private static SecurityIdentifier[] ParseExtraSids(NdrBinaryReader pacStream, int extraSidCount, int extraSidPointer) { if (extraSidPointer == 0) { return(new SecurityIdentifier[0]); } int realExtraSidCount = pacStream.ReadInt(); if (realExtraSidCount != extraSidCount) { throw new InvalidDataException($"Expected Sid count {extraSidCount} doesn't match actual sid count {realExtraSidCount}"); } var extraSidAtts = new SecurityIdentifier[extraSidCount]; var pointers = new int[extraSidCount]; var attributes = new SidAttributes[extraSidCount]; for (int i = 0; i < extraSidCount; i++) { pointers[i] = pacStream.ReadInt(); attributes[i] = (SidAttributes)pacStream.ReadUnsignedInt(); } for (int i = 0; i < extraSidCount; i++) { SecurityIdentifier sid = null; if (pointers[i] != 0) { sid = new SecurityIdentifier(pacStream.ReadSid(), attributes[i]); } extraSidAtts[i] = sid; } return(extraSidAtts); }
public PacLogonInfo(byte[] node) { var pacStream = new NdrBinaryReader(node); Header = new RpcHeader(pacStream); LogonTime = pacStream.ReadFiletime(); LogoffTime = pacStream.ReadFiletime(); KickOffTime = pacStream.ReadFiletime(); PwdLastChangeTime = pacStream.ReadFiletime(); PwdCanChangeTime = pacStream.ReadFiletime(); PwdMustChangeTime = pacStream.ReadFiletime(); var userName = pacStream.ReadRPCUnicodeString(); var userDisplayName = pacStream.ReadRPCUnicodeString(); var logonScript = pacStream.ReadRPCUnicodeString(); var profilePath = pacStream.ReadRPCUnicodeString(); var homeDirectory = pacStream.ReadRPCUnicodeString(); var homeDrive = pacStream.ReadRPCUnicodeString(); LogonCount = pacStream.ReadShort(); BadPasswordCount = pacStream.ReadShort(); var userSid = pacStream.ReadRid(); var groupSid = pacStream.ReadRid(); // Groups information var groupCount = pacStream.ReadInt(); var groupPointer = pacStream.ReadInt(); UserFlags = (UserFlags)pacStream.ReadInt(); // sessionKey pacStream.Read(new byte[16]); var serverNameString = pacStream.ReadRPCUnicodeString(); var domainNameString = pacStream.ReadRPCUnicodeString(); var domainIdPointer = pacStream.ReadInt(); // reserved1 pacStream.Read(new byte[8]); UserAccountControl = (UserAccountControlFlags)pacStream.ReadInt(); SubAuthStatus = pacStream.ReadInt(); LastSuccessfulILogon = pacStream.ReadFiletime(); LastFailedILogon = pacStream.ReadFiletime(); FailedILogonCount = pacStream.ReadInt(); // reserved3 pacStream.ReadInt(); // Extra SIDs information var extraSidCount = pacStream.ReadInt(); var extraSidPointer = pacStream.ReadInt(); var resourceDomainIdPointer = pacStream.ReadInt(); var resourceGroupCount = pacStream.ReadInt(); var resourceGroupPointer = pacStream.ReadInt(); UserName = userName.ReadString(pacStream); UserDisplayName = userDisplayName.ReadString(pacStream); LogonScript = logonScript.ReadString(pacStream); ProfilePath = profilePath.ReadString(pacStream); HomeDirectory = homeDirectory.ReadString(pacStream); HomeDrive = homeDrive.ReadString(pacStream); // Groups data var groupSids = ParseAttributes(pacStream, groupCount, groupPointer); // Server related strings ServerName = serverNameString.ReadString(pacStream); DomainName = domainNameString.ReadString(pacStream); if (domainIdPointer != 0) { DomainSid = pacStream.ReadSid(); } UserSid = userSid.AppendTo(DomainSid); GroupSid = groupSid.AppendTo(DomainSid); GroupSids = groupSids.Select(g => g.AppendTo(DomainSid)).ToList(); if (UserFlags.HasFlag(UserFlags.LOGON_EXTRA_SIDS)) { ExtraSids = ParseExtraSids(pacStream, extraSidCount, extraSidPointer).Select(e => e.AppendTo(DomainSid)).ToList(); } if (resourceDomainIdPointer != 0) { ResourceDomainSid = pacStream.ReadSid(); } if (UserFlags.HasFlag(UserFlags.LOGON_RESOURCE_GROUPS)) { ResourceGroups = ParseAttributes( pacStream, resourceGroupCount, resourceGroupPointer ).Select(g => g.AppendTo(DomainSid)).ToList(); } }