| static private CreateWellKnownSid ( WellKnownSidType sidType, System.Security.Principal.SecurityIdentifier domainSid, byte &resultSid ) : int | ||
| sidType | WellKnownSidType | |
| domainSid | System.Security.Principal.SecurityIdentifier | |
| resultSid | byte | |
| return | int | |
public SecurityIdentifier(WellKnownSidType sidType, SecurityIdentifier domainSid)
{
if (sidType == WellKnownSidType.LogonIdsSid)
{
throw new ArgumentException(Environment.GetResourceString("IdentityReference_CannotCreateLogonIdsSid"), "sidType");
}
if (!Win32.WellKnownSidApisSupported)
{
throw new PlatformNotSupportedException(Environment.GetResourceString("PlatformNotSupported_RequiresW2kSP3"));
}
if (sidType < WellKnownSidType.NullSid || sidType > WellKnownSidType.WinBuiltinTerminalServerLicenseServersSid)
{
throw new ArgumentException(Environment.GetResourceString("Argument_InvalidValue"), "sidType");
}
if (sidType >= WellKnownSidType.AccountAdministratorSid && sidType <= WellKnownSidType.AccountRasAndIasServersSid)
{
if (domainSid == null)
{
throw new ArgumentNullException("domainSid", Environment.GetResourceString("IdentityReference_DomainSidRequired", new object[]
{
sidType
}));
}
SecurityIdentifier left;
int windowsAccountDomainSid = Win32.GetWindowsAccountDomainSid(domainSid, out left);
if (windowsAccountDomainSid == 122)
{
throw new OutOfMemoryException();
}
if (windowsAccountDomainSid == 1257)
{
throw new ArgumentException(Environment.GetResourceString("IdentityReference_NotAWindowsDomain"), "domainSid");
}
if (windowsAccountDomainSid != 0)
{
throw new SystemException(Win32Native.GetMessage(windowsAccountDomainSid));
}
if (left != domainSid)
{
throw new ArgumentException(Environment.GetResourceString("IdentityReference_NotAWindowsDomain"), "domainSid");
}
}
byte[] binaryForm;
int num = Win32.CreateWellKnownSid(sidType, domainSid, out binaryForm);
if (num == 87)
{
throw new ArgumentException(Win32Native.GetMessage(num), "sidType/domainSid");
}
if (num != 0)
{
throw new SystemException(Win32Native.GetMessage(num));
}
this.CreateFromBinaryForm(binaryForm, 0);
}
public SecurityIdentifier(WellKnownSidType sidType, SecurityIdentifier domainSid)
{
byte[] buffer;
if (sidType == WellKnownSidType.LogonIdsSid)
{
throw new ArgumentException(Environment.GetResourceString("IdentityReference_CannotCreateLogonIdsSid"), "sidType");
}
if (!Win32.WellKnownSidApisSupported)
{
throw new PlatformNotSupportedException(Environment.GetResourceString("PlatformNotSupported_RequiresW2kSP3"));
}
if ((sidType < WellKnownSidType.NullSid) || (sidType > WellKnownSidType.WinBuiltinTerminalServerLicenseServersSid))
{
throw new ArgumentException(Environment.GetResourceString("Argument_InvalidValue"), "sidType");
}
if ((sidType >= WellKnownSidType.AccountAdministratorSid) && (sidType <= WellKnownSidType.AccountRasAndIasServersSid))
{
SecurityIdentifier identifier;
if (domainSid == null)
{
throw new ArgumentNullException("domainSid", Environment.GetResourceString("IdentityReference_DomainSidRequired", new object[] { sidType }));
}
int windowsAccountDomainSid = Win32.GetWindowsAccountDomainSid(domainSid, out identifier);
switch (windowsAccountDomainSid)
{
case 0x7a:
throw new OutOfMemoryException();
case 0x4e9:
throw new ArgumentException(Environment.GetResourceString("IdentityReference_NotAWindowsDomain"), "domainSid");
}
if (windowsAccountDomainSid != 0)
{
throw new SystemException(Win32Native.GetMessage(windowsAccountDomainSid));
}
if (identifier != domainSid)
{
throw new ArgumentException(Environment.GetResourceString("IdentityReference_NotAWindowsDomain"), "domainSid");
}
}
int errorCode = Win32.CreateWellKnownSid(sidType, domainSid, out buffer);
if (errorCode == 0x57)
{
throw new ArgumentException(Win32Native.GetMessage(errorCode), "sidType/domainSid");
}
if (errorCode != 0)
{
throw new SystemException(Win32Native.GetMessage(errorCode));
}
this.CreateFromBinaryForm(buffer, 0);
}
//
// Constructs a well-known SID
// The 'domainSid' parameter is optional and only used
// by the well-known types that require it
// NOTE: although there is a P/Invoke call involved in the implementation of this constructor,
// there is no security risk involved, so no security demand is being made.
//
public SecurityIdentifier(WellKnownSidType sidType, SecurityIdentifier domainSid)
{
//
// sidType must not be equal to LogonIdsSid
//
if (sidType == WellKnownSidType.LogonIdsSid)
{
throw new ArgumentException(SR.IdentityReference_CannotCreateLogonIdsSid, "sidType");
}
Contract.EndContractBlock();
byte[] resultSid;
int Error;
//
// sidType should not exceed the max defined value
//
if ((sidType < WellKnownSidType.NullSid) || (sidType > WellKnownSidType.MaxDefined))
{
throw new ArgumentException(SR.Argument_InvalidValue, "sidType");
}
//
// for sidType between 38 to 50, the domainSid parameter must be specified
//
if ((sidType >= WellKnownSidType.AccountAdministratorSid) && (sidType <= WellKnownSidType.AccountRasAndIasServersSid))
{
if (domainSid == null)
{
throw new ArgumentNullException("domainSid", SR.Format(SR.IdentityReference_DomainSidRequired, sidType));
}
//
// verify that the domain sid is a valid windows domain sid
// to do that we call GetAccountDomainSid and the return value should be the same as the domainSid
//
SecurityIdentifier resultDomainSid;
int ErrorCode;
ErrorCode = Win32.GetWindowsAccountDomainSid(domainSid, out resultDomainSid);
if (ErrorCode == Interop.mincore.Errors.ERROR_INSUFFICIENT_BUFFER)
{
throw new OutOfMemoryException();
}
else if (ErrorCode == Interop.mincore.Errors.ERROR_NON_ACCOUNT_SID)
{
// this means that the domain sid is not valid
throw new ArgumentException(SR.IdentityReference_NotAWindowsDomain, "domainSid");
}
else if (ErrorCode != Interop.mincore.Errors.ERROR_SUCCESS)
{
Debug.Assert(false, string.Format(CultureInfo.InvariantCulture, "Win32.GetWindowsAccountDomainSid returned unrecognized error {0}", ErrorCode));
throw new Win32Exception(ErrorCode);
}
//
// if domainSid is passed in as S-1-5-21-3-4-5-6, the above api will return S-1-5-21-3-4-5 as the domainSid
// Since these do not match S-1-5-21-3-4-5-6 is not a valid domainSid (wrong number of subauthorities)
//
if (resultDomainSid != domainSid)
{
throw new ArgumentException(SR.IdentityReference_NotAWindowsDomain, "domainSid");
}
}
Error = Win32.CreateWellKnownSid(sidType, domainSid, out resultSid);
if (Error == Interop.mincore.Errors.ERROR_INVALID_PARAMETER)
{
throw new ArgumentException(new Win32Exception(Error).Message, "sidType/domainSid");
}
else if (Error != Interop.mincore.Errors.ERROR_SUCCESS)
{
Debug.Assert(false, string.Format(CultureInfo.InvariantCulture, "Win32.CreateWellKnownSid returned unrecognized error {0}", Error));
throw new Win32Exception(Error);
}
CreateFromBinaryForm(resultSid, 0);
}
//
// Constructs a well-known SID
// The 'domainSid' parameter is optional and only used
// by the well-known types that require it
// NOTE: although there is a P/Invoke call involved in the implementation of this constructor,
// there is no security risk involved, so no security demand is being made.
//
public SecurityIdentifier(WellKnownSidType sidType, SecurityIdentifier?domainSid)
{
//
// sidType must not be equal to LogonIdsSid
//
if (sidType == WellKnownSidType.LogonIdsSid)
{
throw new ArgumentException(SR.IdentityReference_CannotCreateLogonIdsSid, nameof(sidType));
}
//
// sidType should not exceed the max defined value
//
if ((sidType < WellKnownSidType.NullSid) || (sidType > WellKnownSidType.WinCapabilityRemovableStorageSid))
{
throw new ArgumentException(SR.Argument_InvalidValue, nameof(sidType));
}
//
// for sidType between 38 to 50, the domainSid parameter must be specified
//
int error;
if ((sidType >= WellKnownSidType.AccountAdministratorSid) && (sidType <= WellKnownSidType.AccountRasAndIasServersSid))
{
if (domainSid == null)
{
throw new ArgumentNullException(nameof(domainSid), SR.Format(SR.IdentityReference_DomainSidRequired, sidType));
}
//
// verify that the domain sid is a valid windows domain sid
// to do that we call GetAccountDomainSid and the return value should be the same as the domainSid
//
error = Win32.GetWindowsAccountDomainSid(domainSid, out SecurityIdentifier? resultDomainSid);
if (error == Interop.Errors.ERROR_INSUFFICIENT_BUFFER)
{
throw new OutOfMemoryException();
}
else if (error == Interop.Errors.ERROR_NON_ACCOUNT_SID)
{
// this means that the domain sid is not valid
throw new ArgumentException(SR.IdentityReference_NotAWindowsDomain, nameof(domainSid));
}
else if (error != Interop.Errors.ERROR_SUCCESS)
{
Debug.Fail($"Win32.GetWindowsAccountDomainSid returned unrecognized error {error}");
throw new Win32Exception(error);
}
//
// if domainSid is passed in as S-1-5-21-3-4-5-6, the above api will return S-1-5-21-3-4-5 as the domainSid
// Since these do not match S-1-5-21-3-4-5-6 is not a valid domainSid (wrong number of subauthorities)
//
if (resultDomainSid != domainSid)
{
throw new ArgumentException(SR.IdentityReference_NotAWindowsDomain, nameof(domainSid));
}
}
error = Win32.CreateWellKnownSid(sidType, domainSid, out byte[]? resultSid);
if (error == Interop.Errors.ERROR_INVALID_PARAMETER)
{
#pragma warning disable CA2208 // Instantiate argument exceptions correctly, combination of arguments used
throw new ArgumentException(new Win32Exception(error).Message, "sidType/domainSid");
#pragma warning restore CS2208
}
else if (error != Interop.Errors.ERROR_SUCCESS)
{
Debug.Fail($"Win32.CreateWellKnownSid returned unrecognized error {error}");
throw new Win32Exception(error);
}
CreateFromBinaryForm(resultSid !, 0);
}
