コード例 #1
0
 /// <summary>
 /// Compares two sids to see if their prefixes are the same. The sids must have the same number of subauthorities.
 /// </summary>
 /// <param name="sid">The sid to compare against</param>
 /// <returns>True if the sids share a prefix.</returns>
 public bool EqualPrefix(Sid sid)
 {
     using (SafeSidBufferHandle sid1 = ToSafeBuffer(), sid2 = sid.ToSafeBuffer())
     {
         return(NtRtl.RtlEqualPrefixSid(sid1, sid2));
     }
 }
コード例 #2
0
 /// <summary>
 /// Add a SID to the boundary descriptor.
 /// </summary>
 /// <remarks>This SID is used in an access check when creating or deleting private namespaces.</remarks>
 /// <param name="sid">The SID to add.</param>
 public void AddSid(Sid sid)
 {
     using (SafeSidBufferHandle sid_buffer = sid.ToSafeBuffer())
     {
         NtRtl.RtlAddSIDToBoundaryDescriptor(ref _boundary_descriptor, sid_buffer).ToNtException();
     }
 }
コード例 #3
0
 private void AddIntegrityLevel(Sid sid)
 {
     using (SafeSidBufferHandle sid_buffer = sid.ToSafeBuffer())
     {
         NtRtl.RtlAddIntegrityLabelToBoundaryDescriptor(ref _boundary_descriptor, sid_buffer).ToNtException();
     }
 }
 internal static SafeSidBufferHandle AddSid(this DisposableList list, Sid sid)
 {
     if (sid == null)
     {
         return(SafeSidBufferHandle.Null);
     }
     return(list.AddResource(sid.ToSafeBuffer()));
 }
コード例 #5
0
        /// <summary>
        /// Do an access check between a security descriptor and a token to determine the allowed access.
        /// </summary>
        /// <param name="sd">The security descriptor</param>
        /// <param name="token">The access token.</param>
        /// <param name="access_rights">The set of access rights to check against</param>
        /// <param name="principal">An optional principal SID used to replace the SELF SID in a security descriptor.</param>
        /// <param name="generic_mapping">The type specific generic mapping (get from corresponding NtType entry).</param>
        /// <returns>The allowed access mask as a unsigned integer.</returns>
        /// <exception cref="NtException">Thrown if an error occurred in the access check.</exception>
        public static AccessMask GetAllowedAccess(SecurityDescriptor sd, NtToken token,
                                                  AccessMask access_rights, Sid principal, GenericMapping generic_mapping)
        {
            if (sd == null)
            {
                throw new ArgumentNullException("sd");
            }

            if (token == null)
            {
                throw new ArgumentNullException("token");
            }

            if (access_rights.IsEmpty)
            {
                return(AccessMask.Empty);
            }

            using (SafeBuffer sd_buffer = sd.ToSafeBuffer())
            {
                using (NtToken imp_token = DuplicateForAccessCheck(token))
                {
                    using (var privs = new SafePrivilegeSetBuffer())
                    {
                        int buffer_length = privs.Length;

                        using (var self_sid = principal != null ? principal.ToSafeBuffer() : SafeSidBufferHandle.Null)
                        {
                            NtSystemCalls.NtAccessCheckByType(sd_buffer, self_sid, imp_token.Handle, access_rights,
                                                              SafeHGlobalBuffer.Null, 0, ref generic_mapping, privs,
                                                              ref buffer_length, out AccessMask granted_access, out NtStatus result_status).ToNtException();
                            if (result_status.IsSuccess())
                            {
                                return(granted_access);
                            }
                            return(AccessMask.Empty);
                        }
                    }
                }
            }
        }
コード例 #6
0
        /// <summary>
        /// Looks up the account name of a SID.
        /// </summary>
        /// <param name="sid">The SID to lookup</param>
        /// <returns>The name, or null if the lookup failed</returns>
        public static string LookupAccountSid(Sid sid)
        {
            using (SafeSidBufferHandle sid_buffer = sid.ToSafeBuffer())
            {
                StringBuilder name          = new StringBuilder(1024);
                int           length        = name.Capacity;
                StringBuilder domain        = new StringBuilder(1024);
                int           domain_length = domain.Capacity;
                if (!Win32NativeMethods.LookupAccountSid(null, sid_buffer, name,
                                                         ref length, domain, ref domain_length, out SidNameUse name_use))
                {
                    return(null);
                }

                if (domain_length == 0)
                {
                    return(name.ToString());
                }
                else
                {
                    return($@"{domain}\{name}");
                }
            }
        }
コード例 #7
0
        /// <summary>
        /// Looks up the account name of a SID.
        /// </summary>
        /// <param name="sid">The SID to lookup</param>
        /// <returns>The name, or null if the lookup failed</returns>
        public static string LookupAccountSid(Sid sid)
        {
            using (SafeSidBufferHandle sid_buffer = sid.ToSafeBuffer())
            {
                StringBuilder name          = new StringBuilder(1024);
                int           length        = name.Capacity;
                StringBuilder domain        = new StringBuilder(1024);
                int           domain_length = domain.Capacity;
                SidNameUse    name_use;
                if (!LookupAccountSid(null, sid_buffer, name, ref length, domain, ref domain_length, out name_use))
                {
                    return(null);
                }

                if (domain_length == 0)
                {
                    return(name.ToString());
                }
                else
                {
                    return(String.Format("{0}\\{1}", domain, name));
                }
            }
        }
コード例 #8
0
 /// <summary>
 /// Compares two sids to see if their prefixes are the same.
 /// </summary>
 /// <param name="sid">The sid to compare against</param>
 /// <returns>True if the sids share a prefix.</returns>
 public bool EqualPrefix(Sid sid)
 {
     using (SafeSidBufferHandle sid1 = ToSafeBuffer(), sid2 = sid.ToSafeBuffer())
     {
         return NtRtl.RtlEqualPrefixSid(sid1, sid2);
     }
 }