private static SecurityIdentifier[] ParseExtraSids(NdrBinaryStream Stream, int extraSidCount, int extraSidPointer) { if (extraSidPointer == 0) { return(new SecurityIdentifier[0]); } int realExtraSidCount = Stream.ReadInt(); if (realExtraSidCount != extraSidCount) { throw new InvalidDataException($"Expected Sid count {extraSidCount} doesn't match actual sid count {realExtraSidCount}"); } var extraSidAtts = new SecurityIdentifier[extraSidCount]; var pointers = new int[extraSidCount]; var attributes = new SidAttributes[extraSidCount]; for (int i = 0; i < extraSidCount; i++) { pointers[i] = Stream.ReadInt(); attributes[i] = (SidAttributes)Stream.ReadUnsignedInt(); } for (int i = 0; i < extraSidCount; i++) { SecurityIdentifier sid = null; if (pointers[i] != 0) { sid = new SecurityIdentifier(Stream.ReadSid(), attributes[i]); } extraSidAtts[i] = sid; } return(extraSidAtts); }
public override void ReadBody(NdrBinaryStream stream) { LogonTime = stream.ReadFiletime(); LogoffTime = stream.ReadFiletime(); KickOffTime = stream.ReadFiletime(); PwdLastChangeTime = stream.ReadFiletime(); PwdCanChangeTime = stream.ReadFiletime(); PwdMustChangeTime = stream.ReadFiletime(); var userName = stream.ReadRPCUnicodeString(); var userDisplayName = stream.ReadRPCUnicodeString(); var logonScript = stream.ReadRPCUnicodeString(); var profilePath = stream.ReadRPCUnicodeString(); var homeDirectory = stream.ReadRPCUnicodeString(); var homeDrive = stream.ReadRPCUnicodeString(); LogonCount = stream.ReadShort(); BadPasswordCount = stream.ReadShort(); var userSid = stream.ReadRid(); var groupSid = stream.ReadRid(); // Groups information var groupCount = stream.ReadInt(); var groupPointer = stream.ReadInt(); UserFlags = (UserFlags)stream.ReadInt(); // sessionKey stream.Read(new byte[16]); var serverNameString = stream.ReadRPCUnicodeString(); var domainNameString = stream.ReadRPCUnicodeString(); var domainIdPointer = stream.ReadInt(); // reserved1 stream.Read(new byte[8]); UserAccountControl = (UserAccountControlFlags)stream.ReadInt(); SubAuthStatus = stream.ReadInt(); LastSuccessfulILogon = stream.ReadFiletime(); LastFailedILogon = stream.ReadFiletime(); FailedILogonCount = stream.ReadInt(); // reserved3 stream.ReadInt(); // Extra SIDs information var extraSidCount = stream.ReadInt(); var extraSidPointer = stream.ReadInt(); var resourceDomainIdPointer = stream.ReadInt(); var resourceGroupCount = stream.ReadInt(); var resourceGroupPointer = stream.ReadInt(); UserName = userName.ReadString(stream); UserDisplayName = userDisplayName.ReadString(stream); LogonScript = logonScript.ReadString(stream); ProfilePath = profilePath.ReadString(stream); HomeDirectory = homeDirectory.ReadString(stream); HomeDrive = homeDrive.ReadString(stream); // Groups data var groupSids = ParseAttributes(stream, groupCount, groupPointer); // Server related strings ServerName = serverNameString.ReadString(stream); DomainName = domainNameString.ReadString(stream); if (domainIdPointer != 0) { DomainSid = stream.ReadSid(); } UserSid = userSid.AppendTo(DomainSid); GroupSid = groupSid.AppendTo(DomainSid); GroupSids = groupSids.Select(g => g.AppendTo(DomainSid)).ToList(); if (UserFlags.HasFlag(UserFlags.LOGON_EXTRA_SIDS)) { ExtraSids = ParseExtraSids(stream, extraSidCount, extraSidPointer).ToList(); } if (resourceDomainIdPointer != 0) { ResourceDomainSid = stream.ReadSid(); } if (UserFlags.HasFlag(UserFlags.LOGON_RESOURCE_GROUPS)) { ResourceGroups = ParseAttributes( stream, resourceGroupCount, resourceGroupPointer ).Select(g => g.AppendTo(ResourceDomainSid)).ToList(); } }