public Sid LookupSid(string name, out SidNameUse nameUse, out string domainName) { NtStatus status; UnicodeString nameStr; IntPtr referencedDomains; IntPtr sids; nameStr = new UnicodeString(name); try { if ((status = Win32.LsaLookupNames2( this, 0, 1, new UnicodeString[] { nameStr }, out referencedDomains, out sids )) >= NtStatus.Error) { Win32.ThrowLastError(status); } } finally { nameStr.Dispose(); } using (var referencedDomainsAlloc = new LsaMemoryAlloc(referencedDomains)) using (var sidsAlloc = new LsaMemoryAlloc(sids)) { LsaTranslatedSid2 translatedSid = sidsAlloc.ReadStruct <LsaTranslatedSid2>(); nameUse = translatedSid.Use; if (nameUse == SidNameUse.Invalid || nameUse == SidNameUse.Unknown) { domainName = null; return(null); } if (translatedSid.DomainIndex != -1) { LsaReferencedDomainList domains = referencedDomainsAlloc.ReadStruct <LsaReferencedDomainList>(); MemoryRegion trustArray = new MemoryRegion(domains.Domains); LsaTrustInformation trustInfo = trustArray.ReadStruct <LsaTrustInformation>(translatedSid.DomainIndex); domainName = trustInfo.Name.Read(); } else { domainName = null; } return(new Sid(translatedSid.Sid)); } }
public string LookupName(Sid sid, out SidNameUse nameUse, out string domainName) { NtStatus status; IntPtr referencedDomains; IntPtr names; if ((status = Win32.LsaLookupSids( this, 1, new IntPtr[] { sid }, out referencedDomains, out names )) >= NtStatus.Error) { if (status == NtStatus.NoneMapped) { nameUse = SidNameUse.Unknown; domainName = null; return(null); } Win32.Throw(status); } using (var referencedDomainsAlloc = new LsaMemoryAlloc(referencedDomains)) using (var namesAlloc = new LsaMemoryAlloc(names)) { LsaTranslatedName translatedName = namesAlloc.ReadStruct <LsaTranslatedName>(); nameUse = translatedName.Use; if (nameUse == SidNameUse.Invalid || nameUse == SidNameUse.Unknown) { domainName = null; return(null); } if (translatedName.DomainIndex != -1) { LsaReferencedDomainList domains = referencedDomainsAlloc.ReadStruct <LsaReferencedDomainList>(); MemoryRegion trustArray = new MemoryRegion(domains.Domains); LsaTrustInformation trustInfo = trustArray.ReadStruct <LsaTrustInformation>(translatedName.DomainIndex); domainName = trustInfo.Name.Read(); } else { domainName = null; } return(translatedName.Name.Read()); } }
public LsarLookupNamesResponse(byte[] buffer) { NDRParser parser = new NDRParser(buffer); DomainList = new LsaReferencedDomainList(); parser.BeginStructure(); parser.ReadEmbeddedStructureFullPointer(ref DomainList); parser.EndStructure(); TranslatedNames = new LsaTranslatedArray <LsaTranslatedSid>(); parser.ReadStructure(TranslatedNames); Count = parser.ReadUInt32(); }