private void CheckAddGroup(SidInfo sInfo) { if (this.SidList.AddSafe(sInfo.Sid)) { int pos = this.Groups.Count + 1; sInfo.Position = pos; this.Groups.AddSafe(sInfo); } }
protected List <SidInfo> GetTokenGroups(string targetDC, string sddlSid) { List <SidInfo> ret = new List <SidInfo> { }; LDAPHelper ldap = new LDAPHelper(); List <SearchResultEntry> res = ldap.Query(targetDC, String.Format("<SID={0}>", sddlSid), "(objectClass=*)", new string[] { "tokenGroups", "userPrincipalName" }, SearchScope.Base, ReferralChasingOptions.None, new QueryControl() { CurrentResultEventType = QUERY_RESULT_EVENT_TYPE.FROM_DECODING }, returnResults: true); if (res.Count > 0) { foreach (byte[] bsid in res[0].Attributes["tokenGroups"].GetValues(typeof(byte[]))) { SecurityIdentifier sid = new SecurityIdentifier(bsid, 0); SidInfo sinfo = new SidInfo(bsid); ret.Add(sinfo); } foreach (string upn in res[0].Attributes["userPrincipalName"].GetValues(typeof(string))) { GlobalUserStore.UPN = upn; } } else { Info.AddFormatted("Failed on TokenGroups for {0}", sddlSid); GlobalEventHandler.RaiseDebugInfoOccured("Failed on TokenGroups for {0}", sddlSid); } return(ret); }
public static void RaiseNestingFound(string groupSid, SidInfo memberInfo) { GlobalEventArgs nargs = new GlobalEventArgs(); EventValue sid = new EventValue(); sid.SetDefaultValue <string>(groupSid); nargs.Values.Add("group", sid); EventValue member = new EventValue(); member.SetDefaultValue <SidInfo>(memberInfo); nargs.Values.Add("member", member); RaiseNestingFound(null, nargs); }
protected void GetPrivilegeAndPrincipals(string privName) { IntPtr enumbuffer = IntPtr.Zero; ulong cnt = 0; LSA_UNICODE_STRING lsapriv = NativeHelper.InitLSAString(privName); uint rc = Advapi32.LsaEnumerateAccountsWithUserRight(PolicyHandle, lsapriv, out enumbuffer, out cnt); if (rc == 0) { PrivilegeAndPrincipals privinfo = new PrivilegeAndPrincipals(privName); for (int step = 0; step < (int)cnt; step++) { LSA_ENUMERATION_INFORMATION lsaenum = (LSA_ENUMERATION_INFORMATION)Marshal.PtrToStructure(enumbuffer, typeof(LSA_ENUMERATION_INFORMATION)); SidInfo sinfo = new SidInfo(lsaenum.Sid); privinfo.Principals.AddSafe(sinfo); privinfo.SidPrincipals.AddSafe(sinfo.Sid); try { enumbuffer = (IntPtr)((Int64)enumbuffer + Marshal.SizeOf(typeof(LSA_ENUMERATION_INFORMATION))); } catch (Exception) { break; } } this.Privileges.AddSafe(privinfo); } else { string errmsg = null; if (NativeHelper.GetLastError(out errmsg) != 0) { Messages.Add("\tLsaEnumerateAccountsWithUserRight: " + errmsg); } } }
private void HandleNesting(object sender, GlobalEventArgs args) { EventValue gval = args.Values.GetValueSafe("Group"); string groupsid = gval.GetTypedValue <string>(); EventValue mval = args.Values.GetValueSafe("Member"); SidInfo member = (SidInfo)mval.GetTypedValue <object>(); if (!this.SidList.Contains(groupsid)) { this.Members.Add(member); this.SidList.Add(member.Sid); GlobalEventHandler.RaiseNestingFound(this.Sid, member); } }
private void HandleLocalGroup(LOCALGROUP_INFO_0 ginfo) { IntPtr enumbuffer = IntPtr.Zero; uint entriesread = 0; uint totalentries = 0; string sid = GetAccountSid(ginfo.lgrpi0_name); GroupInfo group = new GroupInfo(sid, ginfo.lgrpi0_name); uint rc = NetApi32.NetLocalGroupGetMembers(null, group.NTName, 1, ref enumbuffer, 0xFFFFFFFF, out entriesread, out totalentries, IntPtr.Zero); this.Success = (rc == 0); if (this.Success) { for (int cnt = 0; cnt < totalentries; cnt++) { LOCALGROUP_MEMBERS_INFO_1 member = (LOCALGROUP_MEMBERS_INFO_1)Marshal.PtrToStructure(enumbuffer, typeof(LOCALGROUP_MEMBERS_INFO_1)); string msid = GetAccountSid(member.lgrmi1_sid); SidInfo sinfo = new SidInfo(msid, member.lgrmi1_name, member.lgrmi1_sidusage); group.Members.Add(sinfo); group.SidList.Add(msid); try { enumbuffer = (IntPtr)((Int64)enumbuffer + Marshal.SizeOf(typeof(LOCALGROUP_MEMBERS_INFO_1))); } catch (Exception) { break; } } this.Groups.AddSafe(group); NetApi32.NetApiBufferFree(enumbuffer); } }
private void DecodeGroups() { IntPtr ipsids = TGP.Sids; for (int sidcnt = 1; sidcnt <= TGP.SidCount; sidcnt++) { SID_AND_ATTRIBUTES sa = (SID_AND_ATTRIBUTES)Marshal.PtrToStructure(ipsids, typeof(SID_AND_ATTRIBUTES)); SidInfo sinfo = new SidInfo(sidcnt, sa); this.SidList.AddSafe(sinfo.Sid); this.Groups.AddSafe(sinfo); try { ipsids = (IntPtr)((Int64)ipsids + Marshal.SizeOf(typeof(SID_AND_ATTRIBUTES))); } catch (Exception) { break; } } }