/// <summary>
 /// Compares two sids to see if their prefixes are the same. The sids must have the same number of subauthorities.
 /// </summary>
 /// <param name="sid">The sid to compare against</param>
 /// <returns>True if the sids share a prefix.</returns>
 public bool EqualPrefix(Sid sid)
 {
     using (SafeSidBufferHandle sid1 = ToSafeBuffer(), sid2 = sid.ToSafeBuffer())
     {
         return(NtRtl.RtlEqualPrefixSid(sid1, sid2));
     }
 }
 private void AddIntegrityLevel(Sid sid)
 {
     using (SafeSidBufferHandle sid_buffer = sid.ToSafeBuffer())
     {
         NtRtl.RtlAddIntegrityLabelToBoundaryDescriptor(ref _boundary_descriptor, sid_buffer).ToNtException();
     }
 }
 /// <summary>
 /// Convert to a managed byte array.
 /// </summary>
 /// <returns>The managed byte array.</returns>
 public byte[] ToArray()
 {
     using (SafeSidBufferHandle handle = ToSafeBuffer())
     {
         return(NtObjectUtils.SafeHandleToArray(handle, handle.Length));
     }
 }
 /// <summary>
 /// Add a SID to the boundary descriptor.
 /// </summary>
 /// <remarks>This SID is used in an access check when creating or deleting private namespaces.</remarks>
 /// <param name="sid">The SID to add.</param>
 public void AddSid(Sid sid)
 {
     using (SafeSidBufferHandle sid_buffer = sid.ToSafeBuffer())
     {
         NtRtl.RtlAddSIDToBoundaryDescriptor(ref _boundary_descriptor, sid_buffer).ToNtException();
     }
 }
Esempio n. 5
0
 /// <summary>
 /// Convert to an SDDL format string.
 /// </summary>
 /// <returns>The SDDL format string (e.g. S-1-1-0)</returns>
 public override string ToString()
 {
     using (SafeSidBufferHandle sid = ToSafeBuffer())
     {
         UnicodeStringOut str = new UnicodeStringOut();
         NtRtl.RtlConvertSidToUnicodeString(ref str, sid.DangerousGetHandle(), true).ToNtException();
         try
         {
             return(str.ToString());
         }
         finally
         {
             NtRtl.RtlFreeUnicodeString(ref str);
         }
     }
 }
Esempio n. 6
0
        /// <summary>
        /// Looks up the account name of a SID.
        /// </summary>
        /// <param name="sid">The SID to lookup</param>
        /// <returns>The name, or null if the lookup failed</returns>
        public static string LookupAccountSid(Sid sid)
        {
            using (SafeSidBufferHandle sid_buffer = sid.ToSafeBuffer())
            {
                StringBuilder name          = new StringBuilder(1024);
                int           length        = name.Capacity;
                StringBuilder domain        = new StringBuilder(1024);
                int           domain_length = domain.Capacity;
                if (!Win32NativeMethods.LookupAccountSid(null, sid_buffer, name,
                                                         ref length, domain, ref domain_length, out SidNameUse name_use))
                {
                    return(null);
                }

                if (domain_length == 0)
                {
                    return(name.ToString());
                }
                else
                {
                    return($@"{domain}\{name}");
                }
            }
        }
Esempio n. 7
0
        /// <summary>
        /// Looks up the account name of a SID.
        /// </summary>
        /// <param name="sid">The SID to lookup</param>
        /// <returns>The name, or null if the lookup failed</returns>
        public static string LookupAccountSid(Sid sid)
        {
            using (SafeSidBufferHandle sid_buffer = sid.ToSafeBuffer())
            {
                StringBuilder name          = new StringBuilder(1024);
                int           length        = name.Capacity;
                StringBuilder domain        = new StringBuilder(1024);
                int           domain_length = domain.Capacity;
                SidNameUse    name_use;
                if (!LookupAccountSid(null, sid_buffer, name, ref length, domain, ref domain_length, out name_use))
                {
                    return(null);
                }

                if (domain_length == 0)
                {
                    return(name.ToString());
                }
                else
                {
                    return(String.Format("{0}\\{1}", domain, name));
                }
            }
        }
 /// <summary>
 /// Constructor from a safe SID handle.
 /// </summary>
 /// <param name="sid">A safe SID handle containing a valid SID.</param>
 /// <exception cref="NtException">Thrown if the buffer is not valid.</exception>
 public Sid(SafeSidBufferHandle sid)
     : this(sid.DangerousGetHandle())
 {
 }
 public static extern bool RtlEqualPrefixSid(SafeSidBufferHandle Sid1, SafeSidBufferHandle Sid2);
 public static extern NtStatus RtlAllocateAndInitializeSidEx(SidIdentifierAuthority IdentifierAuthority,
                                                             byte SubAuthorityCount, [Out] uint[] SubAuthorities, out SafeSidBufferHandle Sid);
 public static extern NtStatus RtlAllocateAndInitializeSid(SidIdentifierAuthority IdentifierAuthority,
                                                           byte SubAuthorityCount, uint SubAuthority0, uint SubAuthority1, uint SubAuthority2, uint SubAuthority3,
                                                           uint SubAuthority4, uint SubAuthority5, uint SubAuthority6, uint SubAuthority7, out SafeSidBufferHandle Sid);
 public static extern NtStatus RtlAddIntegrityLabelToBoundaryDescriptor(ref IntPtr BoundaryDescriptor, SafeSidBufferHandle RequiredSid);
Esempio n. 13
0
        /// <summary>
        /// Convert security descriptor to a byte array
        /// </summary>
        /// <returns>The binary security descriptor</returns>
        public byte[] ToByteArray()
        {
            SafeStructureInOutBuffer <SecurityDescriptorStructure> sd_buffer = null;
            SafeHGlobalBuffer   dacl_buffer  = null;
            SafeHGlobalBuffer   sacl_buffer  = null;
            SafeSidBufferHandle owner_buffer = null;
            SafeSidBufferHandle group_buffer = null;

            try
            {
                sd_buffer = new SafeStructureInOutBuffer <SecurityDescriptorStructure>();
                NtRtl.RtlCreateSecurityDescriptor(sd_buffer, Revision).ToNtException();
                SecurityDescriptorControl control = Control & SecurityDescriptorControl.ValidControlSetMask;
                NtRtl.RtlSetControlSecurityDescriptor(sd_buffer, control, control).ToNtException();
                if (Dacl != null)
                {
                    if (!Dacl.NullAcl)
                    {
                        dacl_buffer = new SafeHGlobalBuffer(Dacl.ToByteArray());
                    }
                    else
                    {
                        dacl_buffer = new SafeHGlobalBuffer(IntPtr.Zero, 0, false);
                    }

                    NtRtl.RtlSetDaclSecurityDescriptor(sd_buffer, true, dacl_buffer.DangerousGetHandle(), Dacl.Defaulted).ToNtException();
                }
                if (Sacl != null)
                {
                    if (!Sacl.NullAcl)
                    {
                        sacl_buffer = new SafeHGlobalBuffer(Sacl.ToByteArray());
                    }
                    else
                    {
                        sacl_buffer = new SafeHGlobalBuffer(IntPtr.Zero, 0, false);
                    }

                    NtRtl.RtlSetSaclSecurityDescriptor(sd_buffer, true, sacl_buffer.DangerousGetHandle(), Sacl.Defaulted).ToNtException();
                }
                if (Owner != null)
                {
                    owner_buffer = Owner.Sid.ToSafeBuffer();
                    NtRtl.RtlSetOwnerSecurityDescriptor(sd_buffer, owner_buffer.DangerousGetHandle(), Owner.Defaulted);
                }
                if (Group != null)
                {
                    group_buffer = Group.Sid.ToSafeBuffer();
                    NtRtl.RtlSetGroupSecurityDescriptor(sd_buffer, group_buffer.DangerousGetHandle(), Group.Defaulted);
                }

                int      total_length = 0;
                NtStatus status       = NtRtl.RtlAbsoluteToSelfRelativeSD(sd_buffer, new SafeHGlobalBuffer(IntPtr.Zero, 0, false), ref total_length);
                if (status != NtStatus.STATUS_BUFFER_TOO_SMALL)
                {
                    status.ToNtException();
                }

                using (SafeHGlobalBuffer relative_sd = new SafeHGlobalBuffer(total_length))
                {
                    NtRtl.RtlAbsoluteToSelfRelativeSD(sd_buffer, relative_sd, ref total_length).ToNtException();
                    return(relative_sd.ToArray());
                }
            }
            finally
            {
                sd_buffer?.Close();
                dacl_buffer?.Close();
                sacl_buffer?.Close();
                owner_buffer?.Close();
                group_buffer?.Close();
            }
        }
Esempio n. 14
0
 static extern bool LookupAccountSid(string lpSystemName, SafeSidBufferHandle lpSid, StringBuilder lpName,
                                     ref int cchName, StringBuilder lpReferencedDomainName, ref int cchReferencedDomainName, out SidNameUse peUse);