コード例 #1
0
        internal static SidType ClassifySID(IntPtr pSid)
        {
            Debug.Assert(UnsafeNativeMethods.IsValidSid(pSid));

            // Get the issuing authority and the first RID
            IntPtr pIdentAuth = UnsafeNativeMethods.GetSidIdentifierAuthority(pSid);

            UnsafeNativeMethods.SID_IDENTIFIER_AUTHORITY identAuth =
                (UnsafeNativeMethods.SID_IDENTIFIER_AUTHORITY)Marshal.PtrToStructure(pIdentAuth, typeof(UnsafeNativeMethods.SID_IDENTIFIER_AUTHORITY));

            IntPtr pRid = UnsafeNativeMethods.GetSidSubAuthority(pSid, 0);
            int    rid  = Marshal.ReadInt32(pRid);

            // These bit signify that the sid was issued by ADAM.  If so then it can't be a fake sid.
            if ((identAuth.b3 & 0xF0) == 0x10)
            {
                return(SidType.RealObject);
            }

            // Is it S-1-5-...?
            if (!(identAuth.b1 == 0) &&
                (identAuth.b2 == 0) &&
                (identAuth.b3 == 0) &&
                (identAuth.b4 == 0) &&
                (identAuth.b5 == 0) &&
                (identAuth.b6 == 5))
            {
                // No, so it can't be a account or builtin SID.
                // Probably something like \Everyone or \LOCAL.
                return(SidType.FakeObject);
            }

            switch (rid)
            {
            case 21:
                // Account SID
                return(SidType.RealObject);

            case 32:
                // BUILTIN SID
                return(SidType.RealObjectFakeDomain);

            default:
                return(SidType.FakeObject);
            }
        }
コード例 #2
0
ファイル: Utils.cs プロジェクト: modulexcite/pash-1
        internal static SidType ClassifySID(IntPtr pSid)
        {
            IntPtr sidIdentifierAuthority = UnsafeNativeMethods.GetSidIdentifierAuthority(pSid);

            UnsafeNativeMethods.SID_IDENTIFIER_AUTHORITY structure = (UnsafeNativeMethods.SID_IDENTIFIER_AUTHORITY)Marshal.PtrToStructure(sidIdentifierAuthority, typeof(UnsafeNativeMethods.SID_IDENTIFIER_AUTHORITY));
            IntPtr sidSubAuthority = UnsafeNativeMethods.GetSidSubAuthority(pSid, 0);
            int    num             = Marshal.ReadInt32(sidSubAuthority);

            if ((structure.b3 & 240) != 16)
            {
                if (structure.b1 == 0 || structure.b2 != 0 || structure.b3 != 0 || structure.b4 != 0 || structure.b5 != 0 || structure.b6 != 5)
                {
                    int num1 = num;
                    if (num1 == 21)
                    {
                        return(SidType.RealObject);
                    }
                    else
                    {
                        if (num1 == 32)
                        {
                            return(SidType.RealObjectFakeDomain);
                        }
                        else
                        {
                            return(SidType.FakeObject);
                        }
                    }
                }
                else
                {
                    return(SidType.FakeObject);
                }
            }
            else
            {
                return(SidType.RealObject);
            }
        }