public void Query(
out string currentValue,
out DateTime currentValueSetTime,
out string oldValue,
out DateTime oldValueSetTime
)
{
NtStatus status;
IntPtr currentValueStr;
long currentValueSetTimeLong;
IntPtr oldValueStr;
long oldValueSetTimeLong;
if ((status = Win32.LsaQuerySecret(
this,
out currentValueStr,
out currentValueSetTimeLong,
out oldValueStr,
out oldValueSetTimeLong
)) >= NtStatus.Error)
{
Win32.Throw(status);
}
using (var currentValueStrAlloc = new LsaMemoryAlloc(currentValueStr))
using (var oldValueStrAlloc = new LsaMemoryAlloc(oldValueStr))
{
currentValue = currentValueStrAlloc.ReadStruct <UnicodeString>().Read();
currentValueSetTime = DateTime.FromFileTime(currentValueSetTimeLong);
oldValue = oldValueStrAlloc.ReadStruct <UnicodeString>().Read();
oldValueSetTime = DateTime.FromFileTime(oldValueSetTimeLong);
}
}
public string RetrievePrivateData(string name)
{
NtStatus status;
UnicodeString nameStr;
IntPtr privateData;
nameStr = new UnicodeString(name);
try
{
if ((status = Win32.LsaRetrievePrivateData(
this,
ref nameStr,
out privateData
)) >= NtStatus.Error)
{
Win32.Throw(status);
}
}
finally
{
nameStr.Dispose();
}
using (var privateDataAlloc = new LsaMemoryAlloc(privateData))
return(privateDataAlloc.ReadStruct <UnicodeString>().Read());
}
public void Query(
out string currentValue,
out DateTime currentValueSetTime,
out string oldValue,
out DateTime oldValueSetTime
)
{
IntPtr currentValueStr;
long currentValueSetTimeLong;
IntPtr oldValueStr;
long oldValueSetTimeLong;
Win32.LsaQuerySecret(
this,
out currentValueStr,
out currentValueSetTimeLong,
out oldValueStr,
out oldValueSetTimeLong
).ThrowIf();
using (LsaMemoryAlloc currentValueStrAlloc = new LsaMemoryAlloc(currentValueStr))
using (LsaMemoryAlloc oldValueStrAlloc = new LsaMemoryAlloc(oldValueStr))
{
currentValue = currentValueStrAlloc.ReadStruct <UnicodeString>().Text;
currentValueSetTime = DateTime.FromFileTime(currentValueSetTimeLong);
oldValue = oldValueStrAlloc.ReadStruct <UnicodeString>().Text;
oldValueSetTime = DateTime.FromFileTime(oldValueSetTimeLong);
}
}
public string LookupPrivilegeDisplayName(string name)
{
NtStatus status;
UnicodeString nameStr;
IntPtr displayName;
short language;
nameStr = new UnicodeString(name);
try
{
if ((status = Win32.LsaLookupPrivilegeDisplayName(
this,
ref nameStr,
out displayName,
out language
)) >= NtStatus.Error)
{
Win32.Throw(status);
}
}
finally
{
nameStr.Dispose();
}
using (var displayNameAlloc = new LsaMemoryAlloc(displayName))
{
return(displayNameAlloc.ReadStruct <UnicodeString>().Read());
}
}
public Sid LookupSid(string name, out SidNameUse nameUse, out string domainName)
{
NtStatus status;
UnicodeString nameStr;
IntPtr referencedDomains;
IntPtr sids;
nameStr = new UnicodeString(name);
try
{
if ((status = Win32.LsaLookupNames2(
this,
0,
1,
new UnicodeString[] { nameStr },
out referencedDomains,
out sids
)) >= NtStatus.Error)
{
Win32.ThrowLastError(status);
}
}
finally
{
nameStr.Dispose();
}
using (var referencedDomainsAlloc = new LsaMemoryAlloc(referencedDomains))
using (var sidsAlloc = new LsaMemoryAlloc(sids))
{
LsaTranslatedSid2 translatedSid = sidsAlloc.ReadStruct <LsaTranslatedSid2>();
nameUse = translatedSid.Use;
if (nameUse == SidNameUse.Invalid || nameUse == SidNameUse.Unknown)
{
domainName = null;
return(null);
}
if (translatedSid.DomainIndex != -1)
{
LsaReferencedDomainList domains = referencedDomainsAlloc.ReadStruct <LsaReferencedDomainList>();
MemoryRegion trustArray = new MemoryRegion(domains.Domains);
LsaTrustInformation trustInfo = trustArray.ReadStruct <LsaTrustInformation>(translatedSid.DomainIndex);
domainName = trustInfo.Name.Read();
}
else
{
domainName = null;
}
return(new Sid(translatedSid.Sid));
}
}
public string LookupName(Sid sid, out SidNameUse nameUse, out string domainName)
{
NtStatus status;
IntPtr referencedDomains;
IntPtr names;
if ((status = Win32.LsaLookupSids(
this,
1,
new IntPtr[] { sid },
out referencedDomains,
out names
)) >= NtStatus.Error)
{
if (status == NtStatus.NoneMapped)
{
nameUse = SidNameUse.Unknown;
domainName = null;
return(null);
}
Win32.Throw(status);
}
using (var referencedDomainsAlloc = new LsaMemoryAlloc(referencedDomains))
using (var namesAlloc = new LsaMemoryAlloc(names))
{
LsaTranslatedName translatedName = namesAlloc.ReadStruct <LsaTranslatedName>();
nameUse = translatedName.Use;
if (nameUse == SidNameUse.Invalid || nameUse == SidNameUse.Unknown)
{
domainName = null;
return(null);
}
if (translatedName.DomainIndex != -1)
{
LsaReferencedDomainList domains = referencedDomainsAlloc.ReadStruct <LsaReferencedDomainList>();
MemoryRegion trustArray = new MemoryRegion(domains.Domains);
LsaTrustInformation trustInfo = trustArray.ReadStruct <LsaTrustInformation>(translatedName.DomainIndex);
domainName = trustInfo.Name.Read();
}
else
{
domainName = null;
}
return(translatedName.Name.Read());
}
}
public string LookupPrivilegeName(Luid value)
{
NtStatus status;
IntPtr name;
if ((status = Win32.LsaLookupPrivilegeName(
this,
ref value,
out name
)) >= NtStatus.Error)
{
Win32.Throw(status);
}
using (var nameAlloc = new LsaMemoryAlloc(name))
{
return(nameAlloc.ReadStruct <UnicodeString>().Read());
}
}
/// <summary>
/// Enumerates the privileges in the policy. This requires
/// ViewLocalInformation access.
/// </summary>
/// <param name="callback">The callback for the enumeration.</param>
public void EnumPrivileges(EnumPrivilegesDelegate callback)
{
NtStatus status;
int enumerationContext = 0;
IntPtr buffer;
int count;
while (true)
{
status = Win32.LsaEnumeratePrivileges(
this,
ref enumerationContext,
out buffer,
0x100,
out count
);
if (status == NtStatus.NoMoreEntries)
{
break;
}
if (status >= NtStatus.Error)
{
Win32.Throw(status);
}
using (var bufferAlloc = new LsaMemoryAlloc(buffer))
{
for (int i = 0; i < count; i++)
{
if (!callback(new Privilege(bufferAlloc.ReadStruct <PolicyPrivilegeDefinition>(i).Name.Read())))
{
return;
}
}
}
}
}