/// <summary> /// Convert ACE to a string /// </summary> /// <param name="access_rights_type">An enumeration type to format the access mask</param> /// <param name="resolve_sid">True to try and resolve SID to a name</param> /// <returns>The ACE as a string</returns> public string ToString(Type access_rights_type, bool resolve_sid) { object mask = Enum.ToObject(access_rights_type, Mask); string account = Sid.ToString(); if (resolve_sid) { account = NtSecurity.LookupAccountSid(Sid) ?? Sid.ToString(); } return($"Type {Type} - Flags {Flags} - Mask {mask} - Sid {account}"); }
/// <summary> /// Convert ACE to a string /// </summary> /// <param name="access_rights_type">An enumeration type to format the access mask</param> /// <param name="resolve_sid">True to try and resolve SID to a name</param> /// <returns>The ACE as a string</returns> public string ToString(Type access_rights_type, bool resolve_sid) { object mask = Enum.ToObject(access_rights_type, Mask); string account = Sid.ToString(); if (resolve_sid) { account = NtSecurity.LookupAccountSid(Sid) ?? Sid.ToString(); } return(String.Format("Type {0} - Flags {1} - Mask {2} - Sid {3}", AceType, AceFlags, mask, account)); }
internal SidName(Sid sid, string domain, string name, SidNameSource source, SidNameUse name_use, bool lookup_denied) { Domain = domain; Name = name; if (string.IsNullOrEmpty(domain)) { QualifiedName = Name; } else { QualifiedName = $"{Domain}\\{Name}"; } Source = source; NameUse = name_use; Sddl = sid.ToString(); LookupDenied = lookup_denied; }
/// <summary> /// Process record. /// </summary> protected override void ProcessRecord() { Sid sid; switch (ParameterSetName) { case "sddl": sid = new Sid(Sddl); break; case "name": sid = NtSecurity.LookupAccountName(Name); break; case "service": sid = NtSecurity.GetServiceSid(ServiceName); break; case "il": sid = NtSecurity.GetIntegritySid(IntegrityLevel); break; case "il_raw": sid = NtSecurity.GetIntegritySidRaw(IntegrityLevelRaw); break; case "package": sid = TokenUtils.DerivePackageSidFromName(PackageName); if (RestrictedPackageName != null) { sid = TokenUtils.DeriveRestrictedPackageSidFromSid(sid, RestrictedPackageName); } break; case "known": sid = KnownSids.GetKnownSid(KnownSid); break; case "token": using (NtToken token = NtToken.OpenProcessToken()) { if (PrimaryGroup) { sid = token.PrimaryGroup; } else if (Owner) { sid = token.Owner; } else if (LogonGroup) { sid = token.LogonSid.Sid; } else if (AppContainer) { sid = token.AppContainerSid; } else if (Label) { sid = token.IntegrityLevelSid.Sid; } else { sid = token.User.Sid; } } break; case "cap": sid = CapabilityGroup ? NtSecurity.GetCapabilityGroupSid(CapabilityName) : NtSecurity.GetCapabilitySid(CapabilityName); break; case "sid": sid = new Sid(SecurityAuthority, RelativeIdentifiers); break; case "logon": sid = NtSecurity.GetLogonSessionSid(); break; default: throw new ArgumentException("No SID type specified"); } if (ToSddl) { WriteObject(sid.ToString()); } else if (ToName) { WriteObject(sid.Name); } else { WriteObject(sid); } }
private static SidName GetNameForSidInternal(Sid sid) { string name = LookupAccountSid(sid); if (name != null) { return(new SidName(name, SidNameSource.Account)); } if (IsCapabilitySid(sid)) { // See if there's a known SID with this name. name = LookupKnownCapabilityName(sid); if (name == null) { switch (sid.SubAuthorities.Count) { case 8: uint[] sub_authorities = sid.SubAuthorities.ToArray(); // Convert to a package SID. sub_authorities[0] = 2; name = LookupPackageName(new Sid(sid.Authority, sub_authorities)); break; case 5: name = LookupDeviceCapabilityName(sid); break; } } if (!string.IsNullOrWhiteSpace(name)) { return(new SidName(MakeFakeCapabilityName(name, false), SidNameSource.Capability)); } } else if (IsCapabilityGroupSid(sid)) { name = LookupKnownCapabilityName(sid); if (!string.IsNullOrWhiteSpace(name)) { return(new SidName(MakeFakeCapabilityName(name, true), SidNameSource.Capability)); } } else if (IsPackageSid(sid)) { name = LookupPackageName(sid); if (name != null) { return(new SidName(name, SidNameSource.Package)); } } else if (IsProcessTrustSid(sid)) { name = LookupProcessTrustName(sid); if (name != null) { return(new SidName($@"TRUST LEVEL\{name}", SidNameSource.ProcessTrust)); } } return(new SidName(sid.ToString(), SidNameSource.Sddl)); }
/// <summary> /// Open a specific user key /// </summary> /// <param name="sid">The SID fo the user to open</param> /// <returns>The opened key</returns> /// <exception cref="NtException">Thrown on error.</exception> public static NtKey GetUserKey(Sid sid) { return(Open(@"\Registry\User\" + sid.ToString(), null, KeyAccessRights.MaximumAllowed)); }