public KnownAce(AceType type, AceFlags flags, int mask, Sid sid) { if ( type != AceType.AccessAllowed && type != AceType.AccessDenied && type != AceType.SystemAlarm && type != AceType.SystemAudit ) throw new ArgumentException("Invalid ACE type."); this.MemoryRegion = new MemoryAlloc( Marshal.SizeOf(typeof(KnownAceStruct)) - sizeof(int) + sid.Length ); KnownAceStruct knownAce = new KnownAceStruct(); knownAce.Header.AceType = type; knownAce.Header.AceFlags = flags; knownAce.Header.AceSize = (ushort)this.MemoryRegion.Size; knownAce.Mask = mask; this.MemoryRegion.WriteStruct<KnownAceStruct>(knownAce); this.MemoryRegion.WriteMemory(Win32.KnownAceSidStartOffset.ToInt32(), sid, 0, sid.Length); this.Read(); }
public KnownAce(AceType type, AceFlags flags, int mask, Sid sid) { if ( type != AceType.AccessAllowed && type != AceType.AccessDenied && type != AceType.SystemAlarm && type != AceType.SystemAudit ) throw new ArgumentException("Invalid ACE type."); this.MemoryRegion = new MemoryAlloc( Marshal.SizeOf(typeof(KnownAceStruct)) - // known ace struct size sizeof(int) + // minus SidStart field sid.Length // plus SID length ); KnownAceStruct knownAce = new KnownAceStruct(); // Initialize the ACE (minus the SID). knownAce.Header.AceType = type; knownAce.Header.AceFlags = flags; knownAce.Header.AceSize = (ushort)this.MemoryRegion.Size; knownAce.Mask = mask; // Write the ACE to memory. this.MemoryRegion.WriteStruct<KnownAceStruct>(knownAce); // Write the SID. this.MemoryRegion.WriteMemory(Win32.KnownAceSidStartOffset.ToInt32(), sid, 0, sid.Length); // Update the cached info. this.Read(); }
public SecurityDescriptor(Sid owner, Sid group, Acl dacl, Acl sacl) : this() { this.Owner = owner; this.Group = group; this.Dacl = dacl; this.Sacl = sacl; }
protected override void Read() { var knownAce = this.MemoryRegion.ReadStruct<KnownAceStruct>(); _mask = knownAce.Mask; _sid = Sid.FromPointer(this.Memory.Increment(Win32.KnownAceSidStartOffset)); base.Read(); }
public Motherboard(C64 c64, C64.VicType initRegion) { // note: roms need to be added on their own externally _c64 = c64; int clockNum, clockDen, mainsFrq; switch (initRegion) { case C64.VicType.PAL: clockNum = 17734475; clockDen = 18; mainsFrq = 50; break; case C64.VicType.NTSC: case C64.VicType.NTSC_OLD: clockNum = 11250000; clockDen = 11; mainsFrq = 60; break; case C64.VicType.DREAN: clockNum = 14328225; clockDen = 14; mainsFrq = 50; break; default: throw new System.Exception(); } cartPort = new CartridgePort(); cassPort = new CassettePortDevice(); cia0 = new MOS6526(clockNum, clockDen*mainsFrq); cia1 = new MOS6526(clockNum, clockDen*mainsFrq); colorRam = new Chip2114(); cpu = new MOS6510(); pla = new MOSPLA(); ram = new Chip4864(); serPort = new SerialPort(); sid = MOS6581.Create(44100, clockNum, clockDen); switch (initRegion) { case C64.VicType.NTSC: vic = MOS6567R8.Create(); break; case C64.VicType.PAL: vic = MOS6569.Create(); break; case C64.VicType.NTSC_OLD: vic = MOS6567R56A.Create(); break; case C64.VicType.DREAN: vic = MOS6572.Create(); break; } userPort = new UserPortDevice(); }
public TokenGroupsList(Sid[] groups) { InitializeComponent(); for (int i = 0; i < groups.Length; i++) { ListViewItem item = listGroups.Items.Add(new ListViewItem()); item.Text = groups[i].GetFullName(Properties.Settings.Default.ShowAccountDomains); item.BackColor = GetAttributeColor(groups[i].Attributes); item.SubItems.Add(new ListViewItem.ListViewSubItem(item, GetAttributeString(groups[i].Attributes))); } listGroups.ListViewItemSorter = new SortedListViewComparer(listGroups); listGroups.SetDoubleBuffered(true); listGroups.ContextMenu = listGroups.GetCopyMenu(); ColumnSettings.LoadSettings(Properties.Settings.Default.GroupListColumns, listGroups); listGroups.AddShortcuts(); }
public TokenGroupsList(Sid[] groups) { InitializeComponent(); if (groups != null) { foreach (Sid t in groups) { ListViewItem item = this.listGroups.Items.Add(new ListViewItem()); item.Text = t.GetFullName(Settings.Instance.ShowAccountDomains); item.BackColor = this.GetAttributeColor(t.Attributes); item.SubItems.Add(new ListViewItem.ListViewSubItem(item, this.GetAttributeString(t.Attributes))); } } listGroups.ListViewItemSorter = new SortedListViewComparer(listGroups); listGroups.ContextMenu = listGroups.GetCopyMenu(); ColumnSettings.LoadSettings(Settings.Instance.GroupListColumns, listGroups); listGroups.AddShortcuts(); }
public Motherboard(C64 c64, Region initRegion) { // note: roms need to be added on their own externally _c64 = c64; cartPort = new CartridgePort(); cassPort = new CassettePortDevice(); cia0 = new MOS6526(initRegion); cia1 = new MOS6526(initRegion); colorRam = new Chip2114(); cpu = new MOS6510(); pla = new MOSPLA(); ram = new Chip4864(); serPort = new SerialPort(); sid = MOS6581.Create(44100, initRegion); switch (initRegion) { case Region.NTSC: vic = MOS6567.Create(); break; case Region.PAL: vic = MOS6569.Create(); break; } userPort = new UserPortDevice(); }
/// <summary> /// Perform an Access Check. /// </summary> /// <param name="sd">The security descriptor for the check.</param> /// <param name="optional_sd">Optional list of security descriptors to merge.</param> /// <param name="desired_access">The desired access.</param> /// <param name="principal">Optional Principal SID.</param> /// <param name="object_types">Optional list of object types.</param> /// <param name="type">NT Type for access checking.</param> /// <returns>The list of access check results.</returns> public AuthZAccessCheckResult[] AccessCheck(SecurityDescriptor sd, IEnumerable <SecurityDescriptor> optional_sd, AccessMask desired_access, Sid principal, IEnumerable <ObjectTypeEntry> object_types, NtType type) { return(AccessCheck(sd, optional_sd, desired_access, principal, object_types, type, true).Result); }
public void AddPrivileges(string account, string privilege) { uint ret; using (Sid sid = new Sid(account)) { LSA_UNICODE_STRING[] privileges = new LSA_UNICODE_STRING[1]; privileges[0] = InitLsaString(privilege); ret = Win32Sec.LsaAddAccountRights(lsaHandle, sid.pSid, privileges, 1); } if (ret == 0) return; if (ret == STATUS_ACCESS_DENIED) { throw new UnauthorizedAccessException(); } if ((ret == STATUS_INSUFFICIENT_RESOURCES) || (ret == STATUS_NO_MEMORY)) { throw new OutOfMemoryException(); } throw new Win32Exception(Win32Sec.LsaNtStatusToWinError((int)ret)); }
internal static NtResult <CentralAccessPolicy> FromRegistry(NtKey key, Dictionary <int, CentralAccessRule> rules, bool throw_on_error) { List <CentralAccessRule> capes = new List <CentralAccessRule>(); string name = string.Empty; string description = string.Empty; Sid capid = null; string change_id = string.Empty; uint flags = 0; foreach (var value in key.QueryValues()) { switch (value.Name.ToLower()) { case "capes": var idxs = ParseCapeNumbers(value, throw_on_error); if (!idxs.IsSuccess) { return(idxs.Cast <CentralAccessPolicy>()); } foreach (var idx in idxs.Result) { if (rules.ContainsKey(idx)) { capes.Add(rules[idx]); } else { return(NtStatus.STATUS_INVALID_PARAMETER.CreateResultFromError <CentralAccessPolicy>(throw_on_error)); } } break; case "capid": var sid = Sid.Parse(value.Data, false); if (!sid.IsSuccess) { return(sid.Cast <CentralAccessPolicy>()); } capid = sid.Result; break; case "changeid": change_id = value.ToString().TrimEnd('\0'); break; case "description": description = value.ToString().TrimEnd('\0'); break; case "flags": if (value.Type == RegistryValueType.Dword) { flags = (uint)value.ToObject(); } break; case "name": name = value.ToString().TrimEnd('\0'); break; } } return(new CentralAccessPolicy(capid, flags, name, description, change_id, capes).CreateResult()); }
/// <summary> /// Remove a SID to name mapping with LSA. /// </summary> /// <param name="sid">The SID to remove.</param> /// <returns>The NT status result.</returns> public static void RemoveSidNameMapping(Sid sid) { SidName name = sid.GetName(); RemoveSidNameMapping(name.Domain, name.NameUse == SidNameUse.Domain ? string.Empty : name.Name, true); }
/// <summary> /// Create an AppContainer token using the CreateAppContainerToken API. /// </summary> /// <param name="appcontainer_sid">The AppContainer package SID.</param> /// <param name="capabilities">List of capabilities.</param> /// <returns>The appcontainer token.</returns> /// <remarks>This exported function was only introduced in RS3</remarks> public static NtToken CreateAppContainerToken(Sid appcontainer_sid, IEnumerable <Sid> capabilities) { return(CreateAppContainerToken(null, appcontainer_sid, capabilities)); }
/// <summary> /// Derive a restricted package sid from an existing pacakge sid. /// </summary> /// <param name="package_sid">The base package sid.</param> /// <param name="restricted_name">The restricted name for the sid.</param> /// <returns>The derived Sid.</returns> public static Sid DeriveRestrictedPackageSidFromSid(Sid package_sid, string restricted_name) { return(DeriveRestrictedPackageSidFromSid(package_sid, restricted_name, true).Result); }
internal SamDomain(SafeSamHandle handle, SamDomainAccessRights granted_access, string server_name, string domain_name, Sid domain_sid) : base(handle, granted_access, SamUtils.SAM_DOMAIN_NT_TYPE_NAME, $"SAM Domain ({domain_name ?? domain_sid.ToString()})", server_name) { DomainId = domain_sid; Name = domain_name ?? string.Empty; }
/// <summary> /// Create an AppContainer token using the CreateAppContainerToken API. /// </summary> /// <param name="token">The token to base the new token on. Can be null.</param> /// <param name="appcontainer_sid">The AppContainer package SID.</param> /// <param name="capabilities">List of capabilities.</param> /// <returns>The appcontainer token.</returns> /// <remarks>This exported function was only introduced in RS3</remarks> public static NtToken CreateAppContainerToken(NtToken token, Sid appcontainer_sid, IEnumerable <Sid> capabilities) { return(CreateAppContainerToken(token, appcontainer_sid, capabilities, true).Result); }
/// <summary> /// Open trusted domain object. /// </summary> /// <param name="sid">The SID of the trusted domain.</param> /// <param name="desired_access">The desired access for the object.</param> /// <returns>The trusted domain object.</returns> public LsaTrustedDomain OpenTrustedDomain(Sid sid, LsaTrustedDomainAccessRights desired_access) { return(OpenTrustedDomain(sid, desired_access, true).Result); }
/// <summary> /// Add a Device SID to the context. /// </summary> /// <param name="sid">The SID to add.</param> public void AddRestrictedSid(Sid sid) { ModifyGroups(AuthZGroupSidType.Restricted, new Sid[] { sid }, AuthZSidOperation.Add); }
/// <summary> /// Perform an Access Check. /// </summary> /// <param name="sd">The security descriptor for the check.</param> /// <param name="optional_sd">Optional list of security descriptors to merge.</param> /// <param name="desired_access">The desired access.</param> /// <param name="principal">Optional Principal SID.</param> /// <param name="object_types">Optional list of object types.</param> /// <param name="type">NT Type for access checking.</param> /// <param name="throw_on_error">True to throw on error.</param> /// <returns>The list of access check results.</returns> public NtResult <AuthZAccessCheckResult[]> AccessCheck(SecurityDescriptor sd, IEnumerable <SecurityDescriptor> optional_sd, AccessMask desired_access, Sid principal, IEnumerable <ObjectTypeEntry> object_types, NtType type, bool throw_on_error) { if (sd is null) { throw new ArgumentNullException(nameof(sd)); } using (var list = new DisposableList()) { AUTHZ_ACCESS_REQUEST request = new AUTHZ_ACCESS_REQUEST(); request.DesiredAccess = desired_access; if (principal != null) { request.PrincipalSelfSid = list.AddResource(principal.ToSafeBuffer()).DangerousGetHandle(); } int result_count = 1; var object_list = NtSecurity.ConvertObjectTypes(object_types, list); if (object_list?.Length > 0) { result_count = object_list.Length; request.ObjectTypeList = list.AddResource(object_list.ToBuffer()).DangerousGetHandle(); request.ObjectTypeListLength = object_list.Length; } var sd_buffer = list.AddResource(sd.ToSafeBuffer()); int optional_sd_count = optional_sd?.Count() ?? 0; IntPtr[] optional_sd_buffers = null; if (optional_sd_count > 0) { optional_sd_buffers = optional_sd.Select(s => list.AddResource(s.ToSafeBuffer()).DangerousGetHandle()).ToArray(); } AUTHZ_ACCESS_REPLY reply = new AUTHZ_ACCESS_REPLY(); reply.ResultListLength = result_count; var error_buffer = list.AddResource(new int[result_count].ToBuffer()); reply.Error = error_buffer.DangerousGetHandle(); var access_buffer = list.AddResource(new AccessMask[result_count].ToBuffer()); reply.GrantedAccessMask = access_buffer.DangerousGetHandle(); var audit_buffer = list.AddResource(new int[result_count].ToBuffer()); reply.SaclEvaluationResults = audit_buffer.DangerousGetHandle(); return(SecurityNativeMethods.AuthzAccessCheck(AuthZAccessCheckFlags.None, _handle, ref request, IntPtr.Zero, sd_buffer, optional_sd_buffers, optional_sd_count, ref reply, IntPtr.Zero).CreateWin32Result(throw_on_error, () => CreateResult(result_count, error_buffer, access_buffer, object_types?.ToArray(), type))); } }
/// <summary> /// Add a Device SID to the context. /// </summary> /// <param name="sid">The SID to add.</param> public void AddDeviceSid(Sid sid) { ModifyGroups(AuthZGroupSidType.Device, new Sid[] { sid }, AuthZSidOperation.Add); }
/// <summary> /// Add a SID to the context. /// </summary> /// <param name="sid">The SID to add.</param> public void AddSid(Sid sid) { ModifyGroups(AuthZGroupSidType.Normal, new Sid[] { sid }, AuthZSidOperation.Add); }
/// <summary> /// Set AppContainer Information to Context. /// </summary> /// <param name="package_sid">The package SID.</param> /// <param name="capabilities">List of capabilities.</param> public void SetAppContainer(Sid package_sid, IEnumerable <UserGroup> capabilities) { SetAppContainer(package_sid, capabilities, true); }
public override int GetHashCode() { return(Sid.GetHashCode()); }
public static SidName LookupInternetName(Sid sid) { return(LookupInternetName(sid, true).Result); }
/// <summary> /// Delete an LSA account object. /// </summary> /// <param name="sid">The SID of the account.</param> public void DeleteAccount(Sid sid) { DeleteAccount(sid, true); }
/// <summary> /// Add a package SID condition. /// </summary> /// <param name="match_type">The match type.</param> /// <param name="package_sid">The package SID.</param> public void AddPackageSid(FirewallMatchType match_type, Sid package_sid) { AddCondition(match_type, FirewallConditionGuids.FWPM_CONDITION_ALE_PACKAGE_ID, FirewallValue.FromSid(package_sid)); }
internal LsaAccount(SafeLsaHandle handle, LsaAccountAccessRights granted_access, Sid sid, string system_name) : base(handle, granted_access, LsaPolicyUtils.LSA_ACCOUNT_NT_TYPE_NAME, $"LSA Account ({sid})", system_name) { Sid = sid; }
public Motherboard(C64 c64, C64.VicType initRegion, C64.BorderType borderType, C64.SidType sidType, C64.TapeDriveType tapeDriveType, C64.DiskDriveType diskDriveType) { // note: roms need to be added on their own externally _c64 = c64; int clockNum, clockDen; switch (initRegion) { case C64.VicType.Pal: clockNum = 17734475; clockDen = 18; break; case C64.VicType.Ntsc: clockNum = 14318181; clockDen = 14; break; case C64.VicType.NtscOld: clockNum = 11250000; clockDen = 11; break; case C64.VicType.Drean: clockNum = 14328225; clockDen = 14; break; default: throw new System.Exception(); } CartPort = new CartridgePort(); Cassette = new CassettePort(); ColorRam = new Chip2114(); Cpu = new Chip6510(); Pla = new Chip90611401(); Ram = new Chip4864(); Serial = new SerialPort(); switch (sidType) { case C64.SidType.OldR2: Sid = Chip6581R2.Create(44100, clockNum, clockDen); break; case C64.SidType.OldR3: Sid = Chip6581R3.Create(44100, clockNum, clockDen); break; case C64.SidType.OldR4AR: Sid = Chip6581R4AR.Create(44100, clockNum, clockDen); break; case C64.SidType.NewR5: Sid = Chip8580R5.Create(44100, clockNum, clockDen); break; } switch (initRegion) { case C64.VicType.Ntsc: Vic = Chip6567R8.Create(borderType); Cia0 = Chip6526.Create(C64.CiaType.Ntsc, Input_ReadKeyboard, Input_ReadJoysticks); Cia1 = Chip6526.Create(C64.CiaType.Ntsc, Cia1_ReadPortA); break; case C64.VicType.Pal: Vic = Chip6569.Create(borderType); Cia0 = Chip6526.Create(C64.CiaType.Pal, Input_ReadKeyboard, Input_ReadJoysticks); Cia1 = Chip6526.Create(C64.CiaType.Pal, Cia1_ReadPortA); break; case C64.VicType.NtscOld: Vic = Chip6567R56A.Create(borderType); Cia0 = Chip6526.Create(C64.CiaType.NtscRevA, Input_ReadKeyboard, Input_ReadJoysticks); Cia1 = Chip6526.Create(C64.CiaType.NtscRevA, Cia1_ReadPortA); break; case C64.VicType.Drean: Vic = Chip6572.Create(borderType); Cia0 = Chip6526.Create(C64.CiaType.Pal, Input_ReadKeyboard, Input_ReadJoysticks); Cia1 = Chip6526.Create(C64.CiaType.Pal, Cia1_ReadPortA); break; } User = new UserPort(); ClockNumerator = clockNum; ClockDenominator = clockDen; // Initialize disk drive switch (diskDriveType) { case C64.DiskDriveType.Commodore1541: case C64.DiskDriveType.Commodore1541II: DiskDrive = new Drive1541(ClockNumerator, ClockDenominator); Serial.Connect(DiskDrive); break; } // Initialize tape drive switch (tapeDriveType) { case C64.TapeDriveType.Commodore1530: TapeDrive = new TapeDrive(); Cassette.Connect(TapeDrive); break; } BasicRom = new Chip23128(); CharRom = new Chip23128(); KernalRom = new Chip23128(); }
protected override NtResult <object> Parse(string value, bool throw_on_error) { return(Sid.Parse(value, false).Cast <object>()); }
public Msv1_0_InteractivePackage(Sid sid) : this(sid, null) { }
private void UpdateTokenData() { UserGroup user = _token.User; txtUsername.Text = user.ToString(); txtUserSid.Text = user.Sid.ToString(); TokenType tokentype = _token.TokenType; txtTokenType.Text = _token.TokenType.ToString(); if (_token.TokenType == TokenType.Impersonation) { SecurityImpersonationLevel implevel = _token.ImpersonationLevel; txtImpLevel.Text = implevel.ToString(); } else { txtImpLevel.Text = "N/A"; } txtTokenId.Text = _token.Id.ToString(); txtModifiedId.Text = _token.ModifiedId.ToString(); txtAuthId.Text = _token.AuthenticationId.ToString(); if (Enum.IsDefined(typeof(TokenIntegrityLevel), _token.IntegrityLevel)) { comboBoxIL.SelectedItem = _token.IntegrityLevel; comboBoxILForDup.SelectedItem = _token.IntegrityLevel; } else { comboBoxIL.Text = _token.IntegrityLevel.ToString(); comboBoxILForDup.Text = _token.IntegrityLevel.ToString(); } txtSessionId.Text = _token.SessionId.ToString(); if (_token.IsAccessGranted(TokenAccessRights.QuerySource)) { txtSourceName.Text = _token.Source.SourceName; txtSourceId.Text = _token.Source.SourceIdentifier.ToString(); } else { txtSourceName.Text = "N/A"; txtSourceId.Text = "N/A"; } TokenElevationType evtype = _token.ElevationType; txtElevationType.Text = evtype.ToString(); txtIsElevated.Text = _token.Elevated.ToString(); txtOriginLoginId.Text = _token.Origin.ToString(); btnLinkedToken.Enabled = evtype != TokenElevationType.Default; UpdateGroupList(); txtPrimaryGroup.Text = _token.PrimaryGroup.Name; txtOwner.Text = _token.Owner.Name; Acl defdacl = _token.DefaultDacl; if (!defdacl.NullAcl) { foreach (Ace ace in defdacl) { UserGroup group = new UserGroup(ace.Sid, GroupAttributes.None); ListViewItem item = new ListViewItem(group.ToString()); AccessMask mask = GenericAccessRights.GenericAll | GenericAccessRights.GenericExecute | GenericAccessRights.GenericRead | GenericAccessRights.GenericWrite; string maskstr; if ((ace.Mask & ~mask).HasAccess) { maskstr = $"0x{ace.Mask:X08}"; } else { maskstr = ace.Mask.ToGenericAccess().ToString(); } item.SubItems.Add(maskstr); item.SubItems.Add(ace.Flags.ToString()); item.SubItems.Add(ace.Type.ToString()); listViewDefDacl.Items.Add(item); } } else { listViewDefDacl.Items.Add("No Default DACL"); } listViewDefDacl.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent); listViewDefDacl.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize); if (_token.Restricted) { PopulateGroupList(listViewRestrictedSids, _token.RestrictedSids); } else { tabControlMain.TabPages.Remove(tabPageRestricted); } if (_token.AppContainer) { PopulateGroupList(listViewCapabilities, _token.Capabilities); txtACNumber.Text = _token.AppContainerNumber.ToString(); txtPackageName.Text = _token.AppContainerSid.Name; txtPackageSid.Text = _token.AppContainerSid.ToString(); } else { tabControlMain.TabPages.Remove(tabPageAppContainer); } txtUIAccess.Text = _token.UIAccess.ToString(); txtSandboxInert.Text = _token.SandboxInert.ToString(); bool virtAllowed = _token.VirtualizationAllowed; txtVirtualizationAllowed.Text = virtAllowed.ToString(); btnToggleVirtualizationEnabled.Enabled = virtAllowed; if (virtAllowed) { txtVirtualizationEnabled.Text = _token.VirtualizationEnabled.ToString(); } else { txtVirtualizationEnabled.Text = "N/A"; } txtMandatoryILPolicy.Text = _token.MandatoryPolicy.ToString(); txtHandleAccess.Text = _token.GrantedAccess.ToString(); Sid trust_level = _token.TrustLevel; txtTrustLevel.Text = trust_level != null ? trust_level.Name : "N/A"; UpdatePrivileges(); UpdateSecurityAttributes(); if (_token.IsAccessGranted(TokenAccessRights.ReadControl)) { securityDescriptorViewerControl.SetSecurityDescriptor(_token.SecurityDescriptor, _token.NtType, _token.NtType.ValidAccess); } else { tabControlMain.TabPages.Remove(tabPageSecurity); } }
/// <summary> /// Add a SID to name mapping with LSA. /// </summary> /// <param name="domain">The domain name for the SID.</param> /// <param name="name">The account name for the SID. Can be null for a domain SID.</param> /// <param name="sid">The SID to add.</param> /// <returns>The NT status result.</returns> public static void AddSidNameMapping(string domain, string name, Sid sid) { AddSidNameMapping(domain, name, sid, true); }
public override object GetParamValue(Sid.WebServices.IRequest request, Sid.WebServices.SidModule moduleInstance) { return new BinaryRequest(request.ContentLength, new BinaryReader(request.InputStream)); }
/// <summary> /// Lookup name for a SID. /// </summary> /// <param name="sid">The SID to lookup.</param> /// <returns></returns> public SidName LookupSid(Sid sid) { return(LookupSids(new [] { sid }).First()); }
public void Add(Sid sid) { if (!Win32.AddSIDToBoundaryDescriptor(ref _descriptor, sid)) Win32.ThrowLastError(); }
/// <summary> /// Enumerate account rights for a SID. /// </summary> /// <param name="sid">The SID to enumerate for.</param> /// <returns>The list of assigned account rights.</returns> public IReadOnlyList <string> EnumerateAccountRights(Sid sid) { return(EnumerateAccountRights(sid, true).Result); }
public Msv1_0_InteractivePackage(Sid sid, string password) : this(sid.DomainName, sid.Name, password) { }
/// <summary> /// Add account rights to an account. /// </summary> /// <param name="sid">The SID of the account.</param> /// <param name="account_rights">The list of account rights to add.</param> public void AddAccountRights(Sid sid, IEnumerable <string> account_rights) { AddAccountRights(sid, account_rights, true); }
private void SwapGroup(Sid group) { BaseObject.SwapRef(ref _group, group); }
public SystemLogonSession( string authenticationPackage, string dnsDomainName, string logonDomain, Luid logonId, string logonServer, DateTime logonTime, LogonType logonType, int session, Sid sid, string upn, string userName ) { this.AuthenticationPackage = authenticationPackage; this.DnsDomainName = dnsDomainName; this.LogonDomain = logonDomain; this.LogonId = logonId; this.LogonServer = logonServer; this.LogonTime = logonTime; this.LogonType = logonType; this.Session = session; this.Sid = sid; this.Upn = upn; this.UserName = userName; }
/// <summary> /// Remove account rights from an account. /// </summary> /// <param name="sid">The SID of the account.</param> /// <param name="remove_all">True to remove all rights.</param> /// <param name="account_rights">The account rights to add.</param> public void RemoveAccountRights(Sid sid, bool remove_all, IEnumerable <string> account_rights) { RemoveAccountRights(sid, remove_all, account_rights, true); }
/// <summary> /// Parse the policy from the Local Security Authority. /// </summary> /// <param name="throw_on_error">True to throw on error.</param> /// <returns>The list of Central Access Policies.</returns> public static NtResult <CentralAccessPolicy[]> ParseFromLsa(bool throw_on_error) { NtStatus status = SecurityNativeMethods.LsaGetAppliedCAPIDs(null, out SafeLsaMemoryBuffer capids, out int capid_count); if (!status.IsSuccess()) { return(status.CreateResultFromError <CentralAccessPolicy[]>(throw_on_error)); } List <CentralAccessPolicy> ret = new List <CentralAccessPolicy>(); using (capids) { status = SecurityNativeMethods.LsaQueryCAPs(capids.DangerousGetHandle(), capid_count, out SafeLsaMemoryBuffer caps, out uint cap_count); if (!status.IsSuccess()) { return(status.CreateResultFromError <CentralAccessPolicy[]>(throw_on_error)); } caps.Initialize <CENTRAL_ACCESS_POLICY>(cap_count); CENTRAL_ACCESS_POLICY[] policies = new CENTRAL_ACCESS_POLICY[cap_count]; caps.ReadArray(0, policies, 0, policies.Length); foreach (var policy in policies) { SafeHGlobalBuffer buffer = new SafeHGlobalBuffer(policy.CAPEs, policy.CAPECount * IntPtr.Size, false); IntPtr[] rule_entries = new IntPtr[policy.CAPECount]; buffer.ReadArray(0, rule_entries, 0, policy.CAPECount); List <CentralAccessRule> rules = new List <CentralAccessRule>(); foreach (var ptr in rule_entries) { var entry = new SafeStructureInOutBuffer <CENTRAL_ACCESS_POLICY_ENTRY>(ptr, Marshal.SizeOf(typeof(CENTRAL_ACCESS_POLICY_ENTRY)), false); var r = entry.Result; SecurityDescriptor sd = null; SecurityDescriptor staged_sd = null; string applies_to = string.Empty; if (r.LengthSD > 0) { var result = SecurityDescriptor.Parse(r.SD, throw_on_error); if (!result.IsSuccess) { return(result.Cast <CentralAccessPolicy[]>()); } sd = result.Result; } if (r.LengthStagedSD > 0) { var result = SecurityDescriptor.Parse(r.StagedSD, throw_on_error); if (!result.IsSuccess) { return(result.Cast <CentralAccessPolicy[]>()); } staged_sd = result.Result; } if (r.LengthAppliesTo > 0) { byte[] condition = new byte[r.LengthAppliesTo]; Marshal.Copy(r.AppliesTo, condition, 0, r.LengthAppliesTo); var result = NtSecurity.ConditionalAceToString(condition, throw_on_error); if (!result.IsSuccess) { return(result.Cast <CentralAccessPolicy[]>()); } applies_to = result.Result; } rules.Add(new CentralAccessRule(r.Name.ToString(), r.Description.ToString(), sd, staged_sd, applies_to, r.ChangeId.ToString(), r.Flags)); } var capid = Sid.Parse(policy.CAPID, throw_on_error); if (!capid.IsSuccess) { return(capid.Cast <CentralAccessPolicy[]>()); } ret.Add(new CentralAccessPolicy(capid.Result, policy.Flags, policy.Name.ToString(), policy.Description.ToString(), policy.ChangeId.ToString(), rules)); } } return(ret.ToArray().CreateResult()); }
private void SwapOwner(Sid owner) { BaseObject.SwapRef(ref _owner, owner); }
/// <summary> /// Open an LSA account object with maximum access. /// </summary> /// <param name="sid">The SID of the account.</param> /// <returns>The opened account.</returns> public LsaAccount OpenAccount(Sid sid) { return(OpenAccount(sid, LsaAccountAccessRights.MaximumAllowed)); }
internal TerminalServerProcess(int processId, int sessionId, string name, Sid sid) { _processId = processId; _sessionId = sessionId; _name = name; _sid = sid; }
/// <summary> /// Create an LSA account object. /// </summary> /// <param name="sid">The SID of the account.</param> /// <param name="desired_access">The desired access for the account.</param> /// <returns>The created account.</returns> public LsaAccount CreateAccount(Sid sid, LsaAccountAccessRights desired_access) { return(CreateAccount(sid, desired_access, true).Result); }
/// <summary> /// Create an LSA account object with maximum access. /// </summary> /// <param name="sid">The SID of the account.</param> /// <returns>The created account.</returns> public LsaAccount CreateAccount(Sid sid) { return(CreateAccount(sid, LsaAccountAccessRights.MaximumAllowed)); }
/// <summary> /// Open an alias by SID. /// </summary> /// <param name="sid">The sid for the alias.</param> /// <param name="desired_access">The desired access for the alias object.</param> /// <returns>The SAM alias object.</returns> public SamAlias OpenAlias(Sid sid, SamAliasAccessRights desired_access) { return(OpenAlias(sid, desired_access, true).Result); }