private protected LsaObject(SafeLsaHandle handle, AccessMask granted_access, string type_name, string object_name) { _handle = handle; _granted_access = granted_access; NtType = NtType.GetTypeByName(type_name); ObjectName = object_name; }
private LsaSecurityAccessRights GetSystemAccess(SafeLsaHandle hAcct) { int rights; ThrowIfLsaError(LsaGetSystemAccessAccount(hAcct, out rights)); return((LsaSecurityAccessRights)rights); }
internal static NtStatus RemoveAccountRights(string system_name, Sid sid, bool remove_all, IEnumerable <string> account_rights, bool throw_on_error) { if (sid is null) { throw new ArgumentNullException(nameof(sid)); } if (account_rights is null) { throw new ArgumentNullException(nameof(account_rights)); } var rights = account_rights.Select(s => new UnicodeStringIn(s)).ToArray(); if (!account_rights.Any()) { return(NtStatus.STATUS_SUCCESS); } using (var policy = SafeLsaHandle.OpenPolicy(system_name, LsaPolicyAccessRights.LookupNames, throw_on_error)) { if (!policy.IsSuccess) { return(policy.Status); } using (var sid_buffer = sid.ToSafeBuffer()) { return(SecurityNativeMethods.LsaRemoveAccountRights(policy.Result, sid_buffer, remove_all, rights, rights.Length).ToNtException(throw_on_error)); } } }
internal LsaTrustedDomain(SafeLsaHandle handle, LsaTrustedDomainAccessRights granted_access, string name, Sid sid, LsaTrustedDomainInformation domain_info, string system_name) : base(handle, granted_access, LsaPolicyUtils.LSA_TRUSTED_DOMAIN_NT_TYPE_NAME, $"LSA Trusted Domain ({(name ?? domain_info.Name)})", system_name) { _domain_info = domain_info; Sid = sid ?? domain_info.Sid; Name = name ?? domain_info.Name; }
private static NtResult <IEnumerable <SidName> > LookupSids2(string system_name, Sid[] sids, LsaLookupOptions options, bool throw_on_error) { using (var policy = SafeLsaHandle.OpenPolicy(system_name, Policy.LsaPolicyAccessRights.LookupNames, throw_on_error)) { if (!policy.IsSuccess) { return(policy.Cast <IEnumerable <SidName> >()); } using (var list = new DisposableList()) { var sid_ptrs = sids.Select(s => list.AddSid(s).DangerousGetHandle()).ToArray(); var status = SecurityNativeMethods.LsaLookupSids2(policy.Result, options, sid_ptrs.Length, sid_ptrs, out SafeLsaMemoryBuffer domains, out SafeLsaMemoryBuffer names); if (!status.IsSuccess()) { if (status == NtStatus.STATUS_NONE_MAPPED) { list.Add(domains); list.Add(names); } return(status.CreateResultFromError <IEnumerable <SidName> >(throw_on_error)); } return(GetSidNames(sids, domains, names).CreateResult()); } } }
internal static extern NtStatus LsaQuerySecret( SafeLsaHandle SecretHandle, out SafeLsaMemoryBuffer CurrentValue, LargeInteger CurrentValueSetTime, out SafeLsaMemoryBuffer OldValue, LargeInteger OldValueSetTime );
internal static extern NtStatus LsaEnumerateAccounts( SafeLsaHandle PolicyHandle, ref int EnumerationContext, out SafeLsaMemoryBuffer EnumerationBuffer, // PLSAPR_ACCOUNT_INFORMATION int PreferedMaximumLength, out int EntriesRead );
/// <summary> /// Retried LSA privilege data. /// </summary> /// <param name="system_name">The system containing the LSA instance.</param> /// <param name="keyname">The name of the key.</param> /// <param name="throw_on_error">True to throw on error.</param> /// <returns>The private data as bytes.</returns> public static NtResult <byte[]> LsaRetrievePrivateData(string system_name, string keyname, bool throw_on_error) { if (keyname is null) { throw new ArgumentNullException(nameof(keyname)); } using (var policy = SafeLsaHandle.OpenPolicy(system_name, Policy.LsaPolicyAccessRights.GetPrivateInformation, throw_on_error)) { if (!policy.IsSuccess) { return(policy.Cast <byte[]>()); } NtStatus status = SecurityNativeMethods.LsaRetrievePrivateData(policy.Result, new UnicodeString(keyname), out SafeLsaMemoryBuffer data); if (!status.IsSuccess()) { return(status.CreateResultFromError <byte[]>(throw_on_error)); } using (data) { data.Initialize <UnicodeStringOut>(1); return(data.Read <UnicodeStringOut>(0).ToArray().CreateResult()); } } }
internal static extern NtStatus LsaEnumerateTrustedDomainsEx( SafeLsaHandle PolicyHandle, ref int EnumerationContext, out SafeLsaMemoryBuffer Buffer, int PreferedMaximumLength, out int CountReturned );
internal static extern NtStatus LsaLookupSids( SafeLsaHandle PolicyHandle, int Count, IntPtr[] Sids, out SafeLsaMemoryBuffer ReferencedDomains, out SafeLsaMemoryBuffer Names );
internal static extern NtStatus LsaRemoveAccountRights( SafeLsaHandle PolicyHandle, SafeSidBufferHandle AccountSid, [MarshalAs(UnmanagedType.U1)] bool AllRights, [In] UnicodeStringIn[] UserRights, int CountOfRights );
internal static extern NtStatus LsaLookupNames2( SafeLsaHandle PolicyHandle, LsaLookupNameOptionFlags Flags, int Count, UnicodeStringIn[] Names, out SafeLsaMemoryBuffer ReferencedDomains, out SafeLsaMemoryBuffer Sids // PLSA_TRANSLATED_SID );
private static IEnumerable <AccountRight> ParseRights(SafeLsaHandle policy, string system_name, SafeLsaMemoryBuffer buffer, int count) { using (buffer) { buffer.Initialize <UnicodeStringOut>((uint)count); UnicodeStringOut[] ss = new UnicodeStringOut[count]; buffer.ReadArray(0, ss, 0, count); return(ss.Select(s => new AccountRight(system_name, s.ToString(), GetSids(policy, s.ToString(), false).GetResultOrDefault())).ToList()); } }
internal static NtResult <List <Sid> > GetSids(string system_name, string name, bool throw_on_error) { using (var policy = SafeLsaHandle.OpenPolicy(system_name, LsaPolicyAccessRights.GenericExecute, throw_on_error)) { if (!policy.IsSuccess) { return(policy.Cast <List <Sid> >()); } return(GetSids(policy.Result, name, throw_on_error)); } }
internal static extern int LsaLogonUser( [In] SafeLsaHandle LsaHandle, [In] ref LSA_STRING OriginName, [In] SECURITY_LOGON_TYPE LogonType, [In] int AuthenticationPackage, [In] IntPtr AuthenticationInformation, [In] int AuthenticationInformationLength, [In] IntPtr LocalGroups, [In] ref TOKEN_SOURCE SourceContext, [Out] out SafeLsaReturnBufferHandle ProfileBuffer, [Out] out int ProfileBufferLength, [Out] out LUID LogonId, [Out] out SafeAccessTokenHandle Token, [Out] out QUOTA_LIMITS Quotas, [Out] out int SubStatus );
private static NtResult <List <Sid> > GetSids(SafeLsaHandle policy, string name, bool throw_on_error) { if (name is null) { throw new ArgumentNullException(nameof(name)); } NtStatus status = SecurityNativeMethods.LsaEnumerateAccountsWithUserRight(policy, new UnicodeString(name), out SafeLsaMemoryBuffer buffer, out int count); if (status == NtStatus.STATUS_NO_MORE_ENTRIES) { return(new List <Sid>().CreateResult()); } return(status.CreateResult(throw_on_error, () => ParseSids(buffer, count))); }
private static int LookupAuthenticationPackage(SafeLsaHandle lsaHandle, string packageName) { Debug.Assert(!string.IsNullOrEmpty(packageName)); unsafe { int packageId; byte[] asciiPackageName = Encoding.ASCII.GetBytes(packageName); fixed (byte* pAsciiPackageName = &asciiPackageName[0]) { LSA_STRING lsaPackageName = new LSA_STRING((IntPtr)pAsciiPackageName, checked((ushort)(asciiPackageName.Length))); int ntStatus = Interop.SspiCli.LsaLookupAuthenticationPackage(lsaHandle, ref lsaPackageName, out packageId); if (ntStatus < 0) // non-negative numbers indicate success throw GetExceptionFromNtStatus(ntStatus); } return packageId; } }
internal static NtResult <IEnumerable <AccountRight> > GetAccountRights(string system_name, Sid sid, bool throw_on_error) { if (sid is null) { throw new ArgumentNullException(nameof(sid)); } using (var policy = SafeLsaHandle.OpenPolicy(system_name, LsaPolicyAccessRights.GenericExecute, throw_on_error)) { if (!policy.IsSuccess) { return(policy.Cast <IEnumerable <AccountRight> >()); } using (var sid_buffer = sid.ToSafeBuffer()) { return(SecurityNativeMethods.LsaEnumerateAccountRights(policy.Result, sid_buffer, out SafeLsaMemoryBuffer buffer, out int count) .CreateResult(throw_on_error, () => ParseRights(policy.Result, system_name, buffer, count))); } } }
private static NtStatus LsaStorePrivateDataInternal(string system_name, string keyname, byte[] data, bool throw_on_error) { if (keyname is null) { throw new ArgumentNullException(nameof(keyname)); } using (var policy = SafeLsaHandle.OpenPolicy(system_name, Policy.LsaPolicyAccessRights.CreateSecret, throw_on_error)) { if (!policy.IsSuccess) { return(policy.Status); } using (var data_buffer = data == null ? UnicodeStringBytesSafeBuffer.Null : new UnicodeStringBytesSafeBuffer(data)) { return(SecurityNativeMethods.LsaStorePrivateData(policy.Result, new UnicodeString(keyname), data_buffer)); } } }
internal static extern NtStatus LsaDeleteObject( SafeLsaHandle ObjectHandle );
internal static extern NtStatus LsaQueryTrustedDomainInfoByName( SafeLsaHandle PolicyHandle, UnicodeString TrustedDomainName, TRUSTED_INFORMATION_CLASS InformationClass, out SafeLsaMemoryBuffer Buffer );
internal static extern NtStatus LsaQueryTrustedDomainInfo( SafeLsaHandle PolicyHandle, SafeSidBufferHandle TrustedDomainSid, TRUSTED_INFORMATION_CLASS InformationClass, out SafeLsaMemoryBuffer Buffer );
internal static extern NtStatus LsaQueryInfoTrustedDomain( SafeLsaHandle TrustedDomainHandle, TRUSTED_INFORMATION_CLASS InformationClass, out SafeLsaMemoryBuffer Buffer );
internal static extern NtStatus LsaOpenTrustedDomainByName( SafeLsaHandle PolicyHandle, UnicodeString TrustedDomainName, LsaTrustedDomainAccessRights DesiredAccess, out SafeLsaHandle TrustedDomainHandle );
internal static extern NtStatus LsaOpenTrustedDomain( SafeLsaHandle PolicyHandle, SafeSidBufferHandle TrustedDomainSid, LsaTrustedDomainAccessRights DesiredAccess, out SafeLsaHandle TrustedDomainHandle );
static extern NtStatus LsaLogonUser(SafeLsaHandle LsaHandle, LsaString OriginName, SecurityLogonType LogonType, uint AuthenticationPackage, SafeBuffer AuthenticationInformation, int AuthenticationInformationLength, IntPtr LocalGroups, TOKEN_SOURCE SourceContext, out IntPtr ProfileBuffer, out int ProfileBufferLength, out Luid LogonId, out SafeKernelObjectHandle Token, out QUOTA_LIMITS Quotas, out NtStatus SubStatus );
internal static extern NtStatus LsaEnumeratePrivilegesOfAccount( SafeLsaHandle AccountHandle, out SafeLsaMemoryBuffer Privileges // PPRIVILEGE_SET );
internal static extern NtStatus LsaSetSystemAccessAccount( SafeLsaHandle AccountHandle, LsaSystemAccessFlags SystemAccess );
internal static extern NtStatus LsaOpenAccount( SafeLsaHandle PolicyHandle, SafeSidBufferHandle AccountSid, LsaAccountAccessRights DesiredAccess, out SafeLsaHandle AccountHandle );
internal static extern NtStatus LsaQuerySecurityObject( SafeLsaHandle ObjectHandle, SecurityInformation SecurityInformation, out SafeLsaMemoryBuffer SecurityDescriptor );
static extern NtStatus LsaLookupAuthenticationPackage(SafeLsaHandle LsaHandle, LsaString PackageName, out uint AuthenticationPackage);
internal static extern NtStatus LsaSetSecurityObject( SafeLsaHandle ObjectHandle, SecurityInformation SecurityInformation, SafeBuffer SecurityDescriptor );
static extern NtStatus LsaConnectUntrusted(out SafeLsaHandle handle);