internal static extern NtStatus SamCreateGroupInDomain(
SafeSamHandle DomainHandle,
UnicodeString Name,
SamGroupAccessRights DesiredAccess,
out SafeSamHandle GroupHandle,
out uint RelativeId
);
/// <summary>
/// Open a group by SID.
/// </summary>
/// <param name="sid">The sid for the group.</param>
/// <param name="desired_access">The desired access for the group object.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The SAM group object.</returns>
public NtResult <SamGroup> OpenGroup(Sid sid, SamGroupAccessRights desired_access, bool throw_on_error)
{
if (sid.SubAuthorities.Count != DomainId.SubAuthorities.Count + 1 || !sid.StartsWith(DomainId))
{
return(NtStatus.STATUS_NO_SUCH_DOMAIN.CreateResultFromError <SamGroup>(throw_on_error));
}
return(OpenGroup(sid.SubAuthorities.Last(), null, desired_access, throw_on_error));
}
/// <summary>
/// Open a group by name.
/// </summary>
/// <param name="name">The name for the group.</param>
/// <param name="desired_access">The desired access for the group object.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The SAM group object.</returns>
public NtResult <SamGroup> OpenGroup(string name, SamGroupAccessRights desired_access, bool throw_on_error)
{
var sid_name = LookupName(name, throw_on_error);
if (!sid_name.IsSuccess)
{
return(sid_name.Cast <SamGroup>());
}
var sid = Sid.Parse(sid_name.Result.Sddl, throw_on_error);
if (!sid.IsSuccess)
{
return(sid.Cast <SamGroup>());
}
return(OpenGroup(sid.Result, desired_access, throw_on_error));
}
internal static extern NtStatus SamOpenGroup(
SafeSamHandle DomainHandle,
SamGroupAccessRights DesiredAccess,
uint GroupId,
out SafeSamHandle GroupHandle
);
/// <summary>
/// Enumerate and open accessible group objects.
/// </summary>
/// <param name="desired_access">The desired access for the opened groups.</param>
/// <returns>The list of accessible groups.</returns>
public IReadOnlyList <SamGroup> OpenAccessibleGroups(SamGroupAccessRights desired_access)
{
return(OpenAccessibleGroups(desired_access, true).Result);
}
/// <summary>
/// Enumerate and open accessible group objects.
/// </summary>
/// <param name="desired_access">The desired access for the opened groups.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The list of accessible groups.</returns>
public NtResult <IReadOnlyList <SamGroup> > OpenAccessibleGroups(SamGroupAccessRights desired_access, bool throw_on_error)
{
return(EnumerateGroups(throw_on_error).Map <IReadOnlyList <SamGroup> >(e => e.Select(
s => OpenGroup(s.RelativeId, s.Name, desired_access, false).GetResultOrDefault()).Where(a => a != null).ToList().AsReadOnly()));
}
/// <summary>
/// Open a group by name.
/// </summary>
/// <param name="name">The name for the group.</param>
/// <param name="desired_access">The desired access for the group object.</param>
/// <returns>The SAM group object.</returns>
public SamGroup OpenGroup(string name, SamGroupAccessRights desired_access)
{
return(OpenGroup(name, desired_access, true).Result);
}
/// <summary>
/// Open a group by SID.
/// </summary>
/// <param name="sid">The sid for the group.</param>
/// <param name="desired_access">The desired access for the group object.</param>
/// <returns>The SAM group object.</returns>
public SamGroup OpenGroup(Sid sid, SamGroupAccessRights desired_access)
{
return(OpenGroup(sid, desired_access, true).Result);
}
/// <summary>
/// Open a group by relative ID.
/// </summary>
/// <param name="group_id">The ID for the group.</param>
/// <param name="desired_access">The desired access for the group object.</param>
/// <returns>The SAM group object.</returns>
public SamGroup OpenGroup(uint group_id, SamGroupAccessRights desired_access)
{
return(OpenGroup(group_id, desired_access, true).Result);
}
/// <summary>
/// Open a group by relative ID.
/// </summary>
/// <param name="group_id">The ID for the group.</param>
/// <param name="desired_access">The desired access for the group object.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The SAM group object.</returns>
public NtResult <SamGroup> OpenGroup(uint group_id, SamGroupAccessRights desired_access, bool throw_on_error)
{
return(OpenGroup(group_id, null, desired_access, throw_on_error));
}
private NtResult <SamGroup> OpenGroup(uint group_id, string name, SamGroupAccessRights desired_access, bool throw_on_error)
{
return(SecurityNativeMethods.SamOpenGroup(Handle, desired_access, group_id, out SafeSamHandle handle).CreateResult(throw_on_error,
() => CreateObject(handle, group_id, name, (n, s) => new SamGroup(handle, desired_access, ServerName, n, s))));
}
/// <summary>
/// Create a new group object.
/// </summary>
/// <param name="name">The name of the group.</param>
/// <param name="desired_access">The desired access for the group object.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The SAM group object.</returns>
public NtResult <SamGroup> CreateGroup(string name, SamGroupAccessRights desired_access, bool throw_on_error)
{
return(SecurityNativeMethods.SamCreateGroupInDomain(Handle, new UnicodeString(name), desired_access,
out SafeSamHandle group_handle, out uint rid).CreateResult(throw_on_error,
() => new SamGroup(group_handle, desired_access, ServerName, name, DomainId.CreateRelative(rid))));
}
internal SamGroup(SafeSamHandle handle, SamGroupAccessRights granted_access, string server_name, string group_name, Sid sid)
: base(handle, granted_access, SamUtils.SAM_GROUP_NT_TYPE_NAME, group_name, server_name)
{
Sid = sid;
Name = group_name;
}
