コード例 #1
0
        /// <summary>
        /// Creates a Security Identity from an object name (e.g. DOMAIN\AccountName)
        /// </summary>
        /// <param name="name">A security object name (i.e. a Computer, Account, or Group)</param>
        /// <returns>A populated Security Identity</returns>
        public static SecurityIdentity SecurityIdentityFromName(string name)
        {
            if (name == null)
            {
                throw new ArgumentNullException("name");
            }

            if (name == "")
            {
                throw new ArgumentException("Argument 'name' cannot be the empty string.", "name");
            }

            LSA_OBJECT_ATTRIBUTES attribs = new LSA_OBJECT_ATTRIBUTES();

            attribs.Attributes               = 0;
            attribs.ObjectName               = IntPtr.Zero;
            attribs.RootDirectory            = IntPtr.Zero;
            attribs.SecurityDescriptor       = IntPtr.Zero;
            attribs.SecurityQualityOfService = IntPtr.Zero;
            attribs.Length = (uint)Marshal.SizeOf(attribs);

            IntPtr handle;

            int status = SecurityIdentity.LsaOpenPolicy(IntPtr.Zero, ref attribs, ACCESS_MASK.POLICY_LOOKUP_NAMES, out handle);

            if (status != 0)
            {
                throw new ExternalException("Unable to Find Object: " + Util.GetErrorMessage(SecurityIdentity.LsaNtStatusToWinError(status)));
            }

            try
            {
                LSA_UNICODE_STRING nameString = new LSA_UNICODE_STRING();
                nameString.Buffer    = name;
                nameString.Length    = (ushort)(name.Length * UnicodeEncoding.CharSize);
                nameString.MaxLength = (ushort)(name.Length * UnicodeEncoding.CharSize + UnicodeEncoding.CharSize);

                IntPtr domains;
                IntPtr sids;

                status = SecurityIdentity.LsaLookupNames2(handle, 0, 1, new LSA_UNICODE_STRING[] { nameString }, out domains, out sids);

                if (status != 0)
                {
                    throw new ExternalException("Unable to Find Object: " + Util.GetErrorMessage(SecurityIdentity.LsaNtStatusToWinError(status)));
                }

                try
                {
                    SecurityIdentity secId = new SecurityIdentity();

                    LSA_TRANSLATED_SID2 lsaSid = (LSA_TRANSLATED_SID2)Marshal.PtrToStructure(sids, typeof(LSA_TRANSLATED_SID2));

                    IntPtr sidStruct = lsaSid.Sid;

                    IntPtr sidString = IntPtr.Zero;

                    // Get the SID string
                    if (!SecurityIdentity.ConvertSidToStringSid(sidStruct, out sidString))
                    {
                        throw new ExternalException("Unable to Find Object: " + Util.GetErrorMessage(Util.GetLastError()));
                    }

                    try
                    {
                        // Marshal and store the SID string
                        secId.sid = Marshal.PtrToStringAnsi(sidString);
                    }
                    finally
                    {
                        if (sidString != IntPtr.Zero)
                        {
                            Util.LocalFree(sidString);
                        }
                    }

                    // Check if the SID is a well known SID
                    secId.wellKnownSidType = (WELL_KNOWN_SID_TYPE)Array.IndexOf <string>(SecurityIdentity.wellKnownSids, secId.sid);

                    SID_NAME_USE nameUse;

                    uint nameLen   = 0;
                    uint domainLen = 0;

                    // Get the lengths for the object and domain names
                    SecurityIdentity.LookupAccountSid(null, sidStruct, IntPtr.Zero, ref nameLen, IntPtr.Zero, ref domainLen, out nameUse);

                    if (nameLen == 0)
                    {
                        throw new ExternalException("Unable to Find SID: " + Util.GetErrorMessage(Util.GetLastError()));
                    }

                    IntPtr accountName = Marshal.AllocHGlobal((IntPtr)nameLen);
                    IntPtr domainName  = domainLen > 0 ? Marshal.AllocHGlobal((IntPtr)domainLen) : IntPtr.Zero;

                    try
                    {
                        // Get the object and domain names
                        if (!SecurityIdentity.LookupAccountSid(null, sidStruct, accountName, ref nameLen, domainName, ref domainLen, out nameUse))
                        {
                            throw new ExternalException("Unable to Find SID: " + Util.GetErrorMessage(Util.GetLastError()));
                        }

                        // Marshal and store the object name
                        secId.name = String.Format("{0}{1}{2}", domainLen > 1 ? Marshal.PtrToStringAnsi(domainName) : "", domainLen > 1 ? "\\" : "", Marshal.PtrToStringAnsi(accountName));

                        return(secId);
                    }
                    finally
                    {
                        if (accountName != IntPtr.Zero)
                        {
                            Marshal.FreeHGlobal(accountName);
                        }
                        if (domainName != IntPtr.Zero)
                        {
                            Marshal.FreeHGlobal(domainName);
                        }
                    }
                }
                finally
                {
                    if (domains != IntPtr.Zero)
                    {
                        SecurityIdentity.LsaFreeMemory(domains);
                    }
                    if (sids != IntPtr.Zero)
                    {
                        SecurityIdentity.LsaFreeMemory(sids);
                    }
                }
            }
            finally
            {
                if (handle != IntPtr.Zero)
                {
                    SecurityIdentity.LsaClose(handle);
                }
            }
        }
コード例 #2
0
        /// <summary>
        /// Creates a Security Identity for a well known SID (such as LOCAL SYSTEM)
        /// </summary>
        /// <param name="sidType">The type of well known SID</param>
        /// <returns>A populated Security Identity</returns>
        public static SecurityIdentity SecurityIdentityFromWellKnownSid(WELL_KNOWN_SID_TYPE sidType)
        {
            if (sidType == WELL_KNOWN_SID_TYPE.None)
            {
                throw new ExternalException("Unable to Get Well Known SID");
            }

            SecurityIdentity secId = new SecurityIdentity();

            secId.wellKnownSidType = sidType;

            // Get the size required for the SID
            uint size = SecurityIdentity.GetSidLengthRequired(SecurityIdentity.SID_MAX_SUB_AUTHORITIES);;

            IntPtr sidStruct = Marshal.AllocHGlobal((IntPtr)size);

            try
            {
                // Get the SID struct from the well known SID type
                if (!SecurityIdentity.CreateWellKnownSid(sidType, IntPtr.Zero, sidStruct, ref size))
                {
                    throw new ExternalException("Unable to Get Well Known SID");
                }

                IntPtr sidString = IntPtr.Zero;

                // Convert the SID structure to a SID string
                SecurityIdentity.ConvertSidToStringSid(sidStruct, out sidString);

                try
                {
                    // Marshal and store the SID string
                    secId.sid = Marshal.PtrToStringAnsi(sidString);
                }
                finally
                {
                    if (sidString != IntPtr.Zero)
                    {
                        Util.LocalFree(sidString);
                    }
                }

                uint nameLen   = 0;
                uint domainLen = 0;

                SID_NAME_USE nameUse;

                // Get the lengths of the object and domain names
                SecurityIdentity.LookupAccountSid(null, sidStruct, IntPtr.Zero, ref nameLen, IntPtr.Zero, ref domainLen, out nameUse);

                if (nameLen == 0)
                {
                    throw new ExternalException("Unable to Find SID");
                }

                IntPtr accountName = Marshal.AllocHGlobal((IntPtr)nameLen);
                IntPtr domainName  = domainLen > 0 ? Marshal.AllocHGlobal((IntPtr)domainLen) : IntPtr.Zero;

                try
                {
                    // Get the object and domain names
                    if (!SecurityIdentity.LookupAccountSid(null, sidStruct, accountName, ref nameLen, domainName, ref domainLen, out nameUse))
                    {
                        throw new ExternalException("Unable to Find SID");
                    }

                    // Marshal and store the object name
                    secId.name = String.Format("{0}{1}{2}", domainLen > 1 ? Marshal.PtrToStringAnsi(domainName) : "", domainLen > 1 ? "\\" : "", Marshal.PtrToStringAnsi(accountName));
                }
                finally
                {
                    if (accountName != IntPtr.Zero)
                    {
                        Marshal.FreeHGlobal(accountName);
                    }
                    if (domainName != IntPtr.Zero)
                    {
                        Marshal.FreeHGlobal(domainName);
                    }
                }
            }
            finally
            {
                if (sidStruct != IntPtr.Zero)
                {
                    Marshal.FreeHGlobal(sidStruct);
                }
            }

            return(secId);
        }
コード例 #3
0
        /// <summary>
        /// Creates a Security Identity from a SID string
        /// </summary>
        /// <param name="sid">A SID string (Format: S-1-1-...) or well known SID abbreviation (e.g. DA)</param>
        /// <returns>A populated Security Identity</returns>
        public static SecurityIdentity SecurityIdentityFromString(string sid)
        {
            if (sid == null)
            {
                throw new ArgumentNullException("sid");
            }

            if (sid == "")
            {
                throw new ArgumentException("Argument 'sid' cannot be the empty string.", "sid");
            }

            if (!sid.StartsWith("S-"))
            {
                // If the string is not a SID string (S-1-n-...) assume it is a SDDL abbreviation
                return(SecurityIdentity.SecurityIdentityFromWellKnownSid(SecurityIdentity.GetWellKnownSidTypeFromSddlAbbreviation(sid)));
            }

            SecurityIdentity secId = new SecurityIdentity();

            secId.sid = sid;

            // Check if the SID is a well known SID
            secId.wellKnownSidType = (WELL_KNOWN_SID_TYPE)Array.IndexOf <string>(SecurityIdentity.wellKnownSids, secId.sid);

            IntPtr sidStruct;

            // Convert the SID string to a SID structure
            if (!SecurityIdentity.ConvertStringSidToSid(sid, out sidStruct))
            {
                throw new ExternalException(String.Format("Error Converting SID String to SID Structur: {0}", Util.GetErrorMessage(Util.GetLastError())));
            }

            try
            {
                uint nameLen   = 0;
                uint domainLen = 0;

                SID_NAME_USE nameUse;

                // Get the lengths of the object and domain names
                SecurityIdentity.LookupAccountSid(null, sidStruct, IntPtr.Zero, ref nameLen, IntPtr.Zero, ref domainLen, out nameUse);

                if (nameLen == 0)
                {
                    throw new ExternalException("Unable to Find SID");
                }

                IntPtr accountName = Marshal.AllocHGlobal((IntPtr)nameLen);
                IntPtr domainName  = domainLen > 0 ? Marshal.AllocHGlobal((IntPtr)domainLen) : IntPtr.Zero;

                try
                {
                    // Get the object and domain names
                    if (!SecurityIdentity.LookupAccountSid(null, sidStruct, accountName, ref nameLen, domainName, ref domainLen, out nameUse))
                    {
                        throw new ExternalException("Unable to Find SID");
                    }

                    // Marshal and store the object name
                    secId.name = String.Format("{0}{1}{2}", domainLen > 1 ? Marshal.PtrToStringAnsi(domainName) : "", domainLen > 1 ? "\\" : "", Marshal.PtrToStringAnsi(accountName));
                }
                finally
                {
                    if (accountName != IntPtr.Zero)
                    {
                        Marshal.FreeHGlobal(accountName);
                    }
                    if (domainName != IntPtr.Zero)
                    {
                        Marshal.FreeHGlobal(domainName);
                    }
                }
            }
            finally
            {
                if (sidStruct != IntPtr.Zero)
                {
                    Util.LocalFree(sidStruct);
                }
            }

            return(secId);
        }