internal override bool MoveNext() { bool flag; do { flag = false; AuthZSet authZSet = this; authZSet.currentGroup = authZSet.currentGroup + 1; if (this.currentGroup < this.groupSidList.Length) { if (this.userType != ContextType.Machine) { continue; } IntPtr item = this.groupSidList[this.currentGroup].pSid; bool flag1 = false; if (Utils.ClassifySID(item) != SidType.RealObject || !UnsafeNativeMethods.EqualDomainSid(this.psUserSid.DangerousGetHandle(), item, ref flag1) || !flag1) { continue; } int lastRidFromSid = Utils.GetLastRidFromSid(item); if (lastRidFromSid != 0x201) { continue; } flag = true; } else { return(false); } }while (flag); return(true); }
internal override bool MoveNext() { bool needToRetry; do { needToRetry = false; _currentGroup++; if (_currentGroup >= _groupSidList.Length) { GlobalDebug.WriteLineIf(GlobalDebug.Info, "AuthZSet", "MoveNext: ran off end of list ({0})", _groupSidList.Length); return(false); } // Test for the NONE group for a local user. We recognize it by: // * we're enumerating the authz groups for a local machine user // * it's a domain sid (SidType.RealObject) for the same domain as the user // * it has the RID of the "Domain Users" group, 513 if (_userType == ContextType.Machine) { IntPtr pSid = _groupSidList[_currentGroup].pSid; bool sameDomain = false; if (Utils.ClassifySID(pSid) == SidType.RealObject && UnsafeNativeMethods.EqualDomainSid(_psUserSid.DangerousGetHandle(), pSid, ref sameDomain)) { if (sameDomain) { int lastRid = Utils.GetLastRidFromSid(pSid); if (lastRid == 513) // DOMAIN_GROUP_RID_USERS { // This is the NONE group for a local user. This isn't a real group, and // has no impact on authorization (per ColinBr). Skip it. needToRetry = true; GlobalDebug.WriteLineIf(GlobalDebug.Info, "AuthZSet", "MoveNext: found NONE group, skipping"); } } } } }while (needToRetry); return(true); }
internal static bool IsSamUser() { bool flag; bool flag1; IntPtr zero = IntPtr.Zero; IntPtr machineDomainSid = IntPtr.Zero; try { zero = Utils.GetCurrentUserSid(); SidType sidType = Utils.ClassifySID(zero); if (sidType != SidType.RealObject) { flag = true; } else { machineDomainSid = Utils.GetMachineDomainSid(); bool flag2 = false; UnsafeNativeMethods.EqualDomainSid(zero, machineDomainSid, ref flag2); if (flag2) { flag1 = !Utils.IsMachineDC(null); } else { flag1 = false; } flag = flag1; } } finally { if (zero != IntPtr.Zero) { Marshal.FreeHGlobal(zero); } if (machineDomainSid != IntPtr.Zero) { Marshal.FreeHGlobal(machineDomainSid); } } return(flag); }
internal static bool IsSamUser() { // // Basic algorithm // // Get SID of current user (via OpenThreadToken/GetTokenInformation/CloseHandle for TokenUser) // // Is the user SID of the form S-1-5-21-... (does GetSidIdentityAuthority(u) == 5 and GetSidSubauthority(u, 0) == 21)? // If NO ---> is local user // If YES ---> // Get machine domain SID (via LsaOpenPolicy/LsaQueryInformationPolicy for PolicyAccountDomainInformation/LsaClose) // Does EqualDomainSid indicate the current user SID and the machine domain SID have the same domain? // If YES --> // IS the local machine a DC // If NO --> is local user // If YES --> is _not_ local user // If NO --> is _not_ local user // IntPtr pCopyOfUserSid = IntPtr.Zero; IntPtr pMachineDomainSid = IntPtr.Zero; try { // Get the user's SID pCopyOfUserSid = GetCurrentUserSid(); // Is it of S-1-5-21 form: Is the issuing authority NT_AUTHORITY and the RID NT_NOT_UNIQUE? SidType sidType = ClassifySID(pCopyOfUserSid); if (sidType == SidType.RealObject) { // It's a domain SID. Now, is the domain portion for the local machine, or something else? // Get the machine domain SID pMachineDomainSid = GetMachineDomainSid(); // Does the user SID have the same domain as the machine SID? bool sameDomain = false; bool success = UnsafeNativeMethods.EqualDomainSid(pCopyOfUserSid, pMachineDomainSid, ref sameDomain); // Since both pCopyOfUserSid and pMachineDomainSid should always be account SIDs Debug.Assert(success == true); // If user SID is the same domain as the machine domain, and the machine is not a DC then the user is a local (machine) user return(sameDomain ? !IsMachineDC(null) : false); } else { // It's not a domain SID, must be local (e.g., NT AUTHORITY\foo, or BUILTIN\foo) return(true); } } finally { if (pCopyOfUserSid != IntPtr.Zero) { Marshal.FreeHGlobal(pCopyOfUserSid); } if (pMachineDomainSid != IntPtr.Zero) { Marshal.FreeHGlobal(pMachineDomainSid); } } }