IEnumerable <string> FetchSchedulerGroups() { var privileges = new LSA_UNICODE_STRING[1]; privileges[0] = InitLsaString("SeBatchLogonRight"); var ret = Win32Sec.LsaEnumerateAccountsWithUserRight(lsaHandle, privileges, out LSA_HANDLE buffer, out ulong count); var accounts = new List <String>(); if (ret == 0) { var LsaInfo = new LSA_ENUMERATION_INFORMATION[count]; var myLsaus = new LSA_ENUMERATION_INFORMATION(); for (ulong i = 0; i < count; i++) { var itemAddr = new IntPtr(buffer.ToInt64() + (long)(i * (ulong)Marshal.SizeOf(myLsaus))); LsaInfo[i] = (LSA_ENUMERATION_INFORMATION)Marshal.PtrToStructure(itemAddr, myLsaus.GetType()); var SID = new SecurityIdentifier(LsaInfo[i].PSid); accounts.Add(ResolveAccountName(SID)); } } return(accounts); }
public bool IsWindowsAuthorised(string privilege, string userName) { bool windowsAuthorised = false; userName = CleanUser(userName); var privileges = new LSA_UNICODE_STRING[1]; privileges[0] = InitLsaString(privilege); IntPtr buffer; ulong count; uint ret = Win32Sec.LsaEnumerateAccountsWithUserRight(lsaHandle, privileges, out buffer, out count); var Accounts = new List <String>(); if (ret == 0) { var LsaInfo = new LSA_ENUMERATION_INFORMATION[count]; LSA_ENUMERATION_INFORMATION myLsaus = new LSA_ENUMERATION_INFORMATION(); for (ulong i = 0; i < count; i++) { IntPtr itemAddr = new IntPtr(buffer.ToInt64() + (long)(i * (ulong)Marshal.SizeOf(myLsaus))); LsaInfo[i] = (LSA_ENUMERATION_INFORMATION)Marshal.PtrToStructure(itemAddr, myLsaus.GetType()); var SID = new SecurityIdentifier(LsaInfo[i].PSid); Accounts.Add(ResolveAccountName(SID)); } try { var wp = new WindowsPrincipal(new WindowsIdentity(userName)); foreach (string account in Accounts) { if (wp.IsInRole(account)) { windowsAuthorised = true; } } return(windowsAuthorised); } catch (Exception) { var localGroups = GetLocalUserGroupsForTaskSchedule(userName); var intersection = localGroups.Intersect(Accounts); return(intersection.Any()); } } return(false); }
public bool IsWindowsAuthorised(string privilege, string userName) { var windowsAuthorised = false; var username = CleanUser(userName); var privileges = new LSA_UNICODE_STRING[1]; privileges[0] = InitLsaString(privilege); var ret = Win32Sec.LsaEnumerateAccountsWithUserRight(lsaHandle, privileges, out LSA_HANDLE buffer, out ulong count); var Accounts = new List <String>(); if (ret == 0) { var LsaInfo = new LSA_ENUMERATION_INFORMATION[count]; var myLsaus = new LSA_ENUMERATION_INFORMATION(); for (ulong i = 0; i < count; i++) { var itemAddr = new IntPtr(buffer.ToInt64() + (long)(i * (ulong)Marshal.SizeOf(myLsaus))); LsaInfo[i] = (LSA_ENUMERATION_INFORMATION)Marshal.PtrToStructure(itemAddr, myLsaus.GetType()); var SID = new SecurityIdentifier(LsaInfo[i].PSid); Accounts.Add(ResolveAccountName(SID)); } try { return(IsWindowsAuthorised(username, ref windowsAuthorised, Accounts)); } catch (Exception) { var localGroups = GetLocalUserGroupsForTaskSchedule(username); var intersection = localGroups.Intersect(Accounts); return(intersection.Any(s => !s.Equals(Environment.MachineName + "\\" + username, StringComparison.InvariantCultureIgnoreCase))); } } return(false); }
private IEnumerable<string> FetchSchedulerGroups() { var privileges = new LSA_UNICODE_STRING[1]; privileges[0] = InitLsaString("SeBatchLogonRight"); IntPtr buffer; ulong count; uint ret = Win32Sec.LsaEnumerateAccountsWithUserRight(lsaHandle, privileges, out buffer, out count); var accounts = new List<String>(); if (ret == 0) { var LsaInfo = new LSA_ENUMERATION_INFORMATION[count]; LSA_ENUMERATION_INFORMATION myLsaus = new LSA_ENUMERATION_INFORMATION(); for (ulong i = 0; i < count; i++) { IntPtr itemAddr = new IntPtr(buffer.ToInt64() + (long)(i * (ulong)Marshal.SizeOf(myLsaus))); LsaInfo[i] = (LSA_ENUMERATION_INFORMATION)Marshal.PtrToStructure(itemAddr, myLsaus.GetType()); var SID = new SecurityIdentifier(LsaInfo[i].PSid); accounts.Add(ResolveAccountName(SID)); } } return accounts; }
public bool IsWindowsAuthorised(string privilege, string userName) { bool windowsAuthorised = false; userName = CleanUser(userName); var privileges = new LSA_UNICODE_STRING[1]; privileges[0] = InitLsaString(privilege); IntPtr buffer; ulong count; uint ret = Win32Sec.LsaEnumerateAccountsWithUserRight(lsaHandle, privileges, out buffer, out count); var Accounts = new List<String>(); if (ret == 0) { var LsaInfo = new LSA_ENUMERATION_INFORMATION[count]; LSA_ENUMERATION_INFORMATION myLsaus = new LSA_ENUMERATION_INFORMATION(); for (ulong i = 0; i < count; i++) { IntPtr itemAddr = new IntPtr(buffer.ToInt64() + (long)(i * (ulong)Marshal.SizeOf(myLsaus))); LsaInfo[i] = (LSA_ENUMERATION_INFORMATION)Marshal.PtrToStructure(itemAddr, myLsaus.GetType()); var SID = new SecurityIdentifier(LsaInfo[i].PSid); Accounts.Add(ResolveAccountName(SID)); } try { var wp = new WindowsPrincipal(new WindowsIdentity(userName)); foreach (string account in Accounts) { if (wp.IsInRole(account)) { windowsAuthorised = true; } } return windowsAuthorised; } catch (Exception) { var localGroups = GetLocalUserGroupsForTaskSchedule(userName); var intersection = localGroups.Intersect(Accounts); return intersection.Any(); } } return false; }
private List <string> GetAccountsWithPrivilege(string privilege) { var privileges = new LSA_UNICODE_STRING[1]; privileges[0] = InitLsaString(privilege); var gotAccounts = Win32Sec.LsaEnumerateAccountsWithUserRight(_lsaHandle, privileges, out LSA_HANDLE buffer, out ulong count) == 0; var accountNames = new List <string>(); if (gotAccounts) { var LsaInfo = new LSA_ENUMERATION_INFORMATION[count]; var myLsaus = new LSA_ENUMERATION_INFORMATION(); for (ulong i = 0; i < count; i++) { var itemAddr = new IntPtr(buffer.ToInt64() + (long)(i * (ulong)Marshal.SizeOf(myLsaus))); LsaInfo[i] = (LSA_ENUMERATION_INFORMATION)Marshal.PtrToStructure(itemAddr, myLsaus.GetType()); var sid = new SecurityIdentifier(LsaInfo[i].PSid); accountNames.Add(ResolveAccountName(sid)); } } return(accountNames); }