/// <summary> /// Enumerate account rights for a SID. /// </summary> /// <param name="sid">The SID to enumerate for.</param> /// <param name="throw_on_error">True to throw on error.</param> /// <returns>The list of assigned account rights.</returns> public NtResult <IReadOnlyList <string> > EnumerateAccountRights(Sid sid, bool throw_on_error) { if (sid is null) { throw new ArgumentNullException(nameof(sid)); } using (var sid_buffer = sid.ToSafeBuffer()) { return(SecurityNativeMethods.LsaEnumerateAccountRights(Handle, sid_buffer, out SafeLsaMemoryBuffer buffer, out int count) .CreateResult(throw_on_error, () => ParseRights(buffer, count))); } }
internal static NtResult <IEnumerable <AccountRight> > GetAccountRights(string system_name, Sid sid, bool throw_on_error) { if (sid is null) { throw new ArgumentNullException(nameof(sid)); } using (var policy = SafeLsaHandle.OpenPolicy(system_name, LsaPolicyAccessRights.GenericExecute, throw_on_error)) { if (!policy.IsSuccess) { return(policy.Cast <IEnumerable <AccountRight> >()); } using (var sid_buffer = sid.ToSafeBuffer()) { return(SecurityNativeMethods.LsaEnumerateAccountRights(policy.Result, sid_buffer, out SafeLsaMemoryBuffer buffer, out int count) .CreateResult(throw_on_error, () => ParseRights(policy.Result, system_name, buffer, count))); } } }