public KnownAce(AceType type, AceFlags flags, int mask, Sid sid)
{
if (
type != AceType.AccessAllowed &&
type != AceType.AccessDenied &&
type != AceType.SystemAlarm &&
type != AceType.SystemAudit
)
throw new ArgumentException("Invalid ACE type.");
this.MemoryRegion = new MemoryAlloc(
Marshal.SizeOf(typeof(KnownAceStruct)) -
sizeof(int) +
sid.Length
);
KnownAceStruct knownAce = new KnownAceStruct();
knownAce.Header.AceType = type;
knownAce.Header.AceFlags = flags;
knownAce.Header.AceSize = (ushort)this.MemoryRegion.Size;
knownAce.Mask = mask;
this.MemoryRegion.WriteStruct<KnownAceStruct>(knownAce);
this.MemoryRegion.WriteMemory(Win32.KnownAceSidStartOffset.ToInt32(), sid, 0, sid.Length);
this.Read();
}
public KnownAce(AceType type, AceFlags flags, int mask, Sid sid)
{
if (
type != AceType.AccessAllowed &&
type != AceType.AccessDenied &&
type != AceType.SystemAlarm &&
type != AceType.SystemAudit
)
throw new ArgumentException("Invalid ACE type.");
this.MemoryRegion = new MemoryAlloc(
Marshal.SizeOf(typeof(KnownAceStruct)) - // known ace struct size
sizeof(int) + // minus SidStart field
sid.Length // plus SID length
);
KnownAceStruct knownAce = new KnownAceStruct();
// Initialize the ACE (minus the SID).
knownAce.Header.AceType = type;
knownAce.Header.AceFlags = flags;
knownAce.Header.AceSize = (ushort)this.MemoryRegion.Size;
knownAce.Mask = mask;
// Write the ACE to memory.
this.MemoryRegion.WriteStruct<KnownAceStruct>(knownAce);
// Write the SID.
this.MemoryRegion.WriteMemory(Win32.KnownAceSidStartOffset.ToInt32(), sid, 0, sid.Length);
// Update the cached info.
this.Read();
}
public SecurityDescriptor(Sid owner, Sid group, Acl dacl, Acl sacl)
: this()
{
this.Owner = owner;
this.Group = group;
this.Dacl = dacl;
this.Sacl = sacl;
}
protected override void Read()
{
var knownAce = this.MemoryRegion.ReadStruct<KnownAceStruct>();
_mask = knownAce.Mask;
_sid = Sid.FromPointer(this.Memory.Increment(Win32.KnownAceSidStartOffset));
base.Read();
}
public Motherboard(C64 c64, C64.VicType initRegion)
{
// note: roms need to be added on their own externally
_c64 = c64;
int clockNum, clockDen, mainsFrq;
switch (initRegion)
{
case C64.VicType.PAL:
clockNum = 17734475;
clockDen = 18;
mainsFrq = 50;
break;
case C64.VicType.NTSC:
case C64.VicType.NTSC_OLD:
clockNum = 11250000;
clockDen = 11;
mainsFrq = 60;
break;
case C64.VicType.DREAN:
clockNum = 14328225;
clockDen = 14;
mainsFrq = 50;
break;
default:
throw new System.Exception();
}
cartPort = new CartridgePort();
cassPort = new CassettePortDevice();
cia0 = new MOS6526(clockNum, clockDen*mainsFrq);
cia1 = new MOS6526(clockNum, clockDen*mainsFrq);
colorRam = new Chip2114();
cpu = new MOS6510();
pla = new MOSPLA();
ram = new Chip4864();
serPort = new SerialPort();
sid = MOS6581.Create(44100, clockNum, clockDen);
switch (initRegion)
{
case C64.VicType.NTSC: vic = MOS6567R8.Create(); break;
case C64.VicType.PAL: vic = MOS6569.Create(); break;
case C64.VicType.NTSC_OLD: vic = MOS6567R56A.Create(); break;
case C64.VicType.DREAN: vic = MOS6572.Create(); break;
}
userPort = new UserPortDevice();
}
public TokenGroupsList(Sid[] groups)
{
InitializeComponent();
for (int i = 0; i < groups.Length; i++)
{
ListViewItem item = listGroups.Items.Add(new ListViewItem());
item.Text = groups[i].GetFullName(Properties.Settings.Default.ShowAccountDomains);
item.BackColor = GetAttributeColor(groups[i].Attributes);
item.SubItems.Add(new ListViewItem.ListViewSubItem(item, GetAttributeString(groups[i].Attributes)));
}
listGroups.ListViewItemSorter = new SortedListViewComparer(listGroups);
listGroups.SetDoubleBuffered(true);
listGroups.ContextMenu = listGroups.GetCopyMenu();
ColumnSettings.LoadSettings(Properties.Settings.Default.GroupListColumns, listGroups);
listGroups.AddShortcuts();
}
public TokenGroupsList(Sid[] groups)
{
InitializeComponent();
if (groups != null)
{
foreach (Sid t in groups)
{
ListViewItem item = this.listGroups.Items.Add(new ListViewItem());
item.Text = t.GetFullName(Settings.Instance.ShowAccountDomains);
item.BackColor = this.GetAttributeColor(t.Attributes);
item.SubItems.Add(new ListViewItem.ListViewSubItem(item, this.GetAttributeString(t.Attributes)));
}
}
listGroups.ListViewItemSorter = new SortedListViewComparer(listGroups);
listGroups.ContextMenu = listGroups.GetCopyMenu();
ColumnSettings.LoadSettings(Settings.Instance.GroupListColumns, listGroups);
listGroups.AddShortcuts();
}
public Motherboard(C64 c64, Region initRegion)
{
// note: roms need to be added on their own externally
_c64 = c64;
cartPort = new CartridgePort();
cassPort = new CassettePortDevice();
cia0 = new MOS6526(initRegion);
cia1 = new MOS6526(initRegion);
colorRam = new Chip2114();
cpu = new MOS6510();
pla = new MOSPLA();
ram = new Chip4864();
serPort = new SerialPort();
sid = MOS6581.Create(44100, initRegion);
switch (initRegion)
{
case Region.NTSC: vic = MOS6567.Create(); break;
case Region.PAL: vic = MOS6569.Create(); break;
}
userPort = new UserPortDevice();
}
/// <summary>
/// Perform an Access Check.
/// </summary>
/// <param name="sd">The security descriptor for the check.</param>
/// <param name="optional_sd">Optional list of security descriptors to merge.</param>
/// <param name="desired_access">The desired access.</param>
/// <param name="principal">Optional Principal SID.</param>
/// <param name="object_types">Optional list of object types.</param>
/// <param name="type">NT Type for access checking.</param>
/// <returns>The list of access check results.</returns>
public AuthZAccessCheckResult[] AccessCheck(SecurityDescriptor sd, IEnumerable <SecurityDescriptor> optional_sd,
AccessMask desired_access, Sid principal, IEnumerable <ObjectTypeEntry> object_types, NtType type)
{
return(AccessCheck(sd, optional_sd, desired_access, principal, object_types, type, true).Result);
}
public void AddPrivileges(string account, string privilege)
{
uint ret;
using (Sid sid = new Sid(account))
{
LSA_UNICODE_STRING[] privileges = new LSA_UNICODE_STRING[1];
privileges[0] = InitLsaString(privilege);
ret = Win32Sec.LsaAddAccountRights(lsaHandle, sid.pSid, privileges, 1);
}
if (ret == 0)
return;
if (ret == STATUS_ACCESS_DENIED)
{
throw new UnauthorizedAccessException();
}
if ((ret == STATUS_INSUFFICIENT_RESOURCES) || (ret == STATUS_NO_MEMORY))
{
throw new OutOfMemoryException();
}
throw new Win32Exception(Win32Sec.LsaNtStatusToWinError((int)ret));
}
internal static NtResult <CentralAccessPolicy> FromRegistry(NtKey key, Dictionary <int, CentralAccessRule> rules, bool throw_on_error)
{
List <CentralAccessRule> capes = new List <CentralAccessRule>();
string name = string.Empty;
string description = string.Empty;
Sid capid = null;
string change_id = string.Empty;
uint flags = 0;
foreach (var value in key.QueryValues())
{
switch (value.Name.ToLower())
{
case "capes":
var idxs = ParseCapeNumbers(value, throw_on_error);
if (!idxs.IsSuccess)
{
return(idxs.Cast <CentralAccessPolicy>());
}
foreach (var idx in idxs.Result)
{
if (rules.ContainsKey(idx))
{
capes.Add(rules[idx]);
}
else
{
return(NtStatus.STATUS_INVALID_PARAMETER.CreateResultFromError <CentralAccessPolicy>(throw_on_error));
}
}
break;
case "capid":
var sid = Sid.Parse(value.Data, false);
if (!sid.IsSuccess)
{
return(sid.Cast <CentralAccessPolicy>());
}
capid = sid.Result;
break;
case "changeid":
change_id = value.ToString().TrimEnd('\0');
break;
case "description":
description = value.ToString().TrimEnd('\0');
break;
case "flags":
if (value.Type == RegistryValueType.Dword)
{
flags = (uint)value.ToObject();
}
break;
case "name":
name = value.ToString().TrimEnd('\0');
break;
}
}
return(new CentralAccessPolicy(capid, flags, name, description, change_id, capes).CreateResult());
}
/// <summary>
/// Remove a SID to name mapping with LSA.
/// </summary>
/// <param name="sid">The SID to remove.</param>
/// <returns>The NT status result.</returns>
public static void RemoveSidNameMapping(Sid sid)
{
SidName name = sid.GetName();
RemoveSidNameMapping(name.Domain, name.NameUse == SidNameUse.Domain ? string.Empty : name.Name, true);
}
/// <summary>
/// Create an AppContainer token using the CreateAppContainerToken API.
/// </summary>
/// <param name="appcontainer_sid">The AppContainer package SID.</param>
/// <param name="capabilities">List of capabilities.</param>
/// <returns>The appcontainer token.</returns>
/// <remarks>This exported function was only introduced in RS3</remarks>
public static NtToken CreateAppContainerToken(Sid appcontainer_sid,
IEnumerable <Sid> capabilities)
{
return(CreateAppContainerToken(null, appcontainer_sid, capabilities));
}
/// <summary>
/// Derive a restricted package sid from an existing pacakge sid.
/// </summary>
/// <param name="package_sid">The base package sid.</param>
/// <param name="restricted_name">The restricted name for the sid.</param>
/// <returns>The derived Sid.</returns>
public static Sid DeriveRestrictedPackageSidFromSid(Sid package_sid, string restricted_name)
{
return(DeriveRestrictedPackageSidFromSid(package_sid, restricted_name, true).Result);
}
internal SamDomain(SafeSamHandle handle, SamDomainAccessRights granted_access, string server_name, string domain_name, Sid domain_sid)
: base(handle, granted_access, SamUtils.SAM_DOMAIN_NT_TYPE_NAME, $"SAM Domain ({domain_name ?? domain_sid.ToString()})", server_name)
{
DomainId = domain_sid;
Name = domain_name ?? string.Empty;
}
/// <summary>
/// Create an AppContainer token using the CreateAppContainerToken API.
/// </summary>
/// <param name="token">The token to base the new token on. Can be null.</param>
/// <param name="appcontainer_sid">The AppContainer package SID.</param>
/// <param name="capabilities">List of capabilities.</param>
/// <returns>The appcontainer token.</returns>
/// <remarks>This exported function was only introduced in RS3</remarks>
public static NtToken CreateAppContainerToken(NtToken token, Sid appcontainer_sid,
IEnumerable <Sid> capabilities)
{
return(CreateAppContainerToken(token, appcontainer_sid, capabilities, true).Result);
}
/// <summary>
/// Open trusted domain object.
/// </summary>
/// <param name="sid">The SID of the trusted domain.</param>
/// <param name="desired_access">The desired access for the object.</param>
/// <returns>The trusted domain object.</returns>
public LsaTrustedDomain OpenTrustedDomain(Sid sid, LsaTrustedDomainAccessRights desired_access)
{
return(OpenTrustedDomain(sid, desired_access, true).Result);
}
/// <summary>
/// Add a Device SID to the context.
/// </summary>
/// <param name="sid">The SID to add.</param>
public void AddRestrictedSid(Sid sid)
{
ModifyGroups(AuthZGroupSidType.Restricted, new Sid[] { sid }, AuthZSidOperation.Add);
}
/// <summary>
/// Perform an Access Check.
/// </summary>
/// <param name="sd">The security descriptor for the check.</param>
/// <param name="optional_sd">Optional list of security descriptors to merge.</param>
/// <param name="desired_access">The desired access.</param>
/// <param name="principal">Optional Principal SID.</param>
/// <param name="object_types">Optional list of object types.</param>
/// <param name="type">NT Type for access checking.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The list of access check results.</returns>
public NtResult <AuthZAccessCheckResult[]> AccessCheck(SecurityDescriptor sd, IEnumerable <SecurityDescriptor> optional_sd,
AccessMask desired_access, Sid principal, IEnumerable <ObjectTypeEntry> object_types, NtType type,
bool throw_on_error)
{
if (sd is null)
{
throw new ArgumentNullException(nameof(sd));
}
using (var list = new DisposableList())
{
AUTHZ_ACCESS_REQUEST request = new AUTHZ_ACCESS_REQUEST();
request.DesiredAccess = desired_access;
if (principal != null)
{
request.PrincipalSelfSid = list.AddResource(principal.ToSafeBuffer()).DangerousGetHandle();
}
int result_count = 1;
var object_list = NtSecurity.ConvertObjectTypes(object_types, list);
if (object_list?.Length > 0)
{
result_count = object_list.Length;
request.ObjectTypeList = list.AddResource(object_list.ToBuffer()).DangerousGetHandle();
request.ObjectTypeListLength = object_list.Length;
}
var sd_buffer = list.AddResource(sd.ToSafeBuffer());
int optional_sd_count = optional_sd?.Count() ?? 0;
IntPtr[] optional_sd_buffers = null;
if (optional_sd_count > 0)
{
optional_sd_buffers = optional_sd.Select(s => list.AddResource(s.ToSafeBuffer()).DangerousGetHandle()).ToArray();
}
AUTHZ_ACCESS_REPLY reply = new AUTHZ_ACCESS_REPLY();
reply.ResultListLength = result_count;
var error_buffer = list.AddResource(new int[result_count].ToBuffer());
reply.Error = error_buffer.DangerousGetHandle();
var access_buffer = list.AddResource(new AccessMask[result_count].ToBuffer());
reply.GrantedAccessMask = access_buffer.DangerousGetHandle();
var audit_buffer = list.AddResource(new int[result_count].ToBuffer());
reply.SaclEvaluationResults = audit_buffer.DangerousGetHandle();
return(SecurityNativeMethods.AuthzAccessCheck(AuthZAccessCheckFlags.None, _handle,
ref request, IntPtr.Zero, sd_buffer, optional_sd_buffers, optional_sd_count,
ref reply, IntPtr.Zero).CreateWin32Result(throw_on_error,
() => CreateResult(result_count, error_buffer, access_buffer, object_types?.ToArray(), type)));
}
}
/// <summary>
/// Add a Device SID to the context.
/// </summary>
/// <param name="sid">The SID to add.</param>
public void AddDeviceSid(Sid sid)
{
ModifyGroups(AuthZGroupSidType.Device, new Sid[] { sid }, AuthZSidOperation.Add);
}
/// <summary>
/// Add a SID to the context.
/// </summary>
/// <param name="sid">The SID to add.</param>
public void AddSid(Sid sid)
{
ModifyGroups(AuthZGroupSidType.Normal, new Sid[] { sid }, AuthZSidOperation.Add);
}
/// <summary>
/// Set AppContainer Information to Context.
/// </summary>
/// <param name="package_sid">The package SID.</param>
/// <param name="capabilities">List of capabilities.</param>
public void SetAppContainer(Sid package_sid, IEnumerable <UserGroup> capabilities)
{
SetAppContainer(package_sid, capabilities, true);
}
public override int GetHashCode()
{
return(Sid.GetHashCode());
}
public static SidName LookupInternetName(Sid sid)
{
return(LookupInternetName(sid, true).Result);
}
/// <summary>
/// Delete an LSA account object.
/// </summary>
/// <param name="sid">The SID of the account.</param>
public void DeleteAccount(Sid sid)
{
DeleteAccount(sid, true);
}
/// <summary>
/// Add a package SID condition.
/// </summary>
/// <param name="match_type">The match type.</param>
/// <param name="package_sid">The package SID.</param>
public void AddPackageSid(FirewallMatchType match_type, Sid package_sid)
{
AddCondition(match_type, FirewallConditionGuids.FWPM_CONDITION_ALE_PACKAGE_ID, FirewallValue.FromSid(package_sid));
}
internal LsaAccount(SafeLsaHandle handle, LsaAccountAccessRights granted_access, Sid sid, string system_name)
: base(handle, granted_access, LsaPolicyUtils.LSA_ACCOUNT_NT_TYPE_NAME, $"LSA Account ({sid})", system_name)
{
Sid = sid;
}
public Motherboard(C64 c64, C64.VicType initRegion, C64.BorderType borderType, C64.SidType sidType, C64.TapeDriveType tapeDriveType, C64.DiskDriveType diskDriveType)
{
// note: roms need to be added on their own externally
_c64 = c64;
int clockNum, clockDen;
switch (initRegion)
{
case C64.VicType.Pal:
clockNum = 17734475;
clockDen = 18;
break;
case C64.VicType.Ntsc:
clockNum = 14318181;
clockDen = 14;
break;
case C64.VicType.NtscOld:
clockNum = 11250000;
clockDen = 11;
break;
case C64.VicType.Drean:
clockNum = 14328225;
clockDen = 14;
break;
default:
throw new System.Exception();
}
CartPort = new CartridgePort();
Cassette = new CassettePort();
ColorRam = new Chip2114();
Cpu = new Chip6510();
Pla = new Chip90611401();
Ram = new Chip4864();
Serial = new SerialPort();
switch (sidType)
{
case C64.SidType.OldR2:
Sid = Chip6581R2.Create(44100, clockNum, clockDen);
break;
case C64.SidType.OldR3:
Sid = Chip6581R3.Create(44100, clockNum, clockDen);
break;
case C64.SidType.OldR4AR:
Sid = Chip6581R4AR.Create(44100, clockNum, clockDen);
break;
case C64.SidType.NewR5:
Sid = Chip8580R5.Create(44100, clockNum, clockDen);
break;
}
switch (initRegion)
{
case C64.VicType.Ntsc:
Vic = Chip6567R8.Create(borderType);
Cia0 = Chip6526.Create(C64.CiaType.Ntsc, Input_ReadKeyboard, Input_ReadJoysticks);
Cia1 = Chip6526.Create(C64.CiaType.Ntsc, Cia1_ReadPortA);
break;
case C64.VicType.Pal:
Vic = Chip6569.Create(borderType);
Cia0 = Chip6526.Create(C64.CiaType.Pal, Input_ReadKeyboard, Input_ReadJoysticks);
Cia1 = Chip6526.Create(C64.CiaType.Pal, Cia1_ReadPortA);
break;
case C64.VicType.NtscOld:
Vic = Chip6567R56A.Create(borderType);
Cia0 = Chip6526.Create(C64.CiaType.NtscRevA, Input_ReadKeyboard, Input_ReadJoysticks);
Cia1 = Chip6526.Create(C64.CiaType.NtscRevA, Cia1_ReadPortA);
break;
case C64.VicType.Drean:
Vic = Chip6572.Create(borderType);
Cia0 = Chip6526.Create(C64.CiaType.Pal, Input_ReadKeyboard, Input_ReadJoysticks);
Cia1 = Chip6526.Create(C64.CiaType.Pal, Cia1_ReadPortA);
break;
}
User = new UserPort();
ClockNumerator = clockNum;
ClockDenominator = clockDen;
// Initialize disk drive
switch (diskDriveType)
{
case C64.DiskDriveType.Commodore1541:
case C64.DiskDriveType.Commodore1541II:
DiskDrive = new Drive1541(ClockNumerator, ClockDenominator);
Serial.Connect(DiskDrive);
break;
}
// Initialize tape drive
switch (tapeDriveType)
{
case C64.TapeDriveType.Commodore1530:
TapeDrive = new TapeDrive();
Cassette.Connect(TapeDrive);
break;
}
BasicRom = new Chip23128();
CharRom = new Chip23128();
KernalRom = new Chip23128();
}
protected override NtResult <object> Parse(string value, bool throw_on_error)
{
return(Sid.Parse(value, false).Cast <object>());
}
public Msv1_0_InteractivePackage(Sid sid)
: this(sid, null)
{ }
private void UpdateTokenData()
{
UserGroup user = _token.User;
txtUsername.Text = user.ToString();
txtUserSid.Text = user.Sid.ToString();
TokenType tokentype = _token.TokenType;
txtTokenType.Text = _token.TokenType.ToString();
if (_token.TokenType == TokenType.Impersonation)
{
SecurityImpersonationLevel implevel = _token.ImpersonationLevel;
txtImpLevel.Text = implevel.ToString();
}
else
{
txtImpLevel.Text = "N/A";
}
txtTokenId.Text = _token.Id.ToString();
txtModifiedId.Text = _token.ModifiedId.ToString();
txtAuthId.Text = _token.AuthenticationId.ToString();
if (Enum.IsDefined(typeof(TokenIntegrityLevel), _token.IntegrityLevel))
{
comboBoxIL.SelectedItem = _token.IntegrityLevel;
comboBoxILForDup.SelectedItem = _token.IntegrityLevel;
}
else
{
comboBoxIL.Text = _token.IntegrityLevel.ToString();
comboBoxILForDup.Text = _token.IntegrityLevel.ToString();
}
txtSessionId.Text = _token.SessionId.ToString();
if (_token.IsAccessGranted(TokenAccessRights.QuerySource))
{
txtSourceName.Text = _token.Source.SourceName;
txtSourceId.Text = _token.Source.SourceIdentifier.ToString();
}
else
{
txtSourceName.Text = "N/A";
txtSourceId.Text = "N/A";
}
TokenElevationType evtype = _token.ElevationType;
txtElevationType.Text = evtype.ToString();
txtIsElevated.Text = _token.Elevated.ToString();
txtOriginLoginId.Text = _token.Origin.ToString();
btnLinkedToken.Enabled = evtype != TokenElevationType.Default;
UpdateGroupList();
txtPrimaryGroup.Text = _token.PrimaryGroup.Name;
txtOwner.Text = _token.Owner.Name;
Acl defdacl = _token.DefaultDacl;
if (!defdacl.NullAcl)
{
foreach (Ace ace in defdacl)
{
UserGroup group = new UserGroup(ace.Sid, GroupAttributes.None);
ListViewItem item = new ListViewItem(group.ToString());
AccessMask mask = GenericAccessRights.GenericAll | GenericAccessRights.GenericExecute | GenericAccessRights.GenericRead | GenericAccessRights.GenericWrite;
string maskstr;
if ((ace.Mask & ~mask).HasAccess)
{
maskstr = $"0x{ace.Mask:X08}";
}
else
{
maskstr = ace.Mask.ToGenericAccess().ToString();
}
item.SubItems.Add(maskstr);
item.SubItems.Add(ace.Flags.ToString());
item.SubItems.Add(ace.Type.ToString());
listViewDefDacl.Items.Add(item);
}
}
else
{
listViewDefDacl.Items.Add("No Default DACL");
}
listViewDefDacl.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent);
listViewDefDacl.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize);
if (_token.Restricted)
{
PopulateGroupList(listViewRestrictedSids, _token.RestrictedSids);
}
else
{
tabControlMain.TabPages.Remove(tabPageRestricted);
}
if (_token.AppContainer)
{
PopulateGroupList(listViewCapabilities, _token.Capabilities);
txtACNumber.Text = _token.AppContainerNumber.ToString();
txtPackageName.Text = _token.AppContainerSid.Name;
txtPackageSid.Text = _token.AppContainerSid.ToString();
}
else
{
tabControlMain.TabPages.Remove(tabPageAppContainer);
}
txtUIAccess.Text = _token.UIAccess.ToString();
txtSandboxInert.Text = _token.SandboxInert.ToString();
bool virtAllowed = _token.VirtualizationAllowed;
txtVirtualizationAllowed.Text = virtAllowed.ToString();
btnToggleVirtualizationEnabled.Enabled = virtAllowed;
if (virtAllowed)
{
txtVirtualizationEnabled.Text = _token.VirtualizationEnabled.ToString();
}
else
{
txtVirtualizationEnabled.Text = "N/A";
}
txtMandatoryILPolicy.Text = _token.MandatoryPolicy.ToString();
txtHandleAccess.Text = _token.GrantedAccess.ToString();
Sid trust_level = _token.TrustLevel;
txtTrustLevel.Text = trust_level != null ? trust_level.Name : "N/A";
UpdatePrivileges();
UpdateSecurityAttributes();
if (_token.IsAccessGranted(TokenAccessRights.ReadControl))
{
securityDescriptorViewerControl.SetSecurityDescriptor(_token.SecurityDescriptor, _token.NtType, _token.NtType.ValidAccess);
}
else
{
tabControlMain.TabPages.Remove(tabPageSecurity);
}
}
/// <summary>
/// Add a SID to name mapping with LSA.
/// </summary>
/// <param name="domain">The domain name for the SID.</param>
/// <param name="name">The account name for the SID. Can be null for a domain SID.</param>
/// <param name="sid">The SID to add.</param>
/// <returns>The NT status result.</returns>
public static void AddSidNameMapping(string domain, string name, Sid sid)
{
AddSidNameMapping(domain, name, sid, true);
}
public override object GetParamValue(Sid.WebServices.IRequest request, Sid.WebServices.SidModule moduleInstance)
{
return new BinaryRequest(request.ContentLength,
new BinaryReader(request.InputStream));
}
/// <summary>
/// Lookup name for a SID.
/// </summary>
/// <param name="sid">The SID to lookup.</param>
/// <returns></returns>
public SidName LookupSid(Sid sid)
{
return(LookupSids(new [] { sid }).First());
}
public void Add(Sid sid)
{
if (!Win32.AddSIDToBoundaryDescriptor(ref _descriptor, sid))
Win32.ThrowLastError();
}
/// <summary>
/// Enumerate account rights for a SID.
/// </summary>
/// <param name="sid">The SID to enumerate for.</param>
/// <returns>The list of assigned account rights.</returns>
public IReadOnlyList <string> EnumerateAccountRights(Sid sid)
{
return(EnumerateAccountRights(sid, true).Result);
}
public Msv1_0_InteractivePackage(Sid sid, string password)
: this(sid.DomainName, sid.Name, password)
{ }
/// <summary>
/// Add account rights to an account.
/// </summary>
/// <param name="sid">The SID of the account.</param>
/// <param name="account_rights">The list of account rights to add.</param>
public void AddAccountRights(Sid sid, IEnumerable <string> account_rights)
{
AddAccountRights(sid, account_rights, true);
}
private void SwapGroup(Sid group)
{
BaseObject.SwapRef(ref _group, group);
}
public SystemLogonSession(
string authenticationPackage,
string dnsDomainName,
string logonDomain,
Luid logonId,
string logonServer,
DateTime logonTime,
LogonType logonType,
int session,
Sid sid,
string upn,
string userName
)
{
this.AuthenticationPackage = authenticationPackage;
this.DnsDomainName = dnsDomainName;
this.LogonDomain = logonDomain;
this.LogonId = logonId;
this.LogonServer = logonServer;
this.LogonTime = logonTime;
this.LogonType = logonType;
this.Session = session;
this.Sid = sid;
this.Upn = upn;
this.UserName = userName;
}
/// <summary>
/// Remove account rights from an account.
/// </summary>
/// <param name="sid">The SID of the account.</param>
/// <param name="remove_all">True to remove all rights.</param>
/// <param name="account_rights">The account rights to add.</param>
public void RemoveAccountRights(Sid sid, bool remove_all, IEnumerable <string> account_rights)
{
RemoveAccountRights(sid, remove_all, account_rights, true);
}
/// <summary>
/// Parse the policy from the Local Security Authority.
/// </summary>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The list of Central Access Policies.</returns>
public static NtResult <CentralAccessPolicy[]> ParseFromLsa(bool throw_on_error)
{
NtStatus status = SecurityNativeMethods.LsaGetAppliedCAPIDs(null, out SafeLsaMemoryBuffer capids, out int capid_count);
if (!status.IsSuccess())
{
return(status.CreateResultFromError <CentralAccessPolicy[]>(throw_on_error));
}
List <CentralAccessPolicy> ret = new List <CentralAccessPolicy>();
using (capids)
{
status = SecurityNativeMethods.LsaQueryCAPs(capids.DangerousGetHandle(), capid_count, out SafeLsaMemoryBuffer caps, out uint cap_count);
if (!status.IsSuccess())
{
return(status.CreateResultFromError <CentralAccessPolicy[]>(throw_on_error));
}
caps.Initialize <CENTRAL_ACCESS_POLICY>(cap_count);
CENTRAL_ACCESS_POLICY[] policies = new CENTRAL_ACCESS_POLICY[cap_count];
caps.ReadArray(0, policies, 0, policies.Length);
foreach (var policy in policies)
{
SafeHGlobalBuffer buffer = new SafeHGlobalBuffer(policy.CAPEs, policy.CAPECount * IntPtr.Size, false);
IntPtr[] rule_entries = new IntPtr[policy.CAPECount];
buffer.ReadArray(0, rule_entries, 0, policy.CAPECount);
List <CentralAccessRule> rules = new List <CentralAccessRule>();
foreach (var ptr in rule_entries)
{
var entry = new SafeStructureInOutBuffer <CENTRAL_ACCESS_POLICY_ENTRY>(ptr, Marshal.SizeOf(typeof(CENTRAL_ACCESS_POLICY_ENTRY)), false);
var r = entry.Result;
SecurityDescriptor sd = null;
SecurityDescriptor staged_sd = null;
string applies_to = string.Empty;
if (r.LengthSD > 0)
{
var result = SecurityDescriptor.Parse(r.SD, throw_on_error);
if (!result.IsSuccess)
{
return(result.Cast <CentralAccessPolicy[]>());
}
sd = result.Result;
}
if (r.LengthStagedSD > 0)
{
var result = SecurityDescriptor.Parse(r.StagedSD, throw_on_error);
if (!result.IsSuccess)
{
return(result.Cast <CentralAccessPolicy[]>());
}
staged_sd = result.Result;
}
if (r.LengthAppliesTo > 0)
{
byte[] condition = new byte[r.LengthAppliesTo];
Marshal.Copy(r.AppliesTo, condition, 0, r.LengthAppliesTo);
var result = NtSecurity.ConditionalAceToString(condition, throw_on_error);
if (!result.IsSuccess)
{
return(result.Cast <CentralAccessPolicy[]>());
}
applies_to = result.Result;
}
rules.Add(new CentralAccessRule(r.Name.ToString(), r.Description.ToString(),
sd, staged_sd, applies_to, r.ChangeId.ToString(), r.Flags));
}
var capid = Sid.Parse(policy.CAPID, throw_on_error);
if (!capid.IsSuccess)
{
return(capid.Cast <CentralAccessPolicy[]>());
}
ret.Add(new CentralAccessPolicy(capid.Result, policy.Flags, policy.Name.ToString(),
policy.Description.ToString(), policy.ChangeId.ToString(), rules));
}
}
return(ret.ToArray().CreateResult());
}
private void SwapOwner(Sid owner)
{
BaseObject.SwapRef(ref _owner, owner);
}
/// <summary>
/// Open an LSA account object with maximum access.
/// </summary>
/// <param name="sid">The SID of the account.</param>
/// <returns>The opened account.</returns>
public LsaAccount OpenAccount(Sid sid)
{
return(OpenAccount(sid, LsaAccountAccessRights.MaximumAllowed));
}
internal TerminalServerProcess(int processId, int sessionId, string name, Sid sid)
{
_processId = processId;
_sessionId = sessionId;
_name = name;
_sid = sid;
}
/// <summary>
/// Create an LSA account object.
/// </summary>
/// <param name="sid">The SID of the account.</param>
/// <param name="desired_access">The desired access for the account.</param>
/// <returns>The created account.</returns>
public LsaAccount CreateAccount(Sid sid, LsaAccountAccessRights desired_access)
{
return(CreateAccount(sid, desired_access, true).Result);
}
/// <summary>
/// Create an LSA account object with maximum access.
/// </summary>
/// <param name="sid">The SID of the account.</param>
/// <returns>The created account.</returns>
public LsaAccount CreateAccount(Sid sid)
{
return(CreateAccount(sid, LsaAccountAccessRights.MaximumAllowed));
}
/// <summary>
/// Open an alias by SID.
/// </summary>
/// <param name="sid">The sid for the alias.</param>
/// <param name="desired_access">The desired access for the alias object.</param>
/// <returns>The SAM alias object.</returns>
public SamAlias OpenAlias(Sid sid, SamAliasAccessRights desired_access)
{
return(OpenAlias(sid, desired_access, true).Result);
}
