Esempio n. 1
0
        /// <summary>
        /// This specialized method returns a Map of users and local groups for the
        /// target server where keys are SIDs representing an account and each value
        /// is an List<object> of SIDs represents the local groups that the account is
        /// a member of.
        /// </summary>
        /// <remarks>
        /// This specialized method returns a Map of users and local groups for the
        /// target server where keys are SIDs representing an account and each value
        /// is an List<object> of SIDs represents the local groups that the account is
        /// a member of.
        /// <p/>
        /// This method is designed to assist with computing access control for a
        /// given user when the target object's ACL has local groups. Local groups
        /// are not listed in a user's group membership (e.g. as represented by the
        /// tokenGroups constructed attribute retrived via LDAP).
        /// <p/>
        /// Domain groups nested inside a local group are currently not expanded. In
        /// this case the key (SID) type will be SID_TYPE_DOM_GRP rather than
        /// SID_TYPE_USER.
        /// </remarks>
        /// <param name="authorityServerName">The server from which the local groups will be queried.
        ///     </param>
        /// <param name="auth">The credentials required to query groups and group members.</param>
        /// <param name="flags">
        /// Flags that control the behavior of the operation. When all
        /// name associated with SIDs will be required, the SID_FLAG_RESOLVE_SIDS
        /// flag should be used which causes all group member SIDs to be resolved
        /// together in a single more efficient operation.
        /// </param>
        /// <exception cref="System.IO.IOException"></exception>
        internal static Hashtable GetLocalGroupsMap(string authorityServerName, NtlmPasswordAuthentication
                                                    auth, int flags)
        {
            Sid              domsid       = GetServerSid(authorityServerName, auth);
            DcerpcHandle     handle       = null;
            SamrPolicyHandle policyHandle = null;
            SamrDomainHandle domainHandle = null;

            Samr.SamrSamArray             sam = new Samr.SamrSamArray();
            MsrpcEnumerateAliasesInDomain rpc;

            lock (SidCache)
            {
                try
                {
                    handle = DcerpcHandle.GetHandle("ncacn_np:" + authorityServerName + "[\\PIPE\\samr]"
                                                    , auth);
                    policyHandle = new SamrPolicyHandle(handle, authorityServerName, unchecked (0x02000000));
                    domainHandle = new SamrDomainHandle(handle, policyHandle, unchecked (0x02000000), domsid);
                    rpc          = new MsrpcEnumerateAliasesInDomain(domainHandle, unchecked (0xFFFF), sam
                                                                     );
                    handle.Sendrecv(rpc);
                    if (rpc.Retval != 0)
                    {
                        throw new SmbException(rpc.Retval, false);
                    }
                    Hashtable map = new Hashtable();
                    for (int ei = 0; ei < rpc.Sam.Count; ei++)
                    {
                        Samr.SamrSamEntry entry = rpc.Sam.Entries[ei];
                        Sid[]             mems  = GetGroupMemberSids0(handle, domainHandle, domsid
                                                                      , entry.Idx, flags);
                        Sid groupSid = new Sid(domsid, entry.Idx);
                        groupSid.Type       = SidTypeAlias;
                        groupSid.DomainName = domsid.GetDomainName();
                        groupSid.AcctName   = (new UnicodeString(entry.Name, false)).ToString();
                        for (int mi = 0; mi < mems.Length; mi++)
                        {
                            List <object> groups = (List <object>)map.Get(mems[mi]);
                            if (groups == null)
                            {
                                groups = new List <object>();
                                map.Put(mems[mi], groups);
                            }
                            if (!groups.Contains(groupSid))
                            {
                                groups.Add(groupSid);
                            }
                        }
                    }
                    return(map);
                }
                finally
                {
                    if (handle != null)
                    {
                        if (policyHandle != null)
                        {
                            if (domainHandle != null)
                            {
                                domainHandle.Close();
                            }
                            policyHandle.Close();
                        }
                        handle.Close();
                    }
                }
            }
        }
Esempio n. 2
0
		/// <summary>
		/// This specialized method returns a Map of users and local groups for the
		/// target server where keys are SIDs representing an account and each value
		/// is an List<object> of SIDs represents the local groups that the account is
		/// a member of.
		/// </summary>
		/// <remarks>
		/// This specialized method returns a Map of users and local groups for the
		/// target server where keys are SIDs representing an account and each value
		/// is an List<object> of SIDs represents the local groups that the account is
		/// a member of.
		/// <p/>
		/// This method is designed to assist with computing access control for a
		/// given user when the target object's ACL has local groups. Local groups
		/// are not listed in a user's group membership (e.g. as represented by the
		/// tokenGroups constructed attribute retrived via LDAP).
		/// <p/>
		/// Domain groups nested inside a local group are currently not expanded. In
		/// this case the key (SID) type will be SID_TYPE_DOM_GRP rather than
		/// SID_TYPE_USER.
		/// </remarks>
		/// <param name="authorityServerName">The server from which the local groups will be queried.
		/// 	</param>
		/// <param name="auth">The credentials required to query groups and group members.</param>
		/// <param name="flags">
		/// Flags that control the behavior of the operation. When all
		/// name associated with SIDs will be required, the SID_FLAG_RESOLVE_SIDS
		/// flag should be used which causes all group member SIDs to be resolved
		/// together in a single more efficient operation.
		/// </param>
		/// <exception cref="System.IO.IOException"></exception>
		internal static SharpCifs.Util.Sharpen.Hashtable GetLocalGroupsMap(string authorityServerName, NtlmPasswordAuthentication
			 auth, int flags)
		{
			Sid domsid = GetServerSid(authorityServerName, auth);
			DcerpcHandle handle = null;
			SamrPolicyHandle policyHandle = null;
			SamrDomainHandle domainHandle = null;
			Samr.SamrSamArray sam = new Samr.SamrSamArray();
			MsrpcEnumerateAliasesInDomain rpc;
			lock (SidCache)
			{
				try
				{
					handle = DcerpcHandle.GetHandle("ncacn_np:" + authorityServerName + "[\\PIPE\\samr]"
						, auth);
					policyHandle = new SamrPolicyHandle(handle, authorityServerName, unchecked(0x02000000));
					domainHandle = new SamrDomainHandle(handle, policyHandle, unchecked(0x02000000), domsid);
					rpc = new MsrpcEnumerateAliasesInDomain(domainHandle, unchecked(0xFFFF), sam
						);
					handle.Sendrecv(rpc);
					if (rpc.Retval != 0)
					{
						throw new SmbException(rpc.Retval, false);
					}
					SharpCifs.Util.Sharpen.Hashtable map = new SharpCifs.Util.Sharpen.Hashtable();
					for (int ei = 0; ei < rpc.Sam.Count; ei++)
					{
						Samr.SamrSamEntry entry = rpc.Sam.Entries[ei];
						Sid[] mems = GetGroupMemberSids0(handle, domainHandle, domsid
							, entry.Idx, flags);
						Sid groupSid = new Sid(domsid, entry.Idx);
						groupSid.Type = SidTypeAlias;
						groupSid.DomainName = domsid.GetDomainName();
						groupSid.AcctName = (new UnicodeString(entry.Name, false)).ToString();
						for (int mi = 0; mi < mems.Length; mi++)
						{
							List<object> groups = (List<object>)map.Get(mems[mi]);
							if (groups == null)
							{
								groups = new List<object>();
								map.Put(mems[mi], groups);
							}
							if (!groups.Contains(groupSid))
							{
								groups.Add(groupSid);
							}
						}
					}
					return map;
				}
				finally
				{
					if (handle != null)
					{
						if (policyHandle != null)
						{
							if (domainHandle != null)
							{
								domainHandle.Close();
							}
							policyHandle.Close();
						}
						handle.Close();
					}
				}
			}
		}