public COAUTHINFO(Authn authnSvc, Authz authzSvc, AuthnLevel AuthnLevel, ImpLevel ImpersonationLevel)
{
this.dwAuthnSvc = authnSvc;
this.dwAuthzSvc = authzSvc;
this.pwszServerPrincName = null;
this.dwAuthnLevel = AuthnLevel;
this.dwImpersonationLevel = ImpersonationLevel;
this.pAuthIdentityData = IntPtr.Zero;
this.dwCapabilities = 0;
}
static void Main(string[] args)
{
if (args.Length < 1)
{
Console.WriteLine("Please specify a SID.");
}
var sidString = args[0];
var success = Authz.AuthzInitializeResourceManager(Authz.AuthzResourceManagerFlags.AUTHZ_RM_FLAG_NO_AUDIT, null, null, null, "", out var rm);
if (!success)
{
ReportLastError("AuthzInitializeResourceManager");
return;
}
var sid = new SecurityIdentifier(sidString);
var sidBytes = new byte[sid.BinaryLength];
sid.GetBinaryForm(sidBytes, 0);
var psid = new SafePSID(sidBytes);
success = Authz.AuthzInitializeContextFromSid(Authz.AuthzContextFlags.DEFAULT, psid, rm, IntPtr.Zero, new LUID(), IntPtr.Zero, out var context);
if (!success)
{
ReportLastError("AuthzInitializeContextFromSid");
Authz.AuthzFreeResourceManager(rm);
return;
}
success = Authz.AuthzGetInformationFromContext(context, Authz.AUTHZ_CONTEXT_INFORMATION_CLASS.AuthzContextInfoGroupsSids, 0, out var sizeRequired, IntPtr.Zero);
if (!success && Win32Error.GetLastError() != Win32Error.ERROR_INSUFFICIENT_BUFFER)
{
ReportLastError("AuthzGetInformationFromContext part 1");
Authz.AuthzFreeContext(context);
Authz.AuthzFreeResourceManager(rm);
return;
}
if (sizeRequired == 0)
{
Console.WriteLine("No context information available?");
Authz.AuthzFreeContext(context);
Authz.AuthzFreeResourceManager(rm);
return;
}
uint size = sizeRequired;
var buffer = new SafeHGlobalHandle(size);
success = Authz.AuthzGetInformationFromContext(context, Authz.AUTHZ_CONTEXT_INFORMATION_CLASS.AuthzContextInfoGroupsSids, size, out sizeRequired, buffer);
if (!success)
{
ReportLastError("AuthzGetInformationFromContext part 2");
Authz.AuthzFreeContext(context);
Authz.AuthzFreeResourceManager(rm);
return;
}
var tokenGroups = buffer.ToArray <TOKEN_GROUPS>(1);
for (var i = 0; i < tokenGroups[0].GroupCount; i++)
{
var tokenGroup = tokenGroups[0].Groups[i];
var thisSid = new SecurityIdentifier(tokenGroup.Sid.GetBinaryForm(), 0);
string accountName = null;
try
{
accountName = thisSid.Translate(typeof(NTAccount)).Value;
}
catch
{ }
Console.WriteLine($"{thisSid} {accountName ?? tokenGroup.ToString()}");
}
}
