public void PSIDTest() { var sb = new SafeByteArray(WindowsIdentity.GetCurrent().User.GetBytes()); var sid = new PSID(sb.DangerousGetHandle(), false); Assert.That(!sid.IsInvalid); Assert.That(sid.IsValidSid); Assert.That(sid.ToString(), Does.StartWith("S-1-5")); var sidc = PSID.CreateFromPtr(sb.DangerousGetHandle()); Assert.That((IntPtr)sidc, Is.Not.EqualTo(sb.DangerousGetHandle())); Assert.That(sidc.IsValidSid); var sid2 = new PSID(sid); Assert.That(!sid2.IsInvalid); Assert.That(sid2.ToString(), Is.EqualTo(sid.ToString())); var sid3 = new PSID("S-1-1-0"); var id2 = new SecurityIdentifier((IntPtr)sid3); Assert.That(id2.IsWellKnown(WellKnownSidType.WorldSid)); var sid4 = new PSID(100); Assert.That(!sid4.IsClosed); Assert.That(!sid4.IsValidSid); Assert.That(sid4.Size, Is.EqualTo(100)); sid4.Dispose(); Assert.That(sid4.IsClosed); Assert.That(sid4.Size, Is.EqualTo(0)); var sid5 = new PSID(); Assert.That(!sid5.IsClosed); Assert.That(sid5.IsInvalid); Assert.That(!sid5.IsValidSid); Assert.That(sid5.Size, Is.EqualTo(0)); Assert.That(sid.Equals(sidc)); Assert.That(sidc.Equals(sb.DangerousGetHandle())); Assert.That(sid.Equals("X"), Is.False); Assert.That(sid.Equals(sid3), Is.False); }
public void SetNamedSecurityInfoTest() { using (var pSD = GetSD(fn)) { Assert.That(GetSecurityDescriptorOwner(pSD, out var pOwner, out var def)); Assert.That(pOwner, Is.Not.EqualTo(IntPtr.Zero)); var owner = PSID.CreateFromPtr(pOwner); var admins = new PSID("S-1-5-32-544"); var err = SetNamedSecurityInfo(fn, SE_OBJECT_TYPE.SE_FILE_OBJECT, SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION, admins, PSID.Null, IntPtr.Zero, IntPtr.Zero); if (err.Failed) { TestContext.WriteLine($"SetNamedSecurityInfo failed: {err}"); } Assert.That(err.Succeeded); err = SetNamedSecurityInfo(fn, SE_OBJECT_TYPE.SE_FILE_OBJECT, SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION, owner, PSID.Null, IntPtr.Zero, IntPtr.Zero); if (err.Failed) { TestContext.WriteLine($"SetNamedSecurityInfo failed: {err}"); } Assert.That(err.Succeeded); } }
/// <summary> /// The LsaEnumerateAccountsWithUserRight function returns the accounts in the database of a Local Security Authority (LSA) Policy object that hold a /// specified privilege. The accounts returned by this function hold the specified privilege directly through the user account, not as part of membership /// to a group. /// </summary> /// <param name="PolicyHandle"> /// A handle to a Policy object. The handle must have POLICY_LOOKUP_NAMES and POLICY_VIEW_LOCAL_INFORMATION user rights. For more information, see /// Opening a Policy Object Handle. /// </param> /// <param name="UserRights"> /// A string that specifies the name of a privilege. For a list of privileges, see Privilege Constants and Account Rights Constants. /// <para>If this parameter is NULL, the function enumerates all accounts in the LSA database of the system associated with the Policy object.</para> /// </param> /// <returns>An enumeration of security identifiers (SID) of accounts that holds the specified privilege.</returns> public static IEnumerable <PSID> LsaEnumerateAccountsWithUserRight(SafeLsaPolicyHandle PolicyHandle, string UserRights) { var ret = LsaEnumerateAccountsWithUserRight(PolicyHandle, UserRights, out SafeLsaMemoryHandle mem, out int cnt); if (ret == NTStatus.STATUS_NO_MORE_ENTRIES) { return(new PSID[0]); } var wret = LsaNtStatusToWinError(ret); wret.ThrowIfFailed(); return(mem.DangerousGetHandle().ToIEnum <LSA_ENUMERATION_INFORMATION>(cnt).Select(u => PSID.CreateFromPtr(u.Sid))); }