internal static NtStatus RemoveAccountRights(string system_name, Sid sid, bool remove_all, IEnumerable <string> account_rights, bool throw_on_error)
{
if (sid is null)
{
throw new ArgumentNullException(nameof(sid));
}
if (account_rights is null)
{
throw new ArgumentNullException(nameof(account_rights));
}
var rights = account_rights.Select(s => new UnicodeStringIn(s)).ToArray();
if (!account_rights.Any())
{
return(NtStatus.STATUS_SUCCESS);
}
using (var policy = SafeLsaHandle.OpenPolicy(system_name, LsaPolicyAccessRights.LookupNames, throw_on_error))
{
if (!policy.IsSuccess)
{
return(policy.Status);
}
using (var sid_buffer = sid.ToSafeBuffer())
{
return(SecurityNativeMethods.LsaRemoveAccountRights(policy.Result,
sid_buffer, remove_all, rights, rights.Length).ToNtException(throw_on_error));
}
}
}
private static NtResult <IEnumerable <SidName> > LookupSids2(string system_name, Sid[] sids, LsaLookupOptions options, bool throw_on_error)
{
using (var policy = SafeLsaHandle.OpenPolicy(system_name, Policy.LsaPolicyAccessRights.LookupNames, throw_on_error))
{
if (!policy.IsSuccess)
{
return(policy.Cast <IEnumerable <SidName> >());
}
using (var list = new DisposableList())
{
var sid_ptrs = sids.Select(s => list.AddSid(s).DangerousGetHandle()).ToArray();
var status = SecurityNativeMethods.LsaLookupSids2(policy.Result, options, sid_ptrs.Length, sid_ptrs,
out SafeLsaMemoryBuffer domains, out SafeLsaMemoryBuffer names);
if (!status.IsSuccess())
{
if (status == NtStatus.STATUS_NONE_MAPPED)
{
list.Add(domains);
list.Add(names);
}
return(status.CreateResultFromError <IEnumerable <SidName> >(throw_on_error));
}
return(GetSidNames(sids, domains, names).CreateResult());
}
}
}
/// <summary>
/// Retried LSA privilege data.
/// </summary>
/// <param name="system_name">The system containing the LSA instance.</param>
/// <param name="keyname">The name of the key.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The private data as bytes.</returns>
public static NtResult <byte[]> LsaRetrievePrivateData(string system_name, string keyname, bool throw_on_error)
{
if (keyname is null)
{
throw new ArgumentNullException(nameof(keyname));
}
using (var policy = SafeLsaHandle.OpenPolicy(system_name, Policy.LsaPolicyAccessRights.GetPrivateInformation, throw_on_error))
{
if (!policy.IsSuccess)
{
return(policy.Cast <byte[]>());
}
NtStatus status = SecurityNativeMethods.LsaRetrievePrivateData(policy.Result,
new UnicodeString(keyname), out SafeLsaMemoryBuffer data);
if (!status.IsSuccess())
{
return(status.CreateResultFromError <byte[]>(throw_on_error));
}
using (data)
{
data.Initialize <UnicodeStringOut>(1);
return(data.Read <UnicodeStringOut>(0).ToArray().CreateResult());
}
}
}
internal static NtResult <List <Sid> > GetSids(string system_name, string name, bool throw_on_error)
{
using (var policy = SafeLsaHandle.OpenPolicy(system_name, LsaPolicyAccessRights.GenericExecute, throw_on_error)) {
if (!policy.IsSuccess)
{
return(policy.Cast <List <Sid> >());
}
return(GetSids(policy.Result, name, throw_on_error));
}
}
internal static NtResult <IEnumerable <AccountRight> > GetAccountRights(string system_name, Sid sid, bool throw_on_error)
{
if (sid is null)
{
throw new ArgumentNullException(nameof(sid));
}
using (var policy = SafeLsaHandle.OpenPolicy(system_name, LsaPolicyAccessRights.GenericExecute, throw_on_error)) {
if (!policy.IsSuccess)
{
return(policy.Cast <IEnumerable <AccountRight> >());
}
using (var sid_buffer = sid.ToSafeBuffer()) {
return(SecurityNativeMethods.LsaEnumerateAccountRights(policy.Result, sid_buffer,
out SafeLsaMemoryBuffer buffer, out int count)
.CreateResult(throw_on_error, () => ParseRights(policy.Result, system_name, buffer, count)));
}
}
}
private static NtStatus LsaStorePrivateDataInternal(string system_name, string keyname, byte[] data, bool throw_on_error)
{
if (keyname is null)
{
throw new ArgumentNullException(nameof(keyname));
}
using (var policy = SafeLsaHandle.OpenPolicy(system_name, Policy.LsaPolicyAccessRights.CreateSecret, throw_on_error))
{
if (!policy.IsSuccess)
{
return(policy.Status);
}
using (var data_buffer = data == null ? UnicodeStringBytesSafeBuffer.Null : new UnicodeStringBytesSafeBuffer(data))
{
return(SecurityNativeMethods.LsaStorePrivateData(policy.Result, new UnicodeString(keyname), data_buffer));
}
}
}