/// <summary> /// Create an LSA account object. /// </summary> /// <param name="sid">The SID of the account.</param> /// <param name="desired_access">The desired access for the account.</param> /// <param name="throw_on_error">True to throw on error.</param> /// <returns>The created account.</returns> public NtResult <LsaAccount> CreateAccount(Sid sid, LsaAccountAccessRights desired_access, bool throw_on_error) { using (var buffer = sid.ToSafeBuffer()) { return(SecurityNativeMethods.LsaCreateAccount(Handle, buffer, desired_access, out SafeLsaHandle handle).CreateResult(throw_on_error, () => new LsaAccount(handle, desired_access, sid))); } }
internal static extern NtStatus LsaOpenAccount( SafeLsaHandle PolicyHandle, SafeSidBufferHandle AccountSid, LsaAccountAccessRights DesiredAccess, out SafeLsaHandle AccountHandle );
internal LsaAccount(SafeLsaHandle handle, LsaAccountAccessRights granted_access, Sid sid) : base(handle, granted_access, LsaPolicyUtils.LSA_ACCOUNT_NT_TYPE_NAME, $"LSA Account ({sid})") { Sid = sid; }
/// <summary> /// Enumerate and open accessible account objects in policy. /// </summary> /// <param name="desired_access">The desired access for the opened accounts.</param> public IReadOnlyList <LsaAccount> OpenAccessibleAccounts(LsaAccountAccessRights desired_access) { return(OpenAccessibleAccounts(desired_access, true).Result); }
/// <summary> /// Enumerate and open accessible account objects in policy. /// </summary> /// <param name="desired_access">The desired access for the opened accounts.</param> /// <param name="throw_on_error">True to throw on error.</param> /// <returns>The list of accessible accounts.</returns> public NtResult <IReadOnlyList <LsaAccount> > OpenAccessibleAccounts(LsaAccountAccessRights desired_access, bool throw_on_error) { return(EnumerateAccounts(throw_on_error).Map <IReadOnlyList <LsaAccount> >(e => e.Select( s => OpenAccount(s, desired_access, false).GetResultOrDefault()).Where(a => a != null).ToList().AsReadOnly())); }
/// <summary> /// Create an LSA account object. /// </summary> /// <param name="sid">The SID of the account.</param> /// <param name="desired_access">The desired access for the account.</param> /// <returns>The created account.</returns> public LsaAccount CreateAccount(Sid sid, LsaAccountAccessRights desired_access) { return(CreateAccount(sid, desired_access, true).Result); }