private static SecurityIdentifier[] ParseExtraSids(NdrBinaryStream Stream, int extraSidCount, int extraSidPointer)
{
if (extraSidPointer == 0)
{
return(new SecurityIdentifier[0]);
}
int realExtraSidCount = Stream.ReadInt();
if (realExtraSidCount != extraSidCount)
{
throw new InvalidDataException($"Expected Sid count {extraSidCount} doesn't match actual sid count {realExtraSidCount}");
}
var extraSidAtts = new SecurityIdentifier[extraSidCount];
var pointers = new int[extraSidCount];
var attributes = new SidAttributes[extraSidCount];
for (int i = 0; i < extraSidCount; i++)
{
pointers[i] = Stream.ReadInt();
attributes[i] = (SidAttributes)Stream.ReadUnsignedInt();
}
for (int i = 0; i < extraSidCount; i++)
{
SecurityIdentifier sid = null;
if (pointers[i] != 0)
{
sid = new SecurityIdentifier(Stream.ReadSid(), attributes[i]);
}
extraSidAtts[i] = sid;
}
return(extraSidAtts);
}
public override void ReadBody(NdrBinaryStream stream)
{
LogonTime = stream.ReadFiletime();
LogoffTime = stream.ReadFiletime();
KickOffTime = stream.ReadFiletime();
PwdLastChangeTime = stream.ReadFiletime();
PwdCanChangeTime = stream.ReadFiletime();
PwdMustChangeTime = stream.ReadFiletime();
var userName = stream.ReadRPCUnicodeString();
var userDisplayName = stream.ReadRPCUnicodeString();
var logonScript = stream.ReadRPCUnicodeString();
var profilePath = stream.ReadRPCUnicodeString();
var homeDirectory = stream.ReadRPCUnicodeString();
var homeDrive = stream.ReadRPCUnicodeString();
LogonCount = stream.ReadShort();
BadPasswordCount = stream.ReadShort();
var userSid = stream.ReadRid();
var groupSid = stream.ReadRid();
// Groups information
var groupCount = stream.ReadInt();
var groupPointer = stream.ReadInt();
UserFlags = (UserFlags)stream.ReadInt();
// sessionKey
stream.Read(new byte[16]);
var serverNameString = stream.ReadRPCUnicodeString();
var domainNameString = stream.ReadRPCUnicodeString();
var domainIdPointer = stream.ReadInt();
// reserved1
stream.Read(new byte[8]);
UserAccountControl = (UserAccountControlFlags)stream.ReadInt();
SubAuthStatus = stream.ReadInt();
LastSuccessfulILogon = stream.ReadFiletime();
LastFailedILogon = stream.ReadFiletime();
FailedILogonCount = stream.ReadInt();
// reserved3
stream.ReadInt();
// Extra SIDs information
var extraSidCount = stream.ReadInt();
var extraSidPointer = stream.ReadInt();
var resourceDomainIdPointer = stream.ReadInt();
var resourceGroupCount = stream.ReadInt();
var resourceGroupPointer = stream.ReadInt();
UserName = userName.ReadString(stream);
UserDisplayName = userDisplayName.ReadString(stream);
LogonScript = logonScript.ReadString(stream);
ProfilePath = profilePath.ReadString(stream);
HomeDirectory = homeDirectory.ReadString(stream);
HomeDrive = homeDrive.ReadString(stream);
// Groups data
var groupSids = ParseAttributes(stream, groupCount, groupPointer);
// Server related strings
ServerName = serverNameString.ReadString(stream);
DomainName = domainNameString.ReadString(stream);
if (domainIdPointer != 0)
{
DomainSid = stream.ReadSid();
}
UserSid = userSid.AppendTo(DomainSid);
GroupSid = groupSid.AppendTo(DomainSid);
GroupSids = groupSids.Select(g => g.AppendTo(DomainSid)).ToList();
if (UserFlags.HasFlag(UserFlags.LOGON_EXTRA_SIDS))
{
ExtraSids = ParseExtraSids(stream, extraSidCount, extraSidPointer).ToList();
}
if (resourceDomainIdPointer != 0)
{
ResourceDomainSid = stream.ReadSid();
}
if (UserFlags.HasFlag(UserFlags.LOGON_RESOURCE_GROUPS))
{
ResourceGroups = ParseAttributes(
stream,
resourceGroupCount,
resourceGroupPointer
).Select(g => g.AppendTo(ResourceDomainSid)).ToList();
}
}
