/// <summary> /// Enumerates rights explicitly given to the specified SID. If the given SID /// doesn't have any directly applied rights, returns an empty collection. /// </summary> public static IEnumerable <string> LsaEnumerateAccountRights(LsaHandle policyHandle, ref SID sid) { NTSTATUS status = Imports.LsaEnumerateAccountRights(policyHandle, ref sid, out var rightsBuffer, out uint rightsCount); switch (status) { case NTSTATUS.STATUS_OBJECT_NAME_NOT_FOUND: return(Enumerable.Empty <string>()); case NTSTATUS.STATUS_SUCCESS: break; default: throw ErrorMethods.GetIoExceptionForNTStatus(status); } List <string> rights = new List <string>(); Reader reader = new Reader(rightsBuffer); for (int i = 0; i < rightsCount; i++) { rights.Add(reader.ReadUNICODE_STRING()); } return(rights); }
public void EnumerateAccountRights_NoRightsFails() { LsaHandle handle = Security.LsaOpenLocalPolicy(PolicyAccessRights.Read); SID sid = Security.CreateWellKnownSid(WellKnownSID.AllApplicationPackages); Security.LsaEnumerateAccountRights(handle, in sid).Should().BeEmpty(); }
public void EnumerateAccountRights_BadSidFails() { LsaHandle handle = Security.LsaOpenLocalPolicy(PolicyAccessRights.Read); SID sid = new SID(); Action action = () => Security.LsaEnumerateAccountRights(handle, in sid); action.Should().Throw<ArgumentException>(); }
public void EnumerateAccountRights_NoRightsFails() { LsaHandle handle = AuthenticationMethods.LsaOpenLocalPolicy(PolicyAccessRights.POLICY_READ); SID sid = AuthorizationMethods.CreateWellKnownSid(WELL_KNOWN_SID_TYPE.WinBuiltinAnyPackageSid); SecurityMethods.LsaEnumerateAccountRights(handle, ref sid).Should().BeEmpty(); }
public void EnumerateAccountRights_ReadRightsFails() { LsaHandle handle = Security.LsaOpenLocalPolicy(PolicyAccessRights.Read); SID sid = Security.CreateWellKnownSid(WellKnownSID.Users); Action action = () => Security.LsaEnumerateAccountRights(handle, in sid); action.Should().Throw<UnauthorizedAccessException>(); }
public LsarCloseResponse(byte[] buffer) { NDRParser parser = new NDRParser(buffer); PolicyHandle = new LsaHandle(); parser.ReadStructure(PolicyHandle); }
public void EnumerateAccountRights_UserGroup() { LsaHandle handle = Security.LsaOpenLocalPolicy(PolicyAccessRights.Execute); SID sid = Security.CreateWellKnownSid(WellKnownSID.Users); var rights = Security.LsaEnumerateAccountRights(handle, in sid); rights.Should().NotBeEmpty(); rights.Should().Contain("SeChangeNotifyPrivilege"); }
public void EnumerateAccountRights_BadSidFails() { LsaHandle handle = AuthenticationMethods.LsaOpenLocalPolicy(PolicyAccessRights.POLICY_READ); SID sid = new SID(); Action action = () => SecurityMethods.LsaEnumerateAccountRights(handle, ref sid); action.ShouldThrow <ArgumentException>(); }
public void EnumerateAccountRights_ReadRightsFails() { LsaHandle handle = AuthenticationMethods.LsaOpenLocalPolicy(PolicyAccessRights.POLICY_READ); SID sid = AuthorizationMethods.CreateWellKnownSid(WELL_KNOWN_SID_TYPE.WinBuiltinUsersSid); Action action = () => SecurityMethods.LsaEnumerateAccountRights(handle, ref sid); action.ShouldThrow <UnauthorizedAccessException>(); }
public void EnumerateAccountRights_UserGroup() { LsaHandle handle = AuthenticationMethods.LsaOpenLocalPolicy(PolicyAccessRights.POLICY_EXECUTE); SID sid = AuthorizationMethods.CreateWellKnownSid(WELL_KNOWN_SID_TYPE.WinBuiltinUsersSid); var rights = SecurityMethods.LsaEnumerateAccountRights(handle, ref sid); rights.Should().NotBeEmpty(); rights.Should().Contain("SeChangeNotifyPrivilege"); }
public static void LsaClose(RPCCallHelper rpc, LsaHandle handle, out NTStatus status) { LsarCloseRequest closeRequest = new LsarCloseRequest(); closeRequest.handle = handle; LsarCloseResponse closeResponse; status = rpc.ExecuteCall((ushort)LsaRemoteServiceOpName.LsarClose, closeRequest, out closeResponse); if (status != NTStatus.STATUS_SUCCESS) { return; } }
public static List <string> LsaLookupSids(RPCCallHelper rpc, LsaHandle handle, List <SID> sids, out NTStatus status) { LsarLookupSidsRequest lookupSidsRequest = new LsarLookupSidsRequest(); lookupSidsRequest.handle = handle; lookupSidsRequest.SIDEnumBuffer = new LsaSIDEnumBuffer(); lookupSidsRequest.SIDEnumBuffer.Entries = (uint)sids.Count; lookupSidsRequest.SIDEnumBuffer.SIDInfos = new LsaSIDArray(); lookupSidsRequest.SIDEnumBuffer.SIDInfos.SIDs = sids; lookupSidsRequest.TranslatedNames = new LsaTranslatedArray <LsaTranslatedName>(); LsarLookupSidsResponse lookupSidsResponse; status = rpc.ExecuteCall((ushort)LsaRemoteServiceOpName.LsarLookupSids, lookupSidsRequest, out lookupSidsResponse); if (status != NTStatus.STATUS_SUCCESS) { return(null); } if (sids.Count != lookupSidsResponse.TranslatedSids.Items.Count) { status = NTStatus.STATUS_NOT_SUPPORTED; return(null); } List <string> output = new List <string>(); foreach (LsaTranslatedName translated in lookupSidsResponse.TranslatedSids.Items) { if (translated.Use == LsaSIDNameUse.SidTypeUnknown) { output.Add(null); } else { string domain = lookupSidsResponse.DomainList.Names[(int)translated.DomainIndex].Name; output.Add(domain + "\\" + translated.Name); } } return(output); }
public static List <SID> LsaLookupNames(RPCCallHelper rpc, LsaHandle handle, List <string> names, out NTStatus status) { LsarLookupNamesRequest lookupNamesRequest = new LsarLookupNamesRequest(); lookupNamesRequest.handle = handle; lookupNamesRequest.Names = new NDRConformantArray <LsaUnicodeString>(); foreach (string name in names) { lookupNamesRequest.Names.Add(new LsaUnicodeString(name)); } lookupNamesRequest.TranslatedSids = new LsaTranslatedArray <LsaTranslatedSid>(); LsarLookupNamesResponse lookupNamesResponse; status = rpc.ExecuteCall((ushort)LsaRemoteServiceOpName.LsarLookupNames, lookupNamesRequest, out lookupNamesResponse); if (status != NTStatus.STATUS_SUCCESS) { return(null); } if (names.Count != lookupNamesResponse.TranslatedNames.Items.Count) { status = NTStatus.STATUS_NOT_SUPPORTED; return(null); } List <SID> output = new List <SID>(); foreach (LsaTranslatedSid sid in lookupNamesResponse.TranslatedNames.Items) { if (sid.Use == LsaSIDNameUse.SidTypeUnknown) { output.Add(null); } else { output.Add(sid.GetSID(lookupNamesResponse.DomainList.Names[(int)sid.DomainIndex].Sid)); } } return(output); }
public static List <SID> ResolveNames(ISMBClient client, List <string> names, out NTStatus status) { List <SID> output = null; using (RPCCallHelper rpc = new RPCCallHelper(client, LsaRemoteService.ServicePipeName, LsaRemoteService.ServiceInterfaceGuid, LsaRemoteService.ServiceVersion)) { status = rpc.BindPipe(); if (status != NTStatus.STATUS_SUCCESS) { return(null); } LsaHandle handle = LsaOpenPolicy(rpc, (AccessMask)0x801, out status); if (handle != null) { output = LsaLookupNames(rpc, handle, names, out status); LsaClose(rpc, handle, out status); } } return(output); }
public void LsaOpenPolicy_StandardRead() { LsaHandle handle = AuthenticationMethods.LsaOpenLocalPolicy(PolicyAccessRights.POLICY_READ); handle.IsInvalid.Should().BeFalse(); }
public static extern NTStatus LsaEnumerateAccountRights( LsaHandle PolicyHandle, in SID AccountSid,
public void LsaOpenPolicy_StandardRead() { LsaHandle handle = Security.LsaOpenLocalPolicy(PolicyAccessRights.Read); handle.IsInvalid.Should().BeFalse(); }
public unsafe static extern NTStatus LsaOpenPolicy( UNICODE_STRING *SystemName, LSA_OBJECT_ATTRIBUTES *ObjectAttributes, PolicyAccessRights DesiredAccess, out LsaHandle PolicyHandle);
public static extern NTSTATUS LsaEnumerateAccountRights( LsaHandle PolicyHandle, ref SID AccountSid, out LsaMemoryHandle UserRights, out uint CountOfRights);