internal String GetName()
{
// special case the anonymous identity.
if (_safeTokenHandle.IsInvalid)
return String.Empty;
if (_name == null)
{
// revert thread impersonation for the duration of the call to get the name.
RunImpersonated(SafeAccessTokenHandle.InvalidHandle, delegate
{
NTAccount ntAccount = this.User.Translate(typeof(NTAccount)) as NTAccount;
_name = ntAccount.ToString();
});
}
return _name;
}
private static IdentityReferenceCollection TranslateToSids(IdentityReferenceCollection sourceAccounts, out bool someFailed)
{
if (sourceAccounts == null)
{
throw new ArgumentNullException(nameof(sourceAccounts));
}
if (sourceAccounts.Count == 0)
{
throw new ArgumentException(SR.Arg_EmptyCollection, nameof(sourceAccounts));
}
SafeLsaPolicyHandle LsaHandle = null;
SafeLsaMemoryHandle ReferencedDomainsPtr = null;
SafeLsaMemoryHandle SidsPtr = null;
try
{
//
// Construct an array of unicode strings
//
Interop.Advapi32.MARSHALLED_UNICODE_STRING[] Names = new Interop.Advapi32.MARSHALLED_UNICODE_STRING[sourceAccounts.Count];
int currentName = 0;
foreach (IdentityReference id in sourceAccounts)
{
NTAccount nta = id as NTAccount;
if (nta == null)
{
throw new ArgumentException(SR.Argument_ImproperType, nameof(sourceAccounts));
}
Names[currentName].Buffer = nta.ToString();
if (Names[currentName].Buffer.Length * 2 + 2 > ushort.MaxValue)
{
// this should never happen since we are already validating account name length in constructor and
// it is less than this limit
Debug.Fail("NTAccount::TranslateToSids - source account name is too long.");
throw new InvalidOperationException();
}
Names[currentName].Length = (ushort)(Names[currentName].Buffer.Length * 2);
Names[currentName].MaximumLength = (ushort)(Names[currentName].Length + 2);
currentName++;
}
//
// Open LSA policy (for lookup requires it)
//
LsaHandle = Win32.LsaOpenPolicy(null, PolicyRights.POLICY_LOOKUP_NAMES);
//
// Now perform the actual lookup
//
someFailed = false;
uint ReturnCode;
ReturnCode = Interop.Advapi32.LsaLookupNames2(LsaHandle, 0, sourceAccounts.Count, Names, out ReferencedDomainsPtr, out SidsPtr);
//
// Make a decision regarding whether it makes sense to proceed
// based on the return code and the value of the forceSuccess argument
//
if (ReturnCode == Interop.StatusOptions.STATUS_NO_MEMORY ||
ReturnCode == Interop.StatusOptions.STATUS_INSUFFICIENT_RESOURCES)
{
throw new OutOfMemoryException();
}
else if (ReturnCode == Interop.StatusOptions.STATUS_ACCESS_DENIED)
{
throw new UnauthorizedAccessException();
}
else if (ReturnCode == Interop.StatusOptions.STATUS_NONE_MAPPED ||
ReturnCode == Interop.StatusOptions.STATUS_SOME_NOT_MAPPED)
{
someFailed = true;
}
else if (ReturnCode != 0)
{
uint win32ErrorCode = Interop.Advapi32.LsaNtStatusToWinError(ReturnCode);
if (unchecked ((int)win32ErrorCode) != Interop.Errors.ERROR_TRUSTED_RELATIONSHIP_FAILURE)
{
Debug.Fail($"Interop.LsaLookupNames(2) returned unrecognized error {win32ErrorCode}");
}
throw new Win32Exception(unchecked ((int)win32ErrorCode));
}
//
// Interpret the results and generate SID objects
//
IdentityReferenceCollection Result = new IdentityReferenceCollection(sourceAccounts.Count);
if (ReturnCode == 0 || ReturnCode == Interop.StatusOptions.STATUS_SOME_NOT_MAPPED)
{
SidsPtr.Initialize((uint)sourceAccounts.Count, (uint)Marshal.SizeOf <Interop.LSA_TRANSLATED_SID2>());
Win32.InitializeReferencedDomainsPointer(ReferencedDomainsPtr);
Interop.LSA_TRANSLATED_SID2[] translatedSids = new Interop.LSA_TRANSLATED_SID2[sourceAccounts.Count];
SidsPtr.ReadArray(0, translatedSids, 0, translatedSids.Length);
for (int i = 0; i < sourceAccounts.Count; i++)
{
Interop.LSA_TRANSLATED_SID2 Lts = translatedSids[i];
//
// Only some names are recognized as NTAccount objects
//
switch ((SidNameUse)Lts.Use)
{
case SidNameUse.User:
case SidNameUse.Group:
case SidNameUse.Alias:
case SidNameUse.Computer:
case SidNameUse.WellKnownGroup:
Result.Add(new SecurityIdentifier(Lts.Sid, true));
break;
default:
someFailed = true;
Result.Add(sourceAccounts[i]);
break;
}
}
}
else
{
for (int i = 0; i < sourceAccounts.Count; i++)
{
Result.Add(sourceAccounts[i]);
}
}
return(Result);
}
finally
{
LsaHandle?.Dispose();
ReferencedDomainsPtr?.Dispose();
SidsPtr?.Dispose();
}
}
[System.Security.SecurityCritical] // auto-generated
private static IdentityReferenceCollection TranslateToSids(IdentityReferenceCollection sourceAccounts, out bool someFailed)
{
if (sourceAccounts == null)
{
throw new ArgumentNullException("sourceAccounts");
}
if (sourceAccounts.Count == 0)
{
throw new ArgumentException(Environment.GetResourceString("Arg_EmptyCollection"), "sourceAccounts");
}
Contract.EndContractBlock();
SafeLsaPolicyHandle LsaHandle = SafeLsaPolicyHandle.InvalidHandle;
SafeLsaMemoryHandle ReferencedDomainsPtr = SafeLsaMemoryHandle.InvalidHandle;
SafeLsaMemoryHandle SidsPtr = SafeLsaMemoryHandle.InvalidHandle;
try
{
//
// Construct an array of unicode strings
//
Win32Native.UNICODE_STRING[] Names = new Win32Native.UNICODE_STRING[sourceAccounts.Count];
int currentName = 0;
foreach (IdentityReference id in sourceAccounts)
{
NTAccount nta = id as NTAccount;
if (nta == null)
{
throw new ArgumentException(Environment.GetResourceString("Argument_ImproperType"), "sourceAccounts");
}
Names[currentName].Buffer = nta.ToString();
if (Names[currentName].Buffer.Length * 2 + 2 > ushort.MaxValue)
{
// this should never happen since we are already validating account name length in constructor and
// it is less than this limit
Contract.Assert(false, "NTAccount::TranslateToSids - source account name is too long.");
throw new SystemException();
}
Names[currentName].Length = (ushort)(Names[currentName].Buffer.Length * 2);
Names[currentName].MaximumLength = (ushort)(Names[currentName].Length + 2);
currentName++;
}
//
// Open LSA policy (for lookup requires it)
//
LsaHandle = Win32.LsaOpenPolicy(null, PolicyRights.POLICY_LOOKUP_NAMES);
//
// Now perform the actual lookup
//
someFailed = false;
uint ReturnCode;
if (Win32.LsaLookupNames2Supported)
{
ReturnCode = Win32Native.LsaLookupNames2(LsaHandle, 0, sourceAccounts.Count, Names, ref ReferencedDomainsPtr, ref SidsPtr);
}
else
{
ReturnCode = Win32Native.LsaLookupNames(LsaHandle, sourceAccounts.Count, Names, ref ReferencedDomainsPtr, ref SidsPtr);
}
//
// Make a decision regarding whether it makes sense to proceed
// based on the return code and the value of the forceSuccess argument
//
if (ReturnCode == Win32Native.STATUS_NO_MEMORY ||
ReturnCode == Win32Native.STATUS_INSUFFICIENT_RESOURCES)
{
throw new OutOfMemoryException();
}
else if (ReturnCode == Win32Native.STATUS_ACCESS_DENIED)
{
throw new UnauthorizedAccessException();
}
else if (ReturnCode == Win32Native.STATUS_NONE_MAPPED ||
ReturnCode == Win32Native.STATUS_SOME_NOT_MAPPED)
{
someFailed = true;
}
else if (ReturnCode != 0)
{
int win32ErrorCode = Win32Native.LsaNtStatusToWinError(unchecked ((int)ReturnCode));
if (win32ErrorCode != Win32Native.ERROR_TRUSTED_RELATIONSHIP_FAILURE)
{
Contract.Assert(false, string.Format(CultureInfo.InvariantCulture, "Win32Native.LsaLookupNames(2) returned unrecognized error {0}", win32ErrorCode));
}
throw new SystemException(Win32Native.GetMessage(win32ErrorCode));
}
//
// Interpret the results and generate SID objects
//
IdentityReferenceCollection Result = new IdentityReferenceCollection(sourceAccounts.Count);
if (ReturnCode == 0 || ReturnCode == Win32Native.STATUS_SOME_NOT_MAPPED)
{
if (Win32.LsaLookupNames2Supported)
{
SidsPtr.Initialize((uint)sourceAccounts.Count, (uint)Marshal.SizeOf(typeof(Win32Native.LSA_TRANSLATED_SID2)));
Win32.InitializeReferencedDomainsPointer(ReferencedDomainsPtr);
Win32Native.LSA_TRANSLATED_SID2[] translatedSids = new Win32Native.LSA_TRANSLATED_SID2[sourceAccounts.Count];
SidsPtr.ReadArray(0, translatedSids, 0, translatedSids.Length);
for (int i = 0; i < sourceAccounts.Count; i++)
{
Win32Native.LSA_TRANSLATED_SID2 Lts = translatedSids[i];
//
// Only some names are recognized as NTAccount objects
//
switch ((SidNameUse)Lts.Use)
{
case SidNameUse.User:
case SidNameUse.Group:
case SidNameUse.Alias:
case SidNameUse.Computer:
case SidNameUse.WellKnownGroup:
Result.Add(new SecurityIdentifier(Lts.Sid, true));
break;
default:
someFailed = true;
Result.Add(sourceAccounts[i]);
break;
}
}
}
else
{
SidsPtr.Initialize((uint)sourceAccounts.Count, (uint)Marshal.SizeOf(typeof(Win32Native.LSA_TRANSLATED_SID)));
Win32.InitializeReferencedDomainsPointer(ReferencedDomainsPtr);
Win32Native.LSA_REFERENCED_DOMAIN_LIST rdl = ReferencedDomainsPtr.Read <Win32Native.LSA_REFERENCED_DOMAIN_LIST>(0);
SecurityIdentifier[] ReferencedDomains = new SecurityIdentifier[rdl.Entries];
for (int i = 0; i < rdl.Entries; i++)
{
Win32Native.LSA_TRUST_INFORMATION ti = (Win32Native.LSA_TRUST_INFORMATION)Marshal.PtrToStructure(new IntPtr(( long )rdl.Domains + i * Marshal.SizeOf(typeof(Win32Native.LSA_TRUST_INFORMATION))), typeof(Win32Native.LSA_TRUST_INFORMATION));
ReferencedDomains[i] = new SecurityIdentifier(ti.Sid, true);
}
Win32Native.LSA_TRANSLATED_SID[] translatedSids = new Win32Native.LSA_TRANSLATED_SID[sourceAccounts.Count];
SidsPtr.ReadArray(0, translatedSids, 0, translatedSids.Length);
for (int i = 0; i < sourceAccounts.Count; i++)
{
Win32Native.LSA_TRANSLATED_SID Lts = translatedSids[i];
switch ((SidNameUse)Lts.Use)
{
case SidNameUse.User:
case SidNameUse.Group:
case SidNameUse.Alias:
case SidNameUse.Computer:
case SidNameUse.WellKnownGroup:
Result.Add(new SecurityIdentifier(ReferencedDomains[Lts.DomainIndex], Lts.Rid));
break;
default:
someFailed = true;
Result.Add(sourceAccounts[i]);
break;
}
}
}
}
else
{
for (int i = 0; i < sourceAccounts.Count; i++)
{
Result.Add(sourceAccounts[i]);
}
}
return(Result);
}
finally
{
LsaHandle.Dispose();
ReferencedDomainsPtr.Dispose();
SidsPtr.Dispose();
}
}
private static IdentityReferenceCollection TranslateToSids(IdentityReferenceCollection sourceAccounts, out bool someFailed)
{
IdentityReferenceCollection references2;
if (sourceAccounts == null)
{
throw new ArgumentNullException("sourceAccounts");
}
if (sourceAccounts.Count == 0)
{
throw new ArgumentException(Environment.GetResourceString("Arg_EmptyCollection"), "sourceAccounts");
}
SafeLsaPolicyHandle invalidHandle = SafeLsaPolicyHandle.InvalidHandle;
SafeLsaMemoryHandle referencedDomains = SafeLsaMemoryHandle.InvalidHandle;
SafeLsaMemoryHandle sids = SafeLsaMemoryHandle.InvalidHandle;
try
{
uint num2;
Win32Native.UNICODE_STRING[] names = new Win32Native.UNICODE_STRING[sourceAccounts.Count];
int index = 0;
foreach (IdentityReference reference in sourceAccounts)
{
NTAccount account = reference as NTAccount;
if (account == null)
{
throw new ArgumentException(Environment.GetResourceString("Argument_ImproperType"), "sourceAccounts");
}
names[index].Buffer = account.ToString();
if (((names[index].Buffer.Length * 2) + 2) > 0xffff)
{
throw new SystemException();
}
names[index].Length = (ushort)(names[index].Buffer.Length * 2);
names[index].MaximumLength = (ushort)(names[index].Length + 2);
index++;
}
invalidHandle = Win32.LsaOpenPolicy(null, PolicyRights.POLICY_LOOKUP_NAMES);
someFailed = false;
if (Win32.LsaLookupNames2Supported)
{
num2 = Win32Native.LsaLookupNames2(invalidHandle, 0, sourceAccounts.Count, names, ref referencedDomains, ref sids);
}
else
{
num2 = Win32Native.LsaLookupNames(invalidHandle, sourceAccounts.Count, names, ref referencedDomains, ref sids);
}
if ((num2 == 0xc0000017) || (num2 == 0xc000009a))
{
throw new OutOfMemoryException();
}
if (num2 == 0xc0000022)
{
throw new UnauthorizedAccessException();
}
if ((num2 == 0xc0000073) || (num2 == 0x107))
{
someFailed = true;
}
else if (num2 != 0)
{
int errorCode = Win32Native.LsaNtStatusToWinError((int)num2);
throw new SystemException(Win32Native.GetMessage(errorCode));
}
IdentityReferenceCollection references = new IdentityReferenceCollection(sourceAccounts.Count);
switch (num2)
{
case 0:
case 0x107:
if (Win32.LsaLookupNames2Supported)
{
sids.Initialize((uint)sourceAccounts.Count, (uint)Marshal.SizeOf(typeof(Win32Native.LSA_TRANSLATED_SID2)));
Win32.InitializeReferencedDomainsPointer(referencedDomains);
Win32Native.LSA_TRANSLATED_SID2[] array = new Win32Native.LSA_TRANSLATED_SID2[sourceAccounts.Count];
sids.ReadArray <Win32Native.LSA_TRANSLATED_SID2>(0L, array, 0, array.Length);
for (int i = 0; i < sourceAccounts.Count; i++)
{
Win32Native.LSA_TRANSLATED_SID2 lsa_translated_sid = array[i];
switch (lsa_translated_sid.Use)
{
case 1:
case 2:
case 4:
case 5:
case 9:
{
references.Add(new SecurityIdentifier(lsa_translated_sid.Sid, true));
continue;
}
}
someFailed = true;
references.Add(sourceAccounts[i]);
}
}
else
{
sids.Initialize((uint)sourceAccounts.Count, (uint)Marshal.SizeOf(typeof(Win32Native.LSA_TRANSLATED_SID)));
Win32.InitializeReferencedDomainsPointer(referencedDomains);
Win32Native.LSA_REFERENCED_DOMAIN_LIST lsa_referenced_domain_list = referencedDomains.Read <Win32Native.LSA_REFERENCED_DOMAIN_LIST>(0L);
SecurityIdentifier[] identifierArray = new SecurityIdentifier[lsa_referenced_domain_list.Entries];
for (int j = 0; j < lsa_referenced_domain_list.Entries; j++)
{
Win32Native.LSA_TRUST_INFORMATION lsa_trust_information = (Win32Native.LSA_TRUST_INFORMATION)Marshal.PtrToStructure(new IntPtr(((long)lsa_referenced_domain_list.Domains) + (j * Marshal.SizeOf(typeof(Win32Native.LSA_TRUST_INFORMATION)))), typeof(Win32Native.LSA_TRUST_INFORMATION));
identifierArray[j] = new SecurityIdentifier(lsa_trust_information.Sid, true);
}
Win32Native.LSA_TRANSLATED_SID[] lsa_translated_sidArray2 = new Win32Native.LSA_TRANSLATED_SID[sourceAccounts.Count];
sids.ReadArray <Win32Native.LSA_TRANSLATED_SID>(0L, lsa_translated_sidArray2, 0, lsa_translated_sidArray2.Length);
for (int k = 0; k < sourceAccounts.Count; k++)
{
Win32Native.LSA_TRANSLATED_SID lsa_translated_sid2 = lsa_translated_sidArray2[k];
switch (lsa_translated_sid2.Use)
{
case 1:
case 2:
case 4:
case 5:
case 9:
{
references.Add(new SecurityIdentifier(identifierArray[lsa_translated_sid2.DomainIndex], lsa_translated_sid2.Rid));
continue;
}
}
someFailed = true;
references.Add(sourceAccounts[k]);
}
}
break;
default:
for (int m = 0; m < sourceAccounts.Count; m++)
{
references.Add(sourceAccounts[m]);
}
break;
}
references2 = references;
}
finally
{
invalidHandle.Dispose();
referencedDomains.Dispose();
sids.Dispose();
}
return(references2);
}
static void Main(string[] args)
{
// domainSid: WindowsIdentity.GetCurrent().User.AccountDomainSid);
if (args.Length > 0)
{
if (args[0].StartsWith("-?") ||
args[0].StartsWith("-h") ||
args[0].StartsWith("-help") ||
args[0].StartsWith("/?") ||
args[0].StartsWith("/h") ||
args[0].StartsWith("/help"))
{
ShowHelp();
}
else if (Enum.IsDefined(typeof(WellKnownSidType), args[0]))
{
try
{
WellKnownSidType sidType = (WellKnownSidType)Enum.Parse(typeof(WellKnownSidType), args[0], false);
SecurityIdentifier sid = null;
if (args[0].StartsWith("Account"))
{
sid = new SecurityIdentifier(sidType, WindowsIdentity.GetCurrent().User.AccountDomainSid);
}
else
{
sid = new SecurityIdentifier(sidType, null);
}
NTAccount NTUser = (NTAccount)sid.Translate(typeof(System.Security.Principal.NTAccount));
Console.WriteLine("[" + sidType.ToString() + "]");
Console.WriteLine("Name=" + NTUser.ToString());
Console.WriteLine("Shortname=" + NTUser.ToString().Substring(NTUser.ToString().IndexOf("\\")+1));
Console.WriteLine("SID=" + sid.ToString());
Console.WriteLine("IsAccountSid=" + sid.IsAccountSid().ToString().ToUpper());
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
else
{
if (args[0].StartsWith("S-"))
{
try
{
SecurityIdentifier sid = new SecurityIdentifier(args[0]);
NTAccount NTUser = (NTAccount)sid.Translate(typeof(System.Security.Principal.NTAccount));
Console.WriteLine("[" + sid.ToString() + "]");
Console.WriteLine("Name=" + NTUser.ToString());
Console.WriteLine("Shortname=" + NTUser.ToString().Substring(NTUser.ToString().IndexOf("\\") + 1));
Console.WriteLine("SID=" + sid.ToString());
Console.WriteLine("IsAccountSid=" + sid.IsAccountSid().ToString().ToUpper());
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
else
{
try
{
NTAccount NTUser = new NTAccount(args[0]);
SecurityIdentifier sid = (SecurityIdentifier)NTUser.Translate(typeof(SecurityIdentifier));
Console.WriteLine("[" + NTUser.ToString() + "]");
Console.WriteLine("Name=" + NTUser.ToString());
Console.WriteLine("Shortname=" + NTUser.ToString().Substring(NTUser.ToString().IndexOf("\\") + 1));
Console.WriteLine("SID=" + sid.ToString());
Console.WriteLine("IsAccountSid=" + sid.IsAccountSid().ToString().ToUpper());
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
}
}
else
{
ShowHelp();
}
}
private static IdentityReferenceCollection TranslateToSids(IdentityReferenceCollection sourceAccounts, out bool someFailed)
{
if (sourceAccounts == null)
{
throw new ArgumentNullException("sourceAccounts");
}
if (sourceAccounts.Count == 0)
{
throw new ArgumentException(Environment.GetResourceString("Arg_EmptyCollection"), "sourceAccounts");
}
SafeLsaPolicyHandle handle = SafeLsaPolicyHandle.InvalidHandle;
SafeLsaMemoryHandle invalidHandle1 = SafeLsaMemoryHandle.InvalidHandle;
SafeLsaMemoryHandle invalidHandle2 = SafeLsaMemoryHandle.InvalidHandle;
try
{
Win32Native.UNICODE_STRING[] names = new Win32Native.UNICODE_STRING[sourceAccounts.Count];
int index1 = 0;
foreach (IdentityReference sourceAccount in sourceAccounts)
{
NTAccount ntAccount = sourceAccount as NTAccount;
if (ntAccount == (NTAccount)null)
{
throw new ArgumentException(Environment.GetResourceString("Argument_ImproperType"), "sourceAccounts");
}
names[index1].Buffer = ntAccount.ToString();
if (names[index1].Buffer.Length * 2 + 2 > (int)ushort.MaxValue)
{
throw new SystemException();
}
names[index1].Length = (ushort)(names[index1].Buffer.Length * 2);
names[index1].MaximumLength = (ushort)((uint)names[index1].Length + 2U);
++index1;
}
handle = System.Security.Principal.Win32.LsaOpenPolicy((string)null, PolicyRights.POLICY_LOOKUP_NAMES);
someFailed = false;
uint num = !System.Security.Principal.Win32.LsaLookupNames2Supported ? Win32Native.LsaLookupNames(handle, sourceAccounts.Count, names, ref invalidHandle1, ref invalidHandle2) : Win32Native.LsaLookupNames2(handle, 0, sourceAccounts.Count, names, ref invalidHandle1, ref invalidHandle2);
if ((int)num == -1073741801 || (int)num == -1073741670)
{
throw new OutOfMemoryException();
}
if ((int)num == -1073741790)
{
throw new UnauthorizedAccessException();
}
if ((int)num == -1073741709 || (int)num == 263)
{
someFailed = true;
}
else if ((int)num != 0)
{
throw new SystemException(Win32Native.GetMessage(Win32Native.LsaNtStatusToWinError((int)num)));
}
IdentityReferenceCollection referenceCollection = new IdentityReferenceCollection(sourceAccounts.Count);
if ((int)num == 0 || (int)num == 263)
{
if (System.Security.Principal.Win32.LsaLookupNames2Supported)
{
invalidHandle2.Initialize((uint)sourceAccounts.Count, (uint)Marshal.SizeOf(typeof(Win32Native.LSA_TRANSLATED_SID2)));
System.Security.Principal.Win32.InitializeReferencedDomainsPointer(invalidHandle1);
Win32Native.LSA_TRANSLATED_SID2[] array = new Win32Native.LSA_TRANSLATED_SID2[sourceAccounts.Count];
invalidHandle2.ReadArray <Win32Native.LSA_TRANSLATED_SID2>(0UL, array, 0, array.Length);
for (int index2 = 0; index2 < sourceAccounts.Count; ++index2)
{
Win32Native.LSA_TRANSLATED_SID2 lsaTranslatedSiD2 = array[index2];
switch (lsaTranslatedSiD2.Use)
{
case 1:
case 2:
case 4:
case 5:
case 9:
referenceCollection.Add((IdentityReference) new SecurityIdentifier(lsaTranslatedSiD2.Sid, true));
break;
default:
someFailed = true;
referenceCollection.Add(sourceAccounts[index2]);
break;
}
}
}
else
{
invalidHandle2.Initialize((uint)sourceAccounts.Count, (uint)Marshal.SizeOf(typeof(Win32Native.LSA_TRANSLATED_SID)));
System.Security.Principal.Win32.InitializeReferencedDomainsPointer(invalidHandle1);
Win32Native.LSA_REFERENCED_DOMAIN_LIST referencedDomainList = invalidHandle1.Read <Win32Native.LSA_REFERENCED_DOMAIN_LIST>(0UL);
SecurityIdentifier[] securityIdentifierArray = new SecurityIdentifier[referencedDomainList.Entries];
for (int index2 = 0; index2 < referencedDomainList.Entries; ++index2)
{
Win32Native.LSA_TRUST_INFORMATION trustInformation = (Win32Native.LSA_TRUST_INFORMATION)Marshal.PtrToStructure(new IntPtr((long)referencedDomainList.Domains + (long)(index2 * Marshal.SizeOf(typeof(Win32Native.LSA_TRUST_INFORMATION)))), typeof(Win32Native.LSA_TRUST_INFORMATION));
securityIdentifierArray[index2] = new SecurityIdentifier(trustInformation.Sid, true);
}
Win32Native.LSA_TRANSLATED_SID[] array = new Win32Native.LSA_TRANSLATED_SID[sourceAccounts.Count];
invalidHandle2.ReadArray <Win32Native.LSA_TRANSLATED_SID>(0UL, array, 0, array.Length);
for (int index2 = 0; index2 < sourceAccounts.Count; ++index2)
{
Win32Native.LSA_TRANSLATED_SID lsaTranslatedSid = array[index2];
switch (lsaTranslatedSid.Use)
{
case 1:
case 2:
case 4:
case 5:
case 9:
referenceCollection.Add((IdentityReference) new SecurityIdentifier(securityIdentifierArray[lsaTranslatedSid.DomainIndex], lsaTranslatedSid.Rid));
break;
default:
someFailed = true;
referenceCollection.Add(sourceAccounts[index2]);
break;
}
}
}
}
else
{
for (int index2 = 0; index2 < sourceAccounts.Count; ++index2)
{
referenceCollection.Add(sourceAccounts[index2]);
}
}
return(referenceCollection);
}
finally
{
handle.Dispose();
invalidHandle1.Dispose();
invalidHandle2.Dispose();
}
}
private static void GrantRegistryAccess(string key, Prison prison)
{
NTAccount account = new NTAccount(null, prison.User.Username);
var hklm = RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry64);
using (RegistryKey rk = hklm.OpenSubKey(key, RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryRights.FullControl))
{
RegistrySecurity rs = rk.GetAccessControl();
RegistryAccessRule rar = new RegistryAccessRule(
account.ToString(),
RegistryRights.FullControl,
InheritanceFlags.ContainerInherit,
PropagationFlags.None,
AccessControlType.Allow);
rs.AddAccessRule(rar);
rk.SetAccessControl(rs);
}
}
private static IdentityReferenceCollection TranslateToSids(IdentityReferenceCollection sourceAccounts, out bool someFailed)
{
if (sourceAccounts == null)
{
throw new ArgumentNullException("sourceAccounts");
}
if (sourceAccounts.Count == 0)
{
throw new ArgumentException(Environment.GetResourceString("Arg_EmptyCollection"), "sourceAccounts");
}
SafeLsaPolicyHandle safeLsaPolicyHandle = SafeLsaPolicyHandle.InvalidHandle;
SafeLsaMemoryHandle invalidHandle = SafeLsaMemoryHandle.InvalidHandle;
SafeLsaMemoryHandle invalidHandle2 = SafeLsaMemoryHandle.InvalidHandle;
IdentityReferenceCollection result;
try
{
Win32Native.UNICODE_STRING[] array = new Win32Native.UNICODE_STRING[sourceAccounts.Count];
int num = 0;
foreach (IdentityReference identityReference in sourceAccounts)
{
NTAccount ntaccount = identityReference as NTAccount;
if (ntaccount == null)
{
throw new ArgumentException(Environment.GetResourceString("Argument_ImproperType"), "sourceAccounts");
}
array[num].Buffer = ntaccount.ToString();
if (array[num].Buffer.Length * 2 + 2 > 65535)
{
throw new SystemException();
}
array[num].Length = (ushort)(array[num].Buffer.Length * 2);
array[num].MaximumLength = array[num].Length + 2;
num++;
}
safeLsaPolicyHandle = Win32.LsaOpenPolicy(null, PolicyRights.POLICY_LOOKUP_NAMES);
someFailed = false;
uint num2;
if (Win32.LsaLookupNames2Supported)
{
num2 = Win32Native.LsaLookupNames2(safeLsaPolicyHandle, 0, sourceAccounts.Count, array, ref invalidHandle, ref invalidHandle2);
}
else
{
num2 = Win32Native.LsaLookupNames(safeLsaPolicyHandle, sourceAccounts.Count, array, ref invalidHandle, ref invalidHandle2);
}
if (num2 == 3221225495U || num2 == 3221225626U)
{
throw new OutOfMemoryException();
}
if (num2 == 3221225506U)
{
throw new UnauthorizedAccessException();
}
if (num2 == 3221225587U || num2 == 263U)
{
someFailed = true;
}
else if (num2 != 0U)
{
int errorCode = Win32Native.LsaNtStatusToWinError((int)num2);
throw new SystemException(Win32Native.GetMessage(errorCode));
}
IdentityReferenceCollection identityReferenceCollection = new IdentityReferenceCollection(sourceAccounts.Count);
if (num2 == 0U || num2 == 263U)
{
if (Win32.LsaLookupNames2Supported)
{
invalidHandle2.Initialize((uint)sourceAccounts.Count, (uint)Marshal.SizeOf(typeof(Win32Native.LSA_TRANSLATED_SID2)));
Win32.InitializeReferencedDomainsPointer(invalidHandle);
Win32Native.LSA_TRANSLATED_SID2[] array2 = new Win32Native.LSA_TRANSLATED_SID2[sourceAccounts.Count];
invalidHandle2.ReadArray <Win32Native.LSA_TRANSLATED_SID2>(0UL, array2, 0, array2.Length);
int i = 0;
while (i < sourceAccounts.Count)
{
Win32Native.LSA_TRANSLATED_SID2 lsa_TRANSLATED_SID = array2[i];
switch (lsa_TRANSLATED_SID.Use)
{
case 1:
case 2:
case 4:
case 5:
case 9:
identityReferenceCollection.Add(new SecurityIdentifier(lsa_TRANSLATED_SID.Sid, true));
break;
case 3:
case 6:
case 7:
case 8:
goto IL_282;
default:
goto IL_282;
}
IL_294:
i++;
continue;
IL_282:
someFailed = true;
identityReferenceCollection.Add(sourceAccounts[i]);
goto IL_294;
}
}
else
{
invalidHandle2.Initialize((uint)sourceAccounts.Count, (uint)Marshal.SizeOf(typeof(Win32Native.LSA_TRANSLATED_SID)));
Win32.InitializeReferencedDomainsPointer(invalidHandle);
Win32Native.LSA_REFERENCED_DOMAIN_LIST lsa_REFERENCED_DOMAIN_LIST = invalidHandle.Read <Win32Native.LSA_REFERENCED_DOMAIN_LIST>(0UL);
SecurityIdentifier[] array3 = new SecurityIdentifier[lsa_REFERENCED_DOMAIN_LIST.Entries];
for (int j = 0; j < lsa_REFERENCED_DOMAIN_LIST.Entries; j++)
{
Win32Native.LSA_TRUST_INFORMATION lsa_TRUST_INFORMATION = (Win32Native.LSA_TRUST_INFORMATION)Marshal.PtrToStructure(new IntPtr((long)lsa_REFERENCED_DOMAIN_LIST.Domains + (long)(j * Marshal.SizeOf(typeof(Win32Native.LSA_TRUST_INFORMATION)))), typeof(Win32Native.LSA_TRUST_INFORMATION));
array3[j] = new SecurityIdentifier(lsa_TRUST_INFORMATION.Sid, true);
}
Win32Native.LSA_TRANSLATED_SID[] array4 = new Win32Native.LSA_TRANSLATED_SID[sourceAccounts.Count];
invalidHandle2.ReadArray <Win32Native.LSA_TRANSLATED_SID>(0UL, array4, 0, array4.Length);
int k = 0;
while (k < sourceAccounts.Count)
{
Win32Native.LSA_TRANSLATED_SID lsa_TRANSLATED_SID2 = array4[k];
switch (lsa_TRANSLATED_SID2.Use)
{
case 1:
case 2:
case 4:
case 5:
case 9:
identityReferenceCollection.Add(new SecurityIdentifier(array3[lsa_TRANSLATED_SID2.DomainIndex], lsa_TRANSLATED_SID2.Rid));
break;
case 3:
case 6:
case 7:
case 8:
goto IL_3C8;
default:
goto IL_3C8;
}
IL_3DA:
k++;
continue;
IL_3C8:
someFailed = true;
identityReferenceCollection.Add(sourceAccounts[k]);
goto IL_3DA;
}
}
}
else
{
for (int l = 0; l < sourceAccounts.Count; l++)
{
identityReferenceCollection.Add(sourceAccounts[l]);
}
}
result = identityReferenceCollection;
}
finally
{
safeLsaPolicyHandle.Dispose();
invalidHandle.Dispose();
invalidHandle2.Dispose();
}
return(result);
}
