/****************************************************************************++ * * Description : * * This function creates a well known sid using User domain. CreateWellKnownSid requires * domain sid to be provided to generate such sids. This function first gets the domain sid * out of the user information in the token and then generate a well known sid. * * Arguments: * * hToken - [supplies] The token for which sid has to be generated * sidType - [supplies] The type of well known sid * pSid - [receives] The newly create sid * pdwSidSize - [Supplies/Receives] The size of the memory allocated for ppSid * * Returns: * * Errors returned by GetTokenInformation * Errors returned by CreateWellKnownSid * E_OUTOFMEMORY In case there is not enough memory * Errors returned by GetWindowsAccountDomainSid * --***************************************************************************/ static SafePSID CreateWellKnownSidForAccount(HTOKEN hToken, WELL_KNOWN_SID_TYPE sidType) { var hTok = new SafeHTOKEN((IntPtr)hToken, false); using var pUserToken = hTok.GetInfo(TOKEN_INFORMATION_CLASS.TokenUser); // // Now get the domain sid from the TokenUser // Win32Error.ThrowLastErrorIfFalse(GetWindowsAccountDomainSid(pUserToken.ToStructure <TOKEN_USER>().User.Sid, out var pDomainSid)); return(SafePSID.CreateWellKnown(sidType, pDomainSid)); }
/// <summary> /// Get the specified "well known" SID. Note that not all well known SIDs are available on all OSes. /// </summary> public unsafe static SID CreateWellKnownSid(WELL_KNOWN_SID_TYPE sidType) { SID sid = new SID(); uint size = (uint)sizeof(SID); if (!Imports.CreateWellKnownSid(sidType, null, &sid, ref size)) { throw Errors.GetIoExceptionForLastError(); } return(sid); }
/// <summary>Creates a SID for predefined aliases.</summary> /// <param name="WellKnownSidType">Member of the WELL_KNOWN_SID_TYPE enumeration that specifies what the SID will identify.</param> /// <param name="DomainSid"> /// A pointer to a SID that identifies the domain to use when creating the SID. Pass <c>PSID.NULL</c> to use the local computer. /// </param> /// <returns>A <see cref="SafePSID"/> instance.</returns> public static SafePSID CreateWellKnown(WELL_KNOWN_SID_TYPE sidType, PSID domainSid = default) { var sz = 0U; CreateWellKnownSid(sidType, domainSid, Null, ref sz); if (sz == 0) { Win32Error.ThrowLastError(); } var newSid = new SafePSID((int)sz); if (!CreateWellKnownSid(sidType, domainSid, newSid, ref sz)) { Win32Error.ThrowLastError(); } return(newSid); }
public static bool CreateWellKnownSid(WELL_KNOWN_SID_TYPE WellKnownSidType, System.IntPtr DomainSid, ref PInvokePointer pSid) { PInvokePointer varpSid = null; bool retVar_ = false; uint sizeVar = 2056; uint oldSizeVar_ = 0; PerformCall: oldSizeVar_ = sizeVar; varpSid = new PInvokePointer(Convert.ToInt32(sizeVar)); retVar_ = NativeMethods.CreateWellKnownSid(WellKnownSidType, DomainSid, varpSid.IntPtr, ref sizeVar); if ((sizeVar <= oldSizeVar_)) { varpSid.Free(); sizeVar = (sizeVar * Convert.ToUInt32(2)); goto PerformCall; } pSid = varpSid; return(retVar_); }
/// <summary> /// Creates a Security Identity for a well known SID (such as LOCAL SYSTEM) /// </summary> /// <param name="sidType">The type of well known SID</param> /// <returns>A populated Security Identity</returns> public static SecurityIdentity SecurityIdentityFromWellKnownSid(WELL_KNOWN_SID_TYPE sidType) { if (sidType == WELL_KNOWN_SID_TYPE.None) { throw new ExternalException("Unable to Get Well Known SID"); } var secId = new SecurityIdentity { wellKnownSidType = sidType }; // Get the size required for the SID var size = GetSidLengthRequired(SID_MAX_SUB_AUTHORITIES);; var sidStruct = Marshal.AllocHGlobal((IntPtr)size); try { // Get the SID struct from the well known SID type if (!CreateWellKnownSid(sidType, IntPtr.Zero, sidStruct, ref size)) { throw new ExternalException("Unable to Get Well Known SID"); } var sidString = IntPtr.Zero; // Convert the SID structure to a SID string ConvertSidToStringSid(sidStruct, out sidString); try { // Marshal and store the SID string secId.sid = Marshal.PtrToStringAnsi(sidString); } finally { if (sidString != IntPtr.Zero) { Util.LocalFree(sidString); } } uint nameLen = 0; uint domainLen = 0; // Get the lengths of the object and domain names LookupAccountSid(null, sidStruct, IntPtr.Zero, ref nameLen, IntPtr.Zero, ref domainLen, out var nameUse); if (nameLen == 0) { throw new ExternalException("Unable to Find SID"); } var accountName = Marshal.AllocHGlobal((IntPtr)nameLen); var domainName = domainLen > 0 ? Marshal.AllocHGlobal((IntPtr)domainLen) : IntPtr.Zero; try { // Get the object and domain names if (!LookupAccountSid(null, sidStruct, accountName, ref nameLen, domainName, ref domainLen, out nameUse)) { throw new ExternalException("Unable to Find SID"); } // Marshal and store the object name secId.name = string.Format("{0}{1}{2}", domainLen > 1 ? Marshal.PtrToStringAnsi(domainName) : "", domainLen > 1 ? "\\" : "", Marshal.PtrToStringAnsi(accountName)); } finally { if (accountName != IntPtr.Zero) { Marshal.FreeHGlobal(accountName); } if (domainName != IntPtr.Zero) { Marshal.FreeHGlobal(domainName); } } } finally { if (sidStruct != IntPtr.Zero) { Marshal.FreeHGlobal(sidStruct); } } return(secId); }
private static extern bool CreateWellKnownSid(WELL_KNOWN_SID_TYPE WellKnownSidType, IntPtr DomainSid, IntPtr pSid, ref uint cbSid);
public static extern bool CreateWellKnownSid( WELL_KNOWN_SID_TYPE wellKnownSidType, IntPtr domainSid, SafeHGlobalBuffer pSid, ref Int32 cbSid);
public static extern bool CreateWellKnownSid( [In] WELL_KNOWN_SID_TYPE WellKnownSidType, [In] IntPtr DomainSid, [In] IntPtr pSid, ref uint cbSid);
public unsafe static extern BOOL IsWellKnownSid( ref SID pSid, WELL_KNOWN_SID_TYPE WellKnownSidType);
public static extern bool CreateWellKnownSid( WELL_KNOWN_SID_TYPE WellKnownSidType, IntPtr DomainSid, IntPtr pSid, ref uint cbSid);
/// <summary> /// Returns true if the given SID is the specified "well known" SID type. /// </summary> public static bool IsWellKnownSid(ref SID sid, WELL_KNOWN_SID_TYPE sidType) { return(Imports.IsWellKnownSid(ref sid, sidType)); }
public unsafe static extern BOOL CreateWellKnownSid( WELL_KNOWN_SID_TYPE WellKnownSidType, SID *DomainSid, SID *pSid, ref uint cbSid);
public static extern bool IsWellKnownSid(PSID pSid, WELL_KNOWN_SID_TYPE WellKnownSidType);
public static extern bool CreateWellKnownSid(WELL_KNOWN_SID_TYPE WellKnownSidType, [System.Runtime.InteropServices.InAttribute()] System.IntPtr DomainSid, System.IntPtr pSid, ref uint cbSid);
public static extern int IsWellKnownSid([NativeTypeName("PSID")] void *pSid, WELL_KNOWN_SID_TYPE WellKnownSidType);
public static extern int CreateWellKnownSid(WELL_KNOWN_SID_TYPE WellKnownSidType, [NativeTypeName("PSID")] void *DomainSid, [NativeTypeName("PSID")] void *pSid, [NativeTypeName("DWORD *")] uint *cbSid);
/****************************************************************************++ * * Routine Description: * * Verifies whether specified well-known SID is in the current user token * * Arguments: * * sid - one of the WELL_KNOWN_SID_TYPE consts * hToken - Optional the token for which we want to test membership * pfMember - [Receives] TRUE if specified sid is a member of the user token, false otherwise * * Notes: * * - * * Return Value: * * Errors returned by CreateWellKnownSid * Errors returned by CheckTokenMembership * --*****************************************************************************/ static HRESULT IsMemberOf(WELL_KNOWN_SID_TYPE sid, HTOKEN hToken, out bool pfMember) { pfMember = false; try { var hTok = new SafeHTOKEN((IntPtr)hToken, false); using var pUserToken = hTok.GetInfo(TOKEN_INFORMATION_CLASS.TokenUser); SafePSID pSID = null; try { // // create SID for the authenticated users // pSID = SafePSID.CreateWellKnown(sid); } catch { // // In case of invalid-arg we might need to provide the domain, so create well known sid for domain // pSID = CreateWellKnownSidForAccount(hToken, sid); } // // check whether token has this sid // if (!CheckTokenMembership(hToken, pSID, out pfMember)) { var hr = Win32Error.GetLastError().ToHRESULT(); // just to be on the safe side (as we don't know that CheckTokenMembership // does not modify fAuthenticated in case of error) pfMember = false; if (hr == HRESULT.E_ACCESSDENIED && hToken.IsNull) { // unable to query the thread token. Open as self and try again using var ttok = SafeHTOKEN.FromThread(GetCurrentThread(), TokenAccess.TOKEN_QUERY); { if (CheckTokenMembership(ttok, pSID, out pfMember)) { return(HRESULT.S_OK); } else { // stick with the original error code, but ensure that fMember is correct pfMember = false; } } } } return(HRESULT.S_OK); } catch (Exception ex) { var hr = HRESULT.FromException(ex); if (hr == (HRESULT)Win32Error.ERROR_NON_ACCOUNT_SID) { return(HRESULT.S_OK); } return(hr); } }
public static extern bool CreateWellKnownSid(WELL_KNOWN_SID_TYPE WellKnownSidType, PSID DomainSid, SafePSID pSid, ref uint cbSid);
/// <summary> /// Creates a Security Identity for a well known SID (such as LOCAL SYSTEM) /// </summary> /// <param name="sidType">The type of well known SID</param> /// <returns>A populated Security Identity</returns> public static SecurityIdentity SecurityIdentityFromWellKnownSid(WELL_KNOWN_SID_TYPE sidType) { if (sidType == WELL_KNOWN_SID_TYPE.None) { throw new ExternalException("Unable to Get Well Known SID"); } SecurityIdentity secId = new SecurityIdentity(); secId.wellKnownSidType = sidType; // Get the size required for the SID uint size = SecurityIdentity.GetSidLengthRequired(SecurityIdentity.SID_MAX_SUB_AUTHORITIES); ; IntPtr sidStruct = Marshal.AllocHGlobal((IntPtr)size); try { // Get the SID struct from the well known SID type if (!SecurityIdentity.CreateWellKnownSid(sidType, IntPtr.Zero, sidStruct, ref size)) { throw new ExternalException("Unable to Get Well Known SID"); } IntPtr sidString = IntPtr.Zero; // Convert the SID structure to a SID string SecurityIdentity.ConvertSidToStringSid(sidStruct, out sidString); try { // Marshal and store the SID string secId.sid = Marshal.PtrToStringAnsi(sidString); } finally { if (sidString != IntPtr.Zero) Util.LocalFree(sidString); } uint nameLen = 0; uint domainLen = 0; SID_NAME_USE nameUse; // Get the lengths of the object and domain names SecurityIdentity.LookupAccountSid(null, sidStruct, IntPtr.Zero, ref nameLen, IntPtr.Zero, ref domainLen, out nameUse); if (nameLen == 0) { throw new ExternalException("Unable to Find SID"); } IntPtr accountName = Marshal.AllocHGlobal((IntPtr)nameLen); IntPtr domainName = domainLen > 0 ? Marshal.AllocHGlobal((IntPtr)domainLen) : IntPtr.Zero; try { // Get the object and domain names if (!SecurityIdentity.LookupAccountSid(null, sidStruct, accountName, ref nameLen, domainName, ref domainLen, out nameUse)) { throw new ExternalException("Unable to Find SID"); } // Marshal and store the object name secId.name = String.Format("{0}{1}{2}", domainLen > 1 ? Marshal.PtrToStringAnsi(domainName) : "", domainLen > 1 ? "\\" : "", Marshal.PtrToStringAnsi(accountName)); } finally { if (accountName != IntPtr.Zero) Marshal.FreeHGlobal(accountName); if (domainName != IntPtr.Zero) Marshal.FreeHGlobal(domainName); } } finally { if (sidStruct != IntPtr.Zero) Marshal.FreeHGlobal(sidStruct); } return secId; }