internal static NtResult <IEnumerable <AccountRight> > GetAccountRights(string system_name, Sid sid, bool throw_on_error)
{
if (sid is null)
{
throw new ArgumentNullException(nameof(sid));
}
using (var policy = LsaPolicy.Open(system_name, LsaPolicyAccessRights.GenericExecute, throw_on_error))
{
if (!policy.IsSuccess)
{
return(policy.Cast <IEnumerable <AccountRight> >());
}
var account_rights = policy.Result.EnumerateAccountRights(sid, throw_on_error);
if (!account_rights.IsSuccess)
{
return(account_rights.Cast <IEnumerable <AccountRight> >());
}
return(account_rights.Result.Select(s => new AccountRight(system_name, s,
policy.Result.EnumerateAccountsWithUserRight(s, false).GetResultOrDefault()))
.ToList().AsReadOnly().CreateResult <IEnumerable <AccountRight> >());
}
}
internal static NtResult <IReadOnlyList <Sid> > GetSids(string system_name, string name, bool throw_on_error)
{
using (var policy = LsaPolicy.Open(system_name, LsaPolicyAccessRights.GenericExecute, throw_on_error))
{
if (!policy.IsSuccess)
{
return(policy.Cast <IReadOnlyList <Sid> >());
}
return(policy.Result.EnumerateAccountsWithUserRight(name, throw_on_error));
}
}
internal static NtStatus RemoveAccountRights(string system_name, Sid sid, bool remove_all, IEnumerable <string> account_rights, bool throw_on_error)
{
if (sid is null)
{
throw new ArgumentNullException(nameof(sid));
}
if (account_rights is null)
{
throw new ArgumentNullException(nameof(account_rights));
}
using (var policy = LsaPolicy.Open(system_name, LsaPolicyAccessRights.LookupNames, throw_on_error))
{
if (!policy.IsSuccess)
{
return(policy.Status);
}
return(policy.Result.RemoveAccountRights(sid, remove_all, account_rights, throw_on_error));
}
}