public string RetrievePrivateData(string name) { NtStatus status; UnicodeString nameStr; IntPtr privateData; nameStr = new UnicodeString(name); try { if ((status = Win32.LsaRetrievePrivateData( this, ref nameStr, out privateData )) >= NtStatus.Error) { Win32.Throw(status); } } finally { nameStr.Dispose(); } using (var privateDataAlloc = new LsaMemoryAlloc(privateData)) return(privateDataAlloc.ReadStruct <UnicodeString>().Read()); }
public void Query( out string currentValue, out DateTime currentValueSetTime, out string oldValue, out DateTime oldValueSetTime ) { NtStatus status; IntPtr currentValueStr; long currentValueSetTimeLong; IntPtr oldValueStr; long oldValueSetTimeLong; if ((status = Win32.LsaQuerySecret( this, out currentValueStr, out currentValueSetTimeLong, out oldValueStr, out oldValueSetTimeLong )) >= NtStatus.Error) { Win32.Throw(status); } using (var currentValueStrAlloc = new LsaMemoryAlloc(currentValueStr)) using (var oldValueStrAlloc = new LsaMemoryAlloc(oldValueStr)) { currentValue = currentValueStrAlloc.ReadStruct <UnicodeString>().Read(); currentValueSetTime = DateTime.FromFileTime(currentValueSetTimeLong); oldValue = oldValueStrAlloc.ReadStruct <UnicodeString>().Read(); oldValueSetTime = DateTime.FromFileTime(oldValueSetTimeLong); } }
public void Query( out string currentValue, out DateTime currentValueSetTime, out string oldValue, out DateTime oldValueSetTime ) { IntPtr currentValueStr; long currentValueSetTimeLong; IntPtr oldValueStr; long oldValueSetTimeLong; Win32.LsaQuerySecret( this, out currentValueStr, out currentValueSetTimeLong, out oldValueStr, out oldValueSetTimeLong ).ThrowIf(); using (LsaMemoryAlloc currentValueStrAlloc = new LsaMemoryAlloc(currentValueStr)) using (LsaMemoryAlloc oldValueStrAlloc = new LsaMemoryAlloc(oldValueStr)) { currentValue = currentValueStrAlloc.ReadStruct <UnicodeString>().Text; currentValueSetTime = DateTime.FromFileTime(currentValueSetTimeLong); oldValue = oldValueStrAlloc.ReadStruct <UnicodeString>().Text; oldValueSetTime = DateTime.FromFileTime(oldValueSetTimeLong); } }
public string LookupPrivilegeDisplayName(string name) { NtStatus status; UnicodeString nameStr; IntPtr displayName; short language; nameStr = new UnicodeString(name); try { if ((status = Win32.LsaLookupPrivilegeDisplayName( this, ref nameStr, out displayName, out language )) >= NtStatus.Error) { Win32.Throw(status); } } finally { nameStr.Dispose(); } using (var displayNameAlloc = new LsaMemoryAlloc(displayName)) { return(displayNameAlloc.ReadStruct <UnicodeString>().Read()); } }
public Sid LookupSid(string name, out SidNameUse nameUse, out string domainName) { NtStatus status; UnicodeString nameStr; IntPtr referencedDomains; IntPtr sids; nameStr = new UnicodeString(name); try { if ((status = Win32.LsaLookupNames2( this, 0, 1, new UnicodeString[] { nameStr }, out referencedDomains, out sids )) >= NtStatus.Error) { Win32.ThrowLastError(status); } } finally { nameStr.Dispose(); } using (var referencedDomainsAlloc = new LsaMemoryAlloc(referencedDomains)) using (var sidsAlloc = new LsaMemoryAlloc(sids)) { LsaTranslatedSid2 translatedSid = sidsAlloc.ReadStruct <LsaTranslatedSid2>(); nameUse = translatedSid.Use; if (nameUse == SidNameUse.Invalid || nameUse == SidNameUse.Unknown) { domainName = null; return(null); } if (translatedSid.DomainIndex != -1) { LsaReferencedDomainList domains = referencedDomainsAlloc.ReadStruct <LsaReferencedDomainList>(); MemoryRegion trustArray = new MemoryRegion(domains.Domains); LsaTrustInformation trustInfo = trustArray.ReadStruct <LsaTrustInformation>(translatedSid.DomainIndex); domainName = trustInfo.Name.Read(); } else { domainName = null; } return(new Sid(translatedSid.Sid)); } }
public string LookupName(Sid sid, out SidNameUse nameUse, out string domainName) { NtStatus status; IntPtr referencedDomains; IntPtr names; if ((status = Win32.LsaLookupSids( this, 1, new IntPtr[] { sid }, out referencedDomains, out names )) >= NtStatus.Error) { if (status == NtStatus.NoneMapped) { nameUse = SidNameUse.Unknown; domainName = null; return(null); } Win32.Throw(status); } using (var referencedDomainsAlloc = new LsaMemoryAlloc(referencedDomains)) using (var namesAlloc = new LsaMemoryAlloc(names)) { LsaTranslatedName translatedName = namesAlloc.ReadStruct <LsaTranslatedName>(); nameUse = translatedName.Use; if (nameUse == SidNameUse.Invalid || nameUse == SidNameUse.Unknown) { domainName = null; return(null); } if (translatedName.DomainIndex != -1) { LsaReferencedDomainList domains = referencedDomainsAlloc.ReadStruct <LsaReferencedDomainList>(); MemoryRegion trustArray = new MemoryRegion(domains.Domains); LsaTrustInformation trustInfo = trustArray.ReadStruct <LsaTrustInformation>(translatedName.DomainIndex); domainName = trustInfo.Name.Read(); } else { domainName = null; } return(translatedName.Name.Read()); } }
public TokenHandle LogonUser( string originName, SecurityLogonType logonType, IAuthenticationPackage package, TokenSource source, out object profileData, out Luid logonId, out NtStatus subStatus ) { NtStatus status; AnsiString originNameStr; IntPtr profileBuffer; int profileBufferLength; IntPtr token; QuotaLimits quotas; originNameStr = new AnsiString(originName); try { using (var logonData = package.GetAuthData()) { if ((status = Win32.LsaLogonUser( this, ref originNameStr, logonType, this.LookupAuthenticationPackage(package.PackageName), logonData, logonData.Size, IntPtr.Zero, ref source, out profileBuffer, out profileBufferLength, out logonId, out token, out quotas, out subStatus )) >= NtStatus.Error) { Win32.Throw(status); } using (var profileBufferAlloc = new LsaMemoryAlloc(profileBuffer, true)) profileData = package.GetProfileData(new MemoryRegion(profileBuffer, 0, profileBufferLength)); return(new TokenHandle(token, true)); } } finally { originNameStr.Dispose(); } }
public PrivilegeSet GetPrivileges() { NtStatus status; IntPtr privileges; if ((status = Win32.LsaEnumeratePrivilegesOfAccount( this, out privileges )) >= NtStatus.Error) { Win32.Throw(status); } using (var privilegesAlloc = new LsaMemoryAlloc(privileges)) { return(new PrivilegeSet(privilegesAlloc)); } }
public string LookupPrivilegeName(Luid value) { NtStatus status; IntPtr name; if ((status = Win32.LsaLookupPrivilegeName( this, ref value, out name )) >= NtStatus.Error) { Win32.Throw(status); } using (var nameAlloc = new LsaMemoryAlloc(name)) { return(nameAlloc.ReadStruct <UnicodeString>().Read()); } }
/// <summary> /// Enumerates the accounts in the policy with the specified privilege. /// This requires LookupNames, ViewLocalInformation and usually /// administrator access. /// </summary> /// <param name="privilegeName">The name of the required privilege.</param> /// <param name="callback">The callback for the enumeration.</param> public void EnumAccountsWithPrivilege(string privilegeName, EnumAccountsDelegate callback) { NtStatus status; UnicodeString privilegeNameStr; IntPtr buffer; int count; privilegeNameStr = new UnicodeString(privilegeName); try { if ((status = Win32.LsaEnumerateAccountsWithUserRight( this, ref privilegeNameStr, out buffer, out count )) >= NtStatus.Error) { Win32.Throw(status); } } finally { privilegeNameStr.Dispose(); } Sid[] sids = new Sid[count]; using (var bufferAlloc = new LsaMemoryAlloc(buffer)) { for (int i = 0; i < count; i++) { if (!callback(new Sid(bufferAlloc.ReadIntPtr(0, i)))) { break; } } } }
/// <summary> /// Enumerates the privileges in the policy. This requires /// ViewLocalInformation access. /// </summary> /// <param name="callback">The callback for the enumeration.</param> public void EnumPrivileges(EnumPrivilegesDelegate callback) { NtStatus status; int enumerationContext = 0; IntPtr buffer; int count; while (true) { status = Win32.LsaEnumeratePrivileges( this, ref enumerationContext, out buffer, 0x100, out count ); if (status == NtStatus.NoMoreEntries) { break; } if (status >= NtStatus.Error) { Win32.Throw(status); } using (var bufferAlloc = new LsaMemoryAlloc(buffer)) { for (int i = 0; i < count; i++) { if (!callback(new Privilege(bufferAlloc.ReadStruct <PolicyPrivilegeDefinition>(i).Name.Read()))) { return; } } } } }
/// <summary> /// Enumerates the accounts in the policy. This requires /// ViewLocalInformation access. /// </summary> /// <param name="callback">The callback for the enumeration.</param> public void EnumAccounts(EnumAccountsDelegate callback) { NtStatus status; int enumerationContext = 0; IntPtr buffer; int count; while (true) { status = Win32.LsaEnumerateAccounts( this, ref enumerationContext, out buffer, 0x100, out count ); if (status == NtStatus.NoMoreEntries) { break; } if (status >= NtStatus.Error) { Win32.Throw(status); } using (var bufferAlloc = new LsaMemoryAlloc(buffer)) { for (int i = 0; i < count; i++) { if (!callback(new Sid(bufferAlloc.ReadIntPtr(0, i)))) { return; } } } } }
public TokenHandle LogonUser( string originName, SecurityLogonType logonType, IAuthenticationPackage package, TokenSource source, out object profileData, out Luid logonId, out NtStatus subStatus ) { NtStatus status; AnsiString originNameStr; IntPtr profileBuffer; int profileBufferLength; IntPtr token; QuotaLimits quotas; originNameStr = new AnsiString(originName); try { using (var logonData = package.GetAuthData()) { if ((status = Win32.LsaLogonUser( this, ref originNameStr, logonType, this.LookupAuthenticationPackage(package.PackageName), logonData, logonData.Size, IntPtr.Zero, ref source, out profileBuffer, out profileBufferLength, out logonId, out token, out quotas, out subStatus )) >= NtStatus.Error) Win32.Throw(status); using (var profileBufferAlloc = new LsaMemoryAlloc(profileBuffer, true)) profileData = package.GetProfileData(new MemoryRegion(profileBuffer, 0, profileBufferLength)); return new TokenHandle(token, true); } } finally { originNameStr.Dispose(); } }