public static void SetValue(string key, string?value) { if (key == null) { throw new ArgumentNullException(nameof(key)); } if (key.Length == 0) { throw new ArgumentException($"{nameof(key)} must not be empty", nameof(key)); } var objectAttributes = new LSA_OBJECT_ATTRIBUTES(); var localsystem = new LSA_UNICODE_STRING(); var secretName = new LSA_UNICODE_STRING(key); var lusSecretData = !string.IsNullOrEmpty(value) ? new LSA_UNICODE_STRING(value) : default; var lsaPolicyHandle = GetLsaPolicy(ref objectAttributes, ref localsystem); var result = LsaStorePrivateData(lsaPolicyHandle, ref secretName, ref lusSecretData); ReleaseLsaPolicy(lsaPolicyHandle); var winErrorCode = LsaNtStatusToWinError(result); if (winErrorCode != 0) { throw new Win32Exception(winErrorCode, "StorePrivateData failed: " + winErrorCode.ToString(CultureInfo.InvariantCulture)); } }
public static List <String> getAccessTokens(String sidString) { List <String> tokens = new List <String>(); IntPtr sid = IntPtr.Zero; if (!ConvertStringSidToSid(sidString, out sid)) { int errorCode = GetLastError(); switch (errorCode) { case ERROR_FILE_NOT_FOUND: // no such user? return(tokens); default: throw new System.ComponentModel.Win32Exception(errorCode); } } IntPtr policyHandle = IntPtr.Zero; LSA_OBJECT_ATTRIBUTES objAttrs = new LSA_OBJECT_ATTRIBUTES(); int mode = POLICY_LOOKUP_NAMES | POLICY_VIEW_LOCAL_INFORMATION; uint result = LsaNtStatusToWinError(LsaOpenPolicy(null, ref objAttrs, mode, out policyHandle)); if (result != 0) { Marshal.FreeHGlobal(sid); throw new System.ComponentModel.Win32Exception((int)result); } IntPtr rightsArray = IntPtr.Zero; UInt32 rightsLen = 0; result = LsaNtStatusToWinError(LsaEnumerateAccountRights(policyHandle, sid, out rightsArray, out rightsLen)); Marshal.FreeHGlobal(sid); switch ((int)result) { case ERROR_SUCCESS: LSA_UNICODE_STRING myLsaus = new LSA_UNICODE_STRING(); for (ulong i = 0; i < rightsLen; i++) { IntPtr itemAddr = new IntPtr(rightsArray.ToInt64() + (long)(i * (ulong)Marshal.SizeOf(myLsaus))); myLsaus = (LSA_UNICODE_STRING)Marshal.PtrToStructure(itemAddr, myLsaus.GetType()); String thisRight = LSAUS2string(myLsaus); tokens.Add(thisRight); } break; case ERROR_FILE_NOT_FOUND: // no account rights were found for the user break; default: LsaClose(policyHandle); throw new System.ComponentModel.Win32Exception((int)result); } LsaClose(policyHandle); return(tokens); }
// Adds a privilege to an account public void SetRight(string accountName, string privilegeName) { long winErrorCode = 0; string errorMessage = string.Empty; IntPtr sid = IntPtr.Zero; int sidSize = 0; StringBuilder domainName = new StringBuilder(); int nameSize = 0; int accountType = 0; LookupAccountName(String.Empty, accountName, sid, ref sidSize, domainName, ref nameSize, ref accountType); domainName = new StringBuilder(nameSize); sid = Marshal.AllocHGlobal(sidSize); if (!LookupAccountName(string.Empty, accountName, sid, ref sidSize, domainName, ref nameSize, ref accountType)) { winErrorCode = GetLastError(); errorMessage = string.Format("LookupAccountName failed: {0}", winErrorCode); } else { LSA_UNICODE_STRING systemName = new LSA_UNICODE_STRING(); IntPtr policyHandle = IntPtr.Zero; LSA_OBJECT_ATTRIBUTES objectAttributes = CreateLSAObject(); uint resultPolicy = LsaOpenPolicy(ref systemName, ref objectAttributes, Access, out policyHandle); winErrorCode = LsaNtStatusToWinError(Convert.ToInt32(resultPolicy)); if (winErrorCode != 0) { errorMessage = string.Format("OpenPolicy failed: {0} ", winErrorCode); } else { LSA_UNICODE_STRING[] userRights = new LSA_UNICODE_STRING[1]; userRights[0] = new LSA_UNICODE_STRING(); userRights[0].Buffer = Marshal.StringToHGlobalUni(privilegeName); userRights[0].Length = (UInt16)(privilegeName.Length * UnicodeEncoding.CharSize); userRights[0].MaximumLength = (UInt16)((privilegeName.Length + 1) * UnicodeEncoding.CharSize); int res = LsaAddAccountRights(policyHandle, sid, userRights, 1); winErrorCode = LsaNtStatusToWinError(Convert.ToInt32(res)); if (winErrorCode != 0) { errorMessage = string.Format("LsaAddAccountRights failed: {0}", winErrorCode); } LsaClose(policyHandle); } FreeSid(sid); } if (winErrorCode > 0) { throw new ApplicationException(string.Format("Failed to add right {0} to {1}. Error detail:{2}", accountName, privilegeName, errorMessage)); } }
/// <summary>Initializes a new instance of the <see cref="LocalSecurity"/> class.</summary> /// <param name="server">The server. Use <c>null</c> for the local server.</param> /// <param name="accessRights">The access rights mask for the actions to be taken.</param> /// <exception cref="System.ComponentModel.Win32Exception"></exception> public LocalSecurity(string server = null, LsaPolicyAccessRights accessRights = LsaPolicyAccessRights.AllAccess) { LSA_UNICODE_STRING systemName = server; LSA_OBJECT_ATTRIBUTES objectAttributes = LSA_OBJECT_ATTRIBUTES.Empty; ThrowIfLsaError(LsaOpenPolicy(systemName, ref objectAttributes, 0x000F0000 | (int)accessRights, out handle)); // Add in STANDARD_RIGHTS_REQUIRED svr = server; }
private static System.Collections.Specialized.StringCollection GetRights(System.Security.Principal.WindowsIdentity identity) { System.Collections.Specialized.StringCollection rights = new System.Collections.Specialized.StringCollection(); LSA_OBJECT_ATTRIBUTES objectAttributes = CreateLSAObjectAttributes(); IntPtr policyHandle = IntPtr.Zero; LSA_UNICODE_STRING SystemName = new LSA_UNICODE_STRING(); /* * SystemName.Length = (ushort)(System.Environment.MachineName.Length * System.Text.UnicodeEncoding.CharSize); * SystemName.MaximumLength = (ushort)((System.Environment.MachineName.Length + 1) * System.Text.UnicodeEncoding.CharSize); * SystemName.Buffer = System.Environment.MachineName; // Marshal.StringToHGlobalUni(System.Environment.MachineName); */ // Open a policy handle on the remote PC. uint ret = LsaOpenPolicy(ref SystemName, ref objectAttributes, (int)POLICY_ALL_ACCESS, out policyHandle); if (ret == 0) { //long winErrorCode = 0; //IntPtr sid = IntPtr.Zero; //int sidSize = 0; //System.Text.StringBuilder domainName = new System.Text.StringBuilder(); //int nameSize = 0; //int accountType = 0; long winErrorCode = 0; IntPtr userRightsPtr = IntPtr.Zero; int countOfRights = 0; byte[] accountSidBytes = new byte[identity.User.BinaryLength]; identity.User.GetBinaryForm(accountSidBytes, 0); int result = LsaEnumerateAccountRights(policyHandle, accountSidBytes, out userRightsPtr, out countOfRights); winErrorCode = LsaNtStatusToWinError(result); if (winErrorCode == 0) { long current = userRightsPtr.ToInt64(); LSA_UNICODE_STRING userRight; for (int i = 0; i < countOfRights; i++) { userRight = (LSA_UNICODE_STRING)Marshal.PtrToStructure(new IntPtr(current), typeof(LSA_UNICODE_STRING)); string userRightStr = Marshal.PtrToStringAuto(userRight.Buffer); rights.Add(userRightStr); current += Marshal.SizeOf(userRight); } } LsaClose(policyHandle); } return(rights); }
private unsafe static extern int LsaOpenPolicy( [In] ref LSA_UNICODE_STRING SystemName, [In, MarshalAs(UnmanagedType.LPStruct)] LSA_OBJECT_ATTRIBUTES Attributes, [In] System.UInt32 DesiredAccess, [Out] out System.IntPtr PolicyHandle );
private static LSA_OBJECT_ATTRIBUTES CreateLSAObject() { var newInstance = new LSA_OBJECT_ATTRIBUTES(); newInstance.Length = 0; newInstance.RootDirectory = IntPtr.Zero; newInstance.Attributes = 0; newInstance.SecurityDescriptor = IntPtr.Zero; newInstance.SecurityQualityOfService = IntPtr.Zero; return(newInstance); }
/// <summary> /// Constructor for <see cref="LocalSecurityPolicy"/> /// </summary> /// <param name="systemName">local system if systemName is null</param> public LocalSecurityPolicy(string systemName) { lsaHandle = IntPtr.Zero; LSA_UNICODE_STRING system = InitLsaString(systemName); //combine all policies int access = (int)( LSA_AccessPolicy.POLICY_AUDIT_LOG_ADMIN | LSA_AccessPolicy.POLICY_CREATE_ACCOUNT | LSA_AccessPolicy.POLICY_CREATE_PRIVILEGE | LSA_AccessPolicy.POLICY_CREATE_SECRET | LSA_AccessPolicy.POLICY_GET_PRIVATE_INFORMATION | LSA_AccessPolicy.POLICY_LOOKUP_NAMES | LSA_AccessPolicy.POLICY_NOTIFICATION | LSA_AccessPolicy.POLICY_SERVER_ADMIN | LSA_AccessPolicy.POLICY_SET_AUDIT_REQUIREMENTS | LSA_AccessPolicy.POLICY_SET_DEFAULT_QUOTA_LIMITS | LSA_AccessPolicy.POLICY_TRUST_ADMIN | LSA_AccessPolicy.POLICY_VIEW_AUDIT_INFORMATION | LSA_AccessPolicy.POLICY_VIEW_LOCAL_INFORMATION ); //initialize a pointer for the policy handle IntPtr policyHandle = IntPtr.Zero; //these attributes are not used, but LsaOpenPolicy wants them to exists LSA_OBJECT_ATTRIBUTES ObjectAttributes = new LSA_OBJECT_ATTRIBUTES(); ObjectAttributes.Length = 0; ObjectAttributes.RootDirectory = IntPtr.Zero; ObjectAttributes.Attributes = 0; ObjectAttributes.SecurityDescriptor = IntPtr.Zero; ObjectAttributes.SecurityQualityOfService = IntPtr.Zero; //get a policy handle uint ret = LsaOpenPolicy(ref system, ref ObjectAttributes, access, out lsaHandle); if (ret == 0) { return; } if (ret == STATUS_ACCESS_DENIED) { throw new UnauthorizedAccessException(); } if ((ret == STATUS_INSUFFICIENT_RESOURCES) || (ret == STATUS_NO_MEMORY)) { throw new OutOfMemoryException(); } throw new Win32Exception((int)LsaNtStatusToWinError(ret)); }
private static IntPtr GetLsaPolicy(ref LSA_OBJECT_ATTRIBUTES objectAttributes, ref LSA_UNICODE_STRING localsystem) { var ntsResult = LsaOpenPolicy(ref localsystem, ref objectAttributes, (uint)LSA_AccessPolicy.POLICY_GET_PRIVATE_INFORMATION, out var lsaPolicyHandle); var winErrorCode = LsaNtStatusToWinError(ntsResult); if (winErrorCode != 0) { throw new Win32Exception(winErrorCode, "LsaOpenPolicy failed: " + winErrorCode); } return(lsaPolicyHandle); }
/* * // Returns the Local Security Authority rights granted to the account * public static System.Collections.Generic.IList<string> GetRights(string accountName) * { * System.Collections.Generic.IList<string> rights = new System.Collections.Generic.List<string>(); * string errorMessage = string.Empty; * * long winErrorCode = 0; * IntPtr sid = IntPtr.Zero; * int sidSize = 0; * System.Text.StringBuilder domainName = new System.Text.StringBuilder(); * int nameSize = 0; * int accountType = 0; * * LookupAccountName(string.Empty, accountName, sid, ref sidSize, domainName, ref nameSize, ref accountType); * * domainName = new System.Text.StringBuilder(nameSize); * sid = Marshal.AllocHGlobal(sidSize); * * if (!LookupAccountName(string.Empty, accountName, sid, ref sidSize, domainName, ref nameSize, ref accountType)) * { * winErrorCode = GetLastError(); * errorMessage = ("LookupAccountName failed: " + winErrorCode); * } * else * { * LSA_UNICODE_STRING systemName = new LSA_UNICODE_STRING(); * * IntPtr policyHandle = IntPtr.Zero; * IntPtr userRightsPtr = IntPtr.Zero; * int countOfRights = 0; * * LSA_OBJECT_ATTRIBUTES objectAttributes = CreateLSAObject(); * * uint policyStatus = LsaOpenPolicy(ref systemName, ref objectAttributes, (int)POLICY_ALL_ACCESS, out policyHandle); * winErrorCode = LsaNtStatusToWinError(Convert.ToInt32(policyStatus)); * * if (winErrorCode != 0) * { * errorMessage = string.Format("OpenPolicy failed: {0}.", winErrorCode); * } * else * { * int result = LsaEnumerateAccountRights(policyHandle, sid, out userRightsPtr, out countOfRights); * winErrorCode = LsaNtStatusToWinError(result); * if (winErrorCode != 0) * { * errorMessage = string.Format("LsaEnumerateAccountRights failed: {0}", winErrorCode); * } * * Int32 ptr = userRightsPtr.ToInt32(); * LSA_UNICODE_STRING userRight; * * for (int i = 0; i < countOfRights; i++) * { * userRight = (LSA_UNICODE_STRING)Marshal.PtrToStructure(new IntPtr(ptr), typeof(LSA_UNICODE_STRING)); * string userRightStr = Marshal.PtrToStringAuto(userRight.Buffer); * rights.Add(userRightStr); * ptr += Marshal.SizeOf(userRight); * } * LsaClose(policyHandle); * } * FreeSid(sid); * } * if (winErrorCode > 0) * { * throw new ApplicationException(string.Format("Error occured in LSA, error code {0}, detail: {1}", winErrorCode, errorMessage)); * } * return rights; * } */ private static LSA_OBJECT_ATTRIBUTES CreateLSAObjectAttributes() { LSA_OBJECT_ATTRIBUTES objectAttributes = new LSA_OBJECT_ATTRIBUTES(); objectAttributes.Length = (uint)Marshal.SizeOf(objectAttributes); objectAttributes.RootDirectory = IntPtr.Zero; objectAttributes.ObjectName = new LSA_UNICODE_STRING(); objectAttributes.Attributes = 0; objectAttributes.SecurityDescriptor = IntPtr.Zero; objectAttributes.SecurityQualityOfService = IntPtr.Zero; return(objectAttributes); }
public static List<String> getAccessTokens(String sidString) { List<String> tokens = new List<String>(); IntPtr sid = IntPtr.Zero; if (!ConvertStringSidToSid(sidString, out sid)) { int errorCode = GetLastError(); switch(errorCode) { case ERROR_FILE_NOT_FOUND: // no such user? return tokens; default: throw new System.ComponentModel.Win32Exception(errorCode); } } IntPtr policyHandle = IntPtr.Zero; LSA_OBJECT_ATTRIBUTES objAttrs = new LSA_OBJECT_ATTRIBUTES(); int mode = POLICY_LOOKUP_NAMES | POLICY_VIEW_LOCAL_INFORMATION; uint result = LsaNtStatusToWinError(LsaOpenPolicy(null, ref objAttrs, mode, out policyHandle)); if (result != 0) { Marshal.FreeHGlobal(sid); throw new System.ComponentModel.Win32Exception((int)result); } IntPtr rightsArray = IntPtr.Zero; UInt32 rightsLen = 0; result = LsaNtStatusToWinError(LsaEnumerateAccountRights(policyHandle, sid, out rightsArray, out rightsLen)); Marshal.FreeHGlobal(sid); switch((int)result) { case ERROR_SUCCESS: LSA_UNICODE_STRING myLsaus = new LSA_UNICODE_STRING(); for (ulong i=0; i < rightsLen; i++) { IntPtr itemAddr = new IntPtr(rightsArray.ToInt64() + (long)(i * (ulong)Marshal.SizeOf(myLsaus))); myLsaus = (LSA_UNICODE_STRING)Marshal.PtrToStructure(itemAddr, myLsaus.GetType()); String thisRight = LSAUS2string(myLsaus); tokens.Add(thisRight); } break; case ERROR_FILE_NOT_FOUND: // no account rights were found for the user break; default: LsaClose(policyHandle); throw new System.ComponentModel.Win32Exception((int)result); } LsaClose(policyHandle); return tokens; }
public static string GetValue(string key) { if (key == null) { throw new ArgumentNullException(nameof(key)); } if (key.Length == 0) { throw new ArgumentException($"{nameof(key)} must not be empty", nameof(key)); } var objectAttributes = new LSA_OBJECT_ATTRIBUTES(); var localsystem = new LSA_UNICODE_STRING(); var secretName = new LSA_UNICODE_STRING(key); // Get LSA policy var lsaPolicyHandle = GetLsaPolicy(ref objectAttributes, ref localsystem); var result = LsaRetrievePrivateData(lsaPolicyHandle, ref secretName, out var privateData); ReleaseLsaPolicy(lsaPolicyHandle); if (result == STATUS_OBJECT_NAME_NOT_FOUND) { return(null); } var winErrorCode = LsaNtStatusToWinError(result); if (winErrorCode != 0) { throw new Win32Exception(winErrorCode, "LsaRetrievePrivateData failed: " + winErrorCode); } if (privateData == IntPtr.Zero) { return(null); } var lusSecretData = Marshal.PtrToStructure <LSA_UNICODE_STRING>(privateData); var value = Marshal.PtrToStringAuto(lusSecretData.Buffer).Substring(0, lusSecretData.Length / UnicodeEncoding.CharSize); FreeMemory(privateData); return(value); }
public static LsaHandle LsaOpenLocalPolicy(PolicyAccessRights access) { LSA_OBJECT_ATTRIBUTES attributes = new LSA_OBJECT_ATTRIBUTES(); LsaHandle handle; NTSTATUS status; unsafe { status = Imports.LsaOpenPolicy(null, &attributes, access, out handle); } if (status != NTSTATUS.STATUS_SUCCESS) { throw ErrorMethods.GetIoExceptionForNTStatus(status); } return(handle); }
static void Main(string[] args) { // LsaOpenPolicy function opens a handle to the Policy object on a local or remote system. //initialize an empty unicode-string LSA_UNICODE_STRING aSystemName = new LSA_UNICODE_STRING(); //these attributes are not used, but LsaOpenPolicy wants them to exists LSA_OBJECT_ATTRIBUTES aObjectAttributes = new LSA_OBJECT_ATTRIBUTES(); //these attributes are not used, but LsaOpenPolicy wants them to exist // (MSDN: "the structure members are not used, initalize them to NULL or zero") LSA_OBJECT_ATTRIBUTES ObjectAttributes = new LSA_OBJECT_ATTRIBUTES(); ObjectAttributes.Length = 0; ObjectAttributes.RootDirectory = IntPtr.Zero; ObjectAttributes.Attributes = 0; ObjectAttributes.SecurityDescriptor = IntPtr.Zero; ObjectAttributes.SecurityQualityOfService = IntPtr.Zero; // This was hard coded in keithga's binary - https://docs.microsoft.com/en-us/windows/win32/secauthz/access-mask uint access = 1; // A pointer to an LSA_HANDLE variable that receives a handle to the Policy object. IntPtr policy = IntPtr.Zero; //get a policy handle UInt32 resultPolicy = LsaOpenPolicy(ref aSystemName, ref ObjectAttributes, access, out policy); UInt32 winErrorCode = LsaNtStatusToWinError(resultPolicy); if (resultPolicy != 0) { Console.WriteLine("OpenPolicy failed: " + resultPolicy); } if (winErrorCode != 0) { Console.WriteLine("OpenPolicy Error: " + winErrorCode); } string result = RetrievePrivateData("DefaultPassword", policy); Console.WriteLine("AutoLogon Password: " + result); }
private static IntPtr GetLsaPolicyHandle() { string computerName = Environment.MachineName; IntPtr hPolicy; LSA_OBJECT_ATTRIBUTES objectAttributes = new LSA_OBJECT_ATTRIBUTES(); objectAttributes.Length = 0; objectAttributes.RootDirectory = IntPtr.Zero; objectAttributes.Attributes = 0; objectAttributes.SecurityDescriptor = IntPtr.Zero; objectAttributes.SecurityQualityOfService = IntPtr.Zero; const uint ACCESS_MASK = POLICY_CREATE_SECRET | POLICY_LOOKUP_NAMES | POLICY_VIEW_LOCAL_INFORMATION; LSA_UNICODE_STRING machineNameLsa = new LSA_UNICODE_STRING(computerName); uint result = LsaOpenPolicy(ref machineNameLsa, ref objectAttributes, ACCESS_MASK, out hPolicy); HandleLsaResult(result); return(hPolicy); }
public bool GrantUserLogonAsServicePrivilage(string domain, string userName) { Trace.Entering(); IntPtr lsaPolicyHandle = IntPtr.Zero; ArgUtil.NotNullOrEmpty(userName, nameof(userName)); try { LSA_UNICODE_STRING system = new LSA_UNICODE_STRING(); LSA_OBJECT_ATTRIBUTES attrib = new LSA_OBJECT_ATTRIBUTES() { Length = 0, RootDirectory = IntPtr.Zero, Attributes = 0, SecurityDescriptor = IntPtr.Zero, SecurityQualityOfService = IntPtr.Zero, }; uint result = LsaOpenPolicy(ref system, ref attrib, LSA_POLICY_ALL_ACCESS, out lsaPolicyHandle); if (result != 0 || lsaPolicyHandle == IntPtr.Zero) { if (result == ReturnCode.STATUS_ACCESS_DENIED) { throw new Exception(StringUtil.Loc("ShouldBeAdmin")); } throw new Exception(StringUtil.Loc("OperationFailed", nameof(LsaOpenPolicy), result)); } result = LsaAddAccountRights(lsaPolicyHandle, GetSidBinaryFromWindows(domain, userName), LogonAsServiceRights, 1); Trace.Info("LsaAddAccountRights return with error code {0} ", result); return(result == 0); } finally { int result = LsaClose(lsaPolicyHandle); if (result != 0) { Trace.Error(StringUtil.Format("Can not close LasPolicy handler. LsaClose failed with error code {0}", result)); } } }
private static IntPtr GetLsaPolicyHandle() { var computerName = Environment.MachineName; IntPtr hPolicy; var objectAttributes = new LSA_OBJECT_ATTRIBUTES { Length = 0, RootDirectory = IntPtr.Zero, Attributes = 0, SecurityDescriptor = IntPtr.Zero, SecurityQualityOfService = IntPtr.Zero }; const uint accessMask = POLICY_CREATE_SECRET | POLICY_LOOKUP_NAMES | POLICY_VIEW_LOCAL_INFORMATION; var machineNameLsa = new LSA_UNICODE_STRING(computerName); var result = LsaOpenPolicy(ref machineNameLsa, ref objectAttributes, accessMask, out hPolicy); HandleLsaResult(result); return(hPolicy); }
public LSAPolicy(LSA_AccessPolicy access) { //initialize an empty unicode-string string systemName = null; //these attributes are not used, but LsaOpenPolicy wants them to exist // (MSDN: "the structure members are not used, initalize them to NULL or zero") var objectAttributes = new LSA_OBJECT_ATTRIBUTES(); // objectAttributes.Length = 0; // objectAttributes.RootDirectory = IntPtr.Zero; // objectAttributes.Attributes = 0; // objectAttributes.SecurityDescriptor = IntPtr.Zero; // objectAttributes.SecurityQualityOfService = IntPtr.Zero; // //get a policy handle var resultPolicy = LsaOpenPolicy(ref systemName, ref objectAttributes, (int)access, out _policy); var winErrorCode = LsaNtStatusToWinError(resultPolicy); if (winErrorCode != 0) { throw new Win32Exception(winErrorCode, "OpenPolicy failed: " + winErrorCode); } }
public LsaPolicy() { LSA_UNICODE_STRING system = new LSA_UNICODE_STRING(); LSA_OBJECT_ATTRIBUTES attrib = new LSA_OBJECT_ATTRIBUTES() { Length = 0, RootDirectory = IntPtr.Zero, Attributes = 0, SecurityDescriptor = IntPtr.Zero, SecurityQualityOfService = IntPtr.Zero, }; IntPtr handle = IntPtr.Zero; uint result = LsaOpenPolicy(ref system, ref attrib, LSA_POLICY_ALL_ACCESS, out handle); if (result != 0 || handle == IntPtr.Zero) { throw new Exception(StringUtil.Loc("OperationFailed", nameof(LsaOpenPolicy), result)); } Handle = handle; }
public LSAutil(string key) { if (key.Length == 0) { throw new Exception("Key length zero"); } objectAttributes = new LSA_OBJECT_ATTRIBUTES(); objectAttributes.Length = 0; objectAttributes.RootDirectory = IntPtr.Zero; objectAttributes.Attributes = 0; objectAttributes.SecurityDescriptor = IntPtr.Zero; objectAttributes.SecurityQualityOfService = IntPtr.Zero; localsystem = new LSA_UNICODE_STRING(); localsystem.Buffer = IntPtr.Zero; localsystem.Length = 0; localsystem.MaximumLength = 0; secretName = new LSA_UNICODE_STRING(); secretName.Buffer = Marshal.StringToHGlobalUni(key); secretName.Length = (UInt16)(key.Length * UnicodeEncoding.CharSize); secretName.MaximumLength = (UInt16)((key.Length + 1) * UnicodeEncoding.CharSize); }
private static extern UInt32 LsaOpenPolicy( ref LSA_UNICODE_STRING SystemName, ref LSA_OBJECT_ATTRIBUTES ObjectAttributes, Int32 DesiredAccess, out IntPtr PolicyHandle );
/// <summary> /// Constructor for <see cref="LocalSecurityPolicy"/> /// </summary> /// <param name="systemName">local system if systemName is null</param> public LocalSecurityPolicy(string systemName) { lsaHandle = IntPtr.Zero; LSA_UNICODE_STRING system = InitLsaString(systemName); //combine all policies int access = (int)( LSA_AccessPolicy.POLICY_AUDIT_LOG_ADMIN | LSA_AccessPolicy.POLICY_CREATE_ACCOUNT | LSA_AccessPolicy.POLICY_CREATE_PRIVILEGE | LSA_AccessPolicy.POLICY_CREATE_SECRET | LSA_AccessPolicy.POLICY_GET_PRIVATE_INFORMATION | LSA_AccessPolicy.POLICY_LOOKUP_NAMES | LSA_AccessPolicy.POLICY_NOTIFICATION | LSA_AccessPolicy.POLICY_SERVER_ADMIN | LSA_AccessPolicy.POLICY_SET_AUDIT_REQUIREMENTS | LSA_AccessPolicy.POLICY_SET_DEFAULT_QUOTA_LIMITS | LSA_AccessPolicy.POLICY_TRUST_ADMIN | LSA_AccessPolicy.POLICY_VIEW_AUDIT_INFORMATION | LSA_AccessPolicy.POLICY_VIEW_LOCAL_INFORMATION ); //initialize a pointer for the policy handle IntPtr policyHandle = IntPtr.Zero; //these attributes are not used, but LsaOpenPolicy wants them to exists LSA_OBJECT_ATTRIBUTES ObjectAttributes = new LSA_OBJECT_ATTRIBUTES(); ObjectAttributes.Length = 0; ObjectAttributes.RootDirectory = IntPtr.Zero; ObjectAttributes.Attributes = 0; ObjectAttributes.SecurityDescriptor = IntPtr.Zero; ObjectAttributes.SecurityQualityOfService = IntPtr.Zero; //get a policy handle uint ret = LsaOpenPolicy(ref system, ref ObjectAttributes, access, out lsaHandle); if (ret == 0) return; if (ret == STATUS_ACCESS_DENIED) { throw new UnauthorizedAccessException(); } if ((ret == STATUS_INSUFFICIENT_RESOURCES) || (ret == STATUS_NO_MEMORY)) { throw new OutOfMemoryException(); } throw new Win32Exception((int)LsaNtStatusToWinError(ret)); }
internal static extern uint LsaOpenPolicy( ref LSA_UNICODE_STRING systemName, ref LSA_OBJECT_ATTRIBUTES objectAttributes, uint desiredAccess, out IntPtr policyHandle);
public static Dictionary <AuditEventPolicy, Dictionary <String, AuditEventStatus> > GetSubcategoryPolicies() { Dictionary <AuditEventPolicy, Dictionary <String, AuditEventStatus> > result = new Dictionary <AuditEventPolicy, Dictionary <String, AuditEventStatus> >(); LSA_OBJECT_ATTRIBUTES objAttrs = new LSA_OBJECT_ATTRIBUTES(); IntPtr hPolicy = IntPtr.Zero; IntPtr pInfo = IntPtr.Zero; IntPtr pGuid = IntPtr.Zero; IntPtr pAuditPolicies = IntPtr.Zero; IntPtr pSubcategories = IntPtr.Zero; UInt32 lrc = LsaOpenPolicy(null, ref objAttrs, POLICY_VIEW_AUDIT_INFORMATION, out hPolicy); uint code = LsaNtStatusToWinError(lrc); if (code != 0) { throw new System.ComponentModel.Win32Exception((int)code); } try { // // Query the policy // lrc = LsaQueryInformationPolicy(hPolicy, POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation, out pInfo); code = LsaNtStatusToWinError(lrc); if (code != 0) { throw new System.ComponentModel.Win32Exception((int)code); } POLICY_AUDIT_EVENTS_INFO info = new POLICY_AUDIT_EVENTS_INFO(); info = (POLICY_AUDIT_EVENTS_INFO)Marshal.PtrToStructure(pInfo, info.GetType()); // // Iterate through the event types // for (UInt32 eventType = 0; eventType < info.MaximumAuditEventCount; eventType++) { pGuid = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(GUID))); if (!AuditLookupCategoryGuidFromCategoryId((POLICY_AUDIT_EVENT_TYPE)eventType, pGuid)) { throw new System.ComponentModel.Win32Exception(GetLastError()); } UInt32 subcategoryCount = 0; if (!AuditEnumerateSubCategories(pGuid, false, ref pSubcategories, out subcategoryCount)) { throw new System.ComponentModel.Win32Exception(GetLastError()); } if (!AuditQuerySystemPolicy(pSubcategories, subcategoryCount, out pAuditPolicies)) { throw new System.ComponentModel.Win32Exception(GetLastError()); } Dictionary <String, AuditEventStatus> dict = new Dictionary <String, AuditEventStatus>(); AUDIT_POLICY_INFORMATION policyInfo = new AUDIT_POLICY_INFORMATION(); for (UInt32 subcategoryIndex = 0; subcategoryIndex < subcategoryCount; subcategoryIndex++) { IntPtr itemPtr = new IntPtr(pAuditPolicies.ToInt64() + (long)subcategoryIndex * (Int64)Marshal.SizeOf(policyInfo)); policyInfo = (AUDIT_POLICY_INFORMATION)Marshal.PtrToStructure(itemPtr, policyInfo.GetType()); dict.Add(AuditPolicySubcategories[policyInfo.AuditSubCategoryGuid.ToString()], (AuditEventStatus)policyInfo.AuditingInformation); } result.Add((AuditEventPolicy)eventType, dict); AuditFree(pAuditPolicies); pAuditPolicies = IntPtr.Zero; AuditFree(pSubcategories); pSubcategories = IntPtr.Zero; Marshal.FreeHGlobal(pGuid); pGuid = IntPtr.Zero; } } finally { // // Cleanup // if (pInfo != IntPtr.Zero) { LsaFreeMemory(pInfo); } if (pGuid != IntPtr.Zero) { Marshal.FreeHGlobal(pGuid); } if (pAuditPolicies != IntPtr.Zero) { AuditFree(pAuditPolicies); } if (pSubcategories != IntPtr.Zero) { AuditFree(pSubcategories); } LsaClose(hPolicy); } return(result); }
public static extern UInt32 LsaOpenPolicy(String SystemName, ref LSA_OBJECT_ATTRIBUTES ObjectAttributes, Int32 DesiredAccess, out IntPtr PolicyHandle);
public bool GrantUserLogonAsServicePrivilage(string domain, string userName) { Trace.Entering(); IntPtr lsaPolicyHandle = IntPtr.Zero; ArgUtil.NotNullOrEmpty(userName, nameof(userName)); try { LSA_UNICODE_STRING system = new LSA_UNICODE_STRING(); LSA_OBJECT_ATTRIBUTES attrib = new LSA_OBJECT_ATTRIBUTES() { Length = 0, RootDirectory = IntPtr.Zero, Attributes = 0, SecurityDescriptor = IntPtr.Zero, SecurityQualityOfService = IntPtr.Zero, }; uint result = LsaOpenPolicy(ref system, ref attrib, LSA_POLICY_ALL_ACCESS, out lsaPolicyHandle); if (result != 0 || lsaPolicyHandle == IntPtr.Zero) { if (result == ReturnCode.STATUS_ACCESS_DENIED) { throw new Exception(StringUtil.Loc("ShouldBeAdmin")); } throw new Exception(StringUtil.Loc("OperationFailed", nameof(LsaOpenPolicy), result)); } result = LsaAddAccountRights(lsaPolicyHandle, GetSidBinaryFromWindows(domain, userName), LogonAsServiceRights, 1); Trace.Info("LsaAddAccountRights return with error code {0} ", result); return result == 0; } finally { int result = LsaClose(lsaPolicyHandle); if (result != 0) { Trace.Error(StringUtil.Format("Can not close LasPolicy handler. LsaClose failed with error code {0}", result)); } } }
internal static extern uint LsaOpenPolicy( ref UNICODE_STRING SystemName, ref LSA_OBJECT_ATTRIBUTES ObjectAttributes, uint DesiredAccess, out IntPtr PolicyHandle );
public static extern uint LsaOpenPolicy( LSA_UNICODE_STRING[]?SystemName, ref LSA_OBJECT_ATTRIBUTES ObjectAttributes, int AccessMask, out IntPtr PolicyHandle );
public static Dictionary<AuditEventPolicy, AuditEventStatus> GetPolicies() { Dictionary<AuditEventPolicy, AuditEventStatus> result = new Dictionary<AuditEventPolicy, AuditEventStatus>(); LSA_OBJECT_ATTRIBUTES objAttrs = new LSA_OBJECT_ATTRIBUTES(); IntPtr hPolicy = IntPtr.Zero; IntPtr pInfo = IntPtr.Zero; IntPtr pGuid = IntPtr.Zero; UInt32 lrc = LsaOpenPolicy(null, ref objAttrs, POLICY_VIEW_AUDIT_INFORMATION, out hPolicy); uint code = LsaNtStatusToWinError(lrc); if (code != 0) { throw new System.ComponentModel.Win32Exception((int)code); } try { // // Query the policy // lrc = LsaQueryInformationPolicy(hPolicy, POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation, out pInfo); code = LsaNtStatusToWinError(lrc); if (code != 0) { throw new System.ComponentModel.Win32Exception((int)code); } POLICY_AUDIT_EVENTS_INFO info = new POLICY_AUDIT_EVENTS_INFO(); info = (POLICY_AUDIT_EVENTS_INFO)Marshal.PtrToStructure(pInfo, info.GetType()); // // Iterate through the event types // for (UInt32 eventType = 0; eventType < info.MaximumAuditEventCount; eventType++) { pGuid = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(GUID))); if (AuditLookupCategoryGuidFromCategoryId((POLICY_AUDIT_EVENT_TYPE)eventType, pGuid)) { IntPtr itemPtr = new IntPtr(info.EventAuditingOptions.ToInt64() + (Int64)eventType * (Int64)Marshal.SizeOf(typeof(UInt32))); UInt32 status = 0; status = (UInt32)Marshal.PtrToStructure(itemPtr, status.GetType()); result.Add((AuditEventPolicy)eventType, (AuditEventStatus)(status & 0x3)); Marshal.FreeHGlobal(pGuid); pGuid = IntPtr.Zero; } else { throw new System.ComponentModel.Win32Exception(GetLastError()); } } } finally { // // Cleanup // if (pInfo != IntPtr.Zero) { LsaFreeMemory(pInfo); } if (pGuid != IntPtr.Zero) { Marshal.FreeHGlobal(pGuid); } LsaClose(hPolicy); } return result; }
public LsaPolicy() { LSA_UNICODE_STRING system = new LSA_UNICODE_STRING(); LSA_OBJECT_ATTRIBUTES attrib = new LSA_OBJECT_ATTRIBUTES() { Length = 0, RootDirectory = IntPtr.Zero, Attributes = 0, SecurityDescriptor = IntPtr.Zero, SecurityQualityOfService = IntPtr.Zero, }; IntPtr handle = IntPtr.Zero; uint result = LsaOpenPolicy(ref system, ref attrib, LSA_POLICY_ALL_ACCESS, out handle); if (result != 0 || handle == IntPtr.Zero) { if (result == ReturnCode.STATUS_ACCESS_DENIED) { throw new Exception(StringUtil.Loc("ShouldBeAdmin")); } throw new Exception(StringUtil.Loc("OperationFailed", nameof(LsaOpenPolicy), result)); } Handle = handle; }
public static List<string> getAccessTokens(string targetHost, string entityName) { List<string> retList = new List<string>(); IntPtr sid = IntPtr.Zero; int sidSize = 0; StringBuilder domainName = new StringBuilder(); int nameSize = 0; int accountType = 0; UInt32 lretVal; uint retVal; LookupAccountName("\\\\" + targetHost, entityName, sid, ref sidSize, domainName, ref nameSize, ref accountType); domainName = new StringBuilder(nameSize); sid = Marshal.AllocHGlobal(sidSize); bool result = LookupAccountName("\\\\" + targetHost, entityName, sid, ref sidSize, domainName, ref nameSize, ref accountType); if (!result) { Marshal.FreeHGlobal(sid); throw new System.ComponentModel.Win32Exception(GetLastError()); } LSA_UNICODE_STRING systemName = string2LSAUS("\\\\" + targetHost); IntPtr policyHandle = IntPtr.Zero; LSA_OBJECT_ATTRIBUTES objAttrs = new LSA_OBJECT_ATTRIBUTES(); lretVal = LsaOpenPolicy(ref systemName, ref objAttrs, POLICY_LOOKUP_NAMES | POLICY_VIEW_LOCAL_INFORMATION, out policyHandle); retVal = LsaNtStatusToWinError(lretVal); if (retVal != 0) { Marshal.FreeHGlobal(sid); throw new System.ComponentModel.Win32Exception((int)retVal); } IntPtr rightsArray = IntPtr.Zero; UInt32 rightsCount = 0; lretVal = LsaEnumerateAccountRights(policyHandle, sid, out rightsArray, out rightsCount); retVal = LsaNtStatusToWinError(lretVal); Marshal.FreeHGlobal(sid); if (retVal == 2) { LsaClose(policyHandle); return retList; } if (retVal != 0) { LsaClose(policyHandle); throw new System.ComponentModel.Win32Exception((int)retVal); } LSA_UNICODE_STRING myLsaus = new LSA_UNICODE_STRING(); for (ulong i = 0; i < rightsCount; i++) { IntPtr itemAddr = new IntPtr(rightsArray.ToInt64() + (long)(i * (ulong)Marshal.SizeOf(myLsaus))); myLsaus = (LSA_UNICODE_STRING)Marshal.PtrToStructure(itemAddr, myLsaus.GetType()); string thisRight = LSAUS2string(myLsaus); retList.Add(thisRight); } lretVal = LsaClose(policyHandle); retVal = LsaNtStatusToWinError(lretVal); if (retVal != 0) throw new System.ComponentModel.Win32Exception((int)retVal); return retList; }
// Returns the Local Security Authority rights granted to the account public IList <string> GetRights(string accountName) { IList <string> rights = new List <string>(); string errorMessage = string.Empty; long winErrorCode = 0; IntPtr sid = IntPtr.Zero; int sidSize = 0; StringBuilder domainName = new StringBuilder(); int nameSize = 0; int accountType = 0; LookupAccountName(string.Empty, accountName, sid, ref sidSize, domainName, ref nameSize, ref accountType); domainName = new StringBuilder(nameSize); sid = Marshal.AllocHGlobal(sidSize); if (!LookupAccountName(string.Empty, accountName, sid, ref sidSize, domainName, ref nameSize, ref accountType)) { winErrorCode = GetLastError(); errorMessage = ("LookupAccountName failed: " + winErrorCode); throw new Win32Exception((int)winErrorCode, errorMessage); } else { LSA_UNICODE_STRING systemName = new LSA_UNICODE_STRING(); IntPtr policyHandle = IntPtr.Zero; IntPtr userRightsPtr = IntPtr.Zero; int countOfRights = 0; LSA_OBJECT_ATTRIBUTES objectAttributes = CreateLSAObject(); uint policyStatus = LsaOpenPolicy(ref systemName, ref objectAttributes, Access, out policyHandle); winErrorCode = LsaNtStatusToWinError(Convert.ToInt32(policyStatus)); if (winErrorCode != 0) { errorMessage = string.Format("OpenPolicy failed: {0}.", winErrorCode); throw new Win32Exception((int)winErrorCode, errorMessage); } else { try { int result = LsaEnumerateAccountRights(policyHandle, sid, out userRightsPtr, out countOfRights); winErrorCode = LsaNtStatusToWinError(result); if (winErrorCode != 0) { if (winErrorCode == 2) { return(new List <string>()); } errorMessage = string.Format("LsaEnumerateAccountRights failed: {0}", winErrorCode); throw new Win32Exception((int)winErrorCode, errorMessage); } Int32 ptr = userRightsPtr.ToInt32(); LSA_UNICODE_STRING userRight; for (int i = 0; i < countOfRights; i++) { userRight = (LSA_UNICODE_STRING)Marshal.PtrToStructure(new IntPtr(ptr), typeof(LSA_UNICODE_STRING)); string userRightStr = Marshal.PtrToStringAuto(userRight.Buffer); rights.Add(userRightStr); ptr += Marshal.SizeOf(userRight); } } finally { LsaClose(policyHandle); } } FreeSid(sid); } return(rights); }
public extern static uint LsaOpenPolicy(ref string SystemName, ref LSA_OBJECT_ATTRIBUTES ObjectAttributes, uint AccessMask, out IntPtr PolicyHandle);
private static IntPtr GetLsaPolicyHandle() { string computerName = Environment.MachineName; IntPtr hPolicy; LSA_OBJECT_ATTRIBUTES objectAttributes = new LSA_OBJECT_ATTRIBUTES(); objectAttributes.Length = 0; objectAttributes.RootDirectory = IntPtr.Zero; objectAttributes.Attributes = 0; objectAttributes.SecurityDescriptor = IntPtr.Zero; objectAttributes.SecurityQualityOfService = IntPtr.Zero; const uint ACCESS_MASK = POLICY_CREATE_SECRET | POLICY_LOOKUP_NAMES | POLICY_VIEW_LOCAL_INFORMATION; LSA_UNICODE_STRING machineNameLsa = new LSA_UNICODE_STRING(computerName); uint result = LsaOpenPolicy(ref machineNameLsa, ref objectAttributes, ACCESS_MASK, out hPolicy); HandleLsaResult(result); return hPolicy; }
public static Dictionary<AuditEventPolicy, Dictionary<String, AuditEventStatus>> GetSubcategoryPolicies() { Dictionary<AuditEventPolicy, Dictionary<String, AuditEventStatus>> result = new Dictionary<AuditEventPolicy, Dictionary<String, AuditEventStatus>>(); LSA_OBJECT_ATTRIBUTES objAttrs = new LSA_OBJECT_ATTRIBUTES(); IntPtr hPolicy = IntPtr.Zero; IntPtr pInfo = IntPtr.Zero; IntPtr pGuid = IntPtr.Zero; IntPtr pAuditPolicies = IntPtr.Zero; IntPtr pSubcategories = IntPtr.Zero; UInt32 lrc = LsaOpenPolicy(null, ref objAttrs, POLICY_VIEW_AUDIT_INFORMATION, out hPolicy); uint code = LsaNtStatusToWinError(lrc); if (code != 0) { throw new System.ComponentModel.Win32Exception((int)code); } try { // // Query the policy // lrc = LsaQueryInformationPolicy(hPolicy, POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation, out pInfo); code = LsaNtStatusToWinError(lrc); if (code != 0) { throw new System.ComponentModel.Win32Exception((int)code); } POLICY_AUDIT_EVENTS_INFO info = new POLICY_AUDIT_EVENTS_INFO(); info = (POLICY_AUDIT_EVENTS_INFO)Marshal.PtrToStructure(pInfo, info.GetType()); // // Iterate through the event types // for (UInt32 eventType = 0; eventType < info.MaximumAuditEventCount; eventType++) { pGuid = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(GUID))); if (!AuditLookupCategoryGuidFromCategoryId((POLICY_AUDIT_EVENT_TYPE)eventType, pGuid)) { throw new System.ComponentModel.Win32Exception(GetLastError()); } UInt32 subcategoryCount = 0; if (!AuditEnumerateSubCategories(pGuid, false, ref pSubcategories, out subcategoryCount)) { throw new System.ComponentModel.Win32Exception(GetLastError()); } if (!AuditQuerySystemPolicy(pSubcategories, subcategoryCount, out pAuditPolicies)) { throw new System.ComponentModel.Win32Exception(GetLastError()); } Dictionary<String, AuditEventStatus> dict = new Dictionary<String, AuditEventStatus>(); AUDIT_POLICY_INFORMATION policyInfo = new AUDIT_POLICY_INFORMATION(); for (UInt32 subcategoryIndex = 0; subcategoryIndex < subcategoryCount; subcategoryIndex++) { IntPtr itemPtr = new IntPtr(pAuditPolicies.ToInt64() + (long)subcategoryIndex * (Int64)Marshal.SizeOf(policyInfo)); policyInfo = (AUDIT_POLICY_INFORMATION)Marshal.PtrToStructure(itemPtr, policyInfo.GetType()); dict.Add(AuditPolicySubcategories[policyInfo.AuditSubCategoryGuid.ToString()], (AuditEventStatus)policyInfo.AuditingInformation); } result.Add((AuditEventPolicy)eventType, dict); AuditFree(pAuditPolicies); pAuditPolicies = IntPtr.Zero; AuditFree(pSubcategories); pSubcategories = IntPtr.Zero; Marshal.FreeHGlobal(pGuid); pGuid = IntPtr.Zero; } } finally { // // Cleanup // if (pInfo != IntPtr.Zero) { LsaFreeMemory(pInfo); } if (pGuid != IntPtr.Zero) { Marshal.FreeHGlobal(pGuid); } if (pAuditPolicies != IntPtr.Zero) { AuditFree(pAuditPolicies); } if (pSubcategories != IntPtr.Zero) { AuditFree(pSubcategories); } LsaClose(hPolicy); } return result; }
public static void SetRight(string user, string machine, string right, bool Add) { int winerror = 0; IntPtr sid = IntPtr.Zero; int sidsize = 0; StringBuilder domainname = new StringBuilder(); int namesize = 0; int accounttype = 0; LookupAccountName(string.Empty, user, sid, ref sidsize, domainname, ref namesize, ref accounttype); domainname = new StringBuilder(namesize); sid = Marshal.AllocHGlobal(sidsize); bool result = LookupAccountName(string.Empty, user, sid, ref sidsize, domainname, ref namesize, ref accounttype); if (!result) { winerror = GetLastError(); throw new Exception("LookupAccountName failure #" + winerror); } else { LSA_UNICODE_STRING systemname = new LSA_UNICODE_STRING(); systemname.Buffer = Marshal.StringToHGlobalUni(machine); systemname.Length = (UInt16)(machine.Length * UnicodeEncoding.CharSize); systemname.MaximumLength = (UInt16)((machine.Length + 1) * UnicodeEncoding.CharSize); int access = (int)( LSA_AccessPolicy.POLICY_AUDIT_LOG_ADMIN | LSA_AccessPolicy.POLICY_CREATE_ACCOUNT | LSA_AccessPolicy.POLICY_CREATE_PRIVILEGE | LSA_AccessPolicy.POLICY_CREATE_SECRET | LSA_AccessPolicy.POLICY_GET_PRIVATE_INFORMATION | LSA_AccessPolicy.POLICY_LOOKUP_NAMES | LSA_AccessPolicy.POLICY_NOTIFICATION | LSA_AccessPolicy.POLICY_SERVER_ADMIN | LSA_AccessPolicy.POLICY_SET_AUDIT_REQUIREMENTS | LSA_AccessPolicy.POLICY_SET_DEFAULT_QUOTA_LIMITS | LSA_AccessPolicy.POLICY_TRUST_ADMIN | LSA_AccessPolicy.POLICY_VIEW_AUDIT_INFORMATION | LSA_AccessPolicy.POLICY_VIEW_LOCAL_INFORMATION ); IntPtr hpolicy = IntPtr.Zero; LSA_OBJECT_ATTRIBUTES objattribs = new LSA_OBJECT_ATTRIBUTES(); objattribs.Length = 0; objattribs.RootDirectory = IntPtr.Zero; objattribs.Attributes = 0; objattribs.SecurityDescriptor = IntPtr.Zero; objattribs.SecurityQualityOfService = IntPtr.Zero; uint policyresult = LsaOpenPolicy(ref systemname, ref objattribs, access, out hpolicy); winerror = LsaNtStatusToWinError(policyresult); if (winerror != 0) { throw new Exception("OpenPolicy failure #" + winerror); } else { LSA_UNICODE_STRING[] userrights = new LSA_UNICODE_STRING[1]; userrights[0] = new LSA_UNICODE_STRING(); userrights[0].Buffer = Marshal.StringToHGlobalUni(right); userrights[0].Length = (UInt16)(right.Length * UnicodeEncoding.CharSize); userrights[0].MaximumLength = (UInt16)((right.Length + 1) * UnicodeEncoding.CharSize); if (Add) { uint res = LsaAddAccountRights(hpolicy, sid, userrights, 1); winerror = LsaNtStatusToWinError(res); if (winerror != 0) { throw new Exception("LsaAddAccountRights failure #" + winerror); } } else { uint res = LsaRemoveAccountRights(hpolicy, sid, false, userrights, 1); winerror = LsaNtStatusToWinError(res); if (winerror != 0) { throw new Exception("LsaRemoveAccountRights failure #" + winerror); } } LsaClose(hpolicy); } FreeSid(sid); } }
public static int SetRight(string accountName, string privilegeName) { int winErrorCode = 0; //contains the last error //pointer an size for the SID IntPtr sid = IntPtr.Zero; int sidSize = 0; //StringBuilder and size for the domain name StringBuilder domainName = new StringBuilder(); int nameSize = 0; //account-type variable for lookup int accountType = 0; //get required buffer size LookupAccountName(String.Empty, accountName, sid, ref sidSize, domainName, ref nameSize, ref accountType); //allocate buffers domainName = new StringBuilder(nameSize); sid = Marshal.AllocHGlobal(sidSize); //lookup the SID for the account bool result = LookupAccountName(String.Empty, accountName, sid, ref sidSize, domainName, ref nameSize, ref accountType); //say what you're doing Trace.WriteLine("LookupAccountName result = " + result); Trace.WriteLine("IsValidSid: " + IsValidSid(sid)); Trace.WriteLine("LookupAccountName domainName: " + domainName.ToString()); if (!result) { winErrorCode = GetLastError(); Trace.WriteLine("LookupAccountName failed: " + winErrorCode); } else { //initialize an empty unicode-string LSA_UNICODE_STRING systemName = new LSA_UNICODE_STRING(); //combine all policies int access = (int)( LSA_AccessPolicy.POLICY_AUDIT_LOG_ADMIN | LSA_AccessPolicy.POLICY_CREATE_ACCOUNT | LSA_AccessPolicy.POLICY_CREATE_PRIVILEGE | LSA_AccessPolicy.POLICY_CREATE_SECRET | LSA_AccessPolicy.POLICY_GET_PRIVATE_INFORMATION | LSA_AccessPolicy.POLICY_LOOKUP_NAMES | LSA_AccessPolicy.POLICY_NOTIFICATION | LSA_AccessPolicy.POLICY_SERVER_ADMIN | LSA_AccessPolicy.POLICY_SET_AUDIT_REQUIREMENTS | LSA_AccessPolicy.POLICY_SET_DEFAULT_QUOTA_LIMITS | LSA_AccessPolicy.POLICY_TRUST_ADMIN | LSA_AccessPolicy.POLICY_VIEW_AUDIT_INFORMATION | LSA_AccessPolicy.POLICY_VIEW_LOCAL_INFORMATION ); //initialize a pointer for the policy handle IntPtr policyHandle = IntPtr.Zero; //these attributes are not used, but LsaOpenPolicy wants them to exists LSA_OBJECT_ATTRIBUTES ObjectAttributes = new LSA_OBJECT_ATTRIBUTES(); ObjectAttributes.Length = 0; ObjectAttributes.RootDirectory = IntPtr.Zero; ObjectAttributes.Attributes = 0; ObjectAttributes.SecurityDescriptor = IntPtr.Zero; ObjectAttributes.SecurityQualityOfService = IntPtr.Zero; //get a policy handle uint resultPolicy = LsaOpenPolicy(ref systemName, ref ObjectAttributes, access, out policyHandle); winErrorCode = (int)LsaNtStatusToWinError(resultPolicy); if (winErrorCode != 0) { Trace.WriteLine("OpenPolicy failed: " + winErrorCode); } else { //Now that we have the SID an the policy, //we can add rights to the account. //initialize an unicode-string for the privilege name LSA_UNICODE_STRING[] userRights = new LSA_UNICODE_STRING[1]; userRights[0] = new LSA_UNICODE_STRING(); userRights[0].Buffer = Marshal.StringToHGlobalUni(privilegeName); userRights[0].Length = (UInt16)(privilegeName.Length * UnicodeEncoding.CharSize); userRights[0].MaximumLength = (UInt16)((privilegeName.Length + 1) * UnicodeEncoding.CharSize); //add the right to the account uint res = LsaAddAccountRights(policyHandle, sid, userRights, 1); winErrorCode = (int)LsaNtStatusToWinError(res); if (winErrorCode != 0) { Trace.WriteLine("LsaAddAccountRights failed: " + winErrorCode); } LsaClose(policyHandle); } FreeSid(sid); } return(winErrorCode); }
public static extern UInt32 LsaOpenPolicy(String SystemName, ref LSA_OBJECT_ATTRIBUTES ObjectAttributes, Int32 DesiredAccess, out IntPtr PolicyHandle);
private static extern int LsaOpenPolicy(LSA_UNICODE_STRING SystemName, ref LSA_OBJECT_ATTRIBUTES ObjectAttributes, int DesiredAccess, out SafeLsaHandle PolicyHandle);
public virtual Dictionary<AuditEventSubcategories, AuditEventStatus> GetAuditEventSubcategoriesPolicy(TargetInfo targetInfo) { Dictionary<AuditEventSubcategories, AuditEventStatus> retList = new Dictionary<AuditEventSubcategories, AuditEventStatus>(); string target = @"\\" + targetInfo.GetAddress(); LSA_UNICODE_STRING systemName = string2LSAUS(target); LSA_OBJECT_ATTRIBUTES objAttrs = new LSA_OBJECT_ATTRIBUTES(); IntPtr policyHandle = IntPtr.Zero; IntPtr pAuditEventsInfo = IntPtr.Zero; IntPtr pAuditCategoryId = IntPtr.Zero; IntPtr pAuditSubCategoryGuids = IntPtr.Zero; IntPtr pAuditPolicies = IntPtr.Zero; UInt32 lretVal = LsaOpenPolicy(ref systemName, ref objAttrs, POLICY_VIEW_AUDIT_INFORMATION, out policyHandle); UInt32 retVal = LsaNtStatusToWinError(lretVal); if (retVal == (UInt32)0) { try { lretVal = LsaQueryInformationPolicy(policyHandle, POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation, out pAuditEventsInfo); retVal = LsaNtStatusToWinError(lretVal); if (retVal == 0) { POLICY_AUDIT_EVENTS_INFO myAuditEventsInfo = new POLICY_AUDIT_EVENTS_INFO(); myAuditEventsInfo = (POLICY_AUDIT_EVENTS_INFO)Marshal.PtrToStructure(pAuditEventsInfo, myAuditEventsInfo.GetType()); for (var policyAuditEventType = 0; policyAuditEventType < myAuditEventsInfo.MaximumAuditEventCount; policyAuditEventType++) { pAuditCategoryId = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(GUID))); if (!AuditLookupCategoryGuidFromCategoryId((POLICY_AUDIT_EVENT_TYPE)policyAuditEventType, pAuditCategoryId)) { int causingError = GetLastError(); throw new System.ComponentModel.Win32Exception(causingError); } UInt32 nSubCats = 0; pAuditSubCategoryGuids = IntPtr.Zero; if (!AuditEnumerateSubCategories(pAuditCategoryId, false, ref pAuditSubCategoryGuids, out nSubCats)) { int causingError = GetLastError(); throw new System.ComponentModel.Win32Exception(causingError); } Marshal.FreeHGlobal(pAuditCategoryId); pAuditCategoryId = IntPtr.Zero; pAuditPolicies = IntPtr.Zero; if (nSubCats > 0) { if (!AuditQuerySystemPolicy(pAuditSubCategoryGuids, nSubCats, out pAuditPolicies)) { int causingError = GetLastError(); throw new System.ComponentModel.Win32Exception(causingError); } for (var subcategoryIndex = 0; subcategoryIndex < nSubCats; subcategoryIndex++) { AUDIT_POLICY_INFORMATION currentPolicy = new AUDIT_POLICY_INFORMATION(); IntPtr itemPtr = new IntPtr(pAuditPolicies.ToInt64() + (Int64)subcategoryIndex * (Int64)Marshal.SizeOf(currentPolicy)); currentPolicy = (AUDIT_POLICY_INFORMATION)Marshal.PtrToStructure(itemPtr, currentPolicy.GetType()); String subCategoryName = String.Empty; Marshal.StructureToPtr(currentPolicy, itemPtr, true); AuditLookupSubCategoryName(itemPtr, ref subCategoryName); AuditEventSubcategories value; if (subcategoriesDictionary.TryGetValue(subCategoryName, out value)) { retList.Add(value, (AuditEventStatus)(currentPolicy.AuditingInformation & 0x3)); } } if (pAuditPolicies != IntPtr.Zero) { AuditFree(pAuditPolicies); pAuditPolicies = IntPtr.Zero; } } if (pAuditSubCategoryGuids != IntPtr.Zero) { AuditFree(pAuditSubCategoryGuids); pAuditSubCategoryGuids = IntPtr.Zero; } nSubCats = 0; } } else { throw new System.ComponentModel.Win32Exception((int)retVal); } } finally { if (pAuditPolicies != IntPtr.Zero) { AuditFree(pAuditPolicies); pAuditPolicies = IntPtr.Zero; } if (pAuditSubCategoryGuids != IntPtr.Zero) { AuditFree(pAuditSubCategoryGuids); pAuditSubCategoryGuids = IntPtr.Zero; } if (pAuditEventsInfo != IntPtr.Zero) { LsaFreeMemory(pAuditEventsInfo); } if (pAuditCategoryId != IntPtr.Zero) { Marshal.FreeHGlobal(pAuditCategoryId); } LsaClose(policyHandle); } } else { throw new System.ComponentModel.Win32Exception((int)retVal); } return retList; }
internal static extern /*DWORD*/ uint LsaOpenPolicy( string systemName, ref LSA_OBJECT_ATTRIBUTES attributes, int accessMask, out SafeLsaPolicyHandle handle );
/// <summary>Adds a privilege to an account</summary> /// <param name="accountName">Name of an account - "domain\account" or only "account"</param> /// <param name="privilegeName">Name ofthe privilege</param> /// <returns>The windows error code returned by LsaAddAccountRights</returns> public static long SetRight(String accountName, String privilegeName) { long winErrorCode = 0; //contains the last error //pointer an size for the SID IntPtr sid = IntPtr.Zero; int sidSize = 0; //StringBuilder and size for the domain name StringBuilder domainName = new StringBuilder(); int nameSize = 0; //account-type variable for lookup int accountType = 0; //get required buffer size LookupAccountName(String.Empty, accountName, sid, ref sidSize, domainName, ref nameSize, ref accountType); //allocate buffers domainName = new StringBuilder(nameSize); sid = Marshal.AllocHGlobal(sidSize); //lookup the SID for the account bool result = LookupAccountName(String.Empty, accountName, sid, ref sidSize, domainName, ref nameSize, ref accountType); //say what you're doing Console.WriteLine("LookupAccountName result = "+result); Console.WriteLine("IsValidSid: "+IsValidSid(sid)); Console.WriteLine("LookupAccountName domainName: "+domainName.ToString()); if( ! result ){ winErrorCode = GetLastError(); Console.WriteLine("LookupAccountName failed: "+ winErrorCode); }else{ //initialize an empty unicode-string LSA_UNICODE_STRING systemName = new LSA_UNICODE_STRING(); //combine all policies int access = (int)( LSA_AccessPolicy.POLICY_AUDIT_LOG_ADMIN | LSA_AccessPolicy.POLICY_CREATE_ACCOUNT | LSA_AccessPolicy.POLICY_CREATE_PRIVILEGE | LSA_AccessPolicy.POLICY_CREATE_SECRET | LSA_AccessPolicy.POLICY_GET_PRIVATE_INFORMATION | LSA_AccessPolicy.POLICY_LOOKUP_NAMES | LSA_AccessPolicy.POLICY_NOTIFICATION | LSA_AccessPolicy.POLICY_SERVER_ADMIN | LSA_AccessPolicy.POLICY_SET_AUDIT_REQUIREMENTS | LSA_AccessPolicy.POLICY_SET_DEFAULT_QUOTA_LIMITS | LSA_AccessPolicy.POLICY_TRUST_ADMIN | LSA_AccessPolicy.POLICY_VIEW_AUDIT_INFORMATION | LSA_AccessPolicy.POLICY_VIEW_LOCAL_INFORMATION ); //initialize a pointer for the policy handle IntPtr policyHandle = IntPtr.Zero; //these attributes are not used, but LsaOpenPolicy wants them to exists LSA_OBJECT_ATTRIBUTES ObjectAttributes = new LSA_OBJECT_ATTRIBUTES(); ObjectAttributes.Length = 0; ObjectAttributes.RootDirectory = IntPtr.Zero; ObjectAttributes.Attributes = 0; ObjectAttributes.SecurityDescriptor = IntPtr.Zero; ObjectAttributes.SecurityQualityOfService = IntPtr.Zero; //get a policy handle uint resultPolicy = LsaOpenPolicy(ref systemName, ref ObjectAttributes, access, out policyHandle); winErrorCode = LsaNtStatusToWinError(resultPolicy); if(winErrorCode != 0){ Console.WriteLine("OpenPolicy failed: "+ winErrorCode); }else{ //Now that we have the SID an the policy, //we can add rights to the account. //initialize an unicode-string for the privilege name LSA_UNICODE_STRING[] userRights = new LSA_UNICODE_STRING[1]; userRights[0] = new LSA_UNICODE_STRING(); userRights[0].Buffer = Marshal.StringToHGlobalUni(privilegeName); userRights[0].Length = (UInt16)( privilegeName.Length * UnicodeEncoding.CharSize ); userRights[0].MaximumLength = (UInt16)( (privilegeName.Length+1) * UnicodeEncoding.CharSize ); //add the right to the account long res = LsaAddAccountRights(policyHandle, sid, userRights, 1); winErrorCode = LsaNtStatusToWinError(res); if(winErrorCode != 0){ Console.WriteLine("LsaAddAccountRights failed: "+ winErrorCode); } LsaClose(policyHandle); } FreeSid(sid); } return winErrorCode; }
public static Dictionary <AuditEventPolicy, AuditEventStatus> GetPolicies() { Dictionary <AuditEventPolicy, AuditEventStatus> result = new Dictionary <AuditEventPolicy, AuditEventStatus>(); LSA_OBJECT_ATTRIBUTES objAttrs = new LSA_OBJECT_ATTRIBUTES(); IntPtr hPolicy = IntPtr.Zero; IntPtr pInfo = IntPtr.Zero; IntPtr pGuid = IntPtr.Zero; UInt32 lrc = LsaOpenPolicy(null, ref objAttrs, POLICY_VIEW_AUDIT_INFORMATION, out hPolicy); uint code = LsaNtStatusToWinError(lrc); if (code != 0) { throw new System.ComponentModel.Win32Exception((int)code); } try { // // Query the policy // lrc = LsaQueryInformationPolicy(hPolicy, POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation, out pInfo); code = LsaNtStatusToWinError(lrc); if (code != 0) { throw new System.ComponentModel.Win32Exception((int)code); } POLICY_AUDIT_EVENTS_INFO info = new POLICY_AUDIT_EVENTS_INFO(); info = (POLICY_AUDIT_EVENTS_INFO)Marshal.PtrToStructure(pInfo, info.GetType()); // // Iterate through the event types // for (UInt32 eventType = 0; eventType < info.MaximumAuditEventCount; eventType++) { pGuid = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(GUID))); if (AuditLookupCategoryGuidFromCategoryId((POLICY_AUDIT_EVENT_TYPE)eventType, pGuid)) { IntPtr itemPtr = new IntPtr(info.EventAuditingOptions.ToInt64() + (Int64)eventType * (Int64)Marshal.SizeOf(typeof(UInt32))); UInt32 status = 0; status = (UInt32)Marshal.PtrToStructure(itemPtr, status.GetType()); result.Add((AuditEventPolicy)eventType, (AuditEventStatus)(status & 0x3)); Marshal.FreeHGlobal(pGuid); pGuid = IntPtr.Zero; } else { throw new System.ComponentModel.Win32Exception(GetLastError()); } } } finally { // // Cleanup // if (pInfo != IntPtr.Zero) { LsaFreeMemory(pInfo); } if (pGuid != IntPtr.Zero) { Marshal.FreeHGlobal(pGuid); } LsaClose(hPolicy); } return(result); }
internal static extern uint LsaOpenPolicy( LSA_UNICODE_STRING[] SystemName, ref LSA_OBJECT_ATTRIBUTES ObjectAttributes, int AccessMask, out LSA_HANDLE PolicyHandle );
internal static extern uint LsaOpenPolicy( LSA_UNICODE_STRING[] SystemName, ref LSA_OBJECT_ATTRIBUTES ObjectAttributes, int AccessMask, out LSA_HANDLE PolicyHandle );
public virtual Dictionary<AuditEventPolicies, AuditEventStatus> GetAuditEventPolicies(TargetInfo targetInfo) { Dictionary<AuditEventPolicies, AuditEventStatus> retList = new Dictionary<AuditEventPolicies, AuditEventStatus>(); LSA_UNICODE_STRING systemName = string2LSAUS(targetInfo.GetAddress()); LSA_OBJECT_ATTRIBUTES objAttrs = new LSA_OBJECT_ATTRIBUTES(); IntPtr policyHandle = IntPtr.Zero; IntPtr pAuditEventsInfo = IntPtr.Zero; IntPtr pAuditCategoryGuid = IntPtr.Zero; IntPtr pAuditSubCategoryGuids = IntPtr.Zero; IntPtr pAuditPolicies = IntPtr.Zero; UInt32 lretVal = LsaOpenPolicy(ref systemName, ref objAttrs, POLICY_VIEW_AUDIT_INFORMATION, out policyHandle); uint retVal = LsaNtStatusToWinError(lretVal); if (retVal != 0) { throw new System.ComponentModel.Win32Exception((int)retVal); } try { lretVal = LsaQueryInformationPolicy(policyHandle, POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation, out pAuditEventsInfo); retVal = LsaNtStatusToWinError(lretVal); if (retVal != 0) { throw new System.ComponentModel.Win32Exception((int)retVal); } // EventAuditingOptions: The index of each array element corresponds to an audit event type value in the POLICY_AUDIT_EVENT_TYPE enumeration type. // Each POLICY_AUDIT_EVENT_OPTIONS variable in the array can specify the following auditing options. // POLICY_AUDIT_EVENT_UNCHANGED, POLICY_AUDIT_EVENT_SUCCESS, POLICY_AUDIT_EVENT_FAILURE, POLICY_AUDIT_EVENT_NONE POLICY_AUDIT_EVENTS_INFO myAuditEventsInfo = new POLICY_AUDIT_EVENTS_INFO(); myAuditEventsInfo = (POLICY_AUDIT_EVENTS_INFO)Marshal.PtrToStructure(pAuditEventsInfo, myAuditEventsInfo.GetType()); for (UInt32 policyAuditEventType = 0; policyAuditEventType < myAuditEventsInfo.MaximumAuditEventCount; policyAuditEventType++) { pAuditCategoryGuid = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(GUID))); if (!AuditLookupCategoryGuidFromCategoryId((POLICY_AUDIT_EVENT_TYPE)policyAuditEventType, pAuditCategoryGuid)) { int causingError = GetLastError(); throw new System.ComponentModel.Win32Exception(causingError); } String categoryName = String.Empty; AuditLookupCategoryName(pAuditCategoryGuid, ref categoryName); UInt32 status = 0; IntPtr itemPtr = new IntPtr(myAuditEventsInfo.EventAuditingOptions.ToInt64() + (Int64)policyAuditEventType * (Int64)Marshal.SizeOf(typeof(UInt32))); status = (UInt32)Marshal.PtrToStructure(itemPtr, status.GetType()); retList.Add((AuditEventPolicies)policyAuditEventType, (AuditEventStatus)(status & 0x3)); Marshal.FreeHGlobal(pAuditCategoryGuid); pAuditCategoryGuid = IntPtr.Zero; } } finally { if (pAuditEventsInfo != IntPtr.Zero) { LsaFreeMemory(pAuditEventsInfo); } if (pAuditCategoryGuid != IntPtr.Zero) { Marshal.FreeHGlobal(pAuditCategoryGuid); } LsaClose(policyHandle); } return retList; }
private static extern UInt32 LsaOpenPolicy(ref LSA_UNICODE_STRING SystemName, ref LSA_OBJECT_ATTRIBUTES ObjectAttributes, Int32 DesiredAccess, out IntPtr PolicyHandle);
public static extern uint LsaOpenPolicy(ref LSA_UNICODE_STRING SystemName, ref LSA_OBJECT_ATTRIBUTES ObjectAttributes, int DesiredAccess, out IntPtr PolicyHandle);