internal static extern NtStatus LsaLookupSids(
SafeLsaHandle PolicyHandle,
int Count,
IntPtr[] Sids,
out SafeLsaMemoryBuffer ReferencedDomains,
out SafeLsaMemoryBuffer Names
);
/// <summary>
/// Add a SID to name mapping with LSA.
/// </summary>
/// <param name="domain">The domain name for the SID. The SID must be in the NT authority.</param>
/// <param name="name">The account name for the SID. Can be null for a domain SID.</param>
/// <param name="sid">The SID to add.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The NT status result.</returns>
public static NtStatus AddSidNameMapping(string domain, string name, Sid sid, bool throw_on_error)
{
using (var sid_buffer = sid.ToSafeBuffer())
{
LSA_SID_NAME_MAPPING_OPERATION_ADD_INPUT input = new LSA_SID_NAME_MAPPING_OPERATION_ADD_INPUT
{
Sid = sid_buffer.DangerousGetHandle(),
DomainName = new UnicodeStringIn(domain)
};
if (!string.IsNullOrEmpty(name))
{
input.AccountName = new UnicodeStringIn(name);
}
using (var input_buffer = input.ToBuffer())
{
SafeLsaMemoryBuffer output = null;
try
{
return(SecurityNativeMethods.LsaManageSidNameMapping(LSA_SID_NAME_MAPPING_OPERATION_TYPE.LsaSidNameMappingOperation_Add,
input_buffer, out output).ToNtException(throw_on_error));
}
finally
{
output?.Dispose();
}
}
}
}
/// <summary>
/// Remove a SID to name mapping with LSA.
/// </summary>
/// <param name="domain">The domain name for the SID.</param>
/// <param name="name">The account name for the SID. Can be null for a domain SID.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The NT status result.</returns>
public static NtStatus RemoveSidNameMapping(string domain, string name, bool throw_on_error)
{
LSA_SID_NAME_MAPPING_OPERATION_REMOVE_INPUT input = new LSA_SID_NAME_MAPPING_OPERATION_REMOVE_INPUT
{
DomainName = new UnicodeStringIn(domain)
};
if (name != null)
{
input.AccountName = new UnicodeStringIn(name);
}
using (var input_buffer = input.ToBuffer())
{
SafeLsaMemoryBuffer output = null;
try
{
return(SecurityNativeMethods.LsaManageSidNameMapping(LSA_SID_NAME_MAPPING_OPERATION_TYPE.LsaSidNameMappingOperation_Remove,
input_buffer, out output).ToNtException(throw_on_error));
}
finally
{
output?.Dispose();
}
}
}
internal static extern NtStatus LsaQuerySecret(
SafeLsaHandle SecretHandle,
out SafeLsaMemoryBuffer CurrentValue,
LargeInteger CurrentValueSetTime,
out SafeLsaMemoryBuffer OldValue,
LargeInteger OldValueSetTime
);
internal static extern NtStatus LsaEnumerateAccounts(
SafeLsaHandle PolicyHandle,
ref int EnumerationContext,
out SafeLsaMemoryBuffer EnumerationBuffer, // PLSAPR_ACCOUNT_INFORMATION
int PreferedMaximumLength,
out int EntriesRead
);
internal LsaSecretValue(SafeLsaMemoryBuffer current_value, LargeInteger current_value_set_time,
SafeLsaMemoryBuffer old_value, LargeInteger old_value_set_time)
{
if (!current_value.IsInvalid)
{
CurrentValue = current_value.GetUnicodeString().ToArray();
CurrentValueSetTime = current_value_set_time.ToDateTime();
}
else
{
CurrentValue = new byte[0];
CurrentValueSetTime = DateTime.MinValue;
}
if (!old_value.IsInvalid)
{
OldValue = old_value.GetUnicodeString().ToArray();
OldValueSetTime = old_value_set_time.ToDateTime();
}
else
{
OldValue = new byte[0];
OldValueSetTime = DateTime.MinValue;
}
}
internal static extern NtStatus LsaEnumerateTrustedDomainsEx(
SafeLsaHandle PolicyHandle,
ref int EnumerationContext,
out SafeLsaMemoryBuffer Buffer,
int PreferedMaximumLength,
out int CountReturned
);
private static IReadOnlyList <string> ParseRights(SafeLsaMemoryBuffer buffer, int count)
{
using (buffer)
{
buffer.Initialize <UnicodeStringOut>((uint)count);
return(buffer.ReadArray <UnicodeStringOut>(0, count).Select(n => n.ToString()).ToList().AsReadOnly());
}
}
private LsaTrustedDomainInformation QueryDomainInfo(SafeLsaMemoryBuffer buffer)
{
using (buffer)
{
buffer.Initialize <TRUSTED_DOMAIN_INFORMATION_EX>(1);
return(new LsaTrustedDomainInformation(buffer.Read <TRUSTED_DOMAIN_INFORMATION_EX>(0)));
}
}
internal static extern NtStatus LsaLookupNames2(
SafeLsaHandle PolicyHandle,
LsaLookupNameOptionFlags Flags,
int Count,
UnicodeStringIn[] Names,
out SafeLsaMemoryBuffer ReferencedDomains,
out SafeLsaMemoryBuffer Sids // PLSA_TRANSLATED_SID
);
private IReadOnlyList <TokenPrivilege> GetPrivileges(SafeLsaMemoryBuffer buffer)
{
using (buffer)
{
buffer.Initialize <PrivilegeSet>(1);
SafePrivilegeSetBuffer priv_set = new SafePrivilegeSetBuffer(buffer.DangerousGetHandle(), buffer.Read <PrivilegeSet>(0).PrivilegeCount);
return(priv_set.GetPrivileges(SystemName).ToList().AsReadOnly());
}
}
private static List <Sid> ParseSids(SafeLsaMemoryBuffer buffer, int count)
{
using (buffer) {
buffer.Initialize <LSA_ENUMERATION_INFORMATION>((uint)count);
LSA_ENUMERATION_INFORMATION[] ss = new LSA_ENUMERATION_INFORMATION[count];
buffer.ReadArray(0, ss, 0, count);
return(ss.Select(s => new Sid(s.Sid)).ToList());
}
}
private static IReadOnlyList <SidName> GetSidNameSids(string[] names, SafeLsaMemoryBuffer domains, SafeLsaMemoryBuffer sids)
{
using (SafeBufferGeneric a = domains, b = sids)
{
List <SidName> ret = new List <SidName>();
domains.Initialize <LSA_REFERENCED_DOMAIN_LIST>(1);
sids.Initialize <LSA_TRANSLATED_SID2>((uint)names.Length);
var domain_list = domains.Read <LSA_REFERENCED_DOMAIN_LIST>(0);
var domains_entries = NtProcess.Current.ReadMemoryArray <LSA_TRUST_INFORMATION>(domain_list.Domains.ToInt64(), domain_list.Entries);
var sid_list = sids.ReadArray <LSA_TRANSLATED_SID2>(0, names.Length);
for (int i = 0; i < names.Length; ++i)
{
ret.Add(new SidName(sid_list[i].GetSid(), sid_list[i].GetDomain(domains_entries),
names[i], SidNameSource.Account, sid_list[i].Use, false));
}
return(ret.AsReadOnly());
}
}
private static IEnumerable <SidName> GetSidNames(Sid[] sids, SafeLsaMemoryBuffer domains, SafeLsaMemoryBuffer names)
{
List <SidName> ret = new List <SidName>();
domains.Initialize <LSA_REFERENCED_DOMAIN_LIST>(1);
names.Initialize <LSA_TRANSLATED_NAME>((uint)sids.Length);
var domain_list = domains.Read <LSA_REFERENCED_DOMAIN_LIST>(0);
var domains_entries = NtProcess.Current.ReadMemoryArray <LSA_TRUST_INFORMATION>(domain_list.Domains.ToInt64(), domain_list.Entries);
var name_list = names.ReadArray <LSA_TRANSLATED_NAME>(0, sids.Length);
for (int i = 0; i < sids.Length; ++i)
{
var name = name_list[i];
ret.Add(new SidName(sids[i], name.GetDomain(domains_entries),
name.GetName(), SidNameSource.Account, name.Use, false));
}
return(ret.AsReadOnly());
}
internal static extern NtStatus LsaQueryCAPs(
IntPtr CAPIDs,
int CAPIDCount,
out SafeLsaMemoryBuffer CAPs,
out uint CAPCount
);
internal static extern NtStatus LsaEnumeratePrivilegesOfAccount(
SafeLsaHandle AccountHandle,
out SafeLsaMemoryBuffer Privileges // PPRIVILEGE_SET
);
internal static extern NtStatus LsaRetrievePrivateData(
SafeLsaHandle PolicyHandle,
[In] UnicodeString KeyName,
out SafeLsaMemoryBuffer PrivateData // PLSA_UNICODE_STRING
);
internal static extern NtStatus LsaManageSidNameMapping(
LSA_SID_NAME_MAPPING_OPERATION_TYPE OperationType,
SafeBuffer OperationInput,
out SafeLsaMemoryBuffer OperationOutput
);
internal static extern NtStatus LsaQueryTrustedDomainInfoByName(
SafeLsaHandle PolicyHandle,
UnicodeString TrustedDomainName,
TRUSTED_INFORMATION_CLASS InformationClass,
out SafeLsaMemoryBuffer Buffer
);
internal static extern NtStatus LsaQueryInfoTrustedDomain(
SafeLsaHandle TrustedDomainHandle,
TRUSTED_INFORMATION_CLASS InformationClass,
out SafeLsaMemoryBuffer Buffer
);
internal static extern NtStatus LsaGetAppliedCAPIDs(
UnicodeString SystemName,
out SafeLsaMemoryBuffer CAPIDs,
out int CAPIDCount
);
private static IEnumerable <AccountRight> ParseRights(SafeLsaHandle policy, string system_name, SafeLsaMemoryBuffer buffer, int count)
{
using (buffer)
{
buffer.Initialize <UnicodeStringOut>((uint)count);
UnicodeStringOut[] ss = new UnicodeStringOut[count];
buffer.ReadArray(0, ss, 0, count);
return(ss.Select(s => new AccountRight(system_name, s.ToString(),
GetSids(policy, s.ToString(), false).GetResultOrDefault())).ToList());
}
}
internal static extern NtStatus LsaQueryTrustedDomainInfo(
SafeLsaHandle PolicyHandle,
SafeSidBufferHandle TrustedDomainSid,
TRUSTED_INFORMATION_CLASS InformationClass,
out SafeLsaMemoryBuffer Buffer
);
internal static extern NtStatus LsaEnumerateAccountRights(
SafeLsaHandle PolicyHandle,
SafeSidBufferHandle AccountSid,
out SafeLsaMemoryBuffer UserRights,
out int CountOfRights
);
internal static extern NtStatus LsaQuerySecurityObject(
SafeLsaHandle ObjectHandle,
SecurityInformation SecurityInformation,
out SafeLsaMemoryBuffer SecurityDescriptor
);
internal static extern NtStatus LsaEnumerateAccountsWithUserRight(
SafeLsaHandle PolicyHandle,
UnicodeString UserRight,
out SafeLsaMemoryBuffer Buffer,
out int CountReturned
);