internal static WinAPI.NETAPI32.NET_API_STATUS TryLoadLocalGroup(string host, string name, NTLocalGroup group)
{
WinAPI.NETAPI32.NET_API_STATUS result;
var bufPtr = IntPtr.Zero;
try {
result = WinAPI.NETAPI32.NetLocalGroupGetInfo(host, name, 1, out bufPtr);
if (result != 0)
{
return(result);
}
var groupInfo = (WinAPI.NETAPI32.LOCALGROUP_INFO_1)Marshal.PtrToStructure(
bufPtr,
typeof(WinAPI.NETAPI32.LOCALGROUP_INFO_1)
);
group.Host = host;
group.Name = groupInfo.lgrpi1_name;
group.Description = groupInfo.lgrpi1_comment;
#region Get the group SID
var resolver = new SidNameResolver(group.NTCompatibleHostName);
WinAPI.ADVAPI32.SidNameUse nameUse;
SecurityIdentifier sid;
string resolvedDomain;
string resolveError;
if (resolver.TryReverseResolve(group.Name, out sid, out resolvedDomain, out nameUse, out resolveError))
{
if (nameUse != WinAPI.ADVAPI32.SidNameUse.Group && nameUse != WinAPI.ADVAPI32.SidNameUse.Alias)
{
throw new WindowsException(
"Group '{0}' on host '{1}' had a non-group and/or non-alias SID name use.",
group.Name,
group.Host
);
}
group.SID = sid;
group.SidNameUsage = nameUse;
}
else
{
throw new WindowsException(
"Unable to resolve SID for group '{0}' on host '{1}'. {2}",
group.Name,
group.Host,
resolveError
);
}
#endregion
} finally {
if (bufPtr != IntPtr.Zero)
{
WinAPI.NETAPI32.NetApiBufferFree(bufPtr);
}
}
return(result);
}
internal static WinAPI.NETAPI32.NET_API_STATUS TryLoadLocalUser(string host, string username, NTLocalUser user)
{
WinAPI.NETAPI32.NET_API_STATUS result;
var bufPtr = IntPtr.Zero;
try {
result = WinAPI.NETAPI32.NetUserGetInfo(
host,
username,
2,
out bufPtr
);
if (result != 0)
{
return(result);
}
var userInfo = (WinAPI.NETAPI32.USER_INFO_2)Marshal.PtrToStructure(bufPtr, typeof(WinAPI.NETAPI32.USER_INFO_2));
user.Host = host;
user._acct_expires = userInfo.usri2_acct_expires;
user._auth_flags = userInfo.usri2_auth_flags;
user.BadPasswordCount = userInfo.usri2_bad_pw_count;
user.CodePage = userInfo.usri2_code_page;
user.Description = userInfo.usri2_comment;
user.CountryCode = userInfo.usri2_country_code;
user._flags = userInfo.usri2_flags;
user._full_name = userInfo.usri2_full_name;
user._home_dir = userInfo.usri2_home_dir;
user._comment = userInfo.usri2_usr_comment;
user._last_logoff = userInfo.usri2_last_logoff;
user._last_logon = userInfo.usri2_last_logon;
user._logon_server = userInfo.usri2_logon_server;
user.MaxStorage = userInfo.usri2_max_storage;
user.Name = userInfo.usri2_name;
user.NumberOfLogons = userInfo.usri2_num_logons;
user._parms = userInfo.usri2_parms;
user._password = userInfo.usri2_password;
user._password_age = userInfo.usri2_password_age;
user._priv = userInfo.usri2_priv;
user._script_path = userInfo.usri2_script_path;
user.UnitsPerWeek = userInfo.usri2_units_per_week;
user.usri2_workstations = userInfo.usri2_workstations;
if (userInfo.usri2_logon_hours != IntPtr.Zero)
{
Marshal.Copy(userInfo.usri2_logon_hours, user.LogonHours, 0, 21);
WinAPI.NETAPI32.NetApiBufferFree(userInfo.usri2_logon_hours);
}
else
{
user.LogonHours = new byte[0];
}
#region Get the group SID
var resolver = new SidNameResolver(user.NTCompatibleHostName);
WinAPI.ADVAPI32.SidNameUse nameUse;
SecurityIdentifier sid;
string resolvedDomain;
string resolveError;
if (resolver.TryReverseResolve(user.Name, out sid, out resolvedDomain, out nameUse, out resolveError))
{
if (nameUse != WinAPI.ADVAPI32.SidNameUse.User && nameUse != WinAPI.ADVAPI32.SidNameUse.Alias)
{
throw new WindowsException(
"User '{0}' on host '{1}' had a non-user and non-alias SID name",
user.Name,
user.Host
);
}
user.SID = sid;
user.SidNameUsage = nameUse;
}
else
{
throw new WindowsException(
"Unable to resolve SID for user '{0}' on host '{1}. {2}",
user.Name,
user.Host,
resolveError
);
}
#endregion
} finally {
WinAPI.NETAPI32.NetApiBufferFree(bufPtr);
}
return(result);
}
/// <summary>
/// Constructor establishes connection to host.
/// </summary>
/// <param name="hostToConnectTo">Name of host to connect to, or null/empty for local host.</param>
public NTHost(string host)
{
string hostToConnectTo = string.IsNullOrEmpty(host) ? Environment.MachineName : host;
IPHostEntry hostEntry = Dns.GetHostEntry(hostToConnectTo);
Host = hostToConnectTo;
Aliases = hostEntry.Aliases;
Addresses = hostEntry.AddressList;
Name = hostEntry.HostName;
try {
#region Get SID for host
var resolver = new SidNameResolver(this.Host);
var nameUse = WinAPI.ADVAPI32.SidNameUse.Unknown;
SecurityIdentifier sid = null;
// search SID for all aliases & name
var namesToSearch = new List <string>();
var resolveErrors = new List <string>();
namesToSearch.Add(this.Host);
namesToSearch.AddRange(Aliases);
namesToSearch.Add(Name);
var found = false;
var nameMatched = string.Empty;
foreach (var name in namesToSearch)
{
string resolveError;
string resolvedDomain;
if (resolver.TryReverseResolve(name, out sid, out resolvedDomain, out nameUse, out resolveError))
{
found = true;
nameMatched = name;
break;
}
else
{
resolveErrors.Add(resolveError);
}
}
if (!found)
{
throw new Exception(
string.Format(
"Could not establish SID for host '{0}'. Tried the following symbolic aliases '{1}' and each failed with win32 errors '{2}'",
this.Name,
string.Join(",", namesToSearch.ToArray()),
string.Join(",", resolveErrors.ToArray())
)
);
}
if (nameUse != WinAPI.ADVAPI32.SidNameUse.Computer && nameUse != WinAPI.ADVAPI32.SidNameUse.Domain)
{
throw new Exception(
string.Format(
"Host SID resolved to a non-computer and non-domain object. Host was '{0}' and first SID alias matched was '{1}' out of the of list '{2}'.",
Name,
nameMatched,
string.Join(",", namesToSearch.ToArray())
)
);
}
base.SID = sid;
base.SidNameUsage = nameUse;
#endregion
} catch {
#warning Dodgy workaround - can't get host SID for domain controllers. Ignorning for now
try {
SidNameUsage = WinAPI.ADVAPI32.SidNameUse.Invalid;
SID = new SecurityIdentifier(WellKnownSidType.BuiltinDomainSid, null);
} catch {
try {
SID = new SecurityIdentifier(WellKnownSidType.LocalSid, null);
} catch {
SID = new SecurityIdentifier(WellKnownSidType.AnonymousSid, null);
}
}
}
}