コード例 #1
0
        public void            AccountLSAResetAll()
        {
            try {
                Console.WriteLine("# remove lsa policies from user: "******"AccountLSAResetAll('" + AccountName + "') failed.", err);

                if (InstallMode == InstallMode.Install)
                {
                    throw err;
                }
                else
                {
                    DisplayError(err);
                }
            }
        }
コード例 #2
0
        /// <summary>
        /// Delete LSA private data.
        /// </summary>
        /// <param name="system_name">The system containing the LSA instance.</param>
        /// <param name="keyname">The name of the key.</param>
        /// <param name="throw_on_error">True to throw on error.</param>
        /// <returns>The NT status code.</returns>
        public static NtStatus LsaDeletePrivateData(string system_name, string keyname, bool throw_on_error)
        {
            using (var policy = LsaPolicy.Open(system_name, LsaPolicyAccessRights.MaximumAllowed, throw_on_error))
            {
                if (!policy.IsSuccess)
                {
                    return(policy.Status);
                }

                return(policy.Result.StorePrivateData(keyname, null, throw_on_error));
            }
        }
コード例 #3
0
        public static NtResult <SidName> LookupInternetName(Sid sid, bool throw_on_error)
        {
            using (var policy = LsaPolicy.Open(LsaPolicyAccessRights.LookupNames, throw_on_error))
            {
                if (!policy.IsSuccess)
                {
                    return(policy.Cast <SidName>());
                }

                return(policy.Result.LookupSids2(new Sid[] { sid }, LsaLookupOptionFlags.PreferInternetNames, throw_on_error).Map(e => e.First()));
            }
        }
コード例 #4
0
        protected override void ProcessRecord()
        {
            using (var policy = new LsaPolicy(this.ComputerName, LsaPolicyAccessMask.ViewLocalInformation))
            {
                var policyInfo = new LsaPolicyInformation()
                {
                    DnsDomain         = policy.QueryDnsDomainInformation(),
                    Domain            = policy.QueryAccountDomainInformation(),
                    LocalDomain       = policy.QueryLocalAccountDomainInformation(),
                    MachineAccountSid = policy.QueryMachineAccountInformation()
                };

                this.WriteObject(policyInfo);
            }
        }
コード例 #5
0
 public void LsaPolicy_QueryLocalAccountDomainInformation()
 {
     try
     {
         using (var policy = new LsaPolicy(LsaPolicyAccessMask.ViewLocalInformation))
         {
             var result = policy.QueryLocalAccountDomainInformation();
         }
     }
     catch (UnauthorizedAccessException e)
     {
         // This is expected.
         throw new AssertInconclusiveException("LSA-related tests require admin rights.", e);
     }
 }
コード例 #6
0
 public void LsaPolicy_LsaRetrievePrivateData_NonExisting()
 {
     try
     {
         using (var policy = new LsaPolicy(LsaPolicyAccessMask.GetPrivateInformation))
         {
             policy.RetrievePrivateData("bflmpsvz");
         }
     }
     catch (UnauthorizedAccessException e)
     {
         // This is expected.
         throw new AssertInconclusiveException("LSA-related tests require admin rights.", e);
     }
 }
コード例 #7
0
        protected override void ProcessRecord()
        {
            using (var policy = new LsaPolicy(this.ComputerName, LsaPolicyAccessMask.ViewLocalInformation | LsaPolicyAccessMask.TrustAdmin))
            {
                var newInfo = new LsaDnsDomainInformation()
                {
                    DnsDomainName = this.DnsDomainName,
                    DnsForestName = this.DnsForestName,
                    Guid          = this.DomainGuid,
                    Name          = this.DomainName,
                    Sid           = this.DomainSid
                };

                policy.SetDnsDomainInformation(newInfo);
            }
        }
コード例 #8
0
        /// <summary>
        /// Retrieve LSA private data.
        /// </summary>
        /// <param name="system_name">The system containing the LSA instance.</param>
        /// <param name="keyname">The name of the key.</param>
        /// <param name="throw_on_error">True to throw on error.</param>
        /// <returns>The private data as bytes.</returns>
        public static NtResult <byte[]> LsaRetrievePrivateData(string system_name, string keyname, bool throw_on_error)
        {
            if (keyname is null)
            {
                throw new ArgumentNullException(nameof(keyname));
            }

            using (var policy = LsaPolicy.Open(system_name, Policy.LsaPolicyAccessRights.GetPrivateInformation, throw_on_error))
            {
                if (!policy.IsSuccess)
                {
                    return(policy.Cast <byte[]>());
                }
                return(policy.Result.RetrievePrivateData(keyname, throw_on_error));
            }
        }
コード例 #9
0
        public bool IsUserHasLogonAsServicePrivilege(string domain, string userName)
        {
            Trace.Entering();

            ArgUtil.NotNullOrEmpty(userName, nameof(userName));
            bool userHasPermission = false;

            using (LsaPolicy lsaPolicy = new LsaPolicy())
            {
                IntPtr rightsPtr;
                uint   count;
                uint   result = LsaEnumerateAccountRights(lsaPolicy.Handle, GetSidBinaryFromWindows(domain, userName), out rightsPtr, out count);
                try
                {
                    if (result == 0)
                    {
                        IntPtr incrementPtr = rightsPtr;
                        for (int i = 0; i < count; i++)
                        {
                            LSA_UNICODE_STRING nativeRightString = Marshal.PtrToStructure <LSA_UNICODE_STRING>(incrementPtr);
                            string             rightString       = Marshal.PtrToStringUni(nativeRightString.Buffer);
                            Trace.Verbose($"Account {userName} has '{rightString}' right.");
                            if (string.Equals(rightString, s_logonAsServiceName, StringComparison.OrdinalIgnoreCase))
                            {
                                userHasPermission = true;
                            }

                            incrementPtr += Marshal.SizeOf(nativeRightString);
                        }
                    }
                    else
                    {
                        Trace.Error($"Can't enumerate account rights, return code {result}.");
                    }
                }
                finally
                {
                    result = LsaFreeMemory(rightsPtr);
                    if (result != 0)
                    {
                        Trace.Error(StringUtil.Format("Failed to free memory from LsaEnumerateAccountRights. Return code : {0} ", result));
                    }
                }
            }

            return(userHasPermission);
        }
コード例 #10
0
        /// <summary>
        /// Store LSA private data.
        /// </summary>
        /// <param name="system_name">The system containing the LSA instance.</param>
        /// <param name="keyname">The name of the key.</param>
        /// <param name="data">The data to store.</param>
        /// <param name="throw_on_error">True to throw on error.</param>
        /// <returns>The NT status code.</returns>
        public static NtStatus LsaStorePrivateData(string system_name, string keyname, byte[] data, bool throw_on_error)
        {
            if (data is null)
            {
                throw new ArgumentNullException(nameof(data));
            }

            using (var policy = LsaPolicy.Open(system_name, LsaPolicyAccessRights.CreateSecret, throw_on_error))
            {
                if (!policy.IsSuccess)
                {
                    return(policy.Status);
                }

                return(policy.Result.StorePrivateData(keyname, data, throw_on_error));
            }
        }
コード例 #11
0
 public bool GrantUserLogonAsServicePrivilage(string domain, string userName)
 {
     Trace.Entering();
     ArgUtil.NotNullOrEmpty(userName, nameof(userName));
     using (LsaPolicy lsaPolicy = new LsaPolicy())
     {
         // STATUS_SUCCESS == 0
         uint result = LsaAddAccountRights(lsaPolicy.Handle, GetSidBinaryFromWindows(domain, userName), LogonAsServiceRights, 1);
         if (result == 0)
         {
             Trace.Info($"Successfully grant logon as service privilage to account '{userName}'");
             return(true);
         }
         else
         {
             Trace.Info($"Fail to grant logon as service privilage to account '{userName}', error code {result}.");
             return(false);
         }
     }
 }
コード例 #12
0
        public void LsaPolicy_SetDnsDomainInformation()
        {
            try
            {
                using (var policy = new LsaPolicy(LsaPolicyAccessMask.ViewLocalInformation | LsaPolicyAccessMask.TrustAdmin))
                {
                    // Retrieve domain info
                    var info = policy.QueryDnsDomainInformation();

                    // Now try to set it to the same value.
                    // BE CAREFUL WHEN TESTING THIS!!!
                    policy.SetDnsDomainInformation(info);
                }
            }
            catch (UnauthorizedAccessException e)
            {
                // This is expected.
                throw new AssertInconclusiveException("LSA-related tests require admin rights.", e);
            }
        }
コード例 #13
0
        public void            AccountLSASetServiceLogonRigh()
        {
            try {
                Console.WriteLine("# Set lsa policies SeServiceLogonRight on user: "******"SeServiceLogonRight");
            }
            catch (Exception err) {
                err = new InstallerException("AccountLSASetServiceLogonRigh('" + AccountName + "') failed.", err);

                if (InstallMode == InstallMode.Install)
                {
                    throw err;
                }
                else
                {
                    DisplayError(err);
                }
            }
        }
コード例 #14
0
        public bool CheckUserHasLogonAsServicePrivilege(string domain, string userName)
        {
            Trace.Entering();

            ArgUtil.NotNullOrEmpty(userName, nameof(userName));
            bool userHasPermission = false;

            using (LsaPolicy lsaPolicy = new LsaPolicy())
            {
                IntPtr rightsPtr;
                uint count;
                uint result = LsaEnumerateAccountRights(lsaPolicy.Handle, GetSidBinaryFromWindows(domain, userName), out rightsPtr, out count);
                try
                {
                    if (result == 0)
                    {
                        IntPtr incrementPtr = rightsPtr;
                        for (int i = 0; i < count; i++)
                        {
                            LSA_UNICODE_STRING nativeRightString = Marshal.PtrToStructure<LSA_UNICODE_STRING>(incrementPtr);
                            string rightString = Marshal.PtrToStringAnsi(nativeRightString.Buffer);
                            if (string.Equals(rightString, s_logonAsServiceName, StringComparison.OrdinalIgnoreCase))
                            {
                                userHasPermission = true;
                            }

                            incrementPtr += Marshal.SizeOf(nativeRightString);
                        }
                    }
                }
                finally
                {
                    result = LsaFreeMemory(rightsPtr);
                    if (result != 0)
                    {
                        Trace.Error(StringUtil.Format("Failed to free memory from LsaEnumerateAccountRights. Return code : {0} ", result));
                    }
                }
            }
            return userHasPermission;
        }