C# (CSharp) SafeLsaHandle Beispiele

Beispiel #1

Datei: LsaObject.cs Projekt: GooWen/sandbox-attacksurface-analysis-tools

 private protected LsaObject(SafeLsaHandle handle, AccessMask granted_access, string type_name, string object_name)
 {
     _handle         = handle;
     _granted_access = granted_access;
     NtType          = NtType.GetTypeByName(type_name);
     ObjectName      = object_name;
 }

Beispiel #2

Datei: LocalSecurityPolicy.cs Projekt: stuff2600/TaskScheduler

        private LsaSecurityAccessRights GetSystemAccess(SafeLsaHandle hAcct)
        {
            int rights;

            ThrowIfLsaError(LsaGetSystemAccessAccount(hAcct, out rights));
            return((LsaSecurityAccessRights)rights);
        }

Beispiel #3

Datei: AccountRight.cs Projekt: mediabuff/sandbox-attacksurface-analysis-tools

        internal static NtStatus RemoveAccountRights(string system_name, Sid sid, bool remove_all, IEnumerable <string> account_rights, bool throw_on_error)
        {
            if (sid is null)
            {
                throw new ArgumentNullException(nameof(sid));
            }

            if (account_rights is null)
            {
                throw new ArgumentNullException(nameof(account_rights));
            }

            var rights = account_rights.Select(s => new UnicodeStringIn(s)).ToArray();

            if (!account_rights.Any())
            {
                return(NtStatus.STATUS_SUCCESS);
            }

            using (var policy = SafeLsaHandle.OpenPolicy(system_name, LsaPolicyAccessRights.LookupNames, throw_on_error))
            {
                if (!policy.IsSuccess)
                {
                    return(policy.Status);
                }
                using (var sid_buffer = sid.ToSafeBuffer())
                {
                    return(SecurityNativeMethods.LsaRemoveAccountRights(policy.Result,
                                                                        sid_buffer, remove_all, rights, rights.Length).ToNtException(throw_on_error));
                }
            }
        }

Beispiel #4

 internal LsaTrustedDomain(SafeLsaHandle handle, LsaTrustedDomainAccessRights granted_access, string name, Sid sid, LsaTrustedDomainInformation domain_info, string system_name)
     : base(handle, granted_access, LsaPolicyUtils.LSA_TRUSTED_DOMAIN_NT_TYPE_NAME, $"LSA Trusted Domain ({(name ?? domain_info.Name)})", system_name)
 {
     _domain_info = domain_info;
     Sid          = sid ?? domain_info.Sid;
     Name         = name ?? domain_info.Name;
 }

Beispiel #5

Datei: Win32Security.cs Projekt: vp777/sandbox-attacksurface-analysis-tools

        private static NtResult <IEnumerable <SidName> > LookupSids2(string system_name, Sid[] sids, LsaLookupOptions options, bool throw_on_error)
        {
            using (var policy = SafeLsaHandle.OpenPolicy(system_name, Policy.LsaPolicyAccessRights.LookupNames, throw_on_error))
            {
                if (!policy.IsSuccess)
                {
                    return(policy.Cast <IEnumerable <SidName> >());
                }

                using (var list = new DisposableList())
                {
                    var sid_ptrs = sids.Select(s => list.AddSid(s).DangerousGetHandle()).ToArray();
                    var status   = SecurityNativeMethods.LsaLookupSids2(policy.Result, options, sid_ptrs.Length, sid_ptrs,
                                                                        out SafeLsaMemoryBuffer domains, out SafeLsaMemoryBuffer names);
                    if (!status.IsSuccess())
                    {
                        if (status == NtStatus.STATUS_NONE_MAPPED)
                        {
                            list.Add(domains);
                            list.Add(names);
                        }
                        return(status.CreateResultFromError <IEnumerable <SidName> >(throw_on_error));
                    }

                    return(GetSidNames(sids, domains, names).CreateResult());
                }
            }
        }

Beispiel #6

 internal static extern NtStatus LsaQuerySecret(
     SafeLsaHandle SecretHandle,
     out SafeLsaMemoryBuffer CurrentValue,
     LargeInteger CurrentValueSetTime,
     out SafeLsaMemoryBuffer OldValue,
     LargeInteger OldValueSetTime
     );

Beispiel #7

 internal static extern NtStatus LsaEnumerateAccounts(
     SafeLsaHandle PolicyHandle,
     ref int EnumerationContext,
     out SafeLsaMemoryBuffer EnumerationBuffer, // PLSAPR_ACCOUNT_INFORMATION
     int PreferedMaximumLength,
     out int EntriesRead
     );

Beispiel #8

Datei: Win32Security.cs Projekt: vp777/sandbox-attacksurface-analysis-tools

        /// <summary>
        /// Retried LSA privilege data.
        /// </summary>
        /// <param name="system_name">The system containing the LSA instance.</param>
        /// <param name="keyname">The name of the key.</param>
        /// <param name="throw_on_error">True to throw on error.</param>
        /// <returns>The private data as bytes.</returns>
        public static NtResult <byte[]> LsaRetrievePrivateData(string system_name, string keyname, bool throw_on_error)
        {
            if (keyname is null)
            {
                throw new ArgumentNullException(nameof(keyname));
            }

            using (var policy = SafeLsaHandle.OpenPolicy(system_name, Policy.LsaPolicyAccessRights.GetPrivateInformation, throw_on_error))
            {
                if (!policy.IsSuccess)
                {
                    return(policy.Cast <byte[]>());
                }
                NtStatus status = SecurityNativeMethods.LsaRetrievePrivateData(policy.Result,
                                                                               new UnicodeString(keyname), out SafeLsaMemoryBuffer data);
                if (!status.IsSuccess())
                {
                    return(status.CreateResultFromError <byte[]>(throw_on_error));
                }
                using (data)
                {
                    data.Initialize <UnicodeStringOut>(1);
                    return(data.Read <UnicodeStringOut>(0).ToArray().CreateResult());
                }
            }
        }

Beispiel #9

 internal static extern NtStatus LsaEnumerateTrustedDomainsEx(
     SafeLsaHandle PolicyHandle,
     ref int EnumerationContext,
     out SafeLsaMemoryBuffer Buffer,
     int PreferedMaximumLength,
     out int CountReturned
     );

Beispiel #10

 internal static extern NtStatus LsaLookupSids(
     SafeLsaHandle PolicyHandle,
     int Count,
     IntPtr[] Sids,
     out SafeLsaMemoryBuffer ReferencedDomains,
     out SafeLsaMemoryBuffer Names
     );

Beispiel #11

 internal static extern NtStatus LsaRemoveAccountRights(
     SafeLsaHandle PolicyHandle,
     SafeSidBufferHandle AccountSid,
     [MarshalAs(UnmanagedType.U1)] bool AllRights,
     [In] UnicodeStringIn[] UserRights,
     int CountOfRights
     );

Beispiel #12

 internal static extern NtStatus LsaLookupNames2(
     SafeLsaHandle PolicyHandle,
     LsaLookupNameOptionFlags Flags,
     int Count,
     UnicodeStringIn[] Names,
     out SafeLsaMemoryBuffer ReferencedDomains,
     out SafeLsaMemoryBuffer Sids // PLSA_TRANSLATED_SID
     );

Beispiel #13

 private static IEnumerable <AccountRight> ParseRights(SafeLsaHandle policy, string system_name, SafeLsaMemoryBuffer buffer, int count)
 {
     using (buffer) {
         buffer.Initialize <UnicodeStringOut>((uint)count);
         UnicodeStringOut[] ss = new UnicodeStringOut[count];
         buffer.ReadArray(0, ss, 0, count);
         return(ss.Select(s => new AccountRight(system_name, s.ToString(),
                                                GetSids(policy, s.ToString(), false).GetResultOrDefault())).ToList());
     }
 }

Beispiel #14

 internal static NtResult <List <Sid> > GetSids(string system_name, string name, bool throw_on_error)
 {
     using (var policy = SafeLsaHandle.OpenPolicy(system_name, LsaPolicyAccessRights.GenericExecute, throw_on_error)) {
         if (!policy.IsSuccess)
         {
             return(policy.Cast <List <Sid> >());
         }
         return(GetSids(policy.Result, name, throw_on_error));
     }
 }

Beispiel #15

 internal static extern int LsaLogonUser(
     [In]  SafeLsaHandle LsaHandle,
     [In]  ref LSA_STRING OriginName,
     [In]  SECURITY_LOGON_TYPE LogonType,
     [In]  int AuthenticationPackage,
     [In]  IntPtr AuthenticationInformation,
     [In]  int AuthenticationInformationLength,
     [In]  IntPtr LocalGroups,
     [In]  ref TOKEN_SOURCE SourceContext,
     [Out] out SafeLsaReturnBufferHandle ProfileBuffer,
     [Out] out int ProfileBufferLength,
     [Out] out LUID LogonId,
     [Out] out SafeAccessTokenHandle Token,
     [Out] out QUOTA_LIMITS Quotas,
     [Out] out int SubStatus
     );

Beispiel #16

        private static NtResult <List <Sid> > GetSids(SafeLsaHandle policy, string name, bool throw_on_error)
        {
            if (name is null)
            {
                throw new ArgumentNullException(nameof(name));
            }

            NtStatus status = SecurityNativeMethods.LsaEnumerateAccountsWithUserRight(policy, new UnicodeString(name),
                                                                                      out SafeLsaMemoryBuffer buffer, out int count);

            if (status == NtStatus.STATUS_NO_MORE_ENTRIES)
            {
                return(new List <Sid>().CreateResult());
            }
            return(status.CreateResult(throw_on_error, () => ParseSids(buffer, count)));
        }

Beispiel #17

 private static int LookupAuthenticationPackage(SafeLsaHandle lsaHandle, string packageName)
 {
     Debug.Assert(!string.IsNullOrEmpty(packageName));
     unsafe
     {
         int packageId;
         byte[] asciiPackageName = Encoding.ASCII.GetBytes(packageName);
         fixed (byte* pAsciiPackageName = &asciiPackageName[0])
         {
             LSA_STRING lsaPackageName = new LSA_STRING((IntPtr)pAsciiPackageName, checked((ushort)(asciiPackageName.Length)));
             int ntStatus = Interop.SspiCli.LsaLookupAuthenticationPackage(lsaHandle, ref lsaPackageName, out packageId);
             if (ntStatus < 0) // non-negative numbers indicate success
                 throw GetExceptionFromNtStatus(ntStatus);
         }
         return packageId;
     }
 }

Beispiel #18

        internal static NtResult <IEnumerable <AccountRight> > GetAccountRights(string system_name, Sid sid, bool throw_on_error)
        {
            if (sid is null)
            {
                throw new ArgumentNullException(nameof(sid));
            }

            using (var policy = SafeLsaHandle.OpenPolicy(system_name, LsaPolicyAccessRights.GenericExecute, throw_on_error)) {
                if (!policy.IsSuccess)
                {
                    return(policy.Cast <IEnumerable <AccountRight> >());
                }
                using (var sid_buffer = sid.ToSafeBuffer()) {
                    return(SecurityNativeMethods.LsaEnumerateAccountRights(policy.Result, sid_buffer,
                                                                           out SafeLsaMemoryBuffer buffer, out int count)
                           .CreateResult(throw_on_error, () => ParseRights(policy.Result, system_name, buffer, count)));
                }
            }
        }

Beispiel #19

Datei: Win32Security.cs Projekt: vp777/sandbox-attacksurface-analysis-tools

        private static NtStatus LsaStorePrivateDataInternal(string system_name, string keyname, byte[] data, bool throw_on_error)
        {
            if (keyname is null)
            {
                throw new ArgumentNullException(nameof(keyname));
            }

            using (var policy = SafeLsaHandle.OpenPolicy(system_name, Policy.LsaPolicyAccessRights.CreateSecret, throw_on_error))
            {
                if (!policy.IsSuccess)
                {
                    return(policy.Status);
                }

                using (var data_buffer = data == null ? UnicodeStringBytesSafeBuffer.Null : new UnicodeStringBytesSafeBuffer(data))
                {
                    return(SecurityNativeMethods.LsaStorePrivateData(policy.Result, new UnicodeString(keyname), data_buffer));
                }
            }
        }

Beispiel #20

 internal static extern NtStatus LsaDeleteObject(
     SafeLsaHandle ObjectHandle
     );

Beispiel #21

 internal static extern NtStatus LsaQueryTrustedDomainInfoByName(
     SafeLsaHandle PolicyHandle,
     UnicodeString TrustedDomainName,
     TRUSTED_INFORMATION_CLASS InformationClass,
     out SafeLsaMemoryBuffer Buffer
     );

Beispiel #22

 internal static extern NtStatus LsaQueryTrustedDomainInfo(
     SafeLsaHandle PolicyHandle,
     SafeSidBufferHandle TrustedDomainSid,
     TRUSTED_INFORMATION_CLASS InformationClass,
     out SafeLsaMemoryBuffer Buffer
     );

Beispiel #23

 internal static extern NtStatus LsaQueryInfoTrustedDomain(
     SafeLsaHandle TrustedDomainHandle,
     TRUSTED_INFORMATION_CLASS InformationClass,
     out SafeLsaMemoryBuffer Buffer
     );

Beispiel #24

 internal static extern NtStatus LsaOpenTrustedDomainByName(
     SafeLsaHandle PolicyHandle,
     UnicodeString TrustedDomainName,
     LsaTrustedDomainAccessRights DesiredAccess,
     out SafeLsaHandle TrustedDomainHandle
     );

Beispiel #25

 internal static extern NtStatus LsaOpenTrustedDomain(
     SafeLsaHandle PolicyHandle,
     SafeSidBufferHandle TrustedDomainSid,
     LsaTrustedDomainAccessRights DesiredAccess,
     out SafeLsaHandle TrustedDomainHandle
     );

Beispiel #26

Datei: LogonUtils.cs Projekt: CaledoniaProject/sandbox-attacksurface-analysis-tools

 static extern NtStatus LsaLogonUser(SafeLsaHandle LsaHandle, LsaString OriginName, SecurityLogonType LogonType, uint AuthenticationPackage,
     SafeBuffer AuthenticationInformation,
     int AuthenticationInformationLength,
     IntPtr LocalGroups,
     TOKEN_SOURCE SourceContext,
     out IntPtr ProfileBuffer,
     out int ProfileBufferLength,
     out Luid LogonId,
     out SafeKernelObjectHandle Token,
     out QUOTA_LIMITS Quotas,
     out NtStatus SubStatus
 );

Beispiel #27

 internal static extern NtStatus LsaEnumeratePrivilegesOfAccount(
     SafeLsaHandle AccountHandle,
     out SafeLsaMemoryBuffer Privileges // PPRIVILEGE_SET
     );

Beispiel #28

 internal static extern NtStatus LsaSetSystemAccessAccount(
     SafeLsaHandle AccountHandle,
     LsaSystemAccessFlags SystemAccess
     );

Beispiel #29

 internal static extern NtStatus LsaOpenAccount(
     SafeLsaHandle PolicyHandle,
     SafeSidBufferHandle AccountSid,
     LsaAccountAccessRights DesiredAccess,
     out SafeLsaHandle AccountHandle
     );

Beispiel #30

 internal static extern NtStatus LsaQuerySecurityObject(
     SafeLsaHandle ObjectHandle,
     SecurityInformation SecurityInformation,
     out SafeLsaMemoryBuffer SecurityDescriptor
     );

Beispiel #31

Datei: LogonUtils.cs Projekt: CaledoniaProject/sandbox-attacksurface-analysis-tools

 static extern NtStatus LsaLookupAuthenticationPackage(SafeLsaHandle LsaHandle, LsaString PackageName, out uint AuthenticationPackage);

Beispiel #32

 internal static extern NtStatus LsaSetSecurityObject(
     SafeLsaHandle ObjectHandle,
     SecurityInformation SecurityInformation,
     SafeBuffer SecurityDescriptor
     );

Beispiel #33

Datei: LogonUtils.cs Projekt: CaledoniaProject/sandbox-attacksurface-analysis-tools

 static extern NtStatus LsaConnectUntrusted(out SafeLsaHandle handle);