public System.IntPtr MarshalManagedToNative(object ManagedObj)
{
LSA_UNICODE_STRING lus = new LSA_UNICODE_STRING();
IntPtr memory = Marshal.AllocHGlobal(nativeSize);
myAllocated[memory] = memory;
//Console.WriteLine("MarshalManagedToNative");
lus.SetTo((string)ManagedObj);
Marshal.StructureToPtr(lus, memory, true);
return(memory);
}
public static void SetRight(string ComputerName, string domainAccount, string privilegeName, bool bRemove)
{
StringBuilder domainName = new StringBuilder(20);
IntPtr pSid = IntPtr.Zero;
uint sidSize = 0,
nameSize = 0;
SID_NAME_USE accountType;
int winErrorCode;
string errorMessage;
// This first call makes sure we get the buffer sizes correctly. We use NULL for system name, because it needs to be sent to the domains trusted by local system
if (!LookupAccountName(null, domainAccount, pSid, ref sidSize, domainName, ref nameSize, out accountType))
{
winErrorCode = Marshal.GetLastWin32Error();
if (winErrorCode == ERROR_INSUFFICIENT_BUFFER || winErrorCode == ERROR_INVALID_FLAGS)
{
domainName.EnsureCapacity((int)nameSize);
pSid = Marshal.AllocHGlobal((int)sidSize);
if (!LookupAccountName(null, domainAccount, pSid, ref sidSize, domainName, ref nameSize, out accountType))
{
// Got the sizes corretly but other bad things happened.
winErrorCode = Marshal.GetLastWin32Error();
errorMessage = string.Format("LookupAccountName failed: {0}", winErrorCode);
throw new Win32Exception(winErrorCode, errorMessage);
}
}
}
LSA_UNICODE_STRING systemName = new LSA_UNICODE_STRING();
systemName.SetTo(ComputerName);
IntPtr policyHandle = IntPtr.Zero;
LSA_OBJECT_ATTRIBUTES objectAttributes = CreateLSAObject();
// We are asking for too many permissions here - need to tone it down
int desiredAccess = (int)(LSA_AccessPolicy.POLICY_AUDIT_LOG_ADMIN |
LSA_AccessPolicy.POLICY_CREATE_ACCOUNT |
LSA_AccessPolicy.POLICY_CREATE_PRIVILEGE |
LSA_AccessPolicy.POLICY_CREATE_SECRET |
LSA_AccessPolicy.POLICY_GET_PRIVATE_INFORMATION |
LSA_AccessPolicy.POLICY_LOOKUP_NAMES |
LSA_AccessPolicy.POLICY_NOTIFICATION |
LSA_AccessPolicy.POLICY_SERVER_ADMIN |
LSA_AccessPolicy.POLICY_SET_AUDIT_REQUIREMENTS |
LSA_AccessPolicy.POLICY_SET_DEFAULT_QUOTA_LIMITS |
LSA_AccessPolicy.POLICY_TRUST_ADMIN |
LSA_AccessPolicy.POLICY_VIEW_AUDIT_INFORMATION |
LSA_AccessPolicy.POLICY_VIEW_LOCAL_INFORMATION
);
uint resultPolicy = LsaOpenPolicy(ref systemName, ref objectAttributes, desiredAccess, out policyHandle);
winErrorCode = LsaNtStatusToWinError(resultPolicy);
if (winErrorCode != NO_ERROR)
{
errorMessage = string.Format("OpenPolicy failed: {0} ", winErrorCode);
throw new Win32Exception(winErrorCode, errorMessage);
}
else
{
try
{
LSA_UNICODE_STRING[] userRights = new LSA_UNICODE_STRING[1];
userRights[0] = new LSA_UNICODE_STRING();
userRights[0].SetTo(privilegeName);
if (bRemove)
{
// Removes a privilege from an account
uint result = LsaRemoveAccountRights(policyHandle, pSid, false, userRights, 1);
winErrorCode = LsaNtStatusToWinError(result);
if (winErrorCode != NO_ERROR)
{
errorMessage = string.Format("LsaRemoveAccountRights failed: {0}", winErrorCode);
throw new Win32Exception((int)winErrorCode, errorMessage);
}
}
else
{
// Adds a privilege to an account
uint res = LsaAddAccountRights(policyHandle, pSid, userRights, 1);
winErrorCode = LsaNtStatusToWinError(res);
if (winErrorCode != 0)
{
errorMessage = string.Format("LsaAddAccountRights failed: {0}", winErrorCode);
throw new Win32Exception((int)winErrorCode, errorMessage);
}
}
}
finally
{
LsaClose(policyHandle);
}
}
FreeSid(pSid);
}