Beispiel #1
0
        /// <summary>
        /// Get a known SID based on a specific enumeration.
        /// </summary>
        /// <param name="sid">The enumerated sid value.</param>
        /// <returns></returns>
        public static Sid GetKnownSid(KnownSidValue sid)
        {
            switch (sid)
            {
            case KnownSidValue.Null: return(new Sid(SecurityAuthority.Null, 0));

            case KnownSidValue.World: return(new Sid(SecurityAuthority.World, 0));

            case KnownSidValue.Local: return(new Sid(SecurityAuthority.Local, 0));

            case KnownSidValue.CreatorOwner: return(new Sid(SecurityAuthority.Creator, 0));

            case KnownSidValue.CreatorGroup: return(new Sid(SecurityAuthority.Creator, 1));

            case KnownSidValue.CreatorOwnerServer: return(new Sid(SecurityAuthority.Creator, 2));

            case KnownSidValue.CreatorGroupServer: return(new Sid(SecurityAuthority.Creator, 3));

            case KnownSidValue.OwnerRights: return(new Sid(SecurityAuthority.Creator, 4));

            case KnownSidValue.Dialup: return(new Sid(SecurityAuthority.Nt, 1));

            case KnownSidValue.Network: return(new Sid(SecurityAuthority.Nt, 2));

            case KnownSidValue.Batch: return(new Sid(SecurityAuthority.Nt, 3));

            case KnownSidValue.Interactive: return(new Sid(SecurityAuthority.Nt, 4));

            case KnownSidValue.Service: return(new Sid(SecurityAuthority.Nt, 6));

            case KnownSidValue.Anonymous: return(new Sid(SecurityAuthority.Nt, 7));

            case KnownSidValue.Proxy: return(new Sid(SecurityAuthority.Nt, 8));

            case KnownSidValue.Self: return(new Sid(SecurityAuthority.Nt, 10));

            case KnownSidValue.AuthenticatedUsers: return(new Sid(SecurityAuthority.Nt, 11));

            case KnownSidValue.Restricted: return(new Sid(SecurityAuthority.Nt, 12));

            case KnownSidValue.LocalSystem: return(new Sid(SecurityAuthority.Nt, 18));

            case KnownSidValue.LocalService: return(new Sid(SecurityAuthority.Nt, 19));

            case KnownSidValue.NetworkService: return(new Sid(SecurityAuthority.Nt, 20));

            case KnownSidValue.Builtin: return(new Sid(SecurityAuthority.Nt, 32));

            case KnownSidValue.WriteRestricted: return(new Sid(SecurityAuthority.Nt, 33));

            case KnownSidValue.AllApplicationPackages: return(new Sid(SecurityAuthority.Package, 2, 1));

            case KnownSidValue.AllRestrictedApplicationPackages: return(new Sid(SecurityAuthority.Package, 2, 2));

            case KnownSidValue.TrustedInstaller: return(NtSecurity.GetServiceSid("TrustedInstaller"));

            case KnownSidValue.BuiltinUsers: return(new Sid(SecurityAuthority.Nt, 32, 545));

            case KnownSidValue.BuiltinAdministrators: return(new Sid(SecurityAuthority.Nt, 32, 544));

            case KnownSidValue.CapabilityInternetClient: return(GetCapabilitySid(1));

            case KnownSidValue.CapabilityInternetClientServer: return(GetCapabilitySid(2));

            case KnownSidValue.CapabilityPrivateNetworkClientServer: return(GetCapabilitySid(3));

            case KnownSidValue.CapabilityPicturesLibrary: return(GetCapabilitySid(4));

            case KnownSidValue.CapabilityVideosLibrary: return(GetCapabilitySid(5));

            case KnownSidValue.CapabilityMusicLibrary: return(GetCapabilitySid(6));

            case KnownSidValue.CapabilityDocumentsLibrary: return(GetCapabilitySid(7));

            case KnownSidValue.CapabilityEnterpriseAuthentication: return(GetCapabilitySid(8));

            case KnownSidValue.CapabilitySharedUserCertificates: return(GetCapabilitySid(9));

            case KnownSidValue.CapabilityRemovableStorage: return(GetCapabilitySid(10));

            case KnownSidValue.CapabilityAppointments: return(GetCapabilitySid(11));

            case KnownSidValue.CapabilityContacts: return(GetCapabilitySid(12));

            case KnownSidValue.CapabilityInternetExplorer: return(GetCapabilitySid(4096));

            case KnownSidValue.CapabilityConstrainedImpersonation:
                return(NtSecurity.GetCapabilitySid("constrainedImpersonation"));

            default:
                throw new ArgumentException("Unknown SID type");
            }
        }
        /// <summary>
        /// Process record.
        /// </summary>
        protected override void ProcessRecord()
        {
            Sid sid;

            switch (ParameterSetName)
            {
            case "sddl":
                sid = new Sid(Sddl);
                break;

            case "name":
                sid = NtSecurity.LookupAccountName(Name);
                break;

            case "service":
                sid = NtSecurity.GetServiceSid(ServiceName);
                break;

            case "il":
                sid = NtSecurity.GetIntegritySid(IntegrityLevel);
                break;

            case "il_raw":
                sid = NtSecurity.GetIntegritySidRaw(IntegrityLevelRaw);
                break;

            case "package":
                sid = TokenUtils.DerivePackageSidFromName(PackageName);
                if (RestrictedPackageName != null)
                {
                    sid = TokenUtils.DeriveRestrictedPackageSidFromSid(sid, RestrictedPackageName);
                }
                break;

            case "known":
                sid = KnownSids.GetKnownSid(KnownSid);
                break;

            case "token":
                using (NtToken token = NtToken.OpenProcessToken())
                {
                    if (PrimaryGroup)
                    {
                        sid = token.PrimaryGroup;
                    }
                    else if (Owner)
                    {
                        sid = token.Owner;
                    }
                    else if (LogonGroup)
                    {
                        sid = token.LogonSid.Sid;
                    }
                    else if (AppContainer)
                    {
                        sid = token.AppContainerSid;
                    }
                    else if (Label)
                    {
                        sid = token.IntegrityLevelSid.Sid;
                    }
                    else
                    {
                        sid = token.User.Sid;
                    }
                }
                break;

            case "cap":
                sid = CapabilityGroup ? NtSecurity.GetCapabilityGroupSid(CapabilityName)
                                    : NtSecurity.GetCapabilitySid(CapabilityName);
                break;

            case "sid":
                sid = new Sid(SecurityAuthority, RelativeIdentifiers);
                break;

            case "logon":
                sid = NtSecurity.GetLogonSessionSid();
                break;

            default:
                throw new ArgumentException("No SID type specified");
            }

            if (ToSddl)
            {
                WriteObject(sid.ToString());
            }
            else if (ToName)
            {
                WriteObject(sid.Name);
            }
            else
            {
                WriteObject(sid);
            }
        }
Beispiel #3
0
        /// <summary>
        /// Process record.
        /// </summary>
        protected override void ProcessRecord()
        {
            Sid sid;

            if (Sddl != null)
            {
                sid = new Sid(Sddl);
            }
            else if (Name != null)
            {
                sid = NtSecurity.LookupAccountName(Name);
            }
            else if (ServiceName != null)
            {
                sid = NtSecurity.GetServiceSid(ServiceName);
            }
            else if (IntegrityLevel.HasValue)
            {
                sid = NtSecurity.GetIntegritySid(IntegrityLevel.Value);
            }
            else if (IntegrityLevelRaw.HasValue)
            {
                sid = NtSecurity.GetIntegritySidRaw(IntegrityLevelRaw.Value);
            }
            else if (PackageName != null)
            {
                sid = TokenUtils.DerivePackageSidFromName(PackageName);
                if (RestrictedPackageName != null)
                {
                    sid = TokenUtils.DeriveRestrictedPackageSidFromSid(sid, RestrictedPackageName);
                }
            }
            else if (KnownSid.HasValue)
            {
                sid = KnownSids.GetKnownSid(KnownSid.Value);
            }
            else if (Token)
            {
                using (NtToken token = NtToken.OpenProcessToken())
                {
                    if (PrimaryGroup)
                    {
                        sid = token.PrimaryGroup;
                    }
                    else if (Owner)
                    {
                        sid = token.Owner;
                    }
                    else if (LogonGroup)
                    {
                        sid = token.LogonSid.Sid;
                    }
                    else if (AppContainer)
                    {
                        sid = token.AppContainerSid;
                    }
                    else if (Label)
                    {
                        sid = token.IntegrityLevelSid.Sid;
                    }
                    else
                    {
                        sid = token.User.Sid;
                    }
                }
            }
            else if (CapabilityName != null)
            {
                sid = CapabilityGroup ? NtSecurity.GetCapabilityGroupSid(CapabilityName)
                    : NtSecurity.GetCapabilitySid(CapabilityName);
            }
            else if (RelativeIdentifiers != null)
            {
                sid = new Sid(SecurityAuthority, RelativeIdentifiers);
            }
            else
            {
                throw new ArgumentException("No SID type specified");
            }

            WriteObject(sid);
        }