///<summary>Grants rights to a single principal</summary>
public void AddAccountRights(IdentityReference principal, UserRight[] userRight)
{
try
{
uint ntStatus = 0;
using (Win32SecurityIdentifier securityIdentifier = new Win32SecurityIdentifier(principal))
{
LSA_UNICODE_STRING[] userRights = new LSA_UNICODE_STRING[userRight.Length];
for (int i = 0; i < userRight.Length; i++)
{
userRights[i] = ConvertToLsaUnicodeString(userRight[i].ToString());
}
ntStatus = UnsafeNativeMethods.LsaAddAccountRights(
lsaHandle,
securityIdentifier.address,
userRights,
userRights.Length
);
}
TestNtStatus(ntStatus);
}
catch
{
throw;
}
}
///<summary>Remove all rights from a principal.</summary>
public void RemoveAllAccountRights(IdentityReference principal)
{
uint ntStatus = 0;
using (Win32SecurityIdentifier securityIdentifier = new Win32SecurityIdentifier(principal))
{
ntStatus = UnsafeNativeMethods.LsaRemoveAccountRights(
lsaHandle,
securityIdentifier.address,
true,
new LSA_UNICODE_STRING[0],
0
);
TestNtStatus(ntStatus);
}
}
///<summary>Get all rights for a specific principal</summary>
public UserRight[] EnumerateAccountRights(IdentityReference principal)
{
IntPtr userRights = IntPtr.Zero;
ulong count = 0;
List <UserRight> assignedUserRights = new List <UserRight>();
try
{
uint ntStatus = 0;
using (Win32SecurityIdentifier securityIdentifier = new Win32SecurityIdentifier(principal))
{
ntStatus = UnsafeNativeMethods.LsaEnumerateAccountRights(
lsaHandle,
securityIdentifier.address,
out userRights,
out count
);
}
if (ntStatus == STATUS_OBJECT_NAME_NOT_FOUND)
{
return(assignedUserRights.ToArray());
}
TestNtStatus(ntStatus);
}
catch
{
throw;
}
for (int i = 0; i < (int)count; i++)
{
LSA_UNICODE_STRING userRight = (LSA_UNICODE_STRING)Marshal.PtrToStructure(
IntPtr.Add(userRights, i * Marshal.SizeOf(typeof(LSA_UNICODE_STRING))),
typeof(LSA_UNICODE_STRING)
);
assignedUserRights.Add((UserRight)Enum.Parse(typeof(UserRight), userRight.Buffer));
}
UnsafeNativeMethods.LsaFreeMemory(userRights);
return(assignedUserRights.ToArray());
}
