public string RetrievePrivateData(string name)
{
NtStatus status;
UnicodeString nameStr;
IntPtr privateData;
nameStr = new UnicodeString(name);
try
{
if ((status = Win32.LsaRetrievePrivateData(
this,
ref nameStr,
out privateData
)) >= NtStatus.Error)
{
Win32.Throw(status);
}
}
finally
{
nameStr.Dispose();
}
using (var privateDataAlloc = new LsaMemoryAlloc(privateData))
return(privateDataAlloc.ReadStruct <UnicodeString>().Read());
}
public void Query(
out string currentValue,
out DateTime currentValueSetTime,
out string oldValue,
out DateTime oldValueSetTime
)
{
NtStatus status;
IntPtr currentValueStr;
long currentValueSetTimeLong;
IntPtr oldValueStr;
long oldValueSetTimeLong;
if ((status = Win32.LsaQuerySecret(
this,
out currentValueStr,
out currentValueSetTimeLong,
out oldValueStr,
out oldValueSetTimeLong
)) >= NtStatus.Error)
{
Win32.Throw(status);
}
using (var currentValueStrAlloc = new LsaMemoryAlloc(currentValueStr))
using (var oldValueStrAlloc = new LsaMemoryAlloc(oldValueStr))
{
currentValue = currentValueStrAlloc.ReadStruct <UnicodeString>().Read();
currentValueSetTime = DateTime.FromFileTime(currentValueSetTimeLong);
oldValue = oldValueStrAlloc.ReadStruct <UnicodeString>().Read();
oldValueSetTime = DateTime.FromFileTime(oldValueSetTimeLong);
}
}
public void Query(
out string currentValue,
out DateTime currentValueSetTime,
out string oldValue,
out DateTime oldValueSetTime
)
{
IntPtr currentValueStr;
long currentValueSetTimeLong;
IntPtr oldValueStr;
long oldValueSetTimeLong;
Win32.LsaQuerySecret(
this,
out currentValueStr,
out currentValueSetTimeLong,
out oldValueStr,
out oldValueSetTimeLong
).ThrowIf();
using (LsaMemoryAlloc currentValueStrAlloc = new LsaMemoryAlloc(currentValueStr))
using (LsaMemoryAlloc oldValueStrAlloc = new LsaMemoryAlloc(oldValueStr))
{
currentValue = currentValueStrAlloc.ReadStruct <UnicodeString>().Text;
currentValueSetTime = DateTime.FromFileTime(currentValueSetTimeLong);
oldValue = oldValueStrAlloc.ReadStruct <UnicodeString>().Text;
oldValueSetTime = DateTime.FromFileTime(oldValueSetTimeLong);
}
}
public string LookupPrivilegeDisplayName(string name)
{
NtStatus status;
UnicodeString nameStr;
IntPtr displayName;
short language;
nameStr = new UnicodeString(name);
try
{
if ((status = Win32.LsaLookupPrivilegeDisplayName(
this,
ref nameStr,
out displayName,
out language
)) >= NtStatus.Error)
{
Win32.Throw(status);
}
}
finally
{
nameStr.Dispose();
}
using (var displayNameAlloc = new LsaMemoryAlloc(displayName))
{
return(displayNameAlloc.ReadStruct <UnicodeString>().Read());
}
}
public Sid LookupSid(string name, out SidNameUse nameUse, out string domainName)
{
NtStatus status;
UnicodeString nameStr;
IntPtr referencedDomains;
IntPtr sids;
nameStr = new UnicodeString(name);
try
{
if ((status = Win32.LsaLookupNames2(
this,
0,
1,
new UnicodeString[] { nameStr },
out referencedDomains,
out sids
)) >= NtStatus.Error)
{
Win32.ThrowLastError(status);
}
}
finally
{
nameStr.Dispose();
}
using (var referencedDomainsAlloc = new LsaMemoryAlloc(referencedDomains))
using (var sidsAlloc = new LsaMemoryAlloc(sids))
{
LsaTranslatedSid2 translatedSid = sidsAlloc.ReadStruct <LsaTranslatedSid2>();
nameUse = translatedSid.Use;
if (nameUse == SidNameUse.Invalid || nameUse == SidNameUse.Unknown)
{
domainName = null;
return(null);
}
if (translatedSid.DomainIndex != -1)
{
LsaReferencedDomainList domains = referencedDomainsAlloc.ReadStruct <LsaReferencedDomainList>();
MemoryRegion trustArray = new MemoryRegion(domains.Domains);
LsaTrustInformation trustInfo = trustArray.ReadStruct <LsaTrustInformation>(translatedSid.DomainIndex);
domainName = trustInfo.Name.Read();
}
else
{
domainName = null;
}
return(new Sid(translatedSid.Sid));
}
}
public string LookupName(Sid sid, out SidNameUse nameUse, out string domainName)
{
NtStatus status;
IntPtr referencedDomains;
IntPtr names;
if ((status = Win32.LsaLookupSids(
this,
1,
new IntPtr[] { sid },
out referencedDomains,
out names
)) >= NtStatus.Error)
{
if (status == NtStatus.NoneMapped)
{
nameUse = SidNameUse.Unknown;
domainName = null;
return(null);
}
Win32.Throw(status);
}
using (var referencedDomainsAlloc = new LsaMemoryAlloc(referencedDomains))
using (var namesAlloc = new LsaMemoryAlloc(names))
{
LsaTranslatedName translatedName = namesAlloc.ReadStruct <LsaTranslatedName>();
nameUse = translatedName.Use;
if (nameUse == SidNameUse.Invalid || nameUse == SidNameUse.Unknown)
{
domainName = null;
return(null);
}
if (translatedName.DomainIndex != -1)
{
LsaReferencedDomainList domains = referencedDomainsAlloc.ReadStruct <LsaReferencedDomainList>();
MemoryRegion trustArray = new MemoryRegion(domains.Domains);
LsaTrustInformation trustInfo = trustArray.ReadStruct <LsaTrustInformation>(translatedName.DomainIndex);
domainName = trustInfo.Name.Read();
}
else
{
domainName = null;
}
return(translatedName.Name.Read());
}
}
public TokenHandle LogonUser(
string originName,
SecurityLogonType logonType,
IAuthenticationPackage package,
TokenSource source,
out object profileData,
out Luid logonId,
out NtStatus subStatus
)
{
NtStatus status;
AnsiString originNameStr;
IntPtr profileBuffer;
int profileBufferLength;
IntPtr token;
QuotaLimits quotas;
originNameStr = new AnsiString(originName);
try
{
using (var logonData = package.GetAuthData())
{
if ((status = Win32.LsaLogonUser(
this,
ref originNameStr,
logonType,
this.LookupAuthenticationPackage(package.PackageName),
logonData,
logonData.Size,
IntPtr.Zero,
ref source,
out profileBuffer,
out profileBufferLength,
out logonId,
out token,
out quotas,
out subStatus
)) >= NtStatus.Error)
{
Win32.Throw(status);
}
using (var profileBufferAlloc = new LsaMemoryAlloc(profileBuffer, true))
profileData = package.GetProfileData(new MemoryRegion(profileBuffer, 0, profileBufferLength));
return(new TokenHandle(token, true));
}
}
finally
{
originNameStr.Dispose();
}
}
public PrivilegeSet GetPrivileges()
{
NtStatus status;
IntPtr privileges;
if ((status = Win32.LsaEnumeratePrivilegesOfAccount(
this,
out privileges
)) >= NtStatus.Error)
{
Win32.Throw(status);
}
using (var privilegesAlloc = new LsaMemoryAlloc(privileges))
{
return(new PrivilegeSet(privilegesAlloc));
}
}
public string LookupPrivilegeName(Luid value)
{
NtStatus status;
IntPtr name;
if ((status = Win32.LsaLookupPrivilegeName(
this,
ref value,
out name
)) >= NtStatus.Error)
{
Win32.Throw(status);
}
using (var nameAlloc = new LsaMemoryAlloc(name))
{
return(nameAlloc.ReadStruct <UnicodeString>().Read());
}
}
/// <summary>
/// Enumerates the accounts in the policy with the specified privilege.
/// This requires LookupNames, ViewLocalInformation and usually
/// administrator access.
/// </summary>
/// <param name="privilegeName">The name of the required privilege.</param>
/// <param name="callback">The callback for the enumeration.</param>
public void EnumAccountsWithPrivilege(string privilegeName, EnumAccountsDelegate callback)
{
NtStatus status;
UnicodeString privilegeNameStr;
IntPtr buffer;
int count;
privilegeNameStr = new UnicodeString(privilegeName);
try
{
if ((status = Win32.LsaEnumerateAccountsWithUserRight(
this,
ref privilegeNameStr,
out buffer,
out count
)) >= NtStatus.Error)
{
Win32.Throw(status);
}
}
finally
{
privilegeNameStr.Dispose();
}
Sid[] sids = new Sid[count];
using (var bufferAlloc = new LsaMemoryAlloc(buffer))
{
for (int i = 0; i < count; i++)
{
if (!callback(new Sid(bufferAlloc.ReadIntPtr(0, i))))
{
break;
}
}
}
}
/// <summary>
/// Enumerates the privileges in the policy. This requires
/// ViewLocalInformation access.
/// </summary>
/// <param name="callback">The callback for the enumeration.</param>
public void EnumPrivileges(EnumPrivilegesDelegate callback)
{
NtStatus status;
int enumerationContext = 0;
IntPtr buffer;
int count;
while (true)
{
status = Win32.LsaEnumeratePrivileges(
this,
ref enumerationContext,
out buffer,
0x100,
out count
);
if (status == NtStatus.NoMoreEntries)
{
break;
}
if (status >= NtStatus.Error)
{
Win32.Throw(status);
}
using (var bufferAlloc = new LsaMemoryAlloc(buffer))
{
for (int i = 0; i < count; i++)
{
if (!callback(new Privilege(bufferAlloc.ReadStruct <PolicyPrivilegeDefinition>(i).Name.Read())))
{
return;
}
}
}
}
}
/// <summary>
/// Enumerates the accounts in the policy. This requires
/// ViewLocalInformation access.
/// </summary>
/// <param name="callback">The callback for the enumeration.</param>
public void EnumAccounts(EnumAccountsDelegate callback)
{
NtStatus status;
int enumerationContext = 0;
IntPtr buffer;
int count;
while (true)
{
status = Win32.LsaEnumerateAccounts(
this,
ref enumerationContext,
out buffer,
0x100,
out count
);
if (status == NtStatus.NoMoreEntries)
{
break;
}
if (status >= NtStatus.Error)
{
Win32.Throw(status);
}
using (var bufferAlloc = new LsaMemoryAlloc(buffer))
{
for (int i = 0; i < count; i++)
{
if (!callback(new Sid(bufferAlloc.ReadIntPtr(0, i))))
{
return;
}
}
}
}
}
public TokenHandle LogonUser(
string originName,
SecurityLogonType logonType,
IAuthenticationPackage package,
TokenSource source,
out object profileData,
out Luid logonId,
out NtStatus subStatus
)
{
NtStatus status;
AnsiString originNameStr;
IntPtr profileBuffer;
int profileBufferLength;
IntPtr token;
QuotaLimits quotas;
originNameStr = new AnsiString(originName);
try
{
using (var logonData = package.GetAuthData())
{
if ((status = Win32.LsaLogonUser(
this,
ref originNameStr,
logonType,
this.LookupAuthenticationPackage(package.PackageName),
logonData,
logonData.Size,
IntPtr.Zero,
ref source,
out profileBuffer,
out profileBufferLength,
out logonId,
out token,
out quotas,
out subStatus
)) >= NtStatus.Error)
Win32.Throw(status);
using (var profileBufferAlloc = new LsaMemoryAlloc(profileBuffer, true))
profileData = package.GetProfileData(new MemoryRegion(profileBuffer, 0, profileBufferLength));
return new TokenHandle(token, true);
}
}
finally
{
originNameStr.Dispose();
}
}
