IEnumerable <string> FetchSchedulerGroups() { var privileges = new LSA_UNICODE_STRING[1]; privileges[0] = InitLsaString("SeBatchLogonRight"); var ret = Win32Sec.LsaEnumerateAccountsWithUserRight(lsaHandle, privileges, out LSA_HANDLE buffer, out ulong count); var accounts = new List <String>(); if (ret == 0) { var LsaInfo = new LSA_ENUMERATION_INFORMATION[count]; var myLsaus = new LSA_ENUMERATION_INFORMATION(); for (ulong i = 0; i < count; i++) { var itemAddr = new IntPtr(buffer.ToInt64() + (long)(i * (ulong)Marshal.SizeOf(myLsaus))); LsaInfo[i] = (LSA_ENUMERATION_INFORMATION)Marshal.PtrToStructure(itemAddr, myLsaus.GetType()); var SID = new SecurityIdentifier(LsaInfo[i].PSid); accounts.Add(ResolveAccountName(SID)); } } return(accounts); }
void TestReturnValue(uint ReturnValue) { if (ReturnValue == 0) { return; } if (ReturnValue == ERROR_PRIVILEGE_DOES_NOT_EXIST) { return; } if (ReturnValue == ERROR_NO_MORE_ITEMS) { return; } if (ReturnValue == STATUS_ACCESS_DENIED) { throw new UnauthorizedAccessException(); } if (ReturnValue == STATUS_INSUFFICIENT_RESOURCES || ReturnValue == STATUS_NO_MEMORY) { return; } throw new Win32Exception(Win32Sec.LsaNtStatusToWinError((int)ReturnValue)); }
private IEnumerable <string> FetchSchedulerGroups() { var privileges = new LSA_UNICODE_STRING[1]; privileges[0] = InitLsaString("SeBatchLogonRight"); IntPtr buffer; int count; uint ret = Win32Sec.LsaEnumerateAccountsWithUserRight(lsaHandle, privileges, out buffer, out count); var accounts = new List <String>(); if (ret == 0) { var LsaInfo = new LSA_ENUMERATION_INFORMATION[count]; for (int i = 0, elemOffs = (int)buffer; i < count; i++) { LsaInfo[i] = (LSA_ENUMERATION_INFORMATION) Marshal.PtrToStructure((IntPtr)elemOffs, typeof(LSA_ENUMERATION_INFORMATION)); elemOffs += Marshal.SizeOf(typeof(LSA_ENUMERATION_INFORMATION)); var SID = new SecurityIdentifier(LsaInfo[i].PSid); accounts.Add(ResolveAccountName(SID)); } } return(accounts); }
public void Dispose() { if (lsaHandle != IntPtr.Zero) { Win32Sec.LsaClose(lsaHandle); lsaHandle = IntPtr.Zero; } GC.SuppressFinalize(this); }
public bool IsWindowsAuthorised(string privilege, string userName) { bool windowsAuthorised = false; userName = CleanUser(userName); var privileges = new LSA_UNICODE_STRING[1]; privileges[0] = InitLsaString(privilege); IntPtr buffer; ulong count; uint ret = Win32Sec.LsaEnumerateAccountsWithUserRight(lsaHandle, privileges, out buffer, out count); var Accounts = new List <String>(); if (ret == 0) { var LsaInfo = new LSA_ENUMERATION_INFORMATION[count]; LSA_ENUMERATION_INFORMATION myLsaus = new LSA_ENUMERATION_INFORMATION(); for (ulong i = 0; i < count; i++) { IntPtr itemAddr = new IntPtr(buffer.ToInt64() + (long)(i * (ulong)Marshal.SizeOf(myLsaus))); LsaInfo[i] = (LSA_ENUMERATION_INFORMATION)Marshal.PtrToStructure(itemAddr, myLsaus.GetType()); var SID = new SecurityIdentifier(LsaInfo[i].PSid); Accounts.Add(ResolveAccountName(SID)); } try { var wp = new WindowsPrincipal(new WindowsIdentity(userName)); foreach (string account in Accounts) { if (wp.IsInRole(account)) { windowsAuthorised = true; } } return(windowsAuthorised); } catch (Exception) { var localGroups = GetLocalUserGroupsForTaskSchedule(userName); var intersection = localGroups.Intersect(Accounts); return(intersection.Any()); } } return(false); }
public SecurityWrapper(string MachineName) { LSA_OBJECT_ATTRIBUTES lsaAttr; lsaAttr.RootDirectory = IntPtr.Zero; lsaAttr.ObjectName = IntPtr.Zero; lsaAttr.Attributes = 0; lsaAttr.SecurityDescriptor = IntPtr.Zero; lsaAttr.SecurityQualityOfService = IntPtr.Zero; lsaAttr.Length = Marshal.SizeOf(typeof(LSA_OBJECT_ATTRIBUTES)); lsaHandle = IntPtr.Zero; LSA_UNICODE_STRING[] system = null; if (MachineName != null) { system = new LSA_UNICODE_STRING[1]; system[0] = InitLsaString(MachineName); } var ret = Win32Sec.LsaOpenPolicy(system, ref lsaAttr, (int)Access.POLICY_ALL_ACCESS, out lsaHandle); TestReturnValue(ret); }
private List <string> GetAccountsWithPrivilege(string privilege) { var privileges = new LSA_UNICODE_STRING[1]; privileges[0] = InitLsaString(privilege); var gotAccounts = Win32Sec.LsaEnumerateAccountsWithUserRight(_lsaHandle, privileges, out LSA_HANDLE buffer, out ulong count) == 0; var accountNames = new List <string>(); if (gotAccounts) { var LsaInfo = new LSA_ENUMERATION_INFORMATION[count]; var myLsaus = new LSA_ENUMERATION_INFORMATION(); for (ulong i = 0; i < count; i++) { var itemAddr = new IntPtr(buffer.ToInt64() + (long)(i * (ulong)Marshal.SizeOf(myLsaus))); LsaInfo[i] = (LSA_ENUMERATION_INFORMATION)Marshal.PtrToStructure(itemAddr, myLsaus.GetType()); var sid = new SecurityIdentifier(LsaInfo[i].PSid); accountNames.Add(ResolveAccountName(sid)); } } return(accountNames); }
public bool IsWindowsAuthorised(string privilege, string userName) { var windowsAuthorised = false; var username = CleanUser(userName); var privileges = new LSA_UNICODE_STRING[1]; privileges[0] = InitLsaString(privilege); var ret = Win32Sec.LsaEnumerateAccountsWithUserRight(lsaHandle, privileges, out LSA_HANDLE buffer, out ulong count); var Accounts = new List <String>(); if (ret == 0) { var LsaInfo = new LSA_ENUMERATION_INFORMATION[count]; var myLsaus = new LSA_ENUMERATION_INFORMATION(); for (ulong i = 0; i < count; i++) { var itemAddr = new IntPtr(buffer.ToInt64() + (long)(i * (ulong)Marshal.SizeOf(myLsaus))); LsaInfo[i] = (LSA_ENUMERATION_INFORMATION)Marshal.PtrToStructure(itemAddr, myLsaus.GetType()); var SID = new SecurityIdentifier(LsaInfo[i].PSid); Accounts.Add(ResolveAccountName(SID)); } try { return(IsWindowsAuthorised(username, ref windowsAuthorised, Accounts)); } catch (Exception) { var localGroups = GetLocalUserGroupsForTaskSchedule(username); var intersection = localGroups.Intersect(Accounts); return(intersection.Any(s => !s.Equals(Environment.MachineName + "\\" + username, StringComparison.InvariantCultureIgnoreCase))); } } return(false); }
/// <summary> /// Reads the user accounts which have the specific privilege /// </summary> /// <param name="Privilege">The name of the privilege for which the accounts with this right should be enumerated</param> public List <String> ReadPrivilege(string Privilege) { LSA_UNICODE_STRING[] privileges = new LSA_UNICODE_STRING[1]; privileges[0] = InitLsaString(Privilege); IntPtr buffer; int count = 0; uint ret = Win32Sec.LsaEnumerateAccountsWithUserRight(lsaHandle, privileges, out buffer, out count); List <String> Accounts = new List <String>(); if (ret == 0) { LSA_ENUMERATION_INFORMATION[] LsaInfo = new LSA_ENUMERATION_INFORMATION[count]; for (int i = 0, elemOffs = (int)buffer; i < count; i++) { LsaInfo[i] = (LSA_ENUMERATION_INFORMATION)Marshal.PtrToStructure((IntPtr)elemOffs, typeof(LSA_ENUMERATION_INFORMATION)); elemOffs += Marshal.SizeOf(typeof(LSA_ENUMERATION_INFORMATION)); SecurityIdentifier SID = new SecurityIdentifier(LsaInfo[i].PSid); Accounts.Add(SID.ToString()); } return(Accounts); } TestReturnValue(ret); return(Accounts); }
/************************************************************************************************/ /* Methods */ /************************************************************************************************/ #region Public methods public void StartTerminalSessionObservation(object hServ) { string msg; IntPtr pEvents = IntPtr.Zero; IntPtr hServer = (IntPtr)hServ; List <TerminalSessionInfo> oldSessions, newSessions; TerminalSessionInfo tsi; WM_WTSSESSION_CHANGE_TYPE changeType; // initial read actual sessions oldSessions = ListSessions(false); newSessions = new List <TerminalSessionInfo>(oldSessions.ToArray()); tsObserverRunning = true; while (this.tsObserverRunning) { if (WTSWaitSystemEvent(hServer, (UInt32)WaitSystemEventFlags.AllEvents, out pEvents)) { WaitSystemEventFlags eventType = GetSystemEventType(pEvents); switch (eventType) { case WaitSystemEventFlags.ConnectedWinstation: case WaitSystemEventFlags.CreatedWinstation: case WaitSystemEventFlags.LogonUser: newSessions = ListSessions(false); tsi = GetChangedTerminalSession(oldSessions, newSessions, out changeType); oldSessions.Clear(); oldSessions.AddRange(newSessions.ToArray()); if (tsi != null && tsi.SessionInfo.iSessionID != 0) { OnSessionChanged(new TerminalSessionChangedEventArgs(changeType, tsi.SessionInfo.iSessionID, tsi)); } break; case WaitSystemEventFlags.DeletedWinstation: case WaitSystemEventFlags.DisconnectedWinstation: case WaitSystemEventFlags.LogoffUser: case WaitSystemEventFlags.WinstationStateChange: newSessions = ListSessions(false); tsi = GetChangedTerminalSession(oldSessions, newSessions, out changeType); oldSessions.Clear(); oldSessions.AddRange(newSessions.ToArray()); if (tsi != null && tsi.SessionInfo.iSessionID != 0) { OnSessionChanged(new TerminalSessionChangedEventArgs(changeType, tsi.SessionInfo.iSessionID, tsi)); } break; default: break; } } else { uint winErrorCode = Win32Sec.GetLastError(); msg = new System.ComponentModel.Win32Exception((int)winErrorCode).Message; WindowsEventLogHelper.WriteEventLog(msg, EventLogEntryType.Error); WindowsEventLogHelper.WriteEventLog(RdpControl.SVC_NAME + " " + System.Reflection.MethodInfo.GetCurrentMethod().Name + " - methode failed: " + msg, EventLogEntryType.Error); } Thread.Sleep(100); } WTSCloseServer(hServer); }