/// <summary> /// Convert to a string /// </summary> /// <returns>The account name if available or the SDDL SID</returns> public override string ToString() { string ret = null; try { ret = Sid.Name; } catch { } return(ret ?? Sid.ToString()); }
/// <summary> /// Default constructor /// </summary> private COMRegistry(COMRegistryMode mode, Sid user, IProgress <Tuple <string, int> > progress) : this(mode) { using (RegistryKey classes_key = OpenClassesKey(mode, user)) { const int total_count = 9; LoadDefaultSecurity(); Report(progress, "CLSIDs", 1, total_count); LoadCLSIDs(classes_key); Report(progress, "AppIDs", 2, total_count); LoadAppIDs(classes_key); Report(progress, "ProgIDs", 3, total_count); LoadProgIDs(classes_key); Report(progress, "Interfaces", 4, total_count); LoadInterfaces(classes_key); Report(progress, "MIME Types", 5, total_count); LoadMimeTypes(classes_key); Report(progress, "PreApproved", 6, total_count); LoadPreApproved(mode, user); Report(progress, "LowRights", 7, total_count); LoadLowRights(mode, user); Report(progress, "TypeLibs", 8, total_count); LoadTypelibs(classes_key); Report(progress, "Runtime Classes", 9, total_count); m_runtime_classes = new SortedDictionary <string, COMRuntimeClassEntry>(); m_runtime_servers = new SortedDictionary <string, COMRuntimeServerEntry>(); if (mode == COMRegistryMode.MachineOnly || mode == COMRegistryMode.Merged) { using (RegistryKey runtime_key = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\WindowsRuntime")) { if (runtime_key != null) { LoadRuntimeClasses(runtime_key); LoadRuntimeServers(runtime_key); } } } } try { CreatedUser = user.Name; } catch { CreatedUser = user.ToString(); } }
/// <summary> /// Generate the necessary parameters /// </summary> public List <KeyValuePair <string, string> > GetParams() { var p = new List <KeyValuePair <string, string> >(); if (Sid != null) { p.Add(new KeyValuePair <string, string>("Sid", Sid.ToString())); } if (PhoneNumber != null) { p.Add(new KeyValuePair <string, string>("PhoneNumber", PhoneNumber.ToString())); } return(p); }
public void ToString_Should_ReturnExpectedResult_When_ByteProvided() { // Arrange var expected = "S-1-5-21-1085031214-1563985344-725345543"; var sid = new byte[] { 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0x2E, 0x43, 0xAC, 0x40, 0xC0, 0x85, 0x38, 0x5D, 0x07, 0xE5, 0x3B, 0x2B }; // Act var actual = Sid.ToString(sid); // Assert Assert.Equal(expected, actual); }
void LoadPreApproved(COMRegistryMode mode, Sid user) { m_preapproved = new List <Guid>(); if (mode == COMRegistryMode.Merged || mode == COMRegistryMode.MachineOnly) { m_preapproved.AddRange(ReadPreApproved(Registry.LocalMachine)); } if (mode == COMRegistryMode.Merged || mode == COMRegistryMode.UserOnly) { using (RegistryKey key = Registry.Users.OpenSubKey(user.ToString())) { if (key != null) { m_preapproved.AddRange(ReadPreApproved(key)); } } } }
/// <summary> /// Default constructor /// </summary> private COMRegistry(COMRegistryMode mode, Sid user, IProgress <Tuple <string, int> > progress) : this(mode) { using (RegistryKey classes_key = OpenClassesKey(mode, user)) { const int total_count = 9; LoadDefaultSecurity(); ActivationContext actctx = null; if (mode == COMRegistryMode.Merged) { actctx = ActivationContext.FromProcess(); } Report(progress, "CLSIDs", 1, total_count); LoadCLSIDs(classes_key, actctx); Report(progress, "AppIDs", 2, total_count); LoadAppIDs(classes_key); Report(progress, "ProgIDs", 3, total_count); LoadProgIDs(classes_key, actctx); Report(progress, "Interfaces", 4, total_count); LoadInterfaces(classes_key, actctx, mode == COMRegistryMode.Merged || mode == COMRegistryMode.MachineOnly); Report(progress, "MIME Types", 5, total_count); LoadMimeTypes(classes_key); Report(progress, "PreApproved", 6, total_count); LoadPreApproved(mode, user); Report(progress, "LowRights", 7, total_count); LoadLowRights(mode, user); Report(progress, "TypeLibs", 8, total_count); LoadTypelibs(classes_key, actctx); Report(progress, "Runtime Classes", 9, total_count); LoadWindowsRuntime(classes_key, mode); } try { CreatedUser = user.Name; } catch { CreatedUser = user.ToString(); } }
private void LoadLowRights(COMRegistryMode mode, Sid user) { m_lowrights = new List <COMIELowRightsElevationPolicy>(); if (mode == COMRegistryMode.Merged || mode == COMRegistryMode.MachineOnly) { LoadLowRightsKey(Registry.LocalMachine); } if (mode == COMRegistryMode.Merged || mode == COMRegistryMode.UserOnly) { using (RegistryKey key = Registry.Users.OpenSubKey(user.ToString())) { if (key != null) { LoadLowRightsKey(key); } } } m_lowrights.Sort(); }
public static COMProcessEntry ParseProcess(int pid, string dbghelp_path, string symbol_path) { using (var result = NtProcess.Open(pid, ProcessAccessRights.VmRead | ProcessAccessRights.QueryInformation, false)) { if (!result.IsSuccess) { return(null); } NtProcess process = result.Result; if (process.Is64Bit && !Environment.Is64BitProcess) { return(null); } using (ISymbolResolver resolver = SymbolResolver.Create(process, dbghelp_path, symbol_path)) { Sid user = process.User; return(new COMProcessEntry( pid, GetProcessFileName(process), ParseIPIDEntries(process, resolver), process.Is64Bit, GetProcessAppId(process, resolver), GetProcessAccessSecurityDescriptor(process, resolver), GetLrpcSecurityDescriptor(process, resolver), user.Name, user.ToString(), ReadString(process, resolver, "gwszLRPCEndPoint"), ReadEnum <EOLE_AUTHENTICATION_CAPABILITIES>(process, resolver, "gCapabilities"), ReadEnum <RPC_AUTHN_LEVEL>(process, resolver, "gAuthnLevel"), ReadEnum <RPC_IMP_LEVEL>(process, resolver, "gImpLevel"), ReadPointer(process, resolver, "gAccessControl"), ReadPointer(process, resolver, "ghwndOleMainThread"))); } } }
private T CreateObject <T>(SafeSamHandle handle, uint user_id, string name, Func <string, Sid, T> func) { try { Sid sid = RidToSid(user_id, false).GetResultOrDefault(); if (sid == null) { sid = DomainId.CreateRelative(user_id); } if (name == null) { name = LookupId(user_id, false).GetResultOrDefault()?.Name ?? sid.ToString(); } return(func(name, sid)); } catch { handle.Dispose(); throw; } }
private SamUser CreateUserObject(SafeSamHandle user_handle, SamUserAccessRights desired_access, string name, uint user_id) { try { Sid sid = RidToSid(user_id, false).GetResultOrDefault(); if (sid == null) { sid = DomainId.CreateRelative(user_id); } if (name == null) { name = LookupId(user_id, false).GetResultOrDefault()?.Name ?? sid.ToString(); } return(new SamUser(user_handle, desired_access, ServerName, name, sid)); } catch { user_handle.Dispose(); throw; } }
/// <summary> /// Process record. /// </summary> protected override void ProcessRecord() { Sid sid; switch (ParameterSetName) { case "sddl": sid = new Sid(Sddl); break; case "name": sid = NtSecurity.LookupAccountName(Name); break; case "service": sid = NtSecurity.GetServiceSid(ServiceName); break; case "il": sid = NtSecurity.GetIntegritySid(IntegrityLevel); break; case "il_raw": sid = NtSecurity.GetIntegritySidRaw(IntegrityLevelRaw); break; case "package": sid = TokenUtils.DerivePackageSidFromName(PackageName); if (RestrictedPackageName != null) { sid = TokenUtils.DeriveRestrictedPackageSidFromSid(sid, RestrictedPackageName); } break; case "known": sid = KnownSids.GetKnownSid(KnownSid); break; case "token": using (NtToken token = NtToken.OpenProcessToken()) { if (PrimaryGroup) { sid = token.PrimaryGroup; } else if (Owner) { sid = token.Owner; } else if (LogonGroup) { sid = token.LogonSid.Sid; } else if (AppContainer) { sid = token.AppContainerSid; } else if (Label) { sid = token.IntegrityLevelSid.Sid; } else { sid = token.User.Sid; } } break; case "cap": sid = CapabilityGroup ? NtSecurity.GetCapabilityGroupSid(CapabilityName) : NtSecurity.GetCapabilitySid(CapabilityName); break; case "sid": sid = new Sid(SecurityAuthority, RelativeIdentifier); break; case "logon": sid = NtSecurity.GetLogonSessionSid(); break; case "trust": sid = NtSecurity.GetTrustLevelSid(TrustType, TrustLevel); break; case "ace": sid = AccessControlEntry.Sid; break; default: throw new ArgumentException("No SID type specified"); } if (ToSddl) { WriteObject(sid.ToString()); } else if (ToName) { WriteObject(sid.Name); } else { WriteObject(sid); } }
internal SamDomain(SafeSamHandle handle, SamDomainAccessRights granted_access, string server_name, string domain_name, Sid domain_sid) : base(handle, granted_access, SamUtils.SAM_DOMAIN_NT_TYPE_NAME, $"SAM Domain ({domain_name ?? domain_sid.ToString()})", server_name) { DomainId = domain_sid; if (domain_name != null) { _name = new Lazy <string>(() => domain_name); } else { _name = new Lazy <string>(() => string.Empty); } }
internal SamDomain(SafeSamHandle handle, SamDomainAccessRights granted_access, string server_name, string domain_name, Sid domain_sid) : base(handle, granted_access, SamUtils.SAM_DOMAIN_NT_TYPE_NAME, $"SAM Domain ({domain_name ?? domain_sid.ToString()})", server_name) { DomainId = domain_sid; Name = domain_name ?? string.Empty; }