public static string verifyNTuser(string userName)
{
DirectoryEntry dEntry = new DirectoryEntry("LDAP://ds.kycourts.net/CN=Users,DC=ds,DC=kycourts,DC=net");
DirectorySearcher dSearch = new DirectorySearcher(dEntry);
dSearch.PageSize = 6000;
dSearch.Filter = "cn="+userName;
dSearch.PropertiesToLoad.Add("cn");
dSearch.PropertiesToLoad.Add("mail");
dSearch.PropertiesToLoad.Add("objectSid");
dSearch.CacheResults = true;
if (dSearch.FindAll().Count > 0)
{
foreach (SearchResult sResultSet in dSearch.FindAll())
{
SecurityIdentifier sid = new SecurityIdentifier((byte[])sResultSet.Properties["objectSid"][0], 0);
string[] namesid = sid.ToString().Split('-');
dEntry.Close();
return sResultSet.Properties["cn"][0].ToString() + ";" + sResultSet.Properties["mail"][0].ToString() + ";" +
namesid[namesid.Length - 1].ToString();
}
}
else
{
dEntry.Close();
return "false";
}
return "false";
}
public static string GetSingleStringPropertyCollectionValue(ResultPropertyCollection props, string name)
{
try
{
if (!props.Contains(name))
{
return string.Empty;
}
ResultPropertyValueCollection pvc = props[name];
if (pvc == null || pvc.Count == 0)
{
return string.Empty;
}
if (string.Compare(name, Constants.Properties.AdProperties.ObjectSID) == 0)
{
byte[] sidInBytes = (byte[])pvc[0];
SecurityIdentifier sid = new SecurityIdentifier(sidInBytes, 0);
return Convert.ToString(sid);
}
else
{
return Convert.ToString(pvc[0]);
}
}
catch (Exception ex)
{
throw new ApplicationException(string.Format("Failed to retrieve property '{0}' from ResultPropertyCollection.", name), ex);
}
}
public static ActiveDirectoryRole CreateFromSecurityIdentifier(SecurityIdentifier sid)
{
if (sid == null)
throw new ArgumentNullException("sid");
ActiveDirectoryRole role = new ActiveDirectoryRole(GetRootEntry(), new DirectoryRootQuery("objectSID", sid.ToString(), DirectoryQueryOperation.Equal));
role.Operations.Add(s_directoryGroupQuery);
ValidateRole(role);
return role;
}
internal static bool AreSidsInSameDomain(SecurityIdentifier sid1, SecurityIdentifier sid2)
{
if (!sid1.IsAccountSid() || !sid2.IsAccountSid())
{
return false;
}
else
{
return sid1.AccountDomainSid.Equals(sid2.AccountDomainSid);
}
}
public static string CreateAdGroup(string name, string adPath)
{
string grpSid = String.Empty;
using (WindowsImpersonationContextFacade impersonationContext
= new WindowsImpersonationContextFacade(
nc))
{
//DirectoryEntry directoryEntry = new DirectoryEntry(DomainPath);
//DirectoryEntry ou = directoryEntry.Children.Find(adPath);
//DirectoryEntry group = ou.Children.Add($"CN={name}", "group");
//group.Properties["samAccountName"].Value = name;
//group.CommitChanges();
bool groupIsExist = false;
DirectoryEntry directoryEntry = new DirectoryEntry(DomainPath);
using (directoryEntry)
{
//Если пользователь существует
DirectorySearcher search = new DirectorySearcher(directoryEntry);
search.Filter = String.Format("(&(objectClass=user)(sAMAccountName={0}))", name);
SearchResult resultGroup = search.FindOne();
groupIsExist = resultGroup != null && resultGroup.Properties.Contains("sAMAccountName");
if (!groupIsExist)
{
DirectoryEntry ou = directoryEntry.Children.Find(adPath);
DirectoryEntry group = ou.Children.Add($"CN={name}", "group");
group.Properties["samAccountName"].Value = name;
group.CommitChanges();
SecurityIdentifier sid = new SecurityIdentifier((byte[])group.Properties["objectsid"][0],
0);
grpSid = sid.Value;
}
else
{
SecurityIdentifier sid = new SecurityIdentifier((byte[])resultGroup.Properties["objectsid"][0],
0);
grpSid = sid.Value;
}
}
}
return grpSid;
}
public static string FindGroup(SecurityIdentifier searchSid)
{
using(var ad = new DirectoryEntry("WinNT://" + Environment.MachineName + ",computer"))
{
ad.Children.SchemaFilter.Add("group");
foreach(DirectoryEntry dChildEntry in ad.Children)
{
var bytes = (byte[])dChildEntry.Properties["objectSid"].Value;
var sid = new SecurityIdentifier(bytes, 0).ToString();
if(sid == searchSid.ToString())
{
return dChildEntry.Name;
}
}
}
throw new Exception("Cannot find group");
}
public static void Configure(NameValueCollection sections)
{
LdapFilter = sections["LdapFilter"];
FolderCreatePath= sections["FolderCreatePath"];
SearchBase = sections["SearchBase"];
switch (sections["SearchScope"])
{
case "Base":
SearchScope = SearchScope.Base;
break;
case "OneLevel":
SearchScope = SearchScope.OneLevel;
break;
case "Subtree":
SearchScope = SearchScope.Subtree;
break;
default:
throw new ArgumentOutOfRangeException();
}
DirectoryEntry= new DirectoryEntry(SearchBase);
DomainSid= WindowsIdentity.GetCurrent().User.AccountDomainSid;
}
public static string GetSingleStringPropertyCollectionValue(ResultPropertyCollection props, string name)
{
if (!props.Contains(name))
{
return string.Empty;
}
ResultPropertyValueCollection pvc = props[name];
if (pvc == null || pvc.Count == 0)
{
return string.Empty;
}
if (string.Compare(name, Constants.Properties.AdProperties.ObjectSID) == 0)
{
byte[] sidInBytes = (byte[])pvc[0];
SecurityIdentifier sid = new SecurityIdentifier(sidInBytes, 0);
return Convert.ToString(sid);
}
else
{
return pvc[0] as string;
}
}
public CompoundAce(AceFlags flags, int accessMask, CompoundAceType compoundAceType, SecurityIdentifier sid);
public void Purge(SecurityIdentifier sid)
{
RequireCanonicity();
RemoveAces <KnownAce> (ace => ace.SecurityIdentifier == sid);
}
public void PurgeAccessControl(SecurityIdentifier sid);
/// <summary>
/// Get the List of HotFixes installed on the Local Machine.
/// </summary>
protected override void BeginProcessing()
{
foreach (string computer in ComputerName)
{
bool foundRecord = false;
StringBuilder QueryString = new StringBuilder();
ConnectionOptions conOptions = ComputerWMIHelper.GetConnectionOptions(AuthenticationLevel.Packet, ImpersonationLevel.Impersonate, this.Credential);
ManagementScope scope = new ManagementScope(ComputerWMIHelper.GetScopeString(computer, ComputerWMIHelper.WMI_Path_CIM), conOptions);
scope.Connect();
if (Id != null)
{
QueryString.Append("Select * from Win32_QuickFixEngineering where (");
for (int i = 0; i <= Id.Length - 1; i++)
{
QueryString.Append("HotFixID= '");
QueryString.Append(Id[i].ToString().Replace("'", "\\'"));
QueryString.Append("'");
if (i < Id.Length - 1)
{
QueryString.Append(" Or ");
}
}
QueryString.Append(")");
}
else
{
QueryString.Append("Select * from Win32_QuickFixEngineering");
foundRecord = true;
}
_searchProcess = new ManagementObjectSearcher(scope, new ObjectQuery(QueryString.ToString()));
foreach (ManagementObject obj in _searchProcess.Get())
{
if (Description != null)
{
if (!FilterMatch(obj))
{
continue;
}
}
else
{
_inputContainsWildcard = true;
}
// try to translate the SID to a more friendly username
// just stick with the SID if anything goes wrong
string installed = (string)obj["InstalledBy"];
if (!String.IsNullOrEmpty(installed))
{
try
{
SecurityIdentifier secObj = new SecurityIdentifier(installed);
obj["InstalledBy"] = secObj.Translate(typeof(NTAccount));;
}
catch (IdentityNotMappedException) // thrown by SecurityIdentifier.Translate
{
}
catch (SystemException e) // thrown by SecurityIdentifier.constr
{
CommandsCommon.CheckForSevereException(this, e);
}
//catch (ArgumentException) // thrown (indirectly) by SecurityIdentifier.constr (on XP only?)
//{ catch not needed - this is already caught as SystemException
//}
//catch (PlatformNotSupportedException) // thrown (indirectly) by SecurityIdentifier.Translate (on Win95 only?)
//{ catch not needed - this is already caught as SystemException
//}
//catch (UnauthorizedAccessException) // thrown (indirectly) by SecurityIdentifier.Translate
//{ catch not needed - this is already caught as SystemException
//}
}
WriteObject(obj);
foundRecord = true;
}
if (!foundRecord && !_inputContainsWildcard)
{
Exception Ex = new ArgumentException(StringUtil.Format(HotFixResources.NoEntriesFound, computer));
WriteError(new ErrorRecord(Ex, "GetHotFixNoEntriesFound", ErrorCategory.ObjectNotFound, null));
}
if (_searchProcess != null)
{
this.Dispose();
}
}
}//end of BeginProcessing method
private CommonSecurityDescriptor(bool isContainer, bool isDS, ControlFlags flags, SecurityIdentifier owner, SecurityIdentifier group, RawAcl systemAcl, RawAcl discretionaryAcl)
: this(isContainer, isDS, flags, owner, group, systemAcl == null ? null : new SystemAcl(isContainer, isDS, systemAcl), discretionaryAcl == null ? null : new DiscretionaryAcl(isContainer, isDS, discretionaryAcl))
{
}
public ObjectAce(AceFlags aceFlags, AceQualifier qualifier, int accessMask, SecurityIdentifier sid, ObjectAceFlags flags, Guid type, Guid inheritedType, bool isCallback, byte[] opaque);
public void RemoveAuditSpecific(SecurityIdentifier sid, ObjectAuditRule rule);
public void ComparesAgainstStringIgnoringCase()
{
var a = new Symbol(SecurityIdentifier.GenerateForex("a", Market.FXCM), "a");
Assert.AreEqual(0, a.CompareTo("A"));
}
static void Main(string[] args)
{
//IPrincipal principal = Thread.CurrentPrincipal;
//WindowsIdentity id = (WindowsIdentity)principal.Identity;
//IdentityReferenceCollection clGroups = id.Groups;
IdentityReferenceCollection clGroups = WindowsIdentity.GetCurrent().Groups;
string groupName = "";
foreach (IdentityReference group in clGroups)
{
SecurityIdentifier sid = (SecurityIdentifier)group.Translate(typeof(SecurityIdentifier));
var name = sid.Translate(typeof(NTAccount));
groupName = Formatter.ParseName(name.ToString()); /// return name of the Windows group
if (groupName == "admini" || groupName == "radnik" || groupName == "korisnik")
{
break;
}
}
NetTcpBinding binding = new NetTcpBinding();
//if (!found)
//{
// Console.WriteLine("Klijent nije ni u jednoj od grupa.");
// Console.ReadLine();
//}
//else
//{
string address = "net.tcp://localhost:9999/Operacije";
int opcija, opcijaRadnik, opcijaKorisnik, opcijaDM;
string korisnickoIme, sifra, korisnickoIme1, sifra1 = String.Empty;
using (KlijentServis proxy = new KlijentServis(binding, new EndpointAddress(new Uri(address))))
{
do
{
Console.WriteLine("Prijavite se kao: ");
Console.WriteLine("1. Admin");
Console.WriteLine("2. Radnik");
Console.WriteLine("3. Korisnik");
Console.WriteLine("4. Exit");
opcija = Convert.ToInt32(Console.ReadLine());
switch (opcija)
{
case 1:
Console.Write("Unesite vase korisnicko ime: ");
korisnickoIme = Console.ReadLine();
Console.Write("Unesite vasu sifru: ");
sifra = Console.ReadLine();
using (StreamReader sr = new StreamReader(File.Open("C:\\Users\\NanaPC\\Downloads\\EBankaBlok2-master\\EBanka\\Admin.txt", FileMode.Open)))
{
korisnickoIme1 = sr.ReadLine();
sifra1 = sr.ReadLine();
}
if (korisnickoIme == korisnickoIme1 && sifra == sifra1)
{
Console.WriteLine("Uspesno logovanje!");
do
{
Console.WriteLine("Izaberite opciju: ");
Console.WriteLine("1. Dodajte radnika");
Console.WriteLine("2. Promeni radnikove podatke");
Console.WriteLine("3. Izbrisi radnika");
Console.WriteLine("4. Promeni iznos provizije");
Console.WriteLine("5. Exit");
opcijaRadnik = Convert.ToInt32(Console.ReadLine());
switch (opcijaRadnik)
{
case 1:
break;
case 2:
break;
case 3:
break;
case 4:
break;
case 5:
break;
}
} while (opcijaRadnik != 5);
}
else
{
Console.WriteLine("Neuspesno logovanje!");
}
break;
case 2:
Console.WriteLine("Unesite vase korisnicko ime: ");
korisnickoIme = Console.ReadLine();
Console.WriteLine("Unesite vasu sifru: ");
sifra = Console.ReadLine();
//CheckPassword i ResetPassword
do
{
Console.WriteLine("Izaberite opciju: ");
Console.WriteLine("1. Dodajte korisnika");
Console.WriteLine("2. Promeni korisnikove podatke");
Console.WriteLine("3. Izbrisi korisnika");
Console.WriteLine("4. Dodajte transakciju za korisnika");
Console.WriteLine("5. Izmenite korisnikove transakciju");
Console.WriteLine("6. Izbrisite korisnikove transakcije");
Console.WriteLine("7. Dozvoljeni minusi");
Console.WriteLine("8. Exit");
opcijaKorisnik = Convert.ToInt32(Console.ReadLine());
switch (opcijaKorisnik)
{
case 1:
break;
case 2:
break;
case 3:
break;
case 4:
break;
case 5:
break;
case 6:
break;
case 7:
break;
case 8:
break;
}
} while (opcijaKorisnik != 8);
break;
case 3:
Console.WriteLine("Unesite vase korisnicko ime: ");
korisnickoIme = Console.ReadLine();
Console.WriteLine("Unesite vasu sifru: ");
sifra = Console.ReadLine();
do
{
Console.WriteLine("1. Zahtev za dozvoljeni minus");
Console.WriteLine("2. Exit");
opcijaDM = Convert.ToInt32(Console.ReadLine());
switch (opcijaDM)
{
case 1:
break;
case 2:
break;
}
} while (opcijaDM != 2);
break;
case 4:
break;
}
} while (opcija != 4);
}
//}
Console.ReadLine();
}
public void CompareToItselfReturnsZero()
{
var sym = new Symbol(SecurityIdentifier.GenerateForex("sym", Market.FXCM), "sym");
Assert.AreEqual(0, sym.CompareTo(sym));
}
public void ComparesAgainstStringWithoutException()
{
var a = new Symbol(SecurityIdentifier.GenerateForex("a", Market.FXCM), "a");
Assert.AreEqual(0, a.CompareTo("a"));
}
public void EnumerateAccount(SecurityIdentifier DomainSid, int MaximumNumber = int.MaxValue)
{
NativeMethods.UNICODE_STRING us = new NativeMethods.UNICODE_STRING();
NativeMethods.LSA_OBJECT_ATTRIBUTES loa = new NativeMethods.LSA_OBJECT_ATTRIBUTES();
us.Initialize(Server);
IntPtr PolicyHandle = IntPtr.Zero;
int ret = NativeMethods.LsaOpenPolicy(ref us, ref loa, 0x00000800, out PolicyHandle);
if (ret != 0)
{
Trace.WriteLine("LsaOpenPolicy 0x" + ret.ToString("x"));
}
try
{
uint currentRid = 500;
int iteration = 0;
int returnCode = 0;
int UserEnumerated = 0;
// allows 10*1000 sid non resolved
int retrycount = 0;
while ((returnCode == 0 || returnCode == 0x00000107 || (retrycount < 10 && returnCode == -1073741709)) && UserEnumerated < MaximumNumber)
{
Trace.WriteLine("LsaLookupSids iteration " + iteration++);
List <GCHandle> HandleToFree = new List <GCHandle>();
IntPtr Names = IntPtr.Zero, ReferencedDomains = IntPtr.Zero;
try
{
SecurityIdentifier[] SidEnumBuffer = new SecurityIdentifier[1000];
IntPtr[] SidHandles = new IntPtr[SidEnumBuffer.Length];
for (int i = 0; i < SidEnumBuffer.Length; i++)
{
SidEnumBuffer[i] = NullSessionTester.BuildSIDFromDomainSidAndRid(DomainSid, currentRid++);
byte[] sid = new byte[SidEnumBuffer[i].BinaryLength];
SidEnumBuffer[i].GetBinaryForm(sid, 0);
GCHandle handlesid = GCHandle.Alloc(sid, GCHandleType.Pinned);
HandleToFree.Add(handlesid);
SidHandles[i] = handlesid.AddrOfPinnedObject();
}
GCHandle sidHandle = GCHandle.Alloc(SidHandles, GCHandleType.Pinned);
HandleToFree.Add(sidHandle);
returnCode = NativeMethods.LsaLookupSids(PolicyHandle, SidEnumBuffer.Length, sidHandle.AddrOfPinnedObject(), out ReferencedDomains, out Names);
if (returnCode == 0 || returnCode == 0x00000107)
{
retrycount = 0;
NativeMethods.LSA_TRANSLATED_NAME[] lsaNames = new NativeMethods.LSA_TRANSLATED_NAME[SidEnumBuffer.Length];
NativeMethods.LSA_REFERENCED_DOMAIN_LIST domainList = (NativeMethods.LSA_REFERENCED_DOMAIN_LIST)Marshal.PtrToStructure(ReferencedDomains, typeof(NativeMethods.LSA_REFERENCED_DOMAIN_LIST));
for (int i = 0; i < SidEnumBuffer.Length; i++)
{
lsaNames[i] = (NativeMethods.LSA_TRANSLATED_NAME)Marshal.PtrToStructure(
new IntPtr(Names.ToInt64() + i * Marshal.SizeOf(typeof(NativeMethods.LSA_TRANSLATED_NAME)))
, typeof(NativeMethods.LSA_TRANSLATED_NAME));
if (lsaNames[i].Use > 0 && lsaNames[i].Use != NativeMethods.SID_NAME_USE.SidTypeUnknown)
{
string account = lsaNames[i].Name.ToString();
if (!String.IsNullOrEmpty(account))
{
NativeMethods.LSA_TRUST_INFORMATION trustInfo = (NativeMethods.LSA_TRUST_INFORMATION)Marshal.PtrToStructure
(new IntPtr(domainList.Domains.ToInt64() + lsaNames[i].DomainIndex * Marshal.SizeOf(typeof(NativeMethods.LSA_TRUST_INFORMATION))), typeof(NativeMethods.LSA_TRUST_INFORMATION));
EnumerateCallback(SidEnumBuffer[i], new NTAccount(trustInfo.Name.ToString(), account));
}
}
}
}
else
{
retrycount++;
Trace.WriteLine("LsaLookupSids " + returnCode);
}
}
finally
{
if (ReferencedDomains != IntPtr.Zero)
{
NativeMethods.LsaFreeMemory(ReferencedDomains);
}
if (Names != IntPtr.Zero)
{
NativeMethods.LsaFreeMemory(Names);
}
foreach (GCHandle handle in HandleToFree)
{
handle.Free();
}
}
}
}
finally
{
NativeMethods.LsaClose(PolicyHandle);
}
}
internal static int SetSecurityInfo(ResourceType type, string name, SafeHandle handle, SecurityInfos securityInformation, SecurityIdentifier owner, SecurityIdentifier group, GenericAcl sacl, GenericAcl dacl)
{
byte[] binaryForm = null;
byte[] buffer2 = null;
byte[] buffer3 = null;
byte[] buffer4 = null;
Privilege privilege = null;
new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Demand();
if (owner != null)
{
binaryForm = new byte[owner.BinaryLength];
owner.GetBinaryForm(binaryForm, 0);
}
if (group != null)
{
buffer2 = new byte[group.BinaryLength];
group.GetBinaryForm(buffer2, 0);
}
if (dacl != null)
{
buffer4 = new byte[dacl.BinaryLength];
dacl.GetBinaryForm(buffer4, 0);
}
if (sacl != null)
{
buffer3 = new byte[sacl.BinaryLength];
sacl.GetBinaryForm(buffer3, 0);
}
if ((securityInformation & SecurityInfos.SystemAcl) != 0)
{
privilege = new Privilege("SeSecurityPrivilege");
}
RuntimeHelpers.PrepareConstrainedRegions();
try
{
int num;
if (privilege != null)
{
try
{
privilege.Enable();
}
catch (PrivilegeNotHeldException)
{
}
}
if (name != null)
{
num = (int)Win32Native.SetSecurityInfoByName(name, (uint)type, (uint)securityInformation, binaryForm, buffer2, buffer4, buffer3);
}
else
{
if (handle == null)
{
throw new InvalidProgramException();
}
if (handle.IsInvalid)
{
throw new ArgumentException(Environment.GetResourceString("Argument_InvalidSafeHandle"), "handle");
}
num = (int)Win32Native.SetSecurityInfoByHandle(handle, (uint)type, (uint)securityInformation, binaryForm, buffer2, buffer4, buffer3);
}
if ((num == 0x514) || (num == 0x522))
{
throw new PrivilegeNotHeldException("SeSecurityPrivilege");
}
if ((num == 5) || (num == 0x543))
{
throw new UnauthorizedAccessException();
}
if (num != 0)
{
if (num == 8)
{
throw new OutOfMemoryException();
}
return(num);
}
}
catch
{
if (privilege != null)
{
privilege.Revert();
}
throw;
}
finally
{
if (privilege != null)
{
privilege.Revert();
}
}
return(0);
}
internal void RemoveAceSpecific(AceQualifier aceQualifier,
SecurityIdentifier sid,
int accessMask,
InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags,
AuditFlags auditFlags,
ObjectAceFlags objectFlags,
Guid objectType,
Guid inheritedObjectType)
{
if (!IsDS)
{
throw new InvalidOperationException("For this overload, IsDS must be true.");
}
if (ObjectAceFlags.None == objectFlags)
{
RemoveAceSpecific(aceQualifier, sid, accessMask, inheritanceFlags, propagationFlags, auditFlags);
return;
}
RequireCanonicity();
RemoveAces <ObjectAce> (ace =>
{
if (ace.AccessMask != accessMask)
{
return(false);
}
if (ace.AceQualifier != aceQualifier)
{
return(false);
}
if (ace.SecurityIdentifier != sid)
{
return(false);
}
if (ace.InheritanceFlags != inheritanceFlags)
{
return(false);
}
if (InheritanceFlags.None != inheritanceFlags)
{
if (ace.PropagationFlags != propagationFlags)
{
return(false);
}
}
if (ace.AuditFlags != auditFlags)
{
return(false);
}
if (ace.ObjectAceFlags != objectFlags)
{
return(false);
}
if (0 != (objectFlags & ObjectAceFlags.ObjectAceTypePresent))
{
if (ace.ObjectAceType != objectType)
{
return(false);
}
}
if (0 != (objectFlags & ObjectAceFlags.InheritedObjectAceTypePresent))
{
if (ace.InheritedObjectAceType != objectType)
{
return(false);
}
}
return(true);
});
CleanAndRetestCanonicity();
}
public void RemoveAccessSpecific(AccessControlType accessType, SecurityIdentifier sid, ObjectAccessRule rule);
public WindowsSidIdentity(SecurityIdentifier sid)
{
SecurityIdentifier = sid ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("sid");
AuthenticationType = string.Empty;
}
public void SetAccess(AccessControlType accessType, SecurityIdentifier sid, int accessMask, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, ObjectAceFlags objectFlags, Guid objectType, Guid inheritedObjectType);
public WindowsSidIdentity(SecurityIdentifier sid, string name, string authenticationType)
{
SecurityIdentifier = sid ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(sid));
_name = name ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(name));
AuthenticationType = authenticationType ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(authenticationType));
}
public bool RemoveAudit(SecurityIdentifier sid, ObjectAuditRule rule);
// Workaround: create the pipe via API call
// we have to do it this way, since NamedPipeServerStream() for netstd still lacks a few CTORs
// and _stream.SetAccessControl(pipesec); only keeps throwing ACCESS_DENIED errors at us
// References:
// - https://github.com/dotnet/corefx/issues/30170 (closed, continued in 31190)
// - https://github.com/dotnet/corefx/issues/31190 System.IO.Pipes.AccessControl package does not work
// - https://github.com/dotnet/corefx/issues/24040 NamedPipeServerStream: Provide support for WRITE_DAC
// - https://github.com/dotnet/corefx/issues/34400 Have a mechanism for lower privileged user to connect to a privileged user's pipe
private SafePipeHandle CreatePipeNative(string name, int inbuf, int outbuf)
{
if (Environment.OSVersion.Platform != PlatformID.Win32NT)
{
return(null); // Windows only
}
var pinningHandle = new GCHandle();
try
{
// owner gets full access, everyone else read/write
var pipesec = new PipeSecurity();
using (var currentIdentity = WindowsIdentity.GetCurrent())
{
var sidOwner = currentIdentity.Owner;
var sidWorld = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
pipesec.SetOwner(sidOwner);
pipesec.AddAccessRule(new PipeAccessRule(sidOwner, PipeAccessRights.FullControl, AccessControlType.Allow));
pipesec.AddAccessRule(new PipeAccessRule(sidWorld, PipeAccessRights.ReadWrite, AccessControlType.Allow));
}
// create a security descriptor and assign it to the security attribs
var secAttrs = new SECURITY_ATTRIBUTES();
byte[] sdBytes = pipesec.GetSecurityDescriptorBinaryForm();
pinningHandle = GCHandle.Alloc(sdBytes, GCHandleType.Pinned);
unsafe
{
fixed(byte *pSD = sdBytes)
{
secAttrs.lpSecurityDescriptor = (IntPtr)pSD;
}
}
// a bunch of constants we will need shortly
const int PIPE_ACCESS_DUPLEX = 0x00000003;
const int FILE_FLAG_OVERLAPPED = 0x40000000;
const int WRITE_DAC = 0x00040000;
const int PIPE_TYPE_BYTE = 0x00000000;
const int PIPE_READMODE_BYTE = 0x00000000;
const int PIPE_UNLIMITED_INSTANCES = 255;
// create the pipe via API call
var rawHandle = CreateNamedPipe(
@"\\.\pipe\" + name,
PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED | WRITE_DAC,
PIPE_TYPE_BYTE | PIPE_READMODE_BYTE,
PIPE_UNLIMITED_INSTANCES, (uint)inbuf, (uint)outbuf,
5 * 1000,
secAttrs
);
// make a SafePipeHandle() from it
var handle = new SafePipeHandle(rawHandle, true);
if (handle.IsInvalid)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
// return it (to be packaged)
return(handle);
}
finally
{
if (pinningHandle.IsAllocated)
{
pinningHandle.Free();
}
}
}
public void SetAudit(AuditFlags auditFlags, SecurityIdentifier sid, int accessMask, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, ObjectAceFlags objectFlags, Guid objectType, Guid inheritedObjectType);
public void GenerateEquityProperlyResolvesFirstDate()
{
var spy = SecurityIdentifier.GenerateEquity("SPY", Market.USA);
Assert.AreEqual(new DateTime(1998, 01, 02), spy.Date);
}
//
// Creates a security descriptor explicitly
//
public CommonSecurityDescriptor(bool isContainer, bool isDS, ControlFlags flags, SecurityIdentifier owner, SecurityIdentifier group, SystemAcl systemAcl, DiscretionaryAcl discretionaryAcl)
{
CreateFromParts(isContainer, isDS, flags, owner, group, systemAcl, discretionaryAcl);
}
public void RoundTripEmptyParse()
{
Assert.AreEqual(SecurityIdentifier.Empty, SecurityIdentifier.Parse(SecurityIdentifier.Empty.ToString()));
}
public static bool CheckWriteAccessEnabled(string path, string sid)
{
// get file or directory security object
FileSystemSecurity security = GetFileSystemSecurity(path);
if (security == null)
return false;
if (sid == null)
return false;
AuthorizationRuleCollection rules = security.GetAccessRules(true, true, typeof(SecurityIdentifier));
SecurityIdentifier identity = new SecurityIdentifier(sid);
foreach (FileSystemAccessRule rule in rules)
{
if (rule.IdentityReference == identity
&& rule.AccessControlType == AccessControlType.Allow
&& (rule.FileSystemRights & FileSystemRights.Write) == FileSystemRights.Write)
return true;
}
return false;
}
////////////////////////////////////////////////////////////////////////////////////////// Instance
//////////////////////////////////////////////////////////////////////////////// Public
#region 연결 대기하기 - WaitForConnection()
/// <summary>
/// 연결 대기하기
/// </summary>
/// <returns>자식 파이프</returns>
public NamedPipe WaitForConnection()
{
if (string.IsNullOrEmpty(this.pipeName) == true || this.exitEventHandle == null)
{
Trace.WriteLine("파이프 서비스 종료");
return(null);
}
NamedPipe clientPipe = new NamedPipe();
clientPipe.pipeName = this.pipeName;
clientPipe.pipeDirection = this.pipeDirection;
SECURITY_ATTRIBUTE securityAttribute = GetSecurityAttribute();
clientPipe.pipeHandle = CreateNamedPipe
(
clientPipe.pipeName,
(uint)(this.pipeDirection | PipeDirection.FILE_FLAG_OVERLAPPED),
PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT,
255,
BUFFER_SIZE,
BUFFER_SIZE,
0,
ref securityAttribute
);
Marshal.FreeHGlobal(securityAttribute.SecurityDescriptor);
if (clientPipe.pipeHandle.IsInvalid)
{
Trace.WriteLine("무효한 파이프 연결");
clientPipe.Dispose();
return(null);
}
NativeOverlapped nativeOverlapped = new NativeOverlapped();
SecurityIdentifier securityIdentifier = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
EventWaitHandleSecurity eventHandleSecurity = new EventWaitHandleSecurity();
bool created;
eventHandleSecurity.AddAccessRule(new EventWaitHandleAccessRule(securityIdentifier, EventWaitHandleRights.FullControl, AccessControlType.Allow));
eventHandleSecurity.AddAccessRule(new EventWaitHandleAccessRule(securityIdentifier, EventWaitHandleRights.ChangePermissions, AccessControlType.Deny));
using (EventWaitHandle eventHandle = new EventWaitHandle(false, EventResetMode.ManualReset, null, out created, eventHandleSecurity))
{
nativeOverlapped.EventHandle = eventHandle.SafeWaitHandle.DangerousGetHandle();
ConnectNamedPipe(clientPipe.pipeHandle, ref nativeOverlapped);
int lastError = Marshal.GetLastWin32Error();
if (lastError == 997)
{
int completeCode = 0;
IntPtr[] waitHandleArray = new IntPtr[]
{
eventHandle.SafeWaitHandle.DangerousGetHandle(),
this.exitEventHandle.SafeWaitHandle.DangerousGetHandle()
};
completeCode = WaitForMultipleObjects(waitHandleArray.Length, waitHandleArray, false, -1);
if (completeCode == 0)
{
}
else if (completeCode == 1)
{
Trace.WriteLine("파이프 서비스 종료 (리소스 해제)");
clientPipe.Dispose();
return(null);
}
}
else if (lastError != 535)
{
Trace.WriteLine("파이프 연결 에러 : " + lastError);
clientPipe.Dispose();
return(null);
}
else
{
Debug.WriteLine("연결되었습니다.");
}
}
clientPipe.needToDisconnect = true;
FileAccess fileAccess = GetFileAccess(clientPipe.pipeDirection);
clientPipe.pipeStream = new FileStream(clientPipe.pipeHandle, fileAccess, (int)BUFFER_SIZE, true);
if (clientPipe.pipeStream == null)
{
Trace.WriteLine("파이프 파일 스트림이 null 입니다.");
clientPipe.Dispose();
return(null);
}
return(clientPipe);
}
internal SecurityIdentifier GetSpnSid()
{
if (!this.hasSpnSidBeenComputed)
{
lock (this.thisLock)
{
if (!this.hasSpnSidBeenComputed)
{
string spn = null;
try
{
if (ClaimTypes.Dns.Equals(base.IdentityClaim.ClaimType))
{
spn = "host/" + ((string) base.IdentityClaim.Resource);
}
else
{
spn = (string) base.IdentityClaim.Resource;
}
if (spn != null)
{
spn = spn.Replace("*", @"\*").Replace("(", @"\(").Replace(")", @"\)");
}
using (DirectorySearcher searcher = new DirectorySearcher(GetDirectoryEntry()))
{
searcher.CacheResults = true;
searcher.ClientTimeout = SpnLookupTime;
searcher.Filter = "(&(objectCategory=Computer)(objectClass=computer)(servicePrincipalName=" + spn + "))";
searcher.PropertiesToLoad.Add("objectSid");
SearchResult result = searcher.FindOne();
if (result != null)
{
byte[] binaryForm = (byte[]) result.Properties["objectSid"][0];
this.spnSid = new SecurityIdentifier(binaryForm, 0);
}
else
{
SecurityTraceRecordHelper.TraceSpnToSidMappingFailure(spn, null);
}
}
}
catch (Exception exception)
{
if (Fx.IsFatal(exception))
{
throw;
}
if ((exception is NullReferenceException) || (exception is SEHException))
{
throw;
}
SecurityTraceRecordHelper.TraceSpnToSidMappingFailure(spn, exception);
}
finally
{
this.hasSpnSidBeenComputed = true;
}
}
}
}
return this.spnSid;
}
public void Purge(SecurityIdentifier sid);
public override int GetHashCode()
{
return(SecurityIdentifier.GetHashCode());
}
public void ReturnsCorrectMarketWhenNotFound()
{
var sid = new SecurityIdentifier("some symbol", 0357960000000009901);
Assert.AreEqual("99", sid.Market);
}
public static void GrantNtfsPermissionsBySid(string path, string sid,
NTFSPermission permissions, bool inheritParentPermissions,
bool preserveOriginalPermissions)
{
// get file or directory security object
FileSystemSecurity security = GetFileSystemSecurity(path);
if (security == null)
return;
FileSystemRights rights = FileSystemRights.Read;
if (permissions == NTFSPermission.FullControl)
rights = FileSystemRights.FullControl;
else if (permissions == NTFSPermission.Modify)
rights = FileSystemRights.Modify;
else if (permissions == NTFSPermission.Write)
rights = FileSystemRights.Write;
else if (permissions == NTFSPermission.Read && security is DirectorySecurity)
rights = FileSystemRights.ReadAndExecute;
else if (permissions == NTFSPermission.Read && security is FileSecurity)
rights = FileSystemRights.Read;
SecurityIdentifier identity = new SecurityIdentifier(sid);
if (!preserveOriginalPermissions)
security = CreateFileSystemSecurity(path);
else
security.RemoveAccessRuleAll(new FileSystemAccessRule(identity,
FileSystemRights.Read, AccessControlType.Allow));
if (!inheritParentPermissions)
security.SetAccessRuleProtection(true, inheritParentPermissions);
else
security.SetAccessRuleProtection(false, true);
InheritanceFlags flags = security is FileSecurity ? InheritanceFlags.None
: InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
// change DACL
FileSystemAccessRule rule = new FileSystemAccessRule(
identity, rights,
flags,
PropagationFlags.None,
AccessControlType.Allow);
// add/modify rule
security.AddAccessRule(rule);
// set security object
SetFileSystemSecurity(path, security);
}
/// <summary>
/// Create an order from a simple JObject
/// </summary>
/// <param name="jObject"></param>
/// <returns>Order Object</returns>
public static Order CreateOrderFromJObject(JObject jObject)
{
// create order instance based on order type field
var orderType = (OrderType)jObject["Type"].Value <int>();
var order = CreateOrder(orderType, jObject);
// populate common order properties
order.Id = jObject["Id"].Value <int>();
var jsonStatus = jObject["Status"];
var jsonTime = jObject["Time"];
if (jsonStatus.Type == JTokenType.Integer)
{
order.Status = (OrderStatus)jsonStatus.Value <int>();
}
else if (jsonStatus.Type == JTokenType.Null)
{
order.Status = OrderStatus.Canceled;
}
else
{
// The `Status` tag can sometimes appear as a string of the enum value in the LiveResultPacket.
order.Status = (OrderStatus)Enum.Parse(typeof(OrderStatus), jsonStatus.Value <string>(), true);
}
if (jsonTime != null && jsonTime.Type != JTokenType.Null)
{
order.Time = jsonTime.Value <DateTime>();
}
else
{
// `Time` can potentially be null in some LiveResultPacket instances, but
// `CreatedTime` will always be there if `Time` is absent.
order.Time = jObject["CreatedTime"].Value <DateTime>();
}
var orderSubmissionData = jObject["OrderSubmissionData"];
if (orderSubmissionData != null && orderSubmissionData.Type != JTokenType.Null)
{
var bidPrice = orderSubmissionData["BidPrice"].Value <decimal>();
var askPrice = orderSubmissionData["AskPrice"].Value <decimal>();
var lastPrice = orderSubmissionData["LastPrice"].Value <decimal>();
order.OrderSubmissionData = new OrderSubmissionData(bidPrice, askPrice, lastPrice);
}
var lastFillTime = jObject["LastFillTime"];
var lastUpdateTime = jObject["LastUpdateTime"];
var canceledTime = jObject["CanceledTime"];
if (canceledTime != null && canceledTime.Type != JTokenType.Null)
{
order.CanceledTime = canceledTime.Value <DateTime>();
}
if (lastFillTime != null && lastFillTime.Type != JTokenType.Null)
{
order.LastFillTime = lastFillTime.Value <DateTime>();
}
if (lastUpdateTime != null && lastUpdateTime.Type != JTokenType.Null)
{
order.LastUpdateTime = lastUpdateTime.Value <DateTime>();
}
var tag = jObject["Tag"];
if (tag != null && tag.Type != JTokenType.Null)
{
order.Tag = tag.Value <string>();
}
else
{
order.Tag = "";
}
order.Quantity = jObject["Quantity"].Value <decimal>();
var orderPrice = jObject["Price"];
if (orderPrice != null && orderPrice.Type != JTokenType.Null)
{
order.Price = orderPrice.Value <decimal>();
}
else
{
order.Price = default(decimal);
}
var priceCurrency = jObject["PriceCurrency"];
if (priceCurrency != null && priceCurrency.Type != JTokenType.Null)
{
order.PriceCurrency = priceCurrency.Value <string>();
}
var securityType = (SecurityType)jObject["SecurityType"].Value <int>();
order.BrokerId = jObject["BrokerId"].Select(x => x.Value <string>()).ToList();
order.ContingentId = jObject["ContingentId"].Value <int>();
var timeInForce = jObject["Properties"]?["TimeInForce"] ?? jObject["TimeInForce"] ?? jObject["Duration"];
order.Properties.TimeInForce = timeInForce != null
? CreateTimeInForce(timeInForce, jObject)
: TimeInForce.GoodTilCanceled;
string market = null;
//does data have market?
var suppliedMarket = jObject.SelectTokens("Symbol.ID.Market");
if (suppliedMarket.Any())
{
market = suppliedMarket.Single().Value <string>();
}
if (jObject.SelectTokens("Symbol.ID").Any())
{
var sid = SecurityIdentifier.Parse(jObject.SelectTokens("Symbol.ID").Single().Value <string>());
var ticker = jObject.SelectTokens("Symbol.Value").Single().Value <string>();
order.Symbol = new Symbol(sid, ticker);
}
else if (jObject.SelectTokens("Symbol.Value").Any())
{
// provide for backwards compatibility
var ticker = jObject.SelectTokens("Symbol.Value").Single().Value <string>();
if (market == null && !SymbolPropertiesDatabase.FromDataFolder().TryGetMarket(ticker, securityType, out market))
{
market = DefaultBrokerageModel.DefaultMarketMap[securityType];
}
order.Symbol = Symbol.Create(ticker, securityType, market);
}
else
{
var tickerstring = jObject["Symbol"].Value <string>();
if (market == null && !SymbolPropertiesDatabase.FromDataFolder().TryGetMarket(tickerstring, securityType, out market))
{
market = DefaultBrokerageModel.DefaultMarketMap[securityType];
}
order.Symbol = Symbol.Create(tickerstring, securityType, market);
}
return(order);
}
public CommonAce(AceFlags flags, AceQualifier qualifier, int accessMask, SecurityIdentifier sid, bool isCallback, byte[] opaque);
public static string GetNameFromSID(SecurityIdentifier sid)
{
NTAccount ntAccount = (NTAccount)sid.Translate(typeof(NTAccount));
return(ntAccount.ToString());
}
public CommonSecurityDescriptor(bool isContainer, bool isDS, ControlFlags flags, SecurityIdentifier owner, SecurityIdentifier group, SystemAcl systemAcl, DiscretionaryAcl discretionaryAcl);
public void PurgeAccessControl(SecurityIdentifier sid)
{
throw new NotImplementedException();
}
public void PurgeAudit(SecurityIdentifier sid);
public void PurgeAudit(SecurityIdentifier sid)
{
throw new NotImplementedException();
}
public bool RemoveAccess(AccessControlType accessType, SecurityIdentifier sid, ObjectAccessRule rule);
//
// Modifies the SACL
//
private bool ModifyAudit(AccessControlModification modification, ObjectAuditRule rule, out bool modified)
{
bool result = true;
if (_securityDescriptor.SystemAcl == null)
{
if (modification == AccessControlModification.Remove || modification == AccessControlModification.RemoveAll || modification == AccessControlModification.RemoveSpecific)
{
modified = false;
return(result);
}
//_securityDescriptor.SystemAcl = new SystemAcl(IsContainer, IsDS, GenericAcl.AclRevisionDS, 1);
//_securityDescriptor.AddControlFlags(ControlFlags.SystemAclPresent);
_securityDescriptor.AddSystemAcl(GenericAcl.AclRevisionDS, 1);
}
else if ((modification == AccessControlModification.Add || modification == AccessControlModification.Set || modification == AccessControlModification.Reset) &&
(rule.ObjectFlags != ObjectAceFlags.None))
{
//
// This will result in an object ace being added to the sacl, so the sacl revision must be AclRevisionDS
//
if (_securityDescriptor.SystemAcl.Revision < GenericAcl.AclRevisionDS)
{
//
// we need to create a new sacl with the same aces as the existing one but the revision should be AclRevisionDS
//
byte[] binaryForm = new byte[_securityDescriptor.SystemAcl.BinaryLength];
_securityDescriptor.SystemAcl.GetBinaryForm(binaryForm, 0);
binaryForm[0] = GenericAcl.AclRevisionDS; // revision is the first byte of the binary form
_securityDescriptor.SystemAcl = new SystemAcl(IsContainer, IsDS, new RawAcl(binaryForm, 0));
}
}
SecurityIdentifier sid = rule.IdentityReference.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier;
switch (modification)
{
case AccessControlModification.Add:
//_securityDescriptor.SystemAcl.AddAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
_securityDescriptor.SystemAcl.AddAudit(sid, rule);
break;
case AccessControlModification.Set:
//_securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
_securityDescriptor.SystemAcl.SetAudit(sid, rule);
break;
case AccessControlModification.Reset:
_securityDescriptor.SystemAcl.RemoveAudit(AuditFlags.Failure | AuditFlags.Success, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
//_securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
_securityDescriptor.SystemAcl.SetAudit(sid, rule);
break;
case AccessControlModification.Remove:
//result = _securityDescriptor.SystemAcl.RemoveAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
result = _securityDescriptor.SystemAcl.RemoveAudit(sid, rule);
break;
case AccessControlModification.RemoveAll:
result = _securityDescriptor.SystemAcl.RemoveAudit(AuditFlags.Failure | AuditFlags.Success, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
if (result == false)
{
Debug.Assert(false, "Invalid operation");
throw new Exception();
}
break;
case AccessControlModification.RemoveSpecific:
//_securityDescriptor.SystemAcl.RemoveAuditSpecific(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
_securityDescriptor.SystemAcl.RemoveAuditSpecific(sid, rule);
break;
default:
throw new ArgumentOutOfRangeException(
nameof(modification),
SR.ArgumentOutOfRange_Enum);
}
modified = result;
AuditRulesModified |= modified;
return(result);
}
public void SetAccess(AccessControlType accessType, SecurityIdentifier sid, int accessMask, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags);
private void CheckQualifiedWellKnownSid(WellKnownSidType type, SecurityIdentifier domain, string sddl)
{
SecurityIdentifier sid = new SecurityIdentifier(type, domain);
Assert.AreEqual(sddl, sid.Value, "Bad SID for type: " + type);
}
public void SetAccess(AccessControlType accessType, SecurityIdentifier sid, ObjectAccessRule rule);
public ConditionalAceSecurityIdentifierToken(SecurityIdentifier sid) : base(ConditionalAceTokenByteCode.Sid)
{
this.SecurityIdentifier = sid;
}
public RawSecurityDescriptor(ControlFlags flags, SecurityIdentifier owner, SecurityIdentifier group, RawAcl systemAcl, RawAcl discretionaryAcl);
public static TerminalSessionInfo GetSessionInfo(string ServerName, int SessionId)
{
IntPtr server = IntPtr.Zero;
IntPtr buffer = IntPtr.Zero;
int bytesReturned;
TerminalSessionInfo data = new TerminalSessionInfo();
bool _IsCurrentSessionId = false;
bool _IsConsoleSession = false;
bool _IsUserSession = false;
int currentSessionID = 0;
string _NTAccount = String.Empty;
if (ServerName == "localhost" || ServerName == String.Empty)
{
ServerName = Environment.MachineName;
}
if (ProcessIdToSessionId(GetCurrentProcessId(), ref currentSessionID) == false)
{
currentSessionID = -1;
}
// Get all members of the local administrators group
bool _IsLocalAdminCheckSuccess = false;
List <string> localAdminGroupSidsList = new List <string>();
try
{
DirectoryEntry localMachine = new DirectoryEntry("WinNT://" + ServerName + ",Computer");
string localAdminGroupName = new SecurityIdentifier("S-1-5-32-544").Translate(typeof(NTAccount)).Value.Split('\\')[1];
DirectoryEntry admGroup = localMachine.Children.Find(localAdminGroupName, "group");
object members = admGroup.Invoke("members", null);
string validSidPattern = @"^S-\d-\d+-(\d+-){1,14}\d+$";
foreach (object groupMember in (IEnumerable)members)
{
DirectoryEntry member = new DirectoryEntry(groupMember);
if (member.Name != String.Empty)
{
if (Regex.IsMatch(member.Name, validSidPattern))
{
localAdminGroupSidsList.Add(member.Name);
}
else
{
localAdminGroupSidsList.Add((new NTAccount(member.Name)).Translate(typeof(SecurityIdentifier)).Value);
}
}
}
_IsLocalAdminCheckSuccess = true;
}
catch { }
try
{
server = OpenServer(ServerName);
if (WTSQuerySessionInformation(server, SessionId, WTS_INFO_CLASS.ClientBuildNumber, out buffer, out bytesReturned) == false)
{
return(data);
}
int lData = Marshal.ReadInt32(buffer);
data.ClientBuildNumber = lData;
if (WTSQuerySessionInformation(server, SessionId, WTS_INFO_CLASS.ClientDirectory, out buffer, out bytesReturned) == false)
{
return(data);
}
string strData = Marshal.PtrToStringAnsi(buffer);
data.ClientDirectory = strData;
if (WTSQuerySessionInformation(server, SessionId, WTS_INFO_CLASS.ClientName, out buffer, out bytesReturned) == false)
{
return(data);
}
strData = Marshal.PtrToStringAnsi(buffer);
data.ClientName = strData;
if (WTSQuerySessionInformation(server, SessionId, WTS_INFO_CLASS.ClientProtocolType, out buffer, out bytesReturned) == false)
{
return(data);
}
Int16 intData = Marshal.ReadInt16(buffer);
if (intData == 2)
{
strData = "RDP";
data.IsRdpSession = true;
}
else
{
strData = "";
data.IsRdpSession = false;
}
data.ClientProtocolType = strData;
if (WTSQuerySessionInformation(server, SessionId, WTS_INFO_CLASS.ConnectState, out buffer, out bytesReturned) == false)
{
return(data);
}
lData = Marshal.ReadInt32(buffer);
data.ConnectState = ((WTS_CONNECTSTATE_CLASS)lData).ToString();
if (WTSQuerySessionInformation(server, SessionId, WTS_INFO_CLASS.SessionId, out buffer, out bytesReturned) == false)
{
return(data);
}
lData = Marshal.ReadInt32(buffer);
data.SessionId = lData;
if (WTSQuerySessionInformation(server, SessionId, WTS_INFO_CLASS.DomainName, out buffer, out bytesReturned) == false)
{
return(data);
}
strData = Marshal.PtrToStringAnsi(buffer).ToUpper();
data.DomainName = strData;
if (strData != String.Empty)
{
_NTAccount = strData;
}
if (WTSQuerySessionInformation(server, SessionId, WTS_INFO_CLASS.UserName, out buffer, out bytesReturned) == false)
{
return(data);
}
strData = Marshal.PtrToStringAnsi(buffer);
data.UserName = strData;
if (strData != String.Empty)
{
data.NTAccount = _NTAccount + "\\" + strData;
string _Sid = (new NTAccount(_NTAccount + "\\" + strData)).Translate(typeof(SecurityIdentifier)).Value;
data.SID = _Sid;
if (_IsLocalAdminCheckSuccess == true)
{
foreach (string localAdminGroupSid in localAdminGroupSidsList)
{
if (localAdminGroupSid == _Sid)
{
data.IsLocalAdmin = true;
break;
}
else
{
data.IsLocalAdmin = false;
}
}
}
}
if (WTSQuerySessionInformation(server, SessionId, WTS_INFO_CLASS.SessionName, out buffer, out bytesReturned) == false)
{
return(data);
}
strData = Marshal.PtrToStringAnsi(buffer);
data.SessionName = strData;
if (strData != "Services" && strData != "RDP-Tcp" && data.UserName != String.Empty)
{
_IsUserSession = true;
}
data.IsUserSession = _IsUserSession;
if (strData == "Console")
{
_IsConsoleSession = true;
}
data.IsConsoleSession = _IsConsoleSession;
WINSTATIONINFORMATIONW wsInfo = GetWinStationInformation(server, SessionId);
DateTime?_loginTime = FileTimeToDateTime(wsInfo.LoginTime);
DateTime?_lastInputTime = FileTimeToDateTime(wsInfo.LastInputTime);
DateTime?_disconnectTime = FileTimeToDateTime(wsInfo.DisconnectTime);
DateTime?_currentTime = FileTimeToDateTime(wsInfo.CurrentTime);
TimeSpan?_idleTime = (_currentTime != null && _lastInputTime != null) ? _currentTime.Value - _lastInputTime.Value : TimeSpan.Zero;
data.LogonTime = _loginTime;
data.IdleTime = _idleTime;
data.DisconnectTime = _disconnectTime;
if (currentSessionID == SessionId)
{
_IsCurrentSessionId = true;
}
data.IsCurrentSession = _IsCurrentSessionId;
}
finally
{
WTSFreeMemory(buffer);
buffer = IntPtr.Zero;
CloseServer(server);
}
return(data);
}
public void RemoveAuditSpecific(AuditFlags auditFlags, SecurityIdentifier sid, int accessMask, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags);
//
// Creates a security descriptor explicitly
//
public RawSecurityDescriptor(ControlFlags flags, SecurityIdentifier owner, SecurityIdentifier group, RawAcl systemAcl, RawAcl discretionaryAcl)
: base()
{
CreateFromParts(flags, owner, group, systemAcl, discretionaryAcl);
}
public void SetAudit(AuditFlags auditFlags, SecurityIdentifier sid, int accessMask, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags);
//
// Creates a security descriptor from its binary representation
// Important: the representation must be in self-relative format
//
public RawSecurityDescriptor(byte[] binaryForm, int offset)
: base()
{
//
// The array passed in must be valid
//
if (binaryForm == null)
{
throw new ArgumentNullException("binaryForm");
}
if (offset < 0)
{
//
// Offset must not be negative
//
throw new ArgumentOutOfRangeException("offset",
Environment.GetResourceString("ArgumentOutOfRange_NeedNonNegNum"));
}
//
// At least make sure the header is in place
//
if (binaryForm.Length - offset < HeaderLength)
{
throw new ArgumentOutOfRangeException(
"binaryForm",
Environment.GetResourceString("ArgumentOutOfRange_ArrayTooSmall"));
}
//
// We only understand revision-1 security descriptors
//
if (binaryForm[offset + 0] != Revision)
{
throw new ArgumentOutOfRangeException("binaryForm",
Environment.GetResourceString("AccessControl_InvalidSecurityDescriptorRevision"));
}
Contract.EndContractBlock();
ControlFlags flags;
SecurityIdentifier owner, group;
RawAcl sacl, dacl;
byte rmControl;
//
// Extract the ResourceManagerControl field
//
rmControl = binaryForm[offset + 1];
//
// Extract the control flags
//
flags = ( ControlFlags )((binaryForm[offset + 2] << 0) + (binaryForm[offset + 3] << 8));
//
// Make sure that the input is in self-relative format
//
if ((flags & ControlFlags.SelfRelative) == 0)
{
throw new ArgumentException(
Environment.GetResourceString("AccessControl_InvalidSecurityDescriptorSelfRelativeForm"),
"binaryForm");
}
//
// Extract the owner SID
//
int ownerOffset = UnmarshalInt(binaryForm, offset + OwnerFoundAt);
if (ownerOffset != 0)
{
owner = new SecurityIdentifier(binaryForm, offset + ownerOffset);
}
else
{
owner = null;
}
//
// Extract the group SID
//
int groupOffset = UnmarshalInt(binaryForm, offset + GroupFoundAt);
if (groupOffset != 0)
{
group = new SecurityIdentifier(binaryForm, offset + groupOffset);
}
else
{
group = null;
}
//
// Extract the SACL
//
int saclOffset = UnmarshalInt(binaryForm, offset + SaclFoundAt);
if (((flags & ControlFlags.SystemAclPresent) != 0) &&
saclOffset != 0)
{
sacl = new RawAcl(binaryForm, offset + saclOffset);
}
else
{
sacl = null;
}
//
// Extract the DACL
//
int daclOffset = UnmarshalInt(binaryForm, offset + DaclFoundAt);
if (((flags & ControlFlags.DiscretionaryAclPresent) != 0) &&
daclOffset != 0)
{
dacl = new RawAcl(binaryForm, offset + daclOffset);
}
else
{
dacl = null;
}
//
// Create the resulting security descriptor
//
CreateFromParts(flags, owner, group, sacl, dacl);
//
// In the offchance that the flags indicate that the rmControl
// field is meaningful, remember what was there.
//
if ((flags & ControlFlags.RMControlValid) != 0)
{
ResourceManagerControl = rmControl;
}
}
public void SetAudit(SecurityIdentifier sid, ObjectAuditRule rule);
private void CreateFromParts(bool isContainer, bool isDS, ControlFlags flags, SecurityIdentifier owner, SecurityIdentifier group, SystemAcl systemAcl, DiscretionaryAcl discretionaryAcl)
{
if (systemAcl != null &&
systemAcl.IsContainer != isContainer)
{
throw new ArgumentException(
Environment.GetResourceString(isContainer ?
"AccessControl_MustSpecifyContainerAcl" :
"AccessControl_MustSpecifyLeafObjectAcl"),
"systemAcl");
}
if (discretionaryAcl != null &&
discretionaryAcl.IsContainer != isContainer)
{
throw new ArgumentException(
Environment.GetResourceString(isContainer ?
"AccessControl_MustSpecifyContainerAcl" :
"AccessControl_MustSpecifyLeafObjectAcl"),
"discretionaryAcl");
}
_isContainer = isContainer;
if (systemAcl != null &&
systemAcl.IsDS != isDS)
{
throw new ArgumentException(
Environment.GetResourceString(isDS ?
"AccessControl_MustSpecifyDirectoryObjectAcl" :
"AccessControl_MustSpecifyNonDirectoryObjectAcl"),
"systemAcl");
}
if (discretionaryAcl != null &&
discretionaryAcl.IsDS != isDS)
{
throw new ArgumentException(
Environment.GetResourceString(isDS ?
"AccessControl_MustSpecifyDirectoryObjectAcl" :
"AccessControl_MustSpecifyNonDirectoryObjectAcl"),
"discretionaryAcl");
}
_isDS = isDS;
_sacl = systemAcl;
//
// Replace null DACL with an allow-all for everyone DACL
//
if (discretionaryAcl == null)
{
//
// to conform to native behavior, we will add allow everyone ace for DACL
//
discretionaryAcl = DiscretionaryAcl.CreateAllowEveryoneFullAccess(_isDS, _isContainer);
}
_dacl = discretionaryAcl;
//
// DACL is never null. So always set the flag bit on
//
ControlFlags actualFlags = flags | ControlFlags.DiscretionaryAclPresent;
//
// Keep SACL and the flag bit in sync.
//
if (systemAcl == null)
{
unchecked { actualFlags &= ~(ControlFlags.SystemAclPresent); }
}
else
{
actualFlags |= (ControlFlags.SystemAclPresent);
}
_rawSd = new RawSecurityDescriptor(actualFlags, owner, group, systemAcl == null ? null : systemAcl.RawAcl, discretionaryAcl.RawAcl);
}
