private IEnumerable <Sid> GetCapabilitySids() { return(CapabilitySids == null ? new Sid[0] : CapabilitySids.Select(s => { if (!s.StartsWith("S-")) { return NtSecurity.GetCapabilitySid(s); } Sid sid = new Sid(s); if (!NtSecurity.IsCapabilitySid(sid)) { throw new ArgumentException($"{s} is not a capability SID", s); } return sid; } )); }
private NtToken GetLowBoxToken(NtToken token) { Sid package_sid = TokenUtils.GetPackageSidFromName(PackageSid); if (!NtSecurity.IsPackageSid(package_sid)) { throw new ArgumentException($"Invalid Package Sid {package_sid}"); } if (!String.IsNullOrEmpty(RestrictedPackageName)) { package_sid = TokenUtils.DeriveRestrictedPackageSidFromSid(package_sid, RestrictedPackageName); } IEnumerable <Sid> capability_sids = CapabilitySids == null ? new Sid[0] : CapabilitySids.Select(s => { if (!s.StartsWith("S-")) { return(NtSecurity.GetCapabilitySid(s)); } Sid sid = new Sid(s); if (!NtSecurity.IsCapabilitySid(sid)) { throw new ArgumentException($"{s} is not a capability SID", s); } return(sid); } ); return(token.CreateLowBoxToken(package_sid, capability_sids, Handles ?? new NtObject[0], TokenAccessRights.MaximumAllowed)); }