/// <summary>
/// Enumerate account rights for a SID.
/// </summary>
/// <param name="sid">The SID to enumerate for.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The list of assigned account rights.</returns>
public NtResult <IReadOnlyList <string> > EnumerateAccountRights(Sid sid, bool throw_on_error)
{
if (sid is null)
{
throw new ArgumentNullException(nameof(sid));
}
using (var sid_buffer = sid.ToSafeBuffer())
{
return(SecurityNativeMethods.LsaEnumerateAccountRights(Handle, sid_buffer,
out SafeLsaMemoryBuffer buffer, out int count)
.CreateResult(throw_on_error, () => ParseRights(buffer, count)));
}
}
internal static NtResult <IEnumerable <AccountRight> > GetAccountRights(string system_name, Sid sid, bool throw_on_error)
{
if (sid is null)
{
throw new ArgumentNullException(nameof(sid));
}
using (var policy = SafeLsaHandle.OpenPolicy(system_name, LsaPolicyAccessRights.GenericExecute, throw_on_error)) {
if (!policy.IsSuccess)
{
return(policy.Cast <IEnumerable <AccountRight> >());
}
using (var sid_buffer = sid.ToSafeBuffer()) {
return(SecurityNativeMethods.LsaEnumerateAccountRights(policy.Result, sid_buffer,
out SafeLsaMemoryBuffer buffer, out int count)
.CreateResult(throw_on_error, () => ParseRights(policy.Result, system_name, buffer, count)));
}
}
}
