public void EnumerateAccountRights_NoRightsFails()
{
LsaHandle handle = AuthenticationMethods.LsaOpenLocalPolicy(PolicyAccessRights.POLICY_READ);
SID sid = AuthorizationMethods.CreateWellKnownSid(WELL_KNOWN_SID_TYPE.WinBuiltinAnyPackageSid);
SecurityMethods.LsaEnumerateAccountRights(handle, ref sid).Should().BeEmpty();
}
public void EnumerateAccountRights_BadSidFails()
{
LsaHandle handle = AuthenticationMethods.LsaOpenLocalPolicy(PolicyAccessRights.POLICY_READ);
SID sid = new SID();
Action action = () => SecurityMethods.LsaEnumerateAccountRights(handle, ref sid);
action.ShouldThrow <ArgumentException>();
}
public void EnumerateAccountRights_ReadRightsFails()
{
LsaHandle handle = AuthenticationMethods.LsaOpenLocalPolicy(PolicyAccessRights.POLICY_READ);
SID sid = AuthorizationMethods.CreateWellKnownSid(WELL_KNOWN_SID_TYPE.WinBuiltinUsersSid);
Action action = () => SecurityMethods.LsaEnumerateAccountRights(handle, ref sid);
action.ShouldThrow <UnauthorizedAccessException>();
}
public void EnumerateAccountRights_UserGroup()
{
LsaHandle handle = AuthenticationMethods.LsaOpenLocalPolicy(PolicyAccessRights.POLICY_EXECUTE);
SID sid = AuthorizationMethods.CreateWellKnownSid(WELL_KNOWN_SID_TYPE.WinBuiltinUsersSid);
var rights = SecurityMethods.LsaEnumerateAccountRights(handle, ref sid);
rights.Should().NotBeEmpty();
rights.Should().Contain("SeChangeNotifyPrivilege");
}
public void LsaOpenPolicy_GenericRead()
{
Action action = () => AuthenticationMethods.LsaOpenLocalPolicy((PolicyAccessRights)GenericAccessRights.Read);
action.ShouldThrow <UnauthorizedAccessException>();
}
public void LsaOpenPolicy_StandardRead()
{
LsaHandle handle = AuthenticationMethods.LsaOpenLocalPolicy(PolicyAccessRights.POLICY_READ);
handle.IsInvalid.Should().BeFalse();
}
