
{
temp = token.AppContainerSid;
}
else if (Label)
{
temp = token.IntegrityLevelSid.Sid;
}
else
{
temp = token.User.Sid;
}
sids = new[] { temp };
}
break;
case "cap":
sids = CapabilityName.Select(s => CapabilityGroup ? NtSecurity.GetCapabilityGroupSid(s)
: NtSecurity.GetCapabilitySid(s));
break;
case "sid":
sids = new[] { new Sid(SecurityAuthority, RelativeIdentifier ?? new uint[0]) };
break;
case "rawsa":
sids = new[] { new Sid(new SidIdentifierAuthority(SecurityAuthorityByte), RelativeIdentifier) };
break;
case "logon":
sids = new[] { NtSecurity.GetLogonSessionSid() };
break;
case "trust":
sids = new[] { NtSecurity.GetTrustLevelSid(TrustType, TrustLevel) };
break;
case "ace":
sids = AccessControlEntry.Select(a => a.Sid);
break;
case "relsid":
sids = new[] { Sibling?BaseSid.CreateSibling(RelativeIdentifier) : BaseSid.CreateRelative(RelativeIdentifier) };
break;
case "bytes":
sids = new[] { new Sid(Byte) };
break;
default:
throw new ArgumentException("No SID type specified");
}
if (AsSddl)
{
WriteObject(sids.Select(s => s.ToString()), true);
}
else if (AsName)
{
WriteObject(sids.Select(s => s.Name), true);
}
else
{
WriteObject(sids, true);
}
}
