internal SecurityDescriptor MakeClientPortSD() { //Allow only local service to connect int errorCode = 0; ExplicitAccessList dacl = new ExplicitAccessList(1); Sid serverSid; #if DEBUG if (ServerIsLocalService) #endif serverSid = new LocalServiceSid(); #if DEBUG else { serverSid = new WellKnownSid(WellKnownSidType.WinWorldSid); } #endif dacl.AddAccessAllowedAce(0,//ACE index 0 AccessPermissions.PortConnect, AceFlags.NoInheritance, serverSid, out errorCode); if (errorCode != 0) { return(null);//error creating local service sid } return(new SecurityDescriptor(dacl)); }
public static _SID GetWellKnownSid(WellKnownSid type, uint[] domain) { switch (type) { case WellKnownSid.DOMAIN_USERS: case WellKnownSid.DOMAIN_GUESTS: case WellKnownSid.DOMAIN_COMPUTERS: case WellKnownSid.DOMAIN_DOMAIN_CONTROLLERS: case WellKnownSid.CERT_PUBLISHERS: case WellKnownSid.SCHEMA_ADMINISTRATORS: case WellKnownSid.ENTERPRISE_ADMINS: case WellKnownSid.RAS_SERVERS: case WellKnownSid.GROUP_POLICY_CREATOR_OWNERS: if (domain == null) { throw new ArgumentNullException("domain"); } if (domain.Length != 3) { throw new ArgumentException("The domain parameter is invalid", "domain"); } break; } switch (type) { case WellKnownSid.NULL: return CreateWellKnownSid(0, 0); case WellKnownSid.EVERYONE: return CreateWellKnownSid(1, 0); case WellKnownSid.LOCAL: return CreateWellKnownSid(2, 0); case WellKnownSid.CONSOLE_LOGON: return CreateWellKnownSid(2, 1); case WellKnownSid.CREATOR_OWNER: return CreateWellKnownSid(3, 0); case WellKnownSid.CREATOR_GROUP: return CreateWellKnownSid(3, 1); case WellKnownSid.OWNER_SERVER: return CreateWellKnownSid(3, 2); case WellKnownSid.GROUP_SERVER: return CreateWellKnownSid(3, 3); case WellKnownSid.OWNER_RIGHTS: return CreateWellKnownSid(3, 4); case WellKnownSid.NT_AUTHORITY: return CreateWellKnownSid(5); case WellKnownSid.DIALUP: return CreateWellKnownSid(5, 1); case WellKnownSid.NETWORK: return CreateWellKnownSid(5, 2); case WellKnownSid.BATCH: return CreateWellKnownSid(5, 3); case WellKnownSid.INTERACTIVE: return CreateWellKnownSid(5, 4); case WellKnownSid.SERVICE: return CreateWellKnownSid(5, 6); case WellKnownSid.ANONYMOUS: return CreateWellKnownSid(5, 7); case WellKnownSid.PROXY: return CreateWellKnownSid(5, 8); case WellKnownSid.ENTERPRISE_DOMAIN_CONTROLLERS: return CreateWellKnownSid(5, 9); case WellKnownSid.PRINCIPAL_SELF: return CreateWellKnownSid(5, 10); case WellKnownSid.AUTHENTICATED_USERS: return CreateWellKnownSid(5, 11); case WellKnownSid.RESTRICTED_CODE: return CreateWellKnownSid(5, 12); case WellKnownSid.TERMINAL_SERVER_USER: return CreateWellKnownSid(5, 13); case WellKnownSid.REMOTE_INTERACTIVE_LOGON: return CreateWellKnownSid(5, 14); case WellKnownSid.THIS_ORGANIZATION: return CreateWellKnownSid(5, 15); case WellKnownSid.IUSR: return CreateWellKnownSid(5, 17); case WellKnownSid.LOCAL_SYSTEM: return CreateWellKnownSid(5, 18); case WellKnownSid.LOCAL_SERVICE: return CreateWellKnownSid(5, 19); case WellKnownSid.NETWORK_SERVICE: return CreateWellKnownSid(5, 20); case WellKnownSid.DOMAIN_USERS: return CreateWellKnownSid(5, 21, domain[0], domain[1], domain[2], 513); case WellKnownSid.DOMAIN_GUESTS: return CreateWellKnownSid(5, 21, domain[0], domain[1], domain[2], 514); case WellKnownSid.DOMAIN_COMPUTERS: return CreateWellKnownSid(5, 21, domain[0], domain[1], domain[2], 515); case WellKnownSid.DOMAIN_DOMAIN_CONTROLLERS: return CreateWellKnownSid(5, 21, domain[0], domain[1], domain[2], 516); case WellKnownSid.CERT_PUBLISHERS: return CreateWellKnownSid(5, 21, domain[0], domain[1], domain[2], 517); case WellKnownSid.SCHEMA_ADMINISTRATORS: return CreateWellKnownSid(5, 21, domain[0], domain[1], domain[2], 518); case WellKnownSid.ENTERPRISE_ADMINS: return CreateWellKnownSid(5, 21, domain[0], domain[1], domain[2], 519); case WellKnownSid.RAS_SERVERS: return CreateWellKnownSid(5, 21, domain[0], domain[1], domain[2], 553); case WellKnownSid.GROUP_POLICY_CREATOR_OWNERS: return CreateWellKnownSid(5, 21, domain[0], domain[1], domain[2], 520); case WellKnownSid.BUILTIN_ADMINISTRATORS: return CreateWellKnownSid(5, 32, 544); case WellKnownSid.BUILTIN_USERS: return CreateWellKnownSid(5, 32, 545); case WellKnownSid.BUILTIN_GUESTS: return CreateWellKnownSid(5, 32, 546); case WellKnownSid.POWER_USERS: return CreateWellKnownSid(5, 32, 547); case WellKnownSid.ACCOUNT_OPERATORS: return CreateWellKnownSid(5, 32, 548); case WellKnownSid.SERVER_OPERATORS: return CreateWellKnownSid(5, 32, 549); case WellKnownSid.PRINTER_OPERATORS: return CreateWellKnownSid(5, 32, 550); case WellKnownSid.BACKUP_OPERATORS: return CreateWellKnownSid(5, 32, 551); case WellKnownSid.REPLICATOR: return CreateWellKnownSid(5, 32, 552); case WellKnownSid.ALIAS_PREW2KCOMPACC: return CreateWellKnownSid(5, 32, 554); case WellKnownSid.REMOTE_DESKTOP: return CreateWellKnownSid(5, 32, 555); case WellKnownSid.NETWORK_CONFIGURATION_OPS: return CreateWellKnownSid(5, 32, 556); case WellKnownSid.INCOMING_FOREST_TRUST_BUILDERS: return CreateWellKnownSid(5, 32, 557); case WellKnownSid.PERFMON_USERS: return CreateWellKnownSid(5, 32, 558); case WellKnownSid.PERFLOG_USERS: return CreateWellKnownSid(5, 32, 559); case WellKnownSid.WINDOWS_AUTHORIZATION_ACCESS_GROUP: return CreateWellKnownSid(5, 32, 560); case WellKnownSid.TERMINAL_SERVER_LICENSE_SERVERS: return CreateWellKnownSid(5, 32, 561); case WellKnownSid.DISTRIBUTED_COM_USERS: return CreateWellKnownSid(5, 32, 562); case WellKnownSid.IIS_IUSRS: return CreateWellKnownSid(5, 32, 568); case WellKnownSid.CRYPTOGRAPHIC_OPERATORS: return CreateWellKnownSid(5, 32, 569); case WellKnownSid.EVENT_LOG_READERS: return CreateWellKnownSid(5, 32, 573); case WellKnownSid.CERTIFICATE_SERVICE_DCOM_ACCESS: return CreateWellKnownSid(5, 32, 574); case WellKnownSid.WRITE_RESTRICTED: return CreateWellKnownSid(5, 33); case WellKnownSid.NTLM_AUTHENTICATION: return CreateWellKnownSid(5, 64, 10); case WellKnownSid.SCHANNEL_AUTHENTICATION: return CreateWellKnownSid(5, 64, 14); case WellKnownSid.DIGEST_AUTHENTICATION: return CreateWellKnownSid(5, 64, 21); case WellKnownSid.NT_SERVICE: return CreateWellKnownSid(5, 80); case WellKnownSid.OTHER_ORGANIZATION: return CreateWellKnownSid(5, 1000); case WellKnownSid.ML_UNTRUSTED: return CreateWellKnownSid(16, 0); case WellKnownSid.ML_LOW: return CreateWellKnownSid(16, 4096); case WellKnownSid.ML_MEDIUM: return CreateWellKnownSid(16, 8192); case WellKnownSid.ML_MEDIUM_PLUS: return CreateWellKnownSid(16, 8448); case WellKnownSid.ML_HIGH: return CreateWellKnownSid(16, 12288); case WellKnownSid.ML_SYSTEM: return CreateWellKnownSid(16, 16384); case WellKnownSid.ML_PROTECTED_PROCESS: return CreateWellKnownSid(16, 20480); default: throw new ArgumentException("Invalid Well-known SID type.", "type"); } }
/// <summary> /// Retrieve Well-Known RPC_SID defined in MS-DTYP section 2.4.2.3. /// </summary> /// <param name="type">The SID type to retrieve.</param> /// <param name="domain"> /// The domain or root-domain represents the three sub-authority values if required in SID. /// It can be null for most SID. /// </param> /// <returns>Well-Known RPC_SID.</returns> /// <exception cref="ArgumentException"> /// Thrown when type is invalid. /// </exception> /// <exception cref="ArgumentNullException"> /// Thrown when domain is null for DOMAIN_USERS, DOMAIN_GUESTS, DOMAIN_COMPUTERS, /// DOMAIN_DOMAIN_CONTROLLERS, CERT_PUBLISHERS, SCHEMA_ADMINISTRATORS, /// ENTERPRISE_ADMINS, RAS_SERVERS, GROUP_POLICY_CREATOR_OWNERS and /// BUILTIN_ADMINISTRATORS. /// </exception> /// <exception cref="ArgumentException"> /// Throw when domain is invalid. /// </exception> public static _RPC_SID GetWellKnownRpcSid(WellKnownSid type, uint[] domain) { _SID sid = GetWellKnownSid(type, domain); return CreateRpcSid(sid.IdentifierAuthority, sid.SubAuthority); }