private void btnOK_Click(object sender, EventArgs e) { bool success = false; try { Sid = new Sid(textBoxSid.Text); success = true; } catch (Exception) { } if (!success) { try { Sid = NtSecurity.LookupAccountName(textBoxSid.Text); success = true; } catch (Exception ex) { MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); } } if (success) { DialogResult = DialogResult.OK; Close(); } }
private static Sid LookupAccountSid(string name) { var sid = NtSecurity.SidFromSddl(name, false); if (sid.IsSuccess) { return(sid.Result); } return(NtSecurity.LookupAccountName(name)); }
public static Sid UserToSid(string username) { try { return(NtSecurity.LookupAccountName(username)); } catch (NtException) { return(new Sid(username)); } }
private static Sid LookupAccountSid(string name) { try { return(new Sid(name)); } catch (NtException) { return(NtSecurity.LookupAccountName(name)); } }
private Sid GetSid() { switch (ParameterSetName) { case "FromSid": return(Sid); case "FromKnownSid": return(KnownSids.GetKnownSid(KnownSid)); case "FromName": return(NtSecurity.LookupAccountName(Name)); default: throw new InvalidOperationException("Unknown parameter set"); } }
/// <summary> /// Process record. /// </summary> protected override void ProcessRecord() { Sid sid; switch (ParameterSetName) { case "sddl": sid = new Sid(Sddl); break; case "name": sid = NtSecurity.LookupAccountName(Name); break; case "service": sid = NtSecurity.GetServiceSid(ServiceName); break; case "il": sid = NtSecurity.GetIntegritySid(IntegrityLevel); break; case "il_raw": sid = NtSecurity.GetIntegritySidRaw(IntegrityLevelRaw); break; case "package": sid = TokenUtils.DerivePackageSidFromName(PackageName); if (RestrictedPackageName != null) { sid = TokenUtils.DeriveRestrictedPackageSidFromSid(sid, RestrictedPackageName); } break; case "known": sid = KnownSids.GetKnownSid(KnownSid); break; case "token": using (NtToken token = NtToken.OpenProcessToken()) { if (PrimaryGroup) { sid = token.PrimaryGroup; } else if (Owner) { sid = token.Owner; } else if (LogonGroup) { sid = token.LogonSid.Sid; } else if (AppContainer) { sid = token.AppContainerSid; } else if (Label) { sid = token.IntegrityLevelSid.Sid; } else { sid = token.User.Sid; } } break; case "cap": sid = CapabilityGroup ? NtSecurity.GetCapabilityGroupSid(CapabilityName) : NtSecurity.GetCapabilitySid(CapabilityName); break; case "sid": sid = new Sid(SecurityAuthority, RelativeIdentifier); break; case "logon": sid = NtSecurity.GetLogonSessionSid(); break; case "trust": sid = NtSecurity.GetTrustLevelSid(TrustType, TrustLevel); break; case "ace": sid = AccessControlEntry.Sid; break; default: throw new ArgumentException("No SID type specified"); } if (ToSddl) { WriteObject(sid.ToString()); } else if (ToName) { WriteObject(sid.Name); } else { WriteObject(sid); } }
private void BuildAuthZContext() { _resource_manager = string.IsNullOrWhiteSpace(Server) ? AuthZResourceManager.Create(GetType().Name, AuthZResourceManagerInitializeFlags.NoAudit | AuthZResourceManagerInitializeFlags.NoCentralAccessPolicies, null) : AuthZResourceManager.Create(Server, null, AuthZResourceManagerRemoteServiceType.Default); var sids = new HashSet <Sid>(); if (UserSid != null) { foreach (var sid in UserSid) { sids.Add(sid); } } if (UserName != null) { foreach (var name in UserName) { sids.Add(NtSecurity.LookupAccountName(name)); } } if (sids.Count == 0) { sids.Add(NtToken.CurrentUser.Sid); } if (_resource_manager.Remote || UseLocalGroup) { _context.AddRange(sids.Select(s => _resource_manager.CreateContext(s, AuthZContextInitializeSidFlags.None))); } else { foreach (var sid in sids) { if (!NtSecurity.IsDomainSid(sid) || NtSecurity.IsLocalDomainSid(sid)) { _context.AddResource(_resource_manager.CreateContext(sid, AuthZContextInitializeSidFlags.None)); continue; } WriteProgress($"Building security context for {sid.Name}"); var context = _context.AddResource(_resource_manager.CreateContext(sid, AuthZContextInitializeSidFlags.SkipTokenGroups)); context.AddSids(_cached_user_groups.GetOrAdd(Tuple.Create(Domain, sid), _ => GetUserDomainSids(Domain, sid))); } } foreach (var context in Context) { if (sids.Add(context.User.Sid)) { var next_ctx = _context.AddResource(_resource_manager.CreateContext(context.User.Sid, AuthZContextInitializeSidFlags.SkipTokenGroups)); foreach (var group in context.Groups) { next_ctx.AddSid(group.Sid); } } } _token_info = _context.Select(c => new TokenInformation(c)).ToList(); }
/// <summary> /// Process record. /// </summary> protected override void ProcessRecord() { Sid sid; if (Sddl != null) { sid = new Sid(Sddl); } else if (Name != null) { sid = NtSecurity.LookupAccountName(Name); } else if (ServiceName != null) { sid = NtSecurity.GetServiceSid(ServiceName); } else if (IntegrityLevel.HasValue) { sid = NtSecurity.GetIntegritySid(IntegrityLevel.Value); } else if (IntegrityLevelRaw.HasValue) { sid = NtSecurity.GetIntegritySidRaw(IntegrityLevelRaw.Value); } else if (PackageName != null) { sid = TokenUtils.DerivePackageSidFromName(PackageName); if (RestrictedPackageName != null) { sid = TokenUtils.DeriveRestrictedPackageSidFromSid(sid, RestrictedPackageName); } } else if (KnownSid.HasValue) { sid = KnownSids.GetKnownSid(KnownSid.Value); } else if (Token) { using (NtToken token = NtToken.OpenProcessToken()) { if (PrimaryGroup) { sid = token.PrimaryGroup; } else if (Owner) { sid = token.Owner; } else if (LogonGroup) { sid = token.LogonSid.Sid; } else if (AppContainer) { sid = token.AppContainerSid; } else if (Label) { sid = token.IntegrityLevelSid.Sid; } else { sid = token.User.Sid; } } } else { throw new ArgumentException("No SID type specified"); } WriteObject(sid); }
/// <summary> /// Process record. /// </summary> protected override void ProcessRecord() { IEnumerable <Sid> sids; switch (ParameterSetName) { case "sddl": sids = Sddl.Select(s => new Sid(s)); break; case "name": sids = Name.Select(s => NtSecurity.LookupAccountName(s)); break; case "service": sids = ServiceName.Select(s => NtSecurity.GetServiceSid(s)); break; case "il": sids = IntegrityLevel.Select(s => NtSecurity.GetIntegritySid(s)); break; case "il_raw": sids = IntegrityLevelRaw.Select(s => NtSecurity.GetIntegritySidRaw(s)); break; case "package": sids = PackageName.Select(s => TokenUtils.DerivePackageSidFromName(s)); if (RestrictedPackageName != null) { sids = sids.Select(s => TokenUtils.DeriveRestrictedPackageSidFromSid(s, RestrictedPackageName)); } if (AsCapability) { sids = sids.Select(s => NtSecurity.PackageSidToCapability(s)); } break; case "known": sids = KnownSid.Select(s => KnownSids.GetKnownSid(s)); break; case "token": using (NtToken token = NtToken.OpenProcessToken()) { Sid temp = null; if (PrimaryGroup) { temp = token.PrimaryGroup; } else if (Owner) { temp = token.Owner; } else if (LogonGroup) { temp = token.LogonSid.Sid; } else if (AppContainer) { temp = token.AppContainerSid; } else if (Label) { temp = token.IntegrityLevelSid.Sid; } else { temp = token.User.Sid; } sids = new[] { temp }; } break; case "cap": sids = CapabilityName.Select(s => CapabilityGroup ? NtSecurity.GetCapabilityGroupSid(s) : NtSecurity.GetCapabilitySid(s)); break; case "sid": sids = new[] { new Sid(SecurityAuthority, RelativeIdentifier ?? new uint[0]) }; break; case "rawsa": sids = new[] { new Sid(new SidIdentifierAuthority(SecurityAuthorityByte), RelativeIdentifier) }; break; case "logon": sids = new[] { NtSecurity.GetLogonSessionSid() }; break; case "trust": sids = new[] { NtSecurity.GetTrustLevelSid(TrustType, TrustLevel) }; break; case "ace": sids = AccessControlEntry.Select(a => a.Sid); break; case "relsid": sids = new[] { Sibling?BaseSid.CreateSibling(RelativeIdentifier) : BaseSid.CreateRelative(RelativeIdentifier) }; break; case "bytes": sids = new[] { new Sid(Byte) }; break; default: throw new ArgumentException("No SID type specified"); } if (AsSddl) { WriteObject(sids.Select(s => s.ToString()), true); } else if (AsName) { WriteObject(sids.Select(s => s.Name), true); } else { WriteObject(sids, true); } }